webpointmorpheus total solution web design

webpointmorpheus Linux Info
Network Configuration

     Intro      Configuration Commands      Configuration Files      NIC      PPP      Network Services
     Additional Utilities      Remote Access Utilities      NFS & NIS      Documents in this Series

©2005 - material compiled by Bob Carnaghi, www.webpointmorpheus.com
Introduction     Top of Page
This document gives some background on the networking aspect of the Linux operating system. Networking basics, TCP/IP, etc. are not explained here, as the webpointmorpheus network documents contain that information. Outlined below are several network configuration, status, and troubleshooting commands as well as various configuration files and their locations.
Network Configuration & Status Commands
Command Description
ifconfig reports on the current status of network interfaces and permits modification of the configuration of those interfaces.
route permits viewing and modification of the routing tables currently in effect for a local machine and a local network
hostname hostname is used to either set or display the current host, domain, or node name of the system
dmesg The utility dmesg allows you to examine kernel log messages from the last boot; it works in cooperation with syslogd. Boot information regarding any kernel process, including those related to networking, are best accessed using the dmesg utility, often filtered using grep, as well as switches to dmesg.
netstat information on network connections
ping portable internet groper; verifies communication with a remote host; use ping -c n where n is the number of packets to be sent to limit the communication.
traceroute reports complete details on a specific route to a remote host and all the hops taken along the way, including the timing of each router
host, nslookup, dig three utilities that are used for querying DNS entries; they largely overlap in their capabilities
nmap Network MAPper - will show the status of ports on a system
tcpdump monitors all the packets that pass through network interfaces
lsof lists open files on a running Linux system
ifup
ifdown
iwup {wireless}
iwdown {wireless}		 Commands for starting and stopping network interfaces. Include the name of the device when issuing the command.
 
Network Configuration Files     Top of Page
The table below lists the locations of key configuration files on the Linux system. For configuration files of specific network services, see the table further below.
Network Configuration Files
File Description
/etc/network/
/etc/sysconfig/network-scripts/
/etc/network/interfaces		 Location of network configuration files
/var/log/syslog
/var/log/messages		 Messages logged by the kernel or the syslogd facility are stored in these log files
/etc/resolv.conf this file contains the information needed to find domain name servers
/etc/hosts the first place a Linux system looks to attempt to resolve a symbolic hostname
/etc/hostname the symbolic name of the localhost as known on the network
/etc/hosts.allow
/etc/hosts.deny		 configuration files used for positive and negative access lists by a variety of network tools
/proc/net/arp maps ip addresses to mac addresses
 
Network Interface Card     Top of Page
NIC (Network Interface Card) is the typical hardware device for connecting to the network. These devices require proper configuration in order to initiate and sustain the connection properly. IP addresses can be assigned to the NIC statically (manually entering the address), by the BOOTP protocol, or by DHCP (Dynamic Host Configuration Protocol). In addition to the IP address, a subnet mask will need to be entered, see the network documents elsewhere on this website for more details. The NIC will need certain drivers in order to function properly, which are typically compiled into the kernel, or loaded dynamically as a module. NICs are usually detected at installation, or by kudzu at boot time, and a configuration option can be chosen at that time. To check for the installed kernel modules, use modprobe to see if there is a module that may match the NIC in the system. Look in /lib/modules directory for configuration parameters for the NIC in question. Look in the /etc/modprobe.conf file for information on available kernel modules. Once the NIC is installed, it's functionality can be verified by using the ping command.
PPP (Point to Point Protocol)     Top of Page
The following technologies run on PPP, which is a popular serial line transmission protocol. These sevices can be configured to connect to WANs or an ISP through the Internet:
  • Modems (MOdulator DEModulator)
  • ISDN (Integrated Services Digital Network)
  • DSL (Digital Subscriber Network)
Network devices can be configured using the Network GUI in Red Hat or Fedora. Follow the directions in the dialog boxes to complete the device configuration. Passwords are typically stored in /etc/ppp/pap-secrets (for Password Authentication Protoclo) or /etc/ppp/chap-secrets (for Challenge Handshake Access Protocol.)
DNS must also be configured for the NIC when it's installed. If the DHCP option is used, it is possible to have the DNS provider assigned automatically. It is also possible to enter the preferred DNS server manually whether the IP address is obtained by DHCP or manually. For more information on DNS, see the wpm DNS section.
Network Services     Top of Page
The table below lists several of the most important services that can be provided by the Linux system. The standard port numbers as well as the typical location of configuration files are listed.
Common Network Services
Service Daemon Type Port Config File Description
Apache Web Server httpd Standalone 80, 443 /etc/httpd/conf/httpd.conf Serves web pages on the World Wide Web.
BIND/DNS Server named Standalone 53 /etc/named.conf Resolves Domain Names to IP addresses and vice versa.
DHCP Server dhcpd Standalone N/A N/A Provides IP address and configuration services on a network.
FTP Server in.ftpd xinetd 20, 21 /etc/ftaccess
/etc/ftphosts
/etc/ftpusers
/etc/ftpconversions
 Network file transfer
IMAP Server imapd xinetd or Standalone 143 N/A Allows Internet/Web access to email server.
Internet News Server innd Standalone 119 /etc/news/inn.conf Newsgroup postings and transfer.
NFS Server rpc.nfsc Standalone 2049 /etc/exports Shares files to other NFS-capable computers on a network.
NIS Server ypserv
ypbind		 Standalone 111 /etc/ypserv.conf Shares configuration information to other NIS clients.
POP3 Server ipop3d xinetd or Standalone 110 N/A Allows users to download mail with a MUA (Mail User Agent).
rlogin Daemon in.rlogind xinetd 514 N/A Uses 'trusted access' to permit the rsh utility to access and run commands on other computers.
Samba Server smbd & nmbd Standalone 137, 138, 139 /etc/samba/smb.conf Allows file shares with Windows computers. See the smbclient, smbmount & smbpasswd commands for configuration.
Secure Shell Daemon sshd Standalone 22 /etc/ssh/sshd_config A secure remote login utility.
Sendmail Email Server sendmail Standalone 25 /etc/sendmail.cf An MTA (Mail Transfer Agent) that relays mail across the Internet.
Squid Proxy Server squid Standalone 3128 /etc/squid/squid.conf An Internet proxy server that offers web page caching.
telnet Daemon in.telnetd xinetd 23 N/A An unsecure remote login utility.
Very Secure FTP Server vsftpd Standalone 20, 21 /etc/vsftpd/vsftpd.conf
/etc/vsftpd.user_list 		Network file transfer
X Server N/A Standalone 0 See X Page Several components that create the GUI environment.
 
Additional Utilities     Top of Page
There are other utilities that are available to help with network and system configuration and analysis. The sysstat module is used to obtain run-time information about a remote system. While the primary function of sysstat is to analyze the system, not the network, the information provided is often useful. sysstat has a technical page on Sourceforge. The ethereal utility analyzes network traffic. ethereal is extremely useful, and can be downloaded at www.ethereal.com.
FTP Commands
Command Description
help Print out a list of commands.
pwd Displays current directory on remote computer.
dir, ls Lists directory contents on remote computer.
cd directory Changes to directory on remote computer.
lcd directory Changes to directory on local computer.
get filename Downloads filename from remote computer to local computer (current directories.)
ascii Specifies the download of a text file.
binary Specifies the download of a binary file (images, etc.)
mget filename Downloads filename from remote computer to local computer, wildcard metacharacterss permitted (current directories.)
put filename Uploads filename from local computer to remote computer (current directories.)
mput filename Uploads filename from local computer to remote computer, wildcard metacharacterss permitted (current directories.)
! Initiate a shell on the local computer
close Closes the ftp connection
open hostname or IP Initiates an ftp connection to the specified host or IP
bye, quit Shut down or quit the ftp utility
 
