PC Cluster Installation Guide by xld14276

VIEWS: 32 PAGES: 41

More Info
									                         PC Cluster Installation Guide
  Tokushima univ. M1 N.Mizuguchi, K.Hirano, Y.Hamaguchi (created Apr. 2003)
         Tokushima univ. M1 Y.Seika, A.Matsubara (modified Jun. 2004)
                    Tokyo tech. I.Ono (modified Apr. 2006)
 Tokyo tech. Shamim, K.Sakamoto, S.Nakamura, N.Hamada (modified May. 2007)


Contents
1 Network Toporogy                                                                                                                         1
  1.1 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .                                              1
  1.2 List of the Configrations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .                                             2

2 Setup Gateway                                                                                                                            3
  2.1 Overview . . . . . . . . . . . . . . .    . . . . . .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .    3
  2.2 Install an Operating System . . . . .     . . . . . .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .    3
  2.3 Start SSH service . . . . . . . . . . .   . . . . . .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .    3
  2.4 Configure Packet Routing . . . . . .       . . . . . .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .    4
  2.5 Configure IP Masquerade and Packet         Filtering     .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .    5
      2.5.1 Overview . . . . . . . . . . .      . . . . . .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .    5
      2.5.2 Configure iptables Setting . .       . . . . . .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .    6
      2.5.3 Enable FTP . . . . . . . . . .      . . . . . .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .    8
  2.6 Stop Unnecessary Daemons . . . . .        . . . . . .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   10
  2.7 Setup as a Client . . . . . . . . . . .   . . . . . .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   11

3 Setup In-Server                                                                                                                         13
  3.1 Overview . . . . . . . . . . . . . . . . . . . . . . . .            .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   13
  3.2 Install an Operating System . . . . . . . . . . . . . .             .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   13
  3.3 NIS Server . . . . . . . . . . . . . . . . . . . . . . . .          .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   13
      3.3.1 Setup NIS Domain Name . . . . . . . . . . .                   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   13
      3.3.2 Access Control to NIS Server . . . . . . . . .                .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   14
      3.3.3 Setup Host Information . . . . . . . . . . . .                .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   14
      3.3.4 Create a New Group . . . . . . . . . . . . . .                .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   14
      3.3.5 Create New Users . . . . . . . . . . . . . . .                .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   14
      3.3.6 Setup NIS Users and NIS Group . . . . . . .                   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   15
      3.3.7 Start ypserv . . . . . . . . . . . . . . . . . . .            .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   15
      3.3.8 Create NIS Map . . . . . . . . . . . . . . . .                .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   15
      3.3.9 Start yppaswdd . . . . . . . . . . . . . . . . .              .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   16
      3.3.10 Create NIS Database File . . . . . . . . . . .               .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   16
      3.3.11 How to Add New Users to Runnig NIS Server                    .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   16
  3.4 NFS Server . . . . . . . . . . . . . . . . . . . . . . .            .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   17
      3.4.1 Setup Exports . . . . . . . . . . . . . . . . .               .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   17
      3.4.2 Update Export Table . . . . . . . . . . . . .                 .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   17
      3.4.3 Setup autofs . . . . . . . . . . . . . . . . . .              .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   17




                                                 i
         3.4.4 Stop Running autofs       .   .   .   .   .   .    .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   18
         3.4.5 Start NFS Server . .      .   .   .   .   .   .    .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   18
   3.5   NTP Server . . . . . . . . .    .   .   .   .   .   .    .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   18
         3.5.1 Overview . . . . . .      .   .   .   .   .   .    .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   18
         3.5.2 Setup NTP . . . . .       .   .   .   .   .   .    .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   18
   3.6   Setup as a Client . . . . . .   .   .   .   .   .   .    .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   19

4 Setup Client                                                                                                                                                    20
  4.1 Install an Operating System . . . . . .                    . . . . .            .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   20
  4.2 NIS Client . . . . . . . . . . . . . . . .                 . . . . .            .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   20
      4.2.1 Address NIS Server . . . . . . .                     . . . . .            .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   20
      4.2.2 Configure Name Service Switch                         Settings             .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   20
      4.2.3 Specify NIS Domain . . . . . .                       . . . . .            .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   20
      4.2.4 Start NIS Client . . . . . . . .                     . . . . .            .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   21
  4.3 NFS Client . . . . . . . . . . . . . . .                   . . . . .            .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   21
      4.3.1 Start autofs . . . . . . . . . . .                   . . . . .            .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   21
  4.4 NTP Client . . . . . . . . . . . . . . .                   . . . . .            .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   21
      4.4.1 Setup NTP . . . . . . . . . . .                      . . . . .            .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   21
      4.4.2 Start NTP . . . . . . . . . . .                      . . . . .            .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   21
  4.5 “r” Commands . . . . . . . . . . . . .                     . . . . .            .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   22

Appendix A Introduction to Linux – Read Before Installation                                                                                                       25
  A.1 How to Shutdown the Operating System . . . . . . . . . . . . .                                                      .   .   .   .   .   .   .   .   .   .   25
  A.2 su Command . . . . . . . . . . . . . . . . . . . . . . . . . . . .                                                  .   .   .   .   .   .   .   .   .   .   25
  A.3 Run Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .                                               .   .   .   .   .   .   .   .   .   .   25
  A.4 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .                                              .   .   .   .   .   .   .   .   .   .   27
      A.4.1 Surper Server . . . . . . . . . . . . . . . . . . . . . . . .                                                 .   .   .   .   .   .   .   .   .   .   27
      A.4.2 Start, Stop and Restart Servers . . . . . . . . . . . . . .                                                   .   .   .   .   .   .   .   .   .   .   27
      A.4.3 Configuration of Server Status . . . . . . . . . . . . . .                                                     .   .   .   .   .   .   .   .   .   .   28
      A.4.4 Configuration of Super Server Status . . . . . . . . . . .                                                     .   .   .   .   .   .   .   .   .   .   28
  A.5 Network Commands . . . . . . . . . . . . . . . . . . . . . . . .                                                    .   .   .   .   .   .   .   .   .   .   29
      A.5.1 ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . .                                                .   .   .   .   .   .   .   .   .   .   29
      A.5.2 netstat . . . . . . . . . . . . . . . . . . . . . . . . . . . .                                               .   .   .   .   .   .   .   .   .   .   30
      A.5.3 telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . .                                                .   .   .   .   .   .   .   .   .   .   30
      A.5.4 ifconfig . . . . . . . . . . . . . . . . . . . . . . . . . . .                                                 .   .   .   .   .   .   .   .   .   .   31

Appendix B How to Confirm Settings                                                                                                                                 32
  B.1 Confirm Network Connections . . . .                     .    .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   32
  B.2 Confirm Packet Filtering . . . . . . .                  .    .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   32
  B.3 Confirm NIS . . . . . . . . . . . . .                   .    .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   32
  B.4 Confirm DNS . . . . . . . . . . . . .                   .    .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   32
  B.5 Confirm NFS . . . . . . . . . . . . .                   .    .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   32
  B.6 Confirm NTP . . . . . . . . . . . . .                   .    .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   33

Appendix C How to Use vi Editer                                                                                                                                   34
  C.1 Command Mode and Insert Mode . . . . . . . . . . . . . . . . . . . . . . . . . .                                                                            34
  C.2 Run, Edit, Save and Exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .                                                                      34
  C.3 Basic Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .                                                                      34




                                                             ii
Appendix D How to Install Linux                                                                                                                         36
  D.1 Fedora Core 4 . . . . . . . . . . .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   36
      D.1.1 Setup Host Names . . . .        .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   36
      D.1.2 Organize Partitions . . . .     .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   36
      D.1.3 Setup IP Addresses . . . .      .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   36
      D.1.4 Select Packages to Install      .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   37

Appendix E Troubleshooting                                                                                                                              38
  E.1 Failure during OS Installation . . . . . . . . . . .                      .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   38
  E.2 No ping Replies from Gateway . . . . . . . . . .                          .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   38
  E.3 Cannot Login with Created User Account . . . .                            .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   38
  E.4 Cannot Find User’s /home after Login succeeded                            .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   38
  E.5 ntpd downs itself automatically . . . . . . . . . .                       .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   .   38




                                                    iii
1     Network Toporogy
1.1    Summary

                                       192.168.Z.




                                              192.168.Z.X (eth0)

                                              192.168.Y.1 (eth1)
                                                                   Gateway


                                                            Hub



                                              Uplink




      192.168.Y.4               192.168.Y.3                          192.168.Y.2


                    Client                     Client                              InServer


                                  Figure 1: Network toporogy



Gateway Acts as a bridge between WAN and LAN.

         • Must need to contain one grobal IP address. IP network mask needs to provide.
           Clients enable to access outside network and vice versa through Gateway node.
         • Firewall needs to be implemented sothat packets from outside network will be filtered.

      Note: Gateway will work as NIS client.
In-Server Provides services for the hosts in LAN.

         • NIS server to manage the user information
         • NFS server to manage the user’s home directory
         • DNS server
Client User terminal.

         • Work as InServer client.
         • Provides shareable environment through the NIS and NFS server terminal.




                                                        1
1.2   List of the Configrations
  • Gateway
      – Packet routing
      – IP masquerade
      – Packet filtering (Allow to access through SSH client from outside network)
      – SSH server
      – NIS client
      – NFS client
      – NTP client
      – rlogin, rsh
      – telnet, ssh
  • In-Server

      – NIS server
      – NFS server
      – DNS server
      – NTP server
      – NIS client
      – rlogin, rsh
      – telnet, ssh
  • Client

      – NIS client
      – NFS client
      – NTP client
      – rlogin, rsh
      – telnet, ssh




                                           2
2       Setup Gateway
2.1       Overview
Gateway connects between outside and inside network. So, it requires TWO network cards
(NIC). The second NIC needs to install before OS installation.

    ˘¥˝¥ˆ¥¨¥¡…¥fl                                      ¥†¡…¥¨¥ƒ¥§¥⁄                          ‡¥˝¥ˆ¥¨¥¡…¥fl




                       ‡fl⁄˛¥„¨
                                               eth1          eth0
                        ¥¢fi¥»„⁄†˜
         192.168.Y.2                           192.168.Y.1   192.168.0.X                          A.B.C.D




                       ¥†¡…¨ƒ§⁄˛
                       ¥¢fi¥»„⁄†˜                                           ¥¡…—⁄˛¢fi¥»„⁄æ¨


                                    Figure 2: Packet filtering through eth0 and eth1


    Following steps are taken to setup the Gateway node.
    1. Install an operating system

    2. Start SSH service

    3. Configure packet routing
    4. Configure IP masquerade and packet filtering

    5. Stop unneccesary daemons

2.2       Install an Operating System
To install OS, refer to appendix D and note the followings.

    • Set IP address without DHCP (eth0(192.168.0.X), eth1(192.168.Y.1))

    • Set DNS address (131.112.181.53)

2.3       Start SSH service
In Fedora 4, SSH deamon is already in running mode.
  Check sshd status                                                                                        

 # /sbin/service sshd status
 sshd (pid 681) is running...
                                                                                                           

If sshd status is not running, then need to start.




                                                               3
Start sshd                                                                                   

 # /sbin/service sshd start
 starting sshd:[ OK ]
                                                                                             

Current configuration will visualize by the following commands.
 Show current configuration                                                                   

 # /sbin/chkconfig --list sshd
 sshd            0:off   1:off          2:off       3:off   4:off    5:off    6:off
                                                                                             

 sshd to start with run-level 35
 Set                                                                                          

 # /sbin/chkconfig --level 35 sshd on
 # /sbin/chkconfig --list sshd
 sshd            0:off   1:off   2:off              3:on    4:off    5:on     6:off
                                                                                             

   To setup sshd, edit /etc/ssh/sshd config file. This file contains the listening port number
(default 22), root login permission by SSH, etc.. For our case, we did not change the default
velues.
   Example to use SSH.
 Remote-login with ssh
   e.g.                                                                                       

 [cl01user@clhama01 ~]% ssh -l gwuser gwhama
 gwuser@gwhama’s password:
                                                                                             

 If connection established, the following messages will showup.
 Message for the first access
 e.g.                                                                                         

  authenticity of host ’clhama01 (192.168.Y.3)’ can’t be established.
 RSA key fingerprint is 05:bb:d2:83:21:9a:02:d8:4a:de:d9:3a:d3:2b:4e:bb.
 Are you sure you want to continue connecting (yes/no)?
                                                                                             

   No need to update the /etc/ssh/ssh host dsa key file. It will update automatically.

2.4   Configure Packet Routing
To enable to send packets from inside network to outside, IP packet forwarding needs to activate.
To activate IP packet forwarding, /proc/sys/net/ipv4/ip forward file needs to edit.
 packet forwarding on
   Set                                                                                            

 [root@gwhama ~]# echo "1" > /proc/sys/net/ipv4/ip_forward
                                                                                             

   To enable the packet forwarding on booting time, /etc/sysctl.conf file needs to edit.




                                                4
 forwarding on at booting
 Set                                                                                              

 6: # Controls IP packet forwarding
 7: net.ipv4.ip_forward = 1
                                                                                                 


2.5     Configure IP Masquerade and Packet Filtering
2.5.1   Overview
IP masquerade does the same function as packet filtering.

                                      input packet


                                     (1)checksum and
                                                                              æ¨
                                     sanity



                                      (2)input chain                          æ¨
                   ACCEPT/REDIRECT

                                        (3)routing         (6)de-masquerade

           packet to
           local loopback            (4)forward chain                         æ¨
                            ACCEPT


                                      (5)output chain                         æ¨


                                      output packet

                            Figure 3: Flow chart of IP packet filtering



  1. checking packets
     Checks if an input packet is valid or not. If a packet which has illeagal structure comes,
     drop it and guarantees the safety of after steps.
  2. input chain
     When the packet enters from network to Linux, this chain is applied.
  3. routing
     Selects a route.
  4. forward chain
     Determine how it transfers the packet which is sent to Linux from NIC.
  5. output chain
     When the packet is output to NIC from Linux, this chain is applied.




                                                       5
  6. de-masquerade
     Response packets of the packets which are send out through IP masquerade skip the forward
     chain. Because the packets have been already applied the rule of forward chain.

Figure 3 tells there are three methods of the input chain, the forward chain and the output
chain to filter unexpected packets. In our case, the forward chain and the output chain accept
all packets, and only the input chain does the packet filtering. Set the rule wihch passes only
necessary packets and drops others.
    The setting of IP packet filtering doesn’t distinguish NIC of eth0 and eth1. The same filtering
rule is applied to the packets from both NIC of eth0 and eth1. So, the filtering rule needs to
contain different two settings for eth0 and eth1.

2.5.2   Configure iptables Setting
Figure 2 tells the basis of IP packet filtering; drop packets from outside (eth0) and accept packets
from inside (eth1).
    Kernel 2.4 systems provide both ipchains which is an old filter used in kernel 2.2 systems
and iptables which is a new filter to configure filtering rules more in detail. In this case, we use
iptables to filter packets. Do not use the both of ipchains and iptables at the same time, or they
will conflict.
    Stop ipchains, and start iptables (iptables has been already running in Vine Linux 2.6).
  Stop ipchains and start iptables                                                                 

   [root@gwhama ~]# /sbin/service ipchains stop
   [root@gwhama ~]# /sbin/service iptables start
                                                                                                 
Sets its run-level to 3 and 5 to start automatically on booting time (It is default in Vine Linux
2.6).
 ipchains not to start and set iptables to start automatically
    Set                                                                                           

 # /sbin/chkconfig --level 35 ipchains off
 # /sbin/chkconfig --level 35 iptables on
                                                                                                   

 Configure IP masquerade and packet filtering of iptables as follows.
iptables                                                                                           

 # iptables -F
 # iptables -P INPUT DROP
 # iptables -P OUTPUT ACCEPT
 # iptables -P FORWARD ACCEPT
 # iptables -A INPUT -i eth1 -j ACCEPT
 # iptables -A INPUT -i lo -j ACCEPT
 # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 # iptables -A INPUT -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT
 # iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
 # iptables -A INPUT -p icmp -i eth0 -j ACCEPT
 # iptables-save > /etc/sysconfig/iptables
                                                                                                   




                                               6
    Now, it explains the detail of above setting.
    First, set the basic rules into iptables. “INPUT” means the packets input from the other
host. “OUTPUT” means the packets output to the other host. “FORWARD” means the packets
transfered through Linux. ”-F” means to discard all current rules. “-P” means to set the default
filtering rule.
 Basic commands to configure rules
   e.g.                                                                                          

 Discard all current rules.
 # iptables -F
 Drop all input packets.
 # iptables -P INPUT DROP
 Accept all output packets.
 # iptables -P OUTPUT ACCEPT
 Accept all forward packets.
 # iptables -P FORWARD ACCEPT
                                                                                               

    Now, all packets which enter to Gateway are droped. This setting is inconvenient for the
inside network. So, permit all input packets from LAN (eth1) and localhost. “-A INPUT”
means to add a rule to the input chain. “-i” specifies the network interface and “-j” specifies the
target. The target is how to handle the packet which is matched the rule; there are ACCEPT
(allow to pass), DENY (disallow to pass) and etc.
   Allow packets from eth1 or localhost.                                                         

 # iptables -A INPUT -i eth1 -j ACCEPT
 # iptables -A INPUT -i lo -j ACCEPT
                                                                                               

    The inside network still cannot communicate with the outside. To enable the inside hosts to
communicate with the outside, configure IP masquerade as follows. “-o” specifies the network
interface. The following setting to rewrite IP address of packets which go out from an inside
host through eth0 to eth0’s one.
  Configure IP masquerade.                                                                      

   # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
                                                                                                
This setting drops all packets from outside network (eth0). You cannot use WWW. Configure
setting to accept an answer packet, after the connection established. “-m state -state” specifies
the connection status. The following statuses are available to specify.
ESTABLISHED Found this packet is one of the bidirectional connections.
NEW Found this packet starts a new connection or is not one of the bidirectional connections.
RELATED This packet starts a new connection, but, it is related to the established connection
   such as FTP data transfer or ICMP error.
Accept an answer packet                                                                        

 # iptables -A INPUT -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT
                                                                                               




                                              7
   For maintenance from outside, accept the connection by SSH (port 22). “-p” specifies the
protocol and “-dport” specifies the port number.
  Accept SSH connection (port 22)                                                         

 # iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
                                                                                              

 Current setting drops ICMP packets from outside. To enable PING, configure as follows.
Accept ICMP                                                                                   

  # iptables -A INPUT -p icmp -i eth0 -j ACCEPT
                                                                                              
Save above settings.
  Save iptables setting                                                                       

 # iptables-save > /etc/sysconfig/iptables
                                                                                              


2.5.3   Enable FTP
In the foregoing paragraph, the IP masquerade, basic setting of filtering it did. With the IP
masquerade, the basis book it corresponds to all protocol. But, because connection Hari shape is
special depending upon, protocol such as FTP, IP masquerade as a single unit it is not possible
to correspond. Outside it calls hell pas module vis-a-vis this kind of protocol it is possible to
correspond by the fact that module is utilized.
    (To know what kinds of modules are installed, see /lib/modules/“kernel version”/kernel/net/ipv4/netfilter/)
    As for these modules being special, because the dynamic load and unloading is not possible, it
is necessary when starting the system reading these modules explicitly with suitable this timing.
To setting, command for reading is described (as for line of the # is comment in /etc/rc.local).




                                               8
Add to the end of /etc/rc.local                                                            

 # Connection tracing module
 /sbin/modprobe ip_conntrac
 # Connection tracing module for FTP
 /sbin/modprobe ip_conntrack_ftp
 # Connection tracing module for IRC
 /sbin/modprobe ip_conntrack_irc
 # Helper module for FTP
 /sbin/modprobe ip_nat_ftp
 # Helper module for IRC
 /sbin/modprobe ip_nat_irc
 # Logging module
 /sbin/modprobe ipt_LOG
 # IP masquerade module
 /sbin/modprobe ipt_MASQUERADE
 # REDIRECT module
 /sbin/modprobe ipt_REDIRECT
 # REJECT module
 /sbin/modprobe ipt_REJECT
                                                                                           

 After the restarting, to confirm the required modules are loaded, use lsmod command.
Show loaded modules (partially)                                                            

  # lsmod
  Module                  Size     Used by   Tainted: P
  ipt_REJECT              3424      0 (unused)
  ipt_REDIRECT            1408      0 (unused)
  ipt_LOG                 3840      0 (unused)
  ip_nat_irc              3264      0 (unused)
  ip_nat_ftp              4128      0 (unused)
  ip_conntrack_irc        4096      1 [ip_nat_irc]
  ip_conntrack_ftp        4960      1 [ip_nat_ftp]
  eepro100               19248      1
  8139too                17248      1
  mii                     1984      0 [8139too]
  ipt_state               1152      1 (autoclean)
  ipt_MASQUERADE          2528      1 (autoclean)
  iptable_nat            22420      3 (autoclean) [ipt_REDIRECT ip_nat_irc ip_nat_ftp ...
  ip_conntrack           29996      4 (autoclean) [ipt_REDIRECT ip_nat_irc ip_nat_ftp ...
  iptable_mangle          2816      0 (autoclean) (unused)
  iptable_filter          2368      1 (autoclean)
  ip_tables              14848     10 [ipt_REJECT ipt_REDIRECT ipt_LOG ipt_state ...
  md                     60448      0 (unused)
  encode-eucjp          242944      0 (unused)
  rtc                     7100      0 (autoclean)
                                                                                           




                                              9
2.6    Stop Unnecessary Daemons
In Vine Linux 2.6, various daemons are already running with default after the installation.
  Show all services’ status                                                                  
  # /sbin/service --status-all
  jserver (pid 807) is running...
  anacron is already stoped, but subsystem is locked.
  atd (pid 899) is running...
  Configured Mount Points:
  ------------------------
  /usr/sbin/automount --timeout 60 /home yp auto.home
  /usr/sbin/automount --timeout 60 /misc file /etc/auto.misc

  Active Mount Points:
  --------------------
  /usr/sbin/automount --timeout 60 /home yp auto.home
  /usr/sbin/automount --timeout 60 /misc file /etc/auto.misc
  Usage: canna {start|stop|restart}
  crond (pid 819) is running...
  gpm (pid 795) is running...
   (Omitted)
                                                                                             

Running unnecessary daemons would occur some security problems. Check ports with netstat
command, and you will see many ports are opened (Statuses will be changed with selection of
the component when installing).
  Show default port status                                                                 
  # netstat -l
  Active internet connections (server only).
  Proto Recieve-Q Send-Q Internal address          External address         Status
  tcp        0      0    *:1024                       *:*                   LISTEN
  tcp        0      0    *:login                      *:*                   LISTEN
  tcp        0      0    *:wnn7                       *:*                   LISTEN
  tcp        0      0    *:shell                      *:*                   LISTEN
  tcp        0      0    *:1026                       *:*                   LISTEN
  tcp        0      0    *:printer                    *:*                   LISTEN
  tcp        0      0    *:sunrpc                     *:*                   LISTEN
  tcp        0      0    *:x11                        *:*                   LISTEN
  tcp        0      0    *:canna                      *:*                   LISTEN
  tcp        0      0    *:auth                       *:*                   LISTEN
  tcp        0      0    *:692                        *:*                   LISTEN
  tcp        0      0    *:ssh                        *:*                   LISTEN
  tcp        0      0    *:telnet                     *:*                   LISTEN
  tcp        0      0    *:smtp                       *:*                   LISTEN
  udp        0      0    *:1024                       *:*
  udp        0      0    *:670                        *:*
  udp        0      0    *:930                        *:*
   (Omitted)
                                                                                             

The status “LISTEN” means the port is opened to outside.
  Table 1 is summary of the unnecessary daemons in Gateway. Refer it and stop unnecessary




                                              10
daemons.
   For example, to stop postfix which is the SMTP server, type as follows.
  Stop SMTP server                                                                   

  Show postfix status.
  # /sbin/service postfix status
  master (pid 784) is running...
  # /sbin/chkconfig --list postfix
  postfix         0:off   1:off    2:on            3:on    4:on      5:on     6:off

 Stop current running services.
 # /sbin/service postfix stop
 Turn off postfix on booting time.
 # /sbin/chkconfig --level 2345 postfix off
                                                                                     

 After stopping unnecessary daemons, the status of ports which are opened is shown below.
Show port status after unnecessary daemons are stopped                                   
  # netstat -l
  Active internet connections.
  Proto Receive-Q Send-Q Internal address     External address        Status
  tcp        0      0      *:1024                  *:*                LISTEN
  tcp        0      0      *:ssh                   *:*                LISTEN
  udp        0      0      *:xdmcp                 *:*
  Active UNIX domain sockets.
  Proto RefCnt Flag        Type       Status        I-node Path
  unix 2       [ ACC ]     STREAM     LISTENING     841     /tmp/.font-unix/fs7100
  #
                                                                                     
Port 1024 is used by X-Window. There is only neccesary port listening SSH daemon.

