Goals for this chapter:
|
rpm packages covered in this chapter:
|
A concept of network born in the middle of the 80. Different RFC (Request-For-Comments) creates the actual standard from the ARPA-Internet community as well as the TCP/IP, IP address ethernet assignment and NFS.
This chapter covers the Networking between UNIX systems from a technical point of view, as well as Network Security for the Internet (remote) or the Intranet (local).
There are different UNIX flavors from the original AT & T and BSD that then merges to create the X/Open standard, However basically the most important efforts are made in BSD (Berkeley Software Design) at Berkeley University.
For example, the TCP/IP is covered in the RFC 2151.txt A Primer On Internet and TCP/IP Tools and Utilities, and also in RFC 1180.txt and others. While the NFS was invented by Sun Microsystems and is explained in the RFC 1014.txt.
Everything about Networking, from IP numbers assignation, from FTP/Telnet, from NFS ... etc is covered in the RFC files.
The actual repository is: http://www.rfc-editor.org/
For example the search for TCP/IP will offers the following screen:
The concept of a network is based on different technologies. These technologies regards the protocols used by the different computers to connect each others. For example, IBM was probably the first company to offers these solution ... logically at a very high costs. Then, was the time for Apple with AppleTalk, still present (Check Chapter N6. Integrating Linux on Appletalk ). Then was the time for Novell Netware, offering probably the better Network Operating System ever made; however a little closed. Microsoft introduce its its NetBIOS to common Desktop system offering simplicity but also low security.
UNIX with its TCP/IP is the better solution ever made to create a network, and is the system actually worldwide adopted by local networks and the Internet.
Whatever is the system or protocol two or more computers interact there are a flow of bytes (data) from one system to another.
This may be checked on Linux (and also on MS Windows 2000 or Mac OSX), with the program ping.
[root@ftosx1 root]# ping thunder
PING thunder.futuretg.com (192.168.1.61) from 192.168.1.93 :
56(84) bytes of data.
64 bytes from thunder.futuretg.com (192.168.1.61): icmp_seq=0
ttl=64 time=751 usec
64 bytes from thunder.futuretg.com (192.168.1.61): icmp_seq=1
ttl=64 time=210 usec
--- thunder.futuretg.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.210/0.480/0.751/0.271 ms
[root@ftosx1 root]#
Note that the remote system have its name: "thunder" this is the "alias" for the local network. All these alias or hosts are listed in the file: "/etc/hosts"
[root@ftosx1 root]# more /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
192.168.1.90 ix.futuretg.com
imacosx
192.168.1.64 earth.futuretg.com
earth
192.168.1.66 heaven.futuretg.com
heaven
192.168.1.61 thunder.futuretg.com
thunder
192.168.1.60 world.futuretg.com
world
192.168.1.69 www.futuretg.com
www
192.168.1.93 ftosx1.futuretg.com
ftosx1
127.0.0.1 localhost.localdomain
localhost
[root@ftosx1 root]#
Therefore, run the commands:
[root@ftosx1 root]# ping thunder
and
[root@ftosx1 root]# ping 192.168.1.61
are similar or equivalent. But the alias name "thunder" is used by different programs and UNIX/Linux, like X Window System, NFS and others.
Of course, a corrispondance is expected in the network; for example, if ftosx1 is 192.168.1.93 and list thunder as 192.168.1.61. The computer thunder necessary need to list ftosx, and with its IP number.
Is clear from BASE course that Intranet or Local Network have the number: 192.168.X.Y, and these numbers will be never used in Internet.
These concept was introduced in the Base course Chapter B11 The Local Network.
Is clear that each computer have a network interface. Generally is an Ethernet interface: eth0; however also Token ring: tr0, continues to be used.
Each interface have assigned an IP number and dialogue with the other computer.
A simple interface may be the following:
Another information we note is the number of bytes.
[root@ftosx1 root]# ping world
PING world.futuretg.com (192.168.1.60) from 192.168.1.93 : 56(84)
bytes of data.
Warning: time of day goes back, taking countermeasures.
64 bytes from world.futuretg.com (192.168.1.60): icmp_seq=0
ttl=255 time=751 usec
64 bytes from world.futuretg.com (192.168.1.60): icmp_seq=1
ttl=255 time=231 usec
64 bytes from world.futuretg.com (192.168.1.60): icmp_seq=2
ttl=255 time=221 usec
64 bytes from world.futuretg.com (192.168.1.60): icmp_seq=3
ttl=255 time=224 usec
--- world.futuretg.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.221/0.356/0.751/0.228 ms
[root@ftosx1 root]#
There are by default 64 bytes of data that the local host send to the remote. 64 = 2^6. Of course we can send 1 byte or 10 bytes.
To send 1 byte we can use the "-s" parameter.
[root@ftosx1 root]# ping -s 1 world
PING world.futuretg.com (192.168.1.60) from 192.168.1.93 : 1(29)
bytes of data.
9 bytes from world.futuretg.com (192.168.1.60): icmp_seq=0 ttl=255
--- world.futuretg.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
[root@ftosx1 root]#
Note that if we send "1" byte, we will get "9". The 8 additional bytes are the ICMP header. ICMP stand for Internet Control Message Protocol.
The same is valid for Internet systems, of course we are using the same command:
[root@ftosx1 root]# ping www.netsol.com
PING www.netsol.com (216.168.224.111) from 192.168.1.93 : 56(84)
bytes of data.
64 bytes from www.netsol.com (216.168.224.111): icmp_seq=0 ttl=237
time=199.401 msec
64 bytes from www.netsol.com (216.168.224.111): icmp_seq=1 ttl=237
time=199.898 msec
64 bytes from www.netsol.com (216.168.224.111): icmp_seq=2 ttl=237
time=189.945 msec
--- www.netsol.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/mdev = 189.945/196.414/199.898/4.607
ms
[root@ftosx1 root]#
If we can ping or check all the routers that a local packet touch we need to run the following command:
[root@ftosx1 root]# traceroute www.netsol.com
traceroute to www.netsol.com (216.168.224.111), 30 hops max,
38 byte packets
1 www (192.168.1.63) 2.203 ms 0.124
ms 0.112 ms
2 80.204.186.97 (80.204.186.97) 1.353 ms
1.223 ms 1.168 ms
3 80.204.176.229 (80.204.176.229) 81.943 ms
89.563 ms 92.304 ms
4 217.222.3.161 (217.222.3.161) 81.909 ms
92.918 ms 91.274 ms
5 217.222.7.181 (217.222.7.181) 86.194 ms
91.524 ms 91.709 ms
6 217.222.6.93 (217.222.6.93) 102.311 ms
94.693 ms 96.053 ms
7 mi8-datacom-2-it.seabone.net (195.22.205.85)
109.515 ms 94.670 ms 106.422 ms
8 sl-gw10-mil-9-1.sprintlink.net (217.147.129.89)
102.284 ms 98.252 ms 101.804 ms
9 sl-bb20-mil-8-0.sprintlink.net (217.147.128.38)
95.910 ms 96.199 ms 93.880 ms
10 sl-bb21-par-12-0.sprintlink.net (213.206.129.25)
125.753 ms 121.831 ms 110.712 ms
11 sl-bb20-lon-13-0.sprintlink.net (213.206.129.69)
125.687 ms 141.987 ms 122.616 ms
12 sl-bb21-lon-15-0.sprintlink.net (213.206.128.38)
121.441 ms 129.063 ms 123.726 ms
13 sl-bb20-msq-10-0.sprintlink.net (144.232.19.69)
193.573 ms 193.853 ms 201.416 ms
14 sl-bb20-rly-15-1.sprintlink.net (144.232.19.94)
196.235 ms 191.661 ms 193.598 ms
15 sl-gw2-rly-0-0-0.sprintlink.net (144.232.25.251)
194.136 ms 195.906 ms 198.284 ms
16 sl-netsolut-2-0-0.sprintlink.net (144.232.184.78)
208.237 ms 201.662 ms 196.111 ms
17 www.netsol.com (216.168.224.111) 202.130 ms
196.256 ms 203.497 ms
[root@ftosx1 root]#
In the last days is very frequent to use the TTL command in the DNS configuration. The TTL is the number of IP routers that the packet will touch before being thrown away. The TCP/IP specification states that the TTL field for TCP packets should be set to 60, but many systems use smaller values (4.3 BSD uses 30, 4.2 used 15). The RFC that regards the use of TTL with DNS is 1035.
