You are previewing Advanced Linux Networking.
O'Reilly logo
Advanced Linux Networking

Book Description

With an increasing number of networks and mission-critical applications running on Linux, system and network administrators must be able to do more than set up a server and rely on its default configuration. Advanced Linux Networking is designed to help you achieve a higher level of competence. It focuses on powerful techniques and features of Linux networking and provides you with the know-how you need to improve server efficiency, enhance security, and adapt to new requirements.

This book begins with a brief introduction to low-level configuration, including a guide to getting your network up and running. Part II outlines those servers and procedures most likely to be used by the computers on your local network: DHCP servers, Kerberos, Samba, time servers, and network backups, among others. Part III covers Internet servers: DNS, SMTP (sendmail, Postfix, and Exim), Apache, and FTP servers. Part IV examines network security, exploring such topics as using a chroot jail, iptables configuration, and VPNs. Wherever pertinent, the author addresses the differences between Caldera OpenLinux, Debian GNU/Linux, Mandrake, Red Hat, Slackware, SuSE, and TurboLinux.

Specific topics covered include:

  • Configuring small but potentially important servers quickly and easily

  • Optimizing Linux network operation

  • Using advanced system features effectively

  • Using systems and software in alternative ways to reach your goals

  • Avoiding possible damage to your system and violations of ISP policies

  • Securing your system

Advanced Linux Networking is the single-volume tutorial and reference for Linux networking that will help you achieve expert status.



0201774232B05172002

Table of Contents

  1. Copyright
    1. Dedication
  2. Preface
    1. Who Should Buy This Book
    2. Linux Distributions
    3. How This Book Is Organized
    4. Conventions Used in This Book
    5. Contacting Me
    6. Acknowledgments
  3. I. Low-Level Configuration
    1. 1. Kernel Network Configuration
      1. Starting Kernel Configuration
      2. Network Protocol Support
        1. Packet and Socket Options
        2. Network Filter Options
        3. TCP/IP Routing Options
        4. IPv6 Support Options
        5. QoS Options
        6. High-Level Protocol Support
          1. HTTP Acceleration
          2. NFS Options
          3. SMB/CIFS Options
        7. Alternative Network Stack Options
      3. Network Hardware Options
        1. Ethernet Devices
        2. Alternative Local Network Devices
        3. Broadband and WAN Devices
        4. Wireless Devices
        5. PC Card Devices
        6. Dial-Up Devices
      4. Compiling and Installing a Kernel
        1. Drivers: Modules or Built-In
        2. A Typical Kernel Compilation
        3. Common Kernel Compilation Problems
        4. Installing and Using a New Kernel
      5. Summary
    2. 2. TCP/IP Network Configuration
      1. Loading Network Drivers
      2. Using a DHCP Client
      3. Configuring a Static IP Address
        1. Configuring Network Interfaces
          1. Basic ifconfig Syntax and Use
        2. Configuring Multiple Network Interfaces
        3. Adjusting the Routing Table
          1. Understanding Routing Table Structure
          2. Basic route Syntax and Use
          3. Multiple Interfaces with One Gateway
          4. Multiple Interfaces with Multiple Gateways
        4. Configuring DNS
        5. Setting the Hostname
        6. Making Your Changes Permanent
        7. Using a GUI Configuration Tool
          1. Editing Configuration Files
      4. Using a PPP Link
        1. Using a GUI Dialer
        2. Adjusting Configuration Scripts
          1. Setting PPP Authentication Options
          2. Configuring Dialing Scripts
          3. Using PPP Dialing Scripts
        3. Configuring Dial-on-Demand
      5. Summary
    3. 3. Alternative Network Stacks
      1. Understanding Network Stacks
        1. The OSI Network Stack Model
        2. Wrapping and Unwrapping Data
        3. The Role of the TCP/IP Stack
      2. AppleTalk
        1. AppleTalk Features and Capabilities
        2. Using Linux AppleTalk Software
      3. IPX/SPX
        1. IPX/SPX Features and Capabilities
        2. Using Linux IPX/SPX Software
      4. NetBEUI
        1. NetBEUI Features and Capabilities
        2. Obtaining a NetBEUI Stack for Linux
        3. Using Linux NetBEUI Software
      5. Summary
    4. 4. Starting Servers
      1. Using SysV Startup Scripts
        1. Startup Script Locations and Naming Conventions
        2. Manually Enabling or Disabling Startup Scripts
        3. Using Startup Script Utilities
          1. Using chkconfig
          2. Using ntsysv
        4. Setting and Changing the Runlevel
      2. Using inetd
        1. The /etc/inetd.conf File Format
        2. Using TCP Wrappers
      3. Using xinetd
        1. The /etc/xinetd.conf File Format
        2. Setting Access Control Features
      4. Using Local Startup Scripts
      5. Using GUI Tools
        1. Using Linuxconf
        2. Using YaST and YaST2
        3. Using ksysv
      6. When to Use Each Startup Method
      7. Summary
  4. II. Local Network Servers
    1. 5. Configuring Other Computers via DHCP
      1. When to Run a DHCP Server
      2. Kernel and Network Interface Issues
      3. DHCP Configuration Files
      4. Assigning Dynamic Addresses
        1. Setting Global Options
        2. Defining a Subnet Range
      5. Assigning Fixed Addresses
        1. Locating Client MAC Addresses
          1. Locating the MAC Address from the Client
          2. Locating the MAC Address from the Server
        2. Defining Hosts via MAC Addresses
        3. Customizing Client-Specific Parameters
      6. Integrating with Other Protocols
        1. Including NetBIOS Information
        2. Communicating with a DNS Server
          1. Using the Ad-Hoc Update Method
          2. Using the Interim Update Method
      7. Summary
    2. 6. Authenticating Users via Kerberos
      1. When to Run a Kerberos Server
      2. Understanding Kerberos Operation
        1. Basic Principles of Kerberos Operation
          1. Kerberos Network Elements
          2. Kerberos Design Goals and Operation
        2. Requirements for the Kerberos Server
        3. Kerberos Versions and Variants
      3. Setting Up a Kerberos Server
        1. Modifying Server Configuration Files
        2. Setting Up a Realm
          1. Changing krb5.conf
          2. Changing kdc.conf
        3. Creating a Master Key
        4. Administering a Realm
          1. Defining Basic ACLs
          2. Creating Principals
        5. Starting the KDC
        6. Configuring a Slave KDC
      4. Configuring a Kerberos Application Server
        1. Configuring Kerberos
        2. Running Kerberized Servers
      5. Configuring a Kerberos Client
        1. Accessing Kerberos Servers
          1. Using Kerberos Network Utilities
          2. Using Kerberized Clients
        2. Using Kerberos for User Logins
          1. Performing Text-Mode Kerberos Login Authentication
          2. Changing Your Account After Logging In
          3. Using PAM with Kerberos
      6. Summary
    3. 7. File and Printer Sharing via Samba
      1. When to Run a Samba Server
      2. General Samba Configuration
        1. The Samba Configuration File
        2. Setting Server Identification
        3. Setting Security Options
        4. Becoming a NetBIOS Name Server
        5. Becoming a Master Browser
        6. Becoming a Domain Controller
      3. Serving Files with Samba
        1. Creating a File Share
        2. Setting Windows Filename Options
        3. Configuring Ownership and Permissions
        4. Limiting Access to Shares
      4. Serving Printers with Samba
        1. Creating a Printer Share
        2. Sharing a PostScript Printer
        3. Sharing a Non-PostScript Printer
          1. Using Ghostscript
          2. Creating a Non-PostScript Queue
          3. Choosing an Approach
      5. Samba Scripting Features
        1. Using preexec and postexec Scripts
        2. Using Pseudo-Printers
        3. Example: CD Burning
          1. Burning a CD via preexec and postexec Scripts
          2. Burning a CD via a Pseudo-Printer
        4. Example: Creating PDF Files
      6. Summary
    4. 8. File Sharing via NFS
      1. When to Run an NFS Server
      2. NFS Servers Available for Linux
        1. User-Mode and Kernel-Mode Servers
        2. NFS Versions 2 and 3
      3. Understanding the Portmapper
      4. Serving Files with NFS
        1. Defining NFS Exports
        2. Access Control Mechanisms
        3. Mounting NFS Exports
        4. Optimizing Performance
      5. Username Mapping Options
        1. Synchronizing Client and Server User IDs
        2. Using a Server-Side User ID Map
        3. Using a Client-Side Mapping Daemon
      6. Summary
    5. 9. Printer Sharing via LPD
      1. When to Run an LPD Server
      2. LPD Server Options for Linux
      3. Configuring a BSD LPD Server
        1. Configuring /etc/hosts.lpd
        2. Specifying the Server on a BSD LPD Client
      4. Configuring an LPRng Server
        1. Configuring /etc/lpd.perms
        2. Specifying the Server on an LPRng Client
      5. Configuring a CUPS Server
        1. Configuring /etc/cups/cupsd.conf
        2. Accepting Jobs from BSD LPD or LPRng Clients
        3. Specifying the Server on a CUPS Client
      6. Summary
    6. 10. Maintaining Consistent Time: Time Servers
      1. When to Run a Time Server
      2. Setting Up an NTP Server
        1. Understanding How a Time Server Functions
        2. Time Server Programs for Linux
        3. Configuring ntp.conf
        4. Monitoring NTP's Operations
        5. Using an NTP Client Package
      3. Using Samba to Serve Time
        1. Samba's Time Serving Options
        2. Configuring a Windows Client to Set Its Clock
      4. Summary
    7. 11. Pull Mail Protocols: POP and IMAP
      1. When to Run a Pull Mail Server
      2. Understanding POP and IMAP
        1. Pull Mail's Place in the Mail Delivery System
        2. Storing Mail: On the Client or the Server
        3. A Sample POP Session
        4. A Sample IMAP Session
        5. Determining Which to Use
      3. Configuring a POP Server
        1. POP Servers for Linux
        2. POP Server Installation and Configuration
      4. Configuring an IMAP Server
        1. IMAP Servers for Linux
        2. IMAP Server Installation and Configuration
      5. Using Fetchmail
        1. Fetchmail's Place in Mail Delivery Systems
        2. Using fetchmailconf
        3. Configuring .fetchmailrc
      6. Summary
    8. 12. Running a News Server
      1. When to Run a News Server
      2. Understanding NNTP
      3. Running INN
        1. Obtaining a News Feed
        2. Configuring INN
          1. General Configuration
          2. Setting Up Newsgroups
          3. Controlling Access
            1. Feeding News to Other Sites
            2. Setting News Feed Access
            3. Setting News Reader Access
          4. Setting Message Expiration Options
        3. Ongoing News Server Maintenance
      4. Using Leafnode
        1. Understanding Leafnode's Capabilities
        2. Configuring Leafnode
          1. General Configuration Settings
          2. Setting Up the Server
          3. Fetching News
          4. Expiring Old News
        3. Filtering Articles
      5. Summary
    9. 13. Maintaining Remote Login Servers
      1. When to Run a Remote Login Server
      2. Configuring rlogind
        1. Setting rlogind Startup Options
        2. Understanding rlogind Security
        3. Controlling rlogind Access
      3. Configuring Telnet
        1. Setting Telnet Startup Options
        2. Adjusting the Telnet Login Display
        3. Understanding Telnet Security
      4. Configuring SSH
        1. Available SSH Software
        2. Understanding SSH Capabilities
        3. Setting SSH Startup Options
        4. Adjusting the sshd_config File
        5. SSH Authentication Options
          1. Understanding SSH Authentication
          2. Generating Keys to Automate Logins or Improve Security
          3. Using ssh-agent
      5. Summary
    10. 14. Handling GUI Access with X and VNC Servers
      1. When to Run a GUI Access Server
      2. Configuring Basic X Access
        1. Understanding the X Client/Server Relationship
        2. Configuring an X Server to Accept X Client Access
          1. Using xhost
          2. Using xauth
        3. Setting Client Options to Use an X Server
        4. Tunneling X Connections Through SSH
        5. A Summary of Remote-Login X Access
      3. Using an XDMCP Server
        1. Understanding XDMCP Operation
        2. Configuring a Login Server to Accept Connections
          1. XDM Configuration
            1. Adjusting XDM's Availability
            2. Setting Displays XDM is to Manage
          2. KDM Configuration
          3. GDM Configuration
          4. Running an XDMCP Server
        3. Configuring a Remote X Login Client
      4. Running a VNC Server
        1. Understanding the VNC Client/Server Relationship
        2. Installing a VNC Server
        3. Running a VNC Server
        4. Using a VNC Client to Access the Server
        5. Adjusting VNC Server Configuration
          1. Adjusting Basic Server Features
          2. Customizing Individual Users' Settings
          3. Running an XDMCP Login Server in VNC
      5. A Comparison of Access Techniques
      6. Summary
    11. 15. Providing Consistent Fonts with Font Servers
      1. When to Run a Font Server
      2. Understanding Font File Formats
        1. Bitmapped Font Formats
        2. Outline Font Formats
      3. Running a Traditional Font Server
        1. Font Server Options for Linux
        2. Common Default Font Server Configurations
        3. Adjusting a Font Server for a LAN
        4. Adjusting Font Availability
          1. Changing a Font Server's Font Path
          2. Adding Fonts to a Font Directory
      4. Running an Expanded Font Server
      5. Summary
    12. 16. Maintaining a System Remotely
      1. When to Run Remote System Maintenance Tools
      2. The Challenge of a Cross-Distribution Configuration Tool
      3. Running Linuxconf Remotely
        1. Configuring Linuxconf to Work Remotely
          1. Running the Linuxconf Server
          2. Authorizing Remote Access
        2. Using Web-Based Linuxconf
      4. Running Webmin
        1. Configuring Webmin
        2. Using Webmin
      5. Running SWAT
        1. Configuring SWAT to Run
        2. Using SWAT
      6. Remote Administration Security Concerns
      7. Summary
    13. 17. Performing Network Backups
      1. When to Run Network Backup Servers
      2. Types of Network Backup Solutions
        1. Client-Initiated Backups
        2. Server-Initiated Backups
      3. Using tar
        1. Basic tar Features
        2. Testing Local tar and Tape Functions
        3. Performing a Client-Initiated Backup
          1. Client-Initiated Network Configurations
          2. Performing the Backup
        4. Performing a Server-Initiated Backup
          1. Server-Initiated Network Configurations
          2. Performing the Backup
      4. Using SMB/CIFS
        1. Backing Up Windows Clients from Linux
          1. Sharing Files to Back Up
          2. Using smbtar
          3. Using smbmount
          4. Special Windows Filename Considerations
        2. Backup Shares
          1. What Is a Backup Share?
          2. Creating a Backup Share
          3. Using a Backup Share
      5. Using AMANDA
        1. The Function of AMANDA
        2. Configuring Clients for AMANDA
        3. Configuring the AMANDA Backup Server
        4. Creating an AMANDA Configuration
          1. Setting Basic Options
          2. Preparing Tapes
          3. Defining Dump Types
          4. Defining a Backup Set
        5. Running an AMANDA Backup
      6. Restoring Data
      7. Summary
  5. III. Internet Servers
    1. 18. Administering a Domain via DNS
      1. When to Run a DNS Server
        1. Running an Externally Accessible DNS Server
        2. Running a Local DNS Server
      2. Obtaining a Domain Name
      3. DNS Server Options for Linux
      4. Core DNS Configuration
        1. The BIND Configuration File
        2. Locating Other Name Servers
        3. Setting Up a Forwarding Server
        4. Setting Up Zones
        5. Configuring a Slave Server
      5. Domain Administration Options
        1. A Sample Zone Configuration File
        2. Setting Master Zone Options
        3. Specifying Addresses and Aliases
        4. Configuring a Reverse DNS Zone
      6. Running a Caching-Only Name Server
      7. Communicating with a DHCP Server
      8. Starting and Testing the Server
      9. Summary
    2. 19. Push Mail Protocol: SMTP
      1. When to Run an SMTP Server
      2. SMTP Server Options for Linux
      3. Mail Domain Administration
      4. Understanding SMTP Transport
      5. SMTP Server Configuration Options
        1. Address Masquerading
        2. Accepting Mail as Local
        3. Relaying Mail
        4. Anti-Spam Configuration
          1. Blocking Incoming Spam
          2. How to Avoid Becoming a Spam Source
      6. Basic Sendmail Configuration
        1. Sendmail's Configuration Files
        2. Sendmail Address Masquerading
        3. Configuring Sendmail to Accept Mail
        4. Sendmail Relay Configuration
          1. Configuring Sendmail to Relay Mail
          2. Configuring Sendmail to Send Through a Relay
        5. Sendmail Anti-Spam Configuration
      7. Basic Exim Configuration
        1. Exim's Configuration Files
        2. Exim Address Masquerading
        3. Configuring Exim to Accept Mail
        4. Exim Relay Configuration
          1. Configuring Exim to Relay Mail
          2. Configuring Exim to Send Through a Relay
        5. Exim Anti-Spam Configuration
      8. Basic Postfix Configuration
        1. Postfix's Configuration Files
        2. Postfix Address Masquerading
        3. Configuring Postfix to Accept Mail
        4. Postfix Relay Configuration
          1. Configuring Postfix to Relay Mail
          2. Configuring Postfix to Send Through a Relay
        5. Postfix Anti-Spam Configuration
      9. Using a Procmail Filter
        1. Understanding the Role of Procmail
        2. Designing a Recipe
          1. The Recipe Identification Line
          2. The Recipe Conditions
          3. The Recipe Action
          4. Some Example Recipes
        3. Using Existing Filter Sets
        4. Calling Procmail
      10. Summary
    3. 20. Running Web Servers
      1. When to Run a Web Server
      2. Web Server Options for Linux
      3. Basic Apache Configuration
        1. Understanding Apache Configuration Files
        2. Standalone versus Super Server Configuration
        3. Setting Common Configuration Options
        4. Setting Server Directory Options
        5. Loading Apache Modules
      4. Configuring kHTTPd
      5. Handling Forms and Scripts
        1. Understanding Static Content, Forms, and CGI Scripts
        2. Setting Script and Form Options
        3. Writing CGI Scripts
        4. Scripting Security Measures
      6. Handling Secure Sites
        1. Understanding SSL
        2. Configuring SSL
        3. Enabling SSL in Apache
      7. Handling Virtual Domains
        1. Why Use a Virtual Domain?
        2. Virtual Domain Configuration Options
          1. Using VirtualDocumentRoot
          2. Using <VirtualHost>
      8. Producing Something Worth Serving
        1. HTML and Other Web File Formats
        2. Tools for Producing Web Pages
        3. Web Page Design Tips
      9. Analyzing Server Log Files
        1. The Apache Log File Format
        2. Using Analog
          1. Setting Analog Options
          2. Running Analog
          3. Interpreting Analog Output
        3. Using the Webalizer
          1. Setting the Webalizer Options
          2. Running the Webalizer
          3. Interpreting the Webalizer Output
      10. Summary
    4. 21. Running FTP Servers
      1. When to Run an FTP Server
      2. FTP Server Options for Linux
