Networking
Disable 169.254.0.0/16
RFC 3330 describes169.254.0.0/16 - This is the "link local" block. It is allocated for communication between hosts on a single link. Hosts obtain these addresses by auto-configuration, such as when a DHCP server may not be found.
I don't want that so I explicitly disable it everywhere:
All files called /etc/sysconfig/network-scripts/ifcfg-* get this extra line:
NOZEROCONF=disable-zero-conf
VLAN
My new server only has 1 physical network interface. So I configure 3 VLANs on my Switch:
- 1
The internal desktop systems (and printer, and media system, and ...)
- 42
This is intended for the systems that provide services to the outside world.
- 666
The outside (evil) connection that only has my ADSL modem and my firewall in it.
Setting up a VLAN interface is easy in CentOS, when you finally figure out how to do it.
You simply create a file like this for each VLAN interface.
/etc/sysconfig/network-scripts/ifcfg-eth0.42
# VLAN 42: Externally visible servers DEVICE=eth0.42 BOOTPROTO=static ONBOOT=yes VLAN=yes NETMASK=255.255.255.0 IPADDR=172.21.10.1 PEERDNS=NO NOZEROCONF=disable-zero-conf IPV6INIT=no
Bluetooth
I wanted to setup a 'dailup' network for my PDA so I can quickly check the traffic website without having to startup my desktop system.
This is just the summary of all the configuration files I created/changed.
/etc/dhcpd.conf
When the interface comes up it needs and IP address. This is what the fragment relevant for this looks like in my situation.
# # DHCP Server Configuration file. # ddns-update-style none; option domain-name "basjes.nl"; option domain-name-servers 10.0.254.1; default-lease-time 600; max-lease-time 7200; log-facility local7; subnet 10.0.254.0 netmask 255.255.255.0 { range 10.0.254.2 10.0.254.10; option domain-name-servers 10.0.254.1; option domain-name "blue.basjes.nl"; option routers 10.0.254.1; option broadcast-address 10.0.254.255; default-lease-time 600; max-lease-time 7200; }
/etc/sysconfig/hidd
HIDDARGS="--server"
/etc/sysconfig/pand
PANDARGS='--listen --master --encrypt --auth --role NAP --devup /etc/bluetooth/pan/dev-up'
/etc/sysconfig/network-scripts/ifcfg-bnep0
DEVICE=bnep0 BOOTPROTO=10.0.254.1 DHCPCLASS= ONBOOT=no ROLE=NAP
/etc/bluetooth/pan/dev-up
Make sure: chmod 755 /etc/bluetooth/pan/dev-up
Note that this script needs work to set the correct security measures. This is a working test setup that simply gives the bluetooth access to my local LAN.
#!/bin/sh echo 1 > /proc/sys/net/ipv4/ip_forward ifup bnep0 ip addr add 10.0.254.1/24 dev bnep0 ip link set bnep0 up iptables -t nat -A POSTROUTING -s 10.0.254.0/24 -j MASQUERADE iptables -A FORWARD -i bnep0 -o eth0.1 -j ACCEPT iptables -A FORWARD -o bnep0 -i eth0.1 -j ACCEPT service dhcpd restart
/etc/bluetooth/hcid.conf
# HCI daemon configuration file. # # HCId options options { # Automatically initialize new devices autoinit yes; # Security Manager mode # none - Security manager disabled # auto - Use local PIN for incoming connections # user - Always ask user for a PIN # security auto; # Pairing mode # none - Pairing disabled # multi - Allow pairing with already paired devices # once - Pair once and deny successive attempts pairing multi; # Default PIN code for incoming connections passkey "1234"; # Not my real passkey :) } # Default settings for HCI devices device { # Local device name # %d - device id # %h - host name # name "%h-%d"; name "My Network"; # Local device class #class 0x120104; #class 0x3e0100; class 0x920300; # Bit 8: Information (WEB-server, WAP-server, ...) # Bit 5: Object Transfer (v-Inbox, v-Folder, ...) # Bit 2: Networking (LAN, Ad hoc, ...) # 0x03: LAN /Network Access point # Default packet type #pkt_type DH1,DM1,HV1; discovto 0; # Inquiry and Page scan iscan enable; pscan enable; # Default link mode # none - no specific policy # accept - always accept incoming connections # master - become master on incoming connections, # deny role switch on outgoing connections lm master; # Default link policy # none - no specific policy # rswitch - allow role switch # hold - allow hold mode # sniff - allow sniff mode # park - allow park mode lp rswitch,hold,sniff,park; # Authentication and Encryption (Security Mode 3) auth enable; encrypt enable; }
Starting up
Final commands to enable it all:
chkconfig bluetooth on chkconfig hidd on chkconfig pand on service bluetooth restart service hidd restart service pand restart
Now I can use my PDA and connect to the internet :)