housecleaning
|
@ -1,260 +0,0 @@
|
|||
<?xml version="1.0"?>
|
||||
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://docbook.org/xml/4.2/docbookx.dtd"
|
||||
>
|
||||
<article id="spm">
|
||||
<articleinfo><title>Complete System Performance Monitor HOWTO</title>
|
||||
<abstract>
|
||||
<para>This HOWTO provides an overview of the Complete System Performance Monitor, including a description of the product and installation and configuration information.</para>
|
||||
</abstract>
|
||||
<author>
|
||||
<firstname>Chris</firstname>
|
||||
<surname>Lorenz</surname>
|
||||
<affiliation>
|
||||
<address><email>lorenzc@us.ibm.com</email></address>
|
||||
</affiliation>
|
||||
</author>
|
||||
<pubdate>2003-06-10</pubdate>
|
||||
<revhistory>
|
||||
<revision>
|
||||
<revnumber>2.0</revnumber>
|
||||
<date>2003-06-10</date>
|
||||
<authorinitials>CL</authorinitials>
|
||||
</revision>
|
||||
</revhistory>
|
||||
</articleinfo>
|
||||
<sect1 id="copy"><title>Copyright and legal notice</title>
|
||||
<para>Copyright © 2003 IBM Corporation. All
|
||||
rights reserved.
|
||||
</para>
|
||||
<para>This document is provided "AS IS," with no
|
||||
express or implied warranties. Use the information in
|
||||
this document at your own risk.
|
||||
</para>
|
||||
<para>Linux is a registered trademark of Linus Torvalds. Other company, product, and service
|
||||
names may be trademarks or service marks of others.
|
||||
</para>
|
||||
<para>Permission is granted to copy, distribute, and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation with no Invariant Sections, no Front-Cover text, and no Back-Cover text. A copy of the license can be found at <ulink url="http://www.gnu.org/licenses/fdl.txt">http://www.gnu.org/licenses/fdl.txt</ulink>.</para>
|
||||
</sect1>
|
||||
<sect1><title>What Is the Complete System Performance Monitor?</title>
|
||||
<para>The Complete System Performance Monitor (CSPM), written by Don Dupuis of Compaq Computer Corporation, is a graphical tool that monitors a Linux® system's CPU, memory, storage, network, and IRQ utilization. CSPM gathers all the data automatically and then generates histogram displays of system usage. </para></sect1>
|
||||
|
||||
<sect1><title>Requirements</title>
|
||||
<para>CSPM V1.0 and later require the following:</para>
|
||||
<itemizedlist><listitem><para>Red Hat Linux 7.2 or later, Mandrake 8.2 or later, or any Linux
|
||||
kernel that has Stephen Tweedie's <command>sar</command> or <command>sysstat</command> patch applied (such as 2.4.20).</para></listitem>
|
||||
<listitem><para>The Trolltech Qt 3.0 or later C++ application development environment, which is available for download from Trolltech for free.</para></listitem>
|
||||
</itemizedlist>
|
||||
</sect1>
|
||||
|
||||
<sect1><title>Installing CSPM and its requirements</title>
|
||||
<para>This section describes how to acquire the Qt application development environment and install CSPM.</para>
|
||||
<sect2><title>Installing Qt 3.0 or later</title>
|
||||
|
||||
<para>Qt 3.0 or later must be installed on the system before you install CSPM.
|
||||
Follow these steps to acquire and configure Qt:
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>Download the Qt X/11 Free Edition from <ulink url="www.trolltech.com">http://www.trolltech.com</ulink> for the latest version of Qt. </para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>Follow Trolltech's instructions for installing Qt. </para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>Run .<command>/configure</command> with the <constant>-thread</constant> switch to the configure
|
||||
program so that Qt is installed to run in multithreaded mode.</para>
|
||||
<programlisting># ./configure -thread</programlisting>
|
||||
</listitem>
|
||||
<listitem><para>Be sure to export the variables QTDIR and LD_LIBRARY_PATH, as
|
||||
described in the Qt installation instructions that are downloaded with the software.</para>
|
||||
</listitem></orderedlist>
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2><title>Installing CSPM</title>
|
||||
<para>The following sections describe how to download and install CSPM.
|
||||
These steps must be run by the root user.
|
||||
The installation process creates a directory called <filename>spm</filename> and places all the files in that directory.
|
||||
|
||||
</para>
|
||||
<sect3><title>Installing from rpm</title>
|
||||
<para>Follow these steps to install CSPM from the rpm file:</para>
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>Download the CSPM rpm file from SourceForge at <ulink url="http://sourceforge.net/projects.cspm">http://sourceforge.net/projects/cspm</ulink>. The program name
|
||||
for CSPM is <filename>spm2</filename>. </para>
|
||||
</listitem>
|
||||
<listitem><para>Install the software:</para>
|
||||
<programlisting># rpm -ihv --nodeps spm2-1.0-1.586.rpm</programlisting>
|
||||
<para>The rpm creates the binary call <command>spm2</command> in the current directory.</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
</sect3>
|
||||
<sect3><title>Installing from tar</title>
|
||||
<para>Follow these steps to install CSPM from the tar file:</para>
|
||||
<orderedlist>
|
||||
<listitem><para>Download the CSPM tar file from SourceForge at <ulink url="http://sourceforge.net/projects.cspm">http://sourceforge.net/projects/cspm</ulink>. The program name
|
||||
for CSPM is <filename>spm2</filename>. </para></listitem>
|
||||
|
||||
<listitem><para>Untar the <filename>spm2.tar.gz</filename> file:</para>
|
||||
<programlisting># tar xvzf spm2.tar.gz</programlisting></listitem>
|
||||
<listitem><para>Compile CSPM:</para>
|
||||
<programlisting># make all</programlisting>
|
||||
<para>The <command>make</command> command creates the binary call <command>spm2 </command>in the current directory.</para></listitem>
|
||||
</orderedlist>
|
||||
</sect3>
|
||||
</sect2>
|
||||
|
||||
<sect2><title>Starting the CSPM monitor</title>
|
||||
<para>The <filename>spm2</filename> program should be run by a user other than root so that any changes to
|
||||
the default preference settings can be changed.</para>
|
||||
<para>Enter the following command from the directory where CSPM is installed:</para>
|
||||
<para><programlisting># ./spm2</programlisting></para>
|
||||
<para>If a segmentation fault occurs when <command>spm2</command> is starting up, make sure that you have set the QTDIR and LD_LIBRARY_PATH variables, as described in the Qt installation instructions that are downloaded with the software.</para>
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
||||
<sect1><title>Modifying CSPM defaults</title>
|
||||
<para>By default, the number of "range bars" along the y-coordinate of each histogram
|
||||
is five. When there is no activity for a particular device, CSPM provides default values
|
||||
of 0, 0.2, 0.4, 0.6, and 0.8. Once activity begins on the device, CSPM sets the
|
||||
five values in equal increments from 0 to the peak data value collected in each
|
||||
collection interval. Sometimes the grid lines fall directly on the range bar numbers,
|
||||
making the numbers hard to read. You can either adjust the color of the grid lines,
|
||||
adjust the collection interval, or try to ignore the grid lines.
|
||||
</para>
|
||||
|
||||
<para>You can modify the default grid, sizing, and monitoring settings for each of the views from
|
||||
the <menuchoice><guimenu>Preferences</guimenu></menuchoice> pulldown. From the
|
||||
<menuchoice><guimenu>Preferences</guimenu></menuchoice> pulldown, you can select <guilabel>System</guilabel>,
|
||||
<guilabel>Tests</guilabel>, <guilabel>CPU</guilabel>, <guilabel>Memory</guilabel>, <guilabel>Network</guilabel>,
|
||||
<guilabel>Storage</guilabel> or <guilabel>IRQs</guilabel>. Once you select a particular item, you
|
||||
can view the <guilabel>Grid</guilabel>, <guilabel>Monitoring</guilabel>, or <guilabel>Sizing</guilabel> tab
|
||||
(if applicable) for that item.</para>
|
||||
<para>From the <guilabel>Grid</guilabel> tab you can change such things as:</para>
|
||||
|
||||
<itemizedlist><listitem><para>the color of the grid lines</para></listitem>
|
||||
<listitem><para>the distance (or time), in seconds, between intervals when data is collected (horizontal lines appear at each interval)</para></listitem>
|
||||
<listitem><para>the color of the various data bars (such as read, write, user, nice, and "sys")</para></listitem>
|
||||
<listitem><para>the number of horizontal range bars (default is 5)</para></listitem>
|
||||
<listitem><para>the size of the histogram titles</para></listitem></itemizedlist>
|
||||
|
||||
<para>From the <guilabel>Monitor</guilabel> tab you can change things such as:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>the height and width of the display boxes (in pixels)</para></listitem>
|
||||
<listitem><para>the colors of the display boxes</para></listitem>
|
||||
<listitem><para>the type of data to be monitored (IOs, data, reads and writes, sectors and blocks)</para></listitem></itemizedlist>
|
||||
|
||||
<para>From the <guilabel>Sizing</guilabel> tab you can change the minimum height and width of the
|
||||
display boxes (in pixels).</para>
|
||||
</sect1>
|
||||
<sect1><title>How CSPM displays data</title>
|
||||
<para>CSPM displays histograms that provide information about system usage.
|
||||
The program has 8 display tabs for the different types of system information CSPM
|
||||
collects. These tabs are:</para>
|
||||
<itemizedlist>
|
||||
<listitem><para><guilabel>System Overview</guilabel></para>
|
||||
</listitem>
|
||||
<listitem><para><guilabel>IRQs</guilabel></para>
|
||||
</listitem>
|
||||
<listitem><para><guilabel>CPU Utilization</guilabel></para>
|
||||
</listitem>
|
||||
<listitem><para><guilabel>Memory</guilabel></para>
|
||||
</listitem>
|
||||
<listitem><para><guilabel>Network</guilabel></para>
|
||||
</listitem>
|
||||
<listitem><para><guilabel>Storage</guilabel></para>
|
||||
</listitem>
|
||||
<listitem><para><guilabel>Tests</guilabel></para>
|
||||
</listitem>
|
||||
<listitem><para><guilabel>Test Summary</guilabel></para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>The key at the bottom of the histogram tables on each of the tabs tells how to interpret
|
||||
the various colors representing data in the tables.</para>
|
||||
<para>Use the horizontal and vertical scroll bars to view any histograms that do not
|
||||
fit on the initial screen.</para>
|
||||
|
||||
<sect2><title><guilabel>System Overview</guilabel> tab</title>
|
||||
<para>When CSPM starts up, the <guilabel>System Overview</guilabel> screen is displayed. The histograms
|
||||
on the <guilabel>System Overview</guilabel> screen show data for the total system, including CPU, memory,
|
||||
network, and storage usage. The following screenshot shows a sample view of a
|
||||
System Overview screen. </para>
|
||||
<para><graphic fileref="sysover.png"/></para>
|
||||
<para>Below each histogram is a key that describes the data that is represented. For example, in the
|
||||
CPU total histogram, the red line represents user CPU usage, the green line represents commands run with a modified scheduling priority (nice), and the blue line represents system CPU usage.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2><title><guilabel>IRQs</guilabel> tab</title>
|
||||
|
||||
<para>When you click the <guilabel>IRQs</guilabel> tab, a histogram opens for each IRQ line that
|
||||
runs to an ISA slot
|
||||
on the system. The following screenshot shows a sample view of the IRQs screen.</para>
|
||||
<para><note><title>Note</title>
|
||||
<para>With Qt 3.0, the horizontal scroll bars on the Irqs tab does not work properly. This
|
||||
problem does not occur with Qt 3.1.</para></note></para>
|
||||
<para><graphic fileref="irqs.png"/></para>
|
||||
<para>The large blue number to the left of the histogram is the number of the IRQ.
|
||||
The
|
||||
red line on each histogram represents the number of IRQs per second utilitized by the device
|
||||
connected to the IRQ's ISA slot.</para>
|
||||
</sect2>
|
||||
|
||||
|
||||
<sect2><title><guilabel>CPU Utilization</guilabel> tab</title>
|
||||
<para>When you click the <guilabel>CPU Utilization</guilabel> tab, histograms open for each CPU
|
||||
on the system, as
|
||||
shown in the following screenshot:
|
||||
</para>
|
||||
<para><graphic fileref="cpu.png"/></para>
|
||||
<para>The histograms show information about user (red), system (blue), and nice priority (green) command utilization.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2><title><guilabel>Memory</guilabel> tab</title>
|
||||
<para>The <guilabel>Memory</guilabel> tab is still under development. In a future release of CSPM,
|
||||
the <guilabel>Memory</guilabel> tab will graphically show how much memory processes use, from most to least. </para>
|
||||
</sect2>
|
||||
|
||||
<sect2><title><guilabel>Network</guilabel> tab</title>
|
||||
<para>When you click the <guilabel>Network</guilabel> tab, histograms that show the amount of traffic on the system's loopback device and each network device are displayed, as shown in the following screenshot.
|
||||
</para>
|
||||
<para><graphic fileref="network.png"/></para>
|
||||
<para>Sends are shown in red and receives are shown in blue.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2><title><guilabel>Storage</guilabel> tab</title>
|
||||
<para>When you click the <guilabel>Storage</guilabel> tab, a collection of histograms opens that
|
||||
show data
|
||||
for controllers, disks, and partitions.
|
||||
The key at the bottom of the histograms tells which
|
||||
color of histogram box corresponds to which type of device.
|
||||
</para>
|
||||
<para><graphic fileref="storage.png"/></para>
|
||||
<para>The screenshot
|
||||
displays purple for controllers, green for disks, and orange for partitions.
|
||||
The red lines represent
|
||||
reads from the devices and the blue lines represent writes to the devices.</para>
|
||||
<para>To see information about a partition (such as file system name, space used, and
|
||||
space available), right-click the partition's histogram and then left-click <guimenuitem>Properties</guimenuitem>. A
|
||||
Partition Status window opens that displays information about the selected partition.</para>
|
||||
<para><graphic fileref="snapshot9.png"/></para>
|
||||
</sect2>
|
||||
|
||||
<sect2><title><guilabel>Tests</guilabel> tab</title>
|
||||
<para>The <guilabel>Tests</guilabel> tab opens a list of tests that can be run on the system
|
||||
and is useful, for example, for quality assurance personnel who need to load test systems when testing hardware or software.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2><title><guilabel>Test Summary</guilabel> tab</title>
|
||||
<para>The <guilabel>Test Summary</guilabel> tab contains test output and utilization numbers for test runs.
|
||||
You can print these test results and keep them for your records.</para>
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
||||
|
||||
|
||||
</article>
|
||||
|
Before Width: | Height: | Size: 8.6 KiB |
Before Width: | Height: | Size: 10 KiB |
Before Width: | Height: | Size: 8.5 KiB |
Before Width: | Height: | Size: 102 KiB |
Before Width: | Height: | Size: 7.7 KiB |
Before Width: | Height: | Size: 8.4 KiB |
Before Width: | Height: | Size: 5.0 KiB |
Before Width: | Height: | Size: 15 KiB |
Before Width: | Height: | Size: 15 KiB |
|
@ -10,6 +10,7 @@
|
|||
<!ENTITY programmingSect SYSTEM "programmSect.sgml">
|
||||
<!ENTITY otherLangSect SYSTEM "otherLangSect.sgml">
|
||||
<!ENTITY miscSect SYSTEM "miscSect.sgml">
|
||||
<!ENTITY archivedSect SYSTEM "archived.sgml">
|
||||
]>
|
||||
|
||||
<BOOK>
|
||||
|
@ -31,7 +32,7 @@
|
|||
<Surname>Ferguson</Surname>
|
||||
</author>
|
||||
|
||||
<pubdate>v8.0, 2003-05-01</pubdate>
|
||||
<pubdate>v9.0, 2005-12-29</pubdate>
|
||||
|
||||
<abstract>
|
||||
<para>
|
||||
|
@ -107,7 +108,7 @@ is heavily used, so please use a mirror site if possible.</Para>
|
|||
<Title>HOWTO Translations</Title>
|
||||
|
||||
<Para>
|
||||
HOWTO translations are available
|
||||
Some HOWTO translations are available
|
||||
on <ULINK URL="ftp://ibiblio.org/pub/Linux/docs/HOWTO/translations/">
|
||||
ibiblio.org</ULink> and mirrors around the world.
|
||||
So far, there are:<ItemizedList>
|
||||
|
@ -322,7 +323,7 @@ Please send the LDP periodic updates whenever appropriate.</Para>
|
|||
|
||||
<Para>
|
||||
This document, <emphasis>LDP HOWTO-INDEX</emphasis>,
|
||||
is copyrighted (c) 1995 - 2002 by Tim Bynum, Guylhem Aznar,
|
||||
is copyrighted (c) 1995 - 2006 by Tim Bynum, Guylhem Aznar,
|
||||
Joshua Drake and Greg Ferguson. Permission is granted
|
||||
to copy, distribute and/or modify this document under the terms of the
|
||||
GNU Free Documentation License, Version 1.1 or any later version published
|
||||
|
|
|
@ -216,26 +216,6 @@ Explains some things about the Linux Kernel,
|
|||
such as the most important components, how they work, and so on. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../KickStart-HOWTO.html">
|
||||
KickStart-HOWTO</ULink>,
|
||||
<CiteTitle>RedHat Linux KickStart HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: Jan 1999</CiteTitle>.
|
||||
<Para>
|
||||
Briefly describes how to use the RedHat Linux KickStart system to
|
||||
rapidly install large numbers of identical Linux boxes. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Linux-Crash-HOWTO/index.html">
|
||||
|
@ -247,17 +227,6 @@ Describes the installation and usage of the LKCD (Linux Kernel
|
|||
Crash Dump) package. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Linux+XFS-HOWTO/index.html">
|
||||
Linux+XFS-HOWTO</ULink>,
|
||||
<CiteTitle>Linux + XFS HOWTO : Linux on Steroids</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: May 2002</CiteTitle>.
|
||||
Describes how to build a Linux system that runs on
|
||||
top of the SGI XFS journaling filesystem. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../LVM-HOWTO/index.html">
|
||||
|
@ -399,18 +368,6 @@ Discusses some issues associated with the benchmarking of Linux
|
|||
systems and presents a basic benchmarking toolkit. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../CSPM-HOWTO/index.html">
|
||||
CSPM-HOWTO</ULink>,
|
||||
<CiteTitle>Complete System Performance Monitor HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Jun 2003</CiteTitle>.
|
||||
Provides an overview of the Complete System Performance Monitor,
|
||||
including a description of the product and installation
|
||||
and configuration information. </Para>
|
||||
</ListItem>
|
||||
|
||||
</ItemizedList>
|
||||
</para>
|
||||
|
||||
|
@ -536,19 +493,6 @@ Presents a discussion of how to retrieve deleted files from
|
|||
a Second Extended File System. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Ext2fs-Undeletion-Dir-Struct/index.html">
|
||||
Ext2fs-Undeletion-Dir-Struct</ULink>, <CiteTitle>
|
||||
Ext2fs Undeletion of Directory Structures</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>
|
||||
Updated: Nov 2000</CiteTitle>.
|
||||
Describes a straight forward way of recovering whole
|
||||
directory structures, instead of file by file, that have been removed
|
||||
by a misplaced <emphasis>rm -rf</emphasis> </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../LILO-crash-rescue-HOWTO/index.html">
|
||||
|
@ -598,18 +542,6 @@ A bridge is an intelligent connection wire between two network cards.
|
|||
A firewall is an intelligent insulator. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Bridge+Firewall+DSL.html">
|
||||
Bridge+Firewall+DSL</ULink>, <CiteTitle>
|
||||
Bridge + Firewall + DSL Mini-HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>
|
||||
Updated: Nov 2000</CiteTitle>.
|
||||
Configuring a Linux system to act as a firewall and bridge with
|
||||
a DSL network connection. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Cryptoloop-HOWTO/index.html">
|
||||
|
@ -773,38 +705,6 @@ Shadow-Password-HOWTO</ULink>,
|
|||
How to obtain, install, and configure the Linux password Shadow Suite. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Snort-Statistics-HOWTO/index.html">
|
||||
Snort-Statistics-HOWTO</ULink>,
|
||||
<CiteTitle>Snort-Setup for Statistics HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Feb 2002</CiteTitle>.
|
||||
Describes how to configure Snort version 1.8.3 to be
|
||||
used in conjunction with the statistical tools ACID (Analysis Console
|
||||
for Intrusion Databases) and SnortSnarf. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Term-Firewall.html">
|
||||
Term-Firewall</ULink>, <CiteTitle>
|
||||
Using Term to Pierce an Internet Firewall</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>
|
||||
Archived - Last Update: Jul 1996</CiteTitle>.
|
||||
Directions for using ``term'' to do network stuff through
|
||||
a TCP firewall that you're not supposed to be able to. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../User-Authentication-HOWTO/index.html">
|
||||
|
|
|
@ -146,17 +146,6 @@ Installation instructions for the Emacspeak audio desktop
|
|||
application for Linux. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Game-Server-HOWTO/index.html">
|
||||
Game-Server-HOWTO</ULink>,
|
||||
<CiteTitle>Game Server HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Apr 2003</CiteTitle>.
|
||||
Explains how to install, configure and maintain servers
|
||||
for various popular multiplayer games. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../GIS-GRASS/index.html">
|
||||
|
@ -480,17 +469,6 @@ Helps install the Ingres II Relational Database Management
|
|||
System on Linux. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../MMBase.html">
|
||||
MMBase</ULink>, <CiteTitle>
|
||||
MMBase Mini-HOWTO: Installation on Debian Woody</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>
|
||||
Updated: May 2002</CiteTitle>.
|
||||
Describes how to set up MMBase on a Debian GNU/Linux (Woody) system. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../MMBase-Inst-HOWTO/index.html">
|
||||
|
@ -514,17 +492,6 @@ A guide to installing and configuring the Oracle 7 Database Server on a
|
|||
Linux system. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Oracle-8-HOWTO.html">
|
||||
Oracle-8-HOWTO</ULink>,
|
||||
<CiteTitle>Oracle 8i for Linux Installation HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Jul 2003</CiteTitle>.
|
||||
A guide to installing and configuring the
|
||||
<CiteTitle>Oracle 8i Enterprise Edition for Linux</CiteTitle>. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Oracle8-on-RH7X-HOWTO.html">
|
||||
|
@ -1053,25 +1020,6 @@ Updated: Jun 2001</CiteTitle>.
|
|||
Discuss the essentials of setting up a Virtual Web Site under Linux. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../WWW-HOWTO.html">
|
||||
WWW-HOWTO</ULink>,
|
||||
<CiteTitle>Linux WWW HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Updated: Nov 1997</CiteTitle>.
|
||||
Information about setting up WWW services under Linux (both server
|
||||
and client). </Para>
|
||||
</ListItem>
|
||||
|
||||
</ItemizedList>
|
||||
</para>
|
||||
|
||||
|
@ -1121,17 +1069,6 @@ Describes in detail one of the simplest ways to setup a fax
|
|||
server on your Linux system. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Game-Server-HOWTO/index.html">
|
||||
Game-Server-HOWTO</ULink>,
|
||||
<CiteTitle>Game Server HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Apr 2003</CiteTitle>.
|
||||
Explains how to install, configure and maintain servers
|
||||
for various popular multiplayer games. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Kiosk-HOWTO.html">
|
||||
|
@ -1155,18 +1092,6 @@ LDAP (Lightweight Directory Access Protocol) Server on a Linux
|
|||
machine. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../LDAP-Implementation-HOWTO/index.html">
|
||||
LDAP-Implementation-HOWTO</ULink>,
|
||||
<CiteTitle>LDAP Implementation HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Mar 2001</CiteTitle>.
|
||||
Describes the technical aspects of storing application data
|
||||
in a LDAP server. It focuses on the configuration of various
|
||||
applications to make them LDAP-aware. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Lotus-DominoR5/index.html">
|
||||
|
@ -1470,29 +1395,6 @@ configuring the X Window System for Linux users. </Para>
|
|||
<title>Window Managers</title>
|
||||
|
||||
<para>
|
||||
|
||||
<ItemizedList>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../MGR-HOWTO.html">
|
||||
MGR-HOWTO</ULink>,
|
||||
<CiteTitle>The MGR Window System HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: May 1996</CiteTitle>.
|
||||
Information on the installation, configuration and running of the MGR
|
||||
Window System. </Para>
|
||||
</ListItem>
|
||||
|
||||
</ItemizedList>
|
||||
</para>
|
||||
|
||||
</sect3>
|
||||
|
|
|
@ -0,0 +1,276 @@
|
|||
|
||||
<sect2 id="archiveddocs">
|
||||
<Title>Archived Documents</Title>
|
||||
|
||||
<Para>
|
||||
The following documents have been archived by the LDP.
|
||||
They are kept here for historical purposes only and
|
||||
(in general) pertain to older Linux systems.
|
||||
</Para>
|
||||
|
||||
<Para>
|
||||
<ItemizedList>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/Bangla-PDF-HOWTO/index.html">
|
||||
Bangla-PDF-HOWTO</ULink>,
|
||||
<CiteTitle>Bangla PDF HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/Bridge+Firewall+DSL/index.html">
|
||||
Bridge+Firewall+DSL</ULink>,
|
||||
<CiteTitle>Bridge + Firewall + DSL Mini-HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/BTI-PPP/index.html">
|
||||
BTI-PPP</ULink>,
|
||||
<CiteTitle>BTinternet PPPd mini-HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/CD-Distributions-EN-HOWTO/index.html">
|
||||
CD-Distributions-EN-HOWTO</ULink>,
|
||||
<CiteTitle>English-language GNU/Linux distributions on CD-ROM</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/CSPM-HOWTO/index.html">
|
||||
CSPM-HOWTO</ULink>,
|
||||
<CiteTitle>Complete System Performance Monitor HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/Ext2fs-Undeletion-Dir-Struct/index.html">
|
||||
Ext2fs-Undeletion-Dir-Struct</ULink>, <CiteTitle>
|
||||
Ext2fs Undeletion of Directory Structures</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/FDU/index.html">
|
||||
FDU</ULink>,
|
||||
<CiteTitle>XFree86 Font De-uglification HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/Game-Server-HOWTO/index.html">
|
||||
Game-Server-HOWTO</ULink>,
|
||||
<CiteTitle>Game Server HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/IP-Subnetworking/index.html">
|
||||
IP-Subnetworking</ULink>,
|
||||
<CiteTitle>IP Sub-Networking mini-HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/ISP-Connectivity/index.html">
|
||||
ISP-Connectivity</ULink>,
|
||||
<CiteTitle>ISP-Connectivity mini-HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/KDE-Kiosk-Mode/index.html">
|
||||
KDE-Kiosk-Mode</ULink>,
|
||||
<citetitle>KDE-Kiosk-Mode HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/KickStart-HOWTO/index.html">
|
||||
KickStart-HOWTO</ULink>,
|
||||
<CiteTitle>RedHat Linux KickStart HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/LDAP-Implementation-HOWTO/index.html">
|
||||
LDAP-Implementation-HOWTO</ULink>,
|
||||
<CiteTitle>LDAP Implementation HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/Linux+XFS-HOWTO/index.html">
|
||||
Linux+XFS-HOWTO</ULink>,
|
||||
<CiteTitle>Linux + XFS HOWTO : Linux on Steroids</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/Loopback-Encrypted-Filesystem-HOWTO/index.html">
|
||||
Loopback-Encrypted-Filesystem-HOWTO</ULink>,
|
||||
<CiteTitle>Loopback Encrypted Filesystem HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/Loopback-Root-FS/index.html">
|
||||
Loopback-Root-FS</ULink>, <CiteTitle>
|
||||
The Loopback Root Filesystem HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/MGR-HOWTO/index.html">
|
||||
MGR-HOWTO</ULink>,
|
||||
<CiteTitle>The MGR Window System HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/MMBase/index.html">
|
||||
MMBase</ULink>,
|
||||
<CiteTitle>MMBase Mini-HOWTO: Installation on Debian Woody</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/Oracle-8-HOWTO/index.html">
|
||||
Oracle-8-HOWTO</ULink>,
|
||||
<CiteTitle>Oracle 8i for Linux Installation HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/SCSI-Programming-HOWTO/index.html">
|
||||
SCSI-Programming-HOWTO</ULink>,
|
||||
<CiteTitle>The Linux SCSI programming HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/Snort-Statistics-HOWTO/index.html">
|
||||
Snort-Statistics-HOWTO</ULink>,
|
||||
<CiteTitle>Snort-Setup for Statistics HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/Term-Firewall/index.html">
|
||||
Term-Firewall</ULink>, <CiteTitle>
|
||||
Using Term to Pierce an Internet Firewall</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/Ultra-DMA/index.html">
|
||||
Ultra-DMA</ULink>,
|
||||
<CiteTitle>The Linux Ultra-DMA Mini-Howto</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/USB-Digital-Camera-HOWTO/index.html">
|
||||
USB-Digital-Camera-HOWTO</ULink>,
|
||||
<CiteTitle>USB Digital Camera HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/VPN/index.html">
|
||||
VPN</ULink>,
|
||||
<CiteTitle>(old) The VPN HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../archived/WWW-HOWTO/index.html">
|
||||
WWW-HOWTO</ULink>,
|
||||
<CiteTitle>Linux WWW HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Archived: Dec 2005</CiteTitle>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
</ItemizedList>
|
||||
</Para>
|
||||
</sect2>
|
|
@ -52,5 +52,10 @@ extensive work on the initial categorization of the HOWTO documents.
|
|||
&miscSect;
|
||||
</SECT1>
|
||||
|
||||
<SECT1 id="archived">
|
||||
<TITLE>Archived Documents</TITLE>
|
||||
&archivedSect;
|
||||
</SECT1>
|
||||
|
||||
</CHAPTER>
|
||||
|
||||
|
|
|
@ -402,17 +402,6 @@ A document to setup and develop support for
|
|||
Bengali (Bangla) in GNU/Linux. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Bangla-PDF-HOWTO/index.html">
|
||||
Bangla-PDF-HOWTO</ULink>,
|
||||
<CiteTitle>Bangla PDF HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Apr 2003</CiteTitle>.
|
||||
Describes the PDF creation process using KWord with the Bijoy2000
|
||||
fonts and Bijoy keyboard, for working in the Bangla language. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Bash-Prog-Intro-HOWTO.html">
|
||||
|
@ -569,17 +558,6 @@ A bridge is an intelligent connection wire between two network cards.
|
|||
A firewall is an intelligent insulator. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Bridge+Firewall+DSL.html">
|
||||
Bridge+Firewall+DSL</ULink>,
|
||||
<CiteTitle>Bridge + Firewall + DSL Mini-HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Nov 2000</CiteTitle>.
|
||||
Configuring a Linux system to act as a firewall and bridge with
|
||||
a DSL network connection. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../BRIDGE-STP-HOWTO/index.html">
|
||||
|
@ -593,17 +571,6 @@ bridging code is part of the mainstream. On 20.06.2000 there are patches
|
|||
for stable kernels 2.2.14 and 2.2.15. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../BTI-PPP/index.html">
|
||||
BTI-PPP</ULink>,
|
||||
<CiteTitle>BTinternet PPPd mini-HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Mar 2002</CiteTitle>.
|
||||
Describes how to setup a modem PPPd link to Btinternet in
|
||||
the UK. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../BTTV/index.html">
|
||||
|
@ -931,18 +898,6 @@ Cryptoloop functionality. Cryptoloop is part of the CryptoAPI in
|
|||
the 2.6 Linux kernel series. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../CSPM-HOWTO/index.html">
|
||||
CSPM-HOWTO</ULink>,
|
||||
<CiteTitle>Complete System Performance Monitor HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Jun 2003</CiteTitle>.
|
||||
Provides an overview of the Complete System Performance Monitor,
|
||||
including a description of the product and installation
|
||||
and configuration information. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../CVS-RCS-HOWTO.html">
|
||||
|
@ -1090,26 +1045,6 @@ Another approach to
|
|||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
Distributions-HOWTO,
|
||||
<CiteTitle>Distributions HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: Mar 2002</CiteTitle>.
|
||||
<EMPHASIS>Further information on Linux Distributions can
|
||||
be found on the Linux Weekly News (LWN) site:
|
||||
<ULINK URL="http://lwn.net/current/dists.php3">Distributions
|
||||
section</ULink>. </EMPHASIS> </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Divert-Sockets-mini-HOWTO.html">
|
||||
|
@ -1377,18 +1312,6 @@ Presents a discussion of how to retrieve deleted files from
|
|||
a Second Extended File System. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Ext2fs-Undeletion-Dir-Struct/index.html">
|
||||
Ext2fs-Undeletion-Dir-Struct</ULink>,
|
||||
<CiteTitle>Ext2fs Undeletion of Directory Structures</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Nov 2000</CiteTitle>.
|
||||
Describes a straight forward way of recovering whole
|
||||
directory structures, instead of file by file, that have been removed
|
||||
by a misplaced <emphasis>rm -rf</emphasis> </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Fax-Server.html">
|
||||
|
@ -1411,19 +1334,6 @@ Covers the installation and use of the most popular amateur packet-radio
|
|||
BBS software FBB. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../FDU/index.html">
|
||||
FDU</ULink>,
|
||||
<CiteTitle>XFree86 Font De-uglification HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Oct 2002</CiteTitle>.
|
||||
How to fix ugly and unreadable X Window fonts.
|
||||
This content is now covered in the
|
||||
<ULINK URL="../Font-HOWTO/index.html">Font-HOWTO</ULink>.
|
||||
</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Fedora-Multimedia-Installation-HOWTO/index.html">
|
||||
|
@ -1558,17 +1468,6 @@ FTP</ULink>,
|
|||
How to use ftp clients and servers</Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Game-Server-HOWTO/index.html">
|
||||
Game-Server-HOWTO</ULink>,
|
||||
<CiteTitle>Game Server HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Apr 2003</CiteTitle>.
|
||||
Explains how to install, configure and maintain servers
|
||||
for various popular multiplayer games. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../GCC-Frontend-HOWTO.html">
|
||||
|
@ -1951,18 +1850,6 @@ IPMasquerading+Napster</ULink>,
|
|||
Present a way to allow users behind an IPMasq'd system to use Napster. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../IP-Subnetworking.html">
|
||||
IP-Subnetworking</ULink>,
|
||||
<CiteTitle>IP Sub-Networking mini-HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Aug 2001</CiteTitle>.
|
||||
Describes why and how to subnetwork an IP network - that is using
|
||||
a single A, B or C Class network number to function correctly on
|
||||
several interconnected networks. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../IPX-HOWTO.html">
|
||||
|
@ -1984,26 +1871,6 @@ IRC</ULink>,
|
|||
Describes the basics of IRC and respective applications for Linux. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../ISP-Connectivity.html">
|
||||
ISP-Connectivity</ULink>,
|
||||
<CiteTitle>ISP-Connectivity mini-HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: Nov 2001</CiteTitle>.
|
||||
How to setup PPP, connect up to your ISP, configure mail and news,
|
||||
get a permanent IP (if available), get a domain name, and have a
|
||||
bona fide system running in a little over thirty minutes. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../ISP-Hookup-HOWTO.html">
|
||||
|
@ -2111,28 +1978,6 @@ KDE-GUI-Login-Configuration-HOWTO</ULink>,
|
|||
A tutorial on customizing the GUI login screen. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../KDE-Kiosk-Mode/index.html">
|
||||
KDE-Kiosk-Mode</ULink>,
|
||||
<CiteTitle>KDE-Kiosk-Mode HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: Sep 2002</CiteTitle>.
|
||||
Describes how to invoke the kiosk mode of KDE. </Para>
|
||||
<Para>
|
||||
<EMPHASIS>Further information can be found at:
|
||||
<ULINK URL="http://www.brigadoon.de/peter/kde/">
|
||||
http://www.brigadoon.de/peter/kde/</ULink>. </EMPHASIS> </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Kerberos-Infrastructure-HOWTO/index.html">
|
||||
|
@ -2189,26 +2034,6 @@ Contains some information about the Linux (v2.0) keyboard and
|
|||
console, and the use of non-ASCII characters. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../KickStart-HOWTO.html">
|
||||
KickStart-HOWTO</ULink>,
|
||||
<CiteTitle>RedHat Linux KickStart HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: Jan 1999</CiteTitle>.
|
||||
<Para>
|
||||
Briefly describes how to use the RedHat Linux KickStart system to
|
||||
rapidly install large numbers of identical Linux boxes. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Kiosk-HOWTO.html">
|
||||
|
@ -2230,25 +2055,6 @@ Kodak-Digitalcam-HOWTO</ULink>,
|
|||
Getting a Kodak digital camera working under GNU/Linux. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
Laptop-HOWTO,
|
||||
<CiteTitle>Linux Laptop HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: Feb 2003</CiteTitle>.
|
||||
Replaced by
|
||||
<ULINK URL="../../LDP/Mobile-Guide/html/index.html">Linux on the Road
|
||||
(Linux Mobile Guide)</ULink> </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Large-Disk-HOWTO.html">
|
||||
|
@ -2293,18 +2099,6 @@ LDAP (Lightweight Directory Access Protocol) Server on a Linux
|
|||
machine. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../LDAP-Implementation-HOWTO/index.html">
|
||||
LDAP-Implementation-HOWTO</ULink>,
|
||||
<CiteTitle>LDAP Implementation HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Mar 2001</CiteTitle>.
|
||||
Describes the technical aspects of storing application data
|
||||
in a LDAP server. It focuses on the configuration of various
|
||||
applications to make them LDAP-aware. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../LDP-Reviewer-HOWTO/index.html">
|
||||
|
@ -2589,17 +2383,6 @@ your computer into a Windows + Linux dual boot machine, without
|
|||
affecting your current Linux installation. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Linux+XFS-HOWTO/index.html">
|
||||
Linux+XFS-HOWTO</ULink>,
|
||||
<CiteTitle>Linux + XFS HOWTO : Linux on Steroids</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: May 2002</CiteTitle>.
|
||||
Describes how to build a Linux system that runs on
|
||||
top of the SGI XFS journaling filesystem. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../LinuxDoc+Emacs+Ispell-HOWTO.html">
|
||||
|
@ -2646,40 +2429,6 @@ Describes how to use Loadlin with Windows 95/98/ME to boot
|
|||
to Linux. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Loopback-Encrypted-Filesystem-HOWTO.html">
|
||||
Loopback-Encrypted-Filesystem-HOWTO</ULink>,
|
||||
<CiteTitle>Loopback Encrypted Filesystem HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: Aug 2003</CiteTitle>.
|
||||
Replaced by the
|
||||
<ULINK URL="../Disk-Encryption-HOWTO/index.html">Disk Encryption
|
||||
HOWTO</ULink>
|
||||
Explains how to setup and then use a filesystem that, when mounted by
|
||||
a user, dynamically and transparently encrypts its contents. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Loopback-Root-FS.html">
|
||||
Loopback-Root-FS</ULink>,
|
||||
<CiteTitle>The Loopback Root Filesystem HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Sep 1999</CiteTitle>.
|
||||
How to use the Linux loopback device to create a Linux native
|
||||
filesystem format installation that can be run from a DOS
|
||||
partition without re-partitioning. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Lotus-DominoR5/index.html">
|
||||
|
@ -2817,25 +2566,6 @@ sources if you want to learn more about Linux, or have problems
|
|||
and need help. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../MGR-HOWTO.html">
|
||||
MGR-HOWTO</ULink>,
|
||||
<CiteTitle>The MGR Window System HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: May 1996</CiteTitle>.
|
||||
Information on the installation, configuration and running of the MGR
|
||||
Window System. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../MIDI-HOWTO.html">
|
||||
|
@ -2870,36 +2600,6 @@ How to use SSH and the Java-based program MindTerm to create
|
|||
quick, secure, and reliable VPN-like tunnels over insecure networks. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
MIPS-HOWTO,
|
||||
<CiteTitle>Linux/MIPS HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: May 2004</CiteTitle>.
|
||||
<EMPHASIS>Further information on Linux/MIPS
|
||||
be found at the
|
||||
<ULINK URL="http://www.linux-mips.org/wiki/index.php/Main_Page">Linux/MIPS
|
||||
Wiki</ULink>. </EMPHASIS> </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../MMBase.html">
|
||||
MMBase</ULink>,
|
||||
<CiteTitle>MMBase Mini-HOWTO: Installation on Debian Woody</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: May 2002</CiteTitle>.
|
||||
Describes how to set up MMBase on a Debian GNU/Linux (Woody) system. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../MMBase-Inst-HOWTO/index.html">
|
||||
|
@ -3387,17 +3087,6 @@ A guide to installing and configuring the Oracle 7 Database Server on a
|
|||
Linux system. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Oracle-8-HOWTO.html">
|
||||
Oracle-8-HOWTO</ULink>,
|
||||
<CiteTitle>Oracle 8i for Linux Installation HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Jul 2003</CiteTitle>.
|
||||
A guide to installing and configuring the
|
||||
<CiteTitle>Oracle 8i Enterprise Edition for Linux</CiteTitle>. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Oracle8-on-RH7X-HOWTO.html">
|
||||
|
@ -4144,28 +3833,6 @@ the interface and characteristics of the driver that application
|
|||
writers may need to know. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../SCSI-Programming-HOWTO.html">
|
||||
SCSI-Programming-HOWTO</ULink>,
|
||||
<CiteTitle>The Linux SCSI programming HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: May 1996</CiteTitle>.
|
||||
Deals with programming the Linux generic SCSI interface. </Para>
|
||||
<Para>
|
||||
<emphasis>Check the
|
||||
<ULINK URL="../SCSI-Generic-HOWTO/index.html">
|
||||
SCSI-Generic-HOWTO</ULink> for more current information.</emphasis> </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Secure-CVS-Pserver/index.html">
|
||||
|
@ -4397,18 +4064,6 @@ SMP-HOWTO</ULink>,
|
|||
Reviews main issues related to SMP configuration under Linux. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Snort-Statistics-HOWTO/index.html">
|
||||
Snort-Statistics-HOWTO</ULink>,
|
||||
<CiteTitle>Snort-Setup for Statistics HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Feb 2002</CiteTitle>.
|
||||
Describes how to configure Snort version 1.8.3 to be
|
||||
used in conjunction with the statistical tools ACID (Analysis Console
|
||||
for Intrusion Databases) and SnortSnarf. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Software-Building-HOWTO.html">
|
||||
|
@ -4691,25 +4346,6 @@ TclTk-HOWTO</ULink>,
|
|||
Describes the Linux approach to Tcl, a scripting language. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Term-Firewall.html">
|
||||
Term-Firewall</ULink>,
|
||||
<CiteTitle>Using Term to Pierce an Internet Firewall</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: Jul 1996</CiteTitle>.
