Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
Basic TCP/IP networkingGrado en Informatica. 2013
Departamento de ComputacionFacultad de InformaticaUniversidad de Coruna
Antonio Yanez Izquierdo
(Antonio Yanez Izquierdo) Basic TCP/IP networking 1 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
Contents I
1 Basic network configurationsolarisopenbsdlinux
2 Routes
3 Network interface aliasing
4 inetd configurationtcpwrappersinetd and tcpwrappers in Solaris
(Antonio Yanez Izquierdo) Basic TCP/IP networking 2 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
Basic network configuration
solarisopenbsdlinux
(Antonio Yanez Izquierdo) Basic TCP/IP networking 3 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
basic IP v4 configuration
to properly configure a machine using ipv4 we have toconfigure
the machine namethe Network Interface Cardsthe routesthe dns (if using it)
(Antonio Yanez Izquierdo) Basic TCP/IP networking 4 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
basic NIC configuration
The bassic things we have to configure for a NetworkInterface Card are
its ip addressits netmask (number of bits in its ip address thatcorrespond to network address)its broadcast address
(Antonio Yanez Izquierdo) Basic TCP/IP networking 5 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
ways to configure the network
there are two ways to configure the network
manual configuration: we configure manually each of theparamaters, either directly using the comand line orthrough the boot scriptsusing dhcp: the network interface card asks for itsconfiguration to a machine in the network (the dhcpserver). This can be done directly through the comand lineor using the boot scripts
most systems have a graphic utility to configure thenetwork, which can be used to configure either manuallyor via dhcp. We won’t deal with those utilities, neither willwe deal with the wireless configuration options
(Antonio Yanez Izquierdo) Basic TCP/IP networking 6 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
ifconfig
the comand ifconfig configures network interfaces,
it is usually located at /sbin/ifconfig
it can configure interfaces both manually or using dhcp
ifconfig -a shows the actual configuration of theNetwork Interface Cards
(Antonio Yanez Izquierdo) Basic TCP/IP networking 7 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
configuring the dns
the configuration of the dns resides on the file/etc/resolv.conf
this file has the options to the resolver configuration. Themost common options are
nameserver to specify the address of a domain nameserver, up to 3 can be defineddomain (optional) to sepecify the local domain. Shortnames are supposed to be from this domain
example of /etc/resolv.conf file
domain dc.if.udc.es.
nameserver 193.144.51.10
nameserver 192.144.48.30
(Antonio Yanez Izquierdo) Basic TCP/IP networking 8 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
the /etc/hosts file
this file contains the locally defined ip addresses of hosts
its format is
ip_address host_name aliases
example of /etc/hosts
127.0.0.1 localhost
192.168.1.99 abyecto.dc.fi.udc.es abyecto
(Antonio Yanez Izquierdo) Basic TCP/IP networking 9 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
the /etc/nsswitch.conf file
this file is used to determine the sources from where toobtain name-service information of several categories:hosts, users, mail aliases . . .
it also specifies the order in which this sources ofinformation should be queried
in the following example, the hosts ips are first searchedfor in the local files, then the dns is queried
passwd: compat
group: compat
shadow: compat
hosts: files dns
networks: files
(Antonio Yanez Izquierdo) Basic TCP/IP networking 10 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
NIC configuration in solaris
the interfaces are named after the driver in the kernel thatmanages them.
example: the kernel uses the e1000g driver for Intel(R)PRO/1000 NICS. Cards of this type will get the namese1000g0, e1000g1 . . .
ifconfig interface name plumb: plumbs (or connects)the interface: no configuration can be done before this,even ifconfig won’t show the interface until it is plumbed
ifconfig interface name dhcp configures the cardinterface name using dhcp.
(Antonio Yanez Izquierdo) Basic TCP/IP networking 11 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
NIC configuration in solaris
ifconfig interface name inet addr netmask netmbroadcast bcast configures the card interface name withaddress addr, netmask netm and broadcast address bcast.If omitted broadcast defaults to using 1’s in the hostnumber. The netmask can also be specified in the formataddress/network bits, or can be specified through one ofthe netwroks defined in /etc/networks#ifconfig e1000g1 inet 192.168.1.100 netmask 255.255.255.0
#ifconfig e1000g1 inet 192.168.1.100/24
ifconfig interface name up brings the interface up
(Antonio Yanez Izquierdo) Basic TCP/IP networking 12 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
NIC configuration in solaris at boot time
if we want to get the interfaces automatically configuredat boot time (via svc:/network/physical) we’ll use thefollowing files
interfaces using dhcp/etc/hostname.interface name: empty file to plumbthe interface/etc/dhcp.interface name: empty file to get theinterface configured with dhcp
interfaces configured manually/etc/hostname.interface name: file containing thenecessary parameters passed to ifconfig to configure theinterface. The ’inet’ parameter is omitted: should wewant to configure an ’inet6’ interface we would use an/etc/hostname6.interface name file
# cat /etc/hostname.e1000g1
192.168.1.100 netmask 255.255.255.0
#
(Antonio Yanez Izquierdo) Basic TCP/IP networking 13 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
NIC configuration in solaris at boot time
/etc/nodename: contains the name of the system. It isneccessary if the system is configured via dhcp if theDHCP server does not provide a value for the hostname.The system can also get the name from the /etc/hosts
database using the ip from the primary network card
/etc/defaultrouter: the ip address (or name if definedin /etc/hosts) of the default router.
/etc/defaultdomain: a single line containing a host’sdomain name
/etc/networks: used to associate network names tonetwork addresses
(Antonio Yanez Izquierdo) Basic TCP/IP networking 14 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
NIC configuration in openBSD
the interfaces are named after the driver in the kernel thatmanages them.
example: the kernel uses the em driver for Intel(R)PRO/1000 NICS. Cards of this type will get the namesem0, em1 . . .
dhclient interface name configures the cardinterface name using dhcp.
(Antonio Yanez Izquierdo) Basic TCP/IP networking 15 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
NIC configuration in openBSD
ifconfig interface name inet address netmaskbroadcast configures the card interface name withaddress address, netmask netmask and broadcast addressbroadcast.I#ifconfig em0 inet 192.168.1.100 255.255.255.0 192.168.1.255
ifconfig interface name up brings the interface up
(Antonio Yanez Izquierdo) Basic TCP/IP networking 16 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
NIC configuration in openBSD at boot time
if we want to get the interfaces automatically configuredat boot time (via /etc/netstart) we’ll use the followingfiles
interfaces using dhcp
/etc/hostname.interface name file containing the worddhcp (see hostname.if man page)
interfaces configured manually
/etc/hostname.interface name file containing thenecessary parameters passed to ifconfig to configure theinterface. If we’d want to configure an ’inet6’ interface wewould use inet6 instead of inet in the/etc/hostname.interface name file
# cat /etc/hostname.em0
inet 192.168.1.100 255.255.255.0 192.168.1.255
#
(Antonio Yanez Izquierdo) Basic TCP/IP networking 17 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
NIC configuration in openBSD at boot time
/etc/myname Contains the complete name of the system
/etc/mygate Contains the ip address of the defaultrouter.
(Antonio Yanez Izquierdo) Basic TCP/IP networking 18 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
NIC configuration in linux
the interfaces are named eth0, eth1, eth2 . . .the names eth0, eth1, eth2 . . . are asigned to theinterfaces THE FIRST TIME the kernel recognices them.This is stored in the file/etc/udev/rules.d/70-persistent-net.rules, whereit can be changed if necessary.
on older versions of linux the names were assigned eachtime the system booted, and this was driver-loading-orderdendent.
abyecto:/home/antonio# cat /etc/udev/rules.d/70-persistent-net.rules
# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.
# PCI device 0x11ab:0x4363 (sky2)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:24:be:40:5c:4b", ATTR{dev_id}=="0x0",
ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
# PCI device 0x8086:0x4232 (iwlagn)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:24:d6:0e:ae:a0", ATTR{dev_id}=="0x0",
ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan0"
abyecto:/home/antonio#(Antonio Yanez Izquierdo) Basic TCP/IP networking 19 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
NIC configuration in linux
dhclient interface name configures the cardinterface name using dhcp.
ifconfig interface name inet address addr netmasknetmk broadcast bcast configures the cardinterface name with address addr, netmask netmk andbroadcast address bcast.I
#ifconfig eth0 inet 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255
ifconfig interface name up brings the interface up (sameas ifup)
(Antonio Yanez Izquierdo) Basic TCP/IP networking 20 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
NIC configuration in linux at boot time
if we want to get the interfaces automatically configuredat boot time (via /etc/init.d/networking) debiansystems and derivatives will look for the file/etc/network/interfaces (see interfaces man page)/etc/hostname Contains the name of the system (eitherthe fully qualified domain name or just the nodename)Sample /etc/network/interfaces with just one NICmanually configured
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
#allow-hotplug eth0
auto eth0
iface eth0 inet static
address 192.168.1.99
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
(Antonio Yanez Izquierdo) Basic TCP/IP networking 21 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
solaris
openbsd
linux
Routes
Networkinterfacealiasing
inetdconfiguration
NIC configuration in linux at boot time
Sample /etc/network/interfaces with just two NICs
root@abyecto:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo eth0 eth1
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
# internal network
allow-hotplug eth1
iface eth1 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
breadcast 192.168.1.255
(Antonio Yanez Izquierdo) Basic TCP/IP networking 22 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
Routes
(Antonio Yanez Izquierdo) Basic TCP/IP networking 23 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
route configuration at boot time
we’ll deal only with the most simple case of routing: Asingle default route. If we’re using dhcp this is configuredautomatically. If not
solaris through the /etc/defaultrouter fileopenBSD through the /etc/mygate file
linux in the /etc/network/interfaces file with the wordgateway
(Antonio Yanez Izquierdo) Basic TCP/IP networking 24 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
manipulating the route
the commands to manipulate the routing table are
solaris route and routeadmopenBSD route
linux route
to show the routing table we use netstat -r. In linux wecan also use route without arguments
(Antonio Yanez Izquierdo) Basic TCP/IP networking 25 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
Network interface aliasing
(Antonio Yanez Izquierdo) Basic TCP/IP networking 26 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
interface aliasing
By interface aliasing we refer to the act of giving aNetwork Interface Card more than one IP address. (solariscalls them logical interfaces)
linux we configure these alias as we would do with a non-aliasedinterface but using the names eth0:0, eth0:1. . . , eth1:0. . . .To get it configured at boot time we just add an entry forit in the file /etc/network/interfaces as we would dowith a non-aliased interface
# ifconfig eth0:0 192.168.1.11 up
(Antonio Yanez Izquierdo) Basic TCP/IP networking 27 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
interface aliasing
solaris We configure these alias as we would do with a non-aliasedinterface but using the namesinterface name:alias number.
The alias must be plumbed separately.To get them configured at boot we must proceed to createthe file /etc/hostname.interface name:alias number
# ifconfig pcn0:1 plumb
# ifconfig pcn0:1 inet 19.10.2.45 netmask 255.0.0.0
(Antonio Yanez Izquierdo) Basic TCP/IP networking 28 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
interface aliasing
openBSD We use the option alias of ifconfig
# ifconfig em0 alias 10.1.2.4 255.0.0.0
In the /etc/hostname.interface name file we add oneline for each alias of the NIC
# cat /etc/hostname.em0
inet 192.168.1.100 255.255.255.0 192.168.1.255
inet alias 10.1.2.4 255.0.0.0
(Antonio Yanez Izquierdo) Basic TCP/IP networking 29 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
tcpwrappers
inetd andtcpwrappers inSolaris
inetd configuration
tcpwrappersinetd and tcpwrappers in Solaris
(Antonio Yanez Izquierdo) Basic TCP/IP networking 30 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
tcpwrappers
inetd andtcpwrappers inSolaris
inetd configuration
inetd is called the internet superserver
Some internet services listen directly to theircorresponding port, others are started by inetd
