Linux TCP/IP Network Administration

• The comprehensive, one-stop TCP/IP resource guide for every Linux netadmin!
• Applied coverage of the entire protocol stack
• Covers every key TCP/IP application: DNS, DHCP, sendmail, NFS, Samba, and more
• All examples thoroughly tested on four leading Linux distributions
• Includes advanced coverage of firewalls, OSPF, BGP, routing policies, QoS, and more

The authoritative, comprehensive guide to Linux TCP/IP networking!

Linux TCP/IP Network Administration offers a comprehensive tutorial on the fundamentals of Linux TCP/IP networking for new and intermediate-level network administrators, detailed coverage of advanced topics for experienced administrators, and wide-ranging reference material on the entire TCP/IP protocol stack for all Linux professionals.

Long-time Linux netadmin Scott Mann covers the Linux TCP/IP protocol stack from bottom to top, offering practical, up-to-date guidance for implementing, managing, and troubleshooting any TCP/IP network or application. You'll find detailed coverage of all this, and more:

• Routing and routing table management daemons
• Superior techniques for running RIPv2, OSPF, and BGP
• Linux firewall security: effective use of ipchains and iptables
• iproute2: advanced routing policies, traffic control, and QoS
• Implementing, securing, and troubleshooting key network applications
• DNS, NIS, LDAP, DHCP, NFS, sendmail, and Samba

Linux TCP/IP Network Administration includes hundreds of real-world implementation examples and commands tested on five major Linuxdistributions: Red Hat, Caldera, SuSe, and Debian. Whatever your environment, whatever your expertise, there's never been a Linux networking guide this complete, this authoritative, or this useful!

Contents

Preface

A Note about Linux Distributions

Linux Documentation

Prerequisites

Typographical Conventions

Errata and Contacts

Acknowledgments

1: An Introduction to TCP/IP

Computer Networking

Network Types

Network Models

OSI-RM

The TCP/IP Network Model

The Client-Server Model

Request for Comment

Institute of Electrical and Electronics Engineers (IEEE)

The Internet, TCP/IP, and Other Stacks

Summary

For Further Reading

Books

WWW Resources

2: Hardware and Network Interface Layers: Network Access

Hardware Layer

Media

NIC Types

Network Interface Layer

Technologies

Topologies

Media Access Method

Switches

Ethernet

Linux Network Access Implementation

Linux Supported NICs

Linux Ethernet NIC Configuration

Manually Configuring NICs

Summary

For Further Reading

Books

WWW and Online Resources

3: Between the Network Interface and Internet Layers: Address Resolution Protocol

ARP, RARP, and the TCP/IP Model

The Purpose of ARP

ARP Request/Reply

The ARP Cache

Viewing the ARP Cache

Manipulating the ARP Cache

The arpwatch Daemon

A Related Protocol: RARP

Viewing Network Packets

Tcpdump

Ethereal

Summary

For Further Reading

Books

WWW and Online Resources

4: The Internet Layer: IPv4

The Internet Protocol

IPv4 Datagram

IPv4 Helper Protocols

IPv4 Addressing

Multicast Addresses

The Remaining IPv4 Address Space

The Netmask

Broadcast Addresses

Reserved Addresses

Assignment of Internet Addresses

Configuring NICs

ifconfig Syntax

Setting up an Interface

ifconfig Flags

Configuring IP Aliases

Other ifconfig Options and Details

Start-up Scripts and NIC Configuration Files

Red Hat 6.2

Caldera 2.4

Debian 2.1

SuSE 6.4

Hostname Resolution

The /etc/hosts File

Unresolvable Hostnames

Summary

What's Next

For Further Reading

5: The Internet Layer: IPv6

IPv6 Datagram

Traffic Class

Flow Label

Payload Length

Next Header

Hop Limit

Extension Headers

ICMPv6

IGMP and IPv6

IPv6 Addressing

IPv6 Address Representation

IPv6 Address Types and Definitions

Unicast Addresses

Multicast Addresses

Anycast Addresses

Special Addresses

Experimental Addresses

NSAP and IPX

Neighbor Discovery

The Current State of the Linux IPv6 Implementation

Summary

For Further Reading

Books

WWW Resources

6: The Internet Layer: Routing

A Simple Routing Example

Introducing Linux Routing Tables

Configuring the Linux Router

A Simple Routing Algorithm

The Routing Process

The ping Utility

An Intermediate Routing Example

ICMP Redirects

Multiple Routes

Some Basic Routing Table Construction Guidelines

A Note about Hostnames

A More Complex Routing Example

Route Aggregation and CIDR

Multicast Routing

Linux Multicast Support

Multicast Applications

Routing Multicast Packets

What about IPv6?

Default Free Routers

Summary

For Further Reading

Books

WWW Resources

7: The Transport Layer

The Protocols

Service Ports

User Datagram Protocol

Transmission Control Protocol

The TCP Header

Initial Connection Three-Way Handshake

Continuing Communications

Closing a Connection

TCP Tunable Kernel Parameters

TCP Security Issues

Use of TCP versus UDP

Summary

For Further Reading

8: The Application Layer

The Client-Server Model

Services and Ports

Indirect Servers: inetd, xinetd, and portmap

The /etc/inetd.conf Configuration File

TCP_Wrappers

Access Control with TCP_Wrappers

TCP_Wrappers Utility Programs

TCP_Wrappers Vulnerabilities

Access Control and the Portmapper

Implementing Portmapper Access Control

The portmap Log Entries

Gracefully Terminating and Recovering the Portmapper

Portmapper Vulnerabilities

Replacing inetd with xinetd

Advantages of xinetd

Disadvantages of xinetd

Obtaining xinetd

The xinetd Configuration File

The xinetd Daemon

Which One Should I Use?

Summary

For Further Reading

9: Troubleshooting and Monitoring

Troubleshooting Tips

Splitting the Stack with ping

Network Monitoring and Troubleshooting Utilities

Ping

Traceroute

ARP Tools

Ifconfig

Route

Netstat

socklist

Netcat

Ethereal

Iptraf

Simple Network Management Protocol (SNMP)

Other Tools

Summary

For Further Reading

10: Network Applications

Domain Name Service

DNS Domain Name Hierarchy

DNS Server Types and Configuration Files

BIND Software

Dynamic Host Configuration Protocol

Remote Filesystems

Network File System

Samba

Other Remote Filesystems

Network Information Service

Lightweight Directory Access Protocol

Electronic Mail

X Window System

Summary

11: Introducing Dynamic Routing Table Management

Autonomous Systems

Protocol Types

Distance Vector Protocols

Link State Protocols

Path Vector Protocols

The gated Daemon

Obtaining, Compiling, and Installing gated

The gated Daemon

The /etc/gated.conf Configuration File

The gdc Helper Utility

RIP

RIPv1 and RIPv2

Configuring gated for RIPv1 and RIPv2

Router Discovery

Configuring gated for Router Discovery

A Routing Example

Implementing RIP and Router Discovery with gated?

An Example

Configuring golden

Configuring beauregard and tigger

Configuring foghorn

Configuring topcat and eeyore

Configuring the Hosts

One More Thing

Troubleshooting with gated

Summary

For Further Reading

Books

WWW Resources

12: OSPF

OSPF Overview

OSPF Basics

OSPF Hierarchies and Other Routing Domains

Summary of OSPF Terms

Implementing OSPF with gated

The ospf Stanza

Manually Specifying routerid

Importing and Exporting OSPF Routes

A Few Other Configuration Notes

A Flat OSPF Domain Example

Example Goals

Configuring golden

Configuring beauregard and tigger

Configuring foghorn, eeyore, and topcat

Configuring the Hosts

Interlude: Using the ospf_monitor Utility

Examples Using OSPF Areas

Building an Area for Route Aggregation

Implementing Multiple Areas

The backbone Area

Areas 0.0.0.1, 0.0.0.2, 0.0.0.3, 0.0.0.4, and 0.0.0.5

Area 0.0.2.1

Hosts

RIP or OSPF?

GNU Zebra

Summary

For Further Reading

Books

WWW Resources

13: BGP

BGP Overview

Update Messages and Attributes

E-BGP and I-BGP

BGP Route Selection

Practical Enhancements to BGP

Implementing BGP with gated

gated BGP Syntax

Implementing BGP

Summary

For Further Reading

14: ipchains: Address Translation, IP Accounting, and Firewalls

What is a Firewall?

Packet Filtering

Configuring the Kernel for ipchains

ipchains Overview

Behavior of a Chain

Malformed Packets

Analysis of an Inbound Packet

Analysis of an Outbound Packet

The Loopback Interface

Custom Chains

Introduction to Using ipchains

The ipchains Command

Some Simple Examples

Packet Fragments

Accounting

IP Masquerading

Adding Custom Chains

ICMP Rules in a Custom Chain

Antispoofing Rules

Rule Ordering Is Important! Saving and Restoring Rules

Rule Writing and Logging Tips

Changing Rules

Building Your Firewall

Small Internal Network

Simple Internal Network Using DHCP

ipchains Isn't Just for Firewalls!

A Few More Things

Supplementary Utilities

Other Examples

Port Forwarding

The fwconfig GUI

Mason

The Network Mapper (nmap)

Additional Firewall Software

Virtual Private Networks and Encrypted Tunnels

The Next Generation

Summary

For Further Reading

ipchains Documentation

Masquerading Documentation

ISP Connectivity-Related Resources

General Firewall References

DMZ Resources

Cryptography References

General Security References

15: Netfilter: Address Translation, IP Accounting, and Firewalls

Netfilter Overview

The filter Table

The nat Table

The mangle Table

Netfilter Flowchart

The iptables Utility

Flags or Commands of iptables

Options to iptables

iptables Extensions

iptables Actions

iptables Examples

Chain Policies

Some Basic Rules

Connection Tracking

NAT Rules

Using Existing ipchains Rules

Summary

For Further Reading

16: iproute2 And Other Routing Topics

Routing and iproute2

Reconfiguring the Kernel

iproute2 Commands: ip, rtmon, rtacct, and tc

The ip and rtmon Commands

Realms and the rtacct Command

Routing Policies

Source IP Address Decisions

Mark Values

Masquerading Multiple Addresses

Route NAT

Tunneling

IPv4 Within IPv4 Tunnels

IPv6 Within IPv4 Tunnels

Traffic Control

TOS, Differentiated Services, and Integrated Services

Queueing Disciplines

Example Using the tc Command

The Real Routing Algorithm

Switching

Tuning Linux for Routing

Summary

For Further Reading

Books

WWW Resources

Index