Linux Networking This Tutorial Covers TCP/IP Networking And

Linux Tutorial - Linux Network Administration

YoLinux Tutorial - Linux Networking

This tutorial covers TCP/IP networking and system configuration basics. Linux can support multiple network devices. The device names are numbered and begin at zero and count upwards. For example, a computer running two ethernet cards will have two devices labeled /dev/eth0 and /dev/eth1. Contents: Configuration files Red Hat Linux network GUI configuration tools. Assigning an IP address Activating and De-Activating your NIC Subnets Enable Forwarding Adding a network interface card (NIC) Route VPN, Tunneling Usefull Linux networking commands inetd/xinetd: Network Socket Listener Daemons RPC: Remote Procedure Call. (portmapper) PAM: Network Wrappers. ICMP protocol. Network Monitoring Tools IDS: Intruder Detection System - SNORT Living in a MS/Windows world Related Links Other YoLinux Networking Tutorials: Setting up an internet gateway for home or office using iptables Modem dial-up: Configuring PPP dial up connections to an ISP Dialing Compuserve Dialing AOL Configuring PPP dial-in connections DNS Name server configuration DHCP server configuration: Dynamic Host Configuration Protocol Internet/Network Security Security Tools and Hacker Tools

TCP/IP Network Configuration Files: File: /etc/resolv.conf - resolver configuration file search name-of-domain.com - Name of your domain or ISP's domain if using their name server nameserver XXX.XXX.XXX.XXX - IP address of primary name server nameserver XXX.XXX.XXX.XXX - IP address of secondary name server

This configures Linux so that it knows which DNS server will be resolving domain names into IP addresses. If using DHCP client, this will automatically be sent to you by the ISP and loaded into this file as part of the DHCP protocol. If using a static IP address, ask the ISP or check another machine on your network. File: /etc/hosts - locally resolve node names to IP addresses 127.0.0.1 your-node-name.your-domain.com localhost.localdomain localho st XXX.XXX.XXX.XXX node-name

Note when adding hosts to this file, place the fully qualified name first. (It helps sendmail identify your server correctly) i.e.: XXX.XXX.XXX.XXX superserver.yolinux.com superserver This informs Linux of local systems on the network which are not handled by the DNS server. (or for all systems in your LAN if you are not using DNS or NIS) /etc/sysconfig/network Red Hat network configuration file used by the system during the boot process. /etc/nsswitch In the past this file has had the following names: /etc/nsswitch.conf, /etc/svc.conf, /etc/netsvc.conf, ... depending on the distribution. File: /etc/nsswitch.conf - System Databases and Name Service Switch configuration file hosts: files dns nisplus nis

This example tells Linux to first resolve a host name by looking at the local hosts file(/etc/hosts), then if the name is not found look to your

DNS server as defined by /etc/resolv.conf and if not found there look to

your NIS server. File: /etc/sysconfig/network-scripts/ifcfg-eth0 Configuration settings for your first ethernet port (0). Your second port is eth1. File: /etc/modules.conf (or for older systems: /etc/conf.modules) Example statement for Intel ethernet card: alias eth0 eepro100

Modules for other devices on the system will also be listed. This tells the kernel which device driver to use if configured as a loadable module. (default for Red Hat)

Fedora / Red Hat Network GUI Configuration Tools: The following GUI tools edit the system configuration files. There is no difference in the configuration developed with the GUI tools and that developed by editing system configuration files directly. TCP/IP ethernet configuration: Network configuration: /usr/sbin/system-config-network (FC-2/3) GUI shown here ---> /usr/bin/redhat-config-network (/usr/bin/neat) (RH 7.2+ FC-1) Text console configuration tool: /usr/sbin/system-config-network-tui (Fedora Core 2/3) /usr/bin/redhat-config-network-tui (RH 9.0 - FC-1) Text console network configuration tool. First interface only - eth0: /usr/sbin/netconfig /usr/bin/netcfg (GUI) (last available with RH 7.1) Gnome Desktop: Gnome Desktop Network Configuration /usr/bin/gnome-network-preferences (RH 9.0 - FC-3) Proxy configuration. Choose one of three options: Direct internet connection Manual proxy configuration (specify proxy and port) Automatic proxy configuration (give URL)

Assigning an IP address: Computers may be assiged a static IP address or assigned one dynamically. Static IP address assignment: Choose one of the following methods: Command Line: /sbin/ifconfig eth0 192.168.10.12 netmask 255.255.255.0 broadcast 192.168.10 .255 Network address by convention would be the lowest: 192.168.10.0 Broadcast address by convention would be the highest: 192.168.10.255 The gateway can be anything, but following convention: 192.168.10.1 Note: the highest and lowest addresses are based on the netmask. The previous example is based on a netmask of 255.255.255.0 GUI tools: /usr/bin/neat Gnome GUI network administration tool. Handles all interfaces. Configure for Static IP or DHCP client. (First available with Red Hat 7.2.) /usr/bin/netcfg (Handles all interfaces) (last available in Red Hat 7.1) Console tool: /usr/sbin/netconfig (Only seems to work for the first network interface eth0 but not eth1,...) Directly edit configuration files/scripts. See format below. The ifconfig command does NOT store this information permanently. Upon reboot this information is lost. (Manually add the commands to the end of the file /etc/rc.d/rc.local to execute them upon boot.) The commands netcfg and netconfig make permanent changes to system network configuration files located in /etc/sysconfig/network-scripts/, so that this information is retained. The IANA has allocated IP addresses in the range of 192.168.0.0 to 192.168.255.255 for private networks. Helpful tools: Cisco's IP Subnet calculator CIDR Conversion table - CIDR values, masks etc.

The Red Hat configuration tools store the configuration information in the

file /etc/sysconfig/network. They will also allow one to configure routing

information. File: /etc/sysconfig/network Static IP address Configuration: (Configure gateway address) NETWORKING=yes HOSTNAME=my-hostname - Hostname is defined here and by command hostname FORWARD_IPV4=true - True for NAT firewall gateways and linux routers. Fa lse for everyone else - desktops and servers. GATEWAY="XXX.XXX.XXX.YYY" - Used if your network is connected to another network or the internet. Static IP configuration. Gateway not defined here fo r DHCP client.

OR for DHCP client configuration: NETWORKING=yes HOSTNAME=my-hostname - Hostname is defined here and by command hostname

(Gateway is assigned by DHCP server.) File: /etc/sysconfig/network-scripts/ifcfg-eth0 Static IP address configuration: DEVICE=eth0 BOOTPROTO=static BROADCAST=XXX.XXX.XXX.255 IPADDR=XXX.XXX.XXX.XXX NETMASK=255.255.255.0 NETWORK=XXX.XXX.XXX.0 ONBOOT=yes

OR for DHCP client configuration: DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp

(Used by script /etc/sysconfig/network-scripts/ifup to bring the various

network interfaces on-line) To disable DHCP change BOOTPROTO=dhcp to BOOTPROTO=none In order for updated information in any of these files to take effect, one

must issue the command: service network restart

Changing the host name: This is a three step process: Issue the command: hostname new-host-name Change network configuration file: /etc/sysconfig/network Edit entry: HOSTNAME=new-host-name Restart systems which relied on the hostname (or reboot): Restart network services: service network restart Restart desktop: Bring down system to console mode: init 3 Bring up X-Windows: init 5 One may also want to check the file /etc/hosts for an entry using the system name which allows the system to be self aware.

Network aliasing: Assign more than one IP address to one ethernet card: ifconfig eth0 XXX.XXX.XXX.XXX netmask 255.255.255.0 broadcast XXX.XXX.XXX. 255 ifconfig eth0:0 192.168.10.12 netmask 255.255.255.0 broadcast 192.168.10.2 55 ifconfig eth0:1 192.168.10.14 netmask 255.255.255.0 broadcast 192.168.10.2 55

route add -host XXX.XXX.XXX.XXX dev eth0 route add -host 192.168.10.12 dev eth0 route add -host 192.168.10.14 dev eth0 In this example 0 and 1 are aliases in addition to the regular eth0. The result of the ifconfig command: eth0 Link encap:Ethernet HWaddr 00:10:4C:25:7A:3F inet addr:XXX.XXX.XXX.XXX Bcast:XXX.XXX.XXX.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:14218 errors:0 dropped:0 overruns:0 frame:0 TX packets:1362 errors:0 dropped:0 overruns:0 carrier:0 collisions:1 txqueuelen:100 Interrupt:5 Base address:0xe400 eth0:0 Link encap:Ethernet HWaddr 00:10:4C:25:7A:3F inet addr:192.168.10.12 Bcast:192.168.10.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:5 Base address:0xe400 eth0:1 Link encap:Ethernet HWaddr 00:10:4C:25:7A:3F inet addr:192.168.10.14 Bcast:192.168.10.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:5 Base address:0xe400 Config file: /etc/sysconfig/network-scripts/ifcfg-eth0:0 DEVICE=eth0:0 ONBOOT=yes BOOTPROTO=static BROADCAST=192.168.10.255 IPADDR=192.168.10.12 NETMASK=255.255.255.0 NETWORK=192.168.10.0 ONBOOT=yes

Aliases can also be shut down independently. i.e.: ifdown eth0:0 The option during kernel compile is: CONFIG_IP_ALIAS=y (Enabled by default

in Redhat)

DHCP Linux Client: get connection info: /sbin/pump -i eth0 --status (Linux 7.1 and older) Device eth0 IP: 4.XXX.XXX.XXX Netmask: 255.255.252.0 Broadcast: 4.XXX.XXX.255 Network: 4.XXX.XXX.0 Boot server 131.XXX.XXX.4 Next server 0.0.0.0 Gateway: 4.XXX.XXX.1 Domain: vz.dsl.genuity.net Nameservers: 4.XXX.XXX.1 4.XXX.XXX.2 4.XXX.XXX.3 Renewal time: Sat Aug 11 08:28:55 2001 Expiration time: Sat Aug 11 11:28:55 2001

