Fedora Network Infrastructure Configuration. Customize the network of the house

Only lazy wrote on this topic, but I think that I will not be mistaken if I say that this issue is in the first place for beginners and every newcomer asked such a question. What would I do not explain that yes, as everyone I am writing this article. so

How to set up home mesh .

Suppose you have two or more computers at home and you would like to link them into a single infrastructure. For this, it is not necessary a lot of effort and reading a heap of manuals and other things. In fact, the most difficult is the physical network connection.The very first thing you must solve this which device will become the main on the network, it can be stationary computer In the form of a desktop or laptop that you touch less than all other devices, or WiFi device. At the moment, the WiFi access point with support for Internet access protocols that most providers use are consistently. The network circuit in this case is displayed in Figure 1. In this case, the network cable is connected to a WiFi point and it is the router that distributest IET for computers and devices. This connection is most convenient and quickly configured, but requires installing WiFi to all devices that happens quite considerable. In this case, the settings on devices are minimal, and if a DHCP server is enabled on a WiFi router, then all network settings can be set automatically. I will describe the network setting for the second type of connections depicted in Figure 2. Here the main distribution and configuring server is homely desktop, two installed two network cardss (often it happens that they are built into motherboard On modern models) and the wireless router is connected to it with wire. This system Convenient so that you do not need to install in the desktop wireless cardthat reduces the cost of this network. DHCP server will work on the main desktop, which will complicate the receipt of network parameters for a potential attacker. After you connect all devices physically, start setting software. Select the address for the internal network. Let the address of the main computer be 10.12.0.1 mask For him will be 255.255.255.0. Specify this option for the connected network interface. With WiFi. device. Right-click on the appletNetwork Manager in the system tray, call the windowchanges in network parameters. Usually Network Manager.creates for existing network cards network interfaces with System Eth0 and System ETH1 names. Choose the one you look at your WiFi device. And click the Edit button. In the window that opens, go to the IPv4 tab and select the Manual Method method from the list. In the active field "Addresses", specify the selected addresses as in Figure 3. Gateway, specify as 0.0.0.0, because for this interface The gateway is not needed. Click "Apply". Configure your Internet connection in the second interface using .

Now you will configure the DHCP server based on the DNSMASQ Demon. That step can be skipped, but then you have to prescribe all network parameters for each device separately if the devices can slightly skip the configuration of this daemon. You can also configure the DHCP server on your device then you should refer to the instructions on the device. If you still want to get completely automatic system That will configure the demon. To begin with, install a daemon if it is not installed in the system:

now it should be added to the Demon config on the way /etc/dnsmasq.conf the following parameters:

nO-NEGCACHE.
DHCP-authoritative
resolv-file \u003d / etc / risolv.conf
Domain-Needed.
Bogus-Priv.
Filterwin2k.
Domain \u003d Home.net.
Local \u003d / home.net /
DHCP-OPTION \u003d 1,255.255.255.0
DHCP-OPTION \u003d 3,10.12.0.1
DHCP-OPTION \u003d Home.Net, 6,10.12.0.1
DHCP-OPTION \u003d HOME.NET, 44.10.12.0.1
DHCP-RANGE \u003d HOME.NET, 10.12.0.15,10.12.0.50,15M

These directives have the following meaning:

This option disables the negative caching of DNS requests, that is, if the host is unknown, then we will try to find it. If you want that the server would remember unknown domains and did not try to find them delete this option.

This option indicates that this server is the only network and requests from others will not be accepted.

this directive prohibits sending requests from clients to servers above the position in the network if not fully indicated domain name (It is useful if the network will be the windows that suffer from this)

The directive makes the server respond to "no such domain" to reverse the domain search inside the network and do not send a request to the upstream server.

Filtering Curves from Windows Systems to higher servers (for Windows Machines)

We will specify our internal domain of the internal network, you can specify any. Devices that will be connected to get the names within a network of type device.home.net or nout.home.net depending on the device name.

Directive means that this domain is local.
The following directives will be assigned to network interests of customers:

Network mask for customers

The default gateway for customers, in our case, is the IP address of the main desktop.

dHCP-OPTION \u003d Home.Net, 6,10.12.0.1

DNS server for customers, in our case it is the main desktop. You can also specify an external DNS issued by the provider, but then the names for devices connected to the network will not be resolved.

dHCP-OPTION \u003d HOME.NET, 44.10.12.0.1

NetBIOS network server, for Windows machines or Samba servers.

dHCP-RANGE \u003d HOME.NET, 10.12.0.15,10.12.0.50,15M

Well, the range of selected addresses from which addresses will be heard.

