LINUX admin PDF
Preview LINUX admin
LINUX NETWORK ADMINISTRATOR'S GUIDE by Olaf Kirch and Terry Dawson 2 3 Copyright © 1993 Olaf Kirch Copyright © 2000 Terry Dawson Copyright on O'Reilly printed version © 2000 O'Reilly & Associates Published for the Internet by Jan Albrecht [email protected] An actual version of this document can be downloaded at http://www.jan-albrecht.de/nag/nag.ZIP This is the orginal version of the document, as it was released. 4 PREFACE............................................................................................................................................................12 PURPOSE AND AUDIENCE FOR THIS BOOK..........................................................................................................12 SOURCES OF INFORMATION................................................................................................................................13 Documentation Available via FTP................................................................................................................14 Documentation Available via WWW.............................................................................................................14 Documentation Available Commercially.......................................................................................................14 Linux Journal and Linux Magazine...............................................................................................................15 Linux Usenet Newsgroups.............................................................................................................................15 Linux Mailing Lists........................................................................................................................................15 Online Linux Support....................................................................................................................................16 Linux User Groups........................................................................................................................................16 Obtaining Linux.............................................................................................................................................16 FILE SYSTEM STANDARDS..................................................................................................................................17 STANDARD LINUX BASE....................................................................................................................................17 ABOUT THIS BOOK.............................................................................................................................................18 THE OFFICIAL PRINTED VERSION.......................................................................................................................19 OVERVIEW.........................................................................................................................................................19 CONVENTIONS USED IN THIS BOOK...................................................................................................................20 SUBMITTING CHANGES......................................................................................................................................21 ACKNOWLEDGMENTS.........................................................................................................................................21 The Hall of Fame...........................................................................................................................................22 CHAPTER 1 - INTRODUCTION TO NETWORKING.................................................................................23 HISTORY............................................................................................................................................................23 TCP/IP NETWORKS............................................................................................................................................23 Introduction to TCP/IP Networks..................................................................................................................24 Ethernets........................................................................................................................................................25 Other Types of Hardware..............................................................................................................................26 The Internet Protocol....................................................................................................................................27 IP Over Serial Lines......................................................................................................................................28 The Transmission Control Protocol..............................................................................................................28 The User Datagram Protocol........................................................................................................................29 More on Ports................................................................................................................................................29 The Socket Library........................................................................................................................................29 UUCP NETWORKS.............................................................................................................................................30 LINUX NETWORKING..........................................................................................................................................30 Different Streaks of Development..................................................................................................................31 Where to Get the Code..................................................................................................................................31 MAINTAINING YOUR SYSTEM............................................................................................................................32 System Security..............................................................................................................................................32 CHAPTER 2 - ISSUES OF TCP/IP NETWORKING.....................................................................................34 NETWORKING INTERFACES................................................................................................................................34 IP ADDRESSES....................................................................................................................................................34 ADDRESS RESOLUTION.......................................................................................................................................36 IP ROUTING.......................................................................................................................................................36 IP Networks...................................................................................................................................................36 Subnetworks...................................................................................................................................................37 Gateways.......................................................................................................................................................37 The Routing Table.........................................................................................................................................39 Metric Values................................................................................................................................................40 THE INTERNET CONTROL MESSAGE PROTOCOL.................................................................................................40 RESOLVING HOST NAMES..................................................................................................................................41 CHAPTER 3 - CONFIGURING THE NETWORKING HARDWARE........................................................42 KERNEL CONFIGURATION..................................................................................................................................44 Kernel Options in Linux 2.0 and Higher.......................................................................................................44 Kernel Networking Options in Linux 2.0.0 and Higher.................................................................................46 5 A TOUR OF LINUX NETWORK DEVICES..............................................................................................................48 ETHERNET INSTALLATION..................................................................................................................................49 Ethernet Autoprobing....................................................................................................................................49 THE PLIP DRIVER..............................................................................................................................................51 THE PPP AND SLIP DRIVERS.............................................................................................................................52 OTHER NETWORK TYPES...................................................................................................................................52 CHAPTER 4 - CONFIGURING THE SERIAL HARDWARE......................................................................53 COMMUNICATIONS SOFTWARE FOR MODEM LINKS...........................................................................................53 INTRODUCTION TO SERIAL DEVICES..................................................................................................................53 ACCESSING SERIAL DEVICES.............................................................................................................................54 The Serial Device Special Files.....................................................................................................................55 SERIAL HARDWARE............................................................................................................................................55 USING THE CONFIGURATION UTILITIES..............................................................................................................56 The setserial Command.................................................................................................................................56 The stty Command.........................................................................................................................................58 SERIAL DEVICES AND THE LOGIN: PROMPT........................................................................................................60 Configuring the mgetty Daemon....................................................................................................................60 CHAPTER 5 - CONFIGURING TCP/IP NETWORKING............................................................................63 MOUNTING THE /PROC FILESYSTEM...................................................................................................................63 INSTALLING THE BINARIES.................................................................................................................................63 SETTING THE HOSTNAME...................................................................................................................................64 ASSIGNING IP ADDRESSES.................................................................................................................................64 CREATING SUBNETS...........................................................................................................................................65 WRITING HOSTS AND NETWORKS FILES..............................................................................................................65 INTERFACE CONFIGURATION FOR IP..................................................................................................................66 The Loopback Interface.................................................................................................................................67 Ethernet Interfaces........................................................................................................................................68 Routing Through a Gateway..........................................................................................................................69 Configuring a Gateway.................................................................................................................................70 The PLIP Interface........................................................................................................................................70 The SLIP and PPP Interfaces........................................................................................................................71 The Dummy Interface....................................................................................................................................71 IP Alias..........................................................................................................................................................71 ALL ABOUT IFCONFIG........................................................................................................................................72 THE NETSTAT COMMAND...................................................................................................................................74 Displaying the Routing Table........................................................................................................................74 Displaying Interface Statistics.......................................................................................................................75 Displaying Connections.................................................................................................................................75 CHECKING THE ARP TABLES.............................................................................................................................76 CHAPTER 6 - NAME SERVICE AND RESOLVER CONFIGURATION..................................................78 THE RESOLVER LIBRARY...................................................................................................................................78 The host.conf File..........................................................................................................................................78 The nsswitch.conf File...................................................................................................................................80 Configuring Name Server Lookups Using resolv.conf..................................................................................81 Resolver Robustness......................................................................................................................................82 HOW DNS WORKS.............................................................................................................................................83 Name Lookups with DNS...............................................................................................................................84 Types of Name Servers..................................................................................................................................85 The DNS Database........................................................................................................................................85 Reverse Lookups............................................................................................................................................87 RUNNING NAMED...............................................................................................................................................88 The named.boot File......................................................................................................................................88 The BIND 8 host.conf File.............................................................................................................................90 The DNS Database Files...............................................................................................................................91 Caching-only named Configuration..............................................................................................................93 Writing the Master Files................................................................................................................................94 Verifying the Name Server Setup...................................................................................................................96 Other Useful Tools........................................................................................................................................98 6 CHAPTER 7 - SERIAL LINE IP.......................................................................................................................99 GENERAL REQUIREMENTS..................................................................................................................................99 SLIP OPERATION...............................................................................................................................................99 DEALING WITH PRIVATE IP NETWORKS...........................................................................................................101 USING DIP.........................................................................................................................................................101 A Sample Script...........................................................................................................................................102 A dip Reference...........................................................................................................................................103 RUNNING IN SERVER MODE.............................................................................................................................105 CHAPTER 8 - THE POINT-TO-POINT PROTOCOL................................................................................108 PPP ON LINUX.................................................................................................................................................108 RUNNING PPPD.................................................................................................................................................109 USING OPTIONS FILES......................................................................................................................................110 USING CHAT TO AUTOMATE DIALING..............................................................................................................110 IP CONFIGURATION OPTIONS...........................................................................................................................112 Choosing IP Addresses................................................................................................................................112 Routing Through a PPP Link......................................................................................................................113 LINK CONTROL OPTIONS..................................................................................................................................114 GENERAL SECURITY