Linux Network Administrators Guide
Table of Contents Preface 1. Purpose and Audience for This Book 2. Sources of Information 3. File System Standards 4. Standard Linux Base 5. About This Book 6. The Official Printed Version 7. Overview 8. Conventions Used in This Book 9. Submitting Changes 10. Acknowledgments 1. Introduction to Networking 1.1. History 1.2. TCP/IP Networks 1.3. UUCP Networks 1.4. Linux Networking 1.5. Maintaining Your System 2. Issues of TCP/IP Networking 2.1. Networking Interfaces 2.2. IP Addresses 2.3. Address Resolution 2.4. IP Routing 2.5. The Internet Control Message Protocol 2.6. Resolving Host Names 3. Configuringthe NetworkingHardware 3.1. Kernel Configuration 3.2. A Tour of Linux Network Devices 3.3. Ethernet Installation 3.4. The PLIP Driver 3.5. The PPP and SLIP Drivers 3.6. Other Network Types 4. Configuring the Serial Hardware 4.1. Communications Software for Modem Links 4.2. Introduction to Serial Devices 4.3. Accessing Serial Devices 4.4. Serial Hardware 4.5. Using the Configuration Utilities 4.6. Serial Devices and the login: Prompt 5. Configuring TCP/IP Networking 5.1. Mounting the /proc Filesystem 5.2. Installing the Binaries 5.3. Setting the Hostname 5.4. Assigning IP Addresses 5.5. Creating Subnets 5.6. Writing hosts and networks Files 5.7. Interface Configuration for IP 5.8. All About ifconfig 5.9. The netstat Command 5.10. Checking the ARP Tables 6. Name Service and Resolver Configuration 6.1. The Resolver Library 6.2. How DNS Works 6.3. Running named 7. Serial Line IP 7.1. General Requirements 7.2. SLIP Operation 7.3. Dealing with Private IP Networks 7.4. Using dip 7.5. Running in Server Mode 8. The Point-to-Point Protocol 8.1. PPP on Linux 8.2. Running pppd 8.3. Using Options Files 8.4. Using chat to Automate Dialing 8.5. IP Configuration Options 8.6. Link Control Options 8.7. General Security Considerations 8.8. Authentication with PPP 8.9. Debugging Your PPP Setup 8.10. More Advanced PPP Configurations 9. TCP/IP Firewall 9.1. Methods of Attack 9.2. What Is a Firewall? 9.3. What Is IP Filtering? 9.4. Setting Up Linux for Firewalling 9.5. Three Ways We Can Do Filtering 9.6. Original IP Firewall (2.0 Kernels) 9.7. IP Firewall Chains (2.2 Kernels) 9.8. Netfilter and IP Tables (2.4 Kernels) 9.9. TOS Bit Manipulation 9.10. Testing a Firewall Configuration 9.11. A Sample Firewall Configuration 10. IP Accounting 10.1. Configuring the Kernel for IP Accounting 10.2. Configuring IP Accounting 10.3. Using IP Accounting Results 10.4. Resetting the Counters 10.5. Flushing the Ruleset 10.6. Passive Collection of Accounting Data 11. IP Masquerade and Network Address Translation 11.1. Side Effects and Fringe Benefits 11.2. Configuring the Kernel for IP Masquerade 11.3. Configuring IP Masquerade 11.4. Handling Name Server Lookups 11.5. More About Network Address Translation 12. ImportantNetwork Features 12.1. The inetd Super Server 12.2. The tcpd Access Control Facility 12.3. The Services and Protocols Files 12.4. Remote Procedure Call 12.5. Configuring Remote Loginand Execution 13. The Network Information System 13.1. Getting Acquainted with NIS 13.2. NIS Versus NIS+ 13.3. The Client Side of NIS 13.4. Running an NIS Server 13.5. NIS Server Security 13.6. Setting Up an NIS Client with GNU libc 13.7. Choosing the Right Maps 13.8. Using the passwd and group Maps 13.9. Using NIS with Shadow Support 14. The NetworkFile System 14.1. Preparing NFS 14.2. Mounting an NFS Volume 14.3. The NFS Daemons 14.4. The exports File 14.5. Kernel-Based NFSv2 Server Support 14.6. Kernel-Based NFSv3 Server Support 15. IPX and the NCP Filesystem 15.1. Xerox, Novell, and History 15.2. IPX and Linux 15.3. Configuring the Kernel for IPXand NCPFS 15.4. Configuring IPX Interfaces 15.5. Configuring an IPX Router 15.6. Mounting a Remote NetWare Volume 15.7. Exploring Some of the Other IPX Tools 15.8. Printing to a NetWare Print Queue 15.9. NetWare Server Emulation 16. ManagingTaylor UUCP 16.1. UUCP Transfers and Remote Execution 16.2. UUCP Configuration Files 16.3. Controlling Access to UUCP Features 16.4. Setting Up Your System for Dialing In 16.5. UUCP Low-Level Protocols 16.6. Troubleshooting 16.7. Log Files and Debugging 17. Electronic Mail 17.1. What Is a Mail Message? 17.2. How Is Mail Delivered? 17.3. Email Addresses 17.4. How Does Mail Routing Work? 17.5. Configuring elm 18. Sendmail 18.1. Introduction to sendmail 18.2. Installing sendmail 18.3. Overview of Configuration Files 18.4. The sendmail.cf and sendmail.mc Files 18.5. Generating the sendmail.cf File 18.6. Interpreting and Writing Rewrite Rules 18.7. Configuring sendmail Options 18.8. Some Useful sendmail Configurations 18.9. Testing Your Configuration 18.10. Running sendmail 18.11. Tips and Tricks 19. Getting EximUp and Running 19.1. Running Exim 19.2. If Your Mail Doesn’t Get Through 19.3. Compiling Exim 19.4. Mail Delivery Modes 19.5. Miscellaneous config Options 19.6. Message Routing and Delivery 19.7. Protecting Against Mail Spam 19.8. UUCP Setup 20. Netnews 20.1. Usenet History 20.2. What Is Usenet, Anyway? 20.3. How Does Usenet Handle News? 21. C News 21.1. Delivering News 21.2. Installation 21.3. The sys File 21.4. The active File 21.5. Article Batching 21.6. Expiring News 21.7. Miscellaneous Files 21.8. Control Messages 21.9. C News in an NFS Environment 21.10. Maintenance Tools and Tasks 22. NNTP and thenntpd Daemon 22.1. The NNTP Protocol 22.2. Installing the NNTP Server 22.3. Restricting NNTP Access 22.4. NNTP Authorization 22.5. nntpd Interaction with C News 23. Internet News 23.1. Some INN Internals 23.2. Newsreaders and INN 23.3. Installing INN 23.4. Configuring INN: the Basic Setup 23.5. INN Configuration Files 23.6. Running INN 23.7. Managing INN: The ctlinnd Command 24. Newsreader Configuration 24.1. tin Configuration 24.2. trn Configuration 24.3. nn Configuration A. Example Network:The Virtual Brewery A.1. Connecting the Virtual Subsidiary Network B. Useful Cable Configurations B.1. A PLIP Parallel Cable B.2. A Serial NULL Modem Cable C. Linux Network Administrator’s Guide, Second Edition Copyright Information C.1. 0. Preamble C.2. 1. Applicability and Definitions C.3. 2. Verbatim Copying C.4. 3. Copying in Quantity C.5. 4. Modifications C.6. 5. Combining Documents C.7. 6. Collections of Documents C.8. 7. Aggregation with Independent Works C.9. 8. Translation C.10. 9. Termination C.11. 10. Future Revisions of this License D. SAGE: The SystemAdministrators Guild Index
List of Tables 2-1. IP Address Ranges Reserved for Private Use 4-1. setserial Command-Line Parameters 4-2. stty Flags Most Relevant to Configuring Serial Devices 7-1. Linux Slip-Line Disciplines 7-2. /etc/diphosts Field Description 9-1. Common Netmask Bit Values 9-2. ICMP Datagram Types 9-3. Suggested Uses for TOS Bitmasks 13-1. Some Standard NIS Maps and Corresponding Files 15-1. XNS, Novell, and TCP/IP Protocol Relationships 15-2. ncpmount Command Arguments 15-3. Linux Bindery Manipulation Tools 15-4. nprint Command-Line Options
List of Figures 1-1. The three steps of sending a datagram from erdos to quark 2-1. Subnetting a class B network 2-2. A part of the net topology at Groucho Marx University 3-1. The relationship between drivers, interfaces, and hardware 6-1. A part of the domain namespace 9-1. The two major classes of firewall design 9-2. The stages of IP datagram processing 9-3. FTP server modes 9-4. A simple IP chain ruleset 9-5. The sequence of rules tested for a received UDP datagram 9-6. The rules flow for a received TCP datagram for ssh 9-7. The rules flow for a received TCP datagram for telnet 9-8. Datagram processing chain in IP chains 9-9. Datagram processing chain in netfilter 11-1. A typical IP masquerade configuration 15-1. IPX internal network 16-1. Interaction of Taylor UUCP configuration files 20-1. Usenet newsflow through Groucho Marx University 21-1. News flow through relaynews 23-1. INN architecture (simplified for clarity) A-1. The Virtual Brewery and Virtual Winery subnets A-2. The Virtual Brewery Network B-1. Parallel PLIP cable B-2. Serial NULL-Modem cable
List of Examples 4-1. Example rc.serial setserial Commands 4-2. Output of setserial -bg /dev/ttyS Command 4-3. Example rc.serial stty Commands 4-4. Example rc.serial stty Commands Using Modern Syntax 4-5. Output of stty -a Command 4-6. Sample /etc/mgetty/mgetty.config File 6-1. Sample host.conf File 6-2. Sample nsswitch.conf File 6-3. Sample nsswitch.conf File Using an Action Statement 6-4. An Excerpt from the named.hosts File for the Physics Department 6-5. An Excerpt from the named.hosts File for GMU 6-6. An Excerpt from the named.rev File for Subnet 12 6-7. An Excerpt from the named.rev File for Network 149.76 6-8. The named.boot File for vlager 6-9. The BIND 8 equivalent named.conf File for vlager 6-10. The named.ca File 6-11. The named.hosts File 6-12. The named.local File 6-13. The named.rev File 7-1. A Sample dip Script 12-1. A Sample /etc/inetd.conf File 12-2. A Sample /etc/services File 12-3. A Sample /etc/protocols File 12-4. A Sample /etc/rpc File 12-5. Example ssh Client Configuration File 13-1. Sample ypserv.securenets File 13-2. Sample nsswitch.conf File 18-1. Sample Configuration File vstout.smtp.m4 18-2. Sample Configuration File vstout.uucpsmtp.m4 18-3. Rewrite Rule from vstout.uucpsmtp.m4 18-4. Sample aliases File 18-5. Sample Output of the mailstats Command 18-6. Sample Output of the oststat Command