Apart from special setups where you need to fine-tune various performance parameters, the network configuration is a relatively simple task under Zorp. You have to provide basic IP parameters, such as IP addresses, subnet masks, default gateway. The most important configuration file for networking is /etc/network/interfaces. This file contains separate sections for all network interfaces available in the given system. The official installation procedure of Zorp involves steps to configure these basic IP parameters, so in a properly installed system this file is not empty.
| Note |
|---|
|
After the first upload of a configuration file edited in ZMC, the following three-line comment is displayed at the beginning of all editable files under ZMC: #
# This file is generated by Zorp Management Server. Do not edit!
#
|
This warning reminds on that even if a file is edited manually, it is overwritten at the next upload of any change in ZMC. This warning can be ignored safely though in case the edited file is not planned to be used from ZMC in the future.
A typical interface configuration section in /etc/network/interfaces is the following.
auto eth0 iface eth0 inet static address 192.168.1.253 netmask 255.255.255.0 broadcast 192.168.1.255 network 192.168.1.0 gateway 192.168.1.254
After editing and saving this file, activate the changes by running the /etc/init.d/networking script with the restart argument. This applies to all other network configuration files, too.
Another, less frequently modified file of network configuration is /etc/hostname. It contains the hostname parameter of the system. It is important for the name resolution processes initiated by various system components. Whenever a process needs name resolution, that is, to map a name to an IP address, the first thing the system does, is that it checks this file to see whether its own hostname has been queried. The Linux command hostname queries this file as well.
The file / etc/mailname is important for the proper operation of the Postfix native service. It must not be empty and it gets filled automatically. You can alter the value stored here, if needed.
Another network configuration file, /etc/hosts may be used for static name resolution: it stores name to IP address mappings for network hosts. Before the DNS solution, this file was the only means to map hostnames to IP addresses. Today, most of its functionality has been taken over by DNS, but it is still useful in some scenarios. When a hostname needs to be looked up, /etc/hosts is the third place the system looks for a match – the first is /etc/hostname while the second is the in-memory DNS cache. Therefore, if there is a limited number of hosts the firewall often visits, among which there is, for example, a proxy server, it is recommended to list these hosts in /etc/hosts:
#
# This file is generated by Zorp Management Server. Do not edit!
#
127.0.0.1 localhost
192.168.1.253 proxy
192.168.1.100 mailBy default, there is only one entry in this file for the hostname localhost with the IP address 127.0.0.1. This entry is needed for system boot processes, therefore it shall not be deleted.
Similarly to hostnames, networks can be named with symbolic names. The file /etc/networks stores these mappings. By default, this file is empty on the firewall and Zorp generally does not use it.
The /etc/resolv.conf file is used by the resolver library to find what DNS servers to query when a process needs to look up an IP address for a given hostname, or vice versa. In other words, this file lists the known nameservers for the firewall. Additionally, it contains an entry for the domain name of the firewall. This entry is also important for name resolution purposes: if, instead of a fully qualified domain name (FQDN) only a hostname is queried, the resolver automatically appends this domain name to the hostname and tries to look up the FQDN created this way.
#
# This file is generated by Zorp Management Server. Do not edit!
#
domain example.org
nameserver 192.168.1.200This section introduces only briefly the network configuration files. For more detailed information and instructions on network configuration, see Chapter 5, Networking, routing, and name resolution, the references listed on networking in Appendix C, Further readings, and the manual pages for the mentioned files (man filename – without full path, for example: man interfaces).
Published on March 04, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu
