Documentation Networking Beat

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(Converted warning)
(NM mobile broadband)
(20 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
{{header|docs}}
 
{{header|docs}}
 +
{{Docs_beat_open}}
 +
= federated VOIP=
  
= <span style="color:red;">Warning - Beat Converted</span> =
+
= Improved Mobile Broadband Support =
 +
Fedora 19 includes a new, more capable version of ModemManager for interacting with mobile broadband devices. This version provides better support for multi-mode devices like Qualcomm Gobi WWAN cards and other devices that support both CDMA/EVDO/LTE and/or GSM/UMTS/LTE simultaneously. To provide this support, the D-Bus API of ModemManager has changed, which may require updates in applications that interact with ModemManager to control WWAN devices.
  
{{admon/warning| Beat has already been converted to XML|Be sure to set Wiki Good to '''*''' and In Publican to '''0''' if this beat is modified}}
+
Many devices will connect and authenticate using the NetworkManager GUI. `nm-cli` has added features to configure mobile connections. For more detailed usage information, consult http://fedoraproject.org/wiki/Features/MoreMobileBroadband .
  
== Network Device Naming ==
+
= firewalld =
 +
== locking the firewall ==
 +
Dynamic firewall configuration by application can now be locked down completely, or limited to a whitelist. The whitelist can contain commands, users, UIDs, and selinux contexts.
 +
<!-- asked for manpages at https://bugzilla.redhat.com/show_bug.cgi?id=952364 -->
  
Servers often have multiple Ethernet ports, either embedded on the motherboard, or on add-in PCI cards.  Linux has traditionally named these ports ethX, but there has been no correlation of the ethX names to the chassis labels - the ethX names are non-deterministic.  Starting in Fedora 15, Ethernet ports will have a new naming scheme corresponding to physical locations, rather than ethX.  Ethernet ports embedded on server motherboards will be named em<port_number>, while ports on PCI cards will be named pci<slot_number>p<port_number>, corresponding to the chassis labels.  Additionally, if the network device is an SR-IOV Virtual Function or has Network Partitioning (NPAR) capability, the name will have a suffix of _<virtual_function> or _<partition>.
+
To lock down the firewall, set `Lockdown=yes` in `/etc/firewalld/firewalld.conf`
  
By changing the naming convention, system administrators will no longer have to guess at the ethX to physical port mapping, or invoke workarounds on each system to rename them into some "sane" order.
+
Whitelist definitions are kept in `/etc/firewalld/lockdown-whitelist.xml`. This example whitelist allows `firewall-cmd` to configure the firewall:
 +
<whitelist>
 +
<command name="/usr/bin/python /usr/bin/firewall-cmd"
 +
</whitelist>
  
This feature affects all physical systems that expose network port naming information in SMBIOS 2.6 or later (specifically field types 9 and 41).  Dell PowerEdge 10G and newer servers (PowerEdge 1950 III family, PowerEdge R710 family, and newer), and HP ProLiant G6 servers and newer are known to expose this information, as do some newer desktop models. Furthermore, most older systems expose some information in the PCI IRQ Routing Table, which will be consulted if information is not provided by SMBIOS.
+
The firewall must be reloaded to refresh the whitelist:
 +
  firewall-cmd --reload
  
Fedora running as a guest virtual machine will continue to use the ethX names.
+
== configuring the firewall ==
 +
Configuring firewalld is now possible using high level, human readable language. firewalld's XML rule definitions make advanced configuration easy. For more information, read the feature page at http://fedoraproject.org/wiki/Features/FirewalldRichLanguage .
  
Existing installations upgraded to Fedora 15 will not see a change in names unless /etc/udev/rules.d/70-persistent-net.rules is deleted and the HWADDR lines are removed from all /etc/sysconfig/network-scripts/ifcfg-* files, and those files are renamed to use the new device names.
+
= BIND10 =
 +
The latest versions of the  popular nameserver `bind` and dhcp server `dhcpd` server are now available for Fedora. The BIND10 suite features include a RESTful configuration API and sqlite database backend for `named` and SQL backend for `dhcpd`.
  
You may continue to write rules in /etc/udev/rules.d/70-persistent-net.rules to change the device names to anything you wishSuch will take precedence over this physical location naming scheme.  Such rules may look like:
+
For more information, consult the `bind10` manual at http://bind10.isc.org/docs/bind10-guide.html .
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:11:22:33:44:55", ATTR{type}=="1", KERNEL=="eth*", NAME="public"
+
   
 
+
= stable network interface naming =
This feature may be disabled by passing "biosdevname=0" on the kernel command line, in which case, behavior will revert to using ethX names.
+
The udevd service has a long history of providing predictable names for block devices and others. Fedora will now also use udev naming for network interfaces by default, providing more reliable interface names on systems with multiple network devices. Alternative naming schemes, such as custom udev rules or biosdevname, will override this default. Users upgrading from previous releases may need to update the device names referenced in `/etc/system/network-scripts`, although in most cases `biosdevname` will continue to manage naming.
 
+
== VPN default visibility ==
+
 
+
By default, a new network connection using NetworkManager in GNOME 3 has the ''Available to all users'' option enabled. This default selection includes new VPN connections. This allows a laptop user to restart the session without having to select the VPN and enter credentials again. However, it may not be desirable to some users. To remove this option, turn off the ''Available to all users'' checkbox when setting up the network.
+
 
+
To change the option after a connection has already been created, select the NetworkManager icon in the top-bar, and select ''Network Settings'' in the network menu.  The Network settings window appears. Select the desired connection and then select the ''Options'' button.  At the bottom of the connection window, turn off the ''Available to all users'' checkbox, and select ''Save...'' to save the configuration.
+
  
 +
For more information, read http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames .
  
 
[[Category:Docs Project]]
 
[[Category:Docs Project]]
 
[[Category:Draft documentation]]
 
[[Category:Draft documentation]]
 
[[Category:Documentation beats]]
 
[[Category:Documentation beats]]

Revision as of 20:08, 15 April 2013

DocsProject Header docTeam1.png
Note.png
Beat is open
This beat is now ready to have Fedora 21 content added by the beat writer

Contents

federated VOIP

Improved Mobile Broadband Support

Fedora 19 includes a new, more capable version of ModemManager for interacting with mobile broadband devices. This version provides better support for multi-mode devices like Qualcomm Gobi WWAN cards and other devices that support both CDMA/EVDO/LTE and/or GSM/UMTS/LTE simultaneously. To provide this support, the D-Bus API of ModemManager has changed, which may require updates in applications that interact with ModemManager to control WWAN devices.

Many devices will connect and authenticate using the NetworkManager GUI. `nm-cli` has added features to configure mobile connections. For more detailed usage information, consult http://fedoraproject.org/wiki/Features/MoreMobileBroadband .

firewalld

locking the firewall

Dynamic firewall configuration by application can now be locked down completely, or limited to a whitelist. The whitelist can contain commands, users, UIDs, and selinux contexts.

To lock down the firewall, set `Lockdown=yes` in `/etc/firewalld/firewalld.conf`

Whitelist definitions are kept in `/etc/firewalld/lockdown-whitelist.xml`. This example whitelist allows `firewall-cmd` to configure the firewall:

<whitelist>
<command name="/usr/bin/python /usr/bin/firewall-cmd"
</whitelist>

The firewall must be reloaded to refresh the whitelist:

firewall-cmd --reload

configuring the firewall

Configuring firewalld is now possible using high level, human readable language. firewalld's XML rule definitions make advanced configuration easy. For more information, read the feature page at http://fedoraproject.org/wiki/Features/FirewalldRichLanguage .

BIND10

The latest versions of the popular nameserver `bind` and dhcp server `dhcpd` server are now available for Fedora. The BIND10 suite features include a RESTful configuration API and sqlite database backend for `named` and SQL backend for `dhcpd`.

For more information, consult the `bind10` manual at http://bind10.isc.org/docs/bind10-guide.html .

stable network interface naming

The udevd service has a long history of providing predictable names for block devices and others. Fedora will now also use udev naming for network interfaces by default, providing more reliable interface names on systems with multiple network devices. Alternative naming schemes, such as custom udev rules or biosdevname, will override this default. Users upgrading from previous releases may need to update the device names referenced in `/etc/system/network-scripts`, although in most cases `biosdevname` will continue to manage naming.

For more information, read http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames .