Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Linux Network Setup
  2. 2. Introduction <ul><li>Linux can implement different protocols for networking </li></ul><ul><li>TCP/IP the most common one </li></ul><ul><li>We will look at how to setup a simple linux network using Fedora Core 6 </li></ul>
  3. 3. Network topology – simple configuration Cable modem Firewall/Router Hub/Switch Server/Gateway Workstation 1 Workstation 2 eth0 = eth1 = eth0 = eth0 = eth0 =
  4. 4. Network Components <ul><li>Firewall/router – a modest computer with two network interfaces can easily become a firewall/router if there is no such device available </li></ul><ul><li>Hub/Switch – a physical device used to extend the network </li></ul><ul><li>Server – a computer that will be running FC6 and implement DNS, web server and database server. </li></ul><ul><li>Workstation – a computer that will be running FC6 </li></ul><ul><li>Except the hub, everything else can be implemented using virtual machines </li></ul>
  5. 5. FC6 installation <ul><li>Partitioning the hard drive: </li></ul><ul><ul><li>Can be done either manually or automatically(by the installation script) </li></ul></ul><ul><ul><ul><li>For the beginning the best bet is to let the script do the work for you </li></ul></ul></ul><ul><li>On the firewall and the server we will install only the packages that we need. </li></ul><ul><li>On the workstations we will install everything </li></ul>
  6. 6. Network installation screen for FC6
  7. 7. Installing the Firewall <ul><li>Use FC6 DVD and proceed with the installation. </li></ul><ul><li>When prompted for network setup </li></ul><ul><ul><li>choose to set up hostname manually </li></ul></ul><ul><ul><li>Type in the name </li></ul></ul><ul><ul><li>Edit the network devices </li></ul></ul><ul><ul><ul><li>Input the network address for eth0 – </li></ul></ul></ul><ul><ul><ul><li>If the script shows a configuration option for eth1, edit that one too, and entered the network address for eth1 – – If it does not you will have to configure this interface manually after the system is started </li></ul></ul></ul><ul><ul><li>In the Miscellaneous Settings area enter </li></ul></ul><ul><ul><ul><li>The gateway address: (this is the address of the server) </li></ul></ul></ul><ul><ul><ul><li>The Primary DNS: (this is the address of the server) </li></ul></ul></ul>
  8. 8. <ul><li>All Fedora Core installations include the following network services: </li></ul><ul><ul><li>centralized logging through syslog </li></ul></ul><ul><ul><li>email through SMTP (Simple Mail Transfer Protocol) </li></ul></ul><ul><ul><li>network file sharing through NFS (Network File System) </li></ul></ul><ul><ul><li>remote access through SSH (Secure SHell) </li></ul></ul><ul><ul><li>resource advertising through mDNS (multicast DNS) </li></ul></ul><ul><li>The default installation also provides: </li></ul><ul><ul><li>network file transfer through HTTP (HyperText Transfer Protocol) </li></ul></ul><ul><ul><li>printing through CUPS (Common UNIX Printing System) </li></ul></ul><ul><ul><li>remote desktop access through VNC (Virtual Network Computing) </li></ul></ul>Installing the Firewall – cont.
  9. 9. <ul><li>We will choose a minimal installation – packages can be added off the DVD later on if we need to </li></ul><ul><li>The minimal installation should include </li></ul><ul><ul><li>DNS </li></ul></ul><ul><ul><li>Iptables </li></ul></ul><ul><li>You do not have to worry about the dependencies since the installation script checks for them </li></ul>Installing the Firewall – cont.
  10. 10. Installing the Server <ul><li>The installation of the server is similar to that of the firewall except that we can choose to install more packages, even a complete installation. </li></ul><ul><li>When installing the network, follow the same steps as for the firewall. The IP address of the server is </li></ul>
  11. 11. <ul><li>If you want to be conservative – select only the packages that you need to run DNS, Apache and Mysql – you do not have to worry about the dependencies since the installation script checks for them </li></ul><ul><li>Otherwise, install everything – be aware that install everything does not mean install every single package on the DVD </li></ul>Installing the Server (cont.)
