Red Hat Certified Engineer

Red Hat Certified Engineer
Session 1 RHCE Red Hat Certified Engineer Asif Raza

History Of UNIX & Linux 1957: Bell Labs found they needed an operating system which at the time was running various batch jobs. 1965: Bell Labs create Multics (Multiplexed Information and Computing Service) 1969: Summer 1969 UNIX was developed by AT&T 1975: Sixth edition of UNIX released May 1975 1985: GNU project started 1991: Linux is introduced by Linus Benedict Torvalds who was a second year student of Computer Science at the University of Helsinki 1993: NetBSD & FreeBSD released 1994: Red Hat Linux is introduced

First Article About Linux
From: (Linus Benedict Torvalds) Newsgroups: comp.os.minix Subject: What would you like to see most in minix? Summary: small poll for my new operating system Message-ID: Date: 25 Aug 91 20:57:08 GMT Organization: University of Helsinki Hello everybody out there using minix - I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. This has been brewing since april, and is starting to get ready. I'd like any feedback on things people like/dislike in minix, as my OS resembles it somewhat (same physical layout of the file-system (due to practical reasons) among other things). I've currently ported bash(1.08) and gcc(1.40),and things seem to work.This implies that I'll get something practical within a few months, andI'd like to know what features most people would want.a Any suggestions are welcome, but I won't promise I'll implement them :-) Linus PS. Yes - it's free of any minix code, and it has a multi-threaded fs. It is NOT protable (uses 386 task switching etc), and it probably never will support anything other than AT-harddisks, as that's all I have :-(.

GNU & GPL GNU Project: Focused on creating a Unix like operating systemthat could be freely distributed GPL: Global Public license(Copyleft)

Major Linux Distributors
Mandrake Linux Slackware Linux SuSE Linux Turbo Linux Vector Linux Caldera Linux Corel Linux Debian Linux Kondara Linux Red Hat Linux

The Advantage of Linux Low purchase cost Open Source Software (OSS)
UNIX heritage Multi User Scalability Vendor support Reliable uptime Security Logging System …

The Disadvantage of Linux
Steep learning curve Hardware support End-user applications

A Comparison Of Win 9x, NT, and Linux
Win NT Win 9x Feature Good Poor Scalability Excellent Desktop App. Support None Enterprise App. Support Hardware Support Licensing Cost Network Performance Security

Linux Filesystem Hierarchy
Essential Binary Files /bin Boot Loader Files /boot Device Files /dev Configuration Files /etc User Home Directories /home Shared Libraries and Kernel Modules /lib Mount Point for Temporarily Mounted FS /mnt System Information Virtual File System /proc root User Home Directory /root Essential System Binaries /sbin Temporary Files /tmp Shareable Files /usr Non-Shareable Files /var

Installing Linux Hardware Requirements Harddisk Partitioning Boot Loader Install Packages X Configuration

Overview of the Installation Process
Starting the installation process Installation Mode Language Keyboard Mouse Partitioning Boot Loader Installation Network Configuration Setting the time zone

Overview of the Installation Process
Firewall Configuration Specifying authentication options (optional) Specifying user accounts Selecting packages Installing packages Creating a boot disk Configuration the X Windows system (optional)

Installing Linux: Consoles & Message Logs
Contents Keystrokes Console Text-based installation procedure Ctrl+Alt+F1 1 Shell prompt Ctrl+Alt+F2 2 Messages from installation program Ctrl+Alt+F3 3 Kernel messages Ctrl+Alt+F4 4 Other messages, including file system creation messages Ctrl+Alt+F5 5 Graphical installation procedure Ctrl+Alt+F7 7

Configuring InstallTime Options after Installation
authconfig ntsysv setup redhat-config-… kbdconfig mouseconfig timeconfig sndconfig netconfig

Some of Important BASH Variables
SHELL bash (Bourne Again Shell) ash sach tcsh mc Some of Important BASH Variables PATH SHELL PS1 PS2 PS1, PS2 Switches \u , \h , \W , \d , \t , \s , \$ , $

Some of Linux Commands(1)
ls info help man echo rm mv cp tac cat rmdir mkdir pwd touch cd logout date less alias clear halt reboot exit

BASH Standard Input & Standard Output: TAB key Features
Review Pages & Commands Quoting in BASH: “value” ‘value’ `value` Redirection Operators: > >> | << < Standard Input & Standard Output: stdin 0 stdout 1 stderr 2

Important Command Forms
cmd cmd & (fg, ctrl+z, bg) cmd1 ; cmd2 (cmd1 ; cmd2) cmd1 `cmd2` cmd1 | cmd2 cmd1 && cmd2 cmd1 || cmd2 { cmd1 ; cmd2 }

Linux File Types - Normal d Directories Hard link l Symbolic link s
Normal file - Normal Normal directory d Directories Hard link Shortcut to a file or directory l Symbolic link Pass data between 2 process s Socket Like sockets, user can’t work directly with p Named pipe Processes character hw communication c Character device Major & minor numbers for controling dev. b Block device

Bash Special Variables
Specifies number of arguments given to the command $# Returns value of the last program to be used $? Processes number of the current shell $$ Processes number of the last child process $! Specifies individually quoted arguments Specifies all arguments quoted as whole $* Specifies positional argument value, where n is the position $n Specifies name of the current shell $0

Process Text Streams sort, cut, head, tail, split, wc, uniq, grep Redirecting Command’s output tee Create, Monitor & Kill Processes ps, pstree, top, kill, killall Modify Process Priority (renice)

Create Partitions and Filesystem fdisk, mke2fs, mkfs.* Maintain the Integrity of Filesystem e2fsck, fsck.*, du, df Filesystem Mounting & Umounting mount, umount, /etc/fstab

Use File Permissions chmod, chown, chgrp, su Create Hard & Symbolic Links (ln) Find System Files (find, locate, which) Using Emergency & Single User Mode

‘vi’ Powerful Text Editor
Insert Mode Normal Mode Command Mode Insert Text Delete dd  n+dd (Delete) yy  n+yy (Copy) p (paste) P (Paste) / (Search) v (Visual) (Text Selection) w q wq = x q! r s///

Session 6 RHCE Red Hat Certified Engineer

Run Levels init & chkconfig Commands /etc/inittab
Definition Run Levels This runlevel halts the system This runlevel sets single-user mode 1 Multiuser mode without networking 2 Multiuser mode with networking 3 Not used 4 X-based log in 5 This runlevel reboot the system 6 init & chkconfig Commands /etc/inittab /etc/rc.d/init.d & /etc/rc[ ].d/

Configuring Boot loader
LILO Edit /etc/lilo.conf & execute ‘lilo’ command GRUB Edit /boot/grub/grub.conf

Administrative Tasks Manage Users, Groups & Related Files
useradd, userdel, groupadd, groupdel, passwd, vipw, vigr /etc/passwd, /etc/shadow, /etc/skel, /etc/profile, … Configure and use system log files /etc/syslog.conf, /etc/logrotate.conf Scheduling Jobs (at & crontab commands) Backup & Restore Tools tar, bzip2, gzip

Linux Installation and Package Management
Make and Install Programs from Source RPM (Redhat Package Manager)

Kernel About Kernel and Loadable Modules
Manage Kernel Modules at Runtime (/etc/modules.conf) Reconfigure, Build and Install a Custom Kernel

Configuring Modems redhat-config-network-tui Command in Text Mode
Modem Configuration Files kppp Command in X window

Shell Scripts # Comments #! Special Comments Assign a Value x=y x=‘$y’
x=$y export x,y,z x=${y}es export x=$y x=$yes

Shell Scripts Control Constructs for x in …; do …; done
‘read’ command ‘test’ command ( [ ] ) if …; then …; else …; fi case ...; in pattern) …;; esac while …; do …; done until …; do …; done for x in …; do …; done break, continue, exit (for, while, until)

