------------------------- Week 10 Notes for NET2003 ------------------------- -Ian! D. Allen - idallen@idallen.ca Remember - knowing how to find out an answer is more important than memorizing the answer. Learn to fish! RTFM! (Read The Fine Manual) Keep up on your readings (Course Outline: average 5 hours/week homework) "ALN" = "Advanced Linux Networking" text Mandrake Mini system (300MB/650MB) ---------------------------------- You should have a working Mandrake Mini system installed this week, following instructions in Notes file mandrake_install.txt . The basic installed system occupies about 300MB on disk. Re-installing a basic (non-upgraded) Mini system using the installer should only take a few minutes, if something goes wrong with your Mini system. Installing all the upgrades to the Mini system and adding the next series of packages may take an hour, over the network, if you work from home, depending on network load. (See Notes file mandrake_config.txt for how to upgrade.) If you work in the labs and use the lab.idallen.ca update server available in T111/114/115, you can update in a few minutes; see Notes file t111_server.txt for details. The upgraded/updated system with extra packages installed (including mozilla) occupies about 650MB on disk. Once you have an installed and upgraded your Mini system, back it up into another partition before you make any changes. See Notes file server_admin.txt for backup/restore methods. Journalling File System ----------------------- You created "journalling" file systems on you Mini system, using the "-j" option to mke2fs. This type of Linux journalling file system is usually called "ext3", and some distributions have a small shell script named "mke3fs" that simply calls mke2fs with the "-j" option. Journalling file systems are more resistant to corruption due to sudden power loss, allowing the system to come back up more quickly by avoiding a file system check at boot time. (This does *NOT* give you permission to power off a running Linux system! Always shut down cleanly.) Network hardware ---------------- Reference: ALN p.31-51 Most Linux distributions contain auto-configuration programs that detect your network card and create the necessary start-up code to load the correct network drivers for you. Ethernet card network interfaces are given names such as "eth0" and "eth1" using alias names in /etc/modules.conf or, for newer 2.6 kernels, /etc/modprobe.conf (ALN p.32). The alias names connect the abstract names "eth0", "eth1", etc. with the actual Ethernet driver module names. Linux network driver modules are kept in /lib/modules/*/kernel/drivers/net/ and you can insert these drivers into your kernel (so that it recognizes a particular Ethernet card) using "modprobe" and just the module name, e.g.: # modprobe 3c59x To display loaded kernel modules (including drivers for Ethernet cards): # lsmod To see the latest kernel status messages related to loading a module or driver, use the "dmesg" command, and also check the system log files under /var/log/. Once the correct modules are loaded, you can display the known network interfaces, use: # netstat -ai # all possible interfaces # netstat -i # only active interfaces Four Network Parameter Requirements ----------------------------------- Your machine needs four network parameters to be a good network citizen: 1. a host name (fully qualified with a domain name) 2. an IP address assigned to at least one connected network card 3. a default route to a gateway machine 4. addresses of DNS server(s) to resolve host names The "hostname" command shows and sets the machine host name. ALN p.48 The "ifconfig" command shows and sets IP addresses on interfaces. ALN p.36 A "gateway" machine is a machine on your local network to which packets will be sent if your machine doesn't know where else to send them. Without a gateway, your machine can only communicate with other machines on the local network segment. The "route" command shows you your routing tables, including the "default" route to your gateway machine. ALN p.40-42 You can run your machine without defining any DNS servers, in which case you will have to use IP addresses (not names) for all hosts. The file /etc/resolv.conf ("man resolv.conf") contains definitions of your domain name and DNS servers. ALN p.47 Network configuration - DHCP or static --------------------- With reference to the above four network parameter requirements: 1. DHCP often supplies the host name for your machine. If needed, your host name can be set as a parameter "HOSTNAME" defined in file "/etc/sysconfig/network". 2. Mandrake/RedHat systems keep basic network configuration information (including IP address, unless DHCP is used) for a card named "eth0" in a file named "/etc/sysconfig/network-scripts/ifcfg-eth0". 3. Interface-independent information (including the default gateway used for routing, unless DHCP is used) is kept in "/etc/sysconfig/network". 