  12. 12. Installing the Workstations <ul><li>The installation is similar to the server and the firewall </li></ul>
  13. 13. <ul><li>/etc/resolv.conf - host name resolver configuration file </li></ul><ul><li>search - Name of your domain or ISP's domain if using their name server </li></ul><ul><li>nameserver XXX.XXX.XXX.XXX - IP address of primary name server </li></ul><ul><li>nameserver XXX.XXX.XXX.XXX - IP address of secondary name server </li></ul><ul><li>/etc/hosts - locally resolve node names to IP addresses </li></ul><ul><li> localhost.localdomain localhost </li></ul><ul><li>XXX.XXX.XXX.XXX node-name – enter the full qualified network name first then the alias </li></ul>TCP/IP Network Configuration files
  14. 14. <ul><li>/etc/nsswitch.conf - System Databases and Name Service Switch configuration file </li></ul><ul><li>hosts: files dns nisplus nis </li></ul><ul><ul><li>It tells Linux to first resolve a host name by looking at the local hosts file(/etc/hosts), then if the name is not found look to your DNS server as defined by /etc/resolv.conf and if not found there look to your NIS server </li></ul></ul>TCP/IP Network Configuration files (cont.)
  15. 15. <ul><li>/etc/sysconfig/network </li></ul><ul><ul><li>Red Hat network configuration file used by the system during the boot process. </li></ul></ul><ul><li>/etc/sysconfig/network-scripts/ifcfg-eth0 </li></ul><ul><ul><li>Configuration settings for your first ethernet port (0). Your second port is eth1. </li></ul></ul><ul><li>/etc/modules.conf </li></ul><ul><li>alias eth0 eepro100 </li></ul><ul><ul><li>Modules for other devices on the system will also be listed. This tells the kernel which device driver to use if configured as a loadable module. </li></ul></ul>TCP/IP Network Configuration files (cont.)
  16. 16. Fedora Network GUI Configuration Tools - TCP/IP ethernet configuration <ul><li>Network configuration: </li></ul><ul><ul><li>/usr/sbin/system-config-network </li></ul></ul><ul><li>Text console configuration tool: </li></ul><ul><ul><li>/usr/sbin/system-config-network-tui </li></ul></ul>
  17. 17. <ul><li>Gnome Desktop Network Configuration </li></ul><ul><ul><li>/usr/bin/gnome-network-preferences </li></ul></ul><ul><li>Proxy configuration. Choose one of three options: </li></ul><ul><li>1. Direct internet connection </li></ul><ul><li>2. Manual proxy configuration (specify proxy and port) </li></ul><ul><li>3. Automatic proxy configuration (give URL) </li></ul>Fedora Network GUI Configuration Tools – Gnome Desktop
  18. 18. Assigning an IP address - Static IP address assignment <ul><li>Command Line: </li></ul><ul><ul><li>ifconfig eth0 netmask broadcast </li></ul></ul><ul><li>Fedora GUI tools: </li></ul><ul><ul><li>/usr/bin/neat Gnome GUI network administration tool. Handles all interfaces. Configure for Static IP or DHCP client. </li></ul></ul><ul><li>Fedora Console tools: </li></ul><ul><ul><li>/usr/sbin/system-config-network-tui (Text User Interface) </li></ul></ul>
  19. 19. More Network Configuration <ul><li>Directly edit configuration files/scripts </li></ul><ul><li>The ifconfig command does NOT store this information permanently. Upon reboot this information is lost. (Manually add the commands to the end of the file /etc/rc.d/rc.local to execute them upon boot.) The commands netcfg and netconfig make permanent changes to system network configuration files located in /etc/sysconfig/network-scripts/, so that this information is retained. </li></ul>
  20. 20. Fedora Core IP Configuration Files <ul><li>/etc/sysconfig/network </li></ul><ul><li>Static IP address Configuration: (Configure gateway address) </li></ul><ul><li>NETWORKING=yes </li></ul><ul><li>HOSTNAME=my-hostname - Hostname is defined here and by command hostname </li></ul><ul><li>FORWARD_IPV4=true - True for NAT firewall gateways and linux routers. </li></ul><ul><li>False for everyone else - desktops and servers. </li></ul><ul><li>GATEWAY=&quot;XXX.XXX.XXX.YYY&quot; - Used if your network is connected to another network or the internet. </li></ul><ul><li>Static IP configuration. Gateway not defined here for DHCP client. </li></ul>
  21. 21. <ul><li>DHCP client configuration </li></ul><ul><li>NETWORKING=yes </li></ul><ul><li>HOSTNAME=my-hostname - Hostname is defined here and by command hostname </li></ul><ul><li>(Gateway is assigned by DHCP server.) </li></ul>Fedora Core IP Configuration Files (cont.)
  22. 22. <ul><li>/etc/sysconfig/network-scripts/ifcfg-eth0 </li></ul><ul><li>This file used by the command scripts ifup and ifdown </li></ul><ul><li>Static IP address configuration: </li></ul><ul><li>DEVICE=eth0 </li></ul><ul><li>BOOTPROTO=static </li></ul><ul><li>BROADCAST=XXX.XXX.XXX.255 </li></ul><ul><li>IPADDR=XXX.XXX.XXX.XXX </li></ul><ul><li>NETMASK= </li></ul><ul><li>NETWORK=XXX.XXX.XXX.0 </li></ul><ul><li>ONBOOT=yes - Will activate upon system boot </li></ul><ul><li>TYPE=Ethernet </li></ul><ul><li>HWADDR=XX:XX:XX:XX:XX:XX </li></ul><ul><li>GATEWAY=XXX.XXX.XXX.XXX </li></ul>Fedora Core IP Configuration Files (cont.)
  23. 23. <ul><li>DHCP client configuration </li></ul><ul><li>DEVICE=eth0 </li></ul><ul><li>ONBOOT=yes </li></ul><ul><li>BOOTPROTO=dhcp </li></ul><ul><li>IPV6INIT=no </li></ul><ul><li>USERCTL=no </li></ul><ul><li>PEERDNS=yes </li></ul><ul><li>TYPE=Ethernet </li></ul><ul><li>HWADDR=XX:XX:XX:XX:XX:XX </li></ul><ul><li>Used by script /etc/sysconfig/network-scripts/ifup to bring the various network interfaces on-line </li></ul><ul><li>To disable DHCP change BOOTPROTO=dhcp to BOOTPROTO=none </li></ul><ul><li>In order for updated information in any of these files to take effect, one must issue the command: service network restart (or: /etc/rc.d/init.d/network restart) </li></ul>Fedora Core IP Configuration Files (cont.)
