mirror of https://github.com/tLDP/LDP
932 lines
38 KiB
XML
932 lines
38 KiB
XML
<!-- $Id$ -->
|
|
|
|
<appendix id="ax-links">
|
|
<title>Links to other Resources</title>
|
|
<section id="links-doc">
|
|
<title>Links to Documentation</title>
|
|
<para>
|
|
This chapter contains
|
|
some categorized links to various further reading and reference
|
|
materials on many topics in the linux and networking arenas. Also
|
|
supplied are a number of links to software as well.
|
|
</para>
|
|
<section id="links-general-linux">
|
|
<title>Linux Networking Introduction and Overview Material</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
The best first place to go (if you can't find any help on this
|
|
page) is to visit the comprehensive TLDP
|
|
<ulink url="http://www.tldp.org/HOWTO/HOWTO-INDEX/networking.html">archive
|
|
of networking-related documentation</ulink>. Here you will find a
|
|
breakdown of the available documentation, organized in a sensible
|
|
way.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <ulink url="http://www.tldp.org/LDP/nag2/index.html">Linux
|
|
Network Administrator's Guide</ulink> covers some of the
|
|
same material as this guide. It additionally covers
|
|
UUCP, SLIP, PPP, NIS, NFS, IPX, email administration, and
|
|
NNTP. It is an excellent general reference.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The
|
|
<ulink url="http://www.tldp.org/HOWTO/Net-HOWTO/index.html">Networking
|
|
HOWTO</ulink>
|
|
provides a good overview of most of the networking protocols and
|
|
link layer devices supported under linux,
|
|
though it covers primarily the 2.0 and 2.2 kernels.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Here's one
|
|
<ulink url="http://eressea.pikus.net/~pikus/plug_firewall/page0.html">step-by-step
|
|
tutorial</ulink> (among many) which shows how to configure a linux
|
|
machine as a router/firewall. A brief summary rather than a
|
|
thorough explanation, it instructs well by example.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section id="links-linux-security">
|
|
<title>Linux Security and Network Security</title>
|
|
<para>
|
|
Linux has been adopted widely as a platform on which to build
|
|
network security devices as a result of its feature set. Here,
|
|
you'll find links to network security documentation.
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
The
|
|
<ulink url="http://tldp.org/HOWTO/Security-HOWTO/">Security
|
|
HOWTO</ulink> introduces many of the topics that touch on
|
|
securing a linux machine, including many network security topics.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The
|
|
<ulink
|
|
url="http://tldp.org/HOWTO/Security-Quickstart-HOWTO/">Security
|
|
Quickstart HOWTO</ulink> is for the impatient.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FIXME
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
FIXME
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section id="links-general-ip">
|
|
<title>General IP Networking Resources</title>
|
|
<para>
|
|
There are a number of resources available to cover a large range
|
|
of IP networking topics. I have selected a few here, but there
|
|
are many other sources of this information both dead-tree versions
|
|
and Internet documentation.
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
One of the key reference materials for any IP networking shop is
|
|
the seminal
|
|
<ulink url="http://www.kohala.com/start/">work by the late W.
|
|
Richard Stevens</ulink>. Three volumes catalog the architecture of
|
|
IP networking and higher layer protocols.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Here is a good introduction to
|
|
<ulink url="http://www.ralphb.net/IPSubnet/">Classless
|
|
Inter Domain
|
|
Routing (CIDR)</ulink>. CIDR is a technique employed since the
|
|
mid 1990s to reduce the load on the routing devices employed on
|
|
the Internet. A beneficial side effect is the simplicity of the
|
|
CIDR addressing notation. For a CIDR address reference,
|
|
<ulink url="http://www.isi.edu/in-notes/rfc1878.txt">RFC
|
|
1878</ulink>
|
|
has proven invaluable to me.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Some general IP subnetting and other Internetworking questions are
|
|
answered at
|
|
<ulink url="http://www.subnetonline.com/">SubnetOnline</ulink>.
|
|
At Cisco's site, you can find a good introduction to
|
|
<ulink url="http://www.cisco.com/univercd/cc/td/doc/cisintwk/idg4/nd20a.htm">subnetting
|
|
an IP space</ulink>. Another one-page tutorial introduction to
|
|
subnetting and CIDR networking is available
|
|
<ulink url="http://www.j51.com/~sshay/tcpip/ip/ip.htm">here</ulink>.
|
|
And don't forget the
|
|
<ulink url="http://www.linuxpowered.com/HOWTO/mini/IP-Subnetworking.html">IP
|
|
subnetting mini-HOWTO</ulink> from TLDP.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <ulink url="http://www.iana.org/">Internet Assigned Numbers
|
|
Authority (IANA)</ulink> has selected a number of IP networks which
|
|
are intended for discretionary use in private networks.
|
|
<ulink url="http://www.isi.edu/in-notes/rfc1918.txt">RFC
|
|
1918</ulink> outlines the address ranges which are available for
|
|
private use. Additionally, IANA has posted a <ulink
|
|
url="http://www.iana.org/assignments/ipv4-address-space">summary</ulink>
|
|
of the identity of the subdelegates of each of the class A sized
|
|
network address ranges. See also the update to RFC 1918 in
|
|
<ulink url="http://www.isi.edu/in-notes/rfc3330.txt">RFC
|
|
3330</ulink>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Address Resolution Protocol is used to provide the glue between
|
|
Ethernet link layer information (hardware addresses) and the IP
|
|
layer. This
|
|
<ulink url="http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.html">page</ulink>
|
|
is instructive in ARP.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
As discussed in <xref linkend="routing-icmp-mtu"/>, MSS and MTU are
|
|
key matters for IP communication.
|
|
Path MTU discovery, as discussed in
|
|
<ulink url="http://www.isi.edu/in-notes/rfc1911.txt">RFC
|
|
1911</ulink>, is used as a way to make most efficient use of
|
|
network resources by detecting the smallest link layer between two
|
|
endpoints and setting the MTU accordingly. This breaks when ICMP
|
|
is assiduously filtered. Visit this
|
|
<ulink url="http://blue-labs.org/howto/mtu-mss.php">discussion</ulink>
|
|
or
|
|
<ulink url="http://alive.znep.com/~marcs/mtu/">this page on
|
|
MTU and MSS</ulink>, and of course
|
|
<ulink url="http://lartc.org/howto/lartc.cookbook.mtu-discovery.html">LARTC's
|
|
discussion and solution</ulink>. For more on the general issue of
|
|
ICMP and what is required see also
|
|
<ulink url="http://rr.sans.org/audit/more_ICMP.php">this SANS
|
|
discussion</ulink>. At a Usenix conference in late 2002, the
|
|
issue of
|
|
<ulink url="http://www.usenix.org/events/lisa02/tech/vanderberg.html">MTU
|
|
and MSS</ulink> prompted the
|
|
<ulink url="http://home.earthlink.net/~jaymzh666/mss/index.html">MSS
|
|
Initiative</ulink>. Because this is a widely misunderstood issue,
|
|
there is even a workaround in the RFCs,
|
|
<ulink url="http://www.isi.edu/in-notes/rfc2923.txt">RFC
|
|
2923</ulink>.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section id="links-masq">
|
|
<title>Masquerading topics</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
The Linux Documentation Project keeps a clear and up to date
|
|
reference on
|
|
<ulink url="http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/">IP
|
|
masquerading</ulink> which thoroughly covers the issues involved
|
|
with masquerading.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section id="links-nat">
|
|
<title>Network Address Translation</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
If you have a 2.4 kernel and are using <command>iptables</command>,
|
|
you should read Rusty Russell's documentation on
|
|
<ulink url="http://www.netfilter.org/unreliable-guides/NAT-HOWTO/NAT-HOWTO.linuxdoc.html">NAT</ulink>
|
|
with netfilter.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The command reference for the iproute2 tools provides sparse
|
|
documentation of the NAT features, but has an
|
|
<ulink url="http://linux-ip.net/gl/ip-cref/node157.html">appendix</ulink>
|
|
which covers the key questions with regard to iproute2 NAT.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
SuSe has Michael Hasenstein's
|
|
<ulink url="http://www.suse.de/~mha/linux-ip-nat/diplom/nat.html">paper</ulink>
|
|
on NAT, which is an excellent technical overview of the case for
|
|
NAT.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Linas Vepstas has collected a number of
|
|
<ulink url="http://www.linas.org/linux/load.html">links to
|
|
projects and implementations relying heavily on NAT</ulink>
|
|
techniques.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section id="links-iproute2">
|
|
<title>iproute2 documentation</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Timur A. Bolokhov has written a good (though dated)
|
|
<ulink url="http://snafu.freedom.org/linux2.2/docs/advanced-routing/">introduction</ulink>.
|
|
to the policy routing features of iproute2 (supported by
|
|
kernels 2.1 and later).
