Chapter 7 Configuring Networking 205
The ability to network is the primary function of Linux. Installing networking may include basic configuration of network services, access rights, client ser-
vices, Internet services, and remote access. If you know the features of most of the available services, you should be able to prevent major security risks and perform a basic configuration of these services. In fact, you should know that you could make a career out of performing each of these tasks individually. The goal of this chapter is to make you familiar with most of the available services and to show you their basic configurations.
Basic Network Services
3.4 Configure basic network services and settings (e.g., netconfig, linuxconf; settings for TCP/IP, DNS, DHCP)
7.8 Identify basic networking concepts, including how a network works
A number of services are available to the Linux system to provide networking. In general, these services can be used in any environment and can be divided into two types — clients and servers — and can be used in any environment. Clients use their services to connect to servers and servers use their services to provide information to clients. This relationship is true of every networking system in use, including so-called “peer-to-peer” systems in which both systems act as a client and a server. The major networking protocol for Linux is the Transmission Control Protocol and Internet Protocol (TCP/IP) protocol. TCP/IP provides all network services used in the Linux environment. TCP/IP is the primary protocol of the Internet, so interfacing your local Linux network services to the Internet is very straightforward. You must configure these services at the most basic level. You can use these services after you get them running, but keep the following warning in mind: Although client-side services are usually safe, these services have proven to be insecure in some situations. Therefore, always consult network security information or another source before activating one of these services in any environment. In general, you are required to configure the basic network services — even if it is just to connect to the Internet — so you may benefit from some background information before beginning configuration.
TCP/IP Protocol Suite
The TCP/IP suite is used everyday by anyone who accesses the Internetor or uses a local LAN. The strength of TCP/IP comes from its development: It was designed to be robust and includes two sets of systems — connection-oriented (TCP) and connectionless (UDP) protocols — that allow the remote connection to clients or servers. Table 7-1 lists many of the most popular protocols and services that they provide.
206 Part III Configuration
Table 7-1
The TCP/IP Protocol Suite
System |
Port (default) |
Service provided |
|
|
|
FTP |
20-21 |
File Transfer Protocol allows the transfer of |
|
|
files from one system to another with |
|
|
Transmission Control Protocol (TCP) to ensure |
|
|
delivery and directory visibility. |
|
|
|
SSH |
22 |
Secure Shell, sometimes known as Secure |
|
|
Socket Shell, provides secure access to a |
|
|
remote computer. |
|
|
|
Telnet |
23 |
Telnet protocol allows communication with |
|
|
remote systems, usually to access and use the |
|
|
remote system. |
|
|
|
SMTP |
25 |
Simple Mail Transfer Protocol used in sending |
|
|
and receiving e-mail. Because it is limited in |
|
|
its ability to queue messages, it is normally |
|
|
used for server-to-server mail transfer. |
|
|
|
DNS |
53 |
Domain Name System is used to translate a |
|
|
user-friendly name, such as www.linux.org, |
|
|
to the related IP address, 198.182.196.56 for |
|
|
www.linux.org. |
|
|
|
DHCP and BOOTPS |
67 |
Dynamic Host Configuration Protocol is a |
|
|
communications protocol that automates the |
|
|
assignment of Internet Protocol (IP) addresses |
|
|
in a network. Bootstrap Protocol is a protocol |
|
|
that automatically configures a network user |
|
|
and boots or initiates an operating system. |
|
|
BOOTPS is the server-side protocol. |
|
|
|
BOOTPC |
68 |
Bootstrap Protocol is a protocol that |
|
|
automatically configures a network user and |
|
|
boots or initiates an operating system. BOOTP |
|
|
is the client-side protocol. |
|
|
|
TFTP |
69 |
Trivial File Transfer Protocol is used much like |
|
|
FTP; TFTP, however, uses the User Datagram |
|
|
Protocol (UDP) and does not ensure delivery |
|
|
or provide directory visibility. |
Gopher |
70 |
Gopher provides a way to bring text files from |
|
|
all over the world to a viewer on your |
computer. It has been replaced by the HTTP protocol.
