Custom Search

Coyote Linux Setup

Are you looking for the Brazil Firewall Setup instead?

This setup is based on the Windows® Coyote Linux Disk Creator v2.24.0.Coyote Linux is no longer being distrubuted. It is recommended that you upgrade to Brazil Firewall and Router. Version 2.30.1 of BrazilFW is the same as your beloved Coyote Linux… and more.

There is good information on the panels of each screen but I will comment each step.

  1. Coyote LAN Configuration
    Unless you really need to change this click next. If you do change it then all the IP addresses mentioned in the network primer do not apply but the theory is still valid.
  2. Administration Password
    Remember the Coyote Linux password.
    If you do forget it, then see Recover Lost Passwords
  3. Remote Logging
    If this means nothing go to the next step. If you do fill it, then it should be a LAN address in the range you selected in step 1 above.
  4. How you connect to the Internet
    If you connect to the Internet with one of those "all in one" router/hub devices (Linksys or D-link), then you may not need Coyote Linux. Those devices usually have an integrated firewall built in with a web interface similar to Coyote Linux. It's possible to use Coyote Linux in conjunction with them but it sure changes things and is not covered here directly. Plus doing it is really not worth the trouble.

    If your modem does not have an integrated firewall but is a router, then it probably does the (PPPoE) signon with the ISP. It is probably DHCP (server) enabled and in this case your Coyote Linux becomes a DHCP configuration. If it is not DHCP enabled (I doubt it) or you turned it off then Coyote Linux is a static configuration.

    The disadvantage of static is that if your ISP changes DNS servers (like mine did) then the Internet will stop working. In either case you must be careful to choose a LAN IP range, in step 1 above, that does not conflict with the one your router or you will assign to the Coyote WAN interface.

    In plain language: if your router device uses 192.168.0.1 on it's inside (like many do) then you either change it or change the LAN IP address you pick in step 1 above. If your router device is not DHCP enabled, the WAN IP you select for Coyote Linux cannot be the same as the router but must be in the same network IP range. If this is not clear then re-read the network primer again. Check your documentation to be sure. It is kind of important.

    • PPPoE
      Fill in the userid and password that the ISP gave you. The Windows floppy creator needs one DNS server to continue. Normally this is irrelevant because your ISP assigns this dynamically, via DHCP, so how are you to know this in advance. If you do know one fill it in or, if you don't, use 1.2.3.4 and continue. Either way it will be overridden at run time.
    • DHCP
      This has nothing to do with whether you enable your DHCP in the next step.
      For home users this is usually a connection with the television cable company with the exception above for "router/hub devices" PPPoE users. See the program panel for more information. Make sure your ADSL modem is not DHCP enabled. This setup can also be used in a company for a department firewall and deserves it own DHCP page.
    • STATIC (cable and telephone company connection)
      This probably means you bought one or more IP address(es) from your ISP with the exception above for "router/hub devices" users. Fill in the form with the infomation they gave you. See the program panel for more information. A special static situation is describe, in its own page, when using an ISP owned router for Internet connectivity. Another use for static is to test firewall rules before going live or to diagnose what is going wrong or right. You can now simulate the Internet on the WAN side. This is how I do it.
    • PPP
      Fill in the userid, password, and telephone number the ISP gave you. Keep it simple and use COM1 or COM2 and, once you do, don't touch that stuff on the right about /dev/ttySn. Normally the init string is OK. Only change this if you really need to. See my PPP page for a guide to the comm port and init string. The dial on demand timeout is OK unless you want it longer or uncheck it if you want a permanent connection. (Why?) The ISP will assign everything else but if they tell you that you must specify a DNS address then fill it in.
  5. Coyote DHCP Server
    YES unless you like headaches and have shares in the asprin companies or are a control freak. I see no reason not to use DHCP. You still have control and can reserve IPs by Medium Access Control (MAC) address for yourself or those servers which you do not want changing all the time. DHCP was designed to simply life. So why not? Select how many IPs to reserve (saves memory) or leave it as it.
    You may leave this disabled for now and enable it later using the Webadmin tool. You will have better control of IP addresses that will be assigned and this will make the allow/deny rules easier to make. See Simplified Firewall Configuration in my firewall primer series.

    There can be only one DHCP server on a network.
  6. Network Cards (NICs)
    This is the interesting part and more complicated to write up. It is the most important part of all.
    No working NICs no Internet. A lot of people jam up here. This is where the Coyote Linux forums come in handy. ASK.

    Click on the select button and 2 lists will show. One by card name and one by driver name. If the NIC is in the card name list then use it but a lot of NIC brands use the same chip and you must then select a NIC by driver name that supports your chip type.

    My list of supported NICs which correspond to this but is easier to search with your browser.

    PCI NICs are self configuring and the computer BIOS must support Plug and Play. Old 486s do not and a Pentium 1 is unsure. So if you select a PCI NIC the I/O and IRQ are left blank. Using two identical NICs can cause the local and Internet interfaces to be flipped contrary to what you intended.

    See the information page for ISA NICs.

  7. Select your language
  8. Create the floppy and try it.

If you are using ISA NICs and figure you will have problems, don't close the Coyote disk creator program after it has written to the disk in step 8. Click back. Now you can change the NIC settings and create a disk without entering all that information again. The the disk may not boot. Keep it open until you get it right or pass out.

One more thing! Unless you really need it, turn off External SSH Access. It's an open port for nothing and when the scanners see it they will attack it. Sure it disconnects after 3 attempts and logs to syslog but someone can try all night and all day and you would never see it. Are you capturing the syslog? No!
Rule 1 in security: close everything and only open what you need to get the job done.

Logon to Coyote Linux using the Webadmin tool at http://192.168.0.1:8180, select Administrative Configs in left side menu and disable Enable External SSH Access by selecting no. Now backup the configuration and Reboot the System.

Diagnostics and troubleshooting Coyote Linux.

DISCLAIMER: The following instructions come with no warranty. Use at your discretion and risks. I am not responsible for its misuse, damages, or losses that can be caused directly or indirectly. It is assumed that you practice safe computing and take backups before making changes.

Stuff is written here for the uninitiated and no prior knowledge on the subject is presumed.

Use the BrazilFW Forums for support.

Updated 2008/08/31

© copyright© copyright for the writing. The ideas and code are free. Robert Bonomo
bobbb at myrealbox dot com

W3C logo
W3C CSS logo
Comments? or things you don't agree with? Write me.