Linux Core as Network Host

 Core Linux is a small modular system with community build extensions. Based on downloaded extensions the Core can perfectly meets your needs.  For instance if you want to build a network host, you install the extensions that somehow interact with network traffic such as tcpdump, iperf, iptables, d-itg, mtr, etc. Moreover you can convert your Linux Core installation to a modern Linux router or multi-layer switch by installing extensions such as Quagga and Openvswitch.

In this tutorial I will show how to enable IPv6 support on Linux Core, explain SSH server installation and configuration and suggest installation of several extensions which extend the functionality of Core Linux as a network host. Below are the examples such extensions.

Bash - is an sh-compatible shell that incorporates useful features from the Korn shell (ksh) and C shell (csh).

Bash Completion - completion feature in Bash permits typing a partial command, then pressing the [Tab] key to auto-complete

Openssh - encrypts all traffic to effectively eliminate eavesdropping, connection hijacking, and other attacks.

Iptables - the userspace tool to control the linux kernel firewall.

Tcpdump - a tool for network monitoring and data acquisition.

Iperf3 - a tool for measuring Internet bandwidth performance.

Iproute2 - a collection of utilities for controlling TCP/IP networking and traffic control.

Mtr - combines the functionality of the traceroute and ping programs in a single network diagnostic tool.

D-ITG -  a distributed traffic generator and it is capable to generate traffic at network, transport, and application layer.

Nmap - an utility for network discovery and security auditing.

Ncat - a feature-packed networking utility which reads and writes data across networks from the command line. It's part of nmap installation.

Hping3 - send (almost) arbitrary TCP/IP packets to network hosts.

Note: Core Linux installation on Qemu image and tweaking Core for redirecting output to a serial port is explained here.

The Core Linux virtual disks are available for download here.

1. IPv6 Support in Core Linux

a)  Download and install ipv6 extension

$ tce-load -wi ipv6-$(uname -r | cut -d "-" -f1)-tinycore64.tcz

b)  Load IPv6 module to kernel and make it persistent

$ echo "modprobe ipv6" >> /opt/bootlocal.sh
$ sudo modprobe ipv6
$ /usr/bin/filetool.sh -b

2. SSH Server Installation and Configuration

First install openssh.tcz extension.

$ tce-load -wi openssh

a) Set password for user 'tc' and 'root'

In order to login to Core using SSH you have to assign password for the accounts you use to login. Then add the shadow file that stores password hashes to the list of files that will remain permanent after Core reboot.

$ sudo su
# passwd tc
# passwd root
# exit

echo "/etc/shadow" >> /opt/.filetool.lst

b) Generate host keys for SSH

$ sudo su
# ssh-keygen -f /usr/local/etc/ssh/ssh_host_rsa_key -N '' -t rsa -b 2048
# ssh-keygen -f /usr/local/etc/ssh/ssh_host_dsa_key -N '' -t dsa -b 1024
# ssh-keygen -f /usr/local/etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa -b 521
# ssh-keygen -f /usr/local/etc/ssh/ssh_host_ed25519_key -N '' -t ed25519 -b 2048

Explanation:
-N null pasphrase
-b length of key

c) Create configuration file for SSH daemon

# mv  /usr/local/etc/ssh/sshd_config_example /usr/local/etc/ssh/sshd_config

Add /usr/local/etc/ssh/ directory to the list of files and directories which content is saved.

echo "/usr/local/etc/ssh/" >> /opt/.filetool.lst

d) Start sshd service

# /usr/local/sbin/sshd

Add SSH to the list of services started after boot.

# echo "/usr/local/sbin/sshd" >> /opt/bootlocal.sh

e) Save content of file /opt/.filetool.lst

# /usr/bin/filetool.sh -b

3. Bash Shell

$ tce-load -wi bash.tcz

Set BASH as default shell for users in /etc/passwd.

$ sudo su
# sed -i 's/\/bin\/sh/\/bin\/bash/g' /etc/passwd

# echo "/etc/passwd" >> /opt/.filetool.lst
# /usr/bin/filetool.sh -b

4. Bash Completion

$ tce-load -wi bash-completion.tcz

Create the file .bash_profile with the following content.

echo '[[ $PS1 && -f /usr/local/share/bash-completion/bash_completion ]] && . /usr/local/share/bash-completion/bash_completion' >> /home/tc/.bash_profile

# /usr/bin/filetool.sh -b

5. Iptables 

$ tce-load -wi iptables.tcz

Load basic IPv4 and Ipv6 iptables modules to kernel.

$ sudo modprobe iptable_nat
$ sudo modprobe iptable_mangle

$ sudo modprobe ip6table_filter
$ sudo modprobe ip6_tables

$ echo "modprobe iptable_nat" >> /opt/bootlocal.sh
$ echo "modprobe iptable_mangle" >> /opt/bootlocal.sh
$ echo "modprobe ip6table_filter" >> /opt/bootlocal.sh
$ echo "modprobe ip6_tables" >> /opt/bootlocal.sh

/usr/bin/filetool.sh -b

6. Script for Dhclient

There is no ISC dhclient extension available in Linux Core repository. Instead of that Core uses udhcpc to get IP address from DHCP server. The script below calls udhcpc when command dhclient is invoked.

$ sudo su

# echo "udhcpc" > /sbin/dhclient
# chmod 744 /sbin/dhclient

# echo "/sbin/dhclient" >> /opt/.filetool.lst
# /usr/bin/filetool.sh -b

7. Basic Network Extensions Installation

tce-load -wi  tcpdump iperf3  iproute2 mtr d-itg nmap hping3

8. Delete History Artifacts

Delete SSH known hosts.

$ rm /home/tc/.ssh/known_hosts

Delete Almquist and BASH history.

$ sudo su
# echo > /home/tc/.ash_history
# echo > /root/.ash_history

# history -c && history -w
# exit
$ history -c && history -w

$ /usr/bin/filetool.sh -b

End.

References
http://wiki.tinycorelinux.net/wiki:persistence_for_dummies
http://wiki.tinycorelinux.net/wiki:boot_codes_explained
http://wiki.tinycorelinux.net/wiki:boot_options

24 thoughts on “Linux Core as Network Host

  1. Hi brezular,
    Thanks for the reply. The following things worked for me

    sudo apt-get install libncurses5-dev zlib1g-dev libsdl-dev libpcap-dev
    wget http://download.savannah.gnu.org/releases/qemu/qemu-0.11.0.tar.gz
    tar xvzf qemu-0.11.0.tar.gz
    cd qemu-0.11.0
    wget http://downloads.sourceforge.net/gns-3/qemu-0.11.0-olive.patch?download
    patch -p1 -i qemu-0.11.0-olive.patch
    ./configure --target-list=i386-softmmu
    make
    sudo make install

    Now i can ping between two connected hosts, to practice IPv6 LAN/WAN easily "Happy",
    Qemu-0.13.0 is not working for me If you can clarify please do

    I tried in many ways it was not at all working for me even tried using fresh os intstallations. Followed the instructions from http://www.gns3.net/phpBB/topic2949.html?sid=e0b4a5724e850a4c2278f5c42c3e3fd1.

    Thanks in Advance
    KishoreKannan

  2. I read that i can use microcore qemu image to simulate network traffic in a GNS topology. I have no idea how to do this. can you please help?

  3. Step 1.18 says reboot, however, the next step is booting the new image (without cdrom) so 1.18 should be poweroff.

  4. Brezular, Thanks very much for sharing your knowledge. Though I setup Core (cli) on qemu for interconnecting & study of olive/dynamips, I learned some more stuff about linux along the way.

    I ended up using netcat to transfer core.gz from guest to host but had to convert the remastered gz to an iso & boot qemu with it in the virtual cd-drive. In any case I'm gonna check into tap interfaces for netcat hostguest transfers (but first making sure tap doesn't bridge to host physical interface).

    • I found a solution to this. It seems the version number after ipv6 (3.0.3) denotes the kernel version, and as of now the Core-current.iso's kernel is of version 3.0.21.

      Hence I uninstalled the previous package and installed ipv6-3.0.21-tinycore.tcz. Now it works fine.

  5. Thanks Brezular,
    A really useful article that I keep referring back to whenever I can't find my notes!

    I preferred to use Dropbear instead of OpenSSH, mainly because it takes up less space.

    [code]
    tce-load -w -i dropbear
    sudo /etc/init.d/dropbear start
    sudo echo "/etc/dropbear/dropbear_rsa_host_key" >> /opt/.filetool.lst
    sudo echo "/etc/dropbear/dropbear_dss_host_key" >> /opt/.filetool.lst
    sudo echo "/etc/init.d/dropbear start" >> /opt/bootlocal.sh
    filetool.sh -b
    [/code]

    HTH,
    Nick.

Leave a comment

Your email address will not be published. Required fields are marked *