Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-doc-cvs

From: Sven Vermeulen <swift@××××××××××××.org>
To: gentoo-doc-cvs@l.g.o
Subject: [gentoo-doc-cvs] cvs commit: home-router-howto.xml
Date: Tue, 20 May 2008 19:09:41
Message-Id: E1JyXDM-0004nV-Od@stork.gentoo.org
1 swift 08/05/20 19:09:36
2
3 Modified: home-router-howto.xml
4 Log:
5 Coding style again (did a bit too much before)
6
7 Revision Changes Path
8 1.61 xml/htdocs/doc/en/home-router-howto.xml
9
10 file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/home-router-howto.xml?rev=1.61&view=markup
11 plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/home-router-howto.xml?rev=1.61&content-type=text/plain
12 diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/home-router-howto.xml?r1=1.60&r2=1.61
13
14 Index: home-router-howto.xml
15 ===================================================================
16 RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/home-router-howto.xml,v
17 retrieving revision 1.60
18 retrieving revision 1.61
19 diff -u -r1.60 -r1.61
20 --- home-router-howto.xml 20 May 2008 18:57:45 -0000 1.60
21 +++ home-router-howto.xml 20 May 2008 19:09:36 -0000 1.61
22 @@ -1,12 +1,12 @@
23 <?xml version='1.0' encoding='UTF-8'?>
24 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
25 -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/home-router-howto.xml,v 1.60 2008/05/20 18:57:45 swift Exp $ -->
26 +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/home-router-howto.xml,v 1.61 2008/05/20 19:09:36 swift Exp $ -->
27
28 <guide link="/doc/en/home-router-howto.xml" lang="en">
29 <title>Home Router Guide</title>
30
31 <author title="Author">
32 - <mail link="vapier@g.o">Mike Frysinger</mail>
33 + <mail link="vapier@g.o">Mike Frysinger</mail>
34 </author>
35
36 <abstract>
37 @@ -27,8 +27,8 @@
38
39 <p>
40 Building your own router out of old spare parts has many advantages over buying
41 -a pre-made canned router by say Linksys. The biggest one by far is control
42 -over the connection. The other advantages are left up to your imagination;
43 +a pre-made canned router by say Linksys. The biggest one by far is control
44 +over the connection. The other advantages are left up to your imagination;
45 just about anything can be done in this scenario, it's just a matter of needing
46 it.
47 </p>
48 @@ -42,10 +42,10 @@
49 </p>
50
51 <p>
52 -Before getting started, there's a few basic requirements you must meet. First,
53 +Before getting started, there's a few basic requirements you must meet. First,
54 you'll need a computer that has at least 2 Network Interface Cards (NICs) in
55 -it. Next, you'll need the configuration settings for your internet connection
56 -(may include things like IP/DNS/Gateway/username/password). Finally, you'll
57 +it. Next, you'll need the configuration settings for your internet connection
58 +(may include things like IP/DNS/Gateway/username/password). Finally, you'll
59 need a bit of spare time and some Gentoo loving.
60 </p>
61
62 @@ -64,7 +64,7 @@
63 <impo>
64 Due to security precautions, I would highly suggest you shut down any unneeded
65 services on the router until we have a chance to get the firewall up and
66 -rolling. To view the currently running services, just run <c>rc-status</c>.
67 +rolling. To view the currently running services, just run <c>rc-status</c>.
68 </impo>
69
70 </body>
71 @@ -77,91 +77,91 @@
72 <body>
73
74 <p>
75 -Your kernel needs to have the drivers running for both your NICs. To see if
76 -your cards are already setup, just run <c>ifconfig</c>. Your output may differ
77 -slightly from the following, that's fine. What matters is that the interface
78 +Your kernel needs to have the drivers running for both your NICs. To see if
79 +your cards are already setup, just run <c>ifconfig</c>. Your output may differ
80 +slightly from the following, that's fine. What matters is that the interface
81 shows up at all.
82 </p>
83
84 <pre caption="Checking NICs">
85 # <i>ifconfig -a</i>
86 -eth0 Link encap:Ethernet HWaddr 00:60:F5:07:07:B8
87 - BROADCAST MULTICAST MTU:1500 Metric:1
88 - RX packets:0 errors:0 dropped:0 overruns:0 frame:0
89 - TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
90 - collisions:0 txqueuelen:1000
91 - RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
92 - Interrupt:11 Base address:0x9800
93 -
94 -eth1 Link encap:Ethernet HWaddr 00:60:F5:07:07:B9
95 - BROADCAST MULTICAST MTU:1500 Metric:1
96 - RX packets:0 errors:0 dropped:0 overruns:0 frame:0
97 - TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
98 - collisions:0 txqueuelen:1000
99 - RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
100 - Interrupt:10 Base address:0x9400
101 +eth0 Link encap:Ethernet HWaddr 00:60:F5:07:07:B8
102 + BROADCAST MULTICAST MTU:1500 Metric:1
103 + RX packets:0 errors:0 dropped:0 overruns:0 frame:0
104 + TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
105 + collisions:0 txqueuelen:1000
106 + RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
107 + Interrupt:11 Base address:0x9800
108 +
109 +eth1 Link encap:Ethernet HWaddr 00:60:F5:07:07:B9
110 + BROADCAST MULTICAST MTU:1500 Metric:1
111 + RX packets:0 errors:0 dropped:0 overruns:0 frame:0
112 + TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
113 + collisions:0 txqueuelen:1000
114 + RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
115 + Interrupt:10 Base address:0x9400
116 </pre>
117
118 <p>
119 If you do not see your two cards showing up and you're not sure what kind of
120 -cards you have, try running <c>lspci | grep Ethernet</c>. You can get that
121 -from <c>emerge pciutils</c>. Once you have this information, go into your
122 +cards you have, try running <c>lspci | grep Ethernet</c>. You can get that
123 +from <c>emerge pciutils</c>. Once you have this information, go into your
124 kernel and add support for the correct drivers.
125 </p>
126
127 <p>
128 The next thing you'll need is support for iptables and NAT (and packet shaping
129 -if you want). The following list is split up into always required (*),
130 +if you want). The following list is split up into always required (*),
131 required only for adsl via PPPoE (a), suggested for everyone (x), and only
132 -for shaper (s) features. It does not matter whether you build the features
133 +for shaper (s) features. It does not matter whether you build the features
134 into the kernel or as a module so long as when the feature is needed, the
135 correct module(s) are loaded (module loading is left to the reader as a fun
136 exercise however).
137 </p>
138
139 <pre caption="Network Options">
140 -Networking options ---&gt;
141 - [*] TCP/IP networking
142 - [*] IP: advanced router
143 - [*] Network packet filtering (replaces ipchains)
144 +Networking options ---&gt;
145 + [*] TCP/IP networking
146 + [*] IP: advanced router
147 + [*] Network packet filtering (replaces ipchains)
148 <comment>If you use 2.4.x, you have to enable the following for DHCP:</comment>
149 - [*] Socket Filtering
150 + [*] Socket Filtering
151
152 - IP: Netfilter Configuration ---&gt;
153 - [*] Connection tracking (required for masq/NAT)
154 - [x] FTP protocol support
155 - [x] IRC protocol support
156 - [*] IP tables support (required for filtering/masq/NAT)
157 - [*] IP range match support
158 - [x] MAC address match support
159 - [*] Multiple port match support
160 - [*] Packet filtering
161 - [*] REJECT target support
162 - [x] REDIRECT target support
163 - [*] Full NAT
164 - [*] MASQUERADE target support
165 - [s] Packet mangling
166 - [s] MARK target support
167 - [x] LOG target support
168 -
169 - QoS and/or fair queueing ---&gt;
170 - [s] QoS and/or fair queueing
171 - [s] HTB packet scheduler
172 - [s] Ingress Qdisc
173 -
174 - [a] PPP (point-to-point protocol) support
175 - [a] PPP filtering
176 - [a] PPP support for async serial ports
177 - [a] PPP support for sync tty ports
178 - [a] PPP Deflate compression
179 - [a] PPP BSD-Compress compression
180 - [a] PPP over Ethernet
181 + IP: Netfilter Configuration ---&gt;
182 + [*] Connection tracking (required for masq/NAT)
183 + [x] FTP protocol support
184 + [x] IRC protocol support
185 + [*] IP tables support (required for filtering/masq/NAT)
186 + [*] IP range match support
187 + [x] MAC address match support
188 + [*] Multiple port match support
189 + [*] Packet filtering
190 + [*] REJECT target support
191 + [x] REDIRECT target support
192 + [*] Full NAT
193 + [*] MASQUERADE target support
194 + [s] Packet mangling
195 + [s] MARK target support
196 + [x] LOG target support
197 +
198 + QoS and/or fair queueing ---&gt;
199 + [s] QoS and/or fair queueing
200 + [s] HTB packet scheduler
201 + [s] Ingress Qdisc
202 +
203 + [a] PPP (point-to-point protocol) support
204 + [a] PPP filtering
205 + [a] PPP support for async serial ports
206 + [a] PPP support for sync tty ports
207 + [a] PPP Deflate compression
208 + [a] PPP BSD-Compress compression
209 + [a] PPP over Ethernet
210 </pre>
211
212 <note>
213 Some things may be slightly different in a 2.4 vs 2.6 kernel, but you should be
214 -able to figure it out :). Even among 2.6 kernels, these options have a
215 -tendency to move around. Good luck!
