57
Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Embed Size (px)

Citation preview

Page 1: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, Third Edition

Chapter 12Network Configuration

Page 2: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 2

Objectives

• Describe the purpose and types of networks, protocols, and media access methods

• Explain the basic configuration of TCP/IP

• Configure a Network interface to use TCP/IP

• Configure a modem, ISDN, and DSL interface

Page 3: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 3

Objectives (continued)

• Describe the purpose of host names and how they are resolved to IP addresses

• Configure TCP/IP routing

• Identify common network services

• Use command-line and graphical utilities to perform remote administration

Page 4: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Networks

• Network: two or more computers joined via media and able to exchange information

• Local area networks (LANs): connect computers within close proximity– e.g., used to allow connection to shared resources

• Wide area networks (WANs): connect computers separated by large distances– e.g., used to connect to Internet Service Provider

• Internet service provider (ISP): company providing Internet access

Linux+ Guide to Linux Certification, 3e 4

Page 5: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 5

Networks (continued)

• Routers: computers capable of transferring information between networks

• Protocol: set of rules for communication between networked computers

• Packets: packages of data formatted by a network protocol– Packets can be recognized by routers and other

network devices

Page 6: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 6

Networks (continued)

• Linux network protocols:– TCP/IP (Transfer Control Protocol/Internet Protocol)– UDP/IP (User Datagram Protocol/Internet Protocol)– IPX/SPX (Internetwork Packet Exchange/Sequence

Packet Exchange)– AppleTalk– DLC (Data Link Control)– DECnet (Digital Equipment Corporation network)

Page 7: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 7

Networks (continued)

• Media access method: defines how networked computers share access to the physical medium– Contained within the hardware on NIC or modem

• Ethernet: most common network media access method– Ensures that packets are retransmitted onto the

network if a network error occurs

• Token ring: popular media access method– Controls which computer has the ability to transmit

information

Page 8: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 8

The TCP/IP Protocol

• Set of protocols with two core components– TCP: ensures that packets are assembled in the

correct order, regardless of arrival order– IP: responsible for labeling each packet with

destination address

• Together, TCP and IP ensure that information packets travel across the network as quickly as possible without getting lost

Page 9: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 9

IPv4 Addresses

• IP address: unique number that identifies a networked computer– Octet: series of four 8-bit numbers

• Common format of IPv4 addresses

• Unicast: directed TCP/IP communication from one computer to another single computer

Page 10: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 10

IPv4 Addresses (continued)

• IPv4 addresses composed of two parts– Network ID: network on which a computer is located– Host ID: single computer on that network

• Two computers with different network IDs can have the same host ID

• Only computers with same network ID can communicate without a router

Page 11: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 11

Subnet Masks

• Define which part of IP address is the network ID and which part is the host ID– Series of four octets– Octet in subnet mask containing 255 is part of

network ID– Octet in subnet mask containing 0 is part of host ID

• ANDing: calculate network and host IDs from an IP address and subnet mask– Compare binary bits

Page 12: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 12

Subnet Masks (continued)

Figure 12-1: A sample IP address and subnet mask

Page 13: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 13

Subnet Masks (continued)

• 0.0.0.0 = all networks

• 255.255.255.255 = all computers on all networks

• 255 in an IP address can specify many hosts– Broadcast addresses

Page 14: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 14

Default Gateway

• IP address of network interface on a router, to which you send packets

• Routers can distinguish between different networks – Move packets between them– Have assigned IP addresses on each attached

network

Page 15: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 15

IPv4 Classes and Subnetting

• IP address class defines default subnet mask of associated device– All IP address classes can be identified by first octet– Class A: 8 bits for network ID, 24 bits for host ID

• Assigned to very large companies

– Class B: 16 bits for network ID, 16 bits for host ID• Assigned to larger organizations with several

thousand users

– Class C: 24 bits for network ID, 16 bits for host ID• Used for small and home networks

Page 16: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 16

IPv4 Classes and Subnetting

• Multicast: TCP/IP communication destined for a certain group of computers– Class D addresses

• Subnetting: divide a large network into smaller networks– Control traffic flow– Take bits from host ID; give to network ID

Page 17: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 17

IPv4 Classes and Subnetting (continued)

Table 12-1: IP address classes

Page 18: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

The IPv6 Protocol

• Number of IP addresses using IPv4 is unsuitable for Internet growth

• IPv6 protocol: uses 128 bits to identify computers– Addresses written using eight 16-bit hexadecimal

numbers

• IPv6 address contains two portions– First half assigned by ISP and identifies network– Last half is link local portion: used to uniquely

identify computers in a LAN

Linux+ Guide to Linux Certification, 3e 18

Page 19: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

The IPv6 Protocol (continued)

• Few networks have adopted IPv6– Proxy servers and NAT routers: computers or

hardware devices that have an IP address and access to a network

• Used by other computers to obtain network resources on their behalf

• Allows computers behind different NAT routers or proxy servers to have the same IPv4 address

Linux+ Guide to Linux Certification, 3e 19

Page 20: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 20

Configuring a Network Interface

• If NIC detected during installation, Fedora Linux automatically configures appropriate driver

• insmod and modprobe commands: used to load kernel objects into the Linux kernel– Can be used to load NIC drivers

• lsmod command: displays a list of currently loaded modules

• rmmod command: removes module from kernel

• Most modules loaded from dist.conf file in the /etc/modprobe.d directory

Page 21: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 21

Configuring a Network Interface (continued)

• ifconfig command: assign TCP/IP configuration to a NIC– Also used without any arguments to view

configuration of all network interfaces in computer

• dhclient command: receive TCP/IP configuration from DHCP or Boot Protocol (BOOTP) server

• Automatic private IP addressing (APIPA): automatic assignment of IP address in the absence of BHCP and BOOTP

Page 22: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 22

Configuring a Network Interface (continued)

• /etc/sysconfig/network-scripts/ifcfg-interface file: Stores NIC configurations– Allows the system to activate and configure TCP/IP

information at each boot time

• ifdown command: unconfigures a NIC• ifup command: configures NIC using

/etc/sysconfig/network-scripts/ifcfg-interface file• ping (Packet Internet Groper) command:

Check TCP/IP connectivity on a network-c option: limit the number of ping packets sent

Page 23: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 23

Configuring a Network Interface (continued)

Figure 12-2: Configuring network interfaces

Page 24: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 24

Configuring a Network Interface (continued)

Figure 12-3: Configuring TCP/IP information for a network interface

Page 25: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Configuring a Network Interface (continued)

• Mobile commuters typically connect to many different NICs, both wired and wireless

• Network Manager daemon: allows users to quickly connect to wired and wireless networks from desktop environments

Linux+ Guide to Linux Certification, 3e 25

Page 26: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 26

Configuring a PPP Interface

• Run TCP/IP over serial lines using a WAN protocol

• Three common Point-to-Point Protocol (PPP) connection technologies:– Modems– ISDN– DSL

Page 27: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 27

Configuring a PPP Interface (continued)

• Modems: send TCP/IP information across normal telephone lines– Considered slow– Transmit information on a serial port

• ISDN: set of standards designed to transmit data over copper telephone lines

• DSL: connects to Ethernet NIC and transmits data across normal telephone lines

Page 28: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 28

Configuring a PPP Interface (continued)

• Normally configured manually after Linux installation is complete– Requires:

• Support for PPP compiled into kernel

• PPP daemon

• Supporting utilities such as chat program

• Can use graphical programs to configure files and utilities to allow PPP communication

Page 29: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 29

Configuring a PPP Interface (continued)

Figure 12-5: Adding a network interface

Page 30: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 30

Configuring a PPP Interface (continued)

• Information about PPP devices stored in files named ifcfg-InternetServiceProviderName – Located in /etc/sysconfig/network-scripts directory

• Other configurations used by PPP daemon stored in /etc/ppp and /etc/isdn directories

• Incorrect passwords are the most common problem with PPP connections

• Need to activate PPP device after configuration

Page 31: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 31

Name Resolution

• Hostnames: user-friendly computer name

• Fully qualified domain name (FQDN): hostname following DNS convention

• DNS: hierarchical namespace for host names• whois command: used to obtain registration

information about a domain within a name space• hostname command: view or set a computer’s

host name

Page 32: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 32

Name Resolution (continued)

Figure 12-6: The domain name space

Page 33: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 33

Name Resolution (continued)

• TCP/IP cannot identify computers via hostnames– Must map hostnames to IP addresses

• Can be done by placing entries in the /etc/hosts file

• ISPs list FQDNs in DNS servers on Internet– Applications request IP addresses associated with a

specific FQDN– Configure by specifying the IP address of the DNS

server in /etc/resolv.conf file

Page 34: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 34

Routing

• Route table: list of TCP/IP networks stored in system memory

• route command: displays the route table

• Multihomed hosts: computers with multiple network interfaces

• IP forwarding: forwarding packets from one interface to another– Also known as routing

Page 35: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 35

Routing (continued)

• Enabling routing: – Place number 1 in:

• /proc/sys/net/ipv4/ip_forward for IPv4

• /proc/sys/net/ipv6/conf/all/forwarding for IPv6

• To enable routing at every boot:– Edit the /etc/sysctl.conf file to include:

• “net.ipv4.ip_forward = 1” for IPv4

• “net.ipv6.conf.default.forwarding = 1” for IPv6

Page 36: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 36

Routing (continued)

• Large networks may have several routers– Packet may travel through several routers– May require adding entries in the router table

• route add <route> command: add entries to route table

• route del <route> command: remove entries from route table

• ip command: can be used to manipulate the route table

Page 37: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 37

Routing (continued)

Figure 12-7: A sample routed network

Page 38: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 38

Routing (continued)

• Contents of route table lost when computer powered off– Add to /etc/rc.d/rc.local file

• Most routers configured with a default gateway– For packets addressed to destinations not in route

table

• traceroute command: troubleshoot routing– Displays routers between current and remote

computer

Page 39: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 39

Network Services

• Must identify types and features of network services before they can be configured

• Network services: processes that provide some type of valuable service for client computers on network– Often presented by daemon processes that listen to

certain requests• Daemons identify packets to which they should

respond using a port number

Page 40: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 40

Network Services (continued)

• Port: number uniquely identifying a network service– Ensure that packets delivered to proper service– Range from 0 to 65534

• /etc/services file: lists ports and associated protocol

• Well-known port: ports from 0 to 1023 – Represent commonly used services

Page 41: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 41

Network Services (continued)

Table 12-2: Common well-known ports

Page 42: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 42

Network Services (continued)

• Internet super daemon (xinetd): initializes appropriate daemon to provide needed network service

• Stand-alone daemons: daemons that provide network services directly– Log information themselves to subdirectories

under /var/log– chkconfig command or ntsysv utility can be used

to configure most stand-alone daemons to start in various runlevels

Page 43: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 43

Network Services (continued)

Figure 12-8: Interacting with network services

Page 44: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 44

Network Services (continued)

Table 12-3: Common network services

Page 45: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 45

Network Services (continued)

Table 12-3 (continued): Common network services

Page 46: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 46

Network Services (continued)

Table 12-3 (continued): Common network services

Page 47: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 47

Network Services (continued)

Table 12-3 (continued): Common network services

Page 48: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 48

Remote Administration: Telnet

• telnet command: traditionally used to obtain a command-line shell on remote server– Receives host name or IP address of remote

computer as argument– Easiest way to perform remote administration

• Need to install telnet daemon using yum command• Use regular commands and exit to kill remote

BASH shell

Page 49: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Remote Commands

• Remote commands: set of commands that can be used to execute commands on remote systems– yum install rsh-server

• rlogin command: obtains a shell from remote computer on network

• rcp command: copies files between computers• rsh command: used to execute a command on a

remote computer

Linux+ Guide to Linux Certification, 3e 49

Page 50: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Remote Commands (continued)

• r commands allow access to remote computers without a password, if remote computer has trusted access

• Trusted access: computers allowed to access a computer without providing a password– Does not apply to root user– Methods of setting up:

• Add host names of computers to /etc/hosts.equiv

• Create and .rhosts file in the home directory of each user who should get trusted access

Linux+ Guide to Linux Certification, 3e 50

Page 51: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Secure Shell (SSH)

• Secure Shell (SSH): encrypts information passing between computers– Secure replacement for r commands

• ssh command: connects to a remote computer running ssh daemon– Receives host name or IP address of target

computer as argument– Accept RSA encryption fingerprint for target

computer– Can be used to transfer files between computers

Linux+ Guide to Linux Certification, 3e 51

Page 52: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Secure Shell (SSH) (continued)

• Main types of encryption supported by ssh daemon:– Triple Data Encryption Standard (3DES)– Advanced Encryption Standard (AES)– Blowfish– Carlisle Adams Stafford Tavares (CAST)– ARCfour

Linux+ Guide to Linux Certification, 3e 52

Page 53: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Remote X Windows

• X Windows is a network application– Can be used to obtain graphical utilities from remote

Linux computer

• To obtain graphical utilities using X Windows:– Edit /etc/gdm/custom.conf– Use xhost + command within a graphical terminal

to allow other computers to write X Windows clients on your computer

– Connect to remote computer with telnet or ssh, and export DISPLAY variable of the local computer

Linux+ Guide to Linux Certification, 3e 53

Page 54: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Virtual Network Computing (VNC)

• Graphical option for administering Linux remotely

• Other computers run VNC client that connects to VNC server daemon installed on local computer to obtain a desktop environment

• Remote FrameBuffer (RFB): platform-independent protocol used to transfer graphics, mouse movements and keystrokes across network

• vncpasswd command: used to configure password for VNC connection

• vncviewer command: connects to VNC serverLinux+ Guide to Linux Certification, 3e 54

Page 55: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 55

Summary

• A network is a collection of connected computers that share information

• A protocol is a set of rules that defines the format of information that is transmitted across a network

• Each computer on a TCP/IP network must have a valid IPv4 or IPv6 address

• The IPv4 configuration of a network interface can be specified manually, obtained automatically from a DHCP or BOOTP server, or autoconfigured by the system

Page 56: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Summary (continued)

• The IPv6 configuration of a network interface can be obtained from a router using ICMPv6, from a DHCP server, or autoconfigured by the system

• The /etc/sysconfig/network-scripts directory contains the configuration for NIC and PPP interfaces

• Host names are computer names that are easy for humans to remember; host names that follow the DNS are FQDNs

• Host names must be resolved to an IP address before network communication can take place

Linux+ Guide to Linux Certification, 3e 56

Page 57: Linux+ Guide to Linux Certification, Third Edition Chapter 12 Network Configuration

Linux+ Guide to Linux Certification, 3e 57

Summary (continued)

• Routers are devices that forward TCP/IP packets from one network to another; each computer and router has a route table used to determine how TCP/IP packets are forwarded

• Network services are started by the Internet Super Daemon or by stand-alone daemons

• There are many ways to remotely administer a Linux system, including the telnet, rsh, rcp, rlogin, and ssh commands, X Windows and VNC