ch07.ppt

SUSE Linux Enterprise Server
Administration (Course 3037)
Chapter 7
Connect the SUSE Linux Enterprise
Server to the Network

SUSE Linux Enterprise Server Administration (Course 3037) 2
Objectives
• Configure Your Network Connection
• Configure and Manage Routes
• Test the Network Interface

Configure Your Network Connection
• Objectives
– TCP/IP Fundamentals
– Network Interfaces in Linux
– Network Interface Requirements
– How to Configure a Network Card with YaST
– How to Modify a Network Card Manually

TCP/IP Fundamentals
• TCP/IP network components
– Host
• Receives requests for information from the Internet
– TCP/IP
• Defines how packets should be structured
– IP packet
• Electronic package of data sent over the Internet
– Router
• Forwards an IP packet to the next network point
– Firewall
• Protects the resources of a private intranet or network

TCP/IP Fundamentals (continued)
• IP address structure
– Host is also referred to as a node or station
• Routers locate hosts based on their IP addresses
– IP address consists of four bytes:
• A network address (from 1 to 3 bytes)
• A node or station address (from 1 to 3 bytes)
– Node address 0, and 255 are reserved
– IP addresses take the form of a dotted octet
• Each byte is separated by a dot

• Network classes and IP addresses
– There are five address classes defined in IP
• Classes A through C can be assigned
• Classes D and E are reserved
– Class A addresses
• Networks: 126
• Hosts per network: 16,777,216
– Class B addresses
• Networks: 16,384
• Hosts per network: 65,534

• Network classes and IP addresses
– Class C addresses
• Networks: 2,097,152
• Hosts per network: 255
– Class D addresses
• First byte is in the 224 to 239 range
• Used for multicast packets
– Class E addresses
• First byte is in the 240 to 255 range
• Reserved for experimental use

• Special IP addresses
– See Table 7-1

Network Interfaces in Linux
• Network interfaces
– Always referred to with a fixed name
– Name depends on type and position of the network
card in the computer
• First card is called eth0, second is eth1, and so on
• Drives
– Provide support for network cards and protocols
– Kernel modules that can be loaded if required
• SUSE Linux Enterprise Server
– Contains drivers for all common network cards

Network Interface Requirements
• Network card is detected during installation
– And a suitable driver is loaded
• Command ifstatus device
– Verifies network card has been integrated correctly
• With the appropriate driver
• Kernel support implemented as a module
– Name of the module is entered by YaST
• In a file in /etc/sysconfig/hardware/
• Drivers are autodetected for hotplug cards
– No configuration is necessary

How to Configure a Network Card with
YaST
• Steps
– Start the YaST Network Card module
– Select a network card from the list (conditional)
– Modify network card settings (conditional)

YaST (continued)

YaST (continued)
• Steps
– Do one of the following
• Add a new network card configuration
• Modify an existing configuration
• Delete a listed configuration
– Select Next
– Save the configuration by selecting Finish
– Check network card activation and settings
• From the command line using ifconfig or ip

YaST (continued)

How to Modify a Network Card
Manually
• Configure the network interface with ifconfig
– ifconfig (/sbin/ifconfig)
• Used to manually configure a network card
• Display information about status of network interfaces
– Changes done with ifconfig are temporary
– Syntax
• ifconfig [interface] [address] [options]
– ifconfig eth0 192.168.0.1
• Assigns 192.168.0.1 to network card eth0
– ifconfig eth0 up
• Activates eth0

Manually (continued)

• Configure IP aliases with ifconfig
– IP aliases
• Used to define more than one IP address for a network
card
– It is always better to use genuine addresses
– Configure an IP alias with ifconfig or YaST
– View IP aliases by entering ip address show

• Modify network interface configuration files
– Configuration files directory
• /etc/sysconfig/network/
• Contains file for each configured network adapter
– Network interfaces are activated at boot
• By script /etc/init.d/network
– /etc/sysconfig/network/config
• Contains general variables for the script
– Directory /etc/sysconfig/network/scripts/
• Contains additional scripts run by /etc/init.d/network

• Modify network interface configuration files
– Activating and deactivating network interfaces
• Use commands /sbin/ifup, /sbin/ifdown, /sbin/ifstatus
• Use script /etc/init.d/network
• Configure host and domain names
– Modify the following files
• /etc/HOSTNAME
• /etc/resolv.conf

Configure and Manage Routes
• Objectives
– Route Types
– How to Manage Routes with route
– How to Modify Route Configuration Files
– How to Activate Routing
– How to Manage the Network Interface and Routes
with ip

Route Types
• Host routes
– Define path data packet can take for exactly one
destination host
• Network and gateway routes
– Define path data packet can take for an entire
destination network
• Default route
– Special gateway route
– Defines route data packet can take if no previous
route matched destination of the packet

How to Manage Routes with route
• Use command route (/sbin/route)
– To check and edit the routing table
• Create a route
– Syntax
• route add [-net | -host destination] [netmask mask] [gw
gateway] [metric n] [dev interface]
– Static routing is set up by default
– Dynamic routing needs a routing daemon
• You also need to add the option metric n

How to Manage Routes with route
(continued)
• Delete a route
– Syntax
• route del [-net | -host destination] [gw gateway]
[netmask mask] [dev interface]
– route del default
• Deletes the default route

How to Modify Route Configuration
Files
• An entry is generated in the kernel routing table
– For all active network interfaces
• Additional static routes
– Configured in the files
• /etc/sysconfig/network/routes
• /etc/sysconfig/network/ifroute-Interface
• Configuration files include the following fields:
– Destination network/destination host
– The gateway to use
– The network mask
– The network interface

How to Activate Routing
• A Linux host can also serve as a router itself
– This property is deactivated by default
• Activate routing by adding entry in the process file
– echo 1 > /proc/sys/net/ipv4/ip_forward
– 0 will deactivate routing
• Activate routing permanently
– Set following variable in /etc/sysconfig/sysctl
• IP_FORWARD=“yes”

How to Manage the Network Interface
and Routes with ip
• SUSE Linux Enterprise Server ip command
– Replaces ifconfig and route commands
• ip general syntax
– ip [options] object [command [parameters]]
• Modifications made with command ip are temporary
• Tasks performed with ip:
– Assign Parameters for Network Interfaces (ip link)
– Assign IP Addresses (ip address)
– Set Up Routes (ip route)

and Routes with ip (continued)

• Assign Parameters for Network Interfaces (ip link)
– Use ip commands
• set and show
• Assign IP Addresses (ip address)
– Most important ip commands
• add, del, and show
• Set Up Routes (ip route)
– Use ip commands
• add, change, delete, and show

Test the Network Interface
• Objectives
– Check a Network Connection between Hosts (ping)
– Check the Routing (traceroute)
– Analyze Network Traffic (tcpdump and ethereal)
– Determine the Status of All Network Connections
(netstat)
– Check for Service Availability (netcat)

Check a Network Connection between
Hosts (ping)
• Command ping (/sbin/ping)
– Simple tool for checking network connections
• How the command tests a connection
– Enter ping host
– Server sends ICMP datagram to the target host
• With the echo request
– Target host answers with ICMP datagram
• Containing the message echo reply
– ICMP protocol does not involve higher level protocols
• Command options
– See Table 7-7

Hosts (ping) (continued)

Hosts (ping) (continued)
• Troubleshooting suggestions
– Start by checking the host-internal network
• ping localhost
– Then check network interface connected to your host
• ping interface_addr
– Check network segment to the next closest network
element
• In the direction of the target host
• Until the check ends at the target host

Check the Routing (traceroute)
• Command traceroute (/usr/sbin/traceroute)
– Helps you follow route taken by an IP datagram
• How a route is traced
– traceroute sends three UDP datagrams with TTL = 1
– Then increases value for the next three datagrams
– TTL is reduced by 1 when UDP datagram passes
through a router
• Datagram is discarded at TTL=0
– Gateway at TTL=0 sends an ICMP datagram
• With message “TTL exceeded” back to the sender

(continued)
• How a route is traced
– If UDP datagram reaches the target host
• Host replies with ICMP datagram Port Unreachable
– From this message
• Sender recognizes that target host has now been
reached
– Syntax
• traceroute host
• Command options
– See Table 7-8

(continued)

(continued)
– Common reason for defective communication
• Transport path between these networks contains errors
– traceroute
• Excellent tool for checking routers located on this
transport path
• Shows at which hop the transport path is faulty

Analyze Network Traffic (tcpdump and
ethereal)
• How to use tcpdump
– Command tcpdump (/usr/sbin/tcpdump)
• Lets you analyze data packets
– Syntax
• tcpdump –i interface
– Puts interface in promiscuous mode
• How to use ethereal
– Graphical tool
– Provides the same functionality as tcpdump
– Must be first installed using YaST

ethereal) (continued)

• Command options (tcpdump)
– See Table 7-9
– Use tcpdump or ethereal to analyze network traffic
– Helps you find which packets are exchanged
– Recommended for security-critical environments

Determine the Status of All Network
Connections (netstat)
• Command netstat (/bin/netstat)
– Helps you determine the status of all network
connections on a host
• How to use netstat
– Displays the status of all open sockets
– Information is displayed in two blocks
• First block
– Each socket is listed on a separate line
• Second block
• Contains information on the UNIX domain sockets
active on the host

Connections (netstat) (continued)
• Command options
– See Table 7-10
– netstat
• Ideal for monitoring resources for network sockets on a
host
• Provides detailed information on existing and available
network sockets or resources

Connections (netstat) (continued)

Check for Service Availability (netcat)
• Command netcat (/usr/bin/netcat)
– Uses TCP and UDP protocols
• To read and write data through network connections
• How to use netcat
– netcat host port
• Advanced use of netcat
– Query ports and display the responses of the services
– nmap command
• More suitable for a simple port scan
– Transmit files between hosts
• Command options (see Table 7-11)

Check for Service Availability (netcat)
(continued)

Exercise 7-1: Configure and Test Your
Network Connection
• In this exercise, you do the following:
– Part I: View and Record Network Configuration
– Part II: Configure a Static Network with YaST
– Part III: Test the Network Card Configuration

Summary
• Each host has an IP address and subnet mask
• IP classes normally used for IP addressing
– Class A, B, and C
• Commands ifconfig and ip
– View and change your TCP/IP configuration
• Network interface and TCP/IP information
– Stored in the /etc/sysconfig/network
– Started by the /etc/init.d/network script
• Each host contains a hostname
– Stored in the /etc/HOSTNAME file

Summary (continued)
• /etc/resolv.conf file
– Contains the addresses of up to three DNS servers
• TCP/IP networks are connected via routers
– Host has a routing table
• That typically contains a default gateway route
• Commands route and ip
– View and change the routing table
• Commands ping and traceroute
– Used to test network communication and routing

Summary (continued)
• Command netcat
– Used to test TCP and UDP connections
• Utilities tcpdump and ethereal
– Used to capture and analyze network traffic

ch07.ppt

Recomendados

Recomendados

Mais conteúdo relacionado

Semelhante a ch07.ppt

Semelhante a ch07.ppt (20)

Último

Último (20)

ch07.ppt