2.7    Setup as a Client
Gateway needs to setup as client. Refer to section 4 and continue to setup.




                                              11
                           Table 1: List of daemons in Gateway
Service Name   Function                                                          Required?
anacron        Executes command periodically by day                                 Yes
syslog         System log daemon                                                    Yes
keytable       Enables to change keybind                                            No
netfs          Mounts NFS, SMB and Netware which mount network files on booting      No
network        Network interface                                                    Yes
random         Random generator service                                             Yes
rawdevices     Provides RAW mode access to HDD                                      Yes
atd            Executes queued jobs by at command                                   Yes
autofs         NFS auto mount service                                               No
named          DNS service                                                          No
canna          Kana-kanji translation service                                       No
xfs            Font server for X                                                    Yes
FreeWnn        Kana-kanji translation service                                       No
gpm            Console mouse driver on Linux                                        No
inet           Super server                                                         Yes
ipchains       Packet filtering                                                      No
iptables       Packet filtering                                                      Yes
kudzu          Hardware auto ditection service                                      No
lpd            Printer spool service                                                No
mcserv         Enables users to use Midnight Commander from remote                  No
murasaki       HotPlug agent such as USB, CardBus, IEEE1394                         No
nfs            NFS server                                                           No
nfslock        Provides NFS file lock system                                         No
nscd           Provides search and cache of passwords and groups                    No
ntpd           Network time service                                                 No
sshd           SSH server                                                           Yes
identd         Identify service                                                     No
portmap        RPC (Remote Procedure Call) service which is used by NFS or NIS      No
postfix         SMTP service                                                         No
proftpd        FTP service                                                          No
routed         Routing service                                                      No
usbmgr         Supports USB                                                         No
crond          cron deamon which executes commands periodically                     Yes
ypbind         NIS/YP client                                                        No
in.telnetd     telnet server via super-server                                       No




                                        12
3       Setup In-Server
3.1     Overview
In-Server manages the information of all hosts in LAN, user information and the all files under
the /home directory of users. These substances are files or directories which exists on In-Server.
This central managing system provides the same environment for clients wherever users logined.
The Following steps are taken to setup In-Server.
    • Install an operating system

    • Configure NIS server
    • Configure NFS server

    • Configure NTP server

3.2     Install an Operating System
To install OS, refer to appendix D and note the following.
    • Set IP address without DHCP (Set eth0(192.168.Y.2))

    • Set 192.168.Y.2 as DNS (itself)
    • Add server packages

    • Set the clock correctly for NTP

3.3     NIS Server
NIS (Network Information Service) is a service in order to manage and provide the system
information inside subnetwork such as user information and host information.

3.3.1    Setup NIS Domain Name
NIS domain is the domain name in NIS. Set NIS domain name and netgroup name (server and
client).
    The file /etc/sysconfig/network describes the setting of the network above the system. To
entry NIS domain name to In-Server, add the following line to the file /etc/sysconfig/network.
   Add to /etc/sysconfig/network                                                             

 NISDOMAIN=domain-hama
                                                                                                   

   This setting will not be activated until rebooting. Update the setting with the following
command.
 domain name
   Set                                                                                       

  [root@svhama ~]# domainname domain-hama
                                                                                                   
domainname is a command to set or show the current domain name.




                                               13
3.3.2   Access Control to NIS Server
Access control of ypserv on NIS server is configured in the file /var/yp/securenets. Create the
file /var/yp/securenets and add the following lines.
Note: Do NOT add a brank line to the end of this file, or it will fail to start ypserv(NIS server).
  Edit /var/yp/securenets                                                                         

   #netmask network
   255.0.0.0 127.0.0.0
   255.255.255.0 192.168.Y.0
                                                                                               
The line begining with # is comment. Describe the netmasks and network addresses devided
in the space. First line gives access permission to loop back network. Second line gives access
permission to the hosts which belong to 192.168.Y.0/24.

3.3.3   Setup Host Information
To give In-Server the host information, edit file /etc/hosts as follows.
  Edit /etc/hosts                                                                             

 # Do not remove the following line, or various programs
 # that require network functionality will fail.
 127.0.0.1              svhama localhost localhost.localdomain
 192.168.Y.1            gwhama
 192.168.Y.2            svhama
 192.168.Y.3            clhama01
 192.168.Y.4            clhama02
 ## If it is to in addition to, it adds
 192.168.0.219          ibm1
 192.168.0.220          ibm2
     ...                ...
                                                                                              


3.3.4   Create a New Group
Create a new group for NIS or NFS.
Note: A group name is recommended to be shorter than 8 characters.
  Create new group                                                                            

  [root@svhama ~]# groupadd group-hama
                                                                                              
groupadd is a command to create a new group.

3.3.5   Create New Users
useradd is a command to create a new user, or to update a user’s information.
   Create a new user belonging to group-hama as follows.




                                               14
 Create new user; user1
 e.g.                                                                                     

  [root@svhama ~]# useradd -g group-hama user1
  [root@svhama ~]# passwd user1
                                                                                         
passwd is a command to set a new password for the specified user.

3.3.6   Setup NIS Users and NIS Group
Now, the users and groups are created into the files /etc/passwd and /etc/group as the local
users or groups. To register them as the NIS users or NIS groups, create files /etc/passwd.yp
and /etc/group.yp and edit them as follows.
  Edit /etc/passwd.yp (e.g. add two users; user1, user2)                                    

 user1:x:501:501::/home/user1:/bin/bash
 user2:x:502:501::/home/user2:/bin/bash
                  ...
                                                                                         

Edit /etc/group.yp (e.g. add users to group; group-hama)                                 

 group-hama:x:501:user1,user2
                                                                                         


3.3.7   Start ypserv
Start ypserv                                                                             

 [root@svhama ~]# /sbin/service ypserv start
 [root@svhama ~]# /sbin/chkconfig --level 35 ypserv on
                                                                                         


3.3.8   Create NIS Map
To create NIS map, use make command in the directory /var/yp/. To update NIS map for
the modification of the files /etc/passwd, /etc/hosts and etc., re-make is needed. Edit the file
/var/yp/Makefile as follows, and make it.
  Edit /var/yp/Makefile as follows                                                            

  40:   MERGE_PASSWD =   false
  44:   MERGE_GROUP =    true #(let it be true)
  70:   GROUP        =   $(YPPWDDIR)/group.yp
  71:   PASSWD       =   $(YPPWDDIR)/passwd.yp
 104:   #add shadow to   all (shadow is commented out as default)
                                                                                         




                                            15
 make NIS
 Do                                                                                            

 [root@svhama ~]# cd /var/yp
 [root@svhama /yp]# make
                                                                                              


3.3.9    Start yppaswdd
To change someone’s password, use yppasswd command instead of passwd when NIS is working.
To enable this command, start yppasswdd.
  Start yppasswdd                                                                        

 [root@svhama ~]# /sbin/servce yppasswdd start
 [root@svhama ~]# /sbin/chkconfig --level 35 yppasswdd on
                                                                                              


3.3.10    Create NIS Database File
Update information of NIS map for the master server.
 Type as follows                                                                              

  # /usr/lib/yp/ypinit -m

  (Confirm there has been already added NIS server svhama.)

  ‘‘C-d’’

 y (Confirm)
                                                                                              


3.3.11    How to Add New Users to Runnig NIS Server
It is often to add users after the settings of the NIS server and the NFS server are completed.
There is no way to directly add users to the NIS server. So, you need two steps; create local user
on In-Server, and register it to NIS server. For example, the local user “user3” which belongs to
“group-hama” of the local group is created. And its password is set.
 Add local user
    e.g.                                                                                           

 [root@svhama ~]# useradd -g group-hama user3
 [root@svhama ~]# passwd user3
                                                                                              

  Add the setting of user3 to the files /etc/passwd.yp, /etc/group.yp and /etc/auto.home.
Then, to update NIS map, execute make command.
 Update NIS map                                                                         

 [root@svhama ~]# cd /var/yp
 [root@svhama /yp]# make
                                                                                              




                                              16
Note: Set the password at the time of creating the local user, or it cannot be changed on NIS
by yppasswd command.

3.4     NFS Server
3.4.1   Setup Exports
NFS server shares its file system around the other hosts. The exported directories and sharing
hosts are writen on the file /etc/exports. Create the file /etc/exports and edit it as follows.
  Edit /etc/exports (new file)                                                                

 /home 192.168.Y.0/255.255.255.0(rw)
                                                                                               


3.4.2   Update Export Table
Update the export table where the kernel manages to the contents of the file /etc/exports with
the following command.
  Export /home                                                                               

  # /usr/sbin/exportfs -rav
                                                                                               
To confirm the export table, use this command.
  Confirm export table                                                                          

 # /usr/sbin/exportfs -v
                                                                                               


3.4.3   Setup autofs
To make NIS to automatic mount the requested files, configure autofs. Edit the file /etc/auto.home
as follows.
   Edit /etc/auto.home                                                                       

 user1 svhama:/home/user1
 user2 svhama:/home/user2
                                                                                               

Edit /etc/auto.master                                                                          

 # $Id: auto.master,v 1.2 1997/10/06 21:52:03 hpa Exp $
 # Sample auto.master file
 # Format of this file:
 # mountpoint map options
 # For details of the format look at autofs(8).
 /misc   /etc/auto.misc --timeout=60
 /home   /etc/auto.home --timeout=60
                                                                                               




                                             17
   In addition, to edit the file /var/yp/Makefile and to execute make command are required.
auto.home and auto.master are added to the specified place of Makefile.
  Edit /var/yp/Makefile(since 107th line)                                                 

 all: passwd group hosts rpc services netid protocols mail \
  shadow auto.master auto.home
       # netgrp shadow publickey networks ethers bootparams printcap \
       # amd.home auto.master auto.home auto.local passwd.adjunct \
       # timezone locale netmasks
                                                                                                

 make NIS
 Do                                                                                              

 [root@svhama ~]# cd /var/yp
 [root@svhama /yp]# make
                                                                                                


3.4.4   Stop Running autofs
There is the case that autofs has started as default. If it is running on In-Server, it tries to
mount its own /home, and will be freezed. If autofs has started on In-Server, stop it.
 Stop running autofs                                                                            

 # /sbin/chkconfig autofs off
 # /sbin/service autofs stop
                                                                                                


3.4.5   Start NFS Server
Start NFS sever.
  Start NFS sever                                                                               

 # /sbin/chkconfig --level 35 nfs on
 # /sbin/service nfs start
                                                                                                


3.5     NTP Server
3.5.1   Overview
NTP (Network Time Protocol) service is a service to automatically synchronize clocks between
the hosts. This service protects from troubles related the mismatches of file timestamps on the
NIS environment.

3.5.2   Setup NTP
ntpd is the software which has the both function of the server and the client. Its setting are
written on file /etc/ntp.conf. Configure NTP setting to adjust server’s clock to local clock.




                                             18
Edit /etc/ntp.conf                                                                                  

 server     127.127.1.0         # local clock
                                                                                                    

    Address 127.127.t.u (t: Integer explaining the clock type, and u: Identifer of the clock type)
is the NTP original expression which specifies the device to acquire the refference time address.
127.127.1.0 means to acquire time from the built-in clock.

3.6    Setup as a Client
In-Server also acts as a NIS client in LAN. Refer to section 4.2, and setup In-Server as a NIS
client.




                                               19
4       Setup Client
4.1     Install an Operating System
Install OS as appendix D.

4.2     NIS Client
In order to access NIS server, start ypbind which is one of the NIS clients.
Note: In-Server also needs this setting so as to act as a NIS client.

4.2.1    Address NIS Server
Add the following line to the end of NIS setting file /etc/yp.conf.
 Add the following line to /etc/yp.conf                                                     

   ypserver 192.168.Y.2
                                                                                            
Note: At the time this file is loaded, DNS has not functioned yet. Specify host by IP address
instead of host name.

4.2.2    Configure Name Service Switch Settings
Name service switch defines the search priority of information sources. To set the priority, edit
the file /etc/nsswitch.conf as the following order.
  Edit /etc/nsswitch.conf (excepted comments and brank lines)                                   

 passwd:         files nis
 shadow:         files nis
 group:          files nis
 hosts:          files nis dns
 bootparams:     nisplus [NOTFOUND=return] files
 ethers:         files
 netmasks:       files
 networks:       files
 protocols:      files nisplus nis
 rpc:            files
 services:       files nisplus nis
 netgroup:       nis
 publickey:      nis
 automount:      nis
 aliases:        nis
                                                                                            


4.2.3    Specify NIS Domain
Add the following line to the end of the file /etc/sysconfig/network.




                                               20
Add the following line to /etc/sysconfig/network                                         

 NISDOMAIN=domain-hama
                                                                                        

 Update the setting of NIS domain immediately with this command.
Update domain name                                                                      

 # domainname domain-hama
                                                                                        


4.2.4   Start NIS Client
Start ypbind                                                                            

 # /sbin/service ypbind start
 # /sbin/chkconfig --level 35 ypbind on
                                                                                        


4.3     NFS Client
Now, you can mount the /home directory on NFS server with mount command. autofs mounts
it automatically when it is needed.

4.3.1   Start autofs
Start autofs, if it has not already started (Maybe, running as default).
  Start autofs                                                                          

 [root@clhama01 ~]# /sbin/chkconfig --level 345 autofs on
 [root@clhama01 ~]# /sbin/service autofs start
                                                                                        


4.4     NTP Client
4.4.1   Setup NTP
Set NTP to adjust client’s clock to In-Server’s clock.
  Edit /etc/ntp.conf                                                                    

 server     192.168.Y.2
                                                                                        


4.4.2   Start NTP
Set the clock on In-Server properly, and start ntpd on the all hosts.




                                               21
Start NTP                                                                                             

 # /sbin/service ntpd start
 # /sbin/chkconfig --level 35 ntpd on
                                                                                                      


4.5    “r” Commands
Note: respectively it sets “r” command, to the host other than the gateway
     the “r” command which means remote (rlogin and rsh) with, without input of the password
it is possible to execute login or the shell in the other host. Simple use method is below. With
the execution example of rsh, from the host of ibm21 without input of the password login is done
in ibm22. Without option, login is done with present user name, but, when we would like to do
login with another user, “-l username” is used for option (in this case, it is inquired about the
password naturally).
   rlogin Execution example                                                                      

  [user@ibm21 ~]% rlogin ibm22
  Last login: Wed Apr 16 12:35:06 from ibm21
  [nio@ibm22 ~]%
                                                                                                      

    Below is the execution example of rsh. This with host garuda, has meant the fact that actual
line it does “cat /etc/hosts”.
   rsh                                                                                          

  % rsh garuda cat /etc/hosts
  127.0.0.1               localhost localhost.localdomain

  # Global Hosts
  150.59.38.111              valkyrie valkyrie.is.tokushima-u.ac.jp

  # Servers
  192.168.0.1                apsaras
  192.168.0.2                garuda
  192.168.0.3                yoda
  192.168.0.4                naga
  192.168.0.5                c3po
  192.168.0.6                fserv1
                                                                                                      

    In “r” command, the method is done of permitting the “r” command from that host by
describing the host which can be relied on. But, as for this it is the expedient which was thought
in order to improve convenience to the times when Internet is safe, it is not agreeable with present
circumstance. Host name (IP address) with, it meaning that the increase which which does to
become simple is possible, with “r” comannd as for security it is possible to say that almost it is
not. Because of that, “r” command is used with only internal network inside the fire wall, (the
internal server ¡- -¿ only between the client it permits). It sets “r” command, by the fact that
the host which is permitted in the /etc/hosts.equiv file is entered (new compilation).




                                                22
 svhama
 host            /etc/hosts.equiv                                                                

  localhost
  clhama01
                                                                                                

    With the above-mentioned setting, it becomes the meaning of permitting the “r” command
from localhost and clhama01. Basically, this way it just keeps describing host name it is good.
Rlogin and rsh telnet are started similarly by way of the super server. Because of that, when
inetd is used, removing the comment of the /etc/inetd.conf file, it is necessary to restart inet.
  inetd.conf                                                                                    

   46: shell       stream tcp         nowait root        /usr/sbin/tcpd in.rshd
   47: login       stream tcp         nowait root        /usr/sbin/tcpd in.rlogind
                                                                                                  
On the one hand, when xinetd is used, it is necessary to turn rlogin and rsh to ON making use
of chkconfig. As for “r” command itself, there is no problem with the above-mentioned setting.
But, when the machine increases at several hundred unit level, the machine increases, (every
decreases) it is serious to do the above-mentioned setting. Then, try to be able to do the setting
easily by the fact that the net group is set with the NIS server. The net group, is easy to know
that you think that the host of the user group (the machine) it is something as in edition. In
other words, it appoints the net group to /etc/hosts.equiv, lumping together with the NIS server,
it sets the host which participates in the net group. Like this by the fact that it does, the work
due to the increase and decrease of the machine becomes easy. You work below, with the host
where the NIS server is moving. It sets the net group, with the /etc/netgroup file. Here, svhama,
clhama01 belongs to net group ngcl-hama in net group ngsv-hama. Case and the like the client
is added afterwards, it keeps adding to ngcl-hama.
 Edit /etc/netgroup
    e.g.                                                                                           

 # Description example
 # netgroupname (hostname,, NIS-domainname) (hostname,, NIS-domainname)
 ngsv-hama (svhama,,domain-hama)
 ngcl-hama (clhama01,,domain-hama)
                                                                                                

To add a host, divide each host4 in a space.
  /etc/netgroup Client additional setting example                                               

 ngsv-hama (svhama,,domain-hama)
 ngcl-hama (clhama01,,domain-hama) (clhama02,,domain-hama)
                                                                                                

/etc/netgroupSetting is reflected by the fact that the file is done after compilation, /var/yp/Makefile
make. This time, by the fact that netgrp is added with /var/yp/Makefile, it reaches the point
where the setting of netgroup is shared with NIS.




                                               23
/var/yp/Makefile It compiles                                                        

 104: all:    passwd group hosts rpc services netid protocols mail \
 105:          shadow auto.master auto.home netgrp
 106:          # netgrp shadow publickey networks ethers bootparams printcap \
 107:          # amd.home auto.master auto.home auto.local passwd.adjunct \
 108:          # timezone locale netmasks
                                                                                   

 Each host which uses “r” commands is required to configure the following setting.
 Edit /etc/hosts.equiv in svhama to configure netgroup.
 e.g.                                                                               

 # As for appointment of net group, use ‘‘+@’’.
 localhost
 +@ngsv-hama
 +@ngcl-hama
                                                                                   

   That’s all to configure adout “r” commands.




                                            24
Appendix A Introduction to Linux – Read Before
Installation
    This section explains the basic concepts and usages for Linux begginers. You should have at
least known the following before start to setup.

   • how to shutdown the operating system

   • su command

   • run-level
   • service and super server

   • network commands

A.1     How to Shutdown the Operating System
Stop or reboot of the system can be done by selecting “stop” or “reboot” on the login screen at
work with GUI.
   When stop or reactivation is done from work and the console from remotely, it is possible to
do in the root user (The prompt shows and “#” It is command, and “% done by the root user”
shows the command that the ordinary user can do) by the following commands.
  Usage of shutdown                                                                            

  # shutdown -h now
  # shutdown -r now
                                                                                             
“-h ”Halt and “-r” is the options of reboot, and now shows operation at once. The part of now
can set the time that stops to specify time.

A.2     su Command
The su command is used to become another user after it logs it in in the ordinary user. The
environment variable also changes by the option “-l ”.
  Usage of su                                                                              

 % su
 % su -l
 % su sample
                                                                                                    

The exit command is used to end the user change. ...“-l ”.. note that the command should be
specified in the full path because passing doesn’t go to the command if the option is not specified
when changing to the root user (chkconfig, service, and ifconfig, etc.).

A.3     Run Level
There is a start level of orchis level in Linux. (It is the one in the start and the ordinary mode
in a safe mode in Windows like the start. ). The orchis level is actually changed and it starts
though the start is set with the start or GUI in CUI when Linux is installed. It understands if




                                               25
the table is seen, and shutdown (halt) and rebooting (reboot) have been achieved in shape of
running state.


                                      Table 2: Run level
 Run level   Name                  Description
    0        Halt                  Shutdown
    1        Single                Start only for root user
    2        No NFS                Start for multi-user without NFS
    3        Normal                Start for multi-user with CUI
    4        undefined              Not for use
    5        X Window System       Login with GUI; X Window System.
    6        Reboot                Reboot

    What actually happens because it changes this orchis level, the instruction executed by/etc/inittab
is only changed.
    When the orchis level when starting is changed, it only has to change the second figure that
exists in the following lines of/etc/inittab at a target orchis level. For instance, to change login
with CUI into login with GUI, as follows is done.
   /etc/inittab                                                                                     

 # id:3:initdefault:
 id:5:initdefault:
                                                                                                      

   To start OS from the beginning at the orchis levels other than default when the setting is
mistaken, it starts putting the figure at the orchis level on the prompt after the label of boot
when LILO is used as a boot loader. For instance,
  Boot with run-level on the prompt                                                            

   boot: linux 1
                                                                                                  
Then, it starts in the single user mode of the orchis level 1. The method of displaying the prompt
of the boot loader only has to push “C-x ”at the screen of LILO.
    When GRUB is used as a boot loader such as Fedora 4, it is possible to start at the orchis
levels other than default by the following procedures:
  1. When the grub password is set, press “p” key and input password. The countdown is
     started, press “Esc” key, and “e” key in addition to shift to the edit mode.
  2. The list of the following configuration file items of the selected title is displayed. Select the
     line started with “kernel” from among the displayed list, and press “e” key.
     Screen of grub                                                                                   

      root   (hd0, 0)
      kernel /vmlinuz-2.6.11-1.1369_FC4 ro root=LABEL=/ rhgb quiet
      initrd /initrd-2.6.11-1.1369_FC4.img
                                                                                                      

  3. It changes into the edit mode to the line. Move to the end of the line, and input “single ”
     with a space as follows. After input, press “Enter ” key to quit the edit mode.




                                                26
      Input single                                                                                   

       kernel /vmlinuz-2.6.11-1.1369_FC4 ro root=LABEL=/ rhgb quiet single
                                                                                                     
  4. Press “b ” key when returning to the grub screen. Linux starts in the single user mode.

A.4     Services
The demon of the program that does some processing (Generally, serving it might be called the
server, and calls the offered one as a result) according to it if it always stands by in the running
state, and there is a demand. The telnet, ssh, NIS, and NFS, etc. are raised.
    There are two kinds of the following in how to start the demon.

   • It starts independently as a process of the standalone.

   • It is started with a super-server when there is an incoming connection.

A.4.1    Surper Server
To always accept the connection demand from the client, the server should keep observing a
specific port usually. Therefore, the memory and the time of CPU are consumed so that
the process may reside. A super-server starts the corresponding process of the demon if it
observes on behalf of the connection demand for the services such as telnets and ftp, and
there is a demand. Server..connection..demand..provide..correspond..demon..start.. initializa-
tion..process..response..worsen..disadvantage.
    The telnet demon is a start by way of a super-server, and the ssh demon is a start by the
standalone. It is necessary to calculate the code key in the process of initialization in the ssh
demon. Therefore, whenever the incoming connection from the client comes in the start by way
of a super-server, the total of the code key. It is necessary to count, and the time lag from the
incoming connection from the client to the start is generated. Therefore, the ssh demon is a
start (It is possible not to start by way of a super-server) by the standalone.
    Xinetd that enhances inetd is used as a super-server in Vine Linux since inetd and Red Hat
Linux 7.0.

A.4.2    Start, Stop and Restart Servers
The start, the stop, and the reactivation of the server can be set by the following commands. (If
you are root and path is set, “/sbin/”can be omitted.)
  /etc/rc.d/init.d/¡server-program-name¿                                                         

 # /etc/rc.d/init.d/<server-program-name>            start
 # /etc/rc.d/init.d/<server-program-name>            stop
 # /etc/rc.d/init.d/<server-program-name>            restart
 # /etc/rc.d/init.d/<server-program-name>            reload
                                                                                                     

   Moreover, the sbin/service command can be used as follows (The same thing is internally
done).




                                                27
/sbin/service      server-program-name                                                              

 # /sbin/service      <server-program-name>       start
 # /sbin/service      <server-program-name>       stop
 # /sbin/service      <server-program-name>       restart
 # /sbin/service      <server-program-name>       reload
                                                                                                    

    For instance, when the demon program is reactivated “sshd ”the SSH server it, it inputs it
as follows.
 Restart sshd
    e.g.                                                                                       

 # /sbin/service sshd restart
                                                                                                    


A.4.3    Configuration of Server Status
The server that starts when OS starts by using the chkconfig command can be set.
  (If you are root and path is set, it is possible to omit it ..“/sbin/”)
 /sbin/chkconfig                                                                                     

 # /sbin/chkconfig
 # /sbin/chkconfig --list
 # /sbin/chkconfig <server-program-name> on
 # /sbin/chkconfig <server-program-name> --level 35 off
                                                                                                    

    According to circumstances, a necessary server might not be displayed with chkconfig –list. If
the start script is prepared, it is possible to add it to the entry by doing as follows/etc/rc.d/init.d/
as follows.
   Add an entry                                                                                         

 # /sbin/chkconfig --add <server-program-name>
                                                                                                    

    The chkconfig command actually only operates the entry of inetd or xinetd and the starting
script which is in the directory /etc/rc.d/init.d/.

A.4.4    Configuration of Super Server Status
The daemons, such as telnet daemon (in.telnetd) etc., are started by the super server. There
are two kinds of super-servers (inetd and xinetd). inetd is used by the distribution such as Vine
Linux, and xinetd is used by the distribution such as Fedora.
    The setting of automatic start of daemons on booting by inetd is in the file /etc/inetd.conf.
In inetd.conf, “#” at the head of line is a comment and almost daemons excluding telnet are
commentted out as default.
  inetd.conf                                                                                     

 34: #ftp        stream    tcp        nowait    root      /usr/sbin/tcpd      in.proftpd
 35: telnet      stream    tcp        nowait    root      /usr/sbin/tcpd      in.telnetd
                                                                                                    




                                                 28
For instance, it only has to end comment the line of in.telnetd of the 35th line of the inetd.conf
file when the telnet demon is stopped.
  inetd.conf                                                                                      

  34: #ftp       stream tcp         nowait root        /usr/sbin/tcpd     in.proftpd
  35: #telnet stream tcp            nowait root        /usr/sbin/tcpd     in.telnetd
                                                                                              
Restart inet, and configurations will be updated.
  Restart inet                                                                                

 # /sbin/service inet restart
 Stopping INET services: [ OK ]
 Starting INET services: [ OK ]
 Or,
 # /etc/rc.d/init.d/inet restart
 Stopping INET services: [ OK ]
 Starting INET services: [ OK ]
                                                                                              

    On the other hand, the setting of the automatic start of the demon by xinetd can be observed,
and be controlled easily by the chkconfig command as well as a usual server. However, when the
file /etc/xinetd.conf or the files in the directory /etc/xinetd.dss are changed, it is necessary to
restart xinetd.
  Restart xinetd                                                                                 

 # /sbin/service xinetd restart
 Stopping INET services: [ OK ]
 Starting INET services: [ OK ]
 Or,
 # /etc/rc.d/init.d/xinetd restart
 Stopping INET services: [ OK ]
 Starting INET services: [ OK ]
                                                                                              


A.5     Network Commands
A.5.1   ping
ping is a command to send a special packet named ICMP ECHO REQUEST to the specified
host. This special packet requests the host to reply. You can use this command as a confirmation
of network setting.
  Usage of ping                                                                                

 Send packets to specified host (input ‘‘C-c’’ to quit)
 % ping <host or IP>
 Quit after sending n packets
 % ping -c <n> <host or IP>
                                                                                              




                                              29
 Run ping
 e.g.                                                                                      

  % ping 192.168.0.239
  PING 192.168.0.239 (192.168.0.239) from 192.168.0.101 : 56(84) bytes of data.
  64 bytes of reply from 192.168.0.239: icmp_seq=0 ttl=255 time=261 ms
  64 bytes of reply from 192.168.0.239: icmp_seq=1 ttl=255 time=189 ms

  --- 192.168.0.239 ping status ---
  send 2, received 2, lost 0%
  Round-Trip min/ave/max/mdev = 0.189/0.225/0.261/0.036 ms
                                                                                          


A.5.2   netstat
netstat is a command to display the current network connections and the routing table informa-
tion.
  Usage of netstat                                                                            

 Show current user’s connections
 % netstat
 -n induces to also show IP addresses
 % netstat -n
 Show only conection-waiting (listen) sockets
 % netstat -l
 Show all users’ connections
 % netstat -a
 Show the status of network interfaces
 % netstat -i
 Show the routing table
 % netstat -r
                                                                                          

 Run netstat
 e.g.                                                                                      

  $ netstat
  Active internet connections (w/o server).
  Proto Receive-Q Send-Q Internal address          External address        Status
  tcp       0       20   192.168.0.101:ssh         192.168.0.239:4460      ESTABLISHED
  Active UNIX domain sockets (w/o server).
  Proto RefCnt Flag        Type       Status          I-node Path
  unix 5       [ ]         DGRAM                      728    /dev/log
  unix 3       [ ]         STREAM     CONNECTED       1400
  unix 3       [ ]         STREAM     CONNECTED       1399
  unix 2       [ ]         DGRAM                      857
  unix 2       [ ]         DGRAM                      807
  unix 2       [ ]         DGRAM                      737
  unix 2       [ ]         STREAM     CONNECTED       388
                                                                                          


A.5.3   telnet
telnet is a command to connect to the specified remote host.




                                             30
Usage of telnet                                                                                  

 % telnet <host> <port>
                                                                                                 


A.5.4    ifconfig
Usage of ifconfig                                                                                 

   # ifconfig [interface]
                                                                                                     
ifconfig is a command used to set the network interface recognized by the kernel. Especially on
booting, it is used to set the interface if necessary. If the argument is not given, ifconfig displays
the state in the interface that is active now. If one interface is given as an argument, only the
state in the interface is displayed. In case that there are two NIC and to which NIC eth0 and
eth1 are relating is unknown, use this command to confirm the hardware address (MAC address).
Three first digits of this hardware address are vender ID, so it can know either eth0 or eth1 with
this clue to go on.
 Run ifconfig
    e.g.                                                                                              
  # ifconfig
  eth0       Linkage:Ethernet           Hardware address 00:60:95:80:E0:5E
             inet address:192.168.0.101 Broadcast:192.168.0.255 Mask:255.255.255.0
  (Omitted)

  eth1        Linkage:Ethernet             Hardware address 00:90:27:3C:83:78
              inet address:192.168.11.1    Broadcast:192.168.11.255 Mask:255.255.255.0
  (Omitted)
                                                                                                 

To see MAC address vender ID
http://standards.ieee.org/regauth/oui/index.shtml
ex.INTEL vender ID is 00-09-27 (INTEL has other IDs)




                                               31
Appendix B How to Confirm Settings
   You should configure and confirm it step by step, or you will confuse which settings have
the problem. This section explains the key points that should be confirmed before going to next
step.