Almost everything in a Network regards routing. The routing is a mode where packets transit between different network cards. The BSD Networking offers a complete set of Utilities that interact with the Kernel, or work independently.
For example we have: "route", "arp", "netstat", "tcpdump" and others.
Now we will introduce the "route" command.
The command "route"
The command route fix the map in a sequential mode. Basically, nothing is necessary to do after the network and gateway IP address setup.
Note the following data:
[root@www root]# route -v
Kernel IP routing table
Destination Gateway
Genmask Flags Metric Ref
Use Iface
80.204.186.96 *
255.255.255.240 U 0
0 0 eth0
192.168.1.0 *
255.255.255.0 U 0
0 0 eth1
127.0.0.0 *
255.0.0.0 U
0 0
0 lo
default 80.204.186.97
0.0.0.0 UG
0 0
0 eth0
[root@www root]#
However, for some particular setting like install a Satellite Route, may be necessary to use commands like:
route add -host 194.25.200.133 ippp0
to add a route or "route del" can be removed :
route -n del 0.0.0.0
The command "arp"
The most common program that regards the ARP (Address Resolution Protocol), is the "arp". There are various mode to use it.
The most classical is:
[root@ftosx1 root]# arp
Address
HWtype HWaddress
Flags Mask
Iface
www.futuretg.com ether
00:50:FC:2D:D1:F2 C
eth0
[root@ftosx1 root]#
Note the Physical address (Hardware).
Other is, including "all" the information with the "-a" flag.
[root@ftosx1 root]# arp -a
? (192.168.1.91) at 00:0A:27:92:50:6E [ether] on eth0
www.futuretg.com (192.168.1.63) at 00:50:FC:2D:D1:F2 [ether]
on eth0
[root@ftosx1 root]#
Note that the command "arp" may not recognize some entries. Note the following output:
[root@ftosx1 root]# arp -a
? (192.168.1.91) at 00:0A:27:92:50:6E [ether] on eth0
www.futuretg.com (192.168.1.63) at 00:50:FC:2D:D1:F2 [ether]
on eth0
[root@ftosx1 root]# ping thunder
PING thunder.futuretg.com (192.168.1.61) from 192.168.1.93 :
56(84) bytes of data.
Warning: time of day goes back, taking countermeasures.
64 bytes from thunder.futuretg.com (192.168.1.61): icmp_seq=0
ttl=64 time=862 usec
64 bytes from thunder.futuretg.com (192.168.1.61): icmp_seq=1
ttl=64 time=285 usec
--- thunder.futuretg.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.285/0.573/0.862/0.289 ms
[root@ftosx1 root]# arp -a
? (192.168.1.91) at 00:0A:27:92:50:6E [ether] on eth0
thunder.futuretg.com (192.168.1.61) at 00:A0:CC:30:7E:07 [ether]
on eth0
www.futuretg.com (192.168.1.63) at 00:50:FC:2D:D1:F2 [ether]
on eth0
[root@ftosx1 root]# ping world
PING world.futuretg.com (192.168.1.60) from 192.168.1.93 : 56(84)
bytes of data.
Warning: time of day goes back, taking countermeasures.
64 bytes from world.futuretg.com (192.168.1.60): icmp_seq=0
ttl=255 time=897 usec
--- world.futuretg.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.897/0.897/0.897/0.000 ms
[root@ftosx1 root]# arp -a
? (192.168.1.91) at 00:0A:27:92:50:6E [ether] on eth0
thunder.futuretg.com (192.168.1.61) at 00:A0:CC:30:7E:07 [ether]
on eth0
world.futuretg.com (192.168.1.60) at 00:A0:CC:30:A5:AA [ether]
on eth0
www.futuretg.com (192.168.1.63) at 00:50:FC:2D:D1:F2 [ether]
on eth0
[root@ftosx1 root]#
Neither now is listed the entry: "192.168.1.61".
Why is we run:
[root@ftosx1 root]# ping 192.168.1.91
PING 192.168.1.91 (192.168.1.91) from 192.168.1.93 : 56(84)
bytes of data.
Warning: time of day goes back, taking countermeasures.
64 bytes from 192.168.1.91: icmp_seq=0 ttl=255 time=1.260 msec
64 bytes from 192.168.1.91: icmp_seq=1 ttl=255 time=1.168 msec
--- 192.168.1.91 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/mdev = 1.168/1.214/1.260/0.046 ms
We will continue to get ?
[root@ftosx1 root]# arp -a
? (192.168.1.91) at 00:0A:27:92:50:6E [ether] on eth0
thunder.futuretg.com (192.168.1.61) at 00:A0:CC:30:7E:07 [ether]
on eth0
world.futuretg.com (192.168.1.60) at 00:A0:CC:30:A5:AA [ether]
on eth0
www.futuretg.com (192.168.1.63) at 00:50:FC:2D:D1:F2 [ether]
on eth0
[root@ftosx1 root]#
The reason is simple. Because the ".91" is not listed in the "/etc/hosts".
[root@ftosx1 root]# more /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
192.168.1.90 imacosx.futuretg.com
imacosx
192.168.1.64 earth.futuretg.com
earth
192.168.1.66 heaven.futuretg.com
heaven
192.168.1.61 thunder.futuretg.com
thunder
192.168.1.60 world.futuretg.com
world
192.168.1.63 www.futuretg.com
www
192.168.1.93 ftosx1.futuretg.com
ftosx1
127.0.0.1 localhost.localdomain
localhost
[root@ftosx1 root]#
Of course is necessary to check locally the network.
After we entry the ".91", system that is an iMac, we will get the right result. While MacOS X is a UNIX based system that haves its "/etc/hosts", the Mac OS 9 (or previous) does not have these entries.
Now we add the entry!
[root@ftosx1 root]# echo "192.168.1.91 imacverde.futuretg.com imacverde" >> /etc/hosts
... and get the right result
[root@ftosx1 root]# arp -a
imacverde.futuretg.com (192.168.1.91) at 00:0A:27:92:50:6E [ether]
on eth0
thunder.futuretg.com (192.168.1.61) at 00:A0:CC:30:7E:07 [ether]
on eth0
www.futuretg.com (192.168.1.63) at 00:50:FC:2D:D1:F2 [ether]
on eth0
[root@ftosx1 root]#
Therefore the same "/etc/hosts" (if possible because a Mac or MS Windows may don't have one) inside a Network will create a compatible and clear panorama on the network.
Using basically "arp" is possible to built automatically a Network map.
The command "netstat"
The netstat command is for network statistics.
