Guide to IP Layer Network Administration with Linux Version 0.4.5 Martin A. Brown Guide to IP Layer Network Administration with Linux: Version 0.4.5 Martin A. Brown Publication date 2007-Mar-14 Copyright © 2002, 2003 Martin A. Brown Abstract This guide provides an overview of many of the tools available for IP network administration of the linux operating system, kernels in the 2.2 and 2.4 series. It covers Ethernet, ARP, IP routing, NAT, and other topics central to the management of IP networks. Table of Contents Introduction ..................................................................................................................... xiv 1. Target Audience, Assumptions, and Recommendations ................................................ xiv 2. Conventions ......................................................................................................... xiv 3. Bugs and Roadmap ................................................................................................ xv 4. Technical Note and Summary of Approach ................................................................ xv 5. Acknowledgements and Request for Remarks ............................................................. xv I. Concepts ......................................................................................................................... 1 1. Basic IP Connectivity ............................................................................................... 4 1. IP Networking Control Files .............................................................................. 4 2. Reading Routes and IP Information .................................................................... 5 2.1. Sending Packets to the Local Network ...................................................... 7 2.2. Sending Packets to Unknown Networks Through the Default Gateway ............ 8 2.3. Static Routes to Networks ...................................................................... 9 3. Changing IP Addresses and Routes ..................................................................... 9 3.1. Changing the IP on a machine ............................................................... 10 3.2. Setting the Default Route ...................................................................... 11 3.3. Adding and removing a static route ........................................................ 12 4. Conclusion .................................................................................................... 13 2. Ethernet ............................................................................................................... 15 1. Address Resolution Protocol (ARP) .................................................................. 15 1.1. Overview of Address Resolution Protocol ................................................ 15 1.2. The ARP cache ................................................................................... 18 1.3. ARP Suppression ................................................................................ 20 1.4. The ARP Flux Problem ........................................................................ 20 2. Proxy ARP ................................................................................................... 23 3. ARP filtering ................................................................................................ 24 4. Connecting to an Ethernet 802.1q VLAN ........................................................... 25 5. Link Aggregation and High Availability with Bonding ......................................... 25 5.1. Link Aggregation ................................................................................ 26 5.2. High Availability ................................................................................. 27 3. Bridging ............................................................................................................... 28 1. Concepts of Bridging ...................................................................................... 28 2. Bridging and Spanning Tree Protocol ................................................................ 28 3. Bridging and Packet Filtering ........................................................................... 28 4. Traffic Control with a Bridge ........................................................................... 28 5. ebtables ....................................................................................................... 28 4. IP Routing ............................................................................................................ 29 1. Introduction to Linux Routing .......................................................................... 29 2. Routing to Locally Connected Networks ............................................................ 31 3. Sending Packets Through a Gateway ................................................................. 32 4. Operating as a Router ..................................................................................... 33 5. Route Selection ............................................................................................. 33 5.1. The Common Case .............................................................................. 34 5.2. The Whole Story ................................................................................. 34 5.3. Summary ........................................................................................... 36 6. Source Address Selection ................................................................................ 36 7. Routing Cache ............................................................................................... 37 8. Routing Tables .............................................................................................. 38 8.1. Routing Table Entries (Routes) .............................................................. 40 8.2. The Local Routing Table ...................................................................... 42 8.3. The Main Routing Table ....................................................................... 43 iii Guide to IP Layer Network Administration with Linux 9. Routing Policy Database (RPDB) ..................................................................... 43 10. ICMP and Routing ....................................................................................... 45 10.1. MTU, MSS, and ICMP ....................................................................... 45 10.2. ICMP Redirects and Routing ............................................................... 45 5. Network Address Translation (NAT) ......................................................................... 47 1. Rationale for and Introduction to NAT .............................................................. 47 2. Application Layer Protocols with Embedded Network Information .......................... 49 3. Stateless NAT with iproute2 ........................................................................... 49 3.1. Stateless NAT Packet Capture and Introduction ........................................ 50 3.2. Stateless NAT Practicum ...................................................................... 51 3.3. Conditional Stateless NAT .................................................................... 51 4. Stateless NAT and Packet Filtering ................................................................... 52 5. Destination NAT with netfilter (DNAT) ............................................................. 54 5.1. Port Address Translation with DNAT ..................................................... 55 6. Port Address Translation (PAT) from Userspace .................................................. 55 7. Transparent PAT from Userspace ..................................................................... 55 6. Masquerading and Source Network Address Translation ............................................... 56 1. Concepts of Source NAT ................................................................................ 56 1.1. Differences Between SNAT and Masquerading ......................................... 56 1.2. Double SNAT/Masquerading ................................................................. 56 2. Issues with SNAT/Masquerading and Inbound Traffic .......................................... 56 3. Where Masquerading and SNAT Break ............................................................. 56 7. Packet Filtering ..................................................................................................... 57 1. Rationale for and Introduction to Packet Filtering ................................................ 57 1.1. History of Linux Packet Filter Support .................................................... 58 2. Limits and Weaknesses of Packet Filtering ......................................................... 58 2.1. Limits of the Usefulness of Packet Filtering ............................................. 58 2.2. Weaknesses of Packet Filtering .............................................................. 59 2.3. Complex Network Layer Stateless Packet Filters ....................................... 59 3. General Packet Filter Requirements ................................................................... 60 4. The Netfilter Architecture ................................................................................ 60 4.1. Packet Filtering with iptables ................................................................ 60 5. Packet Filtering with ipchains ........................................................................