B.1    Confirm Network Connections
After IP addresses are set to each host, you may check the network connection. See section A.5.1
and ping between hosts with specifing IP address to confirm whether the reply comes.

B.2    Confirm Packet Filtering
To confirm the packet filtering rules, use the following command on Gateway.
  Show iptables setting                                                                            

 [root@gwhama /] # iptables -L
                                                                                                   

Note: It might be cracked when filtering outside packets is loose.

B.3    Confirm NIS
After the setting of NIS server and clients, information published by NIS is accessible for all
hosts by ypcat command.
 Use ypcat command to show password
   e.g.                                                                                         

 # ypcat passwd
                                                                                                   

   If the contents of file /etc/passwd.yp on In-Server (not on local) is shown by this command,
the setting is successful. The contents other than password can be confirmed, too, with this way.

B.4    Confirm DNS
If the setting of NIS is made well, the setting of DNS will be completed, too. Refer to paragraph
A.5.1 to ping among each host with specifying host name, and confirm whether the reply
comes.

B.5    Confirm NFS
Clients are able to mount the home directory of In-Server by the following commands, if the
NFS server is properly configured.
   command                                                                                 

 [root@clhama01 ~]# mount -t nfs svhama:/home/user1 /home/user1
                                                                                                   

Note: Do it after autofs stops.




                                               32
B.6    Confirm NTP
To confirm whether NTPs are exactly synchronized, you may on purpose move the clock of the
client for about 2 or 3 minutes.




                                           33
Appendix C How to Use vi Editer
   The text editor is used to edit configuration files.
   vi is widely used from the manager usage to the ordinary user’s document making as a
standard editor in UNIX. However, its usage is peculiar, and if you don’t know it, it is even
impossible to strike any character!
   This section easily explains the usage of such suspicious vi.

C.1    Command Mode and Insert Mode
vi has two states of the command mode and the input mode. You need to properly switch the
modes to operate vi. Note that vi starts with the command mode, but it is only the input mode
that can strike a character like an usual editor.
Insert Mode Inserts characters to the file. (works like a normal editor)

        • Inserts a character you typed, as usual.
        • Press “Esc” key to switch to the command mode.
Command Mode Executes commands, such as save, search, and so on.
   (For the detail, see table 3)
        • Starts with this mode.
        • Press “i” key to switch to the insert mode.

C.2    Run, Edit, Save and Exit
How to run is similar to an usual editor.
 Edit /etc/auto.home with vi
  e.g.                                                                                            

 # vi /etc/auto.home
                                                                                                 

    vi starts with the command mode. Press “i” key to switch to the input mode to edit the file.
After editing, press “Esc” key to return to the command mode. To save and quit, input “:qw”
in the command mode.

C.3    Basic Commands
Table 3 shows the commands often used.




                                              34
                    Table 3: Basic command in the command mode

  Category       Command                       Description
Save and quit    :q!                           Quit without saving
                 :wq                           Save and quit
                 :w                            Overwrite
                 :w < f ilename >              Save new file
                 :wq < f ilename >             Save new file and quit
  Move caret     h                             Move caret to left
                 j                             Move caret to down
                 k                             Move caret to up
                 l                             Move caret to right
                 0                             Move caret to the beginning of line
                 $                             Move caret to the end of line
                 :0                            Move caret to the beginning of file
                 :$                            Move caret to the end of file
                 :< linenumber >               Jump to specified line number
    Delete       x                             Delete one character
                 dd                            Delete one line
                 < number >dd                  Delete < number > lines from the current line
    Search       /< string >                   Search
                 ?< string >                   Search forward
                 n                             Next matched
                 N                             Previous matched
Copy and paste   v                             Change into character selecting mode
                 yy                            Copy the current line
                 dd                            Cut the current line
                 p                             Paste
   Replace       :%s/< seach >/< replace >/g   Replace all < search > into < replace > in the file
    etc.         u                             Undo




                                        35
Appendix D How to Install Linux
    This section explains a common setting to all hosts. It is enough to read only here to install a
client. But to install Gateway or In-Server, you need to do added tasks written in the installation
paragraph of their chapters.
    In recent operating systems, NIS, NFS, NTP and etc. can be setup on the installing time.
However, we recommend you to setup them after the installation so as to avoid troublesome
matters of version dependence.
    You should install the minimum packages. They can be added any time you need.

D.1      Fedora Core 4
D.1.1     Setup Host Names
A host name is a name of the computer to be brief. It is possible to access the host with its host
name instead of specifying IP address if the host name is known.
   An arbitrary name can be applied to the host name though there must not be repetition in
LAN.
   In this text, it explains assuming that the host names are set as shown in table 4.


                                Table 4: e.g. Host name settings
                                       Host     Host name
                                    Gateway       gwhama
                                    In-Server     svhama
                                     Client 1    clhama01
                                     Client 2    clhama02
                                         .
                                         .           .
                                                     .
                                         .           .



D.1.2     Organize Partitions
The partitions are made as shown in table 5. If partitions have already been made, delete
everything, and make new partitions.


                                   Table 5: Making partitions
 Name      Format        Size        Description
 /boot      ext3        100MB        It is required to boot OS.
                                     It is an area for OS to escape data overflowing from phys-
 /swap        -          256MB
                                     ical memory.
 /          ext3     all of remains It is a workspace for various applications or users.



D.1.3     Setup IP Addresses
     • Set IP address without DHCP.

     • Turn on the check of “Start when booting”.
     • Set 192.168.Y.1 for Gateway.




                                                36
   • Set 192.168.Y.2 for DNS server-1.

   • Do NOT activate SE Linux (A warning will be shown, but don’t care).
   • Do NOT activate Firewall

D.1.4   Select Packages to Install
All hosts need the following packages.
   • X Window System

   • GNOME Desktop Environment
   • Editor (vim-enhanced, Emacs)

   • Development Tools
   • X Software Development

   In addition, install the following packages into In-Server.
   • Server Setting Tools

   • DNS Name Server
   • Network Server (ypserv)

   • Legacy Network Server




                                               37
Appendix E Troubleshooting
   Write down troubles you faced during your installation and their solutions here.

E.1     Failure during OS Installation
There are something worng with Installation CD or a machine. In Fedora, CD verification is
available at the begining of the installation.

E.2     No ping Replies from Gateway
  1. Check that ping between the clients and ping from Gatway to others work properly.
  2. Check the configurations of packet filtering in Gateway.

  3. If ping with IP address is proper and with host name is not proper, then In-Server has a
     problem.

E.3     Cannot Login with Created User Account
Confirm if you confuse a local user (described in /etc/passwd file in each host) with a NIS user
(described in /etc/passwd.yp in In-Server. Re-make of NIS is required for each addition.)
    If it is certain to have added the user to NIS, there is a problem in NIS and it is likely to fail
in the collation of user information. Hasn’t the NIS client stopped, isn’t the mistake found in
the setting of the NIS server or cannot the client access to the NIS server?
    Login a client with root account, and check the following confirmations.
  1. Does ping to In-Server work properly?

  2. If it does, is ypcat available? (returns value you expected?)
  3. Otherwise, check the setting about NIS.

E.4     Cannot Find User’s /home after Login succeeded
When this error is shown, you may success to configure NIS setting and fail to configure NFS
setting. Stop autofs, and check if a client can mount /home directory provided by In-Server.
(refer to the section B.5).

E.5     ntpd downs itself automatically
When difference of time between the hosts is large even excessively (1000 seconds), ntpd erro-
neously terminates itself. Before starting the clients’ ntpd, adjust their clocks with ntpdate.
  Adjust local clock, using ntpdate (when ntpd stops)                                          

   [root@clhama01 ~]# ntpdate
                                                                                                        
It takes minutes to synchronize the clocks.




                                                 38

								
To top