Basic TCP/IP networkingGrado en Informatica 2016/2017Departamento de Computacion
Facultad de InformaticaUniversidad de Coruna
Antonio Yanez Izquierdo
Antonio Yanez Izquierdo Basic TCP/IP networking 1 / 77
Contents I
1 Basic network configurationsolaris 10solaris 11openbsdFreeBSDdebian linuxfedora linuxubuntu and devuan linuxlinux: Interaccion con Network Manager
2 Routes
3 Network interface aliasing
4 inetd configurationtcpwrappersinetd and tcpwrappers in Solaris
Antonio Yanez Izquierdo Basic TCP/IP networking 2 / 77
Basic network configuration
Basic network configuration
Antonio Yanez Izquierdo Basic TCP/IP networking 3 / 77
Basic network configuration
basic IP v4 configuration
to properly configure a machine using ipv4 we have to configure
the machine namethe Network Interface Cardsthe routesthe dns (if using it)
Antonio Yanez Izquierdo Basic TCP/IP networking 4 / 77
Basic network configuration
basic NIC configuration
The bassic things we have to configure for a Network Interface Cardare
its ip addressits netmask (number of bits in its ip address that correspond tonetwork address)its broadcast address
Antonio Yanez Izquierdo Basic TCP/IP networking 5 / 77
Basic network configuration
ways to configure the network
there are two ways to configure the network
manual configuration: we configure manually each of the paramaters,either directly using the comand line or through the boot scriptsusing dhcp: the network interface card asks for its configuration to amachine in the network (the dhcp server). This can be done directlythrough the comand line or using the boot scripts
most systems have a graphic utility to configure the network, whichcan be used to configure either manually or via dhcp. We won’t dealwith those utilities, neither will we deal with the wireless configurationoptions
Antonio Yanez Izquierdo Basic TCP/IP networking 6 / 77
Basic network configuration
ifconfig
the comand ifconfig configures network interfaces,
it is usually located at /sbin/ifconfig
it can configure interfaces both manually or using dhcp
ifconfig -a shows the actual configuration of the Network InterfaceCards
Antonio Yanez Izquierdo Basic TCP/IP networking 7 / 77
Basic network configuration
configuring the dns
the configuration of the dns resides on the file /etc/resolv.conf
this file has the options to the resolver configuration. The mostcommon options are
nameserver to specify the address of a domain name server, up to 3can be defineddomain (optional) to sepecify the local domain. Short names aresupposed to be from this domain
example of /etc/resolv.conf file
domain dc.if.udc.es.
nameserver 193.144.51.10
nameserver 192.144.48.30
Antonio Yanez Izquierdo Basic TCP/IP networking 8 / 77
Basic network configuration
the /etc/hosts file
this file contains the locally defined ip addresses of hosts
its format is
ip_address host_name aliases
example of /etc/hosts
127.0.0.1 localhost
192.168.1.99 abyecto.dc.fi.udc.es abyecto
Antonio Yanez Izquierdo Basic TCP/IP networking 9 / 77
Basic network configuration
the /etc/nsswitch.conf file
this file is used to determine the sources from where to obtainname-service information of several categories: hosts, users, mailaliases . . .
it also specifies the order in which this sources of information shouldbe queried
in the following example, the hosts ips are first searched for in thelocal files, then the dns is queried
passwd: compat
group: compat
shadow: compat
hosts: files dns
networks: files
Antonio Yanez Izquierdo Basic TCP/IP networking 10 / 77
Basic network configuration solaris 10
Basic network configuration→solaris 10
Antonio Yanez Izquierdo Basic TCP/IP networking 11 / 77
Basic network configuration solaris 10
NIC configuration in solaris 10
the interfaces are named after the driver in the kernel that managesthem.
example: the kernel uses the e1000g driver for Intel(R) PRO/1000NICS. Cards of this type will get the names e1000g0, e1000g1 . . .
ifconfig interface name plumb: plumbs (or connects) the interface:no configuration can be done before this, even ifconfig won’t showthe interface until it is plumbed
ifconfig interface name dhcp configures the card interface nameusing dhcp.
Antonio Yanez Izquierdo Basic TCP/IP networking 12 / 77
Basic network configuration solaris 10
NIC configuration in solaris 10
ifconfig interface name inet addr netmask netm broadcastbcast configures the card interface name with address addr,netmask netm and broadcast address bcast. If omitted broadcastdefaults to using 1’s in the host number. The netmask can also bespecified in the format address/network bits, or can be specifiedthrough one of the netwroks defined in /etc/networks#ifconfig e1000g1 inet 192.168.1.100 netmask 255.255.255.0
#ifconfig e1000g1 inet 192.168.1.100/24
ifconfig interface name up brings the interface up
Antonio Yanez Izquierdo Basic TCP/IP networking 13 / 77
Basic network configuration solaris 10
NIC configuration in solaris 10 at boot time
if we want to get the interfaces automatically configured at boot time(via svc:/network/physical) we’ll use the following files
interfaces using dhcp
/etc/hostname.interface name: empty file to plumb the interface/etc/dhcp.interface name: empty file to get the interface configuredwith dhcp
Antonio Yanez Izquierdo Basic TCP/IP networking 14 / 77
Basic network configuration solaris 10
NIC configuration in solaris 10 at boot time
interfaces configured manually
/etc/hostname.interface name: file containing the necessaryparameters passed to ifconfig to configure the interface. The ’inet’parameter is omitted: should we want to configure an ’inet6’ interfacewe would use an /etc/hostname6.interface name file
# cat /etc/hostname.e1000g1
192.168.1.100 netmask 255.255.255.0
#
Antonio Yanez Izquierdo Basic TCP/IP networking 15 / 77
Basic network configuration solaris 10
NIC configuration in solaris 10 at boot time
/etc/nodename: contains the name of the system. It is neccessary ifthe system is configured via dhcp if the DHCP server does not providea value for the hostname. The system can also get the name from the/etc/hosts database using the ip from the primary network card
/etc/defaultrouter: the ip address (or name if defined in/etc/hosts) of the default router.
/etc/defaultdomain: a single line containing a host’s domain name
/etc/networks: used to associate network names to networkaddresses
Antonio Yanez Izquierdo Basic TCP/IP networking 16 / 77
Basic network configuration solaris 11
Basic network configuration→solaris 11
Antonio Yanez Izquierdo Basic TCP/IP networking 17 / 77
Basic network configuration solaris 11
network configuration in Solaris 11
Solaris 11 uses profile based network configuration. There are to NCP(Network Configuration Profiles): the DefaultFixed NCP and theAutomatic NCP.
Additional profiles can be created by the system administrator
we can switch between the profiles with the netadm command
# netadm enable -p ncp DefaultFixed
//to activate the DefaultFixed profile
# netadm enable -p ncp Automatic
//to activate the Automatic profile
Antonio Yanez Izquierdo Basic TCP/IP networking 18 / 77
Basic network configuration solaris 11
network configuration in Solaris 11
in the DefaultFixed profile we’ll use the commands dladm and ipadmto configure the network
in the Automatic profile we use the commands netcfg and andnetadm to create and manage network configuration.
netadm list shows the active NCP on the system
changes made through these commands are persistent across reboots,so there’s no need to deal with configuration files. We’ll deal onlywith the manual mode
Antonio Yanez Izquierdo Basic TCP/IP networking 19 / 77
Basic network configuration solaris 11
network configuration in Solaris 11
network interfaces are created with the ipadm command.
# ipadm create-ip net0
network interfaces can be destroyed with:
# ipadm delete-ip net0
once created we can assign them an static ipv4 address# ipadm create-addr -T static -a 192.168.1.7/24 net0/addr
or have them configured through dhcp
# ipadm create-addr -T dhcp net0/addr
Antonio Yanez Izquierdo Basic TCP/IP networking 20 / 77
Basic network configuration solaris 11
network configuration in Solaris 11
to disable one interface.