Remote Access Utilities     Top of Page
Secure SHell: ssh
ssh can be used for an encrypted connection between computers. The global ssh config files are located in /etc/ssh/. User ssh config files are located in ~/.ssh/. Typically, SSH will prompt for a password when the connection is initiated. To use SSH to login to a remote computer and bypass the password prompt, follow these steps to generate the encryption keys:

ssh-keygen -t dsa
<ok to accept default location and passphrase>

Now look in ~/.ssh for the public/private key pair. Place the public key onto the remote machine:

ssh-copy-id -i ~/.ssh/id_dsa.pub root@basement
Secure FTP: sftp
It's possible to connect to a remote machine via sftp and transfer files back & forth. If the previous routine is run to eliminate the password challenge, the login will go directly through. Listed below are a few of the basic commands. For more info, see 'man sftp'.
SFTP Commands
Command Description
cd change directory on the remote machine
exit close the SSH connection
copy the specified file to the local machine
get help on commands
lcd change directory on the local machine
lls list files on the local machine
ls list files in the working directory on the remote SSH server
put copy the specified file to the remote SSH server
rm remove the specified file from the remote SSH server
Secure CoPy: scp
It's possible to securely copy files back and forth from machines using 'scp'. This utility can be simpler to use if there is only one or two files that need to be negotiated. 'scp' depends on 'ssh', so if the previous method for 'password-less' login has been initiated, there will be no password prompt. The format is listed:

scp /path/to/file/to/be/copied.file user@host:/path/where/file/is/to/be/copied.file
Remote SYNChronize: rsync
rsync is cool because it can do several things when synchronizing files between computers. Keep in mind that it will synchronize directories, which means it will delete certain files, synchronize access and modification times and permissions, etc. It is even capable of compressing data for transmission. rsync only copies the difference between the files, not the entire directory and/or files. This makes for efficient resource use. Common options are listed. See man rsync for full details.

rsync --verbose --progress --stats --recursive --times --perms --links --compress --rsh=ssh --delete /path/to/backup/directory/ user@remote_host:/path/to/directory

If available, the short options can be used:

rsync -v --progress --stats -r -t -p -l -z -e --rsh=ssh --delete /path/to/backup/directory/ user@remote_host:/path/to/directory


Note the inclusion of trailing slash on directory-being-backed-up, not on directory-backed-up-to. This causes the files in the directory to be backed up, not the entire directory.
 
NFS & NIS     Top of Page
NFS
NFS shares folders among Linux users, and uses 'RPC', the remote procedure call process. List or look in '/etc/exports' for the filesystems that are to be shared (verify the format of the entries). A few basic rules:
1. Only export directories beneath the '/' directory.
2. Don't export a parent or a subdirectory of an already-shared directory. The exception to this rule will be when the directory is on a separate physical drive.
3. Only export local filesystems.

NFS RPM Packages:
setup
initscripts
nfs-utils: basic NFS commands & daemons
portmap: for secure RPC connections
quota: rpc.quotad
system-config-nfs: gui front end for some NFS settings

NFS Daemons
The NFS daemons are started w/nfs, nfslock, portmap, and various scripts in /etc/rc.d/init.d (portmap, nfs, nfslock, netfs)
portmap
rpc.nfsd: the basic NFS daemon
rpc.mountd:
rpc.statd
rpc.lockd

Security
Check iptables or tcp wrappers firewall.
Watch ports below/above 1024.
DNS must be working correctly (forward and reverse zones) in order to mount the filesystems.

Starting the Service
Ensure that the portmap, nfs, and mountd daemons are running (use 'rpcinfo -p').
'exportfs -a' (all), '-r' (revise), '-u' (unexport), '-v' (list exports)
Ensure that the services will start when the machine boots (chkconfig).
service portmap start
service nfslock start
service nfs start

Clients
To list the mounts at the NFS server or client: 'showmount', 'showmount -a', or 'showmount -e servername'.
To mount from the client: 'mount -t nfs server:/share /where/to/mount/it'
For a safer mount, add the switch '-o soft,intr,timeo=50'
List the mounts in /etc/fstab for automatic mounting at boot time. 
To show disk usage of a mounted filesystem on a client: 'df -F nfs'

Removing a share:
1. umount /mnt/nfs-share (on NFS client)
2. check fstab on NFS client and comment out/remove entries to the share
3. Comment out or remove export entry on NFS server at /etc/exportfs
4. Reload the exported filesystems: exportfs -ua ; exportfs -a
NIS
NIS uses a user database (called a map) for centralized logins. The configuration file for NIS is at '/etc/ypserv.conf'. Verify the version of NIS: 2.x, or 3.x(also known as NIS+), . NIS is inherently insecure as it sends passowrds and usernames in the clear. Use LDAP for higher security requirements.

Critical Packages
portmap
ypbind: NIS client package
ypserv: NIS server package
yp-tools: basic NIS commands


Critical Files:
/etc/yp.conf
/etc/sysconfig/network
/etc/nsswitch.conf
/var/yp (check out the entire contents, especially the makefile)

In the NIS domain, the clients and servers must match the 'domainname' directive. Enter the command 'domainname' to verify this entry on clients and servers alike. To assign a new NIS domain, enter 'domainname xyz', where 'xyz' is the name of the new domain. Verify the list in '/etc/sysconfig/network':

NETWORKING=yes
GATEWAY=10.43.0.1
HOSTNAME=xyz.abc.local
NISDOMAIN=abc.local



Critical Services:
ypserv
ypbind
yppasswdd
ypxfrd

Critical Commands (at client)
ypcat - cat command for yp config files
ypchfn - change 'finger' info for nis server map file
ypchsh - change login shell
ypmatch - find a yp user
yppasswd - change the yp password


To initialize the NIS domain (NIS server):
1. Make sure the NIS domain is defined in /etc/sysconfig/network on the NIS server.
2. Edit the /etc/yp.conf to list the domain's NIS server as being the server itself: 'ypserver 127.0.0.1'
3. Start NIS daemons:
service portmap start
service yppasswdd start
service ypserv start
4. Initialize the NIS domain. Process makefile, which becomes /var/yp/'domaniname': /var/lib/yp/ypinit -m. NOTE that portmap must be running before this step, or there will be problems.
5. Run 'ypinit -s ypserver' on all slave servers, if they are used.
6. Start ypbind and ypxfrd:
service ypbind start
service ypxfrd start
7. Verify ypserv @ 'chkconfig'. 
8. Users can be added and modified, then need to be processed into the NIS database. To update the NIS user db, navigate to /var/yp, run './make'.


Configure the NIS client:
1. run 'authconfig', which will create a /etc/yp.conf file as well as edits the /etc/sysconfig/network file on the NIS client.
2. The 'authconfig' utility should also update the /etc/nsswitch.conf fiel.
3. Start the necessary services on the NIS client:
service portmap start
service ypbind start
service yppasswd start
4. Verify with chkconfig that these services will automatically start at system boot.
5. Server connectivity can be tested with the following commands:
ypcat passwd
ypmatch 'user' passwd
getent passwd 'user'

In the event of problems with NIS, verify the following:
1. Check the /etc/yp.conf: does it point to the correct servers?
2. Use the nisdomain directive. Is it correct?
3. Verify critical services.
Other Documents in this Series      Top of Page
  1. Introduction and History
  2. Installation, Advanced Installation, and Usage
  3. The Linux Kernel and the Boot Process
  4. Filesystems - Management & Administration
  5. The BASH and Other Shells
  6. System Initialization and the X Environment
  7. Linux Processes
  8. Linux Administration, Peripherals, and Hardware
  9. Software Installation and Management
  10. Backups and Log Files
  11. Performance and Problems
  12. Network Configuration
  13. Security
  14. Key Linux Commands
  15. Essential Linux Definitions
webpointmorpheus Home       Technical Pages Site Map      This page was last modified: Saturday June 21, 2008 1:40 PM