Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Linux Networking Cookbook
  • Table Of Contents Toc
Linux Networking Cookbook

Linux Networking Cookbook

By : Dsouza, Gregory Boyce
3.5 (2)
Buy this Book
close
close
Linux Networking Cookbook

Linux Networking Cookbook

3.5 (2)
By: Dsouza, Gregory Boyce
Buy this Book

Overview of this book

Linux can be configured as a networked workstation, a DNS server, a mail server, a firewall, a gateway router, and many other things. These are all part of administration tasks, hence network administration is one of the main tasks of Linux system administration. By knowing how to configure system network interfaces in a reliable and optimal manner, Linux administrators can deploy and configure several network services including file, web, mail, and servers while working in large enterprise environments. Starting with a simple Linux router that passes traffic between two private networks, you will see how to enable NAT on the router in order to allow Internet access from the network, and will also enable DHCP on the network to ease configuration of client systems. You will then move on to configuring your own DNS server on your local network using bind9 and tying it into your DHCP server to allow automatic configuration of local hostnames. You will then future enable your network by setting up IPv6 via tunnel providers. Moving on, we’ll configure Samba to centralize authentication for your network services; we will also configure Linux client to leverage it for authentication, and set up a RADIUS server that uses the directory server for authentication. Toward the end, you will have a network with a number of services running on it, and will implement monitoring in order to detect problems as they occur.
Table of Contents (14 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. Configuring a Router
chevron up
Icon
1. Configuring a Router
Icon
Introduction
Icon
Setting up the physical network
Icon
Configuring IPv4
Icon
Configuring IPv4 permanently
Icon
Connecting two networks
Icon
Enabling NAT to the outside
Icon
Setting up DHCP
Icon
Setting up a firewall with IPtables
Icon
Setting up port forwarding
Icon
Adding VLAN Tagging
2
2. Configuring DNS
Icon
2. Configuring DNS
Icon
Introduction
Icon
Setting up your system to talk to a nameserver
Icon
Setting up a local recursive resolver
Icon
Configuring dynamic DNS on your local network
Icon
Setting up a nameserver for your public domain
Icon
Setting up a slave nameserver
3
3. Configuring IPv6
Icon
3. Configuring IPv6
Icon
Introduction
Icon
Setting up an IPv6 tunnel via Hurricane Electric
Icon
Using ip6tables to firewall your IPv6 traffic
Icon
Route an IPv6 netblock to your local network
4
4. Remote Access
Icon
4. Remote Access
Icon
Introduction
Icon
Installing OpenSSH
Icon
Using OpenSSH as a basic shell client
Icon
Using OpenSSH to forward defined ports
Icon
Using OpenSSH as a SOCKS proxy
Icon
Using OpenVPN
5
5. Web Servers
Icon
5. Web Servers
Icon
Introduction
Icon
Configuring Apache with TLS
Icon
Improving scaling with the Worker MPM
Icon
Setting up PHP using an Apache module
Icon
Securing your web applications using mod_security
Icon
Configuring NGINX with TLS
Icon
Setting up PHP in NGINX with FastCGI
6
6. Directory Services
Icon
6. Directory Services
Icon
Introduction
Icon
Configuring Samba as an Active Directory compatible directory service
Icon
Joining a Linux box to the domain
7
7. Setting up File Storage
Icon
7. Setting up File Storage
Icon
Introduction
Icon
Serving files with SMB/CIFS through Samba
Icon
Granting authenticated access
Icon
Setting up an NFS server
Icon
Configuring WebDAV through Apache
8
8. Setting up E-mail
Icon
8. Setting up E-mail
Icon
Introduction
Icon
Configuring Postfix to send and receive e-mail
Icon
Setting up DNS records for e-mail delivery
Icon
Configuring IMAP
Icon
Configuring authentication for outbound e-mail
Icon
Configuring Postfix to support TLS
Icon
Blocking spam with Greylisting
Icon
Filtering spam with SpamAssassin
9
9. Configuring XMPP
Icon
9. Configuring XMPP
Icon
Introduction
Icon
Installing ejabberd
Icon
Configuring DNS for XMPP
Icon
Configuring the Pidgin client
10
10. Monitoring Your Network
Icon
10. Monitoring Your Network
Icon
Introduction
Icon
Installing Nagios
Icon
Adding Nagios users
Icon
Adding Nagios hosts
Icon
Monitoring services
Icon
Defining commands
Icon
Monitoring via NRPE
Icon
Monitoring via SNMP
11
11. Mapping Your Network
Icon
11. Mapping Your Network
Icon
Introduction
Icon
Detecting systems on your network with NMAP
Icon
Detecting Systems Using Arp-Scan
Icon
Scanning TCP ports
Icon
Scanning UDP ports
Icon
Identifying services
Icon
Identifying operating systems
12
12. Watching Your Network
Icon
12. Watching Your Network
Icon
Introduction
Icon
Setting up centralized logging
Icon
Installing a Snort IDS
Icon
Managing your Snort rules
Icon
Managing Snort logging
13
Index
Icon
Index

