With an increasing number of networks and mission-critical applications running on Linux, system, and network administrators must be able to do more than set up a server and rely on its default configuration. Advanced Linux Networking is designed to help you achieve a higher level of competence. It focuses on powerful techniques and features of Linux networking and provides you with the know-how you need to improve server efficiency, enhance security, and adapt to new requirements.
This book begins with a brief introduction to low-level configuration, including a guide to getting your network up and running. Part II outlines those servers and procedures most likely to be used by the computers on your local network: DHCP servers, Kerberos, Samba, time servers, and network backups, among others. Part III covers Internet servers: DNS, SMTP (sendmail, Postfix, and Exim), Apache, and FTP servers. Part IV examines network security, exploring such topics as using a chroot jail, iptables configuration, and VPNs. Wherever pertinent, author Roderick Smith addresses the differences between Caldera OpenLinux, Debian GNU/Linux, Mandrake, Red Hat, Slackware, SuSE, and TurboLinux.
Advanced Linux Networkingoffers valuable advice on:
Configuring small but potentially important servers quickly and easily
Optimizing Linux network operation
Using advanced system features effectively
Using systems and software in alternative ways to reach your goals
Avoiding possible damage to your system and violations of ISP policies
Securing your system
Advanced Linux Networking is the single-volume tutorial and reference for Linux networking that will help you achieve expert status
(NOTE: Each chapter concludes with a Summary.)
I. LOW-LEVEL CONFIGURATION.
1. Kernel Network Configuration.
Starting Kernel Configuration.
Network Protocol Support.
Packet and Socket Options.
Network Filter Options.
TCP/IP Routing Options.
IPvSupport Options.
QoS Options.
High-Level Protocol Support.
Alternative Network Stack Options.
Network Hardware Options.
Ethernet Devices.
Alternative Local Network Devices.
Broadband and WAN Devices.
Wireless Devices.
PC Card Devices.
Dial-Up Devices.
Compiling and Installing a Kernel.
Drivers: Modules or Built-In.
A Typical Kernel Compilation.
Common Kernel Compilation Problems.
Installing and Using a New Kernel.
2. TCP/IP Network Configuration.
Loading Network Drivers.
Using a DHCP Client.
Configuring a Static IP Address.
Configuring Network Interfaces.
Adjusting the Routing Table.
Configuring DNS.
Setting the Hostname.
Making Your Changes Permanent.
Using a PPP Link.
Using a GUI Dialer.
Adjusting Configuration Scripts.
Configuring Dial-on-Demand.
3. Alternative Network Stacks.
Understanding Network Stacks.
The OSI Network Stack Model.
Wrapping and Unwrapping Data.
The Role of the TCP/IP Stack.
AppleTalk.
AppleTalk Features and Capabilities.
Using Linux AppleTalk Software.
IPX/SPX.
IPX/SPX Features and Capabilities.
Using Linux IPX/SPX Software.
NetBEUI.
NetBEUI Features and Capabilities.
Obtaining a NetBEUI Stack for Linux.
Using Linux NetBEUI Software.
4. Starting Servers.
Using SysV Startup Scripts.
Startup Script Locations and Naming Conventions.
Manually Enabling or Disabling Startup Scripts.
Using Startup Script Utilities.
Setting and Changing the Runlevel.
Using inetd.
The /etc/inetd.conf File Format.
Using TCP Wrappers.
Using xinetd.
The /etc/xinetd.conf File Format.
Setting Access Control Features.
Using Local Startup Scripts.
Using GUI Tools.
Using Linuxconf.
Using YaST and YaST2.
Using ksysv.
When to Use Each Startup Method.
II. LOCAL NETWORK SERVERS.
5. Configuring Other Computers via DHCP.
When to Run a DHCP Server.
Kernel and Network Interface Issues.
DHCP Configuration Files.
Assigning Dynamic Addresses.
Setting Global Options.
Defining a Subnet Range.
Assigning Fixed Addresses.
Locating Client MAC Addresses.
Defining Hosts via MAC Addresses.
