1 Network Administration ITA3564 Leung Hung 25958118 [email protected].
-
Upload
stewart-richards -
Category
Documents
-
view
216 -
download
0
Transcript of 1 Network Administration ITA3564 Leung Hung 25958118 [email protected].
2
Module Rationale /Aims
To introduce the basic concepts of internetworking architecture and protocol
To introduce the basic concepts of computer system and network administration
To develop basic skills for network server administration
3
Learning Objectives
Students will be able to: install and maintain computer networks; understand network protocols and network services architecture; demonstrate the knowledge and skills of network administration
through practical exercises; build and use the Samba server in a mixed environment; to set up and configure Dynamic Host Configuration Protocol,
Domain Name System (DNS), Network File System (NFS), and SAMBA
Note:Platform : CentOS 5.3Download site: ftp.cuhk.hk
4
Assessment (Proposed)
Continues Assessment 50% Quizs 10% Tests
• Written(x2) 30%
• Skill-based 10%
Final Examination 50%
5
Pre-requisites
You should understand how to use of basic Linux commands (e.g. cd, ls, useradd, userdel, pwd …)
the functions of system configuration files • (e.g. /etc/passwd, /etc/group …)
how to configure your network card • (e.g. IP address, DNS, default gateway, host name)
use of vi editor (to edit configuration files) shell scripts (simple)
6
Teaching Materials
Lecture Notes Tutorials Lab Exercises Recommended Textbook
Craig Hunt, TCP/IP Network Administration, 3rd edition, O'Reilly & Associates, 2002.
Evi Nemeth; Linux Administration Handbook; Prentice Hall PTR, 2004. Scott Mann; Linux TCP/IP Network Administration; Prentice Hall PTR;
2002. Nemth E, Snyder G, Seebass G and Hein T H; UNIX System
Administration 3rd Edition; Addison Wesley, 2000.
Useful site:http://linux.vbird.org/
9
Packet Encapsulation The data is sent down the protocol stack Each layer adds to the data by prepending headers
22Bytes20Bytes20Bytes 4Bytes64 to 1500 Bytes
10
IP: Internet Protocol
Unreliable … connectionless datagram delivery service
Responsible for routing of data through intermediate networks and computers
11
IP Routing
Routing Table- Destination IP address - IP address of a next-hop router - Flags - Network interface specification
Application
Transport
Network
Link
Application
Transport
Network
Link
Network
Link
Source Destination
Router
12
ICMP : Internet Control Message Protocol
ICMP, Internet Control Message Protocol, is a set format that contains packets that show error, control, and informational messages.
Used to report problems with delivery of IP Datagrams within an IP network
Used by ping, tracerout commands
13
TCP : Transmission Control Protocol
Connection-Oriented, Reliable, Byte Stream Service TCP guarantees delivery of data and also guarantees that
packets will be delivered in the same order in which they were sent.
ProtocolSet up connection1. Transfer data2. Close connection
14
UDP: User Datagram Protocol
UDP, a connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network.
15
IP Address (IPv4)
IP address – 32 bits Format: X.X.X.X (X ranged from 0 to 255)
e.g. 192.168.1.2 5 Classes of IP Address
Class A Class B Class C Class D (Multicast) Class E (Experimental purpose)
16
IP Address Classes
ww xx yy zz
Class A Network IDNetwork IDNetwork IDNetwork ID Host IDHost ID
Class B Network IDNetwork IDNetwork IDNetwork ID Host IDHost ID
Class C Network IDNetwork IDNetwork IDNetwork ID Host IDHost ID
18
Subnets
RouterRouter
Subnet 1 Subnet 2
1111 2222
HubHub HubHub
Network ID:192.168.11.0
Subnet Mask: 255.255.255.0
Network ID:192.168.110.0
Subnet Mask: 255.255.255.0
19
Subnet Masks
IPAddress 10.50.100.10.50.100.10.50.100.10.50.100. 200200SubnetMask 255.255.255.255.255.255.255.255.255.255.255.255. 00NetworkID 10.50.100.10.50.100.10.50.100.10.50.100. 00
20
Available Host IDs
Number of Host IDs : 2n - 2
Subnet Mask
N
Network IDNetwork IDNetwork IDNetwork ID Host IDHost ID1111 11 111111 11 111111 11 111111 000 0 000000 000 0
21
Network Configuration in Linux
The basic steps are: Assign an IP address and hostname Setup the new host to configure its network
interfaces at boot time Setup a default route and perhaps fancier routing Point to a DNS name server, to allow access to
the rest of Internet
22
How to configure IP address
Edit the configure file /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
TYPE=Ethernet
IPADDR=192.168.10.1
NETMASK=255.255.255.0
GATEWAY=192.168.10.254
23
How to configure hostname
Edit configuration file /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=linuxserver
24
How to configure DNS
Edit the configuration file /etc/resolv.conf
nameserver 192.168.1.110
nameserver 202.110.100.100
Note:
Domain Name Service (DNS) is the service used to convert human readable names (e.g. www.yahoo.com) of hosts to IP addresses (e.g. 209.131.36.158).
25
Different types of Network Services
Web Server FTP Server DNS Server Mail Server (SMTP, POP3, IMAP) NIS/NFS Server (Share drive between Linux) Samba Server (Share drive with Windows OS) Dynamic Host Configuration Protocol (DHCP) Server SSH (Remote Access with encryption) Telnet (Remote Access) Proxy Server (Squid) Firewall (IPTABLES)
26
Port Number
A port number is a way to distinguish one TCP/IP service from another at a given IP address.
This way one server machine can provide many different services without conflicts among the incoming and outgoing data.
For the TCP/IP services, a port number is a 16-bit integer (1 ~ 65535).
e.g. Web Server (Port 80), Telnet Server (Port 23)…
27
Well-known port number
You may refer to the following web site for well-known port number http://www.iana.org/assignments/port-numbers
Port Description
20 FTP -- Data
21 FTP -- Control
22 SSH Remote Login Protocol
23 Telnet
25 Simple Mail Transfer Protocol (SMTP)
53 Domain Name System (DNS)
80 HTTP (Web)
110 POP3
443 HTTPS
28
Configure Domain Name Service (DNS)
To configure a machine as a DNS client, you only need to edit: /etc/resolv.conf
nameserver 203.186.89.168
/etc/nsswitch.conf - “service switch” file that determines which mechanisms will be used to resolve hostname-to-IP-address mappings
• Specify the order in which DNS, NIS (NIS+) and /etc/hosts should be consulted
32
Network Services
/etc/services Standard services such as email, FTP … all associate
themselves with “well-known” ports defined in this file
ftp 21/tcpftp 21/udpssh 22/tcp # SSH Remote Login Protocolssh 22/udp # SSH Remote Login Protocoltelnet 23/tcptelnet 23/udp
33
xinetd (daemon)
The xinetd daemon (a program running in background) is a TCP wrapped super service which controls access to a subset of popular network services including FTP, IMAP, and Telnet. Extended Internet Services Daemon Accept client request from Internet Redirect to corresponding service
It also provides service-specific configuration options for access control, enhanced logging, binding, redirection, and resource utilization control.
34
xinetd (Cont)
The configuration files for xinetd are as follows: /etc/xinetd.conf — The global xinetd
configuration file /etc/xinetd.d/ directory — The directory
containing all service-specific files Restart the service
/etc/rc.d/init.d/xinetd restartOr service xinetd restart
35
How xinetd works
When a client host attempts to connect to a network service controlled by xinetd, the super service receives the request and checks for any TCP wrappers access control rules.
If access is allowed, xinetd verifies that the connection is allowed under its own access rules for that service and that the service is not consuming more than its allocated amount of resources or in breach of any defined rules.
It then starts an instance of the requested service and passes control of the connection to it. Once the connection is established, xinetd does not interfere further with communication between the client host and the server.
