Linux Networking
Next
Linux Networking
Paul
Cobbaut
2015-05-24
Table of Contents
I. network management
1. general networking
network layers
seven OSI layers
four DoD layers
short introduction to the physical layer
short introduction to the data link layer
short introduction to the network layer
short introduction to the transport layer
layers 5, 6 and 7
network layers in this book
unicast, multicast, broadcast, anycast
unicast
multicast
broadcast
anycast
lan-wan-man
lan
man
wan
pan-wpan
internet - intranet - extranet
tcp/ip
history of tcp/ip
rfc (request for comment)
many protocols
many services
2. interface configuration
to gui or not to gui
Debian nic configuration
/etc/network/interfaces
/sbin/ifdown
/sbin/ifup
RHEL nic configuration
/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-
nmcli
nmtui
/sbin/ifup and /sbin/ifdown
ifconfig
up and down
setting ip address
setting mac address
ip
dhclient
hostname
arp
route
ping
optional: ethtool
practice: interface configuration
solution: interface configuration
3. network sniffing
wireshark
installing wireshark
selecting interface
minimize traffic
sniffing ping
sniffing ping and dns
specific ip address
filtering by frame
looking inside packets
other filter examples
tcpdump
practice: network sniffing
solution: network sniffing
4. binding and bonding
binding on Redhat/Fedora
binding extra ip addresses
enabling extra ip-addresses
verifying extra ip-addresses
binding on Debian/Ubuntu
binding extra ip addresses
enabling extra ip-addresses
verifying extra ip-addresses
bonding on Redhat/Fedora
bonding on Debian/Ubuntu
practice: binding and bonding
solution: binding and bonding
5. ssh client and server
about ssh
secure shell
/etc/ssh/
ssh protocol versions
public and private keys
rsa and dsa algorithms
log on to a remote server
executing a command in remote
scp
setting up passwordless ssh
ssh-keygen
~/.ssh
id_rsa and id_rsa.pub
copy the public key to the other computer
authorized_keys
passwordless ssh
X forwarding via ssh
troubleshooting ssh
sshd
sshd keys
ssh-agent
practice: ssh
solution: ssh
6. introduction to nfs
nfs protocol versions
rpcinfo
server configuration
/etc/exports
exportfs
client configuration
practice: introduction to nfs
7. introduction to networking
introduction to iptables
iptables firewall
practice : iptables
solution : iptables
xinetd and inetd
the superdaemon
inetd or xinetd
xinetd superdaemon
inetd superdaemon
practice : inetd and xinetd
network file system
protocol versions
server configuration
client configuration
practice : network file system
II. apache and squid
8. apache web server
introduction to apache
installing on Debian
installing on RHEL/CentOS
running apache on Debian
running apache on CentOS
index file on CentOS
default website
apache configuration
port virtual hosts on Debian
default virtual host
three extra virtual hosts
three extra ports
three extra websites
enabling extra websites
testing the three websites
named virtual hosts on Debian
named virtual hosts
name resolution
enabling virtual hosts
reload and verify
password protected website on Debian
port virtual hosts on CentOS
default virtual host
three extra virtual hosts
three extra ports
SELinux guards our ports
three extra websites
enabling extra websites
testing the three websites
firewall rules
named virtual hosts on CentOS
named virtual hosts
name resolution
reload and verify
password protected website on CentOS
troubleshooting apache
virtual hosts example
aliases and redirects
more on .htaccess
traffic
self signed cert on Debian
self signed cert on RHEL/CentOS
practice: apache
9. introduction to squid
about proxy servers
usage
open proxy servers
squid
installing squid
port 3128
starting and stopping
client proxy settings
upside down images
/var/log/squid
access control
testing squid
name resolution
III. dns server
10. introduction to DNS
about dns
name to ip address resolution
history
forward and reverse lookup queries
/etc/resolv.conf
dns namespace
hierarchy
root servers
root hints
domains
top level domains
fully qualified domain name
dns zones
dns records
caching only servers
caching only server without forwarder
caching only server with forwarder
iterative or recursive query
authoritative dns servers
primary and secondary
zone transfers
master and slave
SOA record
full or incremental zone transfers
DNS cache
forward lookup zone example
example: caching only DNS server
example: caching only with forwarder
example: primary authoritative server
using your own DNS server
using your own domain
example: a DNS slave server
practice: dns
solution: dns
11. advanced DNS
example: DNS round robin
DNS delegation
example: DNS delegation
example: split-horizon dns
old dns topics
old example: reverse DNS
old DNS load balancing
old DNS notify
old testing IXFR and AXFR
old DDNS integration with DHCP
old reverse is forward in-addr.arpa
old ipv6
old DNS security: file corruption
old DNS security: zone transfers
old DNS security: zone transfers, ip spoofing
old DNS security: queries
