Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Linux Networking Cookbook
  • Table Of Contents Toc
Linux Networking Cookbook

Linux Networking Cookbook

By : Dsouza, Gregory Boyce
3.5 (2)
Buy this Book
close
close
Linux Networking Cookbook

Linux Networking Cookbook

3.5 (2)
By: Dsouza, Gregory Boyce
Buy this Book

Overview of this book

Linux can be configured as a networked workstation, a DNS server, a mail server, a firewall, a gateway router, and many other things. These are all part of administration tasks, hence network administration is one of the main tasks of Linux system administration. By knowing how to configure system network interfaces in a reliable and optimal manner, Linux administrators can deploy and configure several network services including file, web, mail, and servers while working in large enterprise environments. Starting with a simple Linux router that passes traffic between two private networks, you will see how to enable NAT on the router in order to allow Internet access from the network, and will also enable DHCP on the network to ease configuration of client systems. You will then move on to configuring your own DNS server on your local network using bind9 and tying it into your DHCP server to allow automatic configuration of local hostnames. You will then future enable your network by setting up IPv6 via tunnel providers. Moving on, we’ll configure Samba to centralize authentication for your network services; we will also configure Linux client to leverage it for authentication, and set up a RADIUS server that uses the directory server for authentication. Toward the end, you will have a network with a number of services running on it, and will implement monitoring in order to detect problems as they occur.
Table of Contents (14 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. Configuring a Router
chevron up
Icon
1. Configuring a Router
Icon
Introduction
Icon
Setting up the physical network
Icon
Configuring IPv4
Icon
Configuring IPv4 permanently
Icon
Connecting two networks
Icon
Enabling NAT to the outside
Icon
Setting up DHCP
Icon
Setting up a firewall with IPtables
Icon
Setting up port forwarding
Icon
Adding VLAN Tagging
2
2. Configuring DNS
Icon
2. Configuring DNS
Icon
Introduction
Icon
Setting up your system to talk to a nameserver
Icon
Setting up a local recursive resolver
Icon
Configuring dynamic DNS on your local network
Icon
Setting up a nameserver for your public domain
Icon
Setting up a slave nameserver
3
3. Configuring IPv6
Icon
3. Configuring IPv6
Icon
Introduction
Icon
Setting up an IPv6 tunnel via Hurricane Electric
Icon
Using ip6tables to firewall your IPv6 traffic
Icon
Route an IPv6 netblock to your local network
4
4. Remote Access
Icon
4. Remote Access
Icon
Introduction
Icon
Installing OpenSSH
Icon
Using OpenSSH as a basic shell client
Icon
Using OpenSSH to forward defined ports
Icon
Using OpenSSH as a SOCKS proxy
Icon
Using OpenVPN
5
5. Web Servers
Icon
5. Web Servers
Icon
Introduction
Icon
Configuring Apache with TLS
Icon
Improving scaling with the Worker MPM
Icon
Setting up PHP using an Apache module
Icon
Securing your web applications using mod_security
Icon
Configuring NGINX with TLS
Icon
Setting up PHP in NGINX with FastCGI
6
6. Directory Services
Icon
6. Directory Services
Icon
Introduction
Icon
Configuring Samba as an Active Directory compatible directory service
Icon
Joining a Linux box to the domain
7
7. Setting up File Storage
Icon
7. Setting up File Storage
Icon
Introduction
Icon
Serving files with SMB/CIFS through Samba
Icon
Granting authenticated access
Icon
Setting up an NFS server
Icon
Configuring WebDAV through Apache
8
8. Setting up E-mail
Icon
8. Setting up E-mail
Icon
Introduction
Icon
Configuring Postfix to send and receive e-mail
Icon
Setting up DNS records for e-mail delivery
Icon
Configuring IMAP
Icon
Configuring authentication for outbound e-mail
Icon
Configuring Postfix to support TLS
Icon
Blocking spam with Greylisting
Icon
Filtering spam with SpamAssassin
9
9. Configuring XMPP
Icon
9. Configuring XMPP
Icon
Introduction
Icon
Installing ejabberd
Icon
Configuring DNS for XMPP
Icon
Configuring the Pidgin client
10
10. Monitoring Your Network
Icon
10. Monitoring Your Network
Icon
Introduction
Icon
Installing Nagios
Icon
Adding Nagios users
Icon
Adding Nagios hosts
Icon
Monitoring services
Icon
Defining commands
Icon
Monitoring via NRPE
Icon
Monitoring via SNMP
11
11. Mapping Your Network
Icon
11. Mapping Your Network
Icon
Introduction
Icon
Detecting systems on your network with NMAP
Icon
Detecting Systems Using Arp-Scan
Icon
Scanning TCP ports
Icon
Scanning UDP ports
Icon
Identifying services
Icon
Identifying operating systems
12
12. Watching Your Network
Icon
12. Watching Your Network
Icon
Introduction
Icon
Setting up centralized logging
Icon
Installing a Snort IDS
Icon
Managing your Snort rules
Icon
Managing Snort logging
13
Index
Icon
Index

Setting up a firewall with IPtables

We touched upon iptables a little while discussing NAT, but now we're going to go a bit deeper into configuring a secure firewall for your network.

How to do it…

A properly configured firewall should be configured in a default deny configuration with specific allows (Whitelist) for what you want to accept:

# iptables -A INPUT -i lo -j ACCEPT 
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# iptables -P INPUT DROP 
# iptables -P FORWARD DROP
# iptables -P OUTPUT ACCEPT
# iptables -A FORWARD -i eth0 -j ACCEPT
# iptables -t nat -A POSTROUTING -o eth2 \
-j MASQUERADE
# iptables -A FORWARD -i eth2 -o eth0 -m \
state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i eth0 -j ACCEPT

How it works…

We start off by setting an ACCEPT policy on traffic destined to the local system on the localhost adapter (-i lo). A lot of software expects to be able to communicate over the localhost adapter, so we want to make sure we don't inadvertently filter it.

Next, we set an ACCEPT policy for any packet that matches a state (-m state) of ESTABLISHED, RELATED. This command accepts packets which are a part of, or related to, an established connection. ESTABLISHED should be pretty straightforward. RELATED packets are special cases that the connection tracking module needs to have a prior knowledge of. An example of this is the FTP protocol operating in active mode. The FTP client in active mode connects to the server on port 21. Data transfers however, operate on a second connection originating from the ftp server from port 20. During the operation of the connection, the port 21 packets are ESTABLISHED, while the port 20 packets are RELATED.

The third command accepts any TCP connection (-p tcp) destined for port 22 (--dport 22) that is destined for your system. This rule allows you to SSH into the machine.

Next, we will define the default policies. By default, we drop packets on the INPUT and FORWARD chains and accept packets on the OUTPUT chain.

The last three lines you'll recognize from the NAT section, which tells the firewall to allow any packets starting on the internal network and heading out to the Internet.

Additional ACCEPT rules based upon destination ports can be opened as needed as INPUT lines, like the port 22 one.

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Linux Networking Cookbook
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon