Ubuntu iTOps Tube

advertisement center

Tuesday, November 8, 2011



Congratulations! Now that you have an understanding of basic networking, it's time read Chapter 3, "Linux Networking", to learn how to configure Linux networking.

Feel free to return to this chapter whenever you need to refresh your memory on these foundation concepts.

Linux Help

Linux Help

Linux help files are accessed using the man or manual pages. From the command line you issue the man command followed by the Linux command or file about which you want to get information. If you want to get information on the ssh command, then you'd use the command man ssh.

 [root@bigboy tmp]# man ssh

If you want to search all the man pages for a keyword, then use the man command with the -k switch, for example, man -k ssh which will give a list of all the man pages that contain the word ssh.

 [root@bigboy tmp]# man -k ssh
 ssh                  (1)  - OpenSSH SSH client (remote login program)
 ssh [slogin]         (1)  - OpenSSH SSH client (remote login program)
 ssh-agent            (1)  - authentication agent
 ssh-keyscan          (1)  - gather ssh public keys
 ssh_config           (5)  - OpenSSH SSH client configuration files
 sshd                 (8)  - OpenSSH SSH daemon
 sshd_config          (5)  - OpenSSH SSH daemon configuration file
 [root@bigboy tmp]#

This book is targeted at proficient Linux beginners and above so I'll be using a wide variety of commands in this book without detailed explanations to help keep the flow brisk. If you need more help on a command, use its man page to get more details on what it does and the syntax it needs. Linux help can sometimes be cryptic, but with a little practice the man pages can become your friend.

The File Transfer Protocol

The File Transfer Protocol

FTP is one of the most popular applications used to copy files between computers via a network connection. Knowledge of FTP is especially important and is a primary method of downloading software for Linux systems.

There are a number of commercially available GUI based clients you can load on your PC to do this, such as WSFTP and CuteFTP. You can also use FTP from the command line as shown in Chapter 6, "Installing RPM Software", on RPM software installation.

From the remote user's perspective, there are two types of FTP. The first is regular FTP which is used primarily to allow specific users to download files to their systems. The remote FTP server prompts you for a specific username and password to gain access to the data.

The second method, anonymous FTP is used primarily to allow any remote user to download files to their systems. The remote FTP server prompts you for a username, at which point the user types anonymous or ftp with the password being any valid e-mail address.

From the systems administrator's perspective, there are another two categories. These are "active" and "passive" FTP which is covered in more detail in Chapter 15, "Linux FTP Server Setup".

It is good to remember that FTP isn't very secure as usernames, passwords and data are sent across the network unencrypted. More secure forms such as SFTP (Secure FTP) and SCP (Secure Copy) are available as a part of the Secure Shell package (covered in Chapter 17, "Secure Remote Logins and File Copying") that is normally installed by default with Fedora.

Additional Introductory Topics

Additional Introductory Topics

The last few topics of this chapter may not appear to be directly related to networking, but they cover Linux help methods that you'll use extensively and the File Transfer Protocol (FTP) package, which enables you to download all the software you need to get your Linux server operational as quickly as possible.

Firewalls Help Provide a Secure Routing Environment

Firewalls Help Provide a Secure Routing Environment

Firewalls can be viewed as routers with more enhanced abilities to restrict traffic, not just by port and IP address as routers do. Specifically, firewalls can detect malicious attempts to subvert the TCP/IP protocol. A short list of capabilities includes:

§  Throttling traffic to a server when too many unfulfilled connections are made to it

§  Restricting traffic being sent to obviously bogus IP addresses

§  Providing network address translation or NAT

Routers are designed to make packets flow as quickly as possible with the minimum amount of inspection. Firewalls are used as close to the source or target of data communication as possible to try to ensure that the data hasn't been subverted.

Firewalls can often create an encrypted data path between two Private networks across the Internet providing secure communication with a greatly reduced chance of eavesdropping. These communication channels are called Virtual Private Networks or VPNs and are frequently used to connect branch offices to the corporate headquarters and also to allow sales representatives to get access to sensitive pricing information when traveling from town to town.

Default Gateways, The Routers Of Last Resort

Default Gateways, The Routers Of Last Resort

A default gateway is the router that is used when no alternative devices can be found to relay the traffic. They are often called "routers of last resort".

Say for example you have two routers R1 and R2. R1 is connected to both your SOHO home network and the Internet. R2 is connected to SOHO home network and is capable of relaying data to other corporate networks with addresses starting with 10.X.X.X via another NIC card.

