Вы находитесь на странице: 1из 22

LinuxNetworking

ThistutorialcoversTCP/IPnetworkingandsystemconfigurationbasics.Linuxcansupportmultiplenetworkdevices. Thedevicenamesarenumberedandbeginatzeroandcountupwards.Forexample,acomputerrunningtwoethernet cardswillhavetwodeviceslabeled /dev/eth0 and/dev/eth1 .Linuxnetworkconfiguration,management,monitoring andsystemtoolsarecoveredinthistutorial.

TutorialContents:
l l

OtherYoLinuxNetworkingTutorials:
l

l l l l l l l l l

l l

l l l l

l l

l l l

#Configurationfiles #RedHatLinuxnetworkGUI configurationtools. #AssigninganIPaddress #ActivatingandDeActivatingyourNIC #Subnets #EnableForwarding #Addinganetworkinterfacecard(NIC) #Route #VPN,Tunneling #UsefullLinuxnetworkingcommands #inetd/xinetd:NetworkSocket ListenerDaemons #rwhod:RemoteWhoDaemon #RPC:RemoteProcedureCall. (portmapper) #PAM:NetworkWrappers. #ICMPprotocol. #NetworkMonitoringTools #IDS:IntruderDetectionSystem SNORT #ARP:AddressResolutionProtocol #ConfiguringLinuxForNetwork Multicast #LivinginaMS/Windowsworld #NetworkDefinitions #RelatedLinks

l l

l l l l

Settingupaninternetgatewayforhomeoroffice usingiptables LoadbalancingserversusingLVS(LinuxVirtual Server) Modemdialup: ConfiguringPPPdialupconnectionstoan ISP DialingCompuserve DialingAOL ConfiguringPPPdialinconnections DNSNameserverconfiguration DHCPserverconfiguration:DynamicHost ConfigurationProtocol NISauthenticationconfiguration:ServerandClient Internet/NetworkSecurity SecurityToolsandHackerTools YoLinuxTutorialsIndex

TCP/IPNetworkConfigurationFiles:
l

File: /etc/resolv.confhostnameresolverconfigurationfile
search nameofdomain.comNameofyourdomainorISP'sdomainifusingtheirnameserver nameserver XXX.XXX.XXX.XXXIPaddressofprimarynameserver nameserver XXX.XXX.XXX.XXXIPaddressofsecondarynameserver

ThisconfiguresLinuxsothatitknowswhichDNSserverwillberesolvingdomainnamesintoIPaddresses.IfusingDHCP client,thiswillautomaticallybesenttoyoubytheISPandloadedintothisfileaspartoftheDHCPprotocol.Ifusingastatic IPaddress,asktheISPorcheckanothermachineonyournetwork. RedHat/FedoraGUI: /usr/sbin/systemconfignetwork (selecttab"DNS".


l

File: /etc/hosts locallyresolvenodenamestoIPaddresses


127.0.0.1 yournodename.yourdomain.comlocalhost.localdomainlocalhost XXX.XXX.XXX.XXX nodename

Notewhenaddinghoststothisfile,placethefullyqualifiednamefirst.(Ithelpssendmailidentifyyourservercorrectly)i.e.:
XXX.XXX.XXX.XXXsuperserver.yolinux.comsuperserver

ThisinformsLinuxoflocalsystemsonthenetworkwhicharenothandledbytheDNSserver.(orforallsystemsinyourLAN ifyouarenotusingDNSorNIS)
/usr/sbin/systemconfignetwork

RedHat/FedoraGUI: /usr/sbin/systemconfignetwork (selecttab"Hosts".


l

File: /etc/nsswitch.confSystemDatabasesandNameServiceSwitchconfigurationfile
hosts:filesdnsnisplusnis

ThisexampletellsLinuxtofirstresolveahostnamebylookingatthelocalhostsfile( /etc/hosts ),thenifthenameisnot foundlooktoyourDNSserverasdefinedby /etc/resolv.conf andifnotfoundtherelooktoyourNISserver. Inthepastthisfilehashadthefollowingnames:/etc/nsswitch.conf,/etc/svc.conf,/etc/netsvc.conf,...dependingonthe distribution. FreeInformation Technology Magazine Subscriptions andDocument Downloads

Fedora/RedHatNetworkConfigurationFiles:
l

/etc/sysconfig/network RedHatnetworkconfigurationfileusedbythesystemduringthebootprocess.

File: /etc/sysconfig/networkscripts/ifcfgeth0 Configurationsettingsforyourfirstethernetport(0).Yoursecondportiseth1. File:


/etc/modprobe.conf (kernel2.6) /etc/modules.conf (kernel2.4) (orforoldersystems: /etc/conf.modules ) aliaseth0eepro100

ExamplestatementforIntelethernetcard:

Modulesforotherdevicesonthesystemwillalsobelisted.Thistellsthekernelwhichdevicedrivertouseifconfiguredasa loadablemodule.(defaultforRedHat)

Fedora/RedHatNetworkGUIConfigurationTools:
ThefollowingGUItoolseditthesystemconfigurationfiles.ThereisnodifferenceintheconfigurationdevelopedwiththeGUItools andthatdevelopedbyeditingsystemconfigurationfilesdirectly. TCP/IPethernetconfiguration:
l

Networkconfiguration:
/usr/sbin/systemconfignetwork (FC2/3)GUIshownhere> /usr/bin/redhatconfignetwork (/usr/bin/neat)(RH7.2+FC1)

Textconsoleconfigurationtool:
/usr/sbin/systemconfignetworktui (TextUserInterface(TUI)forFedoraCore2/3) /usr/bin/redhatconfignetworktui (RH9.0FC1)

Textconsolenetworkconfigurationtool. Firstinterfaceonlyeth0: /usr/sbin/netconfig /usr/bin/netcfg (GUI)(lastavailablewithRH7.1)

GnomeDesktop:
l

GnomeDesktopNetworkConfiguration /usr/bin/gnomenetworkpreferences (RH9.0FC3) Proxyconfiguration.Chooseoneofthreeoptions: 1. Directinternetconnection 2. Manualproxyconfiguration(specifyproxyandport) 3. Automaticproxyconfiguration(giveURL)

AssigninganIPaddress:
ComputersmaybeassigedastaticIPaddressorassignedonedynamically.

StaticIPaddressassignment:
Chooseoneofthefollowingmethods:

CommandLine:
/sbin/ifconfigeth0192.168.10.12netmask255.255.255.0broadcast192.168.10.255

Networkaddressbyconventionwouldbethelowest:192.168.10.0 Broadcastaddressbyconventionwouldbethehighest:192.168.10.255 Thegatewaycanbeanything,butfollowingconvention:192.168.10.1 Note:thehighestandlowestaddressesarebasedonthenetmask.Thepreviousexampleisbasedonanetmaskof 255.255.255.0


l

RedHat/FedoraGUItools: /usr/bin/neat GnomeGUInetworkadministrationtool.Handlesallinterfaces.ConfigureforStaticIPorDHCPclient. (FirstavailablewithRedHat7.2.) /usr/bin/netcfg (Handlesallinterfaces)(lastavailableinRedHat7.1)

RedHat/FedoraConsoletools:

/usr/sbin/systemconfignetworktui (TextUserInterface) /usr/sbin/netconfig (Onlyseemstoworkforthefirstnetworkinterfaceeth0butnoteth1,...)

Directlyeditconfigurationfiles/scripts.Seeformatbelow.

TheifconfigcommanddoesNOTstorethisinformationpermanently.Uponrebootthisinformationislost.(Manuallyaddthe commandstotheendofthefile /etc/rc.d/rc.local toexecutethemuponboot.)Thecommandsnetcfgandnetconfigmake permanentchangestosystemnetworkconfigurationfileslocatedin /etc/sysconfig/networkscripts/ ,sothatthisinformation isretained. TheIANAhasallocatedIPaddressesintherangeof192.168.0.0to192.168.255.255forprivatenetworks. Helpfultools:
l l

NetworkCalculators:Subnetmaskcalculator,nodecalculator,maskinverter,... IPsubnetcalculator

Ubuntu/DebianIPConfigurationFiles:
File: /etc/network/interfaces StaticIPexample:
autolo ifaceloinetloopback autoeth0 ifaceeth0inetstatic address208.88.34.106 netmask255.255.255.248 broadcast208.88.34.111 network208.88.34.104 gateway208.88.34.110

DynamicIP(DHCP)example:
autolo ifaceloinetloopback autoeth0 ifaceeth0inetdhcp autoeth1 ifaceeth1inetdhcp autoeth2 ifaceeth2inetdhcp autoath0 ifaceath0inetdhcp autowlan0 ifacewlan0inetdhcp

Interfaces: l lo:Loopbackinterface(networkwithinyoursystemwithoutslowingdownfortherealethernetbasednetwork) l eth0:Firstethernetinterfacecard l wlan0:Firstwirelessnetworkinterface Alsosee" maninterfaces "

Alsosee" maninterfaces "

RedHat/FedoraCoreIPConfigurationFiles:
TheRedHatconfigurationtoolsstoretheconfigurationinformationinthefile/etc/sysconfig/network . Theywillalsoallowonetoconfigureroutinginformation.
l

File: /etc/sysconfig/network StaticIPaddressConfiguration:(Configuregatewayaddress)


NETWORKING=yes HOSTNAME= myhostnameHostnameisdefinedhereandbycommandhostname FORWARD_IPV4=trueTrueforNATfirewallgatewaysandlinuxrouters. Falseforeveryoneelsedesktopsandservers. GATEWAY=" XXX.XXX.XXX.YYY"Usedifyournetworkisconnectedtoanothernetworkortheinternet. StaticIPconfiguration.GatewaynotdefinedhereforDHCPclient.

ORforDHCPclientconfiguration:
NETWORKING=yes HOSTNAME= myhostnameHostnameisdefinedhereandbycommandhostname

(GatewayisassignedbyDHCPserver.) ORforNISclientconfiguration:
NETWORKING=yes HOSTNAME= myhostnameHostnameisdefinedhereandbycommandhostname NISDOMAIN= NISProject1 NISdomaintoattach

File(RedHat/Fedora): /etc/sysconfig/networkscripts/ifcfgeth0 (S.u.s.e.: /etc/sysconfig/network/ifcfgethidXX:XX:XX:XX:XX) Thisfileusedbythecommandscripts ifup and ifdown StaticIPaddressconfiguration:


DEVICE=eth0 BOOTPROTO=static BROADCAST=XXX.XXX.XXX.255 IPADDR= XXX.XXX.XXX.XXX NETMASK=255.255.255.0 NETWORK= XXX.XXX.XXX.0 ONBOOT=yesWillactivateuponsystemboot

RHEL4/FC3additions: l TYPE=Ethernet l HWADDR=XX:XX:XX:XX:XX:XX l GATEWAY=XXX.XXX.XXX.XXX ORforDHCPclientconfiguration:


DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp

RHEL4/FC3additions: l IPV6INIT=no l USERCTL=no l PEERDNS=yes l TYPE=Ethernet l HWADDR=XX:XX:XX:XX:XX:XX (Usedbyscript /etc/sysconfig/networkscripts/ifup tobringthevariousnetworkinterfacesonline) TodisableDHCPchange BOOTPROTO=dhcp toBOOTPROTO=none Inorderforupdatedinformationinanyofthesefilestotakeeffect,onemustissuethecommand: servicenetworkrestart (or: /etc/init.d/networkrestart )

Changingthehostname:
Thisisathreestepprocess: 1. Issuethecommand: hostnamenewhostname 2. Changenetworkconfigurationfile: /etc/sysconfig/network Editentry: HOSTNAME= newhostname 3. Restartsystemswhichreliedonthehostname(orreboot): Restartnetworkservices: servicenetworkrestart (or: /etc/init.d/networkrestart ) Restartdesktop: n Bringdownsystemtoconsolemode: init3 n BringupXWindows: init5 Onemayalsowanttocheckthefile /etc/hosts foranentryusingthesystemnamewhichallowsthesystemtobeselfaware. Thehostnamemaybechangedatruntimeusingthecommand: sysctlwkernel.hostname=" superserver "

ChangethehostnameusingGUItool:/usr/sbin/systemconfignetwork (RedHat/Fedora/CentOS) Hostnameentriesaremadeintwoplaces:

Selectthe"DNS"tab. Selectthe"Devices"tab+"Edit"+the"General"tab.

NetworkIPaliasing:
AssignmorethanoneIPaddresstooneethernetcard:
ifconfigeth0 XXX.XXX.XXX.XXXnetmask255.255.255.0broadcast XXX.XXX.XXX.255 ifconfigeth0:0192.168.10.12netmask255.255.255.0broadcast192.168.10.255 ifconfigeth0:1192.168.10.14netmask255.255.255.0broadcast192.168.10.255 routeaddhost XXX.XXX.XXX.XXXdeveth0 routeaddhost192.168.10.12deveth0 routeaddhost192.168.10.14deveth0

Inthisexample0and1arealiasesinadditiontotheregulareth0.Theresultoftheifconfigcommand:
eth0Linkencap:EthernetHWaddr00:10:4C:25:7A:3F inetaddr:XXX.XXX.XXX.XXXBcast:XXX.XXX.XXX.255Mask:255.255.255.0 UPBROADCASTRUNNINGMULTICASTMTU:1500Metric:1

RXpackets:14218errors:0dropped:0overruns:0frame:0 TXpackets:1362errors:0dropped:0overruns:0carrier:0 collisions:1txqueuelen:100 Interrupt:5Baseaddress:0xe400 eth0:0Linkencap:EthernetHWaddr00:10:4C:25:7A:3F inetaddr:192.168.10.12Bcast:192.168.10.255Mask:255.255.255.0 UPBROADCASTRUNNINGMULTICASTMTU:1500Metric:1 Interrupt:5Baseaddress:0xe400 eth0:1Linkencap:EthernetHWaddr00:10:4C:25:7A:3F inetaddr:192.168.10.14Bcast:192.168.10.255Mask:255.255.255.0 UPBROADCASTRUNNINGMULTICASTMTU:1500Metric:1 Interrupt:5Baseaddress:0xe400

Configfile: /etc/sysconfig/networkscripts/ifcfgeth0:0
DEVICE=eth0:0 ONBOOT=yes BOOTPROTO=static BROADCAST=192.168.10.255 IPADDR=192.168.10.12 NETMASK=255.255.255.0 NETWORK=192.168.10.0 ONBOOT=yes

Aliasescanalsobeshutdownindependently.i.e.: ifdowneth0:0 Theoptionduringkernelcompileis:CONFIG_IP_ALIAS=y(EnabledbydefaultinRedhat) Note:TheApachewebservercanbeconfiguredsothatdifferentIPaddressescanbeassignedtospecificdomainsbeing hosted.SeeApacheconfigurationand"configuringanIPbasedvirtualhost"intheYoLinuxWebsiteconfigurationtutorial.

DHCPLinuxClient:getconnectioninfo:/sbin/pumpieth0status (RedHatLinux7.1andolder)
Deviceeth0 IP:4.XXX.XXX.XXX Netmask:255.255.252.0 Broadcast:4.XXX.XXX.255 Network:4.XXX.XXX.0 Bootserver131.XXX.XXX.4 Nextserver0.0.0.0 Gateway:4.XXX.XXX.1 Domain:vz.dsl.genuity.net Nameservers:4.XXX.XXX.14.XXX.XXX.24.XXX.XXX.3 Renewaltime:SatAug1108:28:552001 Expirationtime:SatAug1111:28:552001

ActivatingandDeActivatingyourNIC:
CommandsforstartingandstoppingTCP/IPnetwork servicesonaninterface:
l

Activate:/sbin/ifupeth0 (Also: ifconfigeth0up Note:EvenifnoIP addressisassignedyoucanlisten.) DeActivate:/sbin/ifdowneth0 (Also: ifconfigeth0down )

ThesescriptsusethescriptsandNICconfig filesin /etc/sysconfig/networkscripts/ GUIInterfacecontrol/configuration:


l

Start/Stopnetworkinterfaces
/usr/bin/systemcontrolnetwork (FedoraCore

2/3)
/usr/bin/redhatcontrolnetwork (RH9.0FC1)
l

ConfigureEthernet,ISDN,modem,tokenRing, WirelessorDSLnetworkconnection: /usr/sbin/systemconfignetworkdruid (FC2/3) /usr/sbin/redhatconfignetworkdruid (RH9 FC1)

Subnets:

M A S K

#OFSUB NETS

Slash Fmt

CLASSA HOSTS

CLASS CLASSB A HOSTS MASK

CLASSB MASK

CLASS C HOSTS

CLASSC MASK

CLASSC SUB HOSTS

CLASSCSUB MASK

1 255 or 256 254 128 252 64 248 32 240 16 224 8 192 4

/32

16,777,214

255.0.0.0 65,534

255.255.0.0 254

255.255.255.0

Invalid 1address Invalid 2addresses 2hosts 4addresses 6hosts 8addresses 14hosts 16addresses 30hosts 32addresses 62hosts 64addresses

255.255.255.255

/31 /30 /29 /28 /27 /26

33,554,430 67,108,862 134,217,726 268,435,454 536,870,910

254.0.0.0 131,070 252.0.0.0 262,142 248.0.0.0 524,286

255.254.0.0 510 255.252.0.0 1,022 255.248.0.0 2,046

255.255.254.0 255.255.252.0 255.255.248.0 255.255.240.0 255.255.224.0 255.255.192.0

255.255.255.254 255.255.255.252 255.255.255.248 255.255.255.240 255.255.255.224 255.255.255.192

240.0.0.0 1,048,574 255.240.0.0 4,094 224.0.0.0 2,097,150 255.224.0.0 8,190

1,073,741,822 192.0.0.0 4,194,302 255.192.0.0 16,382

128 2

/25

2,147,483,646 128.0.0.0 8,388,606 255.128.0.0 32,766

126hosts 255.255.128.0 128 addresses

255.255.255.128

Binaryposition 8 7 6 5 4321 Value 128 64 32 16 8 4 2 1 Example:192 1 1 0 0 0000 Example192=128+64 Someaddressesarereservedandoutsidethisscope.Loopback(127.0.0.1),reservedclassC192.168.XXX.XXX,reserved classB172.31.XXX.XXXandreservedclassA10.XXX.XXX.XXX. SubnetExample: YourISPassignsyouasubnetmaskof255.255.255.248foryouroffice. l 208.88.34.104NetworkBaseaddress l 208.88.34.105Computer1 l 208.88.34.106Computer2 l 208.88.34.107Computer3 l 208.88.34.108Computer4 l 208.88.34.109Computer5 l 208.88.34.110DSLrouter/Gateway l 208.88.34.111Broadcastaddress Oftheeightaddresses,therearesixassignedtohardwaresystemsandultimatelyonlyfiveusableaddresses. Links:
l l l l l

SubnetCheatSheet Subnetcalculator Tableofsubnets IPSubnetting,VariableSubnetting,andCIDR(Supernetting) CISCO.com:SubnetMaskingandAddressing

NetworkClasses:
Theconceptofnetworkclassesisalittleobsoleteassubnetsarenowusedtodefinesmallernetworks.Thesesubnetsmaybe partofaclassA,B,C,etcnetwork.Forhistoricalreferencethenetworkclassesaredefinedasfollows:
l

ClassA:Definedbythefirst8bitswitharangeof0127. Firstnumber(8bits)isdefinedbyInternici.e.77.XXX.XXX.XXX OneclassAnetworkcandefine16,777,214hosts. Range:0.0.0.0127.255.255.255 ClassB:Definedbythefirst8bitswitharangefrom128191 Firsttwonumbers(16bits)aredefinedbyInternici.e.182.56.XXX.XXX OneclassBnetworkcandefine65,534hosts. Range:128.0.0.0191.255.255.255

ClassC:Definedbythefirst8bitswitharangefrom192223 Firstthreenumbers(24bits)aredefinedbyInternici.e.220.56.222.XXX OneclassBnetworkcandefine254hosts. Range:192.0.0.0223.255.255.255 ClassD:Definedbythefirst8bitswitharangefrom224239 Thisisreservedformulticastnetworks(RFC988) Range:224.0.0.0239.255.255.255 ClassE:Definedbythefirst8bitswitharangefrom240255 Thisisreservedforexperimentaluse. Range:240.0.0.0247.255.255.255

EnableForwarding:
Forwardingallowsthenetworkpacketsononenetworkinterface(i.e. eth0 )tobeforwardedtoanothernetworkinterface(i.e. eth1 ).ThiswillallowtheLinuxcomputertoconect("ethernetbridge")orroutenetworktraffic. Thebridgeconfigurationwillmergetwo(orseveral)networksintoonesinglenetworktopology.IpTablesfirewallrulescanbe usedtofiltertraffic. ArouterconfigurationcansupportmulticastandbasicIProutingusingthe"route "command.IPmasquerading(NAT)canbe usedtoconnectprivatelocalareanetworks(LAN)totheinternetorloadbalanceservers.
l

TurnonIPforwardingtoallowLinuxcomputertoactasagatewayorrouter. echo1>/proc/sys/net/ipv4/ip_forward Defaultis0.Onecanaddfirewallrulesbyusingipchains. AnothermethodistoaltertheLinuxkernelconfigfile:/etc/sysctl.confSetthefollowingvalue:


net.ipv4.ip_forward=1

Seefile /etc/sysconfig/network forstoringthisconfiguration.


FORWARD_IPV4=true

Changethedefault"false"to"true". Allmethodswillresultinaprocfilevalueof"1".Test: cat/proc/sys/net/ipv4/ip_forward TheTCPManpageLinuxProgrammer'sManualand/usr/src/linux/Documentation/proc.txt(Kernel2.2RH7.0) cover /proc/sys/net/ipv4/* filedescriptions. Alossee:(YoLinuxtutorials)


l

ConfigureLinuxasaninternetgatewayrouter:UsingLinuxandiptables/ipchainstosetupaninternetgatewayforhomeor office(iptables ) LoadbalancingserversusingLVS(LinuxVirtualServer)(ipvsadm )

Addinganetworkinterfacecard(NIC):
Manualmethod:Thisdoesnotalterthepermanentconfigurationandwillonlyconfiguresupportuntilthenextreboot.
l

cd/lib/modules/2.2.515/net/Usekernelversionforyoursystem.Thisexampleuses2.2.515 (FedoraCore3: /lib/modules/2.6.121.1381_FC3/kernel/net/ )

Hereyouwillfindthemodulessupportedbyyoursystem. Itcanbepermanentlyaddedto: /etc/modprobe.conf (kernel2.6) /etc/modules.conf (kernel2.4) (orforoldersystems: /etc/conf.modules ) Example:


aliaseth03c59x
l

/sbin/insmod3c59x (Fora3Comethernetcard) Thisinsertsthespecifiedmoduleintothekernel. /sbin/modprobe3c59x Thisalsoloadsamoduleintothesystemkernel.

Modprobecommandlineoptions: r:tounloadthemodule. /sbin/modprobel\* :listallmodules. /sbin/modprobeltnet\* :Listonlynetworkmodules /sbin/modprobetnet\* :Tryloadingallnetworkmodulesandseewhatsticks.(actofdesperation) ifconfig...