216 +able to figure it out :). Even among 2.6 kernels, these options have a
217 +tendency to move around. Good luck!
218 </note>
219
220 </body>
221 @@ -177,10 +177,10 @@
222
223 <p>
224 There are many ways to connect to the internet so I'll just cover the ones I'm
225 -familiar with. That leaves us with ADSL (PPPoE) and cable modems
226 -(static/dynamic). If there are other methods out there, feel free to write up
227 -a little blurb and e-mail me. Feel free to skip any of the following sections
228 -in this chapter that don't apply to you. This chapter is just about getting
229 +familiar with. That leaves us with ADSL (PPPoE) and cable modems
230 +(static/dynamic). If there are other methods out there, feel free to write up
231 +a little blurb and e-mail me. Feel free to skip any of the following sections
232 +in this chapter that don't apply to you. This chapter is just about getting
233 the router connected to the internet via eth1.
234 </p>
235
236 @@ -194,9 +194,9 @@
237 All the fancy PPPoE software that used to be provided by rp-pppoe
238 (<uri link="http://www.roaringpenguin.com/">Roaring Penguin</uri>) has been
239 integrated into the <uri link="http://samba.org/ppp/">standard PPP
240 -package</uri>. Simply <c>emerge ppp</c> and you'll be on your way. Remember
241 -how I said you'll need username/password information? Well I wasn't lying so
242 -I hope you have it now! Load up <path>/etc/conf.d/net</path> in your favorite
243 +package</uri>. Simply <c>emerge ppp</c> and you'll be on your way. Remember
244 +how I said you'll need username/password information? Well I wasn't lying so
245 +I hope you have it now! Load up <path>/etc/conf.d/net</path> in your favorite
246 editor and set it up.
247 </p>
248
249 @@ -214,9 +214,9 @@
250 link_ppp0="eth1"
251 plugins_ppp0=( "pppoe" )
252 pppd_ppp0=(
253 - "defaultroute"
254 - "usepeerdns"
255 - <comment>There may be other settings you want, see /etc/conf.d/net.example</comment>
256 + "defaultroute"
257 + "usepeerdns"
258 + <comment>There may be other settings you want, see /etc/conf.d/net.example</comment>
259 )
260 username_ppp0="vla9h924"
261 password_ppp0="boogie"
262 @@ -227,8 +227,8 @@
263 </pre>
264
265 <warn>
266 -When the DSL interface comes up, it will create ppp0. Although your NIC is
267 -called eth1, the IP is actually bound to ppp0. From now on, when you see
268 +When the DSL interface comes up, it will create ppp0. Although your NIC is
269 +called eth1, the IP is actually bound to ppp0. From now on, when you see
270 examples that utilize 'eth1', substitute with 'ppp0'.
271 </warn>
272
273 @@ -252,7 +252,7 @@
274
275 <p>
276 If you have a static IP then you will need a few more details than if
277 -you have a dynamic IP. For static users, you will need your IP,
278 +you have a dynamic IP. For static users, you will need your IP,
279 gateway, and DNS servers.
280 </p>
281
282 @@ -316,28 +316,28 @@
283
284 <p>
285 I bet it'd be nice if everyone else in your house could just plug their
286 -computers into the network and things would just work. No need to remember
287 +computers into the network and things would just work. No need to remember
288 mind-numbing details or make them stare at confusing configuration screens!
289 -Life would be grand eh? Introducing the Dynamic Host Configuration Protocol
290 +Life would be grand eh? Introducing the Dynamic Host Configuration Protocol
291 (DHCP) and why you should care.
292 </p>
293
294 <p>
295 -DHCP is exactly what its name implies. It's a protocol that allows you
296 -to dynamically configure other hosts automatically. You run a DHCP server on
297 +DHCP is exactly what its name implies. It's a protocol that allows you
298 +to dynamically configure other hosts automatically. You run a DHCP server on
299 the router, give it all the information about your network (valid IPs,
300 DNS servers, gateways, etc...), and then when the other hosts start up, they
301 -run a DHCP client to automatically configure themselves. No fuss, no muss!
302 +run a DHCP client to automatically configure themselves. No fuss, no muss!
303 For more information about DHCP, you can always visit <uri
304 link="http://en.wikipedia.org/wiki/DHCP">Wikipedia</uri>.
305 </p>
306
307 <p>
308 We'll use a package called dnsmasq which provides both DHCP and DNS services.
309 -For now lets just focus on the DHCP aspect. Note that if you want to run a
310 +For now lets just focus on the DHCP aspect. Note that if you want to run a
311 different DHCP server, you can find another example in the Fun Things chapter.
312 Also, if you wish to tinker with the DHCP server settings, just read the
313 -comments in <path>/etc/dnsmasq.conf</path>. All the defaults should work fine
314 +comments in <path>/etc/dnsmasq.conf</path>. All the defaults should work fine
315 though.
316 </p>
317
318 @@ -354,12 +354,12 @@
319 </pre>
320
321 <p>
322 -Now your little router is a bona-fide DHCP server! Plugin those computers and
323 -watch them work! With Windows systems you should go into the TCP/IP Properties
324 +Now your little router is a bona-fide DHCP server! Plugin those computers and
325 +watch them work! With Windows systems you should go into the TCP/IP Properties
326 and select the 'Obtain an IP address automatically' and 'Obtain DNS server
327 -address automatically' options. Sometimes the changes aren't instantaneous, so
328 +address automatically' options. Sometimes the changes aren't instantaneous, so
329 you may have to open a command prompt and run <c>ipconfig /release</c> and
330 -<c>ipconfig /renew</c>. But enough about Windows, let's get back to our
331 +<c>ipconfig /renew</c>. But enough about Windows, let's get back to our
332 favorite penguin.
333 </p>
334
335 @@ -372,25 +372,25 @@
336
337 <p>
338 When people want to visit a place on the internet, they remember names, not a
339 -string of funky numbers. After all, what's easier to remember, ebay.com or
340 -66.135.192.87? This is where the DNS steps in. DNS servers run all over the
341 +string of funky numbers. After all, what's easier to remember, ebay.com or
342 +66.135.192.87? This is where the DNS steps in. DNS servers run all over the
343 internet, and whenever someone wants to visit 'ebay.com', these servers turn
344 'ebay.com' (what we understand) into '66.135.192.87' (what our computers
345 -understand). For more information about DNS, you can always visit <uri
346 +understand). For more information about DNS, you can always visit <uri
347 link="http://en.wikipedia.org/wiki/DNS">Wikipedia</uri>.
348 </p>
349
350 <p>
351 Since we're using dnsmasq for our DHCP server, and it includes a DNS server,
352 -you've got nothing left to do here! Your little router is already providing
353 -DNS to its DHCP clients. Bet you wish everything was this easy ;).
354 +you've got nothing left to do here! Your little router is already providing
355 +DNS to its DHCP clients. Bet you wish everything was this easy ;).
356 </p>
357
358 <p>
359 You're welcome to choose other DNS servers if you're more comfortable with
360 them, but the reason dnsmasq is great is because it was designed to do exactly
361 -what we want and nothing more. It's a little DNS caching/forwarding server for
362 -local networks. We're not looking to provide DNS for our own domain here, just
363 +what we want and nothing more. It's a little DNS caching/forwarding server for
364 +local networks. We're not looking to provide DNS for our own domain here, just
365 offer simple DNS services to everyone else on our LAN.
366 </p>
367
368 @@ -409,17 +409,17 @@
369 </p>
370
371 <p>
372 -This is where Network Address Translation (NAT) steps in. NAT is a way of
373 +This is where Network Address Translation (NAT) steps in. NAT is a way of
374 connecting multiple computers in a private LAN to the internet when you have a
375 -smaller number of public IP addresses available to you. Typically you are given
376 +smaller number of public IP addresses available to you. Typically you are given
377 1 IP by your ISP, but you want to let your whole house connect to the internet.
378 -NAT is the magic that makes this possible. For more information about NAT, you
379 +NAT is the magic that makes this possible. For more information about NAT, you
380 can always visit <uri link="http://en.wikipedia.org/wiki/NAT">Wikipedia</uri>.
381 </p>
382
383 <note>
384 -Before we get started, make sure you have iptables on your system. Although it
385 -is automatically installed on most systems, you may not have it. If you don't,
386 +Before we get started, make sure you have iptables on your system. Although it
387 +is automatically installed on most systems, you may not have it. If you don't,
388 just run <c>emerge iptables</c>.
389 </note>
390
391 @@ -478,8 +478,8 @@
392
393 <p>
394 The ip_dynaddr option is useful for dial on demand systems or when your ISP
395 -gives out dynamic addresses. This works around the problem where a connection
396 -is attempted before the internet interface is fully setup. Really this just
397 +gives out dynamic addresses. This works around the problem where a connection
398 +is attempted before the internet interface is fully setup. Really this just
399 provides for a smoother network experience for users behind your router.
400 </p>
401
402 @@ -495,8 +495,8 @@
403 <body>
404
405 <p>
406 -Believe it or not, you're done :). From here on out, I'll cover a bunch of
407 -common topics that may interest you. Everything in this chapter is completely
408 +Believe it or not, you're done :). From here on out, I'll cover a bunch of
409 +common topics that may interest you. Everything in this chapter is completely
410 optional.
411 </p>
412
413 @@ -509,10 +509,10 @@
414
415 <p>
416 Sometimes you would like to be able to host services on a computer behind the
417 -router, or just to make your life easier when connecting remotely. Perhaps you
418 +router, or just to make your life easier when connecting remotely. Perhaps you
419 want to run a FTP, HTTP, SSH, or VNC server on one or more machines behind your
420 -router and be able to connect to them all. The only caveat is that you can
421 -only have one service/machine combo per port. For example, there is no
422 +router and be able to connect to them all. The only caveat is that you can
423 +only have one service/machine combo per port. For example, there is no
424 practical way to setup three FTP servers behind your router and then try to
425 connect to them all through port 21; only one can be on port 21 while the
426 others would have to be on say port 123 and port 567.
427 @@ -521,9 +521,9 @@
428 <p>
429 All the port forwarding rules are of the form <c>iptables -t nat -A PREROUTING
430 [-p protocol] --dport [external port on router] -i ${WAN} -j DNAT --to [ip/port
431 -to forward to]</c>. Unfortunately, iptables does not accept hostnames when port
432 -forwarding. If you are forwarding an external port to the same port on the
433 -internal machine, you can omit the destination port. See the iptables(8) man
434 +to forward to]</c>. Unfortunately, iptables does not accept hostnames when port
435 +forwarding. If you are forwarding an external port to the same port on the
436 +internal machine, you can omit the destination port. See the iptables(8) man
437 page for more information.
438 </p>
439
440 @@ -585,9 +585,9 @@
441 <body>
442
443 <p>
444 -Internet Relay Chat utilizes the ident service pretty heavily. Now that the
445 +Internet Relay Chat utilizes the ident service pretty heavily. Now that the
446 IRC clients are behind the router, we need a way to host ident for both the
447 -router and the clients. One such server has been created called
448 +router and the clients. One such server has been created called
449 <c>midentd</c>.
450 </p>
451
452 @@ -598,7 +598,7 @@
453 </pre>
454
455 <p>
456 -There are a few other ident servers in portage. Depending on your needs, I
457 +There are a few other ident servers in portage. Depending on your needs, I
458 would recommend checking out <c>oidentd</c> and <c>fakeidentd</c>.
459 </p>
460
461 @@ -611,7 +611,7 @@
462 <body>
463 <p>
464 This is an attempt to simply and Gentooify the <uri link="http://www.tldp.org/HOWTO/ADSL-Bandwidth-Management-HOWTO/">ADSL Bandwidth Management HOWTO</uri>
465 -found over at the TLDP. Feel free to refer to the original document
466 +found over at the TLDP. Feel free to refer to the original document
467 for more details.
468 </p>
469
470 @@ -622,31 +622,31 @@
471 Simply put, we want to setup rules on our router that will slow down
472 certain activities (like sending large e-mails or downloading from P2P
473 networks) while keeping other activities (like browsing the web or playing
474 -online video games) reasonably fast. A 30 second difference in a video
475 +online video games) reasonably fast. A 30 second difference in a video
476 game is a lot worse than a 30 second difference in downloading large
477 files :).
478 </p>
479
480 <p>
481 The first thing is to make sure your kernel has all the features added to
482 -it. See the chapter on <uri link="#doc_chap2">Kernel setup</uri> for more
483 -information. Next, you will need to <c>emerge iptables iputils</c> so that
484 +it. See the chapter on <uri link="#doc_chap2">Kernel setup</uri> for more
485 +information. Next, you will need to <c>emerge iptables iputils</c> so that
486 you will have access to the <c>iptables</c>, <c>ip</c>, and <c>tc</c>
487 commands.
488 </p>
489
490 <p>
491 -Before we jump into the commands, let's cover a little of the theory. The
492 +Before we jump into the commands, let's cover a little of the theory. The
493 way this whole system works is to classify common network streams and then
494 -to prioritize them. You use iptables to classify network streams, iputils
495 +to prioritize them. You use iptables to classify network streams, iputils
496 to define the different priority levels, and the kernel to adjust speeds.
497 Just remember that although you can control outbound traffic pretty tightly
498 (from the LAN to the WAN), your ability to control inbound traffic (from
499 -the WAN to the LAN) is somewhat limited. Just remember that the following
500 +the WAN to the LAN) is somewhat limited. Just remember that the following
501 examples are to get your feet wet; if you want more then I'd suggest
502 -reading up on the subject. In this example, we will be using the
503 +reading up on the subject. In this example, we will be using the
504 <uri link="http://luxik.cdi.cz/~devik/qos/htb/">Hierarchical Token Buckets (HTB)</uri>
505 -packet scheduling algorithm. Still with me? Great, let's start shaping :).
