Tải bản đầy đủ
[Chapter 5] 5.2 Linux Kernel Configuration

[Chapter 5] 5.2 Linux Kernel Configuration

Tải bản đầy đủ

[Chapter 5] 5.2 Linux Kernel Configuration

Network device support (CONFIG_NETDEVICES) [Y/n/?]
Dummy net driver support (CONFIG_DUMMY) [N/y/m/?]
EQL (serial line load balancing) support (CONFIG_EQUALIZER) [N/y/m/?]
PLIP (parallel port) support (CONFIG_PLIP) [N/y/m/?]
PPP (point-to-point) support (CONFIG_PPP) [Y/m/n/?]
SLIP (serial line) support (CONFIG_SLIP) [Y/m/n/?]
CSLIP compressed headers (CONFIG_SLIP_COMPRESSED) [Y/n/?]
Keepalive and linefill (CONFIG_SLIP_SMART) [N/y/?]
Six bit SLIP encapsulation (CONFIG_SLIP_MODE_SLIP6) [N/y/?]
Radio network interfaces (CONFIG_NET_RADIO) [N/y/?]
Ethernet (10 or 100Mbit) (CONFIG_NET_ETHERNET) [Y/n/?]
3COM cards (CONFIG_NET_VENDOR_3COM) [Y/n/?]
3c501 support (CONFIG_EL1) [N/y/m/?]
3c503 support (CONFIG_EL2) [N/y/m/?]
3c509/3c579 support (CONFIG_EL3) [Y/m/n/?]
3c590 series (592/595/597) "Vortex" support (CONFIG_VORTEX) [N/y/m/?]
AMD LANCE and PCnet (AT1500 and NE2100) support (CONFIG_LANCE) [N/y/?]
Western Digital/SMC cards (CONFIG_NET_VENDOR_SMC) [N/y/?]
Other ISA cards (CONFIG_NET_ISA) [N/y/?]
EISA, VLB, PCI and on board controllers (CONFIG_NET_EISA) [N/y/?]
Pocket and portable adaptors (CONFIG_NET_POCKET) [N/y/?]
Token Ring driver support (CONFIG_TR) [N/y/?]
ARCnet support (CONFIG_ARCNET) [N/y/m/?]
ISDN support (CONFIG_ISDN) [N/y/m/?]
Each configuration option is either enabled by entering a "y" for "yes", or disabled with an "n" for "no". "m" for
"module" is an alternative method for enabling some features. Features that are available as dynamically
loadable modules list "m" as a possible response. If "m" is selected, the dynamically loadable module is loaded
the first time a call is made to the kernel that requires the module. If "y" is selected for a feature, the code that
supports that feature is compiled directly into the kernel. The default setting of each option is indicated by the
uppercase letter in the square brackets at the end of the option line. For example, [Y,n] indicates an option that
is enabled by default. Here, we list each option and its purpose:
CONFIG_FIREWALL
Adds the kernel support necessary to make this system a firewall. Enable this only if the Linux system
will be your firewall. The full firewall installation requires additional software outside the kernel. See
Chapter 12, Network Security , for a discussion of firewalls. [3]
[3] Building a firewall is beyond the scope of this book. See Building Internet Firewalls, by
Brent Chapman and Elizabeth Zwicky (O'Reilly & Associates), for a full treatment of the subject.
CONFIG_NET_ALIAS
Adds the kernel support necessary for address translation. Use this feature only if you have a private
internal network number and a different network address for external communications. If you do,
internal addresses must be translated to valid external addresses whenever connections are made to the
outside world, but it is likely that the translation will be done by your router or firewall. You should
select "yes" only in the rare circumstance that the Linux box must do the translation; otherwise, select

file:///C|/mynapster/Downloads/warez/tcpip/ch05_02.htm (2 of 5) [2001-10-15 09:17:55]

[Chapter 5] 5.2 Linux Kernel Configuration

"no". See Chapter 4, Getting Started , for a discussion of private network numbers and address
translation.
CONFIG_INET
Adds TCP/IP networking to the kernel. This is an absolute must!
CONFIG_IP_FORWARD
Determines whether or not the system forwards IP datagrams. This feature must be enabled if the Linux
system is an IP router. On Linux host systems, this feature is disabled, which is the default. Select "no"
unless this box is a router.
CONFIG_IP_MULTICAST
Adds multicast support to the kernel. Enable this to use multicast applications such as MBONE or
Internet Talk Radio. Not sure if you need multicasting? Select "yes". You never know what applications
you will add later.
CONFIG_IP_ACCT
Adds code to count the bytes in incoming and outgoing traffic on a per-port/pre-address basis. This
could be useful for monitoring system usage, particularly in a commercial environment where usage is
billed back to the originator. Additional application software would be needed to make this useful.
Select "no" unless you plan to keep close tabs on usage.
CONFIG_INET_PCTCP
Handles an incompatibility problem with older versions of FTP software's PC/TCP. Use if you have
clients who run the old PC/TCP software on PCs.
CONFIG_INET_RARP
Adds support for Reverse Address Resolution Protocol (RARP) to the kernel. Enable this if you plan to
use RARP on your network. Not sure? Use "m" to select the loadable module that can be used when
your system needs it. See Chapter 3, Network Services, for a description of RARP and Chapter 9,
Configuring Network Servers for information on configuring a RARP server.
CONFIG_NO_PATH_MTU_DISCOVERY
Removes path MTU discovery code from the kernel. (Beware of the double negative! A "y" [yes]
disables MTU discovery and an "n" [no] enables it.) Select "no". Path MTU discovery is a technique that
attempts to determine the smallest maximum transmission unit (MTU) along the entire path from a
source to a destination. That MTU is then used for subsequent transmissions to avoid datagram
fragmentation. See Chapter 1, Overview of TCP/IP, for a description of fragmentation.
CONFIG_IP_NOSR
Determines whether the system accepts source-routed datagrams. Source routing allows the source of
the datagram to specify the routers that are used to deliver the packet. Source routes are used to force
packets to travel over a specific path; for example, to test the routers in a path or to avoid a high-cost
link. However, the problem with source routes is that they are used by spoofers. Spoofers are network
intruders who pretend to be a system they are not. For example, a spoofer might pretend to be a
computer on one of your enterprise subnets. By using source routing, the spoofer could cause your
system to route packets off of your enterprise net that you thought were going to a local system.
Enabling CONFIG_IP_NOSR makes it impossible for a spoofer to use source routes against you. Select
"yes" unless you are positive that you must use source routes.
file:///C|/mynapster/Downloads/warez/tcpip/ch05_02.htm (3 of 5) [2001-10-15 09:17:55]

[Chapter 5] 5.2 Linux Kernel Configuration

CONFIG_SKB_LARGE
Sets whether or not the system will use a large transmission window size. Large windows improve
network performance at the cost of additional buffer space. Large windows can be disabled to save
memory on systems with less than 16MB of RAM. See Chapter 1 for a description of the TCP
transmission window.
CONFIG_NETDEVICES
Adds the general support required for network hardware devices. Always answer "yes", which is the
default, to this question. It is required before configuring your Ethernet card.
CONFIG_DUMMY
Enables support for a dummy interface. An IP address can be assigned to the dummy interface even if
the system has no network interface hardware. This is sometimes used by people who want to work on
TCP/IP configuration even though they don't have a network connection. If you have a network, select
"no".
CONFIG_EQUALIZER
Adds support for using multiple serial lines simultaneously. Using this feature, it is possible to have
more than one physical PPP link established between the local host and the remote server. The system
load balances between the links and attempts to treat them as a single logical network connection. This
is a technique for increasing the bandwidth simply by adding additional modems and phone lines. The
systems at both ends must support serial line load balancing and they must do so in exactly the same
way. This option is used only when both systems are Linux systems connected by multiple serial lines.
Otherwise, select "no".
CONFIG_PLIP
Adds Parallel Line IP to the kernel. PLIP is a version of SLIP that runs over the parallel printer port
using a special crossover cable. This protocol is intended for transferring data between two co-located
PCs, as the cable should be only 1 or 2 meters long. This has very limited applicability.
CONFIG_PPP
Adds the Point-to-Point Protocol (PPP) to the kernel. PPP is the TCP/IP standard protocol for
communicating over serial lines. Select "yes" if your system will use a modem connection for TCP/IP.
Chapter 6, Configuring the Interface , covers the configuration of this important protocol in detail.
CONFIG_SLIP
Adds the Serial Line IP (SLIP) to the kernel. SLIP is an older TCP/IP protocol once widely used for
communicating over serial lines. Chapter 6 covers SLIP configuration in detail.
CONFIG_SLIP_COMPRESSED
Adds support for Van Jacobsen header compression to the kernel. Packet headers add a large amount of
overhead when communicating over low-speed serial lines. Header compression greatly reduces this
overhead. The systems at both ends of the serial link must use header compression for it to work. Most
systems that run SLIP do use header compression.
CONFIG_SLIP_SMART
Adds support for keepalives to the kernel. Some servers drop a connection or timeout a route if the route
or connection appears unused. Use is determined by whether or not traffic is coming in over the link.
file:///C|/mynapster/Downloads/warez/tcpip/ch05_02.htm (4 of 5) [2001-10-15 09:17:55]