  24. 24. Changing the host name <ul><li>This is a three step process: </li></ul><ul><li>1. Issue the command: hostname new-host-name </li></ul><ul><li>2. Change network configuration file: /etc/sysconfig/network </li></ul><ul><li>Edit entry: HOSTNAME=new-host-name </li></ul><ul><li>3. Restart systems which relied on the hostname (or reboot): </li></ul><ul><li>* Restart network services: service network restart </li></ul><ul><li>(or: /etc/rc.d/init.d/network restart) </li></ul><ul><li>* Restart desktop: </li></ul><ul><li>o Bring down system to console mode: init 3 </li></ul><ul><li>o Bring up X-Windows: init 5 </li></ul><ul><li>One may also want to check the file /etc/hosts for an entry using the system name which allows the system to be self aware </li></ul>
  25. 25. Network IP aliasing <ul><li>Assign more than one IP address to one ethernet card: </li></ul><ul><li>ifconfig eth0 XXX.XXX.XXX.XXX netmask broadcast XXX.XXX.XXX.255 </li></ul><ul><li>ifconfig eth0:0 netmask broadcast </li></ul><ul><li>ifconfig eth0:1 netmask broadcast </li></ul><ul><li>route add -host XXX.XXX.XXX.XXX dev eth0 </li></ul><ul><li>route add -host dev eth0 </li></ul><ul><li>route add -host dev eth0 </li></ul><ul><li>n this example 0 and 1 are aliases in addition to the regular eth0 </li></ul>
  26. 26. <ul><li>The result of the ifconfig command: </li></ul><ul><li>eth0 Link encap:Ethernet HWaddr 00:10:4C:25:7A:3F </li></ul><ul><li>inet addr:XXX.XXX.XXX.XXX Bcast:XXX.XXX.XXX.255 Mask: </li></ul><ul><li>UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 </li></ul><ul><li>RX packets:14218 errors:0 dropped:0 overruns:0 frame:0 </li></ul><ul><li>TX packets:1362 errors:0 dropped:0 overruns:0 carrier:0 </li></ul><ul><li>collisions:1 txqueuelen:100 </li></ul><ul><li>Interrupt:5 Base address:0xe400 </li></ul><ul><li>eth0:0 Link encap:Ethernet HWaddr 00:10:4C:25:7A:3F </li></ul><ul><li>inet addr: Bcast: Mask: </li></ul><ul><li>UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 </li></ul><ul><li>Interrupt:5 Base address:0xe400 </li></ul><ul><li>eth0:1 Link encap:Ethernet HWaddr 00:10:4C:25:7A:3F </li></ul><ul><li>inet addr: Bcast: Mask: </li></ul><ul><li>UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 </li></ul><ul><li>Interrupt:5 Base address:0xe400 </li></ul>Network IP aliasing (cont.)
  27. 27. <ul><li>Config file: /etc/sysconfig/network-scripts/ifcfg-eth0:0 </li></ul><ul><li>DEVICE=eth0:0 </li></ul><ul><li>ONBOOT=yes </li></ul><ul><li>BOOTPROTO=static </li></ul><ul><li>BROADCAST= </li></ul><ul><li>IPADDR= </li></ul><ul><li>NETMASK= </li></ul><ul><li>NETWORK= </li></ul><ul><li>ONBOOT=yes </li></ul><ul><li>Aliases can also be shut down independently. i.e.: ifdown eth0:0 </li></ul>Network IP aliasing (cont.)
  28. 28. Activating and De-Activating your NIC <ul><li>Activate: /sbin/ifup eth0 (Also: ifconfig eth0 up - Note: Even if no IP address is assigned you can listen.) </li></ul><ul><li>De-Activate: /sbin/ifdown eth0 (Also: ifconfig eth0 down) </li></ul><ul><li>These scripts use the scripts and NIC config files in /etc/sysconfig/network-scripts/ </li></ul>
  29. 29. GUI Interface control/configuration <ul><li>/usr/bin/system-control-network </li></ul>
  30. 30. Adding a network interface card (NIC) <ul><li>It can be permanently added to /etc/modules.conf </li></ul><ul><li>alias eth0 3c59x </li></ul><ul><li>insmod -v 3c59x (For a 3Com ethernet card) </li></ul><ul><li>Fedora Core has a hardware detection tool called kudzu which will detect any new hardware added to the system and will try to install it and configure it(with the user’s help) </li></ul>
  31. 31. <ul><li>Define network parameters in configuration files /etc/sysconfig/network-scripts/ifcfg-eth1 </li></ul><ul><li>DEVICE=eth1 </li></ul><ul><li>BOOTPROTO=static </li></ul><ul><li>IPADDR= </li></ul><ul><li>NETMASK= </li></ul><ul><li>GATEWAY=XXX.XXX.XXX.XXX </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li>Special routing information may be specified, if necessary, in the file /etc/sysconfig/static-routes </li></ul>Adding a network interface card (NIC) (cont.)
