Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Linux Networking Cookbook
  • Table Of Contents Toc
Linux Networking Cookbook

Linux Networking Cookbook

By : Dsouza, Gregory Boyce
3.5 (2)
Buy this Book
close
close
Linux Networking Cookbook

Linux Networking Cookbook

3.5 (2)
By: Dsouza, Gregory Boyce
Buy this Book

Overview of this book

Linux can be configured as a networked workstation, a DNS server, a mail server, a firewall, a gateway router, and many other things. These are all part of administration tasks, hence network administration is one of the main tasks of Linux system administration. By knowing how to configure system network interfaces in a reliable and optimal manner, Linux administrators can deploy and configure several network services including file, web, mail, and servers while working in large enterprise environments. Starting with a simple Linux router that passes traffic between two private networks, you will see how to enable NAT on the router in order to allow Internet access from the network, and will also enable DHCP on the network to ease configuration of client systems. You will then move on to configuring your own DNS server on your local network using bind9 and tying it into your DHCP server to allow automatic configuration of local hostnames. You will then future enable your network by setting up IPv6 via tunnel providers. Moving on, we’ll configure Samba to centralize authentication for your network services; we will also configure Linux client to leverage it for authentication, and set up a RADIUS server that uses the directory server for authentication. Toward the end, you will have a network with a number of services running on it, and will implement monitoring in order to detect problems as they occur.
Table of Contents (14 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. Configuring a Router
chevron up
Icon
1. Configuring a Router
Icon
Introduction
Icon
Setting up the physical network
Icon
Configuring IPv4
Icon
Configuring IPv4 permanently
Icon
Connecting two networks
Icon
Enabling NAT to the outside
Icon
Setting up DHCP
Icon
Setting up a firewall with IPtables
Icon
Setting up port forwarding
Icon
Adding VLAN Tagging
2
2. Configuring DNS
Icon
2. Configuring DNS
Icon
Introduction
Icon
Setting up your system to talk to a nameserver
Icon
Setting up a local recursive resolver
Icon
Configuring dynamic DNS on your local network
Icon
Setting up a nameserver for your public domain
Icon
Setting up a slave nameserver
3
3. Configuring IPv6
Icon
3. Configuring IPv6
Icon
Introduction
Icon
Setting up an IPv6 tunnel via Hurricane Electric
Icon
Using ip6tables to firewall your IPv6 traffic
Icon
Route an IPv6 netblock to your local network
4
4. Remote Access
Icon
4. Remote Access
Icon
Introduction
Icon
Installing OpenSSH
Icon
Using OpenSSH as a basic shell client
Icon
Using OpenSSH to forward defined ports
Icon
Using OpenSSH as a SOCKS proxy
Icon
Using OpenVPN
5
5. Web Servers
Icon
5. Web Servers
Icon
Introduction
Icon
Configuring Apache with TLS
Icon
Improving scaling with the Worker MPM
Icon
Setting up PHP using an Apache module
Icon
Securing your web applications using mod_security
Icon
Configuring NGINX with TLS
Icon
Setting up PHP in NGINX with FastCGI
6
6. Directory Services
Icon
6. Directory Services
Icon
Introduction
Icon
Configuring Samba as an Active Directory compatible directory service
Icon
Joining a Linux box to the domain
7
7. Setting up File Storage
Icon
7. Setting up File Storage
Icon
Introduction
Icon
Serving files with SMB/CIFS through Samba
Icon
Granting authenticated access
Icon
Setting up an NFS server
Icon
Configuring WebDAV through Apache
8
8. Setting up E-mail
Icon
8. Setting up E-mail
Icon
Introduction
Icon
Configuring Postfix to send and receive e-mail
Icon
Setting up DNS records for e-mail delivery
Icon
Configuring IMAP
Icon
Configuring authentication for outbound e-mail
Icon
Configuring Postfix to support TLS
Icon
Blocking spam with Greylisting
Icon
Filtering spam with SpamAssassin
9
9. Configuring XMPP
Icon
9. Configuring XMPP
Icon
Introduction
Icon
Installing ejabberd
Icon
Configuring DNS for XMPP
Icon
Configuring the Pidgin client
10
10. Monitoring Your Network
Icon
10. Monitoring Your Network
Icon
Introduction
Icon
Installing Nagios
Icon
Adding Nagios users
Icon
Adding Nagios hosts
Icon
Monitoring services
Icon
Defining commands
Icon
Monitoring via NRPE
Icon
Monitoring via SNMP
11
11. Mapping Your Network
Icon
11. Mapping Your Network
Icon
Introduction
Icon
Detecting systems on your network with NMAP
Icon
Detecting Systems Using Arp-Scan
Icon
Scanning TCP ports
Icon
Scanning UDP ports
Icon
Identifying services
Icon
Identifying operating systems
12
12. Watching Your Network
Icon
12. Watching Your Network
Icon
Introduction
Icon
Setting up centralized logging
Icon
Installing a Snort IDS
Icon
Managing your Snort rules
Icon
Managing Snort logging
13
Index
Icon
Index

Setting up port forwarding

In the previous section, we configured iptables to accept connections to port 22 in order to allow people to SSH into the host. Sometimes, you want to forward a port to a system behind the firewall instead of having the service run on the firewall itself. For example, you may have a web server running on port 8080 on an internal box that you want to expose to the Internet via port 80 on the firewall.

How to do it…

  1. Rewrite packets addressed to port 80 to instead go to port 8080:
    # iptables -t nat -A PREROUTING -p tcp -i eth2 --dport 80 \
-j DNAT --to-destination 192.168.0.200:8080
  2. Accept any packets addressed to 192.168.0.200 port 8080:
    # iptables -A FORWARD -p tcp -d 192.168.0.200 \
--dport 8080 -m state --state NEW,ESTABLISHED,RELATED \
-j ACCEPT

How it works…

This example is a lot simpler since it builds upon concepts we've already learned. We just have two simple commands:

  • First we set up a PREROUTING rule which will be processed once the packet is received, prior to any routing rules being applied. If the packet is TCP and came in on the Internet interface (eth2) with a destination port, then the packet is added to the destination NAT (DNAT) chain with a final destination of 192.168.0.200 port 8080.
  • Next, any packet destined for 192.168.0.200 port 8080 is either a new connection or an established connection; the packet is then accepted for forwarding to the destination.
Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Linux Networking Cookbook
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon