Installation of the router with RedHat**-Linux** 7.1

==> Concerning performance it would be advisible to use RedHat**-Linux** 9 as operating-system for the router - particularly if the router should also fulfill functions as a telefacs-server.

For the document describing the Installation of a router with RedHat**-Linux** 9 please follow this link.

As I had a spare notebook with an Intel 486-processor and I needed a router for ADSL-connection at home, I realised that RedHat**-Linux** 9 requieres at least a Pentium-processor.
So I set up my 486-notebook with RedHat**-Linux** 7.1 as described.

All following instruction are for installing RedHat**-Linux** version 7.1.

Select the graphic option lowres:

During the boot process from diskette or CD-ROM a 'Welcome' screen is displayed where different options can be chosen.
At that time key in lowres and press the Enter-Key.
This will disable the recognition of the Video-Graphics-Adaptor (VGA) and perform the installation in Standard-VGA-Mode which is supported by all VGA.

Language Selection, Keyboard Configuration and Mouse Configuration:

Please select the appropriate values according to your configuration.

Install Options:

This computer is the 'security guard' which has to prevent attacks of all kind from the public internet to reach the private intranet.
To avoid the installation of packets causing security holes and to waste capacity with not used functions Linux** will be installed as Custom System.

Disk Partitioning:

Select Manually partition with Disk Druid

Choose Partitions to Format:

Choose partitions to format: All (check)

Check for bad blocks while formatting: Yes (check)

Lilo Configuration:

Create boot disk: No (don't check)

Do not change all other values.

Network Configuration:
This option is not shown if the NIC (network interface card) is not detected during the installation-process.
In that case the instruction for 'Configure the Network Interface Card' apply after finishing the stardard-installation.

Configure using DHCP: No (don't check)

Activate on boot: Yes (check)

IP Adress: 192.168.0.254

Netmask: 255.255.255.0

Netzwork: 192.168.0.0

Broadcast: 192.168.0.255

Hostname: SERVER

Gateway: 192.168.0.254

Primary DNS, Secondary DNS and Tenary DNS:
The TCP/IP-Addresses of the Domain-Name-Servers (DNS) are provided by the used Internet-Service-Provider (ISP) .
Here is a list of some Austrian ISP:
A-ON: 195.3.96.67, 195.3.96.68
UTA: 195.70.224.61, 195.70.224.62

Firewall Configuration:

No firewall (check)

Do not change all other values.

N.B.: The protection of the internal network is done with a script. The description follows under Linux - Firewall and Masquerading .

Language Support Selection:

English(USA) (check)

N.B.: If necessary more than one language can be chosen.

Time Zone Selection:

System clock uses UTC: Yes (check)

Europe/Vienna (check) - or whereever the server is located ;-)

Account Configuration:

Choose a Root Password (for Administrator-functions) but do not define other Account Names now.

N.B.: Passwords are case sensitive; so check if 'caps-lock' is enabled when you enter the Root Password.
My recomendation is, to use only lower case character for passwords.

Authentication Configuration:

Do not change the values.

Selecting Package Groups:

The following list lists only the packages to be inst

The following list comprises only those packages which have to be installed.

• Printing Support

• X Window Systems

• GNOME

• Mail/WWW/NewsTools

• Laptop Support (if necessary; installs PC-Card-drivers and infrared-utilities)

• Dialup Workstation

Select individual packages: Yes (check)

Depending on utilities to be installed several packages must be selected individually.
After checking 'Select individual packages' and clicking on the 'Next' button, groups of packages will be displayed.
According to the intended services and application-programs the following packages must be selected (checked):

Install always	Applications - System - linuxconf
SAMBA-Server	Applications - System - samba-swat
Linux - Firewall and Masquerading	System Environment/Base - iptables-ipv6

It might happen, that further packages have to be installed to fulfill dependencies. Please confirm the suggestions of the installer.

X-Configuration:

Do not change the suggested graphic-adaptor.

Custom Configuration:

Select the color-depth and the pixel-resolution according to the attached monitor.
The button 'Test Setting' allows you to check if the chosen values fit the attached monitor.

Please choose your login type: Text (check)

The instructions for the standard-installation end here.
Installation-steps which have to be done manually are described in the following steps.

Define the TCP/IP-address and the symbolic Name of the Server:

Under certain circumstances the TCP-/IP-address defined during standard-installation is not put to the configuration-file /etc/hosts.
If you do not find a line starting with the chosen TCP/IP-address (192.168.0.254 in this example), please insert the missing line.
Here is an example how the configuration-file /etc/hosts should look like :
# Do not remove the following line, or various programs
# that requiere network functionality will fail
127.0.0.1       localhost.localdomain  localhost
192.168.0.254   router.g2t.office.at   router

The above example aasumes, that the TCP/IP--Hostname as described under NetBIOS- and TCP/IP-Setup of a workstation was router.g2t.office.at .

Configure the Network-Interface-Card:

The configuration of the NICs is highly dependant on the manufacturer and the type of the NIC.
If there are 2 NICs installed (1 for the internal network, 1 for the connection to an ISP over ADSL, DSL or cable-modem), then it is strongly recommended to use different types of NIC. This simplifies the identification which NIC should be connected to which cable.

Newer network-interface-cards (NIC) are detected during the standard-installation.
The following instruction have to be done only, if the NIC was not detected during standard-installation.

