Linux Tutorial - Linux Network Administration

YoLinux Tutorial - Linux Networking

This tutorial covers TCP/IP networking and system configuration basics. Linux
can support multiple network devices. The device names are numbered and begin at
zero and count upwards. For example, a computer running two ethernet cards will
have two devices labeled /dev/eth0 and /dev/eth1.
Contents:
Configuration files
Red Hat Linux network GUI configuration tools.
Assigning an IP address
Activating and De-Activating your NIC
Subnets
Enable Forwarding
Adding a network interface card (NIC)
Route
VPN, Tunneling
Usefull Linux networking commands
inetd/xinetd: Network Socket Listener Daemons
RPC: Remote Procedure Call. (portmapper)
PAM: Network Wrappers.
ICMP protocol.
Network Monitoring Tools
IDS: Intruder Detection System - SNORT
Living in a MS/Windows world
Related Links
Other YoLinux Networking Tutorials:
Setting up an internet gateway for home or office using iptables
Modem dial-up:
Configuring PPP dial up connections to an ISP
Dialing Compuserve
Dialing AOL
Configuring PPP dial-in connections
DNS Name server configuration
DHCP server configuration: Dynamic Host Configuration Protocol
Internet/Network Security
Security Tools and Hacker Tools

TCP/IP Network Configuration Files:

File: /etc/resolv.conf - resolver configuration file
search name-of-domain.com - Name of your domain or ISP's domain if using their
name server
nameserver XXX.XXX.XXX.XXX - IP address of primary name server
nameserver XXX.XXX.XXX.XXX - IP address of secondary name server
This configures Linux so that it knows which DNS server will be
resolving domain names into IP addresses. If using DHCP client, this
will automatically be sent to you by the ISP and loaded into this file

as part of the DHCP protocol. If using a static IP address, ask the ISP
or check another machine on your network.
File: /etc/hosts - locally resolve node names to IP addresses
127.0.0.1
your-node-name.your-domain.com localhost.localdomain localho
st
XXX.XXX.XXX.XXX node-name
Note when adding hosts to this file, place the fully qualified name
first. (It helps sendmail identify your server correctly) i.e.:
XXX.XXX.XXX.XXX superserver.yolinux.com superserver
This informs Linux of local systems on the network which are not handled
by the DNS server. (or for all systems in your LAN if you are not using
DNS or NIS)
/etc/sysconfig/network
Red Hat network configuration file used by the system during the boot
process.
/etc/nsswitch
In the past this file has had the following names: /etc/nsswitch.conf,
/etc/svc.conf, /etc/netsvc.conf, ... depending on the distribution.
File: /etc/nsswitch.conf - System Databases and Name Service Switch
configuration file
hosts: files dns nisplus nis
This example tells Linux to first resolve a host name by looking at the
local hosts file(/etc/hosts), then if the name is not found look to your
DNS server as defined by /etc/resolv.conf and if not found there look to
your NIS server.
File: /etc/sysconfig/network-scripts/ifcfg-eth0
Configuration settings for your first ethernet port (0). Your second
port is eth1.
File: /etc/modules.conf (or for older systems: /etc/conf.modules)
Example statement for Intel ethernet card:
alias eth0 eepro100
Modules for other devices on the system will also be listed. This tells
the kernel which device driver to use if configured as a loadable
module. (default for Red Hat)
Fedora / Red Hat Network GUI Configuration Tools:
The following GUI tools edit the system configuration files. There is no
difference in the configuration developed with the GUI tools and that
developed by editing system configuration files directly. TCP/IP
ethernet configuration:
Network configuration:
/usr/sbin/system-config-network (FC-2/3) GUI shown here --->
/usr/bin/redhat-config-network (/usr/bin/neat) (RH 7.2+ FC-1)
Text console configuration tool:
/usr/sbin/system-config-network-tui (Fedora Core 2/3)
/usr/bin/redhat-config-network-tui (RH 9.0 - FC-1)
Text console network configuration tool. First interface only eth0:
/usr/sbin/netconfig
/usr/bin/netcfg (GUI) (last available with RH 7.1)

Gnome Desktop:
Gnome Desktop Network Configuration
/usr/bin/gnome-network-preferences (RH 9.0 - FC-3)
Proxy configuration. Choose one of three options:
Direct internet connection
Manual proxy configuration (specify proxy and port)
Automatic proxy configuration (give URL)

Assigning an IP address:
Computers may be assiged a static IP address or assigned one dynamically.
Static IP address assignment:
Choose one of the following methods:
Command Line:
/sbin/ifconfig eth0 192.168.10.12 netmask 255.255.255.0 broadcast 192.168.10
.255
Network address by convention would be the lowest: 192.168.10.0
Broadcast address by convention would be the highest: 192.168.10.255
The gateway can be anything, but following convention: 192.168.10.1
Note: the highest and lowest addresses are based on the netmask. The
previous example is based on a netmask of 255.255.255.0
GUI tools:
/usr/bin/neat Gnome GUI network administration tool. Handles all
interfaces. Configure for Static IP or DHCP client.
(First available with Red Hat 7.2.)
/usr/bin/netcfg (Handles all interfaces) (last available in Red Hat
7.1)
Console tool: /usr/sbin/netconfig (Only seems to work for the first
network interface eth0 but not eth1,...)
Directly edit configuration files/scripts. See format below.
The ifconfig command does NOT store this information permanently. Upon
reboot this information is lost. (Manually add the commands to the end of
the file /etc/rc.d/rc.local to execute them upon boot.) The commands
netcfg and netconfig make permanent changes to system network
configuration files located in /etc/sysconfig/network-scripts/, so that
this information is retained.
The IANA has allocated IP addresses in the range of 192.168.0.0 to
192.168.255.255 for private networks.
Helpful tools:
Cisco's IP Subnet calculator
CIDR Conversion table - CIDR values, masks etc.