Installing and Configuring X

X Client X Server X Protocol
Basic X Concepts X Client X Server X Protocol

X Window Manager X Desktop Manager X Display Manager
Basic X Concepts X Window Manager X Desktop Manager X Display Manager

Determine the proper X server Install the proper packages
Installing X Determine the proper X server Install the proper packages

Installation the Packages
X Server Selection XFree86-* Installation the Packages freetype gtk+ XFree86-libs XFree86-75dpi-fonts redhat-config-xfree86 XFree86-xfs XFree86-xdm XFree86-twm XFree86-tools xinitrc

redhat-config-xfree86 xvidtune
Configuring X redhat-config-xfree86 xvidtune

Important X Directories & Files
/usr/X11R6/bin /etc/X11 /etc/X11/XF86Config

Configure and Use PPP ‘redhat-config-network-tui’ Command in Text Mode
Modem Configuration Files kppp Command in X window

Network Basics IP (network & host portion) Netmask Address
: Static IP Dynamic IP Netmask Address : Network Address : Broadcast Address :

Classfull Addressing System
Network Classes Class A (8 bits) Class B (16 bits) Class C (24 bits) Reserved IP (Loop back Addr.) (Multicast Protocols) (do not used) Public & Private Networks (Valid & Invalid IPes)

Classless Addressing System (Subnet)
Net. Addr.: = Netmasks: (*/24) : (*/25) : (*/26) : (*/27) : (*/28) : (*/29) : (*/30) : (*/31) :

TCP/IP Model (1)

TCP/IP Model (2) Network Access Protocols Internet Protocols
All functions necessary to access the physical network Internet Protocols IP (Internet Protocol – Connectionless) ICMP (Internet Control Message Protocol)

TCP/IP Model (3) Transport Protocols Application Protocols
TCP (Transmission Control Protocol) Connection-based UDP (User Datagram Protocol) Connectionless Application Protocols Previlage Ports (0-1023) /etc/services

Types of TCP/IP Services
Stand-alone xinetd (and its config)

Related TCP/IP Commands
ps x netstat -ap --inet | grep LISTEN Controlling TCP/IP Daemons Start the daemon Stop the daemon Restart the daemon Status the daemon

Configuration Network
Initializing Network Hardware Load related module Network Configuration Tools netconfig redhat-config-network

Other Network Tools tcpdump nmap tethereal iptraff ifconfig ping traceroute netstat

Network Configuration Files /etc/hosts /etc/host.conf /etc/services /etc/resolv.conf /etc/sysconfig/network /etc/sysconfig/network-scripts/* IP Aliasing

DHCP Advantage & disadvantage of DHCP DHCP Server Configuration
/etc/dhcpd.conf /var/lib/dhcp/dhcpd.leases DHCP Client Configuration netconfig command

An Example of dhcpd.conf
ddns-update-style ad-hoc; subnet netmask { range ; option routers ; option subnet-mask ; option domain-name "domain.com"; option domain-name-servers ; default-lease-time 21600; max-lease-time 43200; # we want the nameserver to appear at a fixed address host dns1 { hardware ethernet 12:34:56:78:AB:CD; fixed-address ; }

dhcpd.leases Format lease 192.168.1.8 { starts 3 2004/04/12 09:34:12
ends /07/15 23:49:57 hardware ethernet 00:09:e6:88:0a:05 } ...

NFS Related Daemons Installation rpc.nfsd rpc.portmap rpc.mountd
nfs-utils portmap 2004 Agust

NFS Configuration Server Side Client Side Edit /etc/exports file
PATH host_lists(options) Run ‘exportfs –r’ command ‘redhat-config-nfs’ Command Client Side mount –t nfs server:PATH Mountpoint Edit ‘/etc/fstab’ file server:PATH M.P. nfs ro 0 0

SAMBA (1) Related Services Related Packages smbd nmbd samba
samba-common samba-client

SAMBA (2) Server Configuration Client Configuration
Global Directives Service Directives Client Configuration smbmount //server/share /m.p. smbclient //server/share Configuration with SWAT

TCP/IP Services Process Process Port Port Port Server Client
1. server binds to port and listens 2. Client binds to port 3. Client connects to server Port 4. Server designates port Port Port 5. Client and server communicate

Telnet Server & Client SSH
Remote Login Telnet Server & Client SSH

Modules mod_auth mod_info mod_php mod_include mod_perl mod_ssl
The Apache Web Server Modules mod_auth mod_info mod_php mod_include mod_perl mod_ssl

Installation Apache rpm –Uvh httpd-[^d]*.rpm rpm –Uvh httpd-devel*.rpm
(for support apache modules)

Basic Configuration httpd.conf Section 1: Section 2: Section 3:
The Global Environment Section 2: The Main Configuration Section 3: The Virtual Host Configuration

Apache Advanced Configuration
Authentication in Apache Configure with PHP Configure with SSL Configure Virtual Host

Authentication in Apache
Create ‘/etc/httpd/.htpasswd’ file Configuring ‘httpd.conf’ file <Location /dir_name> AuthType Basic AuthName “NAME” AuthUserFile “.htpasswd” Require valid-user </Location>

Configure Apache with PHP
rpm –Uvh php-4*.rpm Configure Apache with SSL rpm –Uvh mod_ssl*.rpm

Configure Virtual Host
Configuring ‘/etc/hosts’ file Configuring ‘httpd.conf’ file <VirtualHost > ServerAdmin DocumentRoot /var/www/html/vh/ ServerName </VirtualHost>

Start Stop Restart Reload Status
Apache Administration Start Stop Restart Reload Status

Troubleshooting the Apache
/var/log/messages /var/log/httpd/ /usr/sbin/httpd –S (for virtual host)

Securing Your Network Using ‘lokkit’ or ‘redhat-config-securitylevel’ Command Password & Physical Security Securing TCP/IP Using Tripwire Keeping Up-to-Date on Linux Security Issues

FTP Installation Access Levels rpm –ivh vsftp*.rpm Config File
/etc/vsftpd/vsftpd.conf Access Levels Anonymouse Access (anonymouse_enable) User Access (tcp_wrappers needs)

Cache Server (Squid) Install squid Managing squid rpm –ivh squid*.rpm
start, stop, restart, status, reload

Squid Log Files /var/log/squid/access.log (cache_access_log)
/var/log/squid/cache.log (cache_log) /var/log/squid/store.log (cache_store_log)

An Example of ‘squid.conf’
http_port 8081 cache_effective_user squid cache_effective_group squid acl all src / http_access allow all cache_dir ufs /cache visible_hostname ws1

service squid start squid –d1 –z squid –d1 –f /etc/squid/squid.conf
Running Squid service squid start squid –d1 –z squid –d1 –f /etc/squid/squid.conf

The Kind of Proxies Upstream Proxy Transparent Proxy
cache_peer yourproxy.com parent prefer_direct off Transparent Proxy httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on

Configuring a Linux Router
Configuring Kernel IP: advanced router Enable IP Forwading Add ‘net.ipv4.ip_forward=1’ to /etc/sysctl.conf echo “1” > /proc/sys/net/ipv4/ip_forward

Static route Dynamic route
Type of Routes Static route Dynamic route

Components of Routing Rules
Destination IP Address An Interface An Optional Gateway IP Address

Routing Command route add –net net_addr netmask mask_addr interface
route add –host ip_addr interface route add default gateway ip_addr interface

An Example Internet A 192.168.1.2 E 192.168.100.2 B 192.168.1.3 F
Router eth2 eth0 eth1 C G Gateway D H

Related Rules route add –net 192.168.1.0 netmask 255.255.255.0 eth0
route add default gateway eth2

Result Iface Use Ref Metric Flags Genmask Gateway Destination eth0 UH * Eth1 Eth2 U eth2 UG lo U: Network link is up H: Dest. Addr. Refers to a host G: Gateway

Electronic Mail (Sendmail)

How Email Is Sent and Received
mail1 MTA mail2 MTA ? ?

Concepts MTA : Mail Transport Agent SMTP (server-to-server)
Simple Mail Transport Protocol POP (Mail Access) Post Office Protocol IMAP (Mail Access) Interim Mail Access Protocol MDA : Mail Delivery Agent MUA : Mail User Agent

Disadvantage of Sendmail
Older MTA Powerful MTA Disadvantage of Sendmail Slow High Load Environment Crypto Configuration

Sendmail Postfix Exim Qmail
MTAs Sendmail Postfix Exim Qmail MUAs Evolution, Kmail (KDE) Balsa (GNOME) Mozilla Mail

sendmail sendmail-cf imap (Config xinetd) (contains IMAP & POP3)
Required Packages sendmail sendmail-cf imap (Config xinetd) (contains IMAP & POP3)

Sendmail Configuration
Config ‘/etc/mail/sendmail.mc’ file LOCAL_DOMAIN(‘example.com’)dnl Run ‘make –C /etc/mail/’ Config DNS

Edit ‘/etc/aliases’ file postmaster: joseph Run ‘newaliases’ Command
Aliases Edit ‘/etc/aliases’ file postmaster: joseph Run ‘newaliases’ Command

Rejecting Email Edit ‘/etc/mail/access’ file service sendmail restart
spam.com REJECT yahoo.com OK service sendmail restart

Where do I look? /etc/nsswitch.conf (nameservice switch)
cat /etc/nsswitch.conf hosts: files dns

Files Search order determined by nsswitch.conf
It is polite to have /etc/hosts first! cat /etc/hosts localhost mccoy.tardis.ed.ac.uk mccoy baker.tardis.ed.ac.uk baker packages.tardis.ed.ac.uk packages

DNS Traversal Local files Dns server locally Item in cache?
Root server, work your way down…

Resolving Names Configuration Files for the Local Host Name Resolution (important for testing) /etc/resolv.conf /etc/nsswitch.conf /etc/host.conf

DNS BIND – Berkley Internet Name Daemon
Dents – buggy as hell (still in alpha?) Djbdns – Dan Bernstein’s DNS server Banyan VINES – don’t go there!

Named (name dee) /etc/named.conf: <DNSROOT>/root.hints:
this defines a directory to store the DNS config files Contains info about what zones we serve, and where to find config files! Config file for named – tells us if we are master / slave, allow or deny zone transfers, what the IPs of other master / slave servers are, etc. <DNSROOT>/root.hints: Contains "pointers" to the Root Servers <DNSROOT>/ : Config for reverse-lookup to the local host/subnet <DNSROOT>/<zone>: Config for zone <DNSROOT>/<in-addr.arpa file> Config for reverse lookup for your zone See print out.

A simple named.conf ## named.custom - custom configuration for bind
zone "." { type hint; file "root.lists"; }; options { directory "/var/named/"; zone " in-addr.arpa" { type master; file " "; zone "hq.alim.ir" { file "hq.alim.ir"; zone " in-addr.arpa" { file " "; CNAMEs should only point at A records RR – Resource Record LOC – GPS Location HINFO – Hardware Info See print out

DNS Data DNS databases contain more than just hostname-to-address records: SOA – Start Of Authority – it is the daddy! IN NS – Name Server IN MX – Mail eXchanger IN A – A record (Address record) IN CNAME – Canonical NAME CNAMEs should only point at A records RR – Resource Record LOC – GPS Location HINFO – Hardware Info See print out

A simple zone file @ IN SOA hq.alim.ir. root.hq.alim.ir. (
; serial, todays date + todays serial # 8H ; refresh, seconds 2H ; retry, seconds 4W ; expire, seconds 1D ) ; minimum, seconds NS hq.alim.ir. MX 10 hq.alim.ir. ; Primary Mail Exchanger TXT "Alim IT Center" localhost A router A hq.alim.ir. A ns A www A ftp CNAME hq.alim.ir. mail CNAME hq.alim.ir. news CNAME hq.alim.ir. CNAMEs should only point at A records RR – Resource Record LOC – GPS Location HINFO – Hardware Info See print out

A simple in-addr.arpa file
$TTL 3D @ IN SOA hq.alim.ir. root.hq.alim.ir. ( ; Serial ; Refresh ; Retry ; Expire 86400) ; Minimum TTL NS hq.alim.ir. ; Servers PTR router.hq.alim.ir. PTR hq.alim.ir. PTR funn.hq.alim.ir. ; Workstations PTR ws hq.alim.ir. PTR ws hq.alim.ir. PTR ws hq.alim.ir. CNAMEs should only point at A records RR – Resource Record LOC – GPS Location HINFO – Hardware Info See print out

Forward DNS hq.alim.ir (as per /etc/named.conf)
SOA – Start Of Authority – it is the daddy! IN NS – Name Server IN MX – Mail eXchanger IN A – A record (Address record) IN CNAME – Canonical NAME CNAMEs should only point at A records RR – Resource Record LOC – GPS Location HINFO – Hardware Info See print out

Reverse DNS SOA IN NS IN PTR – Pointer
(as per /etc/named.conf) SOA IN NS IN PTR – Pointer See print out.

DNS Round Robin Fault tolerance? Through nifty DNS hacks
60 IN A 60 IN A 60 IN A The 60s there are TTLs – overrides the default TTL in the SOA Worth noting that the address closest to the requesting host will be returned first… Mention hesiod – home dir locations through DNS, and other such stuff.

Common Mistakes Forgetting to increment the Serial Number!
CNAME pointing at another CNAME! Forgetting the “.” In appropriate places! Underscores in hostnames! Forgetting to reload the daemon! Version control issues – clobber changes! TTL Issues

Test Tools nslookup dig whois http://www.squish.net/dnscheck/
dig mail.hq.alim.ir dig -x dig in-addr.arpa. AXFR whois James Ponder’s DNS check web page

Firewall Required Properties:
Control Allow only those packets that you are interested to pass through. Security Reject packets from malicious outsiders Watchfulness Log packets to/from outside world

Packet Filtering Proxy-Based Firewall
Firewall Types Statefull Stateless Packet Filtering Proxy-Based Firewall

Packet Filter under Linux
1st generation ipfw (from BSD) 2nd generation ipfwadm (Linux 2.0) 3rd generation ipchains (Linux 2.2) 4th generation iptable (Linux 2.4 & 2.6)

Installing Iptables # rpm -ivh \ iptables-1.2.6a-2.i386.rpm
Kernel Supports Iptables Networking Options -> TCP/IP Networking ->Network Packet Filtering Networking Options -> TCP/IP Networking ->IP: advanced router -> * Networking Options -> IP: NetfilterNetworking Options -> IP: Netfilter For Packets Traffic Control : Networking Options> QoS and/or fair queueing -> * # rpm -ivh \ iptables-1.2.6a-2.i386.rpm

Chains of Tables INPUT OUTPUT FORWARD
Controls packets entering your system OUTPUT Controls packets leaving your system FORWARD Controls what packets can move from one network to another through your system

Forward Routing Decision Output Input Local Process

If it’s destined for this box
When a packet comes in, the kernel first looks at the destination of the packet: this is called routing. If it’s destined for this box Passes downwards in the diagram To INPUT chain If it passes, any processes waiting for that packet will receive it. Otherwise go to step 3 Continue…

If forwarding is not enabled The packet will be dropped
If forwarding is enable and the packet is destined for another network interface. The packet goes rightwards on our diagram to the FORWARD chain. If it is accepted, it will be sent out. Packets generated from local process pass to the OUPUT chain immediately. If its says accept, the packet will be sent out.

Packet Status in Iptables
Established New Related Invalid

Results of Packet Checking
ACCEPT DROP REJECT …

Tables of Iptables Filter NAT Mangle

The Path of Packet in Iptables
Network Mangle Table PREROUTING Chain NAT Table PREROUTING Chain Destination NAT Routing decision Mangle INPUT Mangle FORWARD Filter INPUT Filter FORWARD Local process Mangle POSTROUTING Routing decision Mangle OUTPUT NAT POSTROUTING Chain Source NAT Based on routing NAT OUTPUT Filter OUTPUT Network

Tables of Chains * - Chain table POSTROUTING PREROUTING FORWARD OUTPUT
INPUT Chain table * MANGLE - NAT FILTER

Building a Rule source/destination
iptables –s Refers to packet from a specific IP address The “-s” refers to the source of the packet, where the packet is coming from. A corresponding “-d” refers to the destination, where the packet is going to.

