Networking with Linux; what goes where?

[Originally posted Mar 13, 2012 4:38 AM by Antti Uitto]

A modern Linux distribution is an impressive tool for networking. You can rather easily set up a router, firewall or VPN gateway. If you are working with a traditional router, such as Cisco or Juniper or if you have the fabulous Vyatta router at hand, you will have one place where about everything goes: the configuration. You add commands from command line and as you commit and save them, they are stored in the configuration. After next reload, your gateway will come alive with that configuration in it.This is not quite so when working with a Linux gateway. Here too you can give most if not all your commands from CLI and they will be applied either immediately or after reloading the service in question. But mostly they do not survive a boot unless you do something. 

That something you need to do is to write these commands in config files and save them.

In Linux there is, I guess always more than one way of doing any given thing.

Here are the programs I use and the config files where I write their settings. 


What’s your setup like?
/etc/network/interfaces
– Physical interfaces
– Logical Interfaces (Vlan and Bridge)
– IP addresses/etc/rc.local
– Invoke firewall ( iptables-restore < /path/to/firewall_rules )
– VPN (OpenVPN commands)
– Tunnel interfaces (ip tu add)
– Static routes (ip route add)
– Source routing commands (ip route add & ip rule add) 

Quagga router
– Dynamic routing (RIP, OSPF, BGP)
– When you say “write”, Quagga will write it’s own config in appropriate place

/home/admin/firewall
– Iptables firewall rules for filtering and logging
– Network address translation (NAT)

/var/log/syslog
– Connection attempts logged by iptables

So there is a file where the physical and logical interfaces are configured, including their IP’s. There is another place where I like to put my VPN’s, tunnels and all the static routes. If I was to use dynamic routing, I would move all my routes to Quagga and handle them from there. But If there is no need for dynamic routing, then all the statics go to a file mentioned in the list.

I do my best to write accurate and compact descriptions for things that are in these files. It nicer like that when you have to search for something or you want to take a quick look at what is here to be found.

cat /etc/rc.local | grep descr -A 3
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s