[eBook] SmoothWall Basic TCP-IP Networking Guide

SmoothWall Basic TCP/IP Networking Guide – 2nd Edition

SmoothWall Basic TCP/IP NetworkingSmoothWall Basic TCP/IP NetworkingSmoothWall Basic TCP/IP NetworkingSmoothWall Basic TCP/IP NetworkingGuideGuideGuideGuide

Edited by: Guy C. Reynolds

Rights & Disclaimers


Rights & DisclaimersRights & DisclaimersRights & DisclaimersRights & DisclaimersSmoothWall is a trademark of Richard Morrell and Lawrence Manning

SmoothWall is published under the GNU General Public Licence for more information please visit ourwebsite at http://www.smoothwall.org.

©Copyright 2001. This work is copyrighted by SmoothWall. You may copy it in whole or in part as long asthe copies retain this copyright statement.

The information contained within this document may change from one version to the next.

All programs and details contained within this document have been created to the best of our knowledge andtested carefully. However, errors cannot be completely ruled out. Therefore SmoothWall does not expressany guarantees for errors within this document or consequent damage arising from the availability,performance or use of this material.

The use of names in general use, names of firms, trade names etc. in this document, even without specialnotation, does not imply that such names can be considered as ‘free’ in terms of trademark legislation andthat they can be used by anyone.

All trade names are used without a guarantee of free usage and might be registered trademarks. As ageneral rule, SmoothWall adheres to the notation of the manufacturer. Other products mentioned here couldbe trademarks of the respective manufacturer.

2nd Edition September 2001

Editor Guy C. Reynolds

http://www.smoothwall.org/


SmoothWall Basic TCP/IP NetworkingSmoothWall Basic TCP/IP NetworkingSmoothWall Basic TCP/IP NetworkingSmoothWall Basic TCP/IP NetworkingGuideGuideGuideGuide

ContentsContentsContentsContentsRights & Disclaimers ...................................................................................................... 2Contents......................................................................................................................... 3

Introduction ................................................................................................................. 4Networking principles ..................................................................................................... 5

What is a network?...................................................................................................... 5Hardware..................................................................................................................... 5Protocol....................................................................................................................... 5

IP networking.................................................................................................................. 6What are IP and TCP/IP? ............................................................................................ 6IP addresses and notation........................................................................................... 6Connecting IP networks............................................................................................... 7Network addresses...................................................................................................... 8Bridges, gateways, routers, and firewalls..................................................................... 8Example IP networks..................................................................................................10Translation of real names to IP addresses – hosts and DNS......................................12Dynamic and static addressing...................................................................................13Network address translation. ......................................................................................14Ports...........................................................................................................................14

Basic network troubleshooting .......................................................................................16Checking a network connection - ping and traceroute ................................................16Checking a service - telnet .........................................................................................18

Further Reading.............................................................................................................20The Linux Network Administrator’s Guide, ..............................................................20A variety of books published by O’Reilly,.................................................................20The Internet FAQ Consortium, ................................................................................20

Introduction


IntroductionThis document is designed to introduce non-expert users (particularly those with little orno previous networking experience) to some of the terminology and principles that it isuseful to understand when itcomes to dealing with not just a private network ofcomputers, but also the larger interconnected series of networks that comprise theInternet.Topics that will be discussed in some detail are listed below - the information included inthis document should be sufficient to enable secure configuration of a SmoothWallsystem, and hence ensure that the private network that is subsequently connected to theInternet remains just that - private and secure. If you already know the principles ofnetworking and how to configure an IP-based network you will find much of the followinginformation redundant.

Networking Principles


Networking principlesNetworking principlesNetworking principlesNetworking principlesTo best discuss networking, and TCP/IP networking in particular, it is perhaps best totake a step back from the details and to briefly consider what a network is, and how it allworks, which is the intent of this first section.

What is a network?The answer to that is most easily described (in the context of a network of personalcomputers) by stating that a computer network is a number of interconnected computersystems, each able to communicate with one another, and to move and share databetween individual systems, often known as nodes.In order to be able to communicate between different, independent computer systems,there has to be an underlying common mechanism in place so that each system canboth “talk” and “listen” to other systems. This mechanism can be viewed as a number ofparts:

HardwareThe system (for the remainder of this document it is assumed, unless stated otherwise,that the system in question will be a PC) has to be able to communicate with the rest ofnetwork. This can be by means of a piece of cable, infrared or radio waves, or by someother format that is suited to the rest of the network. So that this becomes possible thePC has to be able to communicate at a very basic level with the hardware that providesthe interface to the network - this is normally by means of a piece of software called adriver which provides the necessary code to permit communication.

ProtocolOnce a PC has been attached to the network it is necessary to have some form ofcommon method of communication, or disparate nodes will be unable to understand thecommunications passing between them on the network. As an analogy, if you happen tobe fluent in English, French, and German, but end up in the middle of China, yourlanguage skills will not be of much use to you unless you can also find an interpreter whospeaks a common language to yourself.There are a number of protocols that have been, and still are, used in computer networksystems, but we shall only concentrate on IP in this document. Note that the principles ofnetworking still apply in most cases - only the specifics actually change with the network.Once a driver has been installed (so that the PC can communicate with the networkinterface) a protocol is loaded to allow pieces of data (known as packets) to be sent andreceived across the network to and from other systems. In this case the protocol is IP,and normally TCP/IP.

IP Networking


IP networkingIP networkingIP networkingIP networking

What are IP and TCP/IP?IP (Internet Protocol) is the standard (or protocol) by which independent remote nodescommunicate with each other across the Internet - it is the foundation upon which theentire Internet is built, and without it there would be no Internet as we know it today. IP isin effect a common “language” by which networked computers can communicate withone another.There are, of course, other network protocols that have been specifically designed for anumber of other purposes, but these are typically found only in closed private networksthat do not communicate with other external systems, and as such, are not relevant tothis discussion and so will not be covered. Although in general the same basic principlesof networking are adhered to in these types of networks, not everything will be the samefor non-IP based networks.There are two additional standard protocols that control exactly how the data traversingnetworks using the IP protocol is sent and received - these are known as UDP (UserDatagram Protocol) and TCP (Transmission Control Protocol), but there is norequirement to know the specific details of either. As might be guessed from the name,TCP offers a more control over the sending and receiving of data than UDP doesbecause it has some means of error checking built in to the specifications of the protocolitself. A network that is using the TCP protocol to control the flow of data over anunderlying IP protocol is referred to as a TCP/IP network.

IP addresses and notationThe first thing to be aware of is how IP-enabled machines are labelled. Every individualsystem reachable on the Internet has a unique reference by which it can be addressed.These references are numerical in nature, although there are systems designed toenable a more human-readable form to be used, which are then subsequently translatedto the computer-friendly numeric format. Systems of this sort will be discussed brieflylater in section Example IP networks. Each Internet-visible system has what is referredto as an IP address, which is also referred to as a ”dotted quad”. The reason for thisnomenclature becomes obvious when the numerical format of the address is examined -each IP address consists of a set of four numbers, each separated by a dot or full-stop -for example - 111.22.33.44. Each of the individual numbers ranges from 0 to 255, whichallows potentially 4,294,967,296 unique addresses to exist.However, some of these addresses are reserved for use in specific ways that relate tohow the networking protocol itself actually works, and consequently are not available foruse. Suffice it to say that there are still a large number of addresses available for use orIP networking would not be especially useful.In order that no two systems choose to use the same address a central database ismaintained, and allocation of addresses for use by individual systems is controlled fromthis. Your ISP will have been allocated a series of addresses to use, a subset of whichare passed onto you in turn. The ISP handles the secondary allocation to you of some ofits own allocation of addresses (known as address space), and you then choose whichof your systems will be given each of these allocated addresses. Provided that no

IP Networking


duplication occurs each of your systems will then have a unique address by which it canbe identified.As mentioned above, there are a number of addresses, or ranges of numbers, that havebeen reserved for specific purposes. One of these very purposes is to allow privatenetworks to use the IP networking system, as it is considered reliable and has a numberof features that make it a useful protocol to implement. The least of these is perhaps therelative ease that private IP-based networks can be subsequently connected to other IP-based networks such as the Internet. Hence there are certain ranges of addresses thatshould only be used as part of a private network. These are listed below, with a briefdescription.

10.X.Y.Z where X, Y and Z is each in the range 0-255. This is the Class Aprivate network range. Use this sort of address if you have aprivate network of upwards of 1.6 million systems to address.

172.16.X.Y to where X and Y is each in the range 0-255. This is the series ofClass B private 172.31.X.Y network ranges, which each allow over65,000 different addresses to be assigned.

192.168.X.Y where X and Y is each in the range 0-255. These are a range of256 (0-255, as determined by the value of X) Class C privatenetwork addresses, which each allow over 250 differentaddresses.

For smaller private networks it is conventional to use addresses in the 192.168.X.Yranges, and unless there is a need to service larger networks this is a sensibleconvention to adhere to.Now that there exists a means of allocating individual IP addresses to systems on yourprivate network all that remains to do is to begin the process of giving your systemsunique addresses.There are some features of the standard IP protocol that mean that an IP-based networkcannot use the entire range of the address space. There are a variety of methods thatcan be used to either sub-divide IP networks into smaller, more manageable, chunks, orto combine a number of smaller networks that use different addresses into a larger,extended network. These methods take up a small number of addresses in theirimplementation - the price to be paid for using a very flexible networking protocol.It is perhaps easiest to understand some of the terms used by means of examples, anda variety of sample network layouts including these details are discussed in sectionExample IP networks below.

Connecting IP networksIn order that a number of networks can be connected together to allow data to pass fromone to another there needs to be a means to allow the connection of networks withdifferent addresses. The way this is achieved is to use a system known as a gateway,which is simply the term for the point of connection between different networks.By means of devices known as routers, data sent from one network for a system withinanother network can be seamlessly passed from one network to another. Each routercontains a series of rules that relate to the addresses of known networked systems, andeach piece (or packet) of data that passes through them is checked against this ruleset

IP Networking


and sent, or routed, appropriately. A gateway and a router perform similar functions, witha router usually having a more complex set of rules to contend with.Each router or gateway is configured with a set of rules that determine where networkdata, or traffic, is to be sent. Note that it is not necessary for each individual router orgateway to know about the existence of every other network in the world, but rather justthe local ones that it manages network traffic for. Instead, upstream of the router therewill be a system that has been designated in the router’s ruleset as possessing moreinformation about remote networks. The initial route that is taken for any trafficdesignated for an unknown remote network destination is for it to be passed upstream tothe next router. In turn, this upstream router will have information about where to forwardthe packet of data, whether that is to a known network local to itself, or to pass it onagain to its upstream router. Since each and every packet of IP traffic containsinformation about where it originated from, and where it is being sent to, in addition tothe message data itself, packets can easily be routed across a number of differentnetworks to reach their final destination. In addition, using the TCP protocol means thatpackets need not necessarily be received in the same order that they were sent, so if aproblem in routing the network traffic occurs, an alternative route can be used insteadand the data reassembled at the final destination into the correct order of transmission.It is evident that such a network system is not only robust and very able to deal with anyfailures or other issues on a temporary basis, yet still allows a great degree of flexibility.These are features that have made IP networks the primary choice for most

Network addressesIn order that a network can be found it is assigned what is called the network address. Itis fairly common practise for the gateway into a network to be the next highest numericalIP address from the network address, but this is by no means necessary. Beyond that,the highest numerical IP address is reserved for the broadcast address of the network,and everything else in between is left up to you to assign to your individual systems.Most network administrators, particularly those in charge of large networks, have a set ofrules by which they assign IP addresses, and perhaps the most common of these is toreserve a number of addresses at the lower end of the range for use by servers, and forworkstations to use the higher end of the address range, although this is merelyconvention.There is a process known as subnetting a network that allows you to split a range ofaddresses into a series of sub-networks for a variety of reasons. In order to do this, thereis a mechanism that prevents traffic from one sub-network from reaching another, unlessit passes through a specific router or gateway, and this is called the network mask, ornetmask. If you have a reason for subnetting your network then you should already knowabout netmasks and how they operate, and since a discussion of such is beyond theintended scope of this document, readers who are interested in pursuing this furthershould consult the list of further reading at the end of this document.

Bridges, gateways, routers, and firewalls.It is important to note that an IP address does not necessarily refer to a single node, butrather to a network interface that is present on such a system. In this way it is possible tohave multiple IP addresses that exist on a single computer system in its entirety, buteach individual IP address relates to individual interfaces as parts of that system.

IP Networking


Therefore, it is possible to allocate a different IP address to each of two network cardsthat are part of the same PC, or to have a third IP address allocated to a dial-up modemor ISDN interface that is also connected to the same system. In such a configuration,each network interface could have an address that is part of a different network, and assuch, the PC would be connected to three networks.A system that has multiple different addresses and sits between multiple differentnetworks can be described in a number of ways, depending on precisely what function itperforms. If the sole purpose is to connect two different networks together, and to allowsystems on one network to communicate with those on the other network, the dual-interfaced system is acting as what is known as a bridge as it spans the gap betweentwo different networks or network segments. In effect, a bridge is just a dumb router witha single rule - allow traffic from network A to reach network B, and vice versa - it simplyroutes traffic from one area of the network to another without analysing any of the trafficthat passes through it.A more complicated set of rules will turn this same system from being a simple bridgebetween two networks into a router or gateway system instead. A router containsinformation about where to redirect network traffic by analysing the structure of theindividual data packets, noting their destination, and forwarding them to the relevantlocation according to the configuration of the currently installed ruleset. There is little realdifference between a gateway and a router beyond than the fact that a gateway isnormally used to provide the sole point of egress (or route) from one network to another,and a router can potentially control more than one route between different networks.Similarly, by investigating the data packets passing from the network through a gatewayor router, it is possible to restrict and control certain types of network traffic, or to re-routecertain types of traffic to a alternative location on the network. Studying the network dataand applying a set of rules that determine the fate of each packet is the realm of afirewall.The most concise definition of a firewall (in a networking sense) is a system that is usedto control network traffic. A firewall will monitor each network packet that passes throughit and, depending on the ruleset that has been configured will apply a series of rules tothat packet. Being able to block, redirect, or otherwise restrict certain types of networktraffic from reaching a network is the first stage in securing and protecting that network. Itis possible to picture a firewall as a security guard that inspects each visitor to a buildingto determine if they have authority to be let in or not.Normally a network firewall is used as a filter - by reading information from the packets ofdata it is possible to determine where the data comes from, where it is being sent, andwhat service is being requested. Any or all of this information can be used to control thetypes of network traffic that you wish to allow into your private network. The firewall canbe configured to accept each individual packet, return it to the originating address, orsimply eradicate it completely, and it can operate as a filter on both sides of the system,blocking incoming as well as outbound traffic.There are two schools of thought on firewall implementation - the first is to “accepteverything, and then block that which is undesired”, and the second to “deny everything,and then accept that which is desired”. While the first can afford your network someprotection, there is always the chance that something you were not previously aware ofcan inadvertently get into your network. Taking the second stance means that unlessyou expressly allow that type of traffic the only traffic coming in to the network will be of atype that you are already aware of, which greatly reduces the risk of a security incident.

IP Networking


The vast majority of firewalls, SmoothWall included, are of the second school of design.These two types of firewall design are like the security guard that either allows youaccess to the guarded building unless you are on a list of undesirables, or prevents youfrom entering unless you are already on a list of acceptable people. It is obvious to seethat the second school of design is inherently more secure.

Example IP networksTo illustrate and clarify the points discussed above it is perhaps useful to discuss a smallnumber of example networks. To begin with we shall look at a very simple network, andthen move towards slightly more complex situations.The first example shows a simple closed network of four PCs using one of the privateranges of IP address – the 192.168.1.X network. Each PC has a unique name and IPaddress, and since all addresses are within the same network address range each PC isvisible across the network from each other.In this environment, with no gateway machine, the network address would be192.168.1.0, and the broadcast address 192.168.1.255. The basic netmask would be255.255.255.0.

Figure 1: A simple private TCP/IP network system

The hosts table for each PC on this network would look something like this:

Fred 192.168.1.10Barney 192.168.1.20Wilma 192.168.1.30Betty 192.168.1.40

Extending the complexity of this network environment a little, by adding a bridge with twoIP addresses, it becomes possible to join this network to a second private network thatuses a different range of IP addresses – in this case, the 192.168.2.X network range.Hence the details of the two networks are as follows:

Network A(192.168.1.X) Network B (192.168.2.X)Network Address 192.168.1.0 192.168.2.0Broadcast Address 192.168.1.255 192.168.2.255Gateway Address 192.168.1.1 192.168.2.1Netmask 255.255.255.0 255.255.255.0

IP Networking


The hosts file on each system would look something like this:

Bedrock 192.168.1.1Fred 192.168.1.10Barney 192.168.1.20Wilma 192.168.1.30Betty 192.168.1.40Looney 192.168.2.1Bugs 192.168.2.10Daffy 192.168.2.20Elmer 192.168.2.30Porky 192.168.2.40

Figuur 2: Connecting two private TCP/IP networks through a bridge.

The third example network involves the connection of a private network to the Internetthrough a gateway system, using an IP address on the Internet-facing side of thegateway that has been supplied by an ISP.

IP Networking


Figuur 3: Connecting a private TCP/IP network to the Internet

In this case the network details will be as follows – a network address of 192.168.1.0, abroadcast address of 192.168.1.255, a netmask of 255.255.255.0, and a gatewayaddress of 192.168.1.1. The gateway will be configured to pass data packets from the192.168.1.0 network to the network relating to the address allocated by the ISP.In this example, the gateway system could be a router, a simple gateway, or a firewall,but the most likely case is a system that is part of each – a firewalled gateway systemthat protects the private network behind it from the Internet outside.The hosts table for this network would be similar to that of the first example, with theaddition of the following two entries:

Bedrock-int 192.168.1.1Bedrock-ext ISP assigned address

Translation of real names to IP addresses – hosts and DNSFor a computer system the natural language to communicate in is numerical, and this iswhy the series of addresses available for IP-based networks are based on the dottedquad format - each part of the quad is a number that can be expressed as an eight digitbinary number. However, the human brain is far better at recalling names than numbers,and so a human-friendly means of referring to networked systems exists. As an analogy,it is possible that you could give out your address as a map grid reference rather than asa house number and streetname, but it would then be more difficult to find your house.Since the postal service does not usually operate on grid references, your grid referencewould need to be translated back to a house and streetname before any mail could bedelivered.A translation of human-friendly (and hopefully more memorable) names to theappropriate numerical IP addresses can be achieved by means of a file that simplycontains nothing more than a list of names and their IP addresses. This file is known asthe hosts file as each networked system can be referred to as a host, since it hosts avariety of network services that you may which to use.The structure of this hosts file is very simple - the IP address of the system, followed bya space (or series of spaces), and then the name of the system. More space(s) and anyother name (or alias) which refers to the system may also follow this, but this is not

IP Networking


necessary. The hosts file is stored in a specific location on each PC so that the systemcan refer to it when it becomes necessary to translate a name to its numeric address.On a PC running Microsoft Windows 95/8 the file is simply called hosts and can be foundin the Windows directory, normally found at C:\Windows. On Windows NT or 2000, thehosts file can instead be found in C:\WinNT\System32\drivers\etc directory (or theequivalent, if you have Windows installed in a different location). On a Unix-basedsystem the file can be found at /etc/hosts, and on a Macintosh system the hosts file cannormally be found in System Folder/Preferences.So that any new systems on the network can be found by each of the existing nodes thehosts file on each computer has to remain identical and in sync with each other. As thesize and complexity of the network grows, maintaining a hosts file for each and everysystem on the network becomes a time-consuming and increasingly error-prone task.Fortunately, though, there is a way around this. By maintaining a single central file thatall other systems can refer to, any new additions to the network can be accounted for ina single place and you can be assured that any changes or updates to this file will thenbe available across the network so that each node becomes aware of the most currentand up to date network configuration. In order to centralise all the information about yournetwork you will need to operate a DNS (domain name service) server, which serves thepurpose of an address book for the network. Again, the scope of this document is notintended to cover the setup and maintenance of a DNS system, but interested readersshould look at the section on Further Reading at the end of this document.A DNS server is considered to be the definitive (and authoritative) source of knowledgefor the network that it contains information about. When a host system on the networkwishes to find another node’s IP address so that it can send data to it, it will issue a DNSquery to the local DNS server. The DNS server then looks up the information and returnsthe IP address in question to the original host, which can then use this information toconnect to the relevant service on the network. When asked by a host system forinformation about systems on other networks that the DNS server has no definitivesource for, the DNS server itself will request this information from a more knowledgeablesource that resides upstream from it. This occurs in a similar fashion to routers thatforward network packets for remote systems to other upstream routers that are externalto the local network to handle. As such, a hierarchical tree-like structure is built up, withindividual servers not always having the necessary information immediately to hand, butknowing where to ask to find out.

