DOCSLIB.ORG

Oracle Solaris Administration IP Services

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Oracle Solaris Administration IP Services Oracle® Solaris Administration: IP Services Part No: 821–1453–11 March 2012 Copyright © 1999, 2012, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT END USERS. Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including anyoperating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, andservices.Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products,orservices. 120602@25097 Contents Preface ...................................................................................................................................................19 Part I TCP/IP Administration ........................................................................................................................23 1 Planning the Network Deployment .................................................................................................25 Network Planning (Task Map) .......................................................................................................... 25 Determining the Network Hardware ................................................................................................ 26 Deciding on an IP Addressing Format for Your Network .............................................................. 27 IPv4 Addresses ............................................................................................................................. 27 DHCP Addresses .......................................................................................................................... 28 IPv6 Addresses ............................................................................................................................. 28 Private Addresses and Documentation Prefixes ...................................................................... 28 Obtaining Your Network's IP Number ............................................................................................. 29 Naming Entities on Your Network .................................................................................................... 29 Administering Host Names ........................................................................................................ 30 Selecting a Name Service and Directory Service ...................................................................... 30 Using Subnets ...................................................................................................................................... 31 Deploying Virtual Networks .............................................................................................................. 32 2 ConsiderationsWhen Using IPv6 Addresses ................................................................................... 33 IPv6 Planning (Task Map) ................................................................................................................. 33 IPv6 Network Topology Scenario .....................................................................................................34 Ensuring Hardware Support for IPv6 ............................................................................................... 36 Preparing an IPv6 Addressing Plan ...................................................................................................37 Obtaining a Site Prefix ................................................................................................................. 37 Creating the IPv6 Numbering Scheme ...................................................................................... 37 Configuring Network Services to Support IPv6 .............................................................................. 39 3 Contents ▼ How to Prepare Network Services for IPv6 Support ................................................................ 39 ▼ How to Prepare DNS for IPv6 Support ..................................................................................... 40 Planning for Tunnel Use in the Network .......................................................................................... 41 Security Considerations for the IPv6 Implementation ................................................................... 41 3 Configuring an IPv4 Network ............................................................................................................43 Network Configuration (Task Map) ................................................................................................. 43 Before You Begin Network Configuration ....................................................................................... 44 Configuring Component Systems on the Network ......................................................................... 45 IPv4 Autonomous System Topology ......................................................................................... 45 ▼ How to Configure an IP Interface .............................................................................................. 47 Setting Up System Configuration Modes .................................................................................. 51 Configuring an IPv4 Router ....................................................................................................... 56 ▼ How to Configure an IPv4 Router ............................................................................................. 56 Routing Tables and Routing Types ............................................................................................ 59 Configuring Multihomed Hosts ................................................................................................. 62 Configuring Routing for Single-Interface Systems .................................................................. 64 Adding a Subnet to a Network .................................................................................................... 67 Monitoring and Modifying Transport Layer Services .................................................................... 69 ▼ How to Log the IP Addresses of All Incoming TCP Connections ......................................... 70 ▼ How to Add Services That Use the SCTP Protocol .................................................................. 70 ▼ How to Use TCP Wrappers to Control Access to TCP Services ............................................. 73 4 Enabling IPv6 on the Network .......................................................................................................... 75 Configuring an IPv6 Interface ........................................................................................................... 75 ▼ How to Configure a System For IPv6 ........................................................................................
Load more

Recommended publications
  • Working with DHCP in Oracle® Solaris 11.2
    ® Working With DHCP in Oracle Solaris 11.2 Part No: E36812 July 2014 Copyright © 1999, 2014, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT END USERS. Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications.
