header image
Home arrow Projects arrow Building A Node arrow Neil's Tips & Tricks
Neil's Tips & Tricks PDF Print

Having built a node using Debian, Neil has a bunch of tips and tricks for customising the node.

 This is the start of Don's (my) working notes on what he did...  at present this page is mainly a reference to myself.

Naming Interfaces. 

Network interfaces are named in /etc/iftab

You need to know the mac address of the card you're naming.

Neils Sys Admin Notes

Neil has a whole host of sysadmin notes here... 

 /etc/networking/interfaces

This file is used to set up the networking in debian 3.1.

Below is a sample file off TCN0002

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface auto lo iface lo inet loopback
# the backup configuration in case interface renaming doesn't work

auto eth0
iface eth0 inet dhcp

# the interface to the PRIVATE network auto home
# for when installed at the support site: iface home inet dhcp
# for when installed at the owner's site:

#iface home inet static
# address 192.168.1.254
# netmask 255.255.255.0
# broadcast 192.168.1.255
# up /etc/init.d/iptables start


# the interface to the COMMUNITY network
auto cmnty
iface cmnty inet static
address 10.252.16.29
netmask 255.255.255.224
broadcast 10.255.255.255
up /etc/init.d/iptables start
up route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.252.16.1

 Options File

Check if the options file has the following content in it...

root@tcn0002:/etc/network# cat options
ip_forward=yes
spoofprotect=yes
syncookies=no
root@tcn0002:/etc/network#
 

/var/lib/iptables configuration

This configuration assumes the machine is a wireless server so it's masquaraiding the wifi card.

root@tcn0002:/var/lib/iptables# ls
active  inactive
root@tcn0002:/var/lib/iptables# cat active
# Generated by iptables-save v1.2.11 on Fri Jun 23 23:17:26 2006
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -o cmnty -j MASQUERADE
COMMIT
# Completed on Fri Jun 23 23:17:26 2006
# Generated by iptables-save v1.2.11 on Fri Jun 23 23:17:26 2006
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:all-nets - [0:0]
:priv-net - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j all-nets
-A INPUT -i home -j priv-net
-A INPUT -j LOG
-A INPUT -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o cmnty -j ACCEPT
-A FORWARD -j DROP
-A all-nets -p tcp -m multiport --dports 22,80 -j ACCEPT
-A priv-net -p tcp -m multiport --dports 25,53,1723 -j ACCEPT
-A priv-net -p udp -m multiport --dports 53,67 -j ACCEPT
-A priv-net -p gre -j ACCEPT
COMMIT
# Completed on Fri Jun 23 23:17:26 2006
root@tcn0002:/var/lib/iptables#

Inactive

I don't recall why we have an inactive script but we do...

root@tcn0002:/var/lib/iptables# cat inactive
# Generated by iptables-save v1.2.11 on Thu Jun 22 19:13:32 2006
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Thu Jun 22 19:13:32 2006
# Generated by iptables-save v1.2.11 on Thu Jun 22 19:13:32 2006
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Thu Jun 22 19:13:32 2006
root@tcn0002:/var/lib/iptables#