Customizing Client-Specific Parameters.
Integrating with Other Protocols.
Including NetBIOS Information.
Communicating with a DNS Server.
6. Authenticating Users via Kerberos.
When to Run a Kerberos Server.
Understanding Kerberos Operation.
Basic Principles of Kerberos Operation.
Requirements for the Kerberos Server.
Kerberos Versions and Variants.
Setting Up a Kerberos Server.
Modifying Server Configuration Files.
Setting Up a Realm.
Creating a Master Key.
Administering a Realm.
Starting the KDC.
Configuring a Slave KDC.
Configuring a Kerberos Application Server.
Configuring Kerberos.
Running Kerberized Servers.
Configuring a Kerberos Client.
Accessing Kerberos Servers.
Using Kerberos for User Logins.
7. File and Printer Sharing via Samba.
When to Run a Samba Server.
General Samba Configuration.
The Samba Configuration File.
Setting Server Identification.
Setting Security Options.
Becoming a NetBIOS Name Server.
Becoming a Master Browser.
Becoming a Domain Controller.
Serving Files with Samba.
Creating a File Share.
Setting Windows Filename Options.
Configuring Ownership and Permissions.
Limiting Access to Shares.
Serving Printers with Samba.
Creating a Printer Share.
Sharing a PostScript Printer.
Sharing a Non-PostScript Printer.
Samba Scripting Features.
Using preexec and postexec Scripts.
Using Pseudo-Printers.
Example: CD Burning.
Example: Creating PDF Files.
8. File Sharing via NFS.
When to Run an NFS Server.
NFS Servers Available for Linux.
User-Mode and Kernel-Mode Servers.
NFS Versions and 3.
Understanding the Portmapper.
Serving Files with NFS.
Defining NFS Exports.
Access Control Mechanisms.
Mounting NFS Exports.
Optimizing Performance.
Username Mapping Options.
Synchronizing Client and Server User IDs.
Using a Server-Side User ID Map.
Using a Client-Side Mapping Daemon.
9. Printer Sharing via LPD.
When to Run an LPD Server.
LPD Server Options for Linux.
Configuring a BSD LPD Server.
Configuring /etc/hosts.lpd.
Specifying the Server on a BSD LPD Client.
Configuring an LPRng Server.
Configuring /etc/lpd.perms.
Specifying the Server on an LPRng Client.
Configuring a CUPS Server.
Configuring /etc/cups/cupsd.conf.
Accepting Jobs from BSD LPD or LPRng Clients.
Specifying the Server on a CUPS Client.
10. Maintaining Consistent Time: Time Servers.
When to Run a Time Server.
Setting Up an NTP Server.
Understanding How a Time Server Functions.
Time Server Programs for Linux.
Configuring ntp.conf.
Monitoring NTP's Operations.
Using an NTP Client Package.
Using Samba to Serve Time.
Samba's Time Serving Options.
Configuring a Windows Client to Set Its Clock.
11. Pull Mail Protocols: POP and IMAP.
When to Run a Pull Mail Server.
Understanding POP and IMAP.
Pull Mail's Place in Mail Delivery Systems.
Storing Mail: On the Client or the Server.
A Sample POP Session.
A Sample IMAP Session.
Determining Which to Use.
Configuring a POP Server.
POP Servers for Linux.
POP Server Installation and Configuration.
Configuring an IMAP Server.
IMAP Servers for Linux.
IMAP Server Installation and Configuration.
Using Fetchmail.
Fetchmail's Place in Mail Delivery Systems.
Using fetchmailconf.
Configuring .fetchmailrc.
12. Running a News Server.
When to Run a News Server.
Understanding NNTP.
Running INN.
Obtaining a News Feed.
Configuring INN.
Ongoing News Server Maintenance.
Using leafnode.
Understanding leafnode's Capabilities.
Configuring leafnode.
Filtering Articles.
13. Maintaining Remote Login Servers.
When to Run a Remote Login Server.
Configuring rlogind.
Setting rlogind Startup Options.
Understanding rlogind Security.
Controlling rlogind Access.
Configuring Telnet.
Setting Telnet Startup Options.
Adjusting the Telnet Login Display.
Understanding Telnet Security.
Configuring SSH.
Available SSH Software.
Understanding SSH Capabilities.
Setting SSH Startup Options.
Adjusting the sshd--config File.
SSH Authentication Options.
14. Handling GUI Access with X and VNC Servers.
When to Run a GUI Access Server.
Configuring Basic X Access.
Understanding the X Client/Server Relationship.
Configuring an X Server to Accept X Client Access.
Setting Client Options to Use an X Server.
Tunneling X Connections Through SSH.
A Summary of Remote-Login X Access.
Using an XDMCP Server.
Understanding XDMCP Operation.
Configuring a Login Server to Accept Connections.
Configuring a Remote X Login Client.
Running a VNC Server.
Understanding the VNC Client/Server Relationship.
Installing a VNC Server.
Running a VNC Server.
Using a VNC Client to Access the Server.
Adjusting VNC Server Configuration.
A Comparison of Access Techniques.
15. Providing Consistent Fonts with Font Servers.
When to Run a Font Server.
Understanding Font File Formats.
Bitmapped Font Formats.
Outline Font Formats.
Running a Traditional Font Server.
Font Server Options for Linux.
Common Default Font Server Configurations.
Adjusting a Font Server for a LAN.
Adjusting Font Availability.
Running an Expanded Font Server.
16. Maintaining a System from a Distance.
When to Run Remote System Maintenance Tools.
The Challenge of a Cross-Distribution Configuration Tool.
Running Linuxconf Remotely.
Configuring Linuxconf to Work Remotely.
Using Web-Based Linuxconf.
Running Webmin.
Configuring Webmin.
Using Webmin.
Running SWAT.
Configuring SWAT to Run.
Using SWAT.
Remote Administration Security Concerns.
17. Performing Network Backups.
When to Run Network Backup Servers.
Types of Network Backup Solutions.
Client-Initiated Backups.
Server-Initiated Backups.
Using tar.
Basic tar Features.
Testing Local tar and Tape Functions.
Performing a Client-Initiated Backup.
Performing a a Server-Initiated Backup.
Using SMB/CIFS.
Backing Up Windows Clients from Linux.
Backup Shares.
Using AMANDA.
The Function of AMANDA.
Configuring Clients for AMANDA.
Configuring the AMANDA Backup Server.
Creating an AMANDA Configuration.
Running an AMANDA Backup.
Restoring Data.
III. INTERNET SERVERS.
18. Administering a Domain via DNS.
When to Run a DNS Server.
Running an Externally-Accessible DNS Server.
Running a Local DNS Server.
Obtaining a Domain Name.
DNS Server Options for Linux.
Core DNS Configuration.
The BIND Configuration File.
Locating Other Name Servers.
Setting Up a Forwarding Server.
Setting Up Zones.
Configuring a Slave Server.
Domain Administration Options.
A Sample Zone Configuration File.
Setting Master Zone Options.
Specifying Addresses and Aliases.
Configuring a Reverse DNS Zone.
Running a Caching-Only Name Server.
Communicating with a DHCP Server.
Starting and Testing the Server.
19. Push Mail Protocol: SMTP.
When to Run an SMTP Server.
SMTP Server Options for Linux.
Mail Domain Administration.
Understanding SMTP Transport.
SMTP Server Configuration Options.
Address Masquerading.
Accepting Mail as Local.
Relaying Mail.
Anti-Spam Configuration.
Basic Sendmail Configuration.
Sendmail's Configuration Files.
Sendmail Address Masquerading.
Configuring Sendmail to Accept Mail.
Sendmail Relay Configuration.
Sendmail Anti-Spam Configuration.
Basic Exim Configuration.
Exim's Configuration Files.
Exim Address Masquerading.
Configuring Exim to Accept Mail.
Exim Relay Configuration.
Exim Anti-Spam Configuration.
Basic Postfix Configuration.
Postfix's Configuration Files.