You could put a route on your SOHO servers that states:

§  Go to network via router R2

§  Go to everything else via router R1. R1 therefore would be considered your default gateway

For most home networks, your default gateway would be the router/firewall connected to the Internet.

Chapter 3, "Linux Networking", which covers Linux network topics, shows how to configure the default gateway on your Linux box.

How Simple Routing Works

How Simple Routing Works

In the broader networking sense, a "route" refers to the path data takes to traverse from its source to its destination. Each router along the way may also be referred to as a hop.

Usually when we speak about a route on a Linux box, we are referring to the IP address of the first hop needed to reach the desired destination network. It is assumed that this first hop will know how to automatically relay the packet.

As explained previously, routers are designed to exchange routing information dynamically, and can therefore intelligently redirect traffic to bypass failed network links. Home Linux boxes frequently don't run a dynamic routing protocol and therefore rely on "static" routes issued by the system administrator at the command line or in configuration files to determine the next hop to all desired networks.

Chapter 3, "Linux Networking", which covers Linux network topics, shows how to add static routes to your Linux box and also how you can convert it into a simple router.

How Routers Interconnect LANs

How Routers Interconnect LANs

As stated before, switches and hubs usually have only servers connected to them that have been configured as being part of the same network. By connecting its NIC cards to multiple LANs, a correctly configured router is capable of relaying traffic between networks.

Routers can also be configured to deny communication between specific servers on different networks. They can also filter traffic based on the TCP port section of each packet. For example, it is possible to deny communication between two servers on different networks that intend to communicate on TCP port 80, and allow all other traffic between them. Routers therefore direct and regulate traffic between separate networks, much like a traffic policeman.

If you intend to route between networks, you must reserve an IP address for a router for each network and make sure that the router is directly connected to the LAN associated with that network. The network engineer responsible for the router will also have to specify which locally connected networks can be advertised to the router's neighbors and whether this information can be relayed to all the routers in an administrative zone, or routing domain.

In this example, we can see that the router is aware of many different networks (represented by the slash notation for subnet masks). The routing table also shows the best serial and VLAN type interfaces to use to get to these destinations and the IP address of the neighboring router through which traffic needs to be relayed to get there.

 router>show ip route
 Gateway of last resort is to network is variably subnetted, 2 subnets, 2 masks
 S is directly connected, Null0
 S is directly connected, Null0 is subnetted, 2 subnets
 S [1/0] via
 S is directly connected, Null0 is variably subnetted, 64 subnets, 8 masks
 O E1 [110/22] via, 3w1d, Serial1/0/1
 C is directly connected, Vlan3
 O [110/3] via, 3w1d, Serial1/0/1
 O [110/3] via, 3w1d, Vlan2
 O [110/3] via, 7w0d, Serial1/0/0
 S [1/0] via
 C is directly connected, Vlan114
 O [110/4] via, 7w0d, Serial1/0/0
 S* [1/0] via

In home networks, routers usually have only two interfaces that provide connectivity to the Internet via network address translation or NAT. In other words routers act as gateways to the wider world and it won't be surprising to learn that routers are frequently referred to as "gateways".

Note: The term gateway specifically refers to a device that routes traffic between dissimilar network protocols (IP to Appletalk) or access methods (Ethernet to DSL). Routers transfer traffic where both the protocols and communications medium are the same. The terms are frequently used interchangeably, especially if only one network protocol is being used. Therefore a home DSL router that provides IP Internet access to an Ethernet network is technically both a gateway and a router. The distinction can be important in complicated networking environments where newer technologies need to talk with older ones using incompatible communications protocols.

Local Area Networks

Local Area Networks

A local area network (LAN) is a grouping of ports on a hub, switch or tied to a wireless access point (WAP) that can communicate only with each other.

It is possible to connect multiple switches and/or hubs in a chain formation to create a LAN with more ports. This is often called daisy chaining.

Switches and hubs provide no access control between servers connected to the same LAN. This is why network administrators group trusted servers having similar roles on the same LAN.

Servers use their IP address and subnet mask and the IP address of the remote server to determine whether they are both on the same network. If not, they attempt to communicate with each other via routers that interconnect their LANs. Routers are also capable of filtering traffic passing between the two LANs therefore providing additional security.

Larger, more expensive switches can be configured to assign only certain ports to prespecified virtual LANs or (VLANs) chosen by the network administrator. In this case, the switch houses ports on multiple LANs. A router still needs to be connected to each VLAN for internetwork communication.

Using Switches as a Faster Alternative to Hubs

Using Switches as a Faster Alternative to Hubs

A switch is also a device into which you can connect all devices on a home network so that they can talk together. Unlike a hub, traffic sent from Server A to Server B will be received only by Server B. The only exception is broadcast traffic which is blurted out to all the servers simultaneously.

Switches regulate traffic, thereby eliminating the possibility of message garbling and providing a more efficient traffic flow.

Devices that plug into switches should be set to full duplex to take full advantage of the dedicated bandwidth coming from each switch port.

Connectivity Using Hubs

Connectivity Using Hubs

A hub is a device into which you can connect all devices on a network so that they can talk together. Hubs physically cross-connect all their ports with one another which causes all traffic sent from a server to the hub to be blurted out to all other servers connected to that hub whether they are the intended recipient or not.

Hubs have no, or very little, electronics inside and therefore do not regulate traffic. It is possible for multiple servers to speak at once with all of them receiving garbled messages. When this happens the servers try again, after a random time interval, until the message gets through correctly.

It is for these reasons that Ethernet devices that plug into hubs should be set to half duplex.

Note: Hubs can add a lot of delays to your network because of the message garbling collisions and retransmissions. A switch is a much more reliable and predictable alternative, and ones made for the home often cost only a few dollars more.


The Two Broad Types Of Networking Equipment

The Two Broad Types Of Networking Equipment

There are two main types of networking equipment; Data Communications Equipment (DCE) which is intended to act as the primary communications path, and Data Terminal Equipment (DTE) which acts as the source or destination of the transmitted data.


Data Terminal Equipment

DTE devices were originally computer terminals located at remote offices or departments that were directly connected modems. The terminals would have no computing power and only functioned as a screen/keyboard combination for data processing.

Nowadays most PCs have their COM and Ethernet ports configured as if they were going to be connected to a modem or other type of purely networking-oriented equipment.


Data Communications Equipment

A DCE is also known as Data Circuit-Terminating Equipment and refers to such equipment as modems and other devices designed primarily to provide network access.


Using Straight-Through/Crossover Cables to Connect DTEs And DCEs

When a DCE is connected to a DTE, you will need a straight-through cable. DCEs connected to DCEs or DTEs connected to DTEs require crossover cables. This terminology is generally used with Ethernet cables.

The terminology can be different for cables used to connect serial ports together. When connecting a PC's COM port (DTE) to a modem (DCE) the straight-through cable is frequently called a modem cable. When connecting two PCs (DTE) together via their COM ports, the crossover cable is often referred to as a null modem cable.

Some manufacturers configure the Ethernet ports of their networking equipment to be either of the DTE or the DCE type, and other manufacturers have designed their equipment to flip automatically between the two types until it gets a good link. As you can see, confusion can arise when selecting a cable. If you fail to get a link light when connecting your Ethernet devices together, try using the other type of cable.

A straight-through Ethernet cable is easy to identify. Hold the connectors side by side, pointing in the same direction with the clips facing away from you. The color of the wire in position #1 on connector #1 should be the same as that of position #1 on connector #2. The same would go for positions #2 through #8, that is, the same color for corresponding wires on each end. A crossover cable has them mixed up. Table 2-3 provides some good rules of thumb.


Table 2-3: Cabling Rules of Thumb


Likely Cable Type

PC to PC


Hub to hub


Switch to switch


PC to modem


PC to hub


PC to switch


Network Interface Cards

Network Interface Cards

Your network interface card is also frequently called a NIC. Currently, the most common types of NIC used in the home and office are Ethernet and wireless Ethernet cards.


The Meaning of the NIC Link Light

The link light signifies that the NIC card has successfully detected a device on the other end of the cable. This indicates that you are using the correct type of cable and that the duplex has been negotiated correctly between the devices at both ends.


Duplex Explained

Full duplex data paths have the capability of allowing the simultaneous sending and receiving of data. Half duplex data paths can transmit in both directions too, but in only one direction at a time.

Full duplex uses separate pairs of wires for transmitting and receiving data so that incoming data flows don't interfere with outgoing data flows.

Half duplex uses the same pairs of wires for transmitting and receiving data. Devices that want to transmit information have to wait their turn until the "coast is clear" at which point they send the data. Error-detection and data-retransmission mechanisms ensure that the data reaches the destination correctly and are specifically designed to remedy data corruption caused when multiple devices start transmitting at the same time.

A good analogy for full duplex communications is the telephone, in which both parties can speak at the same time. Half duplex on the other hand is more like a walkie-talkie in which both parties have to wait until the other is finished before they can speak.

Data transfer speeds will be low and error levels will be high if you have a device at one end of a cable set to full duplex and a device at the other end of the cable set to half duplex.

Most modern network cards can autonegotiate duplex with the device on the other end of the wire. It is for this reason that duplex settings aren't usually a problem for Linux servers.

The MAC Address

The media access control (MAC) address can be equated to the serial number of the NIC. Every IP packet is sent out of your NIC wrapped inside an Ethernet frame that uses MAC addresses to direct traffic on your locally attached network.

MAC addresses therefore have significance only on the locally attached network. As the packet hops across the Internet, its source/destination IP address stays the same, but the MAC addresses are reassigned by each router on the way using a process called ARP.


How ARP Maps the MAC Address to Your IP Address

The Address Resolution Protocol (ARP) is used to map MAC addresses to network IP addresses. When a server needs to communicate with another server it does the following steps:

1.    The server first checks its routing table to see which router provides the next hop to the destination network.

2.    If there is a valid router, let's say with an IP address of, the server checks its ARP table to see whether it has the MAC address of the router's NIC. You could very loosely view this as the server trying to find the Ethernet serial number of the next hop router on the local network, thereby ensuring that the packet is sent to the correct device.

3.    If there is an ARP entry, the server sends the IP packet to its NIC and tells the NIC to encapsulate the packet in a frame destined for the MAC address of the router.

4.    If there is no ARP entry, the server issues an ARP request asking that router respond with its MAC address so that the delivery can be made. When a reply is received, the packet is sent and the ARP table is subsequently updated with the new MAC address.

5.    As each router in the path receives the packet, it plucks the IP packet out of the Ethernet frame, leaving the MAC information behind. It then inspects the destination IP address in the packet and use its routing table to determine the IP address of the next router on the path to this destination.

6.    The router then uses the "ARP-ing" process to get the MAC address of this next hop router. It then reencapsulates the packet in an Ethernet frame with the new MAC address and sends the frame to the next hop router. This relaying process continues until the packet reaches the target computer.

7.    If the target server is on the same network as the source server, a similar process occurs. The ARP table is queried. If no entry is available, an ARP request is made asking the target server for its MAC address. Once a reply is received, the packet is sent and the ARP table is subsequently updated with the new MAC address.

8.    The server will not send the data to its intended destination unless it has an entry in its ARP table for the next hop. If it doesn't, the application needing to communicate will issue a timeout or time exceeded error.

9.    As can be expected, the ARP table contains only the MAC addresses of devices on the locally connected network. ARP entries are not permanent and will be erased after a fixed period of time depending on the operating system used.

Chapter 3, "Linux Networking", which covers Linux network topics, shows how to see your ARP table and the MAC addresses of your server's NICs.

Common ARP Problems When Changing A NIC

You may experience connectivity problems if you change the MAC address assigned to an IP address. This can happen if you swap a bad NIC card in a server, or replace a bad server but have the new one retain the IP address of the old.

Routers typically save learned MAC to IP address map entries in a cache and won't refresh them unless a predefined period of time has elapsed. Changing the NIC, while retaining the IP address can cause problems as the router will continue to send frames onto the network with the correct target IP address but the old target MAC address. The server with the new NIC won't respond as the frame's target MAC doesn't match it's own.

This problem can be fixed in one of two ways. You can delete all the ARP entries in the router's cache. The second solution is to log into the server's console and ping it's gateway. The router will detect the MAC to IP address change and it will readjust its ARP table.

Networking Equipment Terminology

Networking Equipment Terminology

Up to this point you have had only an introduction to the theory of the first two OSI layers. Now we'll cover the hardware used to implement them.

The Physical and Link Layers

The Physical and Link Layers

TCP/IP can be quite interesting, but a knowledge of the first two layers of the OSI model are important too, because without them, even the most basic communication would be impossible.

There are very many standards that define the physical, electrical, and error-control methodologies of data communication. One of the most popular ones in departmental networks is Ethernet, which is available in a variety of cable types and speed capabilities, but the data transmission and error correction strategy is the same in all.

Ethernet used to operate primarily in a mode where every computer on a network section shared the same Ethernet cable. Computers would wait until the line was clear before transmitting. They would then send their data while comparing what they wanted to send with what they actually sent on the cable as a means of error detection. If a mathematical comparison, or cyclic redundancy check (CRC), detected any differences between the two, the server would assume that it transmitted data simultaneously with another server on the cable. It would then wait some random time and retransmit at some later stage when the line was clear again.

Transmitting data only after first sensing whether the cable, which was strung between multiple devices, had the correct signaling levels is a methodology called carrier sense, multiple access or CSMA. The ability to detect garbling due to simultaneous data transmissions, also known as collisions, is called collision detector CD. You will frequently see references to Ethernet being a CSMA/CD technology for this reason and similar schemes are now being used in wireless networks.

Ethernet devices are now usually connected via a dedicated cable, using more powerful hardware capable of simultaneously transmitting and receiving without interference, thereby making it more reliable and inherently faster than its predecessor versions. The original Ethernet standard has a speed of 10 Mbps; the most recent versions can handle up to 40Gbps!

The 802.11 specifications that define many wireless networking technologies are another example of commonly used layer 1 and 2 components of the OSI model. DSL, cable modem standards and, T1 circuits are all parts of these layers.

The next few sections describe many physical and link layer concepts and the operation of the devices that use them to connect the computers in our offices and homes.

Subnet Masks for the Typical Business DSL Line

Subnet Masks for the Typical Business DSL Line

If you purchased a DSL service from your ISP that gives you fixed IP addresses, they will most likely provide you with a subnet mask of that defines 8 IP addresses. For example, if the ISP provides you with a public network address of, a subnet mask of, and a gateway of, then your IP addresses will be: - Network base address - Gateway - Available - Available - Available - Available - Available - Broadcast

Calculating the Range of Addresses on Your Network

Calculating the Range of Addresses on Your Network

If someone gives you an IP address of and a subnet mask of, how do you determine the network address and the broadcast address, in other words the boundaries, of your network? The following section outlines the steps to do this using both a manual and programmed methodology.


Manual Calculation

Take out your pencil and paper, manual calculation can be tricky. Here we go!


1.    Subtract the last octet of the subnet mask from 256 to give the number of IP addresses in the subnet. (256 - 248) = 8

2.    Divide the last octet of the IP address by the result of step 1; don't bother with the remainder (for example 28 / 8 = 3). This gives you the theoretical number of subnets of the same size that are below this IP address.

3.    Multiply this result by the result of step 1 to get the network address (8 x 3 = 24). Think of it as the third subnet with 8 addresses in it. The network address is therefore

4.    The broadcast address is the result of step 3 plus the result of step 1 minus 1. (24 + 8 -1 = 31). Think of it as the broadcast address being the network address plus the number of IP addresses in the subnet minus 1". The broadcast address is

Let's do this for with a mask of


1.    256 - 224 = 32

2.    56/32 = 1

3.    32 x 1 = 32. Therefore the network base address is

4.    32 + 32 - 1 = 63. Therefore the broadcast address is

Let's do this for with a mask of


1.    256 - 240 = 16

2.    75/16 = 4

3.    16 x 4 = 64. Therefore the network base address is

4.    64 + 16 -1 = 79. Therefore the broadcast address is

Note: As a rule of thumb, the last octet of your network base address must be divisible by the "256 minus the last octet of your subnet mask" and leave no remainder. If you are sub-netting a large chunk of IP addresses it's always a good idea to lay it out on a spreadsheet to make sure there are no overlapping subnets. Once again, this calculation exercise only works with subnet masks that start with "255.255.255".

Calculation Using a Script

There is a BASH script in Appendix II, "Codes, Scripts, and Configurations", that will do this for you. Here is an example of how to use it, just provide the IP address followed by the subnet mask as arguments. It will accept subnet masks in dotted decimal format or /value format


 [root@bigboy tmp]# ./subnet-calc.sh /28
 IP Address           :
 Network Base Address :
 Broadcast Address    :
 Subnet Mask          :
 Subnet Size          : 16 IP Addresses
 [root@bigboy tmp]#

Calculating The Number of Addresses Assigned to a Subnet

Calculating The Number of Addresses Assigned to a Subnet

Most office and home networks use networks with 255 IP addresses or less in which the subnet mask starts with the numbers 255.255.255. This is not a pure networking text, so I'll not discuss larger networks because that can become complicated, but in cases where less than 255 IP addresses are required a few apply. There are only seven possible values for the last octet of a subnet mask. These are 0, 192, 128, 224, 240, 248 and 252. You can calculate the number of IP addresses for each of these by subtracting the value from 256.

In many cases the subnet mask isn't referred to by the dotted decimal notation, but rather by the actual number of bits in the mask. So for example a mask of may be called a /24 (slash 24) mask instead. A list of the most commonly used masks in the office or home environment is presented in Table 2-2.


Table 2-2: The "Dotted Decimal" And "Slash" Subnet Mask Notations

Dotted Decimal Format

Slash Format

Available Addresses















So for example, if you have a subnet mask of, then you have 64 IP addresses in your subnet (256 - 192)