|
||||
Directions for using ``term'' to do network stuff through
|
||||
a TCP firewall that you're not supposed to be able to. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../TeTeX-HOWTO.html">
|
||||
|
@ -4878,17 +4514,6 @@ Addresses Linux localization issues specific to Turkish users
|
|||
(written in Turkish). </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Ultra-DMA.html">
|
||||
Ultra-DMA</ULink>,
|
||||
<CiteTitle>The Linux Ultra-DMA Mini-Howto</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Dec 2001</CiteTitle>.
|
||||
How to use Ultra-DMA aka Ultra-ATA aka Ultra33 and Ultra66
|
||||
hard drives and interfaces with Linux. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../UMSDOS-HOWTO.html">
|
||||
|
@ -4966,18 +4591,6 @@ UPS (Uninterruptible Power Supply) intelligently and make it work with
|
|||
your open-source operating system. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../USB-Digital-Camera-HOWTO/index.html">
|
||||
USB-Digital-Camera-HOWTO</ULink>,
|
||||
<CiteTitle>USB Digital Camera HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Jun 2002</CiteTitle>.
|
||||
Intended for the new Linux user who already has
|
||||
a camera with Universal Serial Bus (USB) mass storage capabilities
|
||||
or wants to buy one. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Usenet-News-HOWTO/index.html">
|
||||
|
@ -5180,24 +4793,6 @@ VPN-HOWTO</ULink>,
|
|||
How to set up a Virtual Private Network with Linux. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../VPN.html">
|
||||
VPN</ULink>,
|
||||
<CiteTitle>The VPN HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: Dec 2001</CiteTitle>.
|
||||
See the <ULINK URL="../VPN-HOWTO/index.html">VPN-HOWTO</ULink>. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../VPN-Masquerade-HOWTO.html">
|
||||
|
@ -5357,25 +4952,6 @@ Discusses running WordPerfect on Linux, including a brief discussion
|
|||
on the WordPerfect 7.0 beta. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../WWW-HOWTO.html">
|
||||
WWW-HOWTO</ULink>,
|
||||
<CiteTitle>Linux WWW HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Updated: Nov 1997</CiteTitle>.
|
||||
Information about setting up WWW services under Linux (both server
|
||||
and client). </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../WWW-mSQL-HOWTO.html">
|
||||
|
|
|
@ -194,48 +194,6 @@ Provides a guide for setting up a WWW-based kiosk using Linux, X11R6,
|
|||
FVWM2, Netscape Navigator 4.X, and a customized trackball. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../KDE-Kiosk-Mode/index.html">
|
||||
KDE-Kiosk-Mode</ULink>,
|
||||
<citetitle>KDE-Kiosk-Mode HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>
|
||||
Archived - Last Update: Sep 2002</CiteTitle>.
|
||||
Describes how to invoke the kiosk mode of KDE. </Para>
|
||||
<Para>
|
||||
<EMPHASIS>Further information can be found at:
|
||||
<ULINK URL="http://www.brigadoon.de/peter/kde/">
|
||||
http://www.brigadoon.de/peter/kde/</ULink>. </EMPHASIS> </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
Laptop-HOWTO,
|
||||
<CiteTitle>Linux Laptop HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: Feb 2003</CiteTitle>.
|
||||
Replaced by
|
||||
<ULINK URL="../../LDP/Mobile-Guide/html/index.html">Linux on the Road
|
||||
(Linux Mobile Guide)</ULink> </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Mac-Terminal.html">
|
||||
|
@ -475,26 +433,6 @@ K7s5a-HOWTO</ULink>,
|
|||
Describes how to use Elite's K7s5a board with Linux. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
MIPS-HOWTO,
|
||||
<CiteTitle>Linux/MIPS HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: May 2004</CiteTitle>.
|
||||
<EMPHASIS>Further information on Linux/MIPS
|
||||
be found at the
|
||||
<ULINK URL="http://www.linux-mips.org/wiki/index.php/Main_Page">Linux/MIPS
|
||||
Wiki</ULink>. </EMPHASIS> </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../SPARC-HOWTO.html">
|
||||
|
@ -667,18 +605,6 @@ Kodak-Digitalcam-HOWTO</ULink>,
|
|||
Getting a Kodak digital camera working under GNU/Linux. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../USB-Digital-Camera-HOWTO/index.html">
|
||||
USB-Digital-Camera-HOWTO</ULink>,
|
||||
<CiteTitle>USB Digital Camera HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Jun 2002</CiteTitle>.
|
||||
Intended for the new Linux user who already has
|
||||
a camera with Universal Serial Bus (USB) mass storage capabilities
|
||||
or wants to buy one. </Para>
|
||||
</ListItem>
|
||||
|
||||
</ItemizedList>
|
||||
|
||||
</para>
|
||||
|
@ -789,18 +715,6 @@ BOOTP/TFTP, using the Grub boot loader, and save and restore disk and
|
|||
partition images to and from a TFTP server. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../CSPM-HOWTO/index.html">
|
||||
CSPM-HOWTO</ULink>,
|
||||
<CiteTitle>Complete System Performance Monitor HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Jun 2003</CiteTitle>.
|
||||
Provides an overview of the Complete System Performance Monitor,
|
||||
including a description of the product and installation
|
||||
and configuration information. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Disk-Encryption-HOWTO/index.html">
|
||||
|
@ -877,18 +791,6 @@ Multi-Disk-HOWTO</ULink>,
|
|||
How best to use multiple disks and partitions for a Linux system. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Ultra-DMA.html">
|
||||
Ultra-DMA</ULink>, <CiteTitle>
|
||||
The Linux Ultra-DMA Mini-Howto</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>
|
||||
Updated: Dec 2001</CiteTitle>.
|
||||
How to use Ultra-DMA aka Ultra-ATA aka Ultra33 and Ultra66
|
||||
hard drives and interfaces with Linux. </Para>
|
||||
</ListItem>
|
||||
|
||||
</ItemizedList>
|
||||
|
||||
</para>
|
||||
|
@ -1210,28 +1112,6 @@ the interface and characteristics of the driver that application
|
|||
writers may need to know. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../SCSI-Programming-HOWTO.html">
|
||||
SCSI-Programming-HOWTO</ULink>,
|
||||
<CiteTitle>The Linux SCSI programming HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: May 1996</CiteTitle>.
|
||||
Deals with programming the Linux generic SCSI interface. </Para>
|
||||
<Para>
|
||||
<emphasis>Check the
|
||||
<ULINK URL="../SCSI-Generic-HOWTO/index.html">
|
||||
SCSI-Generic-HOWTO</ULink> for more current information.</emphasis> </Para>
|
||||
</ListItem>
|
||||
|
||||
</ItemizedList>
|
||||
|
||||
</para>
|
||||
|
|
|
@ -164,19 +164,6 @@ installing, configuring, and troubleshooting, with an emphasis
|
|||
on how this impacts Linux users. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../IP-Subnetworking.html">
|
||||
IP-Subnetworking</ULink>, <CiteTitle>
|
||||
IP Sub-Networking mini-HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>
|
||||
Updated: Aug 2001</CiteTitle>.
|
||||
Describes why and how to subnetwork an IP network - that is using
|
||||
a single A, B or C Class network number to function correctly on
|
||||
several interconnected networks. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../IP-Alias/index.html">
|
||||
|
@ -505,18 +492,6 @@ LDAP (Lightweight Directory Access Protocol) Server on a Linux
|
|||
machine. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../LDAP-Implementation-HOWTO/index.html">
|
||||
LDAP-Implementation-HOWTO</ULink>,
|
||||
<CiteTitle>LDAP Implementation HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Mar 2001</CiteTitle>.
|
||||
Describes the technical aspects of storing application data
|
||||
in a LDAP server. It focuses on the configuration of various
|
||||
applications to make them LDAP-aware. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Mobile-IPv6-HOWTO/index.html">
|
||||
|
@ -660,18 +635,6 @@ between a Handspring Visor and jpilot or jpilot-sync. </Para>
|
|||
|
||||
<ItemizedList>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../BTI-PPP/index.html">
|
||||
BTI-PPP</ULink>, <CiteTitle>
|
||||
BTinternet PPPd mini-HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>
|
||||
Updated: Mar 2002</CiteTitle>.
|
||||
Describes how to setup a modem PPPd link to Btinternet in
|
||||
the UK. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Call-back.html">
|
||||
|
@ -695,27 +658,6 @@ Shows some typical scenarios for easy start using Diald.
|
|||
<CiteTitle>Replaces the Diald mini-HOWTO</CiteTitle>. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../ISP-Connectivity.html">
|
||||
ISP-Connectivity</ULink>, <CiteTitle>
|
||||
ISP-Connectivity mini-HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>
|
||||
Archived - Last Update: Nov 2001</CiteTitle>.
|
||||
How to setup PPP, connect up to your ISP, configure mail and news,
|
||||
get a permanent IP (if available), get a domain name, and have a
|
||||
bona fide system running in a little over thirty minutes. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../ISP-Hookup-HOWTO.html">
|
||||
|
@ -920,18 +862,6 @@ A bridge is an intelligent connection wire between two network cards.
|
|||
A firewall is an intelligent insulator. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Bridge+Firewall+DSL.html">
|
||||
Bridge+Firewall+DSL</ULink>, <CiteTitle>
|
||||
Bridge + Firewall + DSL Mini-HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>
|
||||
Updated: Nov 2000</CiteTitle>.
|
||||
Configuring a Linux system to act as a firewall and bridge with
|
||||
a DSL network connection. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Remote-Bridging/index.html">
|
||||
|
@ -1071,18 +1001,6 @@ A bridge is an intelligent connection wire between two network cards.
|
|||
A firewall is an intelligent insulator. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Bridge+Firewall+DSL.html">
|
||||
Bridge+Firewall+DSL</ULink>, <CiteTitle>
|
||||
Bridge + Firewall + DSL Mini-HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>
|
||||
Updated: Nov 2000</CiteTitle>.
|
||||
Configuring a Linux system to act as a firewall and bridge with
|
||||
a DSL network connection. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Domain.html">
|
||||
|
@ -1154,18 +1072,6 @@ An introduction on how the Sentry Firewall CDROM
|
|||
works and how to get started using the system. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Snort-Statistics-HOWTO/index.html">
|
||||
Snort-Statistics-HOWTO</ULink>,
|
||||
<CiteTitle>Snort-Setup for Statistics HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Feb 2002</CiteTitle>.
|
||||
Describes how to configure Snort version 1.8.3 to be
|
||||
used in conjunction with the statistical tools ACID (Analysis Console
|
||||
for Intrusion Databases) and SnortSnarf. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../SSL-Certificates-HOWTO/index.html">
|
||||
|
|
|
@ -120,27 +120,6 @@ switch to Linux. </Para>
|
|||
|
||||
<ItemizedList>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
Distributions-HOWTO,
|
||||
<CiteTitle>Distributions HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: Mar 2002</CiteTitle>.
|
||||
<Para>
|
||||
<EMPHASIS>Further information on Linux Distributions can
|
||||
be found on the Linux Weekly News (LWN) site:
|
||||
<ULINK URL="http://lwn.net/current/dists.php3">Distributions
|
||||
section</ULink>. </EMPHASIS> </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<CiteTitle>Linux From Scratch HOWTO</CiteTitle>
|
||||
|
@ -831,65 +810,6 @@ Presents a discussion of how to retrieve deleted files from
|
|||
a Second Extended File System. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Ext2fs-Undeletion-Dir-Struct/index.html">
|
||||
Ext2fs-Undeletion-Dir-Struct</ULink>, <CiteTitle>
|
||||
Ext2fs Undeletion of Directory Structures</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>
|
||||
Updated: Nov 2000</CiteTitle>.
|
||||
Describes a straight forward way of recovering whole
|
||||
directory structures, instead of file by file, that have been removed
|
||||
by a misplaced <emphasis>rm -rf</emphasis> </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Linux+XFS-HOWTO/index.html">
|
||||
Linux+XFS-HOWTO</ULink>,
|
||||
<CiteTitle>Linux + XFS HOWTO : Linux on Steroids</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: May 2002</CiteTitle>.
|
||||
Describes how to build a Linux system that runs on
|
||||
top of the SGI XFS journaling filesystem. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Loopback-Encrypted-Filesystem-HOWTO.html">
|
||||
Loopback-Encrypted-Filesystem-HOWTO</ULink>,
|
||||
<CiteTitle>Loopback Encrypted Filesystem HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: Aug 2003</CiteTitle>.
|
||||
Replaced by the
|
||||
<ULINK URL="../Disk-Encryption-HOWTO/index.html">Disk Encryption
|
||||
HOWTO</ULink>
|
||||
Explains how to setup and then use a filesystem that, when mounted by
|
||||
a user, dynamically and transparently encrypts its contents. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Loopback-Root-FS.html">
|
||||
Loopback-Root-FS</ULink>, <CiteTitle>
|
||||
The Loopback Root Filesystem HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>
|
||||
Updated: Sep 1999</CiteTitle>.
|
||||
How to use the Linux loopback device to create a Linux native
|
||||
filesystem format installation that can be run from a DOS
|
||||
partition without re-partitioning. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../LVM-HOWTO/index.html">
|
||||
|
|
|
@ -26,17 +26,6 @@ Unicode-HOWTO</ULink>,
|
|||
How to change your Linux system so it uses UTF-8 as text encoding. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Bangla-PDF-HOWTO/index.html">
|
||||
Bangla-PDF-HOWTO</ULink>,
|
||||
<CiteTitle>Bangla PDF HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Apr 2003</CiteTitle>.
|
||||
Describes the PDF creation process using KWord with the Bijoy2000
|
||||
fonts and Bijoy keyboard, for working in the Bangla language. </Para>
|
||||
</ListItem>
|
||||
|
||||
</ItemizedList>
|
||||
|
||||
</para>
|
||||
|
|
|
@ -424,28 +424,6 @@ the interface and characteristics of the driver that application
|
|||
writers may need to know. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../SCSI-Programming-HOWTO.html">
|
||||
SCSI-Programming-HOWTO</ULink>,
|
||||
<CiteTitle>The Linux SCSI programming HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<inlinemediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="../images/archived.gif">
|
||||
</imageobject>
|
||||
<textobject>
|
||||
<phrase>[ Archived ]</phrase>
|
||||
</textobject>
|
||||
</inlinemediaobject>
|
||||
<CiteTitle>Archived - Last Update: May 1996</CiteTitle>.
|
||||
Deals with programming the Linux generic SCSI interface. </Para>
|
||||
<Para>
|
||||
<emphasis>Check the
|
||||
<ULINK URL="../SCSI-Generic-HOWTO/index.html">
|
||||
SCSI-Generic-HOWTO</ULink> for more current information.</emphasis> </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Serial-Programming-HOWTO/index.html">
|
||||
|
@ -688,17 +666,6 @@ A guide to installing and configuring the Oracle 7 Database Server on a
|
|||
Linux system. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Oracle-8-HOWTO.html">
|
||||
Oracle-8-HOWTO</ULink>,
|
||||
<CiteTitle>Oracle 8i for Linux Installation HOWTO</CiteTitle>
|
||||
</Para><Para>
|
||||
<CiteTitle>Updated: Jul 2003</CiteTitle>.
|
||||
A guide to installing and configuring the
|
||||
<CiteTitle>Oracle 8i Enterprise Edition for Linux</CiteTitle>. </Para>
|
||||
</ListItem>
|
||||
|
||||
<ListItem>
|
||||
<Para>
|
||||
<ULINK URL="../Oracle8-on-RH7X-HOWTO.html">
|
||||
|
|
|
@ -1,630 +0,0 @@
|
|||
<!doctype linuxdoc system>
|
||||
|
||||
<article>
|
||||
|
||||
<!-- Title information -->
|
||||
|
||||
<title>IP Sub-Networking Mini-Howto
|
||||
|
||||
<author>Robert Hart, <tt/hartr@interweft.com.au/
|
||||
<date>v1.1, 30 August 2001
|
||||
|
||||
<!-- correct typos reported by users, 30 August 2001 -->
|
||||
<!-- Greg Ferguson / linux-howto@metalab.unc.edu -->
|
||||
|
||||
<abstract>
|
||||
This document describes why and how to subnetwork an IP network - that
|
||||
is using a single A, B or C Class network number to function correctly on
|
||||
several interconnected networks. </abstract>
|
||||
|
||||
<!-- Copyright 1997, Robert Hart -->
|
||||
|
||||
<sect>Copyright
|
||||
<p>
|
||||
This document is distributed under the terms of the GNU Public License (GPL).
|
||||
|
||||
<p>
|
||||
This document is directly supported by InterWeft IT Consultants
|
||||
(Melbourne, Australia).
|
||||
|
||||
<p>
|
||||
The latest version of this document is available at the InterWeft WWW
|
||||
site at <url url="http://www.interweft.com.au/" name="InterWeft IT
|
||||
Consultants"> and from <url url="http://sunsite.unc.edu/LDP" name="The
|
||||
Linux Documentation Project">.
|
||||
|
||||
<sect>Introduction
|
||||
<p>
|
||||
With available IP network numbers rapidly becoming an endangered
|
||||
species, efficient use of this increasingly scarce resource is
|
||||
important.
|
||||
|
||||
<p>
|
||||
This document describes how to split a single IP network number up so
|
||||
that it can be used on several different networks.
|
||||
|
||||
<p>
|
||||
This document concentrates on C Class IP network numbers - but the
|
||||
principles apply to A and B class networks as well.
|
||||
|
||||
<sect1>Other sources of information
|
||||
<p>
|
||||
There are a number of other sources of information that are of
|
||||
relevance for both detailed and background information on IP numbers.
|
||||
Those recommended by the author are:-
|
||||
|
||||
<itemize>
|
||||
|
||||
<item><url url="http://sunsite.unc.edu/LDP/LDP/nag/nag.html" name="The
|
||||
Linux Network Administrators Guide">.
|
||||
|
||||
<item><url url="http://linuxwww.db.erau.edu/SAG/" name="The Linux System
|
||||
Administration Guide">.
|
||||
|
||||
<item><url url="http://www.ora.com/catalog/tcp/noframes.html"
|
||||
name="TCP/IP Network Administration by Craig Hunt, published by O'Reilly
|
||||
and Associates">.
|
||||
|
||||
</itemize>
|
||||
|
||||
<sect>The Anatomy of IP numbers
|
||||
<p>
|
||||
Before diving into the delight of sub-networking, we need to establish
|
||||
some IP number basics.
|
||||
|
||||
<sect1>IP numbers belong to Interfaces - <bf/NOT/ hosts!
|
||||
<p>
|
||||
First of all, let's clear up a basic cause of misunderstanding - IP
|
||||
numbers are <bf/not/ assigned to hosts. IP numbers are assigned to
|
||||
network interfaces on hosts.
|
||||
|
||||
<p>
|
||||
Eh - what's that?
|
||||
|
||||
<p>
|
||||
Whilst many (if not most) computers on an IP network will possess a
|
||||
single network interface (and have a single IP number as a consequence),
|
||||
this is not the only way things happen. Computers and other devices can
|
||||
have several (if not many) network interfaces - and each interface has
|
||||
its own IP number.
|
||||
|
||||
<p>
|
||||
So a device with 6 active interfaces (such as a router) will have 6 IP
|
||||
numbers - one for each interface to each network to which it is connected. The
|
||||
reason for this becomes clear when we look at an IP network!
|
||||
|
||||
<p>
|
||||
Despite this, most people refer to <em/host addresses/ when referring to an
|
||||
IP number. Just remember, this is simply shorthand for <em/the IP number
|
||||
of this particular interface on this host/. Many (if not the majority)
|
||||
of devices on the Internet have only a single interface and thus a
|
||||
single IP number.
|
||||
|
||||
<sect1>IP Numbers as &dquot;Dotted Quads&dquot;
|
||||
<p>
|
||||
In the current (IPv4) implementation of IP numbers, IP numbers consist
|
||||
of 4 (8 bit) bytes - giving a total of 32 bits of available information.
|
||||
This results in numbers that are rather large (even when written in
|
||||
decimal notation). So for readability (and organisational reasons) IP
|
||||
numbers are usually written in the 'dotted quad' format. The IP number
|
||||
|
||||
<tscreen><verb>
|
||||
192.168.1.24
|
||||
</verb></tscreen>
|
||||
|
||||
is an example of this - 4 (decimal) numbers separated by (.) dots.
|
||||
|
||||
<p>
|
||||
As each one of the four numbers is the decimal representation of an 8
|
||||
bit byte, each of the 4 numbers can range from 0 to 255 (that is take on
|
||||
256 unique values - remember, zero is a value too).
|
||||
|
||||
<p>
|
||||
In addition, part of the IP number of a host identifies the network on
|
||||
which the host resides, the remaining 'bits' of the IP number identify
|
||||
the host (oops - network interface) itself. Exactly how many bits are
|
||||
used by the network ID and how many are available to identify hosts
|
||||
(interfaces) on that network is determined by the network 'class'.
|
||||
|
||||
<sect1>Classes of IP Networks
|
||||
<p>
|
||||
There are three classes of IP numbers
|
||||
|
||||
<itemize>
|
||||
|
||||
<item>Class A IP network numbers use the leftmost 8 bits (the leftmost
|
||||
of the dotted quads) to identify the network, leaving 24 bits (the
|
||||
remaining three dotted quads) to identify host interfaces on that
|
||||
network.<newline>
|
||||
Class A addresses <bf/always/ have the leftmost bit of the leftmost
|
||||
byte a zero - that is a decimal value of 0 to 127 for the first dotted
|
||||
quad. So there are a maximum of 128 class A network numbers
|
||||
available, with each one containing up to 33,554,430 possible
|
||||
interfaces.
|
||||
|
||||
<newline><newline>
|
||||
|
||||
However, the networks 0.0.0.0 (known as the default route) and 127.0.0.0
|
||||
(the loop back network) have special meanings and are not available for
|
||||
use to identify networks. So there are only 126 <em/available/ A class
|
||||
network numbers.
|
||||
|
||||
<item>Class B IP network numbers use the leftmost 16 bits (the leftmost two
|
||||
dotted quads) to identify the network, leaving 16 bits (the last two
|
||||
dotted quads) to identify host interfaces. Class B addresses always have
|
||||
the leftmost 2 bits of the leftmost byte set to 1 0. This leaves 14 bits
|
||||
left to specify the network address giving 32767 available B class
|
||||
networks. B Class networks thus have a range of 128 to 191 for the first
|
||||
of the dotted quads, with each network containing up to 32,766 possible
|
||||
interfaces.
|
||||
|
||||
<item>Class C IP network numbers use the leftmost 24 bits (the leftmost
|
||||
three bytes) to identify the network, leaving 8 bits (the rightmost
|
||||
byte) to identify host interfaces. Class C addresses always start with
|
||||
the leftmost 3 bits set to 1 1 0 or a range of 192 to 255 for the
|
||||
leftmost dotted quad. There are thus 4,194,303 available C class network
|
||||
numbers, each containing 254 interfaces. (C Class networks with the
|
||||
first byte greater than 223 are however reserved and unavailable for use).
|
||||
</itemize>
|
||||
|
||||
In summary:
|
||||
|
||||
<tscreen><verb>
|
||||
Network class Usable range of first byte values (decimal)
|
||||
A 1 to 126
|
||||
B 128 to 191
|
||||
C 192 to 254
|
||||
</verb></tscreen>
|
||||
|
||||
<p>
|
||||
There are also special addresses that are reserved for 'unconnected'
|
||||
networks - that is networks that use IP but are not connected to the
|
||||
Internet, These addresses are:-
|
||||
|
||||
<itemize>
|
||||
<item>One A Class Network<newline>
|
||||
10.0.0.0
|
||||
<item>16 B Class Networks<newline>
|
||||
172.16.0.0 - 172.31.0.0
|
||||
<item>256 C Class Networks
|
||||
192.168.0.0 - 192.168.255.0
|
||||
</itemize>
|
||||
|
||||
<p>
|
||||
You will note that this document uses these sequences throughout to avoid
|
||||
confusion with 'real' networks and hosts.
|
||||
|
||||
<sect1>Network numbers, interface addresses and broadcast addresses
|
||||
<p>
|
||||
IP numbers can have three possible meanings:-
|
||||
|
||||
<itemize>
|
||||
|
||||
<item>the address of an IP network (a group of IP devices sharing common
|
||||
access to a transmission medium - such as all being on the same Ethernet
|
||||
segment). A network number will always have the interface (host) bits of
|
||||
the address space set to 0 (unless the network is sub-networked - as we
|
||||
shall see);
|
||||
|
||||
<item>the broadcast address of an IP network (the address used to 'talk',
|
||||
simultaneously, to all devices in an IP network). Broadcast
|
||||
addresses for a network always have the interface (host) bits of the the
|
||||
address space set to 1 (unless the network is sub-networked - again, as
|
||||
we shall see).
|
||||
|
||||
<item>the address of an interface (such as an Ethernet card or PPP interface
|
||||
on a host, router, print server etc). These addresses can have any value
|
||||
in the host bits <bf/except/ all zero or all 1 - because with the host bits all
|
||||
0, the address is a network address and with the host bits all 1 the
|
||||
address is the broadcast address.
|
||||
|
||||
</itemize>
|
||||
|
||||
<p>
|
||||
In summary and to clarify things
|
||||
|
||||
<tscreen><verb>
|
||||
For an A class network...
|
||||
(one byte of network address space followed by three bytes of host
|
||||
address space)
|
||||
|
||||
10.0.0.0 is an A Class network number because all the host
|
||||
bits of the address space are 0
|
||||
10.0.1.0 is a host address on this network
|
||||
10.255.255.255 is the broadcast address of this network
|
||||
because all the host bits of the address space are 1
|
||||
|
||||
For a B class network...
|
||||
(two bytes of network address space followed by two bytes of host
|
||||
address space)
|
||||
|
||||
172.17.0.0 is a B Class network number
|
||||
172.17.0.1 is a host address on this network
|
||||
172.17.255.255 is the network broadcast address
|
||||
|
||||
For a C Class network...
|
||||
(three bytes of network address space followed by one byte of host
|
||||
address space)
|
||||
|
||||
192.168.3.0 is a C Class network number
|
||||
192.168.3.42 is a host address on this network
|
||||
192.168.3.255 is the network broadcast address
|
||||
</verb></tscreen>
|
||||
|
||||
<p>
|
||||
Almost all IP network numbers remaining available for allocation at
|
||||
present are C Class addresses.
|
||||
|
||||
<sect1>The network mask
|
||||
<p>
|
||||
The network mask is more properly called the subnetwork mask. However,
|
||||
it is generally referred to as the network mask.
|
||||
|
||||
<p>
|
||||
It is the network mask and its implications on how IP addresses are
|
||||
interpreted <em/locally/ on an IP network segment that concerns us most
|
||||
here, as this determines what (if any) sub-networking occurs.
|
||||
|
||||
<p>
|
||||
The standard (sub-) network mask is all the network bits in an address
|
||||
set to '1' and all the host bits set to '0'. This means that the
|
||||
standard network masks for the three classes of networks are:-
|
||||
|
||||
<itemize>
|
||||
<item>A Class network mask: 255.0.0.0
|
||||
<item>B Class network mask: 255.255.0.0
|
||||
<item>C Class network mask: 255.255.255.0
|
||||
</itemize>
|
||||
|
||||
<p>
|
||||
There are two important things to remember about the network mask:-
|
||||
<itemize>
|
||||
<item>The network mask affects only the <bf/local/ interpretation of
|
||||
<bf/local/ IP numbers (where local means on this particular network segment);
|
||||
<item>The network mask is <bf/not/ an IP number - it is used to modify
|
||||
how local IP numbers are interpreted locally.
|
||||
</itemize>
|
||||
|
||||
<sect>What are subnets?
|
||||
<p>
|
||||
A subnet is a way of taking a single IP network address and <bf/locally/
|
||||
splitting it up so that this single network IP address can actually be
|
||||
used on several interconnected local networks. Remember, a single IP
|
||||
network number can only be used on a single network.
|
||||
|
||||
<p>
|
||||
The important word here is <bf/locally/: as far as the world outside the
|
||||
machines and physical networks covered by the sub-netted IP network are
|
||||
concerned, nothing whatsoever has changed - it is still just a single IP
|
||||
network. This is important - sub-networking is a <bf/local/ configuration
|
||||
and is invisible to the rest of the world.
|
||||
|
||||
<sect>Why subnetwork?
|
||||
<p>
|
||||
The reasons behind sub-networking date back to the early specification of
|
||||
IP - where just a few sites were running on Class A network numbers,
|
||||
which allow for millions of connected hosts.
|
||||
|
||||
<p>
|
||||
It is obviously a huge traffic and administration problem if all IP
|
||||
computers at a large site need to be connected to the same network:
|
||||
trying to manage such a huge beast would be a nightmare and the network
|
||||
would (almost certainly) collapse under the load of its own traffic
|
||||
(saturate).
|
||||
|
||||
<p>
|
||||
Enter sub-networking: the A class IP network address can be split up to
|
||||
allow its distribution across several (if not many) separate networks.
|
||||
The management of each separate network can easily be delegated as well.
|
||||
|
||||
<p>
|
||||
This allows small, manageable networks to be established - quite
|
||||
possibly using different networking technologies. Remember, you cannot mix
|
||||
Ethernet, Token Ring, FDDI, ATM etc on the same physical network - they
|
||||
can be interconnected, however!
|
||||
|
||||
<p>
|
||||
Other reasons for sub-networking are:-
|
||||
<itemize>
|
||||
<item>Physical site layout can create restrictions (cable run lengths)
|
||||
in terms of the how the physical infrastructure can be connected,
|
||||
requiring multiple networks. Sub-networking allows this to be done in an
|
||||
IP environment using a single IP network number.
|
||||
<newline><newline>
|
||||
This is in fact now very commonly done by ISPs who wish to give their
|
||||
permanently connected clients with local networks static IP numbers.
|
||||
|
||||
<item>Network traffic is sufficiently high to be causing significant
|
||||
slow downs. By splitting the network up using subnetworks, traffic that
|
||||
is local to a network segment can be kept local - reducing overall
|
||||
traffic and speeding up network connectivity without requiring more
|
||||
actual network bandwidth;
|
||||
<item>Security requirements may well dictate that different classes of
|
||||
users do not share the same network - as traffic on a network can always
|
||||
be intercepted by a knowledgeable user. Sub-networking provides a way to
|
||||
keep the marketing department from snooping on the R & D network traffic
|
||||
(or students from snooping on the administration network)!
|
||||
<item>You have equipment which uses incompatible networking technologies
|
||||
and need to interconnect them (as mentioned above).
|
||||
</itemize>
|
||||
|
||||
<sect>How to subnetwork a IP network number
|
||||
<p>
|
||||
Having decided that you need to subnetwork your IP network number, how
|
||||
do you go about it? The following is an overview of the steps which will
|
||||
then be explained in detail:-
|
||||
|
||||
<itemize>
|
||||
<item>Set up the physical connectivity (network wiring and network
|
||||
interconnections - such as routers;
|
||||
<item>Decide how big/small each subnetwork needs to be in terms of the
|
||||
number of devices that will connect to it - ie how many usable IP
|
||||
numbers are required for each individual segment.
|
||||
<item>Calculate the appropriate network mask and network addresses;
|
||||
<item>Give each interface on each network its own IP address and the
|
||||
appropriate network mask;
|
||||
<item>Set up the routes on the routers and the appropriate gateways,
|
||||
routes and/or default routes on the networked devices;
|
||||
<item>Test the system, fix problems and then relax!
|
||||
</itemize>
|
||||
|
||||
<p>
|
||||
For the purpose of this example, we will assume we are sub-networking a single C
|
||||
class network number: 192.168.1.0
|
||||
|
||||
<p>
|
||||
This provides for a maximum of 254 connected interfaces (hosts), plus
|
||||
the obligatory network number (192.168.1.0) and broadcast address
|
||||
(192.168.1.255).
|
||||
|
||||
<sect1>Setting up the physical connectivity
|
||||
<p>
|
||||
You will need to install the correct cabling infrastructure for all the
|
||||
devices you wish to interconnect designed to meet your physical layout.
|
||||
|
||||
<p>
|
||||
You will also need a mechanism to interconnect the various segments
|
||||
together (routers, media converters etc.).
|
||||
|
||||
<p>
|
||||
A detailed discussion of this is obviously impossible here. Should you
|
||||
need help, there are network design/installation consultants around who
|
||||
provide this sort of service. Free advice is also available on a number of
|
||||
Usenet news groups (such as comp.os.linux.networking).
|
||||
|
||||
<sect1>Subnetwork sizing
|
||||
<p>
|
||||
There is a play off between the number of subnetworks you create and 'wasted'
|
||||
IP numbers.
|
||||
|
||||
<p>
|
||||
Every individual IP network has two addresses unusable as interface
|
||||
(host) addresses - the network IP number itself and the broadcast
|
||||
address. When you subnetwork, each subnetwork requires its own, unique
|
||||
IP network number and broadcast address - and these have to be valid
|
||||
addresses from within the range provided by the IP network that you are
|
||||
sub-networking.
|
||||
|
||||
<p>
|
||||
So, by sub-networking an IP network into two separate subnetworks, there
|
||||
are now <bf/two/ network addresses and <bf/two/ broadcast addresses -
|
||||
increasing the 'unusable' interface (host) addresses; creating 4
|
||||
subnetworks creates <bf/eight/ unusable interface (host) addresses and
|
||||
so on.
|
||||
|
||||
<p>
|
||||
In fact the smallest usable subnetwork consists of 4 IP numbers:-
|
||||
<itemize>
|
||||
<item>Two usable IP interface numbers - one for the router interface on
|
||||
that network and one for the single host on that network.
|
||||
<item>One network number.
|
||||
<item>One broadcast address.
|
||||
</itemize>
|
||||
|
||||
<p>
|
||||
Quite why one would want to create such a small network is another
|
||||
question! With only a single host on the network, any network
|
||||
communication must go out to another network. However, the example does
|
||||
serve to show the law of diminishing returns that applies to
|
||||
sub-networking.
|
||||
|
||||
<p>
|
||||
In principle, you can only divide your IP network number into 2^n (where
|
||||
n is one less that the number of host bits in your IP network number)
|
||||
equally sized subnetworks (you can subnetwork a subnetwork and combine
|
||||
subnetworks however).
|
||||
|
||||
<p>
|
||||
So be realistic about designing your network design - you want the
|
||||
<bf/minimum/ number of separate local networks that is consistent with
|
||||
management, physical, equipment and security constraints!
|
||||
|
||||
<sect1>Calculating the subnetwork mask and network numbers
|
||||
<p>
|
||||
The network mask is what performs all the <bf/local/ magic of dividing
|
||||
an IP network into subnetworks.
|
||||
|
||||
<p>
|
||||
The network mask for an un-sub-networked IP network number is simply a
|
||||
dotted quad which has all the 'network bits' of the network number
|
||||
set to '1' and all the host bits set to '0'.
|
||||
|
||||
<p>
|
||||
So, for the three classes of IP networks, the standard network masks
|
||||
are:-
|
||||
<itemize>
|
||||
<item>Class A (8 network bits) : 255.0.0.0
|
||||
<item>Class B (16 network bits): 255.255.0.0
|
||||
<item>Class C (24 network bits): 255.255.255.0
|
||||
</itemize>
|
||||
|
||||
<p>
|
||||
The way sub-networking operates is to <em/borrow/ one or more of the
|
||||
available host bits and make then make interfaces <bf/locally/ interpret
|
||||
these borrowed bits as part of the network bits. So to divide a network
|
||||
number into two subnetworks, we would borrow one host bit by setting the
|
||||
appropriate bit in the network mask of the first (normal) host bit to '1'.
|
||||
|
||||
<p>
|
||||
For a C Class address, this would result in a netmask of
|
||||
<newline>
|
||||
11111111.11111111.11111111.10000000
|
||||
<newline>
|
||||
or 255.255.255.128
|
||||
|
||||
<p>
|
||||
For our C Class network number of 192.168.1.0, these are some of the
|
||||
sub-networking options you have:-
|
||||
|
||||
<code>
|
||||
No of No of
|
||||
subnets Hosts/net netmask
|
||||
2 126 255.255.255.128 (11111111.11111111.11111111.10000000)
|
||||
4 62 255.255.255.192 (11111111.11111111.11111111.11000000)
|
||||
8 30 255.255.255.224 (11111111.11111111.11111111.11100000)
|
||||
16 14 255.255.255.240 (11111111.11111111.11111111.11110000)
|
||||
32 6 255.255.255.248 (11111111.11111111.11111111.11111000)
|
||||
64 2 255.255.255.252 (11111111.11111111.11111111.11111100)
|
||||
</code>
|
||||
|
||||
<p>
|
||||
In principle, there is absolutely no reason to follow the above way of
|
||||
subnetworking where network mask bits are added from the most
|
||||
significant host bit to the least significant host bit. However, if you
|
||||
do not do it this way, the resulting IP numbers will be in a <em/very/
|
||||
odd sequence! This makes it extremely difficult for us humans to decide
|
||||
to which subnetwork an IP number belongs as we are not too good at thinking
|
||||
in binary (computers on the other hand are and will use whatever scheme
|
||||
you tell them with equal equanimity).
|
||||
|
||||
<p>
|
||||
Having decided on the appropriate netmask, you then need to work out
|
||||
what the various Network and broadcast addresses are - and the IP number
|
||||
range for each of these networks. Again, considering only a C Class IP
|
||||
Network number and listing only the <em/final/ (host part) we have:-
|
||||
|
||||
<code>
|
||||
Netmask Subnets Network B'cast MinIP MaxIP Hosts Total Hosts
|
||||
--------------------------------------------------------------------------
|
||||
128 2 0 127 1 126 126
|
||||
128 255 129 254 126 252
|
||||
|
||||
192 4 0 63 1 62 62
|
||||
64 127 65 126 62
|
||||
128 191 129 190 62
|
||||
192 255 193 254 62 248
|
||||
|
||||
224 8 0 31 1 30 30
|
||||
32 63 33 62 30
|
||||
64 95 65 94 30
|
||||
96 127 97 126 30
|
||||
128 159 129 158 30
|
||||
160 191 161 190 30
|
||||
192 223 193 222 30
|
||||
224 255 225 254 30 240
|
||||
</code>
|
||||
|
||||
<p>
|
||||
As can be seen, there is a very definite sequence to these numbers,
|
||||
which make them fairly easy to check. The 'downside' of sub-networking is
|
||||
also visible in terms of the reducing total number of available host
|
||||
addresses as the number of subnetworks increases.
|
||||
|
||||
<p> With this information, you are now in a position to assign host and
|
||||
network IP numbers and netmasks.
|
||||
|
||||
<sect>Routing
|
||||
<p>
|
||||
If you are using a Linux PC with two network interfaces to route between
|
||||
two (or more) subnets, you need to have IP Forwarding enabled in your
|
||||
kernel. Do a
|
||||
|
||||
<code>
|
||||
cat /proc/ksyms | grep ip_forward
|
||||
</code>
|
||||
|
||||
<p>
|
||||
You should get back something like...
|
||||
<code>
|
||||
00141364 ip_forward_Rf71ac834
|
||||
</code>
|
||||
|
||||
<p>
|
||||
If you do not, then you do not have IP-Forwarding enabled in your kernel
|
||||
and you need to recompile and install a new kernel.
|
||||
|
||||
<p>
|
||||
For the sake of this example, let us assume that you have decided to
|
||||
subnetwork you C class IP network number 192.168.1.0 into 4 subnets
|
||||
(each of 62 usable interface/host IP numbers). However, two of these
|
||||
subnets are being combined into a larger single network, giving three
|
||||
physical networks.
|
||||
|
||||
<p>
|
||||
These are :-
|
||||
<code>
|
||||
Network Broadcast Netmask Hosts
|
||||
192.168.1.0 192.168.1.63 255.255.255.192 62
|
||||
192.168.1.64 192.168.1.127 255.255.255.192 62
|
||||
192.168.1.128 192.168.1.255 255.255.255.128 124 (see note)
|
||||
</code>
|
||||
|
||||
<p>
|
||||
Note: the reason the last network has only 124 usable network addresses
|
||||
(not 126 as would be expected from the network mask) is that it is
|
||||
really a 'super net' of two subnetworks. Hosts on the other two networks
|
||||
will interpret 192.168.1.192 as the <em/network/ address of the 'non-existent'
|
||||
subnetwork. Similarly, they will interpret 192.168.1.191
|
||||
as the broadcast address of the 'non-existent' subnetwork.
|
||||
|
||||
<p>
|
||||
So, if you use 192.168.1.191 or 192 as host addresses on the third
|
||||
network, then machines on the two smaller networks will not be able to
|
||||
communicate with them.
|
||||
|
||||
<p>
|
||||
This illustrates an important point with subnetworks - the usable
|
||||
addresses are determined by the <bf/SMALLEST/ subnetwork in that address
|
||||
space.
|
||||
|
||||
<sect1>The routing tables
|
||||
<p>
|
||||
Let us assume that a computer running Linux is acting as a router for
|
||||
this network. It will have three network interfaces to the local LANs
|
||||
and possibly a fourth interface to the Internet (which would be its
|
||||
default route.
|
||||
|
||||
<p>
|
||||
Let us assume that the Linux computer uses the lowest available IP
|
||||
address in each subnetwork on its interface to that network. It would
|
||||
configure its network interfaces as
|
||||
|
||||
<code>
|
||||
Interface IP Address Netmask
|
||||
eth0 192.168.1.1 255.255.255.192
|
||||
eth1 192.168.1.65 255.255.255.192
|
||||
eth2 192.168.1.129 255.255.255.128
|
||||
</code>
|
||||
|
||||
<p>
|
||||
The routing it would establish would be
|
||||
|
||||
<code>
|
||||
Destination Gateway Genmask Iface
|
||||
192.168.1.0 0.0.0.0 255.255.255.192 eth0
|
||||
192.168.1.64 0.0.0.0 255.255.255.192 eth1
|
||||
192.168.1.128 0.0.0.0 255.255.255.128 eth2
|
||||
</code>
|
||||
|
||||
<p>
|
||||
On each of the subnetworks, the hosts would be configured with their own
|
||||
IP number and net mask (appropriate for the particular network). Each host
|
||||
would declare the Linux PC as its gateway/router, specifying the Linux
|
||||
PCs IP address for its interface on to that particular network.
|
||||
|
||||
|
||||
<p>
|
||||
Robert Hart
|
||||
Melbourne, Australia March 1997.
