cOMPtia%20Linux %20Certification

1
cOMPtia Linux Certification

• Week 12
• Network Configuration

2
Objectives

• Describe the purpose and types of networks,
  protocols, and media access methods
• Explain the basic configuration of TCP/IP
• Configure a Network interface to use TCP/IP
• Configure a modem, ISDN, and DSL interface

3
Objectives (continued)

• Describe the purpose of host names and how they
  are resolved to IP addresses
• Configure TCP/IP routing
• Identify common network services
• Use command-line and graphical utilities to
  perform remote administration

4
Networks

• Network two or more computers joined via media
  and able to exchange information
• Local area networks (LANs) connect computers
  within close proximity
• e.g., used to allow connection to shared
  resources
• Wide area networks (WANs) connect computers
  separated by large distances
• e.g., used to connect to Internet Service
  Provider
• Internet service provider (ISP) company
  providing Internet access

5
Networks (continued)

• Routers computers capable of transferring
  information between networks
• Protocol set of rules for communication between
  networked computers
• Packets packages of data formatted by a network
  protocol
• Packets can be recognized by routers and other
  network devices

6
Networks (continued)

• Linux network protocols
• TCP/IP (Transfer Control Protocol/Internet
  Protocol)
• UDP/IP (User Datagram Protocol/Internet Protocol)
• IPX/SPX (Internetwork Packet Exchange/Sequence
  Packet Exchange)
• AppleTalk
• DLC (Data Link Control)
• DECnet (Digital Equipment Corporation network)

7
Networks (continued)

• Media access method defines how networked
  computers share access to the physical medium
• Contained within the hardware on NIC or modem
• Ethernet most common network media access method
• Ensures that packets are retransmitted onto the
  network if a network error occurs
• Token ring popular media access method
• Controls which computer has the ability to
  transmit information

8
The TCP/IP Protocol

• Set of protocols with two core components
• TCP ensures that packets are assembled in the
  correct order, regardless of arrival order
• IP responsible for labeling each packet with
  destination address
• Together, TCP and IP ensure that information
  packets travel across the network as quickly as
  possible without getting lost

9
IPv4 Addresses

• IP address unique number that identifies a
  networked computer
• Octet series of four 8-bit numbers
• Common format of IPv4 addresses
• Unicast directed TCP/IP communication from one
  computer to another single computer

10
IPv4 Addresses (continued)

• IPv4 addresses composed of two parts
• Network ID network on which a computer is
  located
• Host ID single computer on that network
• Two computers with different network IDs can have
  the same host ID
• Only computers with same network ID can
  communicate without a router

11
Subnet Masks

• Define which part of IP address is the network ID
  and which part is the host ID
• Series of four octets
• Octet in subnet mask containing 255 is part of
  network ID
• Octet in subnet mask containing 0 is part of host
  ID
• ANDing calculate network and host IDs from an IP
  address and subnet mask
• Compare binary bits

12
Subnet Masks (continued)
Figure 12-1 A sample IP address and subnet mask
13
Subnet Masks (continued)

• 0.0.0.0 all networks
• 255.255.255.255 all computers on all networks
• 255 in an IP address can specify many hosts
• Broadcast addresses

14
Default Gateway

• IP address of network interface on a router, to
  which you send packets
• Routers can distinguish between different
  networks
• Move packets between them
• Have assigned IP addresses on each attached
  network

15
IPv4 Classes and Subnetting

• IP address class defines default subnet mask of
  associated device
• All IP address classes can be identified by first
  octet
• Class A 8 bits for network ID, 24 bits for host
  ID
• Assigned to very large companies
• Class B 16 bits for network ID, 16 bits for host
  ID
• Assigned to larger organizations with several
  thousand users
• Class C 24 bits for network ID, 16 bits for host
  ID
• Used for small and home networks

16
IPv4 Classes and Subnetting

• Multicast TCP/IP communication destined for a
  certain group of computers
• Class D addresses
• Subnetting divide a large network into smaller
  networks
• Control traffic flow
• Take bits from host ID give to network ID

17
IPv4 Classes and Subnetting (continued)
Table 12-1 IP address classes
18
The IPv6 Protocol

• Number of IP addresses using IPv4 is unsuitable
  for Internet growth
• IPv6 protocol uses 128 bits to identify
  computers
• Addresses written using eight 16-bit hexadecimal
  numbers
• IPv6 address contains two portions
• First half assigned by ISP and identifies network
• Last half is link local portion used to uniquely
  identify computers in a LAN

19
The IPv6 Protocol (continued)

• Few networks have adopted IPv6
• Proxy servers and NAT routers computers or
  hardware devices that have an IP address and
  access to a network
• Used by other computers to obtain network
  resources on their behalf
• Allows computers behind different NAT routers or
  proxy servers to have the same IPv4 address