# ipadm disable-if net0
to see the addresses asigned to the interfaces
# ipadm show-addr
to see the status of the interfaces
# ipadm show-if
to see the physical properties of each datalink
# dladm show-phys
Antonio Yanez Izquierdo Basic TCP/IP networking 21 / 77
Basic network configuration solaris 11
network configuration in Solaris 11
to stablish the default route
# route -p add default 192.168.2.1
the dns is configured thorugh the services facilities
# svccfg -s network/dns/client setprop \
config/nameserver = net_address: 193.144.51.10
as is the nswitch
# svccfg -s name-service/switch setprop \
config/host = astring: ’("files dns")’
Antonio Yanez Izquierdo Basic TCP/IP networking 22 / 77
Basic network configuration solaris 11
network configuration in Solaris 11
the hostname is implemented as a property of the system/identity
service
to change the hostname
# svccfg -s system/identity:node setprop\
config/nodename=nuevonombre
# svccfg -s system/identity:node refresh
# svcadm restart system/identity:node
Antonio Yanez Izquierdo Basic TCP/IP networking 23 / 77
Basic network configuration openbsd
Basic network configuration→openbsd
Antonio Yanez Izquierdo Basic TCP/IP networking 24 / 77
Basic network configuration openbsd
NIC configuration in openBSD
the interfaces are named after the driver in the kernel that managesthem.
example: the kernel uses the em driver for Intel(R) PRO/1000 NICS.Cards of this type will get the names em0, em1 . . .
dhclient interface name configures the card interface name usingdhcp.
Antonio Yanez Izquierdo Basic TCP/IP networking 25 / 77
Basic network configuration openbsd
NIC configuration in openBSD
ifconfig interface name inet address netmask broadcastconfigures the card interface name with address address, netmasknetmask and broadcast address broadcast.I#ifconfig em0 inet 192.168.1.100 255.255.255.0 192.168.1.255
ifconfig interface name up brings the interface up
Antonio Yanez Izquierdo Basic TCP/IP networking 26 / 77
Basic network configuration openbsd
NIC configuration in openBSD at boot time
if we want to get the interfaces automatically configured at boot time(via /etc/netstart) we’ll use the following files
interfaces using dhcp
/etc/hostname.interface name file containing the word dhcp (seehostname.if man page)
Antonio Yanez Izquierdo Basic TCP/IP networking 27 / 77
Basic network configuration openbsd
NIC configuration in openBSD at boot time
interfaces configured manually
/etc/hostname.interface name file containing the necessaryparameters passed to ifconfig to configure the interface. If we’d wantto configure an ’inet6’ interface we would use inet6 instead of inet inthe /etc/hostname.interface name file
# cat /etc/hostname.em0
inet 192.168.1.100 255.255.255.0 192.168.1.255
#
Antonio Yanez Izquierdo Basic TCP/IP networking 28 / 77
Basic network configuration openbsd
NIC configuration in openBSD at boot time
/etc/myname Contains the complete name of the system
/etc/mygate Contains the ip address of the default router.
Antonio Yanez Izquierdo Basic TCP/IP networking 29 / 77
Basic network configuration FreeBSD
Basic network configuration→FreeBSD
Antonio Yanez Izquierdo Basic TCP/IP networking 30 / 77
Basic network configuration FreeBSD
NIC configuration in FreeBSD
the interfaces are named after the driver in the kernel that managesthem.
example: the kernel uses the le driver for PCNet PCI-II NICS. Cards ofthis type will get the names le0, le1 . . .
dhclient interface name configures the card interface name usingdhcp.
Antonio Yanez Izquierdo Basic TCP/IP networking 31 / 77
Basic network configuration FreeBSD
NIC configuration in freeBSD
ifconfig interface name inet/inet6 address netmask broadcastconfigures the card interface name with address address, netmasknetmask and broadcast address broadcast.I#ifconfig le0 inet 192.168.1.100 255.255.255.0 192.168.1.255
ifconfig interface name up brings the interface up
Antonio Yanez Izquierdo Basic TCP/IP networking 32 / 77
Basic network configuration FreeBSD
NIC configuration in freeBSD at boot time
if we want to get the interfaces automatically configured at boot timewe do so adding a line for each interface in the file /etc/rc.conf
we use one line for each interface to be configured.
The line assigns to a shell variable named ifconfig interface name
the parameters that would be passed to ifconfig
Antonio Yanez Izquierdo Basic TCP/IP networking 33 / 77
Basic network configuration FreeBSD
NIC configuration in freeBSD at boot time
The following lines in /etc/rc.conf get the interfaces em0, le0 andle1 configured at boot time
ifconfig_em0="DHCP"
ifconfig_le0="inet 192.168.1.3 netmask 255.255.255.0"
ifconfig_le1="inet 10.0.0.1 netmask 255.255.0.0"
Antonio Yanez Izquierdo Basic TCP/IP networking 34 / 77
Basic network configuration FreeBSD
network configuration in freeBSD at boot time
We can also configure both the hostname ad the default routethrough variables in /etc/rc.conf
Example
hostname="machine.ningunsitio.org"
defaultrouter="192.168.2.1"
Antonio Yanez Izquierdo Basic TCP/IP networking 35 / 77
Basic network configuration debian linux
Basic network configuration→debian linux
Antonio Yanez Izquierdo Basic TCP/IP networking 36 / 77
Basic network configuration debian linux
NIC configuration in debian linux
the interfaces are named eth0, eth1, eth2 . . .
the names eth0, eth1, eth2 . . . are asigned to the interfaces THEFIRST TIME the kernel recognices them. This is stored in the file/etc/udev/rules.d/70-persistent-net.rules, where it can bechanged if necessary.
on older versions of linux the names were assigned each time thesystem booted, and this was driver-loading-order dependent.
Antonio Yanez Izquierdo Basic TCP/IP networking 37 / 77
Basic network configuration debian linux
NIC configuration in debian linux
abyecto:/home/antonio# cat /etc/udev/rules.d/70-persistent-net.rules
# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.
# PCI device 0x11ab:0x4363 (sky2)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:24:be:40:5c:4b", ATTR{dev_id}=="0x0",
ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
# PCI device 0x8086:0x4232 (iwlagn)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:24:d6:0e:ae:a0", ATTR{dev_id}=="0x0",
ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan0"
abyecto:/home/antonio#
Antonio Yanez Izquierdo Basic TCP/IP networking 38 / 77
Basic network configuration debian linux
NIC configuration in debian linux
dhclient interface name configures the card interface name usingdhcp.
ifconfig interface name inet address addr netmask netmkbroadcast bcast configures the card interface name with addressaddr, netmask netmk and broadcast address bcast.I
#ifconfig eth0 inet 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255
ifconfig interface name up brings the interface up (same as ifup)
Antonio Yanez Izquierdo Basic TCP/IP networking 39 / 77
Basic network configuration debian linux
NIC configuration in debian linux at boot time
if we want to get the interfaces automatically configured at boot time(via /etc/init.d/networking)
debian systems and derivatives will look for the file/etc/network/interfaces (see interfaces man page)
/etc/hostname Contains the name of the system (either the fullyqualified domain name or just the nodename)
Antonio Yanez Izquierdo Basic TCP/IP networking 40 / 77
Basic network configuration debian linux
NIC configuration in debian linux at boot time
Sample /etc/network/interfaces with just one NIC manuallyconfigured
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
#allow-hotplug eth0
auto eth0
iface eth0 inet static
address 192.168.1.99
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
Antonio Yanez Izquierdo Basic TCP/IP networking 41 / 77
Basic network configuration debian linux
NIC configuration in debian linux at boot time
Sample /etc/network/interfaces with just two NICs
root@abyecto:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo eth0 eth1
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
# internal network
allow-hotplug eth1
iface eth1 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
breadcast 192.168.1.255
Antonio Yanez Izquierdo Basic TCP/IP networking 42 / 77
Basic network configuration fedora linux
Basic network configuration→fedora linux
Antonio Yanez Izquierdo Basic TCP/IP networking 43 / 77
Basic network configuration fedora linux
NIC configuration in fedora linux
fedora changed de naming of the interfaces in a linux system usingthe biosdevname program.
