Professional Documents
Culture Documents
as part of the DHCP protocol. If using a static IP address, ask the ISP
or check another machine on your network.
File: /etc/hosts - locally resolve node names to IP addresses
127.0.0.1
your-node-name.your-domain.com localhost.localdomain localho
st
XXX.XXX.XXX.XXX node-name
Note when adding hosts to this file, place the fully qualified name
first. (It helps sendmail identify your server correctly) i.e.:
XXX.XXX.XXX.XXX superserver.yolinux.com superserver
This informs Linux of local systems on the network which are not handled
by the DNS server. (or for all systems in your LAN if you are not using
DNS or NIS)
/etc/sysconfig/network
Red Hat network configuration file used by the system during the boot
process.
/etc/nsswitch
In the past this file has had the following names: /etc/nsswitch.conf,
/etc/svc.conf, /etc/netsvc.conf, ... depending on the distribution.
File: /etc/nsswitch.conf - System Databases and Name Service Switch
configuration file
hosts: files dns nisplus nis
This example tells Linux to first resolve a host name by looking at the
local hosts file(/etc/hosts), then if the name is not found look to your
DNS server as defined by /etc/resolv.conf and if not found there look to
your NIS server.
File: /etc/sysconfig/network-scripts/ifcfg-eth0
Configuration settings for your first ethernet port (0). Your second
port is eth1.
File: /etc/modules.conf (or for older systems: /etc/conf.modules)
Example statement for Intel ethernet card:
alias eth0 eepro100
Modules for other devices on the system will also be listed. This tells
the kernel which device driver to use if configured as a loadable
module. (default for Red Hat)
Fedora / Red Hat Network GUI Configuration Tools:
The following GUI tools edit the system configuration files. There is no
difference in the configuration developed with the GUI tools and that
developed by editing system configuration files directly. TCP/IP
ethernet configuration:
Network configuration:
/usr/sbin/system-config-network (FC-2/3) GUI shown here --->
/usr/bin/redhat-config-network (/usr/bin/neat) (RH 7.2+ FC-1)
Text console configuration tool:
/usr/sbin/system-config-network-tui (Fedora Core 2/3)
/usr/bin/redhat-config-network-tui (RH 9.0 - FC-1)
Text console network configuration tool. First interface only eth0:
/usr/sbin/netconfig
/usr/bin/netcfg (GUI) (last available with RH 7.1)
Gnome Desktop:
Gnome Desktop Network Configuration
/usr/bin/gnome-network-preferences (RH 9.0 - FC-3)
Proxy configuration. Choose one of three options:
Direct internet connection
Manual proxy configuration (specify proxy and port)
Automatic proxy configuration (give URL)
Assigning an IP address:
Computers may be assiged a static IP address or assigned one dynamically.
Static IP address assignment:
Choose one of the following methods:
Command Line:
/sbin/ifconfig eth0 192.168.10.12 netmask 255.255.255.0 broadcast 192.168.10
.255
Network address by convention would be the lowest: 192.168.10.0
Broadcast address by convention would be the highest: 192.168.10.255
The gateway can be anything, but following convention: 192.168.10.1
Note: the highest and lowest addresses are based on the netmask. The
previous example is based on a netmask of 255.255.255.0
GUI tools:
/usr/bin/neat Gnome GUI network administration tool. Handles all
interfaces. Configure for Static IP or DHCP client.
(First available with Red Hat 7.2.)
/usr/bin/netcfg (Handles all interfaces) (last available in Red Hat
7.1)
Console tool: /usr/sbin/netconfig (Only seems to work for the first
network interface eth0 but not eth1,...)
Directly edit configuration files/scripts. See format below.
The ifconfig command does NOT store this information permanently. Upon
reboot this information is lost. (Manually add the commands to the end of
the file /etc/rc.d/rc.local to execute them upon boot.) The commands
netcfg and netconfig make permanent changes to system network
configuration files located in /etc/sysconfig/network-scripts/, so that
this information is retained.
The IANA has allocated IP addresses in the range of 192.168.0.0 to
192.168.255.255 for private networks.
Helpful tools:
Cisco's IP Subnet calculator
CIDR Conversion table - CIDR values, masks etc.
The Red Hat configuration tools store the configuration information in the
file /etc/sysconfig/network. They will also allow one to configure routing
information.
File: /etc/sysconfig/network
Static IP address Configuration: (Configure gateway address)
NETWORKING=yes
HOSTNAME=my-hostname
- Hostname is defined here and by command hostname
FORWARD_IPV4=true
- True for NAT firewall gateways and linux routers. Fa
lse for everyone else - desktops and servers.
GATEWAY="XXX.XXX.XXX.YYY" - Used if your network is connected to another network
or the internet.
