mirror of https://github.com/tLDP/LDP
2604 lines
102 KiB
XML
2604 lines
102 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
||
<sect1 id="Protocols-Standards-Services">
|
||
|
||
<title>Protocols-and-Standards-Services</title>
|
||
|
||
<para>
|
||
<![CDATA[
|
||
IEEE (Institute of Electrical and Electronics Engineers) 802 Standards
|
||
|
||
802.1 Internetworking
|
||
802.2 Logical Link Control (LLC)
|
||
802.3 CSMA/CD (Ethernet) media access method
|
||
802.4 Token bus media access method
|
||
802.5 Token Ring Media access method
|
||
802.6 Metropolitan Area Netwoks (MANs)
|
||
802.7 Broadband technologies
|
||
802.8 Fiber optic technologies
|
||
802.9 Hybrid (voice and data) networking
|
||
802.10 Network security
|
||
802.11 Wireless Networking
|
||
802.12 High-speed LANs
|
||
]]>
|
||
</para>
|
||
|
||
<para>
|
||
<![CDATA[
|
||
3.8. Amateur Radio
|
||
|
||
The Linux kernel has built-in support for amateur radio protocols.
|
||
|
||
Especially interesting is the AX.25 support. The AX.25 protocol offers
|
||
both connected and connectionless modes of operation, and is used
|
||
either by itself for point-point links, or to carry other protocols
|
||
such as TCP/IP and NetRom.
|
||
|
||
It is similar to X.25 level 2 in structure, with some extensions to
|
||
make it more useful in the amateur radio environment.
|
||
|
||
· Amateur radio on Linux web site <http://radio.linux.org.au/>
|
||
]]>
|
||
</para>
|
||
|
||
NDIS and ODI
|
||
|
||
The Network Device Interface Specification (NDIS) is a standard developed
|
||
by Microsoft and IBM to enable communication between protocols and network
|
||
card drivers. The purpose of NDIS is to abstract the functions of the
|
||
network driver so that protocols can work with any driver. NDIS works
|
||
within the data link layer of the OSI model.
|
||
|
||
NDIS allows software components to be written in a modular fashion, and
|
||
components that conform to a version of the NDIS specification are
|
||
guaranteed to communicate with eachother. The current version of NDIS
|
||
is 4.0.
|
||
|
||
The process of assigning a protocol to a network card is called binding.
|
||
NDIS allows multiple protocols to be bound to a single network card,
|
||
and multiple network cards to be bound to a single protocol (or multiple
|
||
protocols).
|
||
|
||
ODI (Open Datalink Interface), devloped by Novell and Apple, is an
|
||
implementation of the same functionality. While designed primarily for
|
||
the IPX protocol, ODI can be used with any protocol. Netware clients and
|
||
servers can have network cards bound to multiple protocols. Microsoft's
|
||
implementation of the IPX protocol, NWLink, also supports the ODI standard.
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="Appletalk">
|
||
|
||
<title>Appletalk</title>
|
||
|
||
<para>
|
||
Appletalk is the network architecture/internetworking stack developed
|
||
by Apple to work with Macintosh computers. It allows a peer-to-peer
|
||
network model which provides basic functionality such as file and printer
|
||
sharing. Each machine can simultaneously act as a client and a server,
|
||
and the software and hardware necessary are included with every Apple
|
||
computer. Appletalk actually supports three network transports:
|
||
Ethernet, Token Ring, and a dedicated system called Localtalk.
|
||
</para>
|
||
|
||
<para>
|
||
LocalTalk is traditionally wired in a star or hybrid topology using custom
|
||
connectors and STP cable. A popular third-party system allows ordinary phone
|
||
cable to be used instead of STP. LocalTalk supports up to 32 node per network.
|
||
The implementations of Ethernet and Token Ring (EtherTalk and TokenTalk)
|
||
support for more sophisticated networks. Localtalk uses CSMA/CA access method.
|
||
Rather than detect collisions as with Ethernet, this method requires nodes to
|
||
wait a certain amount of time after detecting an existing signal on the network
|
||
before attempting to transmit, avoiding most collisions.
|
||
</para>
|
||
|
||
<para>
|
||
Linux provides full Appletalk networking. Netatalk is a kernel-level
|
||
implementation of the AppleTalk Protocol Suite, originally for BSD-
|
||
derived systems. It includes support for routing AppleTalk, serving
|
||
Unix and AFS filesystems over AFP (AppleShare), serving Unix printers
|
||
and accessing AppleTalk printers over PAP. Linux systems just show up
|
||
as another Macintosh on the network.
|
||
</para>
|
||
|
||
- Netatalk faq and HOWTO:
|
||
- http://thehamptons.com/anders/netatalk/
|
||
- http://www.umich.edu/~rsug/netatalk/
|
||
- http://www.umich.edu/~rsug/netatalk/faq.html
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="ARCnet">
|
||
|
||
<title>ARCnet</title>
|
||
|
||
<para>
|
||
ARCnet, developed in 1977, by Datapoint Corporation, is an older standard
|
||
that has largely been replaced by Ethernet in current networks. ARCnet,
|
||
uses RG-62 coaxial cable in a star, bus, or hybrid physical topology. This
|
||
networking scheme supports active and passive hubs, which must be connected
|
||
to an active hub. ARCnet requries 93-ohm terminators at the end of bus
|
||
cables, and on unused ports of passive hubs. It supports UTP, coaxial, or
|
||
fiber-optic cable. The distance between nodes is 400 feet with UTP cable,
|
||
and higher for coaxial or fiber-optic cable.
|
||
</para>
|
||
|
||
<para>
|
||
ARCnet uses a token-passing scheme similar to that of token ring. ARCnet
|
||
networks support a bandwidth of 2.5 Mbps. Newer standards (ARCnet Plus and
|
||
TCNS) support speeds of 20 Mbps and 100 Mbps, but have not really caught on.
|
||
</para>
|
||
|
||
- ARCnet HOWTO
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="ATM">
|
||
|
||
<title>ATM</title>
|
||
|
||
<para>
|
||
ATM (Asynchronous Transfer Mode), is a high speed packet switching format
|
||
that supports up to 622 Mbps. ATM can be used with T1 and T3 lines, FDDI,
|
||
and SONET OC1 and OC3 lines. ATM uses a technology called cell switching.
|
||
Data is sent in 53-byte packets called cells. Because packets are small and
|
||
uniform in size, they can be quickly routed by hardware switches. ATM uses
|
||
a virtual circuit between connection points for high reliability over
|
||
high-speed links.
|
||
</para>
|
||
|
||
<para>
|
||
ATM support for Linux is currently in pre-alpha stage. There is an
|
||
experimental release, which supports raw ATM connections (PVCs and
|
||
SVCs), IP over ATM, LAN emulation....
|
||
</para>
|
||
|
||
<para>
|
||
The Linux ATM-Linux home page is at, <ulink url="http://lrcwww.epfl.ch/linux-atm/"/>.
|
||
</para>
|
||
|
||
<para>
|
||
Werner Almesberger <email>werner.almesberger@lrc.di.epfl.ch</email> is managing a
|
||
project to provide Asynchronous Transfer Mode support for Linux.
|
||
Current information on the status of the project may be obtained from,
|
||
http://lrcwww.epfl.ch
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="DDS-Switched56">
|
||
|
||
<title>DDS-Switched56</title>
|
||
|
||
<para>
|
||
DDS (Digital Data Service) and Switched 56 are types of dedicated
|
||
digital line provided by phone carriers. DDS lines are more
|
||
expensive than dedicated analog lines, but support a more consistent quality.
|
||
DDS lines support a speed of 56 Kbps. A device called a CSU/DSU (Channel
|
||
Service Unit/Digital Service Unit) is used to connect the network to the
|
||
dedicated line.
|
||
</para>
|
||
|
||
<para>
|
||
Switched 56 is an alternative to DDS that provides the same type of
|
||
connection, but in a circuit-switched format. The line is available
|
||
on demand rather than continuously, and you are billed for the hours that
|
||
you use it. ISDN has largely replaced Switched 56 for this purpose.
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="DECnet">
|
||
|
||
<title>DECnet</title>
|
||
|
||
<para>
|
||
Support for DECnet is currently being worked on. You should expect it
|
||
to appear in a late 2.1.* kernel.
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="DLC">
|
||
|
||
<title>DLC</title>
|
||
|
||
<para>
|
||
DLC (Data Link Control) is a transport protocol developed by IBM for SNA
|
||
(System Network Architecture), a protocol suite for network communication
|
||
with mainframe computers. Particular versions of DLC are called SDLC
|
||
(Synchronous Data Link Control) and HDLC (High-level Data Link Control).
|
||
Along with its main uses in mainframe communication, DLC is the protocol
|
||
used by many network-aware printers such Hewlett-Packard's JetDirect
|
||
interface.
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="EQL">
|
||
|
||
<title>EQL</title>
|
||
|
||
<para>
|
||
EQL provides a means of utilizing multiple point to point lines such
|
||
as PPP, SLIP or PLIP as a single logical link to carry TCP/IP. Often,
|
||
it is cheaper to use multiple lower speed lines than to have one high
|
||
speed line installed. In short, EQL is multiple line traffic equaliser.
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="Ethernet">
|
||
|
||
<title>Ethernet</title>
|
||
|
||
Ethernet
|
||
|
||
Ethernet is the most common network architecture worldwide. It was developed by Xerox,
|
||
Intel and DEC in the late 1960s and revised as Ethernet 2.0 in 1982. Ethernet networks
|
||
the CSMA/CD (carrier sense multiple access with collision detection) media access method,
|
||
defined in IEEE 802.3.
|
||
|
||
There are three Ethernet standards for different media:
|
||
|
||
See P41 of Oreilly "MSCE Networking"
|
||
|
||
10BaseT
|
||
10Base2
|
||
10Base5
|
||
|
||
Fast Ethernet
|
||
|
||
Fast Ethernet, also known as 100BaseT, is a new standard for 100 Mbps Ethernet. Fast Ethernet
|
||
can use two-pair Category 5 cable of four-pair Category 3-5 cable.
|
||
|
||
100BaseT uses a physical star topology identical to that used by 10BaseT, but requires that
|
||
all equipment (hubs, NICs, and repeaters) support 100 Mbps speeds. Some NICs and hubs can support
|
||
both standards, but all devices on the network need to be configured to use the same standard.
|
||
|
||
Several manufacturers devleloped 100 Mbps Ethernet devices before 100BaseT became a standard. The
|
||
most popular of these, 100VG-AnyLan, is still widely used. This standard uses a demand priority
|
||
access method rather than CSMA/CD, and also supports networks that combine Ethernet and Token
|
||
Ring packets.
|
||
|
||
|
||
> Start Binh
|
||
GigE
|
||
GigE Ethernet, also known as 1000BaseT or Gigabit Ethernet. GigE can only use Cat 5 cable. GigE uses the same topology as that of Fast Ethernet (ie. physical star topology). Like Fast Ethernet though it requires that hubs/switches on the LAN to be GigE capable. If not it will revert back to
|
||
100BaseT, and if this is not available to 10BaseT Ethernet.
|
||
|
||
It is now often utilized as a more inexpensive option to Optic Fibre.
|
||
> End Binh
|
||
|
||
* Ethernet-Howto
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="FDDI">
|
||
|
||
<title>FDDI</title>
|
||
|
||
<para>
|
||
FDDI (Fiber Distributed Data Interface) is a high-speed, reliable, long-distance
|
||
networking scheme often used for network backbones and networks that require
|
||
high bandwidth. FDDI uses fiber optic cable wired in a true ring. It supports
|
||
speeds up to 100 Mbps and a maximum distance bewteen nodes of 100 kilometers
|
||
(62 miles).
|
||
</para>
|
||
|
||
<para>
|
||
FDDI uses token-passing scheme wired into two rings, primary and secondary. The
|
||
primary ring is used for normal networking. When a failure is detected, the
|
||
secondary ring is used in the opposite direction to compensate for the failure
|
||
in the primary ring.
|
||
</para>
|
||
|
||
<para>
|
||
The advantages of FDDI are their high speed, long distance, and reliablity.
|
||
The token-passing scheme used by FDDI is also more sophisticated than that
|
||
of Token Ring: it allows multiple packets to be on the ring at once, and
|
||
allows certain nodes to be given higher priority than the rest. The
|
||
disadvantage of FDDI is its high cost and the difficult in installing and
|
||
maintaing fiber optic cable.
