| Line 11: |
| | To make the SheevaPlug more secure, change the root users password and disable ssh access for the root user:
| | To make the SheevaPlug more secure, change the root users password and disable ssh access for the root user:
|
| |
| |
|
| - | {{{# passwd
| + | {{{__# passwd
|
| Line 14: |
| | # nano /etc/ssh/sshd_config
| | # nano /etc/ssh/sshd_config
|
| - | # service sshd restart}}}
| + | # service sshd restart__}}}
|
| Line 17: |
| | make sure /etc/ssh/sshd_config includes the following line - in the default SheevaPlug install line 26 has PermitRootLogin yes which we must change!
| | make sure /etc/ssh/sshd_config includes the following line - in the default SheevaPlug install line 26 has PermitRootLogin yes which we must change!
|
| |
| |
|
| - | {{{PermitRootLogin no}}}
| + | {{{__PermitRootLogin no__}}}
|
| Line 21: |
| | and make a new user that you will use to log in (I'll use myuser as an example), add them to the sudo group, and make sure the sudo group has sudo permisions:
| | and make a new user that you will use to log in (I'll use myuser as an example), add them to the sudo group, and make sure the sudo group has sudo permisions:
|
| |
| |
|
| - | {{{# adduser myuser
| + | {{{__# adduser myuser
|
| Line 24: |
| | # adduser myuser sudo
| | # adduser myuser sudo
|
| - | # visudo}}}
| + | # visudo__}}}
|
| Line 27: |
| | the last line of /etc/sudoers must be uncommented and be something like this:
| | the last line of /etc/sudoers must be uncommented and be something like this:
|
| |
| |
|
| - | {{{%sudo ALL=(ALL) ALL}}}
| + | {{{__%sudo ALL=(ALL) ALL__}}}
|
| Line 42: |
| | eth1 is the USB Ethernet adapter that I'm using for the Internet WAN side network, so this is what I add to /etc/network/interfaces on the SheevaPlug to configure eth1:
| | eth1 is the USB Ethernet adapter that I'm using for the Internet WAN side network, so this is what I add to /etc/network/interfaces on the SheevaPlug to configure eth1:
|
| |
| |
|
| - | {{{auto eth1
| + | {{{__auto eth1
|
| Line 51: |
| | gateway 82.xxx.yyy.30
| | gateway 82.xxx.yyy.30
|
| | iface eth1 inet6 static
| | iface eth1 inet6 static
|
| - | address 2a01:mmmm:nnnn:1: :28
| + | address 2a01:mmmm:nnnn:1::28
|
| Line 54: |
| | netmask 64
| | netmask 64
|
| - | gateway 2a01:mmmm:nnnn:1: :30}}}
| + | gateway 2a01:mmmm:nnnn:1::30__}}}
|
| Line 57: |
| | eth0 is the built-in Ethernet port on the SheevaPlug, which I am using for my home LAN, so this is what I add to /etc/network/interfaces to configure eth0:
| | eth0 is the built-in Ethernet port on the SheevaPlug, which I am using for my home LAN, so this is what I add to /etc/network/interfaces to configure eth0:
|
| |
| |
|
| - | {{{auto eth0
| + | {{{__auto eth0
|
| Line 66: |
| | gateway 10.xxx.yyy.1
| | gateway 10.xxx.yyy.1
|
| | iface eth0 inet6 static
| | iface eth0 inet6 static
|
| - | address 2a01:mmmm:nnnn:64: :20
| + | address 2a01:mmmm:nnnn:64::20
|
| - | netmask 64}}}
| + | netmask 64__}}}
|
| Line 71: |
| | and if I restart the networking and connect the Ethernet adapters I can ping and ping6 hosts on both networks.
| | and if I restart the networking and connect the Ethernet adapters I can ping and ping6 hosts on both networks.
|
| |
| |
|
| - | {{{$ sudo service networking restart}}}
| + | {{{__$ sudo service networking restart__}}}
|
| Line 75: |
| | Check the output of ifconfig and the IP address and route tables to see that everything looks correct.
| | Check the output of ifconfig and the IP address and route tables to see that everything looks correct.
|
| |
| |
|
| - | {{{$ ifconfig
| + | {{{__$ ifconfig
|
| Line 79: |
| | $ ip -4 route show
| | $ ip -4 route show
|
| | $ ip -6 address show
| | $ ip -6 address show
|
| - | $ ip -6 route show}}}
| + | $ ip -6 route show__}}}
|
| Line 82: |
| |
| |
|
| - | You make need to kill the dhcp clientn, since it doesn't seem to go away when you convert an interface from being 'dhcp' to being 'static', and clear up the routing table.
| + | You make need to kill the dhcp client, since it doesn't seem to go away when you convert an interface from being 'dhcp' to being 'static', and clear up the routing table.
|
| Line 84: |
| |
| |
|
| - | {{{$$ ps -ef | grep dhclient
| + | {{{__$$ ps -ef | grep dhclient
|
| Line 87: |
| | $ sudo kill 1630
| | $ sudo kill 1630
|
| | $ sudo ip -4 route del default dev eth0
| | $ sudo ip -4 route del default dev eth0
|
| - | $ sudo ip -6 route del default dev eth0}}}
| + | $ sudo ip -6 route del default dev eth0__}}}
|
| Line 95: |
| | To make a Linux Kernel route IPv4 you run this as root:
| | To make a Linux Kernel route IPv4 you run this as root:
|
| |
| |
|
| - | {{{/sbin/sysctl -w net.ipv4.ip_forward="1"}}}
| + | {{{__/sbin/sysctl -w net.ipv4.ip_forward="1"__}}}
|
| Line 99: |
| | To make a Linux kernel route IPv6 you run this as root:
| | To make a Linux kernel route IPv6 you run this as root:
|
| |
| |
|
| - | {{{/sbin/sysctl -w net.ipv6.conf.all.forwarding="1"}}}
| + | {{{__/sbin/sysctl -w net.ipv6.conf.all.forwarding="1"__}}}
|
| Line 105: |
| | Because this is just my home network I only want to implement the firewall when the Internet WAN facing Ethernet port is up. The easiest way to achieve that is to run the scripts I just described in the 'pre-up' phase of enabling eth1 (the USB Ethernet adapter):
| | Because this is just my home network I only want to implement the firewall when the Internet WAN facing Ethernet port is up. The easiest way to achieve that is to run the scripts I just described in the 'pre-up' phase of enabling eth1 (the USB Ethernet adapter):
|
| |
| |
|
| - | {{{auto eth1
| + | {{{__auto eth1
|
| Line 116: |
| | iface eth1 inet6 static
| | iface eth1 inet6 static
|
| | pre-up /usr/local/firewall/IPv6
| | pre-up /usr/local/firewall/IPv6
|
| - | address 2a01:mmmm:nnnn:1: :28
| + | address 2a01:mmmm:nnnn:1::28
|
| Line 119: |
| | netmask 64
| | netmask 64
|
| - | gateway 2a01:mmmm:nnnn:1: :30}}}
| + | gateway 2a01:mmmm:nnnn:1::30__}}}
|
| Line 122: |
| | Now if we bounce eth1 it will get reconfigured with routing enabled and all the firewall rules applied:
| | Now if we bounce eth1 it will get reconfigured with routing enabled and all the firewall rules applied:
|
| |
| |
|
| - | {{{$ sudo ifdown eth1 && sudo ifup eth1}}}
| + | {{{__$ sudo ifdown eth1 && sudo ifup eth1__}}}
|
| Line 131: |
| | When its configured you can start the dhcp service, with the default Ubuntu install it will be restarted at boot time.
| | When its configured you can start the dhcp service, with the default Ubuntu install it will be restarted at boot time.
|
| |
| |
|
| - | {{{$ sudo service dhcpd start}}}
| + | {{{__$ sudo service dhcpd start__}}}
|
| Line 135: |
| | In my home network I use a RADVD server to hand out IPv6 addresses to the various clients. So apt-get install radvd and configure /etc/radvd.conf. Since /etc/radvd.conf is not created by default it's probably easiest to copy the simple example and edit that.
| | In my home network I use a RADVD server to hand out IPv6 addresses to the various clients. So apt-get install radvd and configure /etc/radvd.conf. Since /etc/radvd.conf is not created by default it's probably easiest to copy the simple example and edit that.
|
| |
| |
|
| - | {{{$ sudo cp -a /usr/share/doc/radvd/examples/simple-radvd.conf /etc/radvd.conf
| + | {{{__$ sudo cp -a /usr/share/doc/radvd/examples/simple-radvd.conf /etc/radvd.conf
|
| - | $ sudo nano /etc/radvd.conf}}}
| + | $ sudo nano /etc/radvd.conf__}}}
|
| Line 140: |
| | As an example, this is my simple radvd.conf
| | As an example, this is my simple radvd.conf
|
| |
| |
|
| - | {{{interface eth0
| + | {{{__interface eth0
|
| Line 143: |
| | {
| | {
|
| | AdvSendAdvert on;
| | AdvSendAdvert on;
|
| - | prefix 2a01:mmmm:nnnn:64: :/64
| + | prefix 2a01:mmmm:nnnn:64::/64
|
| Line 149: |
| | AdvRouterAddr off;
| | AdvRouterAddr off;
|
| | };
| | };
|
| - | };}}}
| + | };__}}}
|
| Line 153: |
| | When its configured you can start the radv service, with the default Ubuntu install it will be restarted at boot time.
| | When its configured you can start the radv service, with the default Ubuntu install it will be restarted at boot time.
|
| |
| |
|
| - | {{{$ sudo service radvd start}}}
| + | {{{__$ sudo service radvd start__}}}
|
| Line 157: |
| | In my home network I use a local DNS server to hand out DNS information to the local clients. I also host many domains for friends and family as a 'hidden master', which I secondary onto the Internet via a DNS hosting provider. This tutorial is not going to describe how to create a hidden master DNS server - but it's quite easy to install and setup a caching DNS server which you can hand out to your local clients with your dhcpd server.
| | In my home network I use a local DNS server to hand out DNS information to the local clients. I also host many domains for friends and family as a 'hidden master', which I secondary onto the Internet via a DNS hosting provider. This tutorial is not going to describe how to create a hidden master DNS server - but it's quite easy to install and setup a caching DNS server which you can hand out to your local clients with your dhcpd server.
|
| |
| |
|
| - | {{{sudo apt-get install bind9 dnsutils}}}
| + | {{{__sudo apt-get install bind9 dnsutils__}}}
|
| Line 161: |
| | Yep - that's it. You now have a caching DNS server available - and I only installed dnsutils to get the command 'dig' so we can prove that the local DNS server is working:
| | Yep - that's it. You now have a caching DNS server available - and I only installed dnsutils to get the command 'dig' so we can prove that the local DNS server is working:
|
| |
| |
|
| - | {{{$ dig @localhost www.google.com
| + | {{{__$ dig @localhost www.google.com
|
| Line 192: |
| | ;; SERVER: 127.0.0.1#53(127.0.0.1)
| | ;; SERVER: 127.0.0.1#53(127.0.0.1)
|
| | ;; WHEN: Sun Apr 4 11:07:45 2010
| | ;; WHEN: Sun Apr 4 11:07:45 2010
|
| - | ;; MSG SIZE rcvd: 244}}}
| + | ;; MSG SIZE rcvd: 244__}}}
|
| |
| |
|