Cs4720n.ppt

586 views

Published on

  • Be the first to comment

  • Be the first to like this

Cs4720n.ppt

  1. 1. Linux Networking <ul><li>TCP/IP stack </li></ul><ul><ul><li>kernel controls the TCP/IP protocol </li></ul></ul><ul><ul><li>Ethernet adapter is hooked to the kernel in with the ipconfig command </li></ul></ul><ul><ul><li>ifconfig sets the ip address as well as netmask and broadcast addresses </li></ul></ul>
  2. 2. Network Hardware <ul><li>Typically linux finds the NIC (PCI) at bootup but the administrator needs to tell linux that the card is to be enabled. </li></ul><ul><li>If linux doesn’t discover the NIC (network interface card) you must assign the card type, interrupt and base address for the card in the linux kernel. </li></ul>
  3. 3. Ipconfig <ul><li>ifconfig eth0 addr 129.123.109.154 broadcast 129.123.7.255 netmask 255.255.255.0 </li></ul><ul><li>Netmask forces TCP/IP to go only to the router interface for any address except those in 129.123.7. </li></ul><ul><li>Broadcast limits broadcasts to the 129.123.7 subnet </li></ul>
  4. 4. DHCP <ul><li>Dynamic Host Configuration Protocol </li></ul><ul><ul><li>Allows the client to grab TCP/IP setup information from a centralized service </li></ul></ul><ul><ul><li>The client broadcasts the request over the ethernet interface. </li></ul></ul><ul><ul><li>The router recognizes the DHCP request and forwards that request to a server or system that is configured into the router as a DHCP device. </li></ul></ul>
  5. 5. Name Service <ul><li>DHCP typically assigns the nameservers for the linux box. DHCP does not assign the search domain for the box. </li></ul><ul><li>Name resolution configuration is done in the /etc/resolv.conf file. </li></ul><ul><li>If the domain search field is set to usu.edu then you can access: cc.usu.edu as just cc. If you want to contact www.cs.usu.edu you would have to use www.cs </li></ul><ul><li>If the domain search field is usu.edu and cs.usu.edu then you can access www.cs.usu.edu as www. </li></ul><ul><li>The ambiguity is: What if you want www.usu.edu and not www.cs.usu.edu . </li></ul><ul><li>You would then need to use the fully qualified host name to contact the site you desire. </li></ul>
  6. 6. Routers <ul><li>Routers are added via DHCP or the route command. </li></ul><ul><li>The default route for a system is the address that all of the packets flow if they are resolved elsewhere. </li></ul><ul><li>Other routers may be defined using appropriate netmasks and ip addresses. </li></ul><ul><li>Since route configuration may follow indistinct paths the configuration may have to tell route how may hops (intermediate routers) there are between the local box and the actual ‘default’ router. </li></ul>
  7. 7. Linux Network Features <ul><li>NFS </li></ul><ul><ul><li>Network File System </li></ul></ul><ul><ul><li>Centralized File sharing </li></ul></ul><ul><li>NIS (Yellow Pages) </li></ul><ul><ul><li>Centralized password/authentication system </li></ul></ul>
  8. 8. NFS Server Setup <ul><li>NFS Server enabled </li></ul><ul><li>RPC server enabled </li></ul><ul><li>/etc/exportfs file created </li></ul><ul><ul><li>/usr/local –o ro sys1,sys2,sys3 </li></ul></ul><ul><ul><li>/home/users –o rw sys1,sys2,sys3 </li></ul></ul>
  9. 9. NFS Client Setup <ul><li>Run mountd, lockd, statd </li></ul><ul><li>Mount the remote disk as: </li></ul><ul><ul><li>mount –o ro server.cs.usu.edu:/usr/local /usr/local </li></ul></ul>
  10. 10. NIS Server Setup <ul><li>Domainname </li></ul><ul><ul><li>This is the YP domainname not necessarily the DNS domain name </li></ul></ul><ul><ul><li>ypserve, set up the yp server as a master </li></ul></ul><ul><ul><li>ypbind, bind to the server </li></ul></ul><ul><ul><li>yppasswdd, the password changing daemon </li></ul></ul><ul><ul><li>Create the maps with ypmake </li></ul></ul>
  11. 11. NIS Client Setup <ul><li>Set the yp domainname </li></ul><ul><li>Bind to the server </li></ul><ul><ul><li>ypbind </li></ul></ul><ul><li>Add wildcard info to the /etc/passwd and /etc/group files (+::::::::) </li></ul><ul><li>Add wildcard to other files as needed </li></ul>