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="Frame-Relay">
|
||
|
||
<title>Frame-Relay</title>
|
||
|
||
<para>
|
||
Frame relay is a protocol used with leased lines to support speeds up to
|
||
1.544 Mbps. Frame realy uses packet switching over a phone company's
|
||
network. Frame realy connections use a virtual circuit, called
|
||
a PVC (private virtual circuit), to establish connections. Once established,
|
||
connections use a low overhead and do not provide error correction.
|
||
</para>
|
||
|
||
<para>
|
||
A frame realy compatible router is used to attach the LAN to the frame
|
||
relay line. Frame relay lines are available in speeds ranging from 56 Kbps
|
||
to 1.544 Mbps, and varying proportionally in cost. One advantage of frame
|
||
relay is that bandwidth is available on demand: you can install a line
|
||
at 56 Kbps and later upgrade it to a higher speed by ordering the service
|
||
from the carrier, usually without replacing any equipment.
|
||
</para>
|
||
|
||
<para>
|
||
It was specifically designed and is well suited to data communications traffic
|
||
that is of a `bursty' or intermittent nature. You connect to a Frame Relay
|
||
network using a Frame Relay Access Device (FRAD). The Linux Frame Relay
|
||
supports IP over Frame Relay as described in RFC-1490.
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="NetBEUI">
|
||
|
||
<title>NetBEUI</title>
|
||
|
||
<para>
|
||
NetBEUI (NetBIOS Extended User Interface) is a transport-layer protocol
|
||
developed by Microsoft and IBM. NetBEUI was mainly intended as a basic
|
||
protocol to support NetBIOS (Network Basic Input/Output System), the
|
||
Windows standard for workstation naming, communications, and file sharing.
|
||
</para>
|
||
|
||
<para>
|
||
NetBEUI is a fast protocol with a low overhead, which makes it a good
|
||
choice for small networks. However, it is a non-routable protocol.
|
||
Networks that use NetBEUI can be use bridges for traffic management,
|
||
but cannot use routers. Another disadvantage is its proprietary nature.
|
||
NetBEUI is supported by few systems other than Windows.
|
||
</para>
|
||
|
||
<para>
|
||
Although NetBEUI was developed by Microsoft and was the default protocol
|
||
for some operating systems (such as Windows for Workgroups and Windows 95),
|
||
Microsoft recommends TCP/IP over NetBEUI for most Windows NT networks.
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="IPX">
|
||
|
||
<title>IPX</title>
|
||
|
||
<para>
|
||
IPX and SPX are proprietary protocols that were developed during the
|
||
early 1980s by Novell for use in NetWare networks.
|
||
|
||
NetWare became the de facto standard network operating system (NOS) of
|
||
first generation LANs. Novell complemented its NOS with a
|
||
business-oriented application suite and client-side connection utilities.
|
||
|
||
They were based on protocols used in Xerox's XNS (Xerox Network Systems)
|
||
network architecture.
|
||
|
||
IPX (Internetwork Packet Exchange) is a connectionless protocol that works
|
||
at the network layer of the OSI model, and SPX (Sequenced Packet Exchange)
|
||
is a connection-orientated protocol that works at the transport layer.
|
||
</para>
|
||
|
||
<para>
|
||
These protocols are often easier to configure than TCP/IP and are routable,
|
||
so they make a good alternative for some networks, particularly small
|
||
peer-to-peer networks. However, TCP/IP is more suitable for larger
|
||
LANs and WANs.
|
||
</para>
|
||
|
||
<para>
|
||
Frame types are one aspect of IPX networks that sometimes does require
|
||
configuration. The frame type determines the order and type of data included
|
||
in the packet. Typical frame types used in NetWare networks
|
||
802.2 and 802.3.
|
||
</para>
|
||
|
||
<para>
|
||
Linux has a very clean IPX/SPX implementation, allowing it to be
|
||
configured as an:
|
||
|
||
· IPX router
|
||
· IPX bridge
|
||
· NCP client and/or NCP Server (for sharing files)
|
||
· Novell Print Client, Novell Print Server
|
||
|
||
And to:
|
||
|
||
· Enable PPP/IPX, allowing a Linux box to act as a PPP server/client
|
||
· Perform IPX tunnelling through IP, allowing the connection of two
|
||
IPX networks through an IP only link
|
||
</para>
|
||
|
||
* IPX-SPX HOWTO
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="Leased-Line">
|
||
|
||
<title>Leased-Line</title>
|
||
|
||
<para>
|
||
Any fixed, that is permanent, point to point data communications link,
|
||
which is leased from a telco or similar organisation. The leased line
|
||
involves cables, such as twisted pair, coax or fiber optic, and may
|
||
involve all sorts of other hardware such as (pupin) coils,
|
||
transformers, amplifiers and regenerators.
|
||
</para>
|
||
|
||
T1-T4
|
||
<para>
|
||
A T1 line is a high-speed, dedicated, point-to-point leased line that
|
||
includes 24 seperate 64 Kbps channles for voice and data. Other lines
|
||
of this type, called T-carrier lines, support larger numbers of channels.
|
||
T1 and T3 lines are the most commonly used.
|
||
</para>
|
||
|
||
<para>
|
||
<screen>
|
||
Carrier Channels Total Bandwidth
|
||
T1 24 1.544 Mbps
|
||
T2 96 6.312 Mbps
|
||
T3 672 44.736 Mbps
|
||
T4 4032 274.176 Mbps
|
||
</screen>
|
||
</para>
|
||
|
||
<para>
|
||
While the specification for T-carrier lines does not mandate a particular
|
||
media type, T1 and T2 are typically carried on copper, and T3 and T4
|
||
typically use fiber optic media. DS1, DS2, DS3, and DS4 are an alternate
|
||
type of line equivalent to T1-T4, and typically use fiber optic media.
|
||
</para>
|
||
|
||
SONET (Synchronous Optical Network)
|
||
<para>
|
||
A leased-line system using fiber optic media to support data speeds up to
|
||
2.4 Gbps. SONET services are sold based on optical carier (OC) levels. OC
|
||
levels are calculated as multiples of the OC-1 speed, 51.840 Mbps. For
|
||
example, OC-3 level would correspond with a data speed of 155 Mbps and
|
||
OC-12 level would equate to a data transfer rate of 622 Mbps. OC-1 and
|
||
OC-3 are the most commonly used SONET lines.
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="PLIP">
|
||
|
||
<title>PLIP</title>
|
||
|
||
<para>
|
||
PLIP (Parallel Line IP), is like SLIP, in that it is used for
|
||
providing a point to point network connection between two machines,
|
||
except that it is designed to use the parallel printer ports on your
|
||
machine instead of the serial ports (a cabling diagram in included in
|
||
the cabling diagram section later in this document). Because it is
|
||
possible to transfer more than one bit at a time with a parallel port,
|
||
it is possible to attain higher speeds with the plip interface than
|
||
with a standard serial device. In addition, even the simplest of
|
||
parallel ports, printer ports, can be used in lieu of you having to
|
||
purchase comparatively expensive 16550AFN UART's for your serial
|
||
ports. PLIP uses a lot of CPU compared to a serial link and is most
|
||
certainly not a good option if you can obtain some cheap ethernet
|
||
cards, but it will work when nothing else is available and will work
|
||
quite well. You should expect a data transfer rate of about 20
|
||
kilobytes per second when a link is running well.
|
||
</para>
|
||
|
||
PLIP allows the cheap connection of two machines.
|
||
It uses a parallel port and a special cable, achieving speeds of
|
||
10kBps to 20kBps.
|
||
|
||
- PLIP HOWTO
|
||
- Networking HOWTO
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="PPP-and-SLIP">
|
||
|
||
<title>PPP and SLIP</title>
|
||
|
||
<para>
|
||
The Linux kernel has built-in support for PPP (Point-to-Point-
|
||
Protocol) and SLIP (Serial Line IP). PPP is the most popular
|
||
way individual users access their ISPs (Internet Service
|
||
Providers).
|
||
|
||
· <ulink url="http://metalab.unc.edu/mdw/HOWTO/PPP-HOWTO.html">Linux PPP HOWTO</ulink>
|
||
|
||
· <ulink url="http://metalab.unc.edu/mdw/HOWTO/mini/SLIP-PPP-Emulator.html">PPP/SLIP emulator</ulink>
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="Token-Ring">
|
||
|
||
<title>Token-Ring</title>
|
||
|
||
<para>
|
||
The Token Ring architecture is defined in IEEE 802.5. IBM has further defined
|
||
the standard to include particular types of devices and cables. Token Ring uses
|
||
a logical ring topology and a physical star topology. The hubs for Token Rung
|
||
are called multistation access units, or MAUs.
|
||
</para>
|
||
|
||
<para>
|
||
The Token Ring standard supports either 4 Mbps or 16 Mbps speeds. Cable can be
|
||
STP, UTP, or fiber. One popular wiring scheme uses Category 5 cable. There are
|
||
also a varity of cable types defined by IBM (referred to as Type 1 through
|
||
Type 9). Distances between nodes can range from 45 meters for UTP to a kilometer
|
||
or more for fiber optic cable.
|
||
</para>
|
||
|
||
<para>
|
||
Token Ring networks use a token-passing access scheme. A token data frame is
|
||
passed from one computer to the net around the ring. Each computer can
|
||
transmit data only when it has the token. This access method provides equal
|
||
access to the network for all nodes, and handles heavy loads better than
|
||
Ethernet's contention-based method.
|
||
</para>
|
||
|
||
<para>
|
||
The nodes in a Token Ring network monitor each other for reliablity. The
|
||
first computer in the network becomes an Active Monitor, and the others
|
||
are Passive Monitors. Each computer monitors its nearest upstream
|
||
neighbour. When an error occurs, the computer broadcasts a beacon packet
|
||
indicating the error.
|
||
</para>
|
||
|
||
<para>
|
||
The NICs in all computers respond to the beacon by running self-tests, and
|
||
removing themselves from the network if necessary. Node in the network can
|
||
also automatically remove packets sent to a computer that is having a
|
||
problem. This makes Token Ring a reliable choice for networking.
|
||
</para>
|
||
|
||
- Token-Ring HOWTO
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="X25">
|
||
|
||
<title>X25</title>
|
||
|
||
<para>
|
||
X.25 is a circuit based protocol developed in the 1970s for packet switching
|
||
by the C.C.I.T.T. (a standards body recognized by Telecommunications
|
||
companies in most parts of the world), allowing customers to share access to
|
||
a PDN (Public Data Network). These networks, such as Sprintnet and Tymnet,
|
||
were the most practical way to connect large companies at the time,
|
||
and are still used by some companies. PDNs are networks that have local
|
||
dial-up access points in cities throughout the country and use dedicated lines
|
||
to network between these cities. Companies would dial up in two locations to
|
||
connect their computers.
|
||
</para>
|
||
|
||
<para>
|
||
Computers, routers, or other devices that access a PDN using the X.25
|
||
protocols are called data terminal equipment, or DTEs. DTEs without built-in
|
||
support for X.25 is a protocol with a relatively high overhead, since it
|
||
provides error control and accounting for users of the network.
