Cover image for TCP/IP Network Administration, 3rd Edition

Book description

This complete guide to setting up and running a TCP/IP network is essential for network administrators, and invaluable for users of home systems that access the Internet. The book starts with the fundamentals -- what protocols do and how they work, how addresses and routing are used to move data through the network, how to set up your network connection -- and then covers, in detail, everything you need to know to exchange information via the Internet. Included are discussions on advanced routing protocols (RIPv2, OSPF, and BGP) and the gated software package that implements them, a tutorial on configuring important network services -- including DNS, Apache, sendmail, Samba, PPP, and DHCP -- as well as expanded chapters on troubleshooting and security. TCP/IP Network Administration is also a command and syntax reference for important packages such as gated, pppd, named, dhcpd, and sendmail. With coverage that includes Linux, Solaris, BSD, and System V TCP/IP implementations, the third edition contains:

  • Overview of TCP/IP

  • Delivering the data

  • Network services

  • Getting startedM

  • Basic configuration

  • Configuring the interface

  • Configuring routing

  • Configuring DNS

  • Configuring network servers

  • Configuring sendmail

  • Configuring Apache

  • Network security

  • Troubleshooting

  • Appendices include dip, ppd, and chat reference, a gated reference, a dhcpd reference, and a sendmail reference

This new edition includes ways of configuring Samba to provide file and print sharing on networks that integrate Unix and Windows, and a new chapter is dedicated to the important task of configuring the Apache web server. Coverage of network security now includes details on OpenSSH, stunnel, gpg, iptables, and the access control mechanism in xinetd. Plus, the book offers updated information about DNS, including details on BIND 8 and BIND 9, the role of classless IP addressing and network prefixes, and the changing role of registrars. Without a doubt, TCP/IP Network Administration, 3rd Edition is a must-have for all network administrators and anyone who deals with a network that transmits data over the Internet.

Table of Contents

  1. TCP/IP Network Administration, 3rd Edition
  2. Dedication
  3. Preface
    1. Audience
    2. Organization
    3. Unix Versions
    4. Conventions
    5. We’d Like to Hear from You
    6. Acknowledgments
  4. 1. Overview of TCP/IP
    1. TCP/IP and the Internet
      1. TCP/IP Features
      2. Protocol Standards
    2. A Data Communications Model
    3. TCP/IP Protocol Architecture
    4. Network Access Layer
    5. Internet Layer
      1. Internet Protocol
        1. The datagram
        2. Routing datagrams
        3. Fragmenting datagrams
        4. Passing datagrams to the transport layer
      2. Internet Control Message Protocol
    6. Transport Layer
      1. User Datagram Protocol
      2. Transmission Control Protocol
    7. Application Layer
    8. Summary
  5. 2. Delivering the Data
    1. Addressing, Routing, and Multiplexing
    2. The IP Address
      1. Address Structure
      2. Subnets
      3. The Natural Mask
      4. CIDR Blocks and Route Aggregation
      5. IPv6
    3. Internet Routing Architecture
    4. The Routing Table
    5. Address Resolution
    6. Protocols, Ports, and Sockets
      1. Protocol Numbers
      2. Port Numbers
      3. Sockets
    7. Summary
  6. 3. Network Services
    1. Names and Addresses
    2. The Host Table
    3. DNS
      1. The Domain Hierarchy
      2. Creating Domains and Subdomains
      3. Domain Names
      4. BIND, Resolvers, and named
      5. Network Information Service
    4. Mail Services
      1. Simple Mail Transfer Protocol
      2. Post Office Protocol
      3. Internet Message Access Protocol
      4. Multipurpose Internet Mail Extensions
    5. File and Print Servers
      1. File Sharing
      2. Print Services
    6. Configuration Servers
      1. Reverse Address Resolution Protocol
      2. Dynamic Host Configuration Protocol
        1. How DHCP works
    7. Summary
  7. 4. Getting Started
    1. Connected and Non-Connected Networks
    2. Basic Information
      1. Obtaining an IP Address
        1. Obtaining an official network address
        2. Obtaining an IN-ADDR.ARPA domain
      2. Assigning Host Addresses
      3. Defining the Subnet Mask
    3. Planning Routing
      1. Obtaining an autonomous system number
      2. Registering in a Routing Database
    4. Planning Naming Service
      1. Obtaining a Domain Name
      2. Registering a Domain
      3. Choosing a Hostname
    5. Other Services
      1. File Servers
      2. Print Servers
      3. Planning Your Mail System
    6. Informing the Users
    7. Summary
  8. 5. Basic Configuration
    1. Kernel Configuration
      1. Using Dynamically Loadable Modules
      2. Recompiling the Kernel
      3. Linux Kernel Configuration
      4. The BSD Kernel Configuration File
      5. TCP/IP in the BSD Kernel
        1. The options statement
        2. The pseudo-device statement
        3. The device statement
    2. Startup Files
      1. Startup Runlevels
        1. Understanding /etc/inittab
    3. The Internet Daemon
    4. The Extended Internet Daemon
    5. Summary
  9. 6. Configuring the Interface
    1. The ifconfig Command
      1. The Interface Name
      2. Checking the Interface with ifconfig
      3. Assigning an Address
      4. Assigning a Subnet Mask
      5. Setting the Broadcast Address
      6. The Other Command Options
        1. Enabling and disabling the interface
        2. ARP
        3. Promiscuous mode
        4. Metric
        5. Maximum transmission unit
        6. Point-to-point
        7. Putting ifconfig in the startup scripts
    2. TCP/IP Over a Serial Line
      1. The Serial Protocols
    3. Installing PPP
      1. The PPP Daemon
      2. Dial-Up PPP
      3. chat
      4. PPP Daemon Security
      5. PPP Server Configuration
      6. Solaris PPP
      7. Troubleshooting Serial Connections
    4. Summary
  10. 7. Configuring Routing
    1. Common Routing Configurations
    2. The Minimal Routing Table
    3. Building a Static Routing Table
      1. Adding Static Routes
        1. Installing static routes at startup
    4. Interior Routing Protocols
      1. Routing Information Protocol
        1. Running RIP with routed
      2. RIP Version 2
      3. Open Shortest Path First
    5. Exterior Routing Protocols
      1. Exterior Gateway Protocol
      2. Border Gateway Protocol
      3. Choosing a Routing Protocol
    6. Gateway Routing Daemon
      1. gated’s Preference Value
    7. Configuring gated
      1. Sample gated.conf Configurations
        1. A host configuration
        2. Interior gateway configurations
        3. Exterior gateway configuration
      2. Testing the Configuration
        1. Running gated at startup
    8. Summary
  11. 8. Configuring DNS
    1. BIND: Unix Name Service
      1. BIND Configurations
    2. Configuring the Resolver
      1. The Resolver Configuration File
        1. A resolver-only configuration
    3. Configuring named
      1. The named.conf File
        1. A caching-only server configuration
        2. Master and slave server configurations
      2. Standard Resource Records
      3. Zone File Directives
        1. The $TTL directive
        2. The $ORIGIN directive
        3. The $INCLUDE directive
        4. The $GENERATE directive
      4. The Cache Initialization File
      5. The named.local File
      6. The Reverse Zone File
      7. The Forward-Mapping Zone File
      8. Controlling the named Process
    4. Using nslookup
    5. Summary
  12. 9. Local Network Services
    1. The Network File System
      1. NFS Daemons
      2. Sharing Unix Filesystems
        1. The share command
        2. The /etc/exports file
        3. The exportfs command
      3. Mounting Remote Filesystems
        1. The mount command
        2. The vfstab and fstab files
      4. NFS Automounter
    2. Sharing Unix Printers
      1. Line Printer Daemon
        1. The printcap file
        2. Using LPD
      2. Line Printer Service
    3. Using Samba to Share Resources with Windows
      1. Configuring a Samba Server
        1. The smb.conf homes section
        2. Sharing directories through Samba
        3. Sharing printers through Samba
      2. NetBIOS Name Service
    4. Network Information Service
      1. The nsswitch.conf file
      2. NIS+
    5. DHCP
      1. dhcpd.conf
    6. Managing Distributed Servers
      1. rcp
      2. rdist
    7. Post Office Servers
      1. POP Server
      2. IMAP Server
    8. Summary
  13. 10. sendmail
    1. sendmail’s Function
    2. Running sendmail as a Daemon
    3. sendmail Aliases
      1. Personal Mail Forwarding
    4. The sendmail.cf File
      1. Locating a Sample sendmail.cf File
        1. Building a sendmail.cf with m4 macros
      2. General sendmail.cf Structure
    5. sendmail.cf Configuration Language
      1. The Version Level Command
      2. The Define Macro Command
        1. Conditionals
      3. Defining Classes
      4. Setting Options
      5. Defining Trusted Users
      6. Defining Mail Precedence
      7. Defining Mail Headers
      8. Defining Mailers
        1. Some common mailer definitions
    6. Rewriting the Mail Address
      1. Pattern Matching
      2. Transforming the Address
        1. Transforming with a database
      3. The Set Ruleset Command
    7. Modifying a sendmail.cf File
      1. Modifying Local Information
      2. Modifying Options
    8. Testing sendmail.cf
      1. Testing Rewrite Rules
      2. Using Key Files in sendmail
    9. Summary
  14. 11. Configuring Apache
    1. Installing Apache Software
      1. Using the Red Hat Package Manager
      2. Downloading Apache
    2. Configuring the Apache Server
      1. Configuring Apache on Solaris
    3. Understanding an httpd.conf File
      1. Loading Dynamic Shared Objects
      2. Basic Configuration Directives
      3. Managing the Swarm
      4. Defining Where Things Are Stored
      5. Creating a Fancy Index
      6. Defining File Types
      7. Performance Tuning Directives
      8. Logging Configuration Directives
        1. Defining the log file format
        2. Using conditional logging
      9. Proxy Servers and Caching
      10. Multi-Homed Server Options
      11. Defining Virtual Hosts
    4. Web Server Security
      1. The CGI and SSI Threat
      2. Controlling Server Options
      3. Directory-Level Configuration Controls
      4. Defining Access Controls
        1. Requiring user authentication
        2. Improved user authentication
        3. Setting file-level access controls
        4. Setting document-level access controls
      5. Using Encryption
    5. Managing Your Web Server
      1. Monitoring Your Server
    6. Summary
  15. 12. Network Security
    1. Security Planning
      1. Assessing the Threat
      2. Distributed Control
        1. Use subnets to distribute control
        2. Use the network to distribute information
      3. Writing a Security Policy
    2. User Authentication
      1. The Shadow Password File
      2. Choosing a Password
      3. One-Time Passwords
      4. OPIE
      5. Secure the r Commands
      6. Secure Shell
    3. Application Security
      1. Remove Unnecessary Software
      2. Keep Software Updated
    4. Security Monitoring
      1. Know Your System
      2. Looking for Trouble
        1. Checking files
        2. Checking login activity
      3. Automated Monitoring
    5. Access Control
      1. wrapper
        1. tcpd access control files
        2. Defining an optional shell command
        3. Optional access control language extensions
      2. Controlling Access with xinetd
    6. Encryption
      1. When Is Symmetric Encryption Useful?
      2. Public-Key Encryption Tools
        1. stunnel
    7. Firewalls
      1. Functions of the Firewall
      2. Filtering Traffic with iptables
        1. Defining iptables filter rules
        2. Sample iptables commands
    8. Words to the Wise
    9. Summary
  16. 13. Troubleshooting TCP/IP
    1. Approaching a Problem
      1. Troubleshooting Hints
    2. Diagnostic Tools
    3. Testing Basic Connectivity
      1. The ping Command
    4. Troubleshooting Network Access
      1. Troubleshooting with the ifconfig Command
      2. Troubleshooting with the arp Command
        1. ARP problem case study
      3. Checking the Interface with netstat
      4. Subdividing an Ethernet
      5. Network Hardware Problems
    5. Checking Routing
      1. Tracing Routes
      2. Locating an Administrator
    6. Checking Name Service
      1. Some Systems Work, Others Don’t
      2. The Data Is Here and the Server Can’t Find It!
      3. Cache Corruption
        1. The zone table section
        2. The Cache & Data section
        3. The Hints section
      4. dig: An Alternative to nslookup
    7. Analyzing Protocol Problems
      1. Packet Filters
        1. Modifying analyzer output
    8. Protocol Case Study
    9. Summary
  17. A. PPP Tools
    1. Dial-Up IP
      1. The dip Script File
        1. A sample dip script
    2. The PPP Daemon
      1. Signal Processing
    3. chat
  18. B. A gated Reference
    1. The gated Command
      1. Signal Processing
    2. The gated Configuration Language
    3. Directive Statements
    4. Trace Statements
    5. Options Statements
    6. Interface Statements
    7. Definition Statements
    8. Protocol Statements
      1. The ospf Statement
      2. The rip Statement
      3. The isis Statement
      4. The bgp Statement
      5. The egp Statement
      6. The smux Statement
      7. The redirect Statement
      8. The icmp Statement
      9. The routerdiscovery Statement
        1. The routerdiscovery client statement
      10. The kernel Statement
    9. static Statements
    10. Control Statements
      1. The import Statement
      2. The export Statement
    11. Aggregate Statements
  19. C. A named Reference
    1. The named Command
      1. Signal Processing
    2. named.conf Configuration Commands
      1. The key Statement
      2. The acl Statement
      3. The trusted-keys Statement
      4. The server Statement
        1. The BIND 9 server statement
      5. The options Statement
        1. The BIND 9 options statement
      6. The logging Statement
        1. The BIND 9 logging statement
      7. The zone Statement
        1. The BIND 9 zone statement
      8. The controls Statement
        1. The BIND 9 controls statement
      9. BIND 9 view Statement
    3. Zone File Records
      1. Standard Resource Records
        1. Start of Authority record
        2. Name Server record
        3. Address record
        4. Mail Exchanger record
        5. Canonical Name record
        6. Domain Name Pointer record
        7. Responsible Person record
        8. Text record
        9. Host Information record
        10. Well-Known Services record
        11. Server Selection record
  20. D. A dhcpd Reference
    1. Compiling dhcpd
    2. The dhcpd Command
    3. The dhcpd.conf Configuration File
      1. Topology Statements
      2. Configuration Parameters
      3. DHCP Options
        1. Commonly used options
        2. Other options
  21. E. A sendmail Reference
    1. Compiling sendmail
    2. The sendmail Command
    3. m4 sendmail Macros
      1. define
      2. FEATURE
      3. OSTYPE
      4. DOMAIN
      5. MAILER
    4. More sendmail.cf
      1. sendmail Macros
      2. sendmail Classes
      3. sendmail Options
      4. sendmail Mailer Flags
      5. The sendmail K Command
        1. Sample script
  22. F. Solaris httpd.conf File
  23. G. RFC Excerpts
    1. IP Datagram Header
    2. TCP Segment Header
    3. ICMP Parameter Problem Message Header
    4. Retrieving RFCs
      1. Retrieving RFCs by Mail
  24. Index
  25. About the Author
  26. Colophon
  27. Copyright