  32. 32. <ul><li>Define network parameters using Unix command line interface: </li></ul><ul><li>Define IP address: </li></ul><ul><li>ifconfig eth0 netmask broadcast </li></ul><ul><li>ifconfig eth1 netmask broadcast </li></ul><ul><li>If necessary, define route with with the route command: </li></ul><ul><li>Examples: </li></ul><ul><li>route add default gw XXX.XXX.XXX.XXX dev eth0 </li></ul><ul><li>route add -net XXX.XXX.XXX.0 netmask gw XXX.XXX.XXX.XXX dev eth0 </li></ul><ul><li>XXX.XXX.XXX.XXX is the gateway to the internet as defined by your ISP or network operator </li></ul><ul><li>If you make a mistake just repeat the route command substituting &quot;del&quot; in place of &quot;add&quot; </li></ul>Adding a network interface card (NIC) (cont.)
  33. 33. Routes <ul><li>route - show / manipulate the IP routing table (Static route) </li></ul><ul><li>Examples: </li></ul><ul><li>Show routing table: route -e </li></ul><ul><li>Access individual computer host specified via network interface card eth1: </li></ul><ul><li>route add -host eth1 </li></ul><ul><li>Access ISP network identified by the network address and netmask using network interface card eth0: </li></ul><ul><li>route add -net netmask gw eth0 </li></ul><ul><li>Conversly: route del -net netmask gw eth0 </li></ul><ul><li>Specify default gateway to use to access remote network via network interface card eth0: </li></ul><ul><li>route add default gw eth0 </li></ul><ul><li>(Gateway can also be defined in /etc/sysconfig/network) </li></ul><ul><li>Specify two gateways for two network destinations: (i.e. one external, one internal private network. Two routers/gateways will be specified.) </li></ul><ul><li>Add internet gateway as before: route add default gw eth0 </li></ul><ul><li>Add second private network: route add -net netmask gw eth1 </li></ul><ul><li>routed - network routing daemon. Uses RIP protocol to update routing table. </li></ul><ul><li>ipx_route - show / manipulate the IPX routing table - IPX is the Novell networking protocol (Not typically used unless your office has Novell servers) </li></ul><ul><li>ifuser - Identify destinations routed to a particular network interface. </li></ul>
  34. 34. Domain Name Server (DNS) configuration - Primary server (master) <ul><li>File: /etc/named.conf </li></ul><ul><li>options { </li></ul><ul><li>version &quot;Bind&quot;; - Don't disclose real version to hackers </li></ul><ul><li>directory &quot;/var/named&quot;; </li></ul><ul><li>allow-transfer { XXX.XXX.XXX.XXX; }; - IP address of secondary DNS </li></ul><ul><li>recursion no; </li></ul><ul><li>fetch-glue no; - Bind 8 only! Not used by version 9 </li></ul><ul><li>}; </li></ul><ul><li>zone &quot;;{ </li></ul><ul><li>type master; </li></ul><ul><li>file &quot;;; </li></ul><ul><li>notify yes; </li></ul><ul><li>}; </li></ul><ul><li>zone &quot;;{ </li></ul><ul><li>type master; </li></ul><ul><li>file &quot;named.local&quot;; </li></ul><ul><li>allow-update { none; }; </li></ul><ul><li>}; </li></ul>
  35. 35. <ul><li>File: /var/named/ </li></ul>Domain Name Server (DNS) configuration - Primary server (master)