|
||
</para>
|
||
|
||
<para>
|
||
The X.25 protocol supports speeds up to 64 Kbps. This makes it impractical for
|
||
many networks, but it is an inexpensive alternative for low-bandwidth
|
||
applications. X,25 is a protocol with a relatively high overhead, since it
|
||
provides error control and accouting for users of the network.
|
||
</para>
|
||
|
||
- X25 HOWTO
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="IPv6">
|
||
|
||
<title>IPv6</title>
|
||
|
||
|
||
<para>
|
||
<![CDATA[
|
||
2.1. What is IPv6?
|
||
|
||
IPv6, sometimes also referred to as IPng (IP Next Generation)
|
||
is a new layer 3 protocol (see [http://www.linuxports.com/howto/
|
||
intro_to_networking/c4412.htm#PAGE103HTML] linuxports/howto/
|
||
intro_to_networking/ISO - OSI Model) which will supersede IPv4 (also known as
|
||
IP).
|
||
|
||
It was designed to address many issues including, the shortage of
|
||
available IP addresses, lack of mechanisms to handle time-sensitive
|
||
traffic, lack of network layer security, etc.
|
||
|
||
IPv4 was designed long time ago ([http://www.faqs.org/rfcs/rfc760.html]
|
||
RFC 760 / Internet Protocol from January 1980) and since its inception, there
|
||
have been many requests for more addresses and enhanced capabilities. Latest
|
||
RFC is [http://www.faqs.org/rfcs/rfc2460.html] RFC 2460 / Internet Protocol
|
||
Version 6 Specification. Major changes in IPv6 are the redesign of the
|
||
header, including the increase of address size from 32 bits to 128 bits.
|
||
Because layer 3 is responsible for end-to-end packet transport using packet
|
||
routing based on addresses, it must include the new IPv6 addresses (source
|
||
and destination), like IPv4. It is anticpated that the larger name space
|
||
and accompanying improved addressing scheme, which will prove to provide
|
||
a major improvement on routing performance.
|
||
|
||
For more information about the IPv6 history take a look at older IPv6 related
|
||
RFCs listed e.g. at [http://www.switch.ch/lan/ipv6/references.html] SWITCH
|
||
IPv6 Pilot / References.
|
||
|
||
-----------------------------------------------------------------------------
|
||
|
||
2.2. History of IPv6 in Linux
|
||
|
||
The years 1992, 1993 and 1994 of the IPv6 History (in general) are covered by
|
||
following document: [http://www.laynetworks.com/users/webs/IPv6.htm#CH3] IPv6
|
||
or IPng (IP next generation).
|
||
|
||
To-do: better time-line, more content...
|
||
-----------------------------------------------------------------------------
|
||
|
||
2.2.1. Beginning
|
||
|
||
The first IPv6 related network code was added to the Linux kernel 2.1.8 in
|
||
November 1996 by Pedro Roque. It was based on the BSD API:
|
||
diff -u --recursive --new-file v2.1.7/linux/include/linux/in6.h
|
||
¬ linux/include/linux/in6.h
|
||
--- v2.1.7/linux/include/linux/in6.h Thu Jan 1 02:00:00 1970
|
||
+++ linux/include/linux/in6.h Sun Nov 3 11:04:42 1996
|
||
@@ -0,0 +1,99 @@
|
||
+/*
|
||
+ * Types and definitions for AF_INET6
|
||
+ * Linux INET6 implementation
|
||
+ * + * Authors:
|
||
+ * Pedro Roque <******>
|
||
+ *
|
||
+ * Source:
|
||
+ * IPv6 Program Interfaces for BSD Systems
|
||
+ * <draft-ietf-ipngwg-bsd-api-05.txt>
|
||
|
||
|
||
The shown lines were copied from patch-2.1.8 (e-mail address was blanked on
|
||
copy&paste).
|
||
-----------------------------------------------------------------------------
|
||
|
||
2.2.2. In between
|
||
|
||
Because of lack of manpower, the IPv6 implementation in the kernel was unable
|
||
to follow the discussed drafts or newly released RFCs. In October 2000, a
|
||
project was started in Japan, called [http://www.linux-ipv6.org/] USAGI,
|
||
whose aim was to implement all missing, or outdated IPv6 support in Linux. It
|
||
tracks the current IPv6 implementation in FreeBSD made by the [http://
|
||
www.kame.net/] KAME project. From time to time they create snapshots against
|
||
current vanilla Linux kernel sources.
|
||
-----------------------------------------------------------------------------
|
||
|
||
2.2.3. Current
|
||
|
||
Unfortunately, the [http://www.linux-ipv6.org/] USAGI patch is so big, that
|
||
current Linux networking maintainers are unable to include it in the
|
||
production source of the Linux kernel 2.4.x series. Therefore the 2.4.x
|
||
series is missing some (many) extensions and also does not confirm to all
|
||
current drafts and RFCs (see [http://www.ietf.org/html.charters/
|
||
ipv6-charter.html] IP Version 6 Working Group (ipv6) Charter). This can cause
|
||
some interoperability problems with other operating systems.
|
||
-----------------------------------------------------------------------------
|
||
|
||
2.2.4. Future
|
||
|
||
[http://www.linux-ipv6.org/] USAGI is now making use of the new Linux kernel
|
||
development series 2.5.x to insert all of their current extensions into this
|
||
development release. Hopefully the 2.6.x kernel series will contain a true
|
||
and up-to-date IPv6 implementation.
|
||
-----------------------------------------------------------------------------
|
||
]]>
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="STRIP">
|
||
|
||
<title>STRIP</title>
|
||
|
||
<para>
|
||
STRIP (Starnode Radio IP) is a protocol designed specifically for
|
||
a range of Metricom radio modems for a research project being
|
||
conducted by Stanford University called the MosquitoNet Project.
|
||
There is a lot of interesting reading here, even if you aren't
|
||
directly interested in the project.
|
||
</para>
|
||
|
||
<para>
|
||
The Metricom radios connect to a serial port, employ spread spectrum
|
||
technology and are typically capable of about 100kbps. Information on
|
||
the Metricom radios is available from the: Metricom Web Server.
|
||
</para>
|
||
|
||
<para>
|
||
At present the standard network tools and utilities do not support the
|
||
STRIP driver, so you will have to download some customized tools from
|
||
the MosquitoNet web server. Details on what software you need is
|
||
available at the: MosquitoNet STRIP Page.
|
||
</para>
|
||
|
||
<para>
|
||
A summary of configuration is that you use a modified slattach program
|
||
to set the line discipline of a serial tty device to STRIP and then
|
||
configure the resulting `st[0-9]' device as you would for ethernet
|
||
with one important exception, for technical reasons STRIP does not
|
||
support the ARP protocol, so you must manually configure the ARP
|
||
entries for each of the hosts on your subnet. This shouldn't prove too
|
||
onerous. STRIP device names are `st0', `st1', etc.... The relevant
|
||
kernel compilation options are given below.
|
||
</para>
|
||
|
||
<para>
|
||
<screen>
|
||
<![CDATA[
|
||
Kernel Compile Options:
|
||
|
||
Network device support --->
|
||
[*] Network device support
|
||
....
|
||
[*] Radio network interfaces
|
||
< > STRIP (Metricom starmode radio IP)
|
||
]]>
|
||
</screen>
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="WaveLAN">
|
||
|
||
<title>WaveLAN</title>
|
||
|
||
<para>
|
||
The WaveLAN card is a spread spectrum wireless lan card. The card
|
||
looks very like an ethernet card in practice and is configured in much
|
||
the same way.
|
||
</para>
|
||
|
||
<para>
|
||
You can get information on the Wavelan card from wavelan.com.
|
||
</para>
|
||
|
||
<para>
|
||
Wavelan device names are `eth0', `eth1', etc.
|
||
</para>
|
||
|
||
<para>
|
||
<screen>
|
||
<![CDATA[
|
||
Kernel Compile Options:
|
||
|
||
Network device support --->
|
||
[*] Network device support
|
||
....
|
||
[*] Radio network interfaces
|
||
....
|
||
<*> WaveLAN support
|
||
]]>
|
||
</screen>
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="ISDN">
|
||
|
||
<title>ISDN</title>
|
||
|
||
<para>
|
||
The Integrated Services Digital Network (ISDN) is a series of
|
||
standards that specify a general purpose switched digital data
|
||
network. An ISDN `call' creates a synchronous point to point data
|
||
service to the destination. ISDN is generally delivered on a high
|
||
speed link that is broken down into a number of discrete channels.
|
||
There are two different types of channels, the `B Channels' which will
|
||
actually carry the user data and a single channel called the `D
|
||
channel' which is used to send control information to the ISDN
|
||
exchange to establish calls and other functions. In Australia for
|
||
example, ISDN may be delivered on a 2Mbps link that is broken into 30
|
||
discrete 64kbps B channels with one 64kbps D channel. Any number of
|
||
channels may be used at a time and in any combination. You could for
|
||
example establish 30 separate calls to 30 different destinations at
|
||
64kbps each, or you could establish 15 calls to 15 different
|
||
destinations at 128kbps each (two channels used per call), or just a
|
||
small number of calls and leave the rest idle. A channel may be used
|
||
for either incoming or outgoing calls. The original intention of ISDN
|
||
was to allow Telecommunications companies to provide a single data
|
||
service which could deliver either telephone (via digitised voice) or
|
||
data services to your home or business without requiring you to make
|
||
any special configuration changes.
|
||
</para>
|
||
|
||
<para>
|
||
There are a few different ways to connect your computer to an ISDN
|
||
service. One way is to use a device called a `Terminal Adaptor' which
|
||
plugs into the Network Terminating Unit that you telecommunications
|
||
carrier will have installed when you got your ISDN service and
|
||
presents a number of serial interfaces. One of those interfaces is
|
||
used to enter commands to establish calls and configuration and the
|
||
others are actually connected to the network devices that will use the
|
||
data circuits when they are established. Linux will work in this sort
|
||
of configuration without modification, you just treat the port on the
|
||
Terminal Adaptor like you would treat any other serial device.
|
||
Another way, which is the way the kernel ISDN support is designed for
|
||
allows you to install an ISDN card into your Linux machine and then
|
||
has your Linux software handle the protocols and make the calls
|
||
itself.
|
||
</para>
|
||
|
||
<para>
|
||
The Linux kernel has built-in ISDN capabilies. Isdn4linux controls
|
||
ISDN PC cards and can emulate a modem with the Hayes command set ("AT"
|
||
commands). The possibilities range from simply using a terminal
|
||
program to connections via HDLC (using included devices) to full
|
||
connection to the Internet with PPP to audio applications.
|
||
|
||
· FAQ for isdn4linux: http://ww.isdn4linux.de/faq/
|
||
</para>
|
||
|
||
<para>
|
||
<screen>
|
||
<![CDATA[
|
||
Kernel Compile Options:
|
||
|
||
ISDN subsystem --->
|
||
<*> ISDN support
|
||
[ ] Support synchronous PPP
|
||
[ ] Support audio via ISDN
|
||
< > ICN 2B and 4B support
|
||
< > PCBIT-D support
|
||
< > Teles/NICCY1016PC/Creatix support
|
||
]]>
|
||
</screen>
|
||
</para>
|
||
|
||
<para>
|
||
The Linux implementation of ISDN supports a number of different types
|
||
of internal ISDN cards. These are those listed in the kernel
|
||
configuration options:
|
||
</para>
|
||
|
||
· ICN 2B and 4B
|
||
· Octal PCBIT-D
|
||
· Teles ISDN-cards and compatibles
|
||
|
||
<para>
|
||
Some of these cards require software to be downloaded to them to make
|
||
them operational. There is a separate utility to do this with.
|
||
</para>
|
||
|
||
<para>
|
||
Full details on how to configure the Linux ISDN support is available
|
||
from the /usr/src/linux/Documentation/isdn/ directory and an FAQ
|
||
dedicated to isdn4linux is available at www.lrz-muenchen.de. (You can
|
||
click on the english flag to get an english version).
|
||
</para>
|
||
|
||
<para>
|
||
A note about PPP. The PPP suite of protocols will operate over either
|
||
asynchronous or synchronous serial lines. The commonly distributed PPP
|
||
daemon for Linux `pppd' supports only asynchronous mode. If you wish
|
||
to run the PPP protocols over your ISDN service you need a specially
|
||
modified version. Details of where to find it are available in the
|
||
documentation referred to above.
