Linux Network Administrators Guide

Table of Contents
1. Purpose and Audience for This Book
2. Sources of Information
3. File System Standards
4. Standard Linux Base
5. About This Book
6. The Official Printed Version
7. Overview
8. Conventions Used in This Book
9. Submitting Changes
10. Acknowledgments
1. Introduction to Networking
1.1. History
1.2. TCP/IP Networks
1.3. UUCP Networks
1.4. Linux Networking
1.5. Maintaining Your System
2. Issues of TCP/IP Networking
2.1. Networking Interfaces
2.2. IP Addresses
2.3. Address Resolution
2.4. IP Routing
2.5. The Internet Control Message Protocol
2.6. Resolving Host Names
3. Configuringthe NetworkingHardware
3.1. Kernel Configuration
3.2. A Tour of Linux Network Devices
3.3. Ethernet Installation
3.4. The PLIP Driver
3.5. The PPP and SLIP Drivers
3.6. Other Network Types
4. Configuring the Serial Hardware
4.1. Communications Software for Modem Links
4.2. Introduction to Serial Devices
4.3. Accessing Serial Devices
4.4. Serial Hardware
4.5. Using the Configuration Utilities
4.6. Serial Devices and the login: Prompt
5. Configuring TCP/IP Networking
5.1. Mounting the /proc Filesystem
5.2. Installing the Binaries
5.3. Setting the Hostname
5.4. Assigning IP Addresses
5.5. Creating Subnets
5.6. Writing hosts and networks Files
5.7. Interface Configuration for IP
5.8. All About ifconfig
5.9. The netstat Command
5.10. Checking the ARP Tables
6. Name Service and Resolver Configuration
6.1. The Resolver Library
6.2. How DNS Works
6.3. Running named
7. Serial Line IP
7.1. General Requirements
7.2. SLIP Operation
7.3. Dealing with Private IP Networks
7.4. Using dip
7.5. Running in Server Mode
8. The Point-to-Point Protocol
8.1. PPP on Linux
8.2. Running pppd
8.3. Using Options Files
8.4. Using chat to Automate Dialing
8.5. IP Configuration Options
8.6. Link Control Options
8.7. General Security Considerations
8.8. Authentication with PPP
8.9. Debugging Your PPP Setup
8.10. More Advanced PPP Configurations
9. TCP/IP Firewall
9.1. Methods of Attack
9.2. What Is a Firewall?
9.3. What Is IP Filtering?
9.4. Setting Up Linux for Firewalling
9.5. Three Ways We Can Do Filtering
9.6. Original IP Firewall (2.0 Kernels)
9.7. IP Firewall Chains (2.2 Kernels)
9.8. Netfilter and IP Tables (2.4 Kernels)
9.9. TOS Bit Manipulation
9.10. Testing a Firewall Configuration
9.11. A Sample Firewall Configuration
10. IP Accounting
10.1. Configuring the Kernel for IP Accounting
10.2. Configuring IP Accounting
10.3. Using IP Accounting Results
10.4. Resetting the Counters
10.5. Flushing the Ruleset
10.6. Passive Collection of Accounting Data
11. IP Masquerade and Network Address Translation
11.1. Side Effects and Fringe Benefits
11.2. Configuring the Kernel for IP Masquerade
11.3. Configuring IP Masquerade
11.4. Handling Name Server Lookups
11.5. More About Network Address Translation
12. ImportantNetwork Features
12.1. The inetd Super Server
12.2. The tcpd Access Control Facility
12.3. The Services and Protocols Files
12.4. Remote Procedure Call
12.5. Configuring Remote Loginand Execution
13. The Network Information System
13.1. Getting Acquainted with NIS
13.2. NIS Versus NIS+
13.3. The Client Side of NIS
13.4. Running an NIS Server
13.5. NIS Server Security
13.6. Setting Up an NIS Client with GNU libc
13.7. Choosing the Right Maps
13.8. Using the passwd and group Maps
13.9. Using NIS with Shadow Support
14. The NetworkFile System
14.1. Preparing NFS
14.2. Mounting an NFS Volume
14.3. The NFS Daemons
14.4. The exports File
14.5. Kernel-Based NFSv2 Server Support
14.6. Kernel-Based NFSv3 Server Support
15. IPX and the NCP Filesystem
15.1. Xerox, Novell, and History
15.2. IPX and Linux
15.3. Configuring the Kernel for IPXand NCPFS
15.4. Configuring IPX Interfaces
15.5. Configuring an IPX Router
15.6. Mounting a Remote NetWare Volume
15.7. Exploring Some of the Other IPX Tools
15.8. Printing to a NetWare Print Queue
15.9. NetWare Server Emulation
16. ManagingTaylor UUCP
16.1. UUCP Transfers and Remote Execution
16.2. UUCP Configuration Files
16.3. Controlling Access to UUCP Features
16.4. Setting Up Your System for Dialing In
16.5. UUCP Low-Level Protocols
16.6. Troubleshooting
16.7. Log Files and Debugging
17. Electronic Mail
17.1. What Is a Mail Message?
17.2. How Is Mail Delivered?
17.3. Email Addresses
17.4. How Does Mail Routing Work?
17.5. Configuring elm
18. Sendmail
18.1. Introduction to sendmail
18.2. Installing sendmail
18.3. Overview of Configuration Files
18.4. The and Files
18.5. Generating the File
18.6. Interpreting and Writing Rewrite Rules
18.7. Configuring sendmail Options
18.8. Some Useful sendmail Configurations
18.9. Testing Your Configuration
18.10. Running sendmail
18.11. Tips and Tricks
19. Getting EximUp and Running
19.1. Running Exim
19.2. If Your Mail Doesn't Get Through
19.3. Compiling Exim
19.4. Mail Delivery Modes
19.5. Miscellaneous config Options
19.6. Message Routing and Delivery
19.7. Protecting Against Mail Spam
19.8. UUCP Setup
20. Netnews
20.1. Usenet History
20.2. What Is Usenet, Anyway?
20.3. How Does Usenet Handle News?
21. C News
21.1. Delivering News
21.2. Installation
21.3. The sys File
21.4. The active File
21.5. Article Batching
21.6. Expiring News
21.7. Miscellaneous Files
21.8. Control Messages
21.9. C News in an NFS Environment
21.10. Maintenance Tools and Tasks
22. NNTP and thenntpd Daemon
22.1. The NNTP Protocol
22.2. Installing the NNTP Server
22.3. Restricting NNTP Access
22.4. NNTP Authorization
22.5. nntpd Interaction with C News
23. Internet News
23.1. Some INN Internals
23.2. Newsreaders and INN
23.3. Installing INN
23.4. Configuring INN: the Basic Setup
23.5. INN Configuration Files
23.6. Running INN
23.7. Managing INN: The ctlinnd Command
24. Newsreader Configuration
24.1. tin Configuration
24.2. trn Configuration
24.3. nn Configuration
A. Example Network:The Virtual Brewery
A.1. Connecting the Virtual Subsidiary Network
B. Useful Cable Configurations
B.1. A PLIP Parallel Cable
B.2. A Serial NULL Modem Cable
C. Linux Network Administrator's Guide, Second Edition Copyright Information
C.1. 0. Preamble
C.2. 1. Applicability and Definitions
C.3. 2. Verbatim Copying
C.4. 3. Copying in Quantity
C.5. 4. Modifications
C.6. 5. Combining Documents
C.7. 6. Collections of Documents
C.8. 7. Aggregation with Independent Works
C.9. 8. Translation
C.10. 9. Termination
C.11. 10. Future Revisions of this License
D. SAGE: The SystemAdministrators Guild
List of Tables
2-1. IP Address Ranges Reserved for Private Use
4-1. setserial Command-Line Parameters
4-2. stty Flags Most Relevant to Configuring Serial Devices
7-1. Linux Slip-Line Disciplines
7-2. /etc/diphosts Field Description
9-1. Common Netmask Bit Values
9-2. ICMP Datagram Types
9-3. Suggested Uses for TOS Bitmasks
13-1. Some Standard NIS Maps and Corresponding Files
15-1. XNS, Novell, and TCP/IP Protocol Relationships
15-2. ncpmount Command Arguments
15-3. Linux Bindery Manipulation Tools
15-4. nprint Command-Line Options
List of Figures
1-1. The three steps of sending a datagram from erdos to quark
2-1. Subnetting a class B network
2-2. A part of the net topology at Groucho Marx University
3-1. The relationship between drivers, interfaces, and hardware
6-1. A part of the domain namespace
9-1. The two major classes of firewall design
9-2. The stages of IP datagram processing
9-3. FTP server modes
9-4. A simple IP chain ruleset
9-5. The sequence of rules tested for a received UDP datagram
9-6. The rules flow for a received TCP datagram for ssh
9-7. The rules flow for a received TCP datagram for telnet
9-8. Datagram processing chain in IP chains
9-9. Datagram processing chain in netfilter
11-1. A typical IP masquerade configuration
15-1. IPX internal network
16-1. Interaction of Taylor UUCP configuration files
20-1. Usenet newsflow through Groucho Marx University
21-1. News flow through relaynews
23-1. INN architecture (simplified for clarity)
A-1. The Virtual Brewery and Virtual Winery subnets
A-2. The Virtual Brewery Network
B-1. Parallel PLIP cable
B-2. Serial NULL-Modem cable
List of Examples
4-1. Example rc.serial setserial Commands
4-2. Output of setserial -bg /dev/ttyS Command
4-3. Example rc.serial stty Commands
4-4. Example rc.serial stty Commands Using Modern Syntax
4-5. Output of stty -a Command
4-6. Sample /etc/mgetty/mgetty.config File
6-1. Sample host.conf File
6-2. Sample nsswitch.conf File
6-3. Sample nsswitch.conf File Using an Action Statement
6-4. An Excerpt from the named.hosts File for the Physics Department
6-5. An Excerpt from the named.hosts File for GMU
6-6. An Excerpt from the named.rev File for Subnet 12
6-7. An Excerpt from the named.rev File for Network 149.76
6-8. The named.boot File for vlager
6-9. The BIND 8 equivalent named.conf File for vlager
6-10. The File
6-11. The named.hosts File
6-12. The named.local File
6-13. The named.rev File
7-1. A Sample dip Script
12-1. A Sample /etc/inetd.conf File
12-2. A Sample /etc/services File
12-3. A Sample /etc/protocols File
12-4. A Sample /etc/rpc File
12-5. Example ssh Client Configuration File
13-1. Sample ypserv.securenets File
13-2. Sample nsswitch.conf File
18-1. Sample Configuration File vstout.smtp.m4
18-2. Sample Configuration File vstout.uucpsmtp.m4
18-3. Rewrite Rule from vstout.uucpsmtp.m4
18-4. Sample aliases File
18-5. Sample Output of the mailstats Command
18-6. Sample Output of the oststat Command