      3. Basic FTP Server Configuration
        1. Running the FTP Server
        2. WU-FTPD Configuration
          1. WU-FTPD Configuration Files
          2. Common WU-FTPD Configuration Options
        3. ProFTPd Configuration
          1. ProFTPd Configuration Files
          2. Common ProFTPd Configuration Options
      4. Setting Up an Anonymous FTP Server
        1. Special Needs of Anonymous Servers
        2. Security Concerns of Anonymous Servers
        3. Setting Anonymous Options
          1. Setting Up an Anonymous Directory Tree
          2. WU-FTPD Anonymous Options
          3. ProFTPd Anonymous Options
      5. Summary
  6. IV. Network Security and Router Functions
    1. 22. General System Security
      1. Shutting Down Unnecessary Servers
        1. Locating Unnecessary Servers
          1. Locating Servers
            1. Using Package Management Systems
            2. Examining Server Startup Files
            3. Examining Running Processes
            4. Using netstat
            5. Using External Scanners
          2. Determining When a Server Is Unnecessary
        2. Methods of Shutting Down Servers
      2. Controlling Accounts and Passwords
        1. Account Creation Procedures and Policies
        2. Monitoring Account Usage
          1. Handling Inactive Accounts
          2. Checking for Account Abuse
        3. Setting Good Passwords
      3. Keeping the System Up to Date
        1. The Importance of Server Updates
        2. How to Monitor for Updated Software
        3. Automatic Software Update Procedures
      4. Monitoring for Intrusion Attempts
        1. Intrusion-Detection Tools
          1. Using Package Databases
          2. Using Tripwire
        2. General Intrusion Detection Procedures
        3. What to Do if You Discover an Intruder
      5. Keeping Abreast of Security Developments
        1. Security Web Sites
        2. Security Mailing Lists and Newsgroups
      6. Summary
    2. 23. Configuring a chroot Jail
      1. What Is a chroot Jail?
      2. Necessary chroot Environment Files
        1. Preparing a Directory Tree
        2. Copying Server Files
        3. Copying System Files
      3. Configuring a Server to Operate in a chroot Jail
        1. Running a Server in a chroot Jail
        2. Controlling Local Access to the chroot Environment
        3. An Example: Running BIND in a chroot Jail
      4. Maintaining the chroot Environment
      5. Summary
    3. 24. Advanced Router Options
      1. When to Use Advanced Router Configurations
      2. Advanced Kernel Options
        1. Policy Routing
        2. Type of Service Values
        3. Multipath Routing
        4. Router Logging Options
        5. Large Routing Tables
        6. Multicast Routing
        7. Quality of Service
      3. Using iproute2
        1. Using ip
        2. Using tc
      4. Using Routing Protocols
        1. Understanding Routing Protocols
        2. Using routed
        3. Using GateD
        4. Using Zebra
      5. Summary
    4. 25. Configuring iptables
      1. What Is iptables?
      2. Kernel Configuration for iptables
      3. Checking Your iptables Configuration
      4. Configuring a Firewall with iptables
        1. What Is a Firewall?
        2. Setting a Firewall's Default Policy
        3. Creating Firewall Rules
          1. Opening and Closing Specific Ports
          2. Using Source and Destination IP Addresses
          3. Filtering by Interface
          4. Performing Stateful Inspection
          5. Using Additional Parameters
          6. Putting It All Together
      5. Configuring NAT with iptables
        1. What Is NAT?
        2. Setting iptables NAT Options
      6. Forwarding Ports with iptables
        1. When to Forward Ports
        2. Setting iptables Port Forwarding Options
      7. Logging iptables Activity
      8. Summary
    5. 26. Using a VPN
      1. When to Use a VPN
      2. VPN Options for Linux
      3. Configuring PPTP in Linux
        1. Obtaining and Installing PoPToP
        2. PoPToP Server Configuration
        3. Enabling Encryption Features
        4. PPTP Client Configuration
          1. Using Linux PoPToP Clients
          2. Using Windows PPTP Clients
      4. Configuring a Linux FreeS/WAN Server
        1. Obtaining and Installing FreeS/WAN
        2. Editing Configuration Files
          1. Setting Up Keys
          2. Editing the IPSec Settings
            1. Adjusting Local Options
            2. Adjusting Default Remote Options
            3. Adjusting System-Specific Remote Options
        3. Establishing a Link
      5. Potential Security Risks with a VPN
      6. Summary