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="NIS">
|
||
|
||
<title>NIS</title>
|
||
|
||
<para>
|
||
The Network Information Service (NIS) provides a simple network lookup
|
||
service consisting of databases and processes. Its purpose is to
|
||
provide information that has to be known throughout the network to all
|
||
machines on the network. For example, it enables an administrator to
|
||
allow users access to any machine in a network running NIS without a
|
||
password entry existing on each machine; only the main database needs
|
||
to be maintained.
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="Services">
|
||
|
||
<title>Services</title>
|
||
|
||
<para>
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="Database">
|
||
|
||
<title>Database</title>
|
||
|
||
<para>
|
||
Most databases are supported under Linux, including Oracle, DB2, Sybase, Informix, MySQL, PostgreSQL,
|
||
InterBase and Paradox. Databases, and the Structures Query Language they work with, are complex, and this
|
||
chapter has neither the space or depth to deal with them. Read the next section on PHP to learn how to set
|
||
a dynamically generated Web portal in about five minutes.
|
||
|
||
We'll be using MySQL because it's extremely fast, capable of handling large databases (200G databases aren't
|
||
unheard of), and has recently been made open source. It also works well with PHP. While currently
|
||
lacking transaction support (due to speed concerns), a future version of MySQL will have this opt
|
||
</para>
|
||
|
||
* Connecting to MS SQL 6.x+ via Openlink/PHP/ODBC mini-HOWTO
|
||
|
||
* Sybase Adaptive Server Anywhere for Linux HOWTO
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="DHCP">
|
||
|
||
<title>DHCP</title>
|
||
|
||
<para>
|
||
Endeavouring to maintain static IP addressing to maintain static IP addressing
|
||
information, such as IP addresses, subnet masks, DNS names and other
|
||
information on client machines can be difficult. Documentation becomes lost or
|
||
out-of-date, and network reconfigurations require details to be modified
|
||
manually on every machine.
|
||
</para>
|
||
|
||
<para>
|
||
DHCP (Dynamic Host Configuration Protocol) solves this problem by providing
|
||
arbitrary information (including IP addressing) to clients upon request.
|
||
Almost all client OSes support it and it is standard in most large networks.
|
||
</para>
|
||
|
||
<para>
|
||
The impact that it has is most prevalent it eases network administration,
|
||
especially in large networks or networks which have lots of mobile users.
|
||
</para>
|
||
|
||
2. DHCP protocol
|
||
|
||
DHCP (Dynamic Host Configuration Protocol), is used to control
|
||
vital networking parameters of hosts (running clients) with the help
|
||
of a server. DHCP is backward compatible with BOOTP. For more
|
||
information see RFC 2131 (old RFC 1541) and other. (See Internet
|
||
Resources section at the end of the document). You can also read
|
||
[32]http://web.syr.edu/~jmwobus/comfaqs/dhcp.faq.html.
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="DNS">
|
||
|
||
<title>DNS</title>
|
||
|
||
Setting Up Your New Domain Mini-HOWTO.
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="FTP">
|
||
|
||
<title>FTP</title>
|
||
|
||
<para>
|
||
File Transport Protocol (FTP) is an efficient way to transfer files between
|
||
machines across networks and clients and servers exist for almost all platforms
|
||
making FTP the most convenient (and therefore popular) method of transferring
|
||
files. FTP was first developed by the University of California, Berkeley for
|
||
inclusion in 4.2BSD (Berkeley Unix). The RFC (Request for Comments)
|
||
documents for the protocol is now known as RFC 959 and is available at
|
||
ftp://nic.merit.edu/documents/rfc/rfc0959.txt.
|
||
</para>
|
||
|
||
<para>
|
||
There are two typical modes of running an FTP server - either anonymously or
|
||
account-based. Anonymous FTP servers are by far the most popular; they allow
|
||
any machine to access the FTP server and the files stored on it with the same
|
||
permissions. No usernames or passwords are transmitted down the wire.
|
||
Account-based FTP allows users to login with real usernames and passwords.
|
||
While it provides greater access control than anonymous FTP, transmitting real
|
||
usernames and password unencrypted over the Internet is generally avoided for
|
||
security reasons.
|
||
</para>
|
||
|
||
<para>
|
||
An FTP client is the userland application that provides access to FTP
|
||
servers. There are many FTP clients available. Some are graphical, and
|
||
some are text-based.
|
||
</para>
|
||
|
||
* FTP HOWTO
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="LDAP">
|
||
|
||
<title>LDAP</title>
|
||
|
||
Information about installing, configuring, running and maintaining a LDAP
|
||
(Lightweight Directory Access Protocol) Server on a Linux machine is
|
||
presented on this section. This section also presents details about how to
|
||
create LDAP databases, how to add, how to update and how to delete
|
||
information on the directory. This paper is mostly based on the University of
|
||
Michigan LDAP information pages and on the OpenLDAP Administrator's Guide.
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="NFS">
|
||
|
||
<title>NFS</title>
|
||
|
||
NFS (Network File System)
|
||
|
||
The TCP/IP suite's equivalent of file sharing. This protocol operates at the Process/Application
|
||
layer of the DOD model, similar to the application layer of the OSI model.
|
||
|
||
SLIP (Serial Line Internet Protocol) and PPP (Point-to-Point Protocol)
|
||
|
||
Two protocols commonly used for dial-up access to the Internet. They are typically used with
|
||
TCP/IP; while SLIP works only with TCP/IP, PPP can be used with other protocols.
|
||
|
||
SLIP was the first protocol for dial-up Internet access. It opeates at the physical layer of the
|
||
OSI model, and provides a simple interface to a UNIX or other dial-up host for Internet access.
|
||
SLIP does not provide security, so authentication is handled through prompts before initiating
|
||
the SLIP connection.
|
||
|
||
PPP is a more recent development. It operates at the physical and data link layers of the OSI
|
||
model. In addition to the features of SLIP, PPP supports data compression, security (authentication),
|
||
and error control. PPP can also dynamically assign network addresses.
|
||
|
||
Since PPP provides easier authentication and better security, it should be used for dial-up connections
|
||
whenever possible. However, you may need to use SLIRP to communicate with dial-up servers (particularly
|
||
older UNIC machines and dedicated hardware servers) that don't support PPP.
|
||
|
||
> Start Config-HOWTO
|
||
|
||
2.15. Automount Points
|
||
|
||
If you don't like the mounting/unmounting thing, consider using autofs(5). You tell the autofs daemon what to automount and where starting with a file, /etc/auto.master. Its structure is simple:
|
||
|
||
|
||
/misc/etc/auto.misc
|
||
/mnt/etc/auto.mnt
|
||
|
||
In this example you tell autofs to automount media in /misc and /mnt, while the mountpoints are specified in/etc/auto.misc and /etc/auto.mnt. An example of /etc/auto.misc:
|
||
|
||
|
||
# an NFS export
|
||
server -romy.buddy.net:/pub/export
|
||
# removable media
|
||
cdrom -fstype=iso9660,ro:/dev/hdb
|
||
floppy-fstype=auto:/dev/fd0
|
||
|
||
Start the automounter. From now on, whenever you try to access the inexistent mount point /misc/cdrom, il will be created and the CD-ROM will be mounted.
|
||
|
||
>End Config-HOWTO
|
||
|
||
5.4. Unix Environment
|
||
|
||
The preferred way to share files in a Unix networking environment is
|
||
through NFS. NFS stands for Network File Sharing and it is a protocol
|
||
originally developed by Sun Microsystems. It is a way to share files
|
||
between machines as if they were local. A client "mounts" a filesystem
|
||
"exported" by an NFS server. The mounted filesystem will appear to the
|
||
client machine as if it was part of the local filesystem.
|
||
|
||
It is possible to mount the root filesystem at startup time, thus
|
||
allowing diskless clients to boot up and access all files from a
|
||
server. In other words, it is possible to have a fully functional
|
||
computer without a hard disk.
|
||
|
||
Coda is a network filesystem (like NFS) that supports disconnected
|
||
operation, persistant caching, among other goodies. It's included in
|
||
2.2.x kernels. Really handy for slow or unreliable networks and
|
||
laptops.
|
||
|
||
NFS-related documents:
|
||
|
||
· http://metalab.unc.edu/mdw/HOWTO/mini/NFS-Root.html
|
||
|
||
· http://metalab.unc.edu/mdw/HOWTO/Diskless-HOWTO.html
|
||
|
||
· http://metalab.unc.edu/mdw/HOWTO/mini/NFS-Root-Client-mini-
|
||
HOWTO/index.html
|
||
|
||
· http://www.redhat.com/support/docs/rhl/NFS-Tips/NFS-Tips.html
|
||
|
||
· http://metalab.unc.edu/mdw/HOWTO/NFS-HOWTO.html
|
||
|
||
CODA can be found at: http://www.coda.cs.cmu.edu/
|
||
|
||
<para>
|
||
5.4. Unix Environment
|
||
|
||
The preferred way to share files in a Unix networking environment is
|
||
through NFS. NFS stands for Network File Sharing and it is a protocol
|
||
originally developed by Sun Microsystems. It is a way to share files
|
||
between machines as if they were local. A client "mounts" a filesystem
|
||
"exported" by an NFS server. The mounted filesystem will appear to the
|
||
client machine as if it was part of the local filesystem.
|
||
|
||
It is possible to mount the root filesystem at startup time, thus
|
||
allowing diskless clients to boot up and access all files from a
|
||
server. In other words, it is possible to have a fully functional
|
||
computer without a hard disk.
|
||
|
||
Coda is a network filesystem (like NFS) that supports disconnected
|
||
operation, persistant caching, among other goodies. It's included in
|
||
2.2.x kernels. Really handy for slow or unreliable networks and
|
||
laptops.
|
||
|
||
NFS-related documents:
|
||
|
||
· http://metalab.unc.edu/mdw/HOWTO/mini/NFS-Root.html
|
||
|
||
· http://metalab.unc.edu/mdw/HOWTO/Diskless-HOWTO.html
|
||
|
||
· http://metalab.unc.edu/mdw/HOWTO/mini/NFS-Root-Client-mini-
|
||
HOWTO/index.html
|
||
|
||
· http://www.redhat.com/support/docs/rhl/NFS-Tips/NFS-Tips.html
|
||
|
||
· http://metalab.unc.edu/mdw/HOWTO/NFS-HOWTO.html
|
||
|
||
CODA can be found at: http://www.coda.cs.cmu.edu/
|
||
|
||
Samba is the Linux implementation of SMB under Linux. NFS is the Unix equivalent - a way to import and
|
||
export local files to and from remote machines. Like SMB, NFS sends information including user
|
||
passwords unencrypted, is its best to limit it to within your local network.
|
||
|
||
As you know, all storage in Linux is visible within a single tree structure, and new hard disks,
|
||
CD-ROMs, Zip drives and other spaces are mounted on a particular directory. NFS shares are also
|
||
attached to the system in this manner. NFS is included in most Linux kernels, and the tools
|
||
necessary to be an NFS server and client come in most distributions.
|
||
|
||
However, users of Linux kernel 2.2 hoping to use NFS may wish to upgrade to
|
||
kernel 2.4; while the earlier version of Linux NFS did work well, it was far slower than
|
||
most other Unix implementations of this protocol.