Now run the demon command

And turn on automatic start when you start the computer

If you decide to prescribe network settings for devices manually, set the following network parameters for your WiFi device:

IP 10.12.0.2.
Network mask 255.255.255.0.
Network gateway 10.12.0.1

You also need to configure the parameters in this way on your devices. In addition, on devices that Internet access via desktop, you should specify DNS address 10.12.0.1.
If you configured the DNSMASQ server, configure your device to automatically receive an IP address and other DHCP network settings (for this refer to your device's instructions) and simply connect it to the network interface. After some time, the device must receive network settings, and in /valar/lib/dnsmasq/dnsmasq.leases, an entry indicating how the address received the device. If this did not happen carefully examine the log / var / log / messages, there are usually problems with the SELinux enabled or errors in configuration file. Do not forget to disable dHCP featureIf there is something available, in your WiFi device it would not interfere.
At this stage you can try to connect other devices to the network. They must pitch among themselves and see each other by name.
The next step setting the distribution of the Internet to other devices. To do this, you need to enable packet routing between interfaces, and configure the firewall to drop packages from local network to the Internet. The first task is solved by turning on IP forwarding on the main desktop, to do this, correct the NET.IPV4.IP_FORWARD parameter from 0 to 1: Correct in the /etc/sysctl.conf file.This parameter indicates that the forwarding should be included in this system, but it is activated only after rebooting, so you should restart the computer or use the following ROOT command to manually set the desired system parameter:

#echo 1\u003e / Proc / SYS / NET / IPv4 / IP_Forward

Next, you should configure the FAIrolo to the network masquerading for this you can use the graphical interface on the path system \\ administration \\ firewall. Put the ticks opposite your interface to which the WiFi device is attached in the Trusted Devices section, as well as in the Masquerade section, specify the devices through which you should distribute the Internet inside the network. Do not forget to turn on the corresponding button if it is disabled, and apply changes. Now you can try to connect devices to WiFi and access the Internet.

In general, this setting The total and most other forms of networks can be configured in a similar way. In general, there is nothing complicated in such a configuration, and all the information is easily available on the network. Good luck!

How to set up home mesh .

Suppose you have two or more computers at home and you would like to link them into a single infrastructure. For this, it is not necessary a lot of effort and reading a heap of manuals and other things. In fact, the most difficult is the physical network connection.The very first thing you need to solve is what device will become the main on the network, it can be a stationary computer in the form of a desktop or laptop that you touch less than all other devices, or WiFi device. At the moment, the WiFi access point with support for Internet access protocols that most providers use are consistently. The network circuit in this case is displayed in Figure 1. In this case, the network cable is connected to a WiFi point and it is the router that distributest IET for computers and devices. This connection is most convenient and quickly configured, but requires installing WiFi to all devices that happens quite considerable. In this case, the settings on devices are minimal, and if a DHCP server is enabled on a WiFi router, then all network settings can be set automatically. I will describe the network setting for the second type of connections depicted in Figure 2. Here the main distribution and configuring server is homely desktop, it features two network cards (it often happens that they are built into the motherboard on modern models) and the wireless router is connected to it. wire. This system is convenient for the fact that you do not need to install a wireless card in the desktop, which reduces the cost of this network. DHCP server will work on the main desktop, which will complicate the receipt of network parameters for a potential attacker. After you connect all devices physically, start setting up software. Select the address for the internal network. Let the address of the main computer be 10.12.0.1 mask For him will be 255.255.255.0. Specify this option for the connected network interface. With WiFi. device. Right-click on the appletNetwork Manager in the system tray, call the windowchanges in network parameters. Usually Network Manager.creates for existing network cards network interfaces with System Eth0 and System ETH1 names. Choose the one you look at your WiFi device. And click the Edit button. In the window that opens, go to the IPv4 tab and select the Manual Method method from the list. In the current "addresses" specify the selected addresses as in Figure 3. Gateway, specify as 0.0.0.0, because the gateway is not needed for this interface. Click "Apply". Configure your Internet connection in the second interface usingNetwork Manger.

Now you will configure the DHCP server based on the DNSMASQ Demon. That step can be skipped, but then you have to prescribe all network parameters for each device separately if the devices can slightly skip the configuration of this daemon. You can also configure the DHCP server on your device then you should refer to the instructions on the device. If you still want to get a fully automatic system, then you will configure the demon. To begin with, install a daemon if it is not installed in the system:

now the following parameters should be applied to the Demon config on the /etc/dnsmasq.conf:

nO-NEGCACHE.
DHCP-authoritative
resolv-file \u003d / etc / risolv.conf
Domain-Needed.
Bogus-Priv.
Filterwin2k.
Domain \u003d Home.net.
Local \u003d / home.net /
DHCP-OPTION \u003d 1,255.255.255.0
DHCP-OPTION \u003d 3,10.12.0.1
DHCP-OPTION \u003d Home.Net, 6,10.12.0.1
DHCP-OPTION \u003d HOME.NET, 44.10.12.0.1
DHCP-RANGE \u003d HOME.NET, 10.12.0.15,10.12.0.50,15M

These directives have the following meaning:

This option disables the negative caching of DNS requests, that is, if the host is unknown, then we will try to find it. If you want that the server would remember unknown domains and did not try to find them delete this option.