4. All Unix/Linux machines keep DNS resolver information in "/etc/resolv.conf". (A DHCP client overwrites this file if DHCP is used.) A. DHCP networking ------------------ For the DHCP client to work, your system must have some DHCP client software package installed. One package used on Mandrake/RedHat systems is "dhcp-client" (the exact version number will vary): # rpm -q dhcp-client dhcp-client-3.0.1-5mdk A Mandrake DHCP client configuration requires you to edit just two files: # cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes # cat /etc/sysconfig/network NETWORKING=yes A DHCP-configured machine usually receives all four of the required network parameters (hostname and domain, IP address, Gateway address, and DNS server info) via the DHCP protocol. The /etc/resolv.conf file is set up automatically (overwritten!) when your client gets its IP address via DHCP. You can use these commands to query the state of your machine (host name, IP address(es), gateway address [default route], and DNS information): # hostname foo.happy.machine.ca # ifconfig eth0 eth0 Link encap:Ethernet HWaddr 01:A0:CC:2C:A8:00 inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 [...] # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 # ip route 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2 default via 192.168.1.1 dev eth0 # cat /etc/resolv.conf search happy.machine.ca nameserver 192.168.1.3 nameserver 192.168.1.4 Given a properly configured set of ifcfg-eth? files using DHCP, there is no need to manually use "hostname", "ifconfig" or "route" to configure your network address or routing tables in a Mandrake/RedHat system - the start-up script "network" does all that for you. You can use the above commands to display the current host name, network, route, and DNS information. B. static networking -------------------- If you use static addresses instead of DHCP for one or more of your network interfaces, you must set some or all of the required four network configuration parameters yourself (host name, IP address(es), gateway machine, DNS servers). You may not have to set all of the parameters if your host has multiple interfaces and some other interface already sets some of the four required network parameters. If you use only static IP addressing (no DHCP) in the ifcfg-eth* files, you must also provide the Gateway IP (default route) as the "GATEWAY" parameter in /etc/sysconfig/network and the DNS domain and name server info in file /etc/resolv.conf. ("man resolv.conf") A static (non-DHCP) configuration requires you to edit three files (the actual values used below are just examples): # cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static ONBOOT=yes IPADDR=192.168.1.2 NETMASK=255.255.255.0 # cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=my.happy.machine.ca GATEWAY=192.168.1.1 GATEWAYDEV=eth0 # cat /etc/resolv.conf domain happy.machine.ca nameserver 192.168.1.200 nameserver 192.168.1.201 nameserver 10.1.23.1 The ifcfg-eth? files now say "static" instead of "dhcp". The host name is defined. You set your own gateway machine IP address, e.g. 1.2.3.4, by adding "GATEWAY=1.2.3.4" to file "/etc/sysconfig/network". You can define your domain name and up to three DNS servers manually in /etc/resolv.conf ("man resolv.conf"). The same commands as before display the current host name, network, route, and DNS information: hostname, ifconfig, route (and "ip route"), and "cat /etc/resolv.conf" Network start/stop ------------------ Reference: ALN Chapter 4 - "Starting Servers" p.79-89 Mandrake networking is started/stopped using the SysV start-up script named "network" (found under /etc/init.d/): # chkconfig --list network network 0:off 1:off 2:on 3:on 4:on 5:on 6:off # /etc/init.d/network status Configured devices: lo eth0 Currently active devices: lo eth0 The "network" SysV script is linked into the run level directories. You can also call the script manually: # /etc/init.d/network stop # /etc/init.d/network start Using this network start/stop script will affect all your configured network interfaces, including the "loopback" interface, and configure your default gateway. Using the "ifup" and "ifdown" scripts affects only one interface and may not set your default gateway. Use the network script unless you are doing something unusual. Network-related system start-up scripts --------------------------------------- Reference: ALN Chapter 4 - "Starting Servers" p.79-89 Once you have your network working, it's time to enable network clients and servers. Here is a typical list of service scripts started in the Mandrake Mini system after we have installed the updated list of packages described in mandrake_config.txt: # chkconfig --list | grep :on | sort alsa 0:off 1:off 2:on 3:on 4:on 5:on 6:off crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off dm 0:off 1:off 2:off 3:off 4:off 5:on 6:off httpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off keytable 0:off 1:off 2:on 3:on 4:on 5:on 6:off kheader 0:off 1:off 2:on 3:on 4:off 5:on 6:off named 0:off 1:off 2:off 3:on 4:on 5:on 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off numlock 0:off 1:off 2:off 3:on 4:on 5:on 6:off partmon 0:off 1:off 2:off 3:on 4:on 5:on 6:off portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off proftpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off shorewall 0:off 1:off 2:on 3:on 4:on 5:on 6:off smb 0:off 1:off 2:off 3:on 4:off 5:on 6:off sound 0:off 1:off 2:on 3:on 4:on 5:on 6:off sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off The Mandrake Mini system comes with system and kernel logging enabled via the SysV start-up script named "syslog" (found under /etc/init.d/). Looking at /etc/syslog.conf, we see that most system messages ("*.