1

Network AdministrationITA3564

Leung Hung

25958118

hleung@vtc.edu.hk

2

Module Rationale /Aims

To introduce the basic concepts of internetworking architecture and protocol

To introduce the basic concepts of computer system and network administration

To develop basic skills for network server administration

3

Learning Objectives

Students will be able to: install and maintain computer networks; understand network protocols and network services architecture; demonstrate the knowledge and skills of network administration

through practical exercises; build and use the Samba server in a mixed environment; to set up and configure Dynamic Host Configuration Protocol,

Domain Name System (DNS), Network File System (NFS), and SAMBA

Note:Platform : CentOS 5.3Download site: ftp.cuhk.hk

4

Assessment (Proposed)

Continues Assessment 50% Quizs 10% Tests

• Written(x2) 30%

• Skill-based 10%

Final Examination 50%

5

Pre-requisites

You should understand how to use of basic Linux commands (e.g. cd, ls, useradd, userdel, pwd …)

the functions of system configuration files • (e.g. /etc/passwd, /etc/group …)

how to configure your network card • (e.g. IP address, DNS, default gateway, host name)

use of vi editor (to edit configuration files) shell scripts (simple)

6

Teaching Materials

Lecture Notes Tutorials Lab Exercises Recommended Textbook

Craig Hunt, TCP/IP Network Administration, 3rd edition, O'Reilly & Associates, 2002.

Evi Nemeth; Linux Administration Handbook; Prentice Hall PTR, 2004. Scott Mann; Linux TCP/IP Network Administration; Prentice Hall PTR;

2002. Nemth E, Snyder G, Seebass G and Hein T H; UNIX System

Administration 3rd Edition; Addison Wesley, 2000.

Useful site:http://linux.vbird.org/

7

Network Administration

Module 1

TCP/IP

8

OSI and Protocol Stack

9

Packet Encapsulation The data is sent down the protocol stack Each layer adds to the data by prepending headers

22Bytes20Bytes20Bytes 4Bytes64 to 1500 Bytes

10

IP: Internet Protocol

Unreliable … connectionless datagram delivery service

Responsible for routing of data through intermediate networks and computers

11

IP Routing

Routing Table- Destination IP address - IP address of a next-hop router - Flags - Network interface specification

Application

Transport

Network

Link

Application

Transport

Network

Link

Network

Link

Source Destination

Router

12

ICMP : Internet Control Message Protocol

ICMP, Internet Control Message Protocol, is a set format that contains packets that show error, control, and informational messages.

Used to report problems with delivery of IP Datagrams within an IP network

Used by ping, tracerout commands

13

TCP : Transmission Control Protocol

Connection-Oriented, Reliable, Byte Stream Service TCP guarantees delivery of data and also guarantees that

packets will be delivered in the same order in which they were sent.

ProtocolSet up connection1. Transfer data2. Close connection

14

UDP: User Datagram Protocol

UDP, a connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network.

15

IP Address (IPv4)

IP address – 32 bits Format: X.X.X.X (X ranged from 0 to 255)

e.g. 192.168.1.2 5 Classes of IP Address

Class A Class B Class C Class D (Multicast) Class E (Experimental purpose)

16

IP Address Classes

ww xx yy zz

Class A Network IDNetwork IDNetwork IDNetwork ID Host IDHost ID

Class B Network IDNetwork IDNetwork IDNetwork ID Host IDHost ID

Class C Network IDNetwork IDNetwork IDNetwork ID Host IDHost ID

17

Subnetting a Network

Subnets Subnet Masks Determining Local and Remote Hosts

18

Subnets

RouterRouter

Subnet 1 Subnet 2

1111 2222

HubHub HubHub

Network ID:192.168.11.0

Subnet Mask: 255.255.255.0

Network ID:192.168.110.0

Subnet Mask: 255.255.255.0

19

Subnet Masks

IPAddress 10.50.100.10.50.100.10.50.100.10.50.100. 200200SubnetMask 255.255.255.255.255.255.255.255.255.255.255.255. 00NetworkID 10.50.100.10.50.100.10.50.100.10.50.100. 00

20

Available Host IDs

Number of Host IDs : 2n - 2

Subnet Mask

N

Network IDNetwork IDNetwork IDNetwork ID Host IDHost ID1111 11 111111 11 111111 11 111111 000 0 000000 000 0

