This is an old revision of the document!
Linux networking
Usefull links
- LinuxNet - a good place where to begin
- etables project - ethernet firewalling
/etc/host.conf
order hosts,bind multi on nospoof on spoofalert on spoof warn reorder on
Description of upper configuration!
TCP Tunning (linux kernel)
Linux as bridge
more at: http://linux-net.osdl.org/index.php/Bridge, Performance Evaluation of Linux bridge
# brctl addbr "bridgename" # brctl addif bridgename device
See MAC table
# brctl showmacs
VLANs on bridge interfaces
Interface must be UP
# ifconfig <bridgename> up # vconfig add <bridgename> [vlanid]
configuration above should work with applying this (bridge.diff) patch to your linux kernel. Otherwise you need to do this like this
# ifconfig ethX up # ifconfig ethY up # vconfig add ethX [vlanid] # vconfig add ethY [vlanid] # brctl addbr "bridgename" # brctl addif <bridgename> ethX.vlanID # brctl addif <bridgename> ethY.vlanID
VLAN's in Fedora
There are many ways to create VLAN's on Linux. By far the most cumbersome is by various rc.* scripts that later must be maintained. A “8201q” module must be loaded, ethernet interface must be brought up in order to create particular VLAN using “vconfig”. Lastly, an “ifconfig” must be used to fill in IP address, possibly even “route” command to create some default route.
RedHat Fedora (and possibly other RedHad distro) have automatic setup possible via scripts in /etc/sysconfig/network-scripts directory.
Creating file in that directory with the name eg. “ifcfg-eth1.222” will eventually be file for the VLAN with the tag 222.
Content of the file /etc/sysconfig/network-scripts/ifcfg-eth1.222 may be something like this:
DEVICE=eth1.222
BOOTPROTO=static BROADCAST=1.2.3.255 HWADDR=00:11:22:33:44:55 IPADDR=1.2.3.4 NETMASK=255.255.255.0 NETWORK=1.2.3.0 ONBOOT=yes TYPE=Ethernet VLAN=yes
This file will do it all regarding VLAN creation during boot process. No rc.* scripts necessary, and the VLAN setting is completely in line with the Fedora specifications.
nameif/ifrename
<zekozeko>
plugin rp_pppoe.so nic-novoime pise nekje v /usr/share/doc/pppd/ na koncu enga fajla, mislim da README.Debian sicer pa uporabljam ifrename, ne nameif ifrename ce mas hotplug v kernelu avtomatsko dela ne da bi rabu kaj poganjat samo v /etc/iftab vpises kar hoces