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Mark Lamb hosts a good
|
|
<ulink url="http://snafu.freedom.org/linux2.2/iproute-notes.html">technical
|
|
overview</ulink> of both the iproute2 and tc packages.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
If your copy of &iproute2; did not get packaged
|
|
with <filename>ip-cref.ps</filename> or if you prefer online HTML,
|
|
the command reference is available
|
|
<foreignphrase>in toto</foreignphrase> as HTML at
|
|
<ulink url="http://linux-ip.net/gl/ip-cref/">linux-ip.net</ulink>,
|
|
<ulink url="http://www.linuxgrill.com/iproute2.doc.html">www.linuxgrill.com</ulink>,
|
|
or
|
|
<ulink url="http://snafu.freedom.org/linux2.2/docs/ip-cref/ip-cref.html">snafu.freedom.org</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Julian Anastasov has been working on many aspects of traffic
|
|
control and advanced routing with the &iproute2;
|
|
package. He has provided a large number of patches to
|
|
&iproute2; and some documentation with
|
|
for the linux virtual server (LVS) in addition to a great deal of
|
|
code for LVS. See his <ulink
|
|
url="http://www.ssi.bg/~ja/">main
|
|
site</ulink> for both patches and documentation.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The
|
|
<ulink url="http://lartc.org/">Linux Advanced Routing and
|
|
Traffic Control</ulink> site provides a wealth of expertise
|
|
for complex networking configurations.
|
|
I also recommend the LARTC
|
|
<ulink url="http://mailman.ds9a.nl/mailman/listinfo/lartc">mailing
|
|
list</ulink> and
|
|
<ulink url="http://mailman.ds9a.nl/pipermail/lartc/">archive</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
A brief article distilled from Matthew Marsh's Policy Routing with
|
|
Linux book, introduces the concepts of
|
|
<ulink url="http://www.unixreview.com/documents/s=1383/urmb16/">policy
|
|
routing under linux</ulink> quite admirably. For a fifteen minute
|
|
overview of policy routing under linux, read this article.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
See this brief article on describing
|
|
<ulink url="http://www.samag.com/documents/s=1824/sam0201h/0201h.htm">advanced
|
|
networking</ulink> features of linux.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section id="links-netfilter">
|
|
<title>Netfilter Resources</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Visit
|
|
<ulink url="http://iptables-tutorial.frozentux.net">Oskar
|
|
Andreasson's iptables tutorial</ulink> for examples, overview,
|
|
details, and full documentation of <command>iptables</command>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The
|
|
<ulink url="http://www.netfilter.org/">netfilter site</ulink>
|
|
provides a wealth of tutorials, examples, documentation, and a
|
|
mailing list. Of particular interest is the
|
|
<ulink url="http://www.netfilter.org/documentation/">documentation
|
|
section</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
See this
|
|
<ulink url="http://www.knowplace.org/netfilter/">brief
|
|
introduction</ulink> to packet filtering with
|
|
<command>iptables</command>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Here is a brief summary of the
|
|
<ulink url="http://logi.cc/linux/netfilter-log-format.php3#IPheader">logging
|
|
|
|
output</ulink> form from the netfilter engine.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section id="links-ipchains">
|
|
<title><command>ipchains</command> Resources</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<ulink url="http://www.netfilter.org/ipchains/">Documentation
|
|
for <command>ipchains</command></ulink> is available courtesy of
|
|
the author, Rusty Russell. A mirror of the
|
|
<ulink url="http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html"><command>ipchains</command>
|
|
HOWTO</ulink> is available at TLDP.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Here is a brief summary of
|
|
<ulink url="http://logi.cc/linux/ipchains-log-format.php3">logging
|
|
output</ulink>from the kernel.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Along with a huge pile of other linux-related traffic control and
|
|
packet filtering documentation, there is a
|
|
<ulink url="http://snafu.freedom.org/linux2.2/docs/ipchains-refcard.letter.ps">postscript
|
|
reference card for <command>ipchains</command></ulink> at
|
|
snafu.freedom.org.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section id="links-ipfwadm">
|
|
<title><command>ipfwadm</command> Resources</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Not covered in this documentation, <command>ipfwadm</command> is
|
|
only supported in the linux 2.2 and 2.4 kernels via backward
|
|
compatible interfaces to the internal packet filtering
|
|
architectures. Read more on <command>ipfwadm</command>
|
|
<ulink url="http://www.xos.nl/linux/ipfwadm/paper/">here</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section id="links-systems">
|
|
<title>General Systems References</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
To learn how to
|
|
<ulink url="http://www.tldp.org/HOWTO/Querying-libiptc-HOWTO/">query
|
|
the kernel's iptables</ulink> directly, you need this progamming
|
|
reference.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
For a description of the
|
|
<ulink url="http://www.gnumonks.org/ftp/pub/doc/packet-journey-2.4.html">path
|
|
a frame on the wire takes</ulink> through the kernel from
|
|
the Ethernet through to the upper layers, Harald Welte's
|
|
brief proves instructive.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
If you are only interested in the path an IP packet takes
|
|
through the netfilter (ipchains or iptables), routing and
|
|
ingress/egress QoS code, refer to Stef Coene's excellent
|
|
ASCII representation, the
|
|
<ulink url="http://www.docum.org/stef.coene/qos/kptd/">kernel
|
|
2.4 packet traveling diagram</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Oskar Andreasson (of
|
|
<ulink url="http://iptables-tutorial.frozentux.net/">iptables
|
|
tutorial</ulink> fame) has written an
|
|
<ulink url="http://ipsysctl-tutorial.frozentux.net/">IP sysctl
|
|
tutorial</ulink> which covers the different
|
|
<filename>/proc</filename> filesystem entries. (kernel 2.4 only)
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section id="links-bridging">
|
|
<title>Bridging</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Your linux box can function as a bridge, and two boxen connected
|
|
to the same hubs can use Spanning Tree Protocol (STP) to protect
|
|
against failure of one or the other. See the
|
|
<ulink url="http://www.tldp.org/HOWTO/BRIDGE-STP-HOWTO/index.html">Bridge
|
|
HOWTO</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
For a brief article on using a linux bridge as a firewall see
|
|
<ulink url="http://www.sparkle-cc.co.uk/firewall/firewall.html">David
|
|
Whitmarsh's introduction</ulink> to the topic.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
There's some fledgling documentation of the bridging code in kernel
|
|
2.4 (and 2.2) available, especially in conjunction with netfilter
|
|
<ulink url="http://bridge.sourceforge.net/docs/">here</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Consider also,
|
|
<ulink url="http://users.pandora.be/bart.de.schuymer/ebtables/">ebtables</ulink>
|
|
named by analogy to iptables. If you are bridging at all, or using
|
|
ebtables at all, you'll want to know about the interaction between
|
|
bridging and iptables, so visit the
|
|
<ulink url="http://www.tldp.org/HOWTO/Ethernet-Bridge-netfilter-HOWTO.html">bridge
|
|
and Netfilter HOWTO</ulink>.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section id="links-tc">
|
|
<title>Traffic Control</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
The
|
|
<ulink url="http://lartc.org/">Linux Advanced Routing and Traffic
|
|
Control</ulink> website is the first place to go for any traffic
|
|
control (and advanced routing) documentation.
|
|
I also recommend the LARTC
|
|
<ulink url="http://mailman.ds9a.nl/mailman/listinfo/lartc">mailing
|
|
list</ulink> and
|
|
<ulink url="http://mailman.ds9a.nl/pipermail/lartc/">archive</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Stef Coene has written prodigiously on
|
|
<ulink url="http://www.docum.org/">traffic control under
|
|
linux</ulink>. His site contains practical guidance on traffic
|
|
control and bandwidth shaping matters.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
There is an
|
|
<ulink url="http://www.tldp.org/HOWTO/ADSL-Bandwidth-Management-HOWTO/">ADSL
|
|
Bandwidth Management HOWTO</ulink> on TLDP.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Michael Babcock has a page discussing
|
|
<ulink url="http://www.fibrespeed.net/~mbabcock/linux/qos_tc/">QoS
|
|
on linux</ulink>. This is a good introduction, though a bit dated
|
|
(it seems to discuss only kernel 2.2).
