This is an old revision of the document!
Table of Contents
dCore Server & Networking
dCore Server Overview
dCore may be used as a basic, lightweight home server. A text only server would require <64mb RAM (~42mb) at boot. It can utilize an existing swap partition, if already present. Otherwise create either a swap file or partition as needed. Although a live boot requires only ~20mb drive space (CD, DVD, USB, hard drive), a frugal text only installation (persistent hard drive install) likely requires ~100-200mb drive space, even after installing desired server and networking extensions. The Tiny Core base system, dCore components and server tools can all be managed from command line, no need to install Xorg/graphics.
At a TTY/terminal or terminal emulator, entering 'busybox' or 'busybox –list' outputs all available BusyBox commands. Tab auto-completion is supported. Pressing the Tab key twice lists all current system executables. After loading exensions, these additional executables will also become available. In a TTY or non-scrolling terminal, use Shift-PageUp and PageDown keys to scroll. Running 'executable_name –help' (two dashes) provides basic help and usage information for most commands.
iptables
Basic dCore iptables setup guide for desktop use. Modify for special need, networking, server or preference. Many ways to accomplish this in dCore, iptables has numerous configuration options. Run iptables –help for usage information. This method was tested in dCore-jessie.
Numerous tutorials online, useful references:
The following rules are based on #7.1 - Only Block Incoming Traffic:
Designed to drop all incoming/forwarded packets, allow outgoing traffic.
With this basic configuration ping, wget and browsing all work.
Basic iptables setup:
Confirm kernel version:
uname -r
Install iptables and netfilter onboot:
sce-import -b iptables sce-import -b netfilter-<your_kernel_version>-tinycore
Load these extensions or reboot:
sce-load iptables sce-load netfilter-<your_kernel_version>-tinycore
Check iptables status:
sudo iptables -L -v
Lock down INPUT and FORWARD networking, disregard OUTPUT (user initiated traffic):
sudo iptables --policy INPUT DROP sudo iptables --policy FORWARD DROP
Recheck status:
sudo iptables -L -v
Attempt to access internet, ping domain, network (should fail, that's good!)
ping -c3 www.google.com
Set up special rules, this allows INPUT for user initiated requests (eg. web browser):
sudo iptables -A INPUT -m state --state NEW,ESTABLISHED -j ACCEPT
Save configuration state (only appeared to work in /home or /opt):
sudo /sbin/iptables-save > /home/tc/iptables-rules
Append this line to /opt/bootlocal.sh so iptables-rules load at boot:
/sbin/iptables-restore < /home/tc/iptables-rules
Backup for persistence:
backup
Reboot system:
sudo reboot
Verify iptables configuration persistence:
sudo iptables -L -v
Repeat process as desired to modify rules
NTFS
For NTFS file system read-write capability utilize the ntfs-3g package.
By default NTFS partitions are mounted read-only (ro), example:
tc@box:~$ cat /etc/fstab | grep sda1 /dev/sda1 /mnt/sda1 ntfs noauto,users,exec,ro,umask=000 0 0 # Added by TC
Prior to using ntfs-3g ensure no NTFS partitions are already mounted read-only, run and confirm:
mount | grep sd
Unmount any NTFS partitions using a method below, first two commands may fail, /dev/sda1 example:
sudo umount /dev/sda1 sudo umount --force /dev/sda1 #if above fails, attempt forced umount sudo reboot #last resort to unmount NTFS partition(s)
Import ntfs-3g preferably to load at boot:
sce-import -b ntfs-3g
Reboot or load:
sce-load ntfs-3g
Mount desired NTFS partition using the ntfs-3g command, example:
sudo ntfs-3g /dev/sda1 /mnt/sda1
The NTFS partition will now be accessible read-write as user 'tc'.
To unmount, reboot or use for example:
sudo umount /dev/sda1