The Red Hat configuration tools store the configuration information in the
file /etc/sysconfig/network. They will also allow one to configure routing
information.
File: /etc/sysconfig/network
Static IP address Configuration: (Configure gateway address)
NETWORKING=yes
HOSTNAME=my-hostname
- Hostname is defined here and by command hostname
FORWARD_IPV4=true
- True for NAT firewall gateways and linux routers. Fa
lse for everyone else - desktops and servers.
GATEWAY="XXX.XXX.XXX.YYY" - Used if your network is connected to another network
or the internet.

Static IP configuration. Gateway not defined here fo

r DHCP client.
OR for DHCP client configuration:
NETWORKING=yes
HOSTNAME=my-hostname
- Hostname is defined here and by command hostname
(Gateway is assigned by DHCP server.)
File: /etc/sysconfig/network-scripts/ifcfg-eth0
Static IP address configuration:
DEVICE=eth0
BOOTPROTO=static
BROADCAST=XXX.XXX.XXX.255
IPADDR=XXX.XXX.XXX.XXX
NETMASK=255.255.255.0
NETWORK=XXX.XXX.XXX.0
ONBOOT=yes
OR for DHCP client configuration:
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
(Used by script /etc/sysconfig/network-scripts/ifup to bring the various
network interfaces on-line)
To disable DHCP change BOOTPROTO=dhcp to BOOTPROTO=none
In order for updated information in any of these files to take effect, one
must issue the command: service network restart

Changing the host name:

This is a three step process:
Issue the command: hostname new-host-name
Change network configuration file: /etc/sysconfig/network
Edit entry: HOSTNAME=new-host-name
Restart systems which relied on the hostname (or reboot):
Restart network services: service network restart
Restart desktop:
Bring down system to console mode: init 3
Bring up X-Windows: init 5
One may also want to check the file /etc/hosts for an entry using the
system name which allows the system to be self aware.

Network aliasing:
Assign more than one IP address to one ethernet card:
ifconfig eth0 XXX.XXX.XXX.XXX netmask 255.255.255.0 broadcast XXX.XXX.XXX.
255
ifconfig eth0:0 192.168.10.12

netmask 255.255.255.0 broadcast 192.168.10.2

ifconfig eth0:1 192.168.10.14

netmask 255.255.255.0 broadcast 192.168.10.2

55
55

route add -host XXX.XXX.XXX.XXX dev eth0

route add -host 192.168.10.12 dev eth0
route add -host 192.168.10.14 dev eth0
In this example 0 and 1 are aliases in addition to the regular eth0. The
result of the ifconfig command:
eth0
Link encap:Ethernet HWaddr 00:10:4C:25:7A:3F
inet addr:XXX.XXX.XXX.XXX Bcast:XXX.XXX.XXX.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14218 errors:0 dropped:0 overruns:0 frame:0
TX packets:1362 errors:0 dropped:0 overruns:0 carrier:0
collisions:1 txqueuelen:100
Interrupt:5 Base address:0xe400
eth0:0

Link encap:Ethernet HWaddr 00:10:4C:25:7A:3F

inet addr:192.168.10.12 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:5 Base address:0xe400

eth0:1

Link encap:Ethernet HWaddr 00:10:4C:25:7A:3F

inet addr:192.168.10.14 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:5 Base address:0xe400

Config file: /etc/sysconfig/network-scripts/ifcfg-eth0:0

DEVICE=eth0:0
ONBOOT=yes
BOOTPROTO=static
BROADCAST=192.168.10.255
IPADDR=192.168.10.12
NETMASK=255.255.255.0
NETWORK=192.168.10.0
ONBOOT=yes
Aliases can also be shut down independently. i.e.: ifdown eth0:0
The option during kernel compile is: CONFIG_IP_ALIAS=y (Enabled by default
in Redhat)

DHCP Linux Client: get connection info: /sbin/pump -i eth0 --status

(Linux 7.1 and older)
Device eth0
IP: 4.XXX.XXX.XXX
Netmask: 255.255.252.0
Broadcast: 4.XXX.XXX.255
Network: 4.XXX.XXX.0
Boot server 131.XXX.XXX.4
Next server 0.0.0.0
Gateway: 4.XXX.XXX.1
Domain: vz.dsl.genuity.net
Nameservers: 4.XXX.XXX.1 4.XXX.XXX.2 4.XXX.XXX.3
Renewal time: Sat Aug 11 08:28:55 2001
Expiration time: Sat Aug 11 11:28:55 2001
Activating and De-Activating your NIC:

Commands for starting and stopping TCP/IP network services on an

interface:
Activate: /sbin/ifup eth0
(Also: ifconfig eth0 up - Note: Even if no IP address is assigned
you can listen.)
De-Activate: /sbin/ifdown eth0
(Also: ifconfig eth0 down)
These scripts use the scripts and NIC config files in
/etc/sysconfig/network-scripts/
GUI Interface control/configuration:
Start/Stop network interfaces
/usr/bin/system-control-network (Fedora Core 2/3)
/usr/bin/redhat-control-network (RH 9.0 - FC-1)
Configure Ethernet, ISDN, modem, token Ring, Wireless or DSL
network connection:
/usr/sbin/system-config-network-druid (FC2/3)
/usr/sbin/redhat-config-network-druid (RH 9 - FC-1)

Subnets:
MASK# OF SUBNETSCLASS A
HOSTSCLASS A
MASKCLASS B
HOSTSCLASS B
MASKCLASS C
HOSTSCLASS C
MASKCLASS C SUB
HOSTSCLASS C SUB
MASK
2551 or 25616,777,214255.0.0.065,534255.255.0.0254255.255.255.01 Invalid255.255.255.255
25412833,554,430254.0.0.0131,070255.254.0.0510255.255.254.00 Invalid255.255.255.254
2526467,108,862252.0.0.0262,142255.252.0.01,022255.255.252.02255.255
.255.252
24832134,217,726248.0.0.0524,286255.248.0.02,046255.255.248.06255.25
5.255.248
24016268,435,454240.0.0.01,048,574255.240.0.04,094255.255.240.014255
.255.255.240
2248536,870,910224.0.0.02,097,150255.224.0.08,190255.255.224.030255.
255.255.224
19241,073,741,822192.0.0.04,194,302255.192.0.016,382255.255.192.0622
55.255.255.192
12822,147,483,646128.0.0.08,388,606255.128.0.032,766255.255.128.0126
255.255.255.128
Binary position87654321
Value1286432168421
Example: 19211000000
Example 192=128+64
Some addresses are reserved and outside this scope. Loopback (127.0.0.1),
reserved class C 192.168.XXX.XXX, reserved class B 172.31.XXX.XXX and
reserved class A 10.XXX.XXX.XXX.
Links:
What's A Netmask And Why Do I Need One?
Subnet Cheat Sheet

Subnet calculator
CIDR Converstion Table
Table of subnets
IP Subnetting, Variable Subnetting, and CIDR (Supernetting)
CISCO.com: Subnet Masking and Addressing
Network Classes:
The concept of network classes is a little obsolete as subnets are now
used to define smaller networks. These subnets may be part of a class A,
B, C, etc network. For historical reference the network classes are
defined as follows:
Class A: Defined by the first 8 bits with a range of 0 - 127.
First number (8 bits) is defined by Internic i.e. 77.XXX.XXX.XXX
One class A network can define 16,777,214 hosts.
Class B: Defined by the first 8 bits with a range from 128 - 191
First two numbers (16 bits) are defined by Internic i.e. 182.56.XXX.XXX
One class B network can define 65,534 hosts.
Class C: Defined by the first 8 bits with a range from 192 - 223
First three numbers (24 bits) are defined by Internic i.e.
220.56.222.XXX
One class B network can define 254 hosts.
Class D: Defined by the first 8 bits with a range from 224 - 239
This is reserved for multicast networks (RFC988)
Class E: Defined by the first 8 bits with a range from 240 - 255
This is reserved for experimental use.
Enable Forwarding:
Turn on IP forwarding to allow Linux computer to act as a gateway or
router.
echo 1 > /proc/sys/net/ipv4/ip_forward
Default is 0. One can add firewall rules by using ipchains.
Another method is to alter the Linux kernel config file:
/etc/sysctl.conf Set the following value:
net.ipv4.ip_forward = 1
See file /etc/sysconfig/network for storing this configuration.
FORWARD_IPV4=true
Change the default "false" to "true".
All methods will result in a proc file value of "1". Test: cat
/proc/sys/net/ipv4/ip_forward
The TCP Man page - Linux Programmer's Manual and
/usr/src/linux/Documentation/proc.txt (Kernel 2.2 RH 7.0-) [alt link]
cover /proc/sys/net/ipv4/* file descriptions.
To set up an internet gateway router using Linux, see the YoLinux tutorial
Using Linux and iptables/ipchains to set up an internet gateway for home
or office.
Adding a network interface card (NIC):
Manual method: This does not alter the permanent configuration and will
only configure support until the next reboot.

cd /lib/modules/2.2.5-15/net/ - Use kernel version for your system. This

example uses 2.2.5-15
Here you will find the modules supported by your system. It can be
permanently added to /etc/modules.conf (or for older systems:
/etc/conf.modules) Example:
alias eth0 3c59x
/sbin/insmod -v 3c59x (For a 3Com ethernet card)
ifconfig ...
The easy way: Red Hat versions 6.2 and later, ship with Kudzu, a device
detection program which runs during system initialization.
(/etc/rc.d/init.d/kudzu) This can detect a newly installed NIC and load
the appropriate driver. Then use /usr/sbin/netconfig to configure the IP
address and network settings. The configuration will be stored so that it
will be utilized upon system boot.
Systems with two NIC cards: Typically two cards are used when connecting
to two networks. In this case the device must be defined using one of
three methods:
Use the GUI tool /usr/bin/netcfg
OR
Define network parameters in configuration files:
Define new device in file /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=static
IPADDR=192.168.10.12
NETMASK=255.255.255.0
GATEWAY=XXX.XXX.XXX.XXX
HOSTNAME=node-name.name-of-domain.com
DOMAIN=name-of-domain.com
Special routing information may be specified, if necessary, in the file:
/etc/sysconfig/static-routes
Example:
eth1 net XXX.XXX.XXX.0 netmask 255.255.255.0 gw XXX.XXX.XXX.XXX
OR
Define network parameters using Unix command line interface:
Define IP address:
ifconfig eth0 XXX.XXX.XXX.XXX netmask 255.255.255.0 broadcast XXX.XXX.XXX.2
55
ifconfig eth1 192.168.10.12 netmask 255.255.255.0 broadcast 192.168.10.25
5
If necessary, define route with with the route command:
Examples:
route add default gw XXX.XXX.XXX.XXX dev eth0
route add -net XXX.XXX.XXX.0 netmask 255.255.255.0 gw XXX.XXX.XXX.XXX dev e
th0
Where XXX.XXX.XXX.XXX is the gateway to the internet as defined by your
ISP or network operator.
If a mistake is made just repeat the route command substituting "del" in
place of "add".

Configuring your NIC: Speed and Duplex settings

This is usually not necessary because most ethernet adapters can
auto-negotiate link speed and duplex setting.
List NIC speed and configuration: mii-tool

eth0: negotiated 100baseTx-FD flow-control, link ok

Verbose mode: mii-tool -v
eth0: negotiated 100baseTx-FD flow-control, link ok
product info: Intel 82555 rev 4
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
Set NIC configuration: mii-tool -F option
OptionParameters
-F100baseTx-FD
100baseTx-HD
10baseT-FD
10baseT-HD
-A100baseT4
100baseTx-FD
100baseTx-HD
10baseT-FD
10baseT-HD
Query NIC with ethtool:
CommandDescription
ethtool -g eth0Queries ethernet device for rx/tx ring parameter
information.
ethtool -a eth0 Queries ethernet device for pause parameter
information.
ethtool -c eth0 Queries ethernet device for coalescing
information.
ethtool -i eth0 Queries ethernet device for associated driver
information.
ethtool -d eth0 Prints a register dump for the specified
ethernet device.
ethtool -k eth0 Queries ethernet device for offload information.
ethtool -S eth0 Queries ethernet device for NIC and driver
statistics.
Man Pages:
mii-tool - view, manipulate media-independent interface status
ethtool - Display or change ethernet card settings
Route:
Static routes: IP (Internet Protocol) uses a routing table to determine
where packets should be sent. First the packet is examined to see if its'
destination is for the local or remote network. If it is to be sent to a
remote network, the routing table is consulted to determine the path. If
there is no information in the routing table then the packet is sent to
the default gateway. Static routes are set with the route command and with
the configuration file /etc/sysconfig/network-scripts/route-eth0 or (RH 7)
/etc/sysconfig/static-routes:
10.2.3.0/16 via 192.168.10.254
See command: /etc/sysconfig/network-scripts/ifup-routes eth0
Dynamic routes: RIP (Routing Information Protocol) is used to define
dynamic routes. If multiple routes are possible, RIP will choose the

shortest route. (Fewest hops between routers not physical distance.)

Routers use RIP to broadcast the routing table over UDP port 520. The
routers would then add new or improved routes to their routing tables.
Man pages:
route - show / manipulate the IP routing table (Static route)
Examples:
Show routing table: route -e
Access individual computer host specified via network interface card
eth1:
route add -host 123.213.221.231 eth1
Access ISP network identified by the network address and netmask using
network interface card eth0:
route add -net 10.13.21.0 netmask 255.255.255.0 gw 192.168.10.254 eth0
Conversly: route del -net 10.13.21.0 netmask 255.255.255.0 gw
192.168.10.254 eth0
Specify default gateway to use to access remote network via network
interface card eth0:
route add default gw 201.51.31.1 eth0
(Gateway can also be defined in /etc/sysconfig/network)
Specify two gateways for two network destinations: (i.e. one external,
one internal private network. Two routers/gateways will be specified.)
Add internet gateway as before: route add default gw 201.51.31.1 eth0
Add second private network: route add -net 10.0.0.0 netmask 255.0.0.0
gw 192.168.10.254 eth0
routed - network routing daemon. Uses RIP protocol to update routing
table.
ipx_route - show / manipulate the IPX routing table - IPX is the Novell
networking protocol (Not typically used unless your office has Novell
servers)
ifuser - Identify destinations routed to a particular network interface.