old DNS security: chrooted bind
old DNS security: DNSSEC
old DNS security: root
IV. dhcp server
12. introduction to dhcp
four broadcasts
picturing dhcp
installing a dhcp server
dhcp server for RHEL/CentOS
client reservations
example config files
older example config files
advanced dhcp
80/20 rule
relay agent
rogue dhcp servers
dhcp and ddns
Practice: dhcp
V. iptables firewall
13. introduction to routers
router or firewall
packet forwarding
packet filtering
stateful
nat (network address translation)
pat (port address translation)
snat (source nat)
masquerading
dnat (destination nat)
port forwarding
/proc/sys/net/ipv4/ip_forward
/etc/sysctl.conf
sysctl
practice: packet forwarding
solution: packet forwarding
14. iptables firewall
iptables tables
starting and stopping iptables
the filter table
about packet filtering
filter table
setting default rules
changing policy rules
Allowing ssh over eth0
Allowing access from a subnet
iptables save
scripting example
Allowing ICMP(ping)
practice: packet filtering
solution: packet filtering
network address translation
about NAT
SNAT (Source NAT)
SNAT example setup
IP masquerading
DNAT (Destination NAT)
VI. Introduction to Samba
15. introduction to samba
verify installed version
.rpm based distributions
.deb based distributions
installing samba
.rpm based distributions
.deb based distributions
documentation
samba howto
samba by example
starting and stopping samba
samba daemons
nmbd
smbd
winbindd
the SMB protocol
brief history
broadcasting protocol
NetBIOS names
network bandwidth
practice: introduction to samba
16. getting started with samba
/etc/samba/smb.conf
smbd -b
the default smb.conf
minimal smb.conf
net view
long lines in smb.conf
curious smb.conf
man smb.conf
/usr/bin/testparm
syntax check smb.conf
testparm -v
testparm -s
/usr/bin/smbclient
smbclient looking at Samba
smbclient anonymous
smbclient with credentials
/usr/bin/smbtree
server string
Samba Web Administration Tool (SWAT)
practice: getting started with samba
solution: getting started with samba
17. a read only file server
Setting up a directory to share
configure the share
smb.conf [global] section
smb.conf [share] section
restart the server
verify the share
verify with smbclient
verify on windows
a note on netcat
practice: read only file server
solution: read only file server
18. a writable file server
set up a directory to share
share section in smb.conf
configure the share
test connection with windows
test writing with windows
How is this possible ?
practice: writable file server
solution: writable file server
19. samba first user account
creating a samba user
ownership of files
/usr/bin/smbpasswd
/etc/samba/smbpasswd
passdb backend
forcing this user
practice: first samba user account
solution: first samba user account
20. samba authentication
creating the users on Linux
creating the users on samba
security = user
configuring the share
testing access with net use
testing access with smbclient
verify ownership
common problems
NT_STATUS_BAD_NETWORK_NAME
NT_STATUS_LOGON_FAILURE
usernames are (not) case sensitive
practice : samba authentication
solution: samba authentication
21. samba securing shares
security based on user name
valid users
invalid users
read list
write list
security based on ip-address
hosts allow
hosts deny
security through obscurity
hide unreadable
browsable
file system security
create mask
force create mode
security mask
force security mode
inherit permissions
practice: securing shares
solution: securing shares
22. samba domain member
changes in smb.conf
workgroup
security mode
Linux uid's
winbind use default domain
[global] section in smb.conf
realm in /etc/krb5.conf
[share] section in smb.conf
joining an Active Directory domain
winbind
adding winbind to nsswitch.conf
starting samba and winbindd
wbinfo
verify the trust
list all users
list all groups
query a user
getent
file ownership
practice : samba domain member
23. samba domain controller
about Domain Controllers
Windows NT4
Windows 200x
Samba 3
Samba 4
About security modes
security = share
security = user
security = domain
security = ads
security = server
About password backends
[global] section in smb.conf
security
os level
passdb backend
preferred master
domain logons
domain master
[global] section
netlogon share
other [share] sections
Users and Groups
tdbsam
about computer accounts
local or roaming profiles
Groups in NTFS acls
logon scripts
practice: samba domain controller
24. a brief look at samba 4
Samba 4 alpha 6
VII. ipv6
25. Introduction to ipv6
about ipv6
network id and host id
host part generation
ipv4 mapped ipv6 address
link local addresses
unique local addresses
globally unique unicast addresses
6to4
ISP
non routable addresses
ping6
Belgium and ipv6
other websites
6to4 gateways
ping6 and dns
ipv6 and tcp/http
ipv6 PTR record
6to4 setup on Linux
VIII. Appendix
A. License
Index
List of Tables
10.1.
the first top level domains
10.2.
new general purpose tld's
13.1.
Packet Forwarding Exercise
13.2.
Packet Forwarding Solution