21

Network Configuration in Linux

The basic steps are: Assign an IP address and hostname Setup the new host to configure its network

interfaces at boot time Setup a default route and perhaps fancier routing Point to a DNS name server, to allow access to

the rest of Internet

22

How to configure IP address

Edit the configure file /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

BOOTPROTO=static

ONBOOT=yes

TYPE=Ethernet

IPADDR=192.168.10.1

NETMASK=255.255.255.0

GATEWAY=192.168.10.254

23

How to configure hostname

Edit configuration file /etc/sysconfig/network

NETWORKING=yes

HOSTNAME=linuxserver

24

How to configure DNS

Edit the configuration file /etc/resolv.conf

nameserver 192.168.1.110

nameserver 202.110.100.100

Note:

Domain Name Service (DNS) is the service used to convert human readable names (e.g. www.yahoo.com) of hosts to IP addresses (e.g. 209.131.36.158).

25

Different types of Network Services

Web Server FTP Server DNS Server Mail Server (SMTP, POP3, IMAP) NIS/NFS Server (Share drive between Linux) Samba Server (Share drive with Windows OS) Dynamic Host Configuration Protocol (DHCP) Server SSH (Remote Access with encryption) Telnet (Remote Access) Proxy Server (Squid) Firewall (IPTABLES)

26

Port Number

A port number is a way to distinguish one TCP/IP service from another at a given IP address.

This way one server machine can provide many different services without conflicts among the incoming and outgoing data.

For the TCP/IP services, a port number is a 16-bit integer (1 ~ 65535).

e.g. Web Server (Port 80), Telnet Server (Port 23)…

27

Well-known port number

You may refer to the following web site for well-known port number http://www.iana.org/assignments/port-numbers

Port Description

20 FTP -- Data

21 FTP -- Control

22 SSH Remote Login Protocol

23 Telnet

25 Simple Mail Transfer Protocol (SMTP)

53 Domain Name System (DNS)

80 HTTP (Web)

110 POP3

443 HTTPS

28

Configure Domain Name Service (DNS)

To configure a machine as a DNS client, you only need to edit: /etc/resolv.conf

nameserver 203.186.89.168

/etc/nsswitch.conf - “service switch” file that determines which mechanisms will be used to resolve hostname-to-IP-address mappings

• Specify the order in which DNS, NIS (NIS+) and /etc/hosts should be consulted

29

Scenario 1 (Same Network)

How machine A sends a packet to machine B.

30

Scenario 2 (Different Network)

How machine A sends a packet to machine B.

A

B

31

Network Administration

Module 2

Internet Services

32

Network Services

/etc/services Standard services such as email, FTP … all associate

themselves with “well-known” ports defined in this file

ftp 21/tcpftp 21/udpssh 22/tcp # SSH Remote Login Protocolssh 22/udp # SSH Remote Login Protocoltelnet 23/tcptelnet 23/udp

33

xinetd (daemon)

The xinetd daemon (a program running in background) is a TCP wrapped super service which controls access to a subset of popular network services including FTP, IMAP, and Telnet. Extended Internet Services Daemon Accept client request from Internet Redirect to corresponding service

It also provides service-specific configuration options for access control, enhanced logging, binding, redirection, and resource utilization control.

34

xinetd (Cont)

The configuration files for xinetd are as follows: /etc/xinetd.conf — The global xinetd

configuration file /etc/xinetd.d/ directory — The directory

containing all service-specific files Restart the service

/etc/rc.d/init.d/xinetd restartOr service xinetd restart

35

How xinetd works

When a client host attempts to connect to a network service controlled by xinetd, the super service receives the request and checks for any TCP wrappers access control rules.

If access is allowed, xinetd verifies that the connection is allowed under its own access rules for that service and that the service is not consuming more than its allocated amount of resources or in breach of any defined rules.

It then starts an instance of the requested service and passes control of the connection to it. Once the connection is established, xinetd does not interfere further with communication between the client host and the server.

