Differences between revisions 6 and 26 (spanning 20 versions)
Revision 6 as of 2015-04-08 12:55:03
Size: 29046
Editor: ?AlexanderAlemayhu
Comment:
Revision 26 as of 2020-10-04 22:46:25
Size: 29752
Editor: ?WolfgangSchweer
Comment: remove obsolete fixme
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
[[Image:https://wiki.debian.org//htdocs/debwiki/img/alert.png|/!\]] Graphics in the document must be inserted and updated /!\ This setup MUST be reviewed, this is historic information.

/!\ Do NOT use this. Coyote Linux has not been updated since at least 2015. Modern Linux kernels simply are too big to fit on a floppy disk.

/!\ Graphics in the document must be inserted and updated
Line 7: Line 11:
Debian Edu's architecture suits for both centralized operations, with the placement of services centrally and can be operated locally at each school. A firewall makes it easier to start with Debian Edu's if you want to try out a small installation. Debian Edu's architecture suits centralized operations with the placement of services centrally, and can be operated locally at each school. A firewall makes it easier to start with Debian Edu's if you want to try out a small installation.
Line 11: Line 15:
User Case: To get started with Debian Edu's we need to make a simple firewall. The purpose is to divide Debian Edu's network from the second network that is set up. Use Case: To get started with Debian Edu's we need to make a simple firewall. The purpose is to separate Debian Edu's network from the second network that is set up.
Line 16: Line 20:
 * Local interface:

{{{
     IP Address: 10.0.2.1
Netmask: 255.255.254.0
Broadcast: 10.0.3.255
Network: 10.0.2.0
}}}
 * Local network interface: {{{
     IP Address:   10.0.2.1
     Netmask:     255.255.254.0
     Broadcast:    10.0.3.255
     Network:      10.0.2.0
}}}
Line 26: Line 29:
Press "n"

his refers to some extra stuff you need if you want to access from the provider Big Pond, but are not sure. Is there anyone who knows?
Press "n"

This refers to some extra stuff you need if you want to have access from the provider Big Pond, but we are not sure. Is there anyone who knows that for sure?
Line 32: Line 35:
Press "n"

 * Use 10.0.2.2 as syslog server. This is the IP address of the main server

Warning: Since Skolelinux/Debian-Edu already has a DHCP server running, you must disable the DHCP server on your firewall/router. The same applies to all other machines that may be connected to a Skolelinux/Debian-Edu network. Having two DHCP servers on the same network is usually only trouble

Eksisterer en ny ut
gave av Coyote Linux når dette leses, kan den erstatte versjon 2.24 med kommandoene over med versjonsnummeret som ble lastet ned.

 1. After Coyote Linux is downloaded, the files must be unpacked. One must be the root user to unpack.
Press "n"

 * Use 10.0.2.2 as a syslog server. This is the IP address of the main server

Warning: Since Skolelinux/Debian-Edu already has a DHCP server running, you must disable the DHCP server on your firewall/router. The same applies to all other machines that may be connected to a Skolelinux/Debian-Edu network. Having two DHCP servers on the same network usually just leads to trouble

If a new version of Coyote Linux exists when you read this, it mi
ght replace the version 2.24 in the commands above with the version downloaded.

 1. After that the Coyote Linux was downloaded, the files must be unpacked. One must be the root user to unpack.
Line 48: Line 51:
 1. When creating Coyote Linux on a Linux machine, one need to answer several questions. Here is a summary of the answers that can be supplied:  1. When creating Coyote Linux on a Linux machine, one needs to answer several questions. Here is a summary of the answers that can be supplied:
Line 52: Line 55:
 
Line 59: Line 62:
 
Line 62: Line 65:
The choice recommended is «1.68MB» The recommended choice is «1.68MB»
Line 66: Line 69:
 
Line 77: Line 80:
 
Line 82: Line 85:
 
Line 89: Line 92:
These network settings for local network must be changed. See[[#ExtraConfiguration--fwconf|A]]

 * Is this version of Coyote Linux used from [http://www.skolelinux.no/~kl%20%20%20%20%20aus/coyote-2.24-slx.tar.gz http://www.skolelinux.no/~klaus/coyote-2.24-slx.tar.gz] you will see a screen with the correct network values:
These network settings for local network must be changed. See [[#!ExtraConfiguration--fwconf|A]]

 * Is this version of Coyote Linux used from http://www.skolelinux.no/~klaus/coyote-2.24-slx.tar.gz you will see a screen with the correct network values:
Line 98: Line 101:
 
Line 101: Line 104:
Answer yes(y) or no(n) in accordance with what is the network configuration.

Getting IP via DHCP, you fill in the following information:
Answer yes(y) or no(n) in accordance with what the network configuration is.

If one gets an IP via DHCP, the following information should be filled out:
Line 112: Line 115:
 
Line 115: Line 118:
 * Enter your DHCP hostname:  * Enter the DHCP hostname:
Line 121: Line 124:
We think this refers to some extra stuff that comes from the provider Big Pond, but is not sure. Is there anyone who knows send us an email. We think that this refers to some extra stuff that comes from the provider Big Pond, but is not sure. If anyone who knows better then send us an email.
Line 131: Line 134:
Just choose "n" Just choose "n"
Line 136: Line 139:
 
Line 139: Line 142:
 
Line 142: Line 145:
This is the tricky part. Knowing which module to use for network cards is sometimes difficult. See [[#ExtraConfiguration--clmodules|Section 3.12]] to get an overview of the available modules. Remember to not use .o at the end of the module name. Use only "first name" on the module. This is the tricky part. Knowing which module to use for network cards is sometimes difficult. See [[#!ExtraConfiguration--clmodules|Section 3.12]] to get an overview of the available modules. Remember to not use .o at the end of the module name. Use only "first name" of the module.
Line 150: Line 153:
Use English. It is much easier to get help. Search for example using Google to find solution to problems. Use English. It is much easier to get help. Search for example using Google to find solutions to problems.
Line 158: Line 161:
 1. Be sure it does not get any error messages to unknown NIC modules, like this:  1. Be sure not to get any error messages to unknown NIC modules, like this:
Line 163: Line 166:
 
Line 170: Line 173:
Module 3c59x dep =
Module e100 dep =
Copying module: drivers/e100.o
Copying module: drivers/3c59x.o
    Module 3c59x dep =
    Module e100 dep =
    Copying module: drivers/e100.o
    Copying module: drivers/3c59x.o
Line 179: Line 182:
Download the source files for Windows. They can be obtained from [http://www.coyotelinux.com/downloads/channel.php?ChannelID=5 Disk Creation Wizard v2.24.0] Download the source files for Windows. They can be obtained from [[http://www.coyotelinux.com/downloads/channel.php?!ChannelID=5|Disk Creation Wizard v2.24.0]]
Line 185: Line 188:
Here you can just press "Next" Here you can just press "Next"
Line 191: Line 194:
Fill in necessary network information here: See [[#ExtraConfiguration--fwconf|A]]

Fill in the correct IP address and subnet mask (Netmask) and Coyote Linux will give the correct calculation of broadcast address (Broadcast) and URL (Network)

'''Figure 3-4. Insert a password on the Coyote Linux Floppy'''
Fill in the necessary network information here: See [[#!ExtraConfiguration--fwconf|A]]

Fill in the correct IP address and subnet mask (Netmask) and Coyote Linux will give the correct calculation of the broadcast address (Broadcast) and the network address (Network)

'''Figure 3-4. Insert a password on the Coyote Linux floppy disk'''
Line 199: Line 202:
Without this password you can't log into the Coyote Linux on a later occasion. See [[#ExtraConfiguration--cllogin|Section 3.6]] Without this password you can't log into the Coyote Linux on a later occasion. See [[#!ExtraConfiguration--cllogin|Section 3.6]]
Line 205: Line 208:
Leave the field blank, or look at [[#ExtraConfiguration--clsyslog|2.l]] Leave the field blank, or look at [[#!ExtraConfiguration--clsyslog|2.l]]
Line 213: Line 216:
'''Figure 3-7. Firm IP configuration''' '''Figure 3-7. Static IP configuration'''
Line 223: Line 226:
Do not turn on the Coyote Linux DHCP server. There is already one running on [[#ExtraConfiguration--mainserver|main server]] Do not turn on the Coyote Linux DHCP server. There is already one running on [[#!ExtraConfiguration--mainserver|main server]]
Line 231: Line 234:
This particular screen uses the module for 3Com on the LAN side of the grid (Debian Edu's) and Intel pro 100 card for WAN (Internet) connection. In this particular screen, we use the module for 3Com on the LAN side of the grid (Debian Edu's) and Intel pro 100 card for the WAN (Internet) connection.
Line 247: Line 250:
Our clear advice is to make at least two copies of the floppy disk. It is nice to a couple copies ready if anything should happen.

=== Verification ===

< FIXME>

=== Update config
uration database ===
Our clear advice is to make at least two copies of the floppy disk. It is nice to have a couple copies ready if anything should happen.

=== Verification ===

< FIXME>

=== Update the confi
guration database ===

< FIXME>
Line 257: Line 262:
User Case: To get started with Debian Edu's we need to make a simple firewall. The purpose is to divide Debian Edu's network from the second network that is set up. Use Case: To get started with Debian Edu's we need to make a simple firewall. The purpose is to separate Debian Edu's network from the second network that is set up.
Line 265: Line 270:
Since Coyote Linux runs solely from floppy, there is no system to upgrade. You must create a new floppy as described in [[#ExtraConfiguration--makefloppy|Section 3.3]]. To make this process as simple as possible, there are some things to remember.

 1. Find out what kind of network you have. If this is unknown, one can use the command '''lsmod''' to list all loaded modules (drivers) in use. Maybe this will give an idea of what kind of network cards in use.
Since Coyote Linux runs solely from a floppy disk, there is no system to upgrade. You must create a new floppy as described in [[#!ExtraConfiguration--makefloppy|Section 3.3]]. To make this process as simple as possible, there are some things to remember.

 1. Find out what kind of network you have. If this is unknown, one can use the command '''lsmod''' to list all loaded modules (drivers) in use. Maybe this will give an idea of what kind of network cards are used.
Line 287: Line 292:
In this list of modules loaded for the network card 3com509 in place twice. For a list of available modules, look at

It will be best to write down at the machine itself what kind of network card is are in it
.

 1. What kind of &quot;port forwarding&quot; is it?

Information about the &quot;port forwarding&quot; rules, if you have made any, is in the file`/etc/coyote/portforwards`
In this list of modules that are loaded, the module for the network card 3com509 is loaded twice. For a list of available modules, look at

It is best
practice to write on the machine itself what kind of network card it contains.

 1. What kind of "port forwarding" is it?

Information about the "port forwarding" rules, if you have made any, is in the file`/etc/coyote/portforwards`
Line 300: Line 305:
=== Verification ===

=== Update configuration database ===
< FIXME>

=== Verification ===

< FIXME>

=== Update the configuration database ===

< FIXME>
Line 306: Line 317:
User case: After a simple firewall is installed, it shall be installed in the network and be effective. User case: After a simple firewall is installed, it shall be installed on the network and be effective.
Line 314: Line 325:
 1. First you start Coyote Linux without any cable network card  1. First you start Coyote Linux without any wired network card
Line 316: Line 327:
 1. Login to the main server. Try to use '''pinge'''l the Coyote Linux machine. Use the command '''ping -c10 10.0.2.1''', or alternatively, try to ping the main server from Coyote Linux command '''ping -c10 10.0.2.2'''.  1. Login to the main server. Try to '''ping''' the Coyote Linux machine. Use the command '''ping -c10 10.0.2.1''', or alternatively, try to ping the main server from Coyote Linux with the command '''ping -c10 10.0.2.2'''.
Line 326: Line 337:
Then you have found the network card on the Coyote Linux that must be labeled LAN. Then we know that the other network card is WAN. This procedure will only work as long as the network cards on LAN is set up properly. As shown during startup on the line When you have found the network card on the Coyote Linux that must be labelled LAN, then we know that the other network card is WAN. This procedure will only work as long as the network card on the LAN is set up properly. As shown during startup on the line
Line 331: Line 342:
=== What is shown is normally === === That is normal what is shown ===
Line 335: Line 346:
down
}}}
Since you have started without any cables in the network card.
    down
}}}
Since you have started without any wires connected to the network card.
Line 341: Line 352:
Different names on the network cards Different names for the network cards
Line 348: Line 359:
||This go to the Debian Edu network||LAN network||Eth0||LAN||

Reboot the Coyote Linux machine and make sure the Coyote Linux floppy disk is present in the floppy station. Enssure that the machine is configured to boot from floppy drive.
||This goes to the Debian Edu network||LAN network||Eth0||LAN||

Reboot the Coyote Linux machine and make sure the Coyote Linux floppy disk is present in the floppy station. Ensure that the machine is configured to boot from floppy drive.
Line 356: Line 367:
You can login. Use the username &quot;root&quot; and the password you set when you created the floppy (if this was done from Windows). or press'''Enter''' (blank password) for logging on floppy disk created by Linux

Note: It is normal that it does not follow with any feedback when you taste a password in a Linux system. This is to reveal as little as possible for the password.

=== Exception handling ===

'''meny, menu, status of the network, down'''
You can log in. Use the user name "root" and the password you set when you created the floppy (if this was done from Windows). or press '''Enter''' (blank password) for logging on floppy disk created by Linux

Note: It is normal that you don't get any visible response when you type a password in a Linux system. This is to reveal as little information as possible about the password.

=== Exception handling ===

'''menu, status of the network, down'''
Line 368: Line 379:
'''Figure 3-14. menu, status of network, up''' '''Figure 3-14. menu, status of the network, up'''
Line 372: Line 383:
If everything went well, both will be &quot;up&quot;

Q: [[#ExtraConfiguration--AEN698|It looks like the network card (LAN) going to to the Skolelinux/Debian-edu network is not working: DOWN]]

Q: [[#ExtraConfiguration--AEN704|It looks like the network card (WAN) connected to the Internet, is not working: DOWN]]

Q: [[#ExtraConfiguration--AEN724|We have set up firewalls with many different driver modules for many network cards. We have yet to find something not working properly.]]
If everything went well, both will be "up"

Q: [[#!ExtraConfiguration--AEN698|It looks like the network card (LAN) going to to the Skolelinux/Debian-edu network is not working: DOWN]]

Q: [[#!ExtraConfiguration--AEN704|It looks like the network card (WAN) connected to the Internet, is not working: DOWN]]

Q: [[#!ExtraConfiguration--AEN724|We have set up firewalls with many different driver modules for many network cards. We have yet to find anything not working properly.]]
Line 382: Line 393:
'''A:'''Did you set up your network card according to the [[#ExtraConfiguration--fwconf|A]], but still do not work. You may have chosen the wrong driver for your network card '''A:'''If you set up your network card according to [[#!ExtraConfiguration--fwconf|A]], but it still does not work. That may mean the wrong driver has been chosen for your network card
Line 388: Line 399:
 1. You use a connection with the wrong Internet connection. So you have to look anew at [[#ExtraConfiguration--clconnectiontype|2.b]]

If you have a connection with a DHCP-assigned address, which is not static. Then it must be a physical connection with a network between Coyote Linux and the net contact
 1. You're using a connection with the wrong Internet configuration. Take another look at [[#!ExtraConfiguration--clconnectiontype|2.b]]

If you have a connection with a DHCP-assigned address, which is not static. Then it must be a physical connection through a network wire between Coyote Linux and the network socket.
Line 394: Line 405:
You should attempt to login to Coyote Linux and choose '''q) quit''' to go out of Coyote Linux menu. So you should run the command You should attempt to login to Coyote Linux and choose '''q) quit''' to leave the Coyote Linux menu. Then you should run the command
Line 398: Line 409:
so use '''mellomrom''' to scroll. Look for references to '''eth0''' and '''eth1'''. Look at [[#ExtraConfiguration--clnicnames|Different names to the network cards]] for a reminder of what eth0 and eth1 means. Usually it is an indicator of what the problem is.

'''Q:'''We have sat up firewalls with many different driver modules for many network cards. We have yet to find any not working properly.

'''A:'''Do you have you looked at this site for more information about network card and corresponding driver modules for Coyote Linux? [http://www.dalantech.com/ http://www.dalantech.com]

=== Verification ===

The firewall works if you enter the Internet browser via the main server or a connected client.

=== Update configuration database ===

== Administration of firewall in browser (Coyote) ==

User Case: We need to change the settings in the firewall. The firewall is locked in the computer room. May I make the change over the network.
then use '''space''' to scroll. Look for references to '''eth0''' and '''eth1'''. Look at [[#!ExtraConfiguration--clnicnames|Different names to the network cards]] for a reminder of what eth0 and eth1 means. Usually it is an indicator of what the problem is.

'''Q:'''We have set up firewalls with many different driver modules for many network cards. We have yet to find one that doesn't work properly.

'''A:'''Have you looked at this website for more information about network cards and corresponding driver modules for Coyote Linux? [[http://www.dalantech.com/|http://www.dalantech.com]]

=== Verification ===

The firewall works if you try to reach the Internet through the web browser on the main server or through a connected client.

=== Update the configuration database ===

< FIXME>

== Firewall administration through the
browser (Coyote) ==

Use Case: We need to change the settings in the firewall. The firewall is locked in the computer room. Can I make the change over the network?
Line 418: Line 431:
Coyote Linux has a pretty and a functioning administration tool via a website. Here you can do it all. Write [http://10.0.2.1:8180/ http://10.0.2.1:8180] in the address field of your browser. The address will provide web administration for Coyote Linux. Click on the link and enter your user name '''root''' and password you created for the firewall. Coyote Linux has a pretty and practical administration tool through a web portal. Here you can do everything. Type [[http://10.0.2.1:8180/|http://10.0.2.1:8180]] in the address field of your browser. The address will provide web administration for Coyote Linux. Click on the link and enter your user name '''root''' and the password you created for the firewall.
Line 431: Line 444:
Choosing this, gives the status of your network cards, IP addresses in place, uptime for Coyote Linux, Ist and the like. Choosing this gives the status of your network cards, active IP addresses, uptime for Coyote Linux, Ist and the like.
Line 435: Line 448:
Here you have the possibility to reconfigure the LAN network card. It goes to the Skolelinux/Debian-edu network. Leave the values as they are. Refering to [[#ExtraConfiguration--fwconf|A]]. Here you have the possibility to reconfigure the LAN network card. It goes to the Skolelinux/Debian-edu network. Leave the values as they are. Referring to [[#!ExtraConfiguration--fwconf|A]].
Line 439: Line 452:
&lt; FIXME: Should describe the contents of change_ip_setup her, senere&gt;
Line 443: Line 455:
Here you have the possibility of changing the values in WAN network card connecting to the Internet. If you have got a new ISP, or change a dynamically assigned by DHCP to a fixed IP address, this is the place to change the information without the need of creating a new Coyote Linux floppy from scratch. See [[#ExtraConfiguration--clconnectiontype|2.b]] Here you have the possibility to change the values in the WAN network card connected to the Internet. If you have got a new ISP, or changed a dynamically assigned IP address by DHCP to a fixed one, this is the place to change the information without the need of creating a new Coyote Linux floppy from scratch. See [[#!ExtraConfiguration--clconnectiontype|2.b]]
Line 447: Line 459:
This provides the posibility to configure DHCP server as part of Coyote Linux This provides the possibility to configure DHCP server as part of Coyote Linux
Line 451: Line 463:
Her kan man skru på og av tjenester som navnetjener (DNS), ssh og vev-admin. Here it is possible to turn on and off services like the name server (DNS), ssh and web administration.
Line 462: Line 474:
all ssh-connections coming to Coyote Linux will be forwarded to the Skolelinux/Debian-edu main server. You need to decide if this is desired. all ssh-connections coming to Coyote Linux will be forwarded to the Skolelinux/Debian-edu main server. You need to decide if this is as wished.
Line 475: Line 487:
Here you may change the root password i Coyote Linux, also known as system password. This is the same as using the command line [[#ExtraConfiguration--cllogin|Section 3.6]]. Here you can change the root password for Coyote Linux, also known as the system password. This is the same as using the command line [[#!ExtraConfiguration--cllogin|Section 3.6]].
Line 483: Line 495:
Here you will find useful tools like ping, testing ports (gateway), testing nameserver (DNS), and the status of the network. Here you would find useful tools like ping, testing ports (gateway), testing nameserver (DNS), and the status of the network.
Line 487: Line 499:
Are there any changes Coyote Linux ''must'' these be saved on the diskette. By selecting Main Menu in Coyote Linux users can choose to save the setup. The alternative is that all changes are lost when you reboot Coyote Linux Are there any changes in Coyote Linux then those ''must'' be saved on the diskette. By selecting Main Menu in Coyote Linux users can choose to save the setup. The alternative is that all changes are lost when you reboot Coyote Linux
Line 491: Line 503:
When you need to start the Coyote Linux again this can be done from the &quot;Main Menu&quot;. When choosing restart this must be confirmed. When you need to start again the Coyote Linux, this can be done from the "Main Menu". When choosing restart this must be confirmed.
Line 499: Line 511:
=== Verification ===

=== Update configuration database ===
< FIXME>

=== Verification ===

< FIXME>

=== Update the configuration database ===

< FIXME>
Line 505: Line 523:
User case: Want to set up a good DHCP server with high stability regardless of operating the network. Notification: normal DHCP server in a non-Skolelinux/Debian-edu network Use case: Want to set up a good DHCP server with high stability regardless of the operating system. Notification: normal DHCP server in a non-Skolelinux/Debian-edu network
Line 511: Line 529:
The only thing needing to be configured differently, is to enable the DHCP server. &lt; FIXME: create link to screenshot&gt;

A brief summary of changing a Coyote Linux to a DHCP-server:
The only thing that needs to be configured differently, is to enable the DHCP server. < FIXME: create link to screenshot>

A brief summary about changing a Coyote Linux to a DHCP-server:
Line 517: Line 535:
 * Remember to answer &quot;yes&quot; on the question &quot;Do you want to enable the Coyote DHCP-server [y/n]:&quot;  * Remember to answer "yes" to the question "Do you want to enable the Coyote DHCP-server [y/n]:"
Line 522: Line 540:
 
 
Line 526: Line 544:
 
Line 531: Line 549:
 
Line 534: Line 552:
then you should use the address 192.168.0.1 instead of 10.0.2.1 when logging into the Coyote Linux web administration. See [[#ExtraConfiguration--clgui|Section 3.7]] and then you should use the address 192.168.0.1 instead of 10.0.2.1 when logging into the Coyote Linux web administration. See [[#!ExtraConfiguration--clgui|Section 3.7]] and
Line 539: Line 557:
 * [http://192.168.0.1:8180/ http://192.168.0.1:8180]

=== Verification ===

=== Update configuration database ===
 * [[http://192.168.0.1:8180/|http://192.168.0.1:8180]]

=== Verification ===

< FIXME>

=== Update the configuration database ===

< FIXME>
Line 547: Line 569:
User Case: We have a firewall with Coyote Linux. Allows itself to connect to our ISP? User Case: We have a firewall with Coyote Linux. Does it allow itself to connect to our ISP?
Line 551: Line 573:
Note: It has not yet been a situation where Coyote does not work against ISPs in Norway. Tell us if you've experienced problems with one.

This is a list of Internet providers that works well with Coyote Linux
Note: We've seen no case where Coyote didn't work with an ISP in Norway. Tell us if you experience problems with an ISP.

This is a list of Internet providers that work well with Coyote Linux
Line 559: Line 581:
 * The Department of Education in Oslo. Not tested on schools connected Simen's InnsIKT-solution for Oslo schools

Due different network policies in The Department of Education in Oslo''must'' you make the following changes in [[#ExtraConfiguration--mainserver|the main server]]:

Change the following in the file`/etc/bind/named.conf` [[#ExtraConfiguration--FTN.AEN983|[5]]]
 * The Department of Education in Oslo. Not tested on schools connected to Simens' !InnsIKT-solution for Oslo schools

Due to different network policies in The Department of Education in Oslo, you ''must'' make the following changes in [[#!ExtraConfiguration--mainserver|the main server]]:

Change the following in the file`/etc/bind/named.conf` [[#!ExtraConfiguration--FTN.AEN983|[5]]]
Line 579: Line 601:
// By special request from the good people inside the Dept of Education in
// Oslo:
193.156.192.40;
193.156.192.50;
// Dept. of Education in Oslo end of block
// 0.0.0.0;
};
}}}
This mean to remove the comment marker (#) in front of &quot;forwarders&quot;.

If you don't do this, you one will not be able to connect to the Internet due to problems with the name server (DNS) in The Department of Education in Oslo. Operating staff will also engage more people to get this changed to such as this service want it.

After the change is inserted in `/etc/bind/named.conf` one need to restart bind with '''service bind9 restart'''
        // By special request from the good people inside the Dept of Education in
        // Oslo:
                193.156.192.40;
                193.156.192.50;
        // Dept. of Education in Oslo end of block
        // 0.0.0.0;
           };
}}}
This means to remove the comment marker (#) in front of "forwarders".

If you don't do this, you will not be able to connect to the Internet due to problems with the name server (DNS) in The Department of Education in Oslo. Operating staff will also engage more people to get this changed to such as this service wants it.

After the changes are inserted in `/etc/bind/named.conf` one needs to restart bind with '''service bind9 restart'''
Line 596: Line 618:
You must make the same bind-changes as the Department of Education in Oslo.

=== Exception handling ===

=== Verification ===

=== Update configuration database ===
Here, you must make the same bind-changes as the Department of Education in Oslo.

=== Exception handling ===

< FIXME>

=== Verification ===

< FIXME>


=== Update the configuration database ===

< FIXME>
Line 647: Line 675:
=== Verification ===

=== Update configuration database ===
< FIXME>

=== Verification ===

< FIXME>

=== Update the configuration database ===

< FIXME>
Line 653: Line 687:
Use case: We want to try to use some network cards in the firewall that is almost 20 years old. They are using the so called ISA bus. Is this possible? Use case: We want to try to use some network cards in the firewall that are almost 20 years old. They are using the so called ISA bus. Is this possible?
Line 659: Line 693:
Network cards with the type designation 3c509 from 3Com, has been a very popular series. Several have Coyote Linux with such network produced for example in 1989, almost 20 years ago. We've run these cards in three years with Coyote firewall without any problems. Once you have managed to get them running, they will probably run for a long time. But it is sometimes difficult to get the cards to work. This is because they have an ISA bus. This means that important addresses (IO) and termination messages (IRQ) must be handled manually. This is done automatically with PCI cards. But using one ISA card requires extra effort. IO and IRQ on these cards can be handled by an old DOS program. This can be somewhat difficult to obtain, since this is almost 20 years old software. Network cards with model number 3c509 from 3Com have been a very popular series. Many have Coyote Linux with such a network card built in which could have been produced for example in 1989, over 25 years ago. We've run these cards for three years with Coyote firewall without any problems. Once you have managed to get one running, it will probably run for a long time. But it is sometimes difficult to get the cards to work in the first place. This is because they have an ISA bus. This means that important addresses (I/O) and termination messages (IRQ) must be handled manually. This is done automatically with PCI cards, but using an ISA card requires extra effort. I/O and IRQ on these cards can be handled by an old DOS program. This can be somewhat difficult to obtain, since this software is over 25 years old.
Line 663: Line 697:
 1. Start the machine with DOS. One can use FreeDOS or a boot floppy created with Windows 95 or 98.
 1. As soon as the machine is booted using DOS, insert a diskett with the program `3c5x9cfg.exe`. Run the program 3c5x9cfg.exe from the command line in DOS.
 1. When 3c5x9cfg.exe is started, each of the 3c509 network cards can be configured with the &quot;auto&quot; option

