NETWORK

ADMINISTRATI
SUB CODE: KS_C_FC-592
9TH SEM M.SC. (CA & IT)

ON
 • NETWORK
INTERFACES
• NETWORK
MANAGEMENT
CONFIGURATI
UNIT 2: ON
• CONFIGURATI
ON DHCP
• CONFIGURATI
ON DNS
• FTP SERVICES
  Network Interfaces and Routes: ifconfig
and route:
 Your connection to a network is made by
your system through a particular hardware
interface, such as an Ethernet card or a
NETWORK modem.
INTERFACES  Data passing through this interface is then
routed to your network.
 The ifconfig command configures your
network interfaces, and the route command
sets up network connections accordingly.
  Every time you start your system, the
network interfaces and their routes must be
established.
 This is done automatically for you when
NETWORK
you boot up by ifconfig and route
INTERFACES
commands executed for each interface by
the /etc/rc.d/init.d/network initialization
file, which is executed whenever you start
your system.
  If you are manually adding your own
NETWORK interfaces, you must set up the network
INTERFACES script to perform the ifconfig and route
operations for your new interfaces.
  Ifconfig: The ifconfig command takes as its
arguments the name of an interface and an
IP address, as well as options.
 The ifconfig command then assigns the IP
address to the interface.
NETWORK
 Your system now knows that such an
INTERFACES
interface exists and that it references a
particular IP address.
 Inaddition, you can specify whether the IP
address is a host address or a network
address.
  The syntax for the ifconfig command is as
follows:
# ifconfig interface -
NETWORK host_net_flag address options
INTERFACES
 Inthe next example, the ifconfig command
configures an Ethernet interface:
# ifconfig eth0 192.168.0.1
 NETWORK
INTERFACES
  Routing:
 A packet that is part of a transmission takes
a certain route to reach its destination.
 On a large network, packets are transmitted
NETWORK from one computer to another until the
INTERFACES destination computer is reached.
 The route determines where the process
starts and to what computer your system
needs to send the packet for it to reach its
destination.
  On small networks, routing may be static—
that is, the route from one system to another
is fixed. One system knows how to reach
another, moving through fixed paths.
 On larger networks and on the Internet,
NETWORK
however, routing is dynamic. Your system
INTERFACES
knows the first computer to send its packet
off to, and then that computer takes the
packet from there, passing it on to another
computer, which then determines where to
pass it on.
  Static routing, however, can become
complex because you have to keep track of
all the network connections.
NETWORK
 Your routes are listed in your routing table
INTERFACES
in the /proc/net/route file. To
display the routing table, enter route with
no arguments.
  Static routing, however, can become
complex because you have to keep track of
all the network connections.
NETWORK
 Your routes are listed in your routing table
INTERFACES
in the /proc/net/route file. To
display the routing table, enter route with
no arguments.
  Static routing, however, can become
complex because you have to keep track of
all the network connections.
NETWORK
 Your routes are listed in your routing table
INTERFACES
in the /proc/net/route file. To
display the routing table, enter route with
no arguments.
  With the add argument, you can add routes
either for networks with the -net option or
with the –host option for IP interfaces
NETWORK (hosts).
INTERFACES  Thefollowing example is the routing of an
Ethernet interface:
#route add 192.168.1.2 dev eth0
  You can delete any route you establish by
invoking ifconfig with the del argument and
NETWORK the IP address of that route, as in this
INTERFACES example:
# route del 192.168.1.2
  Dynamic Host Configuration Protocol
NETWORK (DHCP) is a network protocol that
automatically assigns TCP/IP information
MANAGEMENT
to client machines.
CONFIGURATION
 Each DHCP client connects to the centrally
:
located DHCP server, which returns the
CONFIGURATION network configuration (including the IP
DHCP address, gateway, and DNS servers) of that
client
  WHY USE DHCP?
 DHCP is useful for automatic configuration
NETWORK
of client network interfaces.
MANAGEMENT
 When configuring the client system, you
CONFIGURATION
can choose DHCP instead of specifying an
:
IP address, netmask, gateway, or DNS
CONFIGURATION servers.
DHCP  The client retrieves this information from
the DHCP server.
  WHY USE DHCP?
NETWORK
 DHCP is also useful if you want to change
MANAGEMENT
the IP addresses of a large number of
CONFIGURATION
systems.
:
 Instead of reconfiguring all the systems,
CONFIGURATION
you can just edit one configuration file on
DHCP the server for the new set of IP addresses.
  Many networks now provide either IPv6
autoconfiguration or the DHCP (Dynamic
NETWORK Host Configuration Protocol) service,
MANAGEMENT which automatically provides network
CONFIGURATION configuration.
:  Autoconfiguration can be either stateless, as
CONFIGURATION (IPv6), or stateful (DHCP).
DHCP  Stateless IPv6 autoconfiguration requires
no independent server or source to connect
to a network. (Plug-and-Play ).
  DCHP is an older method that requires a
separate server to manage and assign all
NETWORK addresses.
MANAGEMENT  With the DHCP protocol, an administrator
CONFIGURATION uses a pool of IP addresses from which the
: administrator can assign an IP address to a
CONFIGURATION host as needed.
DHCP  If your network is configuring your systems
with DHCP, you will not have to configure
it.
  There are currently two versions of DHCP,
one for the original IPv4 protocol and
NETWORK
another, known as DHCPv6, for the IPv6
MANAGEMENT protocol.
CONFIGURATION  The IPv6 protocol includes information for
: dynamic configuration that the IPv4
CONFIGURATION protocol lacks.
DHCP  Inthis respect, the IPv4 protocol is much
more dependent on DHCP than IPv6 is.
  CONFIGURING A DHCPV4 SERVER:
 First, install the package as the superuser:
NETWORK # yum install dhcp
MANAGEMENT  Installing the dhcp package creates a file,
CONFIGURATION /etc/dhcp/dhcpd.conf, which is merely an
: empty configuration file:
CONFIGURATION # cat /etc/dhcp/dhcpd.conf
DHCP # DHCP ServerConfigurationfile.
#see/usr/share/doc/dhcp*/
dhcpd.conf.sample
  Configuration File
 The first step in configuring a DHCP server
is to create the configuration file that stores
NETWORK
the network information for the clients.
MANAGEMENT
 Use this file to declare options and global
CONFIGURATION
options for client systems.
:
 There are two types of statements in the
CONFIGURATION
configuration file:
DHCP
 Parameters — State how to perform a task,
whether to perform a task, or what network
configuration options to send to the client.
 NETWORK
MANAGEMENT  Declarations — Describe the topology of
CONFIGURATION the network, describe the clients, provide
: addresses for the clients, or apply a group
CONFIGURATION of parameters to a group of declarations.
DHCP
  The parameters that start with the keyword
NETWORK
option are referred to as options.
MANAGEMENT
 Parameters (including options) declared
CONFIGURATION
before a section enclosed in curly brackets
: ({ }) are considered global parameters.
CONFIGURATION  Global parameters apply to all the sections
DHCP below it.
 NETWORK  IMPORTANT
MANAGEMENT
 If the configuration file is changed, the
CONFIGURATION
changes do not take effect until the DHCP
: daemon is restarted with the command
CONFIGURATION
service dhcpd restart
DHCP
 Example: Subnet Declaration

NETWORK
MANAGEMENT
CONFIGURATION
:
CONFIGURATION
DHCP
  In Example, “Subnet Declaration”, the
routers, subnet-mask, domain-search,
NETWORK domain-nameservers, and time-offset
options are used for any host statements
MANAGEMENT
declared below it.
CONFIGURATION
 For every subnet which will be served, and
:
for every subnet to which the DHCP server
CONFIGURATION is connected, there must be one subnet
DHCP declaration, which tells the DHCP daemon
how to recognize that an address is on that
subnet.
 NETWORK
 In this example, there are global options for
MANAGEMENT
every DHCP client in the subnet and a
CONFIGURATION range declared.
:  Clients are assigned an IP address within
CONFIGURATION the range.
DHCP
  Toassign an IP address to a client based on
the MAC address of the network interface
NETWORK card, use the hardware ethernet parameter
MANAGEMENT within a host declaration.
CONFIGURATION  As demonstrated in Example “Static IP
: Address Using DHCP”, the host apex
CONFIGURATION declaration specifies that the network
DHCP interface card with the MAC address
00:A0:78:8E:9E:AA always receives the IP
address 192.168.1.4.
 Example: Static IP Address Using DHCP

NETWORK
MANAGEMENT
CONFIGURATION
:
CONFIGURATION
DHCP
  All subnets that share the same physical
NETWORK
network should be declared within a shared-
MANAGEMENT
network declaration as shown in Example
CONFIGURATION “Shared-network Declaration”.
:  Parameters within the sharednetwork, but
CONFIGURATION outside the enclosed subnet declarations,
DHCP are considered to be global parameters.
 Example: Shared-network Declaration

NETWORK
MANAGEMENT
CONFIGURATION
:
CONFIGURATION
DHCP
 NETWORK
MANAGEMENT
CONFIGURATION
:
CONFIGURATION
DHCP
 NETWORK
MANAGEMENT
CONFIGURATION
:
CONFIGURATION
DHCP
  Domain Name Service (DNS)
 Each computer connected to a TCP/IP
NETWORK
network, such as the Internet, is identified
MANAGEMENT
by its own IP address.
CONFIGURATION
 IP addresses are difficult to remember, so a
:
domain name version of each IP address is
CONFIGURATION also used to identify a host.
DNS A domain name consists of two parts, the
hostname and the domain.
  The hostname is the computer’s specific
name, and the domain identifies the
NETWORK
network of which the computer is a part.
MANAGEMENT
 For example, .edu is used for educational
CONFIGURATION
institutions and .com is used for businesses.
:
 International domains usually have
CONFIGURATION
extensions that indicate the country they are
DNS located in, such as .de for Germany or .au
for Australia.
  Thecombination of a hostname, domain,
and extension forms a unique name by
NETWORK
which a computer can be referenced.
MANAGEMENT
 You can use a hostname to reference a
CONFIGURATION
computer on a network, but this involves
: using the hostname to look up the
CONFIGURATION corresponding IP address in a database.
DNS  The network then uses the IP address, not
the hostname, to access the computer.
  Before the advent of large TCP/IP
NETWORK networks, such as the Internet, it was
feasible for each computer on a network to
MANAGEMENT
maintain a file with a list of all the
CONFIGURATION hostnames and IP addresses of the
: computers connected on its network.
CONFIGURATION  Whenever a hostname was used, it was
DNS looked up in this file and the corresponding
IP address was located.
  As networks became larger, it became
impractical and impossible for each
computer to maintain its own list of all the
NETWORK domain names and IP addresses.
MANAGEMENT  Toprovide the service of translating domain
CONFIGURATION addresses to IP addresses, databases of
: domain names were developed and placed
CONFIGURATION on their own servers.
DNS  Tofind the IP address of a domain name,
you send a query to a name server, which
then looks up the IP address for you and
sends it back.
  Ifyou are administering a network and you
need to set up a name server for it, you can
configure a Linux system to operate as a
NETWORK
name server.
MANAGEMENT
 To do so, you must start up a name server
CONFIGURATION
daemon and then wait for domain name
: queries.
CONFIGURATION  The name server software used on Linux
DNS systems is the Berkeley Internet Name
Domain (BIND) server distributed by the
Internet Software Consortium (isc.org).
  Name servers are queried by resolvers.
 These are programs specially designed to
NETWORK obtain addresses from name servers.
MANAGEMENT  Touse domain names on your system, you
CONFIGURATION must configure your own resolver.
:  Your local resolver is configured with
CONFIGURATION your /etc/host.conf and /etc/resolv.conf
DNS files.
 You can use /etc/nsswitch in place of
/etc/host.conf
  host.conf
 Your host.conf file lists resolver options.
NETWORK  The options tell the resolver what services
MANAGEMENT to use.
CONFIGURATION  The order of the list is important.
:  The resolver begins with the first option
CONFIGURATION listed and moves on to the next ones in turn.
DNS  You can find the host.conf file in your /etc
directory, along with other configuration
files.
  In the next example of a host.conf file, the
NETWORK
order option instructs your resolver first to
MANAGEMENT
look up names in your local /etc/hosts file,
CONFIGURATION and then, if that fails, to query domain name
: servers.
CONFIGURATION  The system does not have multiple
DNS addresses.
 NETWORK
MANAGEMENT
CONFIGURATION
:
CONFIGURATION
DNS
 NETWORK
MANAGEMENT
CONFIGURATION
:
CONFIGURATION
DNS
  /etc/nsswitch.conf: Name Service Switch
NETWORK  Different functions in the standard C
MANAGEMENT Library must be configured to operate on
CONFIGURATION your Linux system.
:  For the GNU C Library 2.x, used on current
CONFIGURATION versions of Linux, this configuration is
DNS carried out by a scheme called the Name
Service Switch (NSS)
  The /etc/nsswitch.conf file holds entries for
the different configuration files that can be
NETWORK controlled by NSS.
MANAGEMENT  Anentry consists of two fields: the service
CONFIGURATION and the configuration specification.
:  The service consists of the configuration
CONFIGURATION file followed by a colon. The second field is
DNS the configuration specification for that file,
which holds instructions on how the lookup
procedure will work.
 NETWORK
MANAGEMENT  The following example will first check the
CONFIGURATION local /etc/password file and then NIS:
:
passwd: files nisplus
CONFIGURATION
DNS
  An action item specifies the action to take
for a specific service; it is placed within
brackets after a service.
NETWORK A configuration specification can list
MANAGEMENT several services, each with its own action
CONFIGURATION item.
:  In the following example, the entry for the
CONFIGURATION network file has a configuration
DNS specification that says to check the NIS and,
if not found, to check the /etc/protocols file:
protocols: nisplus
[NOTFOUND=return] files
  An action item consists of a status and an
NETWORK
action.
MANAGEMENT
 The status holds a possible result of a
CONFIGURATION
service lookup, and the action is the action
:
to take if the status is true. Currently, the
CONFIGURATION possible status values are SUCCESS,
DNS NOTFOUND, UNAVAIL, and TRYAGAIN
 NETWORK
MANAGEMENT
CONFIGURATION
:
CONFIGURATION
DNS
 NSS-Supported Files

NETWORK
MANAGEMENT
CONFIGURATION
:
CONFIGURATION
DNS
 NSS Configuration Services

NETWORK
MANAGEMENT
CONFIGURATION
:
CONFIGURATION
DNS
  FTP Servers
 FTP server software consists of an FTP
daemon and configuration files.
 The daemon is a program that continuously
FTP SERVICES checks for FTP requests from remote users.
 When a request is received, it manages a
login, sets up the connection to the
requested user account, and executes any
FTP commands the remote user sends.
  For anonymous FTP access, the FTP
daemon allows the remote user to log in to
the FTP account using anonymous or ftp as
FTP SERVICES the username.
 The user then has access to the directories
and files set up for the FTP account.
  As a further security measure, however, the
daemon changes the root directory for that
session to be the FTP home directory.
 Thishides the rest of the system from the
FTP SERVICES remote user.
A user logging in with anonymous FTP can
see only the FTP home directory and its
subdirectories.
  The remainder of the system is hidden from
that user.
 This effect is achieved by the chroot
FTP SERVICES
operation that literally changes the system
root directory for that user to that of the
FTP directory.
  Available Servers:
 SeveralFTP servers are available for use on
Linux systems.
FTP SERVICES  Three of the more common servers include
 Vsftpd
 Pureftpd
 proftpd.
  FTP Users
 Normal users with accounts on an FTP
server can gain full FTP access simply by
FTP SERVICES logging into their accounts.
 Users can also log in as anonymous users,
allowing anyone on the network or Internet to
access files on an FTP server.
  Anonymous FTP: vsftpd
 An anonymous FTP site is essentially a
special kind of user on your system with
publicly accessible directories and files in
FTP SERVICES its home directory.
 The anonymous FTP files and directories can
be configured in such a way that the rest of the
file system is hidden from them and remote
users are given only read access.
  You must also modify the entry for this
account in your /etc/passwd file to prevent
normal user access to it.
FTP SERVICES  The following is the entry you find in
your /etc/passwd file that sets up an FTP
login as an anonymous user:
ftp:x:14:50:FTP User:/var/ftp
 ftp:x:14:50:FTP User:/var/ftp:
 The x in the password field blocks the
account, which prevents any other users
from gaining access to it, thereby gaining
FTP SERVICES control over its files or access to other parts
of your system.
 Theuser ID, 14, is a unique ID. The
comment field is FTP User.
 The login directory is /var/ftp.
  Creating New FTP Users:
 Ifyou are creating virtual FTP hosts, you
will need to create an FTP user for each
one, along with its directories.
 For example, to create an FTP server for a
FTP SERVICES
host1-ftp host, you create a host1-ftp user
with its own directory.
useradd -d /var/host1-ftp host1-ftp
 This creates a user such as that described
here:

host1-ftp:x:14:50:FTP User:/var/host1-ftp:
  You also need to create the corresponding
home directory, /var/host1-ftp in this
example, and set its permissions to give
FTP SERVICES users restricted access.
mkdir /var/host1-ftp
chmod 755 /var/host1-ftp
  In addition, you need to make sure that the
root user owns the directory, not the new
FTP users.
FTP SERVICES  This gives control of the directory only to
the root user, not to any user that logs in.
chown root.root /var/host1-ftp
  The Very Secure FTP Server
 The Very Secure FTP Server (vsftpd) is
small, fast, easy, and secure.
 It is designed to -
FTP SERVICES  Avoid the overhead of large FTP server
applications like ProFTPD
 Maintaining a very high level of security.
 Handle a very large workload, managing
high traffic levels
  Running vsftpd
 The Very Secure FTP Server’s daemon is
named vsftpd.
FTP SERVICES
 It is designed to be run as a standalone
server, which can be started and stopped
using the /etc/rc.d/init.d/vsftpd server script.
  Configuring vsftpd
 You configure vsftpd using one
configuration file, vsftpd.conf.
 It is installed in the /etc or /etc
reference/etc/vsftpd directory.
 To run vsftpd as a standalone server, you set
FTP SERVICES the listen option to YES.
 Thus, it continually listen on its assigned
port for requests.
 You can specify the port it listens on with
the listen_port option.
listen=YES
  Enabling Login Access:
 Here, anonymous FTP is enabled by
assigning the YES value to the
anonymous_enable option.
 The local_enable option allows local users
FTP SERVICES on your system to use the FTP server.
# Allow anonymous FTP?
anonymous_enable=YES
# Uncomment this to allow local
# users to log in.
local_enable=YES
  Local User Permissions:
 If you want to allow local users to create,
rename, and delete files and directories on
FTP SERVICES their account, you have to enable write
access with the write_enable option.
write_enable=YES
 Configuration Options for vsftpd.conf

FTP SERVICES
 Configuration Options for vsftpd.conf ...(Cont.)

FTP SERVICES
  Anonymous User Permissions
 You can also allow anonymous users to
upload and delete files, as well as create or
remove directories.
FTP SERVICES  Uploading by anonymous users is enabled
with the anon_upload_enable option.
 To let anonymous users also rename or
delete their files, you set the
anon_other_write_enable option.
  Tolet them create directories, you set the
anon_mkdir_write_enable option.
FTP SERVICES anon_upload_enable=YES
anon_other_write_enable=YES
anon_mkdir_write_enable=YES