Dynamic and static addressingThere is another means of allocating addresses to networked systems, which ties in wellwith DNS. This method is called DHCP, and is a protocol that allows a machine that hascurrently got no IP address assigned to request to borrow (or lease) an IP address froma central system (the DHCP server). The DHCP server maintains a set of IP addressesfor this purpose – a short-term loan - analogous to a lending library loaning out books.As with the library, it is necessary to record what has been borrowed, and by which PC,but also to reclaim unused loans. There is nothing to stop a machine from receiving adifferent address each time it requests one - depending on the size of the pool ofavailable addresses the chances of getting the same address can vary greatly.So that a machine can be used and referred to by a human-friendly name, a DHCPserver has strong ties to the DNS service. Each system on a network has a uniquename, allocated to it upon setting up the network, and the DHCP server records both the

IP Networking


unique name and the address that has been leased in a similar manner to that which aDNS server allocates addresses. Note that the addresses recorded by a DNS system donot change without manual intervention and are commonly referred to as static IPaddresses, but those allocated by a DHCP server can easily be different from one hourto the next, depending on the length of time that the lease is valid for, and hence arereferred to as dynamic IP addresses.

Network address translation.As has been noted above, a system can have more than one IP network address, witheach address being associated (or bound) to a specific network interface. Internal privatenetworks are normally given addresses in the ranges specially reserved for thesepurposes. However, these addresses are not reachable from systems outside the privatenetwork with “real” IP addresses, since all intervening routers and gateways are pre-programmed to know that addresses in the private network ranges do not really existand hence are not valid for use as external systems.In order that systems on a private network that use addresses in the reserved rangescan access systems beyond the network gateway some means of passing data back tothe internal address must be implemented. The means by which this is achieved is aprocess called network address translation, or NAT. NAT allows packets originally from asystem on the inside of the network that pass through the gateway to the outside worldto be re-written by the gateway such that they appear to originate from the gatewaysystem’s externally-facing (and “real”) address instead. When the requested data returnsto the gateway machine the packets are re-written once again with the correctinformation so that the originating internal machine receives the data as if it had passedbetween the two systems directly.This seamless translation also adds an additional layer of protection to your privatenetwork, as there is no way from the outside to reach any systems behind the NATgateway. Anybody who attempts to determine the addresses of systems in your networkwill only come up with the address of the gateway system as the originating IP address,and if that system has a series of firewalling rules in place there is little that can beactually attacked.

PortsData is passed from the originating system to the destination system by the mostappropriate route, depending on the IP address that is contained within the structure ofthe packet itself. However, once the packet has arrived at the correct destination, how isthe data contained within that packet transmitted to the correct application running on thedestination system? The answer to this lies in the use of something known as ports.Each network application or service has its own port that it uses for communication. Ifthe IP address can be thought of as the postal address of a block of flats, the port is thecorrect front door to use for deliveries for a specific flat within that block.When a network service starts up on a server it attaches (or binds) itself to a specific portand then “listens” out on the network for any incoming requests for that particularservice. Ports number from 0 to 65535, with the first 1024 (0-1023) being reserved (orrestricted) for use by particular services. Ports with a number above 1023 are termedunrestricted (or unprivileged) ports.

IP Networking


In the same way that IP network packets contain information about the source anddestination IP address, they also contain information about the source and destinationport. The source (or local) port is frequently just an unused unprivileged port on thesystem that the packet originated from - an unprivileged port is used to ensure that thereare no conflicts with any services that may be running on this system. The destinationport is the port that the data is aiming for when it connects to the relevant service on thedestination system.When the remote system receives the data packet it confirms receipt by simply swappingthe source and destination IP address and port numbers, so that the destination port ofthis new packet is the same as the local port on the initial originating system.In the event that several simultaneous connections to the same service are initiated bythe same local system, the differences in the local source port numbers enables thecorrect data to be passed back from the destination service. The reversal of portnumbers ensures that the combination of both source and destination ports remainsuniquely identifiable.Since a specific service runs on a known port it therefore become possible to connect a“dummy” port forwarding service to a given port, and then redirect the traffic that is sentto that address and port combination to an alternative address/port combination. It isalso possible to run an alternative service and then redirect network traffic as appropriate- such a system is known either as a proxy or port forwarder, depending on exactly whathappens to the traffic. By seamlessly redirecting traffic from one address/port toanother it is possible to not only centralise services, but also to provide additionalsecurity.

Basic network troubleshooting


Basic network troubleshootingBasic network troubleshootingBasic network troubleshootingBasic network troubleshootingOne of the difficulties with a complex arrangement of many different systems such as atypical computer network is actually finding the root cause of any problems that mayoccur - there are simply so many variables that could potentially go wrong. Experiencednetwork administrators will recount tales of the strangest of problematic occurrences, butthese are rare enough that they are unlikely to ever be an issue.The newcomer to networking, though, may well be overwhelmed with the number ofplaces where things can go wrong, so this is a brief guide to detecting the location ofmost common problems, and to hopefully offer advice on how to fix them.Unless otherwise specified, all the basic network analysis tools that are used fordiagnosis of a problem are run from a command line. Although there are graphicalinterfaces to most of these, these graphical tools are not always available whereas thecommand line tools will be present in the vast majority of cases.To reach a command line from a Windows machine, call up an MS-DOS prompt from theStart menu, by selecting the Run... menu option and entering command into the prompt.This will start a text-based console that can be used to enter commands into. Simplytype the relevant command and press the Enter key. When you have finished with theconsole window just type exit to quit the console application. This procedure will work onWindows 95, NT4 or later. On a Unix-based system simply use the regular console orxterm as normal. For other systems access the command prompt in the normal fashion.

Checking a network connection - ping and tracerouteIf a machine appears to be unavailable or is not responding to requests that are madeover the network, there are a number of common faults.The most common problem is a typing error, so check that you are using the correctname for the remote machine and try again. If this fails, try using the numeric IP addressf the system rather than the human-friendly name, as you may be experiencing aproblem with resolving the name, rather than the remote system actually having anetwork problem. If using the IP address rather then the name works, the conclusion thatis drawn is that the error lies within the resolution of the name - this could be a problemwith either a DNS server, or your hosts files.If the correct IP address fails to respond, then it is possible that the network connectionon the remote machine has failed for some reason. The easiest way to determine if thereis network connectivity is to ping the machine. The ping command sends a series of datapackets to the address that you are trying to reach. If the destination is valid, and theconnection is live and working, you will get a response back that includes the time takenfor the packet to travel the round trip.The command syntax to use is ping <destination address>, where <destination address>is the name or IP address of the remote system.On a Windows system this command generates four sequential packets, but on a Unix-based system the ping command continues generating packets until stopped by pressingCtrl-C. In a circumstance where you have a degree of delay across a network, or areexperiencing other network problems, four ping packets may not be sufficient to detectthe true status of the network connection. In this case use the ping command with the -t



command switch - ping -t <destination address> - this will generate ping packets untilstopped by pressing Ctrl-C.

Figure 4: A successful ping command

If the network connection of the destination system is operating successfully you will geta series of packets sent back, but if you get an error message then you have determinedthat there is a genuine fault with the network.