36

xinetd Configuration File

General configuration settings which effect every service under xinetd's control

It is read once when the xinetd service is started

defaults{ instances = 60 log_type = SYSLOG authpriv log_on_success = HOST PID log_on_failure = HOST cps = 25 30}includedir /etc/xinetd.d

37

xinetd Configuration Files Parameters

instances — Sets the maximum number of requests xinetd can handle at once.

log_type — Configures xinetd to use the authpriv log facility, which writes log entries to the /var/log/secure file

log_on_success — Configures xinetd to log if the connection is successful

log_on_failure — Configures xinetd to log if there is a connection failure or if the connection is not allowed

38

xinetd Configuration Files Parameters (Cont)

cps — Configures xinetd to allow no more than 25 connections per second to any given service. . If this limit is reached, the service is retired for 30 seconds.

includedir /etc/xinetd.d/ — Includes options declared in the service-specific configuration files located in the /etc/xinetd.d/ directory

39

The /etc/xinetd.d/ Directory

Contains the configuration files for each service managed by xinetd and the names of the files correlate to the service

The format of files in the /etc/xinetd.d/ directory use the same conventions as /etc/xinetd.conf. The primary reason the configuration for each service is stored in separate file is to make customization easier and less likely to effect other services

40

Example - telnet

/etc/xinetd.d/telnet

service telnet{ flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = yes}

41

/etc/xinetd.d/ Configuration Files Parameters

service — Defines the service name, usually to match a service listed in the /etc/services file.

flags — Sets any of a number of attributes for the connection. REUSE instructs xinetd to reuse the socket for a Telnet connection.

socket_type — Sets the network socket type to stream. wait — Defines whether the service is single-threaded (yes) or

multi-threaded (no). user — Defines what user ID the process process will run under. server — Defines the binary executable to be launched. log_on_failure — Defines logging parameters for log_on_failure

in addition to those already defined in xinetd.conf. disable — Defines whether or not the service is active.

42

/etc/hosts.allow and /etc/hosts.deny

Using TCP wrappers to manage access to certain network services

Any network services managed by xinetd can use TCP wrappers to manage access

xinetd can use the /etc/hosts.allow and /etc/hosts.deny files to configure access to system services

hosts.allow - a list of rules that allow clients to access the network services controlled by xinetd

hosts.deny - rules to deny access

43

/etc/hosts.allow and /etc/hosts.deny Flowchart

/etc/hosts.allow

/etc/hosts.deny

Allow

Notspecify

Client Request

Deny

Not specify

Reject Connection

Redirect Service

Redirect Service

44

Configure Network Interfaces (using ifconfig command)

ifconfig command enables or disables a network interface (or using ifup / ifdown)

sets its IP address and subnet mask sets various other options and parameters e.g.ifconfig eth0 192.168.10.1 netmask 255.255.255.0

45

Configure Static Routes / Default Gateway

route command Defines static routes, explicit routing table entries that never

change e.g.route add -net 192.168.10.0 netmask 255.255.255.0 gw

192.168.100.254

Default Gateway Causes all packets whose destination network is not found in

the kernel’s routing table to be sent to the indicated gateway e.g.

• route add default gw 172.20.0.1

46

Static Route and Dynamic Route

A static route is a route that is created manually by a network administrator.

The opposite of a static route is a dynamic route. Dynamic routes are created by routing protocols.

47

Dynamic Reconfiguration and Tuning

Linux put a representation of kernel and networking parameters that can be tuned into the /proc filesystem

The important networking variables are in /proc/sys/net/ipv4

48

IPv4 IPv4 is version 4 of the Internet Protocol (IP). It was the first

version of the Internet Protocol to be widely deployed, and forms the basis for most of the current Internet (as of 2004).

It is described in IETF RFC 791, which was first published in September, 1981.

IPv4 uses 32-bit addresses, limiting it to 4294967296 unique addresses, many of which are reserved for special purposes such as local networks or multicast addresses, reducing the number of addresses that can be allocated as public Internet addresses.

As the number of addresses available is consumed, an IPv4 address shortage appears to be inevitable in the long run.

49

IPv6

IPv6, or Internet Protocol version 6, is a network layer standard; i.e., it governs the addressing and routing of data packets through a network.

IPv6 is intended to replace the IPv4 standard, whose limits on network addresses will eventually lead to exhaustion of available addresses..

IPv4 supports 4,294,967,296 (4.294 × 109) addresses, inadequate for giving even one address to every living person, much less cars, phones, PDAs, and toasters; while IPv6 supports about 3.4 × 1038 (340 undecillion) addresses -- about 4.3 × 1020 (430 quintillion) addresses per square inch (6.7 × 1017 (670 quadrillion) addresses/mm²) of the Earth's surface.