Broadband

Configure IT Quick: Get a Linux system up and running with a cable Internet connection

Follow these steps to get a Linux system connected to a cable modem.

If you followed the steps I showed you yesterday, you should now have a working configuration, and your cable modem should be using a static IP configuration. But, there’s another way to set up your cable modem service by using Dynamic Host Configuration Protocol (DHCP).

Did you miss part 1?
Yesterday, Jack explained how you should approach the setup of your cable modem with a Linux system. You can read his first installment here.

DHCP setup
Unfortunately, setting up DHCP isn’t as simple as setting up a static connection. The primary difference rests in the method by which the client must send the requisite hostname to the DHCP server. You can use the cable modem services; set up the Ethernet device with netcg, and run the dhcpcd client by sending the hostname with the -I flag in the following command (as root):
/sbin/dhcpcd -I hostname

This command will send the default client hostname that’s set up with the Ethernet device.

Check out TechRepublic's TechProGuild!
This article appears courtesy of TechRepublic's TechProGuild, the subscription Web resource for IT administration and support professionals. Among other great benefits, TechProGuild offers in-depth technical articles, e-books, and weekly chats moderated by industry experts on hot topics such as the latest operating system (OS) developments and career advancement. Sign up now for a FREE 30-day trial of our TechProGuild service.

Unfortunately, you'll have to deal with many problems when you use DHCP. Some cable modem services are picky about how (and to which OSs) they give out Internet Protocol (IP) addresses. Also, some of the recent major releases (primarily Red Hat 6.1) don’t have a functioning DHCP out of the box. There are upgrades and even better clients you can use, specifically the DHCP-client package, which is a very nice, simple interface. You can download the DHCP-client and use it as a structured and reliable client tool for DHCP. During the setup of DHCP-client, it reads a configuration file (/etc/dhclient.conf) that is rather complicated at first glance. Here is a sample from dhclient.conf:
timeout 60;
retry 60;
reboot 10;
select-timeout 5;
initial-interval 2;
#below make sure the interface device matches the configured
#device used for your network connection
interface "eth0"
{
#below enter your the alias given you by the Cable service
send host-name "HOST_NAME";
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, host-name;
require subnet-mask, domain-name-servers;
script "/etc/dhclient-script";
media "media 10baseT/UTP", "media 10base2/BNC";
}
alias {
interface "eth0";
#fixed-address 192.5.5.213;
#option subnet-mask 255.255.255.255;
}


The above snippet of the /etc/dhclient.conf file is fairly self-explanatory. The problem lies in the fact that due to the different ways in which services distribute IP addresses, it’s difficult to outline a plan of attack. Often, it’s best to shy away from running DHCP with Linux. But, with the growing popularity of cable modems, I'm sure that future releases of various Linux distributions will focus on getting DHCP to work more effectively out of the box. Having to spend so much time tweaking an OS is only one of the reasons why many users are switching from Linux. And with cable modems on the rise, even more people will be making the switch.

Security
With cable modems and static IP addresses, security is a big issue. Since this isn’t a security drilldown, I'll limit myself on this topic. You'll want to focus on three files for cable modem security: /etc/hosts.allow, /etc/hosts.deny, and /etc/inetd.conf. Let's look at them individually.

/etc/hosts.allow
This file tells your system which services and users (or machines) are allowed into your box. A sample file that allows all services and all users into your machine is:
ALL:ALL

However, this example of security is weak. Instead, you should define who and what you let into your files. For instance, let's say that when you’re home, you telnet (or ssh) and ftp into your machine at work, which has an IP address of 172.22.1.1. You can use an /etc/hosts.allow file like this:
ALL:172.22.1.1

/etc/hosts.deny
The next file is similar to hosts.allow, but it defines who isn’t allowed into your machine. A sample hosts.deny file is:
ALL:ALL

This isn’t just a sample; it's the best configuration for this file. When a service is requested, your machine will look for this file first. When it sees that none are allowed, it will go to hosts.allow and see whether that particular user is allowed in.

/etc/inetd.conf
This is a very important file because you can use it to shut down any type of available service, thereby drastically reducing the odds of an intrusion. This file consists of a number of entries like this one:
#echo� stream tcp���nowait������� root�� internal

Each of these lines represents a service. By adding the # symbol to the beginning of each line, you effectively cut that service off to the outside world. If you never telnet or ftp to your machine, then comment out all of those lines by adding a # symbol to the front. Combined with hosts.allow and hosts.deny, this file will lock your machine down from everything except port scanning.

Conclusion
It’s very simple to set up a cable modem to work with Linux—as long as you can get your IP address from your cable modem service provider. (Should we advocate a new acronym: "CMSP"?) Linux works very well in a static IP environment. With the added benefit of being able to tweak security to fit your needs, Linux will serve you and your cable modem perfectly. Yes, it has its drawbacks (convoluted DHCP, for example), and no, you won’t get support from your service provider. Given time, however, Linux will find its place in the cable modem world.

Have a comment?
If you'd like to share your opinion, please post a comment below or send the editor an e-mail .

Jack Wallen, Jr. is very pleased to have joined the TechRepublic staff as editor in chief of Linux content. Jack was thrown out of the "Window" back in 1995, when he grew tired of the blue screen of death and realized that "computing does not equal rebooting."

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

0 comments