    [Show full text]
  • Pf3e Index.Pdf
    INDEX Note: Pages numbers followed by f, n, priority-based queues, 136–145 or t indicate figures, notes, and tables, match rule for queue assignment, respectively. 137–138 overview, 134–135 Symbols performance improvement, 136–137 # (hash mark), 13, 15 queuing for servers in DMZ, ! (logical NOT) operator, 42 142–144 setting up, 135–136 A on FreeBSD, 135–136 on NetBSD, 136 Acar, Can Erkin, 173 on OpenBSD, 135 ACK (acknowledgment) packets transitioning to priority and class-based bandwidth allocation, queuing system, 131–133 139–140 anchors, 35–36 HFSC algorithm, 124, 126, 142 authpf program, 61, 63 priority queues, 132, 137–138 listing current contents of, 92 two-priority configuration, loading rules into, 92 120–121, 120n1 manipulating contents, 92 adaptive.end value, 188 relayd daemon, 74 adaptive firewalls, 97–99 restructuring rule set with, 91–94 adaptive.start value, 188 tagging to help policy routing, 93 advbase parameter, 153–154 ancontrol command, 46n1 advskew parameter, 153–154, 158–159 antispoof tool, 27, 193–195, 194f aggressive value, 192 ARP balancing, 151, 157–158 ALTQ (alternate queuing) framework, atomic rule set load, 21 9, 133–145, 133n2 authpf program, 59–63, 60 basic concepts, 134 basic authenticating gateways, class-based bandwidth allocation, 60–62 139–140 public networks, 62–63 overview, 135 queue definition, 139–140 tying queues into rule set, 140 B handling unwanted traffic, 144–145 bandwidth operating system-based queue actual available, 142–143 assignments, 145 class-based allocation of, 139–140 overloading to
    [Show full text]
  • Install and Setup DHCP Service
    Install and setup DHCP Service Synopsis: DHCP or Dynamic Host Configuration Protocol allows for automatic management of IP addresses on your internal network. By providing DHCP on your LAN, you eliminate the bother of having to configure manually PCs, laptops, or smart phones. They will automatically get an IP address and be configured with default gateway and DNS server information. It is important that only one DHCP server be active on a network. So, check carefully any other network devices on your network, especially wireless Access Points, to be sure their DHCP service is disabled. I. Installation Log into the Freebsd system as root. (Assumes networking is already configured.) # # cd /usr/ports/net/isc-dhcp44-server && make install clean # II. Startup Configuration Enable DHCP daemon at startup and assign the internal LAN (sk0 in this project) interface; # # echo 'dhcpd_enable="YES"' >> /etc/rc.conf # echo 'dhcpd_ifaces="sk0"' >> /etc/rc.conf # III. Setup configuration file # # cd /usr/local/etc # If there is a dhcpd.conf file, rename it; # # mv dhcpd.conf dhcpd.conf.original # Copy the following text, modify for your personal use, and paste it into a new dhcpd.conf file. You will need to modify the subnet (i.e., your network zero) and mask, the IP pool range, the DNS server (in this case 8.8.8.8 is the Google DNS server), the domain name, the router/gateway and the broadcast address (i.e., your network 255). The settings shown assumes our LAN subnet will be the private range 192.168.1.0 to 192.168.1.255. This machine will have LAN address configured as 192.168.1.254 and will be the default gateway for the LAN network.
    [Show full text]
  • The Complete Freebsd
    The Complete FreeBSD® If you find errors in this book, please report them to Greg Lehey <grog@Free- BSD.org> for inclusion in the errata list. The Complete FreeBSD® Fourth Edition Tenth anniversary version, 24 February 2006 Greg Lehey The Complete FreeBSD® by Greg Lehey <[email protected]> Copyright © 1996, 1997, 1999, 2002, 2003, 2006 by Greg Lehey. This book is licensed under the Creative Commons “Attribution-NonCommercial-ShareAlike 2.5” license. The full text is located at http://creativecommons.org/licenses/by-nc-sa/2.5/legalcode. You are free: • to copy, distribute, display, and perform the work • to make derivative works under the following conditions: • Attribution. You must attribute the work in the manner specified by the author or licensor. • Noncommercial. You may not use this work for commercial purposes. This clause is modified from the original by the provision: You may use this book for commercial purposes if you pay me the sum of USD 20 per copy printed (whether sold or not). You must also agree to allow inspection of printing records and other material necessary to confirm the royalty sums. The purpose of this clause is to make it attractive to negotiate sensible royalties before printing. • Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. • For any reuse or distribution, you must make clear to others the license terms of this work. • Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above.
    [Show full text]
  • Utilising Configuration Management Node Data for Network Infrastructure
    Aalto University School of Science Degree Programme in Computer Science and Engineering Lauri Tirkkonen Utilising configuration management node data for network infrastructure man- agement Master's Thesis Espoo, May 4, 2016 Supervisor: Professor Heikki Saikkonen Advisor: Jaakko Kotim¨akiM.Sc. (Tech.) Aalto University School of Science ABSTRACT OF Degree Programme in Computer Science and Engineering MASTER'S THESIS Author: Lauri Tirkkonen Title: Utilising configuration management node data for network infrastructure man- agement Date: May 4, 2016 Pages: 38 Major: Software Technology Code: T-106 Supervisor: Professor Heikki Saikkonen Advisor: Jaakko Kotim¨akiM.Sc. (Tech.) Configuration management software running on nodes solves problems such as configuration drift on the nodes themselves, but the necessary node configura- tion data can also be utilised in managing network infrastructure, for example to reduce configuration errors by facilitating node life cycle management. Many configuration management software systems depend on a working network, but we can utilise the data to create large parts of the network infrastructure config- uration itself using node data from the configuration management system before the nodes themselves are provisioned, as well as remove obsolete configuration as nodes are decommissioned. Keywords: configuration management, network infrastructure configura- tion, life cycle management Language: English 2 Aalto-yliopisto Perustieteiden korkeakoulu DIPLOMITYON¨ Tietotekniikan koulutusohjelma TIIVISTELMA¨ Tekij¨a: Lauri Tirkkonen
    [Show full text]
  • Ubuntu Server Guide Basic Installation Preparing to Install
    Ubuntu Server Guide Welcome to the Ubuntu Server Guide! This site includes information on using Ubuntu Server for the latest LTS release, Ubuntu 20.04 LTS (Focal Fossa). For an offline version as well as versions for previous releases see below. Improving the Documentation If you find any errors or have suggestions for improvements to pages, please use the link at thebottomof each topic titled: “Help improve this document in the forum.” This link will take you to the Server Discourse forum for the specific page you are viewing. There you can share your comments or let us know aboutbugs with any page. PDFs and Previous Releases Below are links to the previous Ubuntu Server release server guides as well as an offline copy of the current version of this site: Ubuntu 20.04 LTS (Focal Fossa): PDF Ubuntu 18.04 LTS (Bionic Beaver): Web and PDF Ubuntu 16.04 LTS (Xenial Xerus): Web and PDF Support There are a couple of different ways that the Ubuntu Server edition is supported: commercial support and community support. The main commercial support (and development funding) is available from Canonical, Ltd. They supply reasonably- priced support contracts on a per desktop or per-server basis. For more information see the Ubuntu Advantage page. Community support is also provided by dedicated individuals and companies that wish to make Ubuntu the best distribution possible. Support is provided through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The large amount of information available can be overwhelming, but a good search engine query can usually provide an answer to your questions.
    [Show full text]
  • The GNU C Library: System & Network Applications
    The GNU C Library: System & Network Applications For GNU C Libraries version 2.3.x by Sandra Loosemore with Richard M. Stallman, Roland McGrath, Andrew Oram, and Ulrich Drepper This manual documents the GNU C Libraries version 2.3.x. ISBN 1-882114-24-8, First Printing, March 2004. Published by: GNU Press Website: www.gnupress.org a division of the General: [email protected] Free Software Foundation Orders: [email protected] 51 Franklin St, Fifth Floor Tel: 617-542-5942 Boston, MA 02110-1301 USA Fax: 617-542-2652 Copyright © 1999, 2000, 2001, 2002, 2003, 2004 Free Software Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2, or any later version published by the Free Software Foundation; with the Invariant Sections being “Free Software and Free Manuals”, the “GNU Free Documentation License”," and the “GNU Lesser General Public License”, with the Front Cover Texts being “A GNU Manual”, and with the Back Cover Texts as in (a) below. A copy of the license is included in the section entitled “GNU Free Documentation License”. (a) The Back Cover Text is: You are free to copy and modify this GNU Manual. Buying copies from GNU Press supports the FSF in developing GNU and promoting software freedom. Cover art by Etienne Suvasa. Cover design by Jonathan Richard. Printed in USA. i Short Contents 1 Introduction ............................................ 1 2 Low-Level Input/Output .................................. 17 3 File-System Interface .................................... 71 4 Pipes and FIFOs ...................................... 119 5 Sockets .............................................. 125 6 Low-Level Terminal Interface ...........................