  12. 12. PPP (dialup) <ul><li>PPP will automatically configure the linux box to act as a router for the dialin users. </li></ul><ul><li>When a user dials in, the PPP protocol typically starts immediately so the user doesn’t see a login prompt. </li></ul><ul><li>The PPP (CHAP/PAP) authorization is built into the protocol. </li></ul><ul><li>NAT (Network Address Translation) will allow the linux box to take packets from systems on an internal (non-routable) address and translate those requests to the address of the router interface. </li></ul>
  13. 13. Linux as a router <ul><li>The linux box can handle up to 4 NIC (network interface cards) to act as a router for a wide area network and 3 internal networks. </li></ul><ul><li>With this configuration the linux box can act as a firewall. </li></ul><ul><li>The program routed handles the packet exchange between boards. </li></ul><ul><li>Care must be exercised in configuring routed so that packets are misrouted, i.e. packets are sent to the wrong interface. </li></ul><ul><li>One of the interfaces is the WAN and should be listed as the default router. </li></ul>
  14. 14. IP access control <ul><li>Ipchains and iptables can limit packets (by address and port) in either direction (coming in to the box or going out of the box) </li></ul><ul><li>If a particular address needs to be filtered then ipchains or iptables can block that address and never even look a which port it’s want to attach to. </li></ul><ul><li>IP access can be controlled (filtered) by using ipchains or iptabels on the linux box. </li></ul><ul><li>Ipchains or iptables can also limit which service (port) is available to outside addresses. </li></ul>
  15. 15. Xinetd <ul><li>Xinetd controls which services are accessible from the internet </li></ul><ul><li>The port numbers xinetd translate into service names are located in /etc/services. </li></ul><ul><li>Xinetd controls what process owns the service and what flags are passed to the service program. </li></ul><ul><li>Xinetd times outs the service program when the internet user completes to that memory and CPU time are freed. </li></ul>
  16. 16. Xinetd server programming <ul><li>Xinetd redirects input that would be from stdin and takes that from the IP packets </li></ul><ul><li>Xinetd redirects output that would go to stdout and puts them into the IP packets. </li></ul><ul><li>If a program is dispatched through xinetd then all I/O can be done via stdin and stdout </li></ul>
  17. 17. Background Programs <ul><li>The xinetd system has a time latency since packets need to be dispatched and the a program must start before the service can begin. </li></ul><ul><li>To enhance network speed a program can be started at boot time and run in the background. </li></ul><ul><li>These programs must communicate with the TCP/IP stack using system calls. Stdin and stdout calls will be lost or redirected to system logs and not the network. </li></ul>
  18. 18. Network Programs <ul><li>High network intensive programs need to run at all times on the system. Examples are: </li></ul><ul><ul><li>Web servers (http) </li></ul></ul><ul><ul><ul><li>May run several processes to gain throughput </li></ul></ul></ul><ul><ul><li>Network file services </li></ul></ul><ul><ul><li>Remote Procedure Call programs </li></ul></ul><ul><ul><li>Mail </li></ul></ul><ul><li>Low impact programs </li></ul><ul><ul><li>telnet </li></ul></ul><ul><ul><li>ftp </li></ul></ul><ul><ul><li>Time </li></ul></ul><ul><ul><li>news </li></ul></ul>
  19. 19. Network monitoring <ul><li>ping echo test </li></ul><ul><li>traceroute check the router path </li></ul><ul><li>netstat </li></ul><ul><ul><li>-r show the routing table </li></ul></ul><ul><ul><li>-i shows the interfaces </li></ul></ul><ul><ul><li>-p what program is doing network stuff </li></ul></ul><ul><ul><li>No option </li></ul></ul><ul><ul><ul><li>What is presently going on </li></ul></ul></ul>
  20. 20. External Tools <ul><li>Sniffer, snoop, tcpdump </li></ul><ul><ul><li>Look at packets on the wire </li></ul></ul><ul><li>Scanner (nmap) </li></ul><ul><ul><li>What ports are open? </li></ul></ul><ul><li>Security checks </li></ul><ul><ul><li>Mail relays, writeable anonymous ftp </li></ul></ul>
  21. 21. Class Evaluations <ul><li>Remember to do the evaluations! </li></ul>
  22. 22. December 5, 2002 The End

×