TCPIP Networking by utg65734


									TCP/IP Networking
• Objectives
   – to learn how to integrate a RedHat system onto a TCP/IP network
• Contents
   –   the TCP/IP protocol suite
   –   IP addressing
   –   basic TCP/IP applications
   –   TCP/IP configuration files
• Practicals
   – working with TCP/IP utilities and files
• Summary
Overview of TCP/IP
• US DoD funded experimental network
  – supports inter-networks, inter-host communication
  – most popular UNIX networking protocols
• Three basic protocols
  TCP - a reliable session protocol: telnet, ftp
  UDP - low overhead sessionless: NFS, NIS, DNS, routing
  IP - Network layer protocol, sessionless, base of TCP and UDP

                     network                        gateway

Internet Protocol Address
• All networked systems need a unique IP address
     – address has four dot separated numbers (each 0 - 255)
     – IP address mapped to hardware using ARP or RARP protocols
• Companies allocated a site address by NIC
     – allocated class A B or C address ranges
     – local administrator allocates individual host numbers
• Some address values reserved
         0 not used
       255 reserved for broadcasts
•   Network address of 127 is reserved for loopback
•   Network address of 10 is reserved for internal networks
•   Network addesss of 172.16 is reserved for internal networks
•   Network addesss of 192.168 is reserved for internal networks
IP Address Format
                      network                   24 bit host address
 Class A
 Addresses       0     7 bits          8 bits        24 bits

network addresses in range      0 - 126
                          16 bit network                   16 bit host address
 Class B
 Addresses       10              14 bits                        16 bits

network addresses in range      128.0 - 191.254
                                    24 bit network                        8 bit host
 Class C
 Addresses        110                      21 bits                         8 bits

 network addresses in range     192.0.0 - 223.254.254
Defining IP Addresses
• Traditionally IP address defined in /etc/hosts
   – one line per known host defining IP address hostname and aliases
   – if last line is a + then NIS is being used
   – hostnames are limited to 8 characters
• Larger sites use DNS (Domain Name Services)
   – one or more hosts on the network maintain all IP addresses
   – individual hosts request addresses as needed
   – address cached locally to optimise DNS

       # more /etc/hosts            localhost.localdomain
                            localhost         mash4077       loghostmailhost         rosies         printserver             seoul
Analyze Network Interface Configuration
• Use ifconfig to view network interfaces
     – use the -a option to list all configured interfaces

# ifconfig -a
eth0    Link encap:Ethernet HWaddr 00:50:04:50:61:98
        inet addr: Bcast: Mask:
        RX packets:59078481 errors:0 dropped:0 overruns:84 frame:0
        TX packets:53902612 errors:0 dropped:0 overruns:0 carrier:0

lo      Link encap:Local Loopback
        inet addr: Mask:
       UP LOOPBACK RUNNING MTU:16436 Metric:1
        RX packets:22596609 errors:0 dropped:0 overruns:0 frame:0
        TX packets:22596609 errors:0 dropped:0 overruns:0 carrier:0
# ifconfig eth0 down
# ifconfig eth0 up
Network Interface Configuration
• Use ifconfig to configure the network interface
     # ifconfig eth0 netmask up

• Permanent changes in /etc/sysconfig/network-scripts
     Files named like: ifcfg-eth0 STATIC settings: DEVICE=eth0
       DHCP settings: DEVICE=eth0                  USERCTL=no
                         BOOTPROTO=dhcp            BOOTPROTO=none
                         ONBOOT=yes                BROADCAST=
•   Alias interfaces
        # Ifconfig eth0:0
     Permanent changes in /etc/sysconfig/network-scripts/ifcg-eth0:0
     With DEVICE=eth0:0

• Releasing/Renewing IP adresses
     ifdown eth0 / ifdown eth0
Routing information
• Use route to get/manipulate network routing
   –   Route table netstat –r(n) or route
   –   Routes to all directly connected networks are created automatic
   –   To add a net-route: route add –net gw
   –   To delete a net-route: route del –net gw
• Redhat can hande RIP/OSPF + traffic shaping
   Metric value for priority if different value or round robin if same:
     route add –net netmask gw metric 10
     route add –net netmask gw metric 10
   Detete the route:
     route del –net netmask

# route
Kernel IP routing table
Destination     Gateway           Genmask           Flags   Metric   Ref   Use   Iface      *          U       0        0       0   eth3      *            U       0        0       0   eth2     *            U       0        0       0   eth0     *            U       0        0       0   eth1       *                U       0        0       0   lo
default           UG      0        0       0   eth3
Routing information configuration
• Use route to configure the defaultrouter
                              # route add default gw eth0

• Permanent changes in /etc/sysconfig/
   Files named network:       GATEWAYDEV=eth0
• Using several routes
      # route add -net netmask gw eth0
   Permanent changes in /etc/sysconfig/static-routes
               eth0 net netmask gw
   Or better use /etc/rc.d/rc.local
            route add -net netmask gw eth0
Adding/Removing NIC’s
•   Adding NIC
    1. Before going further, find out current NIC-order
       a) By physical inspection, pinging and moving cables.
       b) Look in /etc/modprobe.conf or find NIC modules with lsmod and ksyms –m or
       –am Kernel key symbol is exported like [3c59x] for 3c905 boards.
       c) Modify /etc/modprobe.conf to reflect your wished NIC order.
    2. Look if new NIC needs to be added in kernel or kernel need patch. If that is the
       case, recompile kernel and do step 1 again!
    3. Power off the host
    4. Insert the new NIC
    5. If you are lucky, kudzu will find the new NIC and add it for you, you will be
       asked configuration parameters.
        NOTE! Kudzu can destroy current configuration in /etc/modprobe.conf and
       change Nic order.
    6. If everything goes well you can now goto step 1 once again to check out your
       NIC order. If you are satisfied it is time to do NIC configuration permanent.

    Removing NIC, you basically do the same steps but you now remove support,
      kudzu will detect NIC removal and you can remember its configuration.
Changing NIC parameters
• Use mii-tool to view NIC settings
  # mii-tool –v
  [steen@lina sysconfig]$ mii-tool -v | more
  eth0: negotiated 100baseTx-FD, link ok
    product info: vendor 00:10:18, model 18 rev 0
    basic mode: autonegotiation enabled
    basic status: autonegotiation complete, link ok
    capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
    advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
    link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-
• Using mii-tool to force 100MBit/s Full Duplex
   # mii-tool -F 100baseTx-FD eth0

• Making changes permanent /etc/rc.d/rc.local
Nameservers for non nameserver hosts
• Nameservers are stored in /etc/resolv.conf
   General format:   domain
                     nameserver ip 2
                     nameserver ip 1
                     nameserver ip 3

   Nameserver        The nameservers to query for names
   Domain            My domain, my host is added to this domain.
   Search            A space delimited list of max six key domains to add hostnames
                     to in the query if domain is missing.
   Options           rotate round robin Nameserver list
                     timeout:n      default is 30 seconds
                     attempts:n default is 3 or 4
• Searchorder for finding hosts are stored in /etc/host.conf
                       order hosts,bind
• Name Service Switch config file /etc/nsswitch.conf
                       Hosts: files dns
Looking at Network Statistics
• Use netstat to get network status information
    – use -a to view all sockets
    – use -i to view interfaces
    – use -rn to view routing statistics

# netstat -i
Kernel Interface table
eth0 1500 0     59098394 0      0      84       53924429 0      0      0      BRU
lo    16436 0   22598046 0      0      0        22598046 0      0      0      LRU
Looking for a System
• The simplest TCP/IP utility is ping which sends a message
  to a host and waits for a reply
  – the host can be specified as a name or an IP address
   $ ping –c1 gkse1
   PING ( from : 56(84) bytes of data.
   64 bytes from ( icmp_seq=0 ttl=64 time=1.119 mse

   --- ping statistics ---
   1 packets transmitted, 1 packets received, 0% packet loss
   round-trip min/avg/max/mdev = 1.119/1.119/1.119/0.000 ms
   $ ping ulf2
   PING ( from : 56(84) bytes of data.
   From ( Destination Host Unreachable