Figure 5: An unsuccessful ping command

If the connection is dead the next thing to do is to find the cause of the problem and fix it.The next tool to use in this investigation is traceroute - a tool that maps out the pathtaken from the local PC to the remote system.On a Windows 95/98 PC the command to use is tracert <destination address>; onWindows NT/2000 and on Unix-based systems the command syntax is traceroute<destination address>.This command will illustrate the route taken as a series of hops from one network systemto another in an attempt to reach the requested destination. Note that if you havedifficulties with name resolution you may wish to use the numeric IP addresses ratherthan resolving the names. In this case use the -n command line switch on a Unix system,



or -d on a Windows system – tracert –d <destination address> or traceroute –n<destination address>.The output of the traceroute command will show you where any delays or failures on thepath across the network are occurring, which gives you a better chance to locate thesource of the problem.If a live network connection is not detectable, and the output of the traceroute commandreveals that the problem lies within your range of network addresses the chances arethat there is something you can do about it. If the problem lies beyond your networkthere is not a great deal that you can do beyond trying again at a later stage –fluctuations in network services do occur, but are normally temporary in nature.

Figure 6: the traceroute command

A good next step is to try these same tests from a different network location in case theproblem is localised to a single section of the network.The most common problem to encounter is a physical one - a cable with a loose endmay have dropped out of a network card or hub, a cable may have been stepped on orconstricted in some way that prevents the flow of data, or a network card or connectormay have pulled loose from a laptop computer. All of these problems, while often timeconsuming to track down the precise location, are straightforward to fix.More esoteric problems occur with decreasing frequency - experience suggests that thevast majority of networking problems occurring in a small to medium network result froma cable or network card failure. Keeping a spare network card available that has beenpreviously tested, and known to be good, to swap for a suspect card is a good practiceto get into the habit of. If you can standardise on the type of network cards used acrossyour network then you will be able to swap out a suspect card with great ease, as thenecessary network card drivers will already be in place.

Checking a service - telnetIf the network itself appears to be fine because you can ping or traceroute to the suspectmachine, but the service in question is proving problematical, the most likely causes area mis-configuration problem on either the server or client systems. You can check if aservice is running on a given port by using telnet.



The command telnet <destination address> <port> will attempt to connect to the serviceon the specified port. If you obtain a response of some form the chances are the serviceis running successfully, but if not, the problem is likely to lie on the server itself.These suggestions and guidelines above should assist in troubleshooting the majority ofnetworking problems. If in doubt, especially on Windows systems where the networkingcode is known to be occasionally quite unstable, there are few additional problems to becaused in rebooting the system. Be sure to try and shut down the system cleanly first,rather than just pressing the reset switch, but 4 times out of 5 if there is an obscurenetworking problem a reboot will miraculously fix it.

Figure 7 – Failing to connect to a service with telnet.

Further Reading


Further ReadingFurther ReadingFurther ReadingFurther Reading

As the scope of this document is to prove both a basic understanding into the area ofTCP/IP networking and some advice on troubleshooting such a network when problemsoccur, there is much in the way of advanced topics that have not been covered. Forthose readers who wish to discover more about the subjects of networking and networkservices, the following list will provide some useful starting points.

The Linux Network Administrator’s Guide,available at http://www.linuxdoc.org/guide.htmlA good, somewhat in-depth, guide to a variety of networking and network servicesrunning on a Linux system. The information on TCP/IP networking is worthwhile reading,even if you are not actually using Linux.

A variety of books published by O’Reilly,found at http://www.ora.com/O’Reilly guides are among the best there are, with detailed and readable explanations ofthe subject matter.TCP/IP Network Administration, 2nd Edition. Craig Hunt, ISBN 1-56592-322-7Windows NT TCP/IP Network Administration. Craig Hunt, Robert Bruce Thompson,ISBN 1-56592-377-4Networking Personal Computers with TCP/IP. Craig Hunt, ISBN 1-56592-123-2

The Internet FAQ Consortium,at http://www.faqs.org/ contains a variety of FAQs, the RFC documents that detail all theprotocols and services found on the Internet, and a lot more besides.

FinallySearching the web with a search engine such as Google, found athttp://www.google.com/ will turn up a lot of information – one thing the web has plenty ofis information about the way the Internet works.

http://www.linuxdoc.org/guide.html

http://www.ora.com/

http://www.faqs.org/

http://www.google.com/

[eBook] SmoothWall Basic TCP-IP Networking Guide

Documents

Transcript of [eBook] SmoothWall Basic TCP-IP Networking Guide