Network aliasing:
Assign more than one IP address to one ethernet card:
ifconfig eth0 XXX.XXX.XXX.XXX netmask 255.255.255.0 broadcast XXX.XXX.XXX.
255
ifconfig eth0:0 192.168.10.12
55
55
eth0:1
Subnets:
MASK# OF SUBNETSCLASS A
HOSTSCLASS A
MASKCLASS B
HOSTSCLASS B
MASKCLASS C
HOSTSCLASS C
MASKCLASS C SUB
HOSTSCLASS C SUB
MASK
2551 or 25616,777,214255.0.0.065,534255.255.0.0254255.255.255.01 Invalid255.255.255.255
25412833,554,430254.0.0.0131,070255.254.0.0510255.255.254.00 Invalid255.255.255.254
2526467,108,862252.0.0.0262,142255.252.0.01,022255.255.252.02255.255
.255.252
24832134,217,726248.0.0.0524,286255.248.0.02,046255.255.248.06255.25
5.255.248
24016268,435,454240.0.0.01,048,574255.240.0.04,094255.255.240.014255
.255.255.240
2248536,870,910224.0.0.02,097,150255.224.0.08,190255.255.224.030255.
255.255.224
19241,073,741,822192.0.0.04,194,302255.192.0.016,382255.255.192.0622
55.255.255.192
12822,147,483,646128.0.0.08,388,606255.128.0.032,766255.255.128.0126
255.255.255.128
Binary position87654321
Value1286432168421
Example: 19211000000
Example 192=128+64
Some addresses are reserved and outside this scope. Loopback (127.0.0.1),
reserved class C 192.168.XXX.XXX, reserved class B 172.31.XXX.XXX and
reserved class A 10.XXX.XXX.XXX.
Links:
What's A Netmask And Why Do I Need One?
Subnet Cheat Sheet
Subnet calculator
CIDR Converstion Table
Table of subnets
IP Subnetting, Variable Subnetting, and CIDR (Supernetting)
CISCO.com: Subnet Masking and Addressing
Network Classes:
The concept of network classes is a little obsolete as subnets are now
used to define smaller networks. These subnets may be part of a class A,
B, C, etc network. For historical reference the network classes are
defined as follows:
Class A: Defined by the first 8 bits with a range of 0 - 127.
First number (8 bits) is defined by Internic i.e. 77.XXX.XXX.XXX
One class A network can define 16,777,214 hosts.
Class B: Defined by the first 8 bits with a range from 128 - 191
First two numbers (16 bits) are defined by Internic i.e. 182.56.XXX.XXX
One class B network can define 65,534 hosts.
Class C: Defined by the first 8 bits with a range from 192 - 223
First three numbers (24 bits) are defined by Internic i.e.
220.56.222.XXX
One class B network can define 254 hosts.
Class D: Defined by the first 8 bits with a range from 224 - 239
This is reserved for multicast networks (RFC988)
Class E: Defined by the first 8 bits with a range from 240 - 255
This is reserved for experimental use.
Enable Forwarding:
Turn on IP forwarding to allow Linux computer to act as a gateway or
router.
echo 1 > /proc/sys/net/ipv4/ip_forward
Default is 0. One can add firewall rules by using ipchains.
Another method is to alter the Linux kernel config file:
/etc/sysctl.conf Set the following value:
net.ipv4.ip_forward = 1
See file /etc/sysconfig/network for storing this configuration.
FORWARD_IPV4=true
Change the default "false" to "true".
All methods will result in a proc file value of "1". Test: cat
/proc/sys/net/ipv4/ip_forward
The TCP Man page - Linux Programmer's Manual and
/usr/src/linux/Documentation/proc.txt (Kernel 2.2 RH 7.0-) [alt link]
cover /proc/sys/net/ipv4/* file descriptions.
To set up an internet gateway router using Linux, see the YoLinux tutorial
Using Linux and iptables/ipchains to set up an internet gateway for home
or office.
Adding a network interface card (NIC):
Manual method: This does not alter the permanent configuration and will
only configure support until the next reboot.
VPN, Tunneling:
Commercial VPN Linux software solutions - YoLinux
CIPE: Crypto IP Encapsulation (Easiest way to configure two Linux
gateways connecting two private networks over the internet with
encryption.)
CIPE Home page - CIPE is a simple encapsulation system that securely
connects two subnets.
VPN, Firewall, Gateway Mini How To - Keith Hasely
The Linux Cipe+Masquerading mini-HOWTO - Anthony Ciaravalo
Freeswan IPSec - An IPSec project for Linux (known as Freeswan and
KLIPS).
GRE Tunneling - Hugo Samayoa
VPN HowTo - Matthew D. Wilson
Linux VPN support - PPTP, L2TP, ppp over SSH tunnel, VPN support working
with 128-bit rc4 encryption. By Michael Elkins
Installing and Running PPTP on Linux
Tunnel Vision VPN for Linux - creates an encrypted VPN between two
Tunnel Vision-capable sites.
network
netstat - Display connections, routing tables, stats etc
List externally connected processes: netstat -punta
List all connected processes: netstat -nap
Show network statistics: netstat -s
Kernel interface table info: netstat -a -i eth0
ping - send ICMP ECHO_REQUEST packets to network hosts. Use Cntl-C to
stop ping.
traceroute - print the route packets take to network host
mtr - a network diagnostic tool - Like traceroute except it gives more
network quality and network diagnostic info.
whois - Lookup a domain name in the internic whois database.
finger - Display information on a system user. i.e. finger user@host
Uses $HOME/.plan and $HOME/.project user files. Often used by game
developers. See http://finger.planetquake.com/
ipchains - IP firewall administration
tcpdump - dump traffic on a network
iptraf - Interactive Colorful IP LAN Monitor
socklist - Display list of open sockets, type, port, process id and the
name of the process. Kill with fuser or kill.
nslookup - Give a host name and the command will return IP address. Also
see Testing your DNS (YoLinux Tutorial) Note that nslookup does not use
the /etc/hosts file.
host - Give a host name and the command will return IP address. Unlike
nslookup, the host command will use both /etc/hosts as well as DNS.
nmap - Network exploration tool and security scanner
List pingable nodes on network: nmap -sP 192.168.0.0/24
Scans network for IP addresses 192.168.0.0 to 192.168.0.255 using
ping.
inetd/xinetd: Network Socket Listener Daemons:
The network listening daemons listen and respond to all network socket
connections made on the TCP/IP ports assigned to it. The ports are defined
by the file /etc/services. When a connection is made, the listener will
attempt to invoke the assigned program and pipe the data to it. This
simplified matters by allowing the assigned program to read from stdin
instead of making its own sockets connection. The listener hadles the
network socket connection. Two network listening and management daemons
have been used in Red Hat Linux distributions:
xinetd: Red Hat 7.0+
inetd: All previous versions
inetd:
Configuration file: /etc/inetd.conf
Entries in this file consist of a single line made up of the following
fields:
service socket-type protocol wait user server cmdline
service: The name assigned to the service. Matches the name given in
the file /etc/services
socket-type:
stream: connection protocols (TCP)
dgram: datagram protocols (UDP)
raw
rdm
seqpacket
protocol: Transport protocol name which matches a name in the file
/etc/protocols. i.e. udp, icmp, tcp, rpc/udp, rpc/tcp, ip, ipv6
wait: Applies only to datagram protocols (UDP).
wait[.max]: One server for the specified port at any time (RPC)
nowait[.max]: Continue to listen and launch new services if a new
connection is made. (multi-threaded)
Max refers to the maximum number of server instances spawned in 60
seconds. (default=40)
user[.group]: login id of the user the process is executed under.
Often nobody, root or a special restricted id for that service.
server: Full path name of the server program to be executed. cmdline:
Command line to be passed to the server. This includes argument 0
(argv[0]), that is the command name. This field is empty for internal
services. Example of internal TCP services: echo, discard, chargen
(character generator), daytime (human readable time), and time
(machine readable time). (see RFC)
Sample File: /etc/inetd.conf
#echo stream tcp
nowait root
internal
#echo dgram udp
wait
root
internal
ftp
stream tcp
nowait root
#pop-3 stream tcp
nowait root
#swat
stream tcp
nowait.400
/usr/sbin/tcpd in.ftpd -l -a
/usr/sbin/tcpd ipop3d
root /usr/sbin/swat swat
A line may be commented out by using a '#' as the first character in the
line. This will turn the service off. The maximum length of a line is
1022 characters.
The inet daemon must be restarted to pick up the changes made to the
file:
/etc/rc.d/init.d/inetd restart
For more information see the man pages "inetd" and "inetd.conf".
xinetd: Extended Internet Services Daemon
Xinetd has access control machanisms, logging capabilities, the ability
to make services available based on time, and can place limits on the
number of servers that can be started, redirect services to different
ports and network interfaces (NIC) or even to a different server, chroot
a service etc... and thus a worthy upgrade from inetd.
Use the command chkconfig --list to view all system services and their
state. It will also list all network services controlled by xinetd and
their respective state under the title "xinetd based services". (Works
for xinetd (RH7.0+) but not inetd)
The xinetd network daemon uses PAM also called network wrappers which
invoke the /etc/hosts.allow and /etc/hosts.deny files.
Configuration file: /etc/xinetd.conf which in turn uses configuration
files found in the directory /etc/xinetd.d/.
To turn a network service on or off:
Edit the file /etc/xinetd.d/service-name
net.ipv4.conf.all.accept_redirects = 1
Add the following to the file: /etc/rc.d/rc.local
for f in /proc/sys/net/ipv4/conf/*/accept_redirects
do
echo 1 > $f
done
Command to view Kernel IP routing cache: /sbin/route -Cn
NOTE: This may leave you vulnerable to hackers as attackers may alter your
routes.
Red Hat 6.1 Document: The Network Administrators' Guide - Nikos Drakos /
Andrew Anderson
NIS Howto - Thorsten Kukuk
NFS Howto - Nicolai Langfeldt
What Packets Look Like
SNMP: Simple Network Management Protocol (Uses ports 161,162,391,1993)
SNMP - Intro and tutorials
Linux SNMP Network Management Tools
SNMP FAQ
net-snmp - tools and libraries
News/Usenet Group: comp.os.linux.networking - Deja
MARS-nwe - Netware emulator
Caldera: Netware for Linux - Includes full NDS
Linux 2.4 Advanced Routing HOWTO - iproute2, traffic shaping and a bit
of netfilter
ATM:
ATM on Linux
ISDN:
ISDN4LINUX FAQ - Matthias Hessler
ISDN4 Linux Home Page
ISDN Solutions for Linux
Examples of ISDN for LINUX Installations
Dan Kegel's ISDN Page
DSL:
DSLreports.com: Reviews of DSL providers, bandwidth speed measurement,
Tools, Info
PPTP: Point-to-Point Tunneling Protocol
RFC 2637: Point-to-Point Tunneling Protocol (PPTP).
PoPToP - PPTP server for Linux.
PPTP-Linux Client - A PPTP Linux client that allows a linux system to
connect to a PPTP server. Developed by C. S. Ananian.
Counterpane Systems FAQ on Microsoft's PPTP Implementation - FAQ on
the security flaws in Microsoft's PPTP Implementation.
DHCP: (Dynamic Host Configuration Protocol)
ISC Dynamic Host Configuration Protocol
Multicast:
Multicast over TCP/IP HOWTO
ISP's: (National/Global)
TheList.com - Comprehensive list of ISP's
Earthlink
Concentric
ATT Worldnet
NIS: (NFS infrastructure)
NIS Statup Instructions
Ethernet cables:
Making CAT 3, 5, 5E RJ45 Ethernet Cables
Wiring and Installation
Gigabit Ethernet
VIX: Vienna Internet eXchange - European traffic exchange for ISP's
Test Internet Bandwidth:
Test the speed of your connection by selecting this link - or this link
(pick tachometer icon)
Bandwidth tests and large file transfers
Bandwidth explained and List of bandwidth test sites
System monitor gkrellm - Monitors speed/bandwidth
Man Pages:
icmp - Linux IPv4 ICMP kernel module
ifport - select the transceiver type for a network interface
usernetctl - allow a user to manipulate a network interface if permitted
arp - manipulate the system ARP cache
Shows other systems on your network (including IP address conflicts):
arp -a
Show ARP table Linux style: arp -e
List ARP table: cat /proc/net/arp
ripquery - query RIP (Routing Information Protocol) gateways
gated - gateway routing daemon
Books:
"Networking Linux: A Practical Guide to TCP/IP"
by Pat Eyler
ISBN # 0735710317, New Riders Publishing
"LINUX TCP/IP Network Administration
by Scott Mann, Mitchell Krell
ISBN # 0130322202, rentice Hall PTR
"Advanced Linux Networking"
by Roderick W. Smith
ISBN# 0201774232, Addison-Wesley Professional; 1st edition (July
15, 2002)
"Linux Routing"
by Dee Ann LeBlanc, Joe "Zonker" Brockmeier, Ronald W. McCarty Jr.
ISBN# 1578702674, Sams; 1st edition (October 11, 2001)
"Policy Routing Using Linux"
by Matthew G. Marsh
ISBN# 0672320525, Sams; (March 6, 2001)
"Red Hat Linux Fedora Unleashed"
by Bill Ball, Hoyt Duff
Sams, ISBN# 0672326299
"Red Hat Linux Fedora 3 Unleashed"
by Bill Ball, Hoyt Duff
Sams, ISBN# 0672327082
"Red Hat Linux 9 Unleashed"
by Bill Ball, Hoyt Duff
Sams, ISBN# 0672325888
I have the Red Hat 6 version and I have found it to be very
helpful. I have found it to be way more complete than the other
Linux books. It is the most complete general Linux book in
publication. While other books in the "Unleashed" series have
dissapointed me, this book is the best out there.
"Redhat Linux 9 (Visual QuickPro Guide)"
by Harold Davis
ISBN #032121918X, Peachpit Press, Addison Wesley
The best basic Linux book around for the GUI generation. This book
can be best described as a guide to using the GUI configuration
tools.