http://en.wiki.guifi.net/w/index.php?title=Special:NewPages&feed=atom&limit=50&offset=&namespace=0&username=&tagfilter=Guifi.net - English Wiki - New pages [en]2024-03-28T21:14:34ZFrom Guifi.net - English WikiMediaWiki 1.22.0http://en.wiki.guifi.net/wiki/Cloudy_packages_repositoryCloudy packages repository2015-09-15T16:44:15Z<p>Conxuro: Created page with "'''''Note: this article may be outdated and should be revised. Be careful if you try to follow this guide, and better if you ask in the mailing lists first.''''' == Upload ..."</p>
<hr />
<div>'''''Note: this article may be outdated and should be revised. Be careful if you try to follow this guide, and better if you ask in the mailing lists first.'''''<br />
<br />
<br />
<br />
== Upload packages to Cloudy software repository (Clommunity project) ==<br />
<br />
We are ready to upload packages to the Cloudy public repository http://repo.clommunity-project.eu.<br />
<br />
Here we request public keys to allow to upload packages and sign them. You can for sure, edit the scripts and change the paths to your needs.<br />
<br />
The repository is auto-signed now with a repository key name "gcodis Distro Development Team", more info in the repository itself: http://repo.clommunity-project.eu. Auto-signing prevents that the repository remain not signed if anyone uploads unsigned packages. One signature for the repository, which is added in the client side to allow the installation of the distro, and another signature which depends on the maintainer or developer for signing the package are used. Each developer is responsible to maintain her keys safe.<br />
<br />
<br />
=== Public keys ===<br />
<br />
To upload packages we need to get '''your''' public keys:<br />
<br />
* The '''ID of the GPG public key, uploaded to gpg.mit.edu'''. With this key you will sign the uploads.<br />
* The '''public SSH key''', to access to upload packages. Needed to access to the remote repository machine.<br />
<br />
The packages are uploaded to the unstable branch by default (use the package changelog for that). We use the <code>dput</code> Debian tool to upload packages and sign them. The repository is auto-signed with another key.<br />
<br />
You can '''send''' the public keys or IDs to the project mailing list ''clommunity-wp4''. This way we have access to public keys when required.<br />
<br />
<br />
=== Files ===<br />
<br />
The provided configuration file is:<br />
<br />
* <code>.dput.cf</code> is a configuration file which have to be copied to your home directory as <code>~/.dput.cf</code>. Used for uploading packages with the <code>dput</code> Debian tool.<br />
<br />
<code><br />
[repo.clommunity-project.eu]<br />
fqdn = repo.clommunity-project.eu<br />
method = scp<br />
login = repo<br />
incoming = /var/www/debian/mini-dinstall/incoming<br />
post_upload_command = ssh repo@repo.clommunity-project.eu "mini-dinstall -b"<br />
</code><br />
<br />
<br />
=== Building packages ===<br />
<br />
Take a look to some manners to build packages at http://www.debian.org/doc/manuals/maint-guide/build.en.html.<br />
<br />
<br />
=== Uploading packages ===<br />
<br />
You can use the <code>dput</code> command in the following manner:<br />
<br />
<code><br />
$ dput repo.clommunity-project.eu cloudy-base_0.1.3.5_i386.changes<br />
</code><br />
<br />
Remember to save the previous <code>~/.dput.cf</code> file in your <code>$HOME</code> dir.<br />
<br />
It's important to write the repository name ''(repo.clommunity-project.eu)''.<br />
<br />
<br />
=== Continuous improvements ===<br />
<br />
The repository is improving to better working when needed to give a better service.<br />
<br />
Thank you by your efforts.<br />
<br />
<br />
<br />
<br />
[[Category:Cloudy]]</div>Conxurohttp://en.wiki.guifi.net/wiki/Cloudy_AlixCloudy Alix2015-09-11T02:32:29Z<p>Conxuro: Created page with "Alix is a [https://en.wikipedia.org/wiki/Single-board_computer SBC] with an AMD (x86) processor and several input-output interfaces (serial, miniPCI, Ethernet, etc.). For that..."</p>
<hr />
<div>Alix is a [https://en.wikipedia.org/wiki/Single-board_computer SBC] with an AMD (x86) processor and several input-output interfaces (serial, miniPCI, Ethernet, etc.). For that reason is needed an operative system prepared to run with the corresponding drivers to make these interfaces work. <br />
<br />
''Note: this guide has been done with Debian specially prepared to work on Alix, but it is possible that with similar steps it work with another Debian based distribution.''<br />
<br />
<br />
== Get Debian for Alix ==<br />
<br />
You can [https://code.google.com/p/debian-for-alix/ download at this website] a special Debian images just ready to work in Alix boards after flashing them in a CF card.<br />
<br />
=== Features/services included ===<br />
<br />
* Read only file system, it protects against power failures and substantially increases compact flash life time.<br />
<br />
* Common services available on first boot:<br />
** serial terminal ( 38400n8 )<br />
** dnsmasq ( DNS and DHCP servers )<br />
** iptables ( basic firewall rules and internet sharing )<br />
** samba ( Microsoft Windows file share )<br />
** cups ( print server )<br />
** vsftpd ( FTP server )<br />
** nginx with fastcgi ( HTTP server )<br />
** minidlna ( media server )<br />
** openssh ( terminal and SFTP )<br />
** stunnel ( SSL engine, HTTPS support pre-configured for ''nginx'' and ''transmission'' )<br />
** tinyproxy ( HTTP/HTTPS proxy server )<br />
** pptpd ( VPN server, MS Windows has builtin client support )<br />
** snmpd ( SNMP server )<br />
** openvpn ( VPN server and client )<br />
** openconnect ( VPN client, Cisco compatible )<br />
** external storage automount and sharing basic web admin panel performance monitor ( on web panel )<br />
<br />
* Additional services available:<br />
** just turned on transmission ( torrent p2p )<br />
** hostapd ( wireless access point / it needs a miniPCI card or wifi usb dongle )<br />
<br />
* Regular system maintenance through <code>apt-get</code>, use it to update, install and remove applications and patches.<br />
<br />
* Keep in mind that it's a Debian i386, so any available software for that platform can be installed, regards hardware power limitations.<br />
<br />
* Image files are available for download at GoogleDrive:<br />
** debian-for-alix-v1.img.bz2 (debian 6 based) version 1 wiki page<br />
** debian-for-alix-v2.img.bz2 (debian 6 based) version 2 wiki page<br />
** debian-for-alix-v3.img.bz2 (debian 7 based) Debian basic setup, only SSH server and basic utilities, also serial terminal was prepared, but no readonly file system and other features.<br />
<br />
* Default configuration is:<br />
<code>eth0: DHCP</code><br />
<br />
<code>eth1: static 172.16.210.254</code><br />
<br />
<code>eth2: no configuration</code><br />
<br />
<code>user: alix (root has locked password)</code><br />
<br />
<br />
<br />
== Install Debian image on CF ==<br />
<br />
=== Identify the CF ===<br />
<br />
The CF card need to be formatted with ext2. Be sure what device your CF card is, otherwise you could erase your host OS. In this example the CF card was on <code>/dev/sdb</code>.<br />
<br />
You can check it out having a look through the <code>/proc/bus/usb/devices</code>. You should see a section with an ''S:'' line and the name of your reader, and an ''I:'' line with <code>Driver=usb-storage</code>. If you see that, the kernel is recognizing the device.<br />
<br />
Install the <code>sg3-utils</code> package if you haven't already it (on Debian: <code>apt-get install sg3-utils</code>). To check your SCSI devices, run the command:<br />
sg_scan -i<br />
<br />
You should see something like this:<br />
/dev/sg0: scsi0 channel=0 id=0 lun=0 [em] type=0<br />
eUSB Compact Flash 5.09 [wide=0 sync=0 cmdq=0 sftre=0 pq=0x0] <br />
<br />
It indicates that the “raw” SCSI device associated with your reader is <code>/dev/sg0</code>. You can also confirm that the driver is working by looking at the file <code>/proc/scsi/scsi</code>. Now, to determine the real SCSI device associated with your reader run the command:<br />
sg_map<br />
<br />
You'll see output like this:<br />
/dev/sg0 /dev/sdb<br />
<br />
That's it, your card reader is <code>/dev/sdb</code>. The first (and almost certainly only) partition is <code>/dev/sdb1</code>.<br />
<br />
<br />
=== Copy image to CF ===<br />
<br />
To install Debian on the CF card you can do it with the following command:<br />
bzcat debian-for-alix-v3.img.bz2 | dd of=/dev/sdb bs=16k<br />
<br />
<br />
<br />
== Install Cloudy ==<br />
<br />
To install Cloudy you can follow the instructions to [[Cloudy_in_Debian|convert a plain Debian installation in Cloudy]] by adding the system the specific files and tools of the distribution.<br />
<br />
We call it "cloudynize".<br />
<br />
We recommend to use a script to automate the process. You can know how to in the [[cloudynize|wiki page that explains how to "cloudynize"]].<br />
<br />
<br />
<br />
<br />
[[Category:Cloudy]]</div>Conxurohttp://en.wiki.guifi.net/wiki/Cloudy_BeagleboneCloudy Beaglebone2015-09-10T20:20:45Z<p>Conxuro: Created page with "Beaglebone is a [https://en.wikipedia.org/wiki/Single-board_computer SBC] with an ARM processor and several input-output interfaces. For that reason is needed an operative sys..."</p>
<hr />
<div>Beaglebone is a [https://en.wikipedia.org/wiki/Single-board_computer SBC] with an ARM processor and several input-output interfaces. For that reason is needed an operative system prepared to run on an ARM architecture and with the corresponding drivers to make these interfaces work. <br />
<br />
''Note: this guide has been done with Ubuntu distribution, but it is possible that with the same steps it work with another Debian based distribution.''<br />
<br />
<br />
<br />
== Install the base system ==<br />
<br />
* Insert the microSD Card into your computer and observe which device it registers as by typing ls /dev/sd. If you are uncertain, remove the microSD Card and the entry should go away. Once you know which device your microSD Card is, follow the instructions below replacing /dev/sdX with the name of the microSD Card in your system.<br />
<br />
<br />
* Begin partitioning the microSD card by typing <code>fdisk /dev/sdX</code>.<br />
# Initialize a new partition table by selecting <code>o</code>, then verify is empty by selecting <code>p</code>.<br />
# Create a boot partition by selecting <code>n</code> ''(new)'', then <code>p</code> ''(primary)'', and <code>1</code> to specify the first partition. Press ''enter'' to accept the default first sector and specify <code>4095</code> for the last sector.<br />
# Change the partition type to FAT16 by selecting <code>t</code> ''(type)'' and <code>e</code> for ''‘W95 FAT16 (LBA)’''.<br />
# Set the partition bootable by selecting <code>a</code> then <code>1</code>.<br />
# Next, create the data partition for the root filesystem by selecting <code>n</code> for ''(new)'', then <code>p</code> ''(primary)'', and <code>2</code> to specify the second partition. Accept the default values for the first and last sectors by pressing ''enter'' twice.<br />
# Press <code>p</code> to ‘print’ the partition table.<br />
# Finally, commit the changes by selecting <code>w</code> to ''write'' the partition table and exit ''fdisk''.<br />
<br />
<br />
* Continue to format the partitions and to install the boot system and the root system.<br />
# Format partition 1 as FAT by typing <code>mkfs.vfat /dev/sdX1</code>.<br />
# Format partition 2 as ext4 by typing <code>mkfs.ext4 /dev/sdX2</code>.<br />
# Install ''u-boot'' to the microSD Card.<br />
wget http://s3.armhf.com/dist/bone/bone-uboot.tar.xz<br />
mkdir boot<br />
mount /dev/sdX1 boot<br />
tar xJvf bone-uboot.tar.xz -C boot<br />
umount boot<br />
# Install the desired root filesystem to the microSD card (Ubuntu Trusty in this example).<br />
wget http://s3.armhf.com/dist/bone/ubuntu-trusty-14.04-rootfs-3.14.4.1-bone-armhf.com.tar.xz<br />
mkdir rootfs<br />
mount /dev/sdX2 rootfs<br />
tar xJvf ubuntu-trusty-14.04-rootfs-3.14.4.1-bone-armhf.com.tar.xz -C rootfs<br />
umount rootfs<br />
<br />
<br />
The microSD Card is now ready to boot. Note that for ubuntu installations, the login userid is ''ubuntu'' and the password is ''ubuntu''.<br />
<br />
''Tip: the package cache has been flushed to reduce the size of the images. Run <code>apt-get update</code> after boot to update the package cache, then run <code>apt-get upgrade</code> to ensure the latest updates are installed.''<br />
<br />
<br />
<br />
== Install Cloudy ==<br />
<br />
To install Cloudy you can follow the instructions to [[Cloudy_in_Debian|convert a plain Debian installation in Cloudy]] by adding the system the specific files and tools of the distribution.<br />
<br />
We call it "cloudynize".<br />
<br />
We recommend to use a script to automate the process. You can know how to in the [[cloudynize|wiki page that explains how to "cloudynize"]].<br />
<br />
<br />
<br />
<br />
[[Category:Cloudy]]</div>Conxurohttp://en.wiki.guifi.net/wiki/Cloudy_in_DebianCloudy in Debian2015-09-10T17:32:40Z<p>Conxuro: </p>
<hr />
<div>You can convert a plain Debian installation into Cloudy following these steps:<br />
<br />
<br />
1. Enter via SSH as a root user (or once logged in) or execute the next commands with ''sudo'' tool.<br />
<br />
<br />
2. Update date from server by installing a NTP client ''(optional)''.<br />
<br />
apt-get install ntp<br />
<br />
<br />
3. Add Debian backports, Clommunity and Guifi repositories.<br />
* Debian backports:<br />
echo "deb http://ftp.debian.org/debian wheezy-backports main contrib" > /etc/apt/sources.list.d/backports.list <br />
* Clommunity repository:<br />
echo "deb http://repo.clommunity-project.eu/debian unstable/" > /etc/apt/sources.list.d/cloudy.list <br />
gpg --keyserver pgpkeys.mit.edu --recv-key A59C5DC8 && gpg --export --armor A59C5DC8 | apt-key add - <br />
* Guifi repository:<br />
echo "deb http://serveis.guifi.net/debian guifi/" > /etc/apt/sources.list.d/serveis.list <br />
gpg --keyserver pgpkeys.mit.edu --recv-key 2E484DAB && gpg --export --armor 2E484DAB | apt-key add -<br />
<br />
<br />
4. Install some Debian packages.<br />
apt-get update<br />
apt-get upgrade<br />
apt-get install -y openssh-server openssh-client getinconf-client curl unzip make avahi-utils tahoe-lafs mysql-server python2.7 g++ make checkinstall openjdk-6-jre locales php5 libssh2-php libapache2-mod-encoding <br />
<br />
'''''Note''': If this error appears: "Error W: GPG error: http://ftp.debian.org wheezy-backports InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY8B48AD6246925553" use this command:<br />
apt-get --allow-unauthenticated upgrade<br />
''<br />
<br />
<br />
5. Install the Cloudy non-Debian packages.<br />
curl "https://raw.githubusercontent.com/Clommunity/lbmake/master/hooks/getinconf-client.chroot" | sh -<br />
curl "https://raw.githubusercontent.com/Clommunity/lbmake/master/hooks/avahi-ps.chroot" | sh -<br />
curl "https://raw.githubusercontent.com/Clommunity/lbmake/master/hooks/cDistro.chroot" | sh -<br />
<br />
<br />
g. Reboot.<br />
<br />
After this, you can browse the web user interface at http://device_IP:7000<br />
<br />
<br />
<br />
<br />
[[Category:Cloudy]]</div>Conxurohttp://en.wiki.guifi.net/wiki/Cloudy_Raspberry_PiCloudy Raspberry Pi2015-07-22T00:30:26Z<p>Conxuro: </p>
<hr />
<div>The Raspberry Pi is a tiny and affordable computer as large as a credit card, made mainly to be used for educational purposes and in small projects.<br />
<br />
This board has an ARM processor and several input-output interfaces; video, sound, Ethernet, USB, GPIO, etc. For that reason is needed an operative system prepared to run on an ARM architecture and with the corresponding drivers to make these interfaces work.<br />
<br />
In our case, to install Cloudy, the Raspberry Pi will be prepared with an already adapted distribution based in Debian like it's Raspbian, and once it is done we will "cloudynize" it to add all the particular content of Cloudy.<br />
<br />
<br />
'''''Note:''' this guide, as well as the different Cloudy installation tests, has been done with the Raspbian O.S.; but it is possible that with the same steps it work with another Debian based distribution.''<br />
<br />
<br />
<br />
== Download Raspbian ==<br />
<br />
Go to the [https://www.raspberrypi.org/downloads/ official website] and download the ISO image with the operating system you will use as a base.<br />
<br />
Alternatively a Raspbian variant can be used, the [http://sirlagz.net/2013/07/19/raspbian-server-edition-2-5/ Raspbian Server Edition], which is already prepared without the unneeded packages (graphical system, sound, etc.) in the use of the Raspberry Pi as a server.<br />
<br />
<br />
<br />
== Install and configure Raspbian ==<br />
<br />
Write the image in an SD card. Depending on the operating system of your PC you can follow one of these guides to write ISO images.<br />
<br />
* [http://www.raspberrypi.org/documentation/installation/installing-images/linux.md Linux]<br />
* [http://www.raspberrypi.org/documentation/installation/installing-images/mac.md Mac OS]<br />
* [http://www.raspberrypi.org/documentation/installation/installing-images/windows.md Windows]<br />
<br />
Now insert the card and power on the board to start the configuration process with the <code>raspi-config</code> tool.<br />
<br />
Basically it's recommended to do:<br />
# Expand the file system to use the whole SD storage space.<br />
# Change the password of the '''pi''' user (the system default one).<br />
# Change the localization if another language is wanted, the timezone and the keyboard layout.<br />
# In the advanced options; enable the SSH server, change the hostname and update the <code>raspi-config</code>.<br />
<br />
If you want to do some more changes, you can find more information in the [https://www.raspberrypi.org/documentation/configuration/raspi-config.md raspi-config documentation].<br />
<br />
We won't extend more to explain how to install and to configure Raspbian because is widely documented in the Web.<br />
<br />
=== Additional options ===<br />
<br />
As it's commented above, there is a variant of Raspbian customized to work as a server, deleting all the unneeded packages. This version should work like the original Raspbian, but it's recommended to adapt the system just after the installation manually or automating it with the ''script'' that uninstalls the packages to leave the system like the Rasbian Server Edition.<br />
<br />
You can find more info and download that script at [http://sirlagz.net/2013/08/03/raspbian-server-edition-scripts/ this website].<br />
<br />
<br />
<br />
== Install Cloudy ==<br />
<br />
To install Cloudy you can follow the instructions to [[Cloudy_en_Debian|convert a plain Debian installation in Cloudy]] by adding the system the specific files and tools of the distribution.<br />
<br />
We call it "cloudynize".<br />
<br />
We recommend to use a script to automate the process. You can know how to in the [[cloudynize|wiki page that explains how to "cloudynize"]].<br />
<br />
<br />
<br />
<br />
[[Category:Cloudy]]</div>Conxurohttp://en.wiki.guifi.net/wiki/Cloudy_in_client_nodeCloudy in client node2015-07-17T15:57:59Z<p>Conxuro: Created page with "Cloudy uses a system to publish and search services, to share them with the other Cloudys. For this purpose, actually [https://www.serfdom.io/ Serf] is used. This software op..."</p>
<hr />
<div>Cloudy uses a system to publish and search services, to share them with the other Cloudys. For this purpose, actually [https://www.serfdom.io/ Serf] is used.<br />
<br />
This software opens a TCP port in the server (Cloudy) to listen to petitions and to be able to communicate to others.<br />
<br />
Therefore, some additional steps are needed to allow a Cloudy installed in a client node to interact to other Cloudys:<br />
<br />
<br />
1. Know the node’s public IP address (10.x.x.x); not the one assigned to Cloudy but the IP assigned to the client node.<br />
* You can go to the [http://guifi.net Guifi] page of your node to know what is its IP.<br />
<br />
<br />
2. Edit a couple of files and declare the public IP of the node. You have to add the IP in the configuration files in order to allow the software to announce correctly the public IP instead the private IP.<br />
* To do it, with the '''''root''''' user, write in the command line the following:<br />
<pre><br />
root@cloudy:~# echo "ADVERTISE_IP=10.x.x.x" >> /etc/avahi-ps-serf.conf<br />
root@cloudy:~# echo "PUBLIC_IP=10.x.x.x" >> /etc/getinconf-client.conf<br />
root@cloudy:~# /etc/init.d/serf restart<br />
<br />
(where 10.x.x.x is the public IP of your node)<br />
</pre><br />
<br />
'''Exemple:'''<br />
in a node with IP address 10.1.2.3 the files should be like this:<br />
<pre><br />
/etc/avahi-ps-serf.conf<br />
SERF_RPC_ADDR=127.0.0.1:7373<br />
SERF_BIND=5000<br />
SERF_JOIN=10.139.40.82:5000<br />
ADVERTISE_IP=10.1.2.3<br />
<br />
/etc/getinconf-client.conf <br />
#!/bin/sh<br />
# Automatically generate file<br />
GTC_SERVER_URL=http://10.139.40.84/index.php<br />
NETWORK_NAME=demo<br />
NETWORK_KEY=demo<br />
INTERNAL_DEV=eth0<br />
# PORT=665<br />
# GETINCONF_IGNORE=1<br />
GETINCONF_IGNORE=1<br />
PUBLIC_IP=10.1.2.3<br />
</pre><br />
<br />
3. Do a port forwarding for the port 5000 (Serf). And if you want more services you will have to redirect (forward) the port of each service.<br />
* The configuration to do that depends on the device you have.<br />
<br />
<br />
<br />
[[Category:Cloudy]]</div>Conxurohttp://en.wiki.guifi.net/wiki/CloudynizeCloudynize2015-05-13T12:56:27Z<p>Conxuro: Created page with "An alternative method to install Cloudy is modifying a Debian GNU/Linux system, or a Debian based, by applying a script which turns the system into a Cloudy. To do this you c..."</p>
<hr />
<div>An alternative method to install Cloudy is modifying a Debian GNU/Linux system, or a Debian based, by applying a script which turns the system into a Cloudy.<br />
<br />
To do this you can run the following commands:<br />
<br />
<pre><br />
git clone https://github.com/Clommunity/cloudynitzar && cd cloudynitzar<br />
chmod +x cloudynitzar.sh<br />
sudo ./cloudynitzar<br />
</pre><br />
<br />
<br />
<br />
[[Category:Cloudy]]</div>Conxurohttp://en.wiki.guifi.net/wiki/Cloudy_64bitsCloudy 64bits2015-05-13T12:44:13Z<p>Conxuro: </p>
<hr />
<div>Actually it is only available the 32 bits version, however you can create the 64 bits version by following these steps:<br />
<br />
First, download the generation system (or image builder):<br />
<br />
<pre><br />
apt-get install build-essential live-build imagemagick curl debootstrap git unzip <br />
git clone http://dev.cloudy.community/guifi.net/cloudy-image-builder.git<br />
</pre><br />
<br />
Now you have to do a little modification to the Makefile file: <br />
<br />
<pre><br />
ARCH ?= amd64<br />
FLAVOUR ?= amd64<br />
</pre><br />
<br />
Finally, you can build the image with this command:<br />
<br />
<pre>sudo make</pre><br />
<br />
Once the image has been created, you have a 64 bits version of Cloudy in ./devel/binary.hybrid.iso <br />
<br />
<br />
----<br />
<br />
<br />
Otherwise you can "Cloudynize" a 64 bits Debian or Debian based system to turn it into Cloudy.<br />
<br />
Read how to in the [[Cloudynize]] wiki page.<br />
<br />
<br />
<br />
[[Category:Cloudy]]</div>Conxurohttp://en.wiki.guifi.net/wiki/What_is_CloudyWhat is Cloudy2015-05-12T20:08:28Z<p>Conxuro: </p>
<hr />
<div>[[File:clommunity-logo.png|right|100px]]<br />
[[File:Logo_guifi.svg|right|100px]]<br />
<br />
Cloudy <ref name="cloudy">Cloudy: http://wiki.clommunity-project.eu/soft:cloudservices</ref> is a distribution based in Debian GNU/Linux <ref name="debian">Debian GNU/Linux: http://debian.org</ref> developed under the CLOMMUNITY european research project.<ref name="clommunity">CLOMMUNITY project: http://clommunity-project.eu</ref><br />
<br />
This distribution, inspired in the idea of the old [[Guinux]] <ref name="guinux">Guinux: http://guifi.net/node/29320</ref>, facilitates the deployment and the management of cloud services<ref name="cloud-services">Cloud computing: http://en.wikipedia.org/wiki/Cloud_computing</ref>, as well as sharing them. Particulary intended to the community network<ref name="CN">Community networks: http://en.wikipedia.org/wiki/Community_network</ref> users.<br />
<br />
<br />
<br />
----<br />
<br />
<br />
<br />
== Introduction ==<br />
<br />
Prior to the general adoption of cloud services<ref name="cloud-services"/>, users of Community Networks (CNs<ref name="CN"/>) already shared or provided services and resources to the community, however, these users were only a minority. One of the reasons identified is the technological barrier. Before providing content, users willing to share information with the community have first to take care of the technical aspects such as the deployment of a server with a set of services.<br />
<br />
In the past, users from the Guifi.net CN tried to overcome this problem by releasing a GNU/Linux distribution named [[Guinux]] <ref name="guinux"/>, which provided end users an easy way of offering network services to the community (like [[Proxy_Server|HTTP proxy]], [[DNS_Server|DNS systems]] and [[Graphserver_1|MRTG graphic interfaces]]).<br />
<br />
The key part of the distribution was a set of scripts<ref>http://en.wikipedia.org/wiki/Scripting_language</ref> that automatised the configuration process. End users were only asked for a few parameters such as their e-mail address and the node identifier. Shortly after the distribution was made available the number of end users sharing resources proliferated.<br />
<br />
According to that, it became clear that lowering (or removing) the technological entry barrier encouraged users to provide more services and share their resources with the community. To this end, one of the goals of the CLOMMUNITY <ref name="clommunity"/> project is to release a GNU/Linux distribution, codenamed Cloudy, aimed at end users, to foster the transition and adoption of the Community Network cloud environment.<br />
<br />
<br />
<br />
=== Motivation === <br />
<br />
The Cloudy distributión is thought to satisfy the following requirements:<br />
<br />
# '''Distribution''': in order to foster services distribution amongst the Community Networks (CNs), a platform to publish and discover them is required. This way, service access does not depend on static networking deployments and is aware of the dynamically-changing conditions of CNs. The software chosen for service publishing and discovering is Avahi<ref name="avahi">Avahi: http://avahi.org</ref>.<br />
# '''Decentralisation''': a common network layer is required to allow all CN cloud nodes to communicate with each other directly. A good way to build it is to create a virtual Layer 2 based on a VPN<ref>Virtual Private Network: http://en.wikipedia.org/wiki/Virtual_private_network</ref> service. Among the available options, Tinc VPN<ref>Tinc VPN: http://tinc-vpn.org</ref> has been chosen, as it fulfills all the requirements while being easy to configure and manage. To coordinate the devices with TincVPN, a tool to automate the system deployment has been developed as part of the project. This software, named Getinconf<ref>Getinconf: https://github.com/Clommunity/getinconf/blob/master/README.md</ref>, takes care of the TincVPN configuration process and the exchange of keys with the rest of the cloud nodes.<br />
# '''User-friendliness''': to this end, a web-based management platform has been developed aimed to integrate all the installation and configuration steps for the cloud services enabled in the Cloudy distribution. A simple web interface<ref>Cloudy web interface: http://redmine.confine-project.eu/projects/getinconf</ref> is available to the end user as an easy way of configure, administer and monitor the cloud services running in the node.<br />
# '''Free, Libre, Open Source Software''': the distribution has been based on Debian GNU/Linux<ref name="debian"/>. Apart from being one of the most popular distributions and fulfilling all the technical requirements, it has been chosen because the Debian Social Contract<ref>Debian social contract: https://www.debian.org/social_contract</ref> safeguards and guarantees that the software will always be open and free.<br />
<br />
[[File:Cloudy-home.png]]<br />
<br />
<br />
<br />
== Getting started ==<br />
<br />
Enter to the "Get started" section in the Cloudy website <ref name="start">http://cloudy.community/get_started/</ref> to know all you need to start with Cloudy.<br />
<br />
There you will find:<br />
* Requirements<br />
* Get/compile<br />
* Install<br />
* Update<br />
* First steps<br />
<br />
<br />
<br />
== Contents ==<br />
<br />
In the "Features" section <ref name="features">http://cloudy.community/features/</ref> you can see all the contents/software included in the distribution. Specifically is detailed the software that can be easily managed through the web interface.<br />
<br />
This software is integrated by a ''plug-ins'' system. You can read more in the wiki page of [[Cloudy_plug-ins|Cloudy plug-ins]].<br />
<br />
<br />
<br />
== Contributing ==<br />
<br />
To stay up to date or to know how to collaborate and get involved with Cloudy, enter to the "Contribute" in the website.<ref name="contribuir">http://cloudy.community/contribute/</ref><br />
<br />
<br />
Remember that the mailing lists are in English because there are participants from different countries.<br />
<br />
If you want to write in Catalan or in Spanish you should add [CAT] or [ES] respectively in the subject of the mail message.<br />
<br />
<br />
<br />
== More information ==<br />
<br />
You can read more in the wiki page of the [[Cloudy|Cloudy category]].<br />
<br />
<br />
<br />
== References ==<br />
<br />
<references/><br />
<br />
<br />
<br />
== External links ==<br />
<br />
* http://cloudy.community<br />
* http://wiki.clommunity-project.eu/soft:cloudservices<br />
* http://clommunity-project.eu<br />
* http://guifi.net<br />
<br />
<br />
<br />
[[Category:Cloudy]]</div>Conxurohttp://en.wiki.guifi.net/wiki/Cloudy_web_UICloudy web UI2015-05-12T19:12:08Z<p>Conxuro: </p>
<hr />
<div><br />
== Introduction ==<br />
<br />
The Cloudy web User Interface (UI) uses an application called cDistro <ref name="cdistro">cDistro git repository: https://github.com/Clommunity/cDistro</ref>.<br />
<br />
''(Add what it is)''<br />
<br />
<br />
<br />
== Configuration ==<br />
<br />
The cDistro configuration is placed in <s>/etc/cdistro.conf</s> /etc/cloudy/cloudy.conf<br />
<br />
By default it has the following format:<br />
<br />
#cdistro config<br />
SERVER="/usr/bin/php"<br />
OPTS=""<br />
BINDIP="0.0.0.0"<br />
PORT="7000"<br />
DOCROOT="/var/local/cDistro"<br />
# SSHAUTH=1 <- check user with ssh2 connection http://www.php.net/manual/en/function.ssh2-auth-password.php (Require: libssh2-php)<br />
SSHAUTH=1<br />
# LOGIN="root"<br />
## PASSWORD = md5(md5('secret')) => php -r 'echo md5(md5("secret"))."\n";'<br />
#PASSWORD="7022cd14c42ff272619d6beacdc9ffde"<br />
PORT_SSL=7443<br />
<br />
<br />
=== SERVER ===<br />
<br />
The path of the PHP executable.<br />
<br />
'''Example:'''<br />
<br />
* "/usr/bin/php" - in the case of Cloudy (Debian).<br />
<br />
<br />
=== OPTS ===<br />
<br />
PHP options.<br />
<br />
''(Add references or more info and an example)''<br />
<br />
<br />
=== BINDIP ===<br />
<br />
The IP address where the service will be listening.<br />
<br />
'''Example:'''<br />
<br />
* "127.0.0.1" - will accept only petitions from localhost.<br />
* "0.0.0.0" - will accept petitions from any address.<br />
<br />
<br />
=== PORT ===<br />
<br />
The port opened by the service to listen to requests.<br />
<br />
'''Example:'''<br />
<br />
* "7000" - opens the port 7000.<br />
<br />
<br />
=== DOCROOT ===<br />
<br />
The path of the cDistro application.<br />
<br />
'''Example:'''<br />
<br />
* "/var/local/cDistro" - in the case of Cloudy.<br />
<br />
<br />
=== SSLAUTH ===<br />
<br />
Parameter that allows authentication via SSH2 in the application, i.e., to use the credentials that the SSH server of the system allows.<br />
<br />
Can be 0 or 1.<br />
<br />
'''Example:'''<br />
<br />
* "1" - actives this option.<br />
* "0" - disables this option (will require to define user and password).<br />
<br />
<br />
=== LOGIN ===<br />
<br />
The username to authenticate against the application.<br />
<br />
Should be a string without spaces.<br />
<br />
'''Example:'''<br />
<br />
* "cloudy" - this user can log-in with the password of PASSWORD.<br />
<br />
<br />
=== PASSWORD ===<br />
<br />
The password of the user defined in LOGIN.<br />
<br />
Should be a hash over a hash MD5 (hexadecimal), i.e., a hash of the password hash: md5(md5("PASSWORD")).<br />
<br />
<br />
'''Example:'''<br />
<br />
* "46d934e0f59ff1e2272f9f5f7950e5d9" - the hash of the string "PASSWORD".<br />
<br />
'''Examples of how to generate that hash in a terminal:'''<br />
<br />
$ php -r 'echo md5(md5("PASSWORD"))."\n";'<br />
46d934e0f59ff1e2272f9f5f7950e5d9<br />
$ printf "PASSWORD" | md5sum | awk '{printf $1}' | md5sum | awk '{print $1}'<br />
46d934e0f59ff1e2272f9f5f7950e5d9<br />
<br />
<br />
=== PORT_SSL ===<br />
<br />
Port that Cloudy will use in the web interface with HTTPS (if SSL is enabled).<br />
<br />
'''Example:'''<br />
<br />
* "7443" - access to the web interface in https://IP_SERVIDOR:7443.<br />
<br />
<br />
<br />
== References ==<br />
<br />
<references/><br />
<br />
<br />
<br />
<br />
[[Category:Cloudy]]</div>Conxurohttp://en.wiki.guifi.net/wiki/Start_an_island_from_scratchStart an island from scratch2015-04-30T17:22:58Z<p>Lib2know: /* What is a island? */</p>
<hr />
<div>= What is a island? =<br />
The meaning of "island" is a network part not connected to the core network of guifi.<br />
<br />
==raw machine translation:==<br />
The appearance of the Islands usually occurs in isolated places where there is already a network infrastructure guifi working, whether for orographic accident or just very far away (it is the case of the start of the deployment in a new region, Council or autonomous community).<br />
---<br />
L'aparició de les illes normalment es dóna en llocs aïllats d'on hi ha ja una infraestructura de xarxa guifi funcionant, sigui per accidents orogràfics o simplement molt allunyats (és el cas de l'inici del desplegament en una nova comarca, consell o comunitat autònoma).<br />
<br />
If you are lucky that your area there are nodes of guifi.net will cost you less to join and collaborate to pull the cart to go better and better.<br />
But if you live in a town where there is not yet, this is because guifi.net nobody before you has decided to make an open network, from here you encoratjo because you will have the privilege to do born on December 23rd in your area and also because you will have to fight you a bit more to get it put in place the first nodes but he thinks that only you and your friend, relative, etc. have desire and you connect to already have in place the embryo of the open network in your town and then to conquer more and more colleagues, neighbours, ... and add content!<br />
----<br />
Si estàs de sort que a la teva zona ja hi han nodes de guifi.net et costarà menys unir-t'hi i col·laborar a estirar el carro perquè vagi cada vegada millor.<br />
Però si vius en algun poble on guifi.net encara no hi és, això és perquè ningú abans que tu ha decidit posar-se a fer xarxa oberta, des d'aquí t'encoratjo perquè podràs tenir el privilegi de fer néixer guifi.net a la teva zona i també perquè hauràs de barallar-t'hi una mica més per aconseguir que es posin en marxa els primers nodes, però pensa que només que tu i un teu amic, parent, ... en tingueu ganes i us connecteu ja tindreu en marxa l'embrió de la xarxa oberta al vostre poble i després a conquistar a més i més companys, veïns, ... i a afegir-hi continguts !<br />
<br />
The creation of an island involves the creation of services and an infrastructure to allow the proper expansion of the same.<br />
---<br />
La creació d'una illa implica la creació d'uns serveis i d'una infraestructura per a permetre la correcta expansió de la mateixa.<br />
<br />
= Què necessita una illa? =<br />
'''Infraestructura:''' Es requereix com a mínim un supernode (se'n recomanen 2 per poder visualitzar la propietat de l'enrutament dinàmic) i que el(s) mateix(os), permetin la connexió de nodes o clients. Aquesta darrera part és molt important per permetre l'expansió de la xarxa.<br />
* '''[[Crear_un_supernode|Crear un supernode]]'''<br />
<br />
'''Serveis:''' Per tal de dur una correcta gestió de la xarxa i descobriment de la mateixa són necessaris uns serveis bàsics<br />
* '''[[Servidor_de_gràfiques|Servidor de gràfiques]]:''' Permeten graficar l'estat dels nodes i supernodes.<br />
* '''[[Servidor_DNS|Servidor de noms de domini (DNS)]]:''' Permeten resoldre els noms dels dispositius per el seu nom i no la seva IP (més fàcil de recordar per als usuaris)<br />
* '''[[Servidor_Rellotge|Servidor de rellotge (NTP)]]:''' És recomanable que tots els dispositius disponguin de la mateixa hora, això facilita la identificació de problemes en els logs i la sincronització dels mateixos.<br />
* '''[[Servidor_Proxy|Servei de sortida a internet (Proxy)]]:''' La sortida a internet mitjançant un proxy és la millor forma de captar nous usuaris a la xarxa. Es recomana que el proxy sigui un proxy federat de guifi.<br />
* '''[[Servidor_FTP|Servidor de compartició de fitxers (FTP)]]:''' Com que compartir és bo, disposar d'un servei de compartició de fitxers és una altra forma de captar també nous usuaris a la xarxa. Aquest permet als usuaris en comptes de descarregar continguts directament d'internet fer-ho localment, dintre de la xarxa guifi. La transferència dels fitxers sol ser més elevada que des d'internet. Aquest servei és important per explicar-los als usuaris la diferència entre sortir a internet o quedar-se dintre la pròpia xarxa.<br />
<br />
= Com començo? =<br />
* [[Zona|Crea la zona si no està creada]]<br />
* [[Afegir_un_node_de_guifi.net|Marca el teu punt al mapa]]<br />
* [[Crear_un_supernode|Configura el primer supernode]]<br />
* Crea els serveis abans esmentats<br />
* [[Zona|Defineix els serveis per defecte a la teva zona]]<br />
* [[Guifi.net|Fés difusió del projecte guifi.net]]<br />
<br />
[[es:Empezar una isla desde 0]]<br />
[[ca:Començar una illa des de 0]]</div>Lib2knowhttp://en.wiki.guifi.net/wiki/Cloudy_plug-insCloudy plug-ins2015-04-22T15:07:15Z<p>Conxuro: </p>
<hr />
<div>== What is a plug-in? ==<br />
<br />
Cloudy is a Debian-based Linux distribution that provides users a simple and convenient web interface to manage different services that are to be used in a Community Network (in our case, Guifi).<br />
<br />
At the same time, Cloudy offers a set of tools that allow a user to add a service to the system without need for advanced knowledges on networking or computers in general. These services are automatically published to the Community Network, so that anybody using Cloudy can use this new service.<br />
<br />
'''Plug-ins''' are the modular pieces of code that allow adding and removing these services. Therefore, we understand thata plug-in is a program or a piece of software that a user can add to the Cloudy distribution and that can be managed in a simple way from the web interface provided by Cloudy.<br />
<br />
== Adding services to Cloudy ==<br />
<br />
=== A brief introduction ===<br />
<br />
This guide will walk you through the process of adding a new service to Cloudy.<br />
<br />
In order to be clear and provide examples, we are going to be integrating a very simple service showing snippets of code along the way.<br />
To follow the tutorial or to add complex services, will be nice any knowledge of Bash<ref name="Bash">(http://www.tldp.org/LDP/Bash-Beginners-Guide/Bash-Beginners-Guide.pdf)</ref> and PHP<ref name="PHP">(https://php.net/manual/es/index.php)</ref>.<br />
<br />
For the sake of simplicity, we will use Pastecat<ref name="Pastecat">(https://github.com/mvdan/pastecat)</ref>. It is a good candidate because:<br />
<br />
* It's a standalone program<br />
* It only needs to be installed in one node (no federation/syncrhonization)<br />
* It's Built with Go, it's easy to distribute and deploy<br />
* It doesn't need a configuration file nor any kind of setup<br />
* It's very lightweight on resources<br />
<br />
=== Getting the binary ===<br />
<br />
The first thing we have to figure out is how to download and install the binary on Cloudy. Most software out there is already available as a package on Debian, but Pastecat isn't. If it were, it would be a matter of just running the command <code>apt-get install pastecat</code> from PHP. Therefore we'll have to get it from someplace else.<br />
<br />
One option is to fetch the source and build it ourselves. This often means, however, that Cloudy should include a lot of build tools and libraries. In the case of Go, that would mean having its toolchain installed, which isn't very practical.<br />
<br />
A better option when the Debian package isn't available is to download the binary from upstream trusted sources via HTTPS and, preferably, checking digests or using signatures. We can use Github's releases page for that. Both options leave us with an executable file that we should be able to run directly on Cloudy.<br />
<br />
In this particular case we are going to download the binaries from the git repository with the following command line:<br />
<br />
<pre>wget https://github.com/mvdan/pastecat/releases/download/v0.3.0/pastecat_linux_386_v0.3.0</pre><br />
Note that in this case we are downloading a specific version for a Linux with a 386 architecture.<br />
<br />
Note that having the service as a Debian package has many advantages:<br />
<br />
* Updates are simple and need no extra work from Cloudy<br />
* The package is compiled and built by Debian in a trusted way<br />
* An init.d file is already provided<br />
* Debian packages often contain small patches and fixes<br />
<br />
=== Testing it out ===<br />
<br />
Before adding Pastecat as a Cloudy service, we can configure and start it ourselves directly (i.e. manually), to see if it works and how. This way we can better understand what configuration options or command line parameters are we will need to run it as a service, and also to manage it once it is running.<br />
<br />
=== Adding the controller ===<br />
<br />
In <code>web/plug/controllers</code> we have one PHP file per service, which we call &quot;the controller&quot;. This is the code that will run when we enter the services page on the Cloudy web interface.<br />
<br />
==== Adding the index function ====<br />
<br />
We also want our service to be integrated in the Cloudy web structure. To do this, a few PHP scripts need to be created and added to our device. Altogether, and by the time being, we'll need to create a total of 2 scripts: <code>pastecat.PHP</code> and <code>pastecat.menu.PHP</code>. The first one is the controller itself, this is, the script that renders the page and has all the information such as buttons or redirections. The other one is what allows our service to show up in the upper menu bar of Cloudy's web interface.<br />
<br />
The menu code will look like this:<br />
<br />
<pre>&lt;?PHP<br />
//peerstreamer.menu.PHP<br />
addMenu('Pastecat','pastecat','Clommunity');</pre><br />
By now, we'll use a very simple PHP script in the controller:<br />
<br />
<pre>&lt;?PHP<br />
//pastecat<br />
$title=&quot;Pastecat&quot;;<br />
<br />
function index(){<br />
global $paspath,$title;<br />
global $staticFile;<br />
<br />
$page=hlc(t($title));<br />
$page .= hl(t(&quot;Minimalist pastebin engine written in Go&quot;),4);<br />
$page .= par(t(&quot;A simple and self-hosted pastebin service written in Go&quot;).' '.t(&quot;Can use a variety of storage backends&quot;).' '.t(&quot; Designed to optionally remove pastes after a certain period of time.&quot;).' '.(&quot;If using a persistent storage backend, pastes will be kept between runs.&quot;).' '.t(&quot;This software runs the&quot;).' '.&quot;&lt;a href='http://paste.cat'&gt;&quot;.t(&quot;paste.cat&quot;).&quot;&lt;/a&gt;&quot;. t(&quot; public service.&quot;));<br />
<br />
return(array('type' =&gt; 'render','page' =&gt; $page));<br />
}</pre><br />
In our Cloudy system, these files must be placed at <code>/var/local/cDistro/plug/</code> the first one at <code>menus</code> directory and the second at <code>controllers</code> directory. Once we've done this, we can go to our Cloudy system and access our new Pastecat.<br />
<br />
==== Making the controller install the service ====<br />
<br />
As said before, this step is made much more easier if the service is packaged in Debian. Since Pastecat isn't, we'll have to do it manually. This usually involves a combination of <code>wget</code>, <code>mv</code> and <code>chmod</code>. It is generally a good idea to keep the service's files under <code>/opt/SERVICENAME</code>.<br />
<br />
In our particular case, the first thing we need to do is downloading the binary from the release. In order to do this we will make use of the mentioned <code>wget</code> command. Given a URL to a file, this command allows us to download this file in our system, and this is what we will do in our system (as mentioned before):<br />
<br />
<pre>wget https://github.com/mvdan/pastecat/releases/download/v0.3.0/pastecat_linux_386_v0.3.0</pre><br />
Once we have the binary, we just need to move it to a directory where executable files use to be located. In our case, we will use the directory /opt/pastecat/. To move these files through our system we will use the command <code>mv</code>. However, first of all we need to create the directory where we will place our binary. To do this we use the <code>mkdir</code> command as is shown below:<br />
<br />
mkdir -p /opt/pastecat/<br />
<br />
Once we have our directory created, it is time to move the binary there:<br />
<br />
<pre>mv current_directory/pastecat_linux_386 /opt/pastecat/</pre><br />
where current_directory is the directory where we previously downloaded the binary. Since the binary name depends on the architecture, in order to simplfy the controller's code, we will change its name to something more simple:<br />
<br />
<pre>mv /opt/pastecat/pastecat_linux_386 /opt/pastecat/pastecat</pre><br />
Now our binary is called <code>pastecat</code> insted of <code>pastecat_linux_386</code><br />
<br />
These steps are the minimum requiered to install a service which is not provided in the Debian official repositories. However, to an end user, it would look like a nightmare to run these commands in a console connected through ssh to its device, so what we are going to do now, is create a bash script which will be called later from the web interface by clicking a button.<br />
<br />
This script is the first version of the pastecat controller. For the time being, We will just include a function to install pastecat in a device. Later we will include some other functions to add more facilities to our service.<br />
<br />
<pre>#!/bin/bash<br />
PCPATH=&quot;/opt/pastecat/&quot;<br />
<br />
doInstall() {<br />
if isInstall<br />
then<br />
echo &quot;Pastecat is already installed.&quot;<br />
return<br />
fi<br />
<br />
# Creating directory and switching<br />
mkdir -p $pcpath &amp;&amp; cd $pcpath<br />
<br />
# Getting file<br />
wget https://github.com/mvdan/pastecat/releases/download/v0.3.0/pastecat_linux_386_v0.3.0<br />
<br />
# Changing name so controller can invoke it generically<br />
mv pastecat_linux_386 pastecat<br />
chmod +x pastecat<br />
<br />
cd -<br />
}<br />
<br />
isInstalled() {<br />
[ -d $pcpath ] &amp;&amp; return 0<br />
return 1<br />
}<br />
<br />
<br />
case $1 in<br />
&quot;install&quot;)<br />
shift<br />
doInstall $@<br />
;;<br />
esac</pre><br />
We can see how the lasts steps are done within the same function, allowing us to install the software in the device.<br />
<br />
==== Making the controller use Pastecat ====<br />
<br />
===== Start the service =====<br />
<br />
The next thing we want is our software to be used through the web interface. In order to do this, we will include a new option to the main page of pastecat, and also integrate a new function to the controller script to manage the binary. We will add the button like this:<br />
<br />
<pre>$page .= addButton(array('label'=&gt;t('Create a Pastecat server'),'href'=&gt;$staticFile.'/pastecat/publish'));</pre><br />
after the <code>Pastecat is installed</code> message. The next thing will be implementing the function <code>publish</code> in the same PHP. This function is the responsible of calling the appropiate function in the controller and to announce our server usign the avahi technology. The difference with this function is that it requieres a form to introduce data, so in the end we will have a total of 2 functions: a get and a post:<br />
<br />
<pre>function publish_get() {<br />
global $pcpath,$title;<br />
global $staticFile;<br />
<br />
$page = hlc(t($title));<br />
$page .= hlc(t('Publish a pastecat server'),2);<br />
$page .= par(t(&quot;Write the port to publish your Pastecat service&quot;));<br />
$page .= createForm(array('class'=&gt;'form-horizontal'));<br />
$page .= addInput('description',t('Describe this server'));<br />
$page .= addSubmit(array('label'=&gt;t('Publish'),'class'=&gt;'btn btn-primary'));<br />
$page .= addButton(array('label'=&gt;t('Cancel'),'href'=&gt;$staticFile.'/peerstreamer'));<br />
<br />
return(array('type' =&gt; 'render','page' =&gt; $page));<br />
}<br />
<br />
function publish_post() {<br />
$port = $_POST['port'];<br />
$description = $_POST['description'];<br />
$ip = &quot;&quot;;<br />
<br />
$page = &quot;&lt;pre&gt;&quot;;<br />
$page .= _pcsource($description);<br />
$page .= &quot;&lt;/pre&gt;&quot;;<br />
<br />
return(array('type' =&gt; 'render','page' =&gt; $page));<br />
}</pre><br />
As we can see, in the <code>post</code> function we are invoking another function. The reason to do this is to write a more simple and modular code. In this function, we are finally calling the script:<br />
<br />
<pre>function _pcsource($port,$description) {<br />
global $pcpath,$pcprogram,$title,$pcutils,$avahi_type,$port;<br />
<br />
$page = &quot;&quot;;<br />
$device = getCommunityDev()['output'][0];<br />
$ipserver = getCommunityIP()['output'][0];<br />
<br />
if ($description == &quot;&quot;) $description = $type;<br />
<br />
$cmd = $pcutils.&quot; publish '$port' '$description';<br />
execute_program_detached($cmd);<br />
<br />
$page .= t($ipserver);<br />
$page .= par(t('Published this server.'));<br />
<br />
$page .= addButton(array('label'=&gt;t('Back'),'href'=&gt;$staticFile.'/pastecat'));<br />
<br />
return($page)<br />
}</pre><br />
The next thing to do will be create the function <code>publish</code> in the controller, so we will add a new function to the basic controller we had back at section '''3.2'''. We will add a new flag called publish, so the first executed part of the script will look like this:<br />
<br />
<pre>if [ $# -lt 1 ]<br />
then<br />
doHelp<br />
fi<br />
<br />
case $1 in<br />
&quot;install&quot;)<br />
shift<br />
doInstall $@<br />
;;<br />
&quot;publish&quot;)<br />
shift<br />
doServer $@<br />
;;<br />
esac</pre><br />
As we can see, when the script's first argument is <code>publish</code>, we shift the rest of arguments and call the function <code>doServer</code>. In this function, we must start the service with the requiered arguments, so the first thing we'll do is put the arguments into local variables. Once we do that the common thing would be to launche the Pastecat server, but since it might be called with root permissions (and this is bad) we must run it as a <code>nobody</code> user. The issue is that the <code>nobody</code> user has merely no permissions... and pastecat need some permissions to create folders and text files. In order to allow the <code>nobody</code> user to do that, first of all we will create a folder and grant permissions to almost everyone to it. We will use <code>chmod</code> again. Now, the user can create files and directories within this directory, so we can now run pastecat. Finally, we keep the pid in a variable in case we want to use it in later updates:<br />
<br />
<pre>doServer() {<br />
# Turning machine into a server<br />
<br />
local port=${1:-&quot;&quot;}<br />
local description=${2:-&quot;&quot;}<br />
local ip=${3:-&quot;0.0.0.0&quot;}<br />
<br />
# Creating directory with nobody permissions<br />
mkdir -p &quot;/var/local/pastecat&quot;<br />
chmod 777 &quot;/var/local/pastecat&quot; &amp;&amp; cd &quot;/var/local/pastecat&quot;<br />
<br />
# Running pastecat <br />
cmd='su '$PCUSER' -c &quot;{ '$PCPATH$PCPROG' -l :'$port' &gt; '$LOGFILE' 2&gt;&amp;1 &amp; }; echo \$!&quot;'<br />
pidpc=$(eval $cmd) # keeping PID for future needs...<br />
<br />
cd -<br />
<br />
# Using the PID, we could carry on process control so if the pastecat process die, we can also<br />
# stop the avahi process to avoid &quot;false connections&quot;<br />
<br />
return<br />
}</pre><br />
Note that we are using some global variables that were not defined before such as <code>PCUSER</code> and <code>LOGFILE</code>. By default, we set these variables like this:<br />
<br />
<pre>PCPATH=&quot;/opt/pastecat/&quot;<br />
PCPROG=&quot;pastecat&quot;<br />
LOGFILE=&quot;/dev/null&quot;<br />
PCUSER=&quot;nobody</pre><br />
<br />
===== Stop the service =====<br />
<br />
Sometimes, we may also want to stop out service, so we will provide a button to do so. The first thing would be creating the button, but if we think a little, we will figure out that before doing this, we need a way to know if our service is running. In addition, we also need a way to stop our service. Since we are running on Linux, we can easily achieve that by using the <code>kill</code> command. The thing is that to use this command, we need the Process ID (PID). Luckily for us, we already kept this number when we created the pastecat server with <code>pidpc=$(eval $cmd)</code>.<br />
<br />
Now that we have everything we need to kill our process, let's provide a way so the PHP can detect whether Pastecat is running or not. An easy and resulting way to do this is storing some useful data in a file and delete this file when pastecat is stopped. This way, we make sure that this file will only exists when Pastecat is running. This file will be created from the controller adding the following lines right below the sentence we mentioned in the previous paragraph:<br />
<br />
<pre># Writting server info to file<br />
info=&quot;$pidpc http://$ip:$port&quot; # Separator is space character<br />
echo $info &gt; $PCFILE</pre><br />
where <code>$PCFILE</code> is <code>/var/run/pc.info</code>. Note that the content of this file will be the PID and the complete direction of our Pastecat server.<br />
<br />
Now we have a way to know if our server is up or down, so we can add the &quot;stop&quot; button in the web interfae. We will modify a little bit the PHP script that we had before, just by addind anther advertisement indicating whether Pastecat is up or down, and 2 more buttons if it is running. So, in our index function, within the condition that checks if Pastecat is installed we will have the following code:<br />
<br />
<pre>$page .= &quot;&lt;div class='alert alert-success text-center'&gt;&quot;.t(&quot;Pastecat is installed&quot;).&quot;&lt;/div&gt;\n&quot;;<br />
if ( isRunning() ) {<br />
$page .= &quot;&lt;div class='alert alert-success text-center'&gt;&quot;.t(&quot;Pastecat is running&quot;).&quot;&lt;/div&gt;\n&quot;;<br />
$page .= addButton(array('label'=&gt;t('Go to server'),'href'=&gt;'http://'. getCommunityIP()['output'][0] .':'. $port));<br />
$page .= addButton(array('label'=&gt;t('Stop server'),'href'=&gt;$staticFile.'/pastecat/stop'));<br />
} else {<br />
$page .= &quot;&lt;div class='alert alert-error text-center'&gt;&quot;.t(&quot;Pastecat is not running&quot;).&quot;&lt;/div&gt;\n&quot;;<br />
}<br />
$page .= addButton(array('label'=&gt;t('Create a Pastecat server'),'href'=&gt;$staticFile.'/pastecat/publish'));</pre><br />
In this piece of code, we can appreciate 2 new features in our code. The first one is a check function called <code>isRunning()</code>. This function looks very similar to the function we used to check if Pastecat is installed:<br />
<br />
<pre>function isRunning() {<br />
// Returns whether pastecat is running or not<br />
global $pcfile;<br />
<br />
return(file_exists($pcfile)); <br />
}</pre><br />
It is a simple as it seems, it just checks if the file we created when starting the server still exists. The second thing we can notice in the new PHP code is the existance of a new function called <code>stop</code>. This function will invoke another function in the controller which will stop the pastecat:<br />
<br />
<pre>function stop() {<br />
// Stops Pastecat server<br />
global $pcpath,$pcprogram,$title,$pcutils,$avahi_type,$port;<br />
<br />
$page = &quot;&quot;;<br />
$cmd = $pcutils.&quot; stop &quot;;<br />
execute_program_detached($cmd);<br />
<br />
return(array('type'=&gt;'redirect','url'=&gt;$staticFile.'/pastecat'));<br />
}</pre><br />
In order to make the controller understand this order, we will modify the case and add the new function. In the <code>case</code> statement, we will add the following under the <code>install</code> option:<br />
<br />
<pre>&quot;stop&quot;)<br />
shift<br />
doStop $@<br />
;;</pre><br />
This calls the function <code>doStop</code> within the controller. This function will look like this:<br />
<br />
<pre>doStop() {<br />
# Stopping pastecat server<br />
pcpid=$(cat $PCFILE | cut -d' ' -f1)<br />
kill $pcpid<br />
<br />
# Removing info file<br />
rm $PCFILE<br />
}</pre><br />
This function just gets the pastecat's PID from the file we created before, kills the process and finally removes the file so the PHP scripts can know that pastecat is now down.<br />
<br />
Now we can create a pastecat instance server and stop it. However, there is still something missing: make the other users see our service. And this is why we are using avahi.<br />
<br />
=== Avahi service publishing ===<br />
<br />
On of the best things in Cloudy is the facility of publishing our service as a publication in the avahi network, allowing other users to know what we are offering and joining our service. To do this, we first need to add a few lines to the PHP controller, just after we've called the controller to start the pastecat instance. We will add the following lines:<br />
<br />
<pre>$description = str_replace(' ', '', $description);<br />
$temp = avahi_publish($avahi_type, $description, $port, &quot;&quot;);<br />
$page .= ptxt($temp);</pre><br />
So in the end our function will look like this:<br />
<br />
<pre>function _pcsource($port,$description) {<br />
global $pcpath,$pcprogram,$title,$pcutils,$avahi_type;<br />
<br />
$page = &quot;&quot;;<br />
$device = getCommunityDev()['output'][0];<br />
$ipserver = getCommunityIP()['output'][0];<br />
<br />
if ($description == &quot;&quot;) $description = $type;<br />
<br />
$cmd = $pcutils.&quot; publish '$port' '$description'&quot;;<br />
execute_program_detached($cmd);<br />
<br />
$page .= t($ipserver);<br />
$page .= par(t('Published this server.'));<br />
$description = str_replace(' ', '', $description);<br />
$temp = avahi_publish($avahi_type, $description, $port, &quot;&quot;);<br />
$page .= ptxt($temp);<br />
<br />
$page .= addButton(array('label'=&gt;t('Back'),'href'=&gt;$staticFile.'/pastecat'));<br />
<br />
return($page)<br />
}</pre><br />
With this simple step, we announced our service in the avahi network. However the work does not end here, there is still one more thing to do: create a button and program it so when clicked, it directly goes to our pastecat server.<br />
<br />
To do this there is a folder called <code>avahi</code> within the <code>plug</code> directory. The scripts that define the function carried on when the button is clicked are defined in different files within this directory, therefor we will create a new file called <code>pastecat.avahi.PHP</code> which will contain this:<br />
<br />
<pre>&lt;?PHP<br />
// plug/avahi/pastecat.avahi.PHP<br />
<br />
addAvahi('pastecat','fpcserver');<br />
<br />
function fpcserver($dates){<br />
global $staticFile;<br />
<br />
return (&quot;&lt;a class='btn' href='http://&quot; .$dates['ip'] .&quot;:&quot;. $dates['port'].&quot;'&gt;Go to server&lt;/a&gt; &quot;);<br />
}</pre><br />
This will create a button besides the avahi announcement line that will point to our server.<br />
<br />
Now that we have our service announced, we want it to dissappear when we stop the pastecat service. This last step is very simple yet important. It consist of a few lines in the PHP function called stop. Until now, this function just called the controller and stopped the pastecat, but now it will also stop the avahi publication and show a flash comment so the user knwo it worked:<br />
<br />
<pre>$temp = avahi_unpublish($avahi_type, $port);<br />
$flash = ptxt($temp);<br />
setFlash($flash);</pre><br />
These lines will be added just after the <code>execute_program_detached($cmd)</code> sentence in the stop function.<br />
<br />
=== Final ===<br />
<br />
Finally just comment that all the files implemented in this tutorial can be found in a Github repository, linked in the External Link section, also with this tutorial in Markdown format (md).<br />
<br />
<br />
<br />
== References ==<br />
<br />
<references/><br />
<br />
<br />
<br />
== External links ==<br />
<br />
https://github.com/Clommunity/Doc/tree/master/plugins/pastecat<br />
<br />
<br />
<br />
[[Category:Cloudy]]<br />
[[ca:Cloudy_plug-ins]]<br />
[[es:Cloudy_plug-ins]]</div>Rogerpueyohttp://en.wiki.guifi.net/wiki/Proxy_ServerProxy Server2015-04-16T14:24:08Z<p>Rogerpueyo: </p>
<hr />
<div>[WiP]<br />
<br />
[[ca:Servidor_Proxy]]<br />
[[es:Servidor_Proxy]]</div>Rogerpueyohttp://en.wiki.guifi.net/wiki/DNS_serverDNS server2014-06-26T16:30:01Z<p>Rogerpueyo: Rogerpueyo moved page DNS server to DNS Server</p>
<hr />
<div>[WiP]<br />
<br />
[[ca:Servidor DNS]]<br />
[[es:Servidor DNS]]</div>Rogerpueyohttp://en.wiki.guifi.net/wiki/Graphs_serverGraphs server2014-06-06T16:27:17Z<p>Rogerpueyo: Rogerpueyo moved page Graphs server to Graphs Server: Wiki consistency</p>
<hr />
<div>[WiP]<br />
<br />
[[ca:Servidor de gràfiques]]<br />
[[es:Servidor de gráficas]]</div>Rogerpueyohttp://en.wiki.guifi.net/wiki/Graphserver_1Graphserver 12014-04-20T22:43:14Z<p>Lib2know: /* Methodology */</p>
<hr />
<div>__TOC__<br />
<br />
= Introduction =<br />
SNP services are a set of tools that allow you to capture the graphs of nodes and supernodes that are configured on this server. <br />