Theeasyway:RedHatversions6.2andlater,shipwithKudzu,adevicedetectionprogramwhichrunsduringsystem initialization.(/etc/rc.d/init.d/kudzu)ThiscandetectanewlyinstalledNICandloadtheappropriatedriver.Then use/usr/sbin/netconfig toconfiguretheIPaddressandnetworksettings.Theconfigurationwillbestoredsothatitwillbe utilizeduponsystemboot. SystemswithtwoNICcards:Typicallytwocardsareusedwhenconnectingtotwonetworks.Inthiscasethedevicemustbe definedusingoneofthreemethods: 1. UsetheRedHatGUItool /usr/bin/netcfg OR 2. Definenetworkparametersinconfigurationfiles: Definenewdeviceinfile(RedHat/Fedora) /etc/sysconfig/networkscripts/ifcfgeth1 (S.u.s.e9.2: /etc/sysconfig/network/ifcfgethidXX:XX:XX:XX:XX)
DEVICE=eth1 BOOTPROTO=static IPADDR=192.168.10.12 NETMASK=255.255.255.0 GATEWAY=XXX.XXX.XXX.XXX HOSTNAME= nodename.nameofdomain.com DOMAIN= nameofdomain.com

Specialroutinginformationmaybespecified,ifnecessary,inthefile (RedHat/Fedora): /etc/sysconfig/staticroutes (S.u.s.e.9.2: /etc/sysconfig/network/routes ) Example:


eth1netXXX.XXX.XXX.0netmask255.255.255.0gwXXX.XXX.XXX.XXX

OR 3. DefinenetworkparametersusingUnixcommandlineinterface: DefineIPaddress:
ifconfigeth0XXX.XXX.XXX.XXXnetmask255.255.255.0broadcastXXX.XXX.XXX.255 ifconfigeth1192.168.10.12netmask255.255.255.0broadcast192.168.10.255

Ifnecessary,defineroutewithwiththeroute command: Examples:


routeadddefaultgwXXX.XXX.XXX.XXXdeveth0 routeaddnetXXX.XXX.XXX.0netmask255.255.255.0gwXXX.XXX.XXX.XXXdeveth0

WhereXXX.XXX.XXX.XXXisthegatewaytotheinternetasdefinedbyyourISPornetworkoperator. Ifamistakeismadejustrepeattheroutecommandsubstituting"del"inplaceof"add".

ConfiguringyourNIC:SpeedandDuplexsettings:
Thisisusuallynotnecessarybecausemostethernetadapterscanautonegotiatelinkspeedandduplexsetting.
l

ListNICspeedandconfiguration:miitool
eth0:negotiated100baseTxFDflowcontrol,linkok

Verbosemode: miitoolv
eth0:negotiated100baseTxFDflowcontrol,linkok

productinfo:Intel82555rev4 basicmode:autonegotiationenabled basicstatus:autonegotiationcomplete,linkok capabilities:100baseTxFD100baseTxHD10baseTFD10baseTHD advertising:100baseTxFD100baseTxHD10baseTFD10baseTHDflowcontrol linkpartner:100baseTxFD100baseTxHD10baseTFD10baseTHDflowcontrol


l

SetNICconfiguration:miitoolF option Option Parameters F 100baseTxFD 100baseTxHD 10baseTFD 10baseTHD 100baseT4 100baseTxFD 100baseTxHD 10baseTFD 10baseTHD

QueryNICwithethtool: Command
ethtoolgeth0 ethtoolaeth0 ethtoolceth0 ethtoolieth0 ethtooldeth0 ethtoolketh0 ethtoolSeth0

Description Queriesethernetdeviceforrx/txringparameterinformation. Queriesethernetdeviceforpauseparameterinformation. Queriesethernetdeviceforcoalescinginformation. Queriesethernetdeviceforassociateddriverinformation. Printsaregisterdumpforthespecifiedethernetdevice. Queriesethernetdeviceforoffloadinformation. QueriesethernetdeviceforNICanddriverstatistics.

ManPages:
l l

miitoolview,manipulatemediaindependentinterfacestatus ethtoolDisplayorchangeethernetcardsettings

Route:
Staticroutes:IP(InternetProtocol)usesaroutingtabletodeterminewherepacketsshouldbesent.Firstthepacketisexamined toseeifits'destinationisforthelocalorremotenetwork.Ifitistobesenttoaremotenetwork,theroutingtableisconsultedto determinethepath.Ifthereisnoinformationintheroutingtablethenthepacketissenttothedefaultgateway.Staticroutesare setwiththe route commandandwiththeconfigurationfile (RedHat/Fedora): /etc/sysconfig/networkscripts/routeeth0 or (RedHat7: /etc/sysconfig/staticroutes ) (S.u.s.e.9.2: /etc/sysconfig/network/routes ):
10.2.3.0/16via192.168.10.254

Seecommand: /etc/sysconfig/networkscripts/ifuprouteseth0 Dynamicroutes:RIP(RoutingInformationProtocol)isusedtodefinedynamicroutes.Ifmultipleroutesarepossible,RIPwill choosetheshortestroute.(Fewesthopsbetweenroutersnotphysicaldistance.)RoutersuseRIPtobroadcasttheroutingtable overUDPport520.Therouterswouldthenaddneworimprovedroutestotheirroutingtables. Manpages:


l

routeshow/manipulatetheIProutingtable(Staticroute) Examples: Showroutingtable: routee Accessindividualcomputerhostspecifiedvianetworkinterfacecardeth1: routeaddhost123.213.221.231eth1 AccessISPnetworkidentifiedbythenetworkaddressandnetmaskusingnetworkinterfacecardeth0: routeaddnet10.13.21.0netmask255.255.255.0gw192.168.10.254eth0 Conversly: routedelnet10.13.21.0netmask255.255.255.0gw192.168.10.254eth0 Specifydefaultgatewaytousetoaccessremotenetworkvianetworkinterfacecardeth0: routeadddefaultgw201.51.31.1eth0 (Gatewaycanalsobedefinedin /etc/sysconfig/network )

l l

Specifytwogatewaysfortwonetworkdestinations:(i.e.oneexternal,oneinternalprivatenetwork.Two routers/gatewayswillbespecified.) Addinternetgatewayasbefore: routeadddefaultgw201.51.31.1eth0 Addsecondprivatenetwork: routeaddnet10.0.0.0netmask255.0.0.0gw192.168.10.254eth0 routednetworkroutingdaemon.UsesRIPprotocoltoupdateroutingtable. ipx_routeshow/manipulatetheIPXroutingtableIPXistheNovellnetworkingprotocol(Nottypicallyusedunlessyour officehasNovellservers) ifuserIdentifydestinationsroutedtoaparticularnetworkinterface.

VPN,Tunneling:
l l l l l

l l l l

l l l l

CommercialVPNLinuxsoftwaresolutionsYoLinux OpenSWAN.orgIPSecVPNforLinux FreeSWAN.orgIPSecVPNforLinux FreeSWANtutorialhowto OpenVPNSSLVPNsolutionforsitetosite,WiFisecurity,andenterprisescaleremoteaccesswithloadbalancing, failover,andfinegrainedaccesscontrols. SSLExplorerJavaSLLbasedVPN QuaggadynamicroutingsuiteVLAN n2npiertopierwithinaprivatefabric CIPE:CryptoIPEncapsulation(EasiestwaytoconfiguretwoLinuxgatewaysconnectingtwoprivatenetworksoverthe internetwithencryption.) CIPEHomepageCIPEisasimpleencapsulationsystemthatsecurelyconnectstwosubnets. TheLinuxCipe+MasqueradingminiHOWTOAnthonyCiaravalo GRETunnelingGenericRoutingEncapsulationHugoSamayoa VPNHowToMatthewD.Wilson InstallingandRunningPPTPonLinux L2TPExtensions(l2tpext)InternetDrafts.

UsefullLinuxnetworkingcommands:
l l

/etc/rc.d/init.d/networkstart commandtostart,restartorstopthenetwork

l l

l l

l l l l

netstatDisplayconnections,routingtables,statsetc Listexternallyconnectedprocesses: netstatpunta Listallconnectedprocesses: netstatnap Shownetworkstatistics: netstats Kernelinterfacetableinfo: netstataieth0 pingsendICMPECHO_REQUESTpacketstonetworkhosts.UseCntlCtostopping. tracerouteprinttheroutepacketstaketonetworkhost traceroute IPaddressofserver traceroute domainnameofserver mtranetworkdiagnostictoolintroducedinFedoraLiketracerouteexceptitgivesmorenetworkqualityandnetwork diagnosticinfo.Leaverunningtogetrealtimestats.Reportsbestandworstroundtriptimesinmilliseconds. mtr IPaddressofserver mtr domainnameofserver whoisLookupadomainnameintheinternicwhoisdatabase. fingerDisplayinformationonasystemuser.i.e. finger user@host Uses $HOME/.plan and $HOME/.project userfiles. Oftenusedbygamedevelopers.Seehttp://finger.planetquake.com/ iptablesIPfirewalladministration(Linuxkernel2.6/2.4)SeeYoLinuxfirewall/gatewayconfiguration. ipchainsIPfirewalladministration(Linuxkernel2.2)SeeYoLinuxfirewall/gatewayconfiguration. socklistDisplaylistofopensockets,type,port,processidandthenameoftheprocess.Killwith fuser orkill . hostGiveahostnameandthecommandwillreturnIPaddress.Unlike nslookup ,thehost commandwilluse both /etc/hosts aswellasDNS. Example: host domainnameofserver nslookupGiveahostnameandthecommandwillreturnIPaddress.AlsoseeTestingyourDNS(YoLinuxTutorial)Note thatnslookupdoesnotusethe /etc/hosts file.

inetd/xinetd:NetworkSocketListenerDaemons:
ThenetworklisteningdaemonslistenandrespondtoallnetworksocketconnectionsmadeontheTCP/IPportsassignedtoit. Theportsaredefinedbythefile /etc/services .Whenaconnectionismade,thelistenerwillattempttoinvoketheassigned programandpipethedatatoit.Thissimplifiedmattersbyallowingtheassignedprogramtoreadfromstdininsteadofmaking itsownsocketsconnection.Thelistenerhadlesthenetworksocketconnection.Twonetworklisteningandmanagement daemonshavebeenusedinRedHatLinuxdistributions:
l l

inetd:RedHat6.xandolder xinetd:RedHat7.09.0,FedoraCore

inetd:
Configurationfile: /etc/inetd.conf Entriesinthisfileconsistofasinglelinemadeupofthefollowingfields:
servicesockettypeprotocolwaituserservercmdline
l l

l l

service:Thenameassignedtotheservice.Matchesthenamegiveninthefile /etc/services sockettype: stream:connectionprotocols(TCP) dgram:datagramprotocols(UDP) raw rdm seqpacket protocol:Transportprotocolnamewhichmatchesanameinthefile /etc/protocols .i.e.udp,icmp,tcp,rpc/udp, rpc/tcp,ip,ipv6 wait:Appliesonlytodatagramprotocols(UDP). wait[.max]:Oneserverforthespecifiedportatanytime(RPC) nowait[.max]:Continuetolistenandlaunchnewservicesifanewconnectionismade.(multithreaded) Maxreferstothemaximumnumberofserverinstancesspawnedin60seconds.(default=40) user[.group]:loginidoftheusertheprocessisexecutedunder.Oftennobody,rootoraspecialrestrictedidforthat service. server:Fullpathnameoftheserverprogramtobeexecuted. cmdline:Commandlinetobepassedtotheserver.Thisincludesargument0(argv[0]),thatisthecommandname. Thisfieldisemptyforinternalservices.ExampleofinternalTCPservices:echo,discard,chargen(character generator),daytime(humanreadabletime),andtime(machinereadabletime).(seeRFC)

SampleFile: /etc/inetd.conf
#echostreamtcpnowaitrootinternal #echodgramudpwaitrootinternal ftpstreamtcpnowaitroot/usr/sbin/tcpdin.ftpd la #pop3streamtcpnowaitroot/usr/sbin/tcpdipop3d #swatstreamtcpnowait.400root/usr/sbin/swatswat

Alinemaybecommentedoutbyusinga'#'asthefirstcharacterintheline.Thiswillturntheserviceoff.Themaximum lengthofalineis1022characters. Theinetdaemonmustberestartedtopickupthechangesmadetothefile: /etc/rc.d/init.d/inetdrestart Formoreinformationseethemanpages"inetd"and"inetd.conf".

xinetd:ExtendedInternetServicesDaemon:
Xinetdhasaccesscontrolmachanisms,loggingcapabilities,theabilitytomakeservicesavailablebasedontime,andcan placelimitsonthenumberofserversthatcanbestarted,redirectservicestodifferentportsandnetworkinterfaces(NIC)or eventoadifferentserver,chrootaserviceetc...andthusaworthyupgradefrominetd. Usethecommand chkconfiglist toviewallsystemservicesandtheirstate.Itwillalsolistallnetworkservices controlledbyxinetdandtheirrespectivestateunderthetitle"xinetdbasedservices".(Worksforxinetd(RH7.0+)butnot inetd) ThexinetdnetworkdaemonusesPAMalsocallednetworkwrapperswhichinvokethe /etc/hosts.allow and/etc/hosts.deny files. Configurationfile: /etc/xinetd.conf whichinturnusesconfigurationfilesfoundinthedirectory /etc/xinetd.d/ . Toturnanetworkserviceonoroff:
l

Editthefile /etc/xinetd.d/servicename Setthedisablevalue: disable=yes or disable=no Restartthexinetdprocessusingthesignal: SIGUSR1( killSIGUSR1processid )Softreconfigurationdoesnotterminateexistingconnections. (Importantifyouareconnectedremotely) SIGUSR2Hardreconfigurationstopsandrestartsthexinetdprocess. (Note:UsingtheHUPsignalwillterminatetheprocess.) OR

Usethe chkconfig command: chkconfigservicenameon (oroff) Thiscommandwillalsorestartthexinetdprocesstopickupthenewconfiguration.

Thefilecontainsentriesoftheform:
serviceservicename { attributeassignmentoperatorvaluevalue... ... {

Where: l attribute: disable: n yes n no type: n RPC n INTERNAL: n UNLISTED:Notfoundin /etc/rpc or /etc/services id:Bydefaulttheserviceidisthesameastheservicename. socket_type: n stream:TCP n dgram:UDP n raw:DirectIPaccess n seqpacket:servicethatrequiresreliablesequentialdatagramtransmission flags:Combinationof: REUSE,INTERCEPT,NORETRY,IDONLY,NAMEINARGS,NODELAY,DISABLE,KEEPALIVE, NOLIBWRAP . Seethexinetdmanpagefordetails. protocol:Transportprotocolnamewhichmatchesanameinthefile /etc/protocols . wait: n no:multithreaded n yes:singlethreadedOneserverforthespecifiedportatanytime(RPC) user:Seefile: /etc/passwd group:Seefile: /etc/group server:Programtoexecuteandrecievedatastreamfromsocket.(Fullyqualifiednamefullpathenameof program) server_args:Unlikeinetd,arg[0]orthenameoftheserviceisnotpassed. only_from:IPaddress,factorizedaddress,netmaskrange,hostnameornetworknamefrom file /etc/networks . no_access:Denyfrom...(inverseofonly_from) access_times port:Seefile /etc/services Also:log_type,log_on_success,log_on_failure(Logoptions:+=PID,HOST,USERID,EXIT,DURATION,ATTEMPT andRECORD),rpc_version,rpc_number,env,passenv,redirect,bind,interface,banner,banner_success, banner_fail,per_source,cps,max_load,groups,enabled,include,includedir,rlimit_as,rlimit_cpu,rlimit_data, rlimit_rss,rlimit_stack. Thebestsourceofinformationisthemanpageanditsmanyexamples. l assignmentoperator: = +=:addavaluetothesetofvalues =:deleteavaluefromthesetofvalues Thenrestartthedaemon: /etc/rc.d/init.d/xinetdrestart Examplefrommanpage:Limittelnetsessionsto8Mbytesofmemoryandatotal20CPUsecondsforchildprocesses.
servicetelnet { socket_type=stream wait=no nice=10 user=root server=/usr/etc/in.telnetd rlimit_as=8M rlimit_cpu=20 }

[Pitfall]RedHat7.1withupdatesasof07/06/2001requiredthatIrestartthe xinetd servicesbeforeFTPwouldwork properlyeventhough xinetd hadstartedwithoutfailureduringthebootsequence.Ihavenoexplanationastowhythis

occursorhowtofixitotherthantorestart xinetd :/etc/rc.d/init.d/xinetdrestart . ManPages:


l l l l

xinetd xinetd.conf xinetd.log tcpd

Formoreinfosee:
l l l l l

LinuxFocus.org:xinetdFredericRaynal RedHat.com:ControllingAccesstoServices http://www.xinetd.org SeeRFC's:862,863,864,867,868,1413. manpagexinetd,xinetd.conf,xinetd.log

RWHO:RemoteWhodaemonrwhod
The"rwho "commandisusedtodisplayusersloggedintocomputersonyourLAN. Bydefault,RedHatLinuxhasthenetworkinterfacetotherwhoddisabled.Thusifoneissuesthecommand" rwho ",youwillonly seewhoisloggedintothesystemyouareloggedintoandnotremotesystemsonthenetwork.Thisisasafeapproachfor internetserversasitreducestheexposureofaservicewhichcouldbeexploitedbyhackers.Ifyouwishtouse rwhod onalocal privateandfirewallprotectednetwork,hereishow: Allowbroacastcapabilities.Edit /etc/init.d/rwhod changefrom: daemonrwhod to:daemonrwhodb Startservice:
l l

Setservicetostartwithsystemboot: chkconfiglevel345rwhodon Startrwhodservice: servicerwhodstart (or: servicerwhodrestart )

Manpages:
l l l

rwho:whoisloggedinonlocalnetworkmachines rwhod:systemstatusserver who:showwhoisloggedontothesamesystem

RPC:RemoteProcedureCalls(Portmapper)
PortmpperisanetworkservicerequiredtosupportRPC's.ManyservicessuchasNFS(filesharingservices)require portmapper. ListRPCservicessupported: [root]#rpcinfoplocalhost Startingportmapserver:
l l

/etc/rc.d/init.d/portmapstart serviceportmapstart (RedHat/FedoraCore)

ManPages:
l l l l

portmap rpcinfo pmap_set pmap_dump

PAM:NetworkWrappers:
PluggableAuthenticationModulesforLinux(TCPWrappers) Thissystemallowsordeniesnetworkaccess.OnecanrejectorallowspecificIPaddressesorsubnetstoaccessyoursystem. File:/etc/hosts.allow

in.ftpd:208.188.34.105

ThisspecificallyallowsthegivenIPaddresstoftptoyoursystem.Onecanalsospecifyanentiredomain.i.e. .nameof domain.com Notethebeginning".". File:/etc/hosts.deny


ALL:ALL

Thisgenerallydeniesanyaccess. Seethepammanpage. File:/etc/inetd.conf


ftpstreamtcpnowaitroot/usr/sbin/tcpdin.ftpd la

Theinet daemonacceptstheincomingnetworkstreamandassignsittothePAMTCPwrapper,/usr/sbin/tcpd,whichaccepts ordeniesthenetworkconnectionasdefinedby /etc/hosts.allow and /etc/hosts.deny andthenpassesitalongtoftp.Thisis loggedto /var/log/secure

AdvancedPAM:Morespecificaccesscanbeassignedandcontrolledbycontrollingthelevelofauthenticationrequiredfor access. Filesreflecttheinetservicename.Rulesandmodulesarestackedtoachievethelevelofsecuritydesired. Seethefilesin/etc/pam.d/...(somesystemsuse/etc/pam.conf) Theformat: servicetypecontrolmodulepathmodulearguments


l

l l

auth(type)Passwordisrequiredfortheuser nullokNullornonexistatantpasswordisacceptable shadowencryptedpasswordskeptin/etc/shadow account(type)Verifiespassword.Cantrackandforcepasswordchanges. password(type)Controlspasswordupdate retry=3Setsthenumberofloginattempts minlen=8Setminimumlengthofpassword session(type)Controlsmonitoring

Modules:
l l l l

/lib/security/pam_pwdb.sopassworddatabasemodule /lib/security/pam_shells.so /lib/security/pam_cracklib.sochecksispasswordiscrackable /lib/security/pam_listfile.so

Afterreconfiguration,restartthe inet daemon: killallHUPinetd Formoreinfosee:


l l

Wietse'sPapers PluggableAuthenticationModulesforLinux(PAM)HomePage

ICMP:
ICMPisthenetworkprotocolusedbythe ping and traceroute commands. ICMPredirectpacketsaresentfromtheroutertothehosttoinformthehostofabetterroute.ToenableICMPredirect,addthe followinglineto /etc/sysctl.conf :
net.ipv4.conf.all.accept_redirects=1

Addthefollowingtothefile: /etc/rc.d/rc.local
forfin/proc/sys/net/ipv4/conf/*/accept_redirects

do echo1>$f done

CommandtoviewKernelIProutingcache: /sbin/routeCn NOTE:Thismayleaveyouvulnerabletohackersasattackersmayalteryourroutes.

BlockingICMPandlookinvisibletoping:
ThefollowingfirewallruleswilldropICMPrequests. Iptables:
iptablesAOUTPUTpicmpd0/0jDROP

Ipchains:
ipchainsAoutputpicmpd0/0jDENY

ORdropallincommingpings:
echo1>/proc/sys/net/ipv4/icmp_echo_ignore_all

ThisissometimesnecessarytolookinvisibletoDOS(DenialOfService)attackerswhousepingtowatchyourmachineand launchanattackwhenit'spressenceisdetected

NetworkMonitoringTools:
l

tcpdumpdumptrafficonanetwork.Seediscussionbelow. Commandlineoption Description c C i wfilename n t Filterexpressions: primitive hosthostname Exitafterreceivingcountpackets. Specifysizeofoutputdumpfiles. Specifyinterfaceifmultipleexist.Lowestusedbydefault.i.e.eth0 Writetherawpacketstofileratherthanparsingandprintingthemout. Theycanlaterbeprintedwiththeroption. ImprovespeedbynotperformingDNSlookups.ReportIPaddresses. Don'tprintatimestamponeachdumpline.

Description IfhosthasmultipleIP's,allwillbechecked.

Networknumber. netnetworknumber networknumbermaskmask Networknumberandnetmaskspecified. net port portnumber tcp udp icmp Examples:
l l l l

Portnumberspecified. SniffTCPpackets. SniffUDPpackets. Snifficmppackets.

tcpdumptcpport80andhost server1 tcpdumpiphost server1andnot server2

iptrafInteractiveColorfulIPLANMonitor nmapNetworkexplorationtoolandsecurityscanner Listpingablenodesonnetwork: nmapsP192.168.0.0/24 ScansnetworkforIPaddresses192.168.0.0to192.168.0.255usingping. EtherealNetworkprotocolanalyzer.Examinedatafromalivenetwork. RPM'srequired: l ethereal0.8.152.i386.rpmRedHat7.1PowertoolsCDRPM l ucdsnmp4.212.i386.rpmRedHat7.1binaryCD1 l ucdsnmputils4.212.i386.rpmRedHat7.1binaryCD1 l Also:gtk+,glib,glibc,XFree86libs4.0.35(baseinstall)

l l l

l l

l l l l

Thereisanerrorintheetherealpackagebecauseitdoesnotshowthesnmplibrariesasadependancies,butyou candeducethisfromtheerrorsthatyougetiftheucdsnmplibrariesarenotinstalled. EtherApeGraphicalnetworkmonitorforUnixmodeledafteretherman.Thisisagreatnetworkdiscoveryprogramwith coolgraphics.(RedHatPowertoolsCD7.1) GkrellmNetworkandsystemmonitor.Goodformonitoringyourworkstation.(RedHatPowertoolsCD) IPTrafncursesbasedIPLANmonitor.(RedHatPowertoolsCD) CheopsNetworkdiscovery,location,diagnosisandmanagement.Cheopscanidentifyallofthecomputersthatareon yournetwork,theirIPaddress,theirDNSname,theoperatingsystemtheyarerunning.Cheopscanrunaportscanonany systemonyournetwork.(RedHatPowertoolsCD) ntopShowsnetworkusageinawaysimilartowhattopdoesforprocesses.Monitorshowmuchdataisbeingsentand receivedonyournetwork.(RedHatPowertoolsCD) MRTGMultiRouterTrafficGrapherMonitornetworktrafficloadusingSNMPandgenerateanHTML/GIFreport.(See sampleoutput) dnsadIPtrafficcapture.ExporttoCiscoNetflowfornetworkanalysisreporting. scottyObtainstatusandconfigurationinformationaboutyournetwork.SupportsSNMP,ICMP,DNS,HTTP,SUNRPC, NTP,&UDP.(RedHatPowertoolsCD) BigBrotherMonitoringansservicesavailablility. OpenNMS.orgNetworkManagementusingSNMP. Nagioshost,serviceandnetworkmonitoring Angelnetworkmonitor