CONSIDERATIONS............................................................................................................115 AUTHENTICATION WITH PPP............................................................................................................................116 PAP Versus CHAP......................................................................................................................................116 The CHAP Secrets File................................................................................................................................117 The PAP Secrets File...................................................................................................................................117 DEBUGGING YOUR PPP SETUP........................................................................................................................118 MORE ADVANCED PPP CONFIGURATIONS.......................................................................................................118 PPP Server..................................................................................................................................................118 Demand Dialing..........................................................................................................................................120 Persistent Dialing........................................................................................................................................120 CHAPTER 9 - TCP/IP FIREWALL...............................................................................................................122 METHODS OF ATTACK......................................................................................................................................122 WHAT IS A FIREWALL?.....................................................................................................................................123 WHAT IS IP FILTERING?...................................................................................................................................124 SETTING UP LINUX FOR FIREWALLING.............................................................................................................125 Kernel Configured with IP Firewall............................................................................................................125 The ipfwadm Utility.....................................................................................................................................126 The ipchains Utility.....................................................................................................................................126 The iptables Utility......................................................................................................................................126 THREE WAYS WE CAN DO FILTERING.............................................................................................................126 ORIGINAL IP FIREWALL (2.0 KERNELS)...........................................................................................................127 Using ipfwadm.............................................................................................................................................128 A More Complex Example...........................................................................................................................130 Summary of ipfwadm Arguments.................................................................................................................131 IP FIREWALL CHAINS (2.2 KERNELS)..............................................................................................................133 Using ipchains.............................................................................................................................................134 ipchains Command Syntax..........................................................................................................................134 Our Naïve Example Revisited......................................................................................................................137 Listing Our Rules with ipchains..................................................................................................................137 Making Good Use of Chains.......................................................................................................................138 NETFILTER AND IP TABLES (2.4 KERNELS)......................................................................................................141 Backward Compatability with ipfwadm and ipchains.................................................................................143 Using iptables..............................................................................................................................................143 Our Naïve Example Revisited, Yet Again....................................................................................................147 TOS BIT MANIPULATION.................................................................................................................................147 Setting the TOS Bits Using ipfwadm or ipchains.........................................................................................148 Setting the TOS Bits Using iptables.............................................................................................................148 TESTING A FIREWALL CONFIGURATION...........................................................................................................149 A SAMPLE FIREWALL CONFIGURATION...........................................................................................................150 CHAPTER 10 - IP ACCOUNTING.................................................................................................................157 CONFIGURING THE KERNEL FOR IP ACCOUNTING............................................................................................157 7 CONFIGURING IP ACCOUNTING........................................................................................................................157 Accounting by Address................................................................................................................................158 Accounting by Service Port.........................................................................................................................159 Accounting of ICMP Datagrams.................................................................................................................161 Accounting by Protocol...............................................................................................................................161 USING IP ACCOUNTING RESULTS.....................................................................................................................162 Listing Accounting Data with ipfwadm.......................................................................................................162 Listing Accounting Data with ipchains........................................................................................................162 Listing Accounting Data with iptables........................................................................................................162 RESETTING THE COUNTERS..............................................................................................................................163 FLUSHING THE RULESET..................................................................................................................................163 PASSIVE COLLECTION OF ACCOUNTING DATA.................................................................................................163 CHAPTER 11 - MASQUERADE AND NETWORK ADDRESS TRANSLATION..................................165 SIDE EFFECTS AND FRINGE BENEFITS..............................................................................................................166 CONFIGURING THE KERNEL FOR IP MASQUERADE...........................................................................................166 CONFIGURING IP MASQUERADE......................................................................................................................167 Setting Timing Parameters for IP Masquerade...........................................................................................169 HANDLING NAME SERVER LOOKUPS...............................................................................................................169 MORE ABOUT NETWORK ADDRESS TRANSLATION..........................................................................................169 CHAPTER 12 - IMPORTANT NETWORK FEATURES............................................................................171 THE INETD SUPER SERVER...............................................................................................................................171 THE TCPD ACCESS CONTROL FACILITY............................................................................................................173 THE SERVICES AND PROTOCOLS FILES.............................................................................................................174 REMOTE PROCEDURE CALL..............................................................................................................................175 CONFIGURING REMOTE LOGIN AND EXECUTION..............................................................................................176 Disabling the r; Commands.........................................................................................................................176 Installing and Configuring ssh....................................................................................................................177 CHAPTER 13 - THE NETWORK INFORMATION SYSTEM...................................................................182 GETTING ACQUAINTED WITH NIS....................................................................................................................182 NIS VERSUS NIS+...........................................................................................................................................184 THE CLIENT SIDE OF NIS.................................................................................................................................184 RUNNING AN NIS SERVER...............................................................................................................................185 NIS SERVER SECURITY....................................................................................................................................186 SETTING UP AN NIS CLIENT WITH GNU LIBC..................................................................................................186 CHOOSING THE RIGHT MAPS............................................................................................................................188 USING THE PASSWD AND GROUP MAPS.............................................................................................................189 USING NIS WITH SHADOW SUPPORT................................................................................................................190 CHAPTER 14 - THE NETWORK FILE SYSTEM.......................................................................................192 PREPARING NFS...............................................................................................................................................193 MOUNTING AN NFS VOLUME..........................................................................................................................193 THE NFS DAEMONS.........................................................................................................................................194 THE EXPORTS FILE...........................................................................................................................................195 KERNEL-BASED NFSV2 SERVER SUPPORT......................................................................................................196 KERNEL-BASED NFSV3 SERVER SUPPORT......................................................................................................197 CHAPTER 15 - IPX AND THE NCP FILESYSTEM....................................................................................198 XEROX, NOVELL, AND HISTORY......................................................................................................................198 IPX AND LINUX...............................................................................................................................................199 Caldera Support..........................................................................................................................................199 More on NDS Support.................................................................................................................................199 CONFIGURING THE KERNEL FOR IPX AND NCPFS...........................................................................................199 CONFIGURING IPX INTERFACES.......................................................................................................................200 Network Devices Supporting IPX................................................................................................................200 IPX Interface Configuration Tools..............................................................................................................200 The ipx_configure Command.......................................................................................................................200 The ipx_interface Command........................................................................................................................201 CONFIGURING AN IPX ROUTER........................................................................................................................202 8 Static IPX Routing Using the ipx_route Command.....................................................................................202 Internal IPX Networks and Routing............................................................................................................203 MOUNTING A REMOTE NETWARE VOLUME.....................................................................................................205 A Simple ncpmount Example.......................................................................................................................205 The ncpmount Command in Detail..............................................................................................................205 Hiding Your NetWare Login Password.......................................................................................................207 A More Complex ncpmount Example..........................................................................................................207 EXPLORING SOME OF THE OTHER IPX TOOLS..................................................................................................207 Server List....................................................................................................................................................207 Send Messages to NetWare Users...............................................................................................................208 Browsing and Manipulating Bindery Data..................................................................................................208 PRINTING TO A NETWARE PRINT QUEUE.........................................................................................................209 Using nprint with the Line Printer Daemon................................................................................................210 Managing Print Queues..............................................................................................................................211 NETWARE SERVER EMULATION......................................................................................................................211 CHAPTER 16 - MANAGING TAYLOR UUCP............................................................................................212 UUCP TRANSFERS AND REMOTE EXECUTION.................................................................................................213 The Inner Workings of uucico.....................................................................................................................213 uucico Command-line Options....................................................................................................................214 UUCP CONFIGURATION FILES.........................................................................................................................215 A Gentle Introduction to Taylor UUCP.......................................................................................................215 What UUCP Needs to Know........................................................................................................................217 Site Naming.................................................................................................................................................217 Taylor Configuration Files..........................................................................................................................218 General Configuration Options Using the config File................................................................................218 How to Tell UUCP About Other Systems Using the sys File......................................................................218 Identifying Available Devices Through the port File..................................................................................222 How to Dial a Number Using the dial File..................................................................................................223 UUCP Over TCP.........................................................................................................................................223 Using a Direct Connection..........................................................................................................................224 CONTROLLING ACCESS TO UUCP FEATURES..................................................................................................224 Command Execution....................................................................................................................................224 File Transfers..............................................................................................................................................225 Forwarding..................................................................................................................................................225 SETTING UP YOUR SYSTEM FOR DIALING IN....................................................................................................226 Providing UUCP Accounts..........................................................................................................................226 Protecting Yourself Against Swindlers........................................................................................................227 Be Paranoid: Call Sequence Checks...........................................................................................................227 Anonymous UUCP......................................................................................................................................228 UUCP LOW-LEVEL PROTOCOLS......................................................................................................................228 Protocol Overview.......................................................................................................................................228 Tuning the Transmission Protocol..............................................................................................................229 Selecting Specific Protocols........................................................................................................................229 TROUBLESHOOTING.........................................................................................................................................230 uucico Keeps Saying "Wrong Time to Call"................................................................................................230 uucico Complains That the Site Is Already Locked.....................................................................................230 You Can Connect to the Remote Site, but the Chat Script Fails..................................................................230 Your Modem Does Not Dial........................................................................................................................231 Your Modem Tries to Dial but Doesn't Get Out..........................................................................................231 Login Succeeds, but the Handshake Fails...................................................................................................231 LOG FILES AND DEBUGGING............................................................................................................................231 CHAPTER 17 - ELECTRONIC MAIL...........................................................................................................233 WHAT IS A MAIL MESSAGE?............................................................................................................................233 HOW IS MAIL DELIVERED?..............................................................................................................................235 EMAIL ADDRESSES...........................................................................................................................................236 RFC-822......................................................................................................................................................236 Obsolete Mail Formats................................................................................................................................236 Mixing Different Mail Formats...................................................................................................................237 HOW DOES MAIL ROUTING WORK?.................................................................................................................237 Mail Routing on the Internet.......................................................................................................................237 9 Mail Routing in the UUCP World...............................................................................................................238 Mixing UUCP and RFC-822.......................................................................................................................239 CONFIGURING ELM...........................................................................................................................................241 Global elm Options......................................................................................................................................241 National Character Sets..............................................................................................................................241 CHAPTER 18 - SENDMAIL............................................................................................................................243 INTRODUCTION TO SENDMAIL..........................................................................................................................243 INSTALLING SENDMAIL....................................................................................................................................243 OVERVIEW OF CONFIGURATION FILES.............................................................................................................244 THE SENDMAIL.CF AND SENDMAIL.MC FILES....................................................................................................244 Two Example sendmail.mc Files.................................................................................................................244 Typically Used sendmail.mc Parameters....................................................................................................245 GENERATING THE SENDMAIL.CF FILE...............................................................................................................248 INTERPRETING AND WRITING REWRITE RULES................................................................................................248 sendmail.cf R and S Commands..................................................................................................................248 Some Useful Macro Definitions...................................................................................................................248 The Lefthand Side........................................................................................................................................249 The Righthand Side......................................................................................................................................249 A Simple Rule Pattern Example...................................................................................................................250 Ruleset Semantics........................................................................................................................................250 CONFIGURING SENDMAIL OPTIONS..................................................................................................................252 SOME USEFUL SENDMAIL CONFIGURATIONS....................................................................................................253 Trusting Users to Set the From: Field.........................................................................................................253 Managing Mail Aliases................................................................................................................................253 Using a Smart Host.....................................................................................................................................254 Managing Unwanted or Unsolicited Mail (Spam)......................................................................................255 Configuring Virtual Email Hosting.............................................................................................................257 TESTING YOUR CONFIGURATION.....................................................................................................................258 RUNNING SENDMAIL........................................................................................................................................261 TIPS AND TRICKS..............................................................................................................................................261 Managing the Mail Spool............................................................................................................................262 Forcing a Remote Host to Process its Mail Queue.....................................................................................262 Analyzing Mail Statistics.............................................................................................................................262 CHAPTER 19 - GETTING EXIM UP AND RUNNING..............................................................................265 RUNNING EXIM................................................................................................................................................265 IF YOUR MAIL DOESN'T GET THROUGH...........................................................................................................266 COMPILING EXIM.............................................................................................................................................267 MAIL DELIVERY MODES..................................................................................................................................267 MISCELLANEOUS CONFIG OPTIONS..................................................................................................................268 MESSAGE ROUTING AND DELIVERY.................................................................................................................269 Routing Messages........................................................................................................................................269 Delivering Messages to Local Addresses....................................................................................................269 Alias Files....................................................................................................................................................270 Mailing Lists................................................................................................................................................271 PROTECTING AGAINST MAIL SPAM..................................................................................................................272 UUCP SETUP...................................................................................................................................................272 CHAPTER 20 - NETNEWS.............................................................................................................................274 USENET HISTORY.............................................................................................................................................274 WHAT IS USENET, ANYWAY?..........................................................................................................................274 HOW DOES USENET HANDLE NEWS?...............................................................................................................275 CHAPTER 21 - C NEWS..................................................................................................................................278 DELIVERING NEWS...........................................................................................................................................278 INSTALLATION.................................................................................................................................................279 THE SYS FILE....................................................................................................................................................280 THE ACTIVE FILE..............................................................................................................................................283 ARTICLE BATCHING.........................................................................................................................................283 EXPIRING NEWS...............................................................................................................................................285 10 MISCELLANEOUS FILES....................................................................................................................................287 CONTROL MESSAGES.......................................................................................................................................288 The cancel Message.....................................................................................................................................288 newgroup and rmgroup...............................................................................................................................288 The checkgroups Message...........................................................................................................................288 sendsys, version, and senduuname..............................................................................................................289 C NEWS IN AN NFS ENVIRONMENT.................................................................................................................290 MAINTENANCE TOOLS AND TASKS..................................................................................................................290 CHAPTER 22 - NNTP AND THE NNTPD DAEMON..................................................................................292 THE NNTP PROTOCOL.....................................................................................................................................293 Connecting to the News Server....................................................................................................................293 Pushing a News Article onto a Server.........................................................................................................293 Changing to NNRP Reader Mode...............................................................................................................294 Listing Available Groups.............................................................................................................................295 Listing Active Groups..................................................................................................................................295 Posting an Article........................................................................................................................................295 Listing New Articles....................................................................................................................................296 Selecting a Group on Which to Operate......................................................................................................296 Listing Articles in a Group..........................................................................................................................296 Retrieving an Article Header Only..............................................................................................................296 Retrieving an Article Body Only..................................................................................................................297 Reading an Article from a Group................................................................................................................297 INSTALLING THE NNTP SERVER......................................................................................................................298 RESTRICTING NNTP ACCESS...........................................................................................................................298 NNTP AUTHORIZATION...................................................................................................................................299 NNTPD INTERACTION WITH C NEWS.................................................................................................................299 CHAPTER 23 - INTERNET NEWS................................................................................................................301 SOME INN INTERNALS.....................................................................................................................................301 NEWSREADERS AND INN.................................................................................................................................303 INSTALLING INN..............................................................................................................................................303 CONFIGURING INN: THE BASIC SETUP.............................................................................................................303 INN CONFIGURATION FILES............................................................................................................................304 Global Parameters......................................................................................................................................304 Configuring Newsgroups.............................................................................................................................305 Configuring Newsfeeds................................................................................................................................306 Controlling Newsreader Access..................................................................................................................309 Expiring News Articles................................................................................................................................311 Handling Control Messages........................................................................................................................312 RUNNING INN..................................................................................................................................................314 MANAGING INN: THE CTLINND COMMAND.....................................................................................................315 Add a New Group........................................................................................................................................315 Change a Group..........................................................................................................................................315 Remove a Group..........................................................................................................................................316 Renumber a Group......................................................................................................................................316 Allow/Disallow Newsreaders......................................................................................................................316 Reject Newsfeed Connections......................................................................................................................316 Allow Newsfeed Connections.......................................................................................................................317 Disable News Server....................................................................................................................................317 Restart News Server....................................................................................................................................317 Display Status of a Newsfeed.......................................................................................................................317 Drop a Newsfeed.........................................................................................................................................317 Begin a Newsfeed........................................................................................................................................318 Cancel an Article.........................................................................................................................................318 CHAPTER 24 - NEWSREADER CONFIGURATION.................................................................................319 TIN CONFIGURATION........................................................................................................................................319 TRN CONFIGURATION.......................................................................................................................................320 NN CONFIGURATION.........................................................................................................................................320 APPENDIX A....................................................................................................................................................322
The list of books you might like