Building a Rule IP address ranges
Building a Rule Action iptables –s j DROP The “-j” determines what happens to the Building a Rule IP address ranges iptables –s /24 -j DROP IPs that match * The “/24” refers to the number of bits that are fixed, counting from the left.

Other Actions REDIRECT LOG RETURN Sends packets to a proxy
Tracks packets as they match rules RETURN Terminates user defined chains

Building a Rule appending rules to tables
iptables –A INPUT –s j DROP The “-A” appends the rule to an iptable The “INPUT” specifies the iptable This command makes your system to ignore all packets from iptables –A OUTPUT –d –j DROP This command does not allow your system to sent packets to

Building a Rule only blocking some packets
iptables –A INPUT –s –p tcp --destination-port telenet –j DROP The “-p” specifies a specific protocol: tcp, udp, or icmp The “-destination-port” is where the packet is going You can user the service name or the port number Could use 23 in this example Keep in mind that the source-port is very different from the destination-port. In this example the inbound message is going to your telenet server. The telenet client that is sending you the message could be running on any port. --dport == --destination-port --sport == --source-port

Building a Rule multiple network interfaces
Assume your machine has two interface cards. One to a LAN named eth0 and the other to the Internet named ppp0 iptables –A INPUT –p tcp --dport telnet –i ppp0 –j DROP The “-i” option specifies the input interface The is also a “-o” option for the output interface iptables –A INPUT –p tcp --dport telnet –i eth0 –j ACCEPT Together these rules would accept telnet requests from the LAN but block telnet requests from the Internet.

Building a Rule Table Policies
iptables –P FORWARD ACCEPT The “-P” option followed by a table name and action determines the default policy of the table. If no rule in the table matches this default action is taken. The usual policies are INPUT = ACCEPT OUTPUT = ACCEPT FORWARD = DENY

Building a Rule Adding Rules to Tables
iptables –A INPUT –s j DROP Appends the rule to the end of the table iptables –I INPUT 3 –s j DROP Inserts the rule as rule 3 in the table, moving all other rules down 1. iptables –R INPUT 3 –s j DROP Replaces rule 3 in the table iptables –D INPUT 3 Deletes rule 3 in the table

Operations to manage whole chains
Create a new chain -X Delete an empty chain -P Change the policy for a built-in chain -L List the rules in a chain -F Flush the rules out of a chain -Z Zero the packet and byte counters on all rules in a chain

Manipulate rules inside a chain
Append a new rule to a chain -I Insert a new rule at some position in a chain -R Replace a rule at some position in a chain -D Delete a rule at some position in a chain Delete the first rule that matches in a chain

Accessible ONLY via LAN
An Example Firewall Internet Web Server SSH Server Accessible ONLY via LAN eth1 eth0 GW: GW: GW:

Session 18 RHCE Red Hat Certified Engineer Advanced Asif Raza

Traffic Shaping (CBQ) /etc/rc.d/init.d/cbq.init Install ‘shapecfg’ RPM
( Install ‘shapecfg’ RPM /etc/sysconfig/cbq/*(0002-FFFF) /etc/rc.d/init.d/cbq.init start

Sample of CBQ Configuration
DEVICE=eth0,10Mbit,1Mbit RATE=10 Kbit PRIO=5 RULE=:21, /24

The End Good Luck

Red Hat Certified Engineer

Similar presentations

Presentation on theme: "Red Hat Certified Engineer"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Red Hat Certified Engineer

Similar presentations

Presentation on theme: "Red Hat Certified Engineer"— Presentation transcript:

Similar presentations

About project

Feedback