|
||
|
||
>Start Config-HOWTO
|
||
2.15. Automount Points
|
||
|
||
If you don't like the mounting/unmounting thing, consider using autofs(5). You tell the autofs daemon what to automount and where starting with a file, /etc/auto.master. Its structure is simple:
|
||
|
||
|
||
/misc/etc/auto.misc
|
||
/mnt/etc/auto.mnt
|
||
|
||
In this example you tell autofs to automount media in /misc and /mnt, while the mountpoints are specified in/etc/auto.misc and /etc/auto.mnt. An example of /etc/auto.misc:
|
||
|
||
|
||
# an NFS export
|
||
server -romy.buddy.net:/pub/export
|
||
# removable media
|
||
cdrom -fstype=iso9660,ro:/dev/hdb
|
||
floppy-fstype=auto:/dev/fd0
|
||
|
||
Start the automounter. From now on, whenever you try to access the inexistent mount point /misc/cdrom, il will be created and the CD-ROM will be mounted.
|
||
>End Config-HOWTO
|
||
|
||
> Linux NFS-HOWTO
|
||
> NFS-Root mini-HOWTO
|
||
> NFS-Root-Client Mini-HOWTO
|
||
> The Linux NIS(YP)/NYS/NIS+ HOWTO
|
||
</para>
|
||
|
||
Linux NFS-HOWTO
|
||
|
||
2. Introduction
|
||
|
||
2.1. What is NFS?
|
||
|
||
The Network File System (NFS) was developed to allow machines to mount a disk
|
||
partition on a remote machine as if it were on a local hard drive. This
|
||
allows for fast, seamless sharing of files across a network.
|
||
|
||
It also gives the potential for unwanted people to access your hard drive
|
||
over the network (and thereby possibly read your email and delete all your
|
||
files as well as break into your system) if you set it up incorrectly. So
|
||
please read the Security section of this document carefully if you intend to
|
||
implement an NFS setup.
|
||
|
||
There are other systems that provide similar functionality to NFS. Samba
|
||
([http://www.samba.org] http://www.samba.org) provides file services to
|
||
Windows clients. The Andrew File System from IBM ([http://www.transarc.com/
|
||
Product/EFS/AFS/index.html] http://www.transarc.com/Product/EFS/AFS/
|
||
index.html), recently open-sourced, provides a file sharing mechanism with
|
||
some additional security and performance features. The Coda File System
|
||
([http://www.coda.cs.cmu.edu/] http://www.coda.cs.cmu.edu/) is still in
|
||
development as of this writing but is designed to work well with disconnected
|
||
clients. Many of the features of the Andrew and Coda file systems are slated
|
||
for inclusion in the next version of NFS (Version 4) ([http://www.nfsv4.org]
|
||
http://www.nfsv4.org). The advantage of NFS today is that it is mature,
|
||
standard, well understood, and supported robustly across a variety of
|
||
platforms.
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="Samba">
|
||
|
||
8.11. SAMBA - `NetBEUI', `NetBios', `CIFS' support.
|
||
|
||
SAMBA is an implementation of the Session Management Block protocol.
|
||
Samba allows Microsoft and other systems to mount and use your disks
|
||
and printers.
|
||
|
||
SAMBA and its configuration are covered in detail in the SMB-HOWTO.
|
||
|
||
5.2. Windows Environment
|
||
|
||
Samba is a suite of applications that allow most Unices (and in
|
||
particular Linux) to integrate into a Microsoft network both as a
|
||
client and a server. Acting as a server it allows Windows 95, Windows
|
||
for Workgroups, DOS and Windows NT clients to access Linux files and
|
||
printing services. It can completely replace Windows NT for file and
|
||
printing services, including the automatic downloading of printer
|
||
drivers to clients. Acting as a client allows the Linux workstation to
|
||
mount locally exported windows file shares.
|
||
|
||
According to the SAMBA Meta-FAQ:
|
||
|
||
"Many users report that compared to other SMB implementations Samba is more stable,
|
||
faster, and compatible with more clients. Administrators of some large installations say
|
||
that Samba is the only SMB server available which will scale to many tens of thousands
|
||
of users without crashing"
|
||
|
||
· <ulink url="http://samba.anu.edu.au/samba/">Samba project home page</ulink>
|
||
|
||
· <ulink url="http://metalab.unc.edu/mdw/HOWTO/SMB-HOWTO.html">SMB HOWTO</ulink>
|
||
|
||
· <ulink url="http://metalab.unc.edu/mdw/HOWTO/Printing-HOWTO.html">Printing HOWTO</ulink>
|
||
|
||
<glossentry>
|
||
<glossterm>
|
||
samba
|
||
</glossterm>
|
||
<glossdef>
|
||
<para>
|
||
A LanManager like file and printer server for Unix. The Samba software suite is a collection of programs that implements the SMB protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or NetBIOS protocol. This package contains all the components necessary to turn your Debian GNU/Linux box into a powerful file and printer server. Currently, the Samba Debian packages consist of the following: samba - A LanManager like file and printer server for Unix. samba-common - Samba common files used by both the server and the client. smbclient - A LanManager like simple client for Unix. swat - Samba Web Administration Tool samba-doc - Samba documentation. smbfs - Mount and umount commands for the smbfs (kernels 2.0.x and above). libpam-smbpass - pluggable authentication module for SMB password database libsmbclient - Shared library that allows applications to talk to SMB servers libsmbclient-dev - libsmbclient shared libraries winbind: Service to resolve user and group information from Windows NT servers It is possible to install a subset of these packages depending on your particular needs. For example, to access other SMB servers you should only need the smbclient and samba-common packages. From Debian 3.0r0 APT
|
||
<ulink url="http://www.tldp.org/LDP/Linux-Dictionary/html/index.html">http://www.tldp.org/LDP/Linux-Dictionary/html/index.html</ulink>
|
||
</para>
|
||
</glossdef>
|
||
</glossentry>
|
||
|
||
<glossentry>
|
||
<glossterm>
|
||
Samba
|
||
</glossterm>
|
||
<glossdef>
|
||
<para>
|
||
A lot of emphasis has been placed on peaceful coexistence between UNIX and Windows. Unfortunately, the two systems come from very different cultures and they have difficulty getting along without mediation. ...and that, of course, is Samba's job. Samba <http://samba.org/> runs on UNIX platforms, but speaks to Windows clients like a native. It allows a UNIX system to move into a Windows ``Network Neighborhood'' without causing a stir. Windows users can happily access file and print services without knowing or caring that those services are being offered by a UNIX host. All of this is managed through a protocol suite which is currently known as the ``Common Internet File System,'' or CIFS <http://www.cifs.com>. This name was introduced by Microsoft, and provides some insight into their hopes for the future. At the heart of CIFS is the latest incarnation of the Server Message Block (SMB) protocol, which has a long and tedious history. Samba is an open source CIFS implementation, and is available for free from the http://samba.org/ mirror sites. Samba and Windows are not the only ones to provide CIFS networking. OS/2 supports SMB file and print sharing, and there are commercial CIFS products for Macintosh and other platforms (including several others for UNIX). Samba has been ported to a variety of non-UNIX operating systems, including VMS, AmigaOS, and NetWare. CIFS is also supported on dedicated file server platforms from a variety of vendors. In other words, this stuff is all over the place. From Rute-Users-Guide
|
||
<ulink url="http://www.tldp.org/LDP/Linux-Dictionary/html/index.html">http://www.tldp.org/LDP/Linux-Dictionary/html/index.html</ulink>
|
||
</para>
|
||
</glossdef>
|
||
</glossentry>
|
||
|
||
<glossentry>
|
||
<glossterm>
|
||
Samba
|
||
</glossterm>
|
||
<glossdef>
|
||
<para>
|
||
Samba adds Windows-networking support to UNIX. Whereas NFS is the most popular protocol for sharing files among UNIX machines, SMB is the most popular protocol for sharing files among Windows machines. The Samba package adds the ability for UNIX systems to interact with Windows systems. Key point: The Samba package comprises the following: smbd The Samba service allowing other machines (often Windows) to read files from a UNIX machine. nmbd Provides support for NetBIOS. Logically, the SMB protocol is layered on top of NetBIOS, which is in turn layered on top of TCP/IP. smbmount An extension to the mount program that allows a UNIX machine to connect to another machine implicitly. Files can be accessed as if they were located on the local machines. smbclient Allows files to be access through SMB in an explicity manner. This is a command-line tool much like the FTP tool that allows files to be copied. Unlike smbmount, files cannot be accessed as if they were local. smb.conf The configuration file for Samba. From Hacking-Lexicon
|
||
<ulink url="http://www.tldp.org/LDP/Linux-Dictionary/html/index.html">http://www.tldp.org/LDP/Linux-Dictionary/html/index.html</ulink>
|
||
</para>
|
||
</glossdef>
|
||
</glossentry>
|
||
|
||
Samba Authenticated Gateway HOWTO
|
||
Ricardo Alexandre Mattar
|
||
v1.2, 2004-05-21
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="SSH">
|
||
|
||
<title>SSH</title>
|
||
|
||
<para>
|
||
The Secure Shell, or SSH, provides a way of running command line and
|
||
graphical applications, and transferring files, over an encrypted
|
||
connection. SSH uses up to 2,048-bit encryption with a variety of
|
||
cryptographic schemes to make sure that if a cracker intercepts your
|
||
connection, all they can see is useless gibberish. It is both a
|
||
protocol and a suite of small command line applications which can be
|
||
used for various functions.
|
||
</para>
|
||
|
||
<para>
|
||
SSH replaces the old Telnet application, and can be used for secure
|
||
remote administration of machines across the Internet. However, it
|
||
has more features.
|
||
</para>
|
||
|
||
<para>
|
||
SSH increases the ease of running applications remotely by setting up
|
||
permissions automatically. If you can log into a machine, it allows you
|
||
to run a graphical application on it, unlike Telnet, which requires users
|
||
to type lots of geeky xhost and xauth commands. SSH also has inbuild
|
||
compression, which allows your graphic applications to run much faster
|
||
over the network.
|
||
</para>
|
||
|
||
<para>
|
||
SCP (Secure Copy) and SFTP (Secure FTP) allow transfer of files over the
|
||
remote link, either via SSH's own command line utilities or graphical tools
|
||
like Gnome's GFTP. Like Telnet, SSH is cross-platform. You can find SSH
|
||
servers and clients for Linux, Unix, all flavours of Windows, BeOS, PalmOS,
|
||
Java and Embedded OSes used in routers.
|
||
</para>
|
||
|
||
<para>
|
||
Encrypted remote shell sessions are available through SSH
|
||
(<ulink url="http://www.ssh.fi/sshprotocols2/index.html"/>)
|
||
thus effectively allowing secure remote administration.