The NIC-driver and I/O-adddresses (if not defined by a plug&play-bios) are defined in the file /etc/modules.conf; an example follows here:

alias eth0 ne
options ne io=0x300

If the card was not detected during the installation, driver and - if the card has not a plug-and-play capability - the i/o-parameters must be assigned manually by editing the file /etc/modules.conf.
If other lines are already exist in this file they must not be deletet.
A more detailed description is given in the Linux Ethernet-Howto.

Special procedure for notebooks (pc-card).

NIC-function is available after starting pc-card-services.
For this reason, NICs can not be detected during installation but are available after a restart of Linux.
To identify the adaptors (if there are more than 1 installed), the configuration needs the io-ports of the individual adaptors. This information is written into the log during startup and can be viewed (after logon as 'root') with the command
dmesg | tail

which shows a result containing lines similar like these:
eth0: NE2000 Compatible: io 0x300, irq 3, hw_addr 00:E0:98:33:72:48
eth1: NE2000 Compatible: io 0x340, irq 5, hw_addr 00:E0:98:78:D8:B8

The underlined values are the identifiers of the pc-cards and can be used to assign TCP/IP-addresses.

Definition of the TCP/IP-addresses:

If the TCP/IP-Addresses were not already defined at the installation the can now be defined or altered with linuxconf .
After starting linuxconf please choose Config - Networking – Client tasks – Host name and IP network devices and enter the following values:

--- Adaptor 1 ---

Enabled: (check with Spacebar)

Config mode: Manual: (check with Spacebar)

Primary name + domain: g2t-server.g2t.office.at

Aliases (opt):

IP address: 192.168.0.254

Netmask (opt.): 255.255.255.0

Net device: eth0

Kernel module:

I/O/port (opt): 0x300

Irq (opt):

--- Adaptor 2 ---

Enabled: (check with Spacebar)

Config mode: Manual: (check with Spacebar)

Primary name + domain: adsl.g2t.office.at

Aliases (opt):

IP address: 10.0.0.140

Netmask (opt.): 255.0.0.0

Net device: eth2

Kernel module:

I/O/port (opt): 0x340

Irq (opt):

Definition of the Name servers:

The TCP/IP-addresses of the Domain-Name-Servers (DNS, to resolve Internet-domain-names to IP-adresses) are configured with linuxconf, too.
Please select Config - Networking – Client tasks – Name server specification (DNS) and input the following values:

DNS is requiered for normal operations: (check with Spacebar)

default domain: g2t-erver.g2t.office.at

IP of name server 1: 195.3.96.67

IP of name server 2 (opt): 195.3.96.68

IP of name server 3 (opt):

search domain 1 (opt):

search domain 2 (opt):

search domain 3 (opt):

search domain 4 (opt):

search domain 5 (opt):

search domain 6 (opt):

The IP-adresses for the name servers are provides by the internet-service-provider; the samples above are the ones for A-Online.

Check for correct setup of the network-parameters:

If the drivers for the network-interface-card are loaded correctly is shown during startup in step
'Bringing up interface eth0';
it should show the result [OK].

or
can be checked after a restart of Linux** with the following command:

modprobe eth0
dmesg | tail

That shows the last lines of the log.
Unfortunelately the messages are specific for each driver; but if the hardware-id of the NIC (e.g. 0060 97 72 b0 93) is shown - that is a good sign..

If the parameters for the TCP/IP-addresses are korrect can be checked with the following commands.

ping 192.168.0.1 (if this is not the IP-address of the server to be set up replace it with the one defined two steps before)

shows the result:

PING 192.168.0.1 (192.168.0.1) from 192.168.0.1 : 56(84) bytes of data
64 bytes from 192.168.0.1: icmp_seq=0 ttl=255 time=2.0 ms
64 bytes from 192.168.0.1: icmp_seq=1 ttl=255 time=1.3 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=255 time=1.1 ms
64 bytes from 192.168.0.1: icmp_seq=3 ttl=255 time=0.9 ms

'Pinging' can be interupted with the key-combination CTRL-C and a statistic is displayed thereafter.
An example of the display-output follows:

--- 192.168.0.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.9/1.2/2.0 ms

If the computer is already connected to the internal network, then the connection can be tested by 'pinging' an already existing computer within the internal network which TCP/IP-address is known.

ping 192.168.0.2 (where the 'pinged' PC must be active and have TCP/IP services installed)

shows the result:

PING 192.168.0.2 (192.168.0.2) from 192.168.0.1 : 56(84) bytes of data
64 bytes from 192.168.0.2: icmp_seq=0 ttl=255 time=3.2 ms
64 bytes from 192.168.0.2: icmp_seq=1 ttl=255 time=1.4 ms
64 bytes from 192.168.0.2: icmp_seq=2 ttl=255 time=1.3 ms
64 bytes from 192.168.0.2: icmp_seq=3 ttl=255 time=1.3 ms
64 bytes from 192.168.0.2: icmp_seq=4 ttl=255 time=1.3 ms

'Pinging' can be interupted with the key-combination CTRL-C and a statistic is displayed thereafter.
An example of the display-output follows:

--- 192.168.0.2 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 1.3/1.7/3.2 ms

Further Tasks:

Further steps of installation of a Router with RedHat**-Linux** 7.1 are lined out in the following documents:

• Linux-workstation - file-structure and users.
  This is not absolutely neccessary as the programs to set up a dial-up-connection or a tunneling-protocol are small enough to be transferred with a diskette.
  But together with Mounting of directories on a remote computer this allows a later logon to the router to transfer downloaded programs to this machine.
  This step has to be done later if you installed the fax-server hylafax and users on workstations should be able to send faxes out from this machine.

• Service-applications for the router