They are no longer named eth0, eth1,. . . ; they get the names emN,empNpM, ensN, pNpM
This new name scheme does not make names dependent on the typeof card or its mac, the names are generated depending on how(where) they are connected to the system which makes easier tosubstitute interfaces
Antonio Yanez Izquierdo Basic TCP/IP networking 44 / 77
Basic network configuration fedora linux
NIC configuration in fedora linux
We can use the same commands as in debian linux to configure theinterfaces
dhclient interface name configures the card interface name usingdhcp.ifconfig interface name inet address addr netmask netmkbroadcast bcast configures the card interface name with addressaddr, netmask netmk and broadcast address bcast
Antonio Yanez Izquierdo Basic TCP/IP networking 45 / 77
Basic network configuration fedora linux
NIC configuration in fedora linux
fedora linux reommends to use the command ip addr or ip link toconfigure the interface instead of ifconfig
Examples
ip addr show shows the configuration of the interfacesip link set p2p1 down brings the interface p2p1 downip link set p2p1 up brings the interface p2p1 upip addr add 192.168.2.100 dev p2p1 adds address 192.168.2.100to interface p2p1ip addr del 192.168.2.100 dev p2p1 removes address192.168.2.100 to interface p2p1
with this command we can easily assign more than one address to oneinterface
Antonio Yanez Izquierdo Basic TCP/IP networking 46 / 77
Basic network configuration fedora linux
NIC configuration at boot time
if we want to get the interfaces automatically configured at boot timewe should take into account the following files
/etc/sysconfig/network. A file defining the following variables.
NETWORKING=yes.or.no
HOSTNAME=fully.qualified.name
GATEWAY=ipaddr.of.the.gateway
GATEWAYDEV=interface
Antonio Yanez Izquierdo Basic TCP/IP networking 47 / 77
Basic network configuration fedora linux
NIC configuration at boot time
/etc/sysconfig/network-scripts/ifcfg-interface name.A file foreach interface to be configured in the system. It defines, amongothers, the following variables
DEVICE=name
BOOTPROTO=protocol (can be none, bootp or dhcp)
IPADDR=address
NETMASK=mask
BROADCAST=address
Las opciones de los archivos de configuracion estan descritas en (manifup proporciona la informacion)
/usr/share/doc/initscripts/sysconfig.txt
Antonio Yanez Izquierdo Basic TCP/IP networking 48 / 77
Basic network configuration ubuntu and devuan linux
Basic network configuration→ubuntu and devuan linux
Antonio Yanez Izquierdo Basic TCP/IP networking 49 / 77
Basic network configuration ubuntu and devuan linux
debian derivatives
ubuntu and devuan are distibutions based on debian. Theirconfiguration files resemble that of the debian distibution
ubuntu now names interfaces the fedora way but the configurationfiles for basic networking are the same as in debian
As of version 8 (code name jessie) debian has switched to a systemdbased distrubution. devuan is a fork of debian without the need toinstall systemd. As far as basic network configuration is concerned,they are the same.
