Documentation Networking Beat

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(add workaround for the ethernet issue)
(NM mobile broadband)
(44 intermediate revisions by 11 users not shown)
Line 1: Line 1:
== Networking ==
+
{{header|docs}}
 +
{{Docs_beat_open}}
 +
= federated VOIP=
  
This section contains information about networking changes in Fedora 11.
+
= Improved Mobile Broadband Support =
 +
Fedora 19 includes a new, more capable version of ModemManager for interacting with mobile broadband devices. This version provides better support for multi-mode devices like Qualcomm Gobi WWAN cards and other devices that support both CDMA/EVDO/LTE and/or GSM/UMTS/LTE simultaneously. To provide this support, the D-Bus API of ModemManager has changed, which may require updates in applications that interact with ModemManager to control WWAN devices.
  
=== DNSSEC ===
+
Many devices will connect and authenticate using the NetworkManager GUI. `nm-cli` has added features to configure mobile connections. For more detailed usage information, consult http://fedoraproject.org/wiki/Features/MoreMobileBroadband .
  
The {{package|bind}} and {{package|unbound}} recursive DNS servers now enable DNSSEC validation in their default configuration. DNSSEC Lookaside Verification (DLV) is also enabled with the <code>dlv.sc.org</code> DLV Registry. This behavior can be modified in {{filename|/etc/sysconfig/dnssec}} by changing the DNSSEC and DLV settings.
+
= firewalld =
 +
== locking the firewall ==
 +
Dynamic firewall configuration by application can now be locked down completely, or limited to a whitelist. The whitelist can contain commands, users, UIDs, and selinux contexts.
 +
<!-- asked for manpages at https://bugzilla.redhat.com/show_bug.cgi?id=952364 -->
  
With DNSSEC enabled, when a domain supplies DNSSEC data (such as .gov, .se, the ENUM zone and other TLD's) then that data will be cryptographically validated on the recursive DNS server. If validation fails due to attempts at cache poisoning, for example via a Kaminsky Attack, then the end user will not be given this forged/spoofed data. DNSSEC deployment is gaining speed rapidly, and is a crucial and logical step to make the Internet more secure for end users. DLV is used to add DNSSEC signed domains into TLD's that themselves are not yet signed, such as .com and .org.
+
To lock down the firewall, set `Lockdown=yes` in `/etc/firewalld/firewalld.conf`
  
=== TigerVNC ===
+
Whitelist definitions are kept in `/etc/firewalld/lockdown-whitelist.xml`. This example whitelist allows `firewall-cmd` to configure the firewall:
 +
<whitelist>
 +
<command name="/usr/bin/python /usr/bin/firewall-cmd"
 +
</whitelist>
  
TigerVNC is used as default VNC project. Package names were changed to {{package|tigervnc}}, {{package|tigervnc-server}} and {{package|tigervnc-server-module}}. Binary names are the same as in previous versions. The {{filename|libvnc.so}} module has been moved to the {{package|tigervnc-server-module}} subpackage. Otherwise there should be no difference.
+
The firewall must be reloaded to refresh the whitelist:
 +
  firewall-cmd --reload
  
=== Ethernet connections are not started at first boot ===
+
== configuring the firewall ==
 +
Configuring firewalld is now possible using high level, human readable language. firewalld's XML rule definitions make advanced configuration easy. For more information, read the feature page at http://fedoraproject.org/wiki/Features/FirewalldRichLanguage .
  
See [[rhbug:498207|Bug #498207]]. If you install Fedora 11 using a non-network-based method (e.g. CD or DVD), ethernet connections will not be automatically initialized at first boot, which is not the behaviour most people would expect. This is in fact intentional (enabling network interfaces on boot by default has security implications in some situations), but in future Fedora releases, there will be an option in the installer to designate which interfaces should be started at boot time. You can use the NetworkManager tray icon to enable the ethernet interface you wish to use, but you would have to do this at each boot. To specify that an interface should always be started on boot, use the Network Connections tool: in the system menu, it is under System > Preferences > Network Connections. In the ''Wired'' tab, select the interface you wish to start at boot, and click ''Edit''. Check the box marked ''Connect automatically'', then click ''Apply'', and quit the tool.
+
= BIND10 =
 +
The latest versions of the  popular nameserver `bind` and dhcp server `dhcpd` server are now available for Fedora. The BIND10 suite features include a RESTful configuration API and sqlite database backend for `named` and SQL backend for `dhcpd`.
 +
 
 +
For more information, consult the `bind10` manual at http://bind10.isc.org/docs/bind10-guide.html .
 +
 +
= stable network interface naming =
 +
The udevd service has a long history of providing predictable names for block devices and others. Fedora will now also use udev naming for network interfaces by default, providing more reliable interface names on systems with multiple network devices.  Alternative naming schemes, such as custom udev rules or biosdevname, will override this default. Users upgrading from previous releases may need to update the device names referenced in `/etc/system/network-scripts`, although in most cases `biosdevname` will continue to manage naming.
 +
 
 +
For more information, read http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames .
 +
 
 +
[[Category:Docs Project]]
 +
[[Category:Draft documentation]]
 +
[[Category:Documentation beats]]

Revision as of 20:08, 15 April 2013

DocsProject Header docTeam1.png
Note.png
Beat is open
This beat is now ready to have Fedora 21 content added by the beat writer

Contents

federated VOIP

Improved Mobile Broadband Support

Fedora 19 includes a new, more capable version of ModemManager for interacting with mobile broadband devices. This version provides better support for multi-mode devices like Qualcomm Gobi WWAN cards and other devices that support both CDMA/EVDO/LTE and/or GSM/UMTS/LTE simultaneously. To provide this support, the D-Bus API of ModemManager has changed, which may require updates in applications that interact with ModemManager to control WWAN devices.

Many devices will connect and authenticate using the NetworkManager GUI. `nm-cli` has added features to configure mobile connections. For more detailed usage information, consult http://fedoraproject.org/wiki/Features/MoreMobileBroadband .

firewalld

locking the firewall

Dynamic firewall configuration by application can now be locked down completely, or limited to a whitelist. The whitelist can contain commands, users, UIDs, and selinux contexts.

To lock down the firewall, set `Lockdown=yes` in `/etc/firewalld/firewalld.conf`

Whitelist definitions are kept in `/etc/firewalld/lockdown-whitelist.xml`. This example whitelist allows `firewall-cmd` to configure the firewall:

<whitelist>
<command name="/usr/bin/python /usr/bin/firewall-cmd"
</whitelist>

The firewall must be reloaded to refresh the whitelist:

firewall-cmd --reload

configuring the firewall

Configuring firewalld is now possible using high level, human readable language. firewalld's XML rule definitions make advanced configuration easy. For more information, read the feature page at http://fedoraproject.org/wiki/Features/FirewalldRichLanguage .

BIND10

The latest versions of the popular nameserver `bind` and dhcp server `dhcpd` server are now available for Fedora. The BIND10 suite features include a RESTful configuration API and sqlite database backend for `named` and SQL backend for `dhcpd`.

For more information, consult the `bind10` manual at http://bind10.isc.org/docs/bind10-guide.html .

stable network interface naming

The udevd service has a long history of providing predictable names for block devices and others. Fedora will now also use udev naming for network interfaces by default, providing more reliable interface names on systems with multiple network devices. Alternative naming schemes, such as custom udev rules or biosdevname, will override this default. Users upgrading from previous releases may need to update the device names referenced in `/etc/system/network-scripts`, although in most cases `biosdevname` will continue to manage naming.

For more information, read http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames .