Everything I always wanted to know about my TEA5 Box but was afraid to ask.




What software comes installed on my TEA5 box and what does it do?


  1. IPTABLES - IPTables, also know as NETFILTER is a package for controlling all IP traffic that travels into, out of or through your firewall. It uses a list of tables to control the flow of all TCP/UDP packets based on certain criteria. For example you can use it to stop all ICMP traffic, redirect or NAT IP address, block all packets from a specific IP address or to a specific port. This is the tool on the firewall that does most of the work of securing the box from the hazards of the Internet.
  2. NTOP - ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop users can use a a web browser (e.g. netscape) to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status.
  3. SQUID - This is a web caching proxy. Basically, it watches all web related requests and stores them in a rotating cache. The next time any computer on your network tries to get data from any cached page, the data can be retrieved locally instead of going across the Internet to get it again. This saves bandwidth on your Internet connection and speeds up connections to often visited sites. This cache can be set to what ever size your firewalls hard drive can handle but the default setup that comes with your TEA5 Box should be sufficient.
  4. SQUIDGUARD - This acts as a plugin for SQUID and allows you to block all traffic to specified websites. A default list of sites considered to have offensive or inappropriate material is supplied by default and extra sites can easily be added when required.
  5. Apache HTTPD - The Apache Web Server.
  6. OPENSSH - OpenSSH is a free version of the ssh protocol. Basically you can think of it as a secure version of telnet. With telnet, all information is transfered in plain text allowing malicious users to see private information you send. Ssh on the other hand uses a set of public and private keys to encrypt the data making your conversations with you TEA5 Box safe and secure. There is a link to a windows client for ssh called putty further down on this page.
  7. WEBMIN - Webmin is a tool that allow you to use a web browser to configure many parts of your Linux box. It should be used with caution as it can also cause you box to stop functioning if used improperly. You can log in to webmin from inside or outside your firewall by going to the appropriate IP address on port 10000 with you web browser for example, if you IP is 10.0.0.1, enter https://10.0.0.1:10000 in your web browser.
[ToP]


How do I log in to my TEA5 Box?
  1. If you are at the console of the TEA5 Box, you should see a prompt that says <The name of your box> login: for example Tea5 login : at this prompt, enter the word root, next you will be asked for a password. This is the password you gave when you created the box.
  2. If you are at a windows machine, install a SSH client such as PUTTY , enter the IP address of your TEA5 Box and log in as in step 1.

[ToP]

What is all this eth0/eth1/root stuff about?

The following are some terms that you may find useful when talking to technical support about your TEA5 box.
  1. eth0 or eth1 - A normal TEA5 Box install requires two network cards. these are referred to as eth0 and eth1. The TEA5 Box acts as as a firewall between the Internet on the outside and the local LAN on the inside. We generally refer to eth0 as the outside interface and it should be connected to your Internet feed. We refer to eth1 as the inside interface and it should be connected to the same hubs and switches that the rest of the computers at you site are connected to. Network cards can also be reffered to as interfaces, NICs or network adapters.
  2. root - is the name of the super user or administration account on you TEA5 Box. Any changes to the box must be done while logged in as root. You should use caution because when logged in as root, one wrong command can destroy you firewall setup.
  3. firewall - This is a term used generically for an appliance that sits in between two networks and controls the flow of data from one network to the other. You may equate firewall with router but a firewall does much more. A router basically works only with IP address. It takes a packet and depending on the IP address that the packet is going to, it sends it one way or another. A firewall uses routing but also adds packet filtering ( IPTABLES) , intrusion detection (PORT SENTRY), URL redirection or blocking (SQUIDGUARD), IP address translation (NAT) and other things to help secure your LAN and all of the computers on it from the cold hard realities of the Internet.
  4. IP address - Every device connected to the Internet must have an IP address. This acts like a phone number to allow each device to communicate with each other. Some IP address ( like the outside interface of your TEA5 Box) are accessible to every computer on the Internet and are usually called real world IP addresses.  Other IP address (like those of the inside interface of your firewall or most of the machines inside your firewall) are know by various names ( fake IP, natted IP, masqueraded IP, etc) basically these all mean the same thing, these IP address can all talk to other similar IPs on the same network but cant talk to the real world IP on the Internet without a little help from your firewall. Any IP address that starts with 10., 192.168 or 172.16 are considered private or non-realworld IP address. You firewall acts as a middleman (natting) for these IP allowing your request to pass in and out as as allowed by your firewall rules.
  5. DHCP - dhcp is a service that runs on your firewall. Basically what happens is when a computer boots up it sends a message out on the network asking for an IP address. The DHCP server provides it with and IP address and all other information you computer needs to connect to the Internet.

