| 4.7. Network configuration | ||
|---|---|---|
 | Chapter 4. Configuration and Installation Options |  |
| 4.7. Network configuration | ||
|---|---|---|
| | Chapter 4. Configuration and Installation Options | |
Network configuration is used to connect a single SuSE Linux workstation to an Ethernet-based LAN or to configure dial-up connection. More complex configuration (multiple network cards, routing, etc.) is also provided. With this module it's possible to configure and setup Ethernet Controllers and Token-Ring Controllers.
To configure network settings and activate networking automatically, one global resource is used to store the whole network configuration.
Example 4.22. Network configuration
.....
<networking>
<dns>
<dhcp_hostname config:type="boolean">true</dhcp_hostname>
<dhcp_resolv config:type="boolean">true</dhcp_resolv>
<domain>local</domain>
<hostname>linux</hostname>
</dns>
<interfaces config:type="list">
<interface>
<bootproto>dhcp</bootproto>
<device>eth0</device>
<startmode>onboot</startmode>
</interface>
</interfaces>
<routing>
<ip_forward config:type="boolean">false</ip_forward>
<routes config:type="list">
<route>
<destination>default</destination>
<device>-</device>
<gateway>192.168.1.240</gateway>
<netmask>-</netmask>
</route>
</routes>
</routing>
<modules config:type="list">
<module_entry>
<device>eth0</device>
<module>e100</module>
<options></options>
</module_entry>
</modules>
</networking>
....
Configure your Internet proxy (caching) settings using this resource.
HTTP proxy is the name of the proxy server for your access to the world wide web (WWW). FTP proxy is the name of the proxy server for your access to the file transfer services (FTP). No proxy domains is a list of domains for which the requests should be done directly without caching.
If you are using a proxy server with authorization, fill in Proxy user name and Proxy password.
Example 4.23. Netwrok configuration: Proxy
<?xml version="1.0"?>
<!DOCTYPE profile SYSTEM "/usr/share/autoinstall/dtd/profile.dtd">
<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
<proxy>
<enabled config:type="boolean">true</enabled>
<ftp_proxy>http://192.168.1.240:3128</ftp_proxy>
<http_proxy>http://192.168.1.240:3128</http_proxy>
<no_proxy>localhost</no_proxy>
<proxy_password>testpw</proxy_password>
<proxy_user>testuser</proxy_user>
</proxy>
</profile>
The profile has elements to specify which superserver should be used (netd_service), whether it should be enabled (netd_status) and how the services should be configured (netd_conf).
A service description element has conceptually two parts: key and non-key. When writing the configuration, services are matched using the key fields and to the matching service, non-key fields are applied. If no service matches, it is created. If more services match, a warning is reported. The key fields are script, service, protocol and server.
Service and protocol are matched literally. script is the base name
of the config file: usually a file in /etc/xinetd.d, for example "echo-udp",
or "inetd.conf". For compatibility with 8.2, server is matched more
loosely: if it is /usr/sbin/tcpd, the real server name is taken from
server_args. After that, the basename of the first
whitespace-sparated word is taken and these values are compared.
Example 4.24. Inetd Example
<profile>
...
<inetd>
<netd_service config:type="symbol">xinetd</netd_service>
<netd_status config:type="integer">0</netd_status>
<netd_conf config:type="list">
<conf>
<script>imap</script>
<service>pop3</service>
<enabled config:type="boolean">true</enabled>
</conf>
<conf>
<server>in.ftpd</server>
<server_args>-A</server_args>
<enabled config:type="boolean">true</enabled>
</conf>
<conf>
<service>daytime</service>
<protocol>tcp</protocol>
</conf>
....
<conf>...</conf>
</netd_conf>
</inetd>
...
</profile>
Using the nis resource, you can configure the target machine as a NIS client. The following example shows a detailed configuration using multiple domains.
Example 4.25. Network configuration: NIS
...
