Initial Configuration
Prev Chapter 4. Preliminary Installation Next

Initial Configuration

This procedure will guide you through the initial configuration of the router. Once complete, you will have a firewall capable of receiving its network settings from a DHCP server, issuing network settings to internal clients, and DNS caching for internal clients. If you have static addressing on either side (or both sides) of the firewall, complete this procedure anyway. There are additional procedures later for converting to static addressing.

  1. Insure you have the Network Information Sheet filled out.

  2. Boot the firewall PC with the Dachstein Disk, and log in as root (just type root at the firewall login: prompt and press [Enter]). You should now be at the LRP configuration menu.

  3. Press [3] for Package settings, then [Enter], then the number next to modules, then [Enter], then the number next to modules kernel modules to load at boot, then [Enter]. This will automatically start e3, and load the /etc/modules file.

  4. Using the arrow keys, scroll down until you see a module (driver) for your network card(s). For the NE2000 compatible cards, there are actually two modules that must be loaded, 8390.o and ne.o. For 3Com 3C509B adapters, there is a single module, 3c509.o which must be loaded. For Intel EtherExpress PRO/10 cards, the module to use is the eepro module.

    Note

    for laptop installations, you should not need to uncomment any modules. This is handled by the pcmcia services modules. In this case, you may skip to step 7.

  5. Remove the # sign in front of each driver that you will load. For the NE2000 compatibles, make sure that the 8390 entry appears first in the file, then, down further, the ne entry.

    For 3Com 3C509B adapters, just uncoment the 3c509 line, and go on to step 7.

    For Intel EtherExpress PRO/10 adapters, uncomment the eepro line, and go on to the next step.

  6. Using the entries from blocks 21, 22, 25, and 26 on the Network Information Sheet, change the line beginning with ne following this following format:

    ne io=<ExtIO>,<IntIO> irq=<ExtIRQ>,<IntIRQ>

    For example, using the configuration in Preparing the PC, this line would read:

    ne io=0x280,0x300 irq=3,5

    Note

    This step does not apply to 3Com adapters. Do not pass the I/O and IRQ settings to the 3c509 module explicitly.

    For Intel EtherExpress PRO/10 adapters, pass the io address and the irq in the same manner as for the ne module. Since efforts to run two EtherExpress PRO/10 cards in the same PC have not produced favorable results, the following example illustrates configuration of only one of these adapters:

    eepro io=0x280 irq=3

  7. Scroll down to the ###IP Masq modules section.

  8. Verify that, at the very least, the following modules are active (that is, they are not commented out)...:

    ip_masq_user
ip_masq_autofw
ip_masq_portfw
ip_masq_mfw

    ... and uncomment the following if you want to allow the respective traffic through the firewall:

    ip_masq_ftp (for access to external ftp servers)
ip_masq_h323 (for MS NetMeeting)
ip_masq_icq
ip_masq_quake
ip_masq_raudio
ip_masq_vdolive
ip_masq_cuseeme

  9. Save the file by typing [Ctrl]-[s].

  10. Exit e3 by typing [Ctrl]-[q].

  11. Type [q], [Enter], [q], [Enter] to get back to the main configuration screen.

  12. Type [1], [Enter] to go into the Network configuration menu, then [1], [Enter] to edit the /etc/network.conf file.

  13. This file is divided into ten sections. Each section title is bordered by # symbols on the left, top, and bottom to make them stand out. Note that this is a good time to review the network.conf reference provided on lrp.steinkuehler.net. It explains what all of the settings in this file do. These sections are:

    • Brief Instructions for this file

    • General Settings

    • Interfaces

    • NAT 'virtual' interface

    • IP Filter setup

    • Internal interface

    • Port forwarding

    • DMZ setup

    • Interface activation/deactivation functions

    • Hostname

    • Hosts file

    • Domain Search order and name servers

    • QoS/Fariqueing functions

    • End

  14. Scroll down to the General Settings section.

  15. Change the MAX_LOOP setting from 10 to the number of DNS servers you will access.

    Example: If your ISP gave you a primary and secondary dns address only, this number should read 2.

  16. Scroll down to the line in the Hostname section that reads:

    HOSTNAME=firewall

  17. Change this line to read:

    HOSTNAME=<name_from_block_16> (this comes from block 16 on the Network Information Sheet.)

  18. Locate the line in the Hosts file section that reads:

    HOSTS0="$eth1_IPADDR   $HOSTNAME.private.network      $HOSTNAME fw"

  19. Change this line to read:

    HOSTS0="$eth1_IPADDR   $HOSTNAME.<domain_from_block_19>      $HOSTNAME fw"

  20. Press [Ctrl]-[s] to save the changes.

  21. Press [Ctrl]-[q] to exit back to the menu.

  22. Press [q] then [Enter] to return to the main menu.

  23. Press [q] then [Enter] to exit to the shell.

  24. Type:

    passwd [Enter]

    to change the system password.

  25. At the

    Enter new password:

    prompt, type in a password between 5 and 8 characters (numbers are also acceptable), then press [Enter].

    Note

    you will not see the characters you type appear on the screen, nor will you see the cursor move.

  26. At the

    Re-enter new password:

    prompt, type in the same password, then press [Enter]. Again, you will not see the characters you type appear on the screen, nor will you see the cursor move.

    If you typed in the same password both times, you will see a message appear indicating that the password was changed. If you see the following message:

    Passwords do not match.
The password for root is unchanged.

    This means that the passwords you typed in were not the same. If this is the case, return to step 54 and try again.

  27. Back up the firewall disk now (see Appendix A).

Prev Up Next
Fill Out the Network Information Sheet Home Chapter 5. Adding Features to the Working Firewall