[debian-edu-commits] [Debian Wiki] Update of "DebianEdu/Documentation/en/ITIL/ExtraConfiguration" by PetterReinholdtsen
Debian Wiki
debian-www at lists.debian.org
Thu Oct 1 09:27:42 UTC 2015
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Debian Wiki" for change notification.
The "DebianEdu/Documentation/en/ITIL/ExtraConfiguration" page has been changed by PetterReinholdtsen:
https://wiki.debian.org/DebianEdu/Documentation/en/ITIL/ExtraConfiguration?action=diff&rev1=15&rev2=16
Comment:
Generated from git.
== Simple firewall ==
- Debian Edu's architecture suits for both centralized operations, with the placement of services centrally and can be operated locally at each school. A firewall makes it easier to start with Debian Edu's if you want to try out a small installation.
+ Debian Edu's architecture suits centralized operations with the placement of services centrally, and can be operated locally at each school. A firewall makes it easier to start with Debian Edu's if you want to try out a small installation.
== Simple firewall with floppy (Coyote) ==
@@ -35, +35 @@
* Use 10.0.2.2 as a syslog server. This is the IP address of the main server
- Warning: Since Skolelinux/Debian-Edu already has a DHCP server running, you must disable the DHCP server on your firewall/router. The same applies to all other machines that may be connected to a Skolelinux/Debian-Edu network. Having two DHCP servers on the same network is usually only trouble
+ Warning: Since Skolelinux/Debian-Edu already has a DHCP server running, you must disable the DHCP server on your firewall/router. The same applies to all other machines that may be connected to a Skolelinux/Debian-Edu network. Having two DHCP servers on the same network usually just leads to trouble
If a new version of Coyote Linux exists when you read this, it might replace the version 2.24 in the commands above with the version downloaded.
@@ -120, +120 @@
* Install the Big Pond login software? [y/n]:
- We think this refers to some extra stuff that comes from the provider Big Pond, but is not sure. Is there anyone who knows send us an email.
+ We think that this refers to some extra stuff that comes from the provider Big Pond, but is not sure. If anyone who knows better then send us an email.
{{{
h. Do you want to enable the Coyote DHCP server? [y/n]: n
@@ -194, +194 @@
Fill in the correct IP address and subnet mask (Netmask) and Coyote Linux will give the correct calculation of the broadcast address (Broadcast) and the network address (Network)
- '''Figure 3-4. Insert a password on the Coyote Linux Floppy'''
+ '''Figure 3-4. Insert a password on the Coyote Linux floppy disk'''
* {{attachment:graphics24.png}}
@@ -212, +212 @@
Choose what suits you. Do you have access to DHCP server, which is very likely, then you do not need more information.
- '''Figure 3-7. Firm IP configuration'''
+ '''Figure 3-7. Static IP configuration'''
* {{attachment:graphics27.png}}
@@ -266, +266 @@
Coyote Linux is a product in constant development and maintenance. Just like Skolelinux / Debian-edu. Meaning that new versions are released constantly, with new features and security fixes. Especially due to security fixes, you should always use the latest stable version of Coyote Linux
- Since Coyote Linux runs solely from floppy, there is no system to upgrade. You must create a new floppy as described in [[#!ExtraConfiguration--makefloppy|Section 3.3]]. To make this process as simple as possible, there are some things to remember.
+ Since Coyote Linux runs solely from a floppy disk, there is no system to upgrade. You must create a new floppy as described in [[#!ExtraConfiguration--makefloppy|Section 3.3]]. To make this process as simple as possible, there are some things to remember.
- 1. Find out what kind of network you have. If this is unknown, one can use the command '''lsmod''' to list all loaded modules (drivers) in use. Maybe this will give an idea of what kind of network cards in use.
+ 1. Find out what kind of network you have. If this is unknown, one can use the command '''lsmod''' to list all loaded modules (drivers) in use. Maybe this will give an idea of what kind of network cards are used.
{{{
coyote# lsmod
@@ -290, +290 @@
}}}
In this list of modules that are loaded, the module for the network card 3com509 is loaded twice. For a list of available modules, look at
- It is best practice to write down on the machine itself what kind of network card it contains.
+ It is best practice to write on the machine itself what kind of network card it contains.
1. What kind of "port forwarding" is it?
@@ -323, +323 @@
1. First you start Coyote Linux without any wired network card
1. Then use the crossed cable to connect Coyote Linux with the Skolelinux / Debian-edu main server (make sure it goes to the NIC labeled eth0 if the main server is a combined server).
- 1. Login to the main server. Try to '''ping''' the Coyote Linux machine. Use the command '''ping -c10 10.0.2.1''', or alternatively, try to ping the main server from Coyote Linux command '''ping -c10 10.0.2.2'''.
+ 1. Login to the main server. Try to '''ping''' the Coyote Linux machine. Use the command '''ping -c10 10.0.2.1''', or alternatively, try to ping the main server from Coyote Linux with the command '''ping -c10 10.0.2.2'''.
1. Then you get a response like this if it works:
{{{
@@ -333, +333 @@
64 bytes from 10.0.2.1: icmp_seq=1 ttl=63 time=0.3 ms
64 bytes from 10.0.2.1: icmp_seq=2 ttl=63 time=0.3 ms
}}}
- Then you have found the network card on the Coyote Linux that must be labeled LAN. Then we know that the other network card is WAN. This procedure will only work as long as the network cards on LAN is set up properly. As shown during startup on the line
+ When you have found the network card on the Coyote Linux that must be labelled LAN, then we know that the other network card is WAN. This procedure will only work as long as the network card on the LAN is set up properly. As shown during startup on the line
{{{
LAN network: UP
@@ -365, +365 @@
You can log in. Use the user name "root" and the password you set when you created the floppy (if this was done from Windows). or press '''Enter''' (blank password) for logging on floppy disk created by Linux
- Note: It is normal that you don't get any visible return when you type a password in a Linux system. This is to reveal as little as possible information about the password.
+ Note: It is normal that you don't get any visible response when you type a password in a Linux system. This is to reveal as little information as possible about the password.
=== Exception handling ===
@@ -385, +385 @@
Q: [[#!ExtraConfiguration--AEN704|It looks like the network card (WAN) connected to the Internet, is not working: DOWN]]
- Q: [[#!ExtraConfiguration--AEN724|We have set up firewalls with many different driver modules for many network cards. We have yet to find something not working properly.]]
+ Q: [[#!ExtraConfiguration--AEN724|We have set up firewalls with many different driver modules for many network cards. We have yet to find anything not working properly.]]
'''Q:'''It looks like the network card (LAN) going to to the Skolelinux/Debian-edu network is not working: DOWN
- '''A:'''Did you set up your network card according to the [[#!ExtraConfiguration--fwconf|A]], but still do not work. You may have chosen the wrong driver for your network card
+ '''A:'''If you set up your network card according to [[#!ExtraConfiguration--fwconf|A]], but it still does not work. That may mean the wrong driver has been chosen for your network card
'''Q:'''It looks like the network card (WAN) connected to the Internet, is not working: DOWN
'''A:'''There are usually two reasons why the WAN network card is not up (UP):
- 1. You use a connection with the wrong Internet connection. So you have to look anew at [[#!ExtraConfiguration--clconnectiontype|2.b]]
+ 1. You're using a connection with the wrong Internet configuration. Take another look at [[#!ExtraConfiguration--clconnectiontype|2.b]]
- If you have a connection with a DHCP-assigned address, which is not static. Then it must be a physical connection through a network wire between Coyote Linux and the net contact
+ If you have a connection with a DHCP-assigned address, which is not static. Then it must be a physical connection through a network wire between Coyote Linux and the network socket.
1. You have chosen the wrong driver module for this network card.
- You should attempt to login to Coyote Linux and choose '''q) quit''' to go out of Coyote Linux menu. So you should run the command
+ You should attempt to login to Coyote Linux and choose '''q) quit''' to leave the Coyote Linux menu. Then you should run the command
'''dmesg|more'''
then use '''space''' to scroll. Look for references to '''eth0''' and '''eth1'''. Look at [[#!ExtraConfiguration--clnicnames|Different names to the network cards]] for a reminder of what eth0 and eth1 means. Usually it is an indicator of what the problem is.
- '''Q:'''We have set up firewalls with many different driver modules for many network cards. We didn't find one not working properly.
+ '''Q:'''We have set up firewalls with many different driver modules for many network cards. We have yet to find one that doesn't work properly.
- '''A:'''Do you have you looked at this site for more information about network card and corresponding driver modules for Coyote Linux? [http://www.dalantech.com/ http://www.dalantech.com]
+ '''A:'''Have you looked at this website for more information about network cards and corresponding driver modules for Coyote Linux? [http://www.dalantech.com/ http://www.dalantech.com]
=== Verification ===
@@ -421, +421 @@
== Firewall administration through the browser (Coyote) ==
- User Case: We need to change the settings in the firewall. The firewall is locked in the computer room. May I make the change over the network.
+ Use Case: We need to change the settings in the firewall. The firewall is locked in the computer room. Can I make the change over the network?
Author: Klaus Ade Johnstad.
Co-author: Knut Yrvin
- Coyote Linux has a pretty and a functioning administration tool via a website. Here you can do it all. Write [http://10.0.2.1:8180/ http://10.0.2.1:8180] in the address field of your browser. The address will provide web administration for Coyote Linux. Click on the link and enter your user name '''root''' and password you created for the firewall.
+ Coyote Linux has a pretty and practical administration tool through a web portal. Here you can do everything. Type [http://10.0.2.1:8180/ http://10.0.2.1:8180] in the address field of your browser. The address will provide web administration for Coyote Linux. Click on the link and enter your user name '''root''' and the password you created for the firewall.
'''Coyote Linux web administration'''
@@ -440, +440 @@
* {{attachment:graphics43.png}}
* Information
- Choosing this, gives the status of your network cards, IP addresses in place, uptime for Coyote Linux, Ist and the like.
+ Choosing this gives the status of your network cards, active IP addresses, uptime for Coyote Linux, Ist and the like.
* LAN setup
@@ -452, +452 @@
* Internet setup
- Here you have the possibility of changing the values in WAN network card connecting to the Internet. If you have got a new ISP, or change a dynamically assigned by DHCP to a fixed IP address, this is the place to change the information without the need of creating a new Coyote Linux floppy from scratch. See [[#!ExtraConfiguration--clconnectiontype|2.b]]
+ Here you have the possibility to change the values in the WAN network card connected to the Internet. If you have got a new ISP, or changed a dynamically assigned IP address by DHCP to a fixed one, this is the place to change the information without the need of creating a new Coyote Linux floppy from scratch. See [[#!ExtraConfiguration--clconnectiontype|2.b]]
* DHCP setup. Warning: Do not enable the DHCP server in Coyote Linux!
@@ -484, +484 @@
* System password
- Here you may change the root password i Coyote Linux, also known as system password. This is the same as using the command line [[#!ExtraConfiguration--cllogin|Section 3.6]].
+ Here you can change the root password for Coyote Linux, also known as the system password. This is the same as using the command line [[#!ExtraConfiguration--cllogin|Section 3.6]].
* Configuration files
@@ -492, +492 @@
* Diagnostic tools
- Here you will find useful tools like ping, testing ports (gateway), testing nameserver (DNS), and the status of the network.
+ Here you would find useful tools like ping, testing ports (gateway), testing nameserver (DNS), and the status of the network.
* Backup now
- Are there any changes Coyote Linux ''must'' these be saved on the diskette. By selecting Main Menu in Coyote Linux users can choose to save the setup. The alternative is that all changes are lost when you reboot Coyote Linux
+ Are there any changes in Coyote Linux then those ''must'' be saved on the diskette. By selecting Main Menu in Coyote Linux users can choose to save the setup. The alternative is that all changes are lost when you reboot Coyote Linux
* Reboot the system
- When you need to start the Coyote Linux again this can be done from the "Main Menu". When choosing restart this must be confirmed.
+ When you need to start again the Coyote Linux, this can be done from the "Main Menu". When choosing restart this must be confirmed.
'''Restart or turn off Coyote Linux?'''
@@ -520, +520 @@
== Firewall as a DHCP server (Coyote) ==
- User case: Want to set up a good DHCP server with high stability regardless of operating the network. Notification: normal DHCP server in a non-Skolelinux/Debian-edu network
+ Use case: Want to set up a good DHCP server with high stability regardless of the operating system. Notification: normal DHCP server in a non-Skolelinux/Debian-edu network
Author: Klaus Ade Johnstad.
@@ -570, +570 @@
Author: Klaus Ade Johnstad.
- Note: It was not noticed a case where Coyote didn't work with an ISP in Norway. Tell us if you've experienced problems with one.
+ Note: We've seen no case where Coyote didn't work with an ISP in Norway. Tell us if you experience problems with an ISP.
This is a list of Internet providers that work well with Coyote Linux
@@ -580, +580 @@
* UPC Chello Classis, Norway
* The Department of Education in Oslo. Not tested on schools connected to Simens' !InnsIKT-solution for Oslo schools
- Due different network policies in The Department of Education in Oslo''must'' you make the following changes in [[#!ExtraConfiguration--mainserver|the main server]]:
+ Due to different network policies in The Department of Education in Oslo, you ''must'' make the following changes in [[#!ExtraConfiguration--mainserver|the main server]]:
Change the following in the file`/etc/bind/named.conf` [[#!ExtraConfiguration--FTN.AEN983|[5]]]
@@ -608, +608 @@
}}}
This means to remove the comment marker (#) in front of "forwarders".
- If you don't do this, you one will not be able to connect to the Internet due to problems with the name server (DNS) in The Department of Education in Oslo. Operating staff will also engage more people to get this changed to such as this service want it.
+ If you don't do this, you will not be able to connect to the Internet due to problems with the name server (DNS) in The Department of Education in Oslo. Operating staff will also engage more people to get this changed to such as this service wants it.
After the changes are inserted in `/etc/bind/named.conf` one needs to restart bind with '''service bind9 restart'''
@@ -690, +690 @@
Co-author: Knut Yrvin
- Network cards with model number 3c509 from 3Com, have been a very popular series. Many have Coyote Linux with such a network card built-in which could have been produced for example in 1989, almost 20 years ago. We've run these cards in three years with Coyote firewall without any problems. Once you have managed to get them running, they will probably run for a long time. But it is sometimes difficult to get the cards to work in the first place. This is because they have an ISA bus. This means that important addresses (IO) and termination messages (IRQ) must be handled manually. This is done automatically with PCI cards. But using one ISA card requires extra effort. IO and IRQ on these cards can be handled by an old DOS program. This can be somewhat difficult to obtain, since this is almost 20 years old software.
+ Network cards with model number 3c509 from 3Com have been a very popular series. Many have Coyote Linux with such a network card built in which could have been produced for example in 1989, over 25 years ago. We've run these cards for three years with Coyote firewall without any problems. Once you have managed to get one running, it will probably run for a long time. But it is sometimes difficult to get the cards to work in the first place. This is because they have an ISA bus. This means that important addresses (I/O) and termination messages (IRQ) must be handled manually. This is done automatically with PCI cards, but using an ISA card requires extra effort. I/O and IRQ on these cards can be handled by an old DOS program. This can be somewhat difficult to obtain, since this software is over 25 years old.
The DOS configuration program is called `3c5x9cfg.exe`, and it is used in the following way:
1. Start the machine with DOS. One can use !FreeDOS or a boot floppy created with Windows 95 or 98.
- 1. As soon as the machine is booted using DOS, insert a diskett with the program `3c5x9cfg.exe`. Run the program 3c5x9cfg.exe from the command line in DOS.
+ 1. As soon as the machine is booted using DOS, insert a floppy disk with the program `3c5x9cfg.exe`. Run the program 3c5x9cfg.exe from the command line in DOS.
1. When 3c5x9cfg.exe is started, each of the 3c509 network cards can be configured with the "auto" option
`3c5x9cfg.exe` can be found at Ruprecht-Karls-Universität Heidelberg: [http://www.urz.uni-heidelberg.de/Netzdienste/nm/misc/3comnic/ ]
More information about the debian-edu-commits
mailing list