<br />
This machine must have one exit to guifi.net and one to the internet as soon as the guifi.net server is accessible only by internet. The server of guifi.net ask our server via web for the graphs of the nodes that are configured on it.<br />
<br />
<br />
=Create a server at guif.net =<br />
Previously we have have to add a device type '''server''' to our supernode and assign the guifi IP (supernode device > edit > cable connections section > range of IPs assigned to the server (will be created if it doesn't exist) > plug > link device > device creates > Save and modify.<br />
<br />
# Create contents<br />
# guifi.net service<br />
## '''Service name:''' Graph Server BCNRossello208<br />
## '''Short Name:''' BCNRossello208-GRAF<br />
## '''Contact:''' the email address of the administrator<br />
## '''Device:''' start with typing the name of our server and leave the names of the servers that are beeing created <br />
## '''Service:''' SNP Graph Server <br />
## '''Status:''' Status of service<br />
# Save. <br/>Once saved, we will modify and change some values:<br />
# '''Version:''' 2.0<br />
# '''Url:''' URL to which you will return to the graph web application, usually ''<nowiki>http://<server-ip>/snpservices</nowiki>''<br />
# Save<br />
<br />
= Methodology =<br />
We connect via ssh to the machine and add the Guifi apt repositories:<br />
<br />
# [[Configure_the_Guifi_apt_repositories|Configure the Guifi apt repositories]]<br />
# install the snp services package <br /><pre># apt-get install snpservices</pre><br />We get a Setup menu that we fill with some data:<br />
# '''SNP Graph Server Id. (Default: bandoler=6559)''' The id number of the service that we have created a the Guifi website<br />
==Translated until here==<br />
# '''rootZone: which is the ROOT zone. (Default: 3671)''' Deixem el valor per defecte 3671<br />
# '''SNPDataServer_url: without ending backslash, the url where the data is. (Default: http://snpservices.guifi.net)''' Deixem el valor per defecte http://snpservices.guifi.net<br />
# '''MRTGConfigSource: mrtg csv data. (Only URL, Graph Server Id will be concatenated)''' Deixem el valor per defecte http://www.guifi.net/snpservices/graphs/cnml2mrtgcsv.php?server=<br />
# '''CNMLSource: url for CNML node query, use sprintf syntax.''' Deixem el valor per defecte http://www.guifi.net/snpservices/common/qnodes.php?nodes=%s_<br />
# '''rrddb path.''' Deixem el valor per defecte /var/lib/snpservices/rrdb/<br />
# '''rddimg path.''' Deixem el valor per defecte /var/lib/snpservices/rrimg/<br />
# '''rddtool version.''' Deixem el valor per defecte 1.3<br />
# '''Force to fetch mrtg.cfg now.''' Yes<br />
<br />
I començarà a descarregar el fitxer mrtg.cfg corresponent al servidor de gràfiques definit en el punt 1.<br />
<br />
En aquest punt ja podem accedir al servei snpservices via web a aquesta url:<br />
<br />
<pre>http://ipdelservidor/snpservices</pre><br />
<br />
Si no funciona comprova que tinguis un enllaç simbòlic a /var/www que es digui snpservices i apunti a /usr/share/snpservices, si no existeix, crea'l.<br />
<br />
<pre># ln -s /usr/share/snpservices /var/www/snpservices</pre><br />
<br />
= Ampliació =<br />
El servidor va desant la informació que li envien els nodes gràcies a uns scripts que veiem a /etc/cron.d/snpservices<br />
<br />
<pre>fermat:~# cat /etc/cron.d/snpservices<br />
*/30 * * * * root if [ -x /var/www/snpservices/graphs ]; then cd /var/www/snpservices/graphs ; fi; if [ -x /usr/bin/php ] && [ -r /var/www/snpservices/graphs/mrtgcsv2mrtgcfg.php ]; then env LANG=C /usr/bin/php mrtgcsv2mrtgcfg.php >> /var/log/snpservices/mrtgccfg.log 2>&1;fi<br />
*/5 * * * * root if [ ! -x /var/lock/mrtg ]; then mkdir /var/lock/mrtg ; fi; if [ -x /usr/bin/mrtg ] && [ -r /var/lib/snpservices/data/mrtg.cfg ]; then env LANG=C /usr/bin/mrtg /var/lib/snpservices/data/mrtg.cfg --lock-file /var/lock/mrtg/guifi_l >> /var/log/snpservices/mrtg.log 2>&1; fi</pre><br />
<br />
El snpservices de la nostra màquina està configurat per tal de preguntar-li a la web de guifi quins nodes n'ha de guardar les gràfiques. Els scripts s'executen cada 5 minuts per a recollir les dades i cada mitja hora per a saber quins nodes s'han de graficar.<br />
<br />
Si volem fer un backup de les dades que està recol·lectant el servidor de gràfiques copiem el contingut del directori /var/lib/snpservices. A /usr/share/snpservices hi ha els fitxers de l'aplicació.<br />
<br />
<br />
= Configurar un virtualhost d'apache per al servei =<br />
Com ens agrada complicar les coses (o deixar-les una mica ordenades), crearem un subdomini que es dirà graf1, vaig al DNS i apunto el subdomini a la ip d'internet d'aquesta màquina i configuro el virtualhost apuntant al directori snpservices que és un link simbòlic (important afegir la opció FollowSymLinks). '''Aquest pas és opcional'''.<br />
<br />
<pre><br />
# vi /etc/apache2/sites-available/graf1.marsupi.org<br />
<VirtualHost *:80><br />
ServerAdmin marsupi@marsupi.org<br />
ServerAlias graf1.marsupi.org *.graf1.marsupi.org<br />
ServerName graf1.marsupi.org<br />
<br />
DocumentRoot /usr/share/snpservices<br />
<br />
#habilitar en cas de debugging<br />
#ErrorLog /var/log/apache2/graf1.marsupi.org_error.log<br />
#LogLevel warn<br />
#CustomLog /var/log/apache2/graf1.marsupi.org_access.log combined<br />
<br />
<Directory /><br />
Options FollowSymLinks<br />
AllowOverride None<br />
</Directory><br />
<Directory /usr/share/snpservices><br />
Options FollowSymLinks<br />
AllowOverride None<br />
Order allow,deny<br />
Allow from all<br />
</Directory><br />
</VirtualHost></pre><br />
<br />
Carreguemt el fitxer de configuració a l'apache<br />
<br />
<pre># a2ensite graf1.marsupi.org</pre><br />
<br />
I reiniciem el servei<br />
<br />
<pre># service apache2 restart</pre><br />
<br />
<br />
= Agraïments =<br />
Thnks Zunbado i Locke.<br />
<br />
[[es:Servidor de gráficas 1]]<br />
[[ca:Servidor de gràfiques 1]]</div>Lib2knowhttp://en.wiki.guifi.net/wiki/ZoneZone2014-04-20T09:18:01Z<p>Chk: Delete deprecated option.</p>
<hr />
<div>====Creating a New Zone====<br />
Maybe you join Guifi.net at a zone which doesn't exist yet. In that case it is necessary to create a new zone.<br />
# To do that we should [http://guifi.net/user/register create a user] at the guifi.net webpage and confirm the mail with the verification link.<br />
# Then we go to the [http://guifi.net/en/aportacions guifi.net Main Page] and click '''"Create content"'''.<br />
# There we choose [http://guifi.net/en/node/add/guifi-zone "guifi.net zone"] and fill the fields of the form.<br />
<br />
====Properties of the New Zone Form====<br />
'''Parent zone::''' Here we navigate to the zone level under which we want to create our new zone. The structure of zones varies according to geographical or political organization. When creating a new zone you can choose the common use of the area. Some people prefer the political structure and other geographic. The intention is to determine the way how IP numbers are allocated automatically (for example one valley that contains two or more political structures).<br />
<br />
'''Abbreviation::''' The abbreviation with ten characters will be the name assigned on the map which shows the areas. This will be the short name to identify the area that we are creating. Avoid abbreviations of 2 or 3 letters. Do not use or spaces, or accents, or other special characters.<br />
<br />
'''Time Zone:''' explanation not necessary ;)<br />
<br />
'''Startpage of the zone:''' URL of local communtiy if it exists. Useful for those who want to use the guifi.net zone page only for the administration of the network but do not have their own portal.<br />
<br />
'''notification by e-mail:''' email contact for the zona, by default the your mail cause you are the creator of the zone. <br />
<br />
'''Zone services'''<br />
* '''default proxy:''' The Proxy that will be set automatically to users we create in the "users" tab in the [[node]] page. It is recommended to configure this parameter in the subzones (or the end zones). If you have not yet created any node within the zone, leave this parameter until you begin to configure services.<br />
<br />
* '''default graph server:''' The same as ''default proxy'', but for the graphical Server.<br />
<br />
'''Zones global network settings''' (popup)<br />
* DNS servers: To define if we have a dns server in the zone (for end zones);<br />
* NTP servers: To define if we have a ''network time protokol'' (NTP) server in the zone (for end zones);<br />
* OSPF identifier: Zone identifier in case of using Open Shortest Path First (OSPF).<br />
<br />
'''Zones map parameters:''' Geographic definition of the zone.<br />
<br />
'''Zone name:''' Complete zone name with spaces, accents and more but without abbreviations.<br />
<br />
'''Information about this zone:''' Box intended to give a bit of information about the zone. Some users are creative and want to show the benefits and gastronomic tourism in the area :-)<br />
<br />
'''URL parameters''' (popup): Define here the name of the zone without spaces or accents. We will use the spelling of this field to access the zone directly (Syntax:<br />
<nowiki>http://guifi.net/nomdelazona</nowiki><br />
Example: [http://guifi.net/manresa http://guifi.net/manresa]).<br />
<br />
'''Information about the authorship''' (popup): In case you want to define any user different from the ''"webmaster"'' as an author. The user "webmaster" is used to create a "neutral zone".<br />
<br />
[[es:Zona]]<br />
[[ca:Zone]]</div>Lib2knowhttp://en.wiki.guifi.net/wiki/NodeNode2014-04-19T14:38:58Z<p>Lib2know: /* language links */</p>
<hr />
<div>A Node in Guifi.net is one point of the network. It is created as a part of a [[zone]].<br />
<br />
=====Links and Supernodes=====<br />
To contribute in the network a node needs a link to one ore more other nodes.<br />
A Node which is connected to more than one other nodes is called [[supernode]].<br />
<br />
=====Location and Devices=====<br />
Every Node has on defined [[location]] but can consist of several [[devices]] like <br />
* ADSL Routers<br />
* Network Cameras<br />
* Server Computers and more.<br />
Devices can have their own IP-address inside guifi.net which usually look like '''10.123.45.67''' beginning with '''10'''.<br />
<br />
=====Services=====<br />
Every Node can offer [[services]]:<br />
* Open Internet Access<br />
* Wireless Connectivtity for End Users<br />
* Linux Distribution Cache<br />
* Asterisk VoIP PBX server<br />
* Domain name server services<br />
* FTP or shared disk server<br />
* IRC Server<br />
* LDAP Server<br />
* and many more ...<br />
<br />
[[ca:Node]]<br />
[[es:Node]]</div>Lib2knowhttp://en.wiki.guifi.net/wiki/Ubiquiti_RouterStationUbiquiti RouterStation2014-04-12T13:45:41Z<p>Lib2know: /* Enllaços externs */</p>
<hr />
<div>{{in development}}<br />
== Specifications ==<br />
*680MHz MIPS 24K CPU<br />
*64MB RAM<br />
*16MB Flash<br />
*3X 32-bit mini-PCI<br />
<br />
== External links ==<br />
* [http://ubnt.com/routerstation Official Page of Ubiquiti RouterStation]<br />
<br />
[[ca:Ubiquiti RouterStation]]<br />
[[es:Ubiquiti RouterStation]]</div>Lib2knowhttp://en.wiki.guifi.net/wiki/Use_Cases,_on_Guifi.netUse Cases, on Guifi.net2014-04-12T13:30:21Z<p>Lib2know: </p>
<hr />
<div>http://guifi.net/en/experiences<br />
<br />
page added by mistake, please delete</div>Lib2knowhttp://en.wiki.guifi.net/wiki/Netgear_WG602Netgear WG6022014-04-12T13:10:18Z<p>Lib2know: /* copy to english wiki */</p>
<hr />
<div>== Factory defaults ==<br />
<br />
:*'''IP''': 192.168.0.227<br />
:*'''Usuari''': admin<br />
:*'''Password''': password<br />
<br />
[[categoria:router]]<br />
<br />
[[ca:Netgear WG602]]</div>Lib2knowhttp://en.wiki.guifi.net/wiki/Linux_NetworksLinux Networks2014-03-31T22:20:13Z<p>Lib2know: /* – translated until here – */</p>
<hr />
<div>{{PlantillaCurs<br />
| fitxers = {{FitxerIOriginalODT|url=https://anonymous@svn.projectes.lafarga.cat/svn/iceupc/LinuxAdministracioAvan%c3%a7ada/moodle/sessio2/transparencies|nom=XarxesEthernetProtocolARP}}, {{FitxerIOriginalODT|url=https://svn.projectes.lafarga.cat/svn/iceupc/LinuxAdministracioAvan%c3%a7ada/moodle/sessio2/transparencies/|nom=Model_ReferenciaOSI}}, {{FitxerIOriginalODT|url=https://svn.projectes.lafarga.cat/svn/iceupc/LinuxAdministracioAvan%c3%a7ada/moodle/sessio2/transparencies/|nom=Protocols_de_xarxes_UNIX}}<br />
| repositori = https://svn.projectes.lafarga.cat/svn/iceupc/DissenyXarxaLocalLinux/moodle/sessio2/transparencies/, https://svn.projectes.lafarga.cat/svn/iceupc/LinuxAdministracioAvan%c3%a7ada/moodle/sessio2/transparencies<br />
| autors = [[Especial:Contribucions/Sergi|Sergi Tur Badenas]]<br />
}}<br />
<br />
=Configuration of Linux Networks=<br />
<br />
==Hardware Configuration==<br />
<br />
'''NOTE:''' In current Linux Distributions many of the steps in this section are not necessary (because network hardware is detected and configured automatically).<br />
<br />
===Mounting the proc File System===<br />
<br />
Check by a glance to the '''/etc/mtab''' file if the '''proc''' file system is installed because it is essential for the network to get working: <br />
<br />
$ cat /etc/mtab <br />
/dev/sda2 / ext3 rw,errors=remount-ro 0 0<br />
proc /proc proc rw,noexec,nosuid,nodev 0 0<br />
/sys /sys sysfs rw,noexec,nosuid,nodev 0 0<br />
varrun /var/run tmpfs rw,noexec,nosuid,nodev,mode=0755 0 0<br />
varlock /var/lock tmpfs rw,noexec,nosuid,nodev,mode=1777 0 0<br />
procbususb /proc/bus/usb usbfs rw 0 0<br />
udev /dev tmpfs rw,mode=0755 0 0<br />
..................<br />
<br />
This file shows us the devices mounted in our system. If there is no '''proc''' file system, add the file '''/etc/fstab ''':<br />
<br />
# <file system> <mount point> <type> <options> <dump> <pass><br />
proc /proc proc defaults 0 0<br />
<br />
We can check it using the command<br />
<br />
$ sudo mount -a<br />
<br />
that mounts all network devices as specified in the file '''/etc/fstab'''.<br />
<br />
'''NOTE:''' The process file system ([https://en.wikipedia.org/wiki/Procfs procfs]) currently is configured by default in most kernels. If your kernel does not support this type of system you will find error messages such as<br />
<br />
mount: fs type procfs not supported by kernel. <br />
<br />
It is necessary to compile the kernel with support for procfs.<br />
<br />
===Network Adapters (NICs)=== <br />
<br />
There are many support drivers for network cards with Linux. PCi Ethernet cards are not usually a problem in Linux. Another topic more delicate is the network cards PCMCIA or USB.<br />
<br />
If the network card is PCI, we can get your model and ID with the commands:<br />
<br />
$ lspci<br />
.........................<br />
00:18.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Controller<br />
00:18.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscellaneous Control<br />
01:00.0 VGA compatible controller: ATI Technologies Inc RV280 [Radeon 9200 PRO] (rev 01)<br />
02:07.0 FireWire (IEEE 1394): VIA Technologies, Inc. IEEE 1394 Host Controller (rev 80)<br />
02:08.0 Ethernet controller: Marvell Technology Group Ltd. 88E8001 Gigabit Ethernet Controller (rev 13)<br />
<br />
$ lspci -n<br />
<br />
00:18.1 0600: 1022:1101<br />
00:18.2 0600: 1022:1102<br />
00:18.3 0600: 1022:1103<br />
01:00.0 0300: 1002:5960 (rev 01)<br />
02:07.0 0c00: 1106:3044 (rev 80)<br />
02:08.0 0200: 11ab:4320 (rev 13)<br />
<br />
The identifier consists of two parts: the identifier of the seller (vendor_id) and product ID (proc_id). We can also consult this value using the hal-device-manager application:<br />
<br />
Command Line:<br />
<br />
$ hal-device-manager<br />
<br />
'''Grafical interface''':<br />
<br />
[[Image:Hal-device-manager1.jpg]]<br />
<br />
[[Image:Hal-device-manager2.jpg]]<br />
<br />
Another useful command is:<br />
<br />
$ lshal | grep info.linux.driver<br />
<br />
The website of ROM 'O' MATIC maintains [http://rom-o-matic.net/5.4.2/etherboot-5.4.2/src/bin/NIC a list] with the most popular network cards and their identifiers.<br />
<br />
You can also find drivers (wireless) on the web:<br />
<br />
http://linux-wless.passys.nl/<br />
<br />
Websites where you can find help on NICs:<br />
<br />
*http://tldp.org/HOWTO/Ethernet-HOWTO-4.html#mystery<br />
*http://tldp.org/HOWTO/Hardware-HOWTO/nic.html<br />
*http://es.tldp.org/COMO-INSFLUG/COMOs/Compatibilidad-Hardware-Como/Compatibilidad-Hardware-Como-12.html <br />
<br />
*[http://tldp.org/HOWTO/Ethernet-HOWTO-2.html#what-card What network card to choose?]<br />
<br />
= – translated until here – =<br />
====PCMCIA====<br />
<br />
$ cardctl ident<br />
<br />
====USB====<br />
<br />
Vegeu [[Comandes_relacionades_amb_el_maquinari#lsusb | lsusb]].<br />
<br />
També és pot utilitzar [[dmesg]].<br />
<br />
===Maquinari suportat===<br />
<br />
Ubuntu proporciona a la seva wiki una llista de targetes de xarxa suportades (https://wiki.ubuntu.com/HardwareSupportComponentsWiredNetworkCards).<br />
<br />
També hi ha una llista de targetes de xarxa wireless (https://help.ubuntu.com/community/WifiDocs/WirelessCardsSupported)<br />
<br />
===Targetes de xarxa Wireless===<br />
<br />
*https://help.ubuntu.com/community/WifiDocs/WirelessTroubleShootingGuide<br />
<br />
===Nomenclatura i tipus de dispositius de xarxa en Linux===<br />
<br />
*lo: local loopback interface. Sempre està disponible ja que l'utilitzen múltiples aplicacions de xarxa (les quals no funcionarien sense aquesta interfície)<br />
*eth0, eth1, ... : Targetes de xarxa ethernet.<br />
*tr0, tr1, ...: Targetes de xarxa Token Ring.<br />
*sl0, sl1,...: Targetes de xarxa SLIP (línies sèrie).<br />
*ppp0, ppp1, ...: Targetes de xarxa PPP (línies sèrie).<br />
*plip0, plip1, ...: Targetes de xarxa PLIP (línies sèrie).<br />
*ax0, ax1, ... : Targetes de xarxa AX.25 interfaces.<br />
*vmnet1, vmnet8,...: Targetes de xarxa virtuals de vmware. <br />
<br />
Extret de: http://tldp.org/LDP/nag2/x-087-2-hwconfig.tour.html<br />
<br />
===Determinar el nom de les targetes de xarxa eth0, eth1. Udev i iftab===<br />
<br />
{{nota|Aquest fitxer ja no es troba en versions actual d'Ubuntu (--[[Usuari:Sergi|acacha]] 12:06, 25 des 2009 (UTC)). Cal consultar el fitxer [[/etc/udev/rules.d/70-persistent-net.rules]] , fitxer generat automàticament per [[/lib/udev/write_net_rules]]}}<br />
<br />
El fitxer '''/etc/iftab''':<br />
<br />
$ cat /etc/iftab<br />
# This file assigns persistent names to network interfaces.<br />
# See iftab(5) for syntax.<br />
<br />
eth0 mac 00:30:1b:b7:cd:b6 arp 1 <br />
<br />
és utilitzat per udev per tal d'establir el nom de les targetes de xarxa. La norma de udev que s'encarrega és:<br />
<br />
$ cat /etc/udev/rules.d/25-iftab.rules<br />
# This file causes network devices to be assigned consistent names.<br />
# See udev(7) for syntax.<br />
<br />
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", \<br />
PROGRAM="iftab_helper %k", NAME="$result"<br />
<br />
Un script de udev que he trobat per Internet per establir el nom de les targetes de xarxa.<br />
<br />
'''Atenció''': No ho he provat pas....<br />
<br />
# /etc/udev/static-nic.rules<br />
#<br />
# Set permission to 0644 'chmod 0644 static-nic.rules', then symlink<br />
#'ln -s static-nic.rules rules.d/025_static-nic.rules'<br />
#<br />
# Purpose:<br />
# Mapping specific MAC address to specific device names for cases where<br />
# that is expected.<br />
#<br />
# SYSFS{address}="MAC address" - MAC address should be the machine<br />
# address of the network card the rule is for.<br />
#<br />
# NAME="name" - name is the device name you want used for the interface.<br />
# These could be standard names eth0, wlan0, etc... or if you prefer<br />
# something more descriptive lan, internet, wireless, whatever...<br />
<br />
KERNEL="eth*", SYSFS{address}="00:00:00:00:00:00", NAME="eth0"<br />
KERNEL="eth*", SYSFS{address}="11:11:11:11:11:11", NAME="eth1"<br />
<br />
'''Recursos:'''<br />
<br />
*http://lists.debian.org/debian-user/2006/01/msg00181.html<br />
*[http://www.die.net/doc/linux/man/man5/iftab.5.html man iftab]<br />
<br />
==Configuració del programari==<br />
<br />
===Paquet net-tools (abans netbase)===<br />
<br />
Podem comprovar si tenim el programari base de xarxes amb linux comprovant si tenim el paquet net-tools. En sistemes Debian:<br />
<br />
$ dpkg -l | grep net-tools<br />
ii net-tools 1.60-17ubuntu1 The NET-3 networking toolkit<br />
<br />
Si no tenim clar quines comandes ens aporta el paquet net-tools podem executar:<br />
<br />
$ dpkg -L net-tools | grep bin<br />
/usr/sbin<br />
/usr/sbin/arp<br />
/sbin<br />
/sbin/ifconfig<br />
/sbin/nameif<br />
/sbin/plipconfig<br />
/sbin/rarp<br />
/sbin/route<br />
/sbin/slattach<br />
/sbin/ipmaddr<br />
/sbin/iptunnel<br />
/sbin/mii-tool<br />
/bin<br />
/bin/netstat<br />
<br />
Com podeu veure, és el responsable de proporcionar-nos les comandes [[#ifconfig | ifconfig]],[[#arp | arp]],[[#rarp | rarp]], [[#route | route]] i [[#netstat | netstat]].<br />
<br />
Aquesta comanda també ens pot ser útil per localitzar els camins absoluts de les comandes de xarxa. Abans el paquet es deia '''netbase'''. Més endavant veurem que el nou paquet netbase no té res a veure amb aquest.<br />
<br />
===Paquet wireless-tools===<br />
<br />
Podeu trobar més informació a la secció Paquet wireless tools de l'article [[Xarxes Linux Wireless]].<br />
<br />
===Paquet netbase===<br />
<br />
Aquest paquet depèn del paquet ifupdown i bàsicament instal·la fitxers de configuració de xarxa com l'script /etc/init.d/networking<br />
<br />
$ dpkg -L netbase | grep etc<br />
/etc<br />
/etc/network<br />
/etc/protocols<br />
/etc/rpc<br />
/etc/services<br />
/etc/init.d<br />
/etc/init.d/networking<br />
<br />
També és el que ens proporciona els fitxrs protocols i services.<br />
<br />
Podem comprovar si tenim instal·lat aquest programa amb:<br />
<br />
$ dpkg -l | grep netbase<br />
ii netbase 4.25ubuntu2 Basic TCP/IP networking system<br />
<br />
===Paquet ifupdown===<br />
<br />
Ens proporciona les comandes ifup i ifdown així com els fitxers de configuració de les interfícies de xarxa<br />
<br />
Per comprovar si tenim instal·lat el paquet:<br />
<br />
$ dpkg -l | grep ifupdown<br />
ii ifupdown 0.6.7ubuntu7 high level tools to configure network interf<br />
<br />
Podem consultar quines comandes ens ofereix amb:<br />
<br />
$ dpkg -L ifupdown | grep bin<br />
/usr/bin<br />
/usr/sbin<br />
/sbin<br />
/sbin/ifup<br />
/sbin/ifdown<br />
<br />
O quins fitxers de configuració ens ofereix amb:<br />
<br />
$ dpkg -L ifupdown | grep etc<br />
/etc<br />
/etc/network<br />
/etc/network/if-pre-up.d<br />
/etc/network/if-up.d<br />
/etc/network/if-down.d<br />
/etc/network/if-post-down.d<br />
/etc/init.d<br />
'/etc/init.d/loopback<br />
/etc/udev<br />
/etc/udev/rules.d<br />
/etc/udev/rules.d/85-ifupdown.rules<br />
<br />
Veiem doncs que ens proporciona les comandes ifup i ifdown, que configura la interfície de loopback (/etc/init.d/loopback) i que instal·la les carpetes de<br />
<br />
Si no sabéssim a priori el nom del paquet però sí el nom dels fitxers i/o comandes que instal·la podem utilitzar aquesta informació amb dpkg<br />
<br />
$ dpkg -S ifdown<br />
ifupdown: /usr/share/man/man8/ifdown.8.gz<br />
ifupdown: /sbin/ifdown<br />
<br />
===Paquet gnome-nettool===<br />
<br />
Aquest paquet ens proporciona una eina gràfica a partir de la qual executar les comandes de xarxa ping, netstat, whois, etc...<br />
<br />
La podem executar amb:<br />
<br />
$ gnome-nettool<br />
<br />
o seguint els menús:<br />
<br />
[[Image:Gnome-nettool1.jpg]]<br />
<br />
[[Image:Gnome-nettool.jpg]]<br />
<br />
===Paquets iptutils-*===<br />
<br />
Hi ha tres paquets:<br />
<br />
*'''iputils-arping''': Proporciona la comanda [[#arping | arping]]<br />
*'''iputils-ping''': Proporciona la comanda [[#ping | ping ]]<br />
*'''iputils-tracepath''': Proporciona la comanda [[#traceroute | traceroute]] <br />
<br />
El més important és el segon que ens proporciona la comanda [[#ping | ping]].<br />
<br />
===Paquets iproute===<br />
<br />
TODO<br />
<br />
$ dpkg -L iproute | grep bin<br />
/bin<br />
/bin/ip<br />
/sbin<br />
/sbin/rtmon<br />
/sbin/tc<br />
/sbin/netbug<br />
/sbin/rtacct<br />
/sbin/ss<br />
/usr/bin<br />
/usr/bin/lnstat<br />
/usr/bin/nstat<br />
/usr/bin/routef<br />
/usr/bin/routel<br />
/usr/sbin<br />
/usr/sbin/arpd<br />
/sbin/ip<br />
/usr/bin/ctstat<br />
/usr/bin/rtstat<br />
<br />
Proporciona diverses comandes de control de la xarxa a nivell de kernel..<br />
<br />
===Paquet dnstracer===<br />
<br />
Com podem veure amb la comanda:<br />
<br />
$ dpkg -L dnstracer | grep bin<br />
/usr/bin<br />
/usr/bin/dnstracer<br />
<br />
Ens proporciona la comandes dnstracer.<br />
<br />
===Paquet dnsutils===<br />
<br />
Com podem veure amb la comanda:<br />
<br />
$ dpkg -L dnsutils | grep bin<br />
/usr/bin<br />
/usr/bin/dig<br />
/usr/bin/nslookup<br />
/usr/bin/nsupdate<br />
<br />
Ens proporciona les comandes dig i nslookup.<br />
<br />
===Paquet tcpdump===<br />
<br />
Proporciona la comanda [[#tcpdump | tcpdump]].<br />
<br />
===Paquet nmap===<br />
<br />
Proporciona la comanda [[#nmap | nmap]].<br />
<br />
===Paquet traceroute===<br />
<br />
Proporciona la comanda [[#traceroute | traceroute]].<br />
<br />
===Analitzadors de xarxa (Wireshark/Ethereal)===<br />
<br />
*Wireshark (Antic ethereal). El paquet wireshark ens proporciona l'analitzador de xarxes lliure més famós i potent: Ethereal. Fa poc, Ethereal ha canviat el seu nom a WireShak. Podeu trobar més informació a l'article d'aquesta Wiki sobre [[Ethereal]] (Wireshark). <br />
<br />
===Paquet ipcalc===<br />
<br />
Proporciona la comanda [[#ipcalc | ipcalc]].<br />
<br />
===Paquet arpwatch===<br />
<br />
Proporciona el dimoni arpwatch que permet monitoritzar l'ús de la xarxa local mantenint una taula d'IPS i MACs.<br />
<br />
'''Recursos:'''<br />
<br />
*http://en.wikipedia.org/wiki/Arpwatch<br />
*http://ee.lbl.gov/ <br />
<br />
===Paquet whois===<br />
<br />
Com podem veure amb la comanda:<br />
<br />
$ dpkg -L whois | grep bin<br />
/usr/bin<br />
/usr/bin/whois<br />
/usr/bin/mkpasswd<br />
<br />
Aquest paquet ens proporciona la comanda [[#whois | whois]].<br />
<br />
===Paquet iptables (netfilter)===<br />
<br />
Com podem veure amb la comanda:<br />
<br />
$ dpkg -L iptables | grep bin<br />
/sbin<br />
/sbin/iptables<br />
/sbin/iptables-save<br />
/sbin/iptables-restore<br />
/sbin/ip6tables<br />
/sbin/ip6tables-save<br />
/sbin/ip6tables-restore<br />
<br />
Aquest paquet ens proporciona les comandes relacionades amb iptables.<br />
<br />
===Paquets bind/bind9===<br />
<br />
Ens proporciona les comandes i fitxers de configuració relacionats amb els servidors de noms (DNS) bind. Consulteu l'article sobre [[DNS]].<br />
<br />
==Inicialització de la xarxa. Scripts d'inicialització System V==<br />
<br />
A Ubuntu la inicialització de la xarxa es fa al nivell d'execució S. Els processos que s'inicialitzen en aquest nivell són els que hi ha a la carpeta '''/etc/rcS.d''' seguint el sistema d'scripts d'inicialització SystemV (Veieu l'article [[Configuració de serveis en Linux. Daemons]] per a més informació). Si executem:<br />
<br />
$ ls -la /etc/rcS.d/<br />
total 16<br />
drwxr-xr-x 2 root root 4096 2006-12-24 13:31 .<br />
drwxr-xr-x 142 root root 8192 2006-12-30 09:09 ..<br />
-rw-r--r-- 1 root root 785 2006-10-06 13:34 README<br />
lrwxrwxrwx 1 root root 24 2006-11-07 19:57 S06keyboard-setup -> ../init.d/keyboard-setup<br />
lrwxrwxrwx 1 root root 41 2006-10-10 13:07 S07linux-restricted-modules-common -> ../init.d/linux-restricted-modules-common<br />
lrwxrwxrwx 1 root root 18 2006-10-10 13:07 S08loopback -> ../init.d/loopback<br />
......<br />
lrwxrwxrwx 1 root root 20 2006-10-10 13:07 S40networking -> ../init.d/networking<br />
lrwxrwxrwx 1 root root 16 2006-10-10 13:07 S40pcmcia -> ../init.d/pcmcia<br />
.......<br />
<br />
<br />
Com podem veure en aquest nivell s'inicialitza la interfície de loopback i després la xarxa (networking). Els fitxers:<br />
<br />
*/etc/rcS.d/S08loopback<br />
*/etc/rcS.d/S40networking <br />
<br />
Són links als respectius fitxer d'inicialització SystemV:<br />
<br />
*/etc/init.d/loopback<br />
*/etc/init.d/networking <br />
<br />
Com s'explica aquí el que fan aquests links es determinar que s'ha d'executar els fitxers d'script amb el paràmetre start (S). Si fem una ullada al fitxer '''/etc/init.d/networking''':<br />
<br />
#!/bin/sh -e<br />
### BEGIN INIT INFO<br />
# Provides: networking<br />
# Required-Start: mountvirtfs ifupdown $local_fs<br />
# Default-Start: S<br />
# Default-Stop: 0 6<br />
### END INIT INFO<br />
<br />
PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"<br />
<br />
[ -x /sbin/ifup ] || exit 0<br />
<br />
. /lib/lsb/init-functions<br />
<br />
<br />
case "$1" in<br />
start)<br />
log_action_begin_msg "Configuring network interfaces"<br />
type usplash_write >/dev/null 2>/dev/null && usplash_write "TIMEOUT 120" || true<br />
if [ "$VERBOSE" != no ]; then<br />
if ifup -a; then<br />
log_action_end_msg $?<br />
else<br />
log_action_end_msg $?<br />
fi<br />
else<br />
if ifup -a >/dev/null 2>&1; then<br />
log_action_end_msg $?<br />
else<br />
log_action_end_msg $?<br />
fi<br />
fi<br />
type usplash_write >/dev/null 2>/dev/null && usplash_write "TIMEOUT 15" || true<br />
;;<br />
<br />
stop)<br />
if sed -n 's/^[^ ]* \([^ ]*\) \([^ ]*\) .*$/\2/p' /proc/mounts | <br />
grep -qE '^(nfs[1234]?|smbfs|ncp|ncpfs|coda|cifs)$'; then<br />
log_warning_msg "not deconfiguring network interfaces: network shares still mounted."<br />
exit 0<br />
fi<br />
<br />
log_action_begin_msg "Deconfiguring network interfaces"<br />
if [ "$VERBOSE" != no ]; then<br />
if ifdown -a --exclude=lo; then<br />
log_action_end_msg $?<br />
else<br />
log_action_end_msg $?<br />
fi<br />
else<br />
if ifdown -a --exclude=lo >/dev/null 2>/dev/null; then<br />
log_action_end_msg $?<br />
else<br />
log_action_end_msg $?<br />
fi<br />
fi<br />
;;<br />
<br />
force-reload|restart)<br />
log_action_begin_msg "Reconfiguring network interfaces"<br />
ifdown -a --exclude=lo || true<br />
if ifup -a --exclude=lo; then<br />
log_action_end_msg $?<br />
else<br />
log_action_end_msg $?<br />
fi<br />
;;<br />
<br />
*) <br />
echo "Usage: /etc/init.d/networking {start|stop|restart|force-reload}"<br />
exit 1<br />
;;<br />
esac<br />
<br />
exit 0<br />
<br />
Veiem que hi ha una secció start i una secció stop i com es criden les comandes ifup -a i ifdown -a.<br />
<br />
El fitxer '''/etc/rcS.d/README''' ens proporciona més informació sobre aquest nivell d'execució.<br />
<br />
==Comandes de xarxa==<br />
<br />
===ifconfig===<br />
<br />
Vegeu també l'ordre [[ip]] de [[Linux Advanced Routing & Traffic Control]] [[lartc]] (http://lartc.org/).<br />
<br />
Ifconfig és la comanda que permet configurar interfícies de xarxa (NICs). Tot i que ens permet modificar els paràmetres de xarxa, el seu ús més comú és consultar els paràmetres de xarxa executant ifconfig sense paràmetres:<br />
<br />
$ ifconfig<br />
eth0 Link encap:Ethernet HWaddr 00:30:1B:B7:CD:B6 <br />
inet addr:192.168.1.33 Bcast:192.168.1.255 Mask:255.255.255.0<br />
inet6 addr: fe80::230:1bff:feb7:cdb6/64 Scope:Link<br />
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br />
RX packets:16929 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:18758 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:1000 <br />
RX bytes:11958414 (11.4 MiB) TX bytes:3243289 (3.0 MiB)<br />
Interrupt:209 <br />
<br />
lo Link encap:Local Loopback <br />
inet addr:127.0.0.1 Mask:255.0.0.0<br />
inet6 addr: ::1/128 Scope:Host<br />
UP LOOPBACK RUNNING MTU:16436 Metric:1<br />
RX packets:2051 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:2051 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:0 <br />
RX bytes:598941 (584.9 KiB) TX bytes:598941 (584.9 KiB)<br />
<br />
vmnet1 Link encap:Ethernet HWaddr 00:50:56:C0:00:01 <br />
inet addr:192.168.252.1 Bcast:192.168.252.255 Mask:255.255.255.0<br />
inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link<br />
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br />
RX packets:0 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:1000 <br />
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)<br />
<br />
vmnet8 Link encap:Ethernet HWaddr 00:50:56:C0:00:08 <br />
inet addr:192.168.196.1 Bcast:192.168.196.255 Mask:255.255.255.0<br />
inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link<br />
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br />
RX packets:0 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:1000 <br />
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)<br />
<br />
Com podeu observar es mostren diferents blocs que segueixen la nomenclatura de dispositius de xarxa (eth0,lo,vmnet...). Cada bloc correspon a un dispositiu de xarxa ja sigui físic o virtual.<br />
<br />
Com mostrar només la informació d'una NIC:<br />
<br />
$ ifconfig eth0<br />
eth0 Link encap:Ethernet HWaddr 00:30:1B:B7:CD:B6 <br />
inet addr:192.168.1.33 Bcast:192.168.1.255 Mask:255.255.255.0<br />
inet6 addr: fe80::230:1bff:feb7:cdb6/64 Scope:Link<br />
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br />
RX packets:16929 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:18758 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:1000 <br />
RX bytes:11958414 (11.4 MiB) TX bytes:3243289 (3.0 MiB)<br />
Interrupt:209 <br />
<br />
Ifconfig ens proporciona la següent informació:<br />
<br />
*'''HWaddr''': MAC del dispositiu (Ex. 00:30:1B:B7:CD:B6)<br />
*'''inet addr''': La adreça IP del dispositiu (Ex. 192.168.1.33)<br />
*'''Bcast''': La adreça de difusió de la subxarxa (Ex. 192.168.1.255)<br />
*'''Mask''': La mascara de la subxarxa 255.255.255.0.<br />
*'''inet6 addr''': La adreça IPv6 (ex.fe80::230:1bff:feb7:cdb6/64)<br />
*'''Scope''': L'àmbit d'actuació de la interfície. Host (loopback)/Link (xarxes LAN nivell enllaç).<br />
*'''Estadístiques de transmissió/recepció''':<br />
o RX packets:16929 errors:0 dropped:0 overruns:0 frame:0<br />
o TX packets:18758 errors:0 dropped:0 overruns:0 carrier:0<br />
o collisions:0 txqueuelen:1000<br />
o RX bytes:11958414 (11.4 MiB) TX bytes:3243289 (3.0 MiB) <br />
<br />
Exemple ifconfig en un router amb 5 targetes de xarxa:<br />
<br />
$ /sbin/ifconfig <br />
eth0 Link encap:Ethernet HWaddr 00:48:54:8D:58:47 <br />
inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0<br />
inet6 addr: fe80::248:54ff:fe8d:5847/64 Scope:Link<br />
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br />
RX packets:15351 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:6643 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:1000 <br />
RX bytes:1259037 (1.2 MiB) TX bytes:878285 (857.7 KiB)<br />
Interrupt:11 Base address:0xb400 <br />
<br />
eth1 Link encap:Ethernet HWaddr 00:48:54:8D:7F:65 <br />
inet addr:192.168.10.2 Bcast:192.168.10.255 Mask:255.255.255.0<br />
inet6 addr: fe80::248:54ff:fe8d:7f65/64 Scope:Link<br />
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br />
RX packets:6904 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:5240 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:1000 <br />
RX bytes:581267 (567.6 KiB) TX bytes:353604 (345.3 KiB)<br />
Interrupt:5 Base address:0xb800 <br />
<br />
eth2 Link encap:Ethernet HWaddr 00:48:54:8D:59:37 <br />
inet addr:192.168.213.1 Bcast:192.168.213.255 Mask:255.255.255.0<br />
inet6 addr: fe80::248:54ff:fe8d:5937/64 Scope:Link<br />
UP BROADCAST MULTICAST MTU:1500 Metric:1<br />
RX packets:0 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:1000 <br />
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)<br />
Interrupt:9 Base address:0xbc00 <br />
<br />
eth3 Link encap:Ethernet HWaddr 00:48:54:8A:DA:31 <br />
inet addr:192.168.216.1 Bcast:192.168.216.255 Mask:255.255.255.0<br />
inet6 addr: fe80::248:54ff:fe8a:da31/64 Scope:Link<br />
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br />
RX packets:2537 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:20 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:1000 <br />
RX bytes:448104 (437.6 KiB) TX bytes:2668 (2.6 KiB)<br />
Interrupt:10 Base address:0xc000 <br />
<br />
eth4 Link encap:Ethernet HWaddr 00:0D:88:CC:B4:64 <br />
inet addr:192.168.217.1 Bcast:192.168.217.255 Mask:255.255.255.0<br />
inet6 addr: fe80::20d:88ff:fecc:b464/64 Scope:Link<br />
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br />
RX packets:13 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:20 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:1000 <br />
RX bytes:2258 (2.2 KiB) TX bytes:2936 (2.8 KiB)<br />
Interrupt:5 Base address:0xa000 <br />
<br />
lo Link encap:Local Loopback <br />
inet addr:127.0.0.1 Mask:255.0.0.0<br />
inet6 addr: ::1/128 Scope:Host<br />
UP LOOPBACK RUNNING MTU:16436 Metric:1<br />
RX packets:14125 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:14125 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:0 <br />
RX bytes:6902348 (6.5 MiB) TX bytes:6902348 (6.5 MiB)<br />
<br />
'''Exemples:'''<br />
<br />
*Apagar una interfície de xarxa: <br />
<br />
$ ifconfig eth0 down<br />
<br />
'''NOTA:''' És equivalent a ifdown eth0<br />
<br />
*Encendre una interfície de xarxa: <br />
<br />
$ ifconfig eth0 up<br />
<br />
'''NOTA:''' És equivalent a ifup eth0<br />
<br />
====Configurar una targeta de xarxa amb ip estàtica====<br />
<br />
$ sudo ifconfig eth0 192.168.0.15 netmask 255.255.255.0 broadcast 192.168.0.255<br />
<br />
'''NOTA:''' Amb ifconfig no es pot configurar la interfície de xarxa amb dhcp, ni es pot establir el gateway. El gateway s'estableix amb la comanda Xarxes_Linux#route o mitjançant un paràmetre al fitxer '''/etc/network/interfaces'''.<br />
<br />
===== Mode promiscu =====<br />
<br />
*Establir el mode promiscu: <br />
<br />
$ ifconfig eth0 promisc<br />
$ ifconfig eth0<br />
eth0 Link encap:Ethernet HWaddr 00:80:C8:F8:4A:51<br />
inet addr:192.168.99.35 Bcast:192.168.99.255 Mask:255.255.255.0<br />
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1412 Metric:1<br />
RX packets:190312 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:86955 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:100 <br />
RX bytes:30701229 (29.2 Mb) TX bytes:7878951 (7.5 Mb)<br />
Interrupt:9 Base address:0x5000<br />
<br />
*Treure el mode promiscu <br />
<br />
$ ifconfig eth0 -promisc<br />
$ ifconfig eth0<br />
eth0 Link encap:Ethernet HWaddr 00:30:1B:B7:CD:B6 <br />
inet addr:192.168.1.33 Bcast:192.168.1.255 Mask:255.255.255.0<br />
inet6 addr: fe80::230:1bff:feb7:cdb6/64 Scope:Link<br />
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br />
RX packets:18444 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:20307 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:1000 <br />
RX bytes:13262810 (12.6 MiB) TX bytes:3501026 (3.3 MiB)<br />
Interrupt:209 <br />
<br />
==== Activar/desactivar ARP ====<br />
<br />
Consulteu també [[ARP]].<br />
<br />
*Treure arp <br />
<br />
$ ifconfig eth0 -arp<br />
$ ifconfig eth0<br />
Link encap:Ethernet HWaddr 00:80:C8:F8:4A:51<br />
inet addr:192.168.99.35 Bcast:192.168.99.255 Mask:255.255.255.0<br />
UP BROADCAST RUNNING NOARP MULTICAST MTU:1412 Metric:1<br />
RX packets:190312 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:86955 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:100 <br />
RX bytes:30701229 (29.2 Mb) TX bytes:7878951 (7.5 Mb)<br />
Interrupt:9 Base address:0x5000<br />
<br />
*Afegir arp <br />
<br />
$ ifconfig eth0 arp<br />
<br />
*IP aliasing <br />
<br />
Permet configurar una targeta de xarxa amb múltiples IPs. Per exemple:<br />
<br />
ifconfig eth0 192.168.0.2 broadcast 192.168.0.255 netmask 255.255.255.0<br />
ifconfig eth0:1 192.168.0.3 broadcast 192.168.0.255 netmask 255.255.255.0<br />
ifconfig eth0:2 192.168.0.4 broadcast 192.168.0.255 netmask 255.255.255.0<br />
ifconfig eth0:3 192.168.0.5 broadcast 192.168.0.255 netmask 255.255.255.0<br />
ifconfig eth0:4 192.168.0.6 broadcast 192.168.0.255 netmask 255.255.255.0<br />
<br />
Pot ser molt útil per afegir-nos a una xarxa si necessitem configurar un switch, router o qualsevol altre dispositiu que de fàbrica esta configurat amb una IP d'una xarxa diferent a la nostra.<br />
<br />
'''Recursos:'''<br />
<br />
*http://es.gentoo-wiki.com/HOWTO_IP_Aliasing <br />
<br />
NOTA IMPORTANT: TOTS els canvis realitzats amb ifconfig no són canvis permanents. Al reiniciar l'ordinador es restableixen els paràmetres <br />
establerts als fitxers de configuració (P.ex. en sistemes Debian el fitxer /etc/network/interfaces).<br />
<br />
*'''Paquet:''' net-tools<br />
*'''Path:''' /sbin/ifconfig (podeu trobar el camí de la comanda executant which ifconfig)<br />
*'''Manual''': [http://man.he.net/?topic=ifconfig&section=all man ifconfig] <br />
<br />
'''Recursos:'''<br />
<br />
*[http://www.die.net/doc/linux/nag/x-087-2-iface.ifconfig.html All about ifconfig]<br />
<br />
===iwconfig===<br />
<br />
Aquesta comanda ens permet obtindre informació de les interfícies de xarxa que siguin wireless:<br />
<br />
$ iwconfig<br />
lo no wireless extensions.<br />
<br />
eth0 no wireless extensions.<br />
<br />
eth1 IEEE 802.11g ESSID:"WLAN_8A"<br />
Mode:Managed Frequency:2.427 GHz Access Point: 00:16:38:89:F6:57 <br />
Bit Rate:54 Mb/s Tx-Power=20 dBm Sensitivity=8/0 <br />
Retry limit:7 RTS thr:off Fragment thr:off<br />
Power Management:off<br />
Link Quality=95/100 Signal level=-33 dBm Noise level=-91 dBm<br />
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0<br />
Tx excessive retries:0 Invalid misc:0 Missed beacon:0<br />
<br />
irda0 no wireless extensions.<br />
<br />
sit0 no wireless extensions.<br />
<br />
És un clon de la comanda ifconfig però adequada als paràmetres de les xarxes wireless.<br />
<br />
Podeu trobar més informació a l'apartat iwconfig de l'article d'aquesta wiki sobre [[Xarxes_Linux_Wireless | Xarxes Linux Wireless]].<br />
<br />
*'''Paquet:'''wireless-tools<br />
*'''Path:''' /sbin/iwconfig (podeu trobar el path de la comanda executant which iwconfig)<br />
*'''Manual''': [http://www.die.net/doc/linux/man/man8/iwconfig.8.html man iwconfig] <br />
<br />
===ifup===<br />
<br />
Arranca una interfície de xarxa:<br />
<br />
$ [[sudo]] [[ifup]] eth0<br />
<br />
{{nota|La configuració de la interfície de xarxa serà segons l'establert al fitxer [[Xarxes_Linux#.2Fetc.2Fnetwork.2Finterfaces | /etc/network/interfaces]].}}<br />
<br />
Si la interfície no apareix al fitxer interfaces la comanda ens donarà el següent error:<br />
<br />
$ sudo ifup eth4<br />
'''Ignoring unknown interface eth4=eth4.'''<br />
<br />
{{nota| Pot donar aquest error inclús quan la targeta existeix però no esta al fitxer interfícies}}.<br />
<br />
Cal tenir en compte el funcionament el funcionament d'udev que assigna noms d'interfícies de xarxa segons la MAC en casos especials com:<br />
<br />
*'''Discs durs extraibles''': El mateix sistema operatiu funcionant en diferents màquines idèntiques però que cada targeta de xarxa té la seva MAC<br />
*'''Màquines virtuals''': Cal també tenir en compte el tema de la MAC<br />
*'''Imatges de disc''': Si utilitzem eines com partimage o Ghost, tindrem sistemes iguals però cadascú un altre cop amb la seva MAC.<br />
<br />
Per exemple en el cas dels discs durs extraibles, udev ens assignarà una ethX on x es diferent per a cada màquina segons la seva MAC. Pot ser que aquesta ethX no estigui al fitxer interfaces!!!. Si passa això hi han dos possibilitats:<br />
<br />
:*No tenir Network-Manager: Per exemple amb Ubuntu Server. Aleshores la targeta de xarxa no es configurarà durant l'arrancada del sistema<br />
:*Tenir Network-Manager: Aleshores network manager s'encarregarà de configurar la interfície de xarxa.<br />
<br />
Per a tenir més informació sobre com udev i xarxa, consulteu l'apartat:<br />
<br />
*http://acacha.dyndns.org/mediawiki/index.php/Xarxes_Linux#.2Fetc.2Fudev.2Frules.d.2F70-persistent-net.rules<br />
<br />
Si la interfície ja esta configurada ens avisarà:<br />
<br />
$ sudo ifup eth0<br />
ifup: interface eth0 already configured<br />
<br />
Un altre error pot ser:<br />
<br />
$ sudo ifdown eth0<br />
............<br />
SIOCSIFADDR: No such device<br />
eth0: ERROR while getting interface flag: No such device<br />
eth0: ERROR while getting interface flags: No such device<br />
Bind socket to interface: No such device<br />
Failed to bring up eth0.<br />
<br />
Podeu consultar més errors i la seva possible solució a [[Xarxes_Linux#Missatges_d.27error_de_la_comanda_route | Errors de la comanda route]].<br />
<br />
Molt interessant per a saber més detalls quan tenim errors és utilitzar la opció '''--verbose''':<br />
<br />
$ sudo ifup --verbose -a<br />
Configuring interface lo=lo (inet)<br />
[[run-parts]] --verbose /etc/network/if-pre-up.d<br />
run-parts: executing /etc/network/if-pre-up.d/050madwifi<br />
run-parts: executing /etc/network/if-pre-up.d/bridge<br />
run-parts: executing /etc/network/if-pre-up.d/uml-utilities<br />
run-parts: executing /etc/network/if-pre-up.d/wireless-tools<br />
run-parts: executing /etc/network/if-pre-up.d/wpasupplicant<br />
ifconfig lo 127.0.0.1 up<br />
run-parts --verbose /etc/network/if-up.d<br />
run-parts: executing /etc/network/if-up.d/avahi-autoipd<br />
run-parts: executing /etc/network/if-up.d/avahi-daemon<br />
run-parts: executing /etc/network/if-up.d/mountnfs<br />
run-parts: executing /etc/network/if-up.d/ntpdate<br />
run-parts: executing /etc/network/if-up.d/openssh-server<br />
run-parts: executing /etc/network/if-up.d/uml-utilities<br />
run-parts: executing /etc/network/if-up.d/wpasupplicant<br />
Configuring interface eth0=eth0 (inet)<br />
run-parts --verbose /etc/network/if-pre-up.d<br />
run-parts: executing /etc/network/if-pre-up.d/050madwifi<br />
run-parts: executing /etc/network/if-pre-up.d/bridge<br />
run-parts: executing /etc/network/if-pre-up.d/uml-utilities<br />
run-parts: executing /etc/network/if-pre-up.d/wireless-tools<br />
run-parts: executing /etc/network/if-pre-up.d/wpasupplicant<br />
<br />
ifconfig eth0 192.168.1.2 netmask 255.255.255.0 up<br />
route add default gw 192.168.1.1 metric 100 eth0 <br />
SIOCADDRT: File exists<br />
Failed to bring up eth0.<br />
<br />
Aquest error ens dona quan si que hi ha una entrada per a la interfície (en aquest cas eth0) però no existeix a nivell de hardware o no és la eth0. <br />
<br />
És una drecera de la comanda equivalent amb ifconfig:<br />
<br />
$ sudo ifconfig eth0 up<br />
<br />
Amb el paràmetre -a podem arrancar totes les interfícies del sistema al mateix temps:<br />
<br />
sudo ifup -a<br />
<br />
Veieu l'exemple DHCP amb ifup i ifdown per a més informació.<br />
<br />
:*'''Paquet:''' ifupdown<br />
:*'''Path:''' /sbin/ifup (podeu obtenir el path amb la comanda which ifup)<br />
:*'''Manual''': [http://www.annodex.net/cgi-bin/man/man2html?ifdown+8 man ifup]<br />
<br />
==== Script Hooks. Fitxers .d de configuració de la xarxa ====<br />
<br />
Hi ha 4 tipus de fitxers Hook Script:<br />
<br />
:*[[/etc/network/if-down.d]]: S'executa '''després''' d'aturar ([[ifdown]]) '''qualsevol''' interfície de xarxa<br />
:*[[/etc/network/if-post-down.d]]: S'executa '''abans''' d'aturar ([[ifdown]]) '''qualsevol''' interfície de xarxa<br />
:*[[/etc/network/if-pre-up.d]]: S'executa '''abans''' d'activar ([[ifup]]) '''qualsevol''' interfície de xarxa<br />
:*[[/etc/network/if-up.d/]]: S'executa '''després''' d'activar ([[ifup]]) '''qualsevol''' interfície de xarxa<br />
<br />
{{important| Fixeu-vos que s'indica qualsevol interfície de xarxa, incloent la lo. Heu de tenir en compte que si indiqueu un script de post-up s'executarà tans cops com interfícies tingueu.}}<br />
<br />
Hi ha una sèrie de variables que podeu utilitzar als scripts:<br />
<br />
<pre class="brush:bash"># Don't bother to restart sshd when lo is configured.<br />
if [ "$IFACE" = lo ]; then<br />
exit 0<br />
fi<br />
<br />
# Only run from ifup.<br />
if [ "$MODE" != start ]; then<br />
exit 0<br />
fi<br />
<br />
# OpenSSH only cares about inet and inet6. Get ye gone, strange people<br />
# still using ipx.<br />
if [ "$ADDRFAM" != inet ] && [ "$ADDRFAM" != inet6 ]; then<br />
exit 0<br />
fi</pre><br />
<br />
===ifdown===<br />
<br />
Atura una interfície de xarxa:<br />
<br />
sudo ifdown eth0<br />
<br />
És una dreçera de la comanda equivalent amb ifconfig:<br />
<br />
sudo ifconfig eth0 down<br />
<br />
Amb el paràmetre -a podem apagar totes les interfícies de xarxa al mateix temps<br />
<br />
$ sudo ifdown -a<br />
<br />
'''NOTA:''' Cal parar molta atenció a no aturar les interfícies de xarxa en servidors remots al quals ens connectem via SSH. Aquesta comanda ens impediria l'accés a la màquina i per tant obligaria a desplaçar-nos fins al DATACENTER per solucionar l'error.<br />
<br />
Veieu l'exemple DHCP amb ifup i ifdown per a més informació.<br />
<br />
*'''Paquet:''' ifupdown<br />
*'''Path:''' /sbin/ifdown (podeu obtenir el path amb la comanda which ifdown)<br />
*'''Manual''': [http://www.annodex.net/cgi-bin/man/man2html?ifdown+8 man ifdown]<br />
<br />
===ping===<br />
<br />
Consulteu:<br />
<br />
[[ICMP#Ping]]<br />
<br />
===arp===<br />
<br />
El [http://en.wikipedia.org/wiki/Address_Resolution_Protocol protocol ARP] (Address Resolution Protocol) s'encarrega de traduir adreces IP a adreçes MAc al nivell d'enllaç en les xarxes LAN. ARP és un protocol que funciona que utilitza missatges de difusió a tota la xarxa per descobrir quin node de la xarxa té la IP demanada i aconseguir la seva MAC. Un cop aconsegueix la MAC, l'emmagatzema a la taula ARP.<br />
<br />
Podem consultar aquesta taula amb la comanda:<br />
<br />
$ arp<br />
Address HWtype HWaddress Flags Mask Iface<br />
192.168.1.36 ether 00:0C:29:D3:47:00 C eth0<br />
192.168.1.34 ether 00:0E:35:29:2A:48 C eth0<br />
192.168.1.1 ether 00:30:DA:89:FC:8A C eth0<br />
<br />
Per afegir una entrada a la taula ARP:<br />
<br />
$ sudo arp -s 192.168.1.35 00:50:04:62:F7:23<br />
<br />
Ho podem comprovar amb:<br />
<br />
$ arp<br />
Address HWtype HWaddress Flags Mask Iface<br />
192.168.1.34 ether 00:0E:35:29:2A:48 C eth0<br />
192.168.1.36 ether 00:0C:29:D3:47:00 C eth0<br />
192.168.1.1 ether 00:30:DA:89:FC:8A C eth0<br />
192.168.1.35 ether 00:50:04:62:F7:23 CM eth0<br />
<br />
Podeu obtenir totes les MACs de la xarxa i omplir la taula ARP amb la comanda nmap. Suposem la xarxa de tipus C 192.168.1.0, executem:<br />
<br />
$ sudo nmap 192.168.1.1-255<br />
<br />
Un cop finalitzi la comanda tornem a consultar la taula ARP<br />
<br />
$ arp<br />
<br />
'''NOTA:''' Com veieu, aquesta comanda, conjuntament amb la comanda nmap, pot ser molt útil per tal d'aconseguir totes les MACs dels PCs d'una xarxa.<br />
<br />
*Paquet Debian: [[Xarxes_Linux#Paquet_net-tools_.28abans_netbase.29 | net-tools<br />
*'''Path:''' /usr/sbin/arp (podeu executar which arp per conèixer el path de la comanda)<br />
*'''Manual''': man arp <br />
<br />
====Ús de la comanda ping per entendre millor el funcionament del protocol ARP====<br />
<br />
Si consultem la taula arp d'una màquina (IP:192.168.0.7) dins d'una xarxa local de clase C 192.168.0.0:<br />
<br />
$ arp<br />
Address HWtype HWaddress Flags Mask Iface<br />
192.168.0.5 ether 00:30:05:4C:90:1C C eth0<br />
192.168.0.1 ether 00:13:49:87:40:66 C eth0<br />
<br />
I executem:<br />
<br />
$ ping 192.168.0.10<br />
PING 192.168.0.10 (192.168.0.10) 56(84) bytes of data.<br />
64 bytes from 192.168.0.10: icmp_seq=1 ttl=64 time=10.7 ms<br />
64 bytes from 192.168.0.10: icmp_seq=2 ttl=64 time=0.289 ms<br />
64 bytes from 192.168.0.10: icmp_seq=3 ttl=64 time=0.291 ms<br />
64 bytes from 192.168.0.10: icmp_seq=4 ttl=64 time=0.302 ms<br />
.............<br />
<br />
<br />
Si us fixeu, el primer paquet ping tarda força més en respondre (10.7ms) que és unes 37 vegades més que el que tarden els següents paquets.... Recordeu que estem fent un ping a una màquina de la mateixa xarxa. Si consultem ara la taula arp:<br />
<br />
$ arp<br />
Address HWtype HWaddress Flags Mask Iface<br />
192.168.0.5 ether 00:30:05:4C:90:1C C eth0<br />
192.168.0.1 ether 00:13:49:87:40:66 C eth0<br />
192.168.0.10 ether 00:48:54:8D:58:47 C eth0<br />
<br />
Veiem que hi ha una nova entrada a la taula d'ARP. El primer paquet tarda més temps perquè ha de traduir l'adreça IP que li proporcionem (192.168.1.10) per la corresponent adreça MAC (00:48:54:8D:58:47). Per fer aquesta traducció s'executa el protocol ARP un cop, i una vegada resolta la MAC s'emmagatzema a la taula local ARP. Un cop emmagatzemada ja no cal fer més la traducció IP-->MAC i per això la resta de paquets o següents pings ja no tardaran tant:<br />
<br />
$ ping 192.168.0.10<br />
PING 192.168.0.10 (192.168.0.10) 56(84) bytes of data.<br />
64 bytes from 192.168.0.10: icmp_seq=1 ttl=64 time=0.234 ms<br />
64 bytes from 192.168.0.10: icmp_seq=2 ttl=64 time=0.291 ms<br />
64 bytes from 192.168.0.10: icmp_seq=3 ttl=64 time=0.258 ms<br />
..........................<br />
<br />
===arping===<br />
<br />
[http://en.wikipedia.org/wiki/Arping Arping] és una comanda molt similar a ping però que utilitza el [http://en.wikipedia.org/wiki/Address_Resolution_Protocol protocol ARP] en comptes del [http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol ICMP]. Com a conseqüència aquesta comanda només es pot utilitzar entre màquines de la mateixa xarxa local. Igual que ping envia un paquet ARP REQUEST. Exemple:<br />
<br />
$ arping -c 4 192.168.0.10<br />
WARNING: interface is ignored: Operation not permitted<br />
ARPING 192.168.0.10 from 192.168.0.7 eth0<br />
Unicast reply from 192.168.0.10 [00:48:54:8D:58:47] 0.663ms<br />
Unicast reply from 192.168.0.10 [00:48:54:8D:58:47] 0.684ms<br />
Unicast reply from 192.168.0.10 [00:48:54:8D:58:47] 0.681ms<br />
Unicast reply from 192.168.0.10 [00:48:54:8D:58:47] 0.671ms<br />
Sent 4 probes (1 broadcast(s))<br />
Received 4 response(s)<br />
<br />
Per instal·lar, cal executar la comanda:<br />
<br />
$ sudo apt-get install iputils-arping<br />
<br />
El funcionament és molt similar a la comanda ping. El paràmetre c és igual i l'opció per defecte també és il·limitats "pings" que els podem aturar amb la combinació de tetcles Ctrl+C.<br />
<br />
*'''Paquet:''' iputils-arping<br />
*'''Path:''' /usr/bin/arping (podeu consultar el path executant which arping)<br />
*'''Manual''': [http://www.die.net/doc/linux/man/man8/arping.8.html man arping]<br />
<br />
==== Provocar arp-replys ====<br />
<br />
Primer cal assignar-se una IP:<br />
<br />
$ sudo ip addr add 192.168.9.35 dev wlan0<br />
<br />
Ara enviar els paquets ARP-REPLY:<br />
<br />
$ sudo [[arping]] -q -c 3 -A -I wlan0 192.168.99.35<br />
<br />
On:<br />
<br />
:*'''-q''': sortida silenciosa<br />
:*'''-c''': número de peticions enviades<br />
:*'''-A (o -U)''': arping envia peticions arp-request per defecte. Amb aquesta opció envia peticions ARP-REPLY.<br />
:*'''-I device''': Permet indicar la interfície de xarxa.<br />
<br />
Els podeu observar amb:<br />
<br />
$ sudo [[tcpdump]] -c 3 -nni wlan0 arp<br />
...<br />
06:02:50.626330 arp reply 192.168.99.35 is-at 0:80:c8:f8:4a:51 (0:80:c8:f8:4a:51) <br />
06:02:51.622727 arp reply 192.168.99.35 is-at 0:80:c8:f8:4a:51 (0:80:c8:f8:4a:51) <br />
06:02:52.620954 arp reply 192.168.99.35 is-at 0:80:c8:f8:4a:51 (0:80:c8:f8:4a:51)<br />
<br />
==== Provocar arp-requests ====<br />
<br />
$ sudo arping -q -c 3 -U -I eth0 192.168.99.35<br />
<br />
<br />
Els podeu observar amb:<br />
<br />
$ sudp tcpdump -c 3 -nni eth0 arp<br />
<br />
<br />
==== Detectar duplicats ====<br />
<br />
$ sudo arping -D -I eth0 192.168.99.147; echo $?<br />
<br />
===rarp===<br />
<br />
Aquest programa és obsolet (els nous kernels ja no l'utilitzen). Ho podeu comprovar executant:<br />
<br />
$ rarp -a<br />
This kernel does not support RARP.<br />
<br />
*Paquet Debian: net-tools<br />
*'''Path:''' /usr/sbin/rarp (podeu executar which rarp per conèixer el path de la comanda)<br />
*'''Manual''': [http://bama.ua.edu/cgi-bin/man-cgi?RARP+7P man rarp] <br />
<br />
===dhclient===<br />
<br />
*'''Paquet:''' net-tools<br />
*'''Path:''' /sbin/dhclient (podeu trobar el camí de la comanda executant which dhclient)<br />
*'''Manual''': [http://www.die.net/doc/linux/man/man8/dhclient.8.html man dhclient] <br />
<br />
===route===<br />
<br />
'''NOTA''': Es recomana utilitzar la comanda [[#ip|ip]] per configurar rutes estàtiques.<br />
<br />
La comada route permet mostrar o manipular la taula de rutes ip de la màquina. Igual que passa amb la comanda ifconfig, el seu ús més habitual és mostrar la taula de rutes, executant route sense paràmetres:<br />
<br />
$ route<br />
Kernel IP routeing table<br />
Destination Gateway Genmask Flags Metric Ref Use Iface<br />
192.168.196.0 * 255.255.255.0 U 0 0 0 vmnet8<br />
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0<br />
192.168.252.0 * 255.255.255.0 U 0 0 0 vmnet1<br />
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0<br />
<br />
En negreta trobem la taula de rutes de la targeta de xarxa principal (eth0). Les altres targetes (vmnet8 i vmnet1), són les targetes virtuals de l'emulador de màquines Vmware. Podeu trobar més informació sobre la xarxa de vmware aquí.<br />
<br />
Si interpretem línia a línia:<br />
<br />
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0<br />
<br />
Aquesta línia s'encarrega de les adreces de xarxa Local i ens indica que la ruta per arribar a totes les adreces de xarxa local (192.168.1.0 | rang: 192.168.1.1-254) és *. L'asterisc representa que no cal passar per cap node|router|gateway per arribar a una destinació local o, el que és el mateix, que les màquines amb adreça local estan connectades directament entre elles a nivell d'enllaç.<br />
<br />
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0<br />
<br />
Aquesta línia s'encarrega de la resta d'adreces (default). El que ens indica és que el primer node pel qual hem de passar per assolir qualsevol adreça IP és el node amb IP 192.168.1.1. Aquesta màquina és la que anomenen Gateway|pasarel·la o router.<br />
<br />
Per tant, la forma més senzilla de consultar el nostre gateway és amb la comanda route.<br />
<br />
Veiem ara un exemple més complex, amb la taula de rutes d'un router amb 5 targetes de xarxa (connectat a 5 subxarxes):<br />
<br />
$ /sbin/route <br />
Kernel IP routing table<br />
Destination Gateway Genmask Flags Metric Ref Use Iface<br />
192.168.213.0 * 255.255.255.0 U 0 0 0 eth2<br />
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0<br />
192.168.217.0 * 255.255.255.0 U 0 0 0 eth4<br />
192.168.216.0 * 255.255.255.0 U 0 0 0 eth3<br />
192.168.10.0* 255.255.255.0 U 0 0 0 eth1<br />
169.254.0.0 * 255.255.0.0 U 0 0 0 eth4<br />
default 192.168.10.1 0.0.0.0 UG 0 0 0 eth1<br />
<br />
Com podem veure hi ha 5 targetes de xarxa o NICs (eth0,eth1,eth2,eth3,eth4), 5 subxarxes de clase C (192.168.0.0, 192.168.10.0, 192.168.213.0, 192.168.216.0, 192.168.217.0) i una subxarxa de clase B (169.254.0.0). Per tant aquesta xarxa té 6 subxarxes connectades entre elles per un router i connectades a Internet a través del gateway 192.168.10.1 que està a la subxarxa 192.168.10.0.<br />
<br />
La taula de rutes d'una màquina es compon de dues parts. Hi ha una part fixa|estàtica que es conserva al reiniciar l'ordinador i un part cache que emmagatzema rutes temporals. Podem veure totes dues taules amb la comanda:<br />
<br />
$route -CFvee<br />
Kernel IP routeing table<br />
Destination Gateway Genmask Flags Metric Ref Use Iface MSS Window irtt<br />
192.168.196.0 * 255.255.255.0 U 0 0 0 vmnet8 0 0 0<br />
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 0 0 0<br />
192.168.252.0 * 255.255.255.0 U 0 0 0 vmnet1 0 0 0<br />
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 0 0 0<br />
Kernel IP routeing cache<br />
Source Destination Gateway Flags Metric Ref Use Iface MSS Window irtt TOS HHRef HHUptod SpecDst<br />
nobel.upc.es 192.168.1.33 192.168.1.33 l 0 0 14 lo 0 0 0 0 -1 0 192.168.1.33<br />
250.Red-80-58-6 192.168.1.33 192.168.1.33 l 0 0 55 lo 0 0 0 0 -1 0 192.168.1.33<br />
192.168.1.33 post2.audioscro 192.168.1.1 0 0 1 eth0 1500 0 120 0 6 0 192.168.1.33<br />
192.168.1.33 fiordland.ubunt 192.168.1.1 0 0 1 eth0 1500 0 0 10 6 0 192.168.1.33<br />
192.168.1.33 post2.audioscro 192.168.1.1 0 0 0 eth0 1500 0 0 0 -1 0 192.168.1.33<br />
192.168.1.35 192.168.1.255 192.168.1.255 ibl 0 0 38 lo 0 0 0 0 -1 0 192.168.1.33<br />
fiordland.ubunt 192.168.1.33 192.168.1.33 l 0 0 1 lo 0 0 0 0 -1 0 192.168.1.33<br />
192.168.1.33 nobel.upc.es 192.168.1.1 0 1 0 eth0 1500 0 0 0 6 0 192.168.1.33<br />
192.168.1.1 192.168.1.33 192.168.1.33 il 0 0 3 lo 0 0 0 0 -1 0 192.168.1.33<br />
post2.audioscro 192.168.1.33 192.168.1.33 l 0 0 6 lo 0 0 0 0 -1 0 192.168.1.33<br />
192.168.1.33 250.Red-80-58-6 192.168.1.1 0 0 62 eth0 1500 0 0 0 -1 0 192.168.1.33<br />
192.168.1.33 250.Red-80-58-6 192.168.1.1 0 0 62 eth0 1500 0 0 0 6 0 192.168.1.33<br />
localhost localhost localhost l 0 1 0 lo 16436 0 0 0 2 1 localhost<br />
* 255.255.255.255 255.255.255.255 bl 0 0 3 lo 0 0 0 0 -1 0 192.168.1.33<br />
<br />
La cache s'omple a mesura que s'utilitzen recursos de xarxa. Podem destacar (en negreta) la taula de rutes de localhost (127.0) a la interfície de loopback (lo).<br />
<br />
Ara veiem alguns exemples de manipulació de la taula de rutes:<br />
<br />
route add -net 127.0.0.0<br />
<br />
Afegeix la entrada normal de loopback (normalment ja ho tenim configurat així)<br />
<br />
route add -net 192.56.76.0 netmask 255.255.255.0 eth0<br />
<br />
Afegeix una ruta a la xarxa 192.56.76.x a través de la targeta de xarxa eth0. La màscara de classe C 255.255.255.0 no és necessària perquè la xarxa 192.56.76.0 és de classe C.<br />
<br />
route add default gw gateway-machine-name<br />
<br />
Aquesta comanda configura un gateway. La passarel·la·la ha de ser accessible per xarxa local o sinó caldrà afegir una ruta estàtica fins l'encaminador. Per tal de tenir la línia de la taula de rutes següent (extreta de l'exemple anterior):<br />
<br />
default 192.168.10.1 0.0.0.0 UG 0 0 0 eth1<br />
<br />
Hauríem d'executar<br />
<br />
route add default gw 192.168.10.1 eth1<br />
<br />
Per esborrar-lo:<br />
<br />
route del default gw 192.168.10.1 eth1<br />
<br />
La següent comanda elimina una ruta de la taula de rutes:<br />
<br />
route del -net 10.207.161.0<br />
<br />
El fitxer que emmagatzema físicament la taula de rutes actual és /proc/net/route.<br />
<br />
'''NOTA:''' És important recordar que de la mateixa manera que succeïx amb ifconfig, les rutes afegides amb la comanda route<br />
es perden al reiniciar o al apagar la interfície de xarxa. Veieu el fitxer [[Xarxes_Linux#.2Fetc.2Fnetwork.2Finterfaces | /etc/network/interfaces] <br />
per tal d'afegir rutes de forma permanent.<br />
<br />
*'''Paquet:''' net-tools<br />
*'''Path:''' /sbin/route (podeu trobar el camí de la comanda executant which route)<br />
*'''Manual''': [http://www.die.net/doc/linux/man/man8/route.8.html man route]<br />
<br />
