Personal tools
You are here: Home Linux Installing my new server Networking

Networking

Disable 169.254.0.0/16

RFC 3330 describes
169.254.0.0/16 - This is the "link local" block.  It is allocated for
communication between hosts on a single link.  Hosts obtain these
addresses by auto-configuration, such as when a DHCP server may not
be found.

I don't want that so I explicitly disable it everywhere:

All files called /etc/sysconfig/network-scripts/ifcfg-* get this extra line:

NOZEROCONF=disable-zero-conf

VLAN

My new server only has 1 physical network interface. So I configure 3 VLANs on my Switch:

  • 1
    The internal desktop systems (and printer, and media system, and ...)
  • 42
    This is intended for the systems that provide services to the outside world.
  • 666
    The outside (evil) connection that only has my ADSL modem and my firewall in it.

 

Setting up a VLAN interface is easy in CentOS, when you finally figure out how to do it.

You simply create a file like this for each VLAN interface.

/etc/sysconfig/network-scripts/ifcfg-eth0.42

# VLAN 42: Externally visible servers
DEVICE=eth0.42
BOOTPROTO=static
ONBOOT=yes
VLAN=yes
NETMASK=255.255.255.0
IPADDR=172.21.10.1
PEERDNS=NO
NOZEROCONF=disable-zero-conf
IPV6INIT=no

Bluetooth

I wanted to setup a 'dailup' network for my PDA so I can quickly check the traffic website without having to startup my desktop system.

This is just the summary of all the configuration files I created/changed.

/etc/dhcpd.conf

When the interface comes up it needs and IP address. This is what the fragment relevant for this looks like in my situation.

#
# DHCP Server Configuration file.
#
ddns-update-style none;
option domain-name "basjes.nl";
option domain-name-servers 10.0.254.1;

default-lease-time 600;
max-lease-time 7200;
log-facility local7;

subnet 10.0.254.0 netmask 255.255.255.0 {
  range 10.0.254.2 10.0.254.10;
  option domain-name-servers 10.0.254.1;
  option domain-name "blue.basjes.nl";
  option routers 10.0.254.1;
  option broadcast-address 10.0.254.255;
  default-lease-time 600;
  max-lease-time 7200;
}

/etc/sysconfig/hidd

HIDDARGS="--server"

/etc/sysconfig/pand

PANDARGS='--listen --master --encrypt --auth --role NAP --devup /etc/bluetooth/pan/dev-up'

/etc/sysconfig/network-scripts/ifcfg-bnep0

DEVICE=bnep0
BOOTPROTO=10.0.254.1
DHCPCLASS=
ONBOOT=no
ROLE=NAP

/etc/bluetooth/pan/dev-up

Make sure:  chmod 755 /etc/bluetooth/pan/dev-up

Note that this script needs work to set the correct security measures. This is a working test setup that simply gives the bluetooth access to my local LAN.

#!/bin/sh
echo 1 > /proc/sys/net/ipv4/ip_forward
ifup bnep0
ip addr add 10.0.254.1/24 dev bnep0
ip link set bnep0 up
iptables -t nat -A POSTROUTING -s 10.0.254.0/24 -j MASQUERADE
iptables -A FORWARD -i bnep0 -o eth0.1 -j ACCEPT
iptables -A FORWARD -o bnep0 -i eth0.1 -j ACCEPT
service dhcpd restart

/etc/bluetooth/hcid.conf

# HCI daemon configuration file.
#

# HCId options
options {
        # Automatically initialize new devices
        autoinit yes;

        # Security Manager mode
        #   none - Security manager disabled
        #   auto - Use local PIN for incoming connections
        #   user - Always ask user for a PIN
        #
        security auto;

        # Pairing mode
        #   none  - Pairing disabled
        #   multi - Allow pairing with already paired devices
        #   once  - Pair once and deny successive attempts
        pairing multi;

        # Default PIN code for incoming connections
        passkey "1234"; # Not my real passkey :)
}

# Default settings for HCI devices
device {
        # Local device name
        #   %d - device id
        #   %h - host name
        # name "%h-%d";
        name "My Network";

        # Local device class
        #class 0x120104;
        #class 0x3e0100;
        class 0x920300; # Bit 8: Information (WEB-server, WAP-server, ...)
                        # Bit 5: Object Transfer (v-Inbox, v-Folder, ...)
                        # Bit 2: Networking (LAN, Ad hoc, ...)
                        # 0x03: LAN /Network Access point

        # Default packet type
        #pkt_type DH1,DM1,HV1;

        discovto 0;

        # Inquiry and Page scan
        iscan enable; pscan enable;

        # Default link mode
        #   none   - no specific policy
        #   accept - always accept incoming connections
        #   master - become master on incoming connections,
        #            deny role switch on outgoing connections
        lm master;

        # Default link policy
        #   none    - no specific policy
        #   rswitch - allow role switch
        #   hold    - allow hold mode
        #   sniff   - allow sniff mode
        #   park    - allow park mode
        lp rswitch,hold,sniff,park;

        # Authentication and Encryption (Security Mode 3)
        auth enable;
        encrypt enable;
}

Starting up

Final commands to enable it all:

chkconfig bluetooth on
chkconfig hidd on
chkconfig pand on
service bluetooth restart
service hidd restart
service pand restart

Now I can use my PDA and connect to the internet :)

Document Actions
« June 2017 »
June
MoTuWeThFrSaSu
1234
567891011
12131415161718
19202122232425
2627282930