36
xinetd Configuration File
General configuration settings which effect every service under xinetd's control
It is read once when the xinetd service is started
defaults{ instances = 60 log_type = SYSLOG authpriv log_on_success = HOST PID log_on_failure = HOST cps = 25 30}includedir /etc/xinetd.d
37
xinetd Configuration Files Parameters
instances — Sets the maximum number of requests xinetd can handle at once.
log_type — Configures xinetd to use the authpriv log facility, which writes log entries to the /var/log/secure file
log_on_success — Configures xinetd to log if the connection is successful
log_on_failure — Configures xinetd to log if there is a connection failure or if the connection is not allowed
38
xinetd Configuration Files Parameters (Cont)
cps — Configures xinetd to allow no more than 25 connections per second to any given service. . If this limit is reached, the service is retired for 30 seconds.
includedir /etc/xinetd.d/ — Includes options declared in the service-specific configuration files located in the /etc/xinetd.d/ directory
39
The /etc/xinetd.d/ Directory
Contains the configuration files for each service managed by xinetd and the names of the files correlate to the service
The format of files in the /etc/xinetd.d/ directory use the same conventions as /etc/xinetd.conf. The primary reason the configuration for each service is stored in separate file is to make customization easier and less likely to effect other services
40
Example - telnet
/etc/xinetd.d/telnet
service telnet{ flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = yes}
41
/etc/xinetd.d/ Configuration Files Parameters
service — Defines the service name, usually to match a service listed in the /etc/services file.
flags — Sets any of a number of attributes for the connection. REUSE instructs xinetd to reuse the socket for a Telnet connection.
socket_type — Sets the network socket type to stream. wait — Defines whether the service is single-threaded (yes) or
multi-threaded (no). user — Defines what user ID the process process will run under. server — Defines the binary executable to be launched. log_on_failure — Defines logging parameters for log_on_failure
in addition to those already defined in xinetd.conf. disable — Defines whether or not the service is active.
42
/etc/hosts.allow and /etc/hosts.deny
Using TCP wrappers to manage access to certain network services
Any network services managed by xinetd can use TCP wrappers to manage access
xinetd can use the /etc/hosts.allow and /etc/hosts.deny files to configure access to system services
hosts.allow - a list of rules that allow clients to access the network services controlled by xinetd
hosts.deny - rules to deny access
43
/etc/hosts.allow and /etc/hosts.deny Flowchart
/etc/hosts.allow
/etc/hosts.deny
Allow
Notspecify
Client Request
Deny
Not specify
Reject Connection
Redirect Service
Redirect Service
44
Configure Network Interfaces (using ifconfig command)
ifconfig command enables or disables a network interface (or using ifup / ifdown)
sets its IP address and subnet mask sets various other options and parameters e.g.ifconfig eth0 192.168.10.1 netmask 255.255.255.0
45
Configure Static Routes / Default Gateway
route command Defines static routes, explicit routing table entries that never
change e.g.route add -net 192.168.10.0 netmask 255.255.255.0 gw
192.168.100.254
Default Gateway Causes all packets whose destination network is not found in
the kernel’s routing table to be sent to the indicated gateway e.g.
• route add default gw 172.20.0.1
46
Static Route and Dynamic Route
A static route is a route that is created manually by a network administrator.
The opposite of a static route is a dynamic route. Dynamic routes are created by routing protocols.
47
Dynamic Reconfiguration and Tuning
Linux put a representation of kernel and networking parameters that can be tuned into the /proc filesystem
The important networking variables are in /proc/sys/net/ipv4
48
IPv4 IPv4 is version 4 of the Internet Protocol (IP). It was the first
version of the Internet Protocol to be widely deployed, and forms the basis for most of the current Internet (as of 2004).
It is described in IETF RFC 791, which was first published in September, 1981.
IPv4 uses 32-bit addresses, limiting it to 4294967296 unique addresses, many of which are reserved for special purposes such as local networks or multicast addresses, reducing the number of addresses that can be allocated as public Internet addresses.
As the number of addresses available is consumed, an IPv4 address shortage appears to be inevitable in the long run.
49
IPv6
IPv6, or Internet Protocol version 6, is a network layer standard; i.e., it governs the addressing and routing of data packets through a network.
IPv6 is intended to replace the IPv4 standard, whose limits on network addresses will eventually lead to exhaustion of available addresses..
IPv4 supports 4,294,967,296 (4.294 × 109) addresses, inadequate for giving even one address to every living person, much less cars, phones, PDAs, and toasters; while IPv6 supports about 3.4 × 1038 (340 undecillion) addresses -- about 4.3 × 1020 (430 quintillion) addresses per square inch (6.7 × 1017 (670 quadrillion) addresses/mm²) of the Earth's surface.