Chapter 7 Configuring Networking 207
System |
Port (default) |
Service provided |
|
|
|
Finger |
79 |
Finger is a program that tells you the name |
|
|
associated with an e-mail address. |
|
|
|
HTTP |
80 |
The Hypertext Transfer Protocol is the set of |
|
|
rules for exchanging files (text, graphic |
|
|
images, sound, video, and other multimedia |
|
|
files) on the World Wide Web. |
|
|
|
POP (3) |
110 |
Post Office Protocol 3 is the most recent |
|
|
version of a standard protocol for receiving |
|
|
e-mail downloaded to clients from servers. |
|
|
POP (3) is an alternative to IMAP. |
|
|
|
RPC |
111 |
SUN Remote Procedure Call is a protocol that |
|
|
one program can use to request a service |
|
|
from another host on the network without |
|
|
having to understand network details. |
|
|
|
RPC |
135 |
Microsoft RPC. |
|
|
|
SMB/CIFS |
139 |
SMB/CIFS/CIFS server. |
|
|
|
IMAP |
143 and 220 |
Internet Message Access Protocol is a standard |
|
|
protocol for accessing e-mail from your mail |
|
|
server; it is not downloaded until instructed to |
|
|
do so. |
|
|
|
SNMP |
161 |
Simple Network Management Protocol |
|
|
governs network management and the |
|
|
monitoring of network devices. |
|
|
|
rlogin |
221 |
Remote login is a command that allows an |
|
|
authorized user to log in to other machines |
|
|
(host) on a network and to interact as if the |
|
|
user were physically at the host computer. It |
|
|
has been replaced by SSH and is less known |
|
|
than telnet. |
SSL/TSL |
443 |
The Secure Sockets Layer protocol is used for |
|
|
the secure transmission of data on the |
|
|
Internet. TLS is the successor to the Secure |
|
|
Sockets Layer (SSL). It uses the same port but |
|
|
provides more security and is backwards- |
|
|
compatible with SSL; most browsers now |
|
|
use TSL. |
SMB/CIFS |
445 |
The Server Message Block Protocol provides a |
|
|
method for client applications in a computer |
|
|
to read and write to files on — and to request |
services from — server programs in a computer network. It is used to connect to the Microsoft Windows Platform.
208 Part III Configuration
Don’t try to memorize these ports; instead, focus on configuring the services and learn what protocol provides what service, such as HTTP for Web pages.
Connection protocols needed
Because the TCP/IP protocol suite is limited to network routing and transportation of information, you may need other protocols to network other systems.
Point-to-Point Protocol
The simplest and most widely used modem-based protocol is the Point-to-Point Protocol (PPP). PPP communicates between two computers by using a serial interface; for example, a personal computer is connected by an analog phone line to a server. Many users access the Internet from home by dialing a modem that connects to a modem pool, which then establishes a point-to-point connection by using PPP. This protocol can also be used for server-to-server connections and router-to- router connections. PPP provides a static connection between two pieces of equipment. It can also be used in many broadband, xDSL or cable, Internet connections with Ethernet.
Ethernet
Ethernet is the most widely used Local Area Network (LAN) access method. It is used to connect most workstations, servers, and routers at hubs that create the LAN.
Ethernet uses the IEEE 802.3 standard to provide connectivity to a network. Ethernet and PPP are the most commonly used access methods, but they aren’t the only ones used.
Serial Line Internet Protocol
SLIP, or Serial Line Internet Protocol, is an alternative to PPP. SLIP is not used very widely because it doesn’t provide for error detection and it doesn’t support synchronous connections.
WAN protocols
Linux can directly support almost any connection, including xDSL, cable, leased lines, and more. To support these connections, Linux employs PPPoE, Frame Relay, and other high-speed interface connection methods. These are not basic configurations of the Linux system, but you should be aware of them.
Other network protocols
Other network protocols include Yellow Pages or NIS (Network Information System) and NFS (Network File System), which use the SUN Remote Procedure Call (part of TCP/IP) to provide networking services. NIS is used to provide access to all systems on a network while only requiring one authentication. NFS is used to provide for file viewing and storage on a remote system.