The Linux kernel is a C program compiled and installed by
command customizes the kernel configuration and
generates the files (including the Makefile) needed to compile and
link the kernel. On Linux systems, the kernel source directory is
To start the configuration process, change
to the source directory and run
# cd /usr/src/linux
# make config
command asks many questions about your
system configuration. Some of these are directly related to network
The first network configuration question is:
Networking support (CONFIG_NET) [Y/n/?]
Answer "yes" (y), which is the default. Networking support
for all of the TCP/IP networking features that we will request later in
the configuration. Even if you don't run TCP/IP, you should answer "yes"
to this question. Basic network support is essential to many services.
command asks several more general configuration
questions before returning to the topic of networking. When it does, it
has many networking questions to ask. The example below is an excerpt
from the actual configuration of the Linux 2.0 kernel on a Slackware
Network firewalls (CONFIG_FIREWALL) [N/y/?]
Network aliasing (CONFIG_NET_ALIAS) [N/y/?]
TCP/IP networking (CONFIG_INET) [Y/n/?]
IP: forwarding/gatewaying (CONFIG_IP_FORWARD) [N/y/?]
IP: multicasting (CONFIG_IP_MULTICAST) [N/y/?]
IP: accounting (CONFIG_IP_ACCT) [N/y/?]
IP: PC/TCP compatibility mode (CONFIG_INET_PCTCP) [N/y/?]
IP: Reverse ARP (CONFIG_INET_RARP) [N/y/m/?]
IP: Disable Path MTU Discovery (normally enabled)
IP: Drop source routed frames (CONFIG_IP_NOSR) [Y/n/?]
IP: Allow large windows (not recommended if <16Mb of memory)
Network device support (CONFIG_NETDEVICES) [Y/n/?]
Dummy net driver support (CONFIG_DUMMY) [N/y/m/?]
EQL (serial line load balancing) support (CONFIG_EQUALIZER) [N/y/m/?]
PLIP (parallel port) support (CONFIG_PLIP) [N/y/m/?]
PPP (point-to-point) support (CONFIG_PPP) [Y/m/n/?]
SLIP (serial line) support (CONFIG_SLIP) [Y/m/n/?]
CSLIP compressed headers (CONFIG_SLIP_COMPRESSED) [Y/n/?]
Keepalive and linefill (CONFIG_SLIP_SMART) [N/y/?]
Six bit SLIP encapsulation (CONFIG_SLIP_MODE_SLIP6) [N/y/?]
Radio network interfaces (CONFIG_NET_RADIO) [N/y/?]
Ethernet (10 or 100Mbit) (CONFIG_NET_ETHERNET) [Y/n/?]
3COM cards (CONFIG_NET_VENDOR_3COM) [Y/n/?]
3c501 support (CONFIG_EL1) [N/y/m/?]
3c503 support (CONFIG_EL2) [N/y/m/?]
3c509/3c579 support (CONFIG_EL3) [Y/m/n/?]
3c590 series (592/595/597) "Vortex" support (CONFIG_VORTEX) [N/y/m/?]
AMD LANCE and PCnet (AT1500 and NE2100) support (CONFIG_LANCE) [N/y/?]
Western Digital/SMC cards (CONFIG_NET_VENDOR_SMC) [N/y/?]
Other ISA cards (CONFIG_NET_ISA) [N/y/?]
EISA, VLB, PCI and on board controllers (CONFIG_NET_EISA) [N/y/?]
Pocket and portable adaptors (CONFIG_NET_POCKET) [N/y/?]
Token Ring driver support (CONFIG_TR) [N/y/?]
ARCnet support (CONFIG_ARCNET) [N/y/m/?]
ISDN support (CONFIG_ISDN) [N/y/m/?]
Each configuration option is either enabled by entering a "y" for "yes", or
disabled with an "n" for "no". "m" for "module" is an alternative method
for enabling some features. Features that are available as dynamically
loadable modules list "m" as a possible response. If "m" is selected,
the dynamically loadable module is loaded the first time a call is made
to the kernel that requires the module. If "y" is selected for a feature,
the code that supports that feature is compiled directly into the kernel.
The default setting of each option is indicated by the uppercase letter
in the square brackets at the end of the option line. For example, [Y,n]
indicates an option that is enabled by default. Here, we list each
option and its purpose:
Adds the kernel support necessary to make this system a firewall.
Enable this only if the Linux system will be your firewall. The full
firewall installation requires additional software outside the kernel.
, for a discussion of firewalls.
Adds the kernel support necessary for address translation.
feature only if you have a private internal network number and a
different network address for external communications. If you do,
internal addresses must be translated to valid external addresses
whenever connections are made to the outside world, but it is likely
that the translation will be done by your router or firewall. You should
select "yes" only in the rare circumstance that the Linux box must do
the translation; otherwise, select "no". See
, for a discussion
of private network numbers and address translation.
Adds TCP/IP networking to the kernel. This is an absolute must!
Determines whether or not the system forwards IP datagrams.
must be enabled if the Linux system is an IP router. On Linux host
systems, this feature is disabled, which is the default. Select "no"
unless this box is a router.
Adds multicast support
to the kernel. Enable this to use multicast
applications such as MBONE
or Internet Talk Radio. Not sure if you
need multicasting? Select "yes". You never know what applications you
will add later.
