LEAF "Bering" installation guide 1 Prev Next LEAF "Bering" installation guide Jacques Nilo Eric Wolzak Revision History Revision 0.1 18 January 2002 First draft for review Revision 0.2 2 February 2002 Second draft for review Revision 0.3 21 February 2002 Tird draft for review Revision 0.! 1" #arc 2002 Fourt draft for review Revision 0.$ 22 %&ri' 2002 Fift draft for review Revision 0.( 1( June 2002 Sixt draft for review Revision 0.) 20 *ctober 2002 Sevent draft for review Revision 0.8 1! Nove+ber 2002 ,i-t draft for review Table of Contents 1. About LEAF "Bering" 1.1. What is the LEAF "Bering" distribution ? 1.2. Why Bering ? 1.3. Feedback 1.4. Acknowedg!ents and thanks 1.". Bering downoad areas 1.#. Bering su$$ort 2. LEAF "Bering" %hangeog 2.1. %urrent &ersion' 1.()stabe ) *o&e!ber+14 2((2 2.2. ,ersion' 1.()rc4 ) -ctober+2( 2((2 2.3. ,ersion' 1.()rc3 ) .une+1# 2((2 2.4. ,ersion' 1.()rc2 ) A$ri+22 2((2 2.". ,ersion' 1.()rc1 ) /arch+1# 2((2 2.#. ,ersion' beta4 ) February 2((2 2.0. ,ersion' beta3 ) February 2((2 2.1. ,ersion' beta2 ) .anuary 2((2 2.2. -der &ersions 3. A&aiabe $ackages on the LEAF "Bering" 3o$$y 3.1. 4he LEAF "Bering" 3o$$y disk content LEAF "Bering" installation guide 2 LEAF "Bering" installation guide 3.2. 5escri$tion 4. 6nstaation ) ste$ 1' downoad the distribution 4.1. Linu7 users 4.2. Windows users ". 6nstaation ) ste$ 2' downoad the !odues #. 6nstaation ) ste$ 3' Add8re!o&e the 9un:needed $ackages and !odues #.1. ;e!o&ing unneeded $ackages #.2. Edit the syslinux.cfg 3ie #.3. ;e!o&ing unneeded !odues #.4. Adding a new $ackage #.". Adding e7tra !odues in 8ib8!odues #.#. Adding e7tra !odues in 8boot8ib8!odues 0. 6nstaation ) ste$ 4' con3igure your keyboard 1. 6nstaation ) ste$ "' con3igure your network 1.1. inter3aces 3ie 9 /etc/network/interfaces : 1.2. network o$tions 3ie 9/etc/network/options: 1.3. hosts 6< addresses 9/etc/hosts: 1.4. hostna!e 9/etc/hostname: 1.". reso&.con3 9/etc/resolv.conf: 1.#. =u$er ser&er dae!on con3iguration 9/etc/inetd.conf: 1.0. hosts.aow 9/etc/hosts.allow: 1.1. hosts.deny 9/etc/hosts.deny: 1.2. network 9/etc/network: 2. 6nstaation ) ste$ #' con3igure =horewa 1(. 6nstaation ) ste$ 0' con3igure your syste! 1(.1. /aster L;< settings 9 /etc/lrp.conf : 1(.2. <-=6>ness setting 9/etc/POSIXness.conf: 1(.3. Fie syste! !ounts 9/etc/fstab: 1(.4. Lowest e&e boot)u$ con3iguration 9/etc/inittab: 1(.". =yste! wide $ro3ie 9/etc/profile: 1(.#. <orts root is aowed to ogin to 9/etc/securetty: 1(.0. =yste! ogging con3iguration 9/etc/syslog.conf: 1(.1. =er&ice na!e to nu!ber transation 9/etc/services: 1(.2. Loca ti!e?one 4@ setu$ 9/etc/tvalue: 11. 6n3or!ation on $ackages $ro&ided on the Bering 3o$$y disk 11.1. bridge.r$ 11.2. dhc$d.r$ 11.3. dnscache.r$ 11.4. etc.r$ 11.". initrd.r$ 11.#. i$tabes.r$ 11.0. keyboard.r$ 11.1. oca.r$ 11.2. og.r$ 11.1(. !odues.r$ 11.11. $$$.r$ 11.12. $$$oe.r$ 11.13. $u!$.r$ 11.14. root.r$ 11.1". shorwa.r$ 11.1#. webet.r$ LEAF "Bering" installation guide 3 LEAF "Bering" installation guide 12. 6n3or!ation on $ackages $ro&ided in the Bering $ackages downoad area 12.1. dhcient.r$ 12.2. i$sec.r$ 12.3. i$sec"(2.r$ 12.4. ib!.r$ 12.". nt$date.r$ 12.#. nt$si!$.r$ 12.0. $c!cia.r$8$c!ciaAorinoco.r$8$c!ciaA7irco!.r$ 12.1. $$$at!.r$ 12.2. $$t$d.r$ 12.1(. &an.r$ 12.11. tc.r$ 12.12. wireess.r$ and wireuti.r$ 12.13. wan)ng.r$ Prev .o+e Next %bout /,%F 01erin-0 1. About LEAF "Bering" 4 LEAF "Bering" installation guide Prev /,%F 01erin-0 insta''ation -uide Next 1. About LEAF "Bering" 1.1. What is the LEAF "Bering" distribution ? Te /,%F 01erin-0 distribution is derived fro+ 2ar'es Stein3ue'er4s 5acstein 6rc27. 8t differs fro+ it on two 3ey e'e+ents9 8t is based on a 2.!.x 'inux 3erne' 8t re'ies on Sorewa'' for extended firewa''in- faci'ities. 2ec3 a'' te Sorewa'' features ere . Te +ain ob:ectives are9 To benefit fro+ te netfi'ter;i&tab'es faci'ities To ave access to te 'atest 3erne' device drivers < fi'esyste+s To 3ee& everytin- avai'ab'e on a sin-'e f'o&&y for te 'ar-est &ossib'e user4s base 6inc'udin- seria' +ode+= cab'e +ode+ or %5S/ PPP;PPP*, users7 To 3ee& te si+&'icity &rovided by 5acstein To stic3 to a standard 'inux 3erne' as +uc as &ossib'e. Tis a''ows /,%F 01erin-0 usa-e and deve'o&e+ent in a virtua' environ+ent To stic3 as +uc as &ossib'e to te 5ebian distribution structure Tis wor3 was +ade &ossib'e after avin- &ro&osed a so'ution to -et rid of te ori-ina' 3erne' /RP &atces wic do not &ass te can-e introduced in initrd in te 2.!.10 3erne'. Te interested reader can refer to te 'eaf>deve' +ai'in- 'ist arcives. 1.. Wh! Bering ? Te na+e 01erin-0 was cosen fro+ te Strait of te sa+e na+e. % strait is a nice sy+bo' for a firewa''9 a 'ot of traffic and strict navi-ation ru'es. Tose interested by te story of te 1erin- 8s'and can cec3 ere 6Tan3s to #att Sca'it for te reference7. 1.". Feedback 2o++ent on tis &ac3a-e can be sent to te autors9 Jac?ues Ni'o <jnilo@users.sourceforge.net > or ,ric @o'Aa3 <leaf@wolzak.de >. 1.#. Ackno$ledg%ents and thanks Tan3s to everyone wo e'& us on tis wor3 and es&ecia''y te +e+bers of te 'eaf>deve' and 'eaf>user +ai'in- 'ist. #any tan3s a'so to To+ ,aste& <teastep@shorewall.net > for is -reat sorewa'' &ac3a-e and is dedicated su&&ort. Te 01erin-0 distribution as benefited fro+ +any co++ents= e'& and su--estions fro+ /ynn %vants= 2ad 2arr= /uis F. 2orreia= %''en .i''ery= 2ristian .oste'et= To+ ,aste&= Jeff New+i''er= 1roc3 Nanson= Tor Ny'ander= /arry P'atAe3 and 1ob Pocius. 1. About LEAF "Bering" 5 LEAF "Bering" installation guide 1.&. Bering do$nload areas %'' 1erin- re'ated fi'es= inc'udin- arcives= are avai'ab'e in te /,%F fi'es area . 1erin- +odu'es= &ac3a-es= &atces= contrib and &ossib'e erratas are &rovided ere for te +ost recent versions. 1.'. Bering su((ort 1erin- is &rovided wit an extensive docu+entation 6an insta''ation -uide and a user4s -uide7 a'so avai'ab'e as &df fi'es in te /,%F fi'es area . Re?uest for su&&ort sou'd be directed on'y to te 'eaf>user +ai'in- 'ist . P'ease do not send re?uest for e'& direct'y to te autorsB Cou wi'' -enera''y -et a faster res&onse if your re?uest is &osted to te 'eaf>users 'ist and tis res&onse wi'' benefit to oters as we''. %'so do not for-et to use te searc faci'ty associated wit te 'eaf>users +ai'in- arcives . Prev .o+e Next /,%F 01erin-0 insta''ation -uide D& /,%F 01erin-0 2an-e'o- 2. LEAF "Bering" Changelog 6 LEAF "Bering" installation guide Prev /,%F 01erin-0 insta''ation -uide Next . LEAF "Bering" )hangelog .1. )urrent *ersion+ 1.,-stable - No*e%ber.1# ,, sorewa'' u&dated to version 1.3.10 &c+cia>cs u&dated to version 3.2.3 freeswan;i&sec u&dated to version 1."" 1erin- wini+a-e now -enerated in ,n-'is 9>7 Ty&o corrected in /usr/sbin/lrcfg.back.script. Partia' bac3u&s sou'd now wor3 *E /dev/nftla added to /var/lib/lrpkg/root.mount to fix a &rob'e+ wen tryin- to boot fro+ 5o2 .. /ersion+ 1.,-rc# - 0ctober., ,, new 3erne' confi- fi'e to a''ow for +ount usbdevfs and 'ar-e routin- tab'es 2.!.18 3erne' now &atced wit Frsecurity 1.".$ and custo+iAed confi-uration sorewa'' u&dated to version 1.3."b tiny'o-in u&dated to version 1.2 ifu&down u&dated to version 0.(.!.!. New o&tions a''ow to setu& +tu= waddress and 'abe' for a -iven interface tc.lrp &ac3a-e re+oved fro+ te 1erin- f'o&&y to te 1erin- &ac3a-es down'oad area i&tab'es now &rovided as an iptables.lrp &ac3a-e to ease u&dates wtmp now -enerated in /var/log. last co++and now wor3s *E. /usr/bin/savelog fixed > -Ai& now wor3s for 'o- fi'es can-e -rou& fro+ ad+ to wee' in rotate'o-s67 save'o- state+ent9 te content of /var/log can now be viewed fro+ web'et /etc/passwd= /etc/shadow and /etc/groups c'eaned u&. New users added9 ssd and s?uid Aebra re'ated services added to /etc/services sshd co++ented out in inetd.conf xargs added to busybox to a''ow dc'ient to sto& c'ean'y wit ifdown So+e bu- fixes in P!"#ness.mail and lrcfg.back 1u- in /etc/cron.dail$/multicron%d corrected9 GP%T. variab'e +ust be redefined for severa' function to wor3 under cron .*STN%#, defined a'so in /etc/cron.d/multicron oterwise won4t be used witin +u'ticron>d functions 1u- in /usr/sbin/lrcfg.back.script corrected to a''ow &ro&er wor3in- of &artia' bac3u&s New cec3frees&ace function in /etc/cron.dail$/multicron.d wic a''ows s&ace to be cec3ed on +u'ti&'e directories /dev/nftla devices ave now te &ro&er +a:or nu+ber. /linuxrc &atced to a''ow bootin- fro+ 5is3>on>2i& devices. Tan3s to 1rad FritA for is contribution on tis and is exce''ent new ca&ter of te 1erin- user4s -uide B So+e 1erin- &ac3a-es ave been u&dated9 &c+cia.'r& 6H3.2.17 and i&sec.'r& 61.".8b7 wic a'so corrects so+e bu-s New &ac3a-es are avai'ab'e9 nt&date.'r& 6!.0.17= a ti+e server c'ient and nt&si+&'.'r& 6!.0.17 wic &rovides te nt&d dae+on. .ost %P drivers for drivers for 8ntersi' Pris+2;2.$;3 fro+ tt&9;;osta&.e&itest.fi 6osta&>2002>10>127 ava'ai'ab'e in te 1erin- +odu'es directory 2. LEAF "Bering" Changelog 7 LEAF "Bering" installation guide drivers for 8ntersi' Pris+2;2.$;3 fro+ tt&9;;www.'inux>w'an.or- 6'inux>w'an>n-.0.1.1$7 ava'ai'ab'e in te 1erin- +odu'es directory . Dser'and &ro-ra+s are now &ac3a-ed in w'an>n-.'r& 5ona'd 1ec3er networ3 drivers are now in te 1erin- +odu'es directory % fu'' new ca&ter avai'ab'e in te 1erin- insta''ation -uide about 0Syste+ confi-uration0 Tree new ca&ters avai'ab'e in te 1erin- user4s -uide about 0Settin- ti+e in 1erin-0= 0te +ai' and cron faci'ities and 08nsta''in- and bootin- 1erin- fro+ a #>Syste+ 5is3>on>2i& .". /ersion+ 1.,-rc" - June.1' ,, 1erin- now su&&orts a&+ and v'an as +odu'es. New netfi'ter +odu'es &rovided for .323= &&t&= sft& and ta'3. 1erin- 3erne' now &atced wit -rsecurity v1.".!. Eerne' co+&i'ed wit 0+ediu+0 'eve'. Sorewa'' u&dated to 'atest 1.3.1 version wit te June 1$= 2002 errata. 1usybox u&dated to 0.(0.39 saves 103 and s co++and out&ut is now in co'our 9>7 root.dev.mk u&dated to create +td= nft'a1>I!= '&0= '&1 devices for 5o2 and &ara''e' &rinter su&&ort 8n /lib/P!"#ness= P!"#ness.text re+oved= P!"#ness.mail corrected 6tan3s to E.P. EircdJrfer7= P!"#ness.s$stem c'eaned>u& and P!"#ness.linuxrouter +odified so tat r$kg )i 8anydir8$ackage.r$ can wor3. /etc/passwd and /etc/group u&dated so tat ?+ai'.'r& can now wor3 out of te box brid-e scri&ts in brid-e.'r& fixed sys'inux u&dated to version 1.)$ web'et.'r& u&dated9 s>tt&d as F85 10 6wee's7 to be ab'e to run wit -rsecurity &atc. 2orrection for 'ayout &rob'e+s in viewsys and viewnet. 5is&'ay of statistiscs i+&roved usin- te 0i& >s 'in3 sow0 co++and. #e+ory cec3 can-ed9 now on'y te +e+ory in te t+&fs and dev;root are cec3ed. #ounted f'o&&ies and cdro+s are i-nored. Dser4s -uide u&dated to revision 0.3. wit so+e editin-. %'so now avai'ab'e as &df fi'e in te 1erin- down'oad area . 8nsta''ation -uide u&dated to revision 0.). %'so avai'ab'e as &df fi'e in te 1erin- down'oad area . .#. /ersion+ 1.,-rc - A(ril. ,, 1erin- now su&&ort 8PS,2 6Freeswan > version 1.")7 as a +odu'e. i&sec.'r& < i&sec$0".'r& &ac3a-es avai'ab'e. Tan3s to 2ad 2arr <ccarr@franzdoodle.com > for is -reat wor3B 1erin- now su&&ort &&t& tunne's . Eerne' was &atced accordin-'y and &&&d dae+on as we'' 1erin- can now boot fro+ a 25>Ro+. Te resu't of a -reat tea+ wor3 invo'vin- /uis F. 2orreia <lfcorreia@users.sourceforge.net >= %''en .i''ery <ah@slumnet.com > and 2ritian .oste'et <c.hostelet@wanadoo.fr >. /uis a'so wrote a new section of te 1erin- user4s -uide ex&'ainin- ow to create te 25>Ro+. Sorewa'' u&dated to 'atest 1.2.12 version. Para+eteriAed two>interfaces setu& re+oved and re&'aced by te new two>interfaces sa+&'e fro+ To+. Te 1erin-4s insta''ation +anua' about Sorewa'' as been co+&'ete'y rewritten. P2#28% 3erne' +ode re+oved. @e now -o for &c+ciaKcs &ac3a-e and +odu'es. See+s +ore robust and a'so su&&ort P28;P2#28% brid-e /ast version 62.217 of te e3 editor now &rovided Eerne' now co+&i'ed wit seria' su&&ort 6by &o&u'ar de+and 9>77 1usybox +ount co++and now wor3s for NFS vo'u+es i&tab'es u&dated wit te 'ast 1.2.(a version Dser4s -uide u&dated to revision 0.2. wit five new ca&ters and +any u&dates B 8nsta''ation -uide u&dated to revision 0.$. 2. LEAF "Bering" Changelog 8 LEAF "Bering" installation guide .&. /ersion+ 1.,-rc1 - 1arch.1' ,, D&dated wit te 2.!.18 'inux 3erne' wic fixes te Netfi'ter;8R2 bu-. Su&&ort is now &rovided for %&&'eta'3 and 8PL trou- a&&ro&riate +odu'es Sorewa'' u&dated version 1.2.". %''ows now #%2 addresses fi'terin- i&tab'es u&dated wit te 'ast 1.2.$ version lrcfg.back.script u&dated wit te +ost recent version fro+ 5acstein wic a''ows &artia' bac3u& and adat&ed to wor3 witout ctar. 1ac3u& &rob'e+s ex&erienced in beta>! sou'd be -one. ,ric s&ent ?uite so+e ti+e on tis one 9>7. New &c+cia.'r& &ac3a-es 6tested and +ore co+&act and wit a +ore detai'ed docu+entation7. 5ocu+entation u&dated to revision 0.!. .'. /ersion+ beta# - Februar! ,, ifu&down &ro-ra+ ada&ted to on'y use i& addr and i& route co++ands. ifconfi- re+oved Sorewa'' u&dated to 'atest 1.2.( version ar& &ro-ra+ added to ;sbin to ave &roxy>ar& wor3in- wit Sorewa'' 6tan3s to Cvo Ne'e+ans for noticin- tis7 1eta2 /usr/sbin/lrcfg.back.initrd scri&t restored. %uto+atic co+&utation of 8N8TR5KS8M, in beta3 was bu--y /oadin- of +odu'es stored in /boot/lib/modules ri-t after initrd is +ounted is now wor3in- &ro&er'y ctar re+oved fo''owin- a su--estion by S. 2aron Te &c+cia.'r& confi-uration 'ist is no +ore bro3en So+e c'ean>u& in web'et.'r& 5ocu+entation u&dated to revision 0.3. .2. /ersion+ beta" - Februar! ,, Te distribution as now a na+e9 1erin- B Eerne' 2.!.1( u&dated. 8nc'udes now su&&ort for .ard dis3s= 5*2= ext2;ext3;reiserfs fi'esyste+s= PPP*%= 8PH( Sorewa'' u&dated to 'atest 1.2.$ version @ini+a-e f'o&&y i+a-e now avai'ab'e for @indows users 8N8TR5KS8M, &ara+eter re+oved9 /usr/sbin/lrcfg.back.initrd now co+&utes o&ti+a' siAe of 8N8TR5 fi'esyste+ /etc/init.d/netbase re+oved and re&'aced by /etc/init.d/inetd. Port+a& wi'' be &rovided as a se&arate &ac3a-e. So+e c'ean>u& in te /etc/init.d R25/8NESN &ara+eters to co+&'y wit 5ebian;@oody Su&&'e+enta' &ac3a-es avai'ab'e &rovidin- o&enss= &c+cia= &&& 6wit active>fi'ter enab'ed7 and wire'ess su&&ort. 2ec3 te 1erin- &ac3a-es directory . Pu+&.'r& reco+&i'ed wit &ro&er o&tions and /etc/shorewall.pump scri&t corrected. %'so /etc/init.d/pump scri&t re+oved9 Pu+& fu''y contro''ed by ifu&;down libnsl.so re+oved 6and tcpd and sshd reco+&i'ed accordin-'y7. Save about 10E 6co+&ressed7. /usr/sbin/ticker re&'aced by a se'' scri&t 6Tan3s Ray B7. Save 1=3E 6co+&ressed7 5ocu+entation u&dated to revision 0.2. Tan3s to /. %vants= T. ,aste& < /. P'atAe3 for teir su--estions B LEAF "Bering" installation guide 2. LEAF "Bering" Changelog .3. /ersion+ beta - Januar! ,, Eerne' 2.!.1( now used. New 3erne' confi- fi'e . 8nc'udes in &articu'ar su&&ort for P2#28%= PPP= PPP;PPP*,= 8S5N= DS1 and brid-in- Dse sorewa'' 1.2.2 a''owin- a+on- +any oter tin-s traffic sa&&in- < b'ac3'istin- Pu+& 60.8.11>37 bein- used as defau't 5.2P;1**TP c'ient to save dis3 s&ace 6dc'ient.'r& sti'' *E7 networ3in- scri&t now fu''y debian;sid co+&atib'e. 5acstein4s /etc/network.conf= /etc/ipchains.conf and /etc/init.d/network fi'es;scri&ts co+&'ete'y re+oved ifconfi- 61.!.27 and ifu&down 60.(.!7 avai'ab'e new a&&'ets in bbox 'ibrary 60.(0.27 new version of i&route2 601082!7. tc &atced to a''ow for .T1 ?ueuin- disci&'ine brid-e now avai'ab'e as a se&arate &ac3a-e. Provides brct' fro+ brid-e>uti's 60.".!7 &&&.'r& and &&&oe.'r& &rovided in te standard distro for seria';+ode+ and ads';&&&oe connections. &&&oe.'r& &rovides te PPPo, 2.!.1( 3erne' &'u-in. Te &&& dae+on is te 2.!.1 version &atced for 3erne' +ode PPPo, avai'ab'e ere . &on= &off and &'o- scri&ts &rovided in &&&.'r& for &&& on de+and. web'et.'r& +odified to and'e iptable out&ut. 5o not need netstat any+ore first draft of insta''ation -uide avai'ab'e 6wat your are readin- now7 .4. 0lder *ersions version9 2.!.1!>b1 > 12 5ece+ber 2001 version9 2.!.1!>a'& a > 20 Nove+ber 2001 Prev .o+e Next %bout /,%F 01erin-0 D& %vai'ab'e &ac3a-es on te /,%F 01erin-0 f'o&&y 3. A!ailable "a#$ages on the LEAF "Bering" %lo""& 1' LEAF "Bering" installation guide Prev /,%F 01erin-0 insta''ation -uide Next ". A*ailable (ackages on the LEAF "Bering" 5lo((! ".1. 6he LEAF "Bering" 5lo((! disk content Te fo''owin- fi'es are avai'ab'e on te 1(80E for+atted /,%F 01erin-0 f'o&&y9 &root@versa root'( ls %la /mnt/flopp$/ drwxr%xr%x ) root root *+,) -an . ./01 . drwxr%xr%x )) root root 21/+ 3ov ) .)41. .. %rwxr%xr%x . root root 50/* 3ov .2 ))4., bridge.lrp %rwxr%xr%x . root root 2,0+5 3ov .2 ))4., dhcpd.lrp %rwxr%xr%x . root root ),5.+ 3ov .2 ))4.) dnscache.lrp %rwxr%xr%x . root root )2).2 3ov .2 ))4.) etc.lrp %rwxr%xr%x . root root 2.155. 3ov .2 ))4.. initrd.lrp %rwxr%xr%x . root root *2050 3ov .2 ))4.) iptables.lrp %rwxr%xr%x . root root ../2. 3ov .2 ))4.) ke$board.lrp %r%xr%xr%x . root root 0..) -un .+ .,4.. ldlinux.s$s %rwxr%xr%x . root root *.1250 3ov .. 1/4*0 linux %rwxr%xr%x . root root 2/) 3ov .2 ))4.) local.lrp %rwxr%xr%x . root root )/+ -un .+ .+4,0 log.lrp %rwxr%xr%x . root root .12)0/ 3ov .2 ))4.) modules.lrp %rwxr%xr%x . root root /*0,, 3ov .2 ))4., ppp.lrp %rwxr%xr%x . root root .2.)* 3ov .2 ))4., pppoe.lrp %rwxr%xr%x . root root )2*++ 3ov .2 ))4.) pump.lrp %rwxr%xr%x . root root )11 3ov .. 1/4*0 readme %rwxr%xr%x . root root )+)2*+ 3ov .2 ))4.. root.lrp %rwxr%xr%x . root root 2+151 3ov .2 ))4.) shorwall.lrp %rwxr%xr%x . root root ).* 3ov .2 ))4.1 s$slinux.cfg %rwxr%xr%x . root root .101 3ov .2 ).4*2 s$slinux.dp$ %rwxr%xr%x . root root ./*2+ 3ov .2 ))4., weblet.lrp ".. 7escri(tion Te different &ac3a-es and fi'es are described in te two fo''owin- tab'es9 Table 1. Available LEAF packages Package name Purpose Version Status brid-e.'r& Provides brct' and brid-in- faci'ities 0.".! *&tionna' dc&d.'r& Provides a 5.2P server to your 'oca' networ3 2.0&'$ *&tionna' dnscace.'r& Provides 5.J. 1ernstein fast cacin- reso'ver for 5NS 1.0$ Reco++ended etc.'r& Provides syste+ ;etc fi'es 1.0>stab'e Re?uired initrd.'r& Provides /,%F bootstra& and core syste+ fi'es 1.0>stab'e Re?uired i&tab'es.'r& Provides i&tab'es &ro-ra+ 1.2.(a Re?uired 3eyboard.'r& Provides 3$ 8nternationa' 3eyboard 'ayouts 0.3 *&tionna' 'oca'.'r& Provides syste+ fi'es 1.0>stab'e Re?uired 'o-.'r& Provides syste+ ;var;'o- fi'es 1.0>stab'e Re?uired 3. A!ailable "a#$ages on the LEAF "Bering" %lo""& 11 LEAF "Bering" installation guide +odu'es.'r& Provides 2.!.18 3erne' +odu'es fi'es 1.0>stab'e Re?uired &&&.'r& Provides te &&& dae+on &atced for 3erne' +ode PPPo, 2.!.1 *&tionna' &&&oe.'r& Provides te PPPo, 3erne' &'u-in 2.!.1 *&tionna' &u+&.'r& Provides te Redat 5.2P;1**TP c'ient 0.8.11 *&tionna' root.'r& Provides te /,%F syste+ fi'es 1.0>stab'e Re?uired sorwa''.'r& Provides te sorewa'' firewa'' 1.3.10 Re?uired web'et.'r& Provides a @eb based /,%F +onitorin- too' 1.2.0 *&tionna' Table . !t"er #iles File name Purpose Version Status 'd'inux.sys sys'inux 6boot 'oader7 syste+ fi'e 1.)$ Re?uired 'inux /inux 3erne' 2.!.18 Re?uired sys'inux.cf- sys'inux /,%F confi-uration fi'e 1.)$ Re?uired sys'inux.d&y sys'inux screen 'o-o fi'e 1.)$ Re?uired Prev .o+e Next /,%F 01erin-0 2an-e'o- D& 8nsta''ation > ste& 19 down'oad te distribution LEAF "Bering" installation guide /,%F 01erin-0 insta''ation -uide Prev Next 4. (nstallation ) ste" 1* do+nload the distribution 12 #. 8nstallation - ste( 1+ do$nload the distribution #.1. Linu9 users %s root= down'oad te 1(80E dis3 i+a-e in your /tmp directory and co&y it to a 1(80E for+atted f'o&&y dis39 For+at a b'an3 f'o&&y dis39 superformat /dev/fd1u.+51 or fdformat /dev/fd1u.+51 2o&y te dis3 i+a-e on te f'o&&y9 dd if6/tmp/7ering8..1%stable8img8bering8.+51.bin of6/dev/fd1u.+51 #.. Windo$s users Fro+ your favorite browser= down'oad te 1(80E @ini+a-e in any avai'ab'e directory. .ave a b'an3 1=!! # for+atted dis3 ready. Ten c'ic3 on te down'oaded dis3 wini+a-e and fo''ow te instructions. Prev .o+e Next %vai'ab'e &ac3a-es on te /,%F 01erin-0 f'o&&y D& 8nsta''ation > ste& 29 down'oad te +odu'es 5. (nstallation ) ste" 2* do+nload the ,odules 13 &. 8nstallation - ste( + do$nload the %odules 8n order to use te /,%F firewa'' you wi'' need to insta'' te +odu'es tat wi'' be 'oaded to co+&'e+ent your 3erne'. Cou wi'' need one for your eternet card6s7 in &articu'ar. #odu'es can be stored in two different &'aces9 8n /boot/lib/modules9 tese +odu'es wi'' be 'oaded at te very be-inin- of te bootin- &rocess. Tis faci'ity is used to 'oad drivers wic wi'' be necessary in order to be ab'e to 'oad te re+ainin- of te &ac3a-es 625>R*# or .ard>dis3 drivers for exa+&'es wen you are bootin- off tose +edia9 cf. te 01ootin- 1erin- fro+ different boot>+edia0 section of te 1erin- user4s -uide7. Tese +odu'es wi'' be saved in te initrd.'r& &ac3a-e. None are &rovided by defau't in te /,%F distribution since +ost users won4t need any. 8f you use tis faci'ity= you wi'' a'so need to edit /boot/etc/modules in order to dec'are te se?uence of +odu'es you want to 'oad at tis sta-e. 8n /lib/modules9 tese +odu'es are &rovided by te +odu'es.'r& &ac3a-e wic is 'oaded as any oter &ac3a-e. Tis &ac3a-e sou'd &rovide +ost > if not a'' > of te +odu'es re?uired to ave te /,%F firewa'' wor3in- on your s&ecific ardware. Cou wi'' a'so need to edit /etc/modules in order to dec'are te se?uence of +odu'es you want to 'oad. 1y defau't= te +odu'es.'r& &ac3a-e of te /,%F 01erin-0 firewa'' &rovides9 ( ls %la drwxr%x%%% ) root root 1 3ov .. .242+ . drwxr%xr%x * root root 1 3ov .. .242+ .. lrwxrwxrwx . root root .) 3ov .. .242+ ).2..5 %> /lib/modules %rw%r%%r%% . root root ,+.)1 3ov .. .,4)* ,c*/x.o %rw%r%%r%% . root root 550) 3ov .. .,4)* 5,/1.o %rw%r%%r%% . root root )+,)5 3ov .. .,4)* eepro.11.o %rw%r%%r%% . root root */,+ 3ov .. .,4)* ip8conntrack8ftp.o %rw%r%%r%% . root root *0.+ 3ov .. .,4)* ip8conntrack8irc.o %rw%r%%r%% . root root 2025 3ov .. .,4)* ip8nat8ftp.o %rw%r%%r%% . root root 2)11 3ov .. .,4)* ip8nat8irc.o %rw%r%%r%% . root root /5.+ 3ov .. .,4)* n8hdlc.o %rw%r%%r%% . root root 5.22 3ov .. .,4)* ne.o %rw%r%%r%% . root root 5*.+ 3ov .. .,4)* ne)k%pci.o %rw%r%%r%% . root root //25 3ov .. .,4)* ppp8as$nc.o %rw%r%%r%% . root root ,/2)2 3ov .. .,4)* ppp8deflate.o %rw%r%%r%% . root root ),0.) 3ov .. .,4)* ppp8generic.o %rw%r%%r%% . root root )),*) 3ov .. .,4)* ppp8mppe.o %rw%r%%r%% . root root 0/15 3ov .. .,4)* ppp8s$nctt$.o %rw%r%%r%% . root root ..0,) 3ov .. .,4)* pppoe.o %rw%r%%r%% . root root ,+,+ 3ov .. .,4)* pppox.o %rw%r%%r%% . root root +022 3ov .. .,4)* slhc.o firewall4 %root% ( 3c$"x= 83"0= ee&ro100= ne and ne23>&ci are drivers for co++on networ3 cards. nKd'c= &&&K-eneric= &&&Kasync= &&&Kdef'ate= &&&Ksynctty= &&&K+&&e= &&&oe= &&&ox= s'c are &&& and &&&;&&&oe re'ated +odu'es. i&Kconntrac3KO and i&KnatKO +odu'es are use for +as?ueradin-. LEAF "Bering" installation guide 5. (nstallation ) ste" 2* do+nload the ,odules 14 Cou wi'' &robab'y need to down'oad oter +odu'es for your own networ3 card or to -et access to s&ecific functionna'ities 6brid-e.o for brid-in-= ...7. Te wo'e set of 1erin- 'inux 3erne' +odu'es is avai'ab'e for down'oad ere . 8f you :ust want to down'oad a s&ecific +odu'e -o trou- te 1erin- +odu'es down'oad area . Prev .o+e Next 8nsta''ation > ste& 19 down'oad te distribution D& 8nsta''ation > ste& 39 %dd;re+ove te 6un7needed &ac3a-es and +odu'es 6. (nstallation ) ste" 3* Add-re,o!e the .un/needed "a#$ages and ,odules 15 Prev /,%F 01erin-0 insta''ation -uide Next '. 8nstallation - ste( "+ Add:re%o*e the ;un<needed (ackages and %odules Te /,%F 01erin-0 f'o&&y dis3 is &rovided wit &ac3a-e6s7 and;or +odu'e6s7 you won4t necessary need. Fet rid of te+ to be-in wit. 2ec3 te 'ist of &ac3a-es &rovided above to see if you need te+. So+e exa+&'es fo''ow9 % DS user can re+ove te 3eyboard.'r& &ac3a-e % cab'e +ode+ user wit dyna+ic 8P can -et rid of te &&&.'r& and &&&oe.'r& &ac3a-es % user wit a fixed externa' 8P does not need &u+&.'r& % 5S/;PPPo, user wi'' not necessari'y need &u+&.'r& '.1. =e%o*ing unneeded (ackages To re+ove a -iven &ac3a-e 6say unneeded.'r&7 fro+ te /,%F dis3= insert it in your f'o&&y drive and boot it. @en you wi'' see te /,%F confi-uration +enu= ty&e ? 6?uit7 to -et access to te 'inux se''. Ten execute te fo''owin- co++ands9 mount %t msdos /dev/fd1u.+51 /mnt cd /mnt rm unneeded.lrp cd / umount /mnt '.. Edit the syslinux.cfg 5ile #a3e sure te 'ist of &ac3a-es tat you want to 'oad wen te /,%F firewa'' f'o&&y is booted corres&ond to tose &ac3a-es you want to 'oad9 1y defau't te sys'inux.cf- fi'e 'oo3s 'i3e9 displa$ s$slinux.dp$ timeout 1 default linux initrd6initrd.lrp init6/linuxrc root6/dev/ram1 boot6/dev/fd1u.+514msdos P9:P;<=6 To edit tis fi'e9 mount %t msdos /dev/fd1u.+51 /mnt cd /mnt ae s$slinux.cfg >edit the ?@P6 list to fit $our needsA >then save and exitA cd / umount /mnt *ter sys'inux &ara+eters9 6. (nstallation ) ste" 3* Add-re,o!e the .un/needed "a#$ages and ,odules 16 ogAsi?eB 5efines te siAe of te /var/log directory. 5efau'tN 2# systAsi?eB 5efines te siAe of te T#PFS fi'esyste+. 5efau'tN (#. t!$Asi?eB 5efines te siAe of te /tmp directory. 5efau'tN re+ainin- avai'ab'e +e+ory <CD<A4EB 5efines 'ocation of &ac3a-es defined in te L;<B 'ist. 8.,. if tey are stored on two different f'o&&ies= one wi'' ave so+etin- 'i3e9 displa$ s$slinux.dp$ timeout 1 default linux initrd6initrd.lrp log8size62B init6/linuxrc root6/dev/ram1 boot6/dev/fd1u.+514ms 8n te exa+&'e above &ac3a-es not avai'ab'e on te first f'o&&y drive 6e.-. 'ibA.'r& and ssd.'r&7 wi'' be 'oaded fro+ a 1(80E for+atted f'o&&y inserted in te second drive. *n te to& of tat !# are a''ocated to /var/log fi'es. Te /,%F editor is e3 . Te docu+entation is ere . 5ifferent e+u'ations are avai'ab'e9 vi= ae or e3ws are te +ost co++on one. '.". =e%o*ing unneeded %odules *nce you ave re+oved te unneeded &ac3a-es= you can re+ove te unneeded.o +odu'e6s7 as fo''ow9 cd /lib/modules rm unneeded.o lrcfg *nce you are bac3 wit te /,%F confi-uration +enu se'ect te /,%F &ac3a-es bac3u& entry and bac3u& te +odu'es &ac3a-e. '.#. Adding a ne$ (ackage To add a new &ac3a-e :ust co&y it to te /,%F f'o&&y and dec'are te na+e in te s$slinux.cfg /RPN 'ist. '.&. Adding e9tra %odules in :lib:%odules Cou can add +any features to your /,%F 01erin-0 distribution by addin- extra 3erne' +odu'es. *nce you 3now wic +odu'es you need= down'oad te+ fro+ te /,%F 1erin- +odu'es directory to a standard 61=!!# for+atted7 f'o&&y dis3. 1oot te /,%F 01erin-0 f'o&&y. *nce you see te /,%F +enu= re+ove te /,%F f'o&&y and re&'ace it wit te +odu'es f'o&&y. Ten issue te fo''owin- co++ands9 mount %t msdos /dev/fd1 /mnt cd /mnt cp needed..o needed).o ... /lib/modules cd / umount /mnt lrcfg Trou- te /,%F Pac3a-es confi-uration +enu se'ect 0+odu'es0 and dec'are tose +odu'es you need to 'oad in /etc/modules. Re+e+ber to save and bac3u& +odu'es.'r& B 6. (nstallation ) ste" 3* Add-re,o!e the .un/needed "a#$ages and ,odules 17 Te /,%F 01erin-0 /etc/modules fi'e contains te+&'ates to setu& a brid-e= to access to an 85, .ard>dis3 or 25>R*# and to activate DS1. '.'. Adding e9tra %odules in :boot:lib:%odules Cou can coose to 'oad tose extra 3erne' +odu'es at te ear'y sta-e of te boot &rocess ri-t after initrd fi'esyste+ is +ounted. Tis is ty&ica''y used to -et access to a stora-e device were te re+ainin- /,%F &ac3a-es are stored. *nce you 3now wic +odu'es you need= down'oad te+ fro+ te /,%F 1erin- +odu'es directory to a standard 61=!!# for+atted7 f'o&&y dis3. 1oot te /,%F 01erin-0 f'o&&y. *nce you see te /,%F +enu= re+ove te /,%F f'o&&y and re&'ace it wit te +odu'es f'o&&y. Ten issue te fo''owin- co++ands9 mount %t msdos /dev/fd1 /mnt cd /mnt cp needed..o needed).o ... /boot/lib/modules cd / umount /mnt lrcfg Trou- te /,%F Pac3a-es confi-uration +enu se'ect 0initrd0 and dec'are tose +odu'es you need to 'oad in /boot/etc/modules. Re+e+ber to save and bac3u& initrd.'r& B Prev .o+e Next 8nsta''ation > ste& 29 down'oad te +odu'es D& 8nsta''ation > ste& !9 confi-ure your 3eyboard LEAF "Bering" installation guide /,%F 01erin-0 insta''ation -uide Prev Next 7. (nstallation ) ste" 4* #on%igure &our $e&board 18 2. 8nstallation - ste( #+ con5igure !our ke!board 8f you are a non DS user you wi'' &robab'y need one of te 3$ 3eyboard 'ayouts &rovided in te 3eyboard.'r& &ac3a-e. To confi-ure 3eyboard -o to te /,%F &ac3a-es confi-uration +enu and coose 3eyboard. Te fo''owin- +enu wi'' a&&ear9 ke$board configuration files .A change ke$board language maps CA Cuit Ty&e 1 to -et access to te /etc/init.d/ke$board scri&t were you wi'' ave to re&'ace te E,C#%P variab'e 6defau'tN0us.+a&07 by te a&&ro&riate 3eyboard settin-. Te E,C#%P variab'e +ust be cosen a+on- te 3$ fo''owin- entries9 ( azert$.map cz.map fi.map jp.map ro.map trC.map ( be.map de%latin..map fr%latin..map la.map ru.map ua.map ( bg.map de.map fr.map lt.map se.map uk.map ( br%a.map dk.map gr.map mk.map sg.map us.map ( br%l.map dvorak.map hu.map nl.map sk%$.map wangbe.map ( b$.map es.map il.map no.map sk%z.map ( cf.map et.map is.map pl.map slovene.map ( croat.map fi%latin..map it.map pt.map trf.map To activate te new 3eyboard +a& -et access to te 'inux se'' and ty&e9 /etc/init.d/ke$board start Cou can ten re+ove te 3ey+a&s you do not need once you are a&&y wit your coice. 8t wi'' stri& te 3eyboard.'r& &ac3a-e to 13. Fro+ te /,%F conso'e si+&'y run9 /etc/init.d/ke$board remove To save your +odification6s7 do not for-et to bac3u& ke$board.lrpB Prev .o+e Next 8nsta''ation > ste& 39 %dd;re+ove te 6un7needed &ac3a-es and +odu'es D& 8nsta''ation > ste& $9 confi-ure your networ3 8. (nstallation ) ste" 5* #on%igure &our net+or$ 1 3. 8nstallation - ste( &+ con5igure !our net$ork Cou are now -oin- to dec'are your networ3 confi-uration trou- te Networ3 confi-uration +enu. 8f you want to &er+anent'y can-e any of te fo''owin- &ara+eters= do not for-et to bac3u& etc.'r& B Trou- te /,%F confi-uration +enu ty&e 1 to access to te Networ3 confi-uration +enu9 3etwork configuration menu .A interfaces file >/etc/network/interfacesA )A network options file >/etc/network/optionsA ,A hosts "P addresses >/etc/hostsA 2A hostname >/etc/hostnameA *A resolv.conf >/etc/resolv.confA +A super server daemon configuration >/etc/inetd.confA 0A hosts.allow >/etc/hosts.allowA 5A hosts.den$ >/etc/hosts.den$A /A networks >/etc/networksA CA Cuit %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% !election4 3.1. inter5aces 5ile ;/etc/network/interfaces< 1y defau't= te /,%F 01erin-0 firewa'' uses et0 as te externa' interface wit a dyna+ic 8P &rovided by &u+&.'r& and et1 as te interna' interface at address 1"2.1(8.1.2$!. ,dit 17 interfaces to +odify tose settin-s. Ty&ica' /,%F confi-urations are &rovided in te interfaces fi'e= si+&'y unco++ent wat you need and co++ent 6P7 wat you wi'' not needB 2ec3 te interfaces +an &a-es or te 5ebian networ3 interfaces exa+&'es for +ore co+&'icated setu&. Te networ3 confi-uration is activated in te /etc/init.d/networking scri&t trou- te ifu&down functions. *nce your interfaces are confi-ured= re+e+ber to save and bac3u& te etc.'r& &ac3a-e B 1e sure tat any interface can-e is ref'ected in your firewa'' confi-uration 6ste& ( be'ow7. %d:ust Sorewa'' &ara+s fi'e accordin-'y B 3.. net$ork o(tions 5ile ;/etc/network/options< 5efau't variab'es in tis fi'e are te fo''owin-9 LEAF "Bering" installation guide 8. (nstallation ) ste" 5* #on%igure &our net+or$ 2' ip8forward6no spoofprotect6$es s$ncookies6no Tese are defau't variba'es -enera''y acce&tab'e. Te i&Kforward variab'e is set bac3 to yes by Sorewa''. So if you do not use Sorewa'' and want to enab'e i& forwardin- you wi'' ave to set tis variba'e to yes. 3.". hosts 8> addresses ;/etc/hosts< Te /etc/hosts fi'e is were you &ut te na+e and 8P address of 'oca' osts. 8f you &'ace a ost in tis fi'e= ten you do not need to ?uery te do+ain na+e server to -et its 8P %ddress. Te disadvanta-e of doin- tis is tat if te 8P address for tat ost can-es= you +ust 3ee& tis fi'e u& to date yourse'f . 8n a we'' +ana-ed syste+= te on'y ostna+es tat usua''y a&&ear in tis fi'e are an entry for te 'oo&bac3 interface= and a'so te 'oca' osts na+e. 1y defau't9 .)0.1.1.. localhost ./)..+5...)*2 firewall 5o not for-et to dec'are te interna' address6es7 of a ss c'ient in tis fi'e if you want to connect ?uic3'y to your firewa'' +acineB 3.#. hostna%e ;/etc/hostname< 1y defau't= te na+e of your +acine is9 firewall 3.&. resol*.con5 ;/etc/resolv.conf< Te /etc/resolv.conf fi'e is te +ain confi-uration fi'e for 5NS reso'ution. 8ts for+at is ?uite si+&'e. 8t is a text fi'e tat as one 3eyword &er 'ine. Tere are tree 3eywords ty&ica''y used by te fi'e. Tese 3eywords are9 do!ain9 Tis 3eyword s&ecifies te 'oca' do+ain na+e search9 Tis 3eyword s&ecifies a 'ist of a'ternate do+ain na+es to searc for a ostna+e na!e ser&er9 Tis 3eyword= wic +ay be used +any ti+es= s&ecifies an 8P address of a do+ain na+e server to ?uery wen reso'vin- na+es 1y defau't tis fi'e is set to9 nameserver .)0.1.1.. nameserver ./)..+5...)*2 Cou sou'd not need to can-e it. Te fi'e= by defau't= sows te address of te 'oca' 5NS server 61"2.1(8.1.2$!7 &rovided by dnscace. Pu+& won4t override te address un'ess you i+&'icit'y a''ow it. 2ec3 te &u+& docu+entation be'ow if you want to can-e tat. 8. (nstallation ) ste" 5* #on%igure &our net+or$ 21 LEAF "Bering" installation guide 3.'. ?u(er ser*er dae%on con5iguration ;/etc/inetd.conf< Te /etc/inetd.conf fi'e is te confi-uration fi'e for te inetd server dae+on. 8ts function is to te'' inetd wat to do wen it receives a connection re?uest for a &articu'ar service. For eac service tat you wis to acce&t connections= you +ust te'' inetd wat networ3 server dae+on to run 6and ow to run it7. 8ts for+at is a'so fair'y si+&'e. 8t is a text fi'e wit eac 'ine describin- a service tat you wis to &rovide. %ny text in a 'ine fo''owin- a QP4 is bot i-nored= and it is considered a co++ent. ,ac 'ine contains seven fie'ds se&arated by any nu+ber of wites&ace 6tab or s&ace7 caracters. 1y defau't te tree fo''owin- services are o&en trou- inetd9 ssh stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sshd %i www stream tcp nowait sh%httpd /usr/sbin/tcpd /usr/sbin/sh%httpd stat stream tcp nowait root /usr/sbin/tcpd /usr/sbin/stat.sh 3.2. hosts.allo$ ;/etc/hosts.allow< Te /etc/hosts.allow fi'e is a confi-uration fi'e for te /usr/sbin/tcpd &ro-ra+. Te hosts.allow fi'e contains ru'es describin- wic osts are a''owed access to a service on your +acine. Te defau't for /,%F is9 ( /etc/hosts.allow4 list of hosts that are allowed to access the s$stem. !ee ( hosts8access>*A and /usr/doc/net/portmapper.txt ( ( Dxample4 ;??4 ?E;? @some8netgroup ( ;??4 .foobar.edu D#EDP< terminalserver.foobar.edu ( ( ;llow an$thing from the local net ;??4 ./)..+5...1/)**.)**.)**.1 %ny ost fro+ te interna' networ3 in te 1"2.1(8.1.0;2! 8P ran-e wi'' be a''owed to access to ss= www and stat trou- inetd. 8f you want tat on'y 1"2.1(8.1.1 fro+ your interna' networ3 can access to te firewa'' trou- ss and web'et= you wi'' ave9 ssh4 ./)..+5..../)**.)**.)**.)** www4 ./)..+5..../)**.)**.)**.)** stat4 ./)..+5..../)**.)**.)**.)** 3.3. hosts.den! ;/etc/hosts.deny< Te /etc/hosts.den$ fi'e is a confi-uration fi'e for te /usr/sbin/tcpd &ro-ra+. Te hosts.den$ fi'e contains entries for te ru'es definin- wic osts wi'' N*T be a''owed access to a service on your +acine. Te defau't in /,%F is9 8. (nstallation ) ste" 5* #on%igure &our net+or$ 22 LEAF "Bering" installation guide ( /etc/hosts.den$4 list of hosts that are 8not8 allowed to access the s$stem. ( !ee hosts8access>*A and /usr/doc/net/portmapper.txt ( ( Dxample4 ;??4 some.host.nameF .some.domain ( ;?? D#EDP< in.fingerd4 other.host.nameF .other.domain ( ( <he P;@;3"G wildcard matches an$ host whose name does not match its ( address. ;??4 P;@;3"G ( Prevent all access not explicitl$ allowed in hosts.allow ;??4 ;?? 3.4. net$ork ;/etc/network< Te /etc/networks fi'e as a si+i'ar function to tat of te /etc/hosts fi'e.Tis fi'e &rovides a si+&'e database of networ3 na+es a-ainst networ3 addresses. 8ts for+at differs in tat tere +ay be on'y two fie'ds &er 'ine= and tat te fie'ds are coded as9 Te defau't in /,%F is9 localnet .)0.1.1.1 Prev .o+e Next 8nsta''ation > ste& !9 confi-ure your 3eyboard D& 8nsta''ation > ste& (9 confi-ure Sorewa'' . (nstallation ) ste" 6* #on%igure 0hore+all 23 Prev /,%F 01erin-0 insta''ation -uide Next 4. 8nstallation - ste( '+ con5igure ?hore$all *ne of te distintive feature of 1erin- is tat it re'ies on Sorewa'' to &rovide it4s firewa'' faci'ity. Te reasons beind tis coice are nu+erous9 Sorewa'' is an i&tab'es based firewa'' wic offers +any features 6#as?ueradin-;SN%T= Port forwardin-= Static N%T= Proxy %RP= HPN su&&ort= Traffic 2ontro';Sa&in-7 wic are described in -reater detai' ere. 8t is a very &owerfu'' too' wit wic it is 0si+&'e to do si+&'e tin-s0 but wic a'so offers a -reat f'exibi'ity. 8t is very we'' docu+ented. 8 stron-'y reco++end tat you &rint out te fu'' docu+entation avai'ab'e in &df for+at in te Sorewa'' down'oad area and tat you s&end te ti+e to understand te conce&t beind it. % wortwi'e effort B 8t as a nice Ruic3Start Fuide wic wi'' a''ow te reader to ?uic3'y -ras& te basics. % &rere?uisite readin- B 8t as a tre+endous su&&ort fro+ it4s deve'o&&er= To+ ,aste&= wo re&'ies very ?uic3'y to re?uests addressed to te sorewa'' user4s +ai'in- 'ist . #ai' arcives are a'so avai'ab'e and searcab'e. Te sorwa''.'r& &ac3a-e &rovided on te 1erin- distro 6startin- wit v1.0>rc27 is bui't as fo''ow9 5own'oad te /%T,ST.'r& &ac3a-e fro+ To+4s site and rena+e it sorwa''.'r&. 5own'oad eiter te Two>interfaces #as?ueradin- Firewa'' or te Tree>interfaces #as?ueradin- Firewa'' wit 5#M de&endin- on your own situation. Tey wi'' &rovide you wit defau't setu& for te interfaces= +as?= &o'icy= ru'es and Aones fi'es tat wi'' be used in re&'ace+ent of tose &rovided in To+4s ori-ina' &ac3a-e. %dd two state+ents in te 0ru'es0 fi'e in order to a''ow ?uery to dnscace and web'et servers fro+ te interna' networ3. See be'ow. 2reate an *DTPDT fi'e in /etc/shorewallwit a uni?ue state+ent tat wi'' ta3e care of te ic+&>dnat netfi'ter bu- wor3around9 ( <ake care of icmp%dnat netfilter bug workaround ( http4//www.netfilter.org/securit$/)11)%12%1)%icmp%dnat.html ( -3 -une )11). !uggestion b$ <om Dastep ><hks <om HA run8iptables %" I<PI< , %m state %p icmp %%state "3J;?"G %j G@P Te four &revious ste&s wi'' a''ow you to u&date sorwa''.'r& on your own 1erin- distro wenever a +ore recent Sorewa'' version is re'eased. 1erin- sorwa''.'r& &ac3a-e is &rovided by defau't wit te Two>interfaces #as?ueradin- Firewa'' and te two extra ru'es +entionned ear'ier. Tis setu& assu+es tat et0 is connected to te 8nternet via a dyna+ic 8P and tat your 'oca' networ3 is interfaced trou- et1. To confi-ure Sorewa''= start te /,%F &ac3a-es confi-uration +enu and coose sorwa''. Te fo''owin- +enu wi'' a&&ear9 shorwall configuration files .A Params ;ssign parameter values )A Kones Partition the network into Kones . (nstallation ) ste" 6* #on%igure 0hore+all 24 ,A "faces !horewall 3etworking "nterfaces 2A =osts Gefine specific zones *A Polic$ Lirewall high%level polic$ +A @ules Dxceptions to polic$ 0A BasC "nternal B;!M !erver Eonfiguration 5A Prox$;rp Prox$ ;@P Eonfiguration !toppe/ dA =osts admitted after Nshorewall stopN .1A 3at !tatic 3;< Eonfiguration ..A <unnels <unnel Gefinition >ipsecA .)A <E@ules LOBark @ules .,A Eonfig !horewall :lobal Parameters .2A Bodules 3etfilter modules to load .*A <! <$pe of !ervice polic$ .+A 7lacklist 7lacklisted hosts @LE./.. 05A Gefines Nnorfc./.5N interface option CA Cuit %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% !election4 2ec3 te y&er'in3s above= te Ruic3start Fuide or te Sorewa'' docu+entation to ave a fu'' ex&'anation on tose confi-uration fi'es. Four fi'es +ust be cec3ed abso'ute'y to +a3e sure tey fit your needs9 %; Te zone fi'e 6entry 27. For a two interfaces settin- > 1erin-4s defau't > it 'oo3s 'i3e9 (K3D G"!P?;P EBBD3<! net 3et "nternet loc ?ocal ?ocal networks (?;!< ?"3D % ;GG PI@ D3<@"D! ;7JD <="! 3D % G 3< @DBJD a> 1; Te interfaces fi'e 6entry 37 defines your interfaces. 5efau't in 1erin- is9 >...A (K3D "3<D@L;ED 7@;GE;!< P<"3! net eth1 detect dhcpFroutefilterFnorfc./.5 loc eth. detect routestopped (?;!< ?"3D %% ;GG PI@ D3<@"D! 7DL@D <="! 3D %% G 3< @DBJD 2; Te rules fi'e 6entry (7 is one of te +ost i+&ortant fi'es in Sorewa''. .ere is te one fro+ 1erin-9 >...A ( Pour entries for this setup would look like4 ( ;EEDP< fw net tcp *, ;EEDP< fw net udp *, ( ( ;ccept !!= connections from the local network for administration ( ;EEDP< loc fw tcp )) ( 7ering specific rules4 ( allow loc to fw udp/*, for dnscache to work ( allow loc to fw tcp/51 for weblet to work ( . (nstallation ) ste" 6* #on%igure 0hore+all 25 ;EEDP< loc fw udp *, ;EEDP< loc fw tcp 51 (?;!< ?"3D %% ;GG PI@ D3<@"D! 7DL@D <="! 3D %% G 3< @DBJD %s you can notice fro+ above= two ru'es ave been added to te two>interfaces fi'e. Tey a''ow9 D5P re?uests fro+ te 'oca' networ3 6'oc7 to te firewa'' 6fw7 on &ort $3. Tis is te &ort used by dnscace to 'isten at dns re?uests co+in- fro+ te interna' networ3. T2P re?uests fro+ te 'oca' networ3 6'oc7 to te firewa'' 6fw7 on &ort 80. Tis is te &ort used by web'et for its web server. 5; Fina''y te masC fi'e 6entry )7. 8n 1erin- it 'oo3s 'i3e9 >...A ("3<D@L;ED !I73D< eth1 eth. (?;!< ?"3D %% ;GG PI@ D3<@"D! ;7JD <="! ?"3D %% G 3< @DBJD 8f you can-e any of te sorewa'' &ara+eters= re+e+ber to bac3u& sorwa''.'r& B Prev .o+e Next 8nsta''ation > ste& $9 confi-ure your networ3 D& 8nsta''ation > ste& )9 confi-ure your syste+ 1'. (nstallation ) ste" 7* #on%igure &our s&ste, 26 Prev /,%F 01erin-0 insta''ation -uide Next 1,. 