    [Show full text]
  • Free, Functional, and Secure
    Free, Functional, and Secure Dante Catalfamo What is OpenBSD? Not Linux? ● Unix-like ● Similar layout ● Similar tools ● POSIX ● NOT the same History ● Originated at AT&T, who were unable to compete in the industry (1970s) ● Given to Universities for educational purposes ● Universities improved the code under the BSD license The License The license: ● Retain the copyright notice ● No warranty ● Don’t use the author's name to promote the product History Cont’d ● After 15 years, the partnership ended ● Almost the entire OS had been rewritten ● The university released the (now mostly BSD licensed) code for free History Cont’d ● AT&T launching Unix System Labories (USL) ● Sued UC Berkeley ● Berkeley fought back, claiming the code didn’t belong to AT&T ● 2 year lawsuit ● AT&T lost, and was found guilty of violating the BSD license History Cont’d ● BSD4.4-Lite released ● The only operating system ever released incomplete ● This became the base of FreeBSD and NetBSD, and eventually OpenBSD and MacOS History Cont’d ● Theo DeRaadt ○ Originally a NetBSD developer ○ Forked NetBSD into OpenBSD after disagreement the direction of the project *fork* Innovations W^X ● Pioneered by the OpenBSD project in 3.3 in 2002, strictly enforced in 6.0 ● Memory can either be write or execute, but but both (XOR) ● Similar to PaX Linux kernel extension (developed later) AnonCVS ● First project with a public source tree featuring version control (1995) ● Now an extremely popular model of software development anonymous anonymous anonymous anonymous anonymous IPSec ● First free operating system to implement an IPSec VPN stack Privilege Separation ● First implemented in 3.2 ● Split a program into processes performing different sub-functions ● Now used in almost all privileged programs in OpenBSD like httpd, bgpd, dhcpd, syslog, sndio, etc.
    [Show full text]
  • Alcatel-Lucent Vitalqip DNS/DHCP & IP MANAGEMENT SOFTWARE
    Alcatel-Lucent VitalQIP DNS/DHCP & IP MANAGEMENT SOFTWARE | LUCENT DHCP RELEASE 5.4 BUILD 45 RELEASE NOTES ALCATEL-LUCENT PROPRIETARY This document contains proprietary information of Alcatel-Lucent and 190-409-113R5.4 is not to be disclosed or used except in accordance with applicable NOVEMBER 2008 agreements. ISSUE 12 Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners. The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein. Copyright © 2008 Alcatel-Lucent. All Rights Reserved. Alcatel-Lucent – Proprietary See notice on first page Contents About this document vii Reason for reissue..........................................................................................................vii Conventions used............................................................................................................ ix Typographical conventions............................................................................................. ix Technical Support............................................................................................................ x How to comment............................................................................................................. xi 1 Overview 1-1 2 Release components 2-1 Software deliverables..................................................................................................2-2 Software
    [Show full text]
  • CREID: Development of Reliable and Scalable DHCP System for Carrier IP Networks
    CREID: Development of reliable and scalable DHCP system for carrier IP networks Katsuhiro Naito Department of Electrical and Electronic Engineering, Mie University, 1577 Kurimamachiya, Tsu, 514-8507, Japan Email: [email protected] Makoto Nishide Net Step Inc. 213 Obatachomiyamae, Ise, 519-0504, Japan Email: [email protected] Eiji Miyazoe OSS BroadNet Inc. 3-5-7 Hisamoto, Takatsuku, Kawasaki, 213-0011, Japan Email: [email protected] Abstract— Dynamic host configuration protocol (DHCP) is of ISC-DHCP is distributed over various kinds of UNIX OS. essential service to configure information about networks at Therefore, many users use the software in local networks. On user terminals in Internet service providers (ISPs). Therefore, the contrary, the transaction performance of ISC-DHCP is not many DHCP programs are released in Internet. However, few free software DHCP programs can achieve required reliability high comparing to the requirement in commercial large ISPs. and scalability in ISP’s usage. In this paper, we develop the Additionally, the fail-over mechanisms of ISC-DHCP are not reliable and scalable DHCP system called CNR Emulator on enough to achieve a stable DHCP service in commercial ISPs ISC-DHCP (CREID) based on free software such as ISC-DHCP, [9], [10], [11]. Duplicated Replicated Block Device (DRBD), and Pacemaker. In this paper, we develop the reliable and scalable DHCP ISC-DHCP supports Internet Protocol (IP) v4 and IPv6 that are required in commercial ISP services. DRBD and Pacemaker system called CNR Emulator on ISC-DHCP (CREID) based can construct clustering systems over some physical computers. on free software such as ISC-DHCP, Duplicated Replicated From the numerical results, we can find that the developed DHCP Block Device (DRBD) [12], and Pacemaker [13].
    [Show full text]
  • V3.5 IP Address Management Software
    GestióIP IPAM v3.5 IP address management software Documentation v1.11 www.gestioip.net GestióIP Copyright © Marc Uebel 2021 Documentation GestióIP IPAM v3.5 Table of Contents 1 Introduction......................................................................................................................................7 2 Use....................................................................................................................................................8 2.1 Access.......................................................................................................................................8 2.2 Show networks..........................................................................................................................8 2.2.1 Root networks.................................................................................................................10 2.3 Show hosts..............................................................................................................................11 2.3.1 Host list view..................................................................................................................11 2.3.2 Host overview.................................................................................................................13 2.3.3 Host status view..............................................................................................................13 2.3.4 Host check.......................................................................................................................14
    [Show full text]
  • DNS and the DNS Cache Poisoning Attack
    Lecture 17: DNS and the DNS Cache Poisoning Attack Lecture Notes on “Computer and Network Security” by Avi Kak ([email protected]) June 25, 2021 3:21pm ©2021 Avinash Kak, Purdue University Goals: The Domain Name System BIND Configuring BIND Running BIND on your Ubuntu laptop Light-Weight Nameservers (and how to install them) DNS Cache Poisoning Attack Writing Perl and Python code for cache poisoning attacks Dan Kaminsky’s More Virulent DNS Cache Poisoning Attack CONTENTS Section Title Page 17.1 Internet, Harry Potter, and the Magic of DNS 3 17.2 DNS 5 17.3 An Example That Illustrates Extensive DNS 13 Lookups in Even the Simplest Client-Server Interactions 17.4 The Domain Name System and The dig Utility 28 17.5 host, nslookup, and whois Utilities for Name 42 Lookup 17.6 Creating a New Zone and Zone Transfers 45 17.7 DNS Cache 48 17.7.1 The TTL Time Interval 51 17.8 BIND 56 17.8.1 Configuring BIND 58 17.8.2 An Example of the named.conf Configuration File 64 17.8.3 Running BIND on Your Ubuntu Laptop 68 17.9 What Does it Mean to Run a Process in a 70 chroot Jail? 17.10 Phishing versus Pharming 73 17.11 DNS Cache Poisoning 74 17.12 Writing Perl and Python Code for Mounting a 81 DNS Cache Poisoning Attack 17.13 Dan Kaminsky’s More Virulent Exploit for 92 DNS Cache Poisoning 17.14 Homework Problems 99 Computer and Network Security by Avi Kak Lecture 17 Back to TOC 17.1 INTERNET, HARRY POTTER, AND THE MAGIC OF DNS If you have read Harry Potter, you are certainly familiar with the use of owl mail by the wizards and the witches.
    [Show full text]