Cover image for Linux Networking Cookbook

Book description

This soup-to-nuts collection of recipes covers everything you need to know to perform your job as a Linux network administrator, whether you're new to the job or have years of experience. With Linux Networking Cookbook, you'll dive straight into the gnarly hands-on work of building and maintaining a computer network. Running a network doesn't mean you have all the answers. Networking is a complex subject with reams of reference material that's difficult to keep straight, much less remember. If you want a book that lays out the steps for specific tasks, that clearly explains the commands and configurations, and does not tax your patience with endless ramblings and meanderings into theory and obscure RFCs, this is the book for you. You will find recipes for:

  • Building a gateway, firewall, and wireless access point on a Linux network

  • Building a VoIP server with Asterisk

  • Secure remote administration with SSH

  • Building secure VPNs with OpenVPN, and a Linux PPTP VPN server

  • Single sign-on with Samba for mixed Linux/Windows LANs

  • Centralized network directory with OpenLDAP

  • Network monitoring with Nagios or MRTG

  • Getting acquainted with IPv6

  • Setting up hands-free networks installations of new systems

  • Linux system administration via serial console

And a lot more. Each recipe includes a clear, hands-on solution with tested code, plus a discussion on why it works. When you need to solve a network problem without delay, and don't have the time or patience to comb through reference books or the Web for answers, Linux Networking Cookbook gives you exactly what you need.