Usingtcpdumptomonitorthenetwork:
[root]#ifconfigeth0promiscPutnicintopromiscuousmodetosnifftraffic. [root]#tcpdumpnhostnot XXX.XXX.XXX.XXX|moreSniffnetbutignoreIPwhichisyourremotesession. [root]#ifconfigeth0promiscPullnicoutofpromiscuousmode.

NetworkIntrusionandHackerDetectionSystems:
SNORT:Monitorthenetwork,performingrealtimetrafficanalysisandpacketloggingonIPnetworksforthedetectionofan attackorprobe.
l l

LinuxJournal:PlanningIDSforYourEnterpriseNalneeshGaur InterSectAllianceIntrusiuonanalysis.Identifiesmaliciousorunauthorizedaccessattempts.

ARP:AddressResolutionProtocol
EthernethostsusetheAddressResolutionProtocol(ARP)toconverta32bitinternetIPaddressesintoa48bitEthernetMAC addressusedbynetworkhardware.(See:RFC826)ARPbroadcastsaresenttoallhostsonthesubnetbythedatatransmitting hosttoseewhoreplies.ThebroadcastisignoredbyallexcepttheintendedreceiverwhichrecognizestheIPaddressasitsown. TheMACaddressesareremembered(APRcache)forfuturenetworkcommunications.Computersonthesubnettypicallykeep acacheofARPresponses.ARPbroadcastsarepassedonbyhubsandswitchesbutareblockedbyrouters. ReverseARP(See:RFC903)isabootstrapprotocolwhichallowsaclienttobroadcastrequestingaservertoreplywithitsIP address.
l l l l l l

l l

arp(8)manpagemanipulatethesystemARPcache Showsothersystemsonyournetwork(includingIPaddressconflicts): arpa ShowARPtableLinuxstyle: arpe arpwatch(8)manpagekeeptrackofethernet/ipaddresspairings arpsnmp(8)manpagekeeptrackofethernet/ipaddresspairings.Readsinformationgeneratedbysnmpwalk arping(8)manpagesendARPREQUESTtoaneighborhost PrintARPreply(similarto arpa):arping 192.168.10.99 ListARPtable: cat/proc/net/arp ip(8)manpageshow/manipulaterouting,devices,policyroutingandtunnels ViewARPtable: ipneighbor

ARPissomethingthatsimplyworks.NoLinuxsystemconfigurationisnecessary.It'sallpartoftheethernetandIPprotocol.The aforementionedinformationisjustpartoftheLinuxcultureoffullvisibilityintowhatisgoingon.

ConfiguringLinuxForNetworkMulticast:
Regularnetworkexchangesofdataarepeertopeerunicasttransactions.AnHTTPrequesttoawebserver(TCP/IP),email SNMP(TCP/IP),DNS(UDP),FTP(TCP/IP),...areallpeertopeerunicasttransactions.Ifonewantstotransmitavideo,audioor datastreamtomultiplenodeswithonetransmissionstreaminsteadofmultipleindividualpeertopeerconnections,oneforeach node,onemayusemulticastingtoreducenetworkload.Notethatmulticastandanetworkbroadcastaredifferent.Multicast messagesareonly"heard"bythenodesonthenetworkthathave"joinedthemulticastgroup"whicharethosethatareinterested

intheinformation. TheLinuxkernelisLevel2MulticastCompliant.Itmeetsallrequirementstosend,receiveandactasarouterformulticast datagrams.Foraprocesstoreceivemulticastdatagramsithastorequestthekerneltojointhemulticastgroupandbindtheport receivingthedatagrams.Whenaprocessisnolongerinterestedinthemulticastgroup,arequestismadetothekerneltoleave thegroup.Itisthekernel/hostwhichjoinsthemulticastgroupandnottheprocess.Kernelconfigurationrequires "CONFIG_IP_MULTICAST=y ".InorderfortheLinuxkerneltosupportmulticastrouting,setthefollowinginthekernelconfig:


l l l l

CONFIG_IP_MULTICAST=y CONFIG_IP_ROUTER=y CONFIG_IP_MROUTE=y CONFIG_NET_IPIP=y

ThedefaultRedHat/Fedorakernelsarecompiledtosupportmulticast. SeetheYoLinuxtutorialonoptimizationandrebuildingtheLinuxkernal. Notethatonmultihomedsystems(morethanoneIPaddress/networkcard),onlyonedevicecanbeconfiguredtohandle multicast. ClassDnetworkswitharangeofIPaddressesfrom224.0.0.0to239.255.255.255(SeeNetworkClassesabove)havetypically beenreservedformulticast. Usefullcommands: Command


cat/proc/net/igmp

Description Listmulticastgrouptowhichthehostissubscribed.Use"InternetGroupManagement Protocol". (See /usr/src/linux/net/core/igmp.c ) Listmulticastinterfaces. (See /usr/src/linux/net/core/dev_mcast.c ) AllhostsconfiguredformulticastwillrespondwiththeirIPaddresses Allroutersconfiguredformulticastwillrespond AllPIMroutersconfiguredformulticastwillrespond AllDVMRProutersconfiguredformulticastwillrespond AllOSPFroutersconfiguredformulticastwillrespond

cat/proc/net/dev_mcast ping224.0.0.1 ping224.0.0.2 ping224.0.0.3 ping224.0.0.4 ping224.0.0.5

Multicasttransmissionsareachievedthroughproperrouting,routerconfiguration(ifcommunicatingthroughsubnets)and programaticallywiththeuseofthefollowing"C"functionlibrarycalls: FunctionCall Description

setsockopt() PassinformationtotheKernel. getsockopt() Retrieveinformationbroadcastusingmulticast. Formoreonmulticastprogrammingsee:MulticastHowto. Themulticastapplicationwillspecifythemulticastloopbackinterface,TTL(networktimetolive),networkinterfaceandthe multicastgrouptoaddordrop. Addroutetosupportmulticast:


l

routeadd224.0.0.0netmask240.0.0.0deveth0

Notethatifaddingaroutetoforwardpacketsthrougharouter,thattherouterMUSTbeconfiguredtoforwardmulticastpackets. Manyroutersdonotsupportforwardingofmulticastpacketsorhaveadefaultconfigurationwhichdoesnot.Theinternetby defaultdoesnotforwardmulticastpackets.

LivinginaMS/WindowsWorld:
l

SMB4k:MyfavoriteMS/Windowsfilesharebrowser. InNautilususetheURL"smb:"toviewMS/Windowsservers.[tutorial] LinNeighborhood:Linuxworkstationguitool. MakeyourlifesimpleandusetheGUI/FileManagerLinNeighborhood.Itusessmbmount,sambaandsmbclienttogiveyou accesstoMS/Windowsserversandprinters.

LinNeighborhoodHomePage

LinNeighborhoodHomePage LinNeighborhoodScreenShot

SeetheYoLinuxtutorialonintegratingLinuxintoaMicrosoftnetwork.

