the linux operating system lecture 4: tcp/ip, networking and networked services tonga institute of...
TRANSCRIPT
The Linux Operating System
Lecture 4:
TCP/IP, Networking and Networked
Services
Tonga Institute of Higher Education
Networking● Since Linux was built for the Internet and
networking, it works extremely well as a computer connected to other computers
● Entire books have been written about Linux Networking with TCP/IP so we will try to cover just the basics, enough to get your computer on the internet and working with other computers.
● The first thing to know about is TCP/IP. This is the protocol that all applications that use networking will use. It's the way data is sent over a network. The idea behind TCP/IP is to send data broken up into little packets. These packets then are sent out into the network. If one is lost or gets corrupted, it is easy to resend them.
Networking Review● If everything is built on TCP/IP that means that all
computers will follow the same protocol for sending and getting data over a network.
● The specifics of these protocols require that each computer on a network have an IP address, which is a number that looks something like (192.168.0.1). Four number that go from 0-255 with dots in between. This is how other computers can find each over a network, by using an IP address.
● There are two ways to get an IP address. You can either use a static IP address or a dynamic IP address. Static means that you put in the IP number yourself. Dynamic means that you will get your IP address from a server (this is also called DHCP)
Networking Review● After you have an IP address, your IP address will
connect to the address that is built into your ethernet card (called a MAC address). So when other computers send data to an IP address it will find the right ethernet card to send it to.
● After awhile, people got tired of always typing in IP numbers, so they made names, called domain names, that made it easier for people to remember how to access computers. For awhile, these lists of IP numbers and their domain names were just kept in a regular file, but when the Internet started to grow very fast, people needed a faster way to lookup IP and domain names, so they invented DNS (domain name service) which is a program that looks up IP address and their domain names.
Networking Review● So once a computer is on a network with an IP address
it will want to connect to other computers using things like a webserver or FTP server or telnet server.
● A computer will run these programs (like a telnet server or webserver) and they will sit on a computer and wait until another computer tries to connect to it.
● Because most computers only have one ethernet card and one IP address, people needed a way for many programs to be available over the network at the same time, so they made these things called 'ports'. Ports are like places for different programs to listen on. So when you send data to a computer, you have to tell it what IP address and what port to send the data to. A computer can have thousands of different ports
Networking Review● So the port for a webserver is usually port 80.
That means when you go to a webpage, you are sending data that says 'give me this webpage' to some IP address to port 80. Ports allow many networked services run on a computer at the same time.
● Most computers will usually have quite a few services running that have opened different ports on a computer
● Network services on a Linux computer will act just like the services in the /etc/init.d folder, except there is a more sophisticated way to control them
Networking in Linux● To connect to a network, we'll just be
talking about ethernet, as it is the most common form of a network today.
● In Linux, the ethernet card is described as eth0. The zero is because it will be for the first ethernet card. If you have another one installed, it will be called eth1. So whenever you eth0 it means the first ethernet card and the way that you are connecting to the network
Configuration files● /etc/resolv.conf - resolver configuration file
– domain domain.com – your domain name – search name-of-domain.com - Name of your
domain or ISP's domain if using their name server
– nameserver XXX.XXX.XXX.XXX - IP address of primary name server
– nameserver XXX.XXX.XXX.XXX - IP address of secondary name server
● This configures Linux so that it knows which DNS server will be resolving domain names into IP addresses. If using DHCP is used, this will automatically be sent to you by the ISP and loaded into this file as part of the DHCP protocol. If using a static IP address, then you'll have to fill it in yourself
Changing network files● Like everything else in Linux, network
settings are determined by values that are stored in different files on the system. You can either edit these files directly, or use different configuration programs to help you out. One configuration program is 'netconfig'. There are also other ones that you can find when you login to the graphical Linux
● So we can better understand how networking is all set up, we'll look at how the files are made and how we can edit them to change values.
Configuration Files● /etc/hosts - locally resolve node names to IP
addresses– 127.0.0.1 localhost hostname– XXX.XXX.XXX.XXX different-hostname
● This file will keep a list of host-name to IP address matching. So if you look up a hostname, it will check this file to see if the correct IP address is in it.
● This was used before DNS was invented. It will still serve a lot of purposes though where DNS is not used or if your server is not running a DNS server.
● Note that your computer can have as many names as you want. Just make sure you use the same IP and put in different names. Your computer will then respond to all the names you call it.
Setting your IP address● The easy way to change your IP address is to
use one of the configuration programs that come with the distribution. To change it the difficult way though we'll use the command line
● The command 'ifconfig' will tell you all about your networking currently, but it will also let you reset your IP address.
● ifconfig eth0 192.168.0.4 netmask 255.255.255.0 broadcast 192.168.0.255
● The first option, 'eth0' says this is for the first ethernet card. The next is the IP address you are assigning to that ethernet card. The next two fields are the netmask and broadcast
Netmask and Broadcast● The netmask number, which usually looks like
255.255.255.0, is used to determine whether a message goes to a machine that is on the same subnet as the machine that sends the message. This means that if all your computers on your network start with 192.168.0.x, where x changes (from 0-255), then your netmask will be 255.255.255.0 because messages will only get sent to the last part of the network number.
● A broadcast number is used to talk to all computers or hosts on your LAN at the same time
● The function of the broadcast IP number is to make sure that all hosts that are supposed to be listening are and that the broadcast is not passed to the entire Internet creating havoc. The broadcast number for the number 129.100.27.44 would be 129.100.27.255, allowing the broadcast to reach all the hosts on net 27 but no other nets.
Changing the hostname● When you did the install of the system, you were
asked for what the hostname of the computer would be. If you wanted to change this name now, you can use the command 'hostname', like– [root@comp root]# hostname new-name
● Then you would open the file /etc/sysconfig/network where a few network setting are saved and change the field that says hostname to your new name.
● You also have to make sure you /etc/hosts file is changed and updated with your new hostname
● The next time you restart your computer the new hostname will take effect
Making your Linux computer into a router
● You can even use Linux to act as a router for you, forwarding all the requests on a network into the Internet for example
● To set this, use the following command– echo 1 > /proc/sys/net/ipv4/ip_forward
● This will turn on forwarding in the system and other computers will now be able to use the Linux computer as a router
● The command echo will output '1' into the file called ip_forward. That means it will enable it.
Programs to look at your network
● There are a lot of programs that will help you understand what is happening in your network. We'll go over a few of them
● Turn on networking on your computer (in case you made a change)– [root@comp root]# service network start
● Show the IP routing table (the path that packets will take on their destination)– [root@comp root]# route -e
● # netstat - Display connections, routing tables, stats etc
– List externally connected processes: netstat -punta
– List all connected processes: netstat -nap– Show network statistics: netstat -s
Programs to look at your network● ping - send packets to see if a computer is on
– [root@comp root]# ping 192.168.0.1● traceroute - print the route packets take to network
host– [root@comp root]# traceroute google.com
● mtr - Like traceroute, except gives more information.– [root@comp root]# mtr google.com
● finger - Display information on a system user. – [root@comp root]# finger root@localhost
● tcpdump – a list of all network traffic– [root@comp root]# tcpdump
● nslookup - Give a host name and it returns the IP address. – [root@comp root]# nslookup google.com
Networked Services● Just like the services that run during startup from
the /etc/rc.d/ folder, there are networked services that run at startup and will listen on different ports for incoming connections
● On RedHat these are called xinet.d services, short for Extended Internet Services Daemon. We control them a little differently, and they are easier to setup
● The network listening daemons listen and respond to all network socket connections made on the TCP/IP ports assigned to it. The ports are defined by the file /etc/services. When a connection is made, the listener will attempt to invoke the assigned program and pipe the data to it. This simplified matters by allowing the assigned program to read from stdin instead of making its own sockets connection. The listener hadles the network socket connection.
/etc/services
● /etc/services is the file that contains a list of all possible programs and the ports that they use.
● When data comes in on a specific port it will look inside this file to find out where it should go and what service runs to handle that data
● One example:– smtp 25/tcp mail
● This says the services smtp runs on port 25 and uses the TCP protocol. The last field is an alias, meaning that another name for that port is mail
Xinet.d● The extended services (xinet.d) work much like init.d,
in that files will specify which programs start up and which do not. The file for xinet.d though are all standard. That means they will all have the same form.
● We can control the way these programs operate through these files, and also through the chkconfig program
● To see all services (xinet.d and init.d), use the command
[root@comp root]# chkconfig --list● To turn a xinet.d service on or off use
[root@comp root]# chkconfig service on/off
xinet.d files● The xinet.d files all use the format like below
service service-name
{
attribute assignment-operator value value ...
}
● Where attribute can be any of the following:– disable=yes / no – turn the service on or off– socket_type=stream / dgram / raw – tells what type of
protocol it uses– user – will tell the program what user to run the program
as– Server – the path to the program that will run this service– only_from – allows you to limit who uses this service by IP
address– port – the port that the service will run on
Example xinet.dservice telnet
{
socket_type = stream
user = root
server = /usr/etc/in.telnetd
port = 23
}
● So this is the service for telnet.
● It says the socket type is stream which means it uses tcp/ip
● It runs as the root user
● The program that will run the server is at /usr/etc/in.telnetd
● It uses port 23
xinet.d exampleservice imap
{
socket_type = stream
wait = no
user = root
server = /usr/sbin/imapd
log_on_success += HOST DURATION
log_on_failure += HOST
}
● This is the service for imap (email). It has some new attributes, like wait, which says if the program uses threads
● Log on success will say what to do if the person is successful in logging in. Same for log on failure.
Service● If you have made changes to a program and
just need to restart the service, it is better to use a program called “service”
● Service will just start, shutdown or restart a program using the startup scripts
● For example, if you made a change to sendmail,
– [root@comp root]# service sendmail restart
● Or if you wanted to turn of imap because of a problem
– [root@comp root]# service imap stop
ICMP and UDP● ICMP is a type of protocol used for sending
data over networks, much like TCP/IP.● It used mostly with pinging a computer and
with tracing routes of packets● UDP is another type of protocol that's used
for sending data. It is not as popular as TCP/IP and it does not carry as much information as TCP/IP does.
● The difference is that it is connectionless, which means that it does not require to know if the host got the message. It just sends data and hope that it gets the stuff
Living with Windows● A lot of times you'll have a Linux
computer on a network with Windows computers and you'll want to share files
● There has been an effort to make this as easy as possible and to do it, you use a program called 'samba' and 'smb' shares.
● We will try to cover briefly the steps to set it up and make it so it will run well enough on a system
Samba● Most Linux distributions will allow you
to install Samba with the system. You should always choose to install Samba
● Once it is installed, you'll need to change the configuration file to get it to work with your network
● The file is usually located at /etc/samba/smb.conf, but if it's not there you can try a 'locate smb.conf' and it will find where it is.
Global settings in smb.conf● You'll want to look for the lines like this
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = MYGROUP
# server string is the equivalent of the NT Description field
server string = Server description
● The workgroup setting will be the domain or the windows workgroup you will want the computer a part of
● The server-string is the description that will be displayed to other computers when they are browsing through the network, so you should make this something that will stand out
Passwords● You'll also want to change the following lines
below
; encrypt passwords = yes
; smb passwd file = /etc/samba/smbpasswd
● If you remove the semi-colon before the lines that will 'uncomment' the lines or turn them on.
● What this will do is make the share folder available to Windows 98 and above. Before Win98, plain text passwords were used, but after, Windows started using encrypted passwords, so for SAMBA to work with newer versions of Windows you should use encryption. (It's also safer)
Share Definitions● Now you need to edit the smb.conf file so that
you are sharing one or more directories.● To give access to users home directories who
use the same username on windows and linux, you'll want to change the following
[homes]
comment = Home Directories
browseable = yes
writable = yes● And then you need to make sure you add the
user to your samba password file, which you can do with the program 'smbpasswd', like– [root@comp root]# smbpasswd -a user1
Running the daemons● A daemon, in terms of programs, is just a program that runs
in the background. That means you don't see what it is doing.
● The samba daemon needs to be running now to make the drives shareable over Linux
● Since it is a service that runs on the computer, you can use the command we used on the xinet.d services,
– [root@comp root]# service smb start● This should start up the daemons that run the samba server
and you should be able to access the Linux share folders you have made over the network from a Windows computer
● If your system was not set up to use Samba as a service though, you can start the daemons yourself with the following commands
– [root@comp root]# smbd -D– [root@comp root]# nmbd -D
Summary● Linux computers were built to take
advantage of the network, thus it's important to have an idea about how it works.
● Once you have the basic understanding of network protocols and how Linux deals with services and daemons, then it is simple to expand that knowledge to new programs and services
● This section should give you a decent idea of how to get your computer on a network and doing some of the things you need.