• How can I configure my wireless card in Linux?
• How do I assign an IP address to an interface?
• How do I change/set the MTU of an interface?
• What's a packet filter?
• Why would I want to Packet Filter?
• What is required to set up a router/firewall?
• What is ipfwadm?
• What is ipchains?
• How do I set up IPChains?
• What is iptables?
• How do I set up IPTables?
• How do I setup my Linux box as my router?
• What is required to share an Internet connection using Linux?
• How can I set up Roaring Penguin PPPoE?
• Configure wireless wlan-ng drivers with PCI-PCMCIA adapter and a DWL-650
• I have other questions about SSH that aren't answered here.

Wireless networking is not the enigma it once was. Linux supports most wireless LAN cards available to consumers, though making each work varies from device to device. This page written by Jean Tourrilhes contains a myriad of device-specific information to help ween you from wired Ethernet on Linux.

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by yock
last modified: 2007-08-17 09:17:52

To assign an IP address to an interface you would use:

ifconfig ethX mask

Where ethX is the interface name. An example of this would be:

ifconfig eth0 192.168.0.1 mask 255.255.255.0

This would assign the IP address of 192.168.0.1 subnet mask 255.255.255.0 to eth0. Additional information can be found by typing man ifconfig.

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by howe81

To change or set the MTU of an interface you would use:

ifconfig ethX mtu

Where ethX is the interface of which you would like the change or set the MTU size. An example of this would be:

ifconfig eth0 mtu 1500

This would set an MTU value of 1500 to eth0.

MTU can also be set by adding a line: MTU=1440 (for example) to /etc/sysconfig/network-scripts/ifcfg-eth0. Thanks to gregorlarson.

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by howe81
last modified: 2002-06-12 11:08:32

A packet filter is a piece of software which looks at the header of packets as they pass through, and decides the fate of the entire packet. It might decide to DROP the packet (i.e., discard the packet as if it had never received it), ACCEPT the packet (i.e., let the packet go through), or something more complicated.

Under Linux, packet filtering is built into the kernel (as a kernel module, or built right in), and there are a few trickier things we can do with packets, but the general principle of looking at the headers and deciding the fate of the packet is still there.

Linux 2.4 Packet Filtering HOWTO

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by howe81

Control:

when you are using a Linux box to connect your internal network to another network (say, the Internet) you have an opportunity to allow certain types of traffic, and disallow others. For example, the header of a packet contains the destination address of the packet, so you can prevent packets going to a certain part of the outside network. As another example, I use Netscape to access the Dilbert archives. There are advertisements from doubleclick.net on the page, and Netscape wastes my time by cheerfully downloading them. Telling the packet filter not to allow any packets to or from the addresses owned by doubleclick.net solves that problem (there are better ways of doing this though: see Junkbuster).

Security:

when your Linux box is the only thing between the chaos of the Internet and your nice, orderly network, it's nice to know you can restrict what comes tromping in your door. For example, you might allow anything to go out from your network, but you might be worried about the well-known `Ping of Death' coming in from malicious outsiders. As another example, you might not want outsiders telnetting to your Linux box, even though all your accounts have passwords. Maybe you want (like most people) to be an observer on the Internet, and not a server (willing or otherwise). Simply don't let anyone connect in, by having the packet filter reject incoming packets used to set up connections.

Watchfulness:

sometimes a badly configured machine on the local network will decide to spew packets to the outside world. It's nice to tell the packet filter to let you know if anything abnormal occurs; maybe you can do something about it, or maybe you're just curious by nature.

Linux 2.4 Packet Filtering HOWTO

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by howe81

To set up Linux as a router you will need to configure either ipfwadm (Kernel 2.0.x), ipchains (Kernel 2.2.x), or iptables (Kernel 2.4.x) to perform NAT or IP Masquerading.

Information on IP Masquarding using ipfwadm and ipchains can be found here. Netfilter/iptables NAT documentation can be found here.

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by howe81

ipfwadm is an older and outdated IP accounting & packet filtering administration service used to be used on many Linux systems. It was mainly used on systems running the Linux Kernel version 2.0.x but is hardly used today.

Here is an example of ipfwadm:

---

/sbin/ipfwadm -I -f
/sbin/ipfwadm -I -p reject

# local interface, local machines, going anywhere is valid
#
/sbin/ipfwadm -I -a accept -V 192.168.0.1 -S 192.168.0.0/24 -D 0.0.0.0/0

# remote interface, claiming to be local machines, IP spoofing, get lost
#
/sbin/ipfwadm -I -a reject -V $ppp_ip -S 192.168.0.0/24 -D 0.0.0.0/0 -o

# remote interface, any source, going to permanent PPP address is valid
#
/sbin/ipfwadm -I -a accept -V $ppp_ip -S 0.0.0.0/0 -D $ppp_ip/32

# loopback interface is valid.
#
/sbin/ipfwadm -I -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0

---

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by howe81

ipchains was ipfwadm's successor. It too is an IP accounting and packet filtering administration service but was mainly used with Linux Kernel 2.2.x versions. ipchains is still used today and is also available to use with Linux Kernel 2.4.x.

Here is an example of ipchains:

---

ipchains -F input
ipchains -P input REJECT

# local interface, local machines, going anywhere is valid
#
ipchains -A input -i $intint -s $intnet -d 0.0.0.0/0 -j ACCEPT

# remote interface, claiming to be local machines, IP spoofing, get lost
#
ipchains -A input -i $extint -s $intnet -d 0.0.0.0/0 -l -j REJECT

# remote interface, any source, going to permanent PPP address is valid
#
ipchains -A input -i $extint -s 0.0.0.0/0 -d $extip/32 -j ACCEPT

# loopback interface is valid.
#
ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT

---

More information on ipchains can be found here.

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by howe81

LinuxPlanet: Using IPChains can be found here

IP Masquerading and Utilities can be found here

Generate your own custom firewall ruleset here

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by howe81

iptables replaces or succeeds ipchains and ipfwadm. It is a better IP accounting and packet filtering administration service for Linux. iptables is used with the Kernel 2.4.x tree.

Here is an example of iptables:

---

## Insert connection-tracking modules (not needed if built into kernel).
# insmod ip_conntrack
# insmod ip_conntrack_ftp

## Create chain which blocks new connections, except if coming from inside.
# iptables -N block
# iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
# iptables -A block -j DROP

## Jump to that chain from INPUT and FORWARD chains.
# iptables -A INPUT -j block
# iptables -A FORWARD -j block

---

Additional information on iptables can be found here. IPTables tutorials can be found here.

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by howe81

How to set up IPTables in 10 minutes can be found here from LinuxWorld.com
Thanks to Zhen-Xjell

IPTables tutorial can be found here.

Generate your own IPTables rules can be done at Linux Firewall Tools (Note: Generating rules for IPTables is still under development)

More IPTables Links, FAQs, Tutorials, Example Scripts & Rulesets and HOW-TOs can be found at LinuxGuruz.

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by howe81
last modified: 2003-09-06 08:01:35

Linux router setup

This set of instructions is for Slackware Linux but may work on other distributions.

Once you have your distribution installed (be sure you configured the network) you need to make a few minor changes to setup your router. First make sure you can use both NIC cards. Login as root and at the command line type:

ifconfig

This should show you what network devices are configured and what those settings are including IP addresses.

If you do not see an eth0 and/or an eth1 and you have 2 NICs installed we need to make some changes.

First you will need to know the brand and model of both NICs then you will need to look up the drivers for each. If you do not see an eth0 then the first thing you want to do is run your network configuration. At the command line type:

netconfig

This will allow you to setup your eth0 interface if you didn't during install. Use a static IP unless you have a DHCP server on your network. You will be using eth0 on the LAN side of your router and eth1 on the WAN side. Once you have eth0 setup and configured test to see that it works. Ping it from one of your PC’s.

To setup eth1 you will need to edit this file: /etc/rc.d/rc.inet1

Start the editor you prefer and open this file. Go to the bottom of the file and any where above the end of file line type:

ifconfig eth1 0.0.0.0 mtu 1452

Note: if you have a static IP assigned by your ISP then replace the 0.0.0.0 with that IP.

Save the file. Reboot you system and login. Now you should be able to see both eth0 and eth1 when you type ifconfig.

Verify that you have both eth0 and eth1 configured and you are ready to move onto setting up the firewall. Slackware has a nice default firewall that really doesn't require any more configuring unless you have some special reasons to do so. For that I recommend you read up on IPChains.

If your ISP uses PPPoE then you will need to install a PPPoE client. I recommend that you simply follow the instructions for setting up the client you chose. You should now be able to access the Internet via your new router.

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by CatSnak edited by howe81

To share an Internet connection with multiple computers on the LAN first look at this picture taken from Sharing Tips.

Notice you will require two NICs (Network Interface Cards) for the computer acting as a NAT (Network Address Translation) router. The first NIC will connect your Cable/DSL modem to your Linux box, and the second would connect to a HUB or another computer on your LAN.

On your Linux computer, you will need to set up the two NICs, that is, load the drivers/modules, configure the IP address if necessary.

First, enable IP forwarding. This can be done when compiling the kernel or through sysctl. To do so through sysctl type:

echo 1 > /proc/sys/net/ipv4/ip_forward

Now for those using Linux 2.0.x kernels or ipfwadm use:

/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -W eth0 -S 192.168.0.0/24 -D 0.0.0.0/0

For those using Linux 2.2.x kernels or ipchains use:

/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i eth0 -s 192.168.0.0/24 -j MASQ

Additional information about IPFWADM or IPChains can be found here.

For those using 2.4.x or Netfilter/iptables use:

/sbin/iptables -P FORWARD DROP
/sbin/iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -d 192.168.0.0/24 -j ACCEPT
/sbin/iptables -A FORWARD -o eth0 -s 192.168.0.0/24 -j ACCEPT

More information about Netfilter/IPTables can be found here.

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by howe81
last modified: 2002-06-12 11:09:25

If you downloaded the RPM file, type:

# If you don't want the GUI:
rpm -Uvh rp-pppoe-3.0-1.i386.rpm
/usr/sbin/adsl-setup

# If you do want the GUI
rpm -Uvh rp-pppoe-3.0-1.i386.rpm rp-pppoe-gui-3.0-1.i386.rpm
/usr/bin/tkpppoe

Note: The RPM file is built on Red Hat Linux 6.2. It will probably work on Mandrake and SuSE. (For SuSE, you should use YaST to install the RPM.) For other Linux distributions, you should download the source tar file and install from source.

Installing from Source (Linux and Solaris)
If you downloaded the compressed tar file, type:

tar xvfz rp-pppoe-3.0.tar.gz
cd rp-pppoe-3.0

# If you don't want the GUI
./go

# If you do want the GUI
./go-gui

Make sure that you have your network card working, that is load the appropriate drivers/modules using modprobe or insmod. Then type ifconfig -a and it will list all the ethernet devices you have on your system.

Now run adsl-setup to set up Roaring Penguin. Remember that this all must be done as root. Now to bring it up, type adsl-start and to stop use adsl-stop.

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by howe81

Procedure to install and configure a wireless lan card with a
PCI-PCMCIA adapter card in a desktop PC.

I am using a home built desktop PC and have a Linksys WDT11
PCI-PCMCIA adapter card with a DLink DWL-650 PCMCIA card for
my wireless access.

My Wireless Access Point (WAP) is a DLink DI-711 and also
serves as a NAT router and Internet gateway with a built-in
DHCP server. All of my IP addresses are obtained via DHCP from
this WAP for my home network.

This procedure works with Red Hat 8.0 and may be applicable to
other distros, but YMMV.

First, make sure your running kernel was compiled with the
following options specified. If any are missing you will have
to include them and rebuild your kernel. Some of these may
have been overkill on my part but it worked for me.