[root@ftosx1 root]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address
Foreign Address State
tcp 0
0 *:1024
*:*
LISTEN
tcp 0
0 *:pop3s
*:*
LISTEN
tcp 0
0 *:afpovertcp
*:*
LISTEN
tcp 0
0 *:pop3
*:*
LISTEN
tcp 0
0 *:imap
*:*
LISTEN
tcp 0
0 *:finger
*:*
LISTEN
tcp 0
0 *:sunrpc
*:*
LISTEN
tcp 0
0 *:x11
*:*
LISTEN
tcp 0
0 *:ftp
*:*
LISTEN
tcp 0
0 *:ssh
*:*
LISTEN
tcp 0
0 localhost.localdom:smtp *:*
LISTEN
tcp 0
0 ftosx1.futur:afpovertcp imacverde.futuret:49170 ESTABLISHED
tcp 0
0 ftosx1.futuretg.com:x11 www.futuretg.com:34633 ESTABLISHED
udp 0
0 *:1024
*:*
udp 0
0 *:903
*:*
udp 0
0 *:sunrpc
*:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type
State I-Node Path
unix 2 [ ACC ]
STREAM LISTENING 1231
/tmp/.font-unix/fs7100
unix 2 [ ACC ]
STREAM LISTENING 1602
/tmp/mcop-root/ftosx1_futuretg_com-0565-3ca2ce96
unix 14 [ ]
DGRAM
815 /dev/log
unix 2 [ ACC ]
STREAM LISTENING 1439
/tmp/.X11-unix/X0
unix 2 [ ACC ]
STREAM LISTENING 1502
/tmp/ksocket-root/kdeinit-:0
unix 2 [ ACC ]
STREAM LISTENING 1509
/tmp/.ICE-unix/1366
unix 2 [ ACC ]
STREAM LISTENING 1535
/tmp/ksocket-root/klauncherzlUg8b.slave-socket
unix 2 [ ACC ]
STREAM LISTENING 1630
/tmp/.ICE-unix/1391
unix 2 [ ACC ]
STREAM LISTENING 1176
/dev/gpmctl
unix 2 [ ]
DGRAM
2925
unix 3 [ ]
STREAM CONNECTED 2602
/tmp/.ICE-unix/1366
unix 3 [ ]
STREAM CONNECTED 2601
unix 3 [ ]
STREAM CONNECTED 2599
/tmp/.ICE-unix/1391
unix 3 [ ]
STREAM CONNECTED 2598
unix 3 [ ]
STREAM CONNECTED 2596
/tmp/.X11-unix/X0
unix 3 [ ]
STREAM CONNECTED 2595
unix 3 [ ]
STREAM CONNECTED 2383
/tmp/.X11-unix/X0
unix 3 [ ]
STREAM CONNECTED 2382
unix 3 [ ]
STREAM CONNECTED 1826
/tmp/.ICE-unix/1391
unix 3 [ ]
STREAM CONNECTED 1825
unix 3 [ ]
STREAM CONNECTED 1822
/tmp/.X11-unix/X0
unix 3 [ ]
STREAM CONNECTED 1819
unix 3 [ ]
STREAM CONNECTED 1807
/tmp/.ICE-unix/1366
unix 3 [ ]
STREAM CONNECTED 1806
unix 3 [ ]
STREAM CONNECTED 1804
/tmp/.ICE-unix/1366
unix 3 [ ]
STREAM CONNECTED 1803
unix 3 [ ]
STREAM CONNECTED 1800
/tmp/.ICE-unix/1366
unix 3 [ ]
STREAM CONNECTED 1799
unix 3 [ ]
STREAM CONNECTED 1796
/tmp/.ICE-unix/1391
unix 3 [ ]
STREAM CONNECTED 1795
unix 3 [ ]
STREAM CONNECTED 1793
/tmp/.ICE-unix/1366
unix 3 [ ]
STREAM CONNECTED 1792
unix 3 [ ]
STREAM CONNECTED 1791
/tmp/.ICE-unix/1391
unix 3 [ ]
STREAM CONNECTED 1790
unix 3 [ ]
STREAM CONNECTED 1788
/tmp/.X11-unix/X0
unix 3 [ ]
STREAM CONNECTED 1787
unix 3 [ ]
STREAM CONNECTED 1782
/tmp/.ICE-unix/1391
unix 3 [ ]
STREAM CONNECTED 1781
unix 3 [ ]
STREAM CONNECTED 1779
/tmp/.X11-unix/X0
unix 3 [ ]
STREAM CONNECTED 1778
unix 3 [ ]
STREAM CONNECTED 1770
/tmp/.X11-unix/X0
unix 3 [ ]
STREAM CONNECTED 1769
unix 3 [ ]
STREAM CONNECTED 1760
/tmp/.ICE-unix/1391
unix 3 [ ]
STREAM CONNECTED 1759
unix 4 [ ]
STREAM CONNECTED 1745
/tmp/.X11-unix/X0
unix 3 [ ]
STREAM CONNECTED 1744
unix 3 [ ]
STREAM CONNECTED 1739
/tmp/.ICE-unix/1366
unix 3 [ ]
STREAM CONNECTED 1738
unix 3 [ ]
STREAM CONNECTED 1716
/tmp/.ICE-unix/1391
unix 3 [ ]
STREAM CONNECTED 1715
unix 3 [ ]
STREAM CONNECTED 1703
/tmp/.X11-unix/X0
unix 3 [ ]
STREAM CONNECTED 1702
unix 3 [ ]
STREAM CONNECTED 1697
/tmp/.ICE-unix/1366
unix 3 [ ]
STREAM CONNECTED 1696
unix 3 [ ]
STREAM CONNECTED 1679
/tmp/.ICE-unix/1391
unix 3 [ ]
STREAM CONNECTED 1678
unix 3 [ ]
STREAM CONNECTED 1670
/tmp/.X11-unix/X0
unix 3 [ ]
STREAM CONNECTED 1669
unix 3 [ ]
STREAM CONNECTED 1666
/tmp/.ICE-unix/1366
unix 3 [ ]
STREAM CONNECTED 1665
unix 3 [ ]
STREAM CONNECTED 1659
/tmp/.X11-unix/X0
unix 3 [ ]
STREAM CONNECTED 1658
unix 3 [ ]
STREAM CONNECTED 1655
/tmp/.ICE-unix/1366
unix 3 [ ]
STREAM CONNECTED 1654
unix 3 [ ]
STREAM CONNECTED 1648
/tmp/.ICE-unix/1366
unix 3 [ ]
STREAM CONNECTED 1647
unix 3 [ ]
STREAM CONNECTED 1642
/tmp/.ICE-unix/1391
unix 3 [ ]
STREAM CONNECTED 1641
unix 3 [ ]
STREAM CONNECTED 1639
/tmp/.X11-unix/X0
unix 3 [ ]
STREAM CONNECTED 1638
unix 3 [ ]
STREAM CONNECTED 1634
/tmp/mcop-root/ftosx1_futuretg_com-0565-3ca2ce96
unix 3 [ ]
STREAM CONNECTED 1633
unix 3 [ ]
STREAM CONNECTED 1629
/tmp/.ICE-unix/1366
unix 3 [ ]
STREAM CONNECTED 1628
unix 3 [ ]
STREAM CONNECTED 1626
/tmp/.X11-unix/X0
unix 3 [ ]
STREAM CONNECTED 1625
unix 3 [ ]
STREAM CONNECTED 1612
/tmp/.X11-unix/X0
unix 3 [ ]
STREAM CONNECTED 1611
unix 3 [ ]
STREAM CONNECTED 1606
/tmp/.ICE-unix/1366
unix 3 [ ]
STREAM CONNECTED 1605
unix 3 [ ]
STREAM CONNECTED 1570
/tmp/.X11-unix/X0
unix 3 [ ]
STREAM CONNECTED 1569
unix 3 [ ]
STREAM CONNECTED 1562
/tmp/.X11-unix/X0
unix 3 [ ]
STREAM CONNECTED 1561
unix 3 [ ]
STREAM CONNECTED 1546
/tmp/.ICE-unix/1366
unix 3 [ ]
STREAM CONNECTED 1545
unix 3 [ ]
STREAM CONNECTED 1531
/tmp/.ICE-unix/1366
unix 3 [ ]
STREAM CONNECTED 1530
unix 3 [ ]
STREAM CONNECTED 1522
unix 3 [ ]
STREAM CONNECTED 1521
unix 4 [ ]
STREAM CONNECTED 1444
/tmp/.X11-unix/X0
unix 3 [ ]
STREAM CONNECTED 1441
unix 2 [ ]
DGRAM
1394
unix 2 [ ]
DGRAM
1300
unix 2 [ ]
DGRAM
1299
unix 2 [ ]
DGRAM
1256
unix 2 [ ]
DGRAM
1234
unix 2 [ ]
DGRAM
1183
unix 2 [ ]
DGRAM
1132
unix 2 [ ]
DGRAM
1077
unix 2 [ ]
DGRAM
980
unix 2 [ ]
DGRAM
869
unix 2 [ ]
DGRAM
824
unix 2 [ ]
STREAM CONNECTED 479
Active IPX sockets
Proto Recv-Q Send-Q Local Address
Foreign Address
State
[root@ftosx1 root]#
Note the different types of used protocols:
We will cover these matter in "xinetd.conf" configuration files.
The command "tcpdump"
The "tcpdump" is a simple program that dump the configuration file.
[root@www root]# tcpdump
tcpdump: listening on eth0
10:00:08.362365 0:4:27:fd:d9:6e 0:4:27:fd:d9:6e loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:00:18.352365 0:4:27:fd:d9:6e 0:4:27:fd:d9:6e loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:00:28.352365 0:4:27:fd:d9:6e 0:4:27:fd:d9:6e loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
-2147284269 packets received by filter
-1073744592 packets dropped by kernel
[root@www root]#
There are nothing special about this.
The "ifconfig" and the Card configuration.
