> debian 安装配置详解

1.安装基本系统：

我使用的是网络环境安装方式，优点在于可以省去不断更换光盘的麻烦和体现Debian强势的网络功能（没有网络的Debian是灰色的，有网络的Debian是彩色的）；这种安装方式需要高速的网络支持才行，现在随着宽带的普及，这点应该不成问题。

安装版本选择使用Sarge，不要用 3.0 Woody，很快Sarge就会进入stable，也就是3.1，
http://debian.cn99.com/debian-cd/sarge/rc3...386-netinst.iso 是最新的netinst盘镜像，可以硬盘安装，但是刻一张光盘会更简单稳妥，省去不少麻烦。

把光盘放进光驱，由光盘启动，出现boot：时候直接按回车是使用2.4内核，也可键入linux26回车，使用2.6内核；安装语言选简体中文，剩下的一路都有中文提示；基本系统安装过程结束后，会要求拿出光盘，重启机器后进行base-config配置。

系统重启后会自动进入base-config配置：

时区设置：亚洲/上海

设置root用户密码和启动shadow

建立系统用户

设置sorucelist为http方式，源可选debian.cn99.com或者mirrors.geekbone.org，速度都非常快

配置exim客户端，不想用exim作为邮件客户端的，可以选择不配置exim程序

选择安装软件时，我什么都没选，因为我想高度的自定义系统

结束base-config后，就可以登入系统了，如果再想在控制台下进行base-config和使用apt安装软件不会出现乱码，则要运行zhcon进入中文控制台环境，才会有正常的中文界面出现，除非设置了在控制台下不使用中文locale，或用了unicon补丁的内核，就先安装zhcon，很简单 apt-get install zhcon，然后运行zhcon，进入中文控制台环境。

如果是adsl拨号上网的用户进入Debian系统后，先配置好拔号程序，运行pppoeconfig进行配置。按提示填上ADSL帐号和密码即可。注意，网卡的网关不要设，否则会连接不上外网。成功连接Internet后再选择源来进一步安装。


2.系统的升级和编译内核：

2.1 系统的升级
Sarge安装的系统是testing，如果想使用更多软件和体验Debian更新的功能，可以升级到sid，
修改/etc/apt/sources.list，把里面testing全部替换成sid，下面是我的sources.list文件：
deb http://mirrors.geekbone.org/debian/ testing main contrib non-free
deb-src http://mirrors.geekbone.org/debian/ testing main contrib non-free

deb http://debian.cn99.com/debian/ testing main contrib non-free
deb-src http://debian.cn99.com/debian/ testing main contrib non-free

deb http://mirrors.geekbone.org/debian/ sid main contrib non-free
deb-src http://mirrors.geekbone.org/debian/ sid main contrib non-free

deb http://debian.cn99.com/debian/ sid main contrib non-free
deb-src http://debian.cn99.com/debian/ sid main contrib non-free

deb http://debian.okey.net/debian-uo/ sid java marillat rareware misc
deb http://ftp.debian.org/debian/ sid main contrib non-free
然后运行命令:
apt-get update
apt-get dist-upgrade（注意：普通升级用apt-get upgrade，发行版升级用apt-get dist-upgrade）
当然为求稳定可以先不升级到Sid，那就不必把Sid的源加进sources.list。

在升级的过程中，通常会把系统现有较老的内核版本替换成源上最新的内核版本，当然我们自己也能使用apt-get install来安装新版本的二进制内核包，比如安装是选的是2.4内核，那就可以apt-get install kernel-image-2.6.8.1-i386来装上2.6内核，（Sid上是2.6.10），不过在安装新内核之前，先apt-cache search --names-only kernel-image一下， 查找一下可用的版本，选一个适合自己的CPU的。

2.2 编译内核
但更新二进制的内核包会有两个问题，一是内核包的更新要滞后于Linux内核的更新速度，也就是说采用该方式你用不到最新的内核；二是内核包不是针对你的计算机编译的，所以性能和配置可能会不符合你的要求，所以很多情况下我们需要自己手动编译源码包的内核。

首先到http://www.kernel.org 下载最新的2.6.10内核，解压到/usr/src目录下；
tar -jxvf linux-2.6.10.tar.bz2 -C /usr/src
cd /usr/src
ln -s linux-2.6.10 linux
接下来安装编译2.6内核所需的软件：
apt-get install kernel-package ncurses-dev fakeroot module-init-tools
在/usr/src/linux目录下运行以下命令配置和编译新内核：
make menuconfig
make-kpkg clean
fakeroot make-kpkg --revision=mykernel.1.0 kernel_image
如果编译失败，可用make clean和make menuconfig重新配置和编译。
配置信息默认会保存在/usr/src/linux/.config文件中。

内核编译完成后在/usr/src目录下就会生成一个kernel-image-2.6.10_mykernel.1.0_i386.deb软件包，用以下命令安装：
dpkg -i kernel-image-2.6.10_mykernel.1.0_i386.deb
这样，在/boot目录下会生成System.map-2.6.10，vmlinuz-2.6.10文件。在安装内核时grub会自动生成启动选项，非常方便，当然也可以手动来修改grub配置文件menu.list，这就随个人喜好了，重启系统，开始使用新内核。

我们在编译内核过程需要注意的是：1）内核配置完成后，在退出配置菜单时如果选择保存配置，则会在当前目录中生成一个.config文件，记录内核的所有配置参数。该配置文件会在下次配置内核时自动导入。也可以通过内核配置菜单的导入和存盘功能导入其它内核配置文件和把当前配置以任意的名字保存在其它地方。 2）Loadable module support-->Module unloading选项可允许卸载已加载的内核模块。通过该功能，我们可以通过rmmod module_name和modprobe module_name命令改变内核模块的加载参数。

用新内核重启时如果提示VFS不能挂接问题（很久以前我教我同学第一次编内核的时候，他出现的就是这个问题）
提示出错信息类似以下内容：
VFS:Cannot open root device "hdb2" or unknow-block(0,0)
Please append a correct "root=" boot option
kernel panic-not syncing: VFS:Unable to mount root fs on unknow-block(0,0)
原因：ext2文件格式支持没有编译进内核，不论你使用ext3或其它文件格式,ext2支持都必须直接编译进内核，不能以内核模块形式编译。

如果要使用alsa，那么在内核选项中要加入alsa模块，然后安装：apt-get install alsa-utils aumix xmix，完成以后输入alsaconf来自动配置，如果一切正常的话，完美无瑕疵的声音就会永远伴随你了。


3. 安装桌面系统：

3.1 安装x-window
先安装X-Window系统：apt-get install x-window-system
安装过程中会配置Xfree86，需要知道显卡芯片，显示器参数等，当然不知道也行，可以让Xfree86自动找寻你的显卡芯片等。
这里值得一提是如果显卡是nvidia和ATI的芯片，那么需要重新编译配置带nvidia和ATI的官方驱动的内核，不然Xfree86只会默认安装通用驱动程序，要想玩3D游戏和在Linux下模拟星际争霸和DiabloII的话就.....，Debian的各个源上都有nvidia-kernel各个版本下载，需要的话可以下载下来参照有关文档进行配置，这里就不多说了；配置完Xfree86后，可以输入startx测试一下，如果正常的话应该没问题了，退出X继续前进。

安装中文字体：apt-get install xfonts-intl-chinese；不过这个中文字体库不怎么好看，第4部分会具体讲到字体的设定。

3.2 设定Locale
接下来设定Locale，在Linux中通过locale来设置程序运行的不同语言环境，locale由ANSI C提供支持。locale的命名规则为<语言>_<地区>.<字符集编码>，如zh_CN.GBK，zh代表中文， CN代表大陆地区，GBK表示字符集。在locale环境中，有一组变量，代表国际化环境中的不同设置：
LC_COLLATE，定义该环境的排序和比较规则
LC_CTYPE，用于字符分类和字符串处理，控制所有字符的处理方式，包括字符编码，字符是单字节还是多字节，如何打印等。是最重要的一个环境变量。
LC_MONETARY，货币格式
LC_NUMERIC，非货币的数字显示格式
LC_TIME，时间和日期格式
LC_MESSAGES，提示信息的语言。另外还有一个LANGUAGE参数，它与LC_MESSAGES相似，但如果该参数一旦设置，则LC_MESSAGES参数就会失效。 LANGUAGE参数可同时设置多种语言信息，如LANGUANE="zh_CN.GB18030:zh_CN.GB2312:zh_CN"。
LANG，LC_*的默认值，是最低级别的设置，如果LC_*没有设置，则使用该值。类似于 LC_ALL
LC_ALL，它是一个宏，如果该值设置了，则该值会覆盖所有LC_*的设置值。注意，LANG的值不受该宏影响

举个例子，使用zh_CN.GBK中文locale：
einstein:~# export LC_ALL=zh_CN.GBK
einstein:~# locale
LANG=zh_CN.GB2312
LC_CTYPE="zh_CN.GBK"
LC_NUMERIC="zh_CN.GBK"
LC_TIME="zh_CN.GBK"
LC_COLLATE="zh_CN.GBK"
LC_MONETARY="zh_CN.GBK"
LC_MESSAGES="zh_CN.GBK"
LC_PAPER="zh_CN.GBK"
LC_NAME="zh_CN.GBK"
LC_ADDRESS="zh_CN.GBK"
LC_TELEPHONE="zh_CN.GBK"
LC_MEASUREMENT="zh_CN.GBK"
LC_IDENTIFICATION="zh_CN.GBK"
LC_ALL=zh_CN.GBK

因为我们刚开始按安装的时候选择的是简体中文模式，所以默认的Locale也就是简体中文，当然我们还能增加新的locale和更改locale设置： dpkp-reconfigure locales，也可手动修改/etc/locale.gen文件，添加新的locale，然后执行locale-gen，即可生成新的locale，再通过设置上面说的LC_*变量就可设置系统的locale了。下是我的locale.gen文件：
zh_CN GB2312

en_GB ISO-8859-1
en_GB.ISO-8859-15 ISO-8859-15
en_GB.UTF-8 UTF-8
en_US ISO-8859-1
en_US.ISO-8859-15 ISO-8859-15
en_US.UTF-8 UTF-8
zh_CN.GB18030 GB18030
zh_CN.GBK GBK
zh_CN.UTF-8 UTF-8
zh_HK BIG5-HKSCS
zh_HK.UTF-8 UTF-8
zh_TW BIG5
zh_TW.EUC-TW EUC-TW
zh_TW.UTF-8 UTF-8

3.3 安装桌面环境
搞定Locale以后就是安装桌面集成环境了，目前Linux下流行的是KDE和Gnome；Gnome是基于GTK+，KDE则是基于Qt，两者所用的库是不同的。安装哪个随个人喜好而定，我一直用的是Gnome。
安装：apt-get install gnome
如需安装KDE，则执行：apt-get install kde kde-i18n-zh*

当然我们也可以不使用KDE和Gnome，而使用自由度更大，稳定性更好的WM，如FVWM，WindowMaker，enlightenment等等，这些都是Linux下流行的WM，也就是窗口管理器，它们和KDE，Gnome是两个概念。X-window的核心是X-server，X-server只负责程序的运行和输入输出，窗口界面它没有定义和管理，它要靠窗口管理器来负责，这也是X-window灵活强大的功能之一。而KDE和Gnome是一种工作环境，里面已经包含了窗口管理器，系统管理程序，文件管理程序和一些工具软件的集合，所以它们可以说一个集成的工作环境，KDE的窗口管理器叫做 kwin；Gnome在历史上用过的窗口管理器包括englightenment，sawmill，sawfish，metacity。

当然使用窗口管理器来要比使用KDE和Gnome难的多，但通过不同的窗口管理器，你可以定义出千变万化的窗口环境，突显你的个性，要多酷有多酷，稳定性也比KDE和Gnome强的多，我本人现在一直用的是FVWM，已经很少用Gnome了。如果要想了解更多的关于X-window和窗口管理器的知识请查看我写的相关文档。

装好Gnome以后，接下来安装GDM，GDM即是GNOME显示管理器（GNOME Display Manager），用来管理你的X会话，提供登录窗口。类似XDM，但比XDM稳定和有趣得多。使用GDM显示管理器时，可以选择丰富的主题。GDM主题的目录在/usr/share/gdm/themes中，安装时可通过gdmconfig程序来自动安装。

具体安装步骤如下：首先到网上下载你喜欢的GDM主题，http://gnome-look.org/ 有很多，你可随意下载，主题文件类似于21329-gdm-debian-white.tar.gz。下载后存放到任意一个目录中。然后运行 gdmconfi程序，打开gdm配置窗口。在＂通用＂标签栏，确认你在本地启用了＂图形欢迎程序＂选项。接着，选择＂图形安装程序＂标签，这里列出了已安装的所有GDM主题，默认已有三个。按右下角的＂安装新主题＂按钮，会打开文件选择窗口，选择你刚下载的主题文件后按＂安装＂就可以了。是不是很方便，快到网上下载你喜欢的主题，使你的登录界面与众不同，更有个性。

同时也能更改GDM显示语言，只要修改/etc/default/gdm文件中的LANG参数就可以了。

3.4 安装中文输入法
中文输入法的安装，我习惯使用fcitx，apt-get install fcitx；然后新建/etc/X11/Xsession.d/25xchinput-start，内容如下：
export G_FILENAME_ENCODING=@GB2312 #配置GTK+程序的打开文件窗口字体编码为GBK
export LANG=zh_CN.GB2312
export XMODIFIERS=@im=fcitx
fcitx
这样只要是启动X，不管是进入gnome还是KDE都会自动启动fcitx

修改/etc/environment，内容如下：
LANGUAGE="zh_CN.GB2312"

LANG=zh_CN.GB2312
export G_FILENAME_ENCODING=@GB2312
export LC_ALL=zh_CN.GBK
export G_BROKEN_FILENAMES=1
此外在~/.bashrc文件也加入export G_BROKEN_FILENAMES=1

至此中文化的桌面系统已经安装完成。


4. 安装字体和美化

字体设置在X系统中是一项较复杂而又非常重要的内容，字体是我们一进入X-window就必须整天面对的，清晰、美观的字体会使我们工作起来赏心悦目，轻松愉快。XFree86是X系统在X86架构中的免费实现（现在好象不是GPL的了），也是现在Linux 系统默认的X系统。为了设置好字体，我们需了解XFree86系统中的字体系统的原理和实现技术。只是照抄网上的设置可能也可配置出一套效果不错的字体，但这样我们只会知其然而不其所以然，不能融会贯通，灵活应用。请随我慢慢进入XFree86中的字体系统，一窥其中的奥秘。

4.1 两套字体
XFree86 系统有两套的字体系统，这也是为什么X-window中字体设置较复杂的原因之一。这两套的字体系统分别是：核心X11字体系统和Xft字体系统。核心 X11字体系统是应用最广泛的一套字体系统，所有的X系统都支持。Xft字体系统是一个新的字体技术，只能用在基于XFree86系统的X系统上，但该套字体系统配置简单，容易使用，将是未来发展的方向。

4.1.1 Xft
Xft是一个library，它没有自已的配置机制，它依靠fontconfig库来配置和定制字体，Xft负责字体的显示。也就是说， fontconfig是一种让X系统可以找到某种字体的库，而Xft是负责在X系统中把fontconfig库找到的字体如何显示出来的库。所以讨论 Xft字体配置其实就是讨论fontconfig。fontconfig包含在XFree86发布版中。

fontconfig的作用：自动搜索字体路径，发现新拷贝的字体；当需显示的字体不存在时，会自动选择其它字体代替显示。这也就是我们在美化字体时为什么要调整字体的排列顺序的原因；配合Xft等X系统的渲染引擎，实现质量的字体输出。

fontconfig 的配置文件有三个，一个是系统级的配置文件，位于/etc/fonts/fonts.conf，该目录下还有一个 local.conf，一般我们只修改local.conf文件，fonts.conf一般不建议去修改，不过fontconfig2.3以上版本已经取消掉了local.conf，系统级的配置全部是fonts.conf文件，并且2.3版的fontconfig已经进入Sarge。第三个配置文件是用户主目录下的 ~/.fonts.conf，它是用户级的字体配置文件，只对当前用户有效。这三个文件的格式是一样的，都是一个XML格式的文件。该XML文件的语法规则在fonts.dtd里定义。详细的配置介绍请参考中国Linux公社中的“Linux高质量字体研究”论坛。

在Xft字体系统中安装新的字体是很简单的，只需把字体文件拷贝到fonts.conf中指定的字体文件目录即可，fontconfig会自动感知新字体。默认的字体目录有四个，分别是：
/usr/share/fonts
/usr/X11R6/lib/X11/fonts/Type1
/usr/local/share/fonts
~/.fonts
当然也能增加其他目录，只要手动修改/etc/X11/fs/config文件，给其中catalogue那一行最后加上你的字体路径就可以了。

把新字体文件拷贝到字体目录后，我们就可用fc-list命令列出新安装的字体，如果没有，可用fc-cache命令手动更新系统字体配置。这样，再运行 fc-list就应该可以看到新安装的字体了。使用Xft字体系统是不用配置/etc/X11/XF86config-4的，也不用重启X服务器使配置生效。Xft字体系统比起传统的X11核心字体系统来说真的是方便很多。所以它是未来的发展方向。目前，并不是所有的应用程序都支持Xft字体系统。下面是各类程序对Xft字体系统的支持情况介绍：
GTK+2.x和QT程序都可以使用Xft字体系统，但GTK+1.x程序是不支持Xft字体系统的，它只能使用X11核心字体系统。
GTK+2.2版本及以上的程序默认使用Xft字体系统，不用进行配置。GTK+2.0程序如果要使用Xft，则需设置环境变量GTK_USE_XFT=1。
GTK +2.x程序字体配置可通过gnome桌面系统提供的gnome-font-properties工具来配置，该工具可在GNOME桌面环境中的"应用程序"--"桌面首选项"--"字体"中找到。GTK+2.x程序还有一个全局配置文件/etc/gtk-2.0/gtkrc，里面可设置 GTK+2.x程序所用字体，该文件的内容如下：
style "gtk-default-zh-cn" &leftsign;
font_name = "Bitstream Vera Sans 10,SimSun 10"
&rightsign;
class "GtkWidget" style "gtk-default-zh-cn"
这样GTK+2.x程序的英文会用10号的Bitstream Vera Sans字体显示，中文会用10号的SimSun字体显示。

QT程序的默认字体可在KDE的“控制中心”--“外观和主题”--“字体”中设置，也可运行qtconfig图形化配置工具设置。但好象控制中心的设置优先级高于qtconfig工具。

4.1.2 X11核心字体系统
配置X11核心字体有两步，第一步是建立字体目录，在该目录中包含字体文件。第二步是配置X服务器，使它能使用这些字体。下面我以配置simsun.ttc字体为例说明：
在/usr/share/fonts/truetype/目录下建一目录：mkdir /usr/share/fonts/truetype/ms
把微软的simsun和tahoma字体复制到该目录下，并改名：
cp simsun.ttc /usr/share/fonts/truetype/ms/simsun.ttf
cp tahoma.ttf /usr/share/fonts/truetype/ms/tahoma.ttf
进入字体目录cd /usr/share/fonts/truetype/ms/，执行ttmkfdir，如果没这个命令，则apt-get install ttmkfdir安装一个，然后执行，这个命令将生成fonts.scale，复制该文件一份命名为fonts.dir：cp fonts.scale fonts.dir。
将simsun目录加入/etc/X11/XF86Config-4里设定字体路径的那一部分，可以给那部分后面追加一行FontPath "/usr/share/fonts/truetype/ms"（记住，如果想要Xft也使用该字体的话，修改/etc/X11/fs/config文件，给其中catalogue那一行最后加上/usr/share/fonts/truetype/ms/），重启X服务器后就可使用simsun和 tahoma字体了。xlsfonts命令可列出系统中已安装的X11核心字体。

GTK+1.x程序使用X11核心字体系统。要在GTK +1.x程序中正确显示中文，需修改/etc/gtk/gtkrc.zh_CN，将其中的引号内的字体描述信息全删除掉，改为“-adobe- helvetica-medium-r-normal--12-*-*-*-*-*-iso8859-1,-misc-simsun-medium-r-normal -*-*-*-*-*-gbk-0,-*-”，这样GTK+1.x程序就应该可以正确地显示中文了。

4.2 字体的美化
安装好字体以后，就是对字体的美化设置了。现在多数的程序都支持Xft字体系统的fontconfig库，所以调整该字体系统就可使程序达到很好的显示效果。具体调整方法是：使用的是2.2版本fontconfig是修改/etc/fonts/local.conf，因为fonts.conf是系统级的字体配置文件，一般不要修改该文件，它通过include指令应用local.conf文件里的配置信息；；2.3以上版本的fontconfig则修改 /etc/fonts/fonts.conf文件，已经取消掉了local.conf文件。此外还有个~/.fonts.conf，它是用户级字体配置文件，修改此文件也能达到效果。
我用的fontconfig版本是2.3.1-2，所以就直接修改/etc/fonts/fonts.conf文件，以下是我调整字体的过程：

4.2.1 重排字体显示的优先级，使中英文字体更美观，排在最前面的字体会优先显示，如果没有该字体，则使用下一行的字体，以次类推
找到

和

在与Bitstream Vera Sans中间增加两行如下

Tahoma
SimSun
Bitstream Vera Sans
……
然后找到

在Bitstream Vera Sans之后增加一行SimSun

Bitstream Vera Sans
SimSun
……
这儿改完了吧，下面还有一个地方，

发现没有，这也是三种别名：serif、sans-serif、monospace，这儿怎么改不用我说了吧？

4.2.2 调整文字间距过大问题：
加入以下代码：


zh-tw
zh-cn
ja
ko


proportional


false



4.2.3 关闭所有10至15号字体的抗锯齿功能：
加入以下代码：


10


15


false




5. 完全生活在Gnu/Linux下

5.1 shell
我是用bash，我想大多数人都是习惯用bash的，它的基本功能就不多说了，我现在喜欢bash的readline功能，readline可能很多人都不太熟悉，它是一个强大的库，只要使用了它的程序，都可以用同一个配置文件配置，而且用同样的方法操作命令行，让你可以方便的编辑命令行，至于 readline如何使用，不是本文的主题，这里暂不讨论。bash是 Debian系统基本组件，不需安装。

5.2 编辑器
我最喜欢emacs了，接下来就是vim，除这二者外其他一概不用，通常情况下我是用vim修改配置文件，用emacs写文档，脚本和程序，当然还有其他很多用处。安装：apt-get install emacs21 emacsen-common emacs-intl-fonts emacs-lisp-intro vim vim-gnome，关于emacs的使用可看我写的相关文档。

5.3 文档工具
我现在都用emacs+LaTeX写文档， LaTeX是TeX一个宏包；TeX是一个伟大的排版系统，它的作用可以说成是你优雅而聪明的秘书。它和一般的字处理程序（如Word）不同，字处理程序是“所见即所得(WYSIWYG)”的，你直接修改字体，颜色，用鼠标画出表格…… 马上就可以看到效果。屏幕上显示出来是什么效果，印出来基本上就是那个效果。而TeX不是，被设计为“WYTIWYG（所想即所得）”，使用的时候只要考虑文档的整体排版格式，如：“这一段是否应该属于上一节呢？”，“这句话跟我这章的主题符合吗？”，“是否应该开始新的一章呢？”，“这个概念读者是否容易理解呢？”......而不用去管具体文档的细节，如：“这个单词使用什么字体”，“这行应该缩进多少呢？”......此外我用LaTeX还解决了和 MS平台文档沟通的问题，经管用Openoffice之类的开源办公软件可以很好的兼容MS Office格式，但是还不能完全兼容，特别是Openoffice生成的文档，用MS Office打开还是有很多问题；用LaTex可以生成漂亮的pdf文档，pdf格式是跨平台性的，不管什么操作系统，打开的pdf都是一个样子的。

5.4 办公套件
我本人很少用openoffice，一般都是打开别人发给我的doc文档和xls文档，安装：apt-get install openoffice.org openoffice.org-bin openoffice.org-debian-files openoffice.org-gtk-gnome openoffice.org-help-zh-cn openoffice.org-l10n-en openoffice.org-l10-zh-cn；用openoffice打开中文名文档需要在命令后面加上%s重新建立关联，不然的话会提示找不到该文件。

5.5 pdf文档阅读
不要使用gnome自带的gpdf阅读器，对中文字符集支持很差，可以使用xpdf或者 Acrobat Reader，两者都能完善的显示中文，从显示效果来看，Acrobat Reader要好一点，安装xpdf相对简单，只要：apt-get install xpdf xpdf-chinese-simplified；Acrobat Reader目前debian没有专门的deb包下载，需要到Adobe主页上去下载linux版的安装文件和字体库，也可从这里下载主程序，这里下载中文字体库。

5.6 chm格式文件
直接用apt-get install xchm即可。

5.7 字典
我用的是大名鼎鼎的星际译王了，安装过程apt-get install stardict，不过光有stardict还是没有的，还需要到http: //prdownloads.sourceforge.net/stardict/ 上去下载字典；顺便说一下，如果没用alsa驱动声卡，用的是esound的话，那么要打开stardict的朗读功能需要修改 /etc/esound/esd.conf文件，把auto_spawn=0改为auto_spawn=1，系统重启以后就能听到stardict的朗读声了；据说emacs可以使用一个叫做dictionary的扩展连接字典服务，可以随时用鼠标右键查询词意，以后要试试。

5.8 浏览www
太多了，Mozilla Web Browser，Epiphany Web，Firefox......我现在用的是Mozilla Web Browser；
如果想要用firefox，就apt-get install mozilla-firefox mozilla-firefox-gnome-suppor mozilla-firefox-locale-zh-cn

5.9 邮件客户端
和web浏览器一样多，我用的是thunderbird，可以从这里下载编译好的二进制包。

5.10 即时通讯工具
我用gaim来上msn，apt-get install gaim
用lumaQQ来上QQ，可以到http://lumaQQ.linuxsir.org/main/index.php 下载，也可从此处下载。
IRC客户端：我用的是xchat，很好用：apt-get install xchat

5.11 BBS
我喜欢用基于文本的qterm：apt-get install qterm

5.12 ftp客户程序
我一向不太喜欢图形界面的ftp工具，所以一直用的是lftp，lftp功能十分强大，几乎具有bash的所有方便功能，Tab补全，bookmark，queue，后台下载，镜像等等，安装过程：apt-get install lftp
lftp 缺省不会显示 ftp 服务器的欢迎信息和错误信息，这在很多时候不方便，因为我们可能想知道这个服务器到底是因为没开机连不上，还是连接数已满。如果是这样，可以在 ~/.lftprc 里写入一行debug 3，就可以看到出错信息了。

5.13 自动下载工具
wget，我原来用的是基于图形的d4x和Mozilla的下载管理器，有一次下载gd库源码，下回来的tgz包一解压就出错，后在其他的windows机器中用 ie下载，也是一样，最后还是wget可靠的传输了数据，所以现在我一直用它：apt-get install wget

5.14 虚拟终端
rxvt；一开始我用的是gnome-terminal，但很快发现这东西耗资源的不得了，在全屏的情况下，滚动速度太慢了，实在受不了，后来知道了rxvt，一用发现它占用资源少，启动速度飞快，比gnome-terminal爽多了，就一直使用它；下面介绍一下Debian下rxvt中文终端的安装：在 Debian中有很多个rxvt包，可用apt-cache search rxvt命令查询。主要有以下三类，一个就叫rxvt，不支持中文显示；一个叫rxvt-ml，支持GB和BIG5中文编码；还有一个叫rxvt- unicode，支持unicode编码。第一种不支持中文，这里就不讨论了。下面分别讨论rxvt-ml和rxvt-unicode两种rxvt终端的安装。

安装rxvt-ml：apt-get install rxvt-ml
安装完成后，在/usr/bin目录下会生成几个 rxvt程序，分别是crxvt crxvt-big5 crxvt-gb grxvt krxvt 和一个指向/etc/alternatives/rxvt的链接文件rxvt。这六个程序分别对应不同的语言编码环境，crxvt-gb用于中文GB编码环境；crxvt-big5用于大五码编码环境；krxvt用于日文环境，我测试过，krxvt也可用于中文环境；grxvt用于greek键盘环境； crxvt也是用于大五码环境；rxvt链接默认指向krxvt。对于我们来说，只需使用crxvt-gb这个程序就可以了。

安装rxvt-unicode：apt-get install rxvt-unicode
安装完成后，直接运行rxvt或rxvt-unicode即可，对locale好象没有什么要求。rxvt-unicode还有两个程序，一个是 urxvtd(daemom)，一个是urxvtc（client）。通过这对程序可用一个线程打开任意多个终端窗口，大大提高程序启动的速度，并有效减少内存的占用。rxvt-unicode可支持多国语言，但程序启动比crxvt-gb慢好多，而且对中文字符的支持也不是太好，比如全角的双引号，在 rxvt-unicode中会变得很大，很不协调。所以功能和性能，不可能两全其美哦。

rxvt的配置选项是很丰富的，我们可通过命令行或X资源文件来配置。命令行方式只能一次性改变rxvt的设置，如：
rxvt -fn 8X16 -fg white -bg black，这句的设置表示使用8X16的字体，终端屏幕为黑底白字。
但每次都在命令行输入大量的配置信息太麻烦，我们可以用X系统的资源文件把调整好的配置保存起来，以后就不必输入那么多的配置信息了，可以通过修改~/.Xresources文件来实现，如果用户主目录没有该文件可自行创建。以下是我的~/.Xresources内容：
! my rxvt setting
Rxvt.background:black
Rxvt.foreground:white
Rxvt.colorBD:yellow
Rxvt.colorUL:green
Rxvt.multichar_encoding:gb2312
Rxvt.scrollBar:True
Rxvt.scrollBar_right:True
Rxvt.scrollBar_floating: False
Rxvt.scrollstyle: next
Rxvt.saveLines:1500
Rxvt.color0:black
Rxvt.color1:red
Rxvt.color2:#3a5da3
Rxvt.color3:#4b76cc
Rxvt.color4:RoyalBlue4
Rxvt.color5:magenta
Rxvt.color6:#a1b5dd
Rxvt.color7:#8a95aa
Rxvt.color8:#616668
Rxvt.color9:#075982
Rxvt.color10:#0f82bc
Rxvt.color11:#13a9f4
Rxvt.color12:SkyBlue2
Rxvt.color13:#63c2f2
Rxvt.color14:#6caccc
Rxvt.color15:#dbeff9
Rxvt.font:-b&h-lucidatypewriter-medium-r-normal-*-14-*-*-*-*-*-iso8859-*
Rxvt.mfont:-misc-simsun-medium-r-normal--0-0-0-0-c-0-gb2312.1980-0
Rxvt.menu:/etc/X11/rxvt.menu
Rxvt.preeditType:Root
如果是在rxvt-unicode中，资源文件的名称前缀改为rxvt，而不是Rxvt。
修改完资源文件后，只要运行：xrdb .Xresources，就能使配置生效了

rxvt的配置参数有很多，可使我们定置出个性化的终端。详细的参数可查询man页或用rxvt --help列出。配置很简单方便的，有兴趣的朋友可测试一下。我在这里就不一一介绍了。

5.15 同步程序
rsync，我用rsync通过ssh来跟我的www.sinonet.org 服务器同步数据，主要是网站内容的远程更新，有的时候在家里做台机与笔记本之间的数据同步，主要内容是电影和mp3拉，安装：apt-get install rsync

5.16 听音乐
好多哦，xmms，beep-media-player，安装：apt-get install xmms beep-media-player，xmms是基于GTK+1.x的，第4章已经讲到了如何使GTK+1.x程序显示中文，这里不再重复，只说一下 xmms的播放列表如何显中文，在xmms的首选项中（~/.xmms/conf文件）修改列表字体和标题字体，都改为这个：-adobe- helvetica-medium-r-normal- -12-*-*-*-*-*-iso8859-1,-misc-simsun-medium-r-normal-*-*-*-*-*-gbk-0,-* -，重启xmms就可以看到播放列表中的所有歌名都是中文的了。
我听mp3一直是用emacs+emms+mpg321的，具体如何配置可参考我写的相关文档

5.17 看电影
我感觉totem不错，它是一个使用xine库的多媒体播放器，可播放多种媒体格式的文件，如mp3，avi等。也能播放rmvb格式文件，不过需添加解码器，可以到http://www.mplayerhq.hu/MPlayer/releases/codecs/ 下载realplayer解码器rp9codecs-20050115.tar.bz2。用tar -jxvf rp9codecs-20050115.tar.bz2命令解压，把解压出来的rp9codecs-20050115目录下所有文件拷贝到 ~/.gnome2/totem-addons/就可以了。我现在就是用totem来播放所有的多媒体文件。

5.18 图像处理
gthumb，类似acdsee，功能绝不差于acdsee，安装：apt-get install gthumb
gimp，比肩photoshop的图像处理软件，几乎和photoshop一模一样，gnome的老祖宗：）
gtkam，数码相机软件，支持很多相机，无须另加驱动，我的Olympus相机一下子就认出来了

5.19 玩游戏
Linux下有很多街机模拟器可以玩：
quake2：安装：apt-get install quake2
chromium，linux版的雷电，画面效果不知道比windows版的好多少倍，就是太难打了，我只能打到第2关：apt-get install chromium
supertux，超级玛丽，我最多打到第11关：apt-get install supertux
如果想玩windows平台的游戏，可以使用wine模拟器，我本人就成功在wine下玩星际争霸和DIABLOII，关于wine的设置可看我写的相关文档。

5.20 介绍几个debian针对笔记本的好东东：
IBM 的thinkpad系列笔记本对linux支持是出奇的好（冲这点，我以后只会买IBM的本本），Debian下有个软件tpctl，是针对 thinkpad系列本本配置和优化的工具包，安装很简单apt-get install tpctl ，不过要想完全使用它则必须内核支持，所以就要手动编译内核了。
下面在介绍几个Debian中专门针对笔记本的硬件配置工具包
tpconfig - 一个配置触摸屏设备的程序
sleepd - 笔记本电脑处于非工作状态时进入休眠
noflushd - 让空闲硬盘进入减速状态
acme - 激活笔记本电脑上的“多媒体按钮”
toshset - 访问大部分Toshiba笔记本电脑的硬件接口
toshutils - Toshiba笔记本电脑工具集
sjog - 激活Sony Vaio笔记本电脑上“Jog Dial”功能的程序
spicctrl - Sony Vaio控制器程序可增亮LCD背光

5.21 让你的debian更人性化:
也许你要使用U盘或数码相机之类的，当插入U盘时，debian可以自动在桌面上弹出其中当内容，安下面当方法做：
apt-get install hotplug udev
apt-get install hal hal-device-manager
apt-get install pmount
apt-get install gnome-volume-manager
安装来这些软件，debian还不能自动弹出U盘里当内容，你还需要做个配置：
U盘在linux时作为SCSI设备来访问当，所以为你当U盘建个目录:如：/mnt/u
然后编辑/etc/fstab
加入如下一行：
/dev/sda1 /mnt/u vfat iocharset=cp936，codepage=936

我的/etc/fstab文件内容如下：
# /etc/fstab: static file system information.
#
#
proc /proc proc defaults 0 0
/dev/hda2 / ext3 defaults,errors=remount-ro 0 1
/dev/hda3 none swap sw 0 0
/dev/hdc /media/cdrom0 iso9660 ro,user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0
/dev/hda5 /mnt/windows vfat user,umask=0,iocharset=cp936,codepage=936 0 0
/dev/sda1 /mnt/u vfat iocharset=cp936,codepage=936 0 0

5.22 最后讲一些apt的小技巧
在/etc/apt/apt.conf下添加（如没有新建一个）以下：
APT::GET::Show-Upgraded "true";
APT::GET::Purge "true";
APT::GET::Show-Versions "true";
APT::Cache::NamesOnly "true";

Debian 安装 设置 笔记

Debian 安装 设置 笔记
最近在折腾Linux. 这几天开始用Debian etch 版本，由于是注重服务器的版本，用作桌面还是费了我一番功夫。我是新手，
解决问题也没那么迅速，暂时把这两天的问题记录一下。
－－－－－－－－－－－－－－－－－－－－－
1 教育网的同志们遇到的第一个头疼问题，锐捷认证。曾经用一个mystar就搞定，但是最近学校对锐捷做了升级，mystar
也失效了。只好翻出古老的xrgsu来作认证。
解压xrgsu的tar包，运行不出意外肯定报错。通常是关于libpcap.so版本问题，这个比较好解决，在/usr/lib下作软连接
ln -s /usr/lib/libpcap.so.0.8 /usr/lib/libpcap.0.6.2
这里我的libpcap.so版本是0.8 其实debian 默认没有libpcap.so文件，这样如果有光盘的话插入光盘，然后用新利得软件包
管理器安装一下libpcap即可，如果没有光盘，有镜像 iso文件，现作mount -o loop /xxxxx/xxxx.iso /media/cdrom
然后使用新利得。
另外可能还需要libstdc++.so.5 这个文件，这个作软连接是不管用的，只好去别的机器上下载一个～ 如果你没有，只好跑网吧了:)
如果不想用新利得，去别的机器下载libpcap的源码包来自己编译安装也可以，这里必须下载另外两个包，分别是flex和bison
，他们在libpcap的编译过程中需要用到。现安装flex和bison,在libpcap.
过程很简单: 解压后进入文件夹
# ./configure
# make
# make install
注意要在root权限下运行上述命令。当然可以把用户添加到sudoer组里面用sudo 来运行

然后是设置ip 和 dns 这里只要注意一下使用dhcp动态ip和 静态ip的区别就行了。
关于xrgsu的使用参考readme文件。
注意xrgsu的运行也需要root权限。
－－－－－－－－－－－－－
2关于网速很慢。
这个问题比较头疼，普遍的做法是去掉ipv6支持。
编辑 /etc/modprobe.d/alias 文件
注视掉ipv6的行
在末尾添加 alias ....pf-ipv6 (我己不清楚了，跟上面注释掉的行一样) off （这个可以在网上很容易的找到）
alias ipv6 off
保存，运行 # update-modules
重启机器。

但是我的感觉没有多明显，网速时快时慢，感觉很奇怪，现在还没找到原因。而且慢就慢在解析域名上。
－－－－－－－－－－－－－－－－－－－－
3中文字体问题
我就不多说了，debian学习小组网站上很全面，这里只记录下思路
dpkg-reconfig locales 改变locale为zh_CN.utf8
apt-get install ttf-bitstream-vera ttf-arphic-uming
在字体设置一下
重启机器
－－－-------
4输入法安装scim 等，注意别忘了im-switch
由于debian4.0更新之后的gnome版本是2.18 ，和scim的pinyin输入法有冲突，表现在无法给文件夹重命名中文。
安装fcitx可以解决问题。

安装完之后注销。
－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－
5关于firefox2 ,我在网上下载了firefox 2.0 版本的tar包，解压后直接可以运行。
但是这个版本默认没有flash插件，自动安装也不成功，我从adobe flash网站上下载
了install_flash_player_9_linux.tar.gz,解压后将文件夹里的libflashplayer.so 文件复制
到 firefox文件夹下的 plugins文件夹中，重启firefox即可。

如果你使用默认的浏览器，参考下面的引用：
安装flash插件：
先下载9,0,31,0稳定版
http://www.adobe.com/shockwave/downl...ShockwaveFlash
tar zxvf install_flash_player_9_linux.tar.gz
cd install_flash_player_9_linux
sudo ./flashplayer-installer
安装路径填写/usr/lib/iceweasel而不是/usr/lib/mozilla
install another时选no
-------------------------------------------------------------------------------------
6 关于文件管理器
默认的桌面打开文件夹是简单窗口的模式，可以在其首选项的行为选项卡中选种 总是在浏览器中打开。
即可使用类似于windows下面的文件管理器的窗口。
－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－
7 关于firefox
我个人很喜欢这个浏览器，http://addons.mozine.cn/firefox/88/ 有很多附加插件资源，这个faster插件可以
提高firefox的浏览速度。
--------------------------------
8 关于一些默认软件，有些默认的工具不喜欢可以删除掉，我部喜欢evolution，喜欢thunderbird，
但是貌似debian里面的thunderbird叫做icedove mail，奇怪~
编辑我喜欢openoffice.org，昨天晚上安装好慢，中断了，今天早上快的出奇，800多k/s，爽歪了~
--------------------------
9关于pdf和chm文件的查看。
pdf可以用acrobat，默认好像就有，但是默认没有中文字体在这可以下载到中文语言包http://www.adobe.com/products/acrobat/acrrasianfontpack.html
关于chm
强烈推荐chmsee，deb包chmsee的官方就有，很好找，这个近乎完美~
--------------
netselect-apt方式:
`netselect-apt'会创建一个更完整的`sources.list'文件，但它使用更落后的方法来选择镜像站点
#apt-get install netselect-apt
#mv sources.list sources.list.bak //backup
#man netselect-apt //获取详细的使用方法
# netselect-apt -s testing
//下载http: //www.debian.org/mirror/list-full文件,并根据其内容测试网络,生成sources.list
也可将下载http://www.debian.org/mirror/list-full手动下载到本地, 并同过参数 -i 指定
同样可以通过 -o 参数指定输出文件而不是默认的sources.list

11关于u盘的挂载乱码

正确的做法是（假设你是GNOME用户）：
安装 gnome-mount，然后在 Nautilus 文件管理器中，选择相应的U盘，右键查看属性，如图，这里假设你用的是 UTF-8 的 locale。

OK.To Be Continued.... by sodar-fish

配置出一个比较易用的DEBIAN

http://www.yuanma.org/data/2006/0518/article_428.htm

经过N多次痛苦的经历和重装，终于能配置出一个比较易用的DEBIAN了，考虑到安装过程中的一些设置比较麻烦，为了不忘记，写下来，留个记录，也希望能给需要帮助的人提供点帮助把。
选择安装方法，虽然DEBIAN的网络强健，不过我还是选择了光盘安装，原因是学校的8021.X认证。下载Debian sarge 的第一张盘的IMAGE，然后刻成光盘。调整BIOS启动，光盘引导，开始安装进程……
第一个问题就是分区域，因为文件格式不同，linux需要的是ext2，3的文件格式，为了运行的速度，还需要有一个swap分区。因为我是所谓的 DUAL BOOT，大约有8G的空间用来安装，分区的时候选择的是一个／分区3G，分给SWAP分区400MB，其他的作为HOME分区。分区结束了，安装过程中也就没有什么难的了，时区，LOCALE，主机名，IP等等一一填写。DEBIAN基本系统的安装确实很快，大约15分钟把，一个DEBIAN基本系统就安装完毕了，拿出光盘，重启系统，如提示所言，“可以进入您的新DEBIAN系统了”
然后过程就是基本设置了，一切按照提示，一路NEXT，进行几个必要的设置就OK了，这里系统会提示你选择要安装的软件包，考虑到定制性，我放弃了，准备以后按照需要来手动APT安装。DEBIAN的方便之出也就在这里，如果设置你感觉不合理，可以运行base-config来重新进行配置。ROOT帐号在＊.nix系统里的地位实在是太重要了，自然你还需要一个普通帐号来作日常的工作，设置完成后，输入帐号密码，就可以登录系统了。
不过这个系统还有很多要完善的地方，还有不少的后续工作要作。首要的就是桌面的安装，毕竟没有桌面还是不太习惯。我选择GNOME，习惯了它的简洁，更重要的是他的绝对OPEN SOURCE，没有QT的双重授权限制，还是更符合OPEN SOURCE的精神。现在BASE－CONFIG里，把APT源选到光盘，然后： apt-get install x-window-system-core
apt-get install gnome-core
不过安装完成了需要设置下x，基本就是显卡型号，显示器什么的，如果你的显卡没有被正确的识别，那建议你用vesa模式，等待以后安装驱动。配置完成后，这样就可以通过startx，来进入X 了。如果x没有能正常启动，那估计是xserver的设置出了问题，dpkg-reconfigure xerver-xfree86(xserver-xorg,看你的版本了）来重新配置。不过由于版权的原因，DEBIAN是没有中文字体的，还需要安装中文字体。在OPEN SOURCE里，有些免费的字体，DEBIAN的源里就有，你可以apt-get install ttf-arphic-uming来获得这个字体，当然如果你有WIN系统的话，不考虑版权的原因，可以直接使用WIN下的SIMSUN字体。在拷贝c: \windows\fonts\simsun.ttc到/usr/share/fonts/truetype/ttf-bitstream-vera/目录中，然后调整权限 chmod xxx simsun.ttc(xxx代表权限的数字，比如777）。重启下X，就可以正常看到中文字体了，不过字体有点发虚，到“应用程序”－“桌面首选项”－ “字体”里，调成单色渲染，这样就能得到不错的显示效果了。
因为8021.x的原因，我把网络放到了这里来写。学校的8021.x是ruijie提供的，官方提供的客户端存在掉线的问题，不过还好，有人写出来个 crack版的。使用非常简单，复制＊.so文件到/lib，一个xrgsu_crack到/bin目录(cp xrgsu_crack /bin)，然后调整权限，为了照顾非root用户，我chmod 777 xrgsu_crack.用任何一种编辑工具，编辑/etc/apt/sources.list 在里面添加国内的源，因为我是教育网，而且版本是SARGE，所以我添加的是 deb http://debian.ustc.edu.cn/debian stable main non-free contrib 当然，你可以到http://debian.ustc.edu.cn/sources/来选择你合适的源。
现在好了可以通过网络来安装需要的软件了，Debian的APT包管理真的是非常方便。不过到这里，你应该用aptitude来管理包了，或者是
apt-get install synaptic
得到一个叫“新立得”的GUI界面的包管理软件，来管理系统安装的软件包。现在的系统还需要日常的一些工具，不过在这之前，硬件的驱动还是要解决的，网卡基本都可以被正常驱动，声卡的话，在LINUX里用ALSA可以驱动绝大部分的声卡，而debian下的alsa设置还非常的简单，只要：
apt-get install alsa
自动检查了依赖关系，安装了一些必要的包，然后运行alsaconf，选择你的声卡芯片，等待，然后看到提示所说的“Enjoy yourself,have a lot of fun"，用任何一个音量调节软件来调整下音量amix,等等都可以，根据个人爱好。MP3播放需要额外的软件支持，不过如果你是KDE的话，自带的 NOATUN就不错。
apt-get install xmms(或者是beep-media-player)
然后就可以正常的听音乐了。不过这个时候视频播放的问题来了，在*nix平台下，mplayer是个相当好的选择，设置见：
http://www.cublog.cn/u/18631/showart.php?id=109077
不过平时看到的视频文件种类也就那几个，不想编译MPLAYER的话，
apt-get install w32codecs totem totem-xine
也是个不错的选择，怎么用就看你的喜好了。
显卡的设置涉及的问题就比较多了，ATI和NV的方法不太一样，因为偶的是一快 radeon 9550，所以仅仅涉及ATI卡的设置，参见：
http://www.cublog.cn/u/18631/showart.php?id=109084
下面的一个问题就是输入法了，FCITX和scim都不错，个人倾向于后者，这个文章也是用SCIM的只能拼音写的，设置文章见：
http://www.cublog.cn/u/18631/showart.php?id=112364
fcitx设置见：http://www.cublog.cn/u/18631/showart.php?id=109073
DEBIAN下还需要的一些软件，就看你喜好了，可以到这里看看，或许有收获：
http://www.linuxsir.org/bbs/showthread.php?t=214930
这个时候在FIREFOX里浏览网页可能会有点字体问题，解决方法是在“编辑”－“首选项"里的字体里，改成SIMSUN，这样就可以看到漂亮的字体了，和XP下的一样漂亮。还有可能存在的一个问题是XMMS的菜单乱码问题，解决也比较容易，把LOCALES调成GB2312。
当这些都设置完成的时候，一个可以使用的系统也就基本设置完成了。
附：常用的一些软件（均来自ustc的源）
星际译王(debian下的'金山词霸'）：#apt-get install stardict-langdao-ce-gb stardict-langdao-ec-gb

gimp（linux下的图形编辑能手）：#apt-get install gimp

zhcon（linux下的中文平台）：#apt-get install zhcon
中文firefox：#apt-get install mozilla-firefox mozilla-firefox-locale-zh-cn

comes from:haiti.cublog.cn

Debain安装手记

Debain安装手记

听说Debain非常适合开发人员的，所以一直想安装它，再说目前的Ubuntu就是从Debain改版过来的。这几天试了一下怎么安装它。
最简单的方法：CD/DVD-ROM安装
这个安装应该不用说，以前安装过REDHAT和FC，这点应该不难，可是我的刻的4张DVD光盘第一张就有问题，刻的时候丢失了文件，这是在具体安装的时候才发现的，刻完之后当时还试了一下并且到选择语言和时区那步以为好了，其实不然到了真正安装那步就不行了，放弃！
第二种方法：网络安装
采用TFTP和DHCP两个服务器安装，不过这个要安装Debain的电脑需要支持PXE启动。在另一台电脑上建立这个两个服务器，我用的是TFTPD32，用这个时需要在这个目录下建立一个dhcp.conf文件，具体内容如下：
option domain-name "example.com";

default-lease-time 600;
max-lease-time 7200;

allow booting;
allow bootp;

# The next paragraph needs to be modified to fit your case
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.200 192.168.1.253;
option broadcast-address 192.168.0.255;
# the gateway address which can be different
# (access to the internet for instance)
option routers 192.168.0.1;
# indicate the dns you want to use
option domain-name-servers 192.168.0.30;
}

group {
next-server 192.168.0.30;
host tftpclient {
# tftp client hardware address
hardware ethernet 00:13:D4:27:7F:6F;
filename "pxelinux.0";
}
}

具体内容就不做解释，在TFTP目录下还需要几个文件netboot、pxelinux.cfg、pxelinux.0、debian- installer，其实只需要下载debian-installer.tar.gz就可以了，然后运行TFTPD，安装的时候电脑启动选择PXE。
第三种方法：硬盘安装
采用硬盘安装你需要Grub For Dos或者Grub4dos工具，把他们拷到C盘根目录下面，修改Boot.ini，在其上加上C：\bootgrdl="启动GRUB",然后把 Grub For Dos里的boot拷贝到C盘根目录下，修改里面的mem.list文件
Debian的启动：
title debain install

kernel (hd0,0)/boot/vmlinuz root=/dev/ram ramdisk_size=256000 devfs=mount,dall
initrd (hd0,0)/boot/initrd.gz
boot
然后从网上下载initrd.gz vmlinuz拷贝到C盘boot目录下，除此之外还需要下载一个安装的镜像文件一般选择的是BT版本的镜像文件，把这个镜像文件最好放在FAT32根目录下，一定要放在根目录下

debian安装小记
前段时间学习debian，发现安装的过程很是痛苦。有感于网上的资料过于古老，或者语有不详，所以想新起一贴，记录一下，以供大家参考。感谢学习过程帮助过我的人们。
以下是有两个不错的参考链接。
http://apt.nc.hcc.edu.tw/docs/debian_X/
http://www.linuxsir.org/bbs/showthread.php?t=175077

基本系统安装
1。下载安装镜像，刻盘。debian的盘有很多张，我们只需要第一张就可以了。大小大概是在100多M的样子。
2。设置你的bios，让他从光驱启动。
3。出现了debian的安装界面。enter开始安装。
4。选择语言，简体中文。地区，中国。键盘，美式英语。主机名称，网域，如无特殊需要，设为默认即可。
5。开始磁盘分区。建议分出/boot , / , /home，三个区，还有swap分区。
6。开始安装，安装结束时，会询问是否将grub写入mbr，选择是。
7。重启后，设置时区（不使用GMT），设定用户，密码。
8。apt加源，中国地区debian.cn99.com源还是很快的。加完源后，可能会提示安装桌面环境等，直接确定。
9。设置exim，选择只传送本地。

安装X
1。用vi修改/etc/apt/sources.list，修改所有的stable为etch(测试版）或sid(不稳定版）。在所有的main后面加上contrib non-free
2。安装zhcon，apt-get install zhcon。安装过程中提示选择默认，（以后的过程如有询问，如无特殊指出都选默认值）
3。运行zhcon，（命令行直接输入zhcon)
4。更新源列表apt-get update
5。版本升级apt-get dist-upgrade.(不想升级版本则使用apt-get upgrade)
6.配置locale，dpkg-reconfiguer locales,选择en_US iso9660 en US utf-8 ,中文的除了默认的再选上zh CN 的utf-8,GTK，和zh TW的utf-8,GTK，默认值选zh CN.utf-8
7.安装vim,apt-get install vim
8.安装最新内核，此步重要。为了不让你的机子因为硬件不能识别而进不了x-window，建议升级内核。
apt-get install linux-image
选择适合你机子架构的内核安装
9。重启后安装x-window.
apt-get install x-window-system-core（安装完全版用apt-get install x-window-system)
10.成功的输入startx，就可以看到x了

桌面环境gnome
1。安装gnome，apt-get install gnome（也可以只安装核心，apt-get install gnome-core)
2.安装字体apt-get install ttf-arphic-bkai00mp ttf-arphic-bsmi00lp ttf-arphic-gbsn00lp ttf-arphic-gkai00mp
3。安装输入法xfonts-intl-chinese,scim scim-chinese,scim-tables-zh,要安装小企鹅输入法apt-get install xfonts-intl-chinese fcitx
4.配置输入法，scim使用echo 'export XMODIFIERS=@im=SCIM；export GTK＿IM＿MODULE="scim";scim-d'>/etc/X11/Xsession.d/95xinput
使用fcitx,则改所有scim为fcitx
5.安装gdm，apt-get install gdm，也可以用kdm

桌面环境kde
1。安装kde apt-get install kde 或者 apt-get install kde-core
2。要让kde显示中文，安装apt-get install kde-i18n-zhcn
3。其余与gnome相似，kde下有一个scim的前端，skim，可在安装完scim后安装。apt-get install skim

硬件驱动
1。安装xdebconfigurator，apt-get install xdebconfigurator
2.检测你的硬件，xdebconfigurator
3,写入文件dexconf

字体美化
1。参考http://www.coolcode.cn/?p=55，确实是一款不错的字体，解决了粗斜的问题。
2。如果字体发糊，可能是配置文件权限的问题。
执行chmod +r /etc/fonts/local.conf
chmod +r /etc/gtk-2.0/gtkrc.zh_CN
chmod +r /etc/gtk-2.0/gtkrc.zh CN.utf-8

多媒体方案
1。加入源
deb http://www.debian-multimedia.org etch main
2。安装解码器apt-get install ffmpeg w32codecs libdvdcss
3。安装各类播放器apt-get install kmplayer mplayer amarok amarok-xine kaffeine。此处推荐mplayer 和 kmplayer ，amorok(kde下）。另外装上gstreamer010-ffmpeg后，gnome下的各类使用gstreamer的播放器也能支持mp3, wma,rm等格式了。
4。安装firefox
apt-get install mozilla-firefox mozilla-firefox-locale-zh-cn

debian 安装配置详解
1.安装基本系统：

我使用的是网络环境安装方式，优点在于可以省去不断更换光盘的麻烦和体现Debian强势的网络功能（没有网络的Debian是灰色的，有网络的Debian是彩色的）；这种安装方式需要高速的网络支持才行，现在随着宽带的普及，这点应该不成问题。

安装版本选择使用Sarge，不要用 3.0 Woody，很快Sarge就会进入stable，也就是3.1，
http://debian.cn99.com/debian-cd/sarge/rc3...386-netinst.iso 是最新的netinst盘镜像，可以硬盘安装，但是刻一张光盘会更简单稳妥，省去不少麻烦。

把光盘放进光驱，由光盘启动，出现boot：时候直接按回车是使用2.4内核，也可键入linux26回车，使用2.6内核；安装语言选简体中文，剩下的一路都有中文提示；基本系统安装过程结束后，会要求拿出光盘，重启机器后进行base-config配置。

系统重启后会自动进入base-config配置：

时区设置：亚洲/上海

设置root用户密码和启动shadow

建立系统用户

设置sorucelist为http方式，源可选debian.cn99.com或者mirrors.geekbone.org，速度都非常快

配置exim客户端，不想用exim作为邮件客户端的，可以选择不配置exim程序

选择安装软件时，我什么都没选，因为我想高度的自定义系统

结束base-config后，就可以登入系统了，如果再想在控制台下进行base-config和使用apt安装软件不会出现乱码，则要运行zhcon进入中文控制台环境，才会有正常的中文界面出现，除非设置了在控制台下不使用中文locale，或用了unicon补丁的内核，就先安装zhcon，很简单 apt-get install zhcon，然后运行zhcon，进入中文控制台环境。

如果是adsl拨号上网的用户进入Debian系统后，先配置好拔号程序，运行pppoeconfig进行配置。按提示填上ADSL帐号和密码即可。注意，网卡的网关不要设，否则会连接不上外网。成功连接Internet后再选择源来进一步安装。


2.系统的升级和编译内核：

2.1 系统的升级
Sarge安装的系统是testing，如果想使用更多软件和体验Debian更新的功能，可以升级到sid，
修改/etc/apt/sources.list，把里面testing全部替换成sid，下面是我的sources.list文件：
deb http://mirrors.geekbone.org/debian/ testing main contrib non-free
deb-src http://mirrors.geekbone.org/debian/ testing main contrib non-free

deb http://debian.cn99.com/debian/ testing main contrib non-free
deb-src http://debian.cn99.com/debian/ testing main contrib non-free

deb http://mirrors.geekbone.org/debian/ sid main contrib non-free
deb-src http://mirrors.geekbone.org/debian/ sid main contrib non-free

deb http://debian.cn99.com/debian/ sid main contrib non-free
deb-src http://debian.cn99.com/debian/ sid main contrib non-free

deb http://debian.okey.net/debian-uo/ sid java marillat rareware misc
deb http://ftp.debian.org/debian/ sid main contrib non-free
然后运行命令:
apt-get update
apt-get dist-upgrade（注意：普通升级用apt-get upgrade，发行版升级用apt-get dist-upgrade）
当然为求稳定可以先不升级到Sid，那就不必把Sid的源加进sources.list。

在升级的过程中，通常会把系统现有较老的内核版本替换成源上最新的内核版本，当然我们自己也能使用apt-get install来安装新版本的二进制内核包，比如安装是选的是2.4内核，那就可以apt-get install kernel-image-2.6.8.1-i386来装上2.6内核，（Sid上是2.6.10），不过在安装新内核之前，先apt-cache search --names-only kernel-image一下， 查找一下可用的版本，选一个适合自己的CPU的。

2.2 编译内核
但更新二进制的内核包会有两个问题，一是内核包的更新要滞后于Linux内核的更新速度，也就是说采用该方式你用不到最新的内核；二是内核包不是针对你的计算机编译的，所以性能和配置可能会不符合你的要求，所以很多情况下我们需要自己手动编译源码包的内核。

首先到http://www.kernel.org 下载最新的2.6.10内核，解压到/usr/src目录下；
tar -jxvf linux-2.6.10.tar.bz2 -C /usr/src
cd /usr/src
ln -s linux-2.6.10 linux
接下来安装编译2.6内核所需的软件：
apt-get install kernel-package ncurses-dev fakeroot module-init-tools
在/usr/src/linux目录下运行以下命令配置和编译新内核：
make menuconfig
make-kpkg clean
fakeroot make-kpkg --revision=mykernel.1.0 kernel_image
如果编译失败，可用make clean和make menuconfig重新配置和编译。
配置信息默认会保存在/usr/src/linux/.config文件中。

内核编译完成后在/usr/src目录下就会生成一个kernel-image-2.6.10_mykernel.1.0_i386.deb软件包，用以下命令安装：
dpkg -i kernel-image-2.6.10_mykernel.1.0_i386.deb
这样，在/boot目录下会生成System.map-2.6.10，vmlinuz-2.6.10文件。在安装内核时grub会自动生成启动选项，非常方便，当然也可以手动来修改grub配置文件menu.list，这就随个人喜好了，重启系统，开始使用新内核。

我们在编译内核过程需要注意的是：1）内核配置完成后，在退出配置菜单时如果选择保存配置，则会在当前目录中生成一个.config文件，记录内核的所有配置参数。该配置文件会在下次配置内核时自动导入。也可以通过内核配置菜单的导入和存盘功能导入其它内核配置文件和把当前配置以任意的名字保存在其它地方。 2）Loadable module support-->Module unloading选项可允许卸载已加载的内核模块。通过该功能，我们可以通过rmmod module_name和modprobe module_name命令改变内核模块的加载参数。

用新内核重启时如果提示VFS不能挂接问题（很久以前我教我同学第一次编内核的时候，他出现的就是这个问题）
提示出错信息类似以下内容：
VFS:Cannot open root device "hdb2" or unknow-block(0,0)
Please append a correct "root=" boot option
kernel panic-not syncing: VFS:Unable to mount root fs on unknow-block(0,0)
原因：ext2文件格式支持没有编译进内核，不论你使用ext3或其它文件格式,ext2支持都必须直接编译进内核，不能以内核模块形式编译。

如果要使用alsa，那么在内核选项中要加入alsa模块，然后安装：apt-get install alsa-utils aumix xmix，完成以后输入alsaconf来自动配置，如果一切正常的话，完美无瑕疵的声音就会永远伴随你了。


3. 安装桌面系统：

3.1 安装x-window
先安装X-Window系统：apt-get install x-window-system
安装过程中会配置Xfree86，需要知道显卡芯片，显示器参数等，当然不知道也行，可以让Xfree86自动找寻你的显卡芯片等。
这里值得一提是如果显卡是nvidia和ATI的芯片，那么需要重新编译配置带nvidia和ATI的官方驱动的内核，不然Xfree86只会默认安装通用驱动程序，要想玩3D游戏和在Linux下模拟星际争霸和DiabloII的话就.....，Debian的各个源上都有nvidia-kernel各个版本下载，需要的话可以下载下来参照有关文档进行配置，这里就不多说了；配置完Xfree86后，可以输入startx测试一下，如果正常的话应该没问题了，退出X继续前进。

安装中文字体：apt-get install xfonts-intl-chinese；不过这个中文字体库不怎么好看，第4部分会具体讲到字体的设定。

3.2 设定Locale
接下来设定Locale，在Linux中通过locale来设置程序运行的不同语言环境，locale由ANSI C提供支持。locale的命名规则为<语言>_<地区>.<字符集编码>，如zh_CN.GBK，zh代表中文， CN代表大陆地区，GBK表示字符集。在locale环境中，有一组变量，代表国际化环境中的不同设置：
LC_COLLATE，定义该环境的排序和比较规则
LC_CTYPE，用于字符分类和字符串处理，控制所有字符的处理方式，包括字符编码，字符是单字节还是多字节，如何打印等。是最重要的一个环境变量。
LC_MONETARY，货币格式
LC_NUMERIC，非货币的数字显示格式
LC_TIME，时间和日期格式
LC_MESSAGES，提示信息的语言。另外还有一个LANGUAGE参数，它与LC_MESSAGES相似，但如果该参数一旦设置，则LC_MESSAGES参数就会失效。 LANGUAGE参数可同时设置多种语言信息，如LANGUANE="zh_CN.GB18030:zh_CN.GB2312:zh_CN"。
LANG，LC_*的默认值，是最低级别的设置，如果LC_*没有设置，则使用该值。类似于 LC_ALL
LC_ALL，它是一个宏，如果该值设置了，则该值会覆盖所有LC_*的设置值。注意，LANG的值不受该宏影响

举个例子，使用zh_CN.GBK中文locale：
einstein:~# export LC_ALL=zh_CN.GBK
einstein:~# locale
LANG=zh_CN.GB2312
LC_CTYPE="zh_CN.GBK"
LC_NUMERIC="zh_CN.GBK"
LC_TIME="zh_CN.GBK"
LC_COLLATE="zh_CN.GBK"
LC_MONETARY="zh_CN.GBK"
LC_MESSAGES="zh_CN.GBK"
LC_PAPER="zh_CN.GBK"
LC_NAME="zh_CN.GBK"
LC_ADDRESS="zh_CN.GBK"
LC_TELEPHONE="zh_CN.GBK"
LC_MEASUREMENT="zh_CN.GBK"
LC_IDENTIFICATION="zh_CN.GBK"
LC_ALL=zh_CN.GBK

因为我们刚开始按安装的时候选择的是简体中文模式，所以默认的Locale也就是简体中文，当然我们还能增加新的locale和更改locale设置： dpkp-reconfigure locales，也可手动修改/etc/locale.gen文件，添加新的locale，然后执行locale-gen，即可生成新的locale，再通过设置上面说的LC_*变量就可设置系统的locale了。下是我的locale.gen文件：
zh_CN GB2312

en_GB ISO-8859-1
en_GB.ISO-8859-15 ISO-8859-15
en_GB.UTF-8 UTF-8
en_US ISO-8859-1
en_US.ISO-8859-15 ISO-8859-15
en_US.UTF-8 UTF-8
zh_CN.GB18030 GB18030
zh_CN.GBK GBK
zh_CN.UTF-8 UTF-8
zh_HK BIG5-HKSCS
zh_HK.UTF-8 UTF-8
zh_TW BIG5
zh_TW.EUC-TW EUC-TW
zh_TW.UTF-8 UTF-8

3.3 安装桌面环境
搞定Locale以后就是安装桌面集成环境了，目前Linux下流行的是KDE和Gnome；Gnome是基于GTK+，KDE则是基于Qt，两者所用的库是不同的。安装哪个随个人喜好而定，我一直用的是Gnome。
安装：apt-get install gnome
如需安装KDE，则执行：apt-get install kde kde-i18n-zh*

当然我们也可以不使用KDE和Gnome，而使用自由度更大，稳定性更好的WM，如FVWM，WindowMaker，enlightenment等等，这些都是Linux下流行的WM，也就是窗口管理器，它们和KDE，Gnome是两个概念。X-window的核心是X-server，X-server只负责程序的运行和输入输出，窗口界面它没有定义和管理，它要靠窗口管理器来负责，这也是X-window灵活强大的功能之一。而KDE和Gnome是一种工作环境，里面已经包含了窗口管理器，系统管理程序，文件管理程序和一些工具软件的集合，所以它们可以说一个集成的工作环境，KDE的窗口管理器叫做 kwin；Gnome在历史上用过的窗口管理器包括englightenment，sawmill，sawfish，metacity。

当然使用窗口管理器来要比使用KDE和Gnome难的多，但通过不同的窗口管理器，你可以定义出千变万化的窗口环境，突显你的个性，要多酷有多酷，稳定性也比KDE和Gnome强的多，我本人现在一直用的是FVWM，已经很少用Gnome了。如果要想了解更多的关于X-window和窗口管理器的知识请查看我写的相关文档。

装好Gnome以后，接下来安装GDM，GDM即是GNOME显示管理器（GNOME Display Manager），用来管理你的X会话，提供登录窗口。类似XDM，但比XDM稳定和有趣得多。使用GDM显示管理器时，可以选择丰富的主题。GDM主题的目录在/usr/share/gdm/themes中，安装时可通过gdmconfig程序来自动安装。

具体安装步骤如下：首先到网上下载你喜欢的GDM主题，http://gnome-look.org/ 有很多，你可随意下载，主题文件类似于21329-gdm-debian-white.tar.gz。下载后存放到任意一个目录中。然后运行 gdmconfi程序，打开gdm配置窗口。在＂通用＂标签栏，确认你在本地启用了＂图形欢迎程序＂选项。接着，选择＂图形安装程序＂标签，这里列出了已安装的所有GDM主题，默认已有三个。按右下角的＂安装新主题＂按钮，会打开文件选择窗口，选择你刚下载的主题文件后按＂安装＂就可以了。是不是很方便，快到网上下载你喜欢的主题，使你的登录界面与众不同，更有个性。

同时也能更改GDM显示语言，只要修改/etc/default/gdm文件中的LANG参数就可以了。

3.4 安装中文输入法
中文输入法的安装，我习惯使用fcitx，apt-get install fcitx；然后新建/etc/X11/Xsession.d/25xchinput-start，内容如下：
export G_FILENAME_ENCODING=@GB2312 #配置GTK+程序的打开文件窗口字体编码为GBK
export LANG=zh_CN.GB2312
export XMODIFIERS=@im=fcitx
fcitx
这样只要是启动X，不管是进入gnome还是KDE都会自动启动fcitx

修改/etc/environment，内容如下：
LANGUAGE="zh_CN.GB2312"

LANG=zh_CN.GB2312
export G_FILENAME_ENCODING=@GB2312
export LC_ALL=zh_CN.GBK
export G_BROKEN_FILENAMES=1
此外在~/.bashrc文件也加入export G_BROKEN_FILENAMES=1

至此中文化的桌面系统已经安装完成。


4. 安装字体和美化

字体设置在X系统中是一项较复杂而又非常重要的内容，字体是我们一进入X-window就必须整天面对的，清晰、美观的字体会使我们工作起来赏心悦目，轻松愉快。XFree86是X系统在X86架构中的免费实现（现在好象不是GPL的了），也是现在Linux 系统默认的X系统。为了设置好字体，我们需了解XFree86系统中的字体系统的原理和实现技术。只是照抄网上的设置可能也可配置出一套效果不错的字体，但这样我们只会知其然而不其所以然，不能融会贯通，灵活应用。请随我慢慢进入XFree86中的字体系统，一窥其中的奥秘。

4.1 两套字体
XFree86 系统有两套的字体系统，这也是为什么X-window中字体设置较复杂的原因之一。这两套的字体系统分别是：核心X11字体系统和Xft字体系统。核心 X11字体系统是应用最广泛的一套字体系统，所有的X系统都支持。Xft字体系统是一个新的字体技术，只能用在基于XFree86系统的X系统上，但该套字体系统配置简单，容易使用，将是未来发展的方向。

4.1.1 Xft
Xft是一个library，它没有自已的配置机制，它依靠fontconfig库来配置和定制字体，Xft负责字体的显示。也就是说， fontconfig是一种让X系统可以找到某种字体的库，而Xft是负责在X系统中把fontconfig库找到的字体如何显示出来的库。所以讨论 Xft字体配置其实就是讨论fontconfig。fontconfig包含在XFree86发布版中。

fontconfig的作用：自动搜索字体路径，发现新拷贝的字体；当需显示的字体不存在时，会自动选择其它字体代替显示。这也就是我们在美化字体时为什么要调整字体的排列顺序的原因；配合Xft等X系统的渲染引擎，实现质量的字体输出。

fontconfig 的配置文件有三个，一个是系统级的配置文件，位于/etc/fonts/fonts.conf，该目录下还有一个 local.conf，一般我们只修改local.conf文件，fonts.conf一般不建议去修改，不过fontconfig2.3以上版本已经取消掉了local.conf，系统级的配置全部是fonts.conf文件，并且2.3版的fontconfig已经进入Sarge。第三个配置文件是用户主目录下的 ~/.fonts.conf，它是用户级的字体配置文件，只对当前用户有效。这三个文件的格式是一样的，都是一个XML格式的文件。该XML文件的语法规则在fonts.dtd里定义。详细的配置介绍请参考中国Linux公社中的“Linux高质量字体研究”论坛。

在Xft字体系统中安装新的字体是很简单的，只需把字体文件拷贝到fonts.conf中指定的字体文件目录即可，fontconfig会自动感知新字体。默认的字体目录有四个，分别是：
/usr/share/fonts
/usr/X11R6/lib/X11/fonts/Type1
/usr/local/share/fonts
~/.fonts
当然也能增加其他目录，只要手动修改/etc/X11/fs/config文件，给其中catalogue那一行最后加上你的字体路径就可以了。

把新字体文件拷贝到字体目录后，我们就可用fc-list命令列出新安装的字体，如果没有，可用fc-cache命令手动更新系统字体配置。这样，再运行 fc-list就应该可以看到新安装的字体了。使用Xft字体系统是不用配置/etc/X11/XF86config-4的，也不用重启X服务器使配置生效。Xft字体系统比起传统的X11核心字体系统来说真的是方便很多。所以它是未来的发展方向。目前，并不是所有的应用程序都支持Xft字体系统。下面是各类程序对Xft字体系统的支持情况介绍：
GTK+2.x和QT程序都可以使用Xft字体系统，但GTK+1.x程序是不支持Xft字体系统的，它只能使用X11核心字体系统。
GTK+2.2版本及以上的程序默认使用Xft字体系统，不用进行配置。GTK+2.0程序如果要使用Xft，则需设置环境变量GTK_USE_XFT=1。
GTK +2.x程序字体配置可通过gnome桌面系统提供的gnome-font-properties工具来配置，该工具可在GNOME桌面环境中的"应用程序"--"桌面首选项"--"字体"中找到。GTK+2.x程序还有一个全局配置文件/etc/gtk-2.0/gtkrc，里面可设置 GTK+2.x程序所用字体，该文件的内容如下：
style "gtk-default-zh-cn" &leftsign;
font_name = "Bitstream Vera Sans 10,SimSun 10"
&rightsign;
class "GtkWidget" style "gtk-default-zh-cn"
这样GTK+2.x程序的英文会用10号的Bitstream Vera Sans字体显示，中文会用10号的SimSun字体显示。

QT程序的默认字体可在KDE的“控制中心”--“外观和主题”--“字体”中设置，也可运行qtconfig图形化配置工具设置。但好象控制中心的设置优先级高于qtconfig工具。

4.1.2 X11核心字体系统
配置X11核心字体有两步，第一步是建立字体目录，在该目录中包含字体文件。第二步是配置X服务器，使它能使用这些字体。下面我以配置simsun.ttc字体为例说明：
在/usr/share/fonts/truetype/目录下建一目录：mkdir /usr/share/fonts/truetype/ms
把微软的simsun和tahoma字体复制到该目录下，并改名：
cp simsun.ttc /usr/share/fonts/truetype/ms/simsun.ttf
cp tahoma.ttf /usr/share/fonts/truetype/ms/tahoma.ttf
进入字体目录cd /usr/share/fonts/truetype/ms/，执行ttmkfdir，如果没这个命令，则apt-get install ttmkfdir安装一个，然后执行，这个命令将生成fonts.scale，复制该文件一份命名为fonts.dir：cp fonts.scale fonts.dir。
将simsun目录加入/etc/X11/XF86Config-4里设定字体路径的那一部分，可以给那部分后面追加一行FontPath "/usr/share/fonts/truetype/ms"（记住，如果想要Xft也使用该字体的话，修改/etc/X11/fs/config文件，给其中catalogue那一行最后加上/usr/share/fonts/truetype/ms/），重启X服务器后就可使用simsun和 tahoma字体了。xlsfonts命令可列出系统中已安装的X11核心字体。

GTK+1.x程序使用X11核心字体系统。要在GTK +1.x程序中正确显示中文，需修改/etc/gtk/gtkrc.zh_CN，将其中的引号内的字体描述信息全删除掉，改为“-adobe- helvetica-medium-r-normal--12-*-*-*-*-*-iso8859-1,-misc-simsun-medium-r-normal -*-*-*-*-*-gbk-0,-*-”，这样GTK+1.x程序就应该可以正确地显示中文了。

4.2 字体的美化
安装好字体以后，就是对字体的美化设置了。现在多数的程序都支持Xft字体系统的fontconfig库，所以调整该字体系统就可使程序达到很好的显示效果。具体调整方法是：使用的是2.2版本fontconfig是修改/etc/fonts/local.conf，因为fonts.conf是系统级的字体配置文件，一般不要修改该文件，它通过include指令应用local.conf文件里的配置信息；；2.3以上版本的fontconfig则修改 /etc/fonts/fonts.conf文件，已经取消掉了local.conf文件。此外还有个~/.fonts.conf，它是用户级字体配置文件，修改此文件也能达到效果。
我用的fontconfig版本是2.3.1-2，所以就直接修改/etc/fonts/fonts.conf文件，以下是我调整字体的过程：

4.2.1 重排字体显示的优先级，使中英文字体更美观，排在最前面的字体会优先显示，如果没有该字体，则使用下一行的字体，以次类推
找到

和

在与Bitstream Vera Sans中间增加两行如下

Tahoma
SimSun
Bitstream Vera Sans
……
然后找到

在Bitstream Vera Sans之后增加一行SimSun

Bitstream Vera Sans
SimSun
……
这儿改完了吧，下面还有一个地方，

发现没有，这也是三种别名：serif、sans-serif、monospace，这儿怎么改不用我说了吧？

4.2.2 调整文字间距过大问题：
加入以下代码：


zh-tw
zh-cn
ja
ko


proportional


false



4.2.3 关闭所有10至15号字体的抗锯齿功能：
加入以下代码：


10


15


false




5. 完全生活在Gnu/Linux下

5.1 shell
我是用bash，我想大多数人都是习惯用bash的，它的基本功能就不多说了，我现在喜欢bash的readline功能，readline可能很多人都不太熟悉，它是一个强大的库，只要使用了它的程序，都可以用同一个配置文件配置，而且用同样的方法操作命令行，让你可以方便的编辑命令行，至于 readline如何使用，不是本文的主题，这里暂不讨论。bash是 Debian系统基本组件，不需安装。

5.2 编辑器
我最喜欢emacs了，接下来就是vim，除这二者外其他一概不用，通常情况下我是用vim修改配置文件，用emacs写文档，脚本和程序，当然还有其他很多用处。安装：apt-get install emacs21 emacsen-common emacs-intl-fonts emacs-lisp-intro vim vim-gnome，关于emacs的使用可看我写的相关文档。

5.3 文档工具
我现在都用emacs+LaTeX写文档， LaTeX是TeX一个宏包；TeX是一个伟大的排版系统，它的作用可以说成是你优雅而聪明的秘书。它和一般的字处理程序（如Word）不同，字处理程序是“所见即所得(WYSIWYG)”的，你直接修改字体，颜色，用鼠标画出表格…… 马上就可以看到效果。屏幕上显示出来是什么效果，印出来基本上就是那个效果。而TeX不是，被设计为“WYTIWYG（所想即所得）”，使用的时候只要考虑文档的整体排版格式，如：“这一段是否应该属于上一节呢？”，“这句话跟我这章的主题符合吗？”，“是否应该开始新的一章呢？”，“这个概念读者是否容易理解呢？”......而不用去管具体文档的细节，如：“这个单词使用什么字体”，“这行应该缩进多少呢？”......此外我用LaTeX还解决了和 MS平台文档沟通的问题，经管用Openoffice之类的开源办公软件可以很好的兼容MS Office格式，但是还不能完全兼容，特别是Openoffice生成的文档，用MS Office打开还是有很多问题；用LaTex可以生成漂亮的pdf文档，pdf格式是跨平台性的，不管什么操作系统，打开的pdf都是一个样子的。

5.4 办公套件
我本人很少用openoffice，一般都是打开别人发给我的doc文档和xls文档，安装：apt-get install openoffice.org openoffice.org-bin openoffice.org-debian-files openoffice.org-gtk-gnome openoffice.org-help-zh-cn openoffice.org-l10n-en openoffice.org-l10-zh-cn；用openoffice打开中文名文档需要在命令后面加上%s重新建立关联，不然的话会提示找不到该文件。

5.5 pdf文档阅读
不要使用gnome自带的gpdf阅读器，对中文字符集支持很差，可以使用xpdf或者 Acrobat Reader，两者都能完善的显示中文，从显示效果来看，Acrobat Reader要好一点，安装xpdf相对简单，只要：apt-get install xpdf xpdf-chinese-simplified；Acrobat Reader目前debian没有专门的deb包下载，需要到Adobe主页上去下载linux版的安装文件和字体库，也可从这里下载主程序，这里下载中文字体库。

5.6 chm格式文件
直接用apt-get install xchm即可。

5.7 字典
我用的是大名鼎鼎的星际译王了，安装过程apt-get install stardict，不过光有stardict还是没有的，还需要到http: //prdownloads.sourceforge.net/stardict/ 上去下载字典；顺便说一下，如果没用alsa驱动声卡，用的是esound的话，那么要打开stardict的朗读功能需要修改 /etc/esound/esd.conf文件，把auto_spawn=0改为auto_spawn=1，系统重启以后就能听到stardict的朗读声了；据说emacs可以使用一个叫做dictionary的扩展连接字典服务，可以随时用鼠标右键查询词意，以后要试试。

5.8 浏览www
太多了，Mozilla Web Browser，Epiphany Web，Firefox......我现在用的是Mozilla Web Browser；
如果想要用firefox，就apt-get install mozilla-firefox mozilla-firefox-gnome-suppor mozilla-firefox-locale-zh-cn

5.9 邮件客户端
和web浏览器一样多，我用的是thunderbird，可以从这里下载编译好的二进制包。

5.10 即时通讯工具
我用gaim来上msn，apt-get install gaim
用lumaQQ来上QQ，可以到http://lumaQQ.linuxsir.org/main/index.php 下载，也可从此处下载。
IRC客户端：我用的是xchat，很好用：apt-get install xchat

5.11 BBS
我喜欢用基于文本的qterm：apt-get install qterm

5.12 ftp客户程序
我一向不太喜欢图形界面的ftp工具，所以一直用的是lftp，lftp功能十分强大，几乎具有bash的所有方便功能，Tab补全，bookmark，queue，后台下载，镜像等等，安装过程：apt-get install lftp
lftp 缺省不会显示 ftp 服务器的欢迎信息和错误信息，这在很多时候不方便，因为我们可能想知道这个服务器到底是因为没开机连不上，还是连接数已满。如果是这样，可以在 ~/.lftprc 里写入一行debug 3，就可以看到出错信息了。

5.13 自动下载工具
wget，我原来用的是基于图形的d4x和Mozilla的下载管理器，有一次下载gd库源码，下回来的tgz包一解压就出错，后在其他的windows机器中用 ie下载，也是一样，最后还是wget可靠的传输了数据，所以现在我一直用它：apt-get install wget

5.14 虚拟终端
rxvt；一开始我用的是gnome-terminal，但很快发现这东西耗资源的不得了，在全屏的情况下，滚动速度太慢了，实在受不了，后来知道了rxvt，一用发现它占用资源少，启动速度飞快，比gnome-terminal爽多了，就一直使用它；下面介绍一下Debian下rxvt中文终端的安装：在 Debian中有很多个rxvt包，可用apt-cache search rxvt命令查询。主要有以下三类，一个就叫rxvt，不支持中文显示；一个叫rxvt-ml，支持GB和BIG5中文编码；还有一个叫rxvt- unicode，支持unicode编码。第一种不支持中文，这里就不讨论了。下面分别讨论rxvt-ml和rxvt-unicode两种rxvt终端的安装。

安装rxvt-ml：apt-get install rxvt-ml
安装完成后，在/usr/bin目录下会生成几个 rxvt程序，分别是crxvt crxvt-big5 crxvt-gb grxvt krxvt 和一个指向/etc/alternatives/rxvt的链接文件rxvt。这六个程序分别对应不同的语言编码环境，crxvt-gb用于中文GB编码环境；crxvt-big5用于大五码编码环境；krxvt用于日文环境，我测试过，krxvt也可用于中文环境；grxvt用于greek键盘环境； crxvt也是用于大五码环境；rxvt链接默认指向krxvt。对于我们来说，只需使用crxvt-gb这个程序就可以了。

安装rxvt-unicode：apt-get install rxvt-unicode
安装完成后，直接运行rxvt或rxvt-unicode即可，对locale好象没有什么要求。rxvt-unicode还有两个程序，一个是 urxvtd(daemom)，一个是urxvtc（client）。通过这对程序可用一个线程打开任意多个终端窗口，大大提高程序启动的速度，并有效减少内存的占用。rxvt-unicode可支持多国语言，但程序启动比crxvt-gb慢好多，而且对中文字符的支持也不是太好，比如全角的双引号，在 rxvt-unicode中会变得很大，很不协调。所以功能和性能，不可能两全其美哦。

rxvt的配置选项是很丰富的，我们可通过命令行或X资源文件来配置。命令行方式只能一次性改变rxvt的设置，如：
rxvt -fn 8X16 -fg white -bg black，这句的设置表示使用8X16的字体，终端屏幕为黑底白字。
但每次都在命令行输入大量的配置信息太麻烦，我们可以用X系统的资源文件把调整好的配置保存起来，以后就不必输入那么多的配置信息了，可以通过修改~/.Xresources文件来实现，如果用户主目录没有该文件可自行创建。以下是我的~/.Xresources内容：
! my rxvt setting
Rxvt.background:black
Rxvt.foreground:white
Rxvt.colorBD:yellow
Rxvt.colorUL:green
Rxvt.multichar_encoding:gb2312
Rxvt.scrollBar:True
Rxvt.scrollBar_right:True
Rxvt.scrollBar_floating: False
Rxvt.scrollstyle: next
Rxvt.saveLines:1500
Rxvt.color0:black
Rxvt.color1:red
Rxvt.color2:#3a5da3
Rxvt.color3:#4b76cc
Rxvt.color4:RoyalBlue4
Rxvt.color5:magenta
Rxvt.color6:#a1b5dd
Rxvt.color7:#8a95aa
Rxvt.color8:#616668
Rxvt.color9:#075982
Rxvt.color10:#0f82bc
Rxvt.color11:#13a9f4
Rxvt.color12:SkyBlue2
Rxvt.color13:#63c2f2
Rxvt.color14:#6caccc
Rxvt.color15:#dbeff9
Rxvt.font:-b&h-lucidatypewriter-medium-r-normal-*-14-*-*-*-*-*-iso8859-*
Rxvt.mfont:-misc-simsun-medium-r-normal--0-0-0-0-c-0-gb2312.1980-0
Rxvt.menu:/etc/X11/rxvt.menu
Rxvt.preeditType:Root
如果是在rxvt-unicode中，资源文件的名称前缀改为rxvt，而不是Rxvt。
修改完资源文件后，只要运行：xrdb .Xresources，就能使配置生效了

rxvt的配置参数有很多，可使我们定置出个性化的终端。详细的参数可查询man页或用rxvt --help列出。配置很简单方便的，有兴趣的朋友可测试一下。我在这里就不一一介绍了。

5.15 同步程序
rsync，我用rsync通过ssh来跟我的www.sinonet.org 服务器同步数据，主要是网站内容的远程更新，有的时候在家里做台机与笔记本之间的数据同步，主要内容是电影和mp3拉，安装：apt-get install rsync

5.16 听音乐
好多哦，xmms，beep-media-player，安装：apt-get install xmms beep-media-player，xmms是基于GTK+1.x的，第4章已经讲到了如何使GTK+1.x程序显示中文，这里不再重复，只说一下 xmms的播放列表如何显中文，在xmms的首选项中（~/.xmms/conf文件）修改列表字体和标题字体，都改为这个：-adobe- helvetica-medium-r-normal- -12-*-*-*-*-*-iso8859-1,-misc-simsun-medium-r-normal-*-*-*-*-*-gbk-0,-* -，重启xmms就可以看到播放列表中的所有歌名都是中文的了。
我听mp3一直是用emacs+emms+mpg321的，具体如何配置可参考我写的相关文档

5.17 看电影
我感觉totem不错，它是一个使用xine库的多媒体播放器，可播放多种媒体格式的文件，如mp3，avi等。也能播放rmvb格式文件，不过需添加解码器，可以到http://www.mplayerhq.hu/MPlayer/releases/codecs/ 下载realplayer解码器rp9codecs-20050115.tar.bz2。用tar -jxvf rp9codecs-20050115.tar.bz2命令解压，把解压出来的rp9codecs-20050115目录下所有文件拷贝到 ~/.gnome2/totem-addons/就可以了。我现在就是用totem来播放所有的多媒体文件。

5.18 图像处理
gthumb，类似acdsee，功能绝不差于acdsee，安装：apt-get install gthumb
gimp，比肩photoshop的图像处理软件，几乎和photoshop一模一样，gnome的老祖宗：）
gtkam，数码相机软件，支持很多相机，无须另加驱动，我的Olympus相机一下子就认出来了

5.19 玩游戏
Linux下有很多街机模拟器可以玩：
quake2：安装：apt-get install quake2
chromium，linux版的雷电，画面效果不知道比windows版的好多少倍，就是太难打了，我只能打到第2关：apt-get install chromium
supertux，超级玛丽，我最多打到第11关：apt-get install supertux
如果想玩windows平台的游戏，可以使用wine模拟器，我本人就成功在wine下玩星际争霸和DIABLOII，关于wine的设置可看我写的相关文档。

5.20 介绍几个debian针对笔记本的好东东：
IBM 的thinkpad系列笔记本对linux支持是出奇的好（冲这点，我以后只会买IBM的本本），Debian下有个软件tpctl，是针对 thinkpad系列本本配置和优化的工具包，安装很简单apt-get install tpctl ，不过要想完全使用它则必须内核支持，所以就要手动编译内核了。
下面在介绍几个Debian中专门针对笔记本的硬件配置工具包
tpconfig - 一个配置触摸屏设备的程序
sleepd - 笔记本电脑处于非工作状态时进入休眠
noflushd - 让空闲硬盘进入减速状态
acme - 激活笔记本电脑上的“多媒体按钮”
toshset - 访问大部分Toshiba笔记本电脑的硬件接口
toshutils - Toshiba笔记本电脑工具集
sjog - 激活Sony Vaio笔记本电脑上“Jog Dial”功能的程序
spicctrl - Sony Vaio控制器程序可增亮LCD背光

5.21 让你的debian更人性化:
也许你要使用U盘或数码相机之类的，当插入U盘时，debian可以自动在桌面上弹出其中当内容，安下面当方法做：
apt-get install hotplug udev
apt-get install hal hal-device-manager
apt-get install pmount
apt-get install gnome-volume-manager
安装来这些软件，debian还不能自动弹出U盘里当内容，你还需要做个配置：
U盘在linux时作为SCSI设备来访问当，所以为你当U盘建个目录:如：/mnt/u
然后编辑/etc/fstab
加入如下一行：
/dev/sda1 /mnt/u vfat iocharset=cp936，codepage=936

我的/etc/fstab文件内容如下：
# /etc/fstab: static file system information.
#
#
proc /proc proc defaults 0 0
/dev/hda2 / ext3 defaults,errors=remount-ro 0 1
/dev/hda3 none swap sw 0 0
/dev/hdc /media/cdrom0 iso9660 ro,user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0
/dev/hda5 /mnt/windows vfat user,umask=0,iocharset=cp936,codepage=936 0 0
/dev/sda1 /mnt/u vfat iocharset=cp936,codepage=936 0 0

5.22 最后讲一些apt的小技巧
在/etc/apt/apt.conf下添加（如没有新建一个）以下：
APT::GET::Show-Upgraded "true";
APT::GET::Purge "true";
APT::GET::Show-Versions "true";
APT::Cache::NamesOnly "true";

问：如何在Red Hat 7.3上加Simsun.ttc字体？

答：Red Hat 7.3安装时选取简体中文安装，先复制一个simsun.ttc到/usr/X11R6/lib/X11/font/TrueType, 改名为simsun.ttf；然后进入/usr/X11R6/lib/X11/font/TrueType目录下，运行ttmkfdir > fonts.dir命令；接着用vi编辑fonts.dir文件，把有simsun.ttf行修改如下:

simsun.ttf -misc-SimSun-medium-r-normal--0-0-0-0-c-0-ascii-0
simsun.ttf -misc-SimSun-medium-r-normal--0-0-0-0-c-0-iso10646-1
simsun.ttf -misc-SimSun-medium-r-normal--0-0-0-0-p-0-iso8859-15
simsun.ttf -misc-SimSun-medium-r-normal--0-0-0-0-p-0-iso8859-1
simsun.ttf -misc-SimSun-medium-r-normal--0-0-0-0-c-0-gb2312.1980-0
simsun.ttf -misc-SimSun-medium-r-normal--0-0-0-0-p-0-gb2312.1980-0
simsun.ttf -misc-SimSun-medium-r-normal--0-0-0-0-m-0-gb2312.1980-0
simsun.ttf -misc-SimSun-medium-r-normal--0-0-0-0-p-0-gbk-0


接着运行cat fonts.dir > fonts.scale命令，修改/etc/X11/XF86config-4, 在Section“Files”加上下面这一行：

FontPath “/usr/X11R6/lib/X11/fonts/TrueType”
最后回到KDE桌面里, 在“开始”→“选项”→“观感”→“字体”，将所有字体改为Simsun。

问：Unicon和Zhcon有什么区别，各有什么作用？

答：Unicon是内核态的中文平台，基于修改Linux FrameBuffer和Virtual Console（fbcon）实现的。由于是在系统底层实现的，所以兼容性极好，可以直接支持gpm鼠标。但是相对比较危险，稍有漏洞就可能会危及系统安全。Zhcon是用户态的中文平台，有点像UCDOS那类。

用Debian建设一个自己的Linux发行版(转)

建设一个自己的Linux发行版是每个自由开源软件爱好者的一个梦想.这曾经是一件难度非常高的事情,能做一个Linux发行版的人也是凤毛麟角,自己能做一个Linux发行版曾经也是极其荣耀的事情.但是,本身提倡发挥自身潜力,提倡自己亲身实践精神的自由开源世界,是不会把大家都期盼的事情故意打扮成远离大众的冰雪美人,她会不断地改革自身的发展机制,让每个人都逐渐地参与到自己的发展中间来,从而也促进自身的发展.

简而言之,现在,做一个Linux发行版并不是困难的事情.
一 做一个Linux发行版的基础问题.
我想,要做一个Linux发行版,你首先要考虑的问题是:
1 为什么要一个Linux发行版?
2 是打算从无做起,还是在其他的Linux发行版的基础上进行修改?
3 做一个自己的Linux发行版的关键和难点是什么？
4 选择哪个现有的Linux发行版开始自己的工作.

先来看第一个问题,为什么要一个Linux发行版?
这个问题的答案很多,比较普遍的一种就是我就想做,没有理由,一定要说理由的话,我就借用一句时髦的话:Just for Fun!,这就是很好的理由了.

然后一个重要的理由是:我需要一个满足我自己的特殊需要的Linux发行版,比如说:我正在学习Perl编程,我需要一个小型的,随时跟着我的perl编译系统,其他的东西都可以不要,那么我需要制作一个支持USB启动的Linux发行版,上面只有基本系统加编辑器加Perl,我可以随身携带,只要有电脑我就可以随时开始我的学习.

至于我为什么想做一个Linux发行版,原因很简单:我是一个老师!我觉得做一个符合教育规律,以教育相关软件为主的Linux发行版很有必要,再具体一点,我是一个地理老师,现在的新课程标准与时俱进,要求学生学习GIS知识,无论是必修模块还是选修模块都有要求.我看不惯我们的地理教育者们一讲到 GIS教育,就言必称ArcInfo和MapInfo,仿佛那些即便是国内很富有的学术研究机构都不舍得破费购买的软件是随处可拣一样.在在自由开源的软件世界里,有着极其丰富的3S(GIS,GPS,RS)地理软件.就GIS软件而言,就有几十上百种之多,著名的如Grass QGis等,这些免费的软件虽然在功能上比不上商业软件,但是足以满足以理解基本GIS基本概念为目的的一般GIS教学.而且这些软件还有一些自己的优点和长处.再考虑到我们目前的学校电脑都是运行Window这一现实,我就想做一个自己的,以光盘形式启动和运行的,以GIS软件为主的,性能和运行速度都令人满意的Linux发行版.
(注:类似的系统目前世界上已经有多个,包括联合国教科文组织的FreeDUC,即含有QGis，只不过还没有支持中文的)

自己要做一个Linux发行版的第三个理由就是为名为利,有些人做一个发行版是为了赚钱和盈利,这并不与自由软件以及GPL版权发生冲突,RedHat近来的盈利给许多的年轻人带来了新的幻想,都期待自己也许能够成为下一代的比尔盖茨.另外一些人做了自己的发行版就在网络上提供免费下载,使用的人越多他就越高兴,他只收获自己所看重的善名和对自己技术的赞誉.

总之,有很多的理由使我们需要建设一个自己的Linux发行版,尤其是工作在教育第一线的广大教师!

2 如何开始做一个自己的Linux发行版
然后我们要解决第二个问题,我做一个Linux发行版是选择从零做起还是在别人的Linux发行版的基础上,加以以自己的意愿而进行的修改呢?

其实,我们所说的从零开始是相对而言.你从哪个零开始呢?是从自己编写一个OS开始?还是从自己编译配置现有的Linux内核开始?

我想我们是不可能从真正的零开始的,那也绝对不可能是一个人所能完成的工作,我们应该在前人的工作的基础上开始自己的工作.就制作自己的Linux发行版而言,就是这种对前人工作的继承可以划分为这么两种情况:

A 只基于现有的Linux内核及其他源码做自己的Linux发行版
这种情况其实就是基于LFS(Linux from Scratch)制作自己的Linux发行版.由于LFS是在利用源代码的基础上,从零开始建设自己的Linux发行版,因此,采用这种方法制作自己的发行版最能使制作者深入了解Linux中各种软件之间的关系,深入了解Linux内部的一些运行机制.但这种方式耗时长,难度相对较大,适合对事情喜欢刨根问底的人士.
基于LFS制作的Linux发行版看起来都是个人玩赏的作品,闻名于大众的作品很少.

B 基于现有的其他Linux发行版制作自己的Linux发行版
这种情况就是在现有的著名的Linux发行版中,挑选自己中意的Linux发行版再按照自己的意愿进行剪裁,添加,加工,然后做成自己的Linux发行版.

这种方式简单快速,适合于一般用户或者急于制作出成品的用户.现在采用这种方式制作的Linux发行版犹如恒河沙数,已经难以统计,其中著名的作品不少,是否会有一两个成为下一代的OS霸主那也难说。

为了快速简便地达到做一个自己的Linux发行版的目的，我们选择在已有的Linux发行版的基础上加以改造以建立自己的发行版的方式。那么，我们选择哪个发行版作为我们的起点呢？回答这个问题之前，我们先来解决第三个问题。

3 做一个自己的Linux发行版的关键和难点是什么？
做一个自己的Linux发行版的关键和难点在哪里呢？初入门者可能觉得难点在于如何启动一个自己的Linux系统，其实不然。我想定制一个自己的Linux发行版的关键就在于解决发行版之中的各种软件包之间的以来关系。

自由开源软件既使用前人的源码，也对后人开放自己的源码，所以，自由开源软件总是相互使用各种不同的软件包，这一方面给软件的开发带来了极大的便利，另一方面也使各个软件包的之间的关系错综复杂，常给软件的集成带来灾难性的后果。比如说，你打算在你的发行版中安装软件A,B和C，而A的运行需要依赖包 A1，A2和A3，B的运行需要依赖B1和B2,C的运行需要依赖C1，为了安装软件A,B,C，你就必须安装A1，A2，A3，B1，B2，C1，安装好了后，发现A1的运行又要使用库A11和A12，C1的运行需要使用库C11，等你费了九牛二虎之力找到A11，A12和C11的源码来编译，安装之后，才发现A12和C11是相互冲突的！你哭吧！

所以，我认为做一个自己的Linux发行版的关键在于正确地解决好各个软件包之间的依赖关系。

4 选择哪个现有的Linux发行版开始自己的工作
那么到底选择哪个现有的Linux发行版开始自己的工作呢？我想这会司一个萝卜和青菜的问题，你可以选择FC，你也可以选择Slackware，但是从我上面的叙述来看，显然我是倾向于选择基于Debian来开发定制自己的发行版的。我认为Debian的最大长处就在于其先进的，独特的软件包管理方式，通过世界各地的优秀的程序员的辛勤无私的工作，很好地解决了各种自由开源软件之间的依赖，冲突等关系，使Debian拥护可以采用一种所有操作系统中最便利的方式安装软件，同时也给基于Debian开发定制自己的发行版带来了极大的便利性。

当然，也有人可能会说，FreeBSD的软件包的管理方式也很便利和强大，为什么不选择FreeBSD呢？这是因为FreeBSD并不遵守GPL版权，其自己的FreeBSD许可证并不允许基于FreeBSD开发个性化的发行版，所以我们只有望洋兴叹。

现在我打算基于Debian开发定制我的发行版了，还能不能有更简便的开发之道呢？考虑到我的实际开发需求，我只需要开发一个用于教学用的演示系统，我最好做成一个LiveCD，即在光盘上运行的Linux定制系统，我打算基于Knoppix或Morphix系统来开发我的定制系统。

Knoppix是一套基于Debian开发的著名的LiveCD系统，使用了一些独特的技术使得在它上面的再开发又比在Debian上面开发更容易，而 Morphix又是基于Knoppix开发的模块式的LiveCD，从它的名字看，Morphix的意思就是变形Linux，它是为定制个性化Linux 而生的！它把定制Linux系统的简便性又推进了一步！

但人们还是不满足，有人还在开发remaster,开发TROM等，他们的目标在于：在一个图形界面下，点几下鼠标，新的定制的发行版就产生了！这一天可能不要多久就要来到！这是令人振奋的消息还是令人恐怖的消息呢？至少我是感觉挺紧张的，我要快点写这篇文章，赶在那种软件产生之前完成这篇文章，否则的话，只要点几下鼠标就可以造出自己的发行版，谁还来看我的文章呢？

Debian-->Knoppix-->Morphix，基于这三个发行版的定制开发越来越容易，但在我的实际运用中，基于Morphix以及更简便的TROM工具的开发经常出错，而基于Knoppix的开发却很稳定，所以，我决定基于Knoppix开发一个中文版的GIS发行版。

二 具体的开发过程。
以下是我的具体开发过程，当然是在参照各位前贤的文章基础上写的，但根据我自己的理解，并针对新的Knoppix版本做了一些变动。文章完全是在一台Windows机器上凭记忆所写，所以有些细节上的错误。

1 准备工作：
我想准备工作的第一步就是看一下你的电脑是否足够强大！最好一G内存，二G交换分区，十G以上硬盘！当然256M内存+1G交换分区也能工作，慢一些而已。硬盘空间尽可能大，我开始的时候大手大脚地进行定制，竟然搞到8G硬盘不够空间！当然，我下面写的过程是小心翼翼地使用硬盘空间，及时地删除和卸载不用的空间，应该有3-4G硬盘空余就可以了。

然后要安装cloop的相关软件。引入cloop我想是Knoppix的最大特点，我使用的是Debian系统，那么：
#apt-get install cloop-utils
就可以了。

　　再然后就是获得最新版本的Knoppix了，当前的最新版本是3.7了，但似乎还没有正式宣布，我们就使用３.6的版本吧，后面假设我下载来的是knoppix36.iso吧。刻不刻盘不影响后面的定制工作，我就不刻盘了。

　　再就是建立工作目录，我在工作目录中建立了一个/wen的目录，其中又建立了old和new两个子目录，显然前者是存放knoppix36.iso的原有内容，而后者将存放经过我改造后的内容。

２　开始定制改造。
　　先要挂载knoppix36.iso这个滚滚盘映像文件：
　　#mount -o loop -t iso9660 /root/knoppix36.iso /mnt/cdrom
显然我下载的knoppix在root目录下而我把它挂载在/mnt/cdrom下，后面这两个参数都可以根据实际情况修改。

　　现在你可以进入到/mnt/cdrom中去看一下knoppix中到底有些什么东西了，有一个boot目录，显然这还启动有关，以后你要修改启动画面等，就要去修改这里面的东西了，我们现在暂时不理会这些。还有一个Knoppix目录，它下面有一些文件，其中一个KNOPPIX文件巨大达到近７００M！这个就是我们要修改的主体了！

　　下面我们先把/mnt/cdrom下的所有内容拷贝到/wen/new下面，因为我们需要修改的只有KNOPPIX这一个文件，等下我们会删除的，但现在还有用：
　　#cd /mnt/cdrom
# cp -R * /wen/new/
#umount /mnt/cdrom
你现在甚至可以删除knoppix36.iso文件以节约硬盘空间了。
　　　
　　下面我们要对/wen/new/KNOPPIX/KNOPPIX文件动手术了，这个文件巨达７００M，还是使用cloop压缩的，所以我们首先要解压：
　　#cd /wen/new/KNOPPIX/
#extract_compressed_fs KNOPPIX > tmp.iso
将解压的结果以tmp.iso的形式放在根目录下。注意这个解压过程极其漫长，我一般这时候烧开水，泡方便面，慢慢吃，打扫桌面，解压完了吗？
　　No!早着呢！出去运动一下吧，等你把方便面消耗得差不多了，解压就基本完成了，看一下根目录，吓你一跳，tmp.iso竟然将近２G!
现在一定要删除文件/wen/new/KNOPPIX/KNOPPIX，因为我们要对tmp.iso进行改造以生成新的KNOPPIX文件，切记！　

再挂载tmp.iso并把所有内容拷贝到/wen/old/KNOPPIX下面，你应该相当熟悉了：
　　#mount -o loop -t iso9660 /tmp.iso /mnt/cdrom
#mkdir /wen/old/KNOPPIX
　　#cd /mnt/cdrom
#cp -r * /wen/old/KNOPPIX　　
　　#umount /mnt/cdrom　　
为了节约硬盘，你现在连/tmp.iso也可以删除。

再下面就要进入具体改造工作阶段了，这里主要是使用了chroot这个命令以及Debian系统便利的apt-get的安装、卸载软件，需要注意的事情有：
　　为了使用网络，你需要在chroot环境下挂载proc，还要注意chroot环境下能够正确解析域名。后面这个问题我是这样解决的，再开一个console窗口，执行：
　　#cp /etc/apt/sources.list /wen/old/KNOPPIX/etc/apt/sources.list
#cp /etc/resolv.conf /wen/old/KNOPPIX/etc/resolv.conf
这样做的前提是你没有chroot之前你的网络是通畅的。还有一个解决方法是我先ping一下自己sources.list表中的apt源以获得IP，直接写入到chroot后的sources.list文件之中以省却DNS解析的麻烦。
#chroot /wen/old/KNOPPIX/
$ mount -t proc /proc proc

现在你就进入到旧的KNOPPIX3.6之中了，你完全可以把它当作一个普通的Debian系统来对待，使用常用的命令来改造旧的系统：
$ apt-get remove openoffice.org
$ apt-get remove kde-i18n-{es,de,fr,it,nl}
(先删除几个我不常用的大的软件包，上面可以节约300-400M空间。你可以使用命令dpkg-query -l查看安装了哪些软件包，再根据自己的意愿进行删除）
$ apt-get install grass
$ apt-get install qgis
（安装了两个我需要的软件）

简单的改造工作完成，现在再做一点清理工作就可以退出了：
$ apt-get clean
（删除刚下载的软件包，免得被包含到新的发行版中）
$ updatedb
（更新软件数据库）
$ update-menus
（更新菜单）
$ umount proc
（切记！）

下面就使用ctrl-d退出chroot环境，最后我们还要做两件事情：一是将改造后的/wen/old/KNOPPIX重新压缩为KNOPPIX文件并写入/wen/new/KNOPPIX，二是/wen/new/做成一个光盘映像文件。这两步都要使用makeisofs命令，系统中没有的话要先自行安装。这两个命令都很长，我一般把它们写成脚本文件，以方便重复使用。
#mkisofs -R -U -V "www.wen.net" -P "www.wen.net" -hide-rr-moved -cache-inodes -no-bak -pad /wen/old/KNOPPIX | nice -5 create_compressed_fs - 65536 > /wen/new/KNOPPIX/KNOPPIX
注意以上要写在一行之内，这个压缩过程需要的时间和前面解压的时间一样漫长，再吃一包方便面吧！
/wen/old目录不要删除，以后还可以在它的基础继续改造。

制作光盘映像文件：(针对3.6版本而言， 3.3版本有所差别）
#mkisofs -pad -l -r -J -v -V "WENPPIX" -no-emul-boot -boot-load-size 4 -boot-info-table -b boot/isolinux/isolinux.bin -c boot/isolinux/boot.cat -hide-rr-moved -o /home/ftp/knoppix.iso /wen/new
倒数第二个参数是指新生成的iso的位置，可自己调整。执行这个命令注意执行时的目录位置！虽然使用了绝对路径，似乎这个命令也不能在其他目录执行。

新的发行版就做好了，很简单，但是要做好就难了，我们还有许多细节的工作要做：
1 修改启动画面等
2 修改启动脚本
3 删除软件包以使自己的发行版尽量小，这可是费时费神的事情。
4 自己改造的发行版通常运行比原版的慢，要进行优化。
5 如何安装在硬盘和U盘。
.......

总之，做一个发行版，做好就难，维护就更难了。

iptables

HowtoForge - Linux Howtos and Tutorials Logo

* Linux Books
* Subscription
* Contribute
* Search
* News
* Forums
* Howtos

Join HowtoForge Login Contribute Subscribe
Options For This Howto

* Free Support
* Paid Support

Navigation

* Howtos
o Linux
+ CentOS
+ Debian
+ Fedora
+ Kernel
+ Mandriva
+ PCLinuxOS
+ SuSE
+ Ubuntu
o Apache
o Backup
o Control Panels
o DNS
o Desktop
o Email
+ Anti-Spam/Virus
+ Postfix
+ Procmail
+ Sendmail
o FTP
o High-Availability
o Monitoring
o MySQL
o Programming
+ C/C++
+ PHP
o Samba
o Security
+ Anti-Spam/Virus
o Virtualization
o Other
o FreeBSD
o Commercial
* Mini-Howtos
* Forums
* Screenshots
* News
* Search
* Contribute
* Subscription
* Linux Books
* Login
* Site Map/RSS Feeds
* Advertise
* Contact
* Disclaimer
* Imprint

User login
Username:
Password:
Remember Me?
Create a new account
Request new password
Who's online
There are currently 16 users and 2345 guests online.
HowtoForge Forums

* Perfect Setup Ubuntu Feisty Fawn 7.04 - Problem ...
* upgrade to suphp 0.6.3
* mail copies
* Email Server Errors
* "The domain is currently in use" ...
* Terminal chat program? Chat with other users ...
* SMTP Auth not working
* Recieving email problems.. no succes with other ...
* IspConfig with MySQL Auth
* Remote Framework update beta 3.1- sql and lng ...

News

* Nine Improvements Needed in KDE
* Everex's MyMiniPC: Designed for MySpace Users
* CrossOver Games vs Wine 0.9.58
* Standard Widget Graphics for Eclipse
* Plug-in Hybrids and Open Source
* Standards to the People!
* Running Linux on PS3: Working with Memory
* Smart cards provide hurdles, opportunities for Free Software
* Orca accessibility app makes a whale of an impact
* Instant Messaging for Introverts, or Rude is Plain Old Rude

more
Recent comments

* Security concerns...
3 hours 34 min ago
* download apache2 bible
5 hours 26 min ago
* Fuse libraries were required: yum install fuse-libs
18 hours 5 min ago
* SSHDfilter
1 day 1 hour ago
* installing proftpd
1 day 11 hours ago
* The tutorial is very good,
1 day 14 hours ago
* This should work on ubuntu
1 day 17 hours ago
* Add greylisting to this setup and its even better
1 day 17 hours ago
* Mail Sent from one local user to another flagged as spam
1 day 18 hours ago
* About Perfomance.....
2 days 3 hours ago

Newsletter
Subscribe to HowtoForge Newsletter
and stay informed about our latest HOWTOs and projects.
(To unsubscribe from our newsletter send a blank email with the subject 'unsubscribe' to:
newsletter
@howtoforge.com.)
Syndicate
XML feed
HowtoForge Feed for Facebook®
"Facebook" is a registered trademark of Facebook, Inc. All rights reserved.
Books
HowtoForge - Linux Howtos in English English|HowtoForge.de - Linux-Howtos auf Deutsch Deutsch
Home » Howtos » Linux » Kernel
» Basic Iptables - Debian/RedHat
Basic Iptables - Debian/RedHat
Submitted by themachine (Contact Author) (Forums) on Mon, 2005-10-17 02:21. :: Kernel

Summary

You can find an easier to read version here: 5dollarwhitebox.org

Alot of people are freaked out by IPTables and find it hard to understand. However, once you get the grasp of it the basics are easy. This document will serve as a basic how-to on using iptables. I am in no way an iptables guru, but have been using it like this for quite a while. If I've made any mistakes please don't hesitate to email me.


The System

Debian Sarge 3.1 Vanilla 2.6.12.4 kernel from mirrors.kernel.org iptables administration utility version 1.2.11-10


Preparation

This How-To is performed on a Debian Sarge 3.1 box, though the commands and syntax should work for any linux distro. Before you can configure iptables, you first must ensure that it has been compiled into the kernel, and that you have the proper userland utilities installed.


You should have a config file from when the kernel was compiled. Grep'ing it for "CONFIG_IP_NF" should produce '=y' or '=m' for most of the lines/options. Here you see that "CONFIG_IP_NF_IPTABLES" was compiled as a kernel module.

# cat /boot/config-2.4.30 | grep -i "CONFIG_IP_NF"

CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_UNCLEAN=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_MIRROR=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
CONFIG_IP_NF_COMPAT_IPCHAINS=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_COMPAT_IPFWADM=m
CONFIG_IP_NF_NAT_NEEDED=y

This isn't all that necessary, since you'll find out real quick whether iptables works or not once we try to add some rules.


You can check whether you have the iptables administration utility installed by executing:
# dpkg -l iptables
iptables 1.2.11-10 Linux kernel 2.4+ iptables administration to


...or for rpm based distro:
# rpm -qa | grep iptablesiptables-xxxxx


...or you can just see if the binary is there!
# which iptables
/sbin/iptables



If the utility is missing you can install it like so:

APT
# apt-get update && apt-get install iptables


RPM
# rpm -Uvh iptables-xxxx.rpm
Preparing ################################# [100%]



The Main Files


Debian

* /etc/init.d/iptables – INIT script to start|stop|restart the service (and save rulesets). This file is no longer default as of Sarge but you can still get it (I'll show you).

* /var/lib/iptables – Debian's home for the 'active' and 'inactive' iptables-save counter files (i.e. The saved rulesets). On RedHat you would find the saved rules in '/etc/sysconfig/iptables'.

* /var/lib/iptables/active – Active Counters (more on that later)

* /var/lib/iptables/inactive – Inactive Counters

* /sbin/iptables – The administration utility/binary.


RedHat

* /etc/init.d/iptables – INIT script to start|stop|restart the service (and save rulesets).

* /etc/sysconfig/iptables – RedHat's file for the iptables-save counter files (i.e. The saved rulesets).

* /sbin/iptables – The administration utility/binary.


A Little About IPTables


To see what rulesets we currently have in place, execute:
# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination



This is what you will see when there are no rule sets in place. Looking at this we see 3 'Chains'.


* INPUT - Holds rules for traffic directed at this server.

* FORWARD – Holds rules for traffic that will be forwarding on to an IP behind this server (i.e. If this box serves as a firewall for other servers).

* OUTPUT – Holds rules for traffic that is coming from this server out to the internet.



Mainly we will be dealing with traffic directed at this server, and will be issuing rules for the INPUT Chain. When traffic passes through the kernel, it determines a “TARGET� based on whether the packet matches a rule or not. General targets are:


* ACCEPT – Traffic is accepted for delivery.

* REJECT – Traffic is rejected, sending a packet back to the sending host.

* DROP - The traffic is dropped. Nothing is sent back to the sending host.



Configuring Rule Sets


So, lets get down to it. Its important to note that the order in which rules are appended is very important. For example, if your first rule is to deny everything... then no matter what you specifically allow, it will be denied.


Also to note is that nothing you do is saved on disk until you execute 'iptables-save' (or use the init script to save). All counters/rulesets are in memory. Once the server reboots, or you execute 'iptables --flush' everything you've worked on is gone. Personally I work out of a bash script file called 'iptables-rules.sh', which allows me to keep everything organized and commented. If I make a mistake, I have no worries if I just want to flush all the rules out, I just go right back to my bash script and start editing again, save it out and execute the script (this however will not run at startup... that will be covered in the next section).


Its very important that if you are working on this server remotely through ssh, that you make every effort to not lock yourself out. Therefore, our first rule will be to ensure that no matter what, I can still access ssh from my IP address.

# iptables -A INPUT -s 192.168.1.10 -d 10.1.15.1 -p tcp --dport 22 -j ACCEPT


Lets break that down:

* -A => Tells iptables to 'append' this rule to the INPUT Chain

* -s => Source Address. This rule only pertains to traffic coming FROM this IP. Substitute with the IP address you are SSHing from.

* -d => Destination Address. This rule only pertains to traffic going TO this IP. Substitute with the IP of this server.

* -p => Protocol. Specifying traffic which is TCP.

* --dport => Destination Port. Specifying traffic which is for TCP Port 22 (SSH)

* -j => Jump. If everything in this rule matches then 'jump' to ACCEPT


Next, we will want to use some standard rules for general network traffic. This goes a bit beyond the basic stuff, however iptables can determine the 'state' that a packet is in. This has to do with standard TCP communication. For example, the 3 way handshake between two hosts when transmitting data.


* NEW => Server1 connects to Server2 issuing a SYN (Synchronize) packet.

* RELATED => Server 2 receives the SYN packet, and then responds with a SYN-ACK (Synchronize Acknowledgment) packet.

* ESTABLISHED => Server 1 receives the SYN-ACK packet and then responds with the final ACK (Acknowledgment) packet.



After this 3 way handshake is complete, the traffic is now ESTABLISHED. In order for this type of TCP communication, something similar to these three rules are necessary:

# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

The last rule obviously allows any traffic the leave the server.



Now that we have our basics set in place, lets see what iptables lists for our rulesets:
# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination

ACCEPT tcp -- 192.168.1.10 10.1.15.1 tcp dpt:ssh
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED



From here you can add whatever rules you like. If your running a basic webserver, you'll probably need something similar to:

INIVIDUAL REJECTS FIRST:

-----------------------------------------------------------------------

BAD GUYS (Block Source IP Address):
# iptables -A INPUT -s 172.34.5.8 -j DROP

NO SPAMMERS (notice the use of FQDN):
# iptables -A INPUT -s mail.spammer.org -d 10.1.15.1 -p tcp --dport 25 -j REJECT

-----------------------------------------------------------------------


THEN OPEN IT UP:-----------------------------------------------------------------------

MYSQL (Allow Remote Access To Particular IP):
# iptables -A INPUT -s 172.50.3.45 -d 10.1.15.1 -p tcp --dport 3306 -j ACCEPT
SSH:
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 22 -j ACCEPT

Sendmail/Postfix:
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 25 -j ACCEPT

FTP: (Notice how you can specify a range of ports 20-21)
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 20:21 -j ACCEPT

Passive FTP Ports Maybe: (Again, specifying ports 50000 through 50050 in one rule)
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 50000:50050 -j ACCEPT

HTTP/Apache
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 80 -j ACCEPT

SSL/Apache
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 443 -j ACCEPT

IMAP
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 143 -j ACCEPT

IMAPS
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 993 -j ACCEPT

POP3
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 110 -j ACCEPT

POP3S
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 995 -j ACCEPT

Any Traffic From Localhost:
# iptables -A INPUT -d 10.1.15.1 -s 127.0.0.1 -j ACCEPT

ICMP/Ping:
# iptables -A INPUT -d 10.1.15.1 -p icmp -j ACCEPT-----------------------------------------------------------------------



GLOBAL REJECTS LAST:

-----------------------------------------------------------------------

Reject everything else to that IP:
# iptables -A INPUT -d 10.1.15.1 -j REJECT

Or, reject everything else coming through to any IP:
# iptables -A INPUT -j REJECT
# iptables -A FORWARD -j REJECT-----------------------------------------------------------------------

Notice the we do the global REJECT lines last! These must be last.


Saving Rule Sets


With the init scripts, saving rule sets is quite easy. Once you are happy with your config, just do one of the following:


The Debian Way

The old style init script is no longer in Sarge by default, but it is still around for legacy use. I believe the new way is to use ' /etc/network/if-up.d' and '/etc/network/if-down.d' for iptables scripts (but I don't like that).


You can grab the legacy INIT script this way:
# gunzip /usr/share/doc/iptables/examples/oldinitdscript.gz -c > /etc/init.d/iptables
# chmod +x /etc/init.d/iptables
# mkdir /var/lib/iptables
# chmod 700 /var/lib/iptables

Now that you have the script in place you can do the needful.


Active Rules

The Active rules are those loaded when starting iptables:
# /etc/init.d/iptables save active
Saving iptables ruleset: save "active" with counters.

This saves your rules in /var/lib/iptables/active


Inactive Rules

You can also configure a second set of rules for when you stop iptables called 'inactive'. Iptables doesn't actually “stop�, it just flushes out the rule sets that are in place and then loads the 'inactive' rules.

# /etc/init.d/iptables stop
Loading iptables ruleset: load "inactive"


Therefore, you can set your 'inactive' rules, and then save them with:
# /etc/init.d/iptables save inactive
Saving iptables ruleset: save "inactive" with counters.


The RedHat Way

The RedHat INIT script is very similar. You can use it to start and stop iptables, as well as save rule sets.


To save your active rules execute the following:
# /etc/init.d/iptables save

This will save your rules to '/etc/sysconfig/iptables'.


When you start iptables, the rules are read from '/etc/sysconfig/iptables':
# /etc/init.d/iptables start
Starting iptables [OK]


And when you stop iptables, all rules are flushed:
# /etc/init.d/iptables stop
Stopping iptables [OK]



Manual Save and Restore

You can also manually use the iptables-save and iptables-restore utilities like so:


Save the rules to a files
# iptables-save > /root/iptables-save.out


Restore the rules
# iptables-restore -c /root/iptables-save.out

The -c tells iptables-restore that this is file was created using iptables-save, which outputs the rules as “counters�.



Conclusion

And there you go, iptables at its very basic. The uses of iptables are too numerous to even start truly doing a howto on them. However, for basic security and understanding of IPTables, I hope this might have helped you. If there is anything I could add, please feel free to email me.



---
BJ Dierkes, RHCE4-LPIC1
wdierkes [at] 5dollarwhitebox [dot] org
Texas, USA


Resources

* Netfilter/Iptables: http://www.netfilter.org/
* Transmittion Control Protocol: http://www.rhyshaden.com/tcp.htm


[Creative Commons Attribution License]
This page is licensed under a Creative Commons License.
login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf | Display a printer-friendly version of this page. printer-friendly version
Related Tutorials

* The Perfect Linux Firewall Part I -- IPCop
* How To Test Your Linux-Distro Firewall
* Chkrootkit-Portsentry-Howto
* How To Install A Custom Iptables Firewall

Comment viewing options
Select your preferred way to display the comments and click "Save settings" to activate your changes.
Please do not use the comment function to ask for help! If you need help, please use our forum: http://www.howtoforge.com/forums
Comments will be published after administrator approval.
Possible Denial of Service (DoS)
Submitted by Anonymous (Contact Author) (Forums) on Fri, 2006-07-07 17:02.

Remember that automated tools like Fail2Ban and PortSentry leave you open to denial of service attacks. If someone were spoof the address of an SSH client you regularly connect from, you could be locked out of your server. While it's not easy to spoof enough of an SSH connection to trigger Fail2Ban, it is possible.

Another senario is where you SSH to your home server from behind a corporate NAT router. Anyone else on you your corporate network could lock you out by simply trying to log in a few times.

I'm not trying to talk anyone out of using Fail2Ban (I use it!), but I think it's important to know the implications of doing so.

Rich B.


login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
Thankyou!!!
Submitted by Anonymous (Contact Author) (Forums) on Sun, 2006-02-26 21:05.

Just wanted to thankyou for something very rare in the linux world: An easy to understand howto, covering the basics!

Everywhere else, you find badly written solutions to extremely uncommon problems.

Thanks!
&flix
login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
Another IPTables page
Submitted by Anonymous (Contact Author) (Forums) on Wed, 2006-06-21 19:51.

The following page is also pretty good:

http://www.siliconvalleyccie.com/linux-hn/iptables-intro.htm

It outlines how the mangle and nat chains work, which is obviously less useful for most people, but anyway.
login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
I always use my trusty -fwbuilder- as my iptables mangler
Submitted by Anonymous (Contact Author) (Forums) on Sat, 2006-01-21 11:59.

http://www.fwbuilder.org/

It creates fw scripts for that can be automatically deployed to all of yer fw´s using ssh. Best thing is that it´s gui is simular to checkpoints interface, all for free (using linux!) Creating fw setups using windows is gonna cost 49,95 dollars. hahahahah

Thanks for the howto! always nice to see the inner workings!
login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
Very Awsome!
Submitted by Anonymous (Contact Author) (Forums) on Tue, 2005-11-22 17:29.
Thanks so much for your article here. Every document I ever tried to read about iptables before was like a freaking Chinese Instruction Manual! I never realized it could be so easy. Thanks a million.
login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
Wow... and here I thought
Submitted by IaMMai (Contact Author) (Forums) on Fri, 2005-12-02 10:45.


Wow... and here I thought I might be wasting my time.... ;)
login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
missing init skript in Sarge
Submitted by Anonymous (Contact Author) (Forums) on Thu, 2005-11-03 07:40.
Hi, you seem to have missed that the init skript is not part of iptables in Sarge anymore: iptables (1.2.7-8) unstable; urgency=low * removed init.d, /var/lib/iptables, and debconf-ization If you still have that file it is probably a relic of older iptables versions from which you upgraded. Because init scripts are treated like configuration files, they are not automatically removed when you remove or upgrade the package. If you want to initialize iptables, you need your own skript, or you can run iptables when the interfaces come up (see /etc/network/interfaces and /etc/network/if-ip.d).
login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
You are correct... this sys
Submitted by IaMMai (Contact Author) (Forums) on Thu, 2005-11-03 14:54.

You are correct... this system was upgraded from woody... which I've had running over a year before Sarge was stable.... I shall update this howto as "Pre-Sarge"... and when I get a second do a Sarge install from scratch and update as necessary.

Thanks for the note.

---
BJ Dierkes, RHCE4 - LPIC1
wdierkes [at] machinehost [dot] org
Texas, USA
login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
Let me share with you my way
Submitted by Anonymous (Contact Author) (Forums) on Fri, 2005-10-28 02:30.

I added a nice init script that does the work for me, all I have to do is to edit the file from time to time according to my needs.

Here is the script: (/etc/init.d/iptables)

====== CUT BELOW HERE ======

#!/bin/bash
#
if [ ! -x /sbin/iptables ]; then
exit 0
fi

start()
{
# clear all
clearall

# Create new chain (I called it filter) which blocks new
# connections, except if coming from inside.
iptables -N filter
iptables -A filter -m state --state ESTABLISHED,RELATED -j ACCEPT
# The next rule depends on what connection to the NET you have
# It could be ppp0 instead of eth0, suit your own needs
iptables -A filter -m state --state NEW -i ! eth0 -j ACCEPT

# Allowed Services - Here you can put all the actually needed
# ports, a few common examples below:
iptables -A filter -p tcp --dport http -j ACCEPT
iptables -A filter -p tcp --dport ftp -j ACCEPT
iptables -A filter -p tcp --dport smtp -j ACCEPT
iptables -A filter -p tcp --dport pop3 -j ACCEPT
iptables -A filter -p udp --dport 53 -j ACCEPT
# Allowed IPs/Networks
iptables -A filter -p all -s 192.168.0.0/24 -j ACCEPT
iptables -A filter -p all -s 192.168.1.15 -j ACCEPT
# Blacklisted IPs/Networks
iptables -A filter -p all -s 192.168.100.0/24 -j DROP
iptables -A filter -p all -s 10.0.0.32 -j DROP
# drop tcp priv'd ports
iptables -A filter -p tcp --dport 0:1023 -j DROP
# drop udp priv'd ports
iptables -A filter -p udp --dport 0:1023 -j DROP
iptables -A filter -j DROP

# Jump to that chain from INPUT and FORWARD chains.
iptables -A INPUT -j filter
iptables -A FORWARD -j filter


}

clearall()
{
iptables -F
iptables -X
}


case "$1" in
restart|start)
start
;;
stop)
clearall
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac

exit 0

===== END CUT =====

After saving this script as /etc/init.d/iptables , don't forget to chmod it

chmod 755 /etc/init.d/iptables

Now you need to add it to the default runlevels, make this command:

update-rc.d iptables defaults 12

Have fun!

Ziv

login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
iptables rules
Submitted by Anonymous (Contact Author) (Forums) on Thu, 2005-10-20 04:23.
In year 2005, writing hand-crafted iptables rules makes about as much sense as using assembly language to produce dynamic webpages. Sure, you can do it and it offers the best possible performance, but does it make sense?

There are dozens of tools that makes it easy to manage iptables. Among those, 2 open source projects stand out far above the rest:

1. Shorewall - http://www.shorewall.net/
2. FireHOL - http://firehol.sourceforge.net/

It is very easy to make mistakes with hand-crafted iptables rules that is hard to detect. You can end up with numerous security holes without even being aware of their existence until someone exploits them.

Seriously consider using one of the above tools, you'll find that they provide all the flexibility you need for managing iptables without having to hand-craft rules using iptables syntax.

I started using shorewall to manage my iptables and I've never looked back. And this includes gateways with multiple ethernet cards, public servers, and secure desktops.

Try any 3 iptables-related projects--the 2 mentioned above and 1 other of your choice. Pick one and you'll end up far better than directly writing iptables rules.
login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf
1
2
next page
last page

Howtos | Mini-Howtos | Forums | Screenshots | News | Search | Contribute
Subscription | Advertise | Contact | Disclaimer | Imprint

Copyright © 2008 HowtoForge - Linux Howtos and Tutorials
All Rights Reserved.

emulator

http://linux-cisco.blogspot.com/2008/03/linux.html
http://linux-cisco.blogspot.com/


Cisco 7200 Simulator
From IPFlow Netflow Collector
Table of contents [showhide]
1 Introduction
2 Current status
3 Lab simulation / "Hypervisor" mode
4 Contributors are welcome ! :)
5 Download
6 How to use it ?
7 Questions & Answers
[edit]
Introduction

I started in August 2005 a project to emulate a Cisco 7200 on a traditionnal PC. Now, it also supports Cisco 3600 series (3620, 3640 and 3660), 3700 series (3725, 3745) and 2600 series (2610 to 2650XM, 2691).

The goals of this emulator are mainly:

* To be used as a training platform, with software used in real world. It would allow people to become more familiar with Cisco devices, Cisco being the world leader in networking technologies ;
* Test and experiment the numerous and powerful features of Cisco IOS ;
* Check quickly configurations to be deployed later on real routers.


Of course, this emulator cannot replace a real router: you should be able to get a performance of about 1 kpps (depending on your host machine), to be compared to the 100 kpps delivered by a NPE-100 (the oldest NPE model). So, it is simply a complementary tool to real labs for administrators of Cisco networks or people wanting to pass their CCNA/CCNP/CCIE exams.


[edit]
Current status

At this time, the emulator I have programmed is able to boot a large number of Cisco IOS releases available for the 7200, 3600, 3700 and 2600 platforms, including the latest 12.2S and 12.4T.


The following devices are emulated in the current release (0.2.7):

* MIPS64 and PowerPC CPU processors. The instruction sets are not completely emulated now (MIPS FPU support is lacking, TLB support is not finished and other minor things), but it is sufficient for IOS ;
* DRAM and Packet SRAM memory ;
* Non-Volatile Memory (NVRAM) ;
* Signetics SCN 2681 DUART (C7200 Console and AUX ports) ;
* National Semiconductors NS16552 DUART (C3600/C3700/C2600 Console and AUX ports) ;
* Dallas DS1620 Temperature Sensors and Voltage Sensors, allowing the C7200 Environmental Monitor to work properly ;
* NMC93C46 Serial EEPROM ;
* Bootflash of 8 Mb (Intel 28F016SA) ;
* Galileo GT64010/GT64120/GT96100 PCI controllers, DEC 21x50 PCI bridges and so ;
* PCMCIA ATA disk emulation (C7200 only at this time).
* ...


The following Cisco 7200 Port Adapters (PA) are currently supported:

* FastEthernet cards "C7200-IO-FE" and "PA-FE-TX" based on DEC21140 chip
* FastEthernet cards "C7200-IO-2FE" and "PA-2FE-TX" based on Intel i8254x chips
* GigabitEthernet cards "C7200-IO-GE-E" and "PA-GE" based on Intel i8254x chips
* Ethernet cards "PA-4E" and "PA-8E" based on AMD Am79c97x chips
* ATM card "PA-A1" based on Texas Instruments Tneta1570 chip
* Serial cards "PA-4T+" and "PA-8T"
* POS (Packet over Sonet) card "PA-POS-OC3" (experimental, only works with recent IOS images)


The following Cisco 3600 (3620,3640,3660) Network Modules (NM) are currently supported:

* Ethernet cards: "NM-1E", "NM-4E" and "NM-1FE-TX", all based on AMD Am79c97x chips
* Ethernet switching module: "NM-16ESW"
* Serial card "NM-4T"


The following Cisco 2691/3725/3745 Network Modules (NM) are currently supported:

* FastEthernet cards: "NM-1FE-TX"
* Ethernet switching module: "NM-16ESW"
* Serial card "NM-4T"


The following Cisco 2600 Network Modules (NM) are currently supported:

* Ethernet cards: "NM-1E", "NM-4E" and "NM-1FE-TX"
* Ethernet switching module: "NM-16ESW"


You can also get development info and beta versions on my technical blog (http://www.ipflow.utc.fr/blog).

To run at a decent speed, the emulator uses a JIT (Just In Time) compiler, which is working on x86 CPU (like Pentium) and x86_64 CPU (AMD64/Intel EM64T). It is also possible to run the emulator without the JIT support on non-x86 machines, but it is slower.

You can find some information about the C7200 hardware on the Cisco Web site (http://www.cisco.com/en/US/products/hw/routers/ps341/products_tech_note09186a00800942e0.shtml)


[edit]
Lab simulation / "Hypervisor" mode

With the introduction of the 0.2.5 release, it is now possible to run the emulator as an "hypervisor" to start and control many virtual router instances simultaneously.


Dynagen (http://dyna-gen.sourceforge.net/), by Greg Anuzelli, is a front-end (written in Python) that makes lab simulation with the hypervisor very easy: it uses an INI-like configuration file to provision Dynamips emulator networks. It takes care of specifying the right port adapters, generating and matching up those pesky NIO descriptors, specifying bridges, frame-relay, ATM switches, etc. It also provides a management CLI for listing devices, suspending and reloading instances, etc. You can also distribute virtual instances across different servers to set up complex labs. To begin with Dynagen, you can consult this very complete tutorial (http://dyna-gen.sourceforge.net/tutorial.htm).


Dynagui (http://dynagui.sourceforge.net/) is a graphical front-end written by Yannick Le Teigner. It uses Dynagen to communicate with the hypervisor.


[edit]
Contributors are welcome ! :)

For people interested to contribute there is a TODO List.

There are many things to do: a more efficient JIT, network device emulation, new platforms...


[edit]
Download

The current release is 0.2.7, published May 26, 2007 (you can consult the README file (http://www.ipflow.utc.fr/dynamips/README-0.2.7.txt)).

You have to download only one binary file corresponding to your architecture:

* Executable for Linux/x86 (http://www.ipflow.utc.fr/dynamips/dynamips-0.2.7-x86.bin)
* Executable for Linux/x86_64 (AMD64 and EM64T) (http://www.ipflow.utc.fr/dynamips/dynamips-0.2.7-amd64.bin)
* Executable for Windows (with Cygwin DLL) (http://www.ipflow.utc.fr/dynamips/dynamips-0.2.7-cygwin.zip)


If you are using the Windows version, you have to download and install the WinPcap library (http://www.winpcap.org/). The minimum required version is 0.4. Thanks to WinPCAP, it is possible to access the Ethernet card of host machine to send/receive packets on the LAN.


You can also download the source code, published under the GNU General Public Licence (GPL):

* The source code of release v0.2.7 (http://www.ipflow.utc.fr/dynamips/dynamips-0.2.7.tar.gz)


Remark: the sources include 3 files which are not written by me: amd64-codegen.h and x86-codegen.h from the Mono project (http://www.mono-project.com), and base64.c from Fetchmail, all under GPL licence. Of course these files keep their licences and their copyrights.


[edit]
How to use it ?

Very important remark: by default, an instance will take 100% of the host CPU. To avoid this, please read the "idle-pc" section in the README file (http://www.ipflow.utc.fr/dynamips/README-0.2.7.txt).


To boot quickly, the preferred method is to decompress the IOS image with the "unzip" utility. It avoids to run the self-decompressing process in the emulator.

chris@portchris2:~/dynamips-0.2.5$ unzip -p c7200-advipservicesk9-mz.124-9.T.bin > image.bin
warning [c7200-advipservicesk9-mz.124-9.T.bin]: 27904 extra bytes at beginning or within zipfile
(attempting to process anyway)
chris@portchris2:~/dynamips-0.2.5$ file image.bin
image.bin: ELF 32-bit MSB executable, cisco 7200, version 1 (SYSV), statically linked, stripped

You can ignore the warning, unzip has just skipped the self-decompressing code at the beginning of the image.

Now, you can boot the image (in this example, no network connections are defined):

chris@portchris2:~/dynamips-0.2.5$ ./dynamips image.bin -t npe-400 -p 1:PA-A1 -p 2:PA-8T -p 3:PA-4E -p 4:PA-POS-OC3 -p 6:PA-FE-TX
Cisco 7200 Simulation Platform (version 0.2.5-x86)
Copyright (c) 2005,2006 Christophe Fillot.

IOS image file: image.bin

CPU0: carved JIT exec zone of 64 Mb into 2048 pages of 32 Kb.
NVRAM is empty, setting config register to 0x2142
C7200 instance 'default' (id 0):
VM Status : 0
RAM size : 256 Mb
IOMEM size : 0 Mb
NVRAM size : 128 Kb
NPE model : npe-400
Midplane : vxr
IOS image : image.bin

Loading ELF file 'image.bin'...
ELF entry point: 0x80008000

C7200 'default': starting simulation (CPU0 PC=0xffffffffbfc00000), JIT enabled.
ROMMON emulation microcode.

Launching IOS image at 0x80008000...

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706



Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 12.4(9)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 16-Jun-06 17:27 by prod_rel_team
Image text-base: 0x60009084, data-base: 0x6308C000


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 7206VXR (NPE400) processor (revision A) with 245760K/16384K bytes of memory.
Processor board ID 4294967295
R7000 CPU at 150MHz, Implementation 39, Rev 2.1, 256KB L2, 512KB L3 Cache
6 slot VXR midplane, Version 2.1

Last reset from power-on

PCI bus mb0_mb1 (Slots 0, 1, 3 and 5) has a capacity of 600 bandwidth points.
Current configuration on bus mb0_mb1 has a total of 540 bandwidth points.
This configuration is within the PCI bus capacity and is supported.

PCI bus mb2 (Slots 2, 4, 6) has a capacity of 600 bandwidth points.
Current configuration on bus mb2 has a total of 500 bandwidth points
This configuration is within the PCI bus capacity and is supported.

Please refer to the following document "Cisco 7200 Series Port Adaptor
Hardware Configuration Guidelines" on Cisco.com
for c7200 bandwidth points oversubscription and usage guidelines.


4 Ethernet interfaces
2 FastEthernet interfaces
8 Serial interfaces
1 ATM interface
1 Packet over SONET interface
125K bytes of NVRAM.
Installed image archive

65536K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).
8192K bytes of Flash internal SIMM (Sector size 256K).

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]:


[edit]
Questions & Answers

There is a "Frequently Asked Questions" page.

It is also recommended to consult the Hacki's forum (http://7200emu.hacki.at/). Many tips, lab examples, ... are published on it.


Help for Cisco router simulator (dynamips-0.2.7)
================================================
Authors of this document: Fabien Devaux, Christophe Fillot, MtvE

Emulated hardware
*****************

The emulator currently supports the following platforms:
- Cisco 7200 (NPE-100 to NPE-400)
- Cisco 3600 (3620, 3640 and 3660)
- Cisco 2691
- Cisco 3725
- Cisco 3745

By default, a Cisco 7206VXR with NPE-200 (256 Mb of DRAM) is emulated.

To emulate another platform, use the "-P" command line option (for example,
"-P 3725" or "-P 3600").

For the 7200, you can change the NPE type with the "-t" option.
It is possible to select "npe-100", "npe-150", "npe-175", "npe-200",
"npe-225", "npe-300" and "npe-400". The "npe-g1" is not working.

For the 3600, a 3640 with 128 Mb is emulated by default. You can change this
with the "-t" option and by specifying "3620" or "3660".
Don't forget to set the chassis type depending on your IOS image,
a c3660 image will not run on c3640 hardware and vice-versa.

Remark: PCMCIA card emulation is not supported yet with Cisco 3600.


Command Line Options overview
*****************************

-l : Set logging file (default is dynamips_log.txt)
-j : Disable the JIT compiler, very slow
--exec-area : Set the exec area size (default: 64 Mb)
--idle-pc : Set the idle PC (default: disabled)
--timer-itv : Timer IRQ interval check (default: 1000)

-i : Set instance ID
-r : Set the virtual RAM size
-o : Set the virtual ROM size
-n : Set the NVRAM size
-c : Set the configuration register
-m : Set the MAC address of the chassis
(default: automatically generated)
-C : Import an IOS configuration file into NVRAM
-X : Do not use a file to simulate RAM (faster)
-R : Load an alternate ROM (default: embedded)
-k : Set the clock divisor (default: 4)

-T : Console is on TCP
-U : Console in on serial interface
(default is on the terminal)

-A : AUX is on TCP
-B : AUX is on serial interface
(default is no AUX port)

--disk0 : Set PCMCIA ATA disk0: size
--disk1 : Set PCMCIA ATA disk1: size

-a : Virtual ATM switch configuration file
-f : Virtual Frame-Relay switch configuration file
-E : Virtual Ethernet switch configuration file
-b : Virtual bridge configuration file
-e : Show network device list of the host machine

Options specific to the Cisco 7200 series:

-t : Select NPE type (default: "npe-200")
-M : Select Midplane ("std" or "vxr")
-p : Define a Port Adapter
-s : Bind a Network IO interface to a Port Adapter

Options specific to the Cisco 3600 series ("dynamips -P 3600 --help"):

-t : Select Chassis type (default: "3640")
--iomem-size : IO memory (in percents, default: 5)
-p : Define a Network Module
-s : Bind a Network IO interface to a Network Module

Options specific to the Cisco 2691 series ("dynamips -P 2691 --help"):

--iomem-size : IO memory (in percents, default: 5)
-p : Define a Network Module
-s : Bind a Network IO interface to a Network Module

Options specific to the Cisco 3725 series ("dynamips -P 3725 --help"):

--iomem-size : IO memory (in percents, default: 5)
-p : Define a Network Module
-s : Bind a Network IO interface to a Network Module

Options specific to the Cisco 3745 series ("dynamips -P 3745 --help"):

--iomem-size : IO memory (in percents, default: 5)
-p : Define a Network Module
-s : Bind a Network IO interface to a Network Module



Command Line Options details
****************************

-k :

Specify the clock divider (integer) based on the host clock.
Alter the value to match the CISCO clock with the real time.
The command "show clock" at the IOS' CLI will help you set this value.

--idle-pc :

The "idle PC" feature allows you to run a router instance without having
a 100% CPU load. This implies that you can run a larger number of instances
per real machine.

To determine the "idle PC", start normally the emulator with your Cisco IOS
image, and a totally IOS empty configuration (although not mandatory, this
will give better results). When the image is fully booted, wait for the
"Press RETURN to get started!" message prompt, but do not press Enter key.
Wait about 5 seconds, then press "Ctrl-] + i". Some statistics will be
gathered during 10 seconds. At the end, the emulator will display a list of
possible values to pass to the "--idle-pc" option. You may have to try some
values before finding the good one. To check if the idle PC value is good,
just boot the Cisco IOS image, and check your CPU load when the console
prompt is available. If it is low, you have found a good value, keep it
preciously.

Important remarks:
==================

* An "idle PC" value is *specific* to a Cisco IOS image. You cannot
boot a different IOS image without proceeding as described above.

* Do not run the process while having the "autoconfiguration" prompt.


--exec_area :

The exec area is a pool of host memory used to store pages translated by
the JIT (they contain the native code corresponding to MIPS code pages).



Cisco 7200 Port Adapter Description "":
------------------------------------------------
Format: slot:pa_driver

slot: the number of the physical slot (starts from 0)

pa_driver: the name of a Port Adapter driver in:
- C7200-IO-FE (FastEthernet, slot 0 only)
- PA-FE-TX (FastEthernet, slots 1 to 6)
- PA-4E (Ethernet, 4 ports)
- PA-8E (Ethernet, 8 ports)
- PA-4T+ (Serial, 4 ports)
- PA-8T (Serial, 8 ports)
- PA-A1 (ATM)


Cisco 3600 Network Module Description "":
--------------------------------------------------
Format: slot:nm_driver

slot: the number of the physical slot (starts from 0)

nm_driver: the name of a Network Module driver in:
- NM-1E (Ethernet, 1 port)
- NM-4E (Ethernet, 4 ports)
- NM-1FE-TX (FastEthernet, 1 port)
- NM-4T (Serial, 4 ports)
- NM-16ESW (Ethernet switch module, 16 ports)
- Leopard-2FE (Cisco 3660 FastEthernet in slot 0, automatically used)


Cisco 2691/3725/3745 Network Module Description "":
------------------------------------------------------------
Format: slot:nm_driver

slot: the number of the physical slot (starts from 0)

nm_driver: the name of a Network Module driver in:
- NM-1FE-TX (FastEthernet, 1 port)
- NM-4T (Serial, 4 ports)
- NM-16ESW (Ethernet switch module, 16 ports)
- GT96100-FE (2 integrated ports, automatically used)


NIO binding to Port Adapter "" and Network Modules "":
----------------------------------------------------------------------

Format: slot:port:netio_type[:netio_parameters]

slot : the number of the physical slot (starts from 0)
port : the port in the specified slot (starts from 0)

netio_type : host interface for communication

unix::
Use unix sockets for local communication.
is created and represents the local NIC.
is the file used by the other interface.
(ex. "/tmp/local:/tmp/remote")

vde::
For use with UML (User-Mode-Linux) or VDE switches.
VDE stands for "Virtual Distributed Ethernet".
Please refer to : http://sourceforge.net/projects/vde/

tap:
Use a virtual ethernet device for communication.
is the name of the tap device (ex. "tap0")

gen_eth:
Use a real ethernet device for communication, using libpcap 0.9
or WinPcap. Works on Windows and Unix systems.

is the name of the Ethernet device (ex. "eth0")

The device list can be found using the "-e" option.

linux_eth:
Use a real ethernet device for communication (Linux specific).
is the name of the Ethernet device (ex. "eth0")

udp:::
Use an UDP socket for connection between remote instances.
is the port we listen to.
is the host listening the port you want to connect to.
is the port you want to connect to.
(ex. "1000:somehost:2000" and "2000:otherhost:1000" on the other
side)

tcp_cli::
Client side of a tcp connection.
is the ip address of the server.
is the port to connect to.

tcp_ser:
Server side of a tcp connection.
is the port to listen to.

null
Dummy netio (used for testing/debugging), no parameters needed.



VTTY binding to real serial port device "":
----------------------------------------------------

Format: {:baudrate{:databits{:parity{:stopbits{:hwflow}}}}}}

device: character device name, e.g. /dev/ttyS0
baudrate: baudrate
databits: number of databits.
parity: data parity: N=none, O=odd, E=even,
stopbits: number of stop bits
hwflow: hardware flow control (0=disable, 1=enable)

Note that the device field is mandatory, however other fields are optional.
(dynamips will default to 9600, 8, N, 1, no hardware flow control)

Note that access to the escape commands (described below) through a serial
port are deliberately prevented, as the escape commands interfere with
serial encapsulation protocols.


Escape commands
***************

You can press ^] (Ctrl + ]) at any time, followed by one of these characters:

o : Show the VM object list
d : Show the device list
r : Dump MIPS CPU registers
t : Dump MIPS TLB entries
m : Dump the latest memory accesses
s : Suspend CPU emulation
u : Resume CPU emulation
q : Quit the emulator
b : Dump the instruction block tree
h : JIT hash table statistics
l : MTS64 cache statistics
c : Write IOS configuration to disk (ios_cfg.txt)
j : Non-JIT mode statistics
i : Determine an idling pointer counter
x : Experimentations (can crash the box!)
^]: Send ^]

If you press an unrecognized key, help will be shown.

Note: on Windows, it may be the "Ctrl + $" sequence.


Virtual Bridge
**************

The virtual bridge is used to emulate a shared network between emulator
instances.

Any emulator instance can act as a virtual bridge.

The configuration file (specified by the "-b" option) contains a list of
NetIO descriptors, with the following syntax:

interface_name:netio_type[:netio_parameters]

Example:

# Connection to instance "I0"
I0:udp:10000:127.0.0.1:10001

# Connection to instance "I1"
I1:udp:10002:127.0.0.1:10003

# Connection to instance "I2"
I2:udp:10004:127.0.0.1:10005

The "I0" instance would be launched with the following parameters:

dynamips ios.bin -p 1:PA-FE-TX -s 1:0:udp:10001:127.0.0.1:10000


Virtual Ethernet switch
***********************

The virtual ethernet switch is used to emulate an Ethernet network between
emulator instances. This switch supports access and trunk ports (802.1Q).
ISL will be available in a future release.

Any emulator instance can act as a virtual ethernet switch.

The configuration file (specified by the "-E" option) contains a list of
NetIO descriptors (representing interfaces) and a list of interface properties
(access/trunk port, VLAN info...)

The interface definition is similar to Port Adapters:

IF:interface_name:netio_type[:netio_parameters]

1) Configuring an Access Port

syntax: ACCESS:interface_name:vlan_id

2) Configuration a 802.1Q Trunk Port

syntax: DOT1Q:interface_name:native_vlan

The native VLAN is not tagged. On Cisco devices, by default the native VLAN
is VLAN 1.

Example of configuration file:

IF:E0:udp:10000:127.0.0.1:10001
IF:E1:udp:10002:127.0.0.1:10003
IF:E2:gen_eth:eth0

DOT1Q:E0:1
ACCESS:E1:4
DOT1Q:E2:1


Virtual ATM switch
******************

The virtual ATM switch fabric is used to emulate an ATM backbone between
emulator instances. The use of this virtual switch is not mandatory, you
can directly connect emulator instances for point-to-point ATM connections.
Please note that only basic VP/VC switching is supported, there is no
support for ILMI/QSAAL/... or other specific ATM protocols.

Any emulator instance can act as a virtual ATM switch.

Example of configuration file (specified by the "-a" option):

# Virtual Interface List
IF:A0:udp:10001:127.0.0.1:10000
IF:A1:udp:10002:127.0.0.1:10003
IF:A2:udp:10004:127.0.0.1:10005

# VP connection between I0 and I1
VP:A0:10:A1:20
VP:A1:20:A0:10

# VP connection between I0 and I2
VP:A0:11:A2:30
VP:A2:30:A0:11

# VC connection between I1 and I2
VC:A1:5:2:A2:7:3
VC:A2:7:3:A1:5:2

In this example, we have 3 virtual interfaces, A0, A1 and A2. The syntax
for interface definition is similar to Port Adapters:

IF:interface_name:netio_type[:netio_parameters]

You can do VP switching or VC switching:

1) VP switching

syntax: VP:input_if:input_vpi:output_if:output_vpi

2) VC switching

syntax: VC:input_if:input_vpi:input_vci:output_if:output_vpi:output_vci


Testing the Virtual ATM switch with one dynamips instance
*********************************************************
(Contribution of Mtv Europe)

Virtual ATM switch configuration file ("atm.cfg"):

IF:A0:udp:10003:127.0.0.1:10001
IF:A1:udp:10004:127.0.0.1:10002
# a0/vpi=1/vci=100 connects to a1/vpi=2/vci=200
VC:A0:1:100:A1:2:200
VC:A1:2:200:A0:1:100

Invoking dynamips:

./dynamips -p 1:PA-A1 -s 1:0:udp:10001:127.0.0.1:10003 \
-p 2:PA-A1 -s 2:0:udp:10002:127.0.0.1:10004 \
-a atm.cfg IOS.BIN

(note input ports of IOS interfaces are output ports of ATM switch
interfaces, and vice versa).

IOS configuration:

ip cef
ip vrf test
rd 1:1
route-target both 1:1
int a1/0
no shut
int a1/0.2 p
ip addr 1.1.1.1 255.255.255.0
pvc 1/100
interface a2/0
no shut
interface a2/0.2 p
ip vrf forwarding test
ip addr 1.1.1.2 255.255.255.0
pvc 2/200
!

# ping 1.1.1.2
!!!!!


Virtual Frame-Relay switch
**************************

The virtual Frame-Relay switch fabric is used to emulate a Frame-Relay
backbone between emulator instances. The use of this virtual switch is not
mandatory, you can directly connect emulator instances with appropriate IOS
configuration.

Any emulator instance can act as a virtual Frame-Relay switch.

There is only a basic implementation of the LMI protocol (ANSI Annex D), which
is probably not conforming but works with Cisco IOS. Fortunately, Cisco IOS
is able to detect automatically the LMI protocol.

Example of configuration file (specified by the "-f" option):

# Virtual Interface List
IF:S0:udp:10001:127.0.0.1:10000
IF:S1:udp:10002:127.0.0.1:10003

# DLCI switching between S0 and S1
VC:S0:200:S1:100
VC:S1:100:S0:200

In this example, we have 2 virtual interfaces, S0 and S1. The syntax
for interface definition is similar to Port Adapters:

IF:interface_name:netio_type[:netio_parameters]

DLCI switching syntax:

VC:input_if:input_dlci:output_if:output_dlci

In the example above, the switch is configured to switch packets
received on interface S0 with DLCI 200 to interface S1 with DLCI 100,
and vice-versa.

== EOF ==

Dynamips / Dynagen Tutorial

Documentation Revision 1.11.2



Greg Anuzelli



Introduction

Installing

IOS Images

Resource Utilization

Configuring your Telnet Client

Network Files

Running Simple Lab #1

Working with the Management Console

Calculating Idle-PC values

Simple Lab #2

Frame Relay Lab

Communicating with Real Networks

Ethernet Switch Lab

1700/2600/3600/3700 Routers

WIC Modules

Client / Server and Multi-server Operation

Memory Usage Optimizations

Packet Capture

Other Commands / Features

Hardware Currently Emulated

FAQs

· How do I determine idle pc values from Dynagen?

· When I try to run more than 4 router instances @ 256 MB each (or 6 instances @ 160 MB each) on Windows, or more than 7 instances @ 256 MB each (or 11 instances @ 160 MB each) on 32-bit Linux Dynamips crashes.

· I have a complex lab with several routers, and my serial interfaces are flapping, eigrp neighbor adjacencies are failing, show run and write mem takes forever.

· There is a newer version of Dynamips available than the one bundled with the Dynagen Windows installer. How do I use it with Dynagen? / How do I use Dynagen with Windows 2000 or Windows XP SP1?

· On Linux / Unix / OS X, when I bridge a router or switch interface to my local host I can’t ping it from my host. But this works on Windows? What gives?

· I have a question / I’m having a problem / I think I’ve found a bug. How do I submit a quality post on the forum or the bug tracking system thereby increasing the likelihood that someone will be able to help me out?




Introduction

Dynamips is a Cisco router emulator written by Christophe Fillot. It emulates 1700, 2600, 3600, 3700, and 7200 hardware platforms, and runs standard IOS images. In Chris’ own words:



This kind of emulator would be useful to:

· Be used as a training platform, with software used in real world. It would allow people to become more familiar with Cisco devices, Cisco being the world leader in networking technologies ;

· Test and experiment features of Cisco IOS ;

· Check quickly configurations to be deployed later on real routers.



Of course, this emulator cannot replace a real router, it is simply a complementary tool to real labs for administrators of Cisco networks or people wanting to pass their CCNA/CCNP/CCIE exams.



Although Dynamips provides a simple virtual switch, it does not emulate Catalyst switches (although it does emulate the NM-16ESW).



Dynagen is a text-based front end for Dynamips, which uses the “Hypervisor” mode for communication with Dynamips. Dynagen simplifies building and working with virtual networks:

* Uses a simple, easy to understand configuration file for specifying virtual router hardware configurations
* Simple syntax for interconnecting routers, bridges, frame-relay and ATM, and Ethernet switches. No need to deal with NetIOs
* Can work in a client / server mode, with Dynagen running on your workstation communicating with Dynamips running on a back-end server. Dynagen can also control multiple Dynamips servers simultaneously for distributing large virtual networks across several machines. Or you can run Dynamips and Dyngen on the same system
* Provides a management CLI for listing devices, starting, stopping, reloading, suspending, resuming, and connecting to the consoles of virtual routers.



Dynagen is written in Python, and is therefore compatible with any platform for which there is a Python interpreter (which is to say, many). The design is modular, with a separate OOP API for interfacing with Dynamips. Other Python applications could be written that use this API for programmatically provisioning virtual networks, or to provide other front-ends. For example, a team is working on GNS-3; a GUI front-end using this library.



If somehow you have stumbled upon this tutorial without first finding the Dynamips or Dynagen web sites, here they are along with some other important links:



Dynamips (the actual emulator): http://www.ipflow.utc.fr/index.php/Cisco_7200_Simulator

Dynamips Blog (where most of the action is): http://www.ipflow.utc.fr/blog/

Dynagen (a front-end to the emulator): http://dyna-gen.sourceforge.net/

GNS-3 (a graphical network simulator that uses Dynagen’s libraries): http://www.gns3.net/

Dynamips / Dynagen Bug tracking: http://www.ipflow.utc.fr/bts/

Hacki’s Dynamips / Dynagen / Dynagui Forum: http://7200emu.hacki.at/index.php



Special thanks to the creators of the ConfigObj library at http://www.voidspace.org.uk/python/modules.shtml#configobj. This library is used by Dynagen for reading its configuration files.
Installing

Dynagen runs on any platform that supports Python, which is to say nearly any platform. I have also put together a Windows installer package that includes Dynamips and provides a compiled version of Dynagen, eliminating the need to install Python. It also provides Explorer “integration” so you can double-click on network files in order to run them.



First, install libpcap, or winpcap depending on your platform on the machine on which you intend to run Dynamips. This is used to provide bridging router interfaces to physical network cards. Windows users will need to install Winpcap 4.0 or later, which is current in beta.



Then, Windows users should install the Windows installer package. This provides everything you need to run Dynamips / Dynagen on local or remote machines.



Linux users should download the Dynamips / Dynagen tarball, and extract it to a suitable location (e.g. /opt/dynagen). Then create symlinks to the Dynagen and Dynamips executables in /usr/local/bin, or somewhere else in your PATH.



Note: If you are running Dynamips on a RedHat or Fedora system, take a look at Dynamips FAQ item #2 if you are experiencing segfaults when you try to run Dynamips.


IOS Images

Dynamips runs real Cisco IOS images. From the Dynamips FAQ:


Can you provide a Cisco IOS image for a 7200 to me?



No, I am not allowed to distribute any IOS image. You will have to find one by yourself, this should not be a problem if you are a Cisco customer.



On Windows, drop the image in C:\Program Files\Dynamips\images. You can actually drop the images anywhere you want, but the sample labs are configured to look here. On Linux/Unix systems, designate a location to store your images and drop them there (I like to use /opt/images, but it’s your system.)



Cisco IOS images are compressed. These compressed images will work just fine with Dynamips*, however the boot process is slowed significantly by this decompression process (just like on real routers). It is recommended that you decompress the images beforehand, so the emulator doesn’t have to. You can do this with the “unzip” utility on Linux/Unix/Cygwin as follows:


unzip -p c7200-g6ik8s-mz.124-2.T1.bin > c7200-g6ik8s-mz.124-2.T1.image



You will receive a warning from unzip, which you can safely ignore. On Windows you can use WinRAR to uncompress images.



* Note that currently images for 2600 routers must be uncompressed to work with Dynamips.


Resource Utilization

Dynamips uses a fair amount of RAM and CPU in order to accomplish its emulation magic. If you intend to run an IOS image that requires 256 MB of RAM on a real 7200 router, and you devote 256 MB of RAM to your virtual router instance, it will allocate 256 MB of working set memory. Dynamips also allocates (by default) 64 MB of RAM / instance on Unix systems (16 MB on Windows systems) to cache JIT translations. This will be the total working set size; by default the amount of your system’s actual RAM used will typically be significantly less. This is because by default Dynamips uses memory mapped files for the routers’ virtual memory. In the working directory you will see temporary “ram” files equal to the size of the virtual routers’ RAM size. Your OS will naturally cache in RAM the sections of the mmap files that are being used. (See the Memory Usage Optimizations section for configuration options that can signficanly reduce memory utilization).



If you have plenty RAM, and you know what you are doing, set “mmap = false” in the device default or router sections of your labs to disable mmap for those instances.



Dynamips also uses a lot of CPU, because it is emulating a router’s CPU instruction-by-instruction. it initially has no way of knowing when the virtual router’s CPU is idle so it dutifully executes all the instructions that make up IOS’s idle routines just as it would execute the instructions that perform “real” work. But once you have run through the “Idle-PC” process for a given IOS image, CPU utilization decreases drastically. More on this later.


Configuring your Telnet Client

Dynagen includes a console command that allows you to connect to the virtual router consoles directly from the CLI. But you must first configure the dynagen.ini file (located in C:\Program Files\Dynagen on Windows systems, or wherever you extracted the tarball on Unix systems) to tell it which telnet client to use. Uncomment the line appropriate for your system, or craft your own to use your favorite telnet client. See the comments in the ini file for instructions.


Network Files

Dynagen uses a single “network file” to store the configuration of all the routers, switches, and interconnections that make up a virtual lab. This file uses a simple INI file-like syntax. Open up the simple1.net file in a text editor (on Windows there is a shortcut to the “Dynagen Sample Labs” directory on the desktop).



# Simple lab



Any line prefaced with a # is a comment, and is ignored



[localhost]



The first section specifies the host that is running Dynamips. In this case, we intend to run Dynamips on the same machine as Dynagen, so we specify localhost. If Dynamips were running on a different machine, you would put the hostname or IP address of that machine here instead (we’ll see an example of that a bit later on.)



[[7200]]



The next section is indented, and double bracketed. This means that what follows is configuration that applies to the Dynamips server specified in the section above (in this case, localhost). All whitespace is actually ignored, so the indentation is just for looks. The double-bracket is what really means that this section is nested under the [localhost] section.



This [[7200]] section defines all the defaults that will be applied to any 7200 router instance we create. This makes things easy, by allowing us to specify common things like RAM size and IOS image only once. Note that you can specify defaults, and later override them in specific router instance definitions.



image = \Program Files\Dynamips\images\c7200-jk9o3s-mz.124-7a.image

# On Linux / Unix use forward slashes:

# image = /opt/7200-images/c7200-jk9o3s-mz.124-7a.image



The image keyword specifies the location on the system running Dynamips (in this example our local machine) of the image we want to use by default for all router instances. Here we are pointing to a 12.4 image on a Windows system. For Linux/Unix systems, use forward slashes instead, as shown in the comment.



npe = npe-400

ram = 160



Each of our router instances is going use an NPE-400, and be allocated 160 MB of RAM .



[[ROUTER R1]]



Now, we are defining a virtual router instance with the ROUTER keyword. The string following this keyword is the name we are assigning to this router, in this case “R1”. This name is just the name that is used by Dynamips / Dynagen. It has nothing to do with the hostname that you assign in IOS to the router (although it will probably be less confusing if you just keep them the same.)



s1/0 = R2 s1/0



This line states that we are going to take R1’s Serial 1/0 interface, and connect it to R2’s Serial 1/0 interface (via virtual back-to-back serial cable). Dynagen automatically “installs” a PA-8T adapter in Port 1 to accommodate this connection on both R1 and R2 (note there is a way to override this behavior if, for example, you wanted to use a PA-4T+ instead for some reason).



[[router R2]]



Now we create a 2nd router, creatively name R2. This is the same R2 that is referenced in the line above that connects R1 and R2’s serial interfaces. As you can see, the ROUTER keyword is not case significant. (None of the keywords are.)



# No need to specify an adapter here, it is taken care of

# by the interface specification under Router R1



Although we have to create the R2 router, we do not need to specify any adapters here. R2’s Serial 1/0 interface was already created back when we connected it to R1’s Serial 1/0 above.


Running Simple Lab #1

In order to run this virtual lab, first start up the Dynamips server on your local machine. If you used the Windows installer, you will find a shortcut on the desktop titled “Dynamips Server”. Running this starts up the server (listening on port 7200 by default) in a window like this:





On Linux / Mac / Unix, start up the server in the background. For example:



dynamips –H 7200 &



On Windows, open the simple1.net file in explorer and Dynagen is automatically launched and the network started:





On Linux / Unix, either associate “.net” files with dyangen in whatever file manager you use, or run it from the command line:



dynagen simple1.net



For now, ignore the “no idle-pc value” warning; we’ll get to this a bit later. To see all the devices in this virtual lab, use the list command:





This tells us that there are two routers, R1 & R2. They are both currently running on the local host. R1’s console port is tied to TCP port 2000, and R2’s to port 2001. Telnet to these ports to connect to the virtual router instances. Or, if you configured the dynagen.ini file to specify your telnet client, just type “console R1” to connect to R1’s console.





Even better, you can type “console /all” and a console window will appear for each of your virtual routers. If you use Linux, OS X, or Tera Term SSH on Windows “console /all” works well because the title bar include the name of the router. However the Windows telnet command included with the OS does not seem to allow this. (If anyone can come up with a work-around for this please let me know. I’ve tried setting the title using the “start” command, and it is overwritten as soon as telnet is launched.). But Dynamips lets you know which router you are connecting to as its first line of output inside the telnet window, so you can identify it that way. By the way, the “console” command can be abbreviated as “con” – e.g. “con /all”.



Assign appropriate IP addresses to the Serial 1/0 interfaces on both routers, and “no shut” them, and you should find that they are indeed connected.


Working with the Management Console

From the Management Console, use the help command to see a list of valid commands:





To get help on a particular command, either type help command or command ?. For example:





On platforms that provide the Readline library (Linux/Unix) the console will have tab completion. (I have not yet found a suitable Python Readline library for Windows to provide this functionality. If anyone can find one that *they have tested with Dynagen and works* please let me know.)



To “power off” a virtual router, use the stop command. Help shows the syntax as:



stop {/all | router1 [router2] ...}



To shut down a single router, type use stop routername:





And sure enough, the router is now stopped:





You can also provide a list of routers to stop, or issue as stop /all to shut down all router instances.



To restart R1, use start command:



start {/all | router1 [router2] ...}







The IOS reload command is not suppored by dynamips in virtual routers. So you can use the Dynagen reload command. It performs a stop, followed by a start. To reload all routers in the entire lab, issue a reload /all:





The suspend and resume commands have a similar syntax as stop and start, but they temporarily pause the specified routers:





The exit command stops and deletes all devices from the network, and exits dynagen. If you exit the Management Console, your simulation will no longer be running.


Calculating Idle-PC values

You may have noticed that the previous lab caused your system’s CPU to peg at 100% and stay there. This is because Dynamips does not know when the virtual router is idle and when it is performing useful work. The “idlepc” command performs analysis on a running image to determine the most likely points in the code that represent an idle loop in IOS. Once applied, Dynamips “sleeps” the virtual router occasionally when this idle loop is executed significantly reducing CPU consumption on the host without reducing the virtual router’s capacity to perform real work.



Here is how the process is performed. First, open a lab and make sure only one router instance is running (stop any others in the lab if need be):





Then, telnet to the running router instance. If you are presented with IOS autoconfig prompt, respond with “no”. Otherwise, do not press anything:





Wait for all the interfaces to initialize, then wait a bit to ensure that the router is no longer booting and is idle. Your session should look something like this:







Now, switch back to the Dynagen management console, and issue an “idlepc get routername”. You will see a message that statistics are being gathered, and about 10 seconds later you should see a list of potential idlepc values:





Values that will most likely provide better results are marked with an asterisk. Select one of the values to try from the menu and press Enter. You should notice your host (the one running the dynamips process) CPU utilization drop dramatically. If so, you’ve found a good idlepc value for this particular IOS image.



If your CPU usage did not drop, it’s time to try a different value. Type “idlepc show routername” to show the list of values determined earlier again, and this time select a different one.





The new idlepc value will take effect dynamically. Once you’ve found a value that works, you can save it to your local idlepc database with “idlepc save routername db”. This stores the idlepc value for this IOS image in the file specified in dynagen.ini with the “idledb” option. The default is a file name “dynagenidledb.ini” in your $HOME or “Documents and Settings” folder (depending on your platform).





Once an idlepc value is in the database, it will be automatically applied whenever a router in one of your labs uses this image. If Dynagen starts a router without being able to find an idlepc value, it gives the “Warning: Starting xxx with no idle-pc value” message. If you would prefer to store the idlepc value directly in your network file, use “idlepc save routername” to add an “idlepc = xxxx” line to the router definition section (e.g. “[[ROUTER R1]]”) or use “idlepc save rotuername default” to store it in the default section of your network file for that router platform (e.g. “[[7200]]”).

Idle-PC values are are particular to an IOS image. They will be different for different IOS versions, and even for different feature sets of the same IOS version. However Idle-PC values are not particular to your host PC, operating system, or to the version of dynamips. So “dynagenidledb.ini” files from one system can be freely copied, merged, shared with others, etc.



The idlepc database is indexed by the name of your IOS image as specified in the “image =” line of your network file (minus the directories), so all your images must have unique names for this to work. I strongly recommend using the convention of keeping the same filename as the downloaded bin file, but replacing “bin” with “image” to indicate that the bin file has been unzipped (e.g. “c7200-jk9o3s-mz.124-7a.image”.) If everyone uses this same convention, it will make sharing databases transparent.



It is possible that dynamips will not be able to find and idlepc value for an image, or that the values it does find do not work. If this happens, try repeating the process again. Or you just might be out of luck with that particular image (however running into this situation is rare.)


Simple Lab #2

The lab “simple2.net” (located in the sample_labs directory) shows the use of the “LAN” keyword to specify bridged networks.



[[ROUTER Zapp]]

console = 2001

f0/0 = LAN 1

f1/0 = LAN 2



First, we are manually specifying the console port for Zapp (port 2001). This is usually never required, but is here to show that you can control most all of the defaults that are chosen by Dynagen by overriding them with specific values. FastEthernet0/0 is connected to LAN 1. “1” is an identifier that can be any alphanumeric sequence. All Ethernet interfaces that are connected to the same LAN are bridged together (like connecting them to a virtual hub). Also, just like in the previous lab with the Serial port adapter, Dynagen automatically installs a PA-C7200-IO-FE adapter in port 0, and a PA-FE-TX adapter in port 1 just by referencing f0/0 and f1/0.



In this lab all of the f0/0 interfaces are on one Ethernet segment, and all the f1/0 interfaces are on another segment:



[[ROUTER Leela]]

console = 2002

f0/0 = LAN 1

f1/0 = LAN 2



[[ROUTER Kif]]

console = 2003

f0/0 = LAN 1

f1/0 = LAN 2



Loading in this lab shows that LANs are second-class citizens, so to speak, in that they are not shown in the device list:





Also note that because you now have an idlepc value in your database for this IOS image, you no longer get the “Warning:starting xxx with no idle-pc value” message.




Frame Relay Lab

Dynamips (and accordingly Dynagen) provides support for an integrated frame relay switch. Looking at the “frame_relay1.net” lab, connectivity to the switch is specified like so:



[[ROUTER R1]]

s1/0 = F1 1



[[ROUTER R2]]

s1/0 = F1 2



[[ROUTER R3]]

s1/0 = F1 3



We are connecting the routers’ serial interfaces to ports 1, 2, and 3 respectively on a Frame Relay switch named “F1”.



[[FRSW F1]]

1:102 = 2:201

1:103 = 3:301

2:203 = 3:302



Here we define the switch using the FRSW keyword, and name the switch F1. The format of each Frame Relay switch entry is:



Port:dlci = port:dlci



The first line is assigning a local DLCI of 102 on port 1, which maps to a DLCI of 201 on port 2. The other two lines are configured similarly, creating a full mesh of PVCs between the three routers. (103 <-> 301, and 201 <-> 302).



Note: The Frame Relay switch emulated by Dynamips uses an LMI type of ANSI Annex D, not Cisco.



Launching the lab shows the following:





There are several things to note here. First, all the routers are stopped. This is because of the “autostart = false” line at the beginning of the network file. By default, all routers are automatically started when a lab is launched. The autostart keyword overrides this behavior, and the lab must manually be started (start /all). Also, the Frame Relay switch F1 is listed, but you can’t stop, start, suspend, or resume it like you can with virtual routers.



You can configure multiple Frame Relay switches in a single lab. Dynamips also provides virtual ATM switches. See the “all_config_options.txt” file for an ATM example.


Communicating with Real Networks

Dynamips can bridge virtual router interfaces real host interfaces, allowing your virtual network to communicate with the real world. On Linux systems, this is done with the NIO_linux_eth NIO descriptor. For example:



f0/0 = NIO_linux_eth:eth0



this bridges this router’s F0/0 interface to the eth0 interface on the host. Packets that exit f0/0 are dumped out on to the real network through eth0, and return packets are forwarded back to the virtual router instance accordingly.



On Windows systems, the Winpcap library is used to accomplish this bridging. Interface specification is a little more complex on Windows systems, so Dynamips provides a command line switch to list the available interfaces on Windows hosts. The Dynamips/Dynagen Windows installer includes a shortcut to this utility. On the desktop, open the “Network Device List” shortcut:





So on my Windows system, I would use:



F0/0 = NIO_gen_eth:\Device\NPF_{B00A38DD-F10B-43B4-99F4-B4A078484487}



to bridge to my local Ethernet adapter.




Ethernet Switch Lab

New to Dynamips as of version 0.2.5-pre22 is an integrated virtual Ethernet switch that supports VLANs with 802.1q encapsulation.



Open the Ethernet Switch lab and you will see that connecting Ethernet interfaces to the virtual switch is similar to working with the Frame Relay switch:



[[ROUTER R1]]

F1/0 = S1 1



[[ROUTER R2]]

F1/0 = S1 2



[[ROUTER R3]]

F1/0 = S1 3



Then, to configure these ports on the switch:



[[ETHSW S1]]

1 = access 1

2 = access 20

3 = dot1q 1

#4 = dot1q 1 NIO_gen_eth:eth0

4 = dot1q 1 NIO_gen_eth:\Device\NPF_{B00A38DD-F10B-43B4-99F4- B4A078484487}



Port 1 of the switch (connected to R1 F1/0) is an access port in VLAN 1. Port 2 is also an access port, but in vlan 20. Port 3 is a trunk port (specified with the dot1q keyword) with a native VLAN of 1. Trunk ports trunk all the VLANs known to the switch.



The switchport 4 config shows how to connect a switchport to the “real world”. Here we are connecting a trunk port with a native vlan of 1 to the host’s eth0 or Windows network device using the NIO_gen_eth Winpcap NIO. If this host interface is connected to a real switch that is configured for trunking, you can now easily connect any router instance to any VLAN you wish.



Dynagen includes CLI commands to show and clear the MAC address tables of virtual Ethernet switches. Those commands are “show mac Ethernet_switch_name’ and “clear mac ethenet_switch_name”.

1700/2600/3600/3700 Routers

As of Dynamips 0.2.8-RC1 and Dynagen 0.10.0 1700, 2600, 3600, 3700, and 7200 routers are emulated. Working with these models of routers is much like working with 7200s. You can specify default options that apply to (for example) all 2691, 3620, 3640, 3660, 3725, or 3745s in your lab with [[2691]], [[3620]], [[3640]], [[3660]], [[3725]], and [[3745]] sections. For example:



[[3660]]

image = /opt/3660-images/c3660-ik9o3s-mz.122-15.T17.image

ram = 96



When defining routers, the default is to emulate a 7200. Use the “model” option to specify a different model. E.g.:



[[ROUTER r1]]

model = 3660

f0/0 = R2 e1/1



You can mix and match router models in the same lab. If the majority of the routers in your lab are going to be a particular model other than 7200s, you can set the default for the lab by putting the “model” option at the top level. See all_config_options.txt for more info.



On the 1710, 1720, 1721, and 1750 platforms interfaces show in IOS without a slot designation. (e.g. “f0” for FastEthernet 0). Dynagen supports the use of this format for these routers as shown below:



[[ROUTER R1]]

model = 1720

f0 = R2 f0



[[ROUTER r2]]

model = 1720





Refer to the Hardware Currently Emulated section for an up to date list of which network modules are supported. As with 7200s, Dynagen automatically “installs” an appropriate adapter when you reference an interface such as f0/0, e1/2, s1/0, etc. (Or you can manually specify the adapter if you desire; again see all_config_options.txt for an example.)

WIC Modules

Dynamips 0.2.8-RC1 and Dynagen 0.10.0 also added support for several WIC modules. Currently, these are the WIC-1T and WIC-2T on the 1700, 2600, 2691 and 3700 platforms, and the WIC-1ENET on the 1700. See the Hardware Currently Emulated section for specific model info and how many WIC slots are provided on each platform.



Dynagen will automatically pick and “insert” a WIC module when you reference an interface that corresponds to a WIC module. For example, the config below results in a WIC-2T being inserted in WIC slot 0 on the motherboard on r1:



[[ROUTER r1]]

model = 2621XM

S0/0 = r2 s0/0



On 1720s, 1721s, and 1750s the interfaces provided by WIC modules are “slotless” just like the other interfaces (e.g. “e0” or “s0”). So use that format when specifying adapters in your NET file on those platforms.



You can also manually specific WIC modules much like manually specifying adapters. Use the WIC option like this:



[[ROUTER r1]]

model = 2621XM

WIC0/0 = WIC-2T

S0/0 = r2 s0/0



This configuration specifies a WIC-2T in WIC slot 0 on the motherboard (slot 0). To reference the 2nd WIC slot on the 2621XM, use “WIC0/1”. The 3700 series provides a 3rd wic slot, which is referenced with “WIC0/3”.



Keep in mind that IOS on different platforms present the interfaces provided by WIC modules in different ways. On 1720 – 1750, the first interface of a given type provided by a WIC presents itself as “interface 0” no matter which WIC slot it is in. On 1751 & 1760, modules in WIC slot 0 present as “interface 0/x” and modules in WIC slot 1 as “interface 1/x”. On other platforms the first interface of a given type presents itself as “interface 0/0”, the next as “interface 0/1” and so forth. This is the way real routers would present these interfaces; this is not specific to Dynamips.



Here are a few examples:



# Example 1

model = 1720

WIC0/0 = WIC-2T

WIC0/1 = WIC-1ENET

# This creates s0, s1, and e0



# Example 2

model = 1760

WIC0/0 = WIC-2T

WIC0/1 = WIC-1ENET

# This creates s0/0, s0/1, and e1/0



# Example 3

model = 3725

WIC0/0 = WIC-2T

WIC0/1 = WIC-1T

WIC0/2 = WIC-1T

# This creates s0/0, s0/1, s0/2, & s0/3




Client / Server and Multi-server Operation

The Dynamips “Hypervisor” mode that is used by Dynagen is a TCP/IP communications channel, so the Dynagen client can run on a different machine than the Dynamips emulator. This is done by specifying a host other than “localhost” in the network file. Take a look at the “multiserver.net” lab. First we specify the devices to run the local system (a Windows XP host):



# A windows server (the local machine)

[xplt]



[[7200]]

image = \PROGRA~1\Dynamips\images\c7200-ik9o3s-mz.122-15.T17.image

ram = 96



[[ROUTER R1]]

# Connect to s1/0 on R2 running on a different server

s1/0 = R2 s1/0



A few things to note: First, we must use the DNS name or the IP address of our local host, and not “localhost” when identifying the system. This is because the other server defined below will use this name when talking to our local system. Second, connecting to a device on another system is as simple as specifying it the same way you would if it was on the local system. You can use any connectivity method or device supported by Dynamips (Ethernet, Serial, ATM, Bridges, Ethernet switches, Frame Relay Switches, etc.) This “transparent” connectivity is new to Dynagen starting with version 0.4.



Next we define the other Dynamips server, and the router instance running on it:



# A linux server

[bender:7200]

workingdir = /home/greg/labs/dist1



[[7200]]

image = /opt/7200-images/c7200-ik9o3s-mz.122-15.T17.image

ram = 96



[[ROUTER R2]]



Here, we are talking to a server named “bender” (you can also specify and IP address here rather than a DNS name). We are specifying the TCP port that the Dynamips process is listening on as 7200. This is the default so isn’t actually necessary in this instance. But if you set up Dynamips to listen on a different port you would specify it here.



When talking to a remote server, you need to specify the working directory for this lab. As you may have noticed in the previous labs, Dynamips stores several files in the working directory. These include the NVRAM for the virtual router, as well as the bootflash, logfiles, and some other working files. When running Dynamips and Dynagen on the same machine, you do not need to specify the working directory, because Dynagen defaults to using the same directory as the network file. But in a distributed setup the network file is on the client and the working files are on the host. So specify the fully qualified path to the working directory on the Dynamips host. Be sure to use the correct directory separation character for the platform (here forward slashes for a Linux system).



Be sure that any host based firewalls running on all your Dynamips servers (for example, XP SP2’s firewall) are permitting the necessary traffic. This includes the Dynamips server port (defaults to TCP 7200), the console ports (e.g. TCP 2000, 2001, …) and the ports used by the NIO connections between interfaces, which start at UDP 10000 and work up from there.


Memory Usage Optimizations

As described in the Resource Utilization section your labs can consume a large amount of real and virtual memory. The “ghostios” and “sparemem” options were added to address both of these issues, respectively.



The Ghostios option can significantly reduce the amount of real host RAM needed for labs with multiple routers running the same IOS image. With this feature, instead of each virtual router storing an identical copy of IOS in its virtual RAM the host will allocate one shared region of memory that they will all utilize. So for example, if you are running 10 routers all with the same IOS image, and that image is 60 MB in size you will save 9*60 = 540 MB of real RAM when running your lab. Enabling ghostios is as simple as specifying “ghostios = true” in your network file. This option can be used in several places:

* If used at the top level, ghostios is applied to all router instances in the lab
* If used at the defaults section (e.g. “[[7200]]”) it applies only to that model of router on that dynamips server
* Note that ghostios (and all other top level parameters for that matter) cannot be specified at the server level. They will be ignored. ghostios also cannot be specified at the router level



Typical usage is to specify “ghostios = true” at the top level. Dynagen is smart enough only to use ghostios if there is more than one router using the same IOS image.



When enabled, you will notice additional files in the same directory as you router nvram files with names like “c3660-ik9o3s-mz.124-10.image.ghost”. This is the mmap’ed file that contains the shared memory region. The other files typically created with a router instance are created as well (log, nvram, and possibly bootflash files).



Measuring the amount of host memory saved with ghostios can be a little tricky due to the complexities of memory management in modern OSs. See this sticky post in the General section of Hacki’s Forum titled “Understanding memory usage and RAM Ghosting: for the gory details.



The “sparsemem” feature does not conserve real memory, but instead reduces the amount of virtual memory used by your router instances. This can be important, because OS limits a single process to 2 GB of virtual memory on 32-bit Windows, and 3 GB on 32-bit Linux. For example, on Windows, after the VM space used by cygwin and other libraries dynamips depends on, this only leaves room for 4 router instances @ 256 MB each! Enabling sparsemem only allocates virtual memory on the host that is actually used by IOS in that router instance, rather than the entire amount of RAM configured. This can allow you to run more instances per dynamips process before you have to resort to running multiple dynamips processes. See this FAQ item for more info on this issue.



Neither ghostios nor sparemem are enabled by default, so you must turn them on with:



ghostios = true

sparsemem = true



in your network file. If you use ghostios, the shared memory will be memory-mapped no matter what your mmap setting is. If you enable sparse-mem, no memory mapping will occur for router memory. You can choose to use ghostios or sparsemem separately or together.



Here is an example network file with typical ghostios and sparsemem usage – configured at the top level so that they are applied to all router instances in the lab:



model = 3660

ghostios = true

sparsemem = true



[localhost]



[[3660]]

image = \Program Files\Dynamips\images\c3660-ik9o3s-mz.124-10.image



[[router r1]]

fa0/0 = sw 1 # Note that you can use two letter interfaces names

# for increased clarity if you wish

[[router r2]]

fa1/0 = sw 2



[[router r3]]

fa1/0 = sw 3



[[ETHSW sw1]]

1 = access 5

2 = access 25

3 = access 35

4 = dot1q 1 NIO_gen_eth: NIO_gen_eth:\Device\NPF_{B00A38DD-F10B-43B4-99F4-B4A078484487}


Packet Capture

Dynamips / Dynagen can capture packets on virtual Ethernet or Serial interfaces and write the output to a capture file for use with applications like tcpdump, Wireshark, or any other application that can read the libpcap capture file format.

Consider three routers in series, “r1” and “r2” are connected via an Ethernet cable, and r2 connects to r3 via a point-to-point serial connection with HDLC encapsulation. The network file would look something like this:



model = 3660



[localhost]



[[3660]]

image = \Program Files\Dynamips\images\c3660-ik9o3s-mz.124-10.image



[[router r1]]

f0/0 = r2 f0/0



[[router r2]]

s1/0 = r3 s1/0



[[router r3]]





To begin capturing traffic at r1’s f0/0 interface and to write it to the file “r1.cap”, enter the following in the Dynagen Management window:



capture r1 f0/0 r1.cap



To view the traffic in real-time, open the file with Wireshark.:





The capture is continuing to write packets to the output file. If we ping r2 from r1, then hit the “reload this capture file” icon we see:





To stop capturing packets, enter:



no capture r1 f0/0



Dynamips / Dynagen can capture packets at serial interfaces too. In this case we must also specify the encapsulation we are using on our routers, so Wireshark will know how to decode the packets. Our encapsulation options are FR (Frame-Relay), HDLC, or PPP. To capture some traffic on our HDLC encapluated r2 to r3 link use:



capture r2 s1/0 r2.cap HDLC



Now we can open r2.cap, and the decode looks like this:





Now end the capture with “no capture r2 s1/0”. Note that you can have multiple captures running simultaneously against different interfaces on different routers.


Other Commands / Features

Dynamips and Dynagen provide more options and interface types than shown in this tutorial. Take a look at the “all_config_options.txt” file for list of all these options. For example, specifying an Ethernet adapter such as “e1/0” installs a PA-8E, “p1/0” installs a PA-POS-OC3, etc.



Here are some additional commands that can be used in the Dynagen management console that are not explained in this tutorial. Refer to the online help (command /? or help command) for usage:

* import / export – Imports and exports router configs from nvram to text files on your host. Can be used to get a copy of your current configs, or as a “snapshotting” feature to save your router configs before you make changes.
* push / save – Much like import and export, but the configs are stored as base64 encoded “blobs” right in your network file (specified with the “configuration” option). This allows you to distribute an entire lab with the network topology and IOS configs all in a single .net file
* filter – Applies a connection filter to an interface. Currently the only filter supported by dynamips is “freq_drop”, which drops x out of every y packets across a link (simulating intermittent packet loss).
* send – Used to send raw hypervisor commands to dynamips (see README.hypervisor included with the dynamips source for documentation on hypervisor commands). These hypervisor commands are how Dynagen communicates with Dynamips. This command would typically only be used uf developing new features in dynamips, experimenting, or simply curious.
* ver – outputs the version of Dynagen being used, as well as the versions of each dynamips instance Dynagen is connected to.
* hist – Dynagen management console command history (like “history” in bash)
* py – execute arbitrary python commands within the current dynagen namespace (for example, try “py print namespace.devices”)
* shell (or !) – pass commands to the DOS or Unix shell (e.g. “! dir” or “! ls”)



Also be sure to keep up on Dynamips development by following the technical blog at http://www.ipflow.utc.fr/blog/ for the latest developments.
Hardware Currently Emulated

Stolen Borrowed from ggee’s excellent post on Hacki’s forum:



===========1700s===========

1710

Slots: 0 (available)

WIC slots: 0

CISCO1710-MB-1FE-1E (1 FastEthernet port and 1 Ethernet port, automatically used)

Note, interfaces do not use a slot designation (e.g. “f0”)

1720

Note, interfaces do not use a slot designation (e.g. “f0”)

1721

Note, interfaces do not use a slot designation (e.g. “f0”)

1750

Note, interfaces do not use a slot designation (e.g. “f0”)

1751

1760

Slots: 0 (available)

WIC slots: 2

C1700-MB-1ETH (1 FastEthernet port, automatically used)



Cards:

- WIC-1T (1 Serial port)

- WIC-2T (2 Serial ports)

- WIC-1ENET (1 Ethernet ports)



===========2600s===========

2610

Slots: 1 (available)

WIC slots: 3

CISCO2600-MB-1E (1 Ethernet port, automatically used)

2611

Slots: 1 (available)

WIC slots: 3

CISCO2600-MB-2E (2 Ethernet ports, automatically used)

2620

Slots: 1 (available)

WIC slots: 3

CISCO2600-MB-1FE (1 FastEthernet port, automatically used)

2621

Slots: 1 (available)

WIC slots: 3

CISCO2600-MB-2FE (2 FastEthernet ports, automatically used)

2610XM

Slots: 1 (available)

WIC slots: 3

CISCO2600-MB-1FE (1 FastEthernet port, automatically used)

2611XM

Slots: 1 (available)

WIC slots: 3

CISCO2600-MB-2FE (2 FastEthernet ports, automatically used)

2620XM

Slots: 1 (available)

WIC slots: 3

CISCO2600-MB-1FE (1 FastEthernet port, automatically used)

2621XM

Slots: 1 (available)

WIC slots: 3

CISCO2600-MB-2FE (2 FastEthernet ports, automatically used)

2650XM

Slots: 1 (available)

WIC slots: 3

CISCO2600-MB-1FE (1 FastEthernet port, automatically used)

2651XM

Slots: 1 (available)

WIC slots: 3

CISCO2600-MB-2FE (2 FastEthernet ports, automatically used)



Cards:

- NM-1E (Ethernet, 1 port)

- NM-4E (Ethernet, 4 ports)

- NM-1FE-TX (FastEthernet, 1 port)

- NM-16ESW (Ethernet switch module, 16 ports)

- NM-NAM

- NM-IDS

- WIC-1T (1 Serial port)

- WIC-2T (2 Serial ports)



===========3600s===========

3660

Slots: 6 (available)

3640

Slots: 4

3620

Slots: 2



Cards:

- NM-1E (Ethernet, 1 port)

- NM-4E (Ethernet, 4 ports)

- NM-1FE-TX (FastEthernet, 1 port)

- NM-16ESW (Ethernet switch module, 16 ports)

- NM-4T (Serial, 4 ports)

- Leopard-2FE (Cisco 3660 FastEthernet in slot 0, automatically used)



===========3700s===========

2691 (The 2691 is essentially a 3700 with 1 slot)

Slots: 1 (available)

WIC slots: 3

3725

Slots: 2 (available)

WIC slots: 3

3745

Slots: 4 (available)

WIC slots: 3



Cards:

- NM-1FE-TX (FastEthernet, 1 port)

- NM-4T (Serial, 4 ports)

- NM-16ESW (Ethernet switch module, 16 ports)

- GT96100-FE (2 integrated ports, automatically used)

- NM-NAM

- NM-IDS

- WIC-1T (1 Serial port)

- WIC-2T (2 Serial ports)



===========7200s===========

7206

Slots: 6 (available)



Chassis types:

- STD

- VXR



NPEs:

- NPE-100

- NPE-150

- NPE-175

- NPE-200

- NPE-225

- NPE-300

- NPE-400

- NPE-G2 (Requires the use of NPE-G2 IOS images)



Cards:

- C7200-IO-FE (FastEthernet, slot 0 only)

- C7200-IO-2FE (FastEthernet, 2 ports, slot 0 only)

- C7200-IO-GE-E (GigabitEthernet interface only, Ethernet not currently functional, slot 0 only)

- PA-FE-TX (FastEthernet)

- PA-2FE-TX (FastEthernet, 2 ports)

- PA-4E (Ethernet, 4 ports)

- PA-8E (Ethernet, 8 ports)

- PA-4T+ (Serial, 4 ports)

- PA-8T (Serial, 8 ports)

- PA-A1 (ATM)

- PA-POS-OC3 (POS)

- PA-GE (GigabitEthernet)


FAQs
How do I determine idle pc values from Dynagen?



Currently, you don’t. Now you can! See the “Calculating Idle-PC” values section in this tutorial.




When I try to run more than 4 router instances @ 256 MB each (or 6 instances @ 160 MB each) on Windows, or more than 7 instances @ 256 MB each (or 11 instances @ 160 MB each) on 32-bit Linux Dynamips crashes.



By default, Windows has a 2 GB per process limit that (after including the memory used by the virtual router RAM, cygwin, libraries, and ‘scratch space”) you are bumping up against. 32-bit Linux has a 3 GB per process limit by default.



One workaround for this problem is to use the sparsemem option.



Another is to run multiple instances of Dynamips on the same system listening on different control ports like so:



On Windows:

start /belownormal /min "Dynamips" "dynamips.exe" -H 7200

start /belownormal /min "Dynamips" "dynamips.exe" -H 7201



On Linux/Unix:

nice dynamips –H 7200 &

nice dynamips –H 7201 &



The only issue is that the UDP NIOs that Dynagen picks to make the various connections will “collide” because Dynagen thinks they are different servers and therefore those UDP ports safe to re-use. The workaround is to use the new “udp” option to change the starting UDP port for NIOs on one of the servers. So the relevant sections would look something like this:





[localhost] # Talk to the 1st dynamips process on the default port 7200



[[7200]]

…

[[ROUTER R1]]

f0/0 = R2 f0/0





[localhost:7201] # Talk to the 2nd dynamips process on port 7201

udp = 11000 # Change the base udp port to 11000 (the default is 10000)



[[7200]]

…



[[ROUTER R2]]


I have a complex lab with several routers, and my serial interfaces are flapping, eigrp neighbor adjacencies are failing, show run and write mem takes forever.



This is most likely a performance issue with the host PC. Large labs consume lots of RAM and CPU. By default, the router’s DRAM is simulated as a disk file of the same size as the allocated RAM. The host OS’s caching features will naturally try to keep the most commonly access pages in RAM. But as your RAM runs low, disk thrashing will begin. The virtual routers then become “starved” for CPU and start missing various hellos and such. There are several options for resolving this:

* Use a more powerful host (more RAM and / or a faster CPU)
* Distribute your lab across several hosts
* Use lower-end virtual routers where possible. For example, a 3620 running 12.2 IP base only needs 32 MB of RAM and could be used when you need to simulate a simple LAN router, or “the Internet”.


There is a newer version of Dynamips available than the one bundled with the Dynagen Windows installer. How do I use it with Dynagen? / How do I use Dynagen with Windows 2000 or Windows XP SP1?



The version of Dynamips included with the Windows Dynagen installer requires Windows XP SP2. In either of the above cases, download the Windows binaries from the Dynamips site (http://www.ipflow.utc.fr/blog/). For Windows XP / 2003 rename the file “dynamips-wxp.exe” to “dynamips.exe”. For Windows 2000, use the file “dynamips-w2000.exe” instead. Then copy both “dynamips.exe” and “cygwin1.dll” to “C:\Program Files\Dynamips”, replacing the existing files.


On Linux / Unix / OS X, when I bridge a router or switch interface to my local host I can’t ping it from my host. But this works on Windows? What gives?



This does generally work on Windows (depending on your network card) but not on Linux / Unix. Most likely this is due to differences between libpcap and Winpcap, and the differences in the network stacks on Unix / Windows (e.g. NDIS). However you should be able to ping your bridged interfaces from other systems on the bridged network. If this does not work on Windows for your particular NIC, try creating a Windows loopback adapter and bridging to that. See this thread for more info. On Linux you can use a tap interface and the NIO_tap NIO type. OS X you can install tun/tap drivers as detailed in this thread.


I have a question / I’m having a problem / I think I’ve found a bug. How do I submit a quality post on the forum or the bug tracking system thereby increasing the likelihood that someone will be able to help me out?



Be sure to note all the following in your post:

* The specific details of your issue
* Try to provide the simplest lab you can that recreates the issue
* Add “debug = 1” to your lab, and capture all output if you think debug output would be helpfull
* Dynagen crash traceback (if any)
* Any output from Dynamips