Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

CURSO ADMINISTRACIN APACHE WEB SERVER

PRCTICA 1.b: Instalacin y configuracin de Apache en Linux
Objetivos Instalacin de del servidor Web Apache sobre Linux empotrado Instalacin y configuracin de la distribucin embeded Linux Freesco Administracin remota del servidor Freesco Instalacin de paquetes de seguridad OpenSSL y OpenSSH Instalacin y configuracin de Apache con el mdulo PHP4.3 y SSL Configuracin de Apache y PHP Pruebas de funcionamiento.

Materiales PC con Unidad de Disco Duro FAT Disco Conexin a Internet Software Freesco 0.3.2, OpenSSL, OpenSSH, Apache v1.3, PHPv4.3.

Desarrollo de la prctica 1) Descarga del software de instalacin de Freesco 0.3.2 y creacin del disco de arranque. 2) Instalacin en disco duro y configuracin 3) Estudio de las opciones de configuracin y administracin 4) Instalacin de paquetes adicionales: Perl, OpenSSH, Open SSL, Apache 1.3.27 + PHP 4.3 Configuracin de Apache

Pgina 1 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

1. Descripcin de Freesco Linux

Freesco es una distribucin Linux empotrada para CPU x386 basada en el ncleo 2.0. Puede ser instala en un disco flexible de 1.4MB en su configuracin bsica como router de red. Requiere unos recursos de memoria y CPU reducidos por lo que puede trabajar de forma eficiente sobre PCs antiguos y computadores empotrados (EBC) usados en aplicaciones industriales. Freesco utiliza particiones FAT por lo que puede coexistir con MSDOS (de hecho se arranca desde DOS). Los ficheros se almacenan comprimidos para optimizar el espacio siendo descomprimidos en el arranque sobre un disco RAM, lo que permite acelerar su funcionamiento y conseguir un comportmiento robusto frente a reinicializacones del sistema. Una de las principales ventajas de esta distribucin frente a otros Linux empotrados es que se mantine como un proyecto activo con actualizaciones y un soporte excelente por parte de la comunidad freesco. Esto ha permitido que evolucione desde su uso inicial como router gracias a la disponibilidad de multitud de paquetes software adicionales compilados especficamente para esta distribucin. El uso de paquetes adicionales exige el uso de almacenanmiento de disco duro o discos Flash-IDE. Como ejemplo, la figura siguiente muestra un sistema empotrado basado en la CPU Geode GX1 (300MHz), 256 MB RAM y disco Flash-IDE de 128 MBytes que implementa un servidor completo que actua de router para una red de control, firewall, servidor web Apache y servidor de aplicaciones Web PHP, todo ello en apenas 75 MB de almacenamiento en memoria Flash y con un rendimiento excelente. (El sistema forma parte de la aplicacin TITERE para el control remoto de laboratorios de prcticas).

El apndice muestra las caratersticas detalladas de Freesco 0.3.

Pgina 2 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

2. Instalacin de Fresco Linux

1. Descargaremos en un directorio temporal (c:\temp) los ficheros freesco-032.zip y modules-030.zip desde la pgina web del curso. 2. Descomprimiremos ambos ficheros en dos subdirectorios (freesco-032 y modules-030) 3. En el subdirectorio fresco-032 ejecutaremos el programa make_fd.bat para crear el disco de arranque (nos solicitar que insertemos un disco en la unidad A:). Este dico incluye la imagen linux, el arrancador loadlin y los ficheros del sistema comprimidos. 4. Instalaremos una versin actualizada el driver de nuestra tarjeta de red (3COM 3c905). Copiaremos desde el directorio [modules-030\modules\net\new-netdrivers] los siguientes ficheros : pci-scan.gz, 3c59x.gz. al directorio [a:\router\drv]. (Nota: solo podemos instalar un driver de red adicional) 5. Instalaremos el driver del teclado espaol. Copiaremos del directorio [modules030\keymaps \] el fichero es.gz. al directorio [a:\router\kbd]. Borraremos el fichero us.gz 6. Reiniciar el PC utilizando el disco generado. En el arranque nos muestra una pantalla con cuatro opiones: setup: permite configurar freesco debug : entra en modo depuracin mv2hd: permite copiar freesco en disco duro shell: carga linux y muestra el shell

Si no escribimos nada arranca direntamente el shell. (el password inicial de root es root) 7. Configuracin bsica: ejecutaremos la opcin Setup (podemos ejecutarlo tambin desde la consola). Pulsaremos intro para aceptar el modo en color y nos mostrar una pantalla con las configuraciones bsicas predefinidas (figura 1) 8. Selecionaremos la opcin e) Ethernet Router. (postermormente podremos ajustar con ms detalle la configuracin utilizando las opciones avanzadas (a)). Nos ir pidiendo los datos de configuracin (se indican solo algunos parmetros que vamos a modificar): Hostname Domain name NIC 627 Use DHCP client -> yes

Pgina 3 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

441 Enable public http server -> yes 451 Enable Control HTTPserver -> yes 51 Enable FTP -> yes 19 Install Ramdrives -> yes Cambiar passwords de root y admin Configuracin avanzada -> opciones de seguridad (23, 25)

Una vez terminada la configuracin la guardaremos y reiniciaremos (opcin s)

CHOOSE ROUTER/SERVER TYPE d) Dialup line router: l) Leased line router: e) Ethernet router: ISP <-- modem0 --> router <- ethernetN -> local net(s) ^-- <- modemN -> remote net(s) ISP <- network0 -> router <- ethernetN -> local net(s) ^-- <- modemN -> remote net(s) bridge <- ethernetN -> local net(s) printer <- LPT -> server <- ethernetN -> local net(s) ^-- <- modemN -> remote net(s) t) Create reporT file w) vieW previous config q) Quit without saving

b) ethernet Bridge: p) Print server: r) Remote access server: a) Advanced settings v) View current config s) Save current config & exit

Figura 1: configuracin Freesco

Figura 2 Configuracin avanzada

Pgina 4 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

9. Instalacin en el disco Duro : utlizaremos la opci n mv2hd (se muestra solamente durante el arranque desde el Disquete). Freesco y la configuracin presentes en el disco ser copiada al disco duro (directorios c:\router). Tambin se crea un fichero llamado router.bat que permite cargar freesco desde MSDOS. Podemos editar autoexec.bat para ejecutar router.bat automticamente o bien arrancarlo manualmente, en este caso de bemos iniciar el PC en modo MSDOS pulssando la tecla F8 durante el arranque. 10. Comprobaremos que el router funciona correctamente. Durante el arranque nos habr mostrado la direccin IP asignada. Haremos un ping desde otro PC arrancado con Winodws. Nos conectarmoe mediante un cliente Web a la direccin IP del router a travs del puerto 82 (administracin). Figura 3

Figura 3 Adminsitracin remota Freesco

Pgina 5 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

2. Instalacin de paquetes en Fresco Linux

Procederemos a la instalacin de los paquetes adicionales utilizando la conexin a internet para la descarga remota de los mismos. El sistema de instalacin incluye un script de descarga y configuracin del software instalado. Los ficheros de configuracin y arranque de cada paquete se almacenan en el directorio /boot/pkg/rc Los paquetes se pueden localizar en los siguientes servidores web: http://www.freescosoft.com/home/0.3.x/ http://freescosoft.freebse.ne/0.3.x/ http://es.freescosoft.net/0.3.x/ http://titere.umh.es/freesco/0.3.x/ http://lorca.umh.es/isa/es/cperf/apache/0.3.x/ 1. Instalaremos en primer lugar un parche del kernel necesario para Apache. Desde la consola (root) ejecutaremos: cd /boot snarf http://titere.umh.es/freesco/0.3.x/kernel-032.icmp-vipc mv kernel kernel.bak mv kernel-032.icmp-vipc kernel reboot 2. Instalacin de paquetes: - ejecutar setup. - Selecciona la opcin: a) Advanded settings - Seleccionar la opcin: p. Package men (figura 4) - Seleccionar el servidor: 7. Change default domain for package installation

Figura 4 Gestin de paquetes software

Pgina 6 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

3. Instalacin del paquete perl : 4. Install package Continue yes Enter for default URL Package name to install []? perl_5.6.1_dingetge 4. Instalacin del paquete openSSL: 4. Install package Continue yes Enter for default URL Package name to install []? openssl-0.9.6g_user_nadegda 5. Instalacin del paquete apache : 4. Install package Continue yes Enter for default URL Package name to install []? apache_1.3.27_dingetje 6. Instalacin del paquete openSSH: 4. Install package Continue yes Enter for default URL Package name to install []? openssh-full_3.5p1_nadegda 7. Instalacin del paquete mysql: 4. Install package Continue yes Enter for default URL Package name to install []? mysql-3.23.37-lightning En la consola ejecutar: rc_masq restart rc_mySQL boot rc_mySQL start 8. Editar los ficheros siguientes: /boot/pkg/rc/rc_opensshd -> comentar (#) la directiva firewall ipfwadm y cambiar $PORT por el valor 22 /boot/pkg/rc/rc_apache -> comentar (#) la directiva firewall ipfwadm del puerto 443 (HTTPS) /boot/pkg/rc/rc_mySQL -> comentar (#)las directiva firewall ipfwadm 9. Reiniciar el sistema o ejecutar rc_masq restart

Pgina 7 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

3. Configuracin del servidor Web Apache

1. Editaremos el fichero /boot/pkg/usr/local/apache/conf/httpd.conf de forma similar a lo indicado en la prctica anterior 2. Editaremos el fichero /boot/pkg/usr/local/lib/php.ini siguiendo los mismos pasos.

Fichero php.ini ;;;;;;;;;;;;;;;;;;;;;;;;; ; Paths and Directories ; ;;;;;;;;;;;;;;;;;;;;;;;;; ; UNIX: "/path1:/path2" include_path = ".:/www/php" ; The root of the PHP pages, used only if nonempty. ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root doc_root =/www/htdocs

Fichero httpd.conf # directorio raz servido por Apache DocumentRoot "/www/htdocs" # Control de acceso al directorio raiz <Directory "/www/htdocs"> AllowOverride None Order allow,deny Allow from all </Directory>

Pgina 8 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

Apndice. Manual Freesco 0.3.x

I. INTRODUCTION 1. [Introduction] FREESCO is a *single floppy distribution* of Linux, intended to be a replacement for minor Cisco routers.

It's name is derived from FREE ciSCO, and *is not* associated in any way with the SCO Unix operating system. By design, FREESCO can be installed on a floppy disk or hard disk ... and is compatible with 386 (and newer) generation pc's. While there exists other complex LRP's (Linux Router Projects), FREESCO evolved from the need for a less complex solution ... a solution which provides easy setup, strong functionality, all in less than 10 minutes of your time. FREESCO is very easy to setup, and flexible in functionality. From a simple base router system to a more complex setup, which includes multi-service combinations (such as serving virtual web sites), FREESCO provides numerous solutions for multiple environments. FREESCO *is* proof that even some great packages are $ FREE $

2.

[Requirements] 386sx (486 or newer recommended)

3.

RAM - 8Mb minimum FDD - 1.44Mb HDD - optional, but recommended for large package installs and add-ons modem - optional, hardware controlled, winmodems are *not* supported (some TCP/IP networking knowledge is helpful)

[License] GNU General Public License

2000-2002, (v.0.3.0) - Lewis Baughman - Serge V. Storozhebykh

II.

FEATURES 1. [Features] 2.0.39 kernel

Support for up to ten networks. This can be done with 10 nic's, or with multiport network cards, and a bit of savvy on your part. Support for up to five printers, although two would have to be serial printers. IP restrictions can be enabled for each printer, so that printing can be limited to a range of IP's, or to just one IP per printer. Support for up to ten modems, although only four regular modems. Support includes Unix 4 or 8 port modems. FREESCO v.0.3.0 can run entirely from ram. This requires at least 17+Mb, with ramdisks enabled. (the write protection tab can be enabled on the floppy

Pgina 9 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

in this mode)

When ramdisks are enabled, and depending upon how much ram you have, FREESCO can add one 2mb, one 4mb, one 2mb and one 4mb, or two 4mb ramdisks. To take advantage of this feature, your system will need a minimum of 17mb of ram. Systems with greater than 23mb of ram will have two 4mb ramdisks available for use. This feature is designed to run packages. With this feature, up to 4mb of packages can be installed on a *floppy* FREESCO. One ramdisk is reserved for the /tmp directory and to uncompress packages.

Ident server DHCP, DNS, Print, Telnet server FTP server Limited support for SCSI hard drives ... which means that the mechanism is there, but it requires a custom compiled kernel to support the actual interface. (there will be kernels compiled by demand, as time permits) FREESCO can now be installed on any FAT 16/32 drive. It is no longer required that the installation be on the primary drive or even the primary partition. There is also an experimental/optional kernel with a 16k masq table, for the hardcore gamers ... or very large networks. There is a new package interface with a default domain that can be changed by the user. Ramdrive packages can be set to load automatically at each boot, simply by including the following line in the rc_user file: pkg -r http://Any-where.com/Package-name This is intended for each user to have/modify their own packages; or use packages that do not require configuration. PPPoE support. A new netmeeting module that allows video conferencing and all of the netmeeting functions to run through Freesco. A new set of NIC modules, which provide latest driver support for most network cards. Encompasses every single feature that is currently in FREESCO 0.2.7

III.