The network card must be "configured". An Ethernet card will use the Ethernet Protocol, while a "Token Ring" Card will use its system. The UNIX program to configure the cards is "ifconfig".
All the setting procedure runs at any boot.
Note the "network" script in "/etc/rc.d/init.d".
[root@ftosx1 init.d]# grep ifconfig *
network:[ -x /sbin/ifconfig ] || exit 0
network:
if LC_ALL= LANG= ifconfig $i 2>/dev/null | grep -q " UP " >/dev/null 2>&1
; then
network:
echo `/sbin/ifconfig | grep ^[a-z] | awk '{print $1}'`
[root@ftosx1 init.d]#
The files that the system loads, or that includes the "eth" configuration are located in "/etc/sysconfig/network-scripts"
[root@ftosx1 network-scripts]# ls -al
total 163
drwxr-xr-x 2 root
root 1008 Mar 25 12:21
.
drwxr-xr-x 8 root
root 1048 Mar 25 12:21
..
-rw------- 3 root
root 355 Mar 25 12:21
ifcfg-eth0
-rwxr-xr-x 1 root
root 385 Mar 10 19:56
ifcfg-eth0.OLD
-rwxr-xr-x 1 root
root 330 Mar 10 19:57
ifcfg-irlan0
-rwxr-xr-x 1 root
root 330 Mar 10 19:56
ifcfg-irlan0.OLD
lrwxrwxrwx 1 root
root 22 Jan
9 14:07 ifcfg-lo -> ../networking/ifcfg-lo
lrwxrwxrwx 1 root
root 20 Jan
9 14:07 ifdown -> ../../../sbin/ifdown
-rwxr-xr-x 1 root
root 372 Jun 25
2001 ifdown-cipcb
-rwxr-xr-x 1 root
root 823 Sep
3 2001 ifdown-ippp
-rwxr-xr-x 1 root
root 4103 Jul 24
2001 ifdown-ipv6
lrwxrwxrwx 1 root
root 11 Jan
9 14:07 ifdown-isdn -> ifdown-ippp
-rwxr-xr-x 1 root
root 1168 Aug 29
2001 ifdown-post
-rwxr-xr-x 1 root
root 1065 Jun 22
2001 ifdown-ppp
-rwxr-xr-x 1 root
root 1920 Jul 24
2001 ifdown-sit
-rwxr-xr-x 1 root
root 937 Sep
8 1999 ifdown-sl
lrwxrwxrwx 1 root
root 18 Jan
9 14:07 ifup -> ../../../sbin/ifup
-rwxr-xr-x 1 root
root 13917 Jun 30 2001
ifup-aliases
-rwxr-xr-x 1 root
root 2351 Jun 25
2001 ifup-cipcb
-rwxr-xr-x 1 root
root 10893 Sep 3
2001 ifup-ippp
-rwxr-xr-x 1 root
root 7695 Jul 24
2001 ifup-ipv6
lrwxrwxrwx 1 root
root
9 Jan 9 14:07 ifup-isdn -> ifup-ippp
-rwxr-xr-x 1 root
root 724 Jul
7 1998 ifup-plip
-rwxr-xr-x 1 root
root 961 Jan 29
2001 ifup-plusb
-rwxr-xr-x 1 root
root 3005 Aug 9
2001 ifup-post
-rwxr-xr-x 1 root
root 3806 Aug 9
2001 ifup-ppp
-rwxr-xr-x 1 root
root 594 May 11
2001 ifup-routes
-rwxr-xr-x 1 root
root 2783 Jul 24
2001 ifup-sit
-rwxr-xr-x 1 root
root 1708 Jan 23
2001 ifup-sl
-rwxr-xr-x 1 root
root 2680 Jul 8
2001 ifup-wireless
-rwxr-xr-x 1 root
root 4752 Jul 24
2001 init.ipv6-global
-rw-r--r-- 1 root
root 4620 Aug 29
2001 network-functions
-rw-r--r-- 1 root
root 24055 Aug 28 2001
network-functions-ipv6
[root@ftosx1 network-scripts]#
Here is also listed in look-up: "lo". Probably is absurd, but on Linux
is not possible actually to print locally, or to use the graphically system
if the "lo" is not running. Of course, the "lo" does not need an Ethernet
or Network connection.
In this chapter we use different terms about the Network. We present here all these terms in a picture.
| Class | Range |
| A | 0.0.0.0 to 127.255.255.255 |
| B | 128.0.0.0 to 191.255.255.255 |
| C | 192.0.0.0 to 223.255.255.255 |
| D | 224.0.0.0 to 239.255.255.255 |
| E | 240.0.0.0 to 247.255.255.255 |
Remember that the range: 192.168.X.Y must be used for Internat Networks.
This choice is fundamental also to setup a firewall.
Now, that we know some details about the Networking internals and some introductive programs, the will enter in depth in the available services and how to configure. There are two major systems to configure a network, the "inetd.conf" system and the most modern and extended "xinetd.conf" system.
While the first was the pioneer system and is still used in the most important distro, as well as Mac OS X. The second is an innovative OpenSource effort, better from "inetd.conf" but a little more complex.
Both systems regards the network services. A network service is a mode to interact, transfer to connect two or more systems.
For example, the program to open a session from a system A, onto the system B, is the "telnet". Telnet stand for Network Teletype. Is also used the "rlogin" or remote login. The R-programs: "rlogin", "rcp", "rsh" and others are the so-called BSD Networks Utiltities.
Another program used in Network connections to transfer data is FTP. FTP stand for File Transfer Protocol, and had been studied specially to warrant transfer files.
The most easy mode to know all services is lisiting the "inetd.conf"
file, is present. We list here the file present in OpenLinux 2.4. RedHat
adopt this system from its first releases up to 7.0. Then, they choose
"xinetd.conf".
[root@world /root]# more /etc/inetd.conf
#
# inetd.conf This file describes the services
that will be available
#
through the INETD TCP/IP super server. To re-configure
#
the running INETD process, edit this file, then send the
#
INETD process a SIGHUP signal.
#
# Version: @(#)/etc/inetd.conf
3.10 05/27/93
#
# Authors: Original taken from
BSD UNIX 4.3/TAHOE.
#
Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org>
#
# Modified for Debian Linux by Ian A. Murdock <imurdock@shell.portal.com>
#
# Modified for RHS Linux by Marc Ewing <marc@redhat.com>
#
# Further modified by Olaf Kirch <okir@caldera.com> for Caldera
Open Linux
#
# <service_name> <sock_type> <proto> <flags> <user>
<server_path> <args>
#
# Echo, discard, daytime, and chargen are used primarily for
testing.
#
# To re-read this file after changes, just do a 'killall -HUP
inetd'
#
# Note: builtin UDP services now silently drop packets from
ports < 512.
#echo stream tcp nowait
root internal
#echo dgram udp
wait root internal
discard stream tcp nowait
root internal
discard dgram udp wait
root internal
daytime stream tcp nowait
root internal
daytime dgram udp wait
root internal
#chargen stream tcp nowait root
internal
#chargen dgram udp wait
root internal
time stream tcp
nowait root internal
time dgram udp
wait root internal
#
# These are standard services.
#
ftp stream tcp
nowait root /usr/sbin/tcpd in.ftpd -l -a
telnet stream tcp nowait
root /usr/sbin/tcpd in.telnetd
#
# Mail and news
#
# Do not uncomment either unless you *really* know what you
are doing.
# Both are started as standalone daemons from the /etc/rc.d
scripts.
#smtp stream tcp nowait
root /usr/bin/smtpd smtpd
#nntp stream tcp nowait
root /usr/sbin/tcpd in.nntpd
#
# Shell, login, exec and talk are BSD protocols.
#
shell stream tcp nowait
root /usr/sbin/tcpd in.rshd
login stream tcp nowait
root /usr/sbin/tcpd in.rlogind
exec stream tcp
nowait root /usr/sbin/tcpd in.rexecd
talk dgram udp
wait nobody.tty /usr/sbin/tcpd in.talkd
ntalk dgram udp
wait nobody.tty /usr/sbin/tcpd in.ntalkd
#dtalk stream tcp wait
nobody.tty /usr/sbin/tcpd in.dtalkd
#
# Pop and imap mail services et al
#
pop2 stream tcp
nowait root /usr/sbin/tcpd ipop2d
pop3 stream tcp
nowait root /usr/sbin/tcpd ipop3d
imap stream tcp
nowait root /usr/sbin/tcpd imapd
#
# The Internet UUCP service.
#
uucp stream tcp
nowait uucp /usr/sbin/tcpd /usr/sbin/uucico
-l
#
# Tftp service is provided primarily for booting. Most
sites
# run this only on machines acting as "boot servers." Do not
uncomment
# this unless you *need* it.
#
#tftp dgram udp
wait root /usr/sbin/tcpd in.tftpd
#bootps dgram udp wait
root /usr/sbin/tcpd bootpd
#
# This is for the finger service
#
finger stream tcp nowait
nobody /usr/sbin/tcpd in.fingerd -u
/var/run/.ppp_socket stream unix nowait
root /usr/sbin/ppp-envoy ppp-envoy -da
#
# Finger, systat and netstat give out user information which
may be
# valuable to potential "system crackers." Many sites
choose to disable
# some or all of these services to improve security.
#
#systat stream tcp nowait
nobody /usr/sbin/tcpd /bin/ps -auwwx
#netstat stream tcp nowait nobody
/usr/sbin/tcpd /bin/netstat --inet
#
# Authentication
#
auth stream tcp
nowait root /usr/sbin/in.identd in.identd
swat stream tcp
nowait.400 root /usr/sbin/tcpd swat
#
# End of inetd.conf
dtspc stream tcp nowait root /usr/dt/bin/dtspcd dtspcd
cmsd/2-5 dgram rpc/udp wait root /usr/dt/bin/rpc.cmsd rpc.cmsd
ttdbserver/1 stream rpc/tcp wait root /usr/dt/bin/rpc.ttdbserver
rpc.ttdbserver
To activate a network service we need to uncomment the services and relaunch the inetd service. While the "inet" service regards the network services (inetd.conf) the "network" service regards the hardware service.
Almost all network services was covered on the Base course. However some important advanced features will be introduced only in this chapter.
The word "xinetd.conf" stand for eXtended InterNET. Instead to be handled by a single file, like its predecessor "inetd.conf", it offer a new mode offering separate files for each service and a configuration file called: "xinetd.conf".
[root@www etc]# more xinetd.conf
#
# Simple configuration file for xinetd
#
# Some defaults, and include /etc/xinetd.d/
defaults
{
instances
= 60
log_type
= SYSLOG authpriv
log_on_success
= HOST PID
log_on_failure
= HOST
disable
= tftp
}
includedir /etc/xinetd.d
Please note:
[root@www etc]# cd xinetd.d
[root@www xinetd.d]# ls
amanda dbskkd-cdb
imaps pop3s
tftp
amandaidx echo
ipop2 rexec
time
amidxtape echo-udp
ipop3 rlogin
time-udp
chargen eklogin
klogin rsh
wu-ftpd
chargen-udp finger
krb5-telnet rsync
comsat ftp
kshell swat
daytime gssftp
linuxconf-web talk
daytime-udp imap
ntalk telnet
[root@www xinetd.d]#
"xinetd.conf" instead of inetd.conf, support features like:
| <service_name> <sock_type> <proto> <flags> <user> <server_path> <args> | service ftp
{ socket_type = stream protocol = tcp (not necessary if equal to service name) wait = no (here is yes/no instead of nowait/wait) user = root server = /usr/sbin/in.ftpd server_args = -l -a log_on_success += DURATION USERID log_on_failure += USERID nice = 10 disable = no (optional) } |
| ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a | [root@ftosx1 xinetd.d]# more wu-ftpd
# default: on # description: The wu-ftpd FTP server serves FTP connections. It uses \ # normal, unencrypted usernames and passwords for authentication. service ftp { socket_type = stream wait = no user = root server = /usr/sbin/in.ftpd server_args = -l -a log_on_success += DURATION USERID log_on_failure += USERID nice = 10 disable = no } [root@ftosx1 xinetd.d]# |
|
|
|
| tftp dgram udp wait root /usr/sbin/tcpd in.tftpd | service tftp
{ disable = yes socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /tftpboot } |
|
|
|
Note that the entries are really similar.
However, only xinetd.conf will have entries like this:
service ftp
{
socket_type
= stream
wait
= no
user
= root
server
= /usr/etc/in.ftpd
server_args
= -l
instances
= 4
log_on_success
+= DURATION USERID
log_on_failure +=
USERID
access_times
= 2:00-8:59 12:00-23:59
nice
= 10
}
or this:
service telnet
{
disable = no
flags
= REUSE
socket_type
= stream
wait
= no
user
= root
server
= /usr/sbin/in.telnetd
log_on_failure
+= USERID
only_from
= 192.168.1.93
}
While the ftp entry accept connections only in the time: 2:00-8:59 12:00-23:59, the telnet offers connection only from 192.168.1.93.
The last is very usefull specially for secure the connection
The entry: "disable = no", may activate or disable the entry.
The FTP service supports different and incredible options. We will start for the automatic download, possible using the ".netrc" file. In the Chapter S5. An Introduction to the Expect language includes similar features but requery a programming language.
Suppose you run frequently commands like the following:
[root@ftosx1 root]# ftp world
Connected to world.futuretg.com.
220 world.futuretg.com FTP server (Version wu-2.5.0(1) Mon Feb
21 16:21:03 MST 2000) ready.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (world:root):
331 Password required for root.
Password:
230 User root logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> mget /etc/passwd
mget /etc/passwd? y
227 Entering Passive Mode (192,168,1,60,139,237)
150 Opening BINARY mode data connection for /etc/passwd (1027
bytes).
226 Transfer complete.
1027 bytes received in 0.00037 seconds (2.7e+03 Kbytes/s)
ftp> 221-You have transferred 1027 bytes in 1 files.
221-Total traffic for this session was 1729 bytes in 2 transfers.
221-Thank you for using the FTP service on world.futuretg.com.
221 Goodbye.
[root@ftosx1 root]#
Now, the ".netrc" file allow to make these commands in a more and easy mode automatically.
The ".netrc" file haves a specific semantic.
For example the first line will be:
[root@ftosx1 root]# more .netrc
machine world login root password IsMyProblem
The other lines will be:
macdef init
cd /etc
mget passwd
quit
However, is necessary to remove the prompt to get an automatic procedure.
[root@ftosx1 root]# ftp world
Connected to world.futuretg.com.
220 world.futuretg.com FTP server (Version wu-2.5.0(1) Mon Feb
21 16:21:03 MST 2000) ready.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
331 Password required for root.
230 User root logged in.
cd /etc
250 CWD command successful.
mget passwd
mget passwd? y
227 Entering Passive Mode (192,168,1,60,126,241)
150 Opening ASCII mode data connection for passwd (1027 bytes).
226 Transfer complete.
1053 bytes received in 0.0024 seconds (4.4e+02 Kbytes/s)
quit
221-You have transferred 1053 bytes in 1 files.
221-Total traffic for this session was 1722 bytes in 2 transfers.
221-Thank you for using the FTP service on world.futuretg.com.
221 Goodbye.
[root@ftosx1 root]#
Therefore, we need to add the word "prompt" for an automatic procedure
We remove the last passwd file.
[root@ftosx1 root]# rm passwd
rm: remove `passwd'? y
... and now we run:
[root@ftosx1 root]# ftp world
Connected to world.futuretg.com.
220 world.futuretg.com FTP server (Version wu-2.5.0(1) Mon Feb
21 16:21:03 MST 2000) ready.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
331 Password required for root.
230 User root logged in.
prompt
Interactive mode off.
cd /etc
250 CWD command successful.
mget passwd
local: passwd remote: passwd
227 Entering Passive Mode (192,168,1,60,4,126)
150 Opening ASCII mode data connection for passwd (1027 bytes).
226 Transfer complete.
1053 bytes received in 0.0024 seconds (4.3e+02 Kbytes/s)
quit
221-You have transferred 1053 bytes in 1 files.
221-Total traffic for this session was 1719 bytes in 2 transfers.
221-Thank you for using the FTP service on world.futuretg.com.
221 Goodbye.
Completely automatic!
[root@ftosx1 root]# ls -al passwd
-rw-r--r-- 1 root
root 1027 Mar 28 16:48
passwd
[root@ftosx1 root]#
Note that the file must be readeable only by the owner.
