TCP/IP Networking Objectives –to learn how to integrate a RedHat system onto a TCP/IP network Contents –TCP/IP configuration files –Network configuration tools –Network interfaces –Basic TCP/IP services –Berkely R-family Practicals –working with TCP/IP utilities and files Summary
Defining IP Addresses Traditionally IP address defined in /etc/hosts –one line per known host defining IP address hostname and aliases –if last line is a + then NIS is being used –hostnames are limited to 8 characters Larger sites use DNS (Domain Name Services) –one or more hosts on the network maintain all IP addresses –individual hosts request addresses as needed –address cached locally to optimise DNS # more /etc/hosts localhost.localdomainlocalhost mash4077loghost mailhost rosies printserver seoul # more /etc/hosts localhost.localdomainlocalhost mash4077loghost mailhost rosies printserver seoul
Analyze Network Interface Configuration Use ifconfig to view network interfaces –use the -a option to list all configured interfaces # ifconfig -a eth0 Link encap:Ethernet HWaddr 00:50:04:50:61:98 inet addr: Bcast: Mask: UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets: errors:0 dropped:0 overruns:84 frame:0 TX packets: errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lo Link encap:Local Loopback inet addr: Mask: UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets: errors:0 dropped:0 overruns:0 frame:0 TX packets: errors:0 dropped:0 overruns:0 carrier:0 collisions:0 # ifconfig eth0 down # ifconfig eth0 up # ifconfig -a eth0 Link encap:Ethernet HWaddr 00:50:04:50:61:98 inet addr: Bcast: Mask: UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets: errors:0 dropped:0 overruns:84 frame:0 TX packets: errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lo Link encap:Local Loopback inet addr: Mask: UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets: errors:0 dropped:0 overruns:0 frame:0 TX packets: errors:0 dropped:0 overruns:0 carrier:0 collisions:0 # ifconfig eth0 down # ifconfig eth0 up
Network Interface Configuration Use ifconfig to configure the network interface Permanent changes in /etc/sysconfig/network-scripts Files named like: ifcfg-eth0 STATIC settings: DHCP settings: Alias interfaces Permanent changes in /etc/sysconfig/network-scripts/ifcg-eth0:0 With DEVICE=eth0:0 Releasing/Renewing IP adresses ifdown eth0 / ifdown eth0 # ifconfig eth netmask up DEVICE=eth0 USERCTL=no ONBOOT=yes BOOTPROTO=none BROADCAST= NETWORK= NETMASK= IPADDR= DEVICE=eth0 USERCTL=no ONBOOT=yes BOOTPROTO=none BROADCAST= NETWORK= NETMASK= IPADDR= DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes # Ifconfig eth0:
Routing information Use route to get/manipulate network routing –Route table netstat –r(n) or route –Routes to all directly connected networks are created automatic –To add a net-route: route add –net gw –To delete a net-route: route del –net gw Redhat can hande RIP/OSPF + traffic shaping Metric value for priority if different value or round robin if same: route add –net netmask gw metric 10 route add –net netmask gw metric 10 Detete the route: route del –net netmask # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface * U eth * U eth * U eth * U eth * U lo default router.ing-stee UG eth3 # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface * U eth * U eth * U eth * U eth * U lo default router.ing-stee UG eth3
Routing information configuration Use route to configure the defaultrouter Permanent changes in /etc/sysconfig/ Files named network: Using several routes Permanent changes in /etc/sysconfig/static-routes Or better use /etc/rc.d/rc.local # route add default gw eth0 GATEWAYDEV=eth0 NETWORKING=yes FORWARD_IPV4=yes NISDOMAIN=nis.ikea.se HOSTNAME=node01.ikea.se GATEWAY= GATEWAYDEV=eth0 NETWORKING=yes FORWARD_IPV4=yes NISDOMAIN=nis.ikea.se HOSTNAME=node01.ikea.se GATEWAY= eth0 net netmask gw # route add -net netmask gw eth0 route add -net netmask gw eth0
Adding/Removing NIC’s Adding NIC 1.Before going further, find out current NIC-order a) By physical inspection, pinging and moving cables. b) Look in /etc/modprobe.conf or find NIC modules with lsmod and ksyms –m or –am Kernel key symbol is exported like [3c59x] for 3c905 boards. c) Modify /etc/modprobe.conf to reflect your wished NIC order. 2.Look if new NIC needs to be added in kernel or kernel need patch. If that is the case, recompile kernel and do step 1 again! 3.Power off the host 4.Insert the new NIC 5.If you are lucky, kudzu will find the new NIC and add it for you, you will be asked configuration parameters. NOTE! Kudzu can destroy current configuration in /etc/modprobe.conf and change Nic order. 6.If everything goes well you can now goto step 1 once again to check out your NIC order. If you are satisfied it is time to do NIC configuration permanent. Removing NIC, you basically do the same steps but you now remove support, kudzu will detect NIC removal and you can remember its configuration.
Changing NIC parameters Use mii-tool to view NIC settings Using mii-tool to force 100MBit/s Full Duplex Making changes permanent /etc/rc.d/rc.local # mii-tool –v sysconfig]$ mii-tool -v | more eth0: negotiated 100baseTx-FD, link ok product info: vendor 00:10:18, model 18 rev 0 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow- control # mii-tool –v sysconfig]$ mii-tool -v | more eth0: negotiated 100baseTx-FD, link ok product info: vendor 00:10:18, model 18 rev 0 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow- control # mii-tool -F 100baseTx-FD eth0
Nameservers for non nameserver hosts Nameservers are stored in /etc/resolv.conf General format: NameserverThe nameservers to query for names DomainMy domain, my host is added to this domain. SearchA space delimited list of max six key domains to add hostnames to in the query if domain is missing. Optionsrotate round robin Nameserver list timeout:ndefault is 30 seconds attempts:ndefault is 3 or 4 Searchorder for finding hosts are stored in /etc/host.conf Name Service Switch config file /etc/nsswitch.conf domain my-site.com search my-site.com nameserver ip 2 nameserver ip 1 nameserver ip 3 order hosts,bind Hosts: files dns
Looking at Network Statistics Use netstat to get network status information –use -a to view all sockets –use -i to view interfaces –use -rn to view routing statistics # netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth BRU lo LRU # netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth BRU lo LRU
Looking for a System The simplest TCP/IP utility is ping which sends a message to a host and waits for a reply –the host can be specified as a name or an IP address $ ping –c1 gkse1 PING gkse1.ing-steen.se ( ) from : 56(84) bytes of data. 64 bytes from gkse1.ing-steen.se ( ): icmp_seq=0 ttl=64 time=1.119 mse --- gkse1.ing-steen.se ping statistics packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/mdev = 1.119/1.119/1.119/0.000 ms $ ping ulf2 PING ulf2.intra.ing-steen.se ( ) from : 56(84) bytes of data. From lina.intra.ing-steen.se ( ): Destination Host Unreachable --- ulf2.intra.ing-steen.se ping statistics packets transmitted, 0 packets received, +1 errors, 100% packet loss $ ping dude ping: unknown host dude $ ping –c1 gkse1 PING gkse1.ing-steen.se ( ) from : 56(84) bytes of data. 64 bytes from gkse1.ing-steen.se ( ): icmp_seq=0 ttl=64 time=1.119 mse --- gkse1.ing-steen.se ping statistics packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/mdev = 1.119/1.119/1.119/0.000 ms $ ping ulf2 PING ulf2.intra.ing-steen.se ( ) from : 56(84) bytes of data. From lina.intra.ing-steen.se ( ): Destination Host Unreachable --- ulf2.intra.ing-steen.se ping statistics packets transmitted, 0 packets received, +1 errors, 100% packet loss $ ping dude ping: unknown host dude
Network layer 2 To see if you have contact with network layer 2 –use ifconfig Shows if interfaces are up –use arp Shows the local arp cache Manipulate with arp cache –Add static route To secure system and increase network speed –Flush arp cache If you have stale arp entries –Delete entry in arp cache Remove faulty entries # arp –s :0B:5F:12:81:00 # arp –d # arp Address HWtype HWaddress Flags Mask Iface router.ing-steen.se ether 00:0B:5F:12:81:00 C eth3 grey.ing-steen.se ether 00:06:5B:1A:84:11 C eth3 # arp –s :0B:5F:12:81:00 # arp –d # arp Address HWtype HWaddress Flags Mask Iface router.ing-steen.se ether 00:0B:5F:12:81:00 C eth3 grey.ing-steen.se ether 00:06:5B:1A:84:11 C eth3
Telnet & local name resolution The Telnet command is used to connect to another machine over a TCP/IP network –a connection is established and the user logs on as normal –chkconfig telnet on –telnet is a xinetd demon service: /etc/xinetd.d/telnet Local name resolution is in /etc/hosts $ uname -n a01 $ telnet a02 My RedHat linux server! login: hawkeye password: Welcome to Uncle Sam's wonderful world of Unix Remember the bar never closes! $ uname -n a02 $ uname -n a01 $ telnet a02 My RedHat linux server! login: hawkeye password: Welcome to Uncle Sam's wonderful world of Unix Remember the bar never closes! $ uname -n a02 # cat /etc/hosts localhost.localdomainlocalhosta a01.my-site.coma01# This host IP address! a02.my-site.coma02# Other important hosts a03.my-site.coma a04.my-site.coma a05.my-site.coma a06.my-site.coma06 # cat /etc/hosts localhost.localdomainlocalhosta a01.my-site.coma01# This host IP address! a02.my-site.coma02# Other important hosts a03.my-site.coma a04.my-site.coma a05.my-site.coma a06.my-site.coma06
SSH The SSH command is used to connect to another machine over a TCP/IP network –a connection is established and the user logs on as normal –chkconfig - -add ssh implements ssh –ssh config sit in: /etc/ssh and run as stand alone server –ssh is standard in RedHat 9 $ hostname a02 $ chkconfig -–list sshd sshd 0:off 1:on 2:on 3:on 4:on 5:on 6:off $ ssh –l peter a01 password: $ hostname a01 $ hostname a02 $ chkconfig -–list sshd sshd 0:off 1:on 2:on 3:on 4:on 5:on 6:off $ ssh –l peter a01 password: $ hostname a01
FTP is an interactive utility for network file transfer –login to remote host supplying username and password –Client/Server concept Restrict FTP access using /etc/vsftpd/vsftpd.ftpusers file –FTP access is denied to users named in this file Configure vsftpd using /etc/vsftpd/vsftpd.conf file Two kinds of ftp servers: private ftp and anonymous ftp File Transfer Protocol $ ftp a01 Connected to a01 Name (a01:hawkeye): Password: ftp> get file2...data about the transfer... ftp> put /etc/hosts /tmp/mash.hosts...data about the transfer... ftp> bye $ ftp a01 Connected to a01 Name (a01:hawkeye): Password: ftp> get file2...data about the transfer... ftp> put /etc/hosts /tmp/mash.hosts...data about the transfer... ftp> bye
File Transfer Protocol
Berkeley R Utilities & the new S Utilities The Unix (or Berkeley) r utilities provide an alternative to IP facilities telnet and ftp. Three programs: rlogin hostname remote login rsh hostname command remote command rcp [ host :] file [ host :] file remote copy, from to scp copy, from ssh hostnameremote command rdist remote distrubtuion For R family: passwords not required if.rhosts files configured –friendly hosts defined for all normal users in /etc/hosts.equiv –users may add to this list in $HOME/.rhosts For S family: you need to exchange keys (RedHat 9+ default) –Users may add friendly hosts in $HOME/.ssh/authorized_keys –Keys must be give to you from remote host $HOME/.ssh/id_rsa.pub –Keys generated with ssh-keygen –t rsa
Exercise - Who has Remote Access Here are three files from mash4077 Can root on seoul copy files to/from mash4077? Can hawkeye on seoul run commands on mash4077? Can hawkeye on rosies run commands on mash4077? Can root on mash4077 copy files to/from rosies? Can bfpierce on division copy files to mash4077? Can root on seoul login to mash4077? # more /etc/hosts.equiv seoul # more /.rhosts rosies # /home/hawkeye/.rhosts rosies swamp division bfpierce # more /etc/hosts.equiv seoul # more /.rhosts rosies # /home/hawkeye/.rhosts rosies swamp division bfpierce
Remote shells The rsh (remsh) command –run a command on a named host –standard I/O can be redirected as normal –/etc/profile and.profile not executed –requires /etc/hosts.equiv or $HOME/.rhosts file to be configured From a02 or a03 you issue the commands below: $ whoami trapper $ rsh a01 ls -l..run ls –l as trapper on a01 output.. $ rsh a01 ls -l > list.a01 file list.a01 created on local system $ rsh a01...same as rlogin... $ rsh –l hawkeye a01...same as rlogin –l hawkeye... $ whoami trapper $ rsh a01 ls -l..run ls –l as trapper on a01 output.. $ rsh a01 ls -l > list.a01 file list.a01 created on local system $ rsh a01...same as rlogin... $ rsh –l hawkeye a01...same as rlogin –l hawkeye...
Internetwork demon Configuration Internet facilities controlled by the internet daemon –/usr/sbin/xinetd –started up from /etc/inittab xinetd controlled by configuration file /etc/xinetd.conf –Tells where facilities/service catalog sit –Set mandatory facility/service configuration and logging –Former name was inetd.conf and inetd demon Services configuration files /etc/xinetd.d/ Telnet example: service telnet { disable = no flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID } service telnet { disable = no flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID }
Summary Unix systems use TCP/IP for networking Every host on the network must have a unique IP address The file /etc/hosts maps names into IP addresses for network utilities Systems using DNS don't keep local host files Unix supports standard TCP/IP programs such as ping, telnet and ftp Unix provides its own equivalents (rlogin, rcp/scp, rsh and rdist) which use.rhosts files Unix uses several TCP/IP configuration files in /etc (xinetd.conf, services, etc.)