====Missatges d'error de la comanda route====<br />
<br />
Els missatges d'error són una mica críptics. Anem a veure com funcionen...<br />
<br />
Hi ha dos tipus:<br />
<br />
*'''SIOCDELRT''': és un missatge d'error que succeïx quan s'està esborrant una ruta ('''DEL'''eting '''R'''ou'''T'''e)<br />
*'''SIOCDELRT''': és un missatge d'error que succeïx quan s'està afegint una ruta ('''ADD'''ing '''R'''ou'''T'''e)<br />
<br />
'''Errors típics''':<br />
<br />
'''IOCADDRT: Network is unreachable'''<br />
<br />
Per exemple la comanda<br />
<br />
$ sudo route add default gw 1.2.3.4<br />
<br />
Pot donar aquest error si el gateway 1.2.3.4 no està directament connectat al mateix segment de xarxa que la màquina on executem aquesta comanda.<br />
<br />
'''IOCADDRT: File exists'''<br />
<br />
S'està afegint una ruta que ja existeix.<br />
<br />
'''SIOCADDRT: No such device'''<br />
You omitted the gw keyword before the default gateway address, as in:<br />
route add -net 10.2.2.76/24 10.1.1.22 wrong<br />
<br />
'''SIOCDELRT No such process'''<br />
<br />
S'està intentant esborrar una ruta que no existeix. Llisteu les rutes amb:<br />
<br />
$ sudo route -n<br />
<br />
I comproveu quin és l'error que esteu cometent.<br />
<br />
'''SIOCADDRT: Operation not supported by device'''<br />
<br />
S'està ometen el paràmetre gw:<br />
<br />
$ sudo route add -net 10.0.0.0/8 10.1.1.254 <br />
$ sudo route add -net 172.23.24.128/25 <br />
<br />
Són incorrectes:<br />
<br />
$ sudo route add -net 10.0.0.0/8 gw 10.1.1.254 <br />
$ sudo route add -net 172.23.24.128/25 gw 10.1.1.22 <br />
<br />
'''SIOCADDRT: Operation not permitted'''<br />
<br />
No s'està executant route com a superusuari. Poseu el sudo davant.<br />
<br />
'''SIOCADDRT: Invalid argument'''<br />
<br />
Exemples incorrectes:<br />
<br />
$ sudo route add -net 10.2.2.0 gw 10.1.1.254 <br />
$ sudo route del -net 172.23.0.0 <br />
<br />
Falta la màscara. Correcte:<br />
<br />
$ sudo route add -net 10.2.2.0 netmask 255.255.255.0 gw 10.1.1.254<br />
$ sudo route add -net 10.2.2.0/24 gw 10.1.1.254 <br />
<br />
<br />
'''Recursos''':<br />
*http://www.google.es/search?hl=ca&client=firefox-a&rls=com.ubuntu:en-US:unofficial&hs=EhL&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=route+command+error+messages&spell=1<br />
<br />
===netstat===<br />
<br />
Consulteu [[netstat]].<br />
<br />
===ip===<br />
<br />
{{nota| Si busqueu el protocol de xarxa IP consulteu [[IP]]}}<br />
<br />
ip és l'eina de nova generació pensada per substituir eines com ifconfig o route. Es proporcionada per [[LARTC]] (Linux Advanced Routing an Traffic Control)<br />
<br />
*'''Paquet:''' iproute<br />
*'''Path:''' /sbin/ip (podeu trobar el camí de la comanda executant which ip)<br />
*'''Manual''':[http://www.die.net/doc/linux/man/man7/ip.7.html man ip] <br />
<br />
'''Recursos:'''<br />
<br />
*http://linux-ip.net/html/tools-ip-address.html<br />
<br />
==== ip link ====<br />
<br />
Exemples:<br />
<br />
$ sudo ip link show eth0<br />
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000<br />
link/ether 00:1d:09:59:10:39 brd ff:ff:ff:ff:ff:ff<br />
<br />
Activar [[mode promiscu]]:<br />
<br />
$ sudo ip link set eth0 promisc on<br />
<br />
Per desactivar-lo:<br />
<br />
$ sudo ip link set eth0 promisc off<br />
<br />
====ip route====<br />
<br />
L'ordre '''ip route''' s'utilitza per configurar les rutes i està pensada per substituir route. A diferència de route permet Policy Routing (route només permet encaminar segons la IP de destinació) Vegeu:<br />
<br />
http://lartc.org/howto/lartc.iproute2.html#LARTC.IPROUTE2.WHY<br />
<br />
i [[lartc]].<br />
<br />
Per exemple la comanda:<br />
<br />
$ sudo route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.1.20<br />
<br />
És equivalent a:<br />
<br />
$ sudo ip route add dev eth0 to 192.168.10.0/24 via 192.168.1.20<br />
<br />
Per entendre les tècniques d'Advanced Routing cal entendre com el nucli del sistema encamina:<br />
<br />
:1) Primer es consulta el cache d'encaminament ([http://linux-ip.net/html/routing-cache.html routing cache]). ES tracta d'una taula hash en memòria RAM que conté les rutes utilitzades recentment i permet encaminar de forma més ràpida. Si es troba una entrada a la cache aleshores s'aplica i no es continua el procés.<br />
:2) Si no hi ha entrada a la cache, aleshores el kernel comença el procés de selecció de ruta (route selection)<br />
:3) El nucli itera per prioritat a la base de dades d'encaminament (RPDB o Routing Policy DataBase). Per cada coincidència a la RPDB el nucli intenta trobar una ruta coincident a la ip de destinació a la taula de rutes especificada.<br />
<br />
For each matching entry in the RPDB, the kernel will try to find a matching route to the destination IP address in the specified routing table using the aforementioned <br />
longest prefix match selection algorithm ([[LPM]] o [[Longest Prefix Match]] [http://en.wikipedia.org/wiki/Longest_prefix_match]). When a matching destination is found, the <br />
kernel will select the matching route, and forward the packet. If no matching entry is found in the <br />
specified routing table, the kernel will pass to the next rule in the RPDB, until it finds a match or falls through the end of the RPDB and all consulted routing tables.<br />
<br />
Table 4.1. Keys used for hash table lookups during route selection<br />
<br />
{| class="wikitable" border="1"<br />
|-<br />
! route cache<br />
! RPDB 2<br />
! route table<br />
|-<br />
| destination<br />
| source<br />
| destination<br />
|-<br />
| ToS<br />
| ToS<br />
| scope<br />
|-<br />
| fwmark<br />
| fwmark<br />
| oif<br />
|-<br />
| iif<br />
| iif<br />
| <br />
|}<br />
<br />
The route cache (also the forwarding information base) can be displayed using ip route show cache. The routing policy database (RPDB) can be manipulated with the ip rule utility. Individual route tables can be manipulated and displayed with the ip route command line tool.<br />
<br />
Example 4.5. Listing the Routing Policy Database (RPDB)<br />
<br />
[root@isolde]# ip rule show<br />
0: from all lookup local<br />
32766: from all lookup main<br />
32767: from all lookup 253<br />
<br />
<br />
Observation of the output of ip rule show in Example 4.5, “Listing the Routing Policy Database (RPDB)” on a box whose RPDB has not been changed should reveal a high priority rule, rule 0. This rule, created at RPDB initialization, instructs the kernel to try to find a match for the destination in the local routing table. If there is no match for the packet in the local routing table, then, per rule 32766, the kernel will perform a route lookup in the main routing table. Normally, the main routing table will contain a default route if not a more specific route. Failing a route lookup in the main routing table the final rule (32767) instructs the kernel to perform a route lookup in table 253.<br />
<br />
A common mistake when working with multiple routing tables involves forgetting about the statelessness of IP routing. This manifests when the user configuring the policy routing machine accounts for outbound packets (via fwmark, or ip rule selectors), but forgets to account for the return packets.<br />
4.5.3. Summary<br />
<br />
For more ideas on how to use policy routing, how to work with multiple routing tables, and how to troubleshoot, see Section 10.3, “Using the Routing Policy Database and Multiple Routing Tables”.<br />
<br />
Yeah. That's it. So there. <br />
<br />
===== Script per reiniciar totes les rutes i normes =====<br />
<br />
#!/bin/bash<br />
<br />
#During debugging, show pre-execution conditions<br />
echo ***Before<br />
echo ...Rules...<br />
ip ru sh<br />
echo ...Routes...<br />
ip ro sh<br />
echo ...Rules for table WAN1...<br />
ip ro sh table WAN1<br />
echo ...Rules for table WAN2...<br />
ip ro sh table WAN2<br />
echo<br />
<br />
#This script flushes all routes and rules, EXCEPT those specified to remain<br />
# Copyright, 2003, Carol Anne Ogdin. This script is freely available<br />
# for use under the terms of the GNU General Public License published at<br />
# http://www.gnu.org/copyleft/gpl.html. Any improvements/enhancements<br />
# gratefully accepted; send them to caogdin (at) deepwoods (dot) com.<br />
<br />
# (Constants for the script)<br />
# We must know the device names of interfaces (such as our local LAN, and lo)<br />
# that should NEVER be taken down, so we can retain LAN-based control of the<br />
# router (where our administrator is working). For AWK, they're separated<br />
# by an "or" operator (vertical bar)<br />
<br />
iifs="eth0|lo" # interfaces we never touch (awk regexp)<br />
<br />
# Next, we need to know the non-standard tables (if any) we use. Again,for<br />
# AWK, these need to be separated by vertical bars.<br />
# (In a future version, this information could be obtained by parsing<br />
# /etc/iproute2/rt_tables<br />
<br />
ours="WAN1|WAN2" # our table/lookup names used (awk regexp)<br />
<br />
# (End of constants)<br />
<br />
keepers="dev ($iifs)" # devices NOT to be removed<br />
tables="lookup ($ours)" # rules that look like this are to be removed<br />
<br />
# Initialize, and clean up any lingering stuff from prior test executions<br />
# Step 1: Remove all default route(s), if any<br />
# Note a condition of this script: Every ip ro sh and ip ru sh must<br />
# produce lines that are complete entries. The only exception is the<br />
# "default" route which is separately deleted first because, if you're<br />
# configured for "split access," (see LARTC) may display on several<br />
# successive lines.<br />
<br />
ip route delete default &>/dev/null # Always get rid of default first<br />
<br />
# How the AWK program is constructed to delete all routes on $iifs<br />
# $0 !~ $keepers {{ Select only lines that aren't to be kept<br />
# print "ip route delete "Issue the command-building command<br />
# $0 and output the routing table entry as arguments<br />
# | "bash" } Finally, pipe the constructed command to bash<br />
# Step 2: Remove main routes not excluded by $keepers<br />
<br />
ip route show | awk -v k="$keepers" '$0 !~ k \<br />
{ print " ip route delete " $0 | "bash" }'<br />
<br />
# Step 3: Remove all routes from our tables<br />
for wan in ${ours//|/ }; do<br />
ip route flush table $wan &>/dev/null<br />
done<br />
<br />
# Remove all our rules<br />
# How the AWK program is constructed to get the results we want<br />
# $0 ~ $tables {{ Select only lines that are to be removed<br />
# sub(/from all /,""); For those lines, delete any "from all " string<br />
# print "ip rule delete " Issue the command-building command<br />
# substr($0, 8) and output all except the rule #<br />
# | "bash" } Finally, pipe the constructed command to bash<br />
<br />
ip rule show | awk -v k="$tables" '$0 ~ k \<br />
{ sub(/from all/,""); print "ip rule delete " substr($0, 8) | "bash" }'<br />
<br />
ip route flush cache # Flush the cache so nothing lingers<br />
<br />
# End of GNU General Public Licensed script.<br />
<br />
# While testing this script: Show results.<br />
echo<br />
echo ***After<br />
echo ...Rules...<br />
ip ru sh<br />
echo ...Routes...<br />
ip ro sh<br />
echo ...Rules for table WAN1...<br />
ip ro sh table WAN1<br />
echo ...Rules for table WAN2...<br />
ip ro sh table WAN2<br />
<br />
===== Tipus de normes =====<br />
<br />
:*'''unicast''': És la més comuna i el que s'aplica per defecte si no es diu res. L'únic que fa és indicar quina és taula que s'ha d'aplicar si es compleixen els criteris especificats. Exemples:<br />
<br />
ip rule add unicast from 192.168.100.17 table 5<br />
<br />
és el mateix que:<br />
<br />
ip rule add from 192.168.100.17 table 5<br />
<br />
Altres exemples:<br />
<br />
ip rule add unicast iif eth7 table 5<br />
ip rule add unicast fwmark 4 table 4<br />
<br />
:*'''nat''': The nat rule type is required for correct operation of stateless NAT. This rule is typically coupled with a corresponding nat route entry. The RPDB nat entry causes the kernel to rewrite the source address of an outbound packet. See Section 5.3, “Stateless NAT with iproute2” for a fuller discussion of network address translation in general.<br />
<br />
Exemples:<br />
<br />
ip rule add nat 193.7.255.184 from 172.16.82.184<br />
ip rule add nat 10.40.0.0 from 172.40.0.0/16<br />
<br />
:*'''unreachable''': Any route lookup matching a rule entry with an unreachable rule type will cause the kernel to generate an ICMP unreachable to the source address of the packet.<br />
<br />
Example 4.18. unreachable rule type<br />
<br />
ip rule add unreachable iif eth2 tos 0xc0<br />
ip rule add unreachable iif wan0 fwmark 5<br />
ip rule add unreachable from 192.168.7.0/25<br />
<br />
:*'''prohibit''': Any route lookup matching a rule entry with a prohibit rule type will cause the kernel to generate an ICMP prohibited to the source address of the packet.<br />
<br />
Example 4.19. prohibit rule type<br />
<br />
ip rule add prohibit from 209.10.26.51<br />
ip rule add prohibit to 64.65.64.0/18<br />
ip rule add prohibit fwmark 7<br />
<br />
:*'''blackhole''': While traversing the RPDB, any route lookup which matches a rule with the blackhole rule type will cause the packet to be dropped. No ICMP will be sent and no packet will be forwarded.<br />
<br />
Example 4.20. blackhole rule type<br />
<br />
ip rule add blackhole from 209.10.26.51<br />
ip rule add blackhole from 172.19.40.0/24<br />
ip rule add blackhole to 10.182.17.64/28<br />
<br />
:*'''throw''': The throw route type is a convenient route type which causes a route lookup in a routing table to fail, returning the routing selection process to the RPDB. This is useful when there are additional routing tables. Note that there is an implicit throw if no default route exists in a routing table, so the route created by the first command in the example is superfluous, although legal.<br />
<br />
Example 4.14. throw route types<br />
<br />
ip route add throw default<br />
ip route add throw 10.79.0.0/16<br />
ip route add throw 172.16.0.0/12<br />
<br />
:*'''broadcast''': This route type is used for link layer devices (such as Ethernet cards) which support the notion of a broadcast address. This route type is used only in the local routing table [26] and is typically handled by the kernel.<br />
<br />
Example 4.8. broadcast route types<br />
<br />
ip route add table local broadcast 10.10.20.255 dev eth0 proto kernel scope link src 10.10.20.67<br />
ip route add table local broadcast 192.168.43.31 dev eth4 proto kernel scope link src 192.168.43.14<br />
<br />
:*'''local''': The kernel will add entries into the local routing table when IP addresses are added to an interface. This means that the IPs are locally hosted IPs [27].<br />
<br />
Example 4.9. local route types<br />
<br />
ip route add table local local 10.10.20.64 dev eth0 proto kernel scope host src 10.10.20.67<br />
ip route add table local local 192.168.43.12 dev eth4 proto kernel scope host src 192.168.43.14<br />
<br />
===== Routing cache o FIB (forwarding information base) =====<br />
<br />
La memòria cau d'encaminament o [[aka]] [[routing cache]] o [[Forwarding Information Base]] ([[FIB]]). La seva funció és emmagatzemaar les entrades de rutes utilitzades recentment. Es tracta d'una taula Hash i es consulta abans que les taules de rutes. Si es troba una coincidència a la cache la ruta s'aplica automàticament i es deixa de provar la resta d'opcions de la resta de rutes i taules de rutes.<br />
<br />
Quan es fa un canvi a les rutes no s'apliquen automàticament per culpa de la memòria cau. Es poden aplicar els canvis fent un flush.<br />
<br />
$ sudo ip route flush cache<br />
<br />
La memòria cau es pot consultar amb:<br />
<br />
$ sudo ip route show cache<br />
<br />
Les claus que es troben a la taula hash són:<br />
<br />
TODO Compare this list with the elements identified in Table 4.1, “Keys used for hash table lookups during route selection”.<br />
<br />
:*'''dst, Destination Address''': The destination IP address of the packet. This is the destination address on the packet at the time of the route lookup. The address is a host address. All 32 bits are significant during this lookup. <br />
:*'''src, Source Address''': The source IP address of the packet. This is the source address on the packet at the time of the route lookup. The address is a host address. All 32 bits are significant during this lookup. <br />
:*'''tos, Type of Service''': The ToS marking on the packet. If there is no ToS marking on the packet (tos == 0), this lookup key is unused. If there is a ToS marking, the kernel will search for a match with this ToS value. If no matching (dst, src, tos) is found, the kernel will continue the search for a route by traversing the RPDB. <br />
:*'''fwmark''': The mark on a packet added administratively by the packet filtering engine (ipchains or iptables). This mark is not part of the physical IP packet, and only exists as part of the data structure held in memory on the routing device to represent the IP packet. If there is no fwmark on the packet, this lookup key is unused. When present, the kernel will search for a matching (dst, src, tos?, fwmark) entry. If no matching entry is found, the kernel will continue the search for a route by traversing the RPDB. <br />
:*'''iif, inbound interface''': The name of the interface on which the packet arrived. <br />
<br />
The following attributes may be stored for each entry in the routing cache.<br />
<br />
:*cwnd, FIXME Window<br />
:*FIXME. A) I don't know what it is. B) I don't know how to describe it. <br />
:*advmss, Advertised Maximum Segment Size<br />
:*src, (Preferred Local) Source Address<br />
:*mtu, Maximum Transmission Unit<br />
:*rtt, Round Trip Time<br />
:*rttvar, Round Trip Time Variation<br />
:*FIXME. Gotta find some references to this, too. <br />
:*age<br />
:*users<br />
:*used<br />
<br />
TODO Collectively the hash keys uniquely identify routes in the forwarding information base (routing cache) and each entry provides attributes of the route.<br />
<br />
:*http://linux-ip.net/html/routing-cache.html<br />
<br />
<br />
'''Recursos''':<br />
*http://lartc.org/howto/index.html<br />
<br />
======Rutes per defecte i routing policy======<br />
<br />
[[Routing policy]] o política de rutes o [[encaminament]] ([http://lartc.org/lartc.html#LARTC.RPDB]) permet establir diferents polítiques segons certs criteris (segons l'usuari, la IP d'origen...). La base de dades de polítiques de rutes ([[routing policy database]]) permet tenir tenir diferents conjunts de taules de rutes. Quan el nucli del sistema operatiu (kernel) ha de prendre un decisió de rutes consulta les taules de rutes. Per defecte hi ha 3 normes:<br />
<br />
$ ip rule list<br />
0: from all lookup local <br />
32766: from all lookup main <br />
32767: from all lookup default <br />
<br />
{{nota| La majoria de nuclis ja ho tenen activat però per poder fer routing policy cal compilar el nucli amb les opcions "IP: advanced router" i "IP: policy routing" activades}}<br />
<br />
{{nota|L'ordre [[route]] només modifica les taules main i local, que també és el que fa per defecte l'ordre [[ip]] si no s'indica cap taula especifica}}<br />
<br />
L'ordre ip rule list llista la prioritat de totes les normes. Totes les normes s'apliquen a tots els paquets ('from all'). La taula main és la que ens mostra per defecte l'ordre [[route]] i podeu observar que hi ha dues taules noves:<br />
<br />
:*'''local''':<br />
:*'''default''': <br />
<br />
Amb l'ordre [[ip]] podem implementar polítiques de rutes, creant normes que s'apliquin a taules diferents a les per defecte, és a dir aquests polítiques sobreescriuen la política per defecte en certes situacions.<br />
<br />
Les trobareu al fitxer [[/etc/iproute2/rt_tables]]<br />
<br />
cat /etc/iproute2/rt_tables <br />
#<br />
# reserved values<br />
#<br />
255 local<br />
254 main<br />
253 default<br />
0 unspec<br />
#<br />
# local<br />
#<br />
#1 inr.ruhep<br />
<br />
{{nota|rt és '''r'''ou'''t'''ing}}<br />
<br />
Les podeu mostrar amb:<br />
<br />
$ sudo ip route show table local<br />
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1 <br />
broadcast 192.168.111.255 dev wlan0 proto kernel scope link src 192.168.111.29 <br />
local 192.168.111.29 dev wlan0 proto kernel scope host src 192.168.111.29 <br />
broadcast 192.168.111.0 dev wlan0 proto kernel scope link src 192.168.111.29 <br />
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1 <br />
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 <br />
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 <br />
<br />
$ sudo ip route show table main<br />
192.168.111.0/24 dev wlan0 proto kernel scope link src 192.168.111.29 metric 2 <br />
169.254.0.0/16 dev wlan0 scope link metric 1000 <br />
192.168.0.0/16 via 192.168.111.100 dev wlan0 <br />
10.0.0.0/8 via 192.168.111.100 dev wlan0 <br />
default via 192.168.111.1 dev wlan0 proto static <br />
<br />
$ sudo ip route show table default<br />
<br />
$ sudo ip route show table unspec<br />
192.168.111.0/24 dev wlan0 proto kernel scope link src 192.168.111.29 metric 2 <br />
169.254.0.0/16 dev wlan0 scope link metric 1000 <br />
192.168.0.0/16 via 192.168.111.100 dev wlan0 <br />
10.0.0.0/8 via 192.168.111.100 dev wlan0 <br />
default via 192.168.111.1 dev wlan0 proto static <br />
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 <br />
broadcast 192.168.111.255 dev wlan0 table local proto kernel scope link src 192.168.111.29 <br />
local 192.168.111.29 dev wlan0 table local proto kernel scope host src 192.168.111.29 <br />
broadcast 192.168.111.0 dev wlan0 table local proto kernel scope link src 192.168.111.29 <br />
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 <br />
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 <br />
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 <br />
fe80::/64 dev wlan0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0<br />
unreachable default dev lo table unspec proto kernel metric -1 error -101 hoplimit 255<br />
local ::1 via :: dev lo table local proto none metric 0 mtu 16436 rtt 0.00ms rttvar 0.00ms cwnd 3 advmss 16376 hoplimit 0<br />
local fe80::21f:3cff:fe52:79c0 via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 0<br />
ff00::/8 dev wlan0 table local metric 256 mtu 1500 advmss 1440 hoplimit 0<br />
unreachable default dev lo table unspec proto kernel metric -1 error -101 hoplimit 255<br />
<br />
o:<br />
<br />
$ sudo ip route show table 255<br />
$ sudo ip route show table 254<br />
$ sudo ip route show table 253<br />
$ sudo ip route show table 0<br />
<br />
'''Eliminar una norma''':<br />
<br />
$ ip rule del XXXXXXXXXXXXXX<br />
<br />
On XXXXXXXX és el mateix que es va posar al fer el add. Si per exemple vam executar:<br />
<br />
$ ip rule add from 10.0.0.10 table John<br />
<br />
Cal posar:<br />
<br />
ip rule del from 10.0.0.10 table John<br />
<br />
{{nota| 0/0 indica tot (all)}}<br />
<br />
''' Prioritat de les normes''':<br />
<br />
Exemple:<br />
# ip rule add from I.P.OF.PPP0 pri 200 table PPP0<br />
# ip rule add from I.P.OF.PPP1 pri 300 table PPP1<br />
<br />
On '''pri''' (o priority) controla la prioritat. Quan major és el número que s'indica '''MENOR''' és la prioritat. LA prioritat va de 0 en endavant fins a la prioritat 32767 sent la 0 la més prioritària. Les taules per defecte són<br />
<br />
$ sudo ip rule show<br />
0: from all lookup local <br />
32766: from all lookup main <br />
32767: from all lookup default <br />
<br />
És a dir la taula de rutes per a loopback/localhost és la de màxima prioritat i les taules main i default són les últimes taules.<br />
<br />
{{nota| When a new packet arrives for routing (assuming the routing cache is empty), the kernel begins at the highest priority rule in the RPDB--rule 0. The kernel iterates over each rule in turn until the packet to be routed matches a rule. When this happens the kernel follows the instructions in that rule. Typically, this causes the kernel to perform a route lookup in a specified routing table. If a matching route is found in the routing table, the kernel uses that route. If no such route is found, the kernel returns to traverse the RPDB again, until every option has been exhausted. }}<br />
<br />
'''Recursos''':<br />
:*http://linux-ip.net/html/tools-ip-rule.html<br />
:*http://linux-ip.net/html/routing-rpdb.html<br />
<br />
'''Source routing''':<br />
<br />
Cal afegir una nova norma a una nova taula:<br />
<br />
Definim la nova taula de rutes:<br />
<br />
# echo 200 John >> /etc/iproute2/rt_tables<br />
<br />
Afegim la norma<br />
<br />
# ip rule add from 10.0.0.10 table John<br />
<br />
# ip rule ls<br />
0: from all lookup local <br />
32765: from 10.0.0.10 lookup John<br />
32766: from all lookup main <br />
32767: from all lookup default<br />
<br />
En aquest cas, abans de la taula principal (i després de local!) s'aplicarà una nova taula de rutes quan els paquet provinguin de la IP 10.0.0.10. Ara només cal definir la ruta especial per a la taula John<br />
<br />
# ip route add default via 195.96.98.253 dev ppp2 table John<br />
# ip route flush cache<br />
<br />
{{nota| A l'exemple no oblideu de configurar també les rutes locals!}}<br />
<br />
Ara John utilitzarà un gateway que no és el gateway per defecte que apareix a l'ordre route!<br />
<br />
'''Enrutament segons una marca establerta amb iptables''':<br />
<br />
Crear les taules:<br />
<br />
# echo 200 PPP0 >> /etc/iproute2/rt_tables<br />
# echo 201 PPP1 >> /etc/iproute2/rt_tables<br />
<br />
Afegir les dos entrades a la taula de rutes (xarxa local i default gw). L'exemple és amb una interfície PPP directament connectada a Internet.<br />
<br />
# ip route add MY.GA.TE.WAY dev ppp0 table PPP0<br />
# ip route add default via MY.GA.TE.WAY dev ppp0 table PPP0<br />
<br />
i el mateix amb ppp1<br />
<br />
# ip route add MY.GA.TE.WAY dev ppp1 table PPP1<br />
# ip route add default via MY.GA.TE.WAY dev ppp1 table PPP1<br />
<br />
Mostreu els canvis:<br />
<br />
# ip route list table PPP0<br />
MY.GA.TE.WAY dev ppp0 scope link <br />
default via MY.GA.TE.WAY dev ppp0 <br />
<br />
# ip route list table PPP1<br />
MY.GA.TE.WAY dev ppp1 scope link <br />
default via MY.GA.TE.WAY dev ppp1 <br />
<br />
Ara marquem els paquets, per exemple marcarem els paquets d'un usuari concret:<br />
<br />
$ sudo iptables -t mangle -A OUTPUT -m owner --uid-owner 108 -j MARK --set-mark 1<br />
<br />
L'usuari té el [[UUID]] 108.<br />
<br />
Alternativa que no sabem si funciona:<br />
<br />
$ sudo iptables -t mangle -A OUTPUT -m owner --cmd-owner sshd -j MARK --set-mark 1 <br />
( another sidenote: AFAIK, the '--cmd-owner' flag does not work in recent ( >= 2.6.15 ) kernels <br />
<br />
Ara afegim una norma d'enrutament:<br />
<br />
# ip rule add fwmark 1 pri 100 table PPP1<br />
<br />
Envia tot el que tingui la marca 1 a la taula PPP1.<br />
<br />
Encara ens queda activar el [[SNAT]]<br />
<br />
# iptables -t nat -A POSTROUTING -o ppp1 -j SNAT --to-source=I.P.OF.PPP1<br />
<br />
O Masquerade si la IP no és fixa:<br />
<br />
# iptables -t nat -A POSTROUTING -o ppp1 -j MASQUERADE<br />
<br />
També cal desactivar [[rp_filter]]<br />
<br />
# echo 0 > /proc/sys/net/ipv4/conf/ppp1/rp_filter <br />
<br />
Ara cal assegurar-se que tots els paquets que entren per les interfícies de xarxa connectades a Internet, també utilizin la ruta que els asseguri que retornen per la mateixa targeta de xarxa:<br />
<br />
# ip rule add from I.P.OF.PPP0 pri 200 table PPP0<br />
# ip rule add from I.P.OF.PPP1 pri 300 table PPP1<br />
<br />
FIxeu-vos que la prioritat d'aquestes dos normes ha de ser menor (número més alt!) que la norma ue qenvia cap a la taula PPP1 els paquets amb la marca 1.<br />
<br />
Finalment la taula de normes ha de quedar:<br />
<br />
# ip rule list<br />
0: from all lookup local <br />
100: from all fwmark 0x1 lookup PPP1 <br />
200: from I.P.OF.PPP0 lookup PPP0 <br />
300: from I.P.OF.PPP1 lookup PPP1 <br />
32766: from all lookup main <br />
32767: from all lookup default <br />
<br />
'''Recursos''':<br />
:*http://linux-ip.net/html/tools-ip-rule.html<br />
<br />
'''Provar rutes'''<br />
<br />
Permet simular una petició provocant que s'inicii l'algorisme de "routing selection". Quan s'acaba l'algorisme aleshores mostra els camí escollit.<br />
<br />
{{nota| En certa manera és similar a fer un ping i després consultar la cache amb: $ ip route show cache}}<br />
<br />
# ip -s route get 127.0.0.1/32<br />
ip -s route get 127.0.0.1/32<br />
local 127.0.0.1 dev lo src 127.0.0.1 <br />
cache <local> users 1 used 1 mtu 16436 advmss 16396<br />
<br />
# ip -s route get 127.0.0.1/32<br />
local 127.0.0.1 dev lo src 127.0.0.1 <br />
cache <local> users 1 used 2 mtu 16436 advmss 16396<br />
<br />
TODO: Once the route cache has been emptied, new route lookups (if not by a packet, then manually with ip route get) will result in a new lookup to <br />
the kernel routing tables.<br />
<br />
'''Enrutament segons el TOS'''<br />
<br />
Suposem creada la taula 8.<br />
<br />
# ip route add default via 205.254.211.254 table 8<br />
# ip rule add tos 0x08 table 8<br />
# ip route flush cache<br />
# ip rule show<br />
0: from all lookup local <br />
32765: from all tos 0x08 lookup 8 <br />
32766: from all lookup main <br />
32767: from all lookup 253<br />
<br />
Tingueu en compte que la nova norma s'afegeix. Ho podem canviar especificant l'opció prio i indican directament el número de prioritat. Ara qualsevol paquet que s'enruti en aquesta màquina provingui de la targeta de xarxa que provingui serà enviat a la taula 8. Si cap ruta de la taula 8 se li apliques (no és el cas ja que em definit una ruta per defecte) aleshores s'aplicaria la taula de següent prioritat (main).<br />
<br />
'''Especificant múltiples criteris d'encaminament'''<br />
<br />
# ip rule add from 192.168.100.17 tos 0x08 fwmark 4 table 7<br />
<br />
'''NAT ROUTING'''<br />
<br />
TODO<br />
<br />
$ ip rule add nat .... <br />
<br />
'''Split access'''<br />
<br />
Si tenim 2 ADSL i hi ha peticions que venen de l'exterior (per exemple accés a servidors web amb ports DNAT) i tenim policy routing cal assegurar-se que les peticions que venen per una línia són contestades per la mateixa línia. Consulteu:<br />
<br />
http://lartc.org/lartc.html#AEN268<br />
<br />
També es pot fer amb iptables, marques i remarcant els paquets que són d'un connexió ja establerta.<br />
<br />
==== ip monitor ====<br />
<br />
Permet monitoritzar els esdeveniments de les targetes de xarxa del sistema:<br />
<br />
$ sudo ip monitor all<br />
<br />
Per exemple detectarà els link UP i link DOWN o els canvis a la taula [[arp]]. Per exemple<br />
<br />
$ sudo ip monitor all<br />
192.168.1.1 dev eth0 lladdr 00:25:69:3f:d5:ae STALE<br />
192.168.1.1 dev eth0 lladdr 00:25:69:3f:d5:ae STALE<br />
192.168.1.1 dev eth0 lladdr 00:25:69:3f:d5:ae REACHABLE<br />
192.168.1.1 dev eth0 lladdr 00:25:69:3f:d5:ae STALE<br />
192.168.1.1 dev eth0 lladdr 00:25:69:3f:d5:ae REACHABLE<br />
192.168.1.1 dev eth0 lladdr 00:25:69:3f:d5:ae STALE<br />
192.168.1.1 dev eth0 lladdr 00:25:69:3f:d5:ae REACHABLE<br />
192.168.1.1 dev eth0 lladdr 00:25:69:3f:d5:ae STALE<br />
192.168.1.1 dev eth0 lladdr 00:25:69:3f:d5:ae REACHABLE<br />
<br />
Específicament podeu monitoritzar les rutes amb:<br />
<br />
$ sudo ip monitor route<br />
...<br />
ff02::1:2 via ff02::1:2 dev alumnat metric 0 <br />
cache mtu 1500 advmss 1440 hoplimit 4294967295<br />
<br />
Ho podeu provar si executeu en una terminal:<br />
<br />
$ sudo ip monitor route<br />
<br />
I sense tancar aquesta terminal a un altre terminal modifiqueu les taules de rutes, per exemple:<br />
<br />
$ sudo ip route add 192.168.0.0/24 via 192.168.1.1<br />
<br />
Per l'altre terminal apareixerà:<br />
<br />
192.168.0.0/24 via 192.168.1.1 dev wlan0 <br />
<br />
Si consulteu l'ajuda:<br />
<br />
$ sudo ip monitor help<br />
Usage: ip monitor [ all | LISTofOBJECTS ]<br />
<br />
Si no s'especifica res s'aplica all. Segons els manual ($ [[man]] ip) els objectes possibles són:<br />
<br />
OBJECT := { link | addr | addrlabel | route | rule | neigh | tunnel | maddr | mroute | monitor }<br />
<br />
==== Exemples ====<br />
<br />
===== multigateway =====<br />
<br />
<br />
Si teniu un ruter o màquina connectat a més d'una línia ADSL, en algun moment us trobareu que voleu accedir des de Internet a aquest router i us plantejareu la opció d'accedir-hi des de qualsevol dels dos routers. Si tenim la màquina configurada amb taules de rutes normals (sense [[policy routing]], configurades amb l'ordre [[route]] en comptes de l'ordre [[ip]]) només un dels dos routers ADSL serà el gateway per defecte.<br />
<br />
Imagineu el següent esquema:<br />
<br />
/------\ ISP1 +----------+<br />
/- -\ +--------------+ |<br />
/ Internet |----| | Firewall |----- Red Interna<br />
\ -/ +--------------+ |<br />
\-------/ ISP2 +----------+<br />
<br />
'''ISP1''': Router ADSL multilloc<br />
:*IP pública del router: 77.230.8.90<br />
:*IP privada del router: 192.168.11.1<br />
:*IP de la interficie internet1 del firewall: 192.168.11.2 <br />
:*Connectat a la interfície de xarxa internet1<br />
<br />
'''ISP2''': Router ADSL '''monolloc'''<br />
:*IP pública del router: 80.32.57.101<br />
:*IP de la interfície internet2 del firewall: 80.32.57.101<br />
:*Gateway del ISP: 80.32.57.65<br />
:*Connectat a la interfície de xarxa internet2<br />
<br />
<br />
Si la taula de rutes del router és només:<br />
<br />
$ [[route]] -n<br />
Kernel IP routing table<br />
Destination Gateway Genmask Flags Metric Ref Use Iface<br />
80.32.57.64 0.0.0.0 255.255.255.192 U 0 0 0 internet2<br />
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 intranet<br />
192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 internet1<br />
0.0.0.0 '''192.168.11.1''' 0.0.0.0 UG 100 0 0 internet1<br />
<br />
Si des de una màquina d'Internet feu un ping al ISP2:<br />
<br />
$ [[ping]] 80.32.57.101<br />
PING 80.32.57.101 (80.32.57.101) 56(84) bytes of data.<br />
^C<br />
--- 80.32.57.101 ping statistics ---<br />
117 packets transmitted, 0 received, 100% packet loss, time 116169ms<br />
<br />
Veureu que no respon. Però el paquet podeu comprovar que arriba a la màquina per la interfície que pertoca (internet2):<br />
<br />
$ [[sudo]] tcpdump -n -i internet2<br />
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode<br />
listening on internet2, link-type EN10MB (Ethernet), capture size 96 bytes<br />
05:29:12.840780 IP 80.103.175.51 > 80.32.57.101: ICMP echo request, id 28754, seq 10, length 64<br />
05:29:13.848222 IP 80.103.175.51 > 80.32.57.101: ICMP echo request, id 28754, seq 11, length 64<br />
05:29:14.856897 IP 80.103.175.51 > 80.32.57.101: ICMP echo request, id 28754, seq 12, length 64<br />
...<br />
<br />
El problema és que el paquet de resposta surt pel gateway per defecte que és el connectat a la interfície internet1 en comptes de tornar per la mateixa interfície de xarxa (internet2):<br />
<br />
$ sudo [[tcpdump]] -n -i internet1 not port 22<br />
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode<br />
listening on internet1, link-type EN10MB (Ethernet), capture size 96 bytes<br />
05:31:03.298757 IP 80.32.57.101 > 80.103.175.51: ICMP echo reply, id 28754, seq 120, length 64<br />
05:31:04.298311 IP 80.32.57.101 > 80.103.175.51: ICMP echo reply, id 28754, seq 121, length 64<br />
05:31:05.297868 IP 80.32.57.101 > 80.103.175.51: ICMP echo reply, id 28754, seq 122, length 64<br />
...<br />
<br />
Anem a veure com ho podem solucionar amb policy routing. Primer cal configurar una taula de rutes per la internet2. Afegiu noves taules de rutes al fitxer [[/etc/iproute2/rt_tables]]:<br />
<br />
$ sudo [[joe]] /etc/iproute2/rt_tables<br />
<br />
Afegiu les línies:<br />
<br />
200 internet1<br />
201 internet2<br />
<br />
{{nota| La taula internet1 ja la creem tot i que en aquest article no al utilitzarem . El nom de la taula de rutes no té perquè ser el mateix que el de la interfície. El número indica la prioritat de la taula. Busqueu més informació a aquest mateix article i a l'ordre [[ip]]}}<br />
<br />
Consulteu la taula de rutes per defecte:<br />
<br />
$ sudo ip route list<br />
80.32.57.64/26 dev internet2 proto kernel scope link src 80.32.57.101 <br />
192.168.1.0/24 dev intranet proto kernel scope link src 192.168.1.5 <br />
192.168.11.0/24 dev internet1 proto kernel scope link src 192.168.11.2 <br />
default via 192.168.11.1 dev internet1 metric 100 <br />
<br />
La taula de rutes internet2 encara està buida:<br />
<br />
$ sudo ip route list table internet2<br />
<br />
Afegim rutes a la taula de rutes 2. Es pot fer fàcilment copiant les rutes de la taula per defecte, la sintaxi és:<br />
<br />
$ sudo ip route add RUTA_COPIADA_DE_LA_TAULA_PER_DEFECTE table internet2<br />
<br />
És a dir:<br />
<br />
$ sudo ip route add 80.32.57.64/26 dev internet2 proto kernel scope link src 80.32.57.101 table internet2<br />
$ sudo ip route add 192.168.1.0/24 dev intranet proto kernel scope link src 192.168.1.5 table internet2<br />
$ sudo ip route add 192.168.11.0/24 dev internet1 proto kernel scope link src 192.168.11.2 table internet2<br />
<br />
ara ja teniu rutes a la taula 2:<br />
<br />
$ sudo ip route list table internet2<br />
80.32.57.64/26 dev internet2 proto kernel scope link src 80.32.57.101 <br />
192.168.1.0/24 dev intranet proto kernel scope link src 192.168.1.5 <br />
192.168.11.0/24 dev internet1 proto kernel scope link src 192.168.11.2 <br />
<br />
Ara només falta el gateway per defecte. A aquesta taula el gateway per defecte serà el del ISP de la connexió internet2: 80.32.57.65. Per tant:<br />
<br />
$ sudo ip route add default via 80.32.57.65 dev internet2 metric 100 table internet2<br />
<br />
Ara la taula de rutes internet2 queda:<br />
<br />
$ sudo ip route list table internet2<br />
80.32.57.64/26 dev internet2 proto kernel scope link src 80.32.57.101 <br />
192.168.1.0/24 dev intranet proto kernel scope link src 192.168.1.5 <br />
192.168.11.0/24 dev internet1 proto kernel scope link src 192.168.11.2 <br />
default via 80.32.57.65 dev internet2 metric 100 <br />
<br />
Aquesta taula de rutes però encara no l'utilitza ningú. Cal afegir alguna norma (policy) de rutes. <br />
<br />
{{nota| El que anem a fer ara és quelcom similar al que es fa a l'article [[Load_Balancing#Squid_i_tcp_outgoing_address]]}}<br />
<br />
Li diem al router que els paquets amb IP d'origen la IP de la interfície internet1 surtin per la taula internet1 i el mateix amb els paquets amb IP d'origen la de la ip de la interfície internet2:<br />
<br />
$ sudo ip rule add from 80.32.57.101 table internet2<br />
<br />
Si creesim la taula internet1 també faríem:<br />
<br />
$ sudo ip rule add from 192.168.11.2 table internet1<br />
<br />
Ara els pings ja contesten.<br />
<br />
Per a comprovar el policy routing podeu utilitzar l'ordre [[traceroute]]:<br />
<br />
$ sudo traceroute -n -s 80.32.57.101 www.google.com <br />
traceroute to www.google.com (66.249.92.104), 30 hops max, 60 byte packets<br />
1 '''80.32.57.65''' 4.567 ms 4.560 ms 4.742 ms<br />
2 10.0.209.129 42.872 ms 45.306 ms 47.519 ms<br />
3 80.58.53.20 51.030 ms 53.645 ms 56.080 ms<br />
4 84.16.6.69 109.057 ms 109.542 ms 110.231 ms<br />
5 84.16.13.126 86.809 ms 84.16.13.142 89.503 ms 92.189 ms<br />
6 84.16.6.106 110.836 ms 84.16.6.98 107.998 ms 110.953 ms<br />
7 209.85.250.142 113.969 ms 78.295 ms 78.643 ms<br />
8 64.233.175.115 74.147 ms 74.547 ms 74.381 ms<br />
9 66.249.92.104 78.795 ms 77.541 ms 77.295 ms<br />
<br />
Fixeu-vos que surt pel gateway del ISP2. En canvi amb l'altre IP:<br />
<br />
$ sudo traceroute -n -s 192.168.11.2 www.google.com<br />
traceroute to www.google.com (66.249.92.104), 30 hops max, 60 byte packets<br />
1 192.168.11.1 2.389 ms 2.668 ms 2.951 ms<br />
2 * * *<br />
3 10.4.13.29 18.271 ms 19.313 ms 20.802 ms<br />
4 212.145.1.238 23.072 ms 24.005 ms 24.889 ms<br />
5 217.130.2.225 36.108 ms 36.478 ms 37.652 ms<br />
6 * * *<br />
7 * * *<br />
8 85.205.24.225 27.876 ms 85.205.24.229 25.932 ms 26.266 ms<br />
9 195.81.200.209 27.413 ms 85.205.1.254 27.527 ms 28.117 ms<br />
10 89.202.161.22 43.928 ms 216.239.49.230 28.574 ms 28.469 ms<br />
11 74.125.50.105 62.854 ms 209.85.240.28 44.139 ms 44.313 ms<br />
12 209.85.250.142 44.536 ms 66.249.95.24 43.602 ms 209.85.250.142 45.392 ms<br />
13 64.233.175.115 69.461 ms 54.987 ms 49.192 ms<br />
14 66.249.92.104 44.309 ms 44.293 ms 43.894 ms<br />
<br />
===== DNAT i multigateway =====<br />
<br />
{{nota|Consulteu abans l'apartat anterior [[Multigateway]]}}<br />
<br />
Continuem amb el mateix esquema que l'apartat anterior. Ara però volem fer [[DNAT]] (el que comunament es coneix com obrir un port). La idea és accedir al servidor web ([[Apache]]) d'una màquina de la xarxa interna, les dades de la màquina són;<br />
<br />
:*'''IP''': 192.168.1.7<br />
:*'''Port''': 80<br />
<br />
Això ho fem amb [[iptables]]:<br />
<br />
$ sudo iptables -t nat -A PREROUTING -i internet2 -p tcp --dport 8090 -j DNAT --to=192.168.1.7:80<br />
<br />
Fixeu-vos que la connexió es farà des de la internet2, és a dir volem que el servidor web sigui accessible amb la [[URL]]:<br />
<br />
http://80.32.57.101:8090/<br />
<br />
Si ho proveu us donarà un error. Si tornem a depurar:<br />
<br />
$ sudo [[watch]] iptables -nvL -t nat<br />
Every 2,0s: iptables -nvL -t nat Fri Jul 16 06:07:50 2010<br />
<br />
Chain PREROUTING (policy ACCEPT 1446 packets, 202K bytes)<br />
pkts bytes target prot opt in out source destination<br />
2 120 DNAT tcp -- internet2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8090 to:192.168.0.7:80<br />
...<br />
<br />
Com podeu veure la norma s'aplica (2 paquets al contador de l'exemple) i els paquets arriben:<br />
<br />
Si feu un nmap al port us apareixerà com filtrat:<br />
<br />
$ [[nmap]] -p 8090 80.32.57.101<br />
<br />
Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-16 05:59 CEST<br />
Interesting ports on 101.Red-80-32-57.staticIP.rima-tde.net (80.32.57.101):<br />
PORT STATE SERVICE<br />
8090/tcp filtered unknown<br />
<br />
I també podeu veure com rebeu els paquets:<br />
<br />
$ sudo tcpdump -n -i internet2<br />
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode<br />
listening on internet2, link-type EN10MB (Ethernet), capture size 96 bytes<br />
06:11:19.094266 IP 80.103.175.51.45276 > '''80.32.57.101.8090''': Flags [S], seq 2436355941, win 5840, options [mss 1452,sackOK,TS val 29128727 ecr 0,nop,wscale 6], length 0<br />
<br />
Per saber per que no funciona cal tenir en compte el camí que segueix un paquet al nucli del sistema operatiu Linux:<br />
<br />
[[Image:Tables traverse.jpg|center|450px]]<br />
<br />
Citant http://bulma.net/body.phtml?nIdNoticia=2145:<br />
<br />
<blockquote><br />
Cuando un paquete va del cliente al servidor, lo primero que se encuentra (que sea relevante para esta explicación) es la lista PREROUTING de la tabla nat, donde se hace el DNAT. En el DNAT se cambia la dirección destino del paquete, y al enrutarse posteriormente, como el kernel ve que va dirigido al servidor, mete el paquete hacia la red interna.<br />
<br />
El problema está en que cuando las respuestas del servidor hacia el cliente pasan por el firewall, no se deshace el DNAT antes del enrutado. El kernel primero enrutará el paquete y luego le cambiará la IP origen, deshaciendo el DNAT. ¡Pero nuestro policy routing estaba enrutando según la dirección origen! Ahí esta el problema, no podemos enrutar por dirección origen los paquetes que son respuesta de otro que sufrió un proceso de DNAT.<br />
</blockquote><br />
<br />
La solució és encaminar per marques combinant [[iptables]] i [[iproute]] utilitzant el mòdul d'iptables [[connection track match]] ( no confondre amb el mòdul [[conntrack]]) que s'encarrega de mantindre les taules de NAT al kernel que permeten fer i desfer NAT (tant SNAT com DNAT).<br />
<br />
Cal afegir les següent normes '''ABANS''' del DNAT:<br />
<br />
$ sudo iptables -t mangle -I PREROUTING 1 -m conntrack --ctorigdst 80.32.57.101 -j MARK --set-mark=2<br />
<br />
{{important| Amb -I fem un insert i així afegim les normes abans de la norma de DNAT }}<br />
<br />
Comproveu que els paquets es marquen executant:<br />
<br />
$ sudo watch iptables -nvL -t mangle<br />
Every 2,0s: iptables -nvL -t mangle Fri Jul 16 06:38:37 2010<br />
<br />
Chain PREROUTING (policy ACCEPT 1073 packets, 96360 bytes)<br />
pkts bytes target prot opt in out source destination<br />
5 300 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 ctorigdst 80.32.57.101 MARK xset 0x2/0xffffffff<br />
...<br />
<br />
I tornant a demanar la pàgina:<br />
<br />
http://80.32.57.101:8090<br />
<br />
Ara només falta que encaminem segons la marca:<br />
<br />
$ sudo ip rule add fwmark 2 table internet2<br />
<br />
Consulteu com queden les normes de [[Policy Routing]]:<br />
<br />
$ sudo ip rule list<br />
0: from all lookup local <br />
32764: from all fwmark 0x2 lookup internet2 <br />
32765: from 80.32.57.101 lookup internet2 <br />
32766: from all lookup main <br />
32767: from all lookup default <br />
<br />
{{important|També cal que la màquina interna (a l'exemple 192.168.1.7) tingui com a gateway el firewall sobre el que estem aplicant les normes!}}<br />
<br />
'''Recursos''':<br />
:*http://bulma.net/body.phtml?nIdNoticia=2145<br />
:*http://bulma.net/body.phtml?nIdNoticia=1615<br />
<br />
===== Enviar cap a un gateway especific només una màquina =====<br />
<br />
Suposeu el següent esquema:<br />
<br />
:*'''Estació de treball''': 192.168.10.45. Gateway: 192.168.10.1<br />
:*'''Router/Gateway''': Dos targetes de xarxa:<br />
::*'''intranet''': IP: 192.168.10.1<br />
::*'''internet1''': Sortida cap a Internet per defecte del router i de totes les màquines que utilitzant aquest router com a gateway. Connexió PPPoE.<br />
::*'''internet2''': IP: 192.168.92.2. Connectat a un gateway amb IP: 192.168.92.1 que té connexió a una segona sortida cap a Internet. No està configurada per defecte. Esta connecta a una xarxa anomenada guifi.net que té accés a Internet.<br />
<br />
Cal afegir una nova taula:<br />
<br />
$ sudo joe /etc/iproute2/rt_tables <br />
#<br />
# reserved values<br />
#<br />
255 local<br />
254 main<br />
253 default<br />
0 unspec<br />
#<br />
# local<br />
#<br />
#1 inr.ruhep<br />
200 guifi<br />
<br />
Per tal que el sistema comenci a aplicar aquesta taula:<br />
<br />
$ sudo ip route flush table guifi<br />
<br />
Si consulteu la taula per defecte:<br />
<br />
$ sudo ip route show<br />
172.31.255.254 dev ppp0 proto kernel scope link src 85.49.2.201 <br />
192.168.93.0/24 dev internet3 proto kernel scope link src 192.168.93.2 <br />
192.168.92.0/24 dev internet2 proto kernel scope link src 192.168.92.2 <br />
192.168.111.0/24 dev internet1 proto kernel scope link src 192.168.111.19 <br />
192.168.10.0/24 dev intranet proto kernel scope link src 192.168.10.1 <br />
default dev ppp0 scope link <br />
<br />
{{nota|L'ordre anterior és equivalent a $ route -n, route només mostra la taula per defecte}}<br />
<br />
Ara consulteu la taula nova:<br />
<br />
$ sudo ip route show table guifi<br />
<br />
Com l'acabem de crear està buida. Anem a afegir una entrada cap a la xarxa guifi.net. Per fer-ho a la taula de rutes per defecte seria:<br />
<br />
$ sudo route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.92.1<br />
<br />
{{nota|guifi.net és una xarxa privada de classe A: 10.0.0.0/8 o 10.0.0.0/255.0.0.0}}<br />
<br />
A la taula per defecte quedaria:<br />
<br />
$ sudo ip route show <br />
172.31.255.254 dev ppp0 proto kernel scope link src 85.49.2.201 <br />
192.168.93.0/24 dev internet3 proto kernel scope link src 192.168.93.2 <br />
192.168.92.0/24 dev internet2 proto kernel scope link src 192.168.92.2 <br />
192.168.111.0/24 dev internet1 proto kernel scope link src 192.168.111.19 <br />
192.168.10.0/24 dev intranet proto kernel scope link src 192.168.10.1 <br />
'''10.0.0.0/8 via 192.168.92.1 dev internet2'''<br />
default dev ppp0 scope link <br />
<br />
Però no volem posar-ho en aquesta taula:<br />
<br />
$ sudo route del -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.92.1<br />
<br />
Per afegir rutes a taules que no siguin la per defecte cal utilitzar [[ip route]].<br />
<br />
$ sudo ip route add table guifi 10.0.0.0/8 via 192.168.92.1 dev internet2<br />
<br />
Ara la taula ja té una ruta:<br />
<br />
$ sudo ip route show table guifi<br />
10.0.0.0/8 via 192.168.92.1 dev internet2 <br />
<br />
Ara només cal utilitzar aquesta ruta afegir una política de rutes (ip rule). Per defecte només s'apliquen les polítiques per defecte:<br />
<br />
$ sudo ip rule show<br />
0: from all lookup local <br />
32766: from all lookup main <br />
32767: from all lookup default <br />
<br />
Per afegir una nova norma:<br />
<br />
$ sudo ip rule add from 192.168.10.45 lookup guifi <br />
0: from all lookup local <br />
'''32765: from 192.168.10.45 lookup guifi '''<br />
32766: from all lookup main <br />
32767: from all lookup default<br />
<br />
Ara només queda afegir el [[SNAT]]:<br />
<br />
$ sudo iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o internet2 -j MASQUERADE<br />
<br />
L'única màquina que utilitza aquest gateway és la 192.168.10.45. Qualsevol altre (inclòs el router!) surt pel gateway per defecte del router.<br />
<br />
===traceroute===<br />
<br />
Per instal·lar traceroute:<br />
<br />
$ [[sudo]] [[apt-get]] install traceroute<br />
<br />
Hi ha diferents implementacions de traceroute. Si executeu:<br />
<br />
$ [[whereis]] traceroute<br />
traceroute: /usr/bin/traceroute /usr/bin/traceroute.db /usr/bin/traceroute6.iputils /usr/bin/traceroute6.db /usr/sbin/traceroute /usr/share/man/man8/traceroute.8.gz<br />
<br />
Si busqueu el paquet:<br />
<br />
$ [[dpkg]] -S /usr/bin/traceroute<br />
...<br />
dpkg: /usr/bin/traceroute no trobat.<br />
<br />
Esteu utilitzant /usr/bin/traceroute.db i l'instal·la el paquet del mateix nom [[traceroute]]. Després s'utilitza [[alternatives]] per indicar la implementació de traceroute que volem utilitzar:<br />
<br />
$ [[update-alternatives]] --display traceroute<br />
traceroute - auto mode<br />
l'enllaç apunta actualment cap a /usr/bin/traceroute.db<br />
/usr/bin/traceroute.db - prioritat 100<br />
esclau traceroute.8.gz: /usr/share/man/man8/traceroute.db.8.gz<br />
esclau traceroute.sbin: /usr/bin/traceroute.db<br />
Actualment la «millor» versió és /usr/bin/traceroute.db. <br />
<br />
[http://en.wikipedia.org/wiki/Traceroute Traceroute] és una comanda que s'utilitza per determinar quina ruta segueixen els paquets IP (per quins gateways o routers passen) per tal d'arribar a una màquina concreta. Exemple:<br />
<br />
$ traceroute www.google.es<br />
traceroute: Warning: www.google.es has multiple addresses; using 216.239.59.99<br />
traceroute to www.l.google.com (216.239.59.99), 30 hops max, 40 byte packets<br />
1 192.168.1.1 (192.168.1.1) 0.713 ms 0.482 ms 0.455 ms<br />
2 192.168.153.1 (192.168.153.1) 50.780 ms 51.935 ms 49.973 ms<br />
3 97.Red-81-46-52.staticIP.rima-tde.net (81.46.52.97) 55.980 ms 218.281 ms 51.631 ms<br />
4 * * *<br />
5 * * *<br />
6 P12-0-grtlontl2.red.telefonica-wholesale.net (213.140.43.146) 99.036 ms 97.985 ms 98.048 ms<br />
7 72.14.198.9 (72.14.198.9) 98.103 ms 99.954 ms 98.049 ms<br />
8 66.249.95.107 (66.249.95.107) 109.915 ms 109.821 ms 108.130 ms<br />
9 72.14.232.241 (72.14.232.241) 107.947 ms 64.233.174.185 (64.233.174.185) 108.198 ms 126.053 ms<br />
10 216.239.49.126 (216.239.49.126) 111.904 ms 112.058 ms 111.769 ms<br />
11 216.239.59.99 (216.239.59.99) 110.163 ms 107.823 ms 108.138 ms<br />
<br />
Amb l'opció -n no s'intenta resoldre les IPs a noms de màquina. Els 3 últims camps són els temps del viatge d'anada i tornada de les tres proves que realitza traceroute per cada TTL.<br />
<br />
{{important|Si no hi ha resposta en 5 segons, aleshores es mostra un '''*'''}}<br />
<br />
Els asteriscs són màquines de la ruta que per protecció o errors de protocol no es poden mostrar.<br />
<br />
'''NOTA:''' sovint els asterisc es poden solucionar executant traceroute com a superusuari:<br />
<br />
$ sudo traceroute www.google.es<br />
Password:<br />
traceroute: Warning: www.google.es has multiple addresses; using 216.239.59.99<br />
traceroute to www.l.google.com (216.239.59.99), 30 hops max, 40 byte packets<br />
1 192.168.1.1 (192.168.1.1) 0.469 ms 0.496 ms 0.429 ms<br />
2 192.168.153.1 (192.168.153.1) 50.701 ms 47.989 ms 48.041 ms<br />
3 97.Red-81-46-52.staticIP.rima-tde.net (81.46.52.97) 51.949 ms 52.153 ms 51.969 ms<br />
4 33.Red-81-46-5.staticIP.rima-tde.net (81.46.5.33) 63.792 ms 63.746 ms 64.027 ms<br />
5 84.16.8.125 (84.16.8.125) 62.078 ms 64.046 ms 64.030 ms<br />
6 P12-0-grtlontl2.red.telefonica-wholesale.net (213.140.43.146) 98.030 ms 99.910 ms 98.018 ms<br />
7 72.14.198.9 (72.14.198.9) 98.140 ms 97.968 ms 98.028 ms<br />
8 66.249.95.107 (66.249.95.107) 109.928 ms 110.080 ms 109.853 ms<br />
9 64.233.174.185 (64.233.174.185) 109.930 ms 72.14.232.241 (72.14.232.241) 110.133 ms 109.800 ms<br />
10 216.239.49.114 (216.239.49.114) 114.104 ms 114.010 ms 109.848 ms<br />
11 216.239.59.99 (216.239.59.99) 110.093 ms 110.094 ms 109.865 ms<br />
<br />
'''NOTA 2''': Els paquets no sempre segueixen el mateix camí per arribar a un destinatari tal i com podeu comprovar en els nodes 9 i 10 de l'exemple anterior...<br />
<br />
Actualment molts tallafocs impedeixen els paquets necessaris per tal que funcioni correctament traceroute. Per aquesta raó l'ordre premet provar amb diferents mètodes:<br />
<br />
:*'''default''': és el mètode tradicional i l'utilitzat per defecte. Aquest mètode el pot executar qualsevol usuari. S'envien paquets UDP amb ports poc probables (per defecte 33434 i es va augmentant). S'esperant missatges "icmp unreach port"<br />
:*'''icmp''': Opció -I. Si es pot fer un ping a totes les màquines de la ruta, també s'hauria de poder fer aquest tipus de tracerouting.<br />
:*'''tcp''': Opció -T. Utilitza el port 80<br />
<br />
Hi ha algunes utilitats relacionades amb traceroute que poden ser interessants:<br />
<br />
*http://www.mapulator.com/: Utilitza traceroute junt amb Google Maps per tal de dibuixar una ruta física entre dues màquines en un mapa de Google.<br />
*http://paris-traceroute.net/download.htm <br />
<br />
L'ordre:<br />
<br />
$ traceroute6<br />
<br />
és equivalent a:<br />
<br />
$ traceroute -6<br />
<br />
És a dir és fa un traceroute amb [[IPv6]]. Es necessita connectivitat IPv6.<br />
<br />
Vegeu també [[tracert]]. <br />
<br />
L'ordre ping també es pot utilitzar per traçar rutes:<br />
<br />
$ ping -nR www.xtec.cat<br />
PING xtec.cat (213.176.161.13) 56(124) bytes of data.<br />
64 bytes from 213.176.161.13: icmp_seq=1 ttl=251 time=54.3 ms<br />
NOP<br />
RR: 192.168.0.46 <br />
213.176.160.157<br />
213.176.160.26<br />
213.176.161.1<br />
213.176.161.13<br />
213.176.160.19<br />
213.176.160.153<br />
10.19.41.1<br />
85.192.120.9<br />
<br />
64 bytes from 213.176.161.13: icmp_seq=2 ttl=251 time=52.9 ms<br />
NOP (same route)<br />
64 bytes from 213.176.161.13: icmp_seq=3 ttl=251 time=53.1 ms<br />
NOP (same route)<br />
<br />
*'''Paquet:''' traceroute<br />
*'''Path:''' /usr/sbin/traceroute (podeu trobar el camí de la comanda executant which traceroute)<br />
*'''Manual''': [http://www.die.net/doc/linux/man/man8/traceroute.8.html man traceroute] <br />
<br />
Una alternativa a traceroute és [[Paketto_Keiretsu#Paratrace Paratrace] de Paketto Keiretsu.<br />
<br />
====Com funciona traceroute====<br />
<br />
Traceroute utilitzar el protocol [[ICMP]]. Hi ha múltiples alternatives a l'hora d'intentar conèixer la ruta, però una de les més senzilles és enviat paquets de [[ping]] amb [[TTL]] ([[Times To Live]]) limitats. <br />
<br />
Per conèixer la primera màquina d'una ruta enviem un paquet ping amb TTL=1<br />
<br />
$ ping -t 1 www.google.com<br />
PING www.l.google.com (209.85.227.105) 56(84) bytes of data.<br />
From Livebox-D5AC (192.168.111.1) icmp_seq=1 Time to live exceeded<br />
<br />
Ara ja sabeu que la primera màquina de la ruta és la 192.168.111.1. Si fem el mateix amb un TTL=2 obtindrem el nom de la segona màquina.<br />
<br />
Podeu anar provant augmentant, fins que el paquet ping retorni.<br />
<br />
====mtr. My Traceroute====<br />
<br />
Un altre traceroute:<br />
<br />
$ dpkg -S /usr/bin/mtr<br />
mtr-tiny: /usr/bin/mtr<br />
<br />
$ mtr www.upc.edu<br />
<br />
===tracepath===<br />
<br />
És una versió més senzilla de traceroute:<br />
<br />
$ tracepath www.google.es<br />
1: 192.168.1.33 (192.168.1.33) 0.135ms pmtu 1500<br />
1: 192.168.1.1 (192.168.1.1) 0.898ms <br />
2: 192.168.1.1 (192.168.1.1) asymm 1 0.943ms pmtu 1492<br />
3: 97.Red-81-46-52.staticIP.rima-tde.net (81.46.52.97) 91.871ms <br />
4: 33.Red-81-46-5.staticIP.rima-tde.net (81.46.5.33) asymm 5 105.926ms <br />
5: 84.16.8.125 (84.16.8.125) asymm 6 103.997ms <br />
6: P12-0-grtlontl2.red.telefonica-wholesale.net (213.140.43.146) 137.995ms <br />
.....................<br />
<br />
*'''Paquet:''' iputils-tracepath<br />
*'''Path:''' /usr/sbin/tracepath (podeu trobar el camí de la comanda executant which tracepath)<br />
*'''Manual''': [http://www.die.net/doc/linux/man/man8/tracepath.8.html man tracepath] <br />
<br />
===dig===<br />
<br />
$ dpkg -S dig | grep bin<br />
dnsutils: /usr/bin/dig<br />
..............<br />
<br />
Podeu trobar més exemples a [[Servidor de DNS#Comanda dig |comanda dig]].<br />
<br />
*'''Paquet:''' dnsutils<br />
*'''Path:''' /usr/bin/dig (podeu trobar el camí de la comanda executant which dig)<br />
*'''Manual''': [http://www.die.net/doc/linux/man/man1/dig.1.html man dig]<br />
<br />
===nslookup===<br />
<br />
*'''Paquet:''' dnsutils<br />
*'''Path:''' /usr/bin/dig (podeu trobar el camí de la comanda executant which dig)<br />
*'''Manual''': [http://www.die.net/doc/linux/man/man1/nslookup.1.html man dig]<br />
<br />
===host===<br />
<br />
Consulteu [[host]].<br />
<br />
===dnstracer===<br />
<br />
*'''Paquet:''' dnstracer<br />
*'''Path:''' /usr/bin/dnstracer (podeu trobar el camí de la comanda executant which dnstracer)<br />
*'''Manual''': [http://www.mavetju.org/unix/dnstracer-man.php man dnstracer] <br />
<br />
===nmap===<br />
<br />
Consulteu [[nmap]]<br />
<br />
===ipcalc===<br />
<br />
[http://jodies.de/ipcalc Ipcalc] és una eina que donada una ip i la seva màscara calcula les IPs de boradcast, xarxa, Cisco wildcard Mask, el rang de màquines, el tipus de xarxa i altres informacions interessants.<br />
<br />
$ ipcalc 192.168.0.1<br />
<br />
Address: 192.168.0.1 11000000.10101000.00000000. 00000001<br />
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000<br />
Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111<br />
=><br />
Network: 192.168.0.0/24 11000000.10101000.00000000. 00000000<br />
HostMin: 192.168.0.1 11000000.10101000.00000000. 00000001<br />
HostMax: 192.168.0.254 11000000.10101000.00000000. 11111110<br />
Broadcast: 192.168.0.255 11000000.10101000.00000000. 11111111<br />
Hosts/Net: 254 Class C, Private Internet<br />
<br />
Si no s'especifica cap màscara, s'utilitza la màscara per defecte (255.255.255.0 o 24 en notació CIDR).<br />
<br />
La sortida per pantalla és amb colors. Els colors ens permeten per exemple identificar els primers bits que corresponent a cada tipus de xarxa (A,B,C):<br />
<br />
[[Image:Ipcalc.jpg]]<br />
<br />
$ ipcalc 192.168.0.1/24<br />
<br />
És equivalent a ipcalc 192.168.0.1<br />
<br />
$ ipcalc 192.168.0.1/255.255.128.0<br />
Address: 192.168.0.1 11000000.10101000.0 0000000.00000001<br />
Netmask: 255.255.128.0 = 17 11111111.11111111.1 0000000.00000000<br />
Wildcard: 0.0.127.255 00000000.00000000.0 1111111.11111111<br />
=><br />
Network: 192.168.0.0/17 11000000.10101000.0 0000000.00000000<br />
HostMin: 192.168.0.1 11000000.10101000.0 0000000.00000001<br />
HostMax: 192.168.127.254 11000000.10101000.0 1111111.11111110<br />
Broadcast: 192.168.127.255 11000000.10101000.0 1111111.11111111<br />
Hosts/Net: 32766 Class C, Private Internet<br />
<br />
Ipcalc és molt útil per al càlcul de subxarxes. Per fer subnetting, per exemple dividir una xarxa de màscara 24 en 4 subxarxes de màscara 26 podem utilitzar:<br />
<br />
$ ipcalc 192.168.0.1/24 26<br />
Address: 192.168.0.1 11000000.10101000.00000000. 00000001<br />
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000<br />
Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111<br />
=><br />
Network: 192.168.0.0/24 11000000.10101000.00000000. 00000000<br />
HostMin: 192.168.0.1 11000000.10101000.00000000. 00000001<br />
HostMax: 192.168.0.254 11000000.10101000.00000000. 11111110<br />
Broadcast: 192.168.0.255 11000000.10101000.00000000. 11111111<br />
Hosts/Net: 254 Class C, Private Internet<br />
<br />
Subnets after transition from /24 to /26<br />
<br />
Netmask: 255.255.255.192 = 26 11111111.11111111.11111111.11 000000<br />
Wildcard: 0.0.0.63 00000000.00000000.00000000.00 111111 <br />
<br />
1.<br />
Network: 192.168.0.0/26 11000000.10101000.00000000.00 000000<br />
HostMin: 192.168.0.1 11000000.10101000.00000000.00 000001<br />
HostMax: 192.168.0.62 11000000.10101000.00000000.00 111110<br />
Broadcast: 192.168.0.63 11000000.10101000.00000000.00 111111<br />
Hosts/Net: 62 Class C, Private Internet <br />
<br />
2.<br />
Network: 192.168.0.64/26 11000000.10101000.00000000.01 000000<br />
HostMin: 192.168.0.65 11000000.10101000.00000000.01 000001<br />
HostMax: 192.168.0.126 11000000.10101000.00000000.01 111110<br />
Broadcast: 192.168.0.127 11000000.10101000.00000000.01 111111<br />
Hosts/Net: 62 Class C, Private Internet<br />
<br />
3.<br />
Network: 192.168.0.128/26 11000000.10101000.00000000.10 000000<br />
HostMin: 192.168.0.129 11000000.10101000.00000000.10 000001<br />
HostMax: 192.168.0.190 11000000.10101000.00000000.10 111110<br />
Broadcast: 192.168.0.191 11000000.10101000.00000000.10 111111<br />
Hosts/Net: 62 Class C, Private Internet<br />
<br />
4.<br />
Network: 192.168.0.192/26 11000000.10101000.00000000.11 000000<br />
HostMin: 192.168.0.193 11000000.10101000.00000000.11 000001<br />
HostMax: 192.168.0.254 11000000.10101000.00000000.11 111110<br />
Broadcast: 192.168.0.255 11000000.10101000.00000000.11 111111<br />
Hosts/Net: 62 Class C, Private Internet <br />
<br />
<br />
Subnets: 4<br />
Hosts: 248<br />
<br />
També es pot utilitzar a l'inrevés, per fer supernetting:<br />
<br />
$ ipcalc 192.168.0.1/24 23<br />
Address: 192.168.0.1 11000000.10101000.00000000. 00000001<br />
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000<br />
Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111<br />
=><br />
Network: 192.168.0.0/24 11000000.10101000.00000000. 00000000<br />
HostMin: 192.168.0.1 11000000.10101000.00000000. 00000001<br />
HostMax: 192.168.0.254 11000000.10101000.00000000. 11111110<br />
Broadcast: 192.168.0.255 11000000.10101000.00000000. 11111111<br />
Hosts/Net: 254 Class C, Private Internet <br />
<br />
Supernet<br />
<br />
Netmask: 255.255.254.0 = 23 11111111.11111111.1111111 0.00000000<br />
Wildcard: 0.0.1.255 00000000.00000000.0000000 1.11111111<br />
<br />
Network: 192.168.0.0/23 11000000.10101000.0000000 0.00000000<br />
HostMin: 192.168.0.1 11000000.10101000.0000000 0.00000001<br />
HostMax: 192.168.1.254 11000000.10101000.0000000 1.11111110<br />
Broadcast: 192.168.1.255 11000000.10101000.0000000 1.11111111<br />
Hosts/Net: 510 Class C, Private Internet<br />
<br />
<br />
<br />
<br />
*'''Paquet:''' Xarxes_Linux#Paquet_ipcalc ipcalc<br />
*'''Path:''' /usr/bin/ipcalc (podeu trobar el camí de la comanda executant which ipcalc)<br />
*'''Manual''': [http://www.die.net/doc/linux/man/man1/ipcalc.1.html man ipcalc]<br />
<br />
===tcpdump===<br />
<br />
Consulteu l'article [[tcpdump]].<br />
<br />
*'''Paquet:''' tcpdump<br />
*'''Path:''' /usr/bin/tcpdump (podeu trobar el camí de la comanda executant which tcpdump)<br />
*'''Manual''': [http://www.die.net/doc/linux/man/man8/tcpdump.8.html man tcpdump]<br />
<br />
===whois===<br />
<br />
*'''Paquet:''' whois<br />
*'''Path:''' /usr/bin/whois (podeu trobar el camí de la comanda executant which whois)<br />
*'''Manual''': [http://www.die.net/doc/linux/man/man1/whois.1.html man whois] <br />
<br />
===Comandes wireless===<br />
<br />
Podeu consultar aquestes comandes a la pàgina [[Xarxes_Linux_Wireless#Comandes | Xarxes Linux Wireless]] d'aquesta wiki.<br />
<br />
===iptables===<br />
<br />
Consulteu la secció iptables de l'article [[Netfilter/iptables]].<br />
<br />
===nc (netcat)===<br />
<br />
Consulteu [[nc (netcat)]].<br />
<br />
===ethtool===<br />
<br />
Consulteu l'article [[ethtool]].<br />
<br />
===mii-tool===<br />
<br />
Consulteu [[Ethtool#mii-tool | mii-tool]]<br />
<br />
===mii-diag===<br />
<br />
Consulteu [[Ethtool#mii-diag | mii-diag]]<br />
<br />
==Fitxers de configuració==<br />
<br />
===/etc/modules===<br />
<br />
Aquest fitxer es pot utilitzar per afegir un mòdul al kernel (per exemple de suport a la targeta de xarxa). Els mòduls que apareixen a aquest fitxer es carreguen durant la càrrega del sistema. Exemple de fitxer<br />
<br />
$ cat /etc/modules <br />
# /etc/modules: kernel modules to load at boot time.<br />
#<br />
# This file contains the names of kernel modules that should be loaded<br />
# at boot time, one per line. Lines beginning with "#" are ignored.<br />
<br />
lp<br />
psmouse<br />
sbp2<br />
sr_mod<br />
<br />
Els fitxers dels mòduls estan típicament a /lib/modules/. Aquí trobareu una carpeta per a cada versió del kernel (podeu utilitzar uname -r' per conèixer la vostra versió.<br />
<br />
Per exemple, seguint les instruccions de la wiki d'Ubuntu (https://wiki.ubuntu.com/HardwareSupportComponentsWiredNetworkCards3Com), per fer funcionar una targeta 3COM 3c509TP Etherlink III, hem d'afegir el mòdul 3c509 al fitxer '''/etc/modules'''.<br />
<br />
===/etc/conf.modules===<br />
<br />
Mitjançant aquest fitxer podem configurar els paràmetres dels mòduls. Per exemple podem indicar a linux quin driver ha d'utilitzar per a la nostra targeta de xarxa. Exemple:<br />
<br />
alias eth0 module_name<br />
options module_name option1=value1 option2=value2 ...<br />
<br />
Un mòdul proporciona al sistema operatiu (kernel) la informació necessària per controlar una targeta ethernet en particular. Per conèxer els noms dels mòduls (module_name) podeu consultar [aquesta pàgina http://tldp.org/HOWTO/Ethernet-HOWTO-2.html#what-card].<br />
<br />
Les línies d'opcions només acostumen a ser necessàries per a antigues targetes ISA (obsoletes i no recomanables). Si es tenen més targetes serà necessari posar més línies al fitxer (eth1, eth2...).<br />
<br />
'''NOTA:''' If you build your own kernel, you have the option of having all the drivers merged with the kernel right then and there, rather than existing as separate files. When this is done, the drivers will detect the hardware at boot up. Options to the drivers are supplied by the kernel command line prior to boot (see BootPrompt Howto for more details). The user chooses what drivers are used during the make config step of building the kernel (again see the kernel howto).<br />
<br />
===/etc/network/interfaces===<br />
<br />
Fitxer de configuració de les interfícies de xarxa (NICs) en sistemes Debian. Guarda la configuració de les interfícies de xarxa. Aquest fitxer és llegit per les comandes ifup i ifdown quan s'activen les interfícies de xarxa (ja sigui explícitament o en l'arrencada del sistema)<br />
<br />
Exemple de fitxer interfaces totes configurades per DHCP:<br />
<br />
$ cat /etc/network/interfaces <br />
auto lo<br />
iface lo inet loopback<br />
<br />
auto eth0<br />
iface eth0 inet dhcp<br />
<br />
auto eth1<br />
iface eth1 inet dhcp<br />
<br />
auto ath0<br />
iface ath0 inet dhcp<br />
<br />
auto wlan0<br />
iface wlan0 inet dhcp<br />
<br />
Exemple de fitxer interfaces amb configuració estàtica:<br />
<br />
$ cat /etc/network/interfaces <br />
auto eth1<br />
iface eth1 inet static<br />
address 192.168.1.1<br />
network 192.168.1.0<br />
netmask 255.255.255.0<br />
broadcast 192.168.1.255<br />
gateway 192.168.1.1<br />
<br />
Es pot utilitzar per automatitzar tasques abans i després d'activar les interfícies. Per això cal utilitzar les opcions pre-up o post-up:<br />
<br />
Podeu trobar exemples de configuració al fitxer comprimit '''/usr/share/doc/ifupdown/examples/network-interfaces.gz''':<br />
<br />
$ sudo gunzip /usr/share/doc/ifupdown/examples/network-interfaces.gz <br />
$ cat /usr/share/doc/ifupdown/examples/network-interfaces<br />
<br />
Trobareu exemples de configuració del fitxer '''/etc/network/interfaces''' per a xarxes wireless a http://acacha.dyndns.org/mediawiki/index.php/Xarxes_Linux_Wireless#.2Fetc.2Fnetwork.2Finterfaces.<br />
<br />
'''Paràmetre allow-hotplug''':<br />
<br />
Del manual del fitxer interfaces:<br />
<br />
Lines beginning with "allow-" are used to identify interfaces that<br />
should be brought up automatically by various subsytems. This may be<br />
done using a command such as "ifup --allow=hotplug eth0 eth1", which<br />
will only bring up eth0 or eth1 if it is listed in an "allow-hotplug"<br />
line. Note that "allow-auto" and "auto" are synonyms.<br />
<br />
Sembla que és una línia per evitar problemes amb udev i dispositius connectables en calent (ethernet USB):<br />
<br />
*http://people.debian.org/~terpstra/thread/20070131.210332.97bd5f70.ca.html<br />
<br />
S'utilitza per marcar interfícies per tipologies. A Ubuntu per exemple no pareix al fitxer per defecte i a debian si. A Ubuntu el fitxer:<br />
<br />
$ cat /etc/udev/rules.d/85-ifupdown.rules <br />
# This file causes network devices to be brought up or down as a result<br />
# of hardware being added or removed, including that which isn't ordinarily<br />
# removable.<br />
# See udev(7) for syntax. <br />
<br />
SUBSYSTEM=="net", DRIVERS=="?*", GOTO="net_start"<br />
GOTO="net_end"<br />
<br />
LABEL="net_start"<br />
<br />
# Bring devices up and down only if they're marked auto.<br />
# Use start-stop-daemon so we don't wait on dhcp<br />
ACTION=="add", RUN+="/sbin/start-stop-daemon --start --background --pidfile /var/run/network/bogus --startas '''/sbin/ifup -- --allow auto''' $env{INTERFACE}"<br />
ACTION=="remove", RUN+="/sbin/start-stop-daemon --start --background --pidfile /var/run/network/bogus --startas /sbin/ifdown -- --allow auto $env{INTERFACE}"<br />
<br />
LABEL="net_end"<br />
<br />
<br />
'''Manual:'''<br />
<br />
*[http://annys.eines.info/cgi-bin/man/man2html?interfaces+5 man interfaces] <br />
<br />
'''Recursos:'''<br />
<br />
*Exemples de fitxers /etc/network/interfaces<br />
<br />
===/etc/init.d/networking===<br />
<br />
Aquest fitxer és un script estàndard de configuració de serveis System V. Permet controlar el servei de xarxa. Les opcions són les estàndard de SystemV:<br />
<br />
Arrancar la xarxa:<br />
<br />
sudo /etc/init.d/networking start<br />
<br />
Apagar la xarxa:<br />
<br />
sudo /etc/init.d/networking stop<br />
<br />
Apagar i arrancar la xarxa (reiniciar) la xarxa:<br />
<br />
sudo /etc/init.d/networking restart<br />
<br />
Apagar i arrancar la xarxa (reiniciar) la xarxa:<br />
<br />
sudo /etc/init.d/networking force-reload<br />
<br />
En aquest cas, les opcions restart i force-reload són equivalents.<br />
<br />
'''NOTA:''' Cal destacar que no és exactament el mateix executar /etc/init.d/networking start (o stop) que executar ifup. Ho podem comprovar si mirem l'script que conté el fitxer on veurem que s'utilitzen les comandes ifup i ifdown però que a més hi ha controls extres (com per exemple no apagar la xarxa si hi han unitats NFS encara muntades).<br />
<br />
El link '''/etc/rcS.d/S40networking''' és l'encarregat d'iniciar la configuració de xarxa en Sistemes Debian seguint el sistema d' scripts d'inicialització de SystemV.<br />
<br />
Podeu obtenir més informació sobre serveis i dimonis en Linux a l'article [[Configuració_de_serveis_en_Linux._Daemons | Configuració de serveis en Linux. Daemons]] d'aquesta wiki i concretament sobre els Scripts de control de serveis SystemV.<br />
<br />
*'''Paquet que el proporciona:''' netbase<br />
<br />
'''NOTA''': aquest fitxer es completament diferents en una Debian que en una Ubuntu. A Ubuntu es basa en simplement fer primer un '''ifdown -a''' i després un '''ifup -a''' a Debian fa altres coses...<br />
<br />
====Fitxer a Ubuntu (Feisty)====<br />
<br />
$ cat /etc/init.d/networking <br />
#!/bin/sh -e<br />
### BEGIN INIT INFO<br />
# Provides: networking<br />
# Required-Start: mountkernfs ifupdown $local_fs<br />
# Required-Stop: ifupdown $local_fs<br />
# Default-Start: S<br />
# Default-Stop: 0 6<br />
# Short-Description: Raise network interfaces.<br />
### END INIT INFO<br />
<br />
PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"<br />
<br />
[ -x /sbin/ifup ] || exit 0 <br />
<br />
. /lib/lsb/init-functions<br />
<br />
<br />
case "$1" in<br />
start)<br />
log_action_begin_msg "Configuring network interfaces"<br />
type usplash_write >/dev/null 2>/dev/null && usplash_write "TIMEOUT 120" || true<br />
if [ "$VERBOSE" != no ]; then<br />
'''if ifup -a; then'''<br />
log_action_end_msg $?<br />
else<br />
log_action_end_msg $?<br />
fi<br />
else<br />
if ifup -a >/dev/null 2>&1; then<br />
log_action_end_msg $?<br />
else<br />
log_action_end_msg $?<br />
fi<br />
fi<br />
type usplash_write >/dev/null 2>/dev/null && usplash_write "TIMEOUT 15" || true<br />
;;<br />
<br />
stop)<br />
if sed -n 's/^[^ ]* \([^ ]*\) \([^ ]*\) .*$/\2/p' /proc/mounts | <br />
grep -qE '^(nfs[1234]?|smbfs|ncp|ncpfs|coda|cifs)$'; then<br />
log_warning_msg "not deconfiguring network interfaces: network shares still mounted."<br />
exit 0<br />
fi <br />
<br />
log_action_begin_msg "Deconfiguring network interfaces"<br />
if [ "$VERBOSE" != no ]; then<br />
if ifdown -a --exclude=lo; then<br />
log_action_end_msg $?<br />
else<br />
log_action_end_msg $?<br />
fi<br />
else<br />
if '''ifdown -a --exclude=lo''' >/dev/null 2>/dev/null; then<br />
log_action_end_msg $?<br />
else<br />
log_action_end_msg $?<br />
fi<br />
fi<br />
;;<br />
<br />
force-reload|restart)<br />
log_action_begin_msg "Reconfiguring network interfaces"<br />
ifdown -a --exclude=lo || true<br />
if ifup -a --exclude=lo; then<br />
log_action_end_msg $?<br />
else<br />
log_action_end_msg $?<br />
fi<br />
;;<br />
<br />
*)<br />
echo "Usage: /etc/init.d/networking {start|stop|restart|force-reload}"<br />
exit 1<br />
;;<br />
esac<br />
<br />
exit 0<br />
<br />
====Fitxer a Debian Etch====<br />
<br />
$ cat /etc/init.d/networking <br />
#!/bin/sh -e<br />
### BEGIN INIT INFO<br />
# Provides: networking<br />
# Required-Start: mountkernfs ifupdown $local_fs<br />
# Required-Stop: ifupdown $local_fs<br />
# Default-Start: S<br />
# Default-Stop: 0 6<br />
# Short-Description: Raise network interfaces.<br />
### END INIT INFO<br />
<br />
PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" <br />
<br />
[ -x /sbin/ifup ] || exit 0 <br />
<br />
. /lib/lsb/init-functions<br />
<br />
spoofprotect_rp_filter() {<br />
[ -e /proc/sys/net/ipv4/conf/all/rp_filter ] || return 1<br />
RC=0<br />
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do<br />
echo 1 > $f || RC=1<br />
done<br />
return $RC<br />
} <br />
<br />
spoofprotect() {<br />
log_action_begin_msg "Setting up IP spoofing protection"<br />
if spoofprotect_rp_filter; then<br />
log_action_end_msg 0 "rp_filter"<br />
else<br />
log_action_end_msg 1<br />
fi<br />
}<br />
<br />
ip_forward() {<br />
log_action_begin_msg "Enabling packet forwarding"<br />
if echo 1 > /proc/sys/net/ipv4/ip_forward; then<br />
log_action_end_msg 0<br />
else<br />
log_action_end_msg 1<br />
fi<br />
}<br />
<br />
syncookies() {<br />
log_action_begin_msg "Enabling TCP SYN cookies"<br />
if echo 1 > /proc/sys/net/ipv4/tcp_syncookies; then<br />
log_action_end_msg 0<br />
else<br />
log_action_end_msg 1<br />
fi<br />
} <br />
<br />
doopt() {<br />
optname=$1<br />
default=$2<br />
opt=`grep "^$optname=" /etc/network/options || true`<br />
if [ -z "$opt" ]; then<br />
opt="$optname=$default"<br />
fi<br />
optval=${opt#$optname=}<br />
if [ "$optval" = "yes" ]; then<br />
eval $optname<br />
fi<br />
}<br />
<br />
process_options() {<br />
[ -e /etc/network/options ] || return 0<br />
log_warning_msg "/etc/network/options is deprecated (see README.Debian of netbase)."<br />
doopt spoofprotect yes<br />
doopt syncookies no<br />
doopt ip_forward no<br />
}<br />
<br />
case "$1" in<br />
start)<br />
process_options<br />
log_action_begin_msg "Configuring network interfaces"<br />
if ifup -a; then<br />
log_action_end_msg $?<br />
else<br />
log_action_end_msg $?<br />
fi<br />
;; <br />
<br />
stop)<br />
if sed -n 's/^[^ ]* \([^ ]*\) \([^ ]*\) .*$/\2/p' /proc/mounts | <br />
grep -qE '^(nfs[1234]?|smbfs|ncp|ncpfs|coda|cifs)$'; then<br />
log_warning_msg "not deconfiguring network interfaces: network shares still mounted."<br />
exit 0<br />
fi <br />
<br />
log_action_begin_msg "Deconfiguring network interfaces"<br />
if ifdown -a --exclude=lo; then<br />
log_action_end_msg $?<br />
else<br />
log_action_end_msg $?<br />
fi<br />
;; <br />
<br />
force-reload|restart)<br />
process_options<br />
log_action_begin_msg "Reconfiguring network interfaces"<br />
ifdown -a --exclude=lo || true<br />
if ifup -a --exclude=lo; then<br />
log_action_end_msg $?<br />
else<br />
log_action_end_msg $?<br />
fi<br />
;; <br />
<br />
*)<br />
echo "Usage: /etc/init.d/networking {start|stop|restart|force-reload}"<br />
exit 1<br />
;;<br />
esac <br />
<br />
exit 0<br />
<br />
===/etc/init.d/loopback===<br />
<br />
Igual que '''/etc/init.d/networking''' és un script de control de serveis ( init scripts) de [http://en.wikipedia.org/wiki/System_V UNIX System V]. En aquesta cas s'encarrega de configurar la interfície de loopback. Permet controlar el servei d'interfície de loopback.<br />
<br />
El link '''/etc/rcS.d/S08loopback''' és l'encarregat d'iniciar la interfície de loopbacken Sistemes Debian seguint el sistema d' scripts d'inicialització de SystemV.<br />
<br />
Podeu consultar més sobre els serveis i dimonis Linux a l'article [[Configuració de serveis en Linux. Daemons.]]<br />
<br />
*'''Paquet que el proporciona:''' netbase <br />
<br />
===/etc/sysconfig/network===<br />
<br />
En sistemes RED HAT/Fedora o similars aquest fitxer és el que conté la configuració de xarxa (equivalent del fitxer '''/etc/network/interfaces''' en Sistemes Debian). Un exemple de configuració estàtica seria:<br />
<br />
NETWORKING=yes<br />
FORWARD_IPV4=false<br />
HOSTNAME=milinux.localdomain<br />
DOMAINAME=localdomain<br />
GATEWAY=10.0.0.1<br />
GATEWAYDEV=eth0<br />
IPADDR=10.0.0.120<br />
NETMASK=255.0.0.0<br />
NETWORK=10.0.0.0<br />
BROADCAST=10.255.255.255<br />
ONBOOT=yes <br />
<br />
===/etc/sysctl.conf===<br />
<br />
Controla paràmetres del kernel:<br />
<br />
$ cat /etc/sysctl.conf<br />
<br />
El podem utilitzar per activar ip_forwarding:<br />
<br />
...<br />
# Uncomment the next line to enable packet forwarding for IPv4<br />
#net.ipv4.ip_forward=1<br />
...<br />
<br />
Consulteu l'article [[Sysctl._Tunning_del_kernel]].<br />
<br />
===Carpeta /etc/sysconfig/networking===<br />
<br />
En sistemes RED HAT/fedora trobem en aquesta carpeta els perfils de xarxa i/o els fitxers ifcfg-xxx amb la configuració de la xarxa.<br />
<br />
===Carpeta /etc/sysconfig/network===<br />
<br />
Aquesta carpeta també s'utilitza en sistemes SUSE o derivats (openSuse, Linkat....)<br />
<br />
*Sistema: RED HAT<br />
*'''Paquet:''' ? <br />
<br />
===/etc/sysconfig/network/config===<br />
<br />
En sistemes com OpenSUSE hi ha paràmetres generals de configuració de xarxa.<br />
<br />
===Fitxers ifcfg-xxx===<br />
<br />
Els sistemes RED HAT, Fedora i Suse guarden la configuració de les interfícies de xarxa als fitxers ifcfg-xxx. Depenent de la distribució, de si s'utilitzen perfils o no i altres temes, aquests fitxers poden estar en diferents localitzacions (carpetes). Les xxxx del nom del fitxer se substitueixen pel nom del dispositiu de xarxa. Per exemple:<br />
<br />
*loopback: ifcfg-lo<br />
*eth0: ifcfg-eth0<br />
*eth1: ifcfg-eth1<br />
<br />
Altres noms són possibles (per exemple utilitzant identificadors ifcfg-eth-id-00\:0c\:29\:d3\:47\:00). Aquests fitxers de configuració contenen parells de valors.<br />
<br />
A SUSE aquests fitxers es localitzen a la carpeta '''/etc/sysconfig/network'''<br />
<br />
SUSE també ofereix un fitxer d'exemple (template) de configuració. Podem consultar aquest "template" per conèixer la utilitat de cadascun dels possibles paràmetres. També podem consultar l'entrada de manual de Linux man ifcfg<br />
<br />
Exemple d'interfície configurada amb DHCP:<br />
<br />
BOOTPROTO='dhcp'<br />
BROADCAST=<br />
ETHTOOL_OPTIONS=<br />
IPADDR=<br />
MTU=<br />
NAME='AMD PCnet - Fast 79C971'<br />
NETMASK='255.255.255.0'<br />
NETWORK=<br />
REMOTE_IPADDR=<br />
STARTMODE='auto'<br />
UNIQUE='rBUF.weGuQ9ywYPF'<br />
USERCONTROL='no'<br />
_nm_name='bus-pci-0000:00:10.0'<br />
)<br />
<br />
Exemple d'interfície amb configuracio estàtica:<br />
<br />
DEVICE=eth0<br />
IPADDR=208.164.186.1<br />
NETMASK=255.255.255.0<br />
NETWORK=208.164.186.0<br />
BROADCAST=208.164.186.255<br />
ONBOOT=yes<br />
BOOTPROTO=none<br />
USERCTL=no<br />
<br />
Configuració de loopback a Open Suse:<br />
<br />
sergi@linux-ngx8:/etc/sysconfig/network> cat ifcfg-lo <br />
# Loopback (lo) configuration<br />
IPADDR=127.0.0.1<br />
NETMASK=255.0.0.0<br />
NETWORK=127.0.0.0<br />
BROADCAST=127.255.255.255<br />
STARTMODE=onboot<br />
USERCONTROL=no<br />
<br />
*'''Manual''': man ifcfg <br />
<br />
===/etc/sysconfig/networking/profiles===<br />
<br />
Conté els perfils de xarxa de la màquina RED HAT/Fedora. El perfil per defecte és default /etc/sysconfig/networking/profiles/default. Els perfils poden sobrescriure les dades de configuració de xarxa generals (fitxer '''/etc/sysconfig/network''').<br />
<br />
===Scripts de preconfiguració/postconfiguració de la xarxa.===<br />
<br />
====Carpetes /etc/network/if-down.d /etc/network/if-post-down.d /etc/network/if-pre-up.d /etc/network/if-up.d====<br />
<br />
En aquestes carpetes es col·loquen els scripts que volem que s'executin abans o després de l'engegada o aturada de la xarxa. Per exemple, si fem una ullada a la carpeta '''/etc/network/if-up.d''':<br />
<br />
$ ls -l /etc/network/if-up.d/<br />
total 16<br />
-rwxr-xr-x 1 root root 3190 2006-10-06 13:34 mountnfs<br />
-rwxr-xr-x 1 root root 551 2006-05-29 04:48 ntpdate<br />
-rwxr-xr-x 1 root root 160 2006-09-18 21:09 ntp-server<br />
-rwxr-xr-x 1 root root 1120 2006-09-10 12:48 postfix<br />
<br />
Són scripts que configuren aplicacions després de la configuració de la xarxa:<br />
<br />
*mountnfs: Monta els recursos NFS i SAMBA<br />
*ntpdate i ntp-server: Configuren ntp (servei de temps)..... <br />
<br />
Aquests fitxers, juntament amb les comandes ifup i ifdown les proporciona el paquet ifupdown.<br />
<br />
Podem veure el detall del que s'executa al aixecar/apagar una targeta de xarxa amb les comandes:<br />
<br />
$ sudo ifdown --verbose eth0<br />
Configuring interface eth0=eth0 (inet)<br />
route del -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.1.20 dev eth0<br />
run-parts --verbose /etc/network/if-down.d<br />
run-parts: executing /etc/network/if-down.d/avahi-autoipd<br />
run-parts: executing /etc/network/if-down.d/wpasupplicant<br />
<br />
ifconfig eth0 down<br />
run-parts --verbose /etc/network/if-post-down.d<br />
run-parts: executing /etc/network/if-post-down.d/avahi-daemon<br />
run-parts: executing /etc/network/if-post-down.d/bridge<br />
run-parts: executing /etc/network/if-post-down.d/wireless-tools<br />
run-parts: executing /etc/network/if-post-down.d/wpasupplicant<br />
run-parts: executing /etc/network/if-post-down.d/z50madwifi <br />
<br />
$ sudo ifup --verbose eth0<br />
Configuring interface eth0=eth0 (inet)<br />
run-parts --verbose /etc/network/if-pre-up.d<br />
run-parts: executing /etc/network/if-pre-up.d/050madwifi<br />
run-parts: executing /etc/network/if-pre-up.d/bridge<br />
run-parts: executing /etc/network/if-pre-up.d/uml-utilities<br />
run-parts: executing /etc/network/if-pre-up.d/wireless-tools<br />
run-parts: executing /etc/network/if-pre-up.d/wpasupplicant<br />
<br />
ifconfig eth0 192.168.1.2 netmask 255.255.255.0 up<br />
<br />
route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.1.20 dev eth0<br />
run-parts --verbose /etc/network/if-up.d<br />
run-parts: executing /etc/network/if-up.d/avahi-autoipd<br />
run-parts: executing /etc/network/if-up.d/avahi-daemon<br />
run-parts: executing /etc/network/if-up.d/mountnfs<br />
* Starting portmap daemon...<br />
* Already running.<br />
...done.<br />
* Starting NFS common utilities<br />
...done.<br />
run-parts: executing /etc/network/if-up.d/ntpdate<br />
run-parts: executing /etc/network/if-up.d/openssh-server<br />
run-parts: executing /etc/network/if-up.d/uml-utilities<br />
run-parts: executing /etc/network/if-up.d/wpasupplicant<br />
<br />
====Carpetes /etc/sysconfig/network/scripts i /etc/sysconfig/network-scripts====<br />
<br />
A Open Suse els scripts de post o pre instal·lació de xarxa els trobem a la carpeta '''/etc/sysconfig/network/scripts'''. A Fedora sovint es troben a /etc/sysconfig/network-scripts. El nom d'aquests fitxers segueix la lògica següent:<br />
<br />
*ifdown i ifup: són links a les comanda ifdown/ifup<br />
*ifup-xxxx: On xxxx és el nom d'un servei o aplicació Linux. Per tant, l'script ifup-xxxx és l'script que s'executa referent a aquesta aplicació quan s'engega la xarxa. Exemple ifup-ippp.<br />
*ifdown-xxxx: On xxxx és el nom d'un servei o aplicació Linux. Per tant, l'script ifdown-xxxx és l'script que s'executa referent a aquesta aplicació quan s'apaga la xarxa. <br />
<br />
<br />
===/etc/protocols===<br />
<br />
Aquest fitxer guarda els noms de protocols de TRANPORT utilitzats (o que suporta) aquest sistema.<br />
<br />
$ cat /etc/protocols <br />
# Internet (IP) protocols<br />
#<br />
# Updated from http://www.iana.org/assignments/protocol-numbers and other<br />
# sources.<br />
# New protocols will be added on request if they have been officially<br />
# assigned by IANA and are not historical.<br />
# If you need a huge list of used numbers please install the nmap package.<br />
<br />
ip 0 IP # internet protocol, pseudo protocol number<br />
#hopopt 0 HOPOPT # IPv6 Hop-by-Hop Option [RFC1883]<br />
icmp 1 ICMP # internet control message protocol<br />
igmp 2 IGMP # Internet Group Management<br />
ggp 3 GGP # gateway-gateway protocol<br />
ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP)<br />
st 5 ST # ST datagram mode<br />
tcp 6 TCP # transmission control protocol<br />
egp 8 EGP # exterior gateway protocol<br />
igp 9 IGP # any private interior gateway (Cisco)<br />
pup 12 PUP # PARC universal packet protocol<br />
udp 17 UDP # user datagram protocol<br />
hmp 20 HMP # host monitoring protocol<br />
xns-idp 22 XNS-IDP # Xerox NS IDP<br />
rdp 27 RDP # "reliable datagram" protocol<br />
iso-tp4 29 ISO-TP4 # ISO Transport Protocol class 4 [RFC905]<br />
xtp 36 XTP # Xpress Transfer Protocol<br />
ddp 37 DDP # Datagram Delivery Protocol<br />
idpr-cmtp 38 IDPR-CMTP # IDPR Control Message Transport<br />
ipv6 41 IPv6 # Internet Protocol, version 6<br />
ipv6-route 43 IPv6-Route # Routing Header for IPv6<br />
ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6<br />
idrp 45 IDRP # Inter-Domain Routing Protocol<br />
rsvp 46 RSVP # Reservation Protocol<br />
gre 47 GRE # General Routing Encapsulation<br />
esp 50 IPSEC-ESP # Encap Security Payload [RFC2406]<br />
ah 51 IPSEC-AH # Authentication Header [RFC2402]<br />
skip 57 SKIP # SKIP<br />
ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6<br />
ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6<br />
ipv6-opts 60 IPv6-Opts # Destination Options for IPv6<br />
rspf 73 RSPF CPHB # Radio Shortest Path First (officially CPHB)<br />
vmtp 81 VMTP # Versatile Message Transport<br />
eigrp 88 EIGRP # Enhanced Interior Routing Protocol (Cisco)<br />
ospf 89 OSPFIGP # Open Shortest Path First IGP<br />
ax.25 93 AX.25 # AX.25 frames<br />
ipip 94 IPIP # IP-within-IP Encapsulation Protocol<br />
etherip 97 ETHERIP # Ethernet-within-IP Encapsulation [RFC3378]<br />
encap 98 ENCAP # Yet Another IP encapsulation [RFC1241]<br />
# 99 # any private encryption scheme<br />
pim 103 PIM # Protocol Independent Multicast<br />
ipcomp 108 IPCOMP # IP Payload Compression Protocol<br />
vrrp 112 VRRP # Virtual Router Redundancy Protocol<br />
l2tp 115 L2TP # Layer Two Tunneling Protocol [RFC2661]<br />
isis 124 ISIS # IS-IS over IPv4<br />
sctp 132 SCTP # Stream Control Transmission Protocol<br />
fc 133 FC # Fibre Channel<br />
<br />
*'''Paquet que el proporciona:''' netbase<br />
*'''Manual''': man protocols <br />
<br />
===/etc/services===<br />
<br />
Conté una llista dels noms de serveis reconeguts pel sistema (protocols a nivell aplicació).<br />
<br />
Un extracte del fitxer:<br />
<br />
tcpmux 1/tcp # TCP port service multiplexer<br />
echo 7/tcp<br />
echo 7/udp<br />
discard 9/tcp sink null<br />
discard 9/udp sink null<br />
systat 11/tcp users<br />
daytime 13/tcp<br />
daytime 13/udp<br />
netstat 15/tcp<br />
qotd 17/tcp quote<br />
msp 18/tcp # message send protocol<br />
msp 18/udp<br />
chargen 19/tcp ttytst source<br />
chargen 19/udp ttytst source<br />
ftp-data 20/tcp<br />
ftp 21/tcp<br />
fsp 21/udp fspd<br />
ssh 22/tcp # SSH Remote Login Protocol<br />
ssh 22/udp<br />
telnet 23/tcp<br />
smtp 25/tcp mail<br />
time 37/tcp timserver<br />
time 37/udp timserver<br />
rlp 39/udp resource # resource location<br />
nameserver 42/tcp name # IEN 116<br />
whois 43/tcp nicname<br />
tacacs 49/tcp # Login Host Protocol (TACACS)<br />
tacacs 49/udp<br />
re-mail-ck 50/tcp # Remote Mail Checking Protocol<br />
re-mail-ck 50/udp<br />
domain 53/tcp nameserver # name-domain server<br />
domain 53/udp nameserver<br />
mtp 57/tcp # deprecated<br />
tacacs-ds 65/tcp # TACACS-Database Service<br />
tacacs-ds 65/udp<br />
bootps 67/tcp # BOOTP server<br />
bootps 67/udp<br />
bootpc 68/tcp # BOOTP client<br />
bootpc 68/udp<br />
tftp 69/udp<br />
gopher 70/tcp # Internet Gopher<br />
gopher 70/udp<br />
rje 77/tcp netrjs<br />
finger 79/tcp<br />
www 80/tcp http # WorldWideWeb HTTP<br />
www 80/udp # HyperText Transfer Protocol<br />
<br />
Una de les utilitats d'aquest fitxer és consultar el port per defecte d'un protocol. Per exemple, si volem saber quin port utilitza el protocol smtp podem escriure:<br />
<br />
$ cat /etc/services | grep smtp<br />
smtp 25/tcp mail<br />
ssmtp 465/tcp smtps # SMTP over SSL<br />
<br />
També es pot utilitzar al revés per conèixer el protocol més usual per a un port donat:<br />
<br />
$ cat /etc/services | grep 80<br />
www 80/tcp http # WorldWideWeb HTTP<br />
www 80/udp # HyperText Transfer Protocol<br />
...............<br />
<br />
Cal tenir en compte que totes les aplicacions de xarxa (com nmap o netstat) utilitzant la informació d'aquest fitxer per traduir ports en serveis. Per exemple:<br />
<br />
$ netstat -a<br />
Active Internet connections (servers and established)<br />
Proto Recv-Q Send-Q Local Address Foreign Address State <br />
tcp 0 0 localhost:2208 *:* LISTEN <br />
tcp 0 0 *:ldap *:* LISTEN <br />
tcp 0 0 localhost:47301 *:* LISTEN <br />
tcp 0 0 localhost:mysql *:* LISTEN <br />
tcp 0 0 *:11211 *:* LISTEN <br />
tcp 0 0 localhost:ipp *:* LISTEN <br />
tcp 0 0 localhost:postgresql *:* LISTEN <br />
tcp 0 0 *:smtp *:* LISTEN <br />
<br />
Els serveis als quals apareix el número de port són serveis que no apareixen al fitxer '''/etc/services'''. Els protocols que apareixen amb el seu nom (ipp,ldap,mysql,smtp...) són serveis que apareixen al fitxer '''/etc/protocols'''.<br />
<br />
*'''Paquet que el proporciona:''' netbase<br />
*'''Manual''': man services <br />
<br />
===/etc/rpc===<br />
<br />
Tradueix noms de serveis de programes rpc (remote procedure control) en els seus corresponents números rpc<br />
<br />
$ cat /etc/rpc <br />
# This file contains user readable names that can be used in place of rpc<br />
# program numbers.<br />
<br />
portmapper 100000 portmap sunrpc<br />
rstatd 100001 rstat rstat_svc rup perfmeter<br />
rusersd 100002 rusers<br />
nfs 100003 nfsprog<br />
ypserv 100004 ypprog<br />
.........<br />
<br />
*'''Paquet que el proporciona:''' netbase<br />
*'''Manual''': man rpc <br />
<br />
===/etc/host.conf===<br />
<br />
Vegeu [[Client_DNS#.2Fetc.2Fhosts.conf]]<br />
<br />
===/etc/hosts===<br />
<br />
Vegeu [[Client_DNS#.2Fetc.2Fhosts]]<br />
<br />
===/etc/hosts.allow i /etc/hosts.deny===<br />
<br />
Amb aquests fitxers es pot crear una llista ACL (Access Control List) de les màquines que poden (o no poden) accedir al nostre host.<br />
<br />
$ cat /etc/hosts.allow <br />
# /etc/hosts.allow: list of hosts that are allowed to access the system.<br />
# See the manual pages hosts_access(5), hosts_options(5)<br />
# and /usr/doc/netbase/portmapper.txt.gz<br />
#<br />
# Example: ALL: LOCAL @some_netgroup<br />
# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu<br />
#<br />
# If you're going to protect the portmapper use the name "portmap" for the<br />
# daemon name. Remember that you can only use the keyword "ALL" and IP<br />
# addresses (NOT host or domain names) for the portmapper, as well as for<br />
# rpc.mountd (the NFS mount daemon). See portmap(8), rpc.mountd(8) and <br />
# /usr/share/doc/portmap/portmapper.txt.gz for further information.<br />
#<br />
<br />
$ cat /etc/hosts.deny <br />
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.<br />
# See the manual pages hosts_access(5), hosts_options(5)<br />
# and /usr/doc/netbase/portmapper.txt.gz<br />
#<br />
# Example: ALL: some.host.name, .some.domain<br />
# ALL EXCEPT in.fingerd: other.host.name, .other.domain<br />
#<br />
# If you're going to protect the portmapper use the name "portmap" for the<br />
# daemon name. Remember that you can only use the keyword "ALL" and IP<br />
# addresses (NOT host or domain names) for the portmapper. See portmap(8)<br />
# and /usr/doc/portmap/portmapper.txt.gz for further information.<br />
#<br />
# The PARANOID wildcard matches any host whose name does not match its<br />
# address.<br />
<br />
# You may wish to enable this to ensure any programs that don't<br />
# validate looked up hostnames still leave understandable logs. In past<br />
# versions of Debian this has been the default.<br />
# ALL: PARANOID<br />
<br />
*'''Manual''': man hosts.allow<br />
