Installation of the router with the operating-system RedHat**-Linux** 9

==> RedHat**-Linux** 9 requieres at least a Pentium I processor and a monitor with a resolution of at least 800 x 600 pixels to run the administration-tools under the GUI.

As I wanted to reuse an (silent and low power-consuming) notebook with a 486 processor as a router for an ADSL-internet-connection, I made also a description how to install a router with RedHat**-Linux** 7.1; for the installation-instruction please follow this link.

The router handles the connection of the internal network to an Internet-Service-Provider (ISP).
To achieve the connection a dial-up-telephone-connection (Plain Old Telephone System / POTS), a ADSL- or DSL-connection (Asymetric Digital Subscriber Line / Digital Subscriber Line) or a special model for a cable-tv-provider can be used.

Additionally this machine can be used as a telefacs-server for the workstations on the internal network (intranet).

As the workload is not pretty high on this machine, an PC with a Pentium I with 133 Mhz, 64 Mbyte of RAM and 2,5 Mbyte disk-capacity is sufficient.

All following instructions are for installing RedHat**-Linux** version 9.

Select Text Mode for the installation:

Shortly after the boot-process from diskette or CD beginns, a selection for text-based or graphical-installation can be done.
As the router needs neither a mouse nor an expensive video-graphic-adapter, the following installation-instructions are for text-mode.

Language Selection, Keyboard Configuration and Mouse Configuration:

Please select the appropriate values according to your configuration.

Installation Type:

This computer is the 'security guard' which has to prevent attacks of all kind from the public internet to reach the private intranet.
To avoid the installation of packets causing security holes and to waste capacity with not used functions, Linux** will be installed as Custom System..

Disk Partitioning:

Select Manually partition with Disk Druid

Boot Loader Configuration:

Do not change the default values.

Network Configuration:

This option is not shown if the NIC (network interface card) is not detected during the installation-process.
In that case the instruction for 'Configure the Network Interface Card' apply after finishing the stardard-installation.

Use bootp/dhcp: No (do not check)
Activate on boot: Yes (check)

IP Adress: 192.168.0.254
Netmask: 255.255.255.0

Default gateway (IP): (leave blank)

Primary nameserver, Secondary nameserver and Tertiary nameserver:
The TCP/IP-Addresses of the Domain-Name-Servers (DNS) are provided by the used Internet-Service-Provider (ISP) .
Here is a list of some Austrian ISP:
A-ON: 195.3.96.67, 195.3.96.68
UTA: 195.70.224.61, 195.70.224.62

If there is already a second NIC istalled (for DSL, ADSL or cable-modem connection), the previous screen appears again. As it depends which kind of connection is used to connect to an ISP, the instructions will follow later.
So far leave the values unchanged.

Hostname Configuration:

Hostname: router

Firewall Configuration:

No firewall (check)

Do not change all other values.

N.B.: The protection of the internal network is done with a script. The description follows under Linux - Firewall and Masquerading .

Additional Language Support:

English(USA) (check)

N.B.: If necessary more than one language can be chosen.

Time Zone Selection:

Hardware clock set to GMT: Yes (check)

Europe/Vienna (check) - or wherever the server is located ;-)

Set Root Password:

Choose a Root Password (for Administrator-functions).

N.B.: Passwords are case sensitive; so check if 'caps-lock' is enabled when you enter the Root Password.
My recomendation is, to use only lower case character for passwords.

Authentication Configuration:

Do not change the values.

Selecting Package Groups:

The following list comprises only those packages which have to be installed.

• Printing Support

• Text-based Internet

Select individual packages: Yes (check)

Depending on utilities to be installed several packages must be selected individually.
After checking 'Select individual packages' and clicking on the 'Next' button, groups of packages will be displayed.
According to the intended services and application-programs the following packages must be selected (checked):

Linux - Firewall and Masquerading	System Environment/Base - iptables-ipv6
SAMBA-Server Prerequisite if a network-printer is connected and this printer should be shared with Workstations running Windows**	Applications/System - samba-swat

It might happen, that further packages habe to be installed to fulfill dependencies. Please confirm the suggestions of the installer.

Boot Diskette Creation:

To create a boot disk is not absolutely necessary as there are now tools available to recover from a disk that is no longer bootable.
And my experience told me, that the Boot Disk is lost when you need it ;-).
So I leave it up to you to create a Boot Disk or not.

My decision was:
No, I do not want to create a boot diskette: check.

The instructions for the standard-installation end here.
Installation-steps which have to be done manually are described in the following steps.

Define the TCP/IP-address and the symbolic Name of the Router:

Under certain circumstances the TCP-/IP-address defined during standard-installation is not put to the configuration-file /etc/hosts.
If you do not find a line starting with the chosen TCP/IP-address (192.168.0.254 in this example), please insert the missing line.
Here is an example how the configuration-file /etc/hosts should look like :
# Do not remove the following line, or various programs
# that requiere network functionality will fail
127.0.0.1       localhost.localdomain  localhost
192.168.0.254   router.g2t.office.at   router

The above example aasumes, that the TCP/IP--Hostname as described under NetBIOS- and TCP/IP-Setup of a workstation was router.g2t.office.at .

