Documentation Networking Beat

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
m
(added content from https://fedoraproject.org/wiki/Features/RealHotspot)
(38 intermediate revisions by 11 users not shown)
Line 1: Line 1:
== Networking ==
+
{{header|docs}}
 +
{{Docs_beat_open}}
  
This section contains information about networking changes in Fedora 11.
+
== Consistent network device naming ==
  
=== DNSSEC ===
+
Fedora 18 continues previous releases' use of '''biosdevname''' to set network device names in a deterministic manner. Ethernet ports embedded on server motherboards will be named <code>em<port_number></code>, while ports on PCI cards will be named <code>p<slot_number>p<port_number></code>, corresponding to the chassis labels. This feature may be disabled by passing <code>"biosdevname=0"</code> on the kernel command line, in which case, behavior will revert to using ethX names.
  
The {{package|bind}} and {{package|unbound}} recursive DNS servers now enable DNSSEC validation in their default configuration. DNSSEC Lookaside Verification (DLV) is also enabled with the <code>dlv.sc.org</code> DLV Registry. This behavior can be modified in {{filename|/etc/sysconfig/dnssec}} by changing the DNSSEC and DLV settings.
+
== better network security with firewalld ==
 +
'''firewalld''' will be the default firewall solution for Fedora 18, replacing '''iptables'''. Using '''firewalld'''will allow for application of policy changes without reloading, allowing connection states to stay unbroken when rules are changed.  
  
With DNSSEC enabled, when a domain supplies DNSSEC data (such as .gov, .se, the ENUM zone and other TLD's) then that data will be cryptographically validated on the recursive DNS server. If validation fails due to attempts at cache poisoning, for example via a Kaminsky Attack, then the end user will not be given this forged/spoofed data. DNSSEC deployment is gaining speed rapidly, and is a crucial and logical step to make the Internet more secure for end users. DLV is used to add DNSSEC signed domains into TLD's that themselves are not yet signed, such as .com and .org.
+
A D-BUS interface allows approved applications to communicate status and present complex or temporary needs to the firewall without requiring hand configuration by an administrator. This improves support for dynamic environments like libvirtd, which previously had to be restarted when iptables rules were changed.  
  
=== TigerVNC ===
+
Manual administration can be done with firewall-cmd. Documentation on firewalld can be found in the included manpages, firewall-cmd(1), firewalld(1), firewalld.conf(5), firewalld.icmptype(5), firewalld.service(5), firewalld.zone(5).
  
TigerVNC is used as default VNC project. Package names were changed to {{package|tigervnc}}, {{package|tigervnc-server}} and {{package|tigervnc-server-module}}. Binary names are the same as in previous versions.  The {{filename|libvnc.so}} module has been moved to the {{package|tigervnc-server-module}} subpackage. Otherwise there should be no difference.
+
== Team Driver improves NIC bonding ==
 +
Fedora 18 includes Team Driver which facilitates grouping of multiple network interfaces together so they act like a single network interface. This extends teaming possibilities provided by existing bonding driver. It also provides userspace driven, modular alternative to bonding driver. Usage information can be found in man teamd.conf(5), man teamd(8), and man teamdctl(8).
  
=== Ethernet connections are not started at first boot ===
+
== Bring your own hotspot ==
 +
NetworkManager now supports an enhanced Hotspot/Internet Connection Sharing mode for WiFi, which enables a much smoother connection sharing experience and is better supported by hardware. This mode is automatically enabled only for newly created connection to ensure existing configuration is unchanged.
  
See [[rhbug:498207|Bug #498207]]. If you install Fedora 11 using a non-network-based method (e.g. CD or DVD), ethernet connections will not be automatically initialized at first boot, which is not the behaviour most people would expect. This is in fact intentional (enabling network interfaces on boot by default has security implications in some situations), but in future Fedora releases, there will be an option in the installer to designate which interfaces should be started at boot time. For this release, simply use the NetworkManager tray icon to enable the ethernet interface you wish to use.
+
[[Category:Docs Project]]
 +
[[Category:Draft documentation]]
 +
[[Category:Documentation beats]]

Revision as of 15:58, 26 October 2012

DocsProject Header docTeam1.png
Note.png
Beat is open
This beat is now ready to have Fedora 21 content added by the beat writer


Contents

Consistent network device naming

Fedora 18 continues previous releases' use of biosdevname to set network device names in a deterministic manner. Ethernet ports embedded on server motherboards will be named em<port_number>, while ports on PCI cards will be named p<slot_number>p<port_number>, corresponding to the chassis labels. This feature may be disabled by passing "biosdevname=0" on the kernel command line, in which case, behavior will revert to using ethX names.

better network security with firewalld

firewalld will be the default firewall solution for Fedora 18, replacing iptables. Using firewalldwill allow for application of policy changes without reloading, allowing connection states to stay unbroken when rules are changed.

A D-BUS interface allows approved applications to communicate status and present complex or temporary needs to the firewall without requiring hand configuration by an administrator. This improves support for dynamic environments like libvirtd, which previously had to be restarted when iptables rules were changed.

Manual administration can be done with firewall-cmd. Documentation on firewalld can be found in the included manpages, firewall-cmd(1), firewalld(1), firewalld.conf(5), firewalld.icmptype(5), firewalld.service(5), firewalld.zone(5).

Team Driver improves NIC bonding

Fedora 18 includes Team Driver which facilitates grouping of multiple network interfaces together so they act like a single network interface. This extends teaming possibilities provided by existing bonding driver. It also provides userspace driven, modular alternative to bonding driver. Usage information can be found in man teamd.conf(5), man teamd(8), and man teamdctl(8).

Bring your own hotspot

NetworkManager now supports an enhanced Hotspot/Internet Connection Sharing mode for WiFi, which enables a much smoother connection sharing experience and is better supported by hardware. This mode is automatically enabled only for newly created connection to ensure existing configuration is unchanged.