8nstallation - ste( 2+ con5igure !our s!ste% 8t4s now ti+e to fine tune your insta''ation.Cou are now -oin- to fine tune your syste+ confi-uration trou- te Syste+ confi-uration +enu. Tis ca&ter is for te ex&erienced 8f you want to &er+anent'y can-e any of te fo''owin- &ara+eters= do not for-et to bac3u& etc.'r& B Trou- te /,%F confi-uration +enu ty&e 2 to access to te Syste+ confi-uration +enu9 !$stem configuration menu .A Baster ?@P settings >/etc/lrp.confA )A P!"#ness mail settings >/etc/P!"#ness.confA ,A Lile s$stem mounts >/etc/fstabA 2A ?owest level boot%up configuration >/etc/inittabA *A !$stem wide profile >/etc/profileA +A Ports root is allowed to login to >/etc/securett$A 0A !$stem logging configuration >/etc/s$slog.confA 5A !ervice name to number translation >/etc/servicesA /A ?ocal timezone <K setup >/etc/tzvalueA CA Cuit %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% !election4 1,.1. 1aster L=> settings ;/etc/lrp.conf< Te fi'e 'oo3s 'i3e9 (<his is the master config file for s$stemwide ?@P functions. ("t is referenced b$ multicron%Q and P!"#ness. ( ?og files in /var/log/ to rotate. GDP<= 66 ;mount to keep. lrp8?:!8G;"?P6Rdaemon.log debug kern.log messages s$slog user.log S ppp.log pslave.logR lrp8?:!8ODD9?P6Rauth.log lastlogR lrp8?:!8B3<=?P6RwtmpR lrp8?:!8GDP<=62 8n tis &art of te lrp.conf fi'e= you dec'are tose fi'e for wic tere wi'' be a dai'y= wee3'y and +ont'y bac3u&. Te nu+ber of 'o-= for eac fre?uency= is -iven by te 'r&K/*FSK5,PT. variab'e. Te defau't va'ues -iven to tose variab'es sou'd be *E for +ost users. ( Dmail address to use for notices and alerts. "f blank alerts wonNt be sent. (lrp8B;"?8;GB"36Radmin@m$domain.netR Te na+e of te variab'e says it a''9 you -ive ere te ,>+ai' address of te router ad+inistrator to wo+ te +onitorin- +essa-es wi'' be sent. 5o not for-et to unco++ent te variab'e na+e if you want to activate tat faci'ityB 1'. (nstallation ) ste" 7* #on%igure &our s&ste, 27 ( !erver that will be contacted via NrdateN for the time service dail$. ( <urning this on also updates the EB! clock (lrp8G;<D8!D@JD@6Rtime.nist.govR 8f you unco++ent 'r&K5%T,KS,RH,R and dec'are a ti+e server na+e ere= tis ti+e server wi'' ?ueried &eriodica''y to u&date your 1erin- box ti+e. Cou +ust be sure tat your server acce&t rdate re?uests since teir nu+ber is &ro-ressive'y di+inisin- in favour of nt& server. 8n order to ave rdate re?uests wor3in- &ro&er'y= you need9 To o&en &ort 3) in Sorewa''. Te fo''owin- state+ent in te /etc/shorewall/rules fi'e wi'' do9 ;EEDP< fw net tcp ,0 To be sure tat your ti+e server a''ows re?uest directed to &ort 3). Tis is not te case of every ti+eserver wose 'ist is avai'ab'e ere . ( ?ist of hosts to ping check. ;GB"3 will be sent mail if an$ fail. (lrp8P"3:8=!<!6Rrouter..upstream.com server).theirnet.orgR Cou dec'are in 'r&KP8NFK.*STS te na+e of te osts you want to &in- cec3. 5o not for-et to unco++ent te variab'e na+e if you want to activate tat faci'ityB ( !P;EDE=DE9F will check the space available on a defined device. ( Lor each device $ou must define a tag and a group of parameters ( associated with this tag. >!ee belowA. <henF for each deviceF ( if the remaining free space is <6 B"397 or <6 B"3PD@F each level ( of file mask>sA will be wipedF until the minimum available space ( is met or level * is reached. Liles are individuall$ nullNed ( to 1 size. <he$ are not rmNed. >s$slogd will not be interruptedA ( Ohen the level set in B;"?8?DJD?F is reached or exceededF an ( alert will be sent to ;GB"3. >"f setA ( Pou can have as man$ tags as $ou want 4%A ( Gefault6ne tag >?A associated to /var/log ( lrp8!P;EDE=DE963 ( PD! or 3 >defaultA lrp8!E8BI3<6R?R ( define here the tag>sA of directories to be checked (lrp8!E8BI3<6R? <R ( an alternative if $ou want to check two directories lrp8!E8B;"?8?DJD?6) ( >6 + to disable. ( <he following block defines the parameters for the R?R tag lrp8!E8B3<8?6R/var/logR ( Girector$ to be checked lrp8!E8B"3978?6%. ( <6 %. to disable. lrp8!E8B"3PD@8?6* ( >6 .1. to disable. Gefault *T. lrp8!E8GD?8?.6R/var/log/Q&,%2'.gzR ( defines the files that will be set to 1 when space l lrp8!E8GD?8?)6R/var/log/Q&.%)'.gzR lrp8!E8GD?8?,6R/var/log/Q.gzR lrp8!E8GD?8?26R/var/log/Q.1R lrp8!E8GD?8?*6R/var/log/wtmpR ( <he following block defines the parameters for the R<R tag (lrp8!E8B3<8<6R/tmpR ( Girector$ to be checked (lrp8!E8B"3978<6%. ( <6 %. to disable. (lrp8!E8B"3PD@8<6* ( >6 .1. to disable. Gefault *T. (lrp8!E8GD?8<.6R/tmp/...R ( defines the files that will be set to 1 when space l (lrp8!E8GD?8<)6R/tmp/...R (lrp8!E8GD?8<,6R/tmp/...R (lrp8!E8GD?8<26R/tmp/...R 1'. (nstallation ) ste" 7* #on%igure &our s&ste, 28 (lrp8!E8GD?8<*6R/tmp/...R 8f 'r&KSP%2,2.,2E is set to yes= te s&ace 'eft on s&ecified device6s7 wi'' be cec3ed. 8f te s&ace is 'ess tan te 'i+it you set= ten a +ai' a'ert wi'' be sent to te ad+in. 1y defau't te s&ace is cec3ed on te /var/log directory. Te confi-uration +ay see+ a 'itt'e co+&'icated at first. Te 'r&KS2K#*DNT variab'e assi-ns a one caracter ta- for eac directory tat sou'd be tested. ,ac ta- is se&arated by a s&ace. For exa+&'e you can ave9 lrp8!E8BI3<6R? <R Ten for eac ta- &revious'y defined you sou'd dec'are an 'r&KS2K#NTK4AD variab'e do dec'are te na+e of te corres&ondin- directory= an 'r&K#8NE1K4AD= an 'r&K#8NP,RK4AD and= o&tionna''y= a 'ist of fi'es to be c'eaned u& s&'itted in $ 'eve's. Te first 'eve' wi'' be c'eaned u& first= ten te second if s&ace constraint is sti'' enforced and so on... For exa+&'e9 lrp8!E8B3<8?6R/var/logR Now you can s&ecify a treso'd for te +e+ory to ta3e an action. Cou can s&ecify tis treso'd in E1 6'r&KS2K#8NE17 or as &ercent of te &artition.6'r&KS2K#8NP,R7 lrp8!E8B"3978?6R)11R lrp8!E8B"3PD@8?6R,1R 8n te above exa+&'e tere wi'' be an a'ert as soon as te free +e+ory on /var/log is 'ess tan 200 E1 *R as soon as te a+ount of free s&ace on /var/log wi'' be 'ess tan 30S. %s soon as one of te treso'd for a dec'ared &artition is reaced ten te &ro-ra+ wi'' 'oo3= if tey exist= for te 'r&KS2K5,/K4AD variab'es and wi'' Aero out tose fi'es unti' tere is enou- s&ace 'eft. if you indicated an e+ai' address for te ad+inistrator e wi'' be infor+ed by +ai' about te reaced 'eve'. 1,.. >0?8@ness setting ;/etc/POSIXness.conf< Te infor+ation ere a''ows you to dec'are te defau't &ara+eters of your 1erin- box +ai' &ro-ra+. (<his is the master config file for the P!"#ness.mail scripts ( =ost !B<P server for the NmailN command. "f blank the host NmailN is used. (B;"?8!D@JD@6Rsmtp.m$domain.netR ( Lrom4 domain to send to mail server. "f blankF Uhostname %fU is used. (B;"?8GB;"36Rm$domain.netR ( @eturn%Path will be I!D@@B;"?8GB;"3 (I!D@6Rm$nameR Te #%8/KS,RH,R variab'e is te FR5N of your +ai' server. 8n +ost cases it wi'' be your 8SP s+t& +ai' server 6e.-. 0+ai'.+yis&.co+0 or 0s+t&.+yis&.co+07. 1e sure tat you can use it to re'ay +ai' B Te #%8/K5*#%8N variab'e wi'' te do+ain &art of te +ai' return address 6e.-. +yis&.co+7 LEAF "Bering" installation guide 1'. (nstallation ) ste" 7* #on%igure &our s&ste, 2 Te DS,R variab'e wi'' be te user na+e of te +ai' return address 8f you want to be ab'e to send a +ai' fro+ your 1erin- box do not for-et to ad:ust your firewa'' ru'es accordin-'yB Cou wi'' ave to inc'ude in te Sorewa'' rules fi'e te fo''owin- state+ent9 ;EEDP< fw net tcp )* 1,.". File s!ste% %ounts ;/etc/fstab< 1y defau't= tis fi'e 'oo3s 'i3e9 ( /etc/fstab4 static file s$stem information. ( ( <file s$stem> <mount point> <t$pe> <options> <dump> <pass> proc /proc proc noauto 1 1 8f you want to add a ard>dis3 and want it to be +ounted auto+atica''y at boot ti+e= add it to your /etc/fstab fi'e. 1,.#. Lo$est le*el boot-u( con5iguration ;/etc/inittab< Te inittab fi'e describes wic &rocesses are started at bootu& and durin- nor+a' o&eration 6e.-. /etc/init.d/boot= /etc/init.d/rc= gett$s...7. 8nit687 distin-uises +u'ti&'e run'eve's= eac of wic can ave its own set of &rocesses tat are started. Ha'id run'eve's are 0>( &'us %= 1= and 2 for onde+and entries. %n entry in te inittab fi'e as te fo''owin- for+at9 id4runlevels4action4process /ines be-innin- wit QP4 are i-nored. Tere sou'd no reason for +ost users to can-e tis fi'e. 1,.&. ?!ste% $ide (ro5ile ;/etc/profile< Tis fi'e is read ri-t after 'o-in and is used to deca're environne+ent variab'e. Cou can a'so use it to dec'are se'' a'iases. #ost users won4t can-e it. 1,.'. >orts root is allo$ed to login to ;/etc/securetty< /etc/securett$ is used by 'o-in617T te fi'e contains te device na+es of tty 'ines 6one &er 'ine= witout 'eadin- ;dev;7 on wic root is a''owed to 'o-in. 1erin- defau't fi'e 'oo3s 'i3e9 ( /etc/securett$4 list of terminals on which root is allowed to login. ( !ee securett$>*A and login>.A. ( ( "nclude tt$p1F tt$p.F etc to allow telnet access. Q3< @DEBBD3GDGQ tt$. tt$) tt$, tt$2 tt$* LEAF "Bering" installation guide 1'. (nstallation ) ste" 7* #on%igure &our s&ste, 3' tt$+ 1'. (nstallation ) ste" 7* #on%igure &our s&ste, 31 LEAF "Bering" installation guide tt$0 tt$5 1,.2. ?!ste% logging con5iguration ;/etc/syslog.conf< Te s$slog.conf fi'e is te +ain confi-uration fi'e for te sys'o-d wic 'o-s syste+ +essa-es on Onix syste+s. Tis fi'e s&ecifies ru'es for 'o--in-. For s&ecia' features see te sys3'o-d +an&a-e. ,very ru'e consists of two fie'ds= a se'ector fie'd and an action fie'd. Tese two fie'ds are se&arated by one or +ore s&aces or tabs. Te se'ector fie'd s&ecifies a &attern of faci'ities and &riorities be'on-in- to te s&ecified action. /ines startin- wit a as +ar3 6QQP447 and e+&ty 'ines are i-nored. Tis fi'e sou'd on'y be +odified by ex&erienced /inux users. 1,.3. ?er*ice na%e to nu%ber translation ;/etc/services< /etc/services is a &'ain %S288 fi'e &rovidin- a +a&&in- between friend'y textua' na+es for internet services= and teir under'yin- assi-ned &ort nu+bers and &rotoco' ty&es. ,very networ3in- &ro-ra+ sou'd 'oo3 into tis fi'e to -et te &ort nu+ber 6and &rotoco'7 for its service. Port nu+bers are assi-ned by te 8%N% 68nternet %ssi-ned Nu+bers %utority7= and teir current &o'icy is to assi-n bot T2P and D5P &rotoco's wen assi-nin- a &ort nu+ber. Terefore= +ost entries wi'' ave two entries= even for T2P on'y services. Port nu+bers be'ow 102! 6so>ca''ed 4'ow nu+bered4 &orts7 can on'y be bound to by root 6see bind627= tc&6)7= and ud&6)7.7 Tis is so tat c'ients connectin- to 'ow nu+bered &orts can trust tat te service runnin- on te &ort is te standard i+&'e+entation= and not a ro-ue service run by a user of te +acine. @e''>3nown &ort nu+bers s&ecified by te 8%N% are nor+a''y 'ocated in tis root on'y s&ace. Te &resence of an entry for a service in te services fi'e does not necessari'y +ean tat te service is current'y runnin- on te +acine. See inetd.conf6$7 for te confi-uration of 8nternet services offered. Note tat not a'' networ3in- services are started by inetd687= and so won4t a&&ear in inetd.conf6$7. 8n &articu'ar= news 6NNTP7 and +ai' 6S#TP7 servers are often initia'ised fro+ te syste+ boot scri&ts. 1,.4. Local ti%ezone 6A setu( ;/etc/tvalue< ( ( <his file contains the <K setting for the timezone. "t is best to set ( up /etc/localtime instead. Incomment to activate it. ( (Lormat4 <K6<timezone>VW%==&4BB' !ign Vve east of :reenwichF %ve otherwise. (export <K6:B< ,x&'anation about te TM variab'e is avai'ab'e ere . #ost users won4t can-e tat variab'e Te easiest way to define your 'oca' ti+e Aone of your 1erin- box is to down'oad te corres&ondin- 'oca'ti+e fi'e. P'ease refer to te 1erin- user4s -uide 0Ti+e in 1erin-0 Prev .o+e Next 8nsta''ation > ste& (9 confi-ure Sorewa'' D& 8nfor+ation on &ac3a-es &rovided on te 1erin- f'o&&y dis3 11. (n%or,ation on "a#$ages "ro!ided on the Bering %lo""& dis$ 31 Prev /,%F 01erin-0 insta''ation -uide Next 11. 8n5or%ation on (ackages (ro*ided on the Bering 5lo((! disk 11.1. bridge.lr( So+e infor+ation on brid-e confi-uration is avai'ab'e ere . 8f so+eone fee's 'i3e writin- a user4s -uide ca&ter on 1erin-= &'ease do not esitate 9>7 2urrent 01erin-0 version9 0.".! 11.. dhc(d.lr( Tis is te 8S2 dc& server fro+ 2ar'es4s @eb site. % fu'' docu+entation is avai'ab'e ere . 5o not for-et te dc& &ara+eter in your Sorewa'' interface fi'e 6See Sorewa'' docu+entation7. 2urrent 01erin-0 version9 2.0&'$ 11.". dnscache.lr( % fu'' docu+entation is avai'ab'e ere . 2urrent 01erin-0 version9 1.0$ 11.#. etc.lr( 1erin- re?uired &ac3a-e. 2urrent 01erin-0 version9 1.0>stab'e 11.&. initrd.lr( 1erin- re?uired &ac3a-e. 2urrent 01erin-0 version9 1.0>stab'e 11.'. i(tables.lr( Provides i&tab'es &ro-ra+ fro+ te Netfi'ter &ro:ect. 2urrent 01erin-0 version9 1.2.(a 11. (n%or,ation on "a#$ages "ro!ided on the Bering %lo""& dis$ 32 11.2. ke!board.lr( 1erin- re?uired &ac3a-e. 2urrent 01erin-0 version9 1.0>stab'e 11.3. local.lr( 1erin- re?uired &ac3a-e. 2urrent 01erin-0 version9 1.0>stab'e 11.4. log.lr( 1erin- re?uired &ac3a-e. 2urrent 01erin-0 version9 1.0>stab'e 11.1,. %odules.lr( 1erin- re?uired 3erne' +odu'es &ac3a-e. 2urrent 01erin-0 version9 1.0>stab'e 11.11. (((.lr( &&&.'r& &rovides te &&& dae+on &atced to a''ow for PPPo, connection. 8t wi'' a'so be needed for a standard seria' +ode+ connection. To confi-ure &&& -o to te /,%F Pac3a-es confi-uration +enu and coose &&&. Te fo''owin- +enu wi'' a&&ear9 ppp configuration files .A "!P pppd options )A "!P login script ,A !$stem wide pppd options 2A chap secret *A pap secret +A pppd daemon script CA Cuit *&tion 1 -ive you access to te /etc/ppp/peer/provider fi'e. Te sa+&'e fi'e is ready to use for a 2o+&userve +ode+ dia'>u& connection. %d:ust it to you needs. *&tion 2 -ives you access to te /etc/chatscripts/provider. Te sa+&'e fi'e is a sa+&'e scri&t fi'e for 2o+&userve. %d:ust it to your needs. *&tion 3 -ives you access to te /etc/ppp/options syste+ wide fi'e *&tion ! -ives you access to te /etc/ppp/chap%secrets fi'e *&tion $ -ives you access to te /etc/ppp/pap%secrets fi'e *&tion ( -ives you access to te /etc/init.d/ppp scri&t fi'e 11. (n%or,ation on "a#$ages "ro!ided on the Bering %lo""& dis$ 33 Te +an &a-e for te &&& dae+on is avai'ab'e ere. Te peer/provider and chatscript/provider fi'es are te one used by defau't for a +ode+ connection. Cou can i-nore tose two fi'es if you run &&&.'r& to-ter wit te &&&oe.'r& &ac3a-e. 8n tis case you wi'' edit te two ads'>&rovider fi'es avai'ab'e trou- te &&&oe confi-uration +enu. Te 1erin- &&&d dae+on co+es fro+ te &&&>2.!.1.tar.-A &ac3a-e. Tis &ro-ra+ is &atced for &&&oe su&&ort wit te &&&>2.!. 1>&&&oe.&atc! &atc. Te resu't of te co+&i'ation -ives te 01erin-0 &&&d dae+on &rovided in &&&.'r&. 8f you want su&&ort for #S2.%P 6&&t& tunne's7 or for te active>fi'ter &&&d o&tion you wi'' ave to re&'ace te &&&d dae+on &rovided on te 1erin- &&&.'r& &ac3a-e by te a&&ro&riate version avai'ab'e ere . Te fo''owin- &atced &&&d dae+ons are avai'ab'e9 pppd%pptp R7eringR pppd daemon V the two following patches4 ppp%).2..%openssl%1./.+%mppe%patch.gz ppp%).2..%B!E=;Pv)%fix.patch.gz pppd%pptp%reCmppe pppd%pptp V the following patch4 reCuire%mppe.diff pppd%pptp%reCmppe%filter pppd%pptp%reCmppe compiled with the L"?<D@ flag enabled and statiscall$ compiled against libpcap. pppd%filter R7eringR pppd daemon compiled with the L"?<D@ flag enabled and staticall$ compiled against libpcap. 3o pptp support. 2urrent 01erin-0 version9 2.!.1 11.1. (((oe.lr( &&&oe.'r& &rovides te PPPo, &&&d &'u-in to a''ow for a 3erne' based PPPo, connection. To confi-ure PPPo,= -o to te /,%F &ac3a-es confi-uration +enu and se'ect &&&oe. Te fo''owin- +enu wi'' a&&ear9 pppoe configuration files .A G!? pppd options )A pap secret CA Cuit *&tion 1 -ive you access to te /etc/ppp/peer/dsl%provider fi'e. Te sa+&'e fi'e is ready to use for T>5S/. %d:ust it to you needs. 8#P*RT%NT9 be sure to can-e te user $a$na!e wit your va'id 'o-in na+e. Dsua''y you need te U&rovider.co+ suffix. Tis na+e +ust be te sa+e as te one in te /etc/ppp/pap%secrets 11. (n%or,ation on "a#$ages "ro!ided on the Bering %lo""& dis$ 34 be'ow. *&tion 2 -ives you access to te /etc/ppp/pap%secrets fi'e. Te for+at is userna!e 6te sa+e as above7 O yoursecret Te /,%F 01erin-0 distribution uses te PPPo, 3erne' +ode &'u-in. 5o not use te instructions for Roarin- Pen-uin &&&oeB 2urrent 01erin-0 version9 2.!.1 11.1". (u%(.lr( Pu+& is te 5.2P;1**TP c'ient fro+ Redat. To confi-ure it -o to te /,%F &ac3a-es confi-uration +enu and coose &u+&. Te fo''owin- +enu wi'' a&&ear9 pump configuration files .A pump configuration file )A pump default config file ,A pump init script CA Cuit *&tion 1 -ive you access to te &u+& confi-uration fi'e 6/etc/pump.conf7. #an &a-es are avai'ab'e ere. *&tion 2 defines defau't &ara+eters *&tion 3 -ives you access to te /etc/init.d/pump scri&t 6ex&erienced users on'yB7 2urrent 01erin-0 version9 0.8.11>3 11.1#. root.lr( 1erin- re?uired &ac3a-e. 2urrent 01erin-0 version9 1.0>stab'e 11.1&. shor$all.lr( Te Sorewa'' firewa'' fro+ To+ ,aste&. See te 02onfi-ure Sorewa''0 ca&ter of tis insta''ation -uide. 2urrent 01erin-0 version9 1.3."b 11.1'. $eblet.lr( Dsed to +onit0r your 1erin- box trou- a @eb interface. 5ocu+entation is avai'ab'e on 2ar'e4s @eb site . 2urrent 01erin-0 version9 1.2.0 Prev .o+e Next 11. (n%or,ation on "a#$ages "ro!ided on the Bering %lo""& dis$ 35 8nsta''ation > ste& )9 confi-ure your syste+ D& 8nfor+ation on &ac3a-es &rovided in te 1erin- &ac3a-es down'oad area 12. (n%or,ation on "a#$ages "ro!ided in the Bering "a#$ages do+nload area 36 Prev /,%F 01erin-0 insta''ation -uide 1. 8n5or%ation on (ackages (ro*ided in the Bering (ackages do$nload area 1erin- s&ecific &ac3a-es are avai'ab'e in te 1erin- &ac3a-es directory . @at fo''ows is on'y a sort descri&tion wit 'in3 to te &ro&er docu+entation= wen avai'ab'e 9>7 @it 1erin- rc!= te fo''owin- s&ecific &ac3a-es are avai'ab'e 6as of Nove+ber 1!=200279 drwxr%sr%x , jnilo leaf 21/+ 3ov .. 154)+ . drwxr%sr%x 2 jnilo leaf 21/+ 3ov .. 1+4., .. %rw%r%%r%% . jnilo leaf 2,/*. -un ) .14). dhclient.lrp %rw%r%%r%% . jnilo leaf ,221.* 3ov .. 154)+ ipsec.lrp %rw%r%%r%% . jnilo leaf ,0.+*, 3ov .. 154,, ipsec*1/.lrp %rw%r%%r%% . jnilo leaf ,/+./ ;pr )* )11) libm.lrp %rw%r%%r%% . jnilo leaf ,.)+/ ct + 1/4,, ntpdate.lrp %rw%r%%r%% . jnilo leaf **.,+ ct + 1/4,, ntpsimpl.lrp %rw%r%%r%% . jnilo leaf .1.002 3ov .1 .)4.5 pcmcia.lrp %rw%r%%r%% . jnilo leaf ..,555 3ov .1 .)4.5 pcmcia8orinoco.lrp %rw%r%%r%% . jnilo leaf 5*2*1 3ov .1 .)4.5 pcmcia8xircom.lrp %rw%r%%r%% . jnilo leaf .10/.2 Ba$ .5 ..4,1 pppatm.lrp drwxr%sr%x ) jnilo leaf 21/+ Ba$ * )11) pppd %rw%r%%r%% . jnilo leaf .02,/ -ul )0 1,4** pptpd.lrp %rw%r%%r%% . jnilo leaf 2.0/5 ct )1 .14,2 tc.lrp %rw%r%%r%% . jnilo leaf 25/5 -un .1 .)4*) vlan.lrp %rw%r%%r%% . jnilo leaf ).1/5 ct + .14)2 wireless.lrp %rw%r%%r%% . jnilo leaf .+)*/ ct + .14)2 wireutil.lrp %rw%r%%r%% . jnilo leaf *+,/2 ct + 1+41+ wlan%ng.lrp 1.1. dhclient.lr( For tose wo do not want to use &u+&.'r&= tis is te dc'ient.'r& fro+ 2ar'es site ada&ted for 1erin-. 5ocu+entation can be found ere . 2urrent 01erin-0 version9 2.0&'$ 1.. i(sec.lr( Tis is te freeswan i&sec &ac3a-e. Refer to te 1erin- user4s -uide for ex&'anations. 2urrent 01erin-0 version9 1."" 1.". i(sec&,4.lr( Tis is te freeswan i&sec &ac3a-e &atced for x$0" certificate su&&ort 6version. Refer to te 1erin- user4s -uide for ex&'anations. 2urrent 01erin-0 version9 1."" 12. (n%or,ation on "a#$ages "ro!ided in the Bering "a#$ages do+nload area 37 1.#. lib%.lr( Tis is te 'ib+ 'ibrary. Re?uired by so+e &ac3a-es nt&si+&'.'r&= wire'ess.'r& and wireuti'.'r& in &articu'ar. 2urrent 01erin-0 version9 1.&. nt(date.lr( Tis is te nt& c'ient fro+ 5ebian. 2urrent 01erin-0 version9 !.1.0>8 1.'. nt(si%(l.lr( Tis is te nt& server fro+ 5ebian. Tis &ac3a-e re?uires 'ib+.'r& 2urrent 01erin-0 version9 !.1.0>8 1.2. (c%cia.lr(:(c%ciaBorinoco.lr(:(c%ciaB9irco%.lr( Tis &ac3a-e is bui't fro+ &c+cia>cs . To confi-ure &c+cia= -o to te /,%F &ac3a-es confi-uration +enu and se'ect &c+cia. Te functionna'ities of tis &ac3a-e are 'i+ited to networ3= wire'ess < seria' setu&. Te fo''owin- +enu wi'' a&&ear9 pcmcia configuration files .A pcmcia default parameters )A pcmcia configuration ,A wireless configuration CA Cuit %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% !election4 Refer to te P2#28% .ow>to for a fu'' ex&'anation of te confi-uration &ara+eters. Te +an &a-es are ere . 8n order to ave a wor3in- &c+cia &ac3a-e= you need to down'oad in /lib/modules/pcmcia tose +odu'es wic are necessary for your own P2#28% card9 Startin- wit 1erin- v1.0>rc2= &c+cia +odu'es co+e fro+ te &c+cia>cs &ac3a-e and N*T fro+ te 3erne'. Non 3erne' +ode P2#28% su&&ort trou- &c+cia>cs a&&ears +ore stab'e. Te P2#28% drivers are ere Two 0core0 +odu'es are +andatory9 &c+ciaKcore.o and ds.o and are &rovided wit te &c+cia.'r& &ac3a-e. Cou wi'' ten need a soc3et driver 6tcic.o or i823($.o for exa+&'e7 and your networ3 card drivers. Te interface &rovided by your &c+cia ardware 6e.-. et0 and &&&07 sou'd N*T be &ut in te auto 12. (n%or,ation on "a#$ages "ro!ided in the Bering "a#$ages do+nload area 38 state+ent of te /etc/interface fi'e. Te /etc/pcmcia/network scri&t wi'' be 'aunced by te card+-r &ro-ra+ wic is 'aunced by /etc/init.d/pcmcia scri&t. Te interface confi-uration wi'' be ten read fro+ te interface fi'e. See te 1erin- user4s -uide for &ractica' exa+&'es. *n te to& of te standard &c+cia.'r& &ac3a-e &rovided witout any &c+cia 3erne' +odu'es= two oter &ac3a-es are &rovided in te 1erin- &ac3a-e area9 &c+ciaKxirco+.'r& 9 &rovides a ready>to>-o &c+cia &ac3a-e for L8R2*# 1( bits P2#28% cards. Te necessary &c+cia>cs 63.2.17 drivers are inc'uded. 8t as been tested successfu''y on a Rea'Port ,ternet 10;100 V #ode+ $(3 6R,#$(F>1001TL7. Tis fi'e is stri&&ed to a bare +ini+u+ to save s&ace. &c+ciaKorinoco.'r& 9 &rovides a ready>to>-o &c+cia &ac3a-e for orinoco cards. Te necessary &c+cia>cs 63.2.17 drivers are inc'uded. Te &revious two &ac3a-es sou'd be rena+ed &c+cia.'r& after down'oadin-. %'so +a3e sure tat te +odu'es &rovided wit &c+ciaKxirco+.'r& and &c+ciaKorinoco.'r& corres&ond to te +odu'es &rovided wit your 1erin- re'ease B 2urrent 01erin-0 version9 3.2.3 1.3. (((at%.lr( Provides te PPPd 5ea+on &atced for &&&oa. See9 tt&9;;www.sf-ot.co+;W+itc;'inux;at+;&&&oat+; for furter info. 2urrent 01erin-0 version9 2.!.0b2. Stran-e'y enou- no recent version of &&&d su&&orts &&&oa 9>6 1.4. ((t(d.lr( Provides &&t&d= te PPTP server for /inux. See9 tt&9;;www.&o&to&.or- for furter info. 2urrent 01erin-0 version9 1.1.3 1.1,. *lan.lr( Tis &ac3a-e &rovides vconfi- &ro-ra+ and te necessary scri&ts. Te vconfi- &ro-ra+ co+es fro+ te v'an 'inux web site were you wi'' find usefu' infor+ation. 2urrent 01erin-0 version9 1.( 1.11. tc.lr( Te tc.'r& &ac3a-e &rovides te tc &ro-ra+ fro+ te i&route2 uti'ities used wit /,%F 01erin-0. Tis &ro-ra+ is &atced for tb 6H27 su&&ort . Tere is no confi-uration fi'e for tis &ro-ra+= wic is on'y used if you want for traffic>sa&&in- trou- Sorewa''. Refer to te sorewa'' docu+entation if you are &'annin- to use traffic>sa&&in-. 2urrent 01erin-0 version9 SS01082! 12. (n%or,ation on "a#$ages "ro!ided in the Bering "a#$ages do+nload area 3 1.1. $ireless.lr( and $ireutil.lr( Tese are too's for +ani&u'atin- /inux @ire'ess ,xtensions written by Jean Tourri'es . Tese two &ac3a-es contain te @ire'ess too's= used to +ani&u'ate te /inux @ire'ess ,xtensions. Te @ire'ess ,xtension is an interface a''owin- you to set @ire'ess /%N s&ecific &ara+eters and -et te s&ecific stats. Te wire'ess.'r& &ac3a-e &rovides te wire'ess uti'ities used for confi-uration= na+e'y9 iwconfi-= iw&riw= iws&y Te wireuti'.'r& &ac3a-e &rovides te wire'ess uti'ities used for infor+ation= na+e'y9 iw-etid= iw'ist and iwevent. Cou need to down'oad te 'ib+.'r& &ac3a-e to ave wor3in- wire'ess.'r& and wireuti'.'tr& &ac3a-es. Tere is no confi-uration fi'e for tose &ac3a-es wic are ty&ica''y used in cun:unction wit &c+cia.'r&. 8n +ost cases on'y wire'ess.'r& wi'' be necessary. 2urrent 01erin-0 version9 2$ 1.1". $lan-ng.lr( Tese are uti'ities for wire'ess &ris+2 cards. w'an>n-.'r& &rovides a set of drivers and uti'ities tat is intended to &rovide te fu'' ran-e of 8,,, 802.11 #%2 +ana-e+ent ca&abi'ities for use in user>+ode uti'ities and scri&ts. Te &ac3a-e current'y su&&orts te 8ntersi' 802.11b Pris+2= Pris+2.$= and Pris+3 reference desi-ns for P2#28%= P28= and DS1. %dditiona''y= te &ac3a-e inc'udes su&&ort for te P/L"0$2 based P28 to P2#28% ada&ter wit a few different P2#28% cards. Tis &ac3a-e is use'ess witout te a&&ro&riate 'inux>w'an>n- +odu'es avai'ab'e in te 1erin- +odu'es down'oad area . Tis &ac3a-e &rovides te nwe&-en= w'ancf-= w'anct'>n- and w'and user'and &ro-ra+s and debian scri&ts for 'inux>w'an>n- . 2urrent 01erin-0 version9 0.1.1$ Prev .o+e 8nfor+ation on &ac3a-es &rovided D& on te 1erin- f'o&&y dis3