You are previewing Linux Network Administrator's Guide, Second Edition.
O'Reilly logo
Linux Network Administrator's Guide, Second Edition

Book Description

Linux, a Unix-compatible operating system that runs on personal computers and larger servers, is valued above all for its networking strengths. The Linux Network Administrator's Guide spells out all the information needed for joining a network, whether it's a simple UUCP connection or a full LAN with a Linux system serving as a firewall, an NFS or NIS file server, and a mail and news hub. This book, which is one of the most successful to come from the Linux Documentation Project and remains freely distributable under its license, touches on all the essential networking software included with the operating system, plus some hardware considerations. Fully updated, the book now covers firewalls, including the use of ipchains and iptables (netfilter), masquerading, and accounting. Other new topics include Novell (NCP/IPX) support and INN (news administration). Original material on serial connections, UUCP, routing and DNS, mail and News, SLIP and PPP, NFS, and NIS has been thoroughly updated. Kernel options reflect the 2.2 kernel. However, some topics covered in other books (notably Samba and web server administration) are not in this book. Topics include:

  • Introduction to TCP/IP

  • Configuring network and serial hardware

  • Domain Name Service

  • Serial line communications using SLIP and PPP

  • NIS and NFS

  • Taylor UUCP

  • Administering electronic mail, including sendmail and Exim

  • Administering Netnews, including INN and several news readers

  • Firewalling using ipfwadm, ipchains, and iptables (netfilter)

  • Masquerading and accounting

  • IPX configuration for a Novell Netware network

  • Table of Contents

    1. Linux Network Administrator’s Guide, 2nd Edition
      1. Preface
        1. Purpose and Audience for This Book
        2. Sources of Information
          1. Documentation Available via FTP
          2. Documentation Available via WWW
          3. Documentation Available Commercially
          4. Linux Journal and Linux Magazine
          5. LinuxUsenet Newsgroups
          6. Linux Mailing Lists
          7. Online Linux Support
          8. Linux User Groups
          9. Obtaining Linux
        3. File System Standards
        4. Standard Linux Base
        5. About This Book
        6. The Official Printed Version
        7. Overview
        8. Conventions Used in This Book
        9. Submitting Changes
        10. Acknowledgments
          1. The Hall of Fame
      2. 1. Introduction to Networking
        1. History
        2. TCP/IP Networks
          1. Introduction to TCP/IP Networks
          2. Ethernets
          3. Other Types of Hardware
          4. The Internet Protocol
          5. IP Over Serial Lines
          6. The Transmission Control Protocol
          7. The User Datagram Protocol
          8. More on Ports
          9. The Socket Library
        3. UUCP Networks
        4. Linux Networking
          1. Different Streaks of Development
          2. Where to Get the Code
        5. Maintaining Your System
          1. System Security
      3. 2. Issues of TCP/IP Networking
        1. Networking Interfaces
        2. IP Addresses
        3. Address Resolution
        4. IP Routing
          1. IP Networks
          2. Subnetworks
          3. Gateways
          4. The Routing Table
          5. Metric Values
        5. The Internet Control Message Protocol
        6. Resolving Host Names
      4. 3. Configuring the Networking Hardware
        1. Kernel Configuration
          1. Kernel Options in Linux 2.0 and Higher
          2. Kernel Networking Options in Linux 2.0.0 and Higher
        2. A Tour of Linux Network Devices
        3. Ethernet Installation
          1. Ethernet Autoprobing
        4. The PLIP Driver
        5. The PPP and SLIP Drivers
        6. Other Network Types
      5. 4. Configuring the Serial Hardware
        1. Communications Software for Modem Links
        2. Introduction to Serial Devices
        3. Accessing Serial Devices
          1. The Serial Device Special Files
        4. Serial Hardware
        5. Using the Configuration Utilities
          1. The setserial Command
          2. The stty Command
        6. Serial Devices and the login: Prompt
          1. Configuring the mgetty Daemon
      6. 5. Configuring TCP/IP Networking
        1. Mounting the /proc Filesystem
        2. Installing the Binaries
        3. Setting the Hostname
        4. Assigning IP Addresses
        5. Creating Subnets
        6. Writing hosts and networks Files
        7. Interface Configuration for IP
          1. The Loopback Interface
          2. Ethernet Interfaces
          3. Routing Through a Gateway
          4. Configuring a Gateway
          5. The PLIP Interface
          6. The SLIP and PPP Interfaces
          7. The Dummy Interface
          8. IP Alias
        8. All About ifconfig
        9. The netstat Command
          1. Displaying the Routing Table
          2. Displaying Interface Statistics
          3. Displaying Connections
        10. Checking the ARP Tables
      7. 6. Name Service and Resolver Configuration
        1. The Resolver Library
          1. The host.conf File
            1. Resolver environment variables
          2. The nsswitch.conf File
          3. Configuring Name Server Lookups Using resolv.conf
          4. Resolver Robustness
        2. How DNS Works
          1. Name Lookups with DNS
          2. Types of Name Servers
          3. The DNS Database
          4. Reverse Lookups
        3. Running named
          1. The named.boot File
          2. The BIND 8 host.conf File
          3. The DNS Database Files
          4. Caching-only named Configuration
          5. Writing the Master Files
          6. Verifying the Name Server Setup
          7. Other Useful Tools
      8. 7. Serial Line IP
        1. General Requirements
        2. SLIP Operation
        3. Dealing with Private IP Networks
        4. Using dip
          1. A Sample Script
          2. A dip Reference
            1. The modem commands
            2. The echo command
            3. The get command
            4. The print command
            5. Variable names
            6. The if and goto commands
            7. send, wait, and sleep
            8. mode and default
        5. Running in Server Mode
      9. 8. The Point-to-Point Protocol
        1. PPP on Linux
        2. Running pppd
        3. Using Options Files
        4. Using chat to Automate Dialing
        5. IP Configuration Options
          1. Choosing IP Addresses
          2. Routing Through a PPP Link
        6. Link Control Options
        7. General Security Considerations
        8. Authentication with PPP
          1. PAP Versus CHAP
          2. The CHAP Secrets File
          3. The PAP Secrets File
        9. Debugging Your PPP Setup
        10. More Advanced PPP Configurations
          1. PPP Server
          2. Demand Dialing
          3. Persistent Dialing
      10. 9. TCP/IP Firewall
        1. Methods of Attack
        2. What Is a Firewall?
        3. What Is IP Filtering?
        4. Setting Up Linux for Firewalling
          1. Kernel Configured with IP Firewall
          2. The ipfwadm Utility
          3. The ipchains Utility
          4. The iptables Utility
        5. Three Ways We Can Do Filtering
        6. Original IP Firewall (2.0 Kernels)
          1. Using ipfwadm
            1. A naïve example
            2. An important refinement
            3. Listing our rules
          2. A More Complex Example
          3. Summary of ipfwadm Arguments
            1. Categories
            2. Commands
            3. Parameters
            4. Optional arguments
            5. ICMP datagram types
        7. IP Firewall Chains (2.2 Kernels)
          1. Using ipchains
          2. ipchains Command Syntax
            1. Commands
            2. Rule specification parameters
            3. Options
          3. Our Naïve Example Revisited
          4. Listing Our Rules with ipchains
          5. Making Good Use of Chains
            1. User-defined chains
            2. The ipchains support scripts
        8. Netfilter and IP Tables (2.4 Kernels)
          1. Backward Compatability with ipfwadm and ipchains
          2. Using iptables
            1. Commands
            2. Rule specification parameters
            3. Options
            4. Extensions
              1. TCP Extensions: used with -m tcp -p tcp
              2. UDP Extensions: used with -m udp -p udp
              3. ICMP Extensions: used with -m icmp -p icmp
              4. MAC Extensions: used with -m mac
          3. Our Naïve Example Revisited, Yet Again
        9. TOS Bit Manipulation
          1. Setting the TOS Bits Using ipfwadm or ipchains
          2. Setting the TOS Bits Using iptables
        10. Testing a Firewall Configuration
        11. A Sample Firewall Configuration
      11. 10. IP Accounting
        1. Configuring the Kernel for IP Accounting
        2. Configuring IP Accounting
          1. Accounting by Address
          2. Accounting by Service Port
          3. Accounting of ICMP Datagrams
          4. Accounting by Protocol
        3. Using IP Accounting Results
          1. Listing Accounting Data with ipfwadm
          2. Listing Accounting Data with ipchains
          3. Listing Accounting Data with iptables
        4. Resetting the Counters
        5. Flushing the Ruleset
        6. Passive Collection of Accounting Data
      12. 11. IP Masquerade and Network Address Translation
        1. Side Effects and Fringe Benefits
        2. Configuring the Kernel for IP Masquerade
        3. Configuring IP Masquerade
          1. Setting Timing Parameters for IP Masquerade
        4. Handling Name Server Lookups
        5. More About Network Address Translation
      13. 12. Important Network Features
        1. The inetd Super Server
        2. The tcpd Access Control Facility
        3. The Services and Protocols Files
        4. Remote Procedure Call
        5. Configuring Remote Login and Execution
          1. Disabling the r; Commands
          2. Installing and Configuring ssh
            1. The ssh daemon
            2. The ssh client
            3. Using ssh
      14. 13. The Network Information System
        1. Getting Acquainted with NIS
        2. NIS Versus NIS+
        3. The Client Side of NIS
        4. Running an NIS Server
        5. NIS Server Security
        6. Setting Up an NIS Client with GNU libc
        7. Choosing the Right Maps
        8. Using the passwd and group Maps
        9. Using NIS with Shadow Support
      15. 14. The Network File System
        1. Preparing NFS
        2. Mounting an NFS Volume
        3. The NFS Daemons
        4. The exports File
        5. Kernel-Based NFSv2 Server Support
        6. Kernel-Based NFSv3 Server Support
      16. 15. IPX and the NCP Filesystem
        1. Xerox, Novell, and History
        2. IPX and Linux
          1. Caldera Support
          2. More on NDS Support
        3. Configuring the Kernel for IPX and NCPFS
        4. Configuring IPX Interfaces
          1. Network Devices Supporting IPX
          2. IPX Interface Configuration Tools
          3. The ipx_configure Command
          4. The ipx_interface Command
        5. Configuring an IPX Router
          1. Static IPX Routing Using the ipx_route Command
          2. Internal IPX Networks and Routing
        6. Mounting a Remote NetWare Volume
          1. A Simple ncpmount Example
          2. The ncpmount Command in Detail
          3. Hiding Your NetWare Login Password
          4. A More Complex ncpmount Example
        7. Exploring Some of the Other IPX Tools
          1. Server List
          2. Send Messages to NetWare Users
          3. Browsing and Manipulating Bindery Data
        8. Printing to a NetWare Print Queue
          1. Using nprint with the Line Printer Daemon
          2. Managing Print Queues
        9. NetWare Server Emulation
      17. 16. Managing Taylor UUCP
        1. UUCP Transfers and Remote Execution
          1. The Inner Workings of uucico
          2. uucico Command-line Options
        2. UUCP Configuration Files
          1. A Gentle Introduction to Taylor UUCP
          2. What UUCP Needs to Know
          3. Site Naming
          4. Taylor Configuration Files
          5. General Configuration Options Using the config File
          6. How to Tell UUCP About Other Systems Using the sys File
            1. System name
            2. Telephone number
            3. port and speed
            4. The login chat
            5. Alternates
            6. Restricting call times
          7. Identifying Available Devices Through the port File
          8. How to Dial a Number Using the dial File
          9. UUCP Over TCP
          10. Using a Direct Connection
        3. Controlling Access to UUCP Features
          1. Command Execution
          2. File Transfers
          3. Forwarding
        4. Setting Up Your System for Dialing In
          1. Providing UUCP Accounts
          2. Protecting Yourself Against Swindlers
          3. Be Paranoid: Call Sequence Checks
          4. Anonymous UUCP
        5. UUCP Low-Level Protocols
          1. Protocol Overview
          2. Tuning the Transmission Protocol
          3. Selecting Specific Protocols
        6. Troubleshooting
          1. uucico Keeps Saying “Wrong Time to Call”
          2. uucico Complains That the Site Is Already Locked
          3. You Can Connect to the Remote Site, but the Chat Script Fails
          4. Your Modem Does Not Dial
          5. Your Modem Tries to Dial but Doesn’t Get Out
          6. Login Succeeds, but the Handshake Fails
        7. Log Files and Debugging
      18. 17. Electronic Mail
        1. What Is a Mail Message?
        2. How Is Mail Delivered?
        3. Email Addresses
          1. RFC-822
          2. Obsolete Mail Formats
          3. Mixing Different Mail Formats
        4. How Does Mail Routing Work?
          1. Mail Routing on the Internet
          2. Mail Routing in the UUCP World
          3. Mixing UUCP and RFC-822
        5. Configuring elm
          1. Global elm Options
          2. National Character Sets
      19. 18. Sendmail
        1. Introduction to sendmail
        2. Installing sendmail
        3. Overview of Configuration Files
        4. The sendmail.cf and sendmail.mc Files
          1. Two Example sendmail.mc Files
          2. Typically Used sendmail.mc Parameters
            1. Comments
            2. VERSIONID and OSTYPE
            3. DOMAIN
            4. FEATURE
            5. Local macro definitions
            6. Defining mail transport protocols
            7. Configure mail routing for local hosts
        5. Generating the sendmail.cf File
        6. Interpreting and Writing Rewrite Rules
          1. sendmail.cf R and S Commands
          2. Some Useful Macro Definitions
          3. The Lefthand Side
          4. The Righthand Side
          5. A Simple Rule Pattern Example
          6. Ruleset Semantics
            1. Interpreting the rule in our example
        7. Configuring sendmail Options
        8. Some Useful sendmail Configurations
          1. Trusting Users to Set the From: Field
          2. Managing Mail Aliases
          3. Using a Smart Host
          4. Managing Unwanted or Unsolicited Mail (Spam)
            1. The Real-time Blackhole List
            2. The access database
            3. Barring users from receiving mail
          5. Configuring Virtual Email Hosting
            1. Accepting mail for other domains
            2. Forwarding virtual-hosted mail to other destinations
        9. Testing Your Configuration
        10. Running sendmail
        11. Tips and Tricks
          1. Managing the Mail Spool
          2. Forcing a Remote Host to Process its Mail Queue
          3. Analyzing Mail Statistics
            1. mailstats
            2. hoststat
      20. 19. Getting Exim Up and Running
        1. Running Exim
        2. If Your Mail Doesn’t Get Through
        3. Compiling Exim
        4. Mail Delivery Modes
        5. Miscellaneous config Options
        6. Message Routing and Delivery
          1. Routing Messages
          2. Delivering Messages to Local Addresses
            1. Local users
            2. Forwarding
          3. Alias Files
          4. Mailing Lists
        7. Protecting Against Mail Spam
        8. UUCP Setup
      21. 20. Netnews
        1. Usenet History
        2. What Is Usenet, Anyway?
        3. How Does Usenet Handle News?
      22. 21. C News
        1. Delivering News
        2. Installation
        3. The sys File
        4. The active File
        5. Article Batching
        6. Expiring News
        7. Miscellaneous Files
        8. Control Messages
          1. The cancel Message
          2. newgroup and rmgroup
          3. The checkgroups Message
          4. sendsys, version, and senduuname
        9. C News in an NFS Environment
        10. Maintenance Tools and Tasks
      23. 22. NNTP and the nntpd Daemon
        1. The NNTP Protocol
          1. Connecting to the News Server
          2. Pushing a News Article onto a Server
          3. Changing to NNRP Reader Mode
          4. Listing Available Groups
          5. Listing Active Groups
          6. Posting an Article
          7. Listing New Articles
          8. Selecting a Group on Which to Operate
          9. Listing Articles in a Group
          10. Retrieving an Article Header Only
          11. Retrieving an Article Body Only
          12. Reading an Article from a Group
        2. Installing the NNTP Server
        3. Restricting NNTP Access
        4. NNTP Authorization
        5. nntpd Interaction with C News
      24. 23. Internet News
        1. Some INN Internals
        2. Newsreaders and INN
        3. Installing INN
        4. Configuring INN: the Basic Setup
        5. INN Configuration Files
          1. Global Parameters
            1. The inn.conf file
          2. Configuring Newsgroups
            1. The active and newsgroups files
          3. Configuring Newsfeeds
            1. The newsfeeds file
            2. The nntpsend.ctl file
          4. Controlling Newsreader Access
            1. The incoming.conf file
            2. The nnrp.access file
          5. Expiring News Articles
            1. The expire.ctl file
          6. Handling Control Messages
            1. The control.ctl file
        6. Running INN
        7. Managing INN: The ctlinnd Command
          1. Add a New Group
          2. Change a Group
          3. Remove a Group
          4. Renumber a Group
          5. Allow/Disallow Newsreaders
          6. Reject Newsfeed Connections
          7. Allow Newsfeed Connections
          8. Disable News Server
          9. Restart News Server
          10. Display Status of a Newsfeed
          11. Drop a Newsfeed
          12. Begin a Newsfeed
          13. Cancel an Article
      25. 24. Newsreader Configuration
        1. tin Configuration
        2. trn Configuration
        3. nn Configuration
      26. A. Example Network: The Virtual Brewery
        1. Connecting the Virtual Subsidiary Network
      27. B. Useful Cable Configurations
        1. A PLIP Parallel Cable
        2. A Serial NULL Modem Cable
      28. C. Linux Network Administrator’s Guide, Second Edition Copyright Information
        1. 0. Preamble
        2. 1. Applicability and Definitions
        3. 2. Verbatim Copying
        4. 3. Copying in Quantity
        5. 4. Modifications
        6. 5. Combining Documents
        7. 6. Collections of Documents
        8. 7. Aggregation with Independent Works
        9. 8. Translation
        10. 9. Termination
        11. 10. Future Revisions of this License
      29. D. SAGE: The System Administrators Guild
      30. Index
      31. Colophon