Antonio Yanez Izquierdo Basic TCP/IP networking 50 / 77
Basic network configuration linux: Interaccion con Network Manager
Basic network configuration→linux: Interaccion con Network Manager
Antonio Yanez Izquierdo Basic TCP/IP networking 51 / 77
Basic network configuration linux: Interaccion con Network Manager
Interaccion con Network Manager
Network Manager es un paquete que se installa con la mayorıa de losentornos de escritorio en linux.
Consta de un daemon ejecutandose como root y in font-end quedepende del entorno de escritorio
Network Manager intentara manejar las interfaces de red nodeclaradas en los archivos de configuracion del sistema
Para saber que interfaces de red maneja Network Manager
#nmcli dev status
la configuracion de Network Manager reside en/etc/NetworkManager/NetworkManager.conf
Antonio Yanez Izquierdo Basic TCP/IP networking 52 / 77
Basic network configuration linux: Interaccion con Network Manager
Interfaces controladas por Network Manager
Si queremos que una interfaz de red no este controlada por NetworkManager debemos hacer los siguiente
debian Confirgurar la interfaz en /etc/network/interfaces y hacer que/etc/NetworkManager/NetworkManager.conf contenga
[main]
plugins=ifupdown
[ifupdown]
managed=false
fedora Anadir al fichero de configuracion de la interfaz ifcfg-iface laslıneas NM CONTROLLED=no y HWADDR=??:??:??:??:??:?? y hacer/etc/NetworkManager/NetworkManager.conf contenga
[main]
plugins=ifcfg-rh
Antonio Yanez Izquierdo Basic TCP/IP networking 53 / 77
Basic network configuration linux: Interaccion con Network Manager
Interfaces controladas por Network Manager
Si queremos detener temporalmente Network Manager podemoshacerlo con los siguientes comandos (dependiendo de la distribucion)
# service NetworkManager stop
# /etc/init.d/network-mmanager stop
# systemctl stop NetworkManager.service
Y si queremos deshabilitarlo (que no se inicie al iniciar el S.O.),
# chkconfig NetworkManager off
# update-rc.d network-manager remove
# insserv -r network-manager
# systemctl disable NetworkManager.service
Antonio Yanez Izquierdo Basic TCP/IP networking 54 / 77
Routes
route configuration at boot time
we’ll deal only with the most simple case of routing: A single defaultroute. If we’re using dhcp this is configured automatically. If not
solaris through the /etc/defaultrouter filesolaris 11 through the route -p commandopenBSD through the /etc/mygate filefreeBSD in the file /etc/rc.conf
linux in the /etc/network/interfaces file with the word gateway
(debian). In the file /etc/sysconfig/network (fedora)
Antonio Yanez Izquierdo Basic TCP/IP networking 56 / 77
Routes
manipulating the route
the commands to manipulate the routing table are
solaris route and routeadmBSD routelinux route or ip route
to show the routing table we use netstat -r. In linux we can also useroute or ip route show without arguments
Antonio Yanez Izquierdo Basic TCP/IP networking 57 / 77
Network interface aliasing
Network interface aliasing
Antonio Yanez Izquierdo Basic TCP/IP networking 58 / 77
Network interface aliasing
interface aliasing
By interface aliasing we refer to the act of giving a Network InterfaceCard more than one IP address. (solaris calls them logical interfaces)
debian we configure these alias as we would do with a non-aliased interfacebut using the names eth0:0, eth0:1. . . , eth1:0. . . .To get it configured at boot time we just add an entry for it in the file/etc/network/interfaces as we would do with a non-aliasedinterface.
# ifconfig eth0:0 192.168.1.11 up
Antonio Yanez Izquierdo Basic TCP/IP networking 59 / 77
Network interface aliasing
interface aliasing
fedora We configure these alias as we would do with a non-aliased interfacebut using the ip addr command.
We simply add internet addresses to the interface
# ip addr add 192.168.2.100 dev p2p1
# ip addr add 192.168.29.18 dev p2p1
if we want to get the alias configured at boot time we add IPADDR2,IPADDR3, . . . to the/etc/sysconfig/network-scripts/ifcgf-device file
IPADDR2=192.168.2.150
IPADDR3=192.168.15.22
Antonio Yanez Izquierdo Basic TCP/IP networking 60 / 77
Network interface aliasing
interface aliasing
solaris 10 We configure these alias as we would do with a non-aliased interfacebut using the names interface name:alias number.
The alias must be plumbed separately.To get them configured at boot we must proceed to create the file/etc/hostname.interface name:alias number
# ifconfig pcn0:1 plumb
# ifconfig pcn0:1 inet 19.10.2.45 netmask 255.0.0.0
Antonio Yanez Izquierdo Basic TCP/IP networking 61 / 77
Network interface aliasing
interface aliasing
openBSD We use the option alias of ifconfig
# ifconfig em0 alias 10.1.2.4 255.0.0.0
In the /etc/hostname.interface name file we add one line for eachalias of the NIC
# cat /etc/hostname.em0
inet 192.168.1.100 255.255.255.0 192.168.1.255
inet alias 10.1.2.4 255.0.0.0
Antonio Yanez Izquierdo Basic TCP/IP networking 62 / 77
Network interface aliasing
interface aliasing
freeBSD We use the option alias of ifconfig
# ifconfig le0 10.1.2.4 255.0.0.0 alias
We add a line to /etc/rc.conf to get the alias configured at boottime
# cat /etc/rc.conf
ifconfig_le0="inet 192.168.1.3 netmask 255.255.255.0"
ifconfig_le0_alias0="inet 192.168.30.11 netmask 255.255.255.255"
Antonio Yanez Izquierdo Basic TCP/IP networking 63 / 77
Network interface aliasing
interface aliasing
solaris 11 We just use the command ipadm create-addr to add one address toan existing interface
# ipadm create-addr -T static -a 192.168.5.44 net1/alias0
it will appear in the configuration
root@aso:~# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
net0/ipv4 dhcp ok 10.0.2.15/24
net1/ipv4 static ok 192.168.1.155/24
net1/alias0 static ok 192.168.4.44/24
lo0/v6 static ok ::1/128
Antonio Yanez Izquierdo Basic TCP/IP networking 64 / 77
inetd configuration
inetd configuration
inetd is called the internet superserver
Some internet services listen directly to their corresponding port,others are started by inetd
When a conexion request arrives on a designated port, inetd startsthe appropiated server program
This allows for server programs to run only when needed, thus savingresources on the system
Two files control the working of inetd/etc/services
/etc/inetd.conf
Antonio Yanez Izquierdo Basic TCP/IP networking 66 / 77
inetd configuration
/etc/services
/etc/inet/services on some systems
this file has a mapping between the port numbers and protocol to theservices names. Info can be found in the services man page. Afragment from an acual /etc/services is shown
ftp 21/tcp
fsp 21/udp fspd
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp
telnet 23/tcp
smtp 25/tcp mail
time 37/tcp timserver
time 37/udp timserver
rlp 39/udp resource # resource location
nameserver 42/tcp name # IEN 116
whois 43/tcp nicname
Antonio Yanez Izquierdo Basic TCP/IP networking 67 / 77
inetd configuration
/etc/inetd.conf
This file associates the service name to the program actuallyproviding the service
The format for one line of this file is
service_name socket_type protocol wait/nowait user.group program args
Antonio Yanez Izquierdo Basic TCP/IP networking 68 / 77
inetd configuration
/etc/inetd.conf
As lines started with the # are treated as comments, we can disableone service, by simply comenting out the corresponding line
Example of the telnetd service disabled
#telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd
debian linux does not include inetd, it can be installed as packageopenbsd-inetd (usually as a dependence of other network packages)
in OpenBSD and FreeBSD inetd does not start by default (variablesinetd and inetd flags of rc.conf). In openBSD 5.8 the defaultconfiguration file is located at /etc/examples/inetd.conf
Antonio Yanez Izquierdo Basic TCP/IP networking 69 / 77
inetd configuration
inetd in fedora linux
Fedora linux, (as do some distrbutions of linux), does not includeinetd. It includes xinetd a inetd replacement
However, it is no necesary to use xinetd to use such services such astelnetd or ftpd
For example, should have we installed pure-ftpd as the ftp server wecan enable that ftp service by doing
# systemctl enable pure-ftpd
# systemctl start pure-ftpd
Antonio Yanez Izquierdo Basic TCP/IP networking 70 / 77
inetd configuration tcpwrappers
inetd configuration→tcpwrappers
Antonio Yanez Izquierdo Basic TCP/IP networking 71 / 77
inetd configuration tcpwrappers
tcpwrappers
An aditional layer can be placed between inetd and the serverprogram to perform access control based on host name, networkaddress or ident queries
This layer is usally called tcpwrappers or, by the name of theprogram, tcpd.
the program tcpd gets called by inetd and receives the server to startas a parametertcpd checks its configuration files to see if the access must be grantedor deniedin case the access is granted tcpd starts the server program supplied asparameter
the corresponding line for ths telnetd server using tcpwrapperswould look like this
telnet stream tcp nowait telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd
Antonio Yanez Izquierdo Basic TCP/IP networking 72 / 77
inetd configuration tcpwrappers
tcpwrappers
the configuration for the tcpwrappers resides in the files/etc/hosts.allow and /etc/hosts.deny
the manual page hosts access documents the use of these files
Access will be granted when a (daemon,client) pair matches an entry inthe /etc/hosts.allow file.Otherwise, access will be denied when a (daemon,client) pair matchesan entry in the /etc/hosts.deny file.Otherwise, access will be granted.
xinetd can also implement this access control as can the servers uselibtcpwrappers (libtcpd) directly
Antonio Yanez Izquierdo Basic TCP/IP networking 73 / 77
inetd configuration inetd and tcpwrappers in Solaris
inetd configuration→inetd and tcpwrappers in Solaris
Antonio Yanez Izquierdo Basic TCP/IP networking 74 / 77
inetd configuration inetd and tcpwrappers in Solaris
inetd and tcpwrappers in Solaris
Starting with Solaris 10, the inetd services have been integrated inthe smf (Sevices Managemnent Facility) mainframe
The file /etc/inetd.conf exists on the system but any changesmade to it do not change the system behaviour
If we add a service to /etc/inetd.conf, we can convert into a smfmanifest to me managed by smf using the command inetconv
After that, the service can be managed using the commands svcadmand inetadm
tcpwrappers can also be activated for all or some of the inetd servicesas a property of inetd
Antonio Yanez Izquierdo Basic TCP/IP networking 75 / 77
inetd configuration inetd and tcpwrappers in Solaris
inetd and tcpwrappers in Solaris
to see inetd properties
# svcprop inetd
# inetadm -p
to list the services managed through inetd
# inetadm
to list an inetd service
# inetadm -l servce_name
to enable or disable an inetd service
# inetadm -e|-d service_name
services can also be disabled with svcadm
Antonio Yanez Izquierdo Basic TCP/IP networking 76 / 77
inetd configuration inetd and tcpwrappers in Solaris
inetd and tcpwrappers in Solaris
tcp wrapers is treated as a property of inetd so, to enable it we mustmodify that property of inetd
# inetadm -M tcp_wrappers=TRUE
tcp wrapers can be enabled on a per service basis modifying just theproperty of that service. For example to enable the host accesscontrol ONLY for the telnet service we’d do
# inetadm -M tcp_wrappers=FALSE
to disable tcp wrappers. And then to enable tcp wrappers for thetelnet service
# inetadm -m telnet tcp_wrappers=FALSE
Antonio Yanez Izquierdo Basic TCP/IP networking 77 / 77
Top Related