Configure the Network-Interface-Card:

The configuration of the NICs is highly dependant on the manufacturer and the type of the NIC.
If there are 2 NICs installed (1 for the internal network, 1 for the connection to an ISP over ADSL, DSL or cable-modem), then it is strongly recommended to use different types of NIC. This simplifies the identification which NIC should be connected to which cable.

Newer network-interface-cards (NIC) are detected during the standard-installation. If this is so, you will already find the configuration (symbolic i/o and driver) in the file /etc/modules.conf; an example is shown here:

alias eth0 3c59x
alias eth1 ne

If the card was not detected during the installation, driver and - if the card has not a plug-and-play capability - the i/o-parameters must be assigned manually by editing the file /etc/modules.conf.
If other lines are already exist in this file they must not be deleted.

A detailed description for a lot of NICs can be found in the Linux Ethernet-HOWTO.

Special procedure for notebooks (pc-card).

NIC-function is available after starting pc-card-services.
For this reason, NICs can not be detected during installation but are available after a restart of Linux.

Setting the TCP/IP-Adresses:

If the network-interface-cards (NIC) were detected during the standard-installation there was also a request to enter the network-parameter.
The parameters can be verified in the file /etc/sysconfig/network-scripts/ifcfg-eth0 or /etc/sysconfig/network-scripts/ifcfg-eth1 respectively.

As the connection to the ISP is dependant on the parameters provided by the ISP, the following instruction comprise only the connection to the internal network.
The following instructions assume that the connection to the internal network is done via eth0 with the TCP/IP-address 192.168.0.254.

The file /etc/sysconfig/network-scripts/ifcfg-eth0 should look like this:

DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.0.255
IPADDR=192.168.0.254
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes

If the configuration is as planned can be verified after a restart with the command:

ifconfig eth0

Checking for a correct installation of the network:

If the drivers where installed correctly is shown during startup in the step
'Bringing up interface eth0' ([OK])

or
can be checked after a restart with the following command:.

modprobe eth0
dmesg | tail

There are shown the last lines of the log.
Unfortunately each driver logs its special message; but if the Hardware-ID of the Network-Interface-Card is shown (e.g. 0060 97 72 b0 93) it is a good sign.

Then correct setup of the own TCP/IP-Address can be checked with the following command.

ping 192.168.0.254 (where the TCP/IP-Address of the just installed machine must be used - if you did not take the one from the examples)

shows the result:

PING 192.168.0.254 (192.168.0.254) from 192.168.0.254 : 56(84) bytes of data
64 bytes from 192.168.0.254: icmp_seq=0 ttl=255 time=2.0 ms
64 bytes from 192.168.0.254: icmp_seq=1 ttl=255 time=1.3 ms
64 bytes from 192.168.0.254: icmp_seq=2 ttl=255 time=1.1 ms
64 bytes from 192.168.0.254: icmp_seq=3 ttl=255 time=0.9 ms

The 'Pinging' can be interrupted with the key-combination CTRL-C and thereafter a statistic is shown (example):

--- 192.168.0.254 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.9/1.2/2.0 ms

If the computer is already connected to a local area network (LAN), then the correct connection can be tested by 'Pinging' a known TCP/IP-Address of another computer connected to the LAN.

ping 192.168.0.1 (where the Operatins-System of the pinged computer must be running - of course)

shows the result:

PING 192.168.0.1 (192.168.0.1) from 192.168.0.254 : 56(84) bytes of data
64 bytes from 192.168.0.1: icmp_seq=0 ttl=255 time=3.2 ms
64 bytes from 192.168.0.1: icmp_seq=1 ttl=255 time=1.4 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=255 time=1.3 ms
64 bytes from 192.168.0.1: icmp_seq=3 ttl=255 time=1.3 ms
64 bytes from 192.168.0.1: icmp_seq=4 ttl=255 time=1.3 ms

The 'Pinging' can be interrupted with the key-combination CTRL-C and thereafter a statistic is shown (example):

--- 192.168.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 1.3/1.7/3.2 ms

If there is a second NIC installed (for connection to a ADSL-, DSL- or cable-modem) the connection will be tested during the setup of the respective protocol. This setup is described under 'Service-applications for the router'.

Further steps of installation:

Further steps of installation of a Router with RedHat**-Linux** 9 are lined out in the following documents:

• Linux-workstation - file-structure and users.
  This is not absolutely neccessary as the programs to set up a dial-up-connection or a tunneling-protocol are small enough to be transferred with a diskette.
  But together with Mounting of directories on a remote computer this allows a later logon to the router to transfer downloaded programs to this machine.
  This step has to be done later if you installed the fax-server hylafax and users on workstations should be able to send faxes out from this machine.

• Service-applications for the router