Postfix Address Masquerading.
Configuring Postfix to Accept Mail.
Postfix Relay Configuration.
Postfix Anti-Spam Configuration.
Using a Procmail Filter.
Understanding the Role of Procmail.
Designing a Recipe.
Using Existing Filter Sets.
Calling Procmail.
20. Running Web Servers.
When to Run a Web Server.
Web Server Options for Linux.
Basic Apache Configuration.
Understanding Apache Configuration Files.
Standalone versus Super Server Configuration.
Setting Common Configuration Options.
Setting Server Directory Options.
Loading Apache Modules.
Configuring kHTTPd.
Handling Forms and Scripts.
Understanding Static Content, Forms, and CGI Scripts.
Setting Script and Form Options.
Writing CGI Scripts.
Scripting Security Measures.
Handling Secure Sites.
Understanding SSL.
Configuring SSL.
Enabling SSL in Apache.
Handling Virtual Domains.
Why Use a Virtual Domain?
Virtual Domain Configuration Options.
Producing Something Worth Serving.
HTML and Other Web File Formats.
Tools for Producing Web Pages.
Web Page Design Tips.
Analyzing Server Log Files.
Apache Log File Format.
Using Analog.
Using Webalizer.
21. Running FTP Servers.
When to Run an FTP Server.
FTP Server Options for Linux.
Basic FTP Server Configuration.
Running the FTP Server.
WU-FTPD Configuration.
ProFTPd Configuration.
Setting Up an Anonymous FTP Server.
Special Needs of Anonymous Servers.
Security Concerns of Anonymous Servers.
Setting Anonymous Options.
IV. NETWORK SECURITY AND ROUTER FUNCTIONS.
22. General System Security.
Shutting Down Unnecessary Servers.
Locating Unnecessary Servers.
Methods of Shutting Down Servers.
Controlling Accounts and Passwords.
Account Creation Procedures and Policies.
Monitoring Account Usage.
Setting Good Passwords.
Keeping the System Up to Date.
The Importance of Server Updates.
How to Monitor for Updated Software.
Automatic Software Update Procedures.
Monitoring for Intrusion Attempts.
Intrusion-Detection Tools.
General Intrusion Detection Procedures.
What to do If You Discover an Intruder.
Keeping Abreast of Security Developments.
Security Web Sites.
Security Mailing Lists and Newsgroups.
23. Configuring a chroot Jail.
What is a chroot Jail?
Necessary chroot Environment Files.
Preparing a Directory Tree.
Copying Server Files.
Copying System Files.
Configuring a Server to Operate in a chroot Jail.
Running a Server in a chroot Jail.
Controlling Local Access to the chroot Environment.
An Example: Running BIND in a chroot Jail.
Maintaining the chroot Environment.
24. Advanced Router Options.
When to Use Advanced Router Configurations.
Advanced Kernel Options.
Policy Routing.
Type of Service Values.
Multipath Routing.
Router Logging Options.
Large Routing Tables.
Multicast Routing.
Quality of Service.
Using iproute2.
Using ip.
Using tc.
Using Routing Protocols.
Understanding Routing Protocols.
Using routed.
Using GateD.
Using Zebra.
25. Configuring iptables.
What Is iptables?
Kernel Configuration for iptables.
Checking Your iptables Configuration.
Configuring a Firewall with iptables.
What Is a Firewall?
Setting a Firewall's Default Policy.
Creating Firewall Rules.
Configuring NAT with iptables.
What Is NAT?
Setting iptables NAT Options.
Forwarding Ports with iptables.
When to Forward Ports.
Setting iptables Port Forwarding Options.
Logging iptables Activity.
26. Using a VPN.
When to Use a VPN.
VPN Options for Linux.
Configuring PPTP in Linux.
Obtaining and Installing PoPToP.
PoPToP Server Configuration.
Enabling Encryption Features.
PPTP Client Configuration.
Configuring a Linux FreeS/WAN Server.
Obtaining and Installing FreeS/WAN.
Editing Configuration Files.