Adds code to count the bytes in incoming and outgoing traffic on a
per-port/pre-address basis. This could be useful for monitoring system
usage, particularly in a commercial environment where usage is billed back
to the originator. Additional application software would be needed to make
this useful. Select "no" unless you plan to keep close tabs on usage.
Handles an incompatibility problem
with older versions of FTP software's
PC/TCP. Use if you have clients who run the old PC/TCP software
Adds support for Reverse Address Resolution Protocol (RARP)
to the kernel.
Enable this if you plan to use RARP on your network. Not sure? Use "m"
to select the loadable module
that can be used when your system needs it.
, for a description of RARP and
Configuring Network Servers
on configuring a RARP server.
Removes path MTU discovery code
from the kernel. (Beware of the double
negative! A "y" [yes] disables MTU discovery and an "n" [no] enables
it.) Select "no". Path MTU discovery is a technique that attempts
to determine the smallest maximum transmission unit (MTU)
along the entire path from a source to a destination. That MTU is then used for
subsequent transmissions to avoid datagram fragmentation.
Overview of TCP/IP
, for a description of fragmentation.
Determines whether the system accepts source-routed datagrams.
allows the source of the datagram to specify the
routers that are used to deliver the packet. Source routes are used
to force packets to travel over a specific path; for example, to test
the routers in a path or to avoid a high-cost link. However, the
problem with source routes is that they are used by
Spoofers are network intruders who pretend to be a system they
are not. For example, a spoofer might pretend to be a computer on one
of your enterprise subnets.
By using source routing, the spoofer could
cause your system to route packets off of your enterprise net that you
thought were going to a local system. Enabling CONFIG_IP_NOSR makes it
impossible for a spoofer to use source routes against you. Select "yes"
unless you are positive that you must use source routes.
Sets whether or not the system will use a large transmission window size.
Large windows improve network performance at the cost of additional
buffer space. Large windows can be disabled to save memory on systems
with less than 16MB of RAM. See
for a description of the
TCP transmission window.
Adds the general support required for network hardware devices.
Always answer "yes", which is the default, to this question. It is
required before configuring your Ethernet card.
Enables support for a dummy interface.
An IP address can be assigned to
the dummy interface even if the system has no network interface hardware.
This is sometimes used by people who want to work on TCP/IP configuration
even though they don't have a network connection. If you have a network,
Adds support for using multiple serial lines
simultaneously. Using this
feature, it is possible to have more than one physical PPP link
established between the local host and the remote server. The system load
balances between the links and attempts to treat them as a single logical
network connection. This is a technique for increasing the bandwidth
simply by adding additional modems and phone lines. The systems at
both ends must support serial line load balancing
and they must do so
in exactly the same way. This option is used only when both systems are
Linux systems connected by multiple serial lines. Otherwise, select "no".
Adds Parallel Line IP
to the kernel. PLIP is a version of SLIP that
runs over the parallel printer port using a special crossover cable.
This protocol is intended for transferring data between two co-located
PCs, as the cable should be only 1 or 2 meters long. This has very
Adds the Point-to-Point Protocol (PPP)
to the kernel. PPP is the
TCP/IP standard protocol for communicating over serial lines. Select
"yes" if your system will use a modem connection for TCP/IP.
Configuring the Interface
covers the configuration of this important protocol in detail.
Adds the Serial Line IP (SLIP)
to the kernel. SLIP is an older TCP/IP
protocol once widely used for communicating over serial lines. Chapter
6 covers SLIP configuration in detail.
Adds support for Van Jacobsen header compression
to the kernel.
Packet headers add a large amount of overhead when communicating over
low-speed serial lines. Header compression greatly reduces this overhead.
The systems at both ends of the serial link must use header compression
for it to work. Most systems that run SLIP do use header compression.
Adds support for
to the kernel. Some servers drop a
connection or timeout
a route if the route or connection appears unused.
Use is determined by whether or not traffic is coming in over the link.
Keepalives are periodic transmissions sent for the explicit purpose of
generating traffic on a link so that it is not dropped as an inactive
line. The use of keepalives is discouraged. Most networks are
busy enough as it is!
Adds support for running SLIP over 6-bit serial lines.
Normally a modem and line are configured for 8-bit, no-parity to run SLIP or
PPP. This feature allows SLIP to be run in an environment that can not support
8-bit transmissions. This is non-standard and rarely used. The systems
at both ends of the link must support this protocol for it to work.
Adds support for Ethernet hardware to the kernel. You need this for
your Ethernet LAN.
The remaining questions allow you to select your network hardware.
A large number of Ethernet cards are supported by Linux. In the sample,
we selected the 3COM 3C509 card. The
allows us to select ARCnet,
token ring, or ISDN interfaces.
use no specific network hardware. Instead, they run SLIP or PPP over a serial
port as their sole network connection. Select the hardware appropriate
for your system.
asks questions about the network
configuration, it goes on to ask about several other aspects of the
system configuration. Next, it tells you to do a
make dep; make clean
to build the dependencies and clean
up the odds and ends. When the makes are complete, you are ready
to compile the kernel. The
compressed kernel and puts it in the
Simply copy the new kernel file,
you're ready to run.
Linux's list of network configuration options is as long lists
for UNIX kernel configuration. Linux is yin to the Solaris yang.
Linux permits the system administrator to configure everything, while
Solaris configures everything for the administrator. BSD kernel
configuration lies somewhere between these two extremes.