[ToP]

What should I NOT do on a TEA5 box?
  1. Don't run any command unless you are sure of what the outcome will be and are prepared to deal with the consequences of you actions. Many commands (but not all) will tell you how to use them if you ask. Typing the command name followed by --help will often give you more information than you want to know about a command.
  2. Don't turn off or reset a firewall with the power/reset switch unless you have no alternative. See the next section for a command you can use.
  3. Don't plug both interfaces and your Internet connection all into the same hub. This will in most cases actually work but you will loose all security and the ability to diagnose any problems with your network.
  4. Don't give your root password to anyone at all. The people at technical services do not need your root password to access the box to help you fix problems. If someone calls you and says they work for technical service/the department of education/the phone company or any one else, do not give them the password to your firewall. If any employee who knows the password is fired, or you feel some un-authorized individual has your password, you should consider changing the password immediately. To do this, log in as root and type passwd.
  5. Don't put your server in an insecure area that unauthorized people may have direct access to it. Whenever possible it should be in a locked room, with a security guard at the door, encased in concrete and covered with a sticky substance that glows in ultra-violet light. OK, just a locked room should be fine.

[ToP]

What are some commands I can run on my TEA5 Box?
  1. ls - gives you a list of files in the current directory similar to dir. (and they are called directories not folders as some guy named Bill may suggest)
  2. cd - changes directories. Sub directories in unix use a proper / forward slash, not the incorrect \ backslash that one company uses. To change to the home directory, type ls /home <enter>.
  3. --help - Adding --help after a command will give you a list of options for the command. If the lists scrolls off the top of the screen, hold down the shift key and press page up to scroll back up and see what you missed.
  4. ps ax - This will give you a list of the processes running on the machine. You probably won't understand much of what you see until you are more familiar with UNIX.
  5. grep - This is often used with other commands to find specific information in the output. For this you also need the pipe symbol | it is usually on the same key as the backslash and looks like a broken vertical line. For example to see if dhcp is running, type ps ax | grep dhcp.
  6. more - more is also often used with the pipe. It shows you things a page at a time. For example to see the help for ls one page at a time, type ls --help | more .
  7. df - Shows information about the total space, space used and space remaining on your hard drives. A common usage is df -h. If any drives other than your cd-rom drive ever show 100% usage, you may be in trouble and should contact tech support.
  8. service - If you want to start , stop or restart a service , for example thttpd the web server, type service thttpd restart. You can get a list of all service names on the box by typing ls /etc/init.d
  9. chkconfig - If you never want the the webmin service to start when the computer reboots, use chkconfig to turn it off. chkconfig webmin off
  10. halt - To shut down the server properly type halt. The server will properly stop all services and either shut off itself or stop at the prompt power down which means you can turn off the power.
  11. reboot - Self explanatory I hope.
  12. nano - Nano is a small simple to use editor. Most of the commands are listed at the bottom. Jed which is another editor that is installed. Just type nano and the file name for example nano /etc/hosts.
  13. rsync - If you have more than one TEA5 Box and you have a file that you want to copy from one to the other, type this rsync -PaHSx /root/myfile.txt IP.address.of.other.teabox:/root/.
  14. chkrootkit - If you feel your TEA5 Box may have been comprimissed, you can do the following. type cd /opt/chkrootkit and press enter. Next , type ./chkrootkit and press enter. Don't forget the dotslash at the beginning. If dos, the directory you are currently in is automatically in the search path but this is not so in unix. If you are in a directory that is not part of the search path, you must put ./ immediately before the name of a file in that directory that you want to execute. If you want to know what directories are in the search path, type set | grep PATH and press enter.
  15. Autocompletion - this is not a command but a feature of unix. It saves you from typing all of a long file name or path name. At a prompt, type ls /u and then press the tab key. You should see that the command you are typing has changed to ls /usr/ . not sure what directories are in /usr , no problem just press tab twice now and see a list of all your choices.  You can narrow down those choices by press the first letter of the next directory that you want. If there is only one directory that starts with that letter, it will complete for you just as before. If there is more than one, pressing tab twice will show you just those directories that start with that letter. Play around until you get comfortable with this as it will save you lots of time and eventually you may even forget how to spell many of the directory names you commonly use.

[ToP]

What Changed from the TEA4 boxes?
  1. Distribution is now based on CentOS 6.
  2. dhcpd.conf is now in /etc/dhcp
  3. webmin interface updated.
  4. lighttpd web server replaced by Apache web server
  5. Added ntop for network traffic analysis
  6. Added LightSquid for Squid traffic analysis
  7. Added dnsmasq for DNS proxy. DHCP server now points client DNS to eth1 IP of TEA box
Powered by Linux
Linux Logo