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="Telnet">
|
||
|
||
<title>Telnet</title>
|
||
|
||
<para>
|
||
Created in the early 1970s, Telnet provides a method of running command
|
||
line applications on a remote computer as if that person were actually at
|
||
the remote site. Telnet is one of the most powerful tools for Unix, allowing
|
||
for true remote administration. It is also an interesting program from the
|
||
point of view of users, because it allows remote access to all their files
|
||
and programs from anywhere in the Internet. Combined with an X server (as
|
||
well as some rather arcane manipluation of authentication 'cookies' and
|
||
'DISPLAY' environment variables), there is no difference (apart from the
|
||
delay) between being at the console or on the other side of the planet.
|
||
However, since the 'telnet' protocol sends data 'en-clair' and there are
|
||
now more efficient protocols with features such as built-in
|
||
compression and 'tunneling' which allows for greater ease of usage of graphical
|
||
applications across the network as well as more secure connections it is an
|
||
effectively a dead protocol. Like the 'r' (such as rlogin and rsh) related
|
||
protocols it is still used though, within internal networks for the reasons
|
||
of ease of installation and use as well as backwards compatibility and also
|
||
as a means by which to configure networking devices such as routers
|
||
and firewalls.
|
||
</para>
|
||
|
||
<para>
|
||
Please consult RFC 854 for further details behind its implementation.
|
||
</para>
|
||
|
||
<para>
|
||
· <ulink url="http://metalab.unc.edu/pub/Linux/system/network/telnet/">
|
||
Telnet related software</ulink>
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="TFTP">
|
||
|
||
<title>TFTP</title>
|
||
|
||
<para>
|
||
Trivial File Transfer Protocol TFTP is a bare-bones protocol used by
|
||
devices that boot from the network. It is runs on top of UDP, so it
|
||
doesn't require a real TCP/IP stack. Misunderstanding: Many people
|
||
describe TFTP as simply a trivial version of FTP without authentication.
|
||
This misses the point. The purpose of TFTP is not to reduce the complexity
|
||
of file transfer, but to reduce the complexity of the underlying TCP/IP
|
||
stack so that it can fit inside boot ROMs. Key point: TFTP is almost
|
||
always used with BOOTP. BOOTP first configures the device, then TFTP
|
||
transfers the boot image named by BOOTP which is then used to boot the
|
||
device. Key point: Many systems come with unnecessary TFTP servers. Many
|
||
TFTP servers have bugs, like the backtracking problem or buffer overflows.
|
||
As a consequence, many systems can be exploited with TFTP even though
|
||
virtually nobody really uses it. Key point: A TFTP file transfer client
|
||
is built into many operating systems (UNIX, Windows, etc....). These clients
|
||
are often used to download rootkits when being broken into. Therefore,
|
||
removing the TFTP client should be part of your hardening procedure.
|
||
For further details on the TFTP protocol please see RFC's 1350, 1782,
|
||
1783, 1784, and 1785.
|
||
</para>
|
||
|
||
<para>
|
||
Most likely, you'll interface with the TFTP protocol using the TFTP command
|
||
line client, 'tftp', which allows users to transfer files to and from a
|
||
remote machine. The remote host may be specified on the command line, in
|
||
which case tftp uses host as the default host for future transfers.
|
||
</para>
|
||
|
||
<para>
|
||
Setting up TFTP is almost as easy as DHCP.
|
||
First install from the rpm package:
|
||
<screen>
|
||
# rpm -ihv tftp-server-*.rpm
|
||
</screen>
|
||
</para>
|
||
|
||
<para>
|
||
Create a directory for the files:
|
||
<screen>
|
||
# mkdir /tftpboot
|
||
# chown nobody:nobody /tftpboot
|
||
</screen>
|
||
</para>
|
||
|
||
<para>
|
||
The directory /tftpboot is owned by user nobody, because this is the default
|
||
user id set up by tftpd to access the files. Edit the file /etc/xinetd.d/tftp
|
||
to look like the following:
|
||
</para>
|
||
|
||
<para>
|
||
<screen>
|
||
service tftp
|
||
{
|
||
socket_type = dgram
|
||
protocol = udp
|
||
wait = yes
|
||
user = root
|
||
server = /usr/sbin/in.tftpd
|
||
server_args = -c -s /tftpboot
|
||
disable = no
|
||
per_source = 11
|
||
cps = 100 2
|
||
}
|
||
</screen>
|
||
</para>
|
||
|
||
<para>
|
||
The changes from the default file are the parameter disable = no (to enable
|
||
the service) and the server argument -c. This argument allows for the
|
||
creation of files, which is necessary if you want to save boot or disk
|
||
images. You may want to make TFTP read only in normal operation.
|
||
</para>
|
||
|
||
<para>
|
||
Then reload xinetd:
|
||
<screen>
|
||
/etc/rc.d/init.d/xinetd reload
|
||
</screen>
|
||
</para>
|
||
|
||
<para>
|
||
You can use the tftp command, available from the tftp (client) rpm package,
|
||
to test the server. At the tftp prompt, you can issue the commands put and
|
||
get.
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="VNC">
|
||
|
||
<title>VNC</title>
|
||
|
||
8.13. Tunnelling, mobile IP and virtual private networks
|
||
|
||
The Linux kernel allows the tunnelling (encapsulation) of protocols.
|
||
It can do IPX tunnelling through IP, allowing the connection of two
|
||
IPX networks through an IP only link. It can also do IP-IP tunnelling,
|
||
which it is essential for mobile IP support, multicast support and
|
||
amateur radio. (see
|
||
http://metalab.unc.edu/mdw/HOWTO/NET3-4-HOWTO-6.html#ss6.8)
|
||
|
||
Mobile IP specifies enhancements that allow transparent routing of IP
|
||
datagrams to mobile nodes in the Internet. Each mobile node is always
|
||
identified by its home address, regardless of its current point of
|
||
attachment to the Internet. While situated away from its home, a
|
||
mobile node is also associated with a care-of address, which provides
|
||
information about its current point of attachment to the Internet.
|
||
The protocol provides for registering the care-of address with a home
|
||
agent. The home agent sends datagrams destined for the mobile node
|
||
through a tunnel to the care-of address. After arriving at the end of
|
||
the tunnel, each datagram is then delivered to the mobile node.
|
||
|
||
Point-to-Point Tunneling Protocol (PPTP) is a networking technology
|
||
that allows the use of the Internet as a secure virtual private
|
||
network (VPN). PPTP is integrated with the Remote Access Services
|
||
(RAS) server which is built into Windows NT Server. With PPTP, users
|
||
can dial into a local ISP, or connect directly to the Internet, and
|
||
access their network as if they were at their desks. PPTP is a closed
|
||
protocol and its security has recently being compromised. It is highly
|
||
recomendable to use other Linux based alternatives, since they rely on
|
||
open standards which have been carefully examined and tested.
|
||
|
||
|
||
· A client implementation of the PPTP for Linux is available here
|
||
<ulink url="http://www.pdos.lcs.mit.edu/~cananian/Projects/PPTP/"/>
|
||
|
||
· More on Linux PPTP can be found here
|
||
<ulink url="http://bmrc.berkeley.edu/people/chaffee/linux_pptp.html"/>
|
||
|
||
Mobile IP:
|
||
|
||
· <ulink url="http://www.hpl.hp.com/personal/Jean_Tourrilhes/MobileIP/mip.html"/>
|
||
|
||
· <ulink url="http://metalab.unc.edu/mdw/HOWTO/NET3-4-HOWTO-6.html#ss6.12"/>
|
||
|
||
Virtual Private Networks related documents:
|
||
|
||
|
||
· <ulink url="http://metalab.unc.edu/mdw/HOWTO/mini/VPN.html"/>
|
||
|
||
· <ulink url="http://sites.inka.de/sites/bigred/devel/cipe.html"/>
|
||
|
||
|
||
7.4. VNC
|
||
|
||
VNC stands for Virtual Network Computing. It is, in essence, a remote
|
||
display system which allows one to view a computing 'desktop'
|
||
environment not only on the machine where it is running, but from
|
||
anywhere on the Internet and from a wide variety of machine
|
||
architectures. Both clients and servers exist for Linux as well as for
|
||
many other platforms. It is possible to execute MS-Word in a Windows
|
||
NT or 95 machine and have the output displayed in a Linux machine. The
|
||
opposite is also true; it is possible to execute an application in a
|
||
Linux machine and have the output displayed in any other Linux or
|
||
Windows machine. One of the available clients is a Java applet,
|
||
allowing the remote display to be run inside a web browser. Another
|
||
client is a port for Linux using the SVGAlib graphics library,
|
||
allowing 386s with as little as 4 MB of RAM to become fully functional
|
||
X-Terminals.
|
||
|
||
· <ulink url="http://www.orl.co.uk/vnc/">VNC web site</ulink>
|
||
|
||
<para>
|
||
Virtual Network Computing (VNC) allows a user to operate a session running on another machine.
|
||
Although Linux and all other Unix-like OSes already have this functionality built in, VNC
|
||
provides further advantages because it's cross-platform, running on Linux, BSD, Unix, Win32,
|
||
MacOS, and PalmOS. This makes it far more versatile.
|
||
|
||
For example, let's assume the machine that you are attempting to connect to is running Linux.
|
||
You can use VNC to access applications running on that other Linux desktop. You can also use
|
||
VNC to provide technical support to users on Window's based machines by taking control of
|
||
their desktops from the comfort of your server room. VNC is usually installed as seperate
|
||
packages for the client and server, typically named 'vnc' and 'vnc-server'.
|
||
|
||
VNC uses screen numbers to connect clients to servers. This is because Unix machines allow
|
||
multiple graphical sessions to be stated simultaneously (check this out by logging in to a
|
||
virtual terminal and typing startx -- :1).
|
||
|
||
For platforms (Windows, MacOS, Palm, etc) which don't have this capability, you'll connect
|
||
to 'screen 0' and take over the session of the existing user. For Unix systems, you'll need
|
||
to specify a higher number and receive a new desktop.
|
||
|
||
If you prefer the Windows-style approach where the VNC client takes over the currently
|
||
running display, you can use x0rfbserver - see the sidebox below.
|
||
|
||
VNC Servers and Clients
|
||
|
||
On Linux, the VNC server (which allows the machine to be used remotely) is actually
|
||
run as a replacement X server. To be able to start a VNC session to a machine, log
|
||
into it and run vncserver. You'll be prompted for a password - in future you can
|
||
change this password with the vncpasswd command. After you enter the password, you'll
|
||
be told the display number of the newly created machine.
|
||
|
||
It is possible to control a remote macine by using the vncviewer command. If it is
|
||
typed on its own it will prompt for a remote machine, or you can use:
|
||
vncviewer [host]:[screen-number]
|
||
|
||
> The VPN HOWTO, deprecated!!!!
|
||
> VPN HOWTO
|
||
> Linux VPN Masquerade HOWTO
|
||
</para>
|
||
|
||
10. References
|
||
|
||
10.1. Web Sites
|
||
|
||
<ulink url="http://sites.inka.de/~bigred/devel/cipe.html">Cipe Home Page</ulink>
|
||
|
||
<ulink url="http://ipmasq.cjb.net">Masq Home Page</ulink>
|
||
|
||
<ulink url="http://samba.anu.edu.au">Samba Home Page</ulink>
|
||
|
||
<ulink url="http://www.linuxhq.com">Linux HQ</ulink>
|
||
---great site for lots of linux info
|
||
|
||
10.2. Documentation
|
||
|
||
cipe.info: info file included with cipe distribution
|
||
|
||
Firewall HOWTO, by Mark Grennan, markg@netplus.net
|
||
|
||
IP Masquerade mini-HOWTO,by Ambrose Au, ambrose@writeme.com
|
||
|
||
IPChains-Howto, by Paul Russell, Paul.Russell@rustcorp.com.au
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="Web-Serving">
|
||
|
||
<title>Web-Serving</title>
|
||
|
||
<para>
|
||
The World Wide Web provides a simple method of publishing and linking
|
||
information across the Internet, and is responsible for popularising
|
||
the Internet to its current level. In the simplest case, a Web client
|
||
(or browser), such as Netscape or Internet Explorer, connects with a
|
||
Web server using a simple request/response protocol called HTTP
|
||
(Hypertext Transfer Protocol), and requests HTML (Hypertext Markup
|
||
Language) pages, images, Flash and other objects.
|
||
</para>
|
||
|
||
<para>
|
||
In mode modern situations, the Web server can also geneate pages
|
||
dynamically based on information returned from the user. Either way
|
||
setting up your own Web server is extremely simple. There are many
|
||
choices for Web serving under Linux. Some servers are very mature,
|
||
such as Apache, and are perfect for small and large sites alike.
|
||
Other servers programmed to be light and fast, and to have only a
|
||
limited feature set to reduce complexity. A search on freshmeat.net
|
||
will reveal a multitude of servers.
|
||
</para>
|
||
|
||
<para>
|
||
Most Linux distributions include Apache <ulink url="http://www.apache.org"/>.
|
||
Apache is the number one server on the internet according to
|
||
http://www.netcraft.co.uk/survey/ . More than a half of all internet
|
||
sites are running Apache or one of it derivatives. Apache's advantages
|
||
include its modular design, stability and speed. Given the appropriate
|
||
hardware and configuration it can support the highest loads: Yahoo,
|
||
Altavista, GeoCities, and Hotmail are based on customized versions of
|
||
this server.
|
||
</para>
|
||
|
||
<para>
|
||
Optional support for SSL (which enables secure transactions) is also
|
||
available at:
|
||
</para>
|
||
|
||
· http://www.apache-ssl.org/
|
||
· http://raven.covalent.net/
|
||
· http://www.c2.net/
|
||
|
||
Dynamic Web content generation
|
||
|
||
<para>
|
||
Web scripting languages are even more common on Linux than databases
|
||
- basically, every language is available. This includes CGI,
|
||
PHP 3 and 4, Perl, JSP, ASP (via closed source applications from
|
||
Chill!soft and Halycon Software) and ColdFusion.
|
||
</para>
|
||
|
||
<para>
|
||
PHP is an open source scripting language designed to churn out
|
||
dynamically produced Web content ranging from databases to browsers.
|
||
This inludes not only HTML, but also graphics, Macromedia Flash and
|
||
XML-based information. The latest versions of PHP provide impressive
|
||
speed improvements, install easily from packages and can be set up
|
||
quickly. PHP is the most popular Apache module and is used by over
|
||
two million sites, including Amazon.com, US telco giant Sprint,
|
||
Xoom Networks and Lycos. And unlike most other server side scripting
|
||
languages, developers (or those that employ them) can add their own
|
||
functions into the source to improve it. Supported databases include
|
||
those in the Database serving section and most ODBC compliant
|
||
databases. The language itself borrows its structure from Perl and C.
|
||
</para>
|
||
|
||
· http://metalab.unc.edu/mdw/HOWTO/WWW-HOWTO.html
|
||
· http://metalab.unc.edu/mdw/HOWTO/Virtual-Services-HOWTO.html
|
||
· http://metalab.unc.edu/mdw/HOWTO/Intranet-Server-HOWTO.html
|
||
· <ulink url="http://www.linuxlinks.com/Software/Internet/WebServers/">Web servers for Linux</ulink>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="X11">
|
||
|
||
<title>X11</title>
|
||
|
||
<para>
|
||
The X Window System was developed at MIT in the late 1980s, rapidly
|
||
becoming the industry standard windowing system for Unix graphics
|
||
workstations. The software is freely available, very versatile, and is
|
||
suitable for a wide range of hardware platforms. Any X environment
|
||
consists of two distinct parts, the X server and one or more X
|
||
clients. It is important to realise the distinction between the server
|
||
and the client. The server controls the display directly and is
|
||
responsible for all input/output via the keyboard, mouse or display.
|
||
The clients, on the other hand, do not access the screen directly -
|
||
they communicate with the server, which handles all input and output.
|
||
It is the clients which do the "real" computing work - running
|
||
applications or whatever. The clients communicate with the server,
|
||
causing the server to open one or more windows to handle input and
|
||
output for that client.
|
||
</para>
|
||
|
||
<para>
|
||
In short, the X Window System allows a user to log in into a remote
|
||
machine, execute a process (for example, open a web browser) and have
|
||
the output displayed on his own machine. Because the process is
|
||
actually being executed on the remote system, very little CPU power is
|
||
needed in the local one. Indeed, computers exist whose primary purpose
|
||
is to act as pure X servers. Such systems are called X terminals.
|
||
</para>
|
||
|
||
<para>
|
||
A free port of the X Window System exists for Linux and can be found
|
||
at: Xfree <ulink url="http://www.xfree86.org/"/>. It is included in most Linux
|
||
distributions.
|
||
</para>
|
||
|
||
<para>
|
||
For further information regarding X please see:
|
||
</para>
|
||
|
||
X11, LBX, DXPC, NXServer, SSH, MAS
|
||
|
||
Related HOWTOs:
|
||
|
||
· Remote X Apps HOWTO
|
||
· Linux XDMCP HOWTO
|
||
· XDM and X Terminal mini-HOWTO
|
||
· The Linux XFree86 HOWTO
|
||
· ATI R200 + XFree86 4.x mini-HOWTO
|
||
· Second Mouse in X mini-HOWTO
|
||
· Linux Touch Screen HOWTO
|
||
· XFree86 Video Timings HOWTO
|
||
· Linux XFree-to-Xinside mini-HOWTO
|
||
· XFree Local Multi-User HOWTO
|
||
· Using Xinerama to MultiHead XFree86 V. 4.0+
|
||
· Connecting X Terminals to Linux Mini-HOWTO
|
||
· How to change the title of an xterm
|
||
· X Window System Architecture Overview HOWTO
|
||
· The X Window User HOWTO
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="Email">
|
||
|
||
<title>Email</title>
|
||
|
||
<para>
|
||
Alongside the Web, mail is the top reason for the popularity of the Internet. Email is an inexpensive and fast method of time-shifted messaging which, much like the Web, is actually based around sending and receiving plain text files. The protocol used is called the Simple Mail Transfer Protocol (SMTP). The server programs that implement SMTP to move mail from one server to another are called Mail Transfer Agents (MTAs).
|
||
</para>
|
||
|
||
<para>
|
||
In times gone by, users would Telnet into the SMTP server itself and use a command line program like elm or pine to check ther mail. These days, users run email clients like Netscape, Evolution, Kmail or Outlook on their desktop to check their email off a local SMTP server. Additional protocols like POP3 and IMAP4 are used between the SMTP server and desktop mail client to allow clients to manipulate files on, and download from, their local mail server. The programs that implement POP3 and IMAP4 are called Mail Delivery Agents (MDAs). They are generally separate from MTAs.
|
||
</para>
|
||
|
||
* Linux Mail-Queue mini-HOWTO
|
||
|
||
* The Linux Mail User HOWTO
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="Proxy-Caching">
|
||
|
||
8.11. Proxy Server
|
||
|
||
The term proxy means "to do something on behalf of someone else." In
|
||
networking terms, a proxy server computer can act on the behalf of
|
||
several clients. An HTTP proxy is a machine that receives requests for
|
||
web pages from another machine (Machine A). The proxy gets the page
|
||
requested and returns the result to Machine A. The proxy may have a
|
||
cache with the requested pages, so if another machine asks for the
|
||
same page the copy in the cache will be returned instead. This allows
|
||
efficient use of bandwidth resources and less response time. As a side
|
||
effect, as client machines are not directly connected to the outside
|
||
world this is a way of securing the internal network. A well-
|
||
configured proxy can be as effective as a good firewall.
|
||
|
||
Several proxy servers exist for Linux. One popular solution is the
|
||
Apache proxy module. A more complete and robust implementation of an
|
||
HTTP proxy is SQUID.
|
||
· <ulink url="http://www.apache.org">Apache</ulink>
|
||
|
||
· <ulink url="http://squid.nlanr.net/">Squid</ulink>
|
||
|
||
<title>Proxy-Caching</title>
|
||
|
||
<para>
|
||
When a web browser retreives information from the Internet, it stores a copy of that information
|
||
in a cache on the local machine. When a user requests that information in future, the browser will check to seee if the original source has updated; if not, the browser will simply use the cached version rather than fetch the data again. By doing this, there is less information that needs to be downloadded, which makes the connection seem responsive to users and reduces bandwidth costs. But if there are many browsers accessing the Internet through the same connection, it makes better sense to have a single, centralised cache so that once a single machine has requested some information, the next machine to try and download that information can also access it more quickly. This is the theory behind the proxy cache. Squid is by far the most popular cache used on the Web, and can also be used to accelerate Web serving.
|
||
|
||
Although Squid is useful for an ISP, large businesses or even a small office can afford to use Squid to speed up transfers and save money, and it can easily be used to the same effect in a home with a few flatmates sharing a cable or ADSL connection.
|
||
</para>
|
||
|
||
Traffic Control HOWTO
|
||
|
||
ProxyARP Subnetting HOWTO
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="NTP">
|
||
|
||
<title>NTP</title>
|
||
|
||
<para>
|
||
Time synchorinisation is generally considered important in the computing
|
||
environment. There are a number of reasons why this is important: it makes
|
||
sure your scheduled cron tasks on your various servers run well together,
|
||
it allows better use of log files between various machines to help
|
||
troubleshoot problems, and synchronised, correct logs are also useful if
|
||
your servers are ever attacked by crackers (either to report the attempt
|
||
to organisations such as AusCERT or in court to use against the bad guys).
|
||
Users who have overclocked their machine might also use time synchronisation
|
||
techniques to bring the time on their machines back to an accurate figure
|
||
at regular intervals, say every 20 minutes of so. This section contains an
|
||
overview of time keeping under Linux and some information about NTP, a
|
||
protocol which can be used to accurately reset the time across a computer
|
||
network.
|
||
</para>
|
||
|
||
2. How Linux Keeps Track of Time
|
||
|
||
2.1. Basic Strategies
|
||
|
||
<para>
|
||
A Linux system actually has two clocks: One is the battery powered
|
||
"Real Time Clock" (also known as the "RTC", "CMOS clock", or "Hardware
|
||
clock") which keeps track of time when the system is turned off but is
|
||
not used when the system is running. The other is the "system clock"
|
||
(sometimes called the "kernel clock" or "software clock") which is a
|
||
software counter based on the timer interrupt. It does not exist when
|
||
the system is not running, so it has to be initialized from the RTC
|
||
(or some other time source) at boot time. References to "the clock" in
|
||
the ntpd documentation refer to the system clock, not the RTC.
|
||
</para>
|
||
|
||
<para>
|
||
The two clocks will drift at different rates, so they will gradually
|
||
drift apart from each other, and also away from the "real" time. The
|
||
simplest way to keep them on time is to measure their drift rates and
|
||
apply correction factors in software. Since the RTC is only used when
|
||
the system is not running, the correction factor is applied when the
|
||
clock is read at boot time, using clock(8) or hwclock(8). The system
|
||
clock is corrected by adjusting the rate at which the system time is
|
||
advanced with each timer interrupt, using adjtimex(8).
|
||
</para>
|
||
|
||
<para>
|
||
A crude alternative to adjtimex(8) is to have chron run clock(8) or
|
||
hwclock(8) periodically to sync the system time to the (corrected)
|
||
RTC. This was recommended in the clock(8) man page, and it works if
|
||
you do it often enough that you don't cause large "jumps" in the
|
||
system time, but adjtimex(8) is a more elegant solution. Some
|
||
applications may complain if the time jumps backwards.
|
||
</para>
|
||
|
||
<para>
|
||
The next step up in accuracy is to use a program like ntpd to read the
|
||
time periodically from a network time server or radio clock, and
|
||
continuously adjust the rate of the system clock so that the times
|
||
always match, without causing sudden "jumps" in the system time. If
|
||
you always have a network connection at boot time, you can ignore the
|
||
RTC completely and use ntpdate (which comes with the ntpd package) to
|
||
initialize the system clock from a time server-- either a local server
|
||
on a LAN, or a remote server on the internet. But if you sometimes
|
||
don't have a network connection, or if you need the time to be
|
||
accurate during the boot sequence before the network is active, then
|
||
you need to maintain the time in the RTC as well.
|
||
</para>
|
||
|
||
2.2. Potential Conflicts
|
||
|
||
<para>
|
||
It might seem obvious that if you're using a program like ntpd, you
|
||
would want to sync the RTC to the (corrected) system clock. But this
|
||
turns out to be a bad idea if the system is going to stay shut down
|
||
longer than a few minutes, because it interferes with the programs
|
||
that apply the correction factor to the RTC at boot time.