Table of Contents

  1. Dedication
  2. Special Upgrade Offer
  3. A Note Regarding Supplemental Files
  4. Preface
    1. Audience
    2. Contents of This Book
    3. What Is Included
    4. Which Linux Distributions Are Used in the Book
    5. Downloads and Feedback
    6. Conventions
    7. Using Code Examples
    8. Comments and Questions
    9. Safari® Books Online
    10. Acknowledgments
  5. 1. Introduction to Linux Networking
    1. 1.0. Introduction
  6. 2. Building a Linux Gateway on a Single-Board Computer
    1. 2.0. Introduction
    2. 2.1. Getting Acquainted with the Soekris 4521
    3. 2.2. Configuring Multiple Minicom Profiles
    4. 2.3. Installing Pyramid Linux on a Compact Flash Card
    5. 2.4. Network Installation of Pyramid on Debian
    6. 2.5. Network Installation of Pyramid on Fedora
    7. 2.6. Booting Pyramid Linux
    8. 2.7. Finding and Editing Pyramid Files
    9. 2.8. Hardening Pyramid
    10. 2.9. Getting and Installing the Latest Pyramid Build
    11. 2.10. Adding Additional Software to Pyramid Linux
    12. 2.11. Adding New Hardware Drivers
    13. 2.12. Customizing the Pyramid Kernel
    14. 2.13. Updating the Soekris comBIOS
  7. 3. Building a Linux Firewall
    1. 3.0. Introduction
    2. 3.1. Assembling a Linux Firewall Box Problem
    3. 3.2. Configuring Network Interface Cards on Debian
    4. 3.3. Configuring Network Interface Cards on Fedora
    5. 3.4. Identifying Which NIC Is Which
    6. 3.5. Building an Internet-Connection Sharing Firewall on a Dynamic WAN IP Address
    7. 3.6. Building an Internet-Connection Sharing Firewall on a Static WAN IP Address
    8. 3.7. Displaying the Status of Your Firewall
    9. 3.8. Turning an iptables Firewall Off
    10. 3.9. Starting iptables at Boot, and Manually Bringing Your Firewall Up and Down
    11. 3.10. Testing Your Firewall
    12. 3.11. Configuring the Firewall for Remote SSH Administration
    13. 3.12. Allowing Remote SSH Through a NAT Firewall
    14. 3.13. Getting Multiple SSH Host Keys Past NAT
    15. 3.14. Running Public Services on Private IP Addresses
    16. 3.15. Setting Up a Single-Host Firewall
    17. 3.16. Setting Up a Server Firewall
    18. 3.17. Configuring iptables Logging
    19. 3.18. Writing Egress Rules
  8. 4. Building a Linux Wireless Access Point
    1. 4.0. Introduction
    2. 4.1. Building a Linux Wireless Access Point
    3. 4.2. Bridging Wireless to Wired
    4. 4.3. Setting Up Name Services
    5. 4.4. Setting Static IP Addresses from the DHCP Server
    6. 4.5. Configuring Linux and Windows Static DHCP Clients
    7. 4.6. Adding Mail Servers to dnsmasq
    8. 4.7. Making WPA2-Personal Almost As Good As WPA-Enterprise
    9. 4.8. Enterprise Authentication with a RADIUS Server
    10. 4.9. Configuring Your Wireless Access Point to Use FreeRADIUS
    11. 4.10. Authenticating Clients to FreeRADIUS
    12. 4.11. Connecting to the Internet and Firewalling
    13. 4.12. Using Routing Instead of Bridging
    14. 4.13. Probing Your Wireless Interface Card
    15. 4.14. Changing the Pyramid Router’s Hostname
    16. 4.15. Turning Off Antenna Diversity
    17. 4.16. Managing dnsmasq’s DNS Cache
    18. 4.17. Managing Windows’ DNS Caches
    19. 4.18. Updating the Time at Boot
  9. 5. Building a VoIP Server with Asterisk
    1. 5.0. Introduction
    2. 5.1. Installing Asterisk from Source Code
    3. 5.2. Installing Asterisk on Debian
    4. 5.3. Starting and Stopping Asterisk
    5. 5.4. Testing the Asterisk Server
    6. 5.5. Adding Phone Extensions to Asterisk and Making Calls
    7. 5.6. Setting Up Softphones
    8. 5.7. Getting Real VoIP with Free World Dialup
    9. 5.8. Connecting Your Asterisk PBX to Analog Phone Lines
    10. 5.9. Creating a Digital Receptionist
    11. 5.10. Recording Custom Prompts
    12. 5.11. Maintaining a Message of the Day
    13. 5.12. Transferring Calls
    14. 5.13. Routing Calls to Groups of Phones
    15. 5.14. Parking Calls
    16. 5.15. Customizing Hold Music
    17. 5.16. Playing MP3 Sound Files on Asterisk
    18. 5.17. Delivering Voicemail Broadcasts
    19. 5.18. Conferencing with Asterisk
    20. 5.19. Monitoring Conferences
    21. 5.20. Getting SIP Traffic Through iptables NAT Firewalls
    22. 5.21. Getting IAX Traffic Through iptables NAT Firewalls
    23. 5.22. Using AsteriskNOW, “Asterisk in 30 Minutes”
    24. 5.23. Installing and Removing Packages on AsteriskNOW
    25. 5.24. Connecting Road Warriors and Remote Users
  10. 6. Routing with Linux
    1. 6.0. Introduction
    2. 6.1. Calculating Subnets with ipcalc
    3. 6.2. Setting a Default Gateway
    4. 6.3. Setting Up a Simple Local Router
    5. 6.4. Configuring Simplest Internet Connection Sharing
    6. 6.5. Configuring Static Routing Across Subnets
    7. 6.6. Making Static Routes Persistent
    8. 6.7. Using RIP Dynamic Routing on Debian
    9. 6.8. Using RIP Dynamic Routing on Fedora
    10. 6.9. Using Quagga’s Command Line
    11. 6.10. Logging In to Quagga Daemons Remotely
    12. 6.11. Running Quagga Daemons from the Command Line
    13. 6.12. Monitoring RIPD
    14. 6.13. Blackholing Routes with Zebra
    15. 6.14. Using OSPF for Simple Dynamic Routing
    16. 6.15. Adding a Bit of Security to RIP and OSPF
    17. 6.16. Monitoring OSPFD
  11. 7. Secure Remote Administration with SSH
    1. 7.0. Introduction
    2. 7.1. Starting and Stopping OpenSSH
    3. 7.2. Creating Strong Passphrases
    4. 7.3. Setting Up Host Keys for Simplest Authentication
    5. 7.4. Generating and Copying SSH Keys
    6. 7.5. Using Public-Key Authentication to Protect System Passwords
    7. 7.6. Managing Multiple Identity Keys
    8. 7.7. Hardening OpenSSH
    9. 7.8. Changing a Passphrase
    10. 7.9. Retrieving a Key Fingerprint
    11. 7.10. Checking Configuration Syntax
    12. 7.11. Using OpenSSH Client Configuration Files for Easier Logins
    13. 7.12. Tunneling X Windows Securely over SSH
    14. 7.13. Executing Commands Without Opening a Remote Shell
    15. 7.14. Using Comments to Label Keys
    16. 7.15. Using DenyHosts to Foil SSH Attacks
    17. 7.16. Creating a DenyHosts Startup File
    18. 7.17. Mounting Entire Remote Filesystems with sshfs
  12. 8. Using Cross-Platform Remote Graphical Desktops
    1. 8.0. Introduction
    2. 8.1. Connecting Linux to Windows via rdesktop
    3. 8.2. Generating and Managing FreeNX SSH Keys
    4. 8.3. Using FreeNX to Run Linux from Windows
    5. 8.4. Using FreeNX to Run Linux from Solaris, Mac OS X, or Linux
    6. 8.5. Managing FreeNX Users
    7. 8.6. Watching Nxclient Users from the FreeNX Server
    8. 8.7. Starting and Stopping the FreeNX Serve
    9. 8.8. Configuring a Custom Desktop
    10. 8.9. Creating Additional Nxclient Sessions
    11. 8.10. Enabling File and Printer Sharing, and Multimedia in Nxclient
    12. 8.11. Preventing Password-Saving in Nxclient
    13. 8.12. Troubleshooting FreeNX
    14. 8.13. Using VNC to Control Windows from Linux
    15. 8.14. Using VNC to Control Windows and Linux at the Same Time
    16. 8.15. Using VNC for Remote Linux -to-Linux Administration
    17. 8.16. Displaying the Same Windows Desktop to Multiple Remote Users
    18. 8.17. Changing the Linux VNC Server Password
    19. 8.18. Customizing the Remote VNC Desktop
    20. 8.19. Setting the Remote VNC Desktop Size
    21. 8.20. Connecting VNC to an Existing X Session
    22. 8.21. Securely Tunneling x11vnc over SSH
    23. 8.22. Tunneling TightVNC Between Linux and Windows
  13. 9. Building Secure Cross-Platform Virtual Private Networks with OpenVPN
    1. 9.0. Introduction
    2. 9.1. Setting Up a Safe OpenVPN Test Lab
    3. 9.2. Starting and Testing OpenVPN
    4. 9.3. Testing Encryption with Static Keys
    5. 9.4. Connecting a Remote Linux Client Using Static Keys
    6. 9.5. Creating Your Own PKI for OpenVPN
    7. 9.6. Configuring the OpenVPN Server for Multiple Clients
    8. 9.7. Configuring OpenVPN to Start at Boot
    9. 9.8. Revoking Certificates
    10. 9.9. Setting Up the OpenVPN Server in Bridge Mode
    11. 9.10. Running OpenVPN As a Nonprivileged User
    12. 9.11. Connecting Windows Clients
  14. 10. Building a Linux PPTP VPN Server
    1. 10.0. Introduction
    2. 10.1. Installing Poptop on Debian Linux
    3. 10.2. Patching the Debian Kernel for MPPE Support
    4. 10.3. Installing Poptop on Fedora Linux
    5. 10.4. Patching the Fedora Kernel for MPPE Support
    6. 10.5. Setting Up a Standalone PPTP VPN Server
    7. 10.6. Adding Your Poptop Server to Active Directory
    8. 10.7. Connecting Linux Clients to a PPTP Server
    9. 10.8. Getting PPTP Through an iptables Firewall
    10. 10.9. Monitoring Your PPTP Server
    11. 10.10. Troubleshooting PPTP
  15. 11. Single Sign-on with Samba for Mixed Linux/Windows LANs
    1. 11.0. Introduction
    2. 11.1. Verifying That All the Pieces Are in Place
    3. 11.2. Compiling Samba from Source Code
    4. 11.3. Starting and Stopping Samba
    5. 11.4. Using Samba As a Primary Domain Controller
    6. 11.5. Migrating to a Samba Primary Domain Controller from an NT4 PDC
    7. 11.6. Joining Linux to an Active Directory Domain
    8. 11.7. Connecting Windows 95/98/ME to a Samba Domain
    9. 11.8. Connecting Windows NT4 to a Samba Domain
    10. 11.9. Connecting Windows NT/2000 to a Samba Domain
    11. 11.10. Connecting Windows XP to a Samba Domain
    12. 11.11. Connecting Linux Clients to a Samba Domain with Command-Line Programs
    13. 11.12. Connecting Linux Clients to a Samba Domain with Graphical Programs
  16. 12. Centralized Network Directory with OpenLDAP
    1. 12.0. Introduction
    2. 12.1. Installing OpenLDAP on Debian
    3. 12.2. Installing OpenLDAP on Fedora
    4. 12.3. Configuring and Testing the OpenLDAP Server
    5. 12.4. Creating a New Database on Fedora
    6. 12.5. Adding More Users to Your Directory
    7. 12.6. Correcting Directory Entries
    8. 12.7. Connecting to a Remote OpenLDAP Server
    9. 12.8. Finding Things in Your OpenLDAP Directory
    10. 12.9. Indexing Your Database
    11. 12.10. Managing Your Directory with Graphical Interfaces
    12. 12.11. Configuring the Berkeley DB
    13. 12.12. Configuring OpenLDAP Logging
    14. 12.13. Backing Up and Restoring Your Directory
    15. 12.14. Refining Access Controls
    16. 12.15. Changing Passwords
  17. 13. Network Monitoring with Nagios
    1. 13.0. Introduction
    2. 13.1. Installing Nagios from Sources
    3. 13.2. Configuring Apache for Nagios
    4. 13.3. Organizing Nagios’ Configuration Files Sanely
    5. 13.4. Configuring Nagios to Monitor Localhost
    6. 13.5. Configuring CGI Permissions for Full Nagios Web Access
    7. 13.6. Starting Nagios at Boot
    8. 13.7. Adding More Nagios Users
    9. 13.8. Speed Up Nagios with check_icmp
    10. 13.9. Monitoring SSHD
    11. 13.10. Monitoring a Web Server
    12. 13.11. Monitoring a Mail Server
    13. 13.12. Using Servicegroups to Group Related Services
    14. 13.13. Monitoring Name Services
    15. 13.14. Setting Up Secure Remote Nagios Administration with OpenSSH
    16. 13.15. Setting Up Secure Remote Nagios Administration with OpenSSL
  18. 14. Network Monitoring with MRTG
    1. 14.0. Introduction
    2. 14.1. Installing MRTG
    3. 14.2. Configuring SNMP on Debian
    4. 14.3. Configuring SNMP on Fedora
    5. 14.4. Configuring Your HTTP Service for MRTG
    6. 14.5. Configuring and Starting MRTG on Debian
    7. 14.6. Configuring and Starting MRTG on Fedora
    8. 14.7. Monitoring Active CPU Load
    9. 14.8. Monitoring CPU User and Idle Times
    10. 14.9. Monitoring Physical Memory
    11. 14.10. Monitoring Swap Space and Memory
    12. 14.11. Monitoring Disk Usage
    13. 14.12. Monitoring TCP Connections
    14. 14.13. Finding and Testing MIBs and OIDs
    15. 14.14. Testing Remote SNMP Queries
    16. 14.15. Monitoring Remote Hosts
    17. 14.16. Creating Multiple MRTG Index Pages
    18. 14.17. Running MRTG As a Daemon
  19. 15. Getting Acquainted with IPv6
    1. 15.0. Introduction
    2. 15.1. Testing Your Linux System for IPv6 Support
    3. 15.2. Pinging Link Local IPv6 Hosts
    4. 15.3. Setting Unique Local Unicast Addresses on Interfaces
    5. 15.4. Using SSH with IPv6
    6. 15.5. Copying Files over IPv6 with scp
    7. 15.6. Autoconfiguration with IPv6
    8. 15.7. Calculating IPv6 Addresses
    9. 15.8. Using IPv6 over the Internet
  20. 16. Setting Up Hands-Free Network Installations of New Systems
    1. 16.0. Introduction
    2. 16.1. Creating Network Installation Boot Media for Fedora Linux
    3. 16.2. Network Installation of Fedora Using Network Boot Media
    4. 16.3. Setting Up an HTTP-Based Fedora Installation Server
    5. 16.4. Setting Up an FTP-Based Fedora Installation Server
    6. 16.5. Creating a Customized Fedora Linux Installation
    7. 16.6. Using a Kickstart File for a Hands-off Fedora Linux Installation
    8. 16.7. Fedora Network Installation via PXE Netboot
    9. 16.8. Network Installation of a Debian System
    10. 16.9. Building a Complete Debian Mirror with apt-mirror
    11. 16.10. Building a Partial Debian Mirror with apt-proxy
    12. 16.11. Configuring Client PCs to Use Your Local Debian Mirror
    13. 16.12. Setting Up a Debian PXE Netboot Server
    14. 16.13. Installing New Systems from Your Local Debian Mirror
    15. 16.14. Automating Debian Installations with Preseed Files
  21. 17. Linux Server Administration via Serial Console
    1. 17.0. Introduction
    2. 17.1. Preparing a Server for Serial Console Administration
    3. 17.2. Configuring a Headless Server with LILO
    4. 17.3. Configuring a Headless Server with GRUB
    5. 17.4. Booting to Text Mode on Debian
    6. 17.5. Setting Up the Serial Console
    7. 17.6. Configuring Your Server for Dial-in Administration
    8. 17.7. Dialing In to the Server
    9. 17.8. Adding Security
    10. 17.9. Configuring Logging
    11. 17.10. Uploading Files to the Server
  22. 18. Running a Linux Dial-Up Server
    1. 18.0. Introduction
    2. 18.1. Configuring a Single Dial-Up Account with WvDial
    3. 18.2. Configuring Multiple Accounts in WvDial
    4. 18.3. Configuring Dial-Up Permissions for Nonroot Users
    5. 18.4. Creating WvDial Accounts for Nonroot Users
    6. 18.5. Sharing a Dial-Up Internet Account
    7. 18.6. Setting Up Dial-on-Demand
    8. 18.7. Scheduling Dial-Up Availability with cron
    9. 18.8. Dialing over Voicemail Stutter Tones
    10. 18.9. Overriding Call Waiting
    11. 18.10. Leaving the Password Out of the Configuration File
    12. 18.11. Creating a Separate pppd Logfile
  23. 19. Troubleshooting Networks
    1. 19.0. Introduction
    2. 19.1. Building a Network Diagnostic and Repair Laptop
    3. 19.2. Testing Connectivity with ping Problem
    4. 19.3. Profiling Your Network with FPing and Nmap
    5. 19.4. Finding Duplicate IP Addresses with arping
    6. 19.5. Testing HTTP Throughput and Latency with httping
    7. 19.6. Using traceroute, tcptraceroute, and mtr to Pinpoint Network Problems
    8. 19.7. Using tcpdump to Capture and Analyze Traffic
    9. 19.8. Capturing TCP Flags with tcpdump
    10. 19.9. Measuring Throughput, Jitter, and Packet Loss with iperf
    11. 19.10. Using ngrep for Advanced Packet Sniffing
    12. 19.11. Using ntop for Colorful and Quick Network Monitoring
    13. 19.12. Troubleshooting DNS Servers
    14. 19.13. Troubleshooting DNS Clients
    15. 19.14. Troubleshooting SMTP Servers
    16. 19.15. Troubleshooting a POP3, POP3s, or IMAP Server
    17. 19.16. Creating SSL Keys for Your Syslog-ng Server on Debian
    18. 19.17. Creating SSL Keys for Your Syslog-ng Server on Fedora
    19. 19.18. Setting Up stunnel for Syslog-ng
    20. 19.19. Building a Syslog Server
  24. A. Essential References
  25. B. Glossary of Networking Terms
  26. C. Linux Kernel Building Reference
    1. C.1. Building a Custom Kernel
  27. About the Author
  28. Colophon
  29. Special Upgrade Offer
  30. Copyright