[root@ftosx1 root]# ls -al .netrc
-rw------- 1 root
root 84 Mar
28 16:44 .netrc
[root@ftosx1 root]#
If we change the permissions we will get that the procedure stops.
[root@ftosx1 root]# chmod 666 .netrc
[root@ftosx1 root]# ftp world
Connected to world.futuretg.com.
220 world.futuretg.com FTP server (Version wu-2.5.0(1) Mon Feb
21 16:21:03 MST 2000) ready.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Error - .netrc file not correct mode.
Remove password or correct mode.
ftp>
This is an internal procedure created by the FTP to avoid that other un-authorized persons read the file and get the password.
Therefore the procedure will works only if the file is readable by the owner. Of course, may happens that the file includes the right password, don't work by FTP and other get the word.
Also, we note that only for the machines listed in the file, the automatic procedure starts. For example, if we list "
[root@ftosx1 root]# chmod 600 .netrc
[root@ftosx1 root]# ftp thunder
Connected to thunder.futuretg.com.
220 thunder.futuretg.com FTP server (Version wu-2.4.2-academ[BETA-17](1)
Wed Aug 19 02:55:52 MST 1998) ready.
500 'AUTH GSSAPI': command not understood.
500 'AUTH KERBEROS_V4': command not understood.
KERBEROS_V4 rejected as an authentication type
Name (thunder:root):
Of course is also possible to open automatic procedures to download all the files from the FTP WebServers.
Another important characteristic to explain are the tcp_wrapper library used in Networking security.
For example, FTP and also telnet uses
The following files must includes the following entries:
[root@www root]# more /etc/hosts.allow
#
# hosts.allow This file describes the names of the
hosts which are
#
allowed to use the local INET services, as decided
#
by the '/usr/sbin/tcpd' server.
#
ALL in.telnetd, in.ftpd, www: \
192.168., \
ALLOW
[root@www root]# more /etc/hosts.deny
#
# hosts.deny This file describes the names
of the hosts which are
#
*not* allowed to use the local INET services, as decided
#
by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you
that
# the new secure portmap uses hosts.deny and hosts.allow.
In particular
# you should know that NFS uses portmap!
swat:ALL EXCEPT 127.0.0.1
[root@www root]#
This is fundamental to accept local entries.
Of course the sense of the wrapper library is to protect the local or external network.
We can monitor when a remote "badboy" may email or try to FTP us.
#cat hosts.allow
ALL: bad.boys.bigu.edu: echo "%d from %c" | mail root
#
B. In another approach, each attempt results in a reverse **finger**.
# cat hosts.allow
ALL: bad.boys.bigu.edu: finger @%h | /usr/ucb/Mail -s "%d from
%c" root
In this mode we can receive an email when this "bad ... body" try to ftp us.
The previous was a non-attach mode just a monitor. If you want to protect your system you need to use another approach:
[root@www etc]# more hosts.deny
#
# hosts.deny This file describes the names
of the hosts which are
#
*not* allowed to use the local INET services, as decided
#
by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you
that
# the new secure portmap uses hosts.deny and hosts.allow.
In particular
# you should know that NFS uses portmap!
swat:ALL EXCEPT 127.0.0.1
ALL EXPECT in.tftpd: bad.boys.bigu.edu: echo "%d from %c" |
mail root
ALL EXPECT in.tftpd: 24.102.180.254: echo "%d from %c" | mail
root
[root@www etc]#
FTP, specially for a Webserver present real incredible features. For example, is possible to allow access or deny access, is possible to fix a maximum time for access, is possible to fix a maximum file to download, etc.
The first file to check for this setup is the "/etc/ftpusers"
After the installation this file contains the users: "root" and "ftp". The file works in the reciprocal sense; listed users are denied to access ftp services
Therefore, if you want to activate the "root" service you need to remove the "root" and "ftp" services from the file.
# The ftpusers file is deprecated. Use deny-uid/deny-gid in ftpaccess.
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
ftp
The "ftp" user is the user for anonymous.
For example, if we have the following entry, in the "/etc/passwd" file:
[root@ftosx1 root]# more /etc/passwd | grep ftp
ftp:x:14:50:FTP User:/mnt:
[root@ftosx1 root]#
The directory where you will log after the anonymous logon will be "/mnt".
Note, the listing as "root":
[root@ftosx1 root]# cd /mnt
[root@ftosx1 mnt]# ls -al
total 6
drwxr-xr-x 10 root root
240 Mar 15 20:42 .
drwxr-xr-x 21 root root
584 Mar 29 09:51 ..
drwxr-xr-x 2 root
root 48 Jan
16 15:59 cdrom
drwxr-xr-x 2 root
root 48 Jan
16 15:59 floppy
drwxr-xr-x 2 root
root 48 Jan
16 16:00 redhat
drwxr-xr-x 19 root root
736 Aug 26 2001 redhat2
drwxr-xr-x 2 root
root 48 Mar
15 20:42 redhat62
drwxr-xr-x 2 root
root 48 Mar
10 19:59 redhat7
drwxr-xr-x 2 root
root 48 Mar
11 01:10 update
drwxr-xr-x 2 root
root 48 Jan
16 16:01 win2000
[root@ftosx1 mnt]#
Now, note the listing as "anonymous"
[root@ftosx1 mnt]# ftp localhost
Connected to localhost.localdomain.
220 ftosx1.futuretg.com FTP server (Version wu-2.6.1-18) ready.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (127,0,0,1,121,232)
150 Opening ASCII mode data connection for directory listing.
total 9
drwxr-xr-x 2 root root
48 Jan 16 14:59 cdrom
drwxr-xr-x 2 root root
48 Jan 16 14:59 floppy
drwxr-xr-x 2 root root
48 Jan 16 15:00 redhat
drwxr-xr-x 19 root root
736 Aug 26 2001 redhat2
drwxr-xr-x 2 root root
48 Mar 15 19:42 redhat62
drwxr-xr-x 2 root root
48 Mar 10 18:59 redhat7
drwxr-xr-x 2 root root
48 Mar 11 00:10 update
drwxr-xr-x 2 root root
48 Jan 16 15:01 win2000
226 Transfer complete.
ftp>
The second important file for these services is "/etc/ftpaccess".
This file support, activate and handle almost all the ftp features:
[root@ftosx1 mnt]# ftp localhost
Connected to localhost.localdomain.
220 ftosx1.futuretg.com FTP server (Version wu-2.6.1-18) ready.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230-
230-
Welcome to the Future Technologies FTP site!
230-
ftp.futuretg.com (now is 80.204.186.109)
230-
230- This is the actual Website for:
230-
230-
FutureTG.com
230-
FTOSX
230-
LinuxUtilities.org
230-
230- Future Technologies
230-
The TOTAL Linux company!
230-
230-This site is provided as a public service by Future Technologies,
Inc.
230-This server is located in Pordenone, Italy; use in violation
of any applicable
230-laws strictly prohibited.
230-
230-We plan to open a mirror in Santa Monica - CA USA and in
NY - in 2002.
230-
230-For comments on this site, please contact <webmaster@futuretg.com>.
230-=========================================================================
230- ** All file transfers are logged. If you object to
this, logout now. **
230-=========================================================================
230-
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
In UNIX days a similar "Message of the day" introduce these features. Slackware Linux support it, including the "uname" output. Actually this file is empty.
[root@ftosx1 root]# more /etc/motd
[root@ftosx1 root]#
This file is included in the setup package.
[root@ftosx1 root]# rpm -qf /etc/motd
setup-2.5.7-1
[root@ftosx1 root]#
Now, we will introduce and explain how to setup these features, and will finish this section introducting a front-end for wu-ftp.
The WU-FTP, stand for Washington University FTP Daemon Service., and is the actual standard adopted worldwide in UNIX Distro for FTP anonymous services.
We includes here some example files:
[root@ftosx1 FTPACCESS.CONFIGURATIONS]# pwd
/root/FTLinuxCourse_Complete-2002/FTContribs/Files/FTPACCESS.CONFIGURATIONS
[root@ftosx1 FTPACCESS.CONFIGURATIONS]#
Basically the concetp is to work with classes:
We can define a single class:
class all real,guest,anonymous *
or two classes:
class local real,guest,anonymous
*.domain 0.0.0.0
class remote real,guest,anonymous
*
To filter the access and limit the access we can apply the following restrictions:
limit local 20 Any
/etc/msg.toomany
limit remote 100 SaSu|Any1800-0600
/etc/msg.toomany
limit remote 60 Any
/etc/msg.toomany
limit-time {*|anonymous} 30
Is available a KDE program to personalize these entries. It is called
kwuftpd. It may write your personal "/etc/ftpaccess" or another.
 |
 |
| Main screen | Loggin screen at kwuftpd. |
However, I advice to apply the changes whitout to use this program.