|
||
</para>
|
||
|
||
<para>
|
||
If the system runs 24/7 and is always rebooted immediately whenever
|
||
it's shut down, then you can just set the RTC from the system clock
|
||
right before you reboot. The RTC won't drift enough to make a
|
||
difference in the time it takes to reboot, so you don't need to know
|
||
its drift rate.
|
||
</para>
|
||
|
||
<para>
|
||
Of course the system may go down unexpectedly, so some versions of the
|
||
kernel sync the RTC to the system clock every 11 minutes if the system
|
||
clock has been adjusted by another program. The RTC won't drift enough
|
||
in 11 minutes to make any difference, but if the system is down long
|
||
enough for the RTC to drift significantly, then you have a problem:
|
||
the programs that apply the drift correction to the RTC need to know
|
||
*exactly* when it was last reset, and the kernel doesn't record that
|
||
information anywhere.
|
||
</para>
|
||
|
||
<para>
|
||
Some unix "traditionalists" might wonder why anyone would run a linux
|
||
system less than 24/7, but some of us run dual-boot systems with
|
||
another OS running some of the time, or run Linux on laptops that have
|
||
to be shut down to conserve battery power when they're not being used.
|
||
Other people just don't like to leave machines running unattended for
|
||
long periods of time (even though we've heard all the arguments in
|
||
favor of it). So the "every 11 minutes" feature becomes a bug.
|
||
</para>
|
||
|
||
<para>
|
||
This "feature/bug" appears to behave differently in different versions
|
||
of the kernel (and possibly in different versions of xntpd and ntpd as
|
||
well), so if you're running both ntpd and hwclock you may need to test
|
||
your system to see what it actually does. If you can't keep the kernel
|
||
from resetting the RTC, you might have to run without a correction
|
||
factor on the RTC.
|
||
</para>
|
||
|
||
<para>
|
||
The part of the kernel that controls this can be found in
|
||
/usr/src/linux-2.0.34/arch/i386/kernel/time.c (where the version
|
||
number in the path will be the version of the kernel you're running).
|
||
If the variable time_status is set to TIME_OK then the kernel will
|
||
write the system time to the RTC every 11 minutes, otherwise it leaves
|
||
the RTC alone. Calls to adjtimex(2) (as used by ntpd and timed, for
|
||
example) may turn this on. Calls to settimeofday(2) will set
|
||
time_status to TIME_UNSYNC, which tells the kernel not to adjust the
|
||
RTC. I have not found any real documentation on this.
|
||
</para>
|
||
|
||
<para>
|
||
I've heard reports that some versions of the kernel may have problems
|
||
with "sleep modes" that shut down the CPU to save energy. The best
|
||
solution is to keep your kernel up to date, and refer any problems to
|
||
the people who maintain the kernel.
|
||
</para>
|
||
|
||
<para>
|
||
If you get bizarre results from the RTC you may have a hardware
|
||
problem. Some RTC chips include a lithium battery that can run down,
|
||
and some motherboards have an option for an external battery (be sure
|
||
the jumper is set correctly). The same battery maintains the CMOS RAM,
|
||
but the clock takes more power and is likely to fail first. Bizarre
|
||
results from the system clock may mean there is a problem with
|
||
interrupts.
|
||
</para>
|
||
|
||
2.3. Should the RTC use Local Time or UTC, and What About DST?
|
||
|
||
<para>
|
||
The Linux "system clock" actually just counts the number of seconds
|
||
past Jan 1, 1970, and is always in UTC (or GMT, which is technically
|
||
different but close enough that casual users tend to use both terms
|
||
interchangeably). UTC does not change as DST comes and goes-- what
|
||
changes is the conversion between UTC and local time. The translation
|
||
to local time is done by library functions that are linked into the
|
||
application programs.
|
||
</para>
|
||
|
||
<para>
|
||
This has two consequences: First, any application that needs to know
|
||
the local time also needs to know what time zone you're in, and
|
||
whether DST is in effect or not (see the next section for more on time
|
||
zones). Second, there is no provision in the kernel to change either
|
||
the system clock or the RTC as DST comes and goes, because UTC doesn't
|
||
change. Therefore, machines that only run Linux should have the RTC
|
||
set to UTC, not local time.
|
||
</para>
|
||
|
||
<para>
|
||
However, many people run dual-boot systems with other OS's that expect
|
||
the RTC to contain the local time, so hwclock needs to know whether
|
||
your RTC is in local time or UTC, which it then converts to seconds
|
||
past Jan 1, 1970 (UTC). This still does not provide for seasonal
|
||
changes to the RTC, so the change must be made by the other OS (this
|
||
is the one exception to the rule against letting more than one program
|
||
change the time in the RTC).
|
||
</para>
|
||
|
||
<para>
|
||
Unfortunately, there are no flags in the RTC or the CMOS RAM to
|
||
indicate standard time vs DST, so each OS stores this information
|
||
someplace where the other OS's can't find it. This means that hwclock
|
||
must assume that the RTC always contains the correct local time, even
|
||
if the other OS has not been run since the most recent seasonal time
|
||
change.
|
||
</para>
|
||
|
||
<para>
|
||
If Linux is running when the seasonal time change occurs, the system
|
||
clock is unaffected and applications will make the correct conversion.
|
||
But if linux has to be rebooted for any reason, the system clock will
|
||
be set to the time in the RTC, which will be off by one hour until the
|
||
other OS (usually Windows) has a chance to run.
|
||
</para>
|
||
|
||
<para>
|
||
There is no way around this, but Linux doesn't crash very often, so
|
||
the most likely reason to reboot on a dual-boot system is to run the
|
||
other OS anyway. But beware if you're one of those people who shuts
|
||
down Linux whenever you won't be using it for a while-- if you haven't
|
||
had a chance to run the other OS since the last time change, the RTC
|
||
will be off by an hour until you do.
|
||
</para>
|
||
|
||
<para>
|
||
Some other documents have stated that setting the RTC to UTC allows
|
||
Linux to take care of DST properly. This is not really wrong, but it
|
||
doesn't tell the whole story-- as long as you don't reboot, it does
|
||
not matter which time is in the RTC (or even if the RTC's battery
|
||
dies). Linux will maintain the correct time either way, until the next
|
||
reboot. In theory, if you only reboot once a year (which is not
|
||
unreasonable for Linux), DST could come and go and you'd never notice
|
||
that the RTC had been wrong for several months, because the system
|
||
clock would have stayed correct all along. But since you can't predict
|
||
when you'll want to reboot, it's better to have the RTC set to UTC if
|
||
you're not running another OS that requires local time.
|
||
</para>
|
||
|
||
<para>
|
||
The Dallas Semiconductor RTC chip (which is a drop-in replacement for
|
||
the Motorola chip used in the IBM AT and clones) actually has the
|
||
ability to do the DST conversion by itself, but this feature is not
|
||
used because the changeover dates are hard-wired into the chip and
|
||
can't be changed. Current versions change on the first Sunday in April
|
||
and the last Sunday in October, but earlier versions used different
|
||
dates (and obviously this doesn't work in countries that use other
|
||
dates). Also, the RTC is often integrated into the motherboard's
|
||
"chipset" (rather than being a separate chip) and I don't know if they
|
||
all have this ability.
|
||
</para>
|
||
|
||
2.4. How Linux keeps Track of Time Zones
|
||
|
||
<para>
|
||
You probably set your time zone correctly when you installed Linux.
|
||
But if you have to change it for some reason, or if the local laws
|
||
regarding DST have changed (as they do frequently in some countries),
|
||
then you'll need to know how to change it. If your system time is off
|
||
by some exact number of hours, you may have a time zone problem (or a
|
||
DST problem).
|
||
</para>
|
||
|
||
<para>
|
||
Time zone and DST information is stored in /usr/share/zoneinfo (or
|
||
/usr/lib/zoneinfo on older systems). The local time zone is
|
||
determined by a symbolic link from /etc/localtime to one of these
|
||
files. The way to change your timezone is to change the link. If
|
||
your local DST dates have changed, you'll have to edit the file.
|
||
</para>
|
||
|
||
<para>
|
||
You can also use the TZ environment variable to change the current
|
||
time zone, which is handy of you're logged in remotely to a machine in
|
||
another time zone. Also see the man pages for tzset and tzfile.
|
||
This is nicely summarized at
|
||
<ulink url="http://www.linuxsa.org.au/tips/time.html"/>
|
||
</para>
|
||
|
||
2.5. The Bottom Line
|
||
|
||
<para>
|
||
If you don't need sub-second accuracy, hwclock(8) and adjtimex(8) may
|
||
be all you need. It's easy to get enthused about time servers and
|
||
radio clocks and so on, but I ran the old clock(8) program for years
|
||
with excellent results. On the other hand, if you have several
|
||
machines on a LAN it can be handy (and sometimes essential) to have
|
||
them automatically sync their clocks to each other. And the other
|
||
stuff can be fun to play with even if you don't really need it.
|
||
</para>
|
||
|
||
<para>
|
||
On machines that only run Linux, set the RTC to UTC (or GMT). On
|
||
dual-boot systems that require local time in the RTC, be aware that if
|
||
you have to reboot Linux after the seasonal time change, the clock may
|
||
be temporarily off by one hour, until you have a chance to run the
|
||
other OS. If you run more than two OS's, be sure only one of them is
|
||
trying to adjust for DST.
|
||
</para>
|
||
|
||
<para>
|
||
NTP is a standard method of synchronising time on a client from a remote
|
||
server across the network. NTP clients are typically installed on servers.
|
||
NTP is a standard method of synchronising time across a network of
|
||
computers. NTP clients are typically installed on servers.
|
||
Most business class ISPs provide NTP servers. Otherwise, there are a
|
||
number of free NTP servers in Australia:
|
||
</para>
|
||
|
||
<para>
|
||
The Univeristy of Melbourne ntp.cs.mu.oz.au
|
||
University of Adelaide ntp.saard.net
|
||
CSIRO Marine Labs, Tasmania ntp.ml.csiro.au
|
||
CSIRO National Measurements Laboratory, Sydney ntp.syd.dms.csiro.au
|
||
</para>
|
||
|
||
<para>
|
||
Xntpd (NTPv3) has been replaced by ntpd (NTPv4); the earlier version
|
||
is no longer being maintained.
|
||
</para>
|
||
|
||
<para>
|
||
Ntpd is the standard program for synchronizing clocks across a
|
||
network, and it comes with a list of public time servers you can
|
||
connect to. It can be a little more complicated to set up, but if
|
||
you're interested in this kind of thing I highly recommend that you
|
||
take a look at it.
|
||
</para>
|
||
|
||
<para>
|
||
The "home base" for information on ntpd is the NTP website at
|
||
<ulink url="http://www.eecis.udel.edu/~ntp/"/> which also includes links to all
|
||
kinds of interesting time-related stuff (including software for other
|
||
OS's). Some linux distributions include ntpd on the CD. There is a
|
||
list of public time servers at
|
||
<ulink url="http://www.eecis.udel.edu/~mills/ntp/clock2.html"/>.
|
||
</para>
|
||
|
||
<para>
|
||
A relatively new feature in ntpd is a "burst mode" which is designed
|
||
for machines that have only intermittent dial-up access to the
|
||
internet.
|
||
</para>
|
||
|
||
<para>
|
||
Ntpd includes drivers for quite a few radio clocks (although some
|
||
appear to be better supported than others). Most radio clocks are
|
||
designed for commercial use and cost thousands of dollars, but there
|
||
are some cheaper alternatives (discussed in later sections). In the
|
||
past most were WWV or WWVB receivers, but now most of them seem to be
|
||
GPS receivers. NIST has a PDF file that lists manufacturers of radio
|
||
clocks on their website at
|
||
<ulink url="http://www.boulder.nist.gov/timefreq/links.htm"/> (near the bottom of
|
||
the page). The NTP website also includes many links to manufacturers
|
||
of radio clocks at <ulink url="http://www.eecis.udel.edu/~ntp