   --- ping statistics ---
   1 packets transmitted, 0 packets received, +1 errors, 100% packet loss
   $ ping dude
   ping: unknown host dude
Network layer 2
• To see if you have contact with network layer 2
    – use ifconfig
        Shows if interfaces are up
    – use arp
        Shows the local arp cache
• Manipulate with arp cache
    – Add static route
        To secure system and increase network speed
    – Flush arp cache
        If you have stale arp entries
    – Delete entry in arp cache
        Remove faulty entries
# arp –s 00:0B:5F:12:81:00
# arp –d
# arp
Address               HWtype   HWaddress           Flags Mask   Iface   ether    00:0B:5F:12:81:00   C            eth3     ether    00:06:5B:1A:84:11   C            eth3
Telnet & local name resolution
• The Telnet command is used to connect to another
  machine over a TCP/IP network
   – a connection is established and the user logs on as normal
   – chkconfig telnet on
   – telnet is a xinetd demon service: /etc/xinetd.d/telnet
    $ uname -n
    $ telnet a02
    My RedHat linux server!
    login: hawkeye
    Welcome to Uncle Sam's wonderful world of Unix
    Remember the bar never closes!
    $ uname -n

• Local name resolution is in /etc/hosts
     # cat /etc/hosts          localhost.localdomain   localhost        a01 a01     # This host IP address! a02     # Other important hosts a03 a04 a05 a06
• The SSH command is used to connect to another machine
  over a TCP/IP network
  – a connection is established and the user logs on as normal
  – chkconfig - -add ssh implements ssh
  – ssh config sit in: /etc/ssh and run as stand alone server

    $ hostname
    $ chkconfig -–list sshd
    sshd 0:off 1:on 2:on 3:on           4:on   5:on   6:off
    $ ssh –l peter a01
    $ hostname

  – ssh is standard in RedHat 9
File Transfer Protocol
• FTP is an interactive utility for network file transfer
   – login to remote host supplying username and password
   – Client/Server concept
• Restrict FTP access using /etc/vsftpd/vsftpd.ftpusers file
   – FTP access is denied to users named in this file

        $ ftp a01
        Connected to a01
        Name (a01:hawkeye):
        ftp> get file2 about the transfer...
        ftp> put /etc/hosts /tmp/mash.hosts about the transfer...
        ftp> bye

• Configure vsftpd using /etc/vsftpd/vsftpd.conf file
• Two kinds of ftp servers: private ftp and anonymous ftp
File Transfer Protocol
Berkeley R Utilities & the new S Utilities
• The Unix (or Berkeley) r utilities provide an alternative to IP facilities
  telnet and ftp.
• Three programs:
     rlogin hostname                         remote login
     rsh hostname command                    remote command
     rcp [host:]file [host:]file             remote copy, from to
     scp user1@host:file user2@host:file     secure copy, from to
     ssh hostname                            remote command
     rdist                                   remote distrubtuion
• For R family: passwords not required if .rhosts files configured
   – friendly hosts defined for all normal users in /etc/hosts.equiv
   – users may add to this list in $HOME/.rhosts
• For S family: you need to exchange keys (RedHat 9+ default)
   – Users may add friendly hosts in $HOME/.ssh/authorized_keys
   – Keys must be give to you from remote host $HOME/.ssh/
   – Keys generated with ssh-keygen –t rsa
Exercise - Who has Remote Access
• Here are three files from mash4077
         # more /etc/hosts.equiv
         # more /.rhosts
         # /home/hawkeye/.rhosts
         division bfpierce

•   Can root on seoul copy files to/from mash4077?
•   Can hawkeye on seoul run commands on mash4077?
•   Can hawkeye on rosies run commands on mash4077?
•   Can root on mash4077 copy files to/from rosies?
•   Can bfpierce on division copy files to mash4077?
•   Can root on seoul login to mash4077?
Remote shells
• The rsh (remsh) command
  –   run a command on a named host
  –   standard I/O can be redirected as normal
  –   /etc/profile and .profile not executed
  –   requires /etc/hosts.equiv or $HOME/ .rhosts file to be configured