*") get logged to file /var/log/syslog ("man syslog.conf"): *.*;auth,authpriv.none -/var/log/syslog The X11 interface with XDMCP display manager "dm" are started only in run level 5. (See ALN Chapter 14.) You can change the default boot run level via the "initdefault" line in /etc/inittab ("man inittab"). The "telinit" command can change run levels in a running system ("man telinit"). Changing run levels will affect which services are running, using the start/stop scripts defined in /etc/rc?.d/. Other key network-related services listed in the chkconfig output: httpd - the Apache web server - ALN Chapter 20 named - the Berkeley Internet Name Daemon (BIND) DNS server - ALN Ch. 18 ntpd - Network Time Protocol daemon - ALN Chapter 10 postfix - an SMTP server (Mail Transfer Agent - MTA) - ALN p.507 proftpd - an FTP server - ALN Chapter 21 shorewall - a script to configure iptables firewall rules - ALN Ch. 25 smb - Samba: a Windows-style SMB file share server - ALN Chapter 7 sshd - the Secure Shell SSH server - ALN p.321 xfs - the X Font Server (for X11 fonts) - ALN Chapter 15 xinetd - a multi-server server that can start many others - ALN p.96. Network Diagnostic Tools ------------------------ Please re-read the "Acceptable Use Warning" on the course home page. Note that at Algonquin College many/most network tools (even ping and traceroute) will *NOT* work from campus to the Internet. Sorry. (We hope to have that fixed some day.) Try them at home instead. These tools are helpful in diagnosing network problems: arp - show/change MAC addresses known to this host ethereal - GUI packet sniffer mtr - ping-style traceroute: packet route diagnostic netcat (nc) - Network Swiss Army Knife: connect/listen to ports netstat -natu - list open and listening TCP and UDP connections nmap - Network Mapper - port prober ping - ICMP echo generator/receiver tcpdump - command-line (non-GUI) packet sniffer telnet - TCP connection program: use when netcat is not available traceroute - packet route diagnostic Major service port numbers (often seen in trace output): - port numbers are given names in file /etc/services TCP 20-21 ftp data and control TCP 22 SSH TCP 23 telnet TCP 25 SMTP (sending email) UDP 67-68 DHCP UDP/TCP 53 domain (DNS) TCP 80 HTTP (WWW) TCP 110 POP3 (receiving email) TCP 113 ident (identifying incoming TCP connections) TCP 119 NNTP (Network News) UDP/TCP 123 NTP (Network Time) UDP/TCP 137-139 Microsoft netbios (SMB) (Samba) TCP 443 HTTPS secure WWW Configuring NTP - ALN Chapter 10 --------------- - why run a time server at all? p.242 - what is a "stratum 3" or "stratum 4" time server? p.243 - what is "slewing" a system clock? p.244 - True/False: the ntp program can correct any size time differences. p.244 - True/False: the Linux ntp service start-up script calls the ntpdate program to correct large clock differences. (go look at the script!) - True/False: running NTP automatically keeps your system's hardware clock synchronized. p.245 - True/False: The NTP service on Linux is server-only. Other compters can connect to this computer to receive time information; but, this computer does not synchronize with other computers unless you install another package than ntp). p.245/246 - True/False: the "rdate" program (p.246) is not installed on your Mini system, nor is it available in any Mandrake package. (urpmq) - where is the ntp configuration file kept? p.246 - how do you specify time servers in the config file? p.246 - True/False: the default config file supplied with Mandrake Linux for ntp does not work. p.247 - what network tool is useful in choosing the best NTP server? p.248 - how do you get ntp to re-read its configuration file? p.248 - can some NTP servers require authentication? p.252 - True/False: if you have many computers, you should configure them all to query the same remote ntp servers. p.252 - True/False: if you want high-precision time keeping, you should run the ntpdate program instead of ntp. p.252 - True/False: the ntpdate program is replacing ntp. p.253 - ntp runs continually as a server daemon. How do you run ntpdate? p.254 - True/False: the best time to synchronize your system clock is at midnight, when other time servers are most accurate. p.254