Module 01_and_02 - IP Address and Internet Serv..
Download
Report
Transcript Module 01_and_02 - IP Address and Internet Serv..
Network Administration
ITA3564
Leung Hung
25958118
[email protected]
1
Module Rationale /Aims
To introduce the basic concepts of
internetworking architecture and protocol
To introduce the basic concepts of computer
system and network administration
To develop basic skills for network server
administration
2
Learning Objectives
Students will be able to:
install and maintain computer networks;
understand network protocols and network services
architecture;
demonstrate the knowledge and skills of network
administration through practical exercises;
build and use the Samba server in a mixed environment;
to set up and configure Dynamic Host Configuration Protocol,
Domain Name System (DNS), Network File System (NFS),
and SAMBA
Note:
Platform : CentOS 5.3
Download site: ftp.cuhk.hk
3
Assessment (Proposed)
Continues Assessment
Quizs
Tests
• Written(x2)
• Skill-based
Final Examination
50%
10%
30%
10%
50%
4
Pre-requisites
You should understand
how to use of basic Linux commands (e.g. cd, ls,
useradd, userdel, pwd …)
the functions of system configuration files
• (e.g. /etc/passwd, /etc/group …)
how to configure your network card
• (e.g. IP address, DNS, default gateway, host name)
use of vi editor (to edit configuration files)
shell scripts (simple)
5
Teaching Materials
Lecture Notes
Tutorials
Lab Exercises
Recommended Textbook
Craig Hunt, TCP/IP Network Administration, 3rd edition, O'Reilly &
Associates, 2002.
Evi Nemeth; Linux Administration Handbook; Prentice Hall PTR, 2004.
Scott Mann; Linux TCP/IP Network Administration; Prentice Hall PTR;
2002.
Nemth E, Snyder G, Seebass G and Hein T H; UNIX System Administration
3rd Edition; Addison Wesley, 2000.
Useful site:
http://linux.vbird.org/
6
Network Administration
Module 1
TCP/IP
7
OSI and Protocol Stack
8
Packet Encapsulation
The data is sent down the protocol stack
Each layer adds to the data by prepending headers
22Bytes 20Bytes 20Bytes
64 to 1500 Bytes
4Bytes
9
IP: Internet Protocol
Unreliable … connectionless
datagram delivery service
Responsible for routing of data
through intermediate networks
and computers
10
IP Routing
Source
Destination
Application
Application
Transport
Router
Transport
Network
Network
Network
Link
Link
Link
Routing Table
- Destination IP address
- IP address of a next-hop router
- Flags
- Network interface specification
11
ICMP : Internet Control Message Protocol
ICMP, Internet Control Message Protocol, is a set format that
contains packets that show error, control, and informational
messages.
Used to report problems with delivery of IP Datagrams within
an IP network
Used by ping, tracerout commands
12
TCP : Transmission Control Protocol
Connection-Oriented, Reliable, Byte Stream Service
TCP guarantees delivery of data and also guarantees that
packets will be delivered in the same order in which they
were sent.
Protocol
Set up connection
1. Transfer data
2. Close connection
13
UDP: User Datagram Protocol
UDP, a connectionless protocol that, like TCP, runs on top
of IP networks. Unlike TCP/IP, UDP/IP provides very few
error recovery services, offering instead a direct way to
send and receive datagrams over an IP network. It's used
primarily for broadcasting messages over a network.
14
IP Address (IPv4)
IP address – 32 bits
Format: X.X.X.X (X ranged from 0 to 255)
e.g. 192.168.1.2
5 Classes of IP Address
Class A
Class B
Class C
Class D (Multicast)
Class E (Experimental purpose)
15
IP Address Classes
Class A
Class B
Network ID
Host ID
Network ID
Host ID
Network ID
Class C
w
x
Host ID
y
z
16
Subnetting a Network
Subnets
Subnet
Masks
Determining Local and Remote Hosts
17
Subnets
Subnet 1
Network ID:192.168.11.0
Subnet 2
1
2
Subnet Mask: 255.255.255.0
Hub
Network ID:192.168.110.0
Subnet Mask: 255.255.255.0
Router
Hub
18
Subnet Masks
IP
Address
Subnet
Mask
Network
ID
10.50.100.
255.255.255.
10.50.100.
200
0
0
19
Available Host IDs
Subnet Mask
Network ID
1 1 1 1 1 1 1 1 1 1 1 1 1 1
Host ID
0 0 0 0 0 0 00 0 0 0 0 0 0
N
Number of Host IDs : 2n - 2
20
Network Configuration in Linux
The basic steps are:
Assign an IP address and hostname
Setup the new host to configure its network
interfaces at boot time
Setup a default route and perhaps fancier routing
Point to a DNS name server, to allow access to
the rest of Internet
21
How to configure IP address
Edit the configure file
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
TYPE=Ethernet
IPADDR=192.168.10.1
NETMASK=255.255.255.0
GATEWAY=192.168.10.254
22
How to configure hostname
Edit configuration file
/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=linuxserver
23
How to configure DNS
Edit the configuration file
/etc/resolv.conf
nameserver 192.168.1.110
nameserver 202.110.100.100
Note:
Domain Name Service (DNS) is the service used to convert
human readable names (e.g. www.yahoo.com) of hosts to IP
addresses (e.g. 209.131.36.158).
24
Different types of Network Services
Web Server
FTP Server
DNS Server
Mail Server (SMTP, POP3, IMAP)
NIS/NFS Server (Share drive between Linux)
Samba Server (Share drive with Windows OS)
Dynamic Host Configuration Protocol (DHCP) Server
SSH (Remote Access with encryption)
Telnet (Remote Access)
Proxy Server (Squid)
Firewall (IPTABLES)
25
Port Number
A port number is a way to distinguish one TCP/IP
service from another at a given IP address.
This way one server machine can provide many
different services without conflicts among the
incoming and outgoing data.
For the TCP/IP services, a port number is a 16-bit
integer (1 ~ 65535).
e.g. Web Server (Port 80), Telnet Server (Port 23)…
26
Well-known port number
You may refer to the following web site for well-known
port number
http://www.iana.org/assignments/port-numbers
Port
Description
20
FTP -- Data
21
FTP -- Control
22
SSH Remote Login Protocol
23
Telnet
25
Simple Mail Transfer Protocol (SMTP)
53
Domain Name System (DNS)
80
HTTP (Web)
110
POP3
443
HTTPS
27
Configure Domain Name Service (DNS)
To configure a machine as a DNS client, you only
need to edit:
/etc/resolv.conf
nameserver 203.186.89.168
/etc/nsswitch.conf - “service switch” file that
determines which mechanisms will be used to resolve
hostname-to-IP-address mappings
• Specify the order in which DNS, NIS (NIS+) and
/etc/hosts should be consulted
28
Scenario 1 (Same Network)
How machine A sends a packet to machine B.
29
Scenario 2 (Different Network)
How machine A sends a packet to machine B.
A
B
30
Network Administration
Module 2
Internet Services
31
Network Services
/etc/services
Standard services such as email, FTP … all associate
themselves with “well-known” ports defined in this
file
ftp
ftp
ssh
ssh
telnet
telnet
21/tcp
21/udp
22/tcp # SSH Remote Login Protocol
22/udp # SSH Remote Login Protocol
23/tcp
23/udp
32
xinetd (daemon)
The xinetd daemon (a program running in background) is a
TCP wrapped super service which controls access to a subset of
popular network services including FTP, IMAP, and Telnet.
Extended Internet Services Daemon
Accept client request from Internet
Redirect to corresponding service
It also provides service-specific configuration options for access
control, enhanced logging, binding, redirection, and resource
utilization control.
33
xinetd (Cont)
The configuration files for xinetd are as follows:
/etc/xinetd.conf — The global xinetd
configuration file
/etc/xinetd.d/ directory — The directory
containing all service-specific files
Restart the service
/etc/rc.d/init.d/xinetd restart
Or
service xinetd restart
34
How xinetd works
When a client host attempts to connect to a network service
controlled by xinetd, the super service receives the request
and checks for any TCP wrappers access control rules.
If access is allowed, xinetd verifies that the connection is
allowed under its own access rules for that service and that
the service is not consuming more than its allocated amount
of resources or in breach of any defined rules.
It then starts an instance of the requested service and passes
control of the connection to it. Once the connection is
established, xinetd does not interfere further with
communication between the client host and the server.