INSTALLATION 1. [Download] latest download is available here: http://freesco.sourceforge.net/ [Floppy Disk] prepare a formatted floppy disk

2.

download the latest freesco package, and extract its contents to a temporary folder for ease of use, batch files have been included in the download: make_fd.bat, safe_fd.bat, fast_fd.bat

Pgina 10 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

3. from a Windows explorer, or from DOS, use <make_fd.bat> to create a FREESCO floppy install follow the screen prompts floppy install complete

[Hard Disk] follow the [Floppy Disk] insta llation procedures, as listed above

prepare your hard drive with a compatible DOS (FAT16 or FAT32). Make sure the drive is bootable in DOS. boot from the floppy disk a setup menu will appear, from which you have 1 of 4 choices, before the boot process continues with a normal boot choose the third option: mv2hd [enter] There is a set of options in the mv2hd drive section, that only appears if there is more than one FAT partition or FAT drive in the system. You will be prompted to use the *advanced mv2hd*. This option asks what drive you want to actually install FREESCO to. You must enter the drive, such as /dev/hda1, or /dev/hda5, or /dev/hdb1, and so on. All partitions will be listed. Following, you will be asked for the DOS drive letter assigned to that drive. (such as C D E F ... etc) the installation process will begin, shortly followed by another menu ... having the following options: (c) clean install (o) overwrite existing install, leaving extra files intact (s) save previous copy as router.bak (a) abort ... choose your option appropriately once the hard disk install completes, you will be prompted for a reboot ... remove the floppy diskette *after* the system has properly shut down, and begun a reboot process you will be able to start the router manually, by typing from a dos prompt: <path>\router.bat [enter] alternately, you can modify the autoexec.bat file to include the following line: <path>\router.bat ... where <path> is the path to the router.bat file example -- c:\router.bat

4.

hard disk install complete

[Initial Setup] first time installations for both floppy and hard disk require beginning setup procedures

sound advice ... *READ* the screen menus and prompts as they appear. Every effort has been made to simplify the procedures, and to make the menu structure intuitive. in your initial setup screen you will need to choose the desired router/server type: (d) dialup (l) leased (e) ethernet (b) bridge (p) print (r) remote access

Pgina 11 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

IV. SERVICES 1. [DNS] from this point on, setup procedures differ slightly, as determined by the router/server type you have chosen.

2. [DHCP]

The Domain Name System (DNS) server provides translation between domain names (www.dyndns.org) and internet addresses (66.37.215.53). The local caching DNS server can reduce traffic between your local network and your ISP; as well as increase internet access speeds. Enabling this feature is highly recommended. The Dynamic Host Configuration Protocol (DHCP) server provides a framework for passing configuration information to hosts on a TCPIP network. In short, the DHCP server provides auto-configuration for individual client machines --- namely the client machines IP address, such as 192.168.0.110. Otherwise, you would have to do this configuration manually, for each machine. Enabling this feature is recommended, so long as there are no other DHCP servers active on the subnet.

3. [Time]

This service allows a synchronizing of time on all computers on your local network. You must know the host Time Server address, and the time offset between your local time and UTC (GMT) time. (example: www.clock.org)

4.

[Control] This service gives you an ability to control your router from a web browser. While giving you access to other services running on your Freesco server, the Control service allows you to issue many of the Linux commands. [Telnet]

5.

You can have full access to your router via telnet connection. Unlike http control service, it doesn't have any restrictions, and you can edit your config files from your workstation via telnet connection.

6.

[HTTP]

7. [Print]

This service makes hypertext and other documents available to web browsers (web server). You have the option to enable public access to a web server, or to enable local access, or to disable this service.

8. [FTP]

Print server ... that says it all. FREESCO 030 allows up to 5 print servers. And you can use IP matching, which defines IP's that are allowed to print using your lpd server. The File Transfer Protocol (FTP) server allows for transferring of files to and from remote computer systems.

9. [IDENT]

10.

The Indentification Protocol (ident) server provides a means to determine the identity of a user of a particular TCP connection. Given a TCP port number pair, it returns a character string which identifies the owner of that connection on the server's system. It is recommended to set this server to either (s) or (n). However, for some applications to run through FREESCO -- such as IRC -- it may be necessary to set this option to (y)

[ADSL-PPPoE] Though this is not a service of FREESCO, per se, it is a topic worth noting. FREESCO is quite capable of providing router service to DSL providers.

Pgina 12 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

Some Asymmetric Digital Subscriber Line (ADSL) providers use Point-to-Point Protocol over Ethernet (PPPoE); and some do not. ADSL is a service that provides broadband internet access. PPPoE is a protocol that some ADSL providers use to authenticate user access to the internet. To connect to this type of service, FREESCO provides the backbone thru it's ethernet router setup.

V.

CONFIGURATION

NOTE: This section is geared towards non-advanced users --- that is users with little or no knowledge with FREESCO features & setup procedures. As a quality aid, this section may lack clarity. It is not meant to teach you networking skills, but rather provide a pictoral overview of the setup procedures and options that are available. Freesco's forum provides excellent and helpful feedback for any unanswered questions that you may have: http://forums.freesco.org Options in *red* generally require no changing, and are intended for advanced users Throughout the setup process, you will be presented with options of the form (y/s/n); defined as follows: ----- y -- enable service worldwide, insecure! ----- s -- enable service locally, secure (recommended) ----- n -- disable service When choosing a type of FREESCO installation, you will be presented with the following main menu: CHOOSE ROUTER/SERVER TYPE d) Dialup line router: l) Leased line router: e) Ethernet router: ISP <-- modem0 --> router <- ethernetN -> local net(s) ^-- <- modemN -> remote net(s) ISP <- network0 -> router <- ethernetN -> local net(s) ^-- <- modemN -> remote net(s) bridge <- ethernetN -> local net(s) printer <- LPT -> server <- ethernetN -> local net(s) ^-- <- modemN -> remote net(s) t) Create reporT file w) vieW previous config q) Quit without saving

b) ethernet Bridge: p) Print server: r) Remote access server: a) Advanced settings v) View current config s) Save current config & exit 1. [Dial-Up]

+ From main menu, choose option (d) + Follow the [Common-to-All] procedures 49. Do you want to enable DynDNS/DHS/CJB (y/n) ----- If you choose (y) then ---------- 49. Want to setup your DynDNS client now (y/n)

Pgina 13 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

81. LIST OF CURRENTLY DEFINED ISP's [ ISP name new Login name Phone number(s) ] -------------------- -------------------- -------------------<< CREATE NEW CONNECTION >> -------------------- -------------------- -------------------NOTE: Default ISP marked with - * [ Selected ISP = new ] 811. Edit selected ISP ------- 10. ISP/connection name (1-8 chars) ------- 11. ISP phone number ------- 12. Keep up link for sec (0-dont care, 1-forever) ------- 13. Primary DNS address ------- 14. Secondary DNS address ------- 15. ISP http proxy address ------- 16. Type of connection (ppp or slip) ------- 18. Does your ISP give you a dynamic IP address ------- 21. Custom initialization string (- disable) ------- 22. Authentication method (pap, chap, or script) ------- 31. PAP/CHAP ISP login (' clear) ------- 32. PAP/CHAP ISP password ('clear) Define new ISP ------- 10. ISP/connection name (1-8 chars) Make selected ISP default when router starts Delete selected ISP

812. 813. 819.

Select ISP (type its name) or action on selected ISP (x-exit) *NOTE* In order to perform modifications on a defined ISP, you must first type in the ISP name. At which point it will become selected for editing. + Do you want to change the "root" and "admin" passwords(y/n) + Configuration is complete. Save settings, and restart system.

2.

[Leased]

+ From main menu, choose option (l) + Follow the [Common-to-All] procedures 49. Do you want to enable DynDNS/DHS/CJB (y/n) ----- If you choose (y) then ---------- 49. Want to setup your DynDNS client now (y/n) + Do you want to change the "root" and "admin" passwords(y/n) + Configuration is complete. Save settings, and restart system.

3.

[Ethernet]

+ From main menu, choose option (e)

Pgina 14 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

+ Follow the [Common-to-All] procedures Primary DNS is required ... ... ... Secondary DNS is optional. Primary DNS address (usually your provider's DNS) Secondary DNS address (otherwise -) 49. Do you want to enable DynDNS/DHS/CJB (y/n) ----- If you choose (y) then ---------- 49. Want to setup your DynDNS client now (y/n) + Do you want to change the "root" and "admin" passwords(y/n) + Configuration is complete. Save settings, and restart system.

4.

[ADSL-PPPoE]

+ For ADSL configuration follow the [Ethernet] procedures. + And, if you need to use PPPoE with your ADSL provider ----- 626. Use PPPoe = (y) 91. Ethernet ISP ----- 911. Gateway ----- 912. Primary DNS ----- 913. Secondary DNS ----- 914. HTTP proxy ----- 915. PPPoE login name ----- 916. PPPoE password

5.

[Print]

+ From main menu, choose option (p) + Follow the [Common-to-All] procedures + Do you want to change the "root" and "admin" passwords(y/n) + Configuration is complete. Save settings, and restart system.

6.

[Remote Access]

+ From main menu, choose option (r) + Follow the [Common-to-All] procedures + Do you want to change the "root" and "admin" passwords(y/n) + Configuration is complete. Save settings, and restart system.

7.

[Bridge]

Pgina 15 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

+ From main menu, choose option (b) + Do you want to change the "root" and "admin" passwords(y/n) + Configuration is complete. Save settings, and restart system.

8.

[Advanced Settings Menu]

When you run "setup" and choose the "advanced settings" option, you will arrive at this main screen: One of the *safety* features of the setup script, is that you have the option to exit without saving changes. Upon that note, and in the interest of familiarizing yourself with the setup procedures, it is recommended that you *look* around by choosing options. (make sure you choose the option to exit without saving changes, when you're done) [ System Options ] [ Users/Passwords ] [ Hardware ] 52. COM ports 53. Ethernet cards [ Networks ] 61. Host/Domain 62. Local Networks

11. On/Off NAT/Firewall 31. root/admin 12. On/Off Bridging mode 32. Dial-in users 13. Memory/Extra 14. Savers (screen,hdd) 15. Swap file 16. Log sizes 17. Diagnostic beeps 18. On/Off Debugging 19. Extra ram drives 20. System monitor 21. Console colors [ Security/Limitations ] 22. Remote Access 23 Ban list 24. Internal security [ Add-on packages ] p. Packages menu 33. Dial-out control [ Services ] 41. DNS/server 42. Read only floppy 43. DHCP server 44. HTTP server 45. Control Panel

[ Modems ] 71. Modem settings

and Time server [ Dial-up router ] 46. Print server 47. Telnet server 81. Add/Edit/List ISP 82. Diald options

48. Port forwarding 49. DynDNS client [ Permanent router ] 50. Ident server 51. FTP server 91. Ethernet ISP 92. Leased line ISP

9.

[Common-to-All]

All router/server configuration choices (except ethernet Bridge) use a similar block of configuration options. This section identifies that block. 611. Hostname of this computer [router] 612. Domain name [inet] NETWORK CARD SETTINGS

Pgina 16 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

[- NIC 0 -] ... thru to ... [- NIC 9 -] ----- enter the Nic # to change it's settings ----- for PCI Nic's, choose 0 for both I/O and IRQ settings ----- x - exit, when done [ Network # ] [ Interface ] [ IP address ] [ Network # ] [ Interface ] [ IP address ] [ Network # ] [ Interface ] [ IP address ] [ Network # ] [ Interface ] [ IP address ] 0. 1. eth0 192.168.0.1 3. 4. 2.

5.

6.

7.

8.

9.

[ -------------- Network # specific settings -------------- ] 620. Interface name Possible types of interfaces ethN - ethernet interface number N, ex. eth0 ethN:M - alias number M for ethernet interface number N arcN - kind of arcnet interface arcNe - kind of arcnet interface (probably most used) arcN:M arcNe:M - aliases for arcnet interfaces trN - tokien ring interface trN:M - alias for token ring interface sbniN - granch SBNI12 board 621. IP address 622. Network mask 623. Network addr 624. Broadcast addr 625. DHCP pool ----- IP range for DHCP server, - disable DHCP service on this interface Example: 192.168.0.10 192.168.0.30 Note 1: Note 2: DHCP daemon eats memory for this pool, so be realistic and do not reserve too many addresses Don't include Freesco's own address in this range. Don't include very first and last IP addresses: this example is wrong 192.168.1.0 192.168.1.255 626. Use PPPoE ----- choose (y) only if your ISP requires PPPoE ----- If you choose PPPoE, then ---------- 630. ClampMSS Rewrites all packets for PPPoE connections so that internal machines do not need to have their MTU changed to 1492. As this is CPU intensive, it is not recommended for slower

Pgina 17 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

CPU's. ---------- 632. MTU For changing the Maximum Transmit Unit of the external interface. 627. Use DHCP client ----- Use DHCP client to configure network 628. Set DNS via DHCP ----- Update DNS server settings by DHCP 629. MAC addr Should be left blank in most configurations. MAC spoofing is for imitating another network card which your ISP has assigned it's MAC address into their system. 631. Gateway ----- Enter your ISP's default gateway here. ----- NOTE 1: not all IPS's require this setting ----- NOTE 2: not required when using the dhcp client [ *NOTE* ] (1). With Dialup & Leased router, and for eth0 (that is the first network card) options 620-629 are available (2). With Ethernet, Print & Remote Access, and for eth0 (that is the first network card) options 620-632 are available, excluding 625 (3). And for all other network cards, options 620-625 are available choose network 0-9 or its parameter to change (x-exit)? Autodetect modems now? (y/n) Advanced modem setup? (y/n) ----- If you choose (y), then 51. COMMUNICATION PORTS SETTINGS [ #0 COM1 (0x3F8 IRQ4) ] I/O = IRQ = Extra = [ #1 COM2 (0x2F8 IRQ3) ] I/O = IRQ = Extra = [ #2 COM3 (Ox3E8 IRQ4) ] I/O = IRQ = Extra = [ #3 COM4 (0x2E8 IRQ3) ] I/O = IRQ = Extra =

[ #4 AST Unix four(eight) ports board - cua4-cua7(cua4-cua11) ] Base I/O = Shared IRQ = Extra = UART type = Mask Rgstr = Communication hardware settings. Enter a # or (x-exit) 71. MODEMS SETTINGS [ Modem # ] 0. [ Port ] 1. 2. 3. 4.

Pgina 18 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

[ Modem # ] 5. [ Port ] 710.

6.

7.

8.

9.