When a conexion request arrives on a designated port,inetd starts the appropiated server program
This allows for server programs to run only when needed,thus saving resources on the system
Two files control the working of inetd/etc/services
/etc/inetd.conf
(Antonio Yanez Izquierdo) Basic TCP/IP networking 31 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
tcpwrappers
inetd andtcpwrappers inSolaris
/etc/services
/etc/inet/services on some systems
this file has a mapping between the port numbers andprotocol to the services names. Info can be found in theservices man page. A fragment from an acual/etc/services is shown
ftp 21/tcp
fsp 21/udp fspd
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp
telnet 23/tcp
smtp 25/tcp mail
time 37/tcp timserver
time 37/udp timserver
rlp 39/udp resource # resource location
nameserver 42/tcp name # IEN 116
whois 43/tcp nicname
(Antonio Yanez Izquierdo) Basic TCP/IP networking 32 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
tcpwrappers
inetd andtcpwrappers inSolaris
/etc/inetd.conf
This file associates the service name to the programactually providing the service
The format for one line of this file is
service_name socket_type protocol wait/nowait user.group program args
The line for the telnetd program would look like this
telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd
(Antonio Yanez Izquierdo) Basic TCP/IP networking 33 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
tcpwrappers
inetd andtcpwrappers inSolaris
/etc/inetd.conf
As lines started with the # are treated as comments, wecan disable one service, by simply comenting out thecorresponding line
Example of the telnetd service disabled
#telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd
(Antonio Yanez Izquierdo) Basic TCP/IP networking 34 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
tcpwrappers
inetd andtcpwrappers inSolaris
tcpwrappers
An aditional layer can be placed between inetd and theserver program to perform access control based on hostname, network address or ident queries
This layer is usally called tcpwrappers or, by the name ofthe program, tcpd.
the program tcpd gets called by inetd and receives theserver to start as a parametertcpd checks its configuration files to see if the access mustbe granted or deniedin case the access is granted tcpd starts the serverprogram supplied as parameter
the corresponding line for ths telnetd server usingtcpwrappers would look like this
telnet stream tcp nowait telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd
(Antonio Yanez Izquierdo) Basic TCP/IP networking 35 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
tcpwrappers
inetd andtcpwrappers inSolaris
tcpwrappers
the configuration for the tcpwrappers resides in the files/etc/hosts.allow and /etc/hosts.deny
the manual page hosts access documents the use ofthese files
Access will be granted when a (daemon,client) pairmatches an entry in the /etc/hosts.allow file.Otherwise, access will be denied when a (daemon,client)pair matches an entry in the /etc/hosts.deny file.Otherwise, access will be granted.
(Antonio Yanez Izquierdo) Basic TCP/IP networking 36 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
tcpwrappers
inetd andtcpwrappers inSolaris
inetd and tcpwrappers in Solaris
Starting with Solaris 10, the inetd services have beenintegrated in the smf (Sevices Managemnent Facility)mainframe
The file /etc/inetd.conf exists on the system but anychanges made to it do not change the system behaviour
If we add a service to /etc/inetd.conf, we can convertinto a smf manifest to me managed by smf using thecommand inetconv
After that, the service can be managed using thecommands svcadm and inetadm
tcpwrappers can also be activated for all or some of theinetd services as a property of inetd
(Antonio Yanez Izquierdo) Basic TCP/IP networking 37 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
tcpwrappers
inetd andtcpwrappers inSolaris
inetd and tcpwrappers in Solaris
to see inetd properties
# svcprop inetd
# inetadm -p
to list the services managed through inetd
# inetadm
to list an inetd service
# inetadm -l servce_name
to enable or disable an inetd service
# inetadm -e|-d service_name
services can also be disabled with svcadm
(Antonio Yanez Izquierdo) Basic TCP/IP networking 38 / 39
Basic TCP/IPnetworking
Basic networkconfiguration
Routes
Networkinterfacealiasing
inetdconfiguration
tcpwrappers
inetd andtcpwrappers inSolaris
inetd and tcpwrappers in Solaris
tcp wrapers is treated as a property of inetd so, to enableit we must modify that property of inetd
# inetadm -M tcp_wrappers=TRUE
tcp wrapers can be enabled on a per service basismodifying just the property of that service. For example toenable the host access control ONLY for the telnet servicewe’d do
# inetadm -M tcp_wrappers=FALSE
to disable tcp wrappers. And then to enable tcp wrappersfor the telnet service
# inetadm -m telnet tcp_wrappers=FALSE
(Antonio Yanez Izquierdo) Basic TCP/IP networking 39 / 39