Connecting two networks

For our next step, we're going to add a second interface to server 1. In addition to 10.0.0.1/24 being configured on eth0, we're going to configure 192.168.0.1/24 on eth1. The second interface could just as easily be 10.0.1.1/24, but let's make sure that the networks are obviously different.

The systems should be configured similar to Figure 1:

Connecting two networks

How to do it…

Let's connect two networks:

  1. Configure the network interface on eth1 on server 1:
    # ip link set dev eth1 up
# ip addr add dev eth1 192.168.0.1/24
# ip addr list eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:99:ff:c1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.1/24 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe99:ffc1/64 scope link
       valid_lft forever preferred_lft forever
  2. Connect your third system to eth1 on server 1.
  3. Configure eth0 on server 3 with an IP address of 192.168.0.2:
    # ip link set dev eth0 up
# ip addr add dev eth0 192.168.0.2/24
# ip addr list eth1
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:99:ff:c2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.2/24 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe99:ffc1/64 scope link
       valid_lft forever preferred_lft forever
  4. Add a default route on server 3:
    # ip route add default via 192.168.0.1
  5. Enable routing on server 1:
    # echo net.ipv4.ip_forward=1 > /etc/sysctl.conf
# sysctl -p /etc/sysctl.conf
  6. Add a default route on server 2:
    # ip route add default via 10.0.0.1

How it works…

When you configure an IP address on a Linux system, you automatically have a route defined, which states that in order to access another IP address in the same subnet, you should use 0.0.0.0 as your gateway. This tells the IP stack that the system, if it exists, will be on the same layer as the two network segments, and that it should use ARP to determine the MAC address it should communicate with.

If you want to talk to a machine outside of that subnet, the system will need to know how to communicate with it. This is done by defining a route with a gateway IP address that you forward the packet to. You then depend on the gateway system to forward the packet to the correct destination.

Most commonly, you'll deal with a default route, which is the route that the system uses for any packet that is not deemed to be local. In our configuration, we tell the system that the default route is 192.168.0.1, which asks us to forward any non-local packets to an IP address configured on our server 1 box. This means that server 1 will act as our router.

You can also define more specific routes where you can explicitly define an IP address to forward packets to a specific IP address or subnet. This can be useful in a network where one router provides access to the Internet and a second router provides access to a second internal network.

At this point server 3, configured as 192.168.0.2, knows that IP addresses on 192.168.0.0/24 are local and any other packet should be sent to 192.168.0.1 in order to be forwarded. However, if you attempt to ping a system that is outside your local network (for example 10.0.0.2), it will not arrive. This is because routing on Linux systems is disabled by default and needs to be enabled on server 1 before it can forward packets. Enabling routing can be done by setting /proc/sys/net/ipv4/ip_forward to 1, or via sysctl, which is the manner in which we've chosen to set it.

Once routing is enabled, packets addressed from server 3 will be received by your router and forwarded to 10.0.0.2 (server 2) via eth0 on the router. 10.0.0.2 will receive the packet from your router and promptly attempt to respond. This response will fail, as server 2 does not have a defined route for accessing the 192.168.0.1/24 network. This is fixed by adding a default route on server 2 as well, but sending to the router's interface on the 10.0.0.0/24 network.

Now server 3 knows how to address server 2, server 2 knows how to address server 3, and server 1 routes packets between the two as needed. Congratulations, you have connected two networks.

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Linux Networking Cookbook
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon