basic tcp/ip networking - departamento de computaci³n

Basic TCP/IPnetworking

Basic networkconfiguration

Routes

Networkinterfacealiasing

inetdconfiguration

Basic TCP/IP networkingGrado en Informatica. 2013

Departamento de ComputacionFacultad de InformaticaUniversidad de Coruna

Antonio Yanez Izquierdo

(Antonio Yanez Izquierdo) Basic TCP/IP networking 1 / 39



Routes


inetdconfiguration

Contents I

1 Basic network configurationsolarisopenbsdlinux

2 Routes

3 Network interface aliasing

4 inetd configurationtcpwrappersinetd and tcpwrappers in Solaris




solaris

openbsd

linux

Routes


inetdconfiguration

Basic network configuration

solarisopenbsdlinux




solaris

openbsd

linux

Routes


inetdconfiguration

basic IP v4 configuration

to properly configure a machine using ipv4 we have toconfigure

the machine namethe Network Interface Cardsthe routesthe dns (if using it)




solaris

openbsd

linux

Routes


inetdconfiguration

basic NIC configuration

The bassic things we have to configure for a NetworkInterface Card are

its ip addressits netmask (number of bits in its ip address thatcorrespond to network address)its broadcast address




solaris

openbsd

linux

Routes


inetdconfiguration

ways to configure the network

there are two ways to configure the network

manual configuration: we configure manually each of theparamaters, either directly using the comand line orthrough the boot scriptsusing dhcp: the network interface card asks for itsconfiguration to a machine in the network (the dhcpserver). This can be done directly through the comand lineor using the boot scripts

most systems have a graphic utility to configure thenetwork, which can be used to configure either manuallyor via dhcp. We won’t deal with those utilities, neither willwe deal with the wireless configuration options




solaris

openbsd

linux

Routes


inetdconfiguration

ifconfig

the comand ifconfig configures network interfaces,

it is usually located at /sbin/ifconfig

it can configure interfaces both manually or using dhcp

ifconfig -a shows the actual configuration of theNetwork Interface Cards




solaris

openbsd

linux

Routes


inetdconfiguration

configuring the dns

the configuration of the dns resides on the file/etc/resolv.conf

this file has the options to the resolver configuration. Themost common options are

nameserver to specify the address of a domain nameserver, up to 3 can be defineddomain (optional) to sepecify the local domain. Shortnames are supposed to be from this domain

example of /etc/resolv.conf file

domain dc.if.udc.es.

nameserver 193.144.51.10

nameserver 192.144.48.30




solaris

openbsd

linux

Routes


inetdconfiguration

the /etc/hosts file

this file contains the locally defined ip addresses of hosts

its format is

ip_address host_name aliases

example of /etc/hosts

127.0.0.1 localhost

192.168.1.99 abyecto.dc.fi.udc.es abyecto




solaris

openbsd

linux

Routes


inetdconfiguration

the /etc/nsswitch.conf file

this file is used to determine the sources from where toobtain name-service information of several categories:hosts, users, mail aliases . . .

it also specifies the order in which this sources ofinformation should be queried

in the following example, the hosts ips are first searchedfor in the local files, then the dns is queried

passwd: compat

group: compat

shadow: compat

hosts: files dns

networks: files




solaris

openbsd

linux

Routes


inetdconfiguration

NIC configuration in solaris

the interfaces are named after the driver in the kernel thatmanages them.

example: the kernel uses the e1000g driver for Intel(R)PRO/1000 NICS. Cards of this type will get the namese1000g0, e1000g1 . . .

ifconfig interface name plumb: plumbs (or connects)the interface: no configuration can be done before this,even ifconfig won’t show the interface until it is plumbed

ifconfig interface name dhcp configures the cardinterface name using dhcp.




solaris

openbsd

linux

Routes


inetdconfiguration

NIC configuration in solaris

ifconfig interface name inet addr netmask netmbroadcast bcast configures the card interface name withaddress addr, netmask netm and broadcast address bcast.If omitted broadcast defaults to using 1’s in the hostnumber. The netmask can also be specified in the formataddress/network bits, or can be specified through one ofthe netwroks defined in /etc/networks#ifconfig e1000g1 inet 192.168.1.100 netmask 255.255.255.0

#ifconfig e1000g1 inet 192.168.1.100/24

ifconfig interface name up brings the interface up




solaris

openbsd

linux

Routes


inetdconfiguration

NIC configuration in solaris at boot time

if we want to get the interfaces automatically configuredat boot time (via svc:/network/physical) we’ll use thefollowing files

interfaces using dhcp/etc/hostname.interface name: empty file to plumbthe interface/etc/dhcp.interface name: empty file to get theinterface configured with dhcp

interfaces configured manually/etc/hostname.interface name: file containing thenecessary parameters passed to ifconfig to configure theinterface. The ’inet’ parameter is omitted: should wewant to configure an ’inet6’ interface we would use an/etc/hostname6.interface name file

# cat /etc/hostname.e1000g1

192.168.1.100 netmask 255.255.255.0

#




solaris

openbsd

linux

Routes


inetdconfiguration

NIC configuration in solaris at boot time

/etc/nodename: contains the name of the system. It isneccessary if the system is configured via dhcp if theDHCP server does not provide a value for the hostname.The system can also get the name from the /etc/hosts

database using the ip from the primary network card

/etc/defaultrouter: the ip address (or name if definedin /etc/hosts) of the default router.

/etc/defaultdomain: a single line containing a host’sdomain name

/etc/networks: used to associate network names tonetwork addresses




solaris

openbsd

linux

Routes


inetdconfiguration

NIC configuration in openBSD

the interfaces are named after the driver in the kernel thatmanages them.

example: the kernel uses the em driver for Intel(R)PRO/1000 NICS. Cards of this type will get the namesem0, em1 . . .

dhclient interface name configures the cardinterface name using dhcp.




solaris

openbsd

linux

Routes


inetdconfiguration

NIC configuration in openBSD

ifconfig interface name inet address netmaskbroadcast configures the card interface name withaddress address, netmask netmask and broadcast addressbroadcast.I#ifconfig em0 inet 192.168.1.100 255.255.255.0 192.168.1.255

ifconfig interface name up brings the interface up




solaris

openbsd

linux

Routes


inetdconfiguration

NIC configuration in openBSD at boot time

if we want to get the interfaces automatically configuredat boot time (via /etc/netstart) we’ll use the followingfiles

interfaces using dhcp

/etc/hostname.interface name file containing the worddhcp (see hostname.if man page)

interfaces configured manually

/etc/hostname.interface name file containing thenecessary parameters passed to ifconfig to configure theinterface. If we’d want to configure an ’inet6’ interface wewould use inet6 instead of inet in the/etc/hostname.interface name file

# cat /etc/hostname.em0

inet 192.168.1.100 255.255.255.0 192.168.1.255

#




solaris

openbsd

linux

Routes


inetdconfiguration

NIC configuration in openBSD at boot time

/etc/myname Contains the complete name of the system

/etc/mygate Contains the ip address of the defaultrouter.




solaris

openbsd

linux

Routes


inetdconfiguration

NIC configuration in linux

the interfaces are named eth0, eth1, eth2 . . .the names eth0, eth1, eth2 . . . are asigned to theinterfaces THE FIRST TIME the kernel recognices them.This is stored in the file/etc/udev/rules.d/70-persistent-net.rules, whereit can be changed if necessary.

on older versions of linux the names were assigned eachtime the system booted, and this was driver-loading-orderdendent.

abyecto:/home/antonio# cat /etc/udev/rules.d/70-persistent-net.rules

# This file was automatically generated by the /lib/udev/write_net_rules

# program, run by the persistent-net-generator.rules rules file.

#

# You can modify it, as long as you keep each rule on a single

# line, and change only the value of the NAME= key.

# PCI device 0x11ab:0x4363 (sky2)

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:24:be:40:5c:4b", ATTR{dev_id}=="0x0",

ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

# PCI device 0x8086:0x4232 (iwlagn)

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:24:d6:0e:ae:a0", ATTR{dev_id}=="0x0",

ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan0"

abyecto:/home/antonio#(Antonio Yanez Izquierdo) Basic TCP/IP networking 19 / 39



solaris

openbsd

linux

Routes


inetdconfiguration

NIC configuration in linux

dhclient interface name configures the cardinterface name using dhcp.

ifconfig interface name inet address addr netmasknetmk broadcast bcast configures the cardinterface name with address addr, netmask netmk andbroadcast address bcast.I

#ifconfig eth0 inet 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255

ifconfig interface name up brings the interface up (sameas ifup)




solaris

openbsd

linux

Routes


inetdconfiguration

NIC configuration in linux at boot time

if we want to get the interfaces automatically configuredat boot time (via /etc/init.d/networking) debiansystems and derivatives will look for the file/etc/network/interfaces (see interfaces man page)/etc/hostname Contains the name of the system (eitherthe fully qualified domain name or just the nodename)Sample /etc/network/interfaces with just one NICmanually configured

# The loopback network interface

auto lo

iface lo inet loopback

# The primary network interface

#allow-hotplug eth0

auto eth0

iface eth0 inet static

address 192.168.1.99

netmask 255.255.255.0

network 192.168.1.0

broadcast 192.168.1.255

gateway 192.168.1.1




solaris

openbsd

linux

Routes


inetdconfiguration

NIC configuration in linux at boot time

Sample /etc/network/interfaces with just two NICs

root@abyecto:~# cat /etc/network/interfaces

# This file describes the network interfaces available on your system

# and how to activate them. For more information, see interfaces(5).

# The loopback network interface

auto lo eth0 eth1

iface lo inet loopback

# The primary network interface

allow-hotplug eth0

iface eth0 inet dhcp

# internal network

allow-hotplug eth1

iface eth1 inet static

address 192.168.1.100

netmask 255.255.255.0

network 192.168.1.0

breadcast 192.168.1.255




Routes


inetdconfiguration

Routes




Routes


inetdconfiguration

route configuration at boot time

we’ll deal only with the most simple case of routing: Asingle default route. If we’re using dhcp this is configuredautomatically. If not

solaris through the /etc/defaultrouter fileopenBSD through the /etc/mygate file

linux in the /etc/network/interfaces file with the wordgateway




Routes


inetdconfiguration

manipulating the route

the commands to manipulate the routing table are

solaris route and routeadmopenBSD route

linux route

to show the routing table we use netstat -r. In linux wecan also use route without arguments




Routes


inetdconfiguration

Network interface aliasing




Routes


inetdconfiguration

interface aliasing

By interface aliasing we refer to the act of giving aNetwork Interface Card more than one IP address. (solariscalls them logical interfaces)

linux we configure these alias as we would do with a non-aliasedinterface but using the names eth0:0, eth0:1. . . , eth1:0. . . .To get it configured at boot time we just add an entry forit in the file /etc/network/interfaces as we would dowith a non-aliased interface

# ifconfig eth0:0 192.168.1.11 up




Routes


inetdconfiguration

interface aliasing

solaris We configure these alias as we would do with a non-aliasedinterface but using the namesinterface name:alias number.

The alias must be plumbed separately.To get them configured at boot we must proceed to createthe file /etc/hostname.interface name:alias number

# ifconfig pcn0:1 plumb

# ifconfig pcn0:1 inet 19.10.2.45 netmask 255.0.0.0




Routes


inetdconfiguration

interface aliasing

openBSD We use the option alias of ifconfig

# ifconfig em0 alias 10.1.2.4 255.0.0.0

In the /etc/hostname.interface name file we add oneline for each alias of the NIC

# cat /etc/hostname.em0

inet 192.168.1.100 255.255.255.0 192.168.1.255

inet alias 10.1.2.4 255.0.0.0




Routes


inetdconfiguration

tcpwrappers

inetd andtcpwrappers inSolaris

inetd configuration

tcpwrappersinetd and tcpwrappers in Solaris




Routes


inetdconfiguration

tcpwrappers


inetd configuration

inetd is called the internet superserver

Some internet services listen directly to theircorresponding port, others are started by inetd

When a conexion request arrives on a designated port,inetd starts the appropiated server program

This allows for server programs to run only when needed,thus saving resources on the system

Two files control the working of inetd/etc/services

/etc/inetd.conf




Routes


inetdconfiguration

tcpwrappers


/etc/services

/etc/inet/services on some systems

this file has a mapping between the port numbers andprotocol to the services names. Info can be found in theservices man page. A fragment from an acual/etc/services is shown

ftp 21/tcp

fsp 21/udp fspd

ssh 22/tcp # SSH Remote Login Protocol

ssh 22/udp

telnet 23/tcp

smtp 25/tcp mail

time 37/tcp timserver

time 37/udp timserver

rlp 39/udp resource # resource location

nameserver 42/tcp name # IEN 116

whois 43/tcp nicname




Routes


inetdconfiguration

tcpwrappers


/etc/inetd.conf

This file associates the service name to the programactually providing the service

The format for one line of this file is

service_name socket_type protocol wait/nowait user.group program args

The line for the telnetd program would look like this

telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd




Routes


inetdconfiguration

tcpwrappers


/etc/inetd.conf

As lines started with the # are treated as comments, wecan disable one service, by simply comenting out thecorresponding line

Example of the telnetd service disabled

#telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd




Routes


inetdconfiguration

tcpwrappers


tcpwrappers

An aditional layer can be placed between inetd and theserver program to perform access control based on hostname, network address or ident queries

This layer is usally called tcpwrappers or, by the name ofthe program, tcpd.

the program tcpd gets called by inetd and receives theserver to start as a parametertcpd checks its configuration files to see if the access mustbe granted or deniedin case the access is granted tcpd starts the serverprogram supplied as parameter

the corresponding line for ths telnetd server usingtcpwrappers would look like this

telnet stream tcp nowait telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd




Routes


inetdconfiguration

tcpwrappers


tcpwrappers

the configuration for the tcpwrappers resides in the files/etc/hosts.allow and /etc/hosts.deny

the manual page hosts access documents the use ofthese files

Access will be granted when a (daemon,client) pairmatches an entry in the /etc/hosts.allow file.Otherwise, access will be denied when a (daemon,client)pair matches an entry in the /etc/hosts.deny file.Otherwise, access will be granted.




Routes


inetdconfiguration

tcpwrappers


inetd and tcpwrappers in Solaris

Starting with Solaris 10, the inetd services have beenintegrated in the smf (Sevices Managemnent Facility)mainframe

The file /etc/inetd.conf exists on the system but anychanges made to it do not change the system behaviour

If we add a service to /etc/inetd.conf, we can convertinto a smf manifest to me managed by smf using thecommand inetconv

After that, the service can be managed using thecommands svcadm and inetadm

tcpwrappers can also be activated for all or some of theinetd services as a property of inetd




Routes


inetdconfiguration

tcpwrappers



to see inetd properties

# svcprop inetd

# inetadm -p

to list the services managed through inetd

# inetadm

to list an inetd service

# inetadm -l servce_name

to enable or disable an inetd service

# inetadm -e|-d service_name

services can also be disabled with svcadm




Routes


inetdconfiguration

tcpwrappers



tcp wrapers is treated as a property of inetd so, to enableit we must modify that property of inetd

# inetadm -M tcp_wrappers=TRUE

tcp wrapers can be enabled on a per service basismodifying just the property of that service. For example toenable the host access control ONLY for the telnet servicewe’d do

# inetadm -M tcp_wrappers=FALSE

to disable tcp wrappers. And then to enable tcp wrappersfor the telnet service

# inetadm -m telnet tcp_wrappers=FALSE


basic tcp/ip networking - departamento de computaci³n

Documents