506 +packet scheduling algorithm. Still with me? Great, let's start shaping :).
507 </p>
508
509 <pre caption="Setup">
510 @@ -654,7 +654,7 @@
511 RATE_OUT=100 <comment>Available outbound bandwidth (in kilobits [kb])</comment>
512 RATE_IN=1400 <comment>Available inbound bandwidth (in kb)</comment>
513
514 -<comment>Here we initialize the priority system. The 45 is used to set the default classification level.</comment>
515 +<comment>Here we initialize the priority system. The 45 is used to set the default classification level.</comment>
516 ip link set dev ${DEV} qlen 30
517 tc qdisc add dev ${DEV} root handle 1: htb default 45
518 tc class add dev ${DEV} parent 1: classid 1:1 htb rate ${RATE_OUT}kbit
519 @@ -662,12 +662,12 @@
520
521 <p>
522 Here we initialized the system which will be used to prioritize all of
523 -our network traffic. We created our queue, told it to use the HTB
524 -algorithm, and set the default classification level to '45'. The
525 +our network traffic. We created our queue, told it to use the HTB
526 +algorithm, and set the default classification level to '45'. The
527 default is completely arbitrary, as are the levels we choose from
528 -here on out. The only thing that matters is how the levels compare
529 +here on out. The only thing that matters is how the levels compare
530 relatively; a level '10' packet will be given preference over a
531 -level '45' packet. Let's move on to declaring different levels.
532 +level '45' packet. Let's move on to declaring different levels.
533 </p>
534
535 <pre caption="Declaring levels">
536 @@ -690,14 +690,14 @@
537 </p>
538
539 <p>
540 -Many people run ntp clients on their computers. Obviously, the more clients in
541 -the world, the larger the load the ntp servers need to shoulder. In
542 +Many people run ntp clients on their computers. Obviously, the more clients in
543 +the world, the larger the load the ntp servers need to shoulder. In
544 environments like home networks though, we can help keep the load down on
545 -public servers while still providing the proper time to all our computers. As
546 +public servers while still providing the proper time to all our computers. As
547 an added bonus, our private updates will be a lot faster for the clients too!
548 All we have to do is run a ntp server on our router that synchronizes itself
549 with the public internet servers while providing the time to the rest of the
550 -computers in the network. To get started, simply <c>emerge ntp</c> on the
551 +computers in the network. To get started, simply <c>emerge ntp</c> on the
552 router.
553 </p>
554
555 @@ -722,12 +722,12 @@
556
557 <note>
558 You should make sure that you allow inbound and outbound communication on the
559 -ntp port (123/udp) when setting up the server. The client just needs outbound
560 +ntp port (123/udp) when setting up the server. The client just needs outbound
561 access on port 123 over udp.
562 </note>
563
564 <p>
565 -Now, on your clients, have them <c>emerge ntp</c> also. However, we will just
566 +Now, on your clients, have them <c>emerge ntp</c> also. However, we will just
567 run the ntp client so setup is a lot simpler.
568 </p>
569
570 @@ -748,8 +748,8 @@
571 <p>
572 For those who run multiple Gentoo boxes on the same lan, you often want to
573 keep from having every machine running <c>emerge sync</c> with remote
574 -servers. By setting up a local rsync, you save on both your bandwidth and
575 -the Gentoo rsync servers' bandwidth. It's pretty simple to do.
576 +servers. By setting up a local rsync, you save on both your bandwidth and
577 +the Gentoo rsync servers' bandwidth. It's pretty simple to do.
578 </p>
579
580 <note>
581 @@ -758,10 +758,10 @@
582 </note>
583
584 <p>
585 -Since every Gentoo machine requires rsync, theres no need to emerge it. Edit
586 +Since every Gentoo machine requires rsync, theres no need to emerge it. Edit
587 the default <path>/etc/rsyncd.conf</path> config file, uncomment the
588 <c>[gentoo-portage]</c> section, and make sure you add an <c>address</c>
589 -option. All the other defaults should be fine.
590 +option. All the other defaults should be fine.
591 </p>
592
593 <pre caption="Rsync server config">
594 @@ -771,9 +771,9 @@
595 address = 192.168.0.1
596
597 [gentoo-portage]
598 - path = /mnt/space/portage
599 - comment = Gentoo Linux Portage tree
600 - exclude = /distfiles /packages
601 + path = /mnt/space/portage
602 + comment = Gentoo Linux Portage tree
603 + exclude = /distfiles /packages
604 </pre>
605
606 <p>
607 @@ -802,9 +802,9 @@
608
609 <p>
610 Sometimes it's nice to run your own Simple Mail Transfer Protocol (SMTP) server
611 -on the router. You may have your own reason for wanting to do so, but I run it
612 +on the router. You may have your own reason for wanting to do so, but I run it
613 so that the users see mail as being sent instantly and the work of
614 -retrying/routing is left up to the mail server. Some ISPs also don't allow for
615 +retrying/routing is left up to the mail server. Some ISPs also don't allow for
616 mail relaying for accounts that aren't part of their network (like Verizon).
617 Also, you can easily throttle the delivery of mail so that large attachments
618 won't seriously lag your connection for half an hour.
619 @@ -835,9 +835,9 @@
620 </pre>
621
622 <p>
623 -I'm a huge fan of qmail, but you're free to use a different mta :). When you
624 +I'm a huge fan of qmail, but you're free to use a different mta :). When you
625 setup e-mail on the hosts in your network, tell them that their SMTP server is
626 -192.168.0.1 and everything should be peachy. You might want to visit the <uri
627 +192.168.0.1 and everything should be peachy. You might want to visit the <uri
628 link="http://netqmail.org/">netqmail homepage</uri> for more documentation.
629 </p>
630
631 @@ -868,9 +868,9 @@
632 <body>
633
634 <p>
635 -Earlier we used dnsmasq to provide DHCP service to all our clients. For most
636 -people with a simple small LAN, this is perfect. But you may need something
637 -with more features. Thus we turn to a full-featured DHCP server as provided
638 +Earlier we used dnsmasq to provide DHCP service to all our clients. For most
639 +people with a simple small LAN, this is perfect. But you may need something
640 +with more features. Thus we turn to a full-featured DHCP server as provided
641 by the <uri link="http://www.isc.org/products/DHCP">ISC</uri> folks.
642 </p>
643
644 @@ -881,13 +881,13 @@
645 authoritative;
646 ddns-update-style interim;
647 subnet 192.168.0.0 netmask 255.255.255.0 {
648 - range 192.168.0.100 192.168.0.250;
649 - default-lease-time 259200;
650 - max-lease-time 518400;
651 - option subnet-mask 255.255.255.0;
652 - option broadcast-address 192.168.0.255;
653 - option routers 192.168.0.1;
654 - option domain-name-servers 192.168.0.1;
655 + range 192.168.0.100 192.168.0.250;
656 + default-lease-time 259200;
657 + max-lease-time 518400;
658 + option subnet-mask 255.255.255.0;
659 + option broadcast-address 192.168.0.255;
660 + option routers 192.168.0.1;
661 + option domain-name-servers 192.168.0.1;
662 }
663 # <i>nano /etc/conf.d/dhcpd</i>
664 <comment>(Set IFACE="eth0")</comment>
665 @@ -897,8 +897,8 @@
666
667 <p>
668 This is the minimal setup required to replace the dnsmasq DHCP functionality
669 -that we used earlier. Speaking of which, you did remember to disable the DHCP
670 -features in dnsmasq didn't you? If not, you should do so now (just comment
671 +that we used earlier. Speaking of which, you did remember to disable the DHCP
672 +features in dnsmasq didn't you? If not, you should do so now (just comment
673 out the <c>dhcp-range</c> setting in <path>/etc/dnsmasq.conf</path> and restart
674 the service).
675 </p>
676 @@ -911,34 +911,34 @@
677 <body>
678
679 <p>
680 -Sometimes you have need of connecting the router to another LAN. Maybe you
681 +Sometimes you have need of connecting the router to another LAN. Maybe you
682 want to hook up a group of friends temporarily, or you're a neat freak and
683 want to section off different groups of computers, or you're just really
684 -really bored. Whatever the reasons, extending the router to other LAN
685 -networks should be pretty straightforward. In the following examples, I will
686 +really bored. Whatever the reasons, extending the router to other LAN
687 +networks should be pretty straightforward. In the following examples, I will
688 assume that this new network is connected via a third ethernet card, namely
689 <c>eth2</c>.
690 </p>
691
692 <p>
693 -First you need to configure the interface. Just take the instructions in the
694 +First you need to configure the interface. Just take the instructions in the
695 <uri link="#doc_chap4_pre1">4.1 code listing</uri> and replace <c>eth0</c>
696 with <c>eth2</c> and <c>192.168.0</c> with <c>192.168.1</c>.