*'''Manual''': man hosts.deny <br />
<br />
<br />
===/etc/resolv.conf===<br />
<br />
Vegeu [[Client_DNS#.2Fetc.2Fresolv.conf]]<br />
<br />
===Fitxer /etc/ethers===<br />
<br />
Es pot utilitzar aquest fitxer per no haver d'utilitzar la mac cada cop que es fa un wakeonlan:<br />
<br />
$ cat /etc/ethers<br />
08:00:20:00:61:CA nommaquina<br />
<br />
*[http://linux.die.net/man/5/ethers man ethers]<br />
<br />
===/etc/networks===<br />
<br />
Fitxer opcional (sovint no el tenim). Similar al fitxer '''/etc/hosts''' però per especificar xarxes. Exemple<br />
<br />
loopback 127.0.0.0<br />
localdomain 10.0.0.0<br />
<br />
'''Manual:'''<br />
<br />
*man networks<br />
<br />
===/etc/hostname===<br />
<br />
Conté el nom de la màquina:<br />
<br />
$ cat /etc/hostname <br />
casa-linux<br />
<br />
La comanda hostname ens proporciona el nom de la màquina.<br />
<br />
===/etc/iftab===<br />
<br />
Aquest fitxer permetia assignar noms fixes a les interfícies de xarxa. Actualment s'ha substituit per udev,<br />
<br />
$ cat /etc/iftab<br />
# This file is no longer used and has benn automatically replaced<br />
# See /etc/udev/rules.d/70-persistent-net.rules for more information<br />
#<br />
<br />
# This file assigns persistent names to network interfaces<br />
# see iftab(5) for syntax<br />
<br />
##eth0 mac 08:00:27:01:20:85<br />
<br />
===/proc/net/arp===<br />
<br />
Aquest fitxer conté la taula del [http://en.wikipedia.org/wiki/Address_Resolution_Protocol protocol ARP (Adress Resolution Protocol)]. Aquest protocol és l'encarregat de transformar IPs en MACs i és el que ens permet treballar amb IPs al nivell d'enllaç (xarxa àrea local).<br />
<br />
$ cat /proc/net/arp <br />
IP address HW type Flags HW address Mask Device<br />
10.0.2.101 0x1 0x2 00:11:09:CE:25:8E * eth0<br />
192.168.0.240 0x1 0x2 00:12:17:FC:98:87 * eth1<br />
10.0.2.1 0x1 0x2 00:50:7F:1F:2C:A3 * eth0<br />
10.0.2.107 0x1 0x2 00:11:09:CE:26:3E * eth0<br />
10.0.3.234 0x1 0x2 00:14:22:09:AA:3F * eth0<br />
<br />
Ens dóna el mateix resultat que la comanda arp (encara que la comanda arp no està sempre instal·lada)<br />
<br />
'''NOTA:''' No s'ha d'editar aquest fitxer directament. Cal utilitzar la comanda arp NOTA1: Només conté les MACS dels nodes (pcs o dispositius de xarxa) amb els quals s'ha establert alguna comunicació.<br />
<br />
El podem utilitzar per obtenir les MACS de tots els dispositius d'una xarxa d'àrea local. Per això primer utilitzem nmap<br />
<br />
sudo nmap 192.168.0.1-255<br />
<br />
i després consultem la taula arp amb<br />
<br />
$ cat /proc/net/arp<br />
<br />
o la comanda<br />
<br />
$ arp<br />
<br />
===/etc/udev/rules.d/70-persistent-net.rules===<br />
<br />
La gestió del nom de les interfícies de xarxa, abans es feia amb [[ifrename]], però ha estat substituit per udev:<br />
<br />
$ sudo apt-get install [[ifrename]] <br />
S'està llegint la llista de paquets... Fet <br />
S'està construint l'arbre de dependències <br />
S'està llegint la informació de l'estat... Fet<br />
El paquet ifrename no té versió disponible, però un altre paquet<br />
en fa referència. Això normalment vol dir que el paquet falta,<br />
s'ha tornat obsolet o només és disponible des d'una altra font.<br />
'''Tot i que els següents paquets el reemplacen:'''<br />
'''udev'''<br />
E: El paquet ifrename no té candidat d'instal·lació<br />
<br />
Ara el gestor de dispositius de xarxa és udev i substitueix la funció del fitxer /etc/iftab. Veieu el següent exemple d'un disc dur en rack que és connecta a diferents màquines, totes iguals però cadascuna amb una adreça de xarxa amb una MAC diferent (disc dur de l'escola):<br />
<br />
{{important|Les adreçes MAC s'han de posar en minúscules o encara millor copiar/pegar de la MAC que apareix amb ifconfig. És case sensitive!}}<br />
<br />
$ cat /etc/udev/rules.d/70-persistent-net.rules <br />
# This file maintains persistent names for network interfaces.<br />
# See udev(7) for syntax.<br />
#<br />
# Entries are automatically added by the 75-persistent-net-generator.rules<br />
# file; however you are also free to add your own entries.<br />
<br />
# PCI device 0x10ec:0x8167 (r8169)<br />
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:30:05:eb:3a:e6", NAME="eth0"<br />
<br />
# PCI device 0x10ec:0x8167 (r8169)<br />
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:30:05:eb:a2:fc", NAME="eth1"<br />
<br />
# PCI device 0x10ec:0x8167 (r8169)<br />
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:30:05:eb:a3:8d", NAME="eth2" <br />
<br />
# PCI device 0x10ec:0x8167 (r8169)<br />
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:30:05:eb:38:55", NAME="eth3"<br />
<br />
# PCI device 0x10ec:0x8167 (r8169)<br />
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:30:05:eb:38:04", NAME="eth4"<br />
<br />
# PCI device 0x10ec:0x8167 (r8169)<br />
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:30:05:eb:38:11", NAME="eth5"<br />
<br />
# PCI device 0x10ec:0x8167 (r8169)<br />
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:30:05:eb:38:0c", NAME="eth6"<br />
<br />
A Debian Etch el fitxer s'anomena /etc/udev/rules.d/z25_persistent-net.rules:<br />
<br />
$ cat /etc/udev/rules.d/z25_persistent-net.rules <br />
# This file was automatically generated by the /lib/udev/write_net_rules<br />
# program, probably run by the persistent-net-generator.rules rules file.<br />
#<br />
# You can modify it, as long as you keep each rule on a single line. <br />
<br />
# PCI device 0x8086:0x2449 (eepro100)<br />
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:c0:a8:f9:7b:87", NAME="eth0" <br />
<br />
# PCI device 0x8086:0x2449 (e100)<br />
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:c0:a8:f9:7d:3d", NAME="eth0"<br />
<br />
# PCI device 0x8086:0x2449 (e100)<br />
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:c0:a8:f9:82:10", NAME="eth0"<br />
<br />
# PCI device 0x8086:0x2449 (e100)<br />
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:c0:a8:f9:89:2e", NAME="eth1"<br />
<br />
'''NOTA''': Exemple extret de l'aula Linux.<br />
<br />
==== Canviar el nom d'una interfície de xarxa ====<br />
<br />
Es pot fer modificant el fitxer [[/etc/udev/rules.d/70-persistent-net.rules]]:<br />
<br />
$ cat /etc/udev/rules.d/70-persistent-net.rules<br />
...<br />
# Virtual network (eth0--> intranet)<br />
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:16:3E:00:AB:00", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="intranet" <br />
<br />
# Virtual network (eth1--> aula1)<br />
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:16:3E:00:AB:01", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="aula1" <br />
<br />
# Virtual network (eth2--> aula2)<br />
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:16:3E:00:AB:02", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="aula2"<br />
<br />
# Virtual network (eth3--> aula3)<br />
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:16:3E:00:AB:03", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="aula3"<br />
<br />
# Virtual network (eth4--> internet)<br />
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:16:3E:00:AB:04", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="internet"<br />
<br />
Consulteu:<br />
<br />
[[Tallafocs_Linux#domU]]<br />
<br />
En alguns casos he trobat que només canvia algunes targetes de xarxa:<br />
<br />
ifconfig abans:<br />
<br />
$ sudo ifconfig -a<br />
eth1 Link encap:Ethernet HWaddr 00:16:3e:00:ab:01 <br />
...<br />
intranet Link encap:Ethernet HWaddr 00:16:3e:00:ab:00 <br />
inet addr:192.168.0.46 Bcast:192.168.0.255 Mask:255.255.255.0<br />
inet6 addr: fe80::216:3eff:fe00:ab00/64 Scope:Link<br />
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br />
RX packets:80 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:15 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:1000 <br />
RX bytes:5196 (5.1 K<br />
<br />
En canvi al executar:<br />
<br />
$ sudo udevadm test /sys/class/net/eth1<br />
...<br />
rename_netif: changing net interface name from 'eth1' to 'aula1'<br />
udev_event_execute_rules: renamed netif to 'aula1'<br />
udev_event_execute_rules: changed devpath to '/devices/vif-1/net/aula1'<br />
udevadm_test: UDEV_LOG=6<br />
udevadm_test: DEVPATH=/devices/vif-1/net/aula1<br />
udevadm_test: INTERFACE=aula1<br />
udevadm_test: IFINDEX=3<br />
udevadm_test: ACTION=add<br />
udevadm_test: SUBSYSTEM=net<br />
udevadm_test: INTERFACE_OLD=eth1<br />
<br />
Ja li canvia el nom de eth1 a aula1.<br />
<br />
===/etc/udev/rules.d/75-persistent-net-generator.rules===<br />
<br />
$ cat /etc/udev/rules.d/75-persistent-net-generator.rules<br />
# these rules generate rules for persistent network device naming<br />
<br />
ACTION=="add", SUBSYSTEM=="net", KERNEL=="eth*|ath*|wlan*|ra*|sta*" \<br />
NAME!="?*", DRIVERS=="?*", GOTO="persistent_net_generator_do"<br />
<br />
GOTO="persistent_net_generator_end"<br />
LABEL="persistent_net_generator_do"<br />
<br />
# build device description string to add a comment the generated rule<br />
SUBSYSTEMS=="pci", ENV{COMMENT}="PCI device $attr{vendor}:$attr{device} ($attr{driver})"<br />
SUBSYSTEMS=="usb", ENV{COMMENT}="USB device 0x$attr{idVendor}:0x$attr{idProduct} ($attr{driver})"<br />
SUBSYSTEMS=="ieee1394", ENV{COMMENT}="Firewire device $attr{host_id})"<br />
SUBSYSTEMS=="xen", ENV{COMMENT}="Xen virtual device"<br />
ENV{COMMENT}=="", ENV{COMMENT}="$env{SUBSYSTEM} device ($attr{driver})"<br />
<br />
IMPORT{program}="write_net_rules $attr{address}"<br />
ENV{INTERFACE_NEW}=="?*", NAME="$env{INTERFACE_NEW}" <br />
<br />
LABEL="persistent_net_generator_end"<br />
<br />
A Debian Etch:<br />
<br />
$ cat /etc/udev/rules.d/z45_persistent-net-generator.rules <br />
# These rules generate rules to keep network interface names unchanged<br />
# across reboots write them to /etc/udev/rules.d/z25_persistent-net.rules.<br />
#<br />
# The default name for this file is z45_persistent-net-generator.rules. <br />
<br />
ACTION!="add", GOTO="persistent_net_generator_end"<br />
SUBSYSTEM!="net", GOTO="persistent_net_generator_end"<br />
<br />
# ignore the interface if a name has already been set<br />
NAME=="?*", GOTO="persistent_net_generator_end"<br />
<br />
# ignore "secondary" raw interfaces of the madwifi driver<br />
KERNEL=="ath*", ATTRS{type}=="802", GOTO="persistent_net_generator_end"<br />
<br />
# provide nice comments for the generated rules<br />
SUBSYSTEMS=="pci", \<br />
ENV{COMMENT}="PCI device $attr{vendor}:$attr{device}"<br />
SUBSYSTEMS=="usb", \<br />
ENV{COMMENT}="USB device $attr{idVendor}:$attr{idProduct}"<br />
SUBSYSTEMS=="ieee1394", \<br />
ENV{COMMENT}="Firewire device $attr{host_id}"<br />
SUBSYSTEMS=="xen", \<br />
ENV{COMMENT}="Xen virtual device"<br />
ENV{COMMENT}=="", \<br />
ENV{COMMENT}="Unknown $env{SUBSYSTEM} device ($env{DEVPATH})"<br />
ATTRS{driver}=="?*", \<br />
ENV{COMMENT}="$env{COMMENT} ($attr{driver})"<br />
<br />
# ignore interfaces without a driver link like bridges and VLANs<br />
KERNEL=="eth*|ath*|wlan*|ra*|sta*", DRIVERS=="?*",\<br />
IMPORT{program}="write_net_rules $attr{address}"<br />
<br />
ENV{INTERFACE_NEW}=="?*", NAME="$env{INTERFACE_NEW}"<br />
<br />
LABEL="persistent_net_generator_end"<br />
<br />
===/etc/udev/rules.d/85-ifupdown.rules===<br />
<br />
$ /etc/udev/rules.d/85-ifupdown.rules<br />
# This file causes network devices to be brought up or down as a result<br />
# of hardware being added or removed, including that which isn't ordinarily<br />
# removable.<br />
# See udev(7) for syntax.<br />
<br />
SUBSYSTEM=="net", DRIVERS=="?*", GOTO="net_start"<br />
GOTO="net_end"<br />
<br />
LABEL="net_start" <br />
<br />
# Bring devices up and down only if they're marked auto.<br />
# Use start-stop-daemon so we don't wait on dhcp<br />
ACTION=="add", RUN+="/sbin/start-stop-daemon --start --background --pidfile /var/run/network/bogus --startas /sbin/ifup -- --allow auto $env{INTERFACE}"<br />
ACTION=="remove", RUN+="/sbin/start-stop-daemon --start --background --pidfile /var/run/network/bogus --startas /sbin/ifdown -- --allow auto $env{INTERFACE}"<br />
<br />
LABEL="net_end"<br />
<br />
===/proc/net/route===<br />
<br />
Conté la taula de rutes de la màquina. Aquest fitxer és molt similar al fitxer '''/proc/net/arp''' però per a la comanda route.<br />
<br />
$ cat /proc/net/route<br />
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT <br />
vmnet8 00C4A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 <br />
eth0 0001A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 <br />
vmnet1 00FCA8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 <br />
eth0 00000000 0101A8C0 0003 0 0 0 00000000 0 0 0<br />
<br />
Ens dóna el mateix resultat que la comanda route (el format està però en hexadecimal).<br />
<br />
'''NOTA:''' No s'ha d'editar aquest fitxer directament. Cal utilitzar la comanda route<br />
<br />
===/etc/nscd.conf===<br />
<br />
És el fitxer de configuració del servei NSCD (Name Service Cache Daemon) en tots els sistemes.<br />
<br />
===/etc/nsswitch.conf===<br />
<br />
Vegeu [[Client_DNS#.2Fetc.2Fnsswitch.conf]]<br />
<br />
===/etc/network/options===<br />
<br />
A Debian s'utilitza (és llegeix els continguts a l'executar l'init script [[Xarxes_Linux#.2Fetc.2Finit.d.2Fnetworking | /etc/init.d/networking/restart]]) per configurar les opciones d'arrancada de les targetes de xarxa. Exemple:<br />
<br />
$ cat /etc/network/options<br />
ip_forward=no<br />
spoofprotect=yes<br />
syncookies=no<br />
<br />
''''Recursos''':<br />
*http://openskills.info/infobox.php?ID=1099<br />
<br />
===/proc/sys/net/ipv4===<br />
<br />
La carpeta proc conté el pseudo sistema de fitxers (realment aquest sistema de fitxers només existeix en memòria) que s'utilitza com una interfície per accedir a les estructures de dades del kernel de Linux. Majoritariament és de només lectura, però en alguns casos es poden modificar algunes variables. La informació del protocol IP es guarda a la carpeta:<br />
<br />
/proc/sys/net/ipv4<br />
<br />
====/proc/sys/net/ipv4/ip_forward====<br />
<br />
Indica si la màquina fa o no les funcions d'[[Encaminament|Encaminador]].<br />
<br />
===/proc/sys/net/ipv6===<br />
<br />
Equivalent a l'anterior però per a la versió 6 del protocol IP.<br />
<br />
=/etc/NetworkManager/dispatcher.d/01ifupdown=<br />
<br />
$ cat /etc/NetworkManager/dispatcher.d/01ifupdown<br />
#!/bin/sh -e<br />
# Script to dispatch NetworkManager events<br />
#<br />
# Runs ifupdown scripts when NetworkManager fiddles with interfaces. <br />
<br />
if [ -z "$1" ]; then<br />
echo "$0: called with no interface" 1>&2<br />
exit 1;<br />
fi<br />
<br />
# Fake ifupdown environment<br />
export IFACE="$1"<br />
export LOGICAL="$1"<br />
export ADDRFAM="NetworkManager"<br />
export METHOD="NetworkManager"<br />
export VERBOSITY="0" <br />
<br />
# Run the right scripts<br />
case "$2" in<br />
up)<br />
export MODE="start"<br />
export PHASE="up"<br />
exec run-parts /etc/network/if-up.d<br />
;;<br />
down)<br />
export MODE="stop"<br />
export PHASE="down"<br />
exec run-parts /etc/network/if-down.d<br />
;;<br />
pre-up)<br />
export MODE="start"<br />
export PHASE="pre-up"<br />
exec run-parts /etc/network/if-pre-up.d<br />
;;<br />
post-down)<br />
export MODE="stop"<br />
export PHASE="post-down"<br />
exec run-parts /etc/network/if-post-down.d<br />
;;<br />
*)<br />
echo "$0: called with unknown action \`$2'" 1>&2<br />
exit 1<br />
;;<br />
esac<br />
<br />
Sembla doncs, que amb Netowrk manager els scripts de les carpetes '''/etc/network/if-x.d''' també s'executen.<br />
===/etc/bind===<br />
<br />
Veieu la secció Configuració de bind de l'article sobre [[DNS]].<br />
<br />
===/etc/bind/named.conf===<br />
<br />
Veieu la secció '''/etc/bind/named.conf''' de l'article sobre [[DNS]].<br />
<br />
===/etc/bind/named.conf.local===<br />
<br />
Veieu la secció '''/etc/bind/named.conf.local''' de l'article sobre [[DNS]].<br />
<br />
===/etc/bind/named.conf.options===<br />
<br />
Veieu la secció '''/etc/bind/named.conf.options''' de l'article sobre [[DNS]].<br />
<br />
=Configuració gràfica de xarxa a Ubuntu=<br />
<br />
*[[Tutorial pas a pas configuració xarxa en Ubuntu]] <br />
<br />
=Configuració gràfica de xarxa en sistemes Red Hat / Fedora=<br />
<br />
$ system-config-network<br />
<br />
Altres configuradors de la xarxa a Red Hat/Fedora són:<br />
<br />
*netconfig: Obsolet.<br />
*system-config-network-tui: Versió de text de system-config-network.<br />
*system-config-network-druid (Menu System tools - Internet configuration wizard): Wizard pas a pas de configuració de la xarxa. <br />
<br />
Els fitxers de configuració de la resolució de noms són els mateixos que a Debian. El fitxer '''/etc/hosts''' per a la configuració estàtica i el fitxer '''/etc/resolv.conf''' per a la configuració del client de DNS.<br />
<br />
Red Hat com Ubuntu, també permet configurar diferents perfils d'accés a xarxa. Els perfils es guarden a la carpeta '''/etc/sysconfig/networking/profiles'''. Cada perfil es guarda en una carpeta amb el nom del perfil. Per exemple, si el perfil és casa tenim una carpeta:<br />
<br />
/etc/sysconfig/networking/profiles/casa<br />
<br />
amb la informació de xarxa d'aquest perfil. Al carregar Fedora utilitza el perfil default (/etc/sysconfig/networking/profiles/default). Per canviar de perfil podem executar:<br />
<br />
$ system-config-network-cmd -p profilename --activate.<br />
<br />
'''Recursos:'''<br />
<br />
*http://openskills.info/infobox.php?ID=247 <br />
<br />
=Configuració gràfica de xarxa en sistemes SUSE (OpenSuse, Linkat...)=<br />
<br />
La configuració gràfica es pot fer mitjançant la eina de Suse YAst, que normalment trobem al Menu Escriptori i busquem la configuració de la targeta de xarxa. Podem accedir al mateix lloc directament des de la línia de comandes:<br />
<br />
/sbin/yast2 lan<br />
<br />
=Troubleshooting=<br />
<br />
==Test de la xarxa==<br />
<br />
La següent bateria de comandes pot ser útil per tal de testejar el funcionament de la xarxa<br />
<br />
$ping yahoo.com # verificar la conexión a Internet<br />
$traceroute yahoo.com # rastrear paquetes IP<br />
$ifconfig # verificar la configuración del <br />
# anfitrión (host)<br />
$route -n # verificar la configuración de la ruta<br />
$dig [@dns-server.com] host.dom [{a|mx|any}] |less<br />
# verificar registros host.dom DNS [@ dns-server.com] para <br />
# un registro {a|mx|any}<br />
$ichains -L -n |less # verificar filtrado de paquetes (kernel 2.2)<br />
$iptables -L -n |less # verificar filtrado de paquetes (kernel 2.4)<br />
$netstat -a # mostrar todos los puertos abiertos<br />
$netstat -l --inet # mostrar los puertos en escucha<br />
$netstat -ln --tcp # mostrar puertos tcp en escucha (numérico)<br />
<br />
<br />
=Recursos=<br />
<br />
*http://ubuntuguide.org/wiki/Ubuntu_Edgy#Networking<br />
*http://www.debianadmin.com/ubuntu-networking-for-basic-and-advanced-users.html<br />
*http://tldp.org/HOWTO/NET3-4-HOWTO.html<br />
*http://www.faqs.org/docs/securing/chap9sec90.html<br />
*[http://bulma.net/impresion.phtml?nIdNoticia=1309 Redes wireless con linux (Bulma)]<br />
*http://www.europe.redhat.com/documentation/rhl7.2/rhl-rg-es-7.2/ch-networkscripts.php3<br />
*http://www.debian.org/doc/manuals/reference/ch-gateway.es.html#s-net-dhcp<br />
<br />
[[Categoria:Xarxa]]<br />
<br />
[[ca:Xarxes Linux]]</div>Lib2knowhttp://en.wiki.guifi.net/wiki/Bridges_with_LinuxBridges with Linux2014-03-28T02:57:12Z<p>Lib2know: /* language links */</p>
<hr />
<div>=Bridge Utilities in Linux=<br />
<br />
==The bridge-utils package==<br />
<br />
'''Installation''':<br />
<br />
$ sudo apt-get install bridge-utils<br />
<br />
'''Commands''':<br />
<br />
$ dpkg -L bridge-utils | grep bin<br />
/usr/sbin<br />
'''/usr/sbin/brctl'''<br />
<br />
'''Configuration files''':<br />
<br />
$ dpkg -L bridge-utils | grep etc<br />
/etc<br />
/etc/network<br />
/etc/network/if-pre-up.d<br />
/etc/network/if-pre-up.d/bridge<br />
/etc/network/if-post-down.d<br />
/etc/network/if-post-down.d/bridge<br />
<br />
'''Resources''':<br />
<br />
*[http://linux.die.net/man/8/brctl brctl]<br />
<br />
===The bridge control command 'brctl'===<br />
<br />
'''Show the bridges''':<br />
<br />
$ brctl show <br />
bridge name bridge id STP enabled interfaces<br />
br0 8000.001601a1a9b7 no eth0<br />
wlan0<br />
br1 8000.000000000000 no <br />
<br />
'''Create a new bridge''':<br />
<br />
$ brctl addbr br1<br />
<br />
'''Add/delete interfaces a un bridge''':<br />
<br />
$ brctl delif<br />
<br />
$ brctl addif<br />
<br />
===Creation of a bridge===<br />
<br />
We install the package [[Bridges_with_Linux#The_bridge-utils_package | bridge-utils]] and the file '''/etc/network/interfaces'''. <br />
Then we create an interface as a bridge from eth0:<br />
<br />
$ cat /etc/network/interfaces<br />
<br />
auto lo<br />
iface lo inet loopback<br />
<br />
auto br0<br />
iface br0 inet static<br />
address 192.168.1.2<br />
netmask 255.255.255.0<br />
gateway 192.168.1.1<br />
'''bridge_ports eth0'''<br />
<br />
auto eth0<br />
'''iface eth0 inet manual'''<br />
<br />
We can use DHCP, as well:<br />
<br />
$ cat /etc/network/interfaces<br />
<br />
auto lo<br />
iface lo inet loopback<br />
<br />
auto br0<br />
iface br0 inet dhcp<br />
'''bridge_ports eth0'''<br />
<br />
auto eth0<br />
'''iface eth0 inet manual'''<br />
<br />
'''NOTE''': Note how the interface eth0 is manually configured and the line '''bridge_ports eth0'''.<br />
<br />
<br />
We restart to initialize the network:<br />
<br />
$ sudo /etc/init.d/networking restart<br />
<br />
From now on the eth0 interface can be observed by executing '''ifconfig''':<br />
<br />
$ ifconfig<br />
br0 Link encap:Ethernet HWaddr 00:30:1B:B7:CD:B6 <br />
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0<br />
inet6 addr: fe80::230:1bff:feb7:cdb6/64 Scope:Link<br />
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br />
RX packets:28932 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:28277 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:0 <br />
RX bytes:24356075 (23.2 MB) TX bytes:17213164 (16.4 MB)<br />
<br />
eth0 Link encap:Ethernet HWaddr 00:30:1B:B7:CD:B6 <br />
inet6 addr: fe80::230:1bff:feb7:cdb6/64 Scope:Link<br />
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br />
RX packets:20788 errors:0 dropped:0 overruns:0 frame:0<br />
TX packets:14681 errors:0 dropped:0 overruns:0 carrier:0<br />
collisions:0 txqueuelen:1000 <br />
RX bytes:23664360 (22.5 MB) TX bytes:1995733 (1.9 MB)<br />
Interrupt:20 <br />
<br />
<br />
<br />
It is a non configured interface (Dummy). This is normal, check the network if it still works.<br />
<br />
==The package uml-utilities==<br />
<br />
Installation of User Mode Linux utilities package (uml-utilities):<br />
<br />
$ sudo apt-get install uml-utilities<br />
<br />
The User Mode Linux package contains tools to create [https://en.wikipedia.org/wiki/Network_tap TAP] interfaces.<br />
Add permissions to access the user interface:<br />
<br />
$ sudo gpasswd -a <user> uml-net<br />
<br />
For example:<br />
<br />
$ sudo gpasswd -a sergi uml-net<br />
<br />
We need to restart to apply the permissions. <br />
<br />
We edit the file '''/etc/network/interfaces''' To add the TAP interface by appending:<br />
<br />
auto tap0<br />
iface tap0 inet manual<br />
up ifconfig $IFACE 0.0.0.0 up<br />
down ifconfig $IFACE down<br />
tunctl_user <user><br />
<br />
We replace the placeholer ''<user>'' with out username. For example:<br />
<br />
auto tap0<br />
iface tap0 inet manual<br />
up ifconfig $IFACE 0.0.0.0 up<br />
down ifconfig $IFACE down<br />
tunctl_user sergi<br />
bridge_ports eth0 tap0<br />
<br />
Restart to initialize the network:<br />
<br />
$ sudo /etc/init.d/networking restart<br />
<br />
=The command tunctl=<br />
<br />
Now we create a bridge:<br />
<br />
$ sudo tunctl -t tap1 -u sergi<br />
$ sudo chmod 666 /dev/net/tun<br />
<br />
And:<br />
<br />
$ sudo brctl addbr br0 <br />
<br />
$ sudo ifconfig eth0 0.0.0.0 promisc <br />
$ sudo brctl addif br0 eth0<br />
$ dhclient br0<br />
<br />
<br />
$ sudo brctl addif br0 tap1 <br />
<br />
=Resources=<br />
<br />
*[https://help.ubuntu.com/community/VirtualBox#head-ac88c03223e773c78dbb46b4b13c109de1143a03 Ubuntu VirtualBox]<br />
*[http://gentoo-wiki.com/HOWTO_setup_a_gentoo_bridge HOWTO_setup_a_gentoo_bridge]<br />
<br />
[[ca:Bridges amb Linux]]</div>Lib2knowhttp://en.wiki.guifi.net/wiki/A.L.F.R.E.D.A.L.F.R.E.D.2013-10-22T11:41:07Z<p>Al: </p>
<hr />
<div>'''Alfred''' (acronym of ''Almighty Lightweight Fact Remote Exchange Daemon'') is a [[user space]] [[daemon]] for distributing arbitrary local information over the [[mesh]]/network in a decentralized fashion. This data can be anything which appears to be useful - originally designed to replace the [[batman-adv]] visualization (vis), you may distribute hostnames, phone books, administration information, DNS information, the local weather forecast, etc.<br />
<br />
'''Alfred''' runs as daemon in the background of the system. A user may insert information by using the alfred binary on the command line, or use special programs to communicate with alfred (done via unix sockets). The daemon then takes care of distributing the local information to other alfred servers on other nodes. This is done via [[IPv6#Link-local multicast|IPv6 link-local multicast]], and does not require any configuration. A user can request data from alfred, and will receive the information available from all alfred servers in the network.<br />
<br />
== External links ==<br />
* [http://www.open-mesh.org/projects/alfred Oficial development site of Alfred]<br />
<br />
[[Category:Daemon]]<br />
[[Category:MANET]]</div>Alhttp://en.wiki.guifi.net/wiki/GuifiModuleGuifiModule2012-12-07T19:06:14Z<p>Al: Al moved page GuifiModule to GuifiModule/en</p>
<hr />
<div><br />
=== Comments ===<br />
<br />
<br />
=== Typos in English ===<br />
* '''ensalved''' instead of '''enslaved'''<br />
<br />
'''Note: Other typos might be found at:<br />
http://pad.marsupi.org/guifi-typos'''</div>Tonichttp://en.wiki.guifi.net/wiki/TranslationTranslation2012-12-07T19:04:05Z<p>Tonic: Created page with " == Welcome to the translation area == guifiModule"</p>
<hr />
<div><br />
== Welcome to the translation area ==<br />
<br />
[[guifiModule]]</div>Tonichttp://en.wiki.guifi.net/wiki/TrantorTrantor2012-08-31T00:07:46Z<p>Al: Al moved page Trantor to Trantor/en</p>
<hr />
<div>Imperial Library of Trantor<br />
<br />
The Imperial Library of Trantor (also known as Galactic Library) is a repository management system of ebooks on ePub format.<br />
<br />
You can check out the main development branch from Gitorious at:<br />
<br />
https://gitorious.org/trantor/<br />
<br />
(We still in pre-beta fase)<br />
<br />
== Dependences ==<br />
<br />
In order to run Trantor, you need to install the following packages:<br />
<br />
* Go language<br />
* Epub development library<br />
* Mongodb<br />
* Imagemagick (for resize covers)<br />
* Bazaar<br />
* Mercurial<br />
* Git (necessary only if you want to deal with the repository)<br />
<br />
Under Debian Wheezy you can simply run:<br />
<br />
aptitude install golang-go git mercurial bzr libepub-dev mongodb imagemagick<br />
<br />
Yo also need to install go dependences:<br />
<br />
go get labix.org/v2/mgo/bson labix.org/v2/mgo/ code.google.com/p/gorilla/sessions<br />
<br />
== Installation ==<br />
=== For admins ("for developers" below) ===<br />
<br />
Now you can install Trantor itself:<br />
<br />
go get git.gitorious.org/trantor/trantor.git<br />
<br />
You can run trantor in /srv/www/trantor i.e. For this:<br />
<br />
mkdir -p /srv/www/trantor<br />
<br />
cd /srv/www/trantor<br />
<br />
ln -s /usr/lib/go/src/pkg/git.gitorious.org/trantor/trantor.git/templates/ templates<br />
ln -s /usr/lib/go/src/pkg/git.gitorious.org/trantor/trantor.git/css/ css<br />
ln -s /usr/lib/go/src/pkg/git.gitorious.org/trantor/trantor.git/js/ js<br />
ln -s /usr/lib/go/src/pkg/git.gitorious.org/trantor/trantor.git/img/ img<br />
<br />
Now you can run it:<br />
/usr/lib/go/bin/trantor.git<br />
<br />
Go to your browser to: http://localhost:8080<br />
<br />
=== For developers ===<br />
<br />
Login to gitorius: https://gitorious.org/login<br />
and clone your own Trantor: https://gitorious.org/trantor/trantor/clone<br />
<br />
In your shell<br />
git clone git://gitorious.org/~yourname/trantor/yournames-trantor.git <br />
cd yournames-trantor<br />
<br />
You can edit config.go if you want to change the port and other configuration, by default is 8080<br />
<br />
Now you can compile Trantor:<br />
go build<br />
<br />
Now you can run it:<br />
./yourname-trantor<br />
<br />
Go to your browser to: http://localhost:8080<br />
<br />
== Bugs ==<br />
<br />
Please, report bugs to zenow@tormail.org<br />
<br />
== Patches ==<br />
Make your enhacements and sent it by git:<br />
<br />
git commit -m "comment"<br />
git push<br />
<br />
Go to "merge-requests"<br />
https://gitorious.org/trantor/yournames-trantor/merge_requests/new<br />
<br />
[[Category:Installation manual]]<br />
<br />
[[es:Trantor]]</div>Alhttp://en.wiki.guifi.net/wiki/Main_PageMain Page2012-03-26T18:45:42Z<p>Al: </p>
<hr />
<div><div style="width: 600px; margin: 0 auto; background-color: #fcfcfc; border: 1px solid #ccc; border-bottom: 5px groove #999999; border-right:5px groove #999999; text-align: center; padding: 0.4em;"><br />
<div style="font-size: 162%; padding: 0.1em;">Warning: Wiki moved to [http://pool.wiki.guifi.net pool.wiki.guifi.net]</div><br />
<br />
This content about guifi.net in English has been moved to unified languages wiki pool.wiki.guifi.net in order to make easier translations. All content (included user pages and others) go to pool.wiki.guifi.net. Any changes please do it there. Editions in en.wiki.guifi.net are not allowed now, this message will be deleted when we'll do automatic redirection to pool.wiki.guifi.net. We keep license of copy, edit and distribution, of course.<br />
<br />
<div style="font-size: 85%;">Until migration we had [[Special:Statistics|{{NUMBEROFARTICLES}}]] [[Special:AllPages|articles]] in English.</div><br />
<br />
<div style="font-size: 162%; padding: 0.1em;">Aviso: Wiki movido a [http://pool.wiki.guifi.net pool.wiki.guifi.net]</div><br />
<br />
El contenido de este wiki sobre guifi.net en inglés ha sido movido al wiki unificador de idiomas que se llama actualmente pool.wiki.guifi.net para facilitar las traducciones. Todo el contenido (incluso las páginas de usuarias y otros) pasa a pool.wiki.guifi.net. Cualquier cambio hágalo allá. No está permitida la edición en en.wiki.guifi.net, el cual será redirigido automáticamente a pool.wiki.guifi.net en breve. La licencia de libre copia, edición y distribución se mantiene, como no podría ser de otra manera.<br />
</div><br />
__NOTOC__<br />
{| style="width:100%; background:#f6f6f6; border:1px solid #C7D0F8; font-size:107%; -moz-border-radius:1em; -webkit-border-radius:1em;border-radius:1em;"<br />
| valign="top" style="padding:12px 17px 5px 17px" |<br />
'''Guifi.net''' it's of everyone, join us connecting your network segment to the others.<br />
<br />
It's a collaborative proyect,horizontally organized, that brings together individuals, collectives, companies and administrations. Is open, so everyone can join on equal terms.<br />
<br />
[[ca:Documentació de guifi.net]]<br />
[[es:Portada]]<br />
[[eu:azala]]<br />
[[fr:accueil]]<br />
[[gl:Portada]]<br />
[[pt:Página_principal]]</div>MediaWiki default