VPN, Tunneling:
Commercial VPN Linux software solutions - YoLinux
CIPE: Crypto IP Encapsulation (Easiest way to configure two Linux
gateways connecting two private networks over the internet with
encryption.)
CIPE Home page - CIPE is a simple encapsulation system that securely
connects two subnets.
VPN, Firewall, Gateway Mini How To - Keith Hasely
The Linux Cipe+Masquerading mini-HOWTO - Anthony Ciaravalo
Freeswan IPSec - An IPSec project for Linux (known as Freeswan and
KLIPS).
GRE Tunneling - Hugo Samayoa
VPN HowTo - Matthew D. Wilson
Linux VPN support - PPTP, L2TP, ppp over SSH tunnel, VPN support working
with 128-bit rc4 encryption. By Michael Elkins
Installing and Running PPTP on Linux
Tunnel Vision VPN for Linux - creates an encrypted VPN between two
Tunnel Vision-capable sites.

Linux VPN Masquerade

Cerberus - An IPsec implementation for Linux
L2TPD - Layer Two Tunneling Protocol. (For PPP)
L2TP Extensions (l2tpext) Internet Drafts.
Description of the CISCO VPN at Cal Tech - Supports Linux (kernel 2.2),
Solaris, MS/Windows 95/98/ME/NT/2000, Mac OS X/7.6-9.x
Usefull Linux networking commands:
/etc/rc.d/init.d/network

start - command to start, restart or stop the

network
netstat - Display connections, routing tables, stats etc
List externally connected processes: netstat -punta
List all connected processes: netstat -nap
Show network statistics: netstat -s
Kernel interface table info: netstat -a -i eth0
ping - send ICMP ECHO_REQUEST packets to network hosts. Use Cntl-C to
stop ping.
traceroute - print the route packets take to network host
mtr - a network diagnostic tool - Like traceroute except it gives more
network quality and network diagnostic info.
whois - Lookup a domain name in the internic whois database.
finger - Display information on a system user. i.e. finger user@host
Uses $HOME/.plan and $HOME/.project user files. Often used by game
developers. See http://finger.planetquake.com/
ipchains - IP firewall administration
tcpdump - dump traffic on a network
iptraf - Interactive Colorful IP LAN Monitor
socklist - Display list of open sockets, type, port, process id and the
name of the process. Kill with fuser or kill.
nslookup - Give a host name and the command will return IP address. Also
see Testing your DNS (YoLinux Tutorial) Note that nslookup does not use
the /etc/hosts file.
host - Give a host name and the command will return IP address. Unlike
nslookup, the host command will use both /etc/hosts as well as DNS.
nmap - Network exploration tool and security scanner
List pingable nodes on network: nmap -sP 192.168.0.0/24
Scans network for IP addresses 192.168.0.0 to 192.168.0.255 using
ping.
inetd/xinetd: Network Socket Listener Daemons:
The network listening daemons listen and respond to all network socket
connections made on the TCP/IP ports assigned to it. The ports are defined
by the file /etc/services. When a connection is made, the listener will
attempt to invoke the assigned program and pipe the data to it. This
simplified matters by allowing the assigned program to read from stdin
instead of making its own sockets connection. The listener hadles the
network socket connection. Two network listening and management daemons
have been used in Red Hat Linux distributions:
xinetd: Red Hat 7.0+
inetd: All previous versions
inetd:
Configuration file: /etc/inetd.conf
Entries in this file consist of a single line made up of the following

fields:
service socket-type protocol wait user server cmdline
service: The name assigned to the service. Matches the name given in
the file /etc/services
socket-type:
stream: connection protocols (TCP)
dgram: datagram protocols (UDP)
raw
rdm
seqpacket
protocol: Transport protocol name which matches a name in the file
/etc/protocols. i.e. udp, icmp, tcp, rpc/udp, rpc/tcp, ip, ipv6
wait: Applies only to datagram protocols (UDP).
wait[.max]: One server for the specified port at any time (RPC)
nowait[.max]: Continue to listen and launch new services if a new
connection is made. (multi-threaded)
Max refers to the maximum number of server instances spawned in 60
seconds. (default=40)
user[.group]: login id of the user the process is executed under.
Often nobody, root or a special restricted id for that service.
server: Full path name of the server program to be executed. cmdline:
Command line to be passed to the server. This includes argument 0
(argv[0]), that is the command name. This field is empty for internal
services. Example of internal TCP services: echo, discard, chargen
(character generator), daytime (human readable time), and time
(machine readable time). (see RFC)
Sample File: /etc/inetd.conf
#echo stream tcp
nowait root
internal
#echo dgram udp
wait
root
internal
ftp
stream tcp
nowait root
#pop-3 stream tcp
nowait root
#swat
stream tcp
nowait.400

/usr/sbin/tcpd in.ftpd -l -a
/usr/sbin/tcpd ipop3d
root /usr/sbin/swat swat

A line may be commented out by using a '#' as the first character in the
line. This will turn the service off. The maximum length of a line is
1022 characters.
The inet daemon must be restarted to pick up the changes made to the
file:
/etc/rc.d/init.d/inetd restart
For more information see the man pages "inetd" and "inetd.conf".
xinetd: Extended Internet Services Daemon
Xinetd has access control machanisms, logging capabilities, the ability
to make services available based on time, and can place limits on the
number of servers that can be started, redirect services to different
ports and network interfaces (NIC) or even to a different server, chroot
a service etc... and thus a worthy upgrade from inetd.
Use the command chkconfig --list to view all system services and their
state. It will also list all network services controlled by xinetd and
their respective state under the title "xinetd based services". (Works
for xinetd (RH7.0+) but not inetd)
The xinetd network daemon uses PAM also called network wrappers which
invoke the /etc/hosts.allow and /etc/hosts.deny files.
Configuration file: /etc/xinetd.conf which in turn uses configuration
files found in the directory /etc/xinetd.d/.
To turn a network service on or off:
Edit the file /etc/xinetd.d/service-name

Set the disable value:

disable = yes
or
disable = no
Restart the xinetd process using the signal:
SIGUSR1 (kill -SIGUSR1 process-id) - Soft reconfiguration does not
terminate existing connections. (Important if you are connected
remotely)
SIGUSR2 - Hard reconfiguration stops and restarts the xinetd
process.
(Note: Using the HUP signal will terminate the process.)
OR
Use the chkconfig command: chkconfig service-name on
(or off)
This command will also restart the xinetd process to pick up the new
configuration.
The file contains entries of the form:
service service-name
{
attribute assignment-operator value value ...
...
{
Where:
attribute:
disable:
yes
no
type:
RPC
INTERNAL:
UNLISTED: Not found in /etc/rpc or /etc/services
id: By default the service id is the same as the service name.
socket_type:
stream: TCP
dgram: UDP
raw: Direct IP access
seqpacket: service that requires reliable sequential datagram
transmission
flags: Combination of: REUSE, INTERCEPT, NORETRY, IDONLY,
NAMEINARGS, NODELAY, DISABLE, KEEPALIVE, NOLIBWRAP. See the xinetd
man page for details.
protocol: Transport protocol name which matches a name in the file
/etc/protocols.
wait:
no: multi-threaded
yes: single-threaded - One server for the specified port at any
time (RPC)
user: See file : /etc/passwd
group: See file : /etc/group
server: Program to execute and recieve data stream from socket.
(Fully qualified name - full pathe name of program)
server_args: Unlike inetd, arg[0] or the name of the service is not
passed.
only_from: IP address, factorized address, netmask range, hostname
or network name from file /etc/networks.
no_access: Deny from ... (inverse of only_from)
access_times
port: See file /etc/services

Also: log_type, log_on_success, log_on_failure (Log options: +=

PID,HOST,USERID,EXIT,DURATION,ATTEMPT and RECORD), rpc_version,
rpc_number, env, passenv, redirect, bind, interface, banner,
banner_success, banner_fail, per_source, cps, max_load, groups,
enabled, include, includedir, rlimit_as, rlimit_cpu, rlimit_data,
rlimit_rss, rlimit_stack.
The best source of information is the man page and its many examples.
assignment-operator:
=
+=: add a value to the set of values
-=: delete a value from the set of values
Then restart the daemon: /etc/rc.d/init.d/xinetd restart
Example from man page: Limit telnet sessions to 8 Mbytes of memory and a
total 20 CPU seconds for child processes.
service telnet
{
socket_type
= stream
wait
= no
nice
= 10
user
= root
server
= /usr/etc/in.telnetd
rlimit_as
= 8M
rlimit_cpu
= 20
}
[Pitfall] Red Hat 7.1 with updates as of 07/06/2001 required that I
restart the xinetd services before FTP would work properly even though
xinetd had started without failure during the boot sequence. I have no
explanation as to why this occurs or how to fix it other than to restart
xinetd: /etc/rc.d/init.d/xinetd restart.
Man Pages:
xinetd
xinetd.conf
xinetd.log
tcpd
For more info see:
macsecurity.org: xinetd tutorial - by curator
LinuxFocus.org: xinetd - Frederic Raynal
RedHat.com: Controlling Access to Services
http://www.xinetd.org
See RFC's: 862, 863, 864, 867, 868, 1413.
man page xinetd, xinetd.conf, xinetd.log
RPC: Remote Procedure Calls (Portmapper)
Portmpper is a network service required to support RPC's. Many services
such as NFS (file sharing services) require portmapper.
List RPC services supported: [root]# rpcinfo -p localhost
Starting portmap server:
/etc/rc.d/init.d/portmap start
service portmap start
Man Pages:
portmap
rpcinfo
pmap_set
pmap_dump

PAM: Network Wrappers:

Pluggable Authentication Modules for Linux (TCP Wrappers)
This system allows or denies network access. One can reject or allow
specific IP addresses or subnets to access your system.
File: /etc/hosts.allow
in.ftpd:208.188.34.105
This specifically allows the given IP address to ftp to your system. One
can also specify an entire domain. i.e. .name-of-domain.com
Note the beginning ".".
File: /etc/hosts.deny
ALL:ALL
This generally denies any access.
See the pam man page.
File: /etc/inetd.conf
ftp
stream tcp
nowait root
/usr/sbin/tcpd in.ftpd -l -a
The inet daemon accepts the incoming network stream and assigns it to the
PAM TCP wrapper, /usr/sbin/tcpd, which accepts or denies the network
connection as defined by /etc/hosts.allow and /etc/hosts.deny and then
passes it along to ftp. This is logged to /var/log/secure

Advanced PAM: More specific access can be assigned and controlled by

controlling the level of authentication required for access.
Files reflect the inet service name. Rules and modules are stacked to
achieve the level of security desired.
See the files in /etc/pam.d/... (some systems use /etc/pam.conf)
The format: service type control module-path module-arguments
auth - (type) Password is required for the user
nullok - Null or non-existatant password is acceptable
shadow - encrypted passwords kept in /etc/shadow
account - (type) Verifies password. Can track and force password
changes.
password - (type) Controls password update
retry=3 - Sets the number of login attempts
minlen=8 - Set minimum length of password
session - (type) Controls monitoring
Modules:
/lib/security/pam_pwdb.so - password database module
/lib/security/pam_shells.so /lib/security/pam_cracklib.so - checks is password is crackable
/lib/security/pam_listfile.so
After re-configuration, restart the inet daemon: killall -HUP inetd
For more info see:
Wietse's Papers
Pluggable Authentication Modules for Linux (PAM) Home Page
ICMP:
ICMP is the network protocol used by the ping and traceroute commands.
ICMP redirect packets are sent from the router to the host to inform the
host of a better route. To enable ICMP redirect, add the following line to
/etc/sysctl.conf :

net.ipv4.conf.all.accept_redirects = 1
Add the following to the file: /etc/rc.d/rc.local
for f in /proc/sys/net/ipv4/conf/*/accept_redirects
do
echo 1 > $f
done
Command to view Kernel IP routing cache: /sbin/route -Cn
NOTE: This may leave you vulnerable to hackers as attackers may alter your
routes.

Blocking ICMP and look invisible to ping:

The following firewall rules will drop ICMP requests.
Iptables:
iptables -A OUTPUT -p icmp -d 0/0 -j DROP
Ipchains:
ipchains -A output -p icmp -d 0/0 -j DENY
OR drop all incomming pings:
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
This is sometimes necessary to look invisible to DOS (Denial Of Service)
attackers who use ping to watch your machine and launch an attack when
it's pressence is detected
Network Monitoring Tools:
Ethereal - Network protocol analyzer. Examine data from a live network.
RPM's required:
ethereal-0.8.15-2.i386.rpm - Red Hat 7.1 Powertools CD RPM
ucd-snmp-4.2-12.i386.rpm - Red Hat 7.1 binary CD 1
ucd-snmp-utils-4.2-12.i386.rpm - Red Hat 7.1 binary CD 1
Also: gtk+, glib, glibc, XFree86-libs-4.0.3-5 (base install)
There is an error in the ethereal package because it does not show the
snmp libraries as a dependancies, but you can deduce this from the
errors that you get if the ucd-snmp libraries are not installed.
EtherApe - Graphical network monitor for Unix modeled after etherman.
This is a great network discovery program with cool graphics. (Red Hat
Powertools CD 7.1)
Gkrellm - Network and system monitor. Good for monitoring your
workstation. (Red Hat Powertools CD)
IPTraf - ncurses-based IP LAN monitor. (Red Hat Powertools CD)
Cheops - Network discovery, location, diagnosis and management. Cheops
can identify all of the computers that are on your network, their IP
address, their DNS name, the operating system they are running. Cheops
can run a port scan on any system on your network. (Red Hat Powertools
CD)
ntop - Shows network usage in a way similar to what top does for
processes. Monitors how much data is being sent and received on your
network. (Red Hat Powertools CD)
MRTG - Multi Router Traffic Grapher - Monitor network traffic load using

SNMP and generate an HTML/GIF report. (See sample output)

scotty - Obtain status and configuration information about your network.
Supports SNMP, ICMP, DNS, HTTP, SUN RPC, NTP, & UDP. (Red Hat Powertools
CD)
Big Brother - Monitoring ans services availablility.
OpenNMS.org - Network Management using SNMP. Also see Blast.com: OpenNMS
Nagios - host, service and network monitoring
Caldera guide - Network Monitoring Tools
Angel network monitor
Bing: Measure bandwidth between two systems - Bandwidth ping

Using tcpdump to monitor the network:

[root@node prompt]# ifconfig eth0 promisc
- Put nic into promiscuous mo
de to sniff traffic.
[root@node prompt]# tcpdump -n host not XXX.XXX.XXX.XXX | more
- Sniff tra
ffic but ignore given IP address which is your remote session.
[root@node prompt]# ifconfig eth0 -promisc
- Pull nic out of promiscuous
mode.
Network Intrusion and Hacker Detection Systems:
SNORT: Monitor the network, performing real-time traffic analysis and
packet logging on IP networks for the detection of an attack or probe.
Linux Journal: Planning IDS for Your Enterprise - Nalneesh Gaur
Snort overview - Drew Beach
InterSect Alliance - Intrusiuon analysis. Identifies malicious or
unauthorized access attempts.
Living in a MS/Windows World:
In Nautilus use the URL "smb:" to view MS/Windows servers.
LinNeighborhood: Linux workstation gui tool.
Make your life simple and use the GUI/File Manager LinNeighborhood. It
uses smbmount, samba and smbclient to give you access to MS/Windows
servers and printers.
LinNeighborhood Home Page
LinNeighborhood Screen Shot
See the YoLinux tutorial on integrating Linux into a Microsoft network.
Related Links:
Linux Network Management - Georgia Tech (Slovak mirror)
Linux Network Commands
Cable modem HowTo - Vladimir Vuksan
DNS HowTo - Nicolai Langfeldt
Ethernet HowTo - Paul Gortmaker
Firewall HowTo - Mark Grennan
ipchains HowTo - Paul Russell
Multicast HowTo - Juan-Mariano de Goyeneche
Networking Overview HowTo - Daniel Lopez Ridruejo
Networking Howto - Joshua Drake

Red Hat 6.1 Document: The Network Administrators' Guide - Nikos Drakos /
Andrew Anderson
NIS Howto - Thorsten Kukuk
NFS Howto - Nicolai Langfeldt
What Packets Look Like
SNMP: Simple Network Management Protocol (Uses ports 161,162,391,1993)
SNMP - Intro and tutorials
Linux SNMP Network Management Tools
SNMP FAQ
net-snmp - tools and libraries
News/Usenet Group: comp.os.linux.networking - Deja
MARS-nwe - Netware emulator
Caldera: Netware for Linux - Includes full NDS
Linux 2.4 Advanced Routing HOWTO - iproute2, traffic shaping and a bit
of netfilter
ATM:
ATM on Linux
ISDN:
ISDN4LINUX FAQ - Matthias Hessler
ISDN4 Linux Home Page
ISDN Solutions for Linux
Examples of ISDN for LINUX Installations
Dan Kegel's ISDN Page
DSL:
DSLreports.com: Reviews of DSL providers, bandwidth speed measurement,
Tools, Info
PPTP: Point-to-Point Tunneling Protocol
RFC 2637: Point-to-Point Tunneling Protocol (PPTP).
PoPToP - PPTP server for Linux.
PPTP-Linux Client - A PPTP Linux client that allows a linux system to
connect to a PPTP server. Developed by C. S. Ananian.
Counterpane Systems FAQ on Microsoft's PPTP Implementation - FAQ on
the security flaws in Microsoft's PPTP Implementation.
DHCP: (Dynamic Host Configuration Protocol)
ISC Dynamic Host Configuration Protocol
Multicast:
Multicast over TCP/IP HOWTO
ISP's: (National/Global)
TheList.com - Comprehensive list of ISP's
Earthlink
Concentric
ATT Worldnet
NIS: (NFS infrastructure)
NIS Statup Instructions
Ethernet cables:
Making CAT 3, 5, 5E RJ45 Ethernet Cables
Wiring and Installation
Gigabit Ethernet
VIX: Vienna Internet eXchange - European traffic exchange for ISP's
Test Internet Bandwidth:
Test the speed of your connection by selecting this link - or this link
(pick tachometer icon)
Bandwidth tests and large file transfers
Bandwidth explained and List of bandwidth test sites
System monitor gkrellm - Monitors speed/bandwidth

Man Pages:
icmp - Linux IPv4 ICMP kernel module
ifport - select the transceiver type for a network interface
usernetctl - allow a user to manipulate a network interface if permitted
arp - manipulate the system ARP cache
Shows other systems on your network (including IP address conflicts):
arp -a
Show ARP table Linux style: arp -e
List ARP table: cat /proc/net/arp
ripquery - query RIP (Routing Information Protocol) gateways
gated - gateway routing daemon
Books:
"Networking Linux: A Practical Guide to TCP/IP"
by Pat Eyler
ISBN # 0735710317, New Riders Publishing
"LINUX TCP/IP Network Administration
by Scott Mann, Mitchell Krell
ISBN # 0130322202, rentice Hall PTR
"Advanced Linux Networking"
by Roderick W. Smith
ISBN# 0201774232, Addison-Wesley Professional; 1st edition (July
15, 2002)
"Linux Routing"
by Dee Ann LeBlanc, Joe "Zonker" Brockmeier, Ronald W. McCarty Jr.
ISBN# 1578702674, Sams; 1st edition (October 11, 2001)
"Policy Routing Using Linux"
by Matthew G. Marsh
ISBN# 0672320525, Sams; (March 6, 2001)
"Red Hat Linux Fedora Unleashed"
by Bill Ball, Hoyt Duff
Sams, ISBN# 0672326299
"Red Hat Linux Fedora 3 Unleashed"
by Bill Ball, Hoyt Duff
Sams, ISBN# 0672327082
"Red Hat Linux 9 Unleashed"
by Bill Ball, Hoyt Duff
Sams, ISBN# 0672325888
I have the Red Hat 6 version and I have found it to be very
helpful. I have found it to be way more complete than the other
Linux books. It is the most complete general Linux book in
publication. While other books in the "Unleashed" series have
dissapointed me, this book is the best out there.
"Redhat Linux 9 (Visual QuickPro Guide)"
by Harold Davis
ISBN #032121918X, Peachpit Press, Addison Wesley

The best basic Linux book around for the GUI generation. This book
can be best described as a guide to using the GUI configuration
tools.

Return to http://YoLinux.com for more Linux links, information and

tutorials
Return to YoLinux Tutorial Index
Copyright 2001, 2002, 2003, 2005 by Greg Ippolito