  36. 36. <ul><li>$TTL 604800 - Bind 9 (and some of the later versions of Bind 8) requires $TTL statement. Measured in seconds. This value is 7 days. </li></ul><ul><li> IN SOA ( </li></ul><ul><li>2000021600 ; serial - Many people use year+month+day+integer as a system. Never greater than 2147483647 for a 32 bit processor. </li></ul><ul><li>86400 ; refresh - How often secondary servers (in seconds) should check in for changes in serial number. (86400 sec = 24 hrs) </li></ul><ul><li>7200 ; retry - How long secondary server should wait for a retry if contact failed. </li></ul><ul><li>1209600 ; expire - Secondary server to purge info after this length of time. </li></ul><ul><li>604800 ) ; default_ttl - How long data is held in cache by remote servers. </li></ul><ul><li>IN A - Note that this is the default IP address of the domain. </li></ul><ul><li>I put the web server IP address here so that points to the same servers as </li></ul><ul><li>; </li></ul><ul><li>; Name servers for the domain </li></ul><ul><li>; </li></ul><ul><li>IN NS </li></ul><ul><li>; </li></ul><ul><li>; Mail server for domain </li></ul><ul><li>; </li></ul><ul><li>IN MX 5 server - Identify &quot;mail&quot; as the node handling mail for the domain. Do NOT specify an IP address! </li></ul><ul><li>; </li></ul><ul><li>; Nodes in domain </li></ul><ul><li>; </li></ul><ul><li>workstation1 IN A - Note that this is the IP address of workstation1 </li></ul><ul><li>workstation2 IN A - Note that this is the IP address of workstation1 </li></ul><ul><li>server IN A - Optional: For hosting your own primary name server. Note that this is the IP address of server </li></ul><ul><li>firewall IN A - this is the IP address of the firewall </li></ul><ul><li> IN MX 5 - Identify the IP address for mail server named server </li></ul>
  37. 37. <ul><li>File: named.conf </li></ul><ul><li>options { </li></ul><ul><li>version &quot;Bind&quot;; - Don't disclose real version to hackers </li></ul><ul><li>directory &quot;/var/named&quot;; </li></ul><ul><li>allow-transfer { none; }; </li></ul><ul><li>recursion no; </li></ul><ul><li>fetch-glue no; - Bind 8 only! Not used by version 9 </li></ul><ul><li>}; </li></ul><ul><li>zone &quot;;{ </li></ul><ul><li>type slave; </li></ul><ul><li>file &quot;;; - Specify slaves/ for RHEL4 chrooted bind </li></ul><ul><li>masters {; }; - IP address of primary DNS </li></ul><ul><li>}; </li></ul><ul><li>zone &quot;;{ </li></ul><ul><li>type master; </li></ul><ul><li>file &quot;named.local&quot;; </li></ul><ul><li>}; </li></ul>Domain Name Server (DNS) configuration - Secondary server (slave)
  38. 38. DNS GUI configuration <ul><li>/usr/bin/system-config-bind </li></ul>
  39. 39. DNS <ul><li>Most modern Linux distributions default to a &quot;chrooted&quot; installation. </li></ul><ul><li>This technique runs the Bind name service with a view of the filesystem which changes the definition of the root directory &quot;/&quot; to a directory in which Bind will operate. i.e. /var/named/chroot. </li></ul><ul><li>The latest Fedora bind updates run the named as user &quot;named&quot; to avoid a lot of earlier hacker exploits. </li></ul><ul><li>To chroot the process is to create an even more secure environment by limiting the view of the system that the process can access. </li></ul><ul><li>The process is limited to the chrooted directory assigned </li></ul>
  40. 40. Chrooted DNS configuration <ul><li>Directory: /var/named/chroot </li></ul><ul><li>Configuration files: /var/named/chroot/etc </li></ul><ul><li>devices used by bind: /var/named/chroot/dev </li></ul><ul><ul><li>/dev/null </li></ul></ul><ul><ul><li>/dev/random </li></ul></ul><ul><ul><li>/dev/zero </li></ul></ul><ul><li>Zone files and configuration information: /var/named/chroot/var </li></ul>
  41. 41. More DNS HOWTO <ul><li> </li></ul>