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Leonardo Balliache's has published a brief overview of the
|
|
<ulink url="http://www.opalsoft.net/qos/">compared QoS
|
|
offerings</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Sally Floyd is apparently one of the leading researchers in the
|
|
use of QoS on the Internet. See her work as a researcher at
|
|
<ulink url="http://www.icir.org/floyd/">icir.org</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Another major research center for QoS under linux is the
|
|
University of Kansas. For some very technical material on QoS
|
|
under linux, see their
|
|
<ulink url="http://qos.ittc.ukans.edu/">main page</ulink>. Here
|
|
you will find some documentation of the tools available to those
|
|
programming for QoS implementations under linux.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
An implementation of
|
|
<ulink url="http://diffserv.sourceforge.net/">DiffServ</ulink>,
|
|
is underway under linux. DiffServ is an intermediate step to
|
|
IntServ. There are also the
|
|
<ulink url="http://www.atm.tut.fi/list-archive/linux-diffserv/thrd6.html">old
|
|
DiffServ archive</ulink> and the
|
|
<ulink url="http://sourceforge.net/mailarchive/forum.php?forum=diffserv-general">current
|
|
archive</ulink>.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section id="links-multicast">
|
|
<title>IPv4 Multicast</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
A dated
|
|
<ulink url="http://jukie.net/~bart/multicast/Linux-Mrouted-MiniHOWTO.html">multicast
|
|
routing mini-HOWTO</ulink> provides the best introduction to
|
|
multicast routing under linux.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The
|
|
<ulink url="http://www.cschill.de/smcroute/"><command>smcroute</command></ulink>
|
|
utility provides a command line interface to manipulate the
|
|
multicast routing tables via a method other than
|
|
<command>mrouted</command>.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section id="links-misc">
|
|
<title>Miscellaneous Linux IP Resources</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
The <command>sysctl</command> utility is a convenient tool for
|
|
manipulating kernel parameters. Combined with the
|
|
<filename>/etc/sysctl.conf</filename> this utility allows an
|
|
administrator to alter or tune kernel parameters in a convenient
|
|
fashion across a reboot. See this
|
|
<ulink url="http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/ref-guide/s1-proc-sysctl.html">brief
|
|
RedHat page on the use of <command>sysctl</command></ulink>. See
|
|
also
|
|
<ulink url="http://ipsysctl-tutorial.frozentux.net/">Oskar
|
|
Andreasson's IP Sysctl Tutorial</ulink> for a detailed examination
|
|
of the parameters and their affect on system operation.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
For users who need to provide a standards compliant VPN solution
|
|
<ulink url="http://www.freeswan.org/">FreeS/WAN</ulink> can be
|
|
part of a good interoperable solution. Additionally, there are
|
|
issues with using FreeS/WAN on linux as a VPN solution. John
|
|
Denker (appropriate last name) has grappled with the issue of
|
|
<ulink url="http://www.quintillion.com/moat/ipsec+routing/iproute2.html">IPSec
|
|
and routing</ulink> and has suggested the following
|
|
<ulink url="http://www.quintillion.com/moat/ipsec+routing/iproute2.html">work
|
|
around</ulink>. Here's a
|
|
<ulink url="http://www.quintillion.com/fdis/moat/index.html">summary
|
|
of one network admin's perspective</ulink>
|
|
on some of the issues related to FreeS/WAN, roving users and
|
|
network administration for VPN users. Note! The 2.5.x
|
|
development kernel contains an IPSec implementation natively.
|
|
This means that by the release of 2.6.x, linux may support IPSec
|
|
out of the box.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<ulink url="http://www.icir.org/floyd/ecn.html">Explicit
|
|
Congestion Notification</ulink> is supported under linux kernel
|
|
2.4 with a sysctl entry.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The 2.2 and 2.4 series support bonding of interfaces which allows
|
|
both link aggregation (IEEE 802.3ad) and failover use of Ethernet
|
|
interfaces. The canonical source for documentation about bonding
|
|
is <filename>Documentation/networking/bonding.txt</filename> in
|
|
the kernel source distribution.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
If you are looking for virtual router redundancy protocol
|
|
(VRRP) support under linux, there are several fledgling options.
|
|
The
|
|
<ulink url="http://w3.arobas.net/~jetienne/vrrpd/">reference
|
|
implementation</ulink> is (according to LARTC scuttlebut) mostly a
|
|
proof of concpt endeavor. At least one other implementation is
|
|
available for linux--and this one has the reputation of being
|
|
more practical:
|
|
<ulink url="http://www.keepalived.org/">keepalived</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
If you want your linux box to support 802.1q VLAN tagging,
|
|
you should read up on
|
|
<ulink url="http://www.candelatech.com/~greear/vlan.html">Ben
|
|
Greear's site</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Don't forget the value of looking for the answer to your question
|
|
in the linux-net
|
|
<ulink url="http://www.uwsg.indiana.edu/hypermail/linux/net/">mailing
|
|
list archive</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Linux Journal has published a two part article on by Gianluca
|
|
Insolvibile describing the path a packet takes through the kernel.
|
|
Part I covers
|
|
<ulink url="http://www.linuxjournal.com/article.php?sid=4852">the
|
|
input of the packet until just before layer 4 processing</ulink>.
|
|
Part II covers
|
|
<ulink url="http://www.linuxjournal.com/article.php?sid=5617">higher
|
|
layer packet handling</ulink>, including
|
|
<ulink url="http://www.linuxjournal.com/modules/NS-lj-issues/issue95/5617f1.png">simple
|
|
diagram of the kernel's decisions for each IP packet</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
This
|
|
<ulink url="http://www.linux-kongress.org/2002/papers/lk2002-heuven.pdf">PDF
|
|
from the linux-kongress</ulink> introduces some plans for MPLS and
|
|
RSVP support under linux. (There are also
|
|
<ulink url="http://www.linux-kongress.org/2002/papers/">many other
|
|
interesting papers</ulink> available here.) Another (the same?)
|
|
<ulink url="http://mpls-linux.sourceforge.net/">MPLS
|
|
implementation</ulink> is available from SourceForge.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
A clearly written but probably quite dated
|
|
<ulink url="http://www.tldp.org/LDP/tlk/net/net.html">introduction</ulink>
|
|
in English to the kernel networking code was written by David
|
|
Rusling. (An update/replacement to this is under development by
|
|
David Rusling, although no URL is available.)
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
</section>
|
|
<section id="links-software">
|
|
<title>Links to Software</title>
|
|
<section>
|
|
<title>Basic Utilities</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
The <ulink url="http://www.tazenda.demon.co.uk/phil/net-tools/">net-tools</ulink>
|
|
package is a collection of basic utilities for managing the
|
|
Ethernet and IP layer under linux.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The &iproute2; package provides command-line
|
|
support for the full functionality of the linux IP stack. This
|
|
package, written by Alexey Kuznetsov, is available
|
|
<ulink url="ftp://ftp.inr.ac.ru/ip-routing/">here</ulink> and is
|
|
mirrored
|
|
<ulink url="http://www.linuxgrill.com/anonymous/fire/alexey/">here</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
A tool more convenient than <command>traceroute</command> for
|
|
tracing routes, <ulink
|
|
url="http://www.bitwizard.nl/mtr/"><command>mtr</command></ulink>
|
|
can be obtained
|
|
<ulink url="ftp://ftp.bitwizard.nl/mtr/">here</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The network swiss army knife of <ulink
|
|
url="http://www.atstake.com/research/tools/index.html#network_utilities"><command>nc</command>
|
|
(NetCat)</ulink> is available from @stake.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
For a far more flexible tool in the same vein as nc,
|
|
<ulink url="http://www.dest-unreach.org/socat/">socat</ulink>
|
|
connects all manner of files, sockets, and file descriptors under
|
|
most types of unix.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section>
|
|
<title>Virtual Private Networking software</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<ulink url="http://sites.inka.de/sites/bigred/devel/cipe.html">CIPE</ulink>
|
|
is a lightweight nonstandard VPN technology which can use
|
|
shared secrets or RSA keys. CIPE is developed primarily for linux
|
|
but includes a Windows port.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
For a standards based VPN technology,
|
|
<ulink url="http://www.freeswan.org/download.html">FreeS/WAN</ulink>
|
|
provides IPSec functionality for the linux kernel. If you need an
|
|
SRPM of the FreeSWAN IPSec software, get it
|
|
<ulink url="http://www.sandelman.ottawa.on.ca/freeswan/rpm/">here</ulink>.
|
|
Note that development kernel 2.5.47+ contains kernel-native
|
|
support for IPSec. Refer to the
|
|
<ulink url="http://lartc.org/howto/lartc.ipsec.html">LARTC IPSec
|
|
documentation</ulink> for more on this.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section>
|
|
<title>Traffic Control queueing disciplines and command line tools</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Martin Devera has written a
|
|
<ulink url="http://luxik.cdi.cz/~devik/qos/htb/">queueing
|
|
discipline called HTB</ulink> which has been incorporated into the
|
|
2.4.20 kernel series. As of this writing, HTBv3 is included in
|
|
kernel 2.4.20+, but <command>tc</command> doesn't support htb
|
|
without the patch available
|
|
<ulink url="http://luxik.cdi.cz/~devik/qos/htb/v3/htb3.6-020525.tgz">here</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Weighted Round Robin is a queueing discipline which distributes
|
|
bandwidth among the multiple open connections. Although the wrr
|
|
qdisc is not included in the kernel, it is available
|
|
<ulink url="http://wipl-wrr.sourceforge.net/">here</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Patrick McHardy has written a device which can be used independent
|
|
of interface to perform traffic shaping. The
|
|
<ulink url="http://trash.net/~kaber/imq/">Intermediate
|
|
Queueing Device (IMQ)</ulink> is supported under kernel 2.4 and
|
|
provides support for ingress shaping and traffic shaping over
|
|
multiple physical devices. (Site was available
|
|
<ulink url="http://luxik.cdi.cz/~patrick/imq/">here</ulink>.)
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Werner Almesberger is working on a more user friendly traffic
|
|
control front end called
|
|
<ulink url="http://tcng.sourceforge.net/">tcng</ulink>. This
|
|
package includes a userspace simulator <command>tcsim</command>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
DiffServ
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section>
|
|
<title>Interfaces to lower layer tools</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
A collection of various scripts and other interfaces for netfilter
|
|
is available
|
|
<ulink url="http://www.linuxguruz.org/iptables/">here</ulink>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
A curses-based tool
|
|
<ulink url="http://users.pandora.be/stes/ipmenu.html">ipmenu</ulink>
|
|
provides a single uniform interface to many of the IP layer
|
|
features of linux.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section>
|
|
<title>Packet sniffing and diagnostic tools</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
The <ulink url="http://www.tcpdump.org/">tcpdump</ulink> utility
|
|
is a well known cross-platform utility for sniffing traffic on
|
|
the wire.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
To watch plaintext protocol conversations, the
|
|
<ulink url="http://www.circlemud.org/~jelson/software/tcpflow/">tcpflow</ulink>
|
|
tool can be invaluable.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
To gather data on the nature and quality of the network path
|
|
between two points, the
|
|
<ulink url="http://www.cnam.fr/reseau/bing.html"><command>bing</command></ulink>
|
|
program provides a running set of statistics by calculating
|
|
the delta between ICMP echo replies from different hosts.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
To help diagnose problems between network points, the
|
|
<ulink url="http://www.caida.org/tools/utilities/others/pathchar/"><command>pathchar</command></ulink>
|
|
tool can be handy. Unfortunately, it only comes in a binary
|
|
release, apparently because Van Jacobsen did not feel it was
|
|
ready for full release.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Among the sniffing and spoofing tools,
|
|
<ulink url="http://monkey.org/~dugsong/dsniff/">dsniff</ulink>
|
|
has received good press. It is a collection of tools for
|
|
network auditing and penetration testing.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
If you need to capture and reinject packets into the network,
|
|
<ulink url="http://www.packetfactory.net/Projects/Libnet/">libnet</ulink>
|
|
is a library you can use for these purposes. This is a diagnostic
|
|
and security tool.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
To reproduce traffic from a captured file, use
|
|
<ulink url="http://tcpreplay.sourceforge.net/">tcpreplay</ulink>.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
</section>
|
|
</appendix>
|