Linux Networking

Paul Cobbaut


Table of Contents

I. network management
1. general networking
network layers
seven OSI layers
four DoD layers
short introduction to the physical layer
short introduction to the data link layer
short introduction to the network layer
short introduction to the transport layer
layers 5, 6 and 7
network layers in this book
unicast, multicast, broadcast, anycast
internet - intranet - extranet
history of tcp/ip
rfc (request for comment)
many protocols
many services
2. interface configuration
to gui or not to gui
Debian nic configuration
RHEL nic configuration
/sbin/ifup and /sbin/ifdown
up and down
setting ip address
setting mac address
optional: ethtool
practice: interface configuration
solution: interface configuration
3. network sniffing
installing wireshark
selecting interface
minimize traffic
sniffing ping
sniffing ping and dns
specific ip address
filtering by frame
looking inside packets
other filter examples
practice: network sniffing
solution: network sniffing
4. binding and bonding
binding on Redhat/Fedora
binding extra ip addresses
enabling extra ip-addresses
verifying extra ip-addresses
binding on Debian/Ubuntu
binding extra ip addresses
enabling extra ip-addresses
verifying extra ip-addresses
bonding on Redhat/Fedora
bonding on Debian/Ubuntu
practice: binding and bonding
solution: binding and bonding
5. ssh client and server
about ssh
secure shell
ssh protocol versions
public and private keys
rsa and dsa algorithms
log on to a remote server
executing a command in remote
setting up passwordless ssh
id_rsa and
copy the public key to the other computer
passwordless ssh
X forwarding via ssh
troubleshooting ssh
sshd keys
practice: ssh
solution: ssh
6. introduction to nfs
nfs protocol versions
server configuration
client configuration
practice: introduction to nfs
7. introduction to networking
introduction to iptables
iptables firewall
practice : iptables
solution : iptables
xinetd and inetd
the superdaemon
inetd or xinetd
xinetd superdaemon
inetd superdaemon
practice : inetd and xinetd
network file system
protocol versions
server configuration
client configuration
practice : network file system
II. apache and squid
8. apache web server
introduction to apache
installing on Debian
installing on RHEL/CentOS
running apache on Debian
running apache on CentOS
index file on CentOS
default website
apache configuration
port virtual hosts on Debian
default virtual host
three extra virtual hosts
three extra ports
three extra websites
enabling extra websites
testing the three websites
named virtual hosts on Debian
named virtual hosts
name resolution
enabling virtual hosts
reload and verify
password protected website on Debian
port virtual hosts on CentOS
default virtual host
three extra virtual hosts
three extra ports
SELinux guards our ports
three extra websites
enabling extra websites
testing the three websites
firewall rules
named virtual hosts on CentOS
named virtual hosts
name resolution
reload and verify
password protected website on CentOS
troubleshooting apache
virtual hosts example
aliases and redirects
more on .htaccess
self signed cert on Debian
self signed cert on RHEL/CentOS
practice: apache
9. introduction to squid
about proxy servers
open proxy servers
installing squid
port 3128
starting and stopping
client proxy settings
upside down images
access control
testing squid
name resolution
III. dns server
10. introduction to DNS
about dns
name to ip address resolution
forward and reverse lookup queries
dns namespace
root servers
root hints
top level domains
fully qualified domain name
dns zones
dns records
caching only servers
caching only server without forwarder
caching only server with forwarder
iterative or recursive query
authoritative dns servers
primary and secondary
zone transfers
master and slave
SOA record
full or incremental zone transfers
DNS cache
forward lookup zone example
example: caching only DNS server
example: caching only with forwarder
example: primary authoritative server
using your own DNS server
using your own domain
example: a DNS slave server
practice: dns
solution: dns
11. advanced DNS
example: DNS round robin
DNS delegation
example: DNS delegation
example: split-horizon dns
old dns topics
old example: reverse DNS
old DNS load balancing
old DNS notify
old testing IXFR and AXFR
old DDNS integration with DHCP
old reverse is forward
old ipv6
old DNS security: file corruption
old DNS security: zone transfers
old DNS security: zone transfers, ip spoofing
old DNS security: queries
old DNS security: chrooted bind
old DNS security: DNSSEC
old DNS security: root
IV. dhcp server
12. introduction to dhcp
four broadcasts
picturing dhcp
installing a dhcp server
dhcp server for RHEL/CentOS
client reservations
example config files
older example config files
advanced dhcp
80/20 rule
relay agent
rogue dhcp servers
dhcp and ddns
Practice: dhcp
V. iptables firewall
13. introduction to routers
router or firewall
packet forwarding
packet filtering
nat (network address translation)
pat (port address translation)
snat (source nat)
dnat (destination nat)
port forwarding
practice: packet forwarding
solution: packet forwarding
14. iptables firewall
iptables tables
starting and stopping iptables
the filter table
about packet filtering
filter table
setting default rules
changing policy rules
Allowing ssh over eth0
Allowing access from a subnet
iptables save
scripting example
Allowing ICMP(ping)
practice: packet filtering
solution: packet filtering
network address translation
about NAT
SNAT (Source NAT)
SNAT example setup
IP masquerading
DNAT (Destination NAT)
VI. Introduction to Samba
15. introduction to samba
verify installed version
.rpm based distributions
.deb based distributions
installing samba
.rpm based distributions
.deb based distributions
samba howto
samba by example
starting and stopping samba
samba daemons
the SMB protocol
brief history
broadcasting protocol
NetBIOS names
network bandwidth
practice: introduction to samba
16. getting started with samba
smbd -b
the default smb.conf
minimal smb.conf
net view
long lines in smb.conf
curious smb.conf
man smb.conf
syntax check smb.conf
testparm -v
testparm -s
smbclient looking at Samba
smbclient anonymous
smbclient with credentials
server string
Samba Web Administration Tool (SWAT)
practice: getting started with samba
solution: getting started with samba
17. a read only file server
Setting up a directory to share
configure the share
smb.conf [global] section
smb.conf [share] section
restart the server
verify the share
verify with smbclient
verify on windows
a note on netcat
practice: read only file server
solution: read only file server
18. a writable file server
set up a directory to share
share section in smb.conf
configure the share
test connection with windows
test writing with windows
How is this possible ?
practice: writable file server
solution: writable file server
19. samba first user account
creating a samba user
ownership of files
passdb backend
forcing this user
practice: first samba user account
solution: first samba user account
20. samba authentication
creating the users on Linux
creating the users on samba
security = user
configuring the share
testing access with net use
testing access with smbclient
verify ownership
common problems
usernames are (not) case sensitive
practice : samba authentication
solution: samba authentication
21. samba securing shares
security based on user name
valid users
invalid users
read list
write list
security based on ip-address
hosts allow
hosts deny
security through obscurity
hide unreadable
file system security
create mask
force create mode
security mask
force security mode
inherit permissions
practice: securing shares
solution: securing shares
22. samba domain member
changes in smb.conf
security mode
Linux uid's
winbind use default domain
[global] section in smb.conf
realm in /etc/krb5.conf
[share] section in smb.conf
joining an Active Directory domain
adding winbind to nsswitch.conf
starting samba and winbindd
verify the trust
list all users
list all groups
query a user
file ownership
practice : samba domain member
23. samba domain controller
about Domain Controllers
Windows NT4
Windows 200x
Samba 3
Samba 4
About security modes
security = share
security = user
security = domain
security = ads
security = server
About password backends
[global] section in smb.conf
os level
passdb backend
preferred master
domain logons
domain master
[global] section
netlogon share
other [share] sections
Users and Groups
about computer accounts
local or roaming profiles
Groups in NTFS acls
logon scripts
practice: samba domain controller
24. a brief look at samba 4
Samba 4 alpha 6
VII. ipv6
25. Introduction to ipv6
about ipv6
network id and host id
host part generation
ipv4 mapped ipv6 address
link local addresses
unique local addresses
globally unique unicast addresses
non routable addresses
Belgium and ipv6
other websites
6to4 gateways
ping6 and dns
ipv6 and tcp/http
ipv6 PTR record
6to4 setup on Linux
VIII. Appendix
A. License

List of Tables

10.1. the first top level domains
10.2. new general purpose tld's
13.1. Packet Forwarding Exercise
13.2. Packet Forwarding Solution