This option indicates that this server is the only network and requests from others will not be accepted.

this directive prohibits sending requests from clients to servers above on the network position if it is not a complete domain name (it is useful if there are Windows windows that suffer)

The directive makes the server respond to "no such domain" to reverse the domain search inside the network and do not send a request to the upstream server.

Filtering Curves from Windows Systems to Higher Servers (for Windows Machines)

We will specify our internal domain of the internal network, you can specify any. Devices that will be connected to get the names within a network of type device.home.net or nout.home.net depending on the device name.

Directive means that this domain is local.
The following directives will be assigned to network interests of customers:

Network mask for customers

The default gateway for customers, in our case, is the IP address of the main desktop.

dHCP-OPTION \u003d Home.Net, 6,10.12.0.1

dHCP-OPTION \u003d HOME.NET, 44.10.12.0.1

NetBIOS network server, for Windows machines or Samba servers.

dHCP-RANGE \u003d HOME.NET, 10.12.0.15,10.12.0.50,15M

Well, the range of selected addresses from which addresses will be heard.

Now run the demon command

And turn on automatic start when you start the computer

If you decide to prescribe network settings for devices manually, set the following network parameters for your WiFi device:

IP 10.12.0.2.
Network mask 255.255.255.0.
Network gateway 10.12.0.1

You also need to configure the parameters in this way on your devices. In addition, on devices that Internet access via desktop, you should specify DNS address 10.12.0.1.
If you configured the DNSMASQ server, configure your device to automatically receive an IP address and other DHCP network settings (for this refer to your device's instructions) and simply connect it to the network interface. After some time, the device must receive network settings, and in /valar/lib/dnsmasq/dnsmasq.leases, an entry indicating how the address received the device. If this did not happen carefully read the log / var / log / messages, there are usually problems with the SELinux enabled or errors in the configuration file. Do not forget to disable the DHCP function, if any, in your WiFi device it would not interfere with.
At this stage you can try to connect other devices to the network. They must pitch among themselves and see each other by name.
The next step setting the distribution of the Internet to other devices. To do this, you need to enable packet routing between interfaces, and configure the firewall to drop packages from the local network to the Internet. The first task is solved by turning on IP forwarding on the main desktop, to do this, correct the NET.IPV4.IP_FORWARD parameter from 0 to 1: Correct in the /etc/sysctl.conf file.This parameter indicates that the forwarding should be included in this system, but it is activated only after rebooting, so you should restart the computer or use the following ROOT command to manually set the desired system parameter:

#echo 1\u003e / Proc / SYS / NET / IPv4 / IP_Forward

In general, this setting is quite common and most of the other forms of networks can be configured in a similar way. In general, there is nothing complicated in such a configuration, and all the information is easily available on the network. Good luck!

The first my communication with Linux took place about six years ago. Then it was some fresh haired Red Hat.That we could install with each other, but at the same time enter it in it did not work.
However, the article is not about it. Later through my hands and head almost all families passed distributions LinuxAnd everywhere I noticed my approaches to the auto-tuning network. And in this cycle of articles, I will try to illuminate the most popular of them. I hope they will be useful to those users who are still clicking on the buttons and put ticks in the graphics managers settings, but already understand that it is not true :)
Perhaps the cognitive these articles will be both those who (not from great knowledge) writes their network management scripts and places them in some rc.local

For the tunnel above, these files may look like that.

rule-Tun0:
FROM 10.0.0.2 Lookup MyTable

route-Tun0:
Default Dev Tun0 Table MYTABLE
192.168.0.0/24 Dev Tun0.

By creating these files, we remove your headache that the relevant rules and routes are created and deleted when lifting and lowering the interface, respectively.

Another interesting opportunity is the automatic creation of alias. If you have an ETH0 interface with an address 192.168.0.1, and you want to hang 192.168.0.2, then it's enough to create an IFCFG-ETH0: 1 file, where to enter in addition to the above parameters (iPaddr, Netmask and so on), one more - RealDevice \u003d Eth0.
If suddenly there was a need to create big number Alias, and individual files do not want to create each, then there is an output: IFCFG-ETH0-RANGE will save us, which may look like this:
Ipaddr_start \u003d 192.168.0.5
Ipaddr_end \u003d 192.168.0.15
CloneNum_start \u003d 3.

This example will create ETH0: 3 - ETH0: 13 interfaces with addresses from 192.168.0.5 to 192.168.0.15.

Well, finally, it is impossible not to mention the ifup.d and ifdown.d directories lying in the same place (in / etc / sysconfig / network-scripts).
In these directories, you can put your files that will be executed when lifting and lowering the interface. Your scripts will be transmitted one parameter $ 1 - this is the name of the interface that was raised or omitted.

Having a network configured for these principles, you can always raise / omit separate interface The IFUP NAME (IFDown Name) command, where Name is your interface. To restart the entire network, it is enough to dial the Service Network Reload.