Other services like: telnet, rcp and finger may be consulted on the BASE Course.
Printing services between UNIX systems
BSD was an Operating system. Now, from all the BSD software become popular the Network services and the Printing services. Linux adopt these services; in the same mode Linux adopt SysV services.
For example, the file that regards the printing service is the "/etc/printcap", while the name of the daemon is "lpd".
[root@world /root]# more /etc/printcap
# /etc/printcap
#
# Please don't edit this file directly unless you know what
you are doing!
# Be warned that COAS requires a very strict format!
# Other applications (like WordPerfect) cannot cope with LPRng-extensions
# to the syntax (those are best hidden in a 'lpd-printcap')
#
# The preferred method to modify this file is COAS.
##PRINTTOOL## REMOTE
laser:\
:sd=/var/spool/lpd/lp:\
:mx#0:\
:rm=192.168.1.61:\
:rp=ps:
##PRINTTOOL## LOCAL cdjcolor 300x300 a4 {}
ps:\
:sd=/var/spool/lpd/ps:\
:mx#0:\
:lp=/dev/lp0:\
:if=/var/spool/lpd/ps/filter:\
:sh:
##PRINTTOOL## LOCAL
lp:\
:sd=/var/spool/lpd/lp:\
:mx#0:\
:lp=/dev/lp0:\
:sh:
[root@world /root]#
Generally, Linux supports two types of printer (with filters and without filter). We resume here quicly these entries:
NFS Services between UNIX systems
Sun Microsystem invent (or release) a simple mode to mount Remote UNIX Filesystems. The RFC that regards the NFS service is: RFC 1014.txt
The concept is very simple. It's based on a file "/etc/exports" that includes the local directories available to the public, for the internal or remote networks and the NFSD (NFS Daemon).
Basically may be understood from the Client/Server network concepts, a system that exports and the "other" systems that import. However, NFS shares Filesystem, and therefore is the distributed the "right" concept to be used.
NFS is available in any Linux distro and from its first versions. I
remember very well when SCO Inc, charge TCP/IP on any machine and NFS like
an additional product. Each one for about US$ 450-700.
[root@ftosx1 root]# telnet earth
Trying 192.168.1.64...
Connected to earth.futuretg.com (192.168.1.64).
Escape character is '^]'.
Caldera OpenLinux(TM)
Base
Version 1.2
Copyright 1996-1998 Caldera, Inc.
login: root
Password:
You have new mail in /var/spool/mail/root
You have new mail.
[root@earth /root]# more /etc/exports
/cdrom
*.futuretg.com(ro)
/var/spool/fax *.futuretg.com(rw)
/
*.futuretg.com(rw)
[root@earth /root]#
The last file may be readed as follows:
The directory:
/cdrom may be mounted using NFS services from "any" system at futuretg.com. The "ro" means that the directory may be mounted only in Read-Only mode.
The same is valid for the directories:
/var/spool/fax
/
But in read-write mode: (rw).
Now to mount these remote (but internal) systems we must activate the local NFS services.
[root@ftosx1 root]# /etc/rc.d/init.d/nfs start
Starting NFS services:
[ OK ]
Starting NFS quotas:
[ OK ]
Starting NFS mountd:
[ OK ]
Starting NFS daemon:
[ OK ]
[root@ftosx1 root]#
Now, to mount the remote filesystem we run the command:
[root@ftosx1 root]# mount earth:/var/spool/fax /mnt
[root@ftosx1 root]#
Now, we check locally on ftosx1.
[root@ftosx1 root]# cd !$
cd /mnt
[root@ftosx1 mnt]# ls
0107101611.001 0330211711.003 0426064836.002
0522222844.001 0613114901.001 0623000007.004
0107101611.002 0330211711.004 0428054216.001 0522222844.002
0613114901.002 0623000007.005
0107190531.001 0331064611.001 0428054216.002
0522222844.003 0613114901.003 0623000007.006
0107190531.002 0331102752.001 0503064534.001
0523063615.001 0614092947.001 0623000007.007
0107190531.003 0331102752.002 0503081452.001
0523171436.001 0614092947.002 0623000007.008
0107190531.004 0331102752.003 0503081452.002
0523171436.002 0614092947.003 0623000007.009
0107190531.005 0331144043.001 0504100141.001
0523175955.001 0614115256.001 0623000007.010
0107190531.006 0331144043.002 0505014241.001
0523175955.002 0614115256.002 0623000007.011
0107190531.007 0331144043.003 0505020929.001
0523180450.001 0614115256.003 0623000007.012
0111140214.001 0331144043.004 0505122126.001
0523180450.002 0614115256.004 0623000007.013
0111140214.002 0331161711.001 0505122126.002
0523180450.003 0614121317.001 0720175141.001
0111202732.001 0331194422.001 0505122126.003
0524171012.001 0614121317.002 0720200638.001
0111202732.002 0403150717.001 0505122126.004
0524171012.002 0614143654.001 0720200638.002
0111202732.003 0403160555.001 0505122126.005
0525124953.001 0614172644.001 0722020633.001
0111202732.004 0403232638.001 0505122126.006
0526000438.001 0614172644.002 0723112218.001
0111202732.005 0403232638.002 0505122126.007
0526035947.001 0614172644.003 0723222520.001
0111202732.006 0404190957.001 0505122126.008
0530010402.001 0614172644.004 0724013951.001
0111202732.007 0405055148.001 0508100221.001
0530155427.001 0614182448.001 0725094907.001
0112155126.001 0405055148.002 0508100221.002
0530155427.002 0614182448.002 0725102238.001
0112155126.002 0405055148.003 0509125827.001
0531002756.001 0614182448.003 0725102238.002
0113085507.001 0405104028.001 0509125827.002
0531002756.002 0614182448.004 0725133943.001
0113085507.002 0405193630.001 0509125827.003
0531002756.003 0614182448.005 0725133943.002
0113085507.003 0405193630.002 0509172315.001
0531002756.004 0614182448.006 0728005622.001
0116174714.001 0405193630.003 0509172315.002
0531002756.005 0614182448.007 0728005622.002
0116174714.002 0406125646.001 0509172315.003
0531002756.006 0614182448.008 0728005622.003
0116174714.003 0406125646.002 0509172315.004
0531002756.007 0614182448.009 0728005622.004
0128223323.001 0406162304.001 0509172315.005
0531002756.008 0614182448.010 0728005622.005
0131180931.001 0407033754.001 0509172315.006
0531062004.001 0614182448.011 0729031432.001
0131180931.002 0407100624.001 0510082531.001
0531092856.001 0614182448.012 0730151525.001
0205011004.001 0407184811.001 0510110346.001
0531092856.002 0614182448.013 0731120439.001
0205011004.002 0407184811.002 0510110759.001
0531224804.001 0614182448.014 0807030059.001
0207150105.001 0410184241.001 0510111359.001
0601075640.001 0615130318.001 0807180641.001
0211135451.001 0411090705.001 0510134731.001
0601075640.002 0615130318.002 0807181001.001
0211135451.002 0411090705.002 0510155430.001
0601075640.003 0615130318.003 0807181001.002
0221212124.001 0411153337.001 0511095004.001
0601075640.004 0616101833.001 0807181001.003
0222094341.001 0412021611.001 0511095004.002
0601161912.001 0616133151.001 0809030027.001
0225125728.001 0412021611.002 0511095507.001
0601175415.001 0616133151.002 0809042455.001
0225125728.002 0412182702.001 0511173939.001
0602093928.001 0616133151.003 0809042455.002
0225125925.001 0412182702.002 0511193433.001
0602093928.002 0616133151.004 0809225942.001
0225125925.002 0414154219.001 0511211343.001
0602093928.003 0616140746.001 1130030840.001
0225125925.003 0414154649.001 0512073037.001
0602093928.004 0616144128.001 1201173243.001
0226105108.001 0414154649.002 0512073037.002
0602093928.005 0616182140.001 1214204750.001