|
||||
|
||||
</article>
|
|
@ -1,29 +0,0 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
|
||||
<head>
|
||||
|
||||
<title>KickStart HOWTO</title>
|
||||
|
||||
</head>
|
||||
|
||||
<body>
|
||||
|
||||
<h1>KickStart HOWTO</h1>
|
||||
|
||||
<p>This document has been removed at the request of the author, Martin
|
||||
Hamilton, because it has been replaced by RedHat's own documentation.</p>
|
||||
|
||||
<p>For more information on KickStart Installations and Configurations, you
|
||||
may want to try the following Web sites:</p>
|
||||
|
||||
<ul>
|
||||
<li>RedHat 9 Manual -- <a
|
||||
href="http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/part-install-info.html">chapter on installing and configuring KickStart</a></li>
|
||||
<li><a href="https://listman.redhat.com/mailman/listinfo/kickstart-list">KickStart mailing list</a></li>
|
||||
</ul>
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -1,299 +0,0 @@
|
|||
<!doctype linuxdoc system>
|
||||
<article>
|
||||
<title>
|
||||
ISP-Connectivity-mini-HOWTO
|
||||
<author>Michael Strates, <tt>mstrates@croftj.net</tt>
|
||||
<date>v2.0.1, 2001-11-28
|
||||
<abstract>
|
||||
This document describes how to setup PPP, connect up to your
|
||||
ISP, configure mail and news, get a permanent IP (if available),
|
||||
get a domain name, and have a bonda fide system running
|
||||
in a little over thirty minutes.
|
||||
<p>
|
||||
<bf>Archived Document Notice:</bf> This document has been archived by the LDP
|
||||
because it does not apply to modern Linux systems. It is no longer
|
||||
being actively maintained.
|
||||
</p>
|
||||
</abstract>
|
||||
<toc>
|
||||
<p>
|
||||
|
||||
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
|
||||
<sect> Introduction
|
||||
<p>
|
||||
The main goal of this document obviously is to make the new user
|
||||
friendly with the many terms of connecting your Linux PC up to
|
||||
the Internet, obtaining IP addresses, domain names, and setting things
|
||||
up. This guide is intended for the intermediate user in mind, although
|
||||
intelligent newbies shouldn't have any problems.
|
||||
<p>
|
||||
|
||||
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
|
||||
<sect1> New versions of this document
|
||||
<p>
|
||||
New versions of this document will be periodically posted to
|
||||
<it>comp.os.linux.answers</it>. They will also be added to the
|
||||
various anonymous FTP sites who archive such information,
|
||||
including:
|
||||
<p>
|
||||
<tt>
|
||||
<htmlurl url="ftp://sunsite.unc.edu/pub/Linux/docs/HOWTO"
|
||||
name="ftp://sunsite.unc.edu/pub/Linux/docs/HOWTO">
|
||||
</tt>
|
||||
<p>
|
||||
In addition, you should generally be able to find this document
|
||||
on the Linux Documentation Project page via:
|
||||
<p>
|
||||
<tt>
|
||||
<htmlurl url="http://sunsite.unc.edu/LDP/"
|
||||
name="http://sunsite.unc.edu/LDP/">
|
||||
</tt>
|
||||
<p>
|
||||
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
|
||||
<sect1> Feedback
|
||||
<p>
|
||||
I certaintly welcome any feedback about this HOWTO, spelling mistakes,
|
||||
how it all worked out, thankyou notes and critisisms. I hope I helped
|
||||
a few people with this HOWTO, and if I did, I'd be really happy to
|
||||
hear from you.
|
||||
<p>
|
||||
<tt>
|
||||
<htmlurl url="mailto:mstrates@croftj.net"
|
||||
name="mstrates@croftj.net">
|
||||
</tt>
|
||||
<p>
|
||||
<tt>
|
||||
<htmlurl url="http://linloft.home.ml.org/"
|
||||
name="http://linloft.home.ml.org/">
|
||||
</tt>
|
||||
<p>
|
||||
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
|
||||
<sect1> Standard Disclaimer
|
||||
<p>
|
||||
No liability for the contents of this documents can be accepted.
|
||||
Use the concepts, examples and other content at your own risk.
|
||||
As this is a new edition of this document, there may be errors
|
||||
and inaccuracies, that may of course be damaging to your system.
|
||||
Proceed with caution, and although this is highly unlikely,
|
||||
I don't take any responsibility for that.
|
||||
<p>
|
||||
Naturally, there are probably better and easier ways to do things
|
||||
in this document. There will always be another way in the Linux
|
||||
World. This is the way I've done things, and that's the way I'll
|
||||
be presenting them in this HOWTO.
|
||||
<p>
|
||||
|
||||
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
|
||||
<sect1> Copyright Information
|
||||
<p>
|
||||
This document is copyrighted (c)1997 Michael Strates and
|
||||
distributed under the terms of the GNU Free Documentation License,
|
||||
which can be obtained from
|
||||
<a href="http://www.fsf.org/licenses/fdl.html">http://www.fsf.org/licenses/fdl.html</a>.
|
||||
|
||||
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
|
||||
<sect> Connecting to the Outside World
|
||||
<p>
|
||||
In this document, we'll explain how to do this using PPP (Point
|
||||
to Point Protocol), a popular protocol nearly always used over the
|
||||
Internet. It allows your modem to <tt>speak</tt> to the outside
|
||||
world. This is what applications like Trumpet Winsock in Windows
|
||||
3.x did, and many other programs that you've probably have never
|
||||
seen.
|
||||
<p>
|
||||
In Linux, we use a thing called chat to do the dialing up to the
|
||||
ISP and then use a utility called pppd to 'use' the connection. In
|
||||
a sense, chat is your dialer, and pppd is your protocol. We'll
|
||||
describe how to setup both below.
|
||||
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
|
||||
<sect1> Talking and Communicating with pppd and chat
|
||||
<p>
|
||||
Probably the easiest way to go about things is to make a shell
|
||||
script in root's home directory called <tt>ppp-connect</tt> and
|
||||
involke the script whenever you wish to make your connection. We'll
|
||||
discuss this method.
|
||||
<p>
|
||||
Open up your favourite editor as root on ~/ppp-connect. You'll
|
||||
then have to decide on your parameters.
|
||||
<p>
|
||||
<it>pppd connect 'chat -v "" "your_init_string" "" ATDTisp_number
|
||||
CONNECT "" ogin: your_username word: your_passwd' /dev/tty(0/1/2) speed
|
||||
modem</it>
|
||||
<p>
|
||||
pppd involkes /usr/sbin/pppd on my system, then loads up chat to do the
|
||||
dialing. Chat sends <it>your_init_string</it> to the modem, then
|
||||
dials <it>isp_number</it>. It then waits for CONNECT, then waits for
|
||||
ogin: (l removed as the first character is sometimes lost), sends
|
||||
<it>your_passwd</it>, chat then terminates and hands the show over to
|
||||
pppd.
|
||||
<p>
|
||||
The last of the command specifies your modem port (mine's /dev/ttyS1). In
|
||||
most cases it will be ttyS1 (COM2: in DOS), ttyS0 (COM1: in DOS), or if
|
||||
your using Slackware, cua1 or cua0. The speed is the speed of the modem. I
|
||||
use 115200 for my modem (a 33.6k). If you have got a fairly recent
|
||||
computer (one with a 16550 UART), then I wouldn't go any lower than 57600.
|
||||
Otherwise, for 14.4k 38400. Modem just tells pppd that it's a serial/modem
|
||||
based connection. Remove the -v option if you don't want verbose logging
|
||||
to your logfiles.
|
||||
<p>
|
||||
The scenario below is one of a person who dials up an ISP that
|
||||
automatically starts PPP for them, ie; they don't have a shell that
|
||||
actually starts. This is his command in his ~/ppp-connect:
|
||||
<p>
|
||||
<it>pppd connect 'chat "" "ATZ" "" ATDT555-1800
|
||||
CONNECT "" ogin: johnny word: blackjak' /dev/ttyS1 115200
|
||||
modem</it>
|
||||
<p>
|
||||
But for some people, they're ISP starts up a shell and doesn't
|
||||
automatically start PPP this may be a problem. Luckily, chat can deal with
|
||||
that too. You just add another command to your chat script. For example,
|
||||
below this johnny character is using an ISP that just dumps him to a
|
||||
shell, requiring him to type ppp to get a ppp connection. His shell prompt
|
||||
ends with a $.
|
||||
<it>pppd connect 'chat "" "ATZ" "" ATDT555-1800
|
||||
CONNECT "" ogin: johnny word: blackjak $ ppp' /dev/ttyS1 115200
|
||||
modem</it>
|
||||
<p>
|
||||
If it's more than one word, ensure you quote it. I hope you can see the
|
||||
drift of this, and are able to create your own script up to suit your
|
||||
connection. Simply modify either the first johnny or the second johnny
|
||||
script to suit your taste, port, server, etc and save the file.
|
||||
<p>
|
||||
Now you've made your file, ensure that only root can execute, read or
|
||||
write to it. This is extreemly important. Also make sure nobody can
|
||||
read your logfiles, if you decide to leave the -v option in, as your
|
||||
password is seen in cleartext in the logs (I don't see much need for -v,
|
||||
if you don't know what I'm talking about, leave -v out).
|
||||
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
|
||||
<sect1> IP's, Domain Names and Subnets
|
||||
<p>
|
||||
For most people using the options above, a changing IP address won't
|
||||
bother them. These people include basic, easy going users, that just have
|
||||
dialup accounts, and aren't very technically minded. For those people,
|
||||
skim read this section, I'll come to important things you need to do to
|
||||
setup your system properly. Newbies, skip the sections dealing with
|
||||
permanent IP, Domain Names, Subnets, and just read the last bit of this
|
||||
section.<p>
|
||||
Getting a permanent IP address might be free for your ISP, so if in doubt
|
||||
ask them. Personally, I'd pay for a permanent IP address. It lets you send
|
||||
e-mail to and from using a unique IP or domain, etc. If you want to get
|
||||
yourself a permanent IP, write an e-mail to root@yourisp.com, and ask him
|
||||
nicely if he can arrange a permanent IP for you.
|
||||
<p>
|
||||
When you get your permanent IP address, grep through your /etc directory
|
||||
to find where your old IP addresses are. I had to change files in my
|
||||
sendmail directory and /etc/hosts. There are some other key files that you
|
||||
will only discover with grepping. Open up /etc/hosts, and add your new IP
|
||||
address in the standard format. Reboot your computer, and you should be
|
||||
ready to go.
|
||||
<p>
|
||||
You'll now need to change your chat script to reflect your new settings.
|
||||
If you are forced into PPP as soon as you start your connection, you'll
|
||||
need to tell your System Administrator of your ISP to ensure their PPP
|
||||
system recognises that you have a permanent IP address and allocates you
|
||||
that instead of a changing one. If you get dumped at a shell prompt, and
|
||||
you need to type ppp or something to start the connection, instead of
|
||||
typing that, change your ~/ppp-connect script to send this instead of just
|
||||
ppp or whatever when it sees $ or whatever your shell prompt is.
|
||||
<p>
|
||||
<it>/usr/sbin/pppd :Your_IP_Address</it>
|
||||
<p>
|
||||
Substitute your IP address for the IP address your ISP gave to you. Be
|
||||
sure you encapsulate the thing in " " marks when you put it into your chat
|
||||
script. If this doesn't work, consult your ISP where your PPP daemon is
|
||||
located, and ask him for the command to give. You could just try leaving
|
||||
it as is and seeing if the server will recognise you and give you your
|
||||
rightful address.
|
||||
<p>
|
||||
The next thing probably to do is to get yourself a domain name. I know
|
||||
that in Australia, .asn.au and .org.au are free. In the United States, you
|
||||
can get a .us domain for free, but they tend to be long. If your in
|
||||
Australia, you must go to
|
||||
<htmlurl url="http://www.aunic.net/" name="http://www.aunic.net/">
|
||||
to register your domains. In the United States, it is
|
||||
<htmlurl url="http://www.internic.net/" name="http://www.internic.net/"> .
|
||||
<p>
|
||||
To register domains you need to be able to provide DNS services, and gorey
|
||||
stuff like that. If your ISP can't provide these, throw out an official
|
||||
.asn.au or whatever domain out the window, and get a Monolith Internet
|
||||
Domain.
|
||||
<p>
|
||||
Monolith offer free domains to anybody and anyone all around the world.
|
||||
Everything is done without human interaction, via a web forms interface
|
||||
with your browser. Your domain comes in the form of Your_Choice.ml.org.
|
||||
Monolith will then host the DNS locally for you. If you want to send and
|
||||
receive mail from that domain, ask your ISP to become a mail exchanger for
|
||||
you.
|
||||
<p>
|
||||
Go to
|
||||
<htmlurl url="http://www.ml.org/" name="http://www.ml.org/">
|
||||
and fill out an application, enter the NIC with your username and
|
||||
password, and make a FREED domain. You'll need to enter your IP address,
|
||||
so have that ready. Your domain will be in the DNS in a couple of days.
|
||||
<p>
|
||||
Okay now, we'll move onto the newbies section, or for those people who
|
||||
can't get a permanent IP address or a domain name. All you have to do is
|
||||
edit /etc/hosts as root, call your site something that won't clash, give
|
||||
it a 10.10.10 or something for an IP address and reboot your computer.
|
||||
<p>
|
||||
There you go, you've just setup your computer with pppd and chat in just
|
||||
ten minutes. Now let's move onto the next section, which deals with
|
||||
Electronic Mail.
|
||||
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
|
||||
<sect> Electronic Mail on your Linux Box
|
||||
<p>
|
||||
One of the most important aspects of the Internet, is it's fasinating
|
||||
capaiblity to transfer mail to and from countries, or more locally
|
||||
perhaps. Linux is extreemly strong in easy mail packages for the console.
|
||||
The one we're going to document today is called Pine (Program for Internet
|
||||
Mail and News), made by the University of Washington, and to download the
|
||||
mail, a program called Fetchmail, made by Eric S. Raymond. Both should be
|
||||
included in your Linux distribution.
|
||||
<p>
|
||||
Fetchmail is a program that downloads your e-mail from your server using
|
||||
POP, transfers the mail onto your computer and then deletes it off the
|
||||
server, much like programs like Eudora or Microsoft Internet Mail/Exchange
|
||||
do. To configure and automate fetchmail, you use a file in your home
|
||||
directory called .fetchmailrc. Simply open up ~/.fetchmailrc
|
||||
(Remember: your doing this bit as yourself, not as root) with your
|
||||
favourite editor and observe the command lin eoptions below:
|
||||
<p>
|
||||
<EM>poll mail.yourisp.com proto pop3 user login_name password your_passwd</EM>
|
||||
<p>
|
||||
<EM>user login_name with pass your_passwd is login_name here</EM>
|
||||
<p>
|
||||
All you have to do is replace <EM>mail.yourisp.com</EM> with the name of
|
||||
the mail server of your ISP, <EM>your_passwd</EM> with your password, and
|
||||
<EM>login_name</EM> with your login name.
|
||||
<p>
|
||||
An important thing to note. For Pine and this procedure to work correctly,
|
||||
your login name must corrospond with the login name you use on your ISP.
|
||||
That is your local login name must match the one you use on your server,
|
||||
and your e-mail address.
|
||||
<p>
|
||||
Next, ensure that .fetchmailrc has the correct permissions (user
|
||||
read/write only) and your laughing. Fetchmail can be started in two ways,
|
||||
in standard mode (where it'll fetch messages from the server and
|
||||
terminate), or in daemon mode (where it will stay active, and
|
||||
check/download mail every X seconds). To use daemon mode, type
|
||||
<it>fetchmail -a -d(Seconds between Polls)</it>. -a ensures it downloads
|
||||
all mail. To use the standard mode, just type <it>fetchmail -a</it>.
|
||||
<p>
|
||||
Next, you need to setup Pine. Open up Pine, by typing pine at your prompt,
|
||||
choose Setup - Configuration. Setup your userdomain as the domain in your
|
||||
e-mail address, for example jack@linux.org, would be linux.org. Next,
|
||||
setup smtp-server as your POP mail server (the same you used in the
|
||||
fetchmail setup). So we enter www.linux.org. If you want news, setup your
|
||||
nntp server to your ISP's news server.
|
||||
<p>
|
||||
So there you have it folks, everything should be working now. To connect
|
||||
up to your ISP, just run ~/ppp-connect as root. Then, to get your e-mail
|
||||
run fetchmail -a as yourself. To browse your e-mail and news, use
|
||||
Pine. Install a text-based browser such as Lynx to browse the web if you
|
||||
like.
|
||||
<p>
|
||||
<it>Send any comments questions and suggestions to
|
||||
mstrates@croftj.net</it>
|
||||
<p>
|
||||
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
|
||||
</article>
|
|
@ -1,400 +0,0 @@
|
|||
<!doctype linuxdoc system>
|
||||
|
||||
<!-- Loopback Encrypted Filesystem HOWTO by Ryan T. Rhea -->
|
||||
|
||||
<article>
|
||||
|
||||
<!-- Title information -->
|
||||
|
||||
<title>Loopback Encrypted Filesystem HOWTO
|
||||
<author>Copyright by Ryan T. Rhea,
|
||||
<tt/rhear@cs.winthrop.edu/
|
||||
<date>v1.1, 29 November 1999
|
||||
|
||||
<abstract>
|
||||
This document explains how to setup and then use a filesystem
|
||||
that, when mounted by a user, dynamically and transparently
|
||||
encrypts its contents. The filesystem is stored in a regular
|
||||
file, which can be hidden or named non-conspicuously such that it
|
||||
would most likely be overlooked. This allows for a high level of
|
||||
secure storage of data.
|
||||
<p>
|
||||
<bf>Archived Document Notice:</bf> This document has been archived by the LDP
|
||||
because it does not apply to modern Linux systems. It is no longer
|
||||
being actively maintained.
|
||||
</p>
|
||||
</abstract>
|
||||
|
||||
<!-- Table of contents -->
|
||||
<toc>
|
||||
|
||||
<!-- Begin the document -->
|
||||
|
||||
<sect>Before you begin
|
||||
|
||||
<p>
|
||||
This process requires the kernel source code, knowledge of
|
||||
compiling this
|
||||
code, and a lot of patience. I highly recommend having a boot
|
||||
disk ready.
|
||||
Also, be sure to have a backup before you permanently store your
|
||||
important
|
||||
data on the encrypted filesystem - it can be corrupted like any
|
||||
other
|
||||
filesystem.
|
||||
|
||||
As a minimum, you will have to patch to at least version 2.2.9 of
|
||||
the linux
|
||||
kernel before continuing. There are further instructions on
|
||||
applying patches
|
||||
in the <ref id="Details"> section later in this document.
|
||||
|
||||
Kernel source can be found at:
|
||||
|
||||
<tscreen>
|
||||
<url url="ftp://ftp.kerneli.org/">
|
||||
</tscreen>
|
||||
|
||||
There is a HOWTO on the process of recompiling kernels at:
|
||||
|
||||
<tscreen>
|
||||
<url url="http://metalab.unc.edu/LDP/HOWTO/">
|
||||
</tscreen>
|
||||
|
||||
This document may be reproduced and distributed in whole or in
|
||||
part, without fee, subject to the following conditions:
|
||||
|
||||
<itemize>
|
||||
<item>The copyright notice and this permission notice must be
|
||||
preserved complete on all complete or partial copies.
|
||||
|
||||
<item>Any translation or derived work must be approved by the
|
||||
author
|
||||
in writing before distribution.
|
||||
|
||||
<item>If you distribute this work in part, instructions for
|
||||
obtaining
|
||||
he complete version of this manual must be included, and a means
|
||||
for obtaining a complete version provided.
|
||||
|
||||
<item>All source code in this document is placed under the GNU
|
||||
General Public License, available via anonymous FTP from:
|
||||
</itemize>
|
||||
|
||||
<tscreen>
|
||||
<url url="ftp://prep.ai.mit.edu/pub/gnu/COPYING/">
|
||||
</tscreen>
|
||||
|
||||
<sect>Introduction
|
||||
|
||||
<p>
|
||||
The process uses the device '/dev/loop*' (where * can be 0-7 on
|
||||
most installations) to mount a loopback filesystem. The same
|
||||
process can be used without encryption to store a linux
|
||||
filesystem on a non-linux partition. There is a HOWTO on this at
|
||||
the LDP site mentioned previously.
|
||||
|
||||
Different types of encryption can be used, including XOR, DES,
|
||||
twofish, blowfish, cast128, serpent, MARS, RC6, DFC, and IDEA.
|
||||
The program 'losetup' (loopback setup) is what associates your
|
||||
encrypted file with a filesystem and it's cipher type. According
|
||||
to Alexander
|
||||
Kjeldaas, who maintains kerneli.org and the international crypto
|
||||
patches, DES
|
||||
and losetup are currently incompatible. This is due to
|
||||
differences in the way
|
||||
the two handle parity bits. There are no plans to support DES as
|
||||
it is much
|
||||
more insecure than the other ciphers.
|
||||
|
||||
Twofish, blowfish, cast128, and serpent are all licensed free for
|
||||
any use.
|
||||
The others may or may not have licensing restrictions. Several
|
||||
of them are
|
||||
candidates for the AES standard. The finalists will provide
|
||||
royalty free use
|
||||
of their ciphers worldwide.
|
||||
|
||||
This document uses the serpent algorithm because it is strong yet
|
||||
remarkably fast, and it's freely distributable under the GPL.
|
||||
According to
|
||||
it's documentation, serpent uses a 128-bit block cipher designed
|
||||
by Ross
|
||||
Anderson, Eli Biham and Lars Knudsen. It provides users with the
|
||||
highest
|
||||
practical level of assurance that no shortcut attacks will be
|
||||
found. The
|
||||
documentation on serpent as well as the source code can be found
|
||||
at:
|
||||
|
||||
<tscreen>
|
||||
<url url="http://www.cl.cam.ac.uk/~rja14/serpent.html">
|
||||
</tscreen>
|
||||
|
||||
Also, this document assumes that the ciphers are compiled
|
||||
directly into the
|
||||
kernel. You may install them as modules, but the technique is
|
||||
not discussed
|
||||
in this document. You will have to edit the file
|
||||
'/etc/conf.module'; the
|
||||
process is discussed in detail in the kernel compilation HOWTO
|
||||
referenced previously.
|
||||
|
||||
<sect>Summary
|
||||
|
||||
<p>
|
||||
There are many steps involved in the process. I will provide
|
||||
<ref id="Details"> for these steps in the next section. I thought
|
||||
it would
|
||||
be nice to provide a summary first to provide reference (if you
|
||||
are experienced with unix/linux you probably don't need the
|
||||
details anyway). Here they are summarized as follows:
|
||||
|
||||
<enum>
|
||||
<item>Download the newest international crypto patch (I used
|
||||
'patch-int-2.2.10.4' at the time this document was written) from:
|
||||
|
||||
<p><tscreen>
|
||||
<url url="http://ftp.kerneli.org/pub/kerneli/">
|
||||
</tscreen>
|
||||
|
||||
<p><item>Patch the kernel
|
||||
|
||||
<p><item>Run 'config' (or 'menuconfig' or 'xconfig') to configure
|
||||
your
|
||||
'MakeFile' for the new kernel. The options to enable encryption
|
||||
are
|
||||
scattered. First of all, before you will see any other options
|
||||
you must
|
||||
enable 'Prompt for development and/or incomplete code/drivers'
|
||||
under 'Code
|
||||
Maturity level options'. Under 'Crypto options' enable 'crypto
|
||||
ciphers' and
|
||||
'serpent'. Once again, this document assumes you are using
|
||||
serpent, but try
|
||||
whatever you want. Remember that DES is known to be incompatible
|
||||
as of
|
||||
2.2.10.4 - it may never be supported at all. There are several
|
||||
important options to select under 'Block Devices'. These include
|
||||
'Loopback
|
||||
device support', 'Use relative block numbers as basis for
|
||||
transfer functions
|
||||
(RECOMMENDED)', and 'General encryption support'. DO NOT select
|
||||
'cast 128' or
|
||||
'twofish' encryption here. Also note that you don't need any of
|
||||
the crypto
|
||||
options under the various network categories. I will not go any
|
||||
further into
|
||||
configuration of the kernel, it is out of the scope of this
|
||||
document and can
|
||||
be found at the LDP site.
|
||||
|
||||
<p><item>Compile the new kernel.
|
||||
|
||||
<p><item>Edit '/etc/lilo.conf' to add the new kernel image. Run
|
||||
'lilo -v' to
|
||||
add the kernel to the boot loader.
|
||||
|
||||
<p><item>Download the source for the newest 'util-linux' (I used
|
||||
'util-linux-2.9v') package from:
|
||||
|
||||
<p><tscreen>
|
||||
<url url="ftp://ftp.kernel.org/pub/linux/utils/util-linux/">
|
||||
</tscreen>
|
||||
|
||||
<p><item>Extract the 'util-linux' source.
|
||||
|
||||
<p><item>Apply the corresponding patch found in your
|
||||
'/usr/src/linux/Documentation/crypto/' directory.
|
||||
|
||||
<p><item>CAREFULLY read the 'INSTALL' file! This package
|
||||
contains the
|
||||
sources for many system dependent files (important tools such as
|
||||
'login', 'passwd', and 'init'). If you don't carefully edit the
|
||||
MCONFIG
|
||||
file before compiling these sources have a boot disk and/or
|
||||
shotgun ready
|
||||
because your system will be quite confused. Basically you want
|
||||
to set almost
|
||||
all of the 'HAVE_*' fields equal to yes so that the important
|
||||
authentication
|
||||
tools are not compiled and written over. The tools you do want
|
||||
rebuilt
|
||||
are 'mount' and 'losetup' to accommodate the new encryption
|
||||
schemes. I
|
||||
suggest that you refer to the <ref id="Details"> section below
|
||||
for this step.
|
||||
|
||||
<p><item>Compile and install the 'util-linux' source
|
||||
|
||||
<p><item>Reboot the machine with the new kernel.
|
||||
|
||||
<p><item>Edit '/etc/fstab', adding an entry for your mount point
|
||||
as follows:
|
||||
|
||||
<p><tscreen><code>
|
||||
/dev/loop0 /mnt/crypt ext2 user,noauto,rw,loop 0 0
|
||||
</code></tscreen>
|
||||
|
||||
<p><item>Create the directory that will hold your filesystem, as
|
||||
in
|
||||
'/mnt/crypt' above.
|
||||
|
||||
<p><item>As the user, create your encrypted file as follows:
|
||||
|
||||
<p><tscreen><verb>
|
||||
dd if=/dev/urandom of=/etc/cryptfile bs=1M count=10
|
||||
</verb></tscreen>
|
||||
|
||||
<p><item>Run losetup as follows:
|
||||
|
||||
<p><tscreen><verb>
|
||||
losetup -e serpent /dev/loop0 /etc/cryptfile
|
||||
</verb></tscreen>
|
||||
|
||||
You only have one chance to enter the password, be careful. If
|
||||
you want to
|
||||
double-check your password, you can use the command:
|
||||
|
||||
<p><tscreen><verb>
|
||||
losetup -d /dev/loop0
|
||||
</verb></tscreen>
|
||||
|
||||
This will deactivate your loop device. Next you will run losetup
|
||||
again to
|
||||
test your password, as follows:
|
||||
|
||||
<p><tscreen><verb>
|
||||
losetup -e serpent /dev/loop0 /etc/cryptfile
|
||||
</verb></tscreen>
|
||||
|
||||
<p><item>Make your ext2 filesystem as follows:
|
||||
|
||||
<p><tscreen><verb>
|
||||
mkfs -t ext2 /dev/loop0
|
||||
</verb></tscreen>
|
||||
|
||||
<p><item>Now you can mount the encrypted filesystem with:
|
||||
|
||||
<p><tscreen><verb>
|
||||
mount -t ext2 /dev/loop0 /mnt/crypt
|
||||
</verb></tscreen>
|
||||
|
||||
<p><item>When your done, you want to unmount and protect your
|
||||
filesystem as
|
||||
follows:
|
||||
|
||||
<p><tscreen><verb>
|
||||
umount /dev/loop0
|
||||
losetup -d /dev/loop0
|
||||
</verb></tscreen>
|
||||
|
||||
</enum>
|
||||
|
||||
|
||||
<sect>Details<label id="Details">
|
||||
|
||||
<p><bf/Kernel Patches:/
|
||||
|
||||
You can upgrade from '2.2.x' releases by patching. Each patch
|
||||
that is released for '2.2.x' contains bugfixes. New features
|
||||
will be added to the Linux '2.3.x' development kernel. To
|
||||
install by patching, get all the newer patch files and do the
|
||||
following:
|
||||
|
||||
<tscreen><verb>
|
||||
cd /usr/src
|
||||
gzip -cd patchXX.gz | patch -p0
|
||||
</verb></tscreen>
|
||||
|
||||
Repeat xx for all versions bigger than the version of your
|
||||
current source tree, IN ORDER.
|
||||
|
||||
The default directory for the kernel source is '/usr/src/linux'.
|
||||
If your source is installed somewhere else, I would suggest using
|
||||
a symbolic link from '/usr/src/linux'.
|
||||
|
||||
|
||||
<p><bf/Editing 'MCONFIG' for the 'util-linux' package
|
||||
compilation:/
|
||||
|
||||
The following are excerpts from the 'MCONFIG' file I used to
|
||||
compile the 'util-linux' package. Note that this is fairly
|
||||
specific for my setup, which is loosely based on RedHat 5.2. The
|
||||
point is to make sure you don't overwrite any important system
|
||||
tools such as 'login', 'getty', or 'passwd'. Anyway, here are
|
||||
the
|
||||
important lines as follows:
|
||||
|
||||
<tscreen><code>
|
||||
CPU=$(shell uname -m | sed s/I.86/intel/)
|
||||
|
||||
LOCALEDIR=/usr/share/locale
|
||||
|
||||
HAVE_PAM=no
|
||||
|
||||
HAVE_SHADOW=yes
|
||||
|
||||
HAVE_PASSWD=yes
|
||||
|
||||
REQUIRE_PASSWORD=yes
|
||||
|
||||
ONLY_LISTED_SHELLS=yes
|
||||
|
||||
HAVE_SYSVINIT=yes
|
||||
|
||||
HAVE_SYSVINIT_UTILS=yes
|
||||
|
||||
HAVE_GETTY=yes
|
||||
|
||||
USE_TTY_GROUP=yes
|
||||
|
||||
HAVE_RESET=yes
|
||||
|
||||
HAVE_SLN=yes
|
||||
|
||||
CC=gcc
|
||||
</code></tscreen>
|
||||
|
||||
<p><bf/Suggestions:/
|
||||
|
||||
Note that you could use any of the eight loopback devices, from
|
||||
'dev/loop0'
|
||||
to '/dev/loop7'. Use an inconspicuous directory for the mount
|
||||
point. I would
|
||||
suggest creating a folder with 700 permissions inside your home
|
||||
folder. The
|
||||
same goes for the file that holds the data. I use a filename
|
||||
like 'sysfile'
|
||||
or 'config.data' inside the '/etc' folder. This will usually get
|
||||
overlooked.
|
||||
|
||||
I created very simple Perl scripts to mount and unmount the
|
||||
filesystem with one command. Write these, make them executable
|
||||
(chmod u+x), and store them somewhere in your path.
|
||||
|
||||
<tscreen><code>
|
||||
#!/usr/bin/perl -w
|
||||
#
|
||||
#minimal utility to setup loopback encryption filesystem
|
||||
#Copyright 1999 by Ryan T. Rhea
|
||||
`losetup -e serpent /dev/loop0 /etc/cryptfile`;
|
||||
`mount /mnt/crypt`;
|
||||
</code></tscreen>
|
||||
|
||||
Name the above script 'loop', and then you can be on your way
|
||||
with one command ('loop') and a password.
|
||||
|
||||
<tscreen><code>
|
||||
#!/usr/bin/perl -w
|
||||
#
|
||||
#minimal utility to deactivate loopback encryption filesystem
|
||||
#Copyright 1999 by Ryan T. Rhea
|
||||
`umount /mount/crypt`;
|
||||
`losetup -d /dev/loop0`;
|
||||
</code></tscreen>
|
||||
|
||||
Name the second one 'unloop', and then typing 'unloop' will
|
||||
quickly deactivate your filesystem.
|
||||
|
||||
</article>
|
|
@ -1,601 +0,0 @@
|
|||
<!doctype linuxdoc system>
|
||||
<article>
|
||||
<title>The MGR Window System HOWTO
|
||||
<author>Vincent Broman
|
||||
</author>
|
||||
<date>v0.1, 1996-05-30
|
||||
<abstract>
|
||||
Information on the installation, configuration and running of the MGR Window
|
||||
System.
|
||||
<p>
|
||||
<bf>Archived Document Notice:</bf> This document has been archived by the LDP
|
||||
because it does not apply to modern Linux systems. It is no longer
|
||||
being actively maintained.
|
||||
</p>
|
||||
</abstract>
|
||||
|
||||
<toc>
|
||||
|
||||
<sect>This HOWTO
|
||||
<p><verb>
|
||||
Copyright Vincent Broman 1995.
|
||||
Permission granted to make and distribute copies of this HOWTO
|
||||
under the conditions of the GNU General Public License.</verb>
|
||||
<sect1>Archiving
|
||||
<p>
|
||||
This HOWTO is archived in
|
||||
<tt>ftp://archimedes.nosc.mil/pub/Mgr/MGR-HOWTO.sgml</tt>,
|
||||
and also distributed from
|
||||
<tt>ftp://sunsite.unc.edu/pub/Linux/docs/HOWTO/MGR-HOWTO</tt>.
|
||||
In nearby directories the same document may appear in
|
||||
alternate formats like <tt>MGR-HOWTO.txt</tt>.
|
||||
<sect1>Authentication
|
||||
<p>
|
||||
Copies of the MGR distribution due to Broman should be accompanied
|
||||
by PGP signature files, signed by "Vincent Broman <broman@nosc.mil>".
|
||||
<sect1>Credit for the HOWTO
|
||||
<p>
|
||||
While Vincent Broman first put together this HOWTO,
|
||||
much of the information and text was obtained from FAQs,
|
||||
READMEs, etc. written by Stephen Uhler, Michael Haardt,
|
||||
and other public-spirited net-persons.
|
||||
Email corrections and suggested changes to <tt>broman@nosc.mil</tt>.
|
||||
|
||||
Uhler was the main architect of <bf>MGR</bf> -- see the Credit section below.
|
||||
|
||||
<sect>What is the MGR window system?
|
||||
<p>
|
||||
<sect1>Function
|
||||
<p>
|
||||
<bf>MGR</bf> (ManaGeR) is a graphical window system.
|
||||
The <bf>MGR</bf> server
|
||||
provides a builtin window manager and windowed graphics terminal
|
||||
emulation on color and monochrome bitmap displays. <bf>MGR</bf> is
|
||||
controlled by mousing pop-up menus, by keyboard interaction, and by
|
||||
escape sequences written on pseudo-terminals by client software.
|
||||
<p>
|
||||
<bf>MGR</bf> provides each client window with: termcap-style terminal
|
||||
control functions, graphics primitives such as line and circle
|
||||
drawing; facilities for manipulating bitmaps, fonts, icons, and
|
||||
pop-up menus; commands to reshape and position windows; and a
|
||||
message passing facility enabling client programs to rendezvous
|
||||
and exchange messages. Client programs may ask to be informed
|
||||
when a change in the window system occurs, such as a reshaped
|
||||
window, a pushed mouse button, or a message sent from another
|
||||
client program. These changes are called events.
|
||||
<bf>MGR</bf> notifies a
|
||||
client program of an event by sending it an ASCII character string
|
||||
in a format specified by the client program. Existing
|
||||
applications can be integrated into the windowing environment
|
||||
without modification by having <bf>MGR</bf> imitate keystrokes in response
|
||||
to user defined menu selections or other events.
|
||||
|
||||
<sect1>Requirements
|
||||
<p>
|
||||
<bf>MGR</bf> currently runs on Linux, FreeBSD,
|
||||
Sun 3/4 workstations with SunOS, and
|
||||
Coherent. Various older versions of <bf>MGR</bf> run on the Macintosh,
|
||||
Atari ST MiNT, Xenix, 386-Minix, DEC 3100, and the 3b1 Unix-pc.
|
||||
Many small, industrial, real-time systems under OS9 or Lynx in Europe
|
||||
use (another variant of) Mgr for their user interface.
|
||||
The programming interface is implemented in C and in ELisp,
|
||||
although supporting clients written in other languages is quite
|
||||
easy.
|
||||
|
||||
Running <bf>MGR</bf> requires much less in resources than X, or even gcc.
|
||||
It does not have the user-base, software repertory, or high-level
|
||||
libraries of X or MS-Windows, say, but it is quite elegant
|
||||
and approachable.
|
||||
|
||||
It has been said that <bf>MGR</bf> is to X as Unix was to Multics.
|
||||
|
||||
<sect1>How do MGR, X11, and 8.5 compare?
|
||||
<p>
|
||||
<bf>MGR</bf> consists of a server with builtin window manager and terminal
|
||||
emulator, and clients which run in this terminal emulator and use it
|
||||
to communicate with the server. No resource multiplexing is done.
|
||||
|
||||
X11 consists of a server and clients, which usually connect to the
|
||||
server using a socket. All user visible things like terminal
|
||||
emulators, window managers etc are done using clients. No resource
|
||||
multiplexing is done.
|
||||
|
||||
8.5, the Plan 9 window system, is a resource multiplexer, as each
|
||||
process running in a window can access <tt>/dev/bitblt</tt>,
|
||||
<tt>/dev/mouse</tt> and
|
||||
<tt>/dev/kbd</tt> in its own namespace. These are multiplexed to the
|
||||
<tt>/dev/bitblit</tt>, <tt>/dev/mouse</tt> and <tt>/dev/kbd</tt>
|
||||
in the namespace of 8.5.
|
||||
This approach allows one to run 8.5 in an 8.5 window,
|
||||
a very clean design. 8.5 further has an integrated window manager
|
||||
and terminal emulator.
|
||||
|
||||
<sect>Installing MGR
|
||||
<p>
|
||||
The latest source distribution can be FTPed from the directory
|
||||
<tt>ftp://archimedes.nosc.mil/pub/Mgr/69</tt>
|
||||
or Mosaiced from <tt>http://archimedes.nosc.mil/Mgr/69</tt>.
|
||||
The same should be found at
|
||||
<tt>ftp://sunsite.unc.edu/pub/Linux/apps/MGR</tt> and its mirrors.
|
||||
Older versions of this distribution
|
||||
from Haardt can be found on <tt>tsx-11.mit.edu</tt> and perhaps elsewhere.
|
||||
Pre-Linux versions of <bf>MGR</bf> from Uhler and others have been found at
|
||||
<tt>ftp://bellcore.com/pub/mgr</tt>, but I think they are gone now.
|
||||
I have saved a copy of everything about <bf>MGR</bf> seen on the Internet,
|
||||
but I am not aware of anything weighty
|
||||
that is missing from this Linux/Sun distribution.
|
||||
<bf>MGR</bf> has been through a lot of versions and releases,
|
||||
but the current *Linux* version number is 0.69. This version number
|
||||
could jump to 1.0 when stable 256-color VGA code for Linux appears
|
||||
(for more than one video card type).
|
||||
RCS version numbers have increased from Bellcore's 4.3 up to our 4.13 now.
|
||||
|
||||
Required tools to build this distribution of <bf>MGR</bf> are m4 (GNU, or
|
||||
perhaps another supporting the -D option), make (GNU, or perhaps
|
||||
another supporting include) and *roff for the docs. Also sh,
|
||||
awk, and POSIX install. Binary distributions are not assembled often
|
||||
so you need an ANSI C compiler environment, e.g. gcc.
|
||||
|
||||
A Linux installation requires Linux 0.99.10 or better
|
||||
(1.2.13 is what I actually test on now),
|
||||
an HGC, EGA, VGA, or SVGA graphics card, and a mouse. Mouses supported
|
||||
are: serial Microsoft mouse, serial MouseSystems 3 and 5 byte
|
||||
mouse, serial MMSeries mouse, serial Logitech mouse, PS/2 mouse,
|
||||
or a bus mouse.
|
||||
With Buckey (Meta) hot keys enabled, even a mouseless system could
|
||||
do a certain amount of useful work under <bf>MGR</bf>.
|
||||
The VGA 640x480 monochrome graphics mode is
|
||||
supported out of the box, as is 640x350 and 640x200. To run
|
||||
800x600, or other modes that your BIOS can initialize and which
|
||||
do not require bank-switching, you need to run a small program
|
||||
(supplied as <tt>src/vgamisc/regs.exe</tt>)
|
||||
under DOS or an emulator to read the VGA registers
|
||||
and write a header file which you place in the
|
||||
directory <tt>src/libbitblit/linux</tt>,
|
||||
so that it can be <tt>#include</tt>'d
|
||||
by the <tt>vga.c</tt> file there.
|
||||
Samples of these files are supplied, but please create your own.
|
||||
Some VGA cards can use 128k
|
||||
windows, and these might run higher monochrome resolutions.
|
||||
|
||||
The Linux-colorport code also runs in the standard
|
||||
320x200x256 color VGA mode without difficulty, because no bank switching
|
||||
is required. If you think of how few 64000 pixels is, you would
|
||||
realize this color mode is quite limited.
|
||||
Non-fast, but simple, bank-switching code has
|
||||
been added in version 0.65, and it works with a Tseng ET4000 card
|
||||
in 640x480x256 and 800x600x256 modes. The S3 code does not
|
||||
work in super VGA resolutions, yet. Supporting new super VGA cards
|
||||
requires writing one function to switch banks and then making sure that
|
||||
the desired screen mode can be initialized from a register dump,
|
||||
possibly with hand-tweaking. The Linux color servers generally
|
||||
mangle the screen fonts, necessitating use of restorefont as in runx.
|
||||
If someone were to extract the VGA initialization code out of X,
|
||||
this might make MGR work on a lot more color systems.
|
||||
|
||||
Suns with SunOS 4.1.2+ and <tt>bwtwo</tt>, <tt>cgthree</tt>, or
|
||||
<tt>cgsix</tt> frame buffers are supported.
|
||||
Their speed handling color is good.
|
||||
Coherent installations should refer to the
|
||||
<tt>Versions/README.Coh</tt> file in the source distribution.
|
||||
Porting the
|
||||
latest-and-greatest <bf>MGR</bf> to another POSIX-like system which
|
||||
provides <tt>select()</tt> and pty's and direct access to a bitmapped
|
||||
frame-buffer ought to be straightforward, just implementing the
|
||||
<tt>libbitblit</tt> library based on the <tt>sunmono</tt> or
|
||||
<tt>colorport</tt> code, say.
|
||||
|
||||
If you want to install everything, you need 7 MB disk space for
|
||||
binaries, fonts, manual pages etc. The sources are about 4.5 MB,
|
||||
plus object files during compilation.
|
||||
|
||||
Normally, <tt>/usr/mgr</tt> should be either the directory or a link to the
|
||||
directory where you install <bf>MGR</bf> stuff for runtime use. Typing
|
||||
<tscreen><verb>
|
||||
cd /usr/mgr; tar xvfz whereveryouputit/mgrusr-0.69.tgz
|
||||
</verb></tscreen>
|
||||
and optionally
|
||||
<tscreen><verb>
|
||||
cd /usr/mgr; tar xvfz wherever/morefonts-0.69.tgz
|
||||
</verb></tscreen>
|
||||
will unpack these. The source can be put anywhere, e.g. typing
|
||||
<tscreen><verb>
|
||||
cd /usr/src/local/mgr; tar xvfz wherever/mgrsrc-0.69.tgz
|
||||
</verb></tscreen>
|
||||
to unpack the sources from <tt>archimedes.nosc.mil</tt>.
|
||||
|
||||
The source tree can be compiled from one top-level Makefile which
|
||||
invokes lower-level Makefiles, all of which &dquot;include&dquot;
|
||||
a <tt>&dquot;Configfile&dquot;</tt>
|
||||
at the top level. The <tt>Configfile</tt> is created by an interactive sh
|
||||
script named <tt>Configure</tt>, which asks you questions,
|
||||
then runs m4 on a <tt>Configfile.m4</tt>.
|
||||
So you type something like this:
|
||||
|
||||
<tscreen><verb>
|
||||
chdir /usr/src/local/mgr
|
||||
sh ./Configure
|
||||
make first
|
||||
make depend
|
||||
make install
|
||||
make clean
|
||||
</verb></tscreen>
|
||||
|
||||
It might be wise, before running make, to eyeball the <tt>Configfile</tt>
|
||||
generated by the <tt>Configure</tt> script, checking that it looks reasonable.
|
||||
(At least one m4 poops out (Sun <tt>/usr/bin/m4</tt>),
|
||||
creating a very short <tt>Configfile</tt>.
|
||||
If this happens, try hand editing a copy of <tt>Configfile.sun</tt> or
|
||||
<tt>Configfile.lx</tt>)
|
||||
One can also <tt>make all</tt> in any directory with a Makefile
|
||||
as soon as the libraries have been compiled and installed.
|
||||
The server, libraries, and some clients have been linted, but several
|
||||
clients are K&R C code that generates many compiler warnings.
|
||||
<p>
|
||||
Several flags in MGRFLAGS can be added/omitted in the Configfile
|
||||
to change some
|
||||
optional features in the server, viz:
|
||||
<descrip>
|
||||
<tag/-DWHO/ muck utmp file so &dquot;who&dquot; works
|
||||
<tag/-DVI/ code for clicking the mouse in vi moving the cursor
|
||||
<tag/-DDEBUG/ enable debugging output selectable with -d options.
|
||||
<tag/-DFASTMOUSE/ XOR the mouse track
|
||||
<tag/-DBUCKEY/ for hot-key server commands without mousing
|
||||
<tag/-DPRIORITY/ for priority window scheduling instead of
|
||||
round-robin; the active window gets higher priority
|
||||
<tag/-DCUT/ for cut/paste between windows and a global snarf buffer
|
||||
<tag/-DMGR_ALIGN/ forces window alignment for fast scrolling (monochrome)
|
||||
<tag/-DKILL/ kills windows upon tty i/o errors
|
||||
<tag/-DSHRINK/ use only some of the screen ($MGRSIZE in environment)
|
||||
<tag/-DNOSTACK/ don't permit event stacking
|
||||
<tag/-DBELL/ audibly ring the bell
|
||||
<tag/-DKBD/ read <tt>mgr</tt> input from the sun kbd, instead of stdin.
|
||||
This permits redirection of console msgs to a window.
|
||||
<tag/-DFRACCHAR/ fractional character movement for proportional fonts
|
||||
<tag/-DXMENU/ extended menu stuff (experimental)
|
||||
<tag/-DMOVIE/ movie making extension which logs all operations to a
|
||||
file for later replay -- not quite working under Linux
|
||||
<tag/-DEMUMIDMSBUT/ Emulate a missing middle mouse button by chording
|
||||
</descrip>
|
||||
Not all combinations of these options have been tested on all systems.
|
||||
|
||||
The BITBLITFLAGS macro should contain <tt>-DBANKED</tt> if you're trying
|
||||
out the super VGA color.
|
||||
<p>
|
||||
C code for the static variables in the server containing icons and fonts
|
||||
is generated by a translator from icon and font files.
|
||||
|
||||
Not all the clients are compiled and installed by the Makefiles.
|
||||
Clients found under <tt>src/clients</tt> having capitalized names or
|
||||
not compiled by the supplied Makefiles may have problems compiling
|
||||
and/or running, but they may be interesting to hack on.
|
||||
Most of the screen drivers found under the <tt>libbitblit</tt> directory are
|
||||
of mainly archeological interest. Grave robbing can be profitable.
|
||||
<p>
|
||||
At some point check that your <tt>/etc/termcap</tt> and/or
|
||||
<tt>terminfo</tt> file
|
||||
contain entries for <bf>MGR</bf> terminals such as found in the <tt>misc</tt>
|
||||
directory. If all your software checks $TERMCAP in the environment,
|
||||
this is not needed, as long as you run <tt>eval `set_termcap`</tt>
|
||||
in each window.
|
||||
<p>
|
||||
<bf>MGR</bf> works better if run setuid root, because it wants to chown
|
||||
ptys and write in the utmp file. This helps the ify iconifier
|
||||
client work better and the event passing mechanism be more secure.
|
||||
On Linux, root permissions are <em>required</em> in order to do in/out on the
|
||||
screen device. Otherwise, you decide whether to trust it.
|
||||
<p>
|
||||
In versions around 0.62 there are troubles on the Sun with using
|
||||
the csh as the default shell. Programs seem to run in a different
|
||||
process group than the foreground process group of the window's pty,
|
||||
in contradiction to man pages and posix specs.
|
||||
There is no trouble with bash, sh, or rc. Ideas why?
|
||||
|
||||
<sect>Running MGR
|
||||
<p>
|
||||
The only file <em>required</em> in an <bf>MGR</bf> installation is the server
|
||||
itself. That would give you terminal emulator windows with shells
|
||||
running in them and cutting and pasting with the mouse,
|
||||
but no nice clocks, extra fonts, fancy graphics,
|
||||
etc. Depending on options, a monochrome server needs about 200K of RAM
|
||||
plus dynamic space for windows, bitmaps, etc.
|
||||
<p>
|
||||
If <tt>/usr/mgr/bin</tt> is in your PATH,
|
||||
then just type &dquot;<tt>mgr</tt>&dquot; to start up.
|
||||
After enjoying the animated startup screen, press any key.
|
||||
When the hatched background and mouse pointer appear, hold down
|
||||
the left mouse button, highlight the &dquot;new window&dquot; menu item, and
|
||||
release the button. Then drag the mouse from corner to corner
|
||||
where you want a window to appear. The window will have your
|
||||
default shell running in it. Hold down the left mouse button over
|
||||
an existing window to see another menu for doing things to that
|
||||
window. Left-clicking on an obscured window raises it to the top.
|
||||
The menu you saw that pops-up over the empty background
|
||||
includes the quit command.
|
||||
For people with a two button mouse:
|
||||
press both buttons together to emulate the missing middle button
|
||||
used by some clients.
|
||||
<p>
|
||||
The quit submenu includes the &dquot;really quit&dquot; option,
|
||||
a suspend option which should only be used if you run a
|
||||
job-control shell, and a screen saver and locker option, which
|
||||
waits for you to type your login password when you come back
|
||||
to your machine.
|
||||
<p>
|
||||
When trying to run <bf>MGR</bf>, if you get:
|
||||
<descrip>
|
||||
<tag/can't find the screen/
|
||||
make sure you have a <tt>/dev</tt> entry for your display device,
|
||||
e.g. on
|
||||
a Sun <tt>/dev/bwtwo0</tt>. If not, as root cd to <tt>/dev</tt>, and type
|
||||
&dquot;MAKEDEV bwtwo0&dquot;. Otherwise, you might need the
|
||||
<tt>-S/dev/bwtwo0</tt>
|
||||
or (on Linux) the <tt>-S640x480</tt> command line option when starting <tt>mgr</tt>.
|
||||
On Linux, you might also make sure that <tt>/usr/mgr/bin/mgr</tt> was
|
||||
installed setuid root.
|
||||
|
||||
<tag/can't find the mouse/
|
||||
make sure <tt>/dev/mouse</tt> exists, usually as a symbolic link to the
|
||||
real device name for your mouse. If you haven't permission to
|
||||
write in <tt>/dev</tt>, then something like a <tt>-m/dev/cua0</tt>
|
||||
option can be
|
||||
given when starting <tt>mgr</tt>. Also, make sure you've supplied the
|
||||
right mouse protocol choice when you configured <tt>mgr</tt>. The mouse
|
||||
may speak Microsoft, even if that is not the brand name.
|
||||
|
||||
<tag/can't get a pty/
|
||||
make sure all of <tt>/dev/[tp]ty[pq]?</tt>
|
||||
are owned by root, mode 666,
|
||||
and all programs referenced with the &dquot;shell&dquot; option in
|
||||
your <tt>.mgrc</tt> startup file (if any) exist and are executable.
|
||||
|
||||
<tag/none but the default font/
|
||||
make sure <bf>MGR</bf> is looking in the right
|
||||
place for its fonts. Check the <tt>Configfile</tt> in the source or
|
||||
see whether a <tt>-f/usr/mgr/font</tt> option to <tt>mgr</tt> fixes the problem.
|
||||
|
||||
<tag/completely hung (not even the mouse track moves)/
|
||||
login to your machine from another terminal (or rlogin) and kill the
|
||||
<tt>mgr</tt> process.
|
||||
A buckey-Q key can quit <bf>MGR</bf> if the keyboard still works.
|
||||
</descrip>
|
||||
|
||||
<sect1>Applications not aware of MGR
|
||||
<p>
|
||||
Any tty-oriented application can be run in an <bf>MGR</bf> window
|
||||
without further ado. Screen-oriented applications using
|
||||
termcap or curses can get the correct number of lines and
|
||||
columns in the window by your using <tt>shape(1)</tt>
|
||||
to reshape the window or using
|
||||
<tt>set_termcap(1)</tt> to obtain the correct termcap entry.
|
||||
|
||||
<sect1>MGR Applications (clients) distributed with the server
|
||||
<p>
|
||||
<descrip>
|
||||
<tag/bdftomgr/ converts some BDF fonts to MGR fonts
|
||||
<tag/browse/ an icon browser
|
||||
<tag/bury/ bury this window
|
||||
<tag/c_menu/ vi menus from C compiler errors
|
||||
<tag/clock/ digital display of time of day
|
||||
<tag/clock2/ analog display of time of day
|
||||
<tag/close/ close this window, iconify
|
||||
<tag/color/ set the foreground and background color for text in this window
|
||||
<tag/colormap/ read or write in the color lookup table
|
||||
<tag/cursor/ change appearance of the character cursor
|
||||
<tag/cut/ cut text from this window into the cut buffer
|
||||
<tag/cycle/ display a sequence of icons
|
||||
<tag/dmgr/ crude ditroff previewer
|
||||
<tag/fade/ fade a home movie script from one scene to another
|
||||
<tag/font/ change to a new font in this window
|
||||
<tag/gropbm/ a groff to PBM driver using Hershey fonts
|
||||
<tag/hpmgr/ hp 2621 terminal emulator
|
||||
<tag/ico/ animate an icosahedron or other polyhedron
|
||||
<tag/iconmail/ notification of mail arrival
|
||||
<tag/iconmsgs/ message arrival notification
|
||||
<tag/ify/ iconify and deiconify windows
|
||||
<tag/loadfont/ load a font from the file system
|
||||
<tag/maze/ a maze game
|
||||
<tag/mclock/ micky mouse clock
|
||||
<tag/menu/ create or select a pop-up menu
|
||||
<tag/mgr/ bellcore window system server and window manager
|
||||
<tag/mgrbd/ boulder-dash game
|
||||
<tag/mgrbiff/ watch mailbox for mail and notify
|
||||
<tag/mgrload/ graph of system load average
|
||||
<tag/mgrlock/ lock the console
|
||||
<tag/mgrlogin/ graphical login controller
|
||||
<tag/mgrmag/ magnify a part of the screen, optionally dump to file
|
||||
<tag/mgrmail/ notification of mail arrival
|
||||
<tag/mgrmode/ set or clear window modes
|
||||
<tag/mgrmsgs/ message arrival notification
|
||||
<tag/mgrplot/ Unix &dquot;plot&dquot; graphics filter
|
||||
<tag/mgrsclock/ sandclock
|
||||
<tag/mgrshowfont/ browse through mgr fonts
|
||||
<tag/mgrsketch/ a sketching/drawing program
|
||||
<tag/mgrview/ view mgr bitmap images
|
||||
<tag/mless/ start up less/more in separate window, menu added for less
|
||||
<tag/mnew/ startup up any program in a separate, independent window
|
||||
<tag/mphoon/ display the current phase of the moon
|
||||
<tag/mvi/ start up vi in a separate window, with mouse pointing
|
||||
<tag/oclose/ (old) close a window
|
||||
<tag/omgrmail/ (old) notification of mail arrival
|
||||
<tag/pbmrawtomgr, pgmrawtomgr, ppmrawtomgr/ convert raw PBM/PGM/PPM image files to mgr bitmap format
|
||||
<tag/pbmstream/ split out a stream of bitmaps
|
||||
<tag/pbmtoprt/ printer output from PBM
|
||||
<tag/pgs/ ghostscript patch and front end, a PS viewer
|
||||
<tag/pilot/ a bitmap browser, or image viewer
|
||||
<tag/resetwin/ cleanup window state after client crashes messily
|
||||
<tag/rotate/ rotate a bitmap 90 degrees.
|
||||
<tag/screendump/ write graphics screen dump to a bitmap file
|
||||
<tag/set_console/ redirect console messages to this window
|
||||
<tag/set_termcap/ output an appropriate TERM and TERMCAP setting
|
||||
<tag/setname/ name a window, for messages and iconifying
|
||||
<tag/shape/ reshape this window
|
||||
<tag/square/ square this window
|
||||
<tag/squeeze/ compress mgr bitmap using run-length encoding
|
||||
<tag/startup/ produce a skeleton startup file for current window layout
|
||||
<tag/texmgr/ TeX dvi file previewer
|
||||
<tag/text2font, font2text/ convert between mgr font format and text dump
|
||||
<tag/unsqueeze/ uncompress mgr bitmap using run length encoding
|
||||
<tag/vgafont2mgr, mgrfont2vga/ convert between mgr font format and VGA
|
||||
<tag/window_print/ print an image of a window
|
||||
<tag/zoom/ an icon editor
|
||||
<tag/bounce, grav, grid, hilbert, mgreyes, stringart, walk/ graphics demos
|
||||
</descrip>
|
||||
|
||||
<sect1>MGR-aware clients distributed separately, see &dquot;SUPPORT&dquot; file
|
||||
<p>
|
||||
<descrip>
|
||||
<tag/calctool/ on-screen calculator
|
||||
<tag/chess/ frontend to <tt>/usr/games/chess</tt>
|
||||
<tag/gnu emacs/ editor with <tt>lisp/term/mgr.el</tt> mouse & menu support
|
||||
<tag/gnuplot/ universal scientific data plotting
|
||||
<tag/metafont/ font design and creation
|
||||
<tag/origami/ folding editor
|
||||
<tag/pbmplus/ portable bitmap format conversions, manipulations
|
||||
<tag/plplot/ slick scientific data plotting
|
||||
</descrip>
|
||||
<p>
|
||||
The Emacs support in <tt>misc/mgr.el</tt> and <tt>misc/mailcap</tt>
|
||||
includes very usable MIME support, via Rmail and metamail.
|
||||
<p>
|
||||
A general image viewer could be cobbled together from <tt>pilot</tt>
|
||||
and the netPBM filters, but I have not taken the time to do it.
|
||||
|
||||
<sect>Programming for MGR
|
||||
<p>
|
||||
The <bf>MGR</bf> programmers manual, the C language applications interface,
|
||||
is found in the doc directory in troff/nroff form. It covers
|
||||
general concepts, the function/macro calls controlling the server,
|
||||
a sample application, with an index and glossary.
|
||||
|
||||
Porting client code used with older versions of <bf>MGR</bf> sometimes
|
||||
requires the substitution of
|
||||
<tscreen><verb>
|
||||
#include <mgr/mgr.h>
|
||||
</verb></tscreen>
|
||||
for
|
||||
<tscreen><verb>
|
||||
#include <term.h>
|
||||
#include <dump.h>
|
||||
</verb></tscreen>
|
||||
and clients using old-style B_XOR, B_CLEAR, et al instead of
|
||||
BIT_XOR, BIT_CLR, et al can be accommodated by writing
|
||||
<tscreen><verb>
|
||||
#define OLDMGRBITOPS
|
||||
#include <mgr/mgr.h>
|
||||
</verb></tscreen>
|
||||
|
||||
Compiling client code generally requires compiler options like
|
||||
the following.
|
||||
<tscreen><verb>
|
||||
-I/usr/mgr/include -L/usr/mgr/lib -lmgr
|
||||
</verb></tscreen>
|
||||
|
||||
One can get some interactive feel for the <bf>MGR</bf> server functions by
|
||||
reading and experimenting with the <tt>mgr.el</tt> terminal driver for GNU
|
||||
Emacs which implements the <bf>MGR</bf> interface library in ELisp.
|
||||
|
||||
The usual method of inquiring state from the server has the
|
||||
potential of stumbling on a race condition if the client also
|
||||
expects a large volume of event notifications. The problem arises
|
||||
if an (asynchronous) event notification arrives when a
|
||||
(synchronous) inquiry response was expected. If this arises in
|
||||
practice (unusual) then the <bf>MGR</bf> state inquiry functions would have
|
||||
to be integrated with your event handling loop.
|
||||
|
||||
The only major drawing function missing from the <bf>MGR</bf> protocol, it
|
||||
seems, is an area fill for areas other than upright rectangles.
|
||||
There is new code for manipulating the global colormap, as well as
|
||||
(advisory) allocation and freeing of color indices owned by windows.
|
||||
|
||||
If you are thinking of hacking on the server, you can find the mouse
|
||||
driver in <tt>mouse.*</tt> and <tt>mouse_get.*</tt>,
|
||||
the grotty parts of the keyboard
|
||||
interface in <tt>kbd.c</tt>, and the interface to the display in the
|
||||
<tt>src/libbitblit/*</tt> directories. The main procedure, much
|
||||
initialization, and the top level input loop are in <tt>mgr.c</tt>, and the
|
||||
interpretation of escape sequences is in <tt>put_window.c</tt>.
|
||||
|
||||
<sect>More documentation
|
||||
<p>
|
||||
The programmer's manual is essential for concepts.
|
||||
|
||||
Nearly all the clients supplied come with a man page which is installed
|
||||
into <tt>/usr/mgr/man/man1</tt> or <tt>man6</tt>.
|
||||
Other useful man pages are <tt>bitblit.3</tt>, <tt>font.5</tt>, and
|
||||
<tt>bitmap.5</tt>.
|
||||
There is some ambiguity in the docs in distinguishing the
|
||||
internal bitmap format found in your frame-buffer and the external
|
||||
bitmap format found in files, e.g. icons.
|
||||
|
||||
The <tt>mgr.1</tt> man page covers command line options, commands in
|
||||
the <tt>~/.mgrc</tt> startup file, mouse and menu interaction with the server,
|
||||
and hot-key shortcuts available on systems with such hot-keys.
|
||||
|
||||
Many of the fonts in <tt>/usr/mgr/font/*</tt> are described to some
|
||||
extent in <tt>/usr/mgr/font/*.txt</tt>, e.g. <tt>/usr/mgr/font/FONTDIR.txt</tt>
|
||||
gives X-style font descriptions for the fonts obtained
|
||||
in .bdf format. Font names end in <tt>WxH</tt>, where <tt/W/ and <tt/H/
|
||||
are the
|
||||
decimal width and height in pixels of each character box.
|
||||
|
||||
<sect>Credit for MGR
|
||||
<p>
|
||||
Stephen Uhler, with others working at Bellcore, was the original
|
||||
designer and implementer of <bf>MGR</bf>, so Bellcore has copyrighted much
|
||||
of the code and documentation for <bf>MGR</bf> under the following conditions.
|
||||
|
||||
<verb>
|
||||
* Permission is granted to copy or use this program, EXCEPT that it
|
||||
* may not be sold for profit, the copyright notice must be reproduced
|
||||
* on copies, and credit should be given to Bellcore where it is due.
|
||||
</verb>
|
||||
|
||||
One required showing of the copyright notice is the startup title screen.
|
||||
|
||||
Other credits to:
|
||||
<itemize>
|
||||
<item> Stephen Hawley for his wonderful icons.
|
||||
<item> Tommy Frandsen for the VGA linux library.
|
||||
<item> Tom Heller for his Gasblit library.
|
||||
<item> Andrew Haylett for the Mouse driver code.
|
||||
<item> Dan McCrackin for his gasblit->linux patches.
|
||||
<item> Dave Gymer, dgymer@gdcarc.co.uk, for the Startrek effect fix.
|
||||
<item> Alex Liu for first releasing a working Linux version of <bf>MGR</bf>.
|
||||
<item> Lars Aronsson (aronsson@lysator.liu.se) for text2font and
|
||||
an ISO8859-1 8-bit font.
|
||||
<item> Harry Pulley (hcpiv@grumpy.cis.uoguelph.ca,
|
||||
hcpiv@snowhite.cis.uoguelph.ca) for the Coherent port.
|
||||
<item> Vance Petree & Grant Edwards & Udo Munk for their work on Hercules.
|
||||
<item> Udo Munk for his work on serial mouse initialization & select.
|
||||
<item> Norman Bartek & Hal Snyder at Mark Williams Co. for their help
|
||||
with some bugs & with Coherent device drivers.
|
||||
<item> Extra thanks to Zeyd Ben Halim for lots of helpful patches,
|
||||
especially the adaptation of selection.
|
||||
<item> Bradley Bosch, brad@lachman.com, for lots of patches from his 3b1
|
||||
port, which fix bugs and implement new and desirable features.
|
||||
<item> Andrew Morton, applix@runxtsa.runx.oz.au, who first wrote the
|
||||
cut-word code.
|
||||
<item> Kapil Paranjape, kapil@motive.math.tifr.res.in, for the EGA
|
||||
support.
|
||||
<item> Michael Haardt for MOVIE support fixes, bug fixes, separation of the
|
||||
libbitblit code into output drivers, expansion of the libmgr, and
|
||||
origami folding of the code.
|
||||
<item> Yossi Gil for many fonts.
|
||||
<item> Carsten Emde, carsten@thlmak.pr.net.ch, for mphoon.
|
||||
<item> Vincent Broman for middle mouse-button emulation, linting, Sun cgsix
|
||||
support, VGA colormap acess, integration of the sunport code
|
||||
into Haardt's layering scheme, font gathering, the screen saver,
|
||||
and continued maintenance.
|
||||
<item> Kenneth Almquist, ka@socrates.hr.att.com, for helpful bug reports.
|
||||
<item> Tim Pierce, twpierce@midway.uchicago.edu, for the port to FreeBSD
|
||||
2.0R with Trident VGA.
|
||||
</itemize>
|
||||
|
||||
All bitmap fonts from any source are strictly public domain in the
|
||||
USA. The 583 fixed-width fonts supplied with <bf>MGR</bf> were obtained
|
||||
from Uhler, the X distribution, Yossi Gil, and elsewhere.
|
||||
The Hershey vector fonts and the code for rendering them
|
||||
are probably freely redistributable.
|
||||
|
||||
</article>
|
|
@ -1,360 +0,0 @@
|
|||
<!doctype linuxdoc system>
|
||||
|
||||
<article>
|
||||
|
||||
<title>The VPN HOWTO
|
||||
<author>Arpad Magosanyi <mag@bunuel.tii.matav.hu> v0.2,7 Aug1997
|
||||
<date>v0.3, 2001-12-01
|
||||
|
||||
<p>
|
||||
<bf>Archived Document Notice:</bf> This document has been archived by the LDP
|
||||
because it does not apply to modern Linux systems. It is no longer
|
||||
being actively maintained.
|
||||
</p>
|
||||
|
||||
<sect>Changes
|
||||
<p>
|
||||
|
||||
The 'no controlling tty problem' -> -o 'BatchMode yes' by Zot O'Connor <zot@crl.com>
|
||||
|
||||
warning about kernel 2.0.30 by mag
|
||||
<sect>Blurb
|
||||
<p>
|
||||
|
||||
This is the Linux VPN howto, a collection of information on how to set up a Virtual Protected Network in Linux (and other unices in general).
|
||||
<sect1>Copyright
|
||||
<p>
|
||||
|
||||
This document is part of the Linux Documentation Project. The copyright notice is the following:
|
||||
<p>
|
||||
The VPN mini HOWTO written by me can be copied,
|
||||
distributed, and/or modified under the terms of the GNU Free Documentation
|
||||
License, Version 1.1 or any later version published by the Free Software
|
||||
Foundation; with the Invariant Section being the section entitled "About
|
||||
the ppp over ssh vpn technique", with any Front-Cover Text containing the p=
|
||||
hrase
|
||||
"Based on the work of Arpad Magosanyi", and with any Back-Cover Text.
|
||||
|
||||
<sect1>Disclaimer
|
||||
<p>
|
||||
|
||||
As usual: the author not responsible for any damage. For the correct wording, see the relevant part of the GNU GPL 0.1.1
|
||||
<sect1>Disclaimer
|
||||
<p>
|
||||
|
||||
We are dealing with security: you are not safe if you haven't got good security policy, and other rather boring things.
|
||||
<sect1>Credits
|
||||
<p>
|
||||
|
||||
Thanks to all of who has written the tools used.
|
||||
|
||||
Thanks to Zot O'Connor <zot@crl.com> for pointing out the "no controlling tty" problem, and it's solution.
|
||||
<sect1>State of this document
|
||||
<p>
|
||||
|
||||
This is very preliminary. You should have thorough knowledge of administrating IP, at least some knowledge of firewalls, ppp and ssh. You should know them anyway if you want to set up a VPN. I just decided to write down my experiences not to forget them. There are possibly some security holes indeed. To be fair I've tried it on hosts configured as routers not firewalls, saying: It's simple from that point.
|
||||
<sect1>Related documentations
|
||||
<p>
|
||||
<itemize>
|
||||
<item>The Linux Firewall-HOWTO /usr/doc/HOWTO/Firewall-HOWTO
|
||||
<item>The Linux PPP-HOWTO /usr/doc/HOWTO/PPP-HOWTO.gz
|
||||
<item>The ssh documentations /usr/doc/ssh/*
|
||||
<item>The Linux Network Admins' Guide
|
||||
<item>NIST Computer Security Special Publications http://csrc.ncsl.nist.gov/nistpubs/
|
||||
<item>Firewall list (majordomo@greatcircle.com)
|
||||
</itemize>
|
||||
<sect>Introduction
|
||||
<p>
|
||||
|
||||
As firewalls are in more and more widely use in internet and intranet security, the ability to do nice VPNs is important. Here are my experiences. Comments are welcome.
|
||||
<sect1>Naming conventions
|
||||
<p>
|
||||
|
||||
I will use the terms "master firewall" and "slave firewall", though making a VPN has nothing to do with client-server architecture. I simply refer to them as the active and passive participants of the connection's setup. The host which is starts the setup will be referred as the master, and the passive participant will be the slave.
|
||||
<sect>Doing it
|
||||
<p>
|
||||
<sect1>Planning
|
||||
<p>
|
||||
|
||||
Before you start to set up your system, you should know the networking details. I assume you have two firewalls protecting one intranet per firewall, and they are both connected to the internet. So now you should have two network interfaces (at least) per firewall. Take a sheet of paper, write down their IP addresses and network mask. You will need one more IP adresses per firewall for the VPN you want to do now. Those addresses should be outside of your existing subnets. I suggest using addresses from the "private" address ranges. They are the followings:
|
||||
<itemize>
|
||||
<item>10.0.0.0 - 10.255.255.255
|
||||
<item>172.16.0.0 - 172.31.255.255
|
||||
<item>192.168.0.0 - 192.168.255.255
|
||||
</itemize>
|
||||
|
||||
For the sake of example, here's a sample configuration: The two bastions are called fellini and polanski. They have one interface for the internet (-out), one for the intranet (-in), and one for the vpn (-vpn). The addresses and netmasks:
|
||||
<itemize>
|
||||
<item>fellini-out: 193.6.34.12 255.255.255.0
|
||||
<item>fellini-in: 193.6.35.12 255.255.255.0
|
||||
<item>fellini-vpn: 192.168.0.1 point-to-point
|
||||
<item>polanski-out: 193.6.36.12 255.255.255.0
|
||||
<item>polanski-in: 193.6.37.12 255.255.255.0
|
||||
<item>polanski-vpn: 192.168.0.2 point-to-point
|
||||
</itemize>
|
||||
|
||||
So we have the plan.
|
||||
<sect1>Gathering the tools
|
||||
<p>
|
||||
|
||||
You will need a
|
||||
<itemize>
|
||||
<item>Linux firewall
|
||||
<item>kernel
|
||||
<item>very minimal configuration
|
||||
<item>ipfwadm
|
||||
<item>fwtk
|
||||
<item>Tools for the VPN
|
||||
<item>ssh
|
||||
<item>pppd
|
||||
<item>sudo
|
||||
<item>pty-redir
|
||||
</itemize>
|
||||
|
||||
Current versions:
|
||||
<itemize>
|
||||
<item>kernel: 2.0.29 Use a stable kernel, and it must be newer than 2.0.20, because the ping'o'death bug. At the time of writing 2.0.30 is the last "stable" kernel, but it has some bugs. If you want to have the fast and cool networking code introduced in it, try a prepatch. the 3rd is working for me nicely.
|
||||
<item>base system: I prefer Debian. YMMV. You absolutely don't want to use any big packages, and you never even tought of using sendmail, of course. You also definitely don't want to enable telnet, ftp, and the 'r' commands (as usual in case of any other unix hosts).
|
||||
<item>ipfwadm: I've used 2.3.0
|
||||
<item>fwtk: I've used 1.3
|
||||
<item>ssh: >= 1.2.20. There are problems with the underlying protocol in the older versions.
|
||||
<item>pppd: I've used 2.2.0f for the tests, but I'm not sure if is it secure, this is why I turned the setuid bit off, and used sudo to launch it.
|
||||
<item>sudo: 1.5.2 the newest I am aware of
|
||||
<item>pty-redir: It is written by me. Try ftp://ftp.vein.hu/ssa/contrib/mag/pty-redir-0.1.tar.gz. Its version number is 0.1 now. Tell me it there is any problem with it.
|
||||
</itemize>
|
||||
<sect1>Compile and install
|
||||
<p>
|
||||
|
||||
Compile or otherwise install the gathered tools. Look at every one's documentation (and the firewall-howto) for details. Now we have the tools.
|
||||
<sect1>Configure the other subsystems
|
||||
<p>
|
||||
|
||||
Configure your firewall rules, etc. You need to enable ssh traffic between the two firewll hosts. It means a connection to port 22 on the slave from the master. Start sshd on the slave and verify if you can login. This step is untested, please tell me your results.
|
||||
<sect1>Set up the accounts for the VPN
|
||||
<p>
|
||||
|
||||
Create an account on the slave firewall use your favourite tool (e.g. vi, mkdir, chown, chmod) you might create an account on the master also, but I think you want to set up the connection at boot time, so your ordinary root account will do. Can anyone point out risks on using the root account on the master?
|
||||
<sect1>Generate an ssh key for your master account
|
||||
<p>
|
||||
|
||||
Use the ssh-keygen program. Set empty password for the private key if you want to do automatic setup of the VPN.
|
||||
<sect1>Set up automatic ssh login for the slave account
|
||||
<p>
|
||||
|
||||
Copy the newly generated public key in the slave account under .ssh/authorized_keys, and set up file permissions like the following:
|
||||
<verb>
|
||||
drwx------ 2 slave slave 1024 Apr 7 23:49 ./
|
||||
drwx------ 4 slave slave 1024 Apr 24 14:05 ../
|
||||
-rwx------ 1 slave slave 328 Apr 7 03:04 authorized_keys
|
||||
-rw------- 1 slave slave 660 Apr 14 15:23 known_hosts
|
||||
-rw------- 1 slave slave 512 Apr 21 10:03 random_seed
|
||||
</verb>
|
||||
|
||||
The first row being ˜slave/.ssh, and the second is ˜slave.
|
||||
<sect1>Tighten ssh security on the bastions.
|
||||
<p>
|
||||
|
||||
It means the followings on my setup in sshd_conf:
|
||||
<verb>
|
||||
PermitRootLogin no
|
||||
IgnoreRhosts yes
|
||||
StrictModes yes
|
||||
QuietMode no
|
||||
FascistLogging yes
|
||||
KeepAlive yes
|
||||
RhostsAuthentication no
|
||||
RhostsRSAAuthentication no
|
||||
RSAAuthentication yes
|
||||
PasswordAuthentication no
|
||||
PermitEmptyPasswords no
|
||||
</verb>
|
||||
|
||||
Password authentication is turned off, so login is only possible with authorized keys. (You've turned off telnet and the 'r' commands of course).
|
||||
<sect1>Enable execution of ppp and route for both accounts.
|
||||
<p>
|
||||
|
||||
As the master account is the root in my case, it has nothing to do. For the slave account, the following lines appear in /etc/sudoers:
|
||||
<verb>
|
||||
Cmnd_Alias VPN=/usr/sbin/pppd,/usr/local/vpn/route
|
||||
slave ALL=NOPASSWD: VPN
|
||||
</verb>
|
||||
|
||||
As you can see, I am using some scripts to set up ppp and the routing tables on the slave host.
|
||||
<sect1>Do the scripting
|
||||
<p>
|
||||
|
||||
On the master host there is a full-blown init script I am using:
|
||||
<verb>
|
||||
#! /bin/sh
|
||||
# skeleton example file to build /etc/init.d/ scripts.
|
||||
# This file should be used to construct scripts for /etc/init.d.
|
||||
#
|
||||
# Written by Miquel van Smoorenburg <miquels@cistron.nl>.
|
||||
# Modified for Debian GNU/Linux
|
||||
# by Ian Murdock <imurdock@gnu.ai.mit.edu>.
|
||||
#
|
||||
# Version: @(#)skeleton 1.6 11-Nov-1996 miquels@cistron.nl
|
||||
#
|
||||
|
||||
PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X11/:
|
||||
PPPAPP=/home/slave/ppp
|
||||
ROUTEAPP=/home/slave/route
|
||||
PPPD=/usr/sbin/pppd
|
||||
NAME=VPN
|
||||
REDIR=/usr/local/bin/pty-redir
|
||||
SSH=/usr/bin/ssh
|
||||
MYPPPIP=192.168.0.1
|
||||
TARGETIP=192.168.0.2
|
||||
TARGETNET=193.6.37.0
|
||||
MYNET=193.6.35.0
|
||||
SLAVEWALL=polanski-out
|
||||
SLAVEACC=slave
|
||||
|
||||
test -f $PPPD || exit 0
|
||||
|
||||
set -e
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
echo setting up vpn
|
||||
$REDIR $SSH -o 'Batchmode yes' -t -l $SLAVEACC $SLAVEWALL sudo $PPPAPP >/tmp/device
|
||||
TTYNAME=`cat /tmp/device`
|
||||
echo tty is $TTYNAME
|
||||
sleep 10s
|
||||
if [ ! -z $TTYNAME ]
|
||||
then
|
||||
$PPPD $TTYNAME ${MYPPPIP}:${TARGETIP}
|
||||
else
|
||||
echo FAILED!
|
||||
logger "vpn setup failed"
|
||||
fi
|
||||
sleep 5s
|
||||
route add -net $TARGETNET gw $TARGETIP
|
||||
$SSH -o 'Batchmode yes' -l $SLAVEACC $SLAVEWALL sudo $ROUTEAPP
|
||||
;;
|
||||
stop)
|
||||
ps -ax | grep "ssh -t -l $SLAVEACC " | grep -v grep | awk '{print $1}' | xargs kill
|
||||
;;
|
||||
*)
|
||||
# echo "Usage: /etc/init.d/$NAME {start|stop|reload}"
|
||||
echo "Usage: /etc/init.d/$NAME {start|stop}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
||||
|
||||
</verb>
|
||||
|
||||
The slave uses one script for routing setup (/usr/local/vpn/route):
|
||||
<verb>
|
||||
#!/bin/bash
|
||||
/sbin/route add -net 193.6.35.0 gw 192.168.0.1
|
||||
</verb>
|
||||
|
||||
and its .ppprc consists of the following:
|
||||
<verb>
|
||||
passive
|
||||
</verb>
|
||||
<sect>Look at what's happening:
|
||||
<p>
|
||||
|
||||
The master logs in into the slave, starts pppd, and redirects this all thing into a local pty. It consists of the following steps:
|
||||
<itemize>
|
||||
<item>allocating a new pty
|
||||
<item>sshing into the slave
|
||||
<item>running pppd on the slave
|
||||
<item>the master runs pppd in this local pty
|
||||
<item>and sets up the routing table on the client.
|
||||
</itemize>
|
||||
|
||||
There are (not very tight) timing considerations involved, this is why that 'sleep 10s'.
|
||||
<sect>Doing it by hand.
|
||||
<p>
|
||||
<sect1>Logging in
|
||||
<p>
|
||||
|
||||
You've already tried if ssh works well, aren't you? If the slave refuses to log you in, read the logs. Perhaps there are problems with file permissions or the sshd setup.
|
||||
<sect1>Firing up ppp
|
||||
<p>
|
||||
|
||||
Log in into slave, and issue:
|
||||
<verb>sudo /usr/sbin/pppd passive
|
||||
|
||||
</verb>
|
||||
|
||||
You should see garbage coming at this point. If it works good, if not, there is some problem either with sudo, either with pppd. Look what the commands had said, and at the logs and at the <em>/etc/ppp/options</em>, and the <em>.ppprc </em>file. If it works, write this 'passive' word into .ppprc, and try again. To get rid off the garbage and continue working, press enter,'˜' and '^Z'. You should have the master's prompt now, and kill %1. See the section about tuning if you want to know more of the escape character.
|
||||
<sect1>Together the two
|
||||
<p>
|
||||
|
||||
Well, then
|
||||
<verb>ssh -l slave polanski sudo /usr/sbin/pppd
|
||||
|
||||
</verb>
|
||||
|
||||
should work also, and deliver the garbage right into your face.
|
||||
<sect1>Pty redirecting
|
||||
<p>
|
||||
|
||||
Try to redirect this whole thing this time:
|
||||
<verb>/usr/local/bin/pty-redir /usr/bin/ssh -l slave polanski sudo /usr/sbin/pppd
|
||||
|
||||
</verb>
|
||||
|
||||
Nice long sentence isn't it? You should use the full path into the ssh executable, as the pty-redir program allows only this form for security reasons. Now you've got a device name from the program. Let's say, you've got <em>/dev/ttyp0 </em> You can use the ps command to look what has happened. Look for 'p0'
|
||||
<sect1>Is anything on the device?
|
||||
<p>
|
||||
|
||||
Try
|
||||
<verb>/usr/sbin/pppd /dev/ttyp0 local 192.168.0.1:192.168.0.2
|
||||
|
||||
</verb>
|
||||
|
||||
to establish the connection. Look at the output of the ifconfig command to see if the device has established, and use ping to check your virtual net.
|
||||
<sect1>Setting up the routes
|
||||
<p>
|
||||
|
||||
Set up the routes on the master host, and on the slave also. Now you should be able to ping one host in one intranet from other host in the other intranet. Set up the additional firewalling rules. Now as you have the VPN, you can set up the rules concerning the connectivity of the two intranets.
|
||||
<sect>Tuning
|
||||
<p>
|
||||
<sect1>Configuration tuning
|
||||
<p>
|
||||
|
||||
As I said this HOWTO is mainly a quick memo on how I had set up a VPN. There are things in the configuration I didn't experiment yet. These things will go into their place when I try them, or anyone tells me "it works in the following way" The most important thing is that the connection ppp uses is not 8-bit yet. I believe it has something to do either with ssh configuration or the pty setup. In this configuration ssh uses the tilde (˜) character as an escape character. It might stop or slow down the communication, as any newline-tilde sequence causes ssh to give a prompt. Ssh documentation said: <On most systems, setting the escape character to ``none'' will also make the session transparent even if a tty is used.> The corresponding flag to ssh is '<em>-e</em>', and you can also set it in the configuration file.
|
||||
<sect1>Bandwith vs. cicles
|
||||
<p>
|
||||
|
||||
Creating anything virtual comes with utilization of real-world resources. A VPN eats up bandwidth and computing resources. The goal would be to get balance between the two. You can tune it with the '-C' switch or the 'CompressionLevel' option. You might try using another cipher, but I don't recommend it. Also note that the round-trip-time can be longer if you use better compression. Any experiments on it are welcome.
|
||||
<sect>Vulnerability analisis
|
||||
<p>
|
||||
|
||||
I try to cover here the vulnerability issues arising from this particular setup and VPNs in general. Any comments are warmly welcome.
|
||||
<itemize>
|
||||
<item>sudo: Well, I'm excessively using sudo. I believe it's still safer than using setuid bits. It's still a backdraw of Linux that it hasn't got more fine-grained access control. Waiting for POSIX.6 compatibility <http://www.xarius.demon.co.uk/software/posix6/>. What is worse, there are shell scripts which are getting called through sudo. Bad enough. Any idea out there?
|
||||
<item>pppd: It runs suid root also. It can be configured by user's .ppprc. There might be some nice buffer overruns in it. The bottom line: secure your slave account as tightly as you can.
|
||||
<item>ssh: Beware that ssh older than 1.2.20 has security holes. What is worse, we made a configuration such when the master account had been compromised, the slave account is also compromised, and wide open to attacks using the two sudoed programs. It is because I've choosen not to have password on the master's secret key to enable automatic setup of the VPN.
|
||||
<item>firewall: With inproperly set firewall rules on one bastion, you open both of the intranets. I recommend using IP masquerading (as setting up incorrect routes is a bit less trivial), and doing hard control on the VPN interfaces.
|
||||
</itemize>
|
||||
|
||||
|
||||
<sect1>About the ppp over ssh VPN technique
|
||||
<p>
|
||||
I developed this technique when there was no usable, standard
|
||||
VPN for Linux. Now this is no longer the case.
|
||||
At the time of writing this, you have the following alternatives:
|
||||
If you want to use standard IPSEC VPN, you can use FreeS/WAN or pipsecd.
|
||||
For PPTP you can use PoPToP (but be aware that PPTP protocol has
|
||||
weaknesses). It is also worth to mention CIPE which is a lightweight
|
||||
alternative for IPSEC.
|
||||
<p>
|
||||
This wide range of alternatives means that the ssh/ppp implementation
|
||||
described in this howto is in the most cases not the best solution.
|
||||
This is due the fact that this implementation is complex to set up
|
||||
and has performance problems because of its tcp based nature.
|
||||
<p>
|
||||
I believe that the ssh/ppp technique is no longer beneficial for
|
||||
building a VPN for non-illegal purposes in most cases, so I have
|
||||
discontinued maintaining this HOWTO.
|
||||
|
||||
|
||||
</article>
|