-------------------------------------------------
Kernel Configuration
---------------------

Networking options -- SECTION
Note: I chose "Y" to all of the "IP:..." options
DHCP.................. Y
BOOTP................. Y
IP:Netfilter Configuration
Set all options to compile as modules

Network device support -- SECTION
Network device support............ Y

Wireless LAN (non-hamradio)
Wireless LAN (non hamradio).... Y
Hermes chipset 802.11b support(Orinoco/Prism2/Symbol).. M

Wireless Pcmcia cards support
Hermes PCMCIA card support................. M

PCMCIA network device support
PCMCIA network device support...... Y
3Com 3c589......................... M
3Com 3c574......................... M
Fujitsu FMV-J18x................... M
NE2000 compatible.................. M
Pcmcia Wireless LAN................ Y
Aviator/Raytheon 2.4 Mhz........... M
Xircom Netwave AirSurfer........... M
AT&T/Lucent Wavelan................ M
AT&T/Lucent Wavelan IEEE 802.11.... M

---------------------------------------------------
Build the WLAN-NG PLX driver
----------------------------

Download the current WLAN driver from


»www.linux-wlan.com/linux-wlan

(current driver: linux-wlan-ng-0.1.16-pre7.tar.gz)

Untar the file and follow the README instructions to build the

driver.

Before building the driver, make sure that the following

section in:

~/linux-wlan-ng-0.1.16-pre7/src/prism2/driver/prism2sta.c

is changed as I have shown below:

/* Global Sun Tech GL24110P PCI Adapter (PLX) board */
#define PCIVENDOR_GLOBALSUN 0x16abUL
#define PCIDEVICE_GL24110P 0x1102UL <- change to 1102
#define PCIDEVICE_GL24110P_ALT 0x1101UL <- change to 1101

Note: this may need to be done because I am using a DLink
DWL-650 PMCMIA card with the Linksys PCI-PCMCIA adapter.
If you are using a Linksys WPC11 PCMCIA card with the
Linksys WDT11 PCI-PCMCIA adapter, this change may not be
needed.

Now you can do "make config" as specified in the README file.

Answer "Y" to build the PLX driver and "N" to all others.
You should not need the pcmcia_cs driver mentioned in the
README file since you are using a PCI-PCMCIA adapter card.

Build and install the driver. ("make" then "make install")

----------------------------------------------------------
Putting the rest of the pieces in place
---------------------------------------

Update file /etc/modules.conf to include the following:

alias wlan0 prism2_plx

Create file /etc/sysconfig/network-scripts/ifcfg-wlan0 to

include the following lines:

DEVICE=wlan0
BOOTPROTO=dhcp
ONBOOT=yes
USERCTL=yes
NETWORK=192.168.0.1 <-- or whatever your WAP IP is
NAME=wlan0

Change directory to /etc/sysconfig/networking and create a
soft link:

ln -s /etc/sysconfig/network-scripts/ifcfg-wlan0 ifcfg-wlan0

edit file ~/linux-wlan-ng-0.1.16-pre7/etc/wlan.conf
and make sure the following are specified:

=======ENABLE========================================
# Do we want to enable the card at all? Set to 'n' if you
# don't want the card initialized for normal operation.
# Helpful for (re)loading flash or for test purposes.
WLAN_ENABLE=y
.
.
.
#=======SELECT STATION MODE===================
IS_ADHOC=n # y|n, y - adhoc, n - infrastructure
.
.
.
#=======INFRASTRUCTURE STATION START===================
# SSID is all we have for now
AuthType="opensystem" # opensystem | sharedkey (requires WEP)
# Use DesiredSSID="" to associate with any AP in range
DesiredSSID="linux-wlan"

The DesiredSSID MUST MATCH your wireless access point SSID
or you will not be able to connect to it.

Save the changes and then copy this file to /etc/wlan.conf

Copy ~/linux-wlan-ng-0.1.16-pre7/etc/rc.wlan /etc/init.d/wlan

Create a soft link in /etc/rc.d/rc5.d and any other run level

you want to use as:

ln -s /etc/init.d/wlan /etc/rc.d/rc5.d/S06wlan

This will execute before the network is started and get the
wireless card initialized and ready to accept a DHCP assigned

IP address from your WAP.

REBOOT and you should be ready to go.

Again, the above is for RED HAT 8.0 using a Linksys WDT11
PCI-PCMCIA adapter and a DLink DWL-650 PCMCIA card with a
DLink DI-711 WAP in infrastructure mode and NOT using any
WEP (that is a different animal and I haven't tried to use
it myself yet).

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by Silverback edited by howe81
last modified: 2002-12-20 21:45:49

Selected sections of the O'Reilly SSH guide can be found here.

got feedback? got feedback?

Any feedback you provide is sent to the owner of this FAQ for possible incorporation and shown publically as well.

by yock