linux networking
DESCRIPTION
Linux Networking. TCP/IP stack kernel controls the TCP/IP protocol Ethernet adapter is hooked to the kernel in with the ipconfig command ifconfig sets the ip address as well as netmask and broadcast addresses. Network Hardware. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/1.jpg)
Linux Networking
TCP/IP stack– kernel controls the TCP/IP protocol– Ethernet adapter is hooked to the kernel in with the
ipconfig command– ifconfig sets the ip address as well as netmask and
broadcast addresses
![Page 2: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/2.jpg)
Network Hardware
Typically linux finds the NIC (PCI) at bootup but the administrator needs to tell linux that the card is to be enabled.
If linux doesn’t discover the NIC (network interface card) you must assign the card type, interrupt and base address for the card in the linux kernel.
![Page 3: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/3.jpg)
Ipconfig
ifconfig eth0 addr 129.123.109.154 broadcast 129.123.7.255 netmask 255.255.255.0
Netmask forces TCP/IP to go only to the router interface for any address except those in 129.123.7.
Broadcast limits broadcasts to the 129.123.7 subnet
![Page 4: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/4.jpg)
DHCP
Dynamic Host Configuration Protocol– Allows the client to grab TCP/IP setup information
from a centralized service– The client broadcasts the request over the ethernet
interface.– The router recognizes the DHCP request and
forwards that request to a server or system that is configured into the router as a DHCP device.
![Page 5: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/5.jpg)
Name Service
DHCP typically assigns the nameservers for the linux box. DHCP does not assign the search domain for the box.
Name resolution configuration is done in the /etc/resolv.conf file. If the domain search field is set to usu.edu then you can access:
cc.usu.edu as just cc. If you want to contact www.cs.usu.edu you would have to use www.cs
If the domain search field is usu.edu and cs.usu.edu then you can access www.cs.usu.edu as www.
The ambiguity is: What if you want www.usu.edu and not www.cs.usu.edu.
You would then need to use the fully qualified host name to contact the site you desire.
![Page 6: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/6.jpg)
Routers
Routers are added via DHCP or the route command. The default route for a system is the address that all of
the packets flow if they are resolved elsewhere. Other routers may be defined using appropriate
netmasks and ip addresses. Since route configuration may follow indistinct paths
the configuration may have to tell route how may hops (intermediate routers) there are between the local box and the actual ‘default’ router.
![Page 7: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/7.jpg)
Linux Network Features
NFS– Network File System– Centralized File sharing
NIS (Yellow Pages)– Centralized password/authentication system
![Page 8: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/8.jpg)
NFS Server Setup
NFS Server enabled RPC server enabled /etc/exportfs file created
– /usr/local –o ro sys1,sys2,sys3– /home/users –o rw sys1,sys2,sys3
![Page 9: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/9.jpg)
NFS Client Setup
Run mountd, lockd, statd Mount the remote disk as:
– mount –o ro server.cs.usu.edu:/usr/local /usr/local
![Page 10: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/10.jpg)
NIS Server Setup
Domainname– This is the YP domainname not necessarily the DNS
domain name– ypserve, set up the yp server as a master– ypbind, bind to the server– yppasswdd, the password changing daemon– Create the maps with ypmake
![Page 11: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/11.jpg)
NIS Client Setup
Set the yp domainname Bind to the server
– ypbind
Add wildcard info to the /etc/passwd and /etc/group files (+::::::::)
Add wildcard to other files as needed
![Page 12: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/12.jpg)
PPP (dialup)
PPP will automatically configure the linux box to act as a router for the dialin users.
When a user dials in, the PPP protocol typically starts immediately so the user doesn’t see a login prompt.
The PPP (CHAP/PAP) authorization is built into the protocol.
NAT (Network Address Translation) will allow the linux box to take packets from systems on an internal (non-routable) address and translate those requests to the address of the router interface.
![Page 13: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/13.jpg)
Linux as a router
The linux box can handle up to 4 NIC (network interface cards) to act as a router for a wide area network and 3 internal networks.
With this configuration the linux box can act as a firewall. The program routed handles the packet exchange between
boards. Care must be exercised in configuring routed so that packets
are misrouted, i.e. packets are sent to the wrong interface. One of the interfaces is the WAN and should be listed as the
default router.
![Page 14: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/14.jpg)
IP access control
Ipchains and iptables can limit packets (by address and port) in either direction (coming in to the box or going out of the box)
If a particular address needs to be filtered then ipchains or iptables can block that address and never even look a which port it’s want to attach to.
IP access can be controlled (filtered) by using ipchains or iptabels on the linux box.
Ipchains or iptables can also limit which service (port) is available to outside addresses.
![Page 15: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/15.jpg)
Xinetd
Xinetd controls which services are accessible from the internet
The port numbers xinetd translate into service names are located in /etc/services.
Xinetd controls what process owns the service and what flags are passed to the service program.
Xinetd times outs the service program when the internet user completes to that memory and CPU time are freed.
![Page 16: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/16.jpg)
Xinetd server programming
Xinetd redirects input that would be from stdin and takes that from the IP packets
Xinetd redirects output that would go to stdout and puts them into the IP packets.
If a program is dispatched through xinetd then all I/O can be done via stdin and stdout
![Page 17: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/17.jpg)
Background Programs
The xinetd system has a time latency since packets need to be dispatched and the a program must start before the service can begin.
To enhance network speed a program can be started at boot time and run in the background.
These programs must communicate with the TCP/IP stack using system calls. Stdin and stdout calls will be lost or redirected to system logs and not the network.
![Page 18: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/18.jpg)
Network Programs
High network intensive programs need to run at all times on the system. Examples are:
– Web servers (http) May run several processes to gain throughput
– Network file services– Remote Procedure Call programs– Mail
Low impact programs– telnet– ftp– Time– news
![Page 19: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/19.jpg)
Network monitoring
ping echo test traceroute check the router path netstat
– -r show the routing table– -i shows the interfaces– -p what program is doing network stuff– No option
What is presently going on
![Page 20: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/20.jpg)
External Tools
Sniffer, snoop, tcpdump– Look at packets on the wire
Scanner (nmap)– What ports are open?
Security checks– Mail relays, writeable anonymous ftp
![Page 21: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/21.jpg)
Class Evaluations
Remember to do the evaluations!
![Page 22: Linux Networking](https://reader035.vdocuments.site/reader035/viewer/2022062304/56813e7a550346895da8a0fc/html5/thumbnails/22.jpg)
December 5, 2002
The End