Activating and De-Activating your NIC: Commands for starting and stopping TCP/IP network services on an interface: Activate: /sbin/ifup eth0 (Also: ifconfig eth0 up - Note: Even if no IP address is assigned you can listen.) De-Activate: /sbin/ifdown eth0 (Also: ifconfig eth0 down) These scripts use the scripts and NIC config files in /etc/sysconfig/network-scripts/ GUI Interface control/configuration: Start/Stop network interfaces /usr/bin/system-control-network (Fedora Core 2/3) /usr/bin/redhat-control-network (RH 9.0 - FC-1) Configure Ethernet, ISDN, modem, token Ring, Wireless or DSL network connection: /usr/sbin/system-config-network-druid (FC2/3) /usr/sbin/redhat-config-network-druid (RH 9 - FC-1)

Subnets: MASK# OF SUBNETSCLASS A HOSTSCLASS A MASKCLASS B HOSTSCLASS B MASKCLASS C HOSTSCLASS C MASKCLASS C SUB HOSTSCLASS C SUB MASK 2551 or 25616,777,214255.0.0.065,534255.255.0.0254255.255.255.01 - Invalid255.255.255.255 25412833,554,430254.0.0.0131,070255.254.0.0510255.255.254.00 - Invalid255.255.255.254 2526467,108,862252.0.0.0262,142255.252.0.01,022255.255.252.02255.255 .255.252 24832134,217,726248.0.0.0524,286255.248.0.02,046255.255.248.06255.25 5.255.248 24016268,435,454240.0.0.01,048,574255.240.0.04,094255.255.240.014255 .255.255.240 2248536,870,910224.0.0.02,097,150255.224.0.08,190255.255.224.030255. 255.255.224 19241,073,741,822192.0.0.04,194,302255.192.0.016,382255.255.192.0622 55.255.255.192 12822,147,483,646128.0.0.08,388,606255.128.0.032,766255.255.128.0126 255.255.255.128 Binary position87654321 Value1286432168421 Example: 19211000000 Example 192=128+64 Some addresses are reserved and outside this scope. Loopback (127.0.0.1), reserved class C 192.168.XXX.XXX, reserved class B 172.31.XXX.XXX and reserved class A 10.XXX.XXX.XXX. Links: What's A Netmask And Why Do I Need One? Subnet Cheat Sheet Subnet calculator CIDR Converstion Table Table of subnets IP Subnetting, Variable Subnetting, and CIDR (Supernetting) CISCO.com: Subnet Masking and Addressing

Network Classes: The concept of network classes is a little obsolete as subnets are now used to define smaller networks. These subnets may be part of a class A, B, C, etc network. For historical reference the network classes are defined as follows: Class A: Defined by the first 8 bits with a range of 0 - 127. First number (8 bits) is defined by Internic i.e. 77.XXX.XXX.XXX One class A network can define 16,777,214 hosts. Class B: Defined by the first 8 bits with a range from 128 - 191 First two numbers (16 bits) are defined by Internic i.e. 182.56.XXX.XXX One class B network can define 65,534 hosts. Class C: Defined by the first 8 bits with a range from 192 - 223 First three numbers (24 bits) are defined by Internic i.e. 220.56.222.XXX One class B network can define 254 hosts. Class D: Defined by the first 8 bits with a range from 224 - 239 This is reserved for multicast networks (RFC988) Class E: Defined by the first 8 bits with a range from 240 - 255 This is reserved for experimental use.

Enable Forwarding: Turn on IP forwarding to allow Linux computer to act as a gateway or router. echo 1 > /proc/sys/net/ipv4/ip_forward Default is 0. One can add firewall rules by using ipchains. Another method is to alter the Linux kernel config file: /etc/sysctl.conf Set the following value: net.ipv4.ip_forward = 1

See file /etc/sysconfig/network for storing this configuration. FORWARD_IPV4=true

Change the default "false" to "true". All methods will result in a proc file value of "1". Test: cat /proc/sys/net/ipv4/ip_forward The TCP Man page - Linux Programmer's Manual and /usr/src/linux/Documentation/proc.txt (Kernel 2.2 RH 7.0-) [alt link] cover /proc/sys/net/ipv4/* file descriptions. To set up an internet gateway router using Linux, see the YoLinux tutorial

Using Linux and iptables/ipchains to set up an internet gateway for home or office.

Adding a network interface card (NIC): Manual method: This does not alter the permanent configuration and will only configure support until the next reboot. cd /lib/modules/2.2.5-15/net/ - Use kernel version for your system. This

example uses 2.2.5-15 Here you will find the modules supported by your system. It can be permanently added to /etc/modules.conf (or for older systems: /etc/conf.modules) Example: alias eth0 3c59x /sbin/insmod -v 3c59x (For a 3Com ethernet card) ifconfig ... The easy way: Red Hat versions 6.2 and later, ship with Kudzu, a device detection program which runs during system initialization. (/etc/rc.d/init.d/kudzu) This can detect a newly installed NIC and load the appropriate driver. Then use /usr/sbin/netconfig to configure the IP address and network settings. The configuration will be stored so that it will be utilized upon system boot. Systems with two NIC cards: Typically two cards are used when connecting to two networks. In this case the device must be defined using one of three methods: Use the GUI tool /usr/bin/netcfg OR Define network parameters in configuration files: Define new device in file /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 BOOTPROTO=static IPADDR=192.168.10.12 NETMASK=255.255.255.0 GATEWAY=XXX.XXX.XXX.XXX HOSTNAME=node-name.name-of-domain.com DOMAIN=name-of-domain.com

Special routing information may be specified, if necessary, in the file:

/etc/sysconfig/static-routes Example: eth1 net XXX.XXX.XXX.0 netmask 255.255.255.0 gw XXX.XXX.XXX.XXX OR Define network parameters using Unix command line interface: Define IP address: ifconfig eth0 XXX.XXX.XXX.XXX netmask 255.255.255.0 broadcast XXX.XXX.XXX.2 55 ifconfig eth1 192.168.10.12 netmask 255.255.255.0 broadcast 192.168.10.25 5 If necessary, define route with with the route command: Examples: route add default gw XXX.XXX.XXX.XXX dev eth0 route add -net XXX.XXX.XXX.0 netmask 255.255.255.0 gw XXX.XXX.XXX.XXX dev e th0 Where XXX.XXX.XXX.XXX is the gateway to the internet as defined by your ISP or network operator. If a mistake is made just repeat the route command substituting "del" in

place of "add".

Configuring your NIC: Speed and Duplex settings This is usually not necessary because most ethernet adapters can auto-negotiate link speed and duplex setting. List NIC speed and configuration: mii-tool eth0: negotiated 100baseTx-FD flow-control, link ok Verbose mode: mii-tool -v eth0: negotiated 100baseTx-FD flow-control, link ok product info: Intel 82555 rev 4 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control Set NIC configuration: mii-tool -F option OptionParameters -F100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD -A100baseT4 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD Query NIC with ethtool: CommandDescription ethtool -g eth0Queries ethernet device for rx/tx ring parameter information. ethtool -a eth0 Queries ethernet device for pause parameter information. ethtool -c eth0 Queries ethernet device for coalescing information. ethtool -i eth0 Queries ethernet device for associated driver information. ethtool -d eth0 Prints a register dump for the specified ethernet device. ethtool -k eth0 Queries ethernet device for offload information. ethtool -S eth0 Queries ethernet device for NIC and driver statistics. Man Pages: mii-tool - view, manipulate media-independent interface status ethtool - Display or change ethernet card settings

Route: Static routes: IP (Internet Protocol) uses a routing table to determine where packets should be sent. First the packet is examined to see if its' destination is for the local or remote network. If it is to be sent to a remote network, the routing table is consulted to determine the path. If there is no information in the routing table then the packet is sent to the default gateway. Static routes are set with the route command and with

the configuration file /etc/sysconfig/network-scripts/route-eth0 or (RH 7)

/etc/sysconfig/static-routes: 10.2.3.0/16 via 192.168.10.254 See command: /etc/sysconfig/network-scripts/ifup-routes eth0 Dynamic routes: RIP (Routing Information Protocol) is used to define dynamic routes. If multiple routes are possible, RIP will choose the shortest route. (Fewest hops between routers not physical distance.) Routers use RIP to broadcast the routing table over UDP port 520. The routers would then add new or improved routes to their routing tables. Man pages: route - show / manipulate the IP routing table (Static route) Examples: Show routing table: route -e Access individual computer host specified via network interface card eth1: route add -host 123.213.221.231 eth1 Access ISP network identified by the network address and netmask using

network interface card eth0: route add -net 10.13.21.0 netmask 255.255.255.0 gw 192.168.10.254 eth0

Conversly: route del -net 10.13.21.0 netmask 255.255.255.0 gw 192.168.10.254 eth0 Specify default gateway to use to access remote network via network interface card eth0: route add default gw 201.51.31.1 eth0 (Gateway can also be defined in /etc/sysconfig/network) Specify two gateways for two network destinations: (i.e. one external,

one internal private network. Two routers/gateways will be specified.)

Add internet gateway as before: route add default gw 201.51.31.1 eth0 Add second private network: route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.10.254 eth0 routed - network routing daemon. Uses RIP protocol to update routing table. ipx_route - show / manipulate the IPX routing table - IPX is the Novell networking protocol (Not typically used unless your office has Novell servers) ifuser - Identify destinations routed to a particular network interface.

VPN, Tunneling: Commercial VPN Linux software solutions - YoLinux CIPE: Crypto IP Encapsulation (Easiest way to configure two Linux gateways connecting two private networks over the internet with encryption.) CIPE Home page - CIPE is a simple encapsulation system that securely connects two subnets. VPN, Firewall, Gateway Mini How To - Keith Hasely The Linux Cipe+Masquerading mini-HOWTO - Anthony Ciaravalo Freeswan IPSec - An IPSec project for Linux (known as Freeswan and KLIPS). GRE Tunneling - Hugo Samayoa VPN HowTo - Matthew D. Wilson Linux VPN support - PPTP, L2TP, ppp over SSH tunnel, VPN support working

with 128-bit rc4 encryption. By Michael Elkins Installing and Running PPTP on Linux Tunnel Vision VPN for Linux - creates an encrypted VPN between two Tunnel Vision-capable sites. Linux VPN Masquerade Cerberus - An IPsec implementation for Linux L2TPD - Layer Two Tunneling Protocol. (For PPP) L2TP Extensions (l2tpext) Internet Drafts. Description of the CISCO VPN at Cal Tech - Supports Linux (kernel 2.2), Solaris, MS/Windows 95/98/ME/NT/2000, Mac OS X/7.6-9.x

Usefull Linux networking commands: /etc/rc.d/init.d/network start - command to start, restart or stop the

network netstat - Display connections, routing tables, stats etc List externally connected processes: netstat -punta List all connected processes: netstat -nap Show network statistics: netstat -s Kernel interface table info: netstat -a -i eth0 ping - send ICMP ECHO_REQUEST packets to network hosts. Use Cntl-C to stop ping. traceroute - print the route packets take to network host mtr - a network diagnostic tool - Like traceroute except it gives more network quality and network diagnostic info. whois - Lookup a domain name in the internic whois database. finger - Display information on a system user. i.e. finger user@host Uses $HOME/.plan and $HOME/.project user files. Often used by game developers. See http://finger.planetquake.com/ ipchains - IP firewall administration tcpdump - dump traffic on a network iptraf - Interactive Colorful IP LAN Monitor socklist - Display list of open sockets, type, port, process id and the name of the process. Kill with fuser or kill. nslookup - Give a host name and the command will return IP address. Also

see Testing your DNS (YoLinux Tutorial) Note that nslookup does not use the /etc/hosts file. host - Give a host name and the command will return IP address. Unlike nslookup, the host command will use both /etc/hosts as well as DNS. nmap - Network exploration tool and security scanner List pingable nodes on network: nmap -sP 192.168.0.0/24 Scans network for IP addresses 192.168.0.0 to 192.168.0.255 using ping.

inetd/xinetd: Network Socket Listener Daemons: The network listening daemons listen and respond to all network socket connections made on the TCP/IP ports assigned to it. The ports are defined by the file /etc/services. When a connection is made, the listener will attempt to invoke the assigned program and pipe the data to it. This simplified matters by allowing the assigned program to read from stdin instead of making its own sockets connection. The listener hadles the network socket connection. Two network listening and management daemons have been used in Red Hat Linux distributions: xinetd: Red Hat 7.0+ inetd: All previous versions inetd: Configuration file: /etc/inetd.conf Entries in this file consist of a single line made up of the following fields: service socket-type protocol wait user server cmdline service: The name assigned to the service. Matches the name given in the file /etc/services socket-type: stream: connection protocols (TCP) dgram: datagram protocols (UDP) raw rdm seqpacket protocol: Transport protocol name which matches a name in the file /etc/protocols. i.e. udp, icmp, tcp, rpc/udp, rpc/tcp, ip, ipv6 wait: Applies only to datagram protocols (UDP). wait[.max]: One server for the specified port at any time (RPC) nowait[.max]: Continue to listen and launch new services if a new connection is made. (multi-threaded) Max refers to the maximum number of server instances spawned in 60 seconds. (default=40) user[.group]: login id of the user the process is executed under. Often nobody, root or a special restricted id for that service. server: Full path name of the server program to be executed. cmdline: Command line to be passed to the server. This includes argument 0 (argv[0]), that is the command name. This field is empty for internal services. Example of internal TCP services: echo, discard, chargen (character generator), daytime (human readable time), and time (machine readable time). (see RFC) Sample File: /etc/inetd.conf #echo stream tcp nowait root internal #echo dgram udp wait root internal ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a #pop-3 stream tcp nowait root /usr/sbin/tcpd ipop3d #swat stream tcp nowait.400 root /usr/sbin/swat swat