Search and autoconfig modems

[ Modem # specific settings ] 711. Port 712. Port speed 713. Init string 714. Dial-in IP addr NOTE: If this modem is for dialin use, this is the IP address assigned to the dialin or null modem user. Setting this to an unused address in your local network's subnet will allow Freesco to do proxy arp for the modem user. 715. Enable null modem Null connect script NOTE: This feature enables a null modem cable connection on this interface. If you have a dialup internet connection *DO NOT* enable this feature on Modem-M The Modem connect script is the sequence of code that is sent and received by the client and the server. The default for a null modem is CLIENT OK However, if you are using an actual modem driver in your client. A more involved sequence is required. Example: AT OK ATH OK ATE0V1 OK AT OK ATDT CONNECT [ Common settings ] 716. Modem # MTU 717. Modem # MRU 718. Modems 0-9 MTU 719. Modems 0-9 MRU Choose modem 0-9 or parameter to change (x-exit) 411. Enable caching DNS server (y/s/n) ----- If you choose (y/s), then ---------- 412. Enable DNS requests logging (y/n) ---------- 413. Do you want to add static IP's to your DNS file (y/n) 431. Enable DHCP server (y/n) ----- If you choose (y), then ---------- 432. WINS address (if you have one, otherwise -) ---------- 433. Default-lease-time (sec) ---------- 434. Maximum-lease-time (sec) ---------- 435. Do you want to create/edit static DHCP leases (y/n) 441. Enable public HTTP server (y/s/n) ----- If you choose (y/s), then ---------- 442. Public HTTP server IP port [80] 451. Enable time server and router control via HTTP (y/s/n) ----- If you choose (y/s), then ---------- 452. Control HTTP server IP port [82] ---------- 453. Host Time server address (- disable syncing time) 461. Enable Print Server(s) (y/s/n) ----- If you choose (y/s), then ---------- Print server 1 port number [515] ---------- Print server 1 device port name [lp1] ---------- Allowed IP match with [1] ---------- Print server 2 port number [] ---------- Print server 2 device port number [] ---------- Allowed IP match with []

Pgina 19 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

47. Enable Telnet server (y/s/n) 51. Enable FTP server (y/s/n) ----- If you choose (y/s), then ---------- FTP port [21] ---------- Maximum Allowed FTP connections [5] ---------- Allow anonymous FTP connections (y/n) 50. Do you want to enable the ident server (y/s/n) This server gives out system information. It is not a huge security risk other than giving the type of system. Which can be exploited by an attacker. It is recommended to leave this set to either (s) or (n). However, to get some applications to run through Freesco, such as IRC it may be required to use (y) 141. Blank screen after N min (0-never) 142. Stop hdd after N*5 sec (0-never) 15. Swap file size in MB on boot device (0-disable) 13. Do you want to enable extra modules/programs (y/n) 19. Do you want to install ram drives (y/n) 161. System log size (bytes) 162. Logins log size (bytes)

VI.

[Extra Modules]

This archive contains extra network card driver modules that can be added to freesco. The following drivers are already built into freesco, and therefore do not need installing manually: ne 3c509 3c59x rtl8139 * tulip * ISA NE2000 and clones, and some PCI NE2000 clones. 3com 3c509, 3c509B, 3c529, and 3c579 3com 3c590, 3c595, 3c900, 3c905, and 3c905B Realtek 8129/8139 based PCI cards DEC 21040, 21041, and 21140 based PCI cards.

ne2k-pci * Most PCI NE2000 clones, including rtl8029

smc-ultra SMC Elite Ultra (8216), SMC EtherEZ (8416)

* There are later versions of these drivers you may want to try, in the /modules/net/newnet-drivers directory, which support newer versions of these cards. * All drivers in this archive have been gzipped. They can be placed directly into Freesco 0.3.0 without changing in any way. The following optional drivers are available in the /modules/net directory of this archive: hp100 smc9194 wd 3c503 hp hp-plus e2100 HP 10/100 VG Any Lan Cards (27248B, J2573, J2577, J2585, J970, J973) SMC -9000 / SMC 91c92/4, SMC 91c100 WD8003, SMC Elite , WD8013, SMC Elite16 3com EtherLink II, 3c503, 3c503/16 HP 27245A HP EtherTwist, PC Lan+ (27247, 27252A) Cabletron E10**, E10**-x, E20**, E20**-x

smc-ultra32 SMC Elite Ultra32 EISA

Pgina 20 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

de600 de620 lance at1700 fmv18x 3c501 3c507 3c515 eexpress eepro epic100 * pcnet32 depca ewrk3 atp de4x5 ni52 ni65 3c505 ac3200 apricot tlan arcnet eth16i 3c90x Dlink DE-600 Dlink DE-620 AMD LANCE (7990, 79C960/961/961A, PCnet-ISA) Allied Telesis AT1700 Fujitsu FMV -181/182/183/184 3com 3c501 - warning dont use this card. It's junk :) 3com Etherlink 16 3com 3c515 100mb Intel Etherexpress Intel Ether Express PRO/10 SMC EtherPower II PCI (9432) AMD 79C965 (PCnet-32) Digital DEPCA, DE100/1, DE200/1/2, DE210, DE422 Digital EtherWorks 3 (DE203, DE204, DE205) RealTek RTL8002/8012 (AT-Lan-Tec) Pocket adaptor Supports many of the same DEC based cards as the 'tulip' driver. Racal-Interlan NI5210 Racal-Interlan NI6510 (not EB) 3com Etherlink plus Ansel Communications AC3200 EISA Apricot Xen-II On Board Ethernet Compaq Nettelligent/NetFlex (Embedded ThunderLAN Chip), Texas Instruments ThunderLAN Arcnet arc-rimi, com90xx, com20020. ICL EtherTeam 16i/32 3c905B, 3c905C, 3c980, 3c980C. NOTE: this driver is experimental, and covers some cards already supported by 3c59x.

via-rhine * VIA 86C100A Rhine II (and 3043 Rhine I)

eepro100 * Ether Express PRO 10/100B

* There are later versions of these drivers you may want to try, in the /modules/net/newnet-drivers directory, which support newer versions of these cards. The above drivers apart from 3c90x are all drivers which come with the 2.0.39 kernel and are therefore a bit out of date, the following drivers in the /modules/net/new-net-drivers directory are a seperately compiled collection of PCI drivers by Donald Becker which are much more up to date. Some of them are later versions of existing drivers which support newer versions of cards (for example tulip) so try these if you have trouble. Others are just drivers for new cards. All of the new driv ers for PCI cards require the pci-scan.o module to also be placed in the /drv directory with the NIC module and may also require that your computer is PCI 2.2 compliant. eepro100 epic100 hamachi natsemi ne2k-pci rtl8139 starfire sundance tulip via-rhine yellowfin Ether Express PRO 10/100B SMC EtherPower II PCI (9432) Packet Engines "Hamachi" GNIC -II adapter National Semiconductor DP83815, Netgear FA -311 Most PCI NE2000 clones, including rtl8029 Realtek 8129/8139 based PCI cards Adaptec DuraLAN (AKA "Starfire") Adapter 64 bit adapters. Sundance ST201 "Alta" chip, D-Link DFE-550 DEC 21040, 21041, and 21140 based PCI cards. VIA Rhine and Rhine-II, D-Link DFE-530-TX Packet Engines "Yellowfin" G-NIC adapter

winbond-840 Winbond w89c840, Compex RL100ATX-PCI

Pgina 21 de 22

Divisin de Ingeniera de Sistemas y Automtica Departamento de Ingeniera

[NIC Installation]

To install a driver on a floppy installation of freesco, first make sure the driver name follows the DOS 8.3 convention. If the name is longer than 8 characters and the .gz extension, you must rename it to a shorter name before copying. Also make sure you have enough room on the floppy, as some drivers are quite large. There is about 43Kb free on a fresh Freesco 0.3.0 floppy. If you're using the DHCP server you should keep at least 20kb free depending on how many dhcp clients you have on your network. The more you have the more space you need. If you dont use dhcp, you should keep at least 5kb free. If you dont have enough room for the drivers you need, you'll have to install on a hard drive. Copy the file to the directory A:\ROUTER\DRV on the floppy disk. This directory is /mnt/router/drv from within freesco. Now boot freesco and configure the io and irq settings for the card if they are required. (Most ISA cards require manual io/irq setting while most PCI cards do not) If you like you can rename the driver file to its original long name within freesco, but this isnt required. For example: cd /mnt/router/drv mv winbond.o winbond-840.o

To install a driver on a hard drive installation of freesco, first copy the required driver file to a floppy disk, (or unzip this whole driver archive to a disk if you like) insert the disk into a running freesco machine, and type the following: mkdir /fd mount -t vfat /dev/fd0 /fd At this point the floppy disk is mounted at the directory /fd, so for example if you had the entire driver archive on the disk and you wanted to copy smc-ultra.o from the net directory: cp /fd/net/new/winbond-840.o /mnt/router/drv It is not necessary to rename the driver to a short name when installing using this method. Warning! You must unmount the disk before ejecting it. Also, dont install drivers you dont need as it will increase boot time and may cause problems. umount /fd Now enter setup and configure your cards io and irq if required, and reboot.

VII.

LINKS 1. 2. 3. Freesco Home Page www.freesco.org Freesco Support Forum forums.freesco.org Extra Software/Add-ons www.freescosoft.com/home/

Pgina 22 de 22