697 </p>
698
699 <p>
700 -Then you need to tweak dnsmasq to service the new interface. Just edit the
701 +Then you need to tweak dnsmasq to service the new interface. Just edit the
702 <path>/etc/conf.d/dnsmasq</path> file again and append <c>-i eth2</c> to
703 -DNSMASQ_OPTS; using -i multiple times is OK. Then edit
704 +DNSMASQ_OPTS; using -i multiple times is OK. Then edit
705 <path>/etc/dnsmasq.conf</path> and add another line like the dhcp-range line
706 in the <uri link="#doc_chap5_pre1">5.1 code listing</uri>, replacing
707 -<c>192.168.0</c> with <c>192.168.1</c>. Having multiple dhcp-range lines is
708 +<c>192.168.0</c> with <c>192.168.1</c>. Having multiple dhcp-range lines is
709 OK too.
710 </p>
711
712 <p>
713 Finally, see the rules in the <uri link="#doc_chap5_pre2">5.2 code
714 -listing</uri> and duplicate the rules that have <c>-i ${LAN}</c> in them. You
715 +listing</uri> and duplicate the rules that have <c>-i ${LAN}</c> in them. You
716 may want to create another variable, say <c>LAN2</c>, to make things easier.
717 </p>
718
719 @@ -962,24 +962,24 @@
720
721 <table>
722 <tr>
723 - <th>Utility</th>
724 - <th>Description</th>
725 + <th>Utility</th>
726 + <th>Description</th>
727 </tr>
728 <tr>
729 - <ti>wireshark</ti>
730 - <ti>GUI tool to view all raw network data according to filters</ti>
731 + <ti>wireshark</ti>
732 + <ti>GUI tool to view all raw network data according to filters</ti>
733 </tr>
734 <tr>
735 - <ti>tcpdump</ti>
736 - <ti>Console tool to dump all raw network data according to filters</ti>
737 + <ti>tcpdump</ti>
738 + <ti>Console tool to dump all raw network data according to filters</ti>
739 </tr>
740 <tr>
741 - <ti>iptraf</ti>
742 - <ti>ncurses based IP LAN monitor</ti>
743 + <ti>iptraf</ti>
744 + <ti>ncurses based IP LAN monitor</ti>
745 </tr>
746 <tr>
747 - <ti>ettercap</ti>
748 - <ti>ncurses based network monitor/control</ti>
749 + <ti>ettercap</ti>
750 + <ti>ncurses based network monitor/control</ti>
751 </tr>
752 </table>
753
754 @@ -997,16 +997,16 @@
755
756 <pre caption="DHCP Failing Example">
757 # <i>/etc/init.d/dhcp start</i>
758 - * Setting ownership on dhcp.leases ... [ ok ]
759 - * Starting dhcpd ... [ !! ]
760 + * Setting ownership on dhcp.leases ... [ ok ]
761 + * Starting dhcpd ... [ !! ]
762 </pre>
763
764 <p>
765 -The trick is to know where dhcpd is sending its output. Simply browse to
766 -<path>/var/log</path> and read the log files. Since the exact log file depends
767 +The trick is to know where dhcpd is sending its output. Simply browse to
768 +<path>/var/log</path> and read the log files. Since the exact log file depends
769 on the package you are using as a syslog, try running <c>grep -Rl dhcpd
770 -/var/log</c> to narrow down the possibilities. Chances are you made a typo in
771 -your config file. You could also try running <c>dhcpd -d -f</c> (short for
772 +/var/log</c> to narrow down the possibilities. Chances are you made a typo in
773 +your config file. You could also try running <c>dhcpd -d -f</c> (short for
774 debug / foreground) and debug the error based upon the output.
775 </p>
776
777 @@ -1019,7 +1019,7 @@
778
779 <p>
780 If you experience odd errors (such as not being able to access some webpages
781 -while others load fine), you may be having Path MTU Discovery trouble. The
782 +while others load fine), you may be having Path MTU Discovery trouble. The
783 quick way to test is to run this iptables command:
784 </p>
785
786 @@ -1047,7 +1047,7 @@
787 If (for whatever reason) you want to connect two machines directly together
788 without a hub or switch, a regular ethernet cable will likely not work, unless
789 you have an Auto MDI/MDI-X (also known as "autosensing") capable network
790 -adapter. You will need a different cable called a crossover cable. This <uri
791 +adapter. You will need a different cable called a crossover cable. This <uri
792 link="http://en.wikipedia.org/wiki/Ethernet_crossover_cable">Wikipedia</uri>
793 page explains the low level details.
794 </p>
795 @@ -1065,7 +1065,7 @@
796 <p>
797 I have no final notes other than if you experience any troubles with the guide,
798 please contact <mail link="vapier@g.o">me</mail> or file a bug with <uri
799 -link="http://bugs.gentoo.org/">Gentoo's Bugtracking Website</uri>. If you have
800 +link="http://bugs.gentoo.org/">Gentoo's Bugtracking Website</uri>. If you have
801 some interesting bits you think would enhance this guide, by all means send it
802 my way for inclusion.
803 </p>
804
805
806
807 --
808 gentoo-doc-cvs@l.g.o mailing list
Report Message
Find on MARC Find on Google Groups