NetworkDefinitions:
l

l l l

IPv4:MostoftheInternetserversandpersonalcomputersuseInternetProtocolversion4(IPv4).Thisuses32bitsto assignanetworkaddressasdefinedbythefouroctetsofanIPaddressupto255.255.255.255.Whichisthe representationoffour8bitnumbersthustotaling32bits. IPv6:InternetProtocolversion6(IPv6)usesa128bitaddressandthusbillionsandbillionsofpotentialaddresses.The protocolhasalsobeenupgradedtoincludenewqualityofservicefeaturesandsecurity.CurrentlyLinuxsupportsIPv6but IPv4isusedwhenconnectingyourcomputertotheinternet. TCP/IP:(TransmissionControlProtocol/InternetProtocol)usesaclientservermodelforcommunications.Theprotocol definesthedatapacketstransmitted(packetheader,datasection),dataintegrityverification(errordetectionbytes), connectionandacknowledgementprotocol,andretransmission. TCP/IPtimetolive(TTL):Thisisacountingmechanismtodeterminehowlongapacketisvalidbeforeitreachesits destination.EachtimeaTCP/IPpacketpassesthrougharouteritwilldecrementitsTTLcount.Whenthecountreaches zerothepacketisdroppedbytherouter.Thisensuresthaterrantroutingandloopingaimlesspacketswillnotfloodthe network. MACAddress:(mediaaccesscontrol)isthenetworkcardaddressusedforcommunicationbetweenothernetwork devicesonthesubnet.Thisinfoisnotroutable.TheARPtablemapsTCP/IPaddress(globalinternet)tothelocalhardware onthelocalnetwork.Usethecommand /sbin/ifconfig toviewboththeIPaddressandtheMACaddress.TheMAC addressuniquelyidentifieseachnodeofanetworkandisusedbytheEthernetprotocol. FullDuplex:Allowsthesimultaneoussendingandreceivingofpackets.Mostmodernmodemssupportfullduplex. HalfDuplex:Allowsthesendingandreceivingofpacketsinonedirectionatatimeonly. OSI7LayerModel:TheISO(InternationalStandardsOrganization)hasdefinedtheOSI(OpenSystemsInterconnection) modelforcurrentnetworkingprotocols. OSILayer Description LinuxNetworkingUse 7 6 5 4 3 2 1 ApplicationLayer. telnet,webbrowser,sendmail Thetoplayerforcommunicationsapplicationslikeemailandtheweb. PresentationLayer. Syntaxandformatofdatatransfer. SessionLayer. TransportLayer. Connection,acknowledgementanddatapackettransmission. NetworkLayer. DataLinkLayer. Errorcontrol,timing SMTP,http

TCP UDP IP ARP Ethernet

PhysicalLayer. Ethernet ElectricalcharacteristicsofsignalandNIC NetworkHub:Hardwaretoconnectnetworkdevicestogether.Thedeviceswillallbeonthesamenetworkand/orsubnet. Allnetworktrafficissharedandcanbesniffedbyanyothernodeconnectedtothesamehub. NetworkSwitch:Likeahubbutcreatesaprivatelinkbetweenanytwoconnectednodeswhenanetworkconnectionis established.Thisreducestheamountofnetworkcollisionsandthusimprovesspeed.Broadcastmessagesarestillsentto allnodes.

RelatedLinks:
l l l l l l l l l

l l l l

CablemodemHowToVladimirVuksan EthernetHowToPaulGortmaker YoLinuxTutorial:Settingupaninternetgatewayforhomeorofficeusingiptablesoripchains FirewallHowToMarkGrennan YoLinuxnetworkingtutorial NetworkingOverviewHowToDanielLopezRidruejo NetworkingHowtoJoshuaDrake NFSHowtoNicolaiLangfeldt SNMP:SimpleNetworkManagementProtocol(Usesports161,162,391,1993) SNMPIntroandtutorials LinuxSNMPNetworkManagementTools SNMPFAQ netsnmptoolsandlibraries News/UsenetGroup:comp.os.linux.networkingDeja MARSnweNetwareemulator Linux2.4AdvancedRoutingHOWTOiproute2,trafficshapingandabitofnetfilter ISDN: ISDN4LINUXFAQMatthiasHessler

l l

ISDN4LinuxHomePage DanKegel'sISDNPage PPP:PointtoPointProtocol YoLinuxTutorial:ConfiguringPPPdialupconnectionstoanISP YoLinuxTutorial:DialingCompuserve YoLinuxTutorial:DialingAOL YoLinuxTutorial:ConfiguringPPPdialinconnections PPTP:PointtoPointTunnelingProtocol RFC2637:PointtoPointTunnelingProtocol(PPTP). PPTPLinuxClientAPPTPLinuxclientthatallowsalinuxsystemtoconnecttoaPPTPserver.DevelopedbyC.S. Ananian. CounterpaneSystemsFAQonMicrosoft'sPPTPImplementationFAQonthesecurityflawsinMicrosoft'sPPTP Implementation. DHCP:(DynamicHostConfigurationProtocol) YoLinuxDHCPTutorialHowtosetupaDHCPserver. ISCDynamicHostConfigurationProtocolDHCPhomepage Multicast: YoLinuxTutorial:ConfiguringLinuxformulticastthistutorialinsectionabove MulticastoverTCP/IPHOWTO ISP's:(National/Global) TheList.comComprehensivelistofISP's Earthlink Concentric ATTWorldnet NIS:(NFSinfrastructure) YoLinuxNIStutorial NIShowto NISconfigurationanduse Ethernetcables: MakingCAT3,5,5ERJ45EthernetCables WiringandInstallation GigabitEthernet VIX:ViennaInterneteXchangeEuropeantrafficexchangeforISP's

TestInternetBandwidth:
l l l l l

DSLreports.com:bandwidthanddiagnostictests Speakeasyconnectionspeedtest CNETBandwidthMeterspeedtest Networkspeedtest BandwidthexplainedandListofbandwidthtestsites

ManPages:
l l l l l

icmpLinuxIPv4ICMPkernelmodule ifportselectthetransceivertypeforanetworkinterface usernetctlallowausertomanipulateanetworkinterfaceifpermitted ripqueryqueryRIP(RoutingInformationProtocol)gateways gatedgatewayroutingdaemon

Books:
"NetworkingLinux:APracticalGuidetoTCP/IP" byPatEyler ISBN#0735710317,NewRidersPublishing

"LINUXTCP/IPNetworkAdministration byScottMann,MitchellKrell ISBN#0130322202,renticeHallPTR

"AdvancedLinuxNetworking"

byRoderickW.Smith ISBN#0201774232,AddisonWesleyProfessional1stedition(July15,2002)

"LinuxRouting" byDeeAnnLeBlanc,Joe"Zonker"Brockmeier,RonaldW.McCartyJr. ISBN#1578702674,Sams1stedition(October11,2001)

"PolicyRoutingUsingLinux" byMatthewG.Marsh ISBN#0672320525,Sams(March6,2001)

"RedHatFedora6andEnterpriseLinuxBible" byChristopherNegus Sams,ISBN#047008278X

"Fedora7&RedHatEnterpriseLinux:TheCompleteReference" byRichardPetersen Sams,ISBN#0071486429

"RedHatFedoraCore6Unleashed" byPaulHudson,AndrewHudson Sams,ISBN#0672329298

"RedHatLinuxFedora3Unleashed" byBillBall,HoytDuff Sams,ISBN#0672327082

"RedHatLinux9Unleashed" byBillBall,HoytDuff Sams,ISBN#0672325888 IhavetheRedHat6versionandIhavefoundittobeveryhelpful.Ihavefoundittobe waymorecompletethantheotherLinuxbooks.ItisthemostcompletegeneralLinux bookinpublication.Whileotherbooksinthe"Unleashed"serieshavedissapointed me,thisbookisthebestoutthere. "RedhatLinux9(VisualQuickProGuide)" byHaroldDavis ISBN#032121918X,PeachpitPress,AddisonWesley ThebestbasicLinuxbookaroundfortheGUIgeneration.Thisbookcanbebest describedasaguidetousingtheGUIconfigurationtools.

Returntohttp://YoLinux.comformoreLinuxlinks,informationandtutorials ReturntoYoLinuxTutorialIndex FeedbackForm Copyright20012007byGregIppolito