[Chapter 5] 5.2 Linux Kernel Configuration

Keepalives are periodic transmissions sent for the explicit purpose of generating traffic on a link so that
it is not dropped as an inactive line. The use of keepalives is discouraged. Most networks are busy
enough as it is!
CONFIG_SLIP_MODE_SLIP6
Adds support for running SLIP over 6-bit serial lines. Normally a modem and line are configured for 8bit, no-parity to run SLIP or PPP. This feature allows SLIP to be run in an environment that can not
support 8-bit transmissions. This is non-standard and rarely used. The systems at both ends of the link
must support this protocol for it to work.
CONFIG_NET_ETHERNET
Adds support for Ethernet hardware to the kernel. You need this for your Ethernet LAN.
The remaining questions allow you to select your network hardware. A large number of Ethernet cards are
supported by Linux. In the sample, we selected the 3COM 3C509 card. The make config command also allows
us to select ARCnet, token ring, or ISDN interfaces. Some hosts use no specific network hardware. Instead,
they run SLIP or PPP over a serial port as their sole network connection. Select the hardware appropriate for
your system.
After make config asks questions about the network configuration, it goes on to ask about several other aspects
of the system configuration. Next, it tells you to do a make dep; make clean to build the dependencies and
clean up the odds and ends. When the makes are complete, you are ready to compile the kernel. The make
zImage command builds a compressed kernel and puts it in the /usr/src/linux/i386/boot directory. [4] Simply
copy the new kernel file, zImage, to /vmlinuz and you're ready to run.
[4] Most Linux systems use a compressed kernel that is automatically decompressed during the
system boot.
Linux's list of network configuration options is as long lists for UNIX kernel configuration. Linux is yin to the
Solaris yang. Linux permits the system administrator to configure everything, while Solaris configures
everything for the administrator. BSD kernel configuration lies somewhere between these two extremes.

Previous: 5.1 Kernel
Configuration
5.1 Kernel Configuration

TCP/IP Network
Administration
Book Index

Next: 5.3 The BSD Kernel
Configuration File
5.3 The BSD Kernel
Configuration File

[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]

file:///C|/mynapster/Downloads/warez/tcpip/ch05_02.htm (5 of 5) [2001-10-15 09:17:55]

file:///C|/mynapster/Downloads/warez/tcpip/ch05_01.htm

Previous: 4.8 Summary

Chapter 5

Next: 5.2 Linux Kernel
Configuration

5. Basic Configuration
Contents:
Kernel Configuration
Linux Kernel Configuration
The BSD Kernel Configuration File
The Internet Daemon
Summary
Every UNIX computer that runs TCP/IP has a technique for incorporating the basic transport and IP
datagram services into its operating system. This chapter discusses two files that are fundamental to
the basic configuration of TCP/IP on UNIX systems: the kernel configuration file and the inetd.conf
file. Because these files are so basic to network configuration, they usually come from the
manufacturer preconfigured to run TCP/IP.
We'll examine the contents of these files and the role they play in linking TCP/IP and UNIX. With
this information, you should be able to modify these files for your own custom configurations.

5.1 Kernel Configuration
Kernel configuration is not really a network administration task - rather, it is a basic part of UNIX
system administration, whether or not the computer is connected to a network. But TCP/IP
networking, like other system functions, is integrated into the kernel.
There are two very different approaches to kernel configuration. Some systems are designed to
eliminate the need to configure the kernel yourself, while others encourage you to do your own kernel
configuration. Solaris 2.5.1 is an example of the former. The system comes with a generic kernel that
supports all basic system services. When a Solaris system boots, it detects any new hardware added to
the system. Dynamically loadable modules are used to add new features to the system. The
configuration is defined in the /etc/system file, but this file is not directly edited by the system
administrator. When a new software package is added to the system, the script that installs that
package makes any changes it requires to the /etc/system file.