        From a02 or a03 you issue the commands below:
           $ whoami
           $ rsh a01 ls -l
  ls –l as trapper on a01 output..
           $ rsh a01 ls -l > list.a01
           file list.a01 created on local system
           $ rsh a01
           ...same as rlogin...
           $ rsh –l hawkeye a01
           ...same as rlogin –l hawkeye...
Remote distribution -rdist
• The rdist command
  – replicating/maintain identical copies of files over multiple hosts
  – relies on rlogin and rsh
  – can use ssh as transport for secure mode
  – rdist is client software and rdistd is server software
  – the server rdistd is started via rsh or ssh on the server
  – R-family rsh requires: /etc/hosts.equiv or $HOME/ .rhosts file to be
  – S-family ssh requires: $HOME/.ssh/ to be copied from remote
  – Uses a special file Distfile for updating and maintaining files
  – Can syslog to /var/log/messages file

• The rdist command is RedHat standard
Remote distribution –preparation
•   Pepare a master-server and a client files to replicate
    1. Logins must be done without password on clients, or rdist fails.
    2. With R-Family: setup server and clients like on page 22 in this chapter.
    3. With S-Family: Generate keys and distribute server keys to all clients, look
    4. S-Family: Enable ssh root-logins on all clients.
    5. Create a Distfile with files and directories to update on your clients with.
•   Enable root logins (trusted enviroment only) on all
    1. sshd config file: /etc/ssh/sshd_config:
        PermitRootLogin yes
        AuthorizedKeysFile           .ssh/authorized_keys
Remote distribution –preparation test
•   Generate server private and public keys:
    1. As root generate server keys on server:
        # ssh-keygen –t rsa
    2. Copy keys to identity files:
        # cd .ssh ; cp id_rsa identity ; cp
•   Distribute public keys to clients:
    1. Create client private and public keys:
        # ssh <client ip> ssk-keygen –t rsa
    2. Distribute server public key to all your clients (they need /root/.ssh catalog):
        # scp <client ip>:.ssh/authorized_keys
•   As root on the server, test root password-less login
    rights to all of the nodes/clients by:
       # ssh node01 date
       sat dec 12 14:52:55 CET 2004
Remote distribution -Distfile
• Used to specify how replication should take place
• The Distfile format:
    <variable name> `=' <name list>
    [ label: ] <source list> `->' <destination list> <command list>
    [ label: ] <source list> `::' <time_stamp file> <command list>

    The label is optional.
    HOSTS is in our example all hosts and logins that FILES can be
    replicated to/from
    ${FILES} -> ${HOSTS} sends files to list of hosts.
    /usr/src/bin -> arpa sends catalog with contents to host arpa
    Commands list is instrcution howto install/operate with lists/files
Remote distribution –execute rdist
•    Create some testfiles to distribute among clients.
        # vi /etc/my-rdist-testfile
        This is the rdist test file!
•    Create a Distfile

                NODES = ( a01 a02 a03 a04 )
                ETCFILES = ( /etc/my-rdist-testfile )
                ${ETCFILES} -> ${NODES}

    This file willl replicate the ETCFILES onto all the NODES.
•    Replicate the files using rdist together with SSH

    # /usr/local/bin/rdist -P /usr/local/bin/ssh -p /usr/local/bin/rdistd -f /etc/Distfile

     You may want to run this command every night on your master-server by using the crontab
Internetwork demon Configuration
• Internet facilities controlled by the internet daemon
   – /usr/sbin/xinetd
   – started up from /etc/inittab
• xinetd controlled by configuration file /etc/xinetd.conf
   – Tells where facilities/service catalog sit
   – Set mandatory facility/service configuration and logging
   – Former name was inetd.conf and inetd demon
• Services configuration files /etc/xinetd.d/
   Telnet example:
         service telnet
                 disable = no
                 flags              = REUSE
                 socket_type        = stream
                 wait               = no
                 user               = root
                 server             = /usr/sbin/in.telnetd
                 log_on_failure     += USERID
• Unix systems use TCP/IP for networking
• Every host on the network must have a unique
  IP address
• The file /etc/hosts maps names into IP
  addresses for network utilities
• Systems using DNS don't keep local host files
• Unix supports standard TCP/IP programs
  such as ping, telnet and ftp
• Unix provides its own equivalents (rlogin,
  rcp/scp, rsh and rdist) which use .rhosts files
• Unix uses several TCP/IP configuration files in
  /etc (xinetd.conf, services, etc.)

To top