`3c5x9cfg.exe` can be found at Ruprecht-Karls-Universität Heidelberg: [http://www.urz.uni-heidelberg.de/Netzdienste/nm/misc/3comnic/ ]

FreeDOS can be found on: [http://www.freedos.org/ ]

=== Exception handling ===

Alert: Many reports show problems with using two 3c509 card on the same machine if one of the cards is a combo type. This is a card type with different types of networking contacts.
 1. Start the machine with DOS. One can use !FreeDOS or a boot floppy created with Windows 95 or 98.
 1. As soon as the machine is booted using DOS, insert a floppy disk with the program `3c5x9cfg.exe`. Run the program 3c5x9cfg.exe from the command line in DOS.
 1. When 3c5x9cfg.exe is started, each of the 3c509 network cards can be configured with the "auto" option

`3c5x9cfg.exe` can be found at Ruprecht-Karls-Universität Heidelberg: http://www.urz.uni-heidelberg.de/Netzdienste/nm/misc/3comnic/

!
FreeDOS can be found on: http://www.freedos.org/

=== Exception handling ===

Warning: Many reports show problems with using two 3c509 card on the same machine if one of the cards is a combo type. This is a card type with different types of network cable plugs.
Line 679: Line 713:
=== Update configuration database === < FIXME>

=== Update the configuration database ===

< FIXME>
Line 683: Line 721:
User case: I have not got enough help on using the firewall on these pages. Where can I get more help? User case: I have not gotten enough help with using the firewall on these pages. Where can I get more help?
Line 689: Line 727:
 * [http://www.coyotelinux.com/ Coyote Linux home page]
 * [http://www.vortech.net/phorums/list.php?8 Coyote Linux user forum, high activity]
 * [http://www.coyotelinux.com/faq Coyote Linux, FAQ, choose 2.x - General]
 * [http://rzero.com/coyote/faq.html Another FAQ by Todd VerBeek]

=== Exception handling ===

=== Verification ===

=== Update configuration database ===
 * [[http://www.coyotelinux.com/|Coyote Linux home page]]
 * [[http://www.vortech.net/phorums/list.php?8|Coyote Linux user forum, high activity]]
 * [[http://www.coyotelinux.com/faq|Coyote Linux, FAQ, choose 2.x - General]]
 * [[http://rzero.com/coyote/faq.html|Another FAQ by Todd !VerBeek]]

=== Exception handling ===

< FIXME>

=== Verification ===

< FIXME>

=== Update the configuration database ===

< FIXME>
Line 702: Line 746:
User case: What's shoud be configured User case: What's should be configured
Line 706: Line 750:
=== Exception handling ===

=== Verification ===

=== Update configuration database ===
< FIXME>

=== Exception handling ===

< FIXME>

=== Verification ===

< FIXME>

=== Update the configuration database ===

< FIXME>

Extra configurations

/!\ This setup MUST be reviewed, this is historic information.

/!\ Do NOT use this. Coyote Linux has not been updated since at least 2015. Modern Linux kernels simply are too big to fit on a floppy disk.

/!\ Graphics in the document must be inserted and updated

Simple firewall

Debian Edu's architecture suits centralized operations with the placement of services centrally, and can be operated locally at each school. A firewall makes it easier to start with Debian Edu's if you want to try out a small installation.

Simple firewall with floppy (Coyote)

Use Case: To get started with Debian Edu's we need to make a simple firewall. The purpose is to separate Debian Edu's network from the second network that is set up.

Main author Klaus Ade Johnstad

  • Regardless of whether you choose to Coyote Linux floppy on a Linux or Windows machine, the following configuration must be used. This applies to any other firewall router than Coyote Linux
  • Local network interface:

         IP Address:   10.0.2.1
         Netmask:      255.255.254.0
         Broadcast:    10.0.3.255
         Network:      10.0.2.0
  • Install the Big Pond login software? [y/n]:n

Press "n"

This refers to some extra stuff you need if you want to have access from the provider Big Pond, but we are not sure. Is there anyone who knows that for sure?

  • Do you want to enable the Coyote DHCP-server [y/n]: n

Press "n"

  • Use 10.0.2.2 as a syslog server. This is the IP address of the main server

Warning: Since Skolelinux/Debian-Edu already has a DHCP server running, you must disable the DHCP server on your firewall/router. The same applies to all other machines that may be connected to a Skolelinux/Debian-Edu network. Having two DHCP servers on the same network usually just leads to trouble

If a new version of Coyote Linux exists when you read this, it might replace the version 2.24 in the commands above with the version downloaded.

  1. After that the Coyote Linux was downloaded, the files must be unpacked. One must be the root user to unpack.

tar zvxf coyote-2.24.tar.gz

cd coyote

./makefloppysh

  1. When creating Coyote Linux on a Linux machine, one needs to answer several questions. Here is a summary of the answers that can be supplied:

a.   Coyote floppy builder script v2.9
 
    Please choose the desired capacity for the created floppy:
    1) 1.44MB (Safest and most reliable but may lack space needed for
           some options)
    2) 1.68MB (Good reliability with extra space) - recommended
    3) 1.72MB (Most space but may not work on all systems or with all
           diskettes)
 
    Enter selection:2

The recommended choice is «1.68MB»

b.   Please select the type of Internet connection that your system uses.
 
    1) Standard Ethernet Connection
    2) PPP over Ethernet Connection
    3) PPP Dialup Connection\n\nEnter Selection:

Here it is best to select 1)

c.   Configuring system for Ethernet based Internet connection.
    By default, Coyote uses the following settings for the local network
    interface:
 
    IP Address: 192.168.0.1
    Netmask:    255.255.255.0
    Broadcast:  192.168.0.255
    Network:    192.168.0.0
 
    Would you like to change these settings? [Y/N]: y
    Enter local IP Address [192.168.0.1]: 10.0.2.1
    Enter local Netmask [255.255.255.0]: 255.255.254.0
    Enter local Broadcast [192.168.0.255]: 10.0.3.255
    Enter local network number [192.168.0.0]: 10.0.2.0

These network settings for local network must be changed. See A

   IP Address: 10.0.2.1
    Netmask:    255.255.254.0
    Broadcast:  10.0.3.255
    Network:    10.0.2.0
 
e.   Does your Internet connection get its IP via DHCP? [y/n]:

Answer yes(y) or no(n) in accordance with what the network configuration is.