<nis>
<nis_broadcast config:type="boolean">true</nis_broadcast>
<nis_broken_server config:type="boolean">true</nis_broken_server>
<nis_by_dhcp config:type="boolean">false</nis_by_dhcp>
<nis_domain>test.com</nis_domain>
<nis_local_only config:type="boolean">true</nis_local_only>
<nis_options></nis_options>
<nis_other_domains config:type="list">
<nis_other_domain>
<nis_broadcast config:type="boolean">false</nis_broadcast>
<nis_domain>domain.com</nis_domain>
<nis_servers config:type="list">
<nis_server>10.10.0.1</nis_server>
</nis_servers>
</nis_other_domain>
</nis_other_domains>
<nis_servers config:type="list">
<nis_server>192.168.1.1</nis_server>
</nis_servers>
<start_autofs config:type="boolean">true</start_autofs>
<start_nis config:type="boolean">true</start_nis>
</nis>
...
The installed machine can be set up as an > LDAP client to authenticate users with an OpenLDAP; server. Required data are the name of the search base (base DN, e.g, dc=mydomain,dc=com) and the IP address of the LDAP server (e.g., 10.20.0.2).
If LDAP is activated, NSS and PAM will be configured accordingly to use LDAP for user authentication.
Example 4.26. Network configuration: LDAP client
...
<ldap>
<ldap_domain> dc=mydomain,dc=com</ldap_domain>
<ldap_server>10.10.0.1</ldap_server>
<ldap_tls config:type="boolean">true</ldap_tls>
<ldap_v2 config:type="boolean">true</ldap_v2>
<pam_password>crypt</pam_password>
<start_ldap config:type="boolean">true</start_ldap>
</ldap>
...
Configuration of a system as an NFS client or an NFS server is possible and can be done using the configuration system. The following example shows how both NFS client and server can be configured.
Example 4.27. Network configuration: NFS client
...
<nfs config:type="list">
<nfs_entry>
<mount_point>/home</mount_point>
<nfs_options>defaults</nfs_options>
<server_path>192.168.1.1:/home</server_path>
</nfs_entry>
</nfs>
...
Example 4.28. Network configuration: NFS Server
....
<nfs_server>
<nfs_exports config:type="list">
<nfs_export>
<allowed config:type="list">
<allowed_clients>*(ro,root_squash,sync)</allowed_clients>
</allowed>
<mountpoint>/home</mountpoint>
</nfs_export>
<nfs_export>
<allowed config:type="list">
<allowed_clients>*(ro,root_squash,sync)</allowed_clients>
</allowed>
<mountpoint>/work</mountpoint>
</nfs_export>
</nfs_exports>
<start_nfsserver config:type="boolean">true</start_nfsserver>
</nfs_server>
....
Select whether to start the NTP daemon when booting the system. The NTP daemon resolves host names when initializing. The first synchronization of the clock is performed before the NTP daemon is started. To use this host for initial synchronization configure the property initial_sync.
To run NTP daemon in chroot jail, set start_in_chroot. Starting any daemon in a chroot jail is more secure and strongly recommended. To adjust NTP servers, peers, local clocks, and NTP broadcasting, add the appropriate entry to the control file. an example of various configuration options is shown below.
Example 4.29. Network configuration: NTP Client
<?xml version="1.0"?>
<!DOCTYPE profile SYSTEM "/usr/share/autoinstall/dtd/profile.dtd">
<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
<ntp-client>
<configure_dhcp config:type="boolean">false</configure_dhcp>
<peers config:type="list">
<peer>
<address>ntp1.example.com</address>
<initial_sync config:type="boolean">true</initial_sync>
<options></options>
<type>server</type>
</peer>
</peers>
<start_at_boot config:type="boolean">true</start_at_boot>
<start_in_chroot config:type="boolean">true</start_in_chroot>
</ntp-client>
</profile>
| |  | |
| 4.6. Services and Run-levels |  | 4.8. Mail Configuration (Sendmail or Postfix) |