20
Configuring a Network Interface

• If NIC detected during installation, Fedora Linux
  automatically configures appropriate driver
• insmod and modprobe commands used to load kernel
  objects into the Linux kernel
• Can be used to load NIC drivers
• lsmod command displays a list of currently
  loaded modules
• rmmod command removes module from kernel
• Most modules loaded from dist.conf file in the
  /etc/modprobe.d directory

21
Configuring a Network Interface (continued)

• ifconfig command assign TCP/IP configuration to
  a NIC
• Also used without any arguments to view
  configuration of all network interfaces in
  computer
• dhclient command receive TCP/IP configuration
  from DHCP or Boot Protocol (BOOTP) server
• Automatic private IP addressing (APIPA)
  automatic assignment of IP address in the absence
  of BHCP and BOOTP

22
Configuring a Network Interface (continued)

• /etc/sysconfig/network-scripts/ifcfg-interface
  file Stores NIC configurations
• Allows the system to activate and configure
  TCP/IP information at each boot time
• ifdown command unconfigures a NIC
• ifup command configures NIC using
  /etc/sysconfig/network-scripts/ifcfg-interface
  file
• ping (Packet Internet Groper) command Check
  TCP/IP connectivity on a network
• -c option limit the number of ping packets sent

23
Configuring a Network Interface (continued)
Figure 12-2 Configuring network interfaces
24
Configuring a Network Interface (continued)
Figure 12-3 Configuring TCP/IP information for a
network interface
25
Configuring a Network Interface (continued)

• Mobile commuters typically connect to many
  different NICs, both wired and wireless
• Network Manager daemon allows users to quickly
  connect to wired and wireless networks from
  desktop environments

26
Configuring a PPP Interface

• Run TCP/IP over serial lines using a WAN protocol
• Three common Point-to-Point Protocol (PPP)
  connection technologies
• Modems
• ISDN
• DSL

27
Configuring a PPP Interface (continued)

• Modems send TCP/IP information across normal
  telephone lines
• Considered slow
• Transmit information on a serial port
• ISDN set of standards designed to transmit data
  over copper telephone lines
• DSL connects to Ethernet NIC and transmits data
  across normal telephone lines

28
Configuring a PPP Interface (continued)

• Normally configured manually after Linux
  installation is complete
• Requires
• Support for PPP compiled into kernel
• PPP daemon
• Supporting utilities such as chat program
• Can use graphical programs to configure files and
  utilities to allow PPP communication

29
Configuring a PPP Interface (continued)
Figure 12-5 Adding a network interface
30
Configuring a PPP Interface (continued)

• Information about PPP devices stored in files
  named ifcfg-InternetServiceProviderName
• Located in /etc/sysconfig/network-scripts
  directory
• Other configurations used by PPP daemon stored in
  /etc/ppp and /etc/isdn directories
• Incorrect passwords are the most common problem
  with PPP connections
• Need to activate PPP device after configuration

31
Name Resolution

• Hostnames user-friendly computer name
• Fully qualified domain name (FQDN) hostname
  following DNS convention
• DNS hierarchical namespace for host names
• whois command used to obtain registration
  information about a domain within a name space
• hostname command view or set a computers host
  name

32
Name Resolution (continued)
Figure 12-6 The domain name space
33
Name Resolution (continued)

• TCP/IP cannot identify computers via hostnames
• Must map hostnames to IP addresses
• Can be done by placing entries in the /etc/hosts
  file
• ISPs list FQDNs in DNS servers on Internet
• Applications request IP addresses associated with
  a specific FQDN
• Configure by specifying the IP address of the DNS
  server in /etc/resolv.conf file

34
Routing

• Route table list of TCP/IP networks stored in
  system memory
• route command displays the route table
• Multihomed hosts computers with multiple network
  interfaces
• IP forwarding forwarding packets from one
  interface to another
• Also known as routing

35
Routing (continued)

• Enabling routing
• Place number 1 in
• /proc/sys/net/ipv4/ip_forward for IPv4
• /proc/sys/net/ipv6/conf/all/forwarding for IPv6
• To enable routing at every boot
• Edit the /etc/sysctl.conf file to include
• net.ipv4.ip_forward 1 for IPv4
• net.ipv6.conf.default.forwarding 1 for IPv6

36
Routing (continued)

• Large networks may have several routers
• Packet may travel through several routers
• May require adding entries in the router table
• route add ltroutegt command add entries to route
  table
• route del ltroutegt command remove entries from
  route table
• ip command can be used to manipulate the route
  table

37
Routing (continued)
Figure 12-7 A sample routed network
38
Routing (continued)

• Contents of route table lost when computer
  powered off
• Add to /etc/rc.d/rc.local file
• Most routers configured with a default gateway
• For packets addressed to destinations not in
  route table
• traceroute command troubleshoot routing
• Displays routers between current and remote
  computer

39
Network Services

• Must identify types and features of network
  services before they can be configured
• Network services processes that provide some
  type of valuable service for client computers on
  network
• Often presented by daemon processes that listen
  to certain requests
• Daemons identify packets to which they should
  respond using a port number

40
Network Services (continued)

• Port number uniquely identifying a network
  service
• Ensure that packets delivered to proper service
• Range from 0 to 65534
• /etc/services file lists ports and associated
  protocol
• Well-known port ports from 0 to 1023
• Represent commonly used services

41
Network Services (continued)
Table 12-2 Common well-known ports
42
Network Services (continued)

• Internet super daemon (xinetd) initializes
  appropriate daemon to provide needed network
  service
• Stand-alone daemons daemons that provide network
  services directly
• Log information themselves to subdirectories
  under /var/log
• chkconfig command or ntsysv utility can be used
  to configure most stand-alone daemons to start in
  various runlevels

43
Network Services (continued)
Figure 12-8 Interacting with network services
44
Network Services (continued)
Table 12-3 Common network services
45
Network Services (continued)
Table 12-3 (continued) Common network services
46
Network Services (continued)
Table 12-3 (continued) Common network services
47
Remote Administration Telnet

• telnet command traditionally used to obtain a
  command-line shell on remote server
• Receives host name or IP address of remote
  computer as argument
• Easiest way to perform remote administration
• Need to install telnet daemon using yum command
• Use regular commands and exit to kill remote BASH
  shell

48
Remote Commands

• Remote commands set of commands that can be used
  to execute commands on remote systems
• yum install rsh-server
• rlogin command obtains a shell from remote
  computer on network
• rcp command copies files between computers
• rsh command used to execute a command on a
  remote computer

49
Remote Commands (continued)

• r commands allow access to remote computers
  without a password, if remote computer has
  trusted access
• Trusted access computers allowed to access a
  computer without providing a password
• Does not apply to root user
• Methods of setting up
• Add host names of computers to /etc/hosts.equiv
• Create and .rhosts file in the home directory of
  each user who should get trusted access

50
Secure Shell (SSH)

• Secure Shell (SSH) encrypts information passing
  between computers
• Secure replacement for r commands
• ssh command connects to a remote computer
  running ssh daemon
• Receives host name or IP address of target
  computer as argument
• Accept RSA encryption fingerprint for target
  computer
• Can be used to transfer files between computers

51
Secure Shell (SSH) (continued)

• Main types of encryption supported by ssh daemon
• Triple Data Encryption Standard (3DES)
• Advanced Encryption Standard (AES)
• Blowfish
• Carlisle Adams Stafford Tavares (CAST)
• ARCfour

52
Remote X Windows

• X Windows is a network application
• Can be used to obtain graphical utilities from
  remote Linux computer
• To obtain graphical utilities using X Windows
• Edit /etc/gdm/custom.conf
• Use xhost command within a graphical terminal
  to allow other computers to write X Windows
  clients on your computer
• Connect to remote computer with telnet or ssh,
  and export DISPLAY variable of the local computer

53
Virtual Network Computing (VNC)

• Graphical option for administering Linux remotely
• Other computers run VNC client that connects to
  VNC server daemon installed on local computer to
  obtain a desktop environment
• Remote FrameBuffer (RFB) platform-independent
  protocol used to transfer graphics, mouse
  movements and keystrokes across network
• vncpasswd command used to configure password for
  VNC connection
• vncviewer command connects to VNC server

54
Summary

• A network is a collection of connected computers
  that share information
• A protocol is a set of rules that defines the
  format of information that is transmitted across
  a network
• Each computer on a TCP/IP network must have a
  valid IPv4 or IPv6 address
• The IPv4 configuration of a network interface can
  be specified manually, obtained automatically
  from a DHCP or BOOTP server, or autoconfigured by
  the system

55
Summary (continued)

• The IPv6 configuration of a network interface can
  be obtained from a router using ICMPv6, from a
  DHCP server, or autoconfigured by the system
• The /etc/sysconfig/network-scripts directory
  contains the configuration for NIC and PPP
  interfaces
• Host names are computer names that are easy for
  humans to remember host names that follow the
  DNS are FQDNs
• Host names must be resolved to an IP address
  before network communication can take place

56
Summary (continued)

• Routers are devices that forward TCP/IP packets
  from one network to another each computer and
  router has a route table used to determine how
  TCP/IP packets are forwarded
• Network services are started by the Internet
  Super Daemon or by stand-alone daemons
• There are many ways to remotely administer a
  Linux system, including the telnet, rsh, rcp,
  rlogin, and ssh commands, X Windows and VNC