If one gets an IP via DHCP, the following information should be filled out:

   Please enter the information for your static IP configuration
    Internet IP Address:\nInternet Subnet Mask [255.255.255.0]:
    Internet Broadcast [Enter = Default]:
    Internet Gateway Address:
    Domain Name:
    DNS Server 1:
 
    DNS Server 2 (optional):
  • Enter the DHCP hostname:

Usually, this one can be blank

  • Install the Big Pond login software? [y/n]:

We think that this refers to some extra stuff that comes from the provider Big Pond, but is not sure. If anyone who knows better then send us an email.

h.   Do you want to enable the Coyote DHCP server? [y/n]: n

Here must the answer be «n»!

i.   If you don't know what a DMZ is, just answer NO\nDo you want to configure a De-Militarized Zone? [Y/N]: n

Just choose "n"

j. You now need to specify the module name and parameters for your
  network cards.
 
  If you are using PCI or EISA cards, leave the IO and IRQ lines
  blank.
 
  Enter the module name for you local network card:

This is the tricky part. Knowing which module to use for network cards is sometimes difficult. See Section 3.12 to get an overview of the available modules. Remember to not use .o at the end of the module name. Use only "first name" of the module.

Many prefer 3Com. Almost all use this module 3c59x.

k.   The default language of the Coyote Web Administrator is English
    Do you like to configure a different language ? [Y/N]: n

Use English. It is much easier to get help. Search for example using Google to find solutions to problems.

l.   Syslog server address:

Here you can use the main server as syslog server. Use 10.0.2.2

  1. You must insert a floppy disk in the machine. Remember to turn the write protection. It takes a few minutes to write to the disk.
  2. Be sure not to get any error messages to unknown NIC modules, like this:

    Checking module deps for (wrong,bad)...
    Copying module: drivers/wrong.o
 
    Unable to copy module (drivers/wrong.o): No such file or directory

Be sure you get something like this instead:

   Checking module deps for (e100,3c59x)...
    Module 3c59x dep =
    Module e100 dep =
    Copying module: drivers/e100.o
    Copying module: drivers/3c59x.o

Solution 2 Create a Coyote Linux Floppy on a Windows machine

To create a floppy on a Windows machine is done almost the same way as on Linux.

Download the source files for Windows. They can be obtained from Disk Creation Wizard v2.24.0

Figur 3-2. Coyote Linux Windows Creator Welcome Image

  • [ATTACH]

Here you can just press "Next"

Figure 3-3. Local LAN network setup

  • [ATTACH]

Fill in the necessary network information here: See A

Fill in the correct IP address and subnet mask (Netmask) and Coyote Linux will give the correct calculation of the broadcast address (Broadcast) and the network address (Network)

Figure 3-4. Insert a password on the Coyote Linux floppy disk

  • [ATTACH]

Without this password you can't log into the Coyote Linux on a later occasion. See Section 3.6

Figur 3-5. Syslog-server

  • [ATTACH]

Leave the field blank, or look at 2.l

Figure 3-6. Type of Internet connection (WAN)

  • [ATTACH]

Choose what suits you. Do you have access to DHCP server, which is very likely, then you do not need more information.

Figure 3-7. Static IP configuration

  • [ATTACH]

Do you have a fixed address, fill in the appropriate values here.

Figure 3-8. Do not enable the Coyote Linux DHCP server!

  • [ATTACH]

Do not turn on the Coyote Linux DHCP server. There is already one running on main server

Figure 3-9. Select a driver module for the network card (NIC)

  • [ATTACH]

Drag and drop to choose the correct network card at the Coyote Linux machine.

In this particular screen, we use the module for 3Com on the LAN side of the grid (Debian Edu's) and Intel pro 100 card for the WAN (Internet) connection.

Figure 3-10. Select language

  • [ATTACH]

If you want to get good support from the Internet, choose English.

Figure 3-11. Make the disc

  • [ATTACH]

Place a floppy disk in the disc station and press 'Next'.

Exception handling

Our clear advice is to make at least two copies of the floppy disk. It is nice to have a couple copies ready if anything should happen.

Verification

< FIXME>

Update the configuration database

< FIXME>

Simple firewall with CD

Use Case: To get started with Debian Edu's we need to make a simple firewall. The purpose is to separate Debian Edu's network from the second network that is set up.

Main author Klaus Ade Johnstad

Solution

Coyote Linux is a product in constant development and maintenance. Just like Skolelinux / Debian-edu. Meaning that new versions are released constantly, with new features and security fixes. Especially due to security fixes, you should always use the latest stable version of Coyote Linux

Since Coyote Linux runs solely from a floppy disk, there is no system to upgrade. You must create a new floppy as described in Section 3.3. To make this process as simple as possible, there are some things to remember.

  1. Find out what kind of network you have. If this is unknown, one can use the command lsmod to list all loaded modules (drivers) in use. Maybe this will give an idea of what kind of network cards are used.

coyote# lsmod
Module                  Size  Used by
3c509                   7732   2
ip_nat_quake3           1768   0 (unused)
ip_nat_mms              2608   0 (unused)
ip_nat_h323             2060   0 (unused)
ip_nat_amanda            876   0 (unused)
ip_nat_irc              1904   0 (unused)
ip_nat_ftp              2384   0 (unused)
ip_conntrack_quake3     1848   1
ip_conntrack_mms        2704   1
ip_conntrack_h323       2065   1
ip_conntrack_egg        2280   0 (unused)
ip_conntrack_amanda     1488   1
ip_conntrack_irc        2672   1
ip_conntrack_ftp        3440   1

In this list of modules that are loaded, the module for the network card 3com509 is loaded twice. For a list of available modules, look at

It is best practice to write on the machine itself what kind of network card it contains.

  1. What kind of "port forwarding" is it?

Information about the "port forwarding" rules, if you have made any, is in the file/etc/coyote/portforwards

   coyote# more /etc/coyote/portforwards\nport Y 10.0.2.2 tcp 2333 22 # Example - Secondary SSH

Exception handling

< FIXME>

Verification

< FIXME>

Update the configuration database

< FIXME>

Starting the Coyote firewall

User case: After a simple firewall is installed, it shall be installed on the network and be effective.

Author: Klaus Ade Johnstad.

Solution

There are two network cards in Coyote Linux, one (LAN) is connected to the Skolelinux/Debian-edu server, the other is connected with a crossed cable, or via a switch to another network (WAN). Sometimes it can be a bit difficult to decide which network card is which, especially if they are both connected to the same address. The method we use to determine which card is which, is to use a crossed cable and connect it to the network card in the Skolelinux/Debian-edu main server.

  1. First you start Coyote Linux without any wired network card
  2. Then use the crossed cable to connect Coyote Linux with the Skolelinux / Debian-edu main server (make sure it goes to the NIC labeled eth0 if the main server is a combined server).
  3. Login to the main server. Try to ping the Coyote Linux machine. Use the command ping -c10 10.0.2.1, or alternatively, try to ping the main server from Coyote Linux with the command ping -c10 10.0.2.2.

  4. Then you get a response like this if it works:

ping -c10 10.0.2.1
PING 10.0.2.1 (10.0.2.1): 56 data bytes
64 bytes from 10.0.2.1: icmp_seq=0 ttl=63 time=0.6 ms
64 bytes from 10.0.2.1: icmp_seq=1 ttl=63 time=0.3 ms
64 bytes from 10.0.2.1: icmp_seq=2 ttl=63 time=0.3 ms

When you have found the network card on the Coyote Linux that must be labelled LAN, then we know that the other network card is WAN. This procedure will only work as long as the network card on the LAN is set up properly. As shown during startup on the line

LAN network: UP

That is normal what is shown

WAN network: 
    down

Since you have started without any wires connected to the network card.

When the role of each of the network cards is decided, it is time to reboot the firewall with all the cables in place.

Different names for the network cards

The two network cards got two different names in Coyote Linux. This is a bit confusing and not very consistent. Here is a summary:

The various names used for network cards in Coyote Linux

This is connected to the existing network

Internet

Eth1

WAN

This goes to the Debian Edu network

LAN network

Eth0

LAN

Reboot the Coyote Linux machine and make sure the Coyote Linux floppy disk is present in the floppy station. Ensure that the machine is configured to boot from floppy drive.

Figure 3-12. Coyote Linux Login

  • [ATTACH]

You can log in. Use the user name "root" and the password you set when you created the floppy (if this was done from Windows). or press Enter (blank password) for logging on floppy disk created by Linux

Note: It is normal that you don't get any visible response when you type a password in a Linux system. This is to reveal as little information as possible about the password.

Exception handling

menu, status of the network, down

  • [ATTACH]

Once you have entered, press 'c' to get the status of the network. In case there is a problem:

Figure 3-14. menu, status of the network, up

  • [ATTACH]

If everything went well, both will be "up"

Q: It looks like the network card (LAN) going to to the Skolelinux/Debian-edu network is not working: DOWN

Q: It looks like the network card (WAN) connected to the Internet, is not working: DOWN

Q: We have set up firewalls with many different driver modules for many network cards. We have yet to find anything not working properly.

Q:It looks like the network card (LAN) going to to the Skolelinux/Debian-edu network is not working: DOWN

A:If you set up your network card according to A, but it still does not work. That may mean the wrong driver has been chosen for your network card

Q:It looks like the network card (WAN) connected to the Internet, is not working: DOWN

A:There are usually two reasons why the WAN network card is not up (UP):

  1. You're using a connection with the wrong Internet configuration. Take another look at 2.b

If you have a connection with a DHCP-assigned address, which is not static. Then it must be a physical connection through a network wire between Coyote Linux and the network socket.

  1. You have chosen the wrong driver module for this network card.

You should attempt to login to Coyote Linux and choose q) quit to leave the Coyote Linux menu. Then you should run the command

dmesg|more

then use space to scroll. Look for references to eth0 and eth1. Look at Different names to the network cards for a reminder of what eth0 and eth1 means. Usually it is an indicator of what the problem is.

Q:We have set up firewalls with many different driver modules for many network cards. We have yet to find one that doesn't work properly.

A:Have you looked at this website for more information about network cards and corresponding driver modules for Coyote Linux? http://www.dalantech.com

Verification

The firewall works if you try to reach the Internet through the web browser on the main server or through a connected client.

Update the configuration database

< FIXME>

Firewall administration through the browser (Coyote)

Use Case: We need to change the settings in the firewall. The firewall is locked in the computer room. Can I make the change over the network?

Author: Klaus Ade Johnstad.

Co-author: Knut Yrvin

Coyote Linux has a pretty and practical administration tool through a web portal. Here you can do everything. Type http://10.0.2.1:8180 in the address field of your browser. The address will provide web administration for Coyote Linux. Click on the link and enter your user name root and the password you created for the firewall.

Coyote Linux web administration

  • [ATTACH]

All options and settings can be done in Main Menu on the left side.

Coyote Linux Main Menu

  • [ATTACH]

  • Information

Choosing this gives the status of your network cards, active IP addresses, uptime for Coyote Linux, Ist and the like.

  • LAN setup

Here you have the possibility to reconfigure the LAN network card. It goes to the Skolelinux/Debian-edu network. Leave the values as they are. Referring to A.

Warning: Do not make changes here! Doing so may reduce the performance of Skolelinux/Debian-edu network

  • Internet setup

Here you have the possibility to change the values in the WAN network card connected to the Internet. If you have got a new ISP, or changed a dynamically assigned IP address by DHCP to a fixed one, this is the place to change the information without the need of creating a new Coyote Linux floppy from scratch. See 2.b

  • DHCP setup. Warning: Do not enable the DHCP server in Coyote Linux!

This provides the possibility to configure DHCP server as part of Coyote Linux

  • Administrative settings

Here it is possible to turn on and off services like the name server (DNS), ssh and web administration.

  • Port Forwarding

Here you may change and enable port forwarding in Coyote Linux. This is a neat feature in a Skolelinux/Debian-edu network. Since Coyote Linux stops and blocks most connections for example ssh, it's nice to use port forwarding. This is a way to let ssh connections through Coyote Linux to a Skolelinux/Debian-edu- network.

Use this rule for port forwarding

   Yes         TCP         Any         22         10.0.2.2         22         No           SSH straight into Mainserver

all ssh-connections coming to Coyote Linux will be forwarded to the Skolelinux/Debian-edu main server. You need to decide if this is as wished.

  • Simplified firewall configuration

Here you can set up and configure the firewall rules in Coyote Linux. There are many rules ready to use and can be used as an example.

  • Advanced firewall configuration
  • QOS configuration

Here you can set up restrictions on network capacity

  • System password

Here you can change the root password for Coyote Linux, also known as the system password. This is the same as using the command line Section 3.6.

  • Configuration files

These are files that contain all settings.

  • Diagnostic tools

Here you would find useful tools like ping, testing ports (gateway), testing nameserver (DNS), and the status of the network.

  • Backup now

Are there any changes in Coyote Linux then those must be saved on the diskette. By selecting Main Menu in Coyote Linux users can choose to save the setup. The alternative is that all changes are lost when you reboot Coyote Linux

  • Reboot the system

When you need to start again the Coyote Linux, this can be done from the "Main Menu". When choosing restart this must be confirmed.

Restart or turn off Coyote Linux?

  • [ATTACH]

Exception handling

< FIXME>

Verification

< FIXME>

Update the configuration database

< FIXME>

Firewall as a DHCP server (Coyote)

Use case: Want to set up a good DHCP server with high stability regardless of the operating system. Notification: normal DHCP server in a non-Skolelinux/Debian-edu network

Author: Klaus Ade Johnstad.

Coyote Linux is a good solution if you just need a DHCP server on the network regardless of what type of machines, be it Linux, Windows or Mac.

The only thing that needs to be configured differently, is to enable the DHCP server. < FIXME: create link to screenshot>

A brief summary about changing a Coyote Linux to a DHCP-server:

Coyote Linux as the default DHCP server

  • Remember to answer "yes" to the question "Do you want to enable the Coyote DHCP-server [y/n]:"
  • Once a DHCP server runs on Coyote Linux, you will probably need to use a different address for login, if you did not change the LAN setup:

Configuring system for Ethernet based Internet connection
 
 
By default, Coyote uses the following settings for the local network
interface:
 
IP Address: 192.168.0.1
Netmask:    255.255.255.0
Broadcast:  192.168.0.255
Network:    192.168.0.0
 
Would you like to change these settings? [Y/N]: n

then you should use the address 192.168.0.1 instead of 10.0.2.1 when logging into the Coyote Linux web administration. See Section 3.7 and

In this case the new address is:

Verification

< FIXME>

Update the configuration database

< FIXME>

Coyote firewall and Internet operators

User Case: We have a firewall with Coyote Linux. Does it allow itself to connect to our ISP?

Author: Klaus Ade Johnstad.

Note: We've seen no case where Coyote didn't work with an ISP in Norway. Tell us if you experience problems with an ISP.

This is a list of Internet providers that work well with Coyote Linux

  • Nextgentel, Norway
  • Tele2 ADSL Privat, Norway
  • Tele2 ADSL Bedrift, Norway
  • UPC Chello Classis, Norway
  • The Department of Education in Oslo. Not tested on schools connected to Simens' !InnsIKT-solution for Oslo schools

Due to different network policies in The Department of Education in Oslo, you must make the following changes in the main server:

Change the following in the file/etc/bind/named.conf [5]

       // forwarders {
        // By special request from the good people inside the Dept of Education in
        // Oslo:
        //      193.156.192.40;
        //      193.156.192.50;
        // Dept. of Education in Oslo  end of block
        //      0.0.0.0;
        // };

change this to

          forwarders {
        // By special request from the good people inside the Dept of Education in
        // Oslo:
                193.156.192.40;
                193.156.192.50;
        // Dept. of Education in Oslo end of block
        //      0.0.0.0;
           };

This means to remove the comment marker (#) in front of "forwarders".

If you don't do this, you will not be able to connect to the Internet due to problems with the name server (DNS) in The Department of Education in Oslo. Operating staff will also engage more people to get this changed to such as this service wants it.

After the changes are inserted in /etc/bind/named.conf one needs to restart bind with service bind9 restart

  • Telenor ADSL, Norway
  • Oslo University College (Høgskolen i Oslo)

Here, you must make the same bind-changes as the Department of Education in Oslo.

Exception handling

< FIXME>

Verification

< FIXME>

Update the configuration database

< FIXME>

Support for network cards in the firewall

Use case: Are the two network cards in the machine supported by Coyote?

Author: Klaus Ade Johnstad.

This is a list of modules included in Coyote Linux. All driver modules for network cards are listed.

tjener:~/coyote# ls  data/kernel/drivers/
3c501.o     eth16i.o               ne.o
3c503.o     ewrk3.o                ni5010.o
3c505.o     fealnx.o               ni52.o
3c507.o     forcedeth.o            ni65.o
3c509.o     hp100.o                pcnet32.o
3c515.o     hp.o                   ppp_async.o
3c59x.o     hp-plus.o              ppp_deflate.o
8139cp.o    ip_conntrack_amanda.o  ppp_generic.o
8139too.o   ip_conntrack_egg.o     pppoe.o
82596.o     ip_conntrack_ftp.o     pppox.o
8390.o      ip_conntrack_h323.o    ppp_synctty.o
ac3200.o    ip_conntrack_irc.o     sch_htb.o
amd8111e.o  ip_conntrack_mms.o     sch_ingress.o
at1700.o    ip_conntrack_quake3.o  sch_sfq.o
b44.o       ip_conntrack_rtsp.o    sis900.o
bridge.o    ip_conntrack_tftp.o    slhc.o
bsd_comp.o  ip_nat_amanda.o        smc9194.o
cls_fw.o    ip_nat_cuseeme.o       smc-ultra.o
cls_u32.o   ip_nat_ftp.o           softdog.o
cs89x0.o    ip_nat_h323.o          starfire.o
de4x5.o     ip_nat_irc.o           sundance.o
depca.o     ip_nat_mms.o           tlan.o
dgrs.o      ip_nat_quake3.o        tulip.o
dmfe.o      ip_nat_rtsp.o          typhoon.o
e100.o      ip_nat_tftp.o          via-rhine.o
e2100.o     lance.o                wd.o
eepro100.o  lp486e.o               winbond-840.o
eepro.o     mii.o                  zlib_deflate.o
eexpress.o  natsemi.o              zlib_inflate.o
epic100.o   ne2k-pci.o

Exception handling

< FIXME>

Verification

< FIXME>

Update the configuration database

< FIXME>

Particularly old network cards in the firewall (ISA)

Use case: We want to try to use some network cards in the firewall that are almost 20 years old. They are using the so called ISA bus. Is this possible?

Author: Klaus Ade Johnstad.

Co-author: Knut Yrvin

Network cards with model number 3c509 from 3Com have been a very popular series. Many have Coyote Linux with such a network card built in which could have been produced for example in 1989, over 25 years ago. We've run these cards for three years with Coyote firewall without any problems. Once you have managed to get one running, it will probably run for a long time. But it is sometimes difficult to get the cards to work in the first place. This is because they have an ISA bus. This means that important addresses (I/O) and termination messages (IRQ) must be handled manually. This is done automatically with PCI cards, but using an ISA card requires extra effort. I/O and IRQ on these cards can be handled by an old DOS program. This can be somewhat difficult to obtain, since this software is over 25 years old.

The DOS configuration program is called 3c5x9cfg.exe, and it is used in the following way:

  1. Start the machine with DOS. One can use !FreeDOS or a boot floppy created with Windows 95 or 98.
  2. As soon as the machine is booted using DOS, insert a floppy disk with the program 3c5x9cfg.exe. Run the program 3c5x9cfg.exe from the command line in DOS.

  3. When 3c5x9cfg.exe is started, each of the 3c509 network cards can be configured with the "auto" option

3c5x9cfg.exe can be found at Ruprecht-Karls-Universität Heidelberg: http://www.urz.uni-heidelberg.de/Netzdienste/nm/misc/3comnic/

!FreeDOS can be found on: http://www.freedos.org/

Exception handling

Warning: Many reports show problems with using two 3c509 card on the same machine if one of the cards is a combo type. This is a card type with different types of network cable plugs.

Do not use combo type ISA bus cards!

Verification

< FIXME>

Update the configuration database

< FIXME>

User case: I have not gotten enough help with using the firewall on these pages. Where can I get more help?

Author: Klaus Ade Johnstad.

Co-author: Knut Yrvin

Exception handling

< FIXME>

Verification

< FIXME>

Update the configuration database

< FIXME>

Config:

User case: What's should be configured

Solution

< FIXME>

Exception handling

< FIXME>

Verification

< FIXME>

Update the configuration database

< FIXME>