file:///C|/mynapster/Downloads/warez/tcpip/ch05_01.htm (1 of 2) [2001-10-15 09:17:56]

file:///C|/mynapster/Downloads/warez/tcpip/ch05_01.htm

Linux is an example of the latter philosophy: its documentation encourages you to create your own
configuration. In this text we concentrate on Linux and on FreeBSD, systems that allow you to build
your own custom kernel. [1] Throughout this chapter, we provide examples of kernel configuration
statements using these two UNIX systems. While kernel configuration involves all aspects of system
configuration, we include only statements that directly affect TCP/IP configuration.
[1] The kernel configuration process of other BSD systems, such as SunOS 4.1.3, is
similar to the FreeBSD example.
Both of the UNIX systems used in the examples come with a kernel configuration file preconfigured
for TCP/IP. During the initial installation, you may need to select a preconfigured kernel that includes
network support, but you probably won't need to modify the kernel configuration for networking. The
kernel configuration file is normally changed only when you wish to:




Produce a smaller, more efficient kernel by removing unneeded items
Add a new device
Modify a system parameter

While there is rarely any need to modify the kernel network statements, it is useful to understand what
these statements do. Looking into the kernel configuration file shows how UNIX is tied to the
hardware and software of the network.
CAUTION: The procedures and files used for kernel configuration vary dramatically
depending on UNIX implementation. These variations make it essential that you refer to
your system documentation before trying to configure the kernel on your system. Only
your system documentation can provide you with the accurate, detailed instructions
required to successfully complete this task.

Previous: 4.8 Summary
4.8 Summary

TCP/IP Network
Administration
Book Index

Next: 5.2 Linux Kernel
Configuration
5.2 Linux Kernel
Configuration

[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]

file:///C|/mynapster/Downloads/warez/tcpip/ch05_01.htm (2 of 2) [2001-10-15 09:17:56]

[Chapter 4] 4.8 Summary

Previous: 4.7 netconfig

Chapter 4
Getting Started

Next: 5. Basic
Configuration

4.8 Summary
Planning is the first step in configuring TCP/IP. We began this chapter by deciding whether your
network will connect to the Internet and exploring how that decision impacts the rest of your
planning. We also looked at the basic information needed to configure a physical network: an IP
address, a subnet mask, and a broadcast address. We discussed how to plan routing, which is essential
for communicating between TCP/IP networks. We outlined the basic network services, starting with
domain name service, and discussed file, print, and email servers. Finally, we looked at the different
ways that this planning information is communicated from the network administrator to the system
administrators and users.
In the chapters that follow, we put these plans into action, starting with the configuration of the
network interface in Chapter 6. First, however, we will go inside the UNIX kernel to see how TCP/IP
is built into the operating system.

Previous: 4.7 netconfig
4.7 netconfig

TCP/IP Network
Administration
Book Index

Next: 5. Basic
Configuration
5. Basic Configuration

[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]

file:///C|/mynapster/Downloads/warez/tcpip/ch04_08.htm [2001-10-15 09:17:56]

[Chapter 4] 4.7 netconfig

Previous: 4.6 Informing the
Users

Chapter 4
Getting Started

Next: 4.8 Summary

4.7 netconfig
During the installation of the Slackware 96 Linux operating system you are asked if you want to
configure the network. If you answer "yes", netconfig begins. netconfig can be run by the superuser
at any time from the shell prompt.
netconfig presents a series of screens that prompt for basic configuration information. The first two
questions, hostname and domain name, are simple enough. However, the third question may cause
some confusion. It asks if the system should be configured to use only the loopback interface. You
may wonder why anyone would limit TCP/IP to the loopback interface. The reason is simple: the
person wants to run TCP/IP but has no physical network. Students who are studying TCP/IP, perhaps
on a home computer, sometimes use this so that they can work with TCP/IP without a physical
network. Clearly, the users attached to your network should answer "no" to this question.
The remaining questions are straightforward. netconfig asks for the system's IP address, the IP
address of the default gateway, and the subnet mask. It then asks if you will use a name server. If you
answer "yes", it asks for the IP address of the name server.
That's it. It is easy to answer these questions using the planning sheet we developed above. But if you
know what configuration questions your users will be asked and what order they will have to answer
them, you can improve the planning sheet. Reorder the planning information to match the order of the
questions and add answers for the yes/no questions so that the users do not get confused. Here is the
peanut planning sheet redesigned for netconfig:
Enter hostname:
peanut
Enter domain name:
nuts.com
Do you plan to ONLY use loopback:
No
Enter IP address:

file:///C|/mynapster/Downloads/warez/tcpip/ch04_07.htm (1 of 2) [2001-10-15 09:17:57]