A line may be commented out by using a '#' as the first character in the

line. This will turn the service off. The maximum length of a line is 1022 characters. The inet daemon must be restarted to pick up the changes made to the file: /etc/rc.d/init.d/inetd restart For more information see the man pages "inetd" and "inetd.conf". xinetd: Extended Internet Services Daemon Xinetd has access control machanisms, logging capabilities, the ability to make services available based on time, and can place limits on the number of servers that can be started, redirect services to different ports and network interfaces (NIC) or even to a different server, chroot

a service etc... and thus a worthy upgrade from inetd. Use the command chkconfig --list to view all system services and their state. It will also list all network services controlled by xinetd and their respective state under the title "xinetd based services". (Works for xinetd (RH7.0+) but not inetd) The xinetd network daemon uses PAM also called network wrappers which invoke the /etc/hosts.allow and /etc/hosts.deny files. Configuration file: /etc/xinetd.conf which in turn uses configuration files found in the directory /etc/xinetd.d/. To turn a network service on or off: Edit the file /etc/xinetd.d/service-name Set the disable value: disable = yes or disable = no Restart the xinetd process using the signal: SIGUSR1 (kill -SIGUSR1 process-id) - Soft reconfiguration does not terminate existing connections. (Important if you are connected remotely) SIGUSR2 - Hard reconfiguration stops and restarts the xinetd process. (Note: Using the HUP signal will terminate the process.) OR Use the chkconfig command: chkconfig service-name on (or off) This command will also restart the xinetd process to pick up the new configuration. The file contains entries of the form: service service-name { attribute assignment-operator value value ...... { Where: attribute: disable: yes no type: RPC INTERNAL: UNLISTED: Not found in /etc/rpc or /etc/services id: By default the service id is the same as the service name. socket_type: stream: TCP dgram: UDP raw: Direct IP access seqpacket: service that requires reliable sequential datagram transmission flags: Combination of: REUSE, INTERCEPT, NORETRY, IDONLY, NAMEINARGS, NODELAY, DISABLE, KEEPALIVE, NOLIBWRAP. See the xinetd man page for details. protocol: Transport protocol name which matches a name in the file /etc/protocols. wait: no: multi-threaded yes: single-threaded - One server for the specified port at any time (RPC) user: See file : /etc/passwd group: See file : /etc/group server: Program to execute and recieve data stream from socket. (Fully qualified name - full pathe name of program) server_args: Unlike inetd, arg[0] or the name of the service is not passed. only_from: IP address, factorized address, netmask range, hostname or network name from file /etc/networks. no_access: Deny from ... (inverse of only_from) access_times port: See file /etc/services Also: log_type, log_on_success, log_on_failure (Log options: += PID,HOST,USERID,EXIT,DURATION,ATTEMPT and RECORD), rpc_version, rpc_number, env, passenv, redirect, bind, interface, banner, banner_success, banner_fail, per_source, cps, max_load, groups, enabled, include, includedir, rlimit_as, rlimit_cpu, rlimit_data, rlimit_rss, rlimit_stack. The best source of information is the man page and its many examples. assignment-operator: = +=: add a value to the set of values -=: delete a value from the set of values Then restart the daemon: /etc/rc.d/init.d/xinetd restart Example from man page: Limit telnet sessions to 8 Mbytes of memory and a

total 20 CPU seconds for child processes. service telnet { socket_type = stream wait = no nice = 10 user = root server = /usr/etc/in.telnetd rlimit_as = 8M rlimit_cpu = 20 }

[Pitfall] Red Hat 7.1 with updates as of 07/06/2001 required that I restart the xinetd services before FTP would work properly even though xinetd had started without failure during the boot sequence. I have no explanation as to why this occurs or how to fix it other than to restart

xinetd: /etc/rc.d/init.d/xinetd restart. Man Pages: xinetd xinetd.conf xinetd.log tcpd For more info see: macsecurity.org: xinetd tutorial - by curator LinuxFocus.org: xinetd - Frederic Raynal RedHat.com: Controlling Access to Services http://www.xinetd.org See RFC's: 862, 863, 864, 867, 868, 1413. man page xinetd, xinetd.conf, xinetd.log

RPC: Remote Procedure Calls (Portmapper) Portmpper is a network service required to support RPC's. Many services such as NFS (file sharing services) require portmapper. List RPC services supported: [root]# rpcinfo -p localhost Starting portmap server: /etc/rc.d/init.d/portmap start service portmap start Man Pages: portmap rpcinfo pmap_set pmap_dump PAM: Network Wrappers: Pluggable Authentication Modules for Linux (TCP Wrappers) This system allows or denies network access. One can reject or allow specific IP addresses or subnets to access your system. File: /etc/hosts.allow in.ftpd:208.188.34.105 This specifically allows the given IP address to ftp to your system. One can also specify an entire domain. i.e. .name-of-domain.com Note the beginning ".". File: /etc/hosts.deny ALL:ALL This generally denies any access. See the pam man page. File: /etc/inetd.conf ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a

The inet daemon accepts the incoming network stream and assigns it to the PAM TCP wrapper, /usr/sbin/tcpd, which accepts or denies the network connection as defined by /etc/hosts.allow and /etc/hosts.deny and then passes it along to ftp. This is logged to /var/log/secure

Advanced PAM: More specific access can be assigned and controlled by controlling the level of authentication required for access. Files reflect the inet service name. Rules and modules are stacked to achieve the level of security desired. See the files in /etc/pam.d/... (some systems use /etc/pam.conf) The format: service type control module-path module-arguments auth - (type) Password is required for the user nullok - Null or non-existatant password is acceptable shadow - encrypted passwords kept in /etc/shadow account - (type) Verifies password. Can track and force password changes. password - (type) Controls password update retry=3 - Sets the number of login attempts minlen=8 - Set minimum length of password session - (type) Controls monitoring Modules: /lib/security/pam_pwdb.so - password database module /lib/security/pam_shells.so - /lib/security/pam_cracklib.so - checks is password is crackable /lib/security/pam_listfile.so After re-configuration, restart the inet daemon: killall -HUP inetd For more info see: Wietse's Papers Pluggable Authentication Modules for Linux (PAM) Home Page

ICMP: ICMP is the network protocol used by the ping and traceroute commands. ICMP redirect packets are sent from the router to the host to inform the host of a better route. To enable ICMP redirect, add the following line to

/etc/sysctl.conf : net.ipv4.conf.all.accept_redirects = 1

Add the following to the file: /etc/rc.d/rc.local for f in /proc/sys/net/ipv4/conf/*/accept_redirects do echo 1 > $f done

Command to view Kernel IP routing cache: /sbin/route -Cn NOTE: This may leave you vulnerable to hackers as attackers may alter your

routes.

Blocking ICMP and look invisible to ping: The following firewall rules will drop ICMP requests. Iptables: iptables -A OUTPUT -p icmp -d 0/0 -j DROP Ipchains: ipchains -A output -p icmp -d 0/0 -j DENY OR drop all incomming pings: echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all This is sometimes necessary to look invisible to DOS (Denial Of Service) attackers who use ping to watch your machine and launch an attack when it's pressence is detected

Network Monitoring Tools: Ethereal - Network protocol analyzer. Examine data from a live network. RPM's required: ethereal-0.8.15-2.i386.rpm - Red Hat 7.1 Powertools CD RPM ucd-snmp-4.2-12.i386.rpm - Red Hat 7.1 binary CD 1 ucd-snmp-utils-4.2-12.i386.rpm - Red Hat 7.1 binary CD 1 Also: gtk+, glib, glibc, XFree86-libs-4.0.3-5 (base install) There is an error in the ethereal package because it does not show the

snmp libraries as a dependancies, but you can deduce this from the errors that you get if the ucd-snmp libraries are not installed. EtherApe - Graphical network monitor for Unix modeled after etherman. This is a great network discovery program with cool graphics. (Red Hat Powertools CD 7.1) Gkrellm - Network and system monitor. Good for monitoring your workstation. (Red Hat Powertools CD) IPTraf - ncurses-based IP LAN monitor. (Red Hat Powertools CD) Cheops - Network discovery, location, diagnosis and management. Cheops can identify all of the computers that are on your network, their IP address, their DNS name, the operating system they are running. Cheops can run a port scan on any system on your network. (Red Hat Powertools CD) ntop - Shows network usage in a way similar to what top does for processes. Monitors how much data is being sent and received on your network. (Red Hat Powertools CD) MRTG - Multi Router Traffic Grapher - Monitor network traffic load using

SNMP and generate an HTML/GIF report. (See sample output) scotty - Obtain status and configuration information about your network.

Supports SNMP, ICMP, DNS, HTTP, SUN RPC, NTP, & UDP. (Red Hat Powertools

CD) Big Brother - Monitoring ans services availablility. OpenNMS.org - Network Management using SNMP. Also see Blast.com: OpenNMS

Nagios - host, service and network monitoring Caldera guide - Network Monitoring Tools Angel network monitor Bing: Measure bandwidth between two systems - Bandwidth ping

Using tcpdump to monitor the network: [root@node prompt]# ifconfig eth0 promisc - Put nic into promiscuous mo de to sniff traffic. [root@node prompt]# tcpdump -n host not XXX.XXX.XXX.XXX | more - Sniff tra ffic but ignore given IP address which is your remote session. [root@node prompt]# ifconfig eth0 -promisc - Pull nic out of promiscuous mode.

Network Intrusion and Hacker Detection Systems: SNORT: Monitor the network, performing real-time traffic analysis and packet logging on IP networks for the detection of an attack or probe. Linux Journal: Planning IDS for Your Enterprise - Nalneesh Gaur Snort overview - Drew Beach InterSect Alliance - Intrusiuon analysis. Identifies malicious or unauthorized access attempts.

Living in a MS/Windows World: In Nautilus use the URL "smb:" to view MS/Windows servers. LinNeighborhood: Linux workstation gui tool. Make your life simple and use the GUI/File Manager LinNeighborhood. It uses smbmount, samba and smbclient to give you access to MS/Windows servers and printers. LinNeighborhood Home Page LinNeighborhood Screen Shot See the YoLinux tutorial on integrating Linux into a Microsoft network.

Related Links: Linux Network Management - Georgia Tech (Slovak mirror) Linux Network Commands Cable modem HowTo - Vladimir Vuksan DNS HowTo - Nicolai Langfeldt Ethernet HowTo - Paul Gortmaker Firewall HowTo - Mark Grennan ipchains HowTo - Paul Russell Multicast HowTo - Juan-Mariano de Goyeneche Networking Overview HowTo - Daniel Lopez Ridruejo Networking Howto - Joshua Drake Red Hat 6.1 Document: The Network Administrators' Guide - Nikos Drakos /

Andrew Anderson NIS Howto - Thorsten Kukuk NFS Howto - Nicolai Langfeldt What Packets Look Like SNMP: Simple Network Management Protocol (Uses ports 161,162,391,1993) SNMP - Intro and tutorials Linux SNMP Network Management Tools SNMP FAQ net-snmp - tools and libraries News/Usenet Group: comp.os.linux.networking - Deja MARS-nwe - Netware emulator Caldera: Netware for Linux - Includes full NDS Linux 2.4 Advanced Routing HOWTO - iproute2, traffic shaping and a bit of netfilter ATM: ATM on Linux ISDN: ISDN4LINUX FAQ - Matthias Hessler ISDN4 Linux Home Page ISDN Solutions for Linux Examples of ISDN for LINUX Installations Dan Kegel's ISDN Page DSL: DSLreports.com: Reviews of DSL providers, bandwidth speed measurement,

Tools, Info PPTP: Point-to-Point Tunneling Protocol RFC 2637: Point-to-Point Tunneling Protocol (PPTP). PoPToP - PPTP server for Linux. PPTP-Linux Client - A PPTP Linux client that allows a linux system to connect to a PPTP server. Developed by C. S. Ananian. Counterpane Systems FAQ on Microsoft's PPTP Implementation - FAQ on the security flaws in Microsoft's PPTP Implementation. DHCP: (Dynamic Host Configuration Protocol) ISC Dynamic Host Configuration Protocol Multicast: Multicast over TCP/IP HOWTO ISP's: (National/Global) TheList.com - Comprehensive list of ISP's Earthlink Concentric ATT Worldnet NIS: (NFS infrastructure) NIS Statup Instructions Ethernet cables: Making CAT 3, 5, 5E RJ45 Ethernet Cables Wiring and Installation Gigabit Ethernet VIX: Vienna Internet eXchange - European traffic exchange for ISP's Test Internet Bandwidth: Test the speed of your connection by selecting this link - or this link (pick tachometer icon) Bandwidth tests and large file transfers Bandwidth explained and List of bandwidth test sites System monitor gkrellm - Monitors speed/bandwidth Man Pages: icmp - Linux IPv4 ICMP kernel module ifport - select the transceiver type for a network interface usernetctl - allow a user to manipulate a network interface if permitted

arp - manipulate the system ARP cache Shows other systems on your network (including IP address conflicts): arp -a Show ARP table Linux style: arp -e List ARP table: cat /proc/net/arp ripquery - query RIP (Routing Information Protocol) gateways gated - gateway routing daemon

Books: "Networking Linux: A Practical Guide to TCP/IP" by Pat Eyler ISBN # 0735710317, New Riders Publishing

"LINUX TCP/IP Network Administration by Scott Mann, Mitchell Krell ISBN # 0130322202, rentice Hall PTR

"Advanced Linux Networking" by Roderick W. Smith ISBN# 0201774232, Addison-Wesley Professional; 1st edition (July 15, 2002)

"Linux Routing" by Dee Ann LeBlanc, Joe "Zonker" Brockmeier, Ronald W. McCarty Jr.

ISBN# 1578702674, Sams; 1st edition (October 11, 2001)

"Policy Routing Using Linux" by Matthew G. Marsh ISBN# 0672320525, Sams; (March 6, 2001)

"Red Hat Linux Fedora Unleashed" by Bill Ball, Hoyt Duff Sams, ISBN# 0672326299

"Red Hat Linux Fedora 3 Unleashed" by Bill Ball, Hoyt Duff Sams, ISBN# 0672327082

"Red Hat Linux 9 Unleashed" by Bill Ball, Hoyt Duff Sams, ISBN# 0672325888 I have the Red Hat 6 version and I have found it to be very helpful. I have found it to be way more complete than the other Linux books. It is the most complete general Linux book in publication. While other books in the "Unleashed" series have dissapointed me, this book is the best out there.

"Redhat Linux 9 (Visual QuickPro Guide)" by Harold Davis ISBN #032121918X, Peachpit Press, Addison Wesley The best basic Linux book around for the GUI generation. This book

can be best described as a guide to using the GUI configuration tools.