35
xinetd Configuration File
General configuration settings which effect every
service under xinetd's control
It is read once when the xinetd service is started
defaults
{
instances
log_type
log_on_success
log_on_failure
cps
}
includedir /etc/xinetd.d
=
=
=
=
=
60
SYSLOG authpriv
HOST PID
HOST
25 30
36
xinetd Configuration Files Parameters
instances — Sets the maximum number of requests xinetd can
handle at once.
log_type — Configures xinetd to use the authpriv log facility,
which writes log entries to the /var/log/secure file
log_on_success — Configures xinetd to log if the connection is
successful
log_on_failure — Configures xinetd to log if there is a connection
failure or if the connection is not allowed
37
xinetd Configuration Files Parameters
(Cont)
cps — Configures xinetd to allow no more than 25
connections per second to any given service. . If this limit is
reached, the service is retired for 30 seconds.
includedir /etc/xinetd.d/ — Includes options declared
in the service-specific configuration files located in the
/etc/xinetd.d/ directory
38
The /etc/xinetd.d/ Directory
Contains the configuration files for each service managed by
xinetd and the names of the files correlate to the service
The format of files in the /etc/xinetd.d/ directory use the
same conventions as /etc/xinetd.conf. The primary
reason the configuration for each service is stored in separate
file is to make customization easier and less likely to effect
other services
39
Example - telnet
/etc/xinetd.d/telnet
service telnet
{
flags
socket_type
wait
user
server
log_on_failure
disable
}
= REUSE
= stream
= no
= root
= /usr/sbin/in.telnetd
+= USERID
= yes
40
/etc/xinetd.d/ Configuration Files
Parameters
service — Defines the service name, usually to match a service
listed in the /etc/services file.
flags — Sets any of a number of attributes for the connection.
REUSE instructs xinetd to reuse the socket for a Telnet
connection.
socket_type — Sets the network socket type to stream.
wait — Defines whether the service is single-threaded (yes) or
multi-threaded (no).
user — Defines what user ID the process process will run under.
server — Defines the binary executable to be launched.
log_on_failure — Defines logging parameters for log_on_failure
in addition to those already defined in xinetd.conf.
41
disable — Defines whether or not the service is active.
/etc/hosts.allow and
/etc/hosts.deny
Using TCP wrappers to manage access to certain network
services
Any network services managed by xinetd can use TCP
wrappers to manage access
xinetd can use the /etc/hosts.allow and
/etc/hosts.deny files to configure access to system
services
hosts.allow - a list of rules that allow clients to access
the network services controlled by xinetd
hosts.deny - rules to deny access
42
/etc/hosts.allow and
/etc/hosts.deny Flowchart
Client Request
/etc/
hosts.allow
Allow
Redirect Service
Not specify
/etc/
hosts.deny
Not
specify
Redirect Service
Deny
Reject Connection
43
Configure Network Interfaces (using
ifconfig command)
ifconfig command
enables or disables a network interface (or using
ifup / ifdown)
sets its IP address and subnet mask
sets various other options and parameters
e.g.
ifconfig eth0 192.168.10.1 netmask 255.255.255.0
44
Configure Static Routes / Default Gateway
route command
Defines static routes, explicit routing table entries that never
change
e.g.
route add -net 192.168.10.0 netmask 255.255.255.0 gw
192.168.100.254
Default Gateway
Causes all packets whose destination network is not found in
the kernel’s routing table to be sent to the indicated gateway
e.g.
•
route add default gw 172.20.0.1
45
Static Route and Dynamic Route
A static route is a route that is created manually by a
network administrator.
The opposite of a static route is a dynamic route.
Dynamic routes are created by routing protocols.
46
Dynamic Reconfiguration and Tuning
Linux put a representation of kernel and networking
parameters that can be tuned into the /proc
filesystem
The important networking variables are in
/proc/sys/net/ipv4
47
IPv4
IPv4 is version 4 of the Internet Protocol (IP). It was the first
version of the Internet Protocol to be widely deployed, and
forms the basis for most of the current Internet (as of 2004).
It is described in IETF RFC 791, which was first published in
September, 1981.
IPv4 uses 32-bit addresses, limiting it to 4294967296 unique
addresses, many of which are reserved for special purposes
such as local networks or multicast addresses, reducing the
number of addresses that can be allocated as public Internet
addresses.
As the number of addresses available is consumed, an IPv4
address shortage appears to be inevitable in the long run.
48
IPv6
IPv6, or Internet Protocol version 6, is a network layer
standard; i.e., it governs the addressing and routing of data
packets through a network.
IPv6 is intended to replace the IPv4 standard, whose limits on
network addresses will eventually lead to exhaustion of
available addresses..
IPv4 supports 4,294,967,296 (4.294 × 109) addresses,
inadequate for giving even one address to every living person,
much less cars, phones, PDAs, and toasters; while IPv6
supports about 3.4 × 1038 (340 undecillion) addresses -about 4.3 × 1020 (430 quintillion) addresses per square inch
(6.7 × 1017 (670 quadrillion) addresses/mm²) of the Earth's
surface.
49