0226152727.001 0414155149.001 0512073037.003
0605213634.001 0619163515.001 1214204750.002
0226152727.002 0417121327.001 0512073037.004
0606001932.001 0620161630.001 1217101740.001
0227154631.001 0417124408.001 0512123640.001
0606114348.001 0620163825.001 1218085510.001
0227154631.002 0417143721.001 0512123640.002
0606164104.001 0621112035.001 1218180329.001
0228173854.001 0417182143.001 0512153300.001
0607033821.001 0621162116.001 1219100558.001
0304115304.001 0417183051.001 0512153406.001
0607124535.001 0622094807.001 1219110946.001
0304191634.001 0417225556.001 0512153406.002
0607152906.001 0622094807.002 1219110946.002
0304200132.001 0417225556.002 0515234853.001
0608090840.001 0622094807.003 1227182426.001
0305102905.001 0418111744.001 0515234853.002
0608090840.002 0622094807.004 1227202448.001
0305102905.002 0418132206.001 0516092006.001
0608174331.001 0622094807.005 1227202448.002
0306182924.001 0418180152.001 0517151142.001
0608174331.002 0622094807.006 1228162254.001
0308172642.001 0419025513.001 0517151142.002
0608174331.003 0622094807.007 1228162254.002
0308172642.002 0419025702.001 0517151142.003
0608174331.004 0622094807.008 1228162254.003
0313134440.001 0419025702.002 0517151142.004
0608185349.001 0622094807.009 1228162254.004
0313134440.002 0419025702.003 0517151142.005
0608185349.002 0622094807.010 1228162254.005
0313134440.003 0419025702.004 0517173307.001
0608190007.001 0622094807.011 1228162254.006
0313134440.004 0419025702.005 0517180636.001
0608190426.001 0622094807.012 1228162254.007
0313180619.001 0419110246.001 0517180636.002
0608211351.001 0622094807.013 1228162254.008
0313180619.002 0419124015.001 0517183101.001
0608211351.002 0622094807.014 1228162254.009
0326110133.001 0419174418.001 0517210240.001
0608212006.001 0622094807.015 1228162254.010
0327174135.001 0419174418.002 0517233028.001
0608212006.002 0622094807.016 1228162254.011
0328020800.001 0419174418.003 0518162835.001
0609100655.001 0622094807.017 1228162254.012
0328133818.001 0419174418.004 0518162835.002
0609102132.001 0622094807.018 1228162254.013
0328182817.001 0419174418.005 0518191817.001
0609102132.002 0622094807.019 cua1.1049
0328222243.001 0419174418.006 0518191817.002
0609102132.003 0622094807.020 cua1.log
0330192742.001 0419174418.007 0519143508.001
0609113227.001 0622094807.021 incoming
0330192742.002 0419174418.008 0519143508.002
0609113227.002 0622094807.022 letter.001
0330192742.003 0419174418.009 0519143508.003
0610000954.001 0622094807.023 letter.002
0330192742.004 0419174418.010 0519153129.001
0610000954.002 0622094807.024 outgoing
0330192742.005 0419174418.011 0519160837.001
0610000954.003 0622094807.025 piva.001
0330204950.001 0421213517.001 0522211552.001
0612154207.001 0622101753.001
0330204950.002 0423010706.001 0522211552.002
0612154207.002 0623000007.001
0330211711.001 0423010837.001 0522211552.003
0612191901.001 0623000007.002
0330211711.002 0426064836.001 0522211552.004
0612191901.002 0623000007.003
[root@ftosx1 mnt]#
The mount command mounts the remote directory earth:/var/spool/fax on the local directory on the "ftosx" system in the directory: "/mnt".
We can print the info locally:
[root@ftosx1 mnt]# mount
/dev/hda8 on / type reiserfs (rw)
none on /proc type proc (rw)
usbdevfs on /proc/bus/usb type usbdevfs (rw)
none on /dev/pts type devpts (rw,gid=5,mode=620)
none on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
/dev/hda5 on /mnt/redhat2 type reiserfs (rw)
earth:/var/spool/fax on /mnt type nfs
(rw,addr=192.168.1.64)
[root@ftosx1 mnt]#
Because the earth system exports also the "/" main directory, we can also mount the entire system; in other words we can mount the entire system, including all the mounted directories in the remote system.
We will unmount the "fax" directory before to mount the entire system.
[root@ftosx1 root]# umount /mnt
[root@ftosx1 root]# mkdir /mnt/earth
And now, we mount it.
[root@ftosx1 root]# mount earth:/ /mnt/earth
Of course, the NFS daemons must run on both systems. The system that exports and the system that import.
Because the remote system mounts the earth's "/" as a read-write directory, we can copy locally files between the mounted filesystem.
In other words, we can remove files, copy from or copy into the "/mnt/earth". Doing these operations we are working on the remote system.
[root@ftosx1 root]# mount earth:/ /mnt/earth
[root@ftosx1 root]# cd !$
cd /mnt/earth
[root@ftosx1 earth]# ls
auto bin boot dev etc home
initrd install lib lost+found mnt opt
proc root sbin tmp usr var vmlinuz
[root@ftosx1 earth]# cd root/
[root@ftosx1 root]# ls
CalderaGroups.txt mbox Sito.ps xinitrc
[root@ftosx1 root]#
Some operations are supported and others are not supported depending on "directory" permissions.
[root@ftosx1 root]# rm Sito.ps
rm: remove `Sito.ps'? y
rm: cannot unlink `Sito.ps': Permission denied
[root@ftosx1 root]#
A copy on the the remote "tmp" is permitted.
[root@ftosx1 root]# cp /etc/passwd ../tmp
[root@ftosx1 root]# ls -al !$
ls -al ../tmp
total 193
drwxrwxrwt 5 root
root 1024 Mar 30
2002 .
drwxr-xr-x 19 root root
1024 Jul 23 2001 ..
-rw-r--r-- 1 root
root 54715 Oct 28 1999
checkpc.log
-rw------- 1 root
root 30748 Nov 30 1999
fvwmrca00606
-rw------- 1 root
root 30748 Nov 30 1999
fvwmrca00976
-rw------- 1 root
root 30748 Dec 14 19:41 fvwmrca02206
-rw------- 1 root
root 30748 Aug 23 1999
fvwmrca03536
drwxr-xr-x 2 root
root 1024 Nov 30
1999 LST
-rw-r--r-- 1 root
root 79 Aug
3 1999 modules.handled
-rw-r--r-- 1 nobody nfsnobod
1022 Mar 30 2002 passwd
-rw-r--r-- 1 root
root
4 Aug 3 1999 val
-rw-r--r-- 1 root
root 32 Aug
3 1999 .version
-r--r--r-- 1 root
root 11 Dec
22 13:14 .X0-lock
drwxr-xr-x 2 root
root 1024 Dec 22 13:14
.X11-unix
drwx------ 3 root
root 1024 Aug 23
1999 .XF86Setup3502
[root@ftosx1 root]#
Note the UID and GUI. It is "nobody" and "nfsnobody". This is the reason because some operations are not permitted.
[root@ftosx1 root]# mount earth:/ /mnt/earth -o nolock
[root@ftosx1 root]# rm /mnt/earth/root/Sito.ps
rm: remove `/mnt/earth/root/Sito.ps'? y
rm: cannot unlink `/mnt/earth/root/Sito.ps': Permission denied
[root@ftosx1 root]# rm /mnt/earth/tmp/passwd
rm: remove `/mnt/earth/tmp/passwd'? y
[root@ftosx1 root]#
There are three special modes to mount NFS filesystems:
hard The program
accessing a file on a NFS mounted file system will hang when the server
crashes. The process can
not be interrupted or killed unless you also specify
intr. When the NFS server is back online the program
will continue undisturbed from where it was. This is probably what you
want.
soft This option
allows the kernel to time out if the nfs server is not responding for some
time. The time can be
specified with timeo=time. This option might be useful if your
nfs server sometimes doesn't respond or will
be rebooted while some process tries to get a file from the server.
Usually it just causes lots of trouble.
nolock Do not use locking. Do not start lockd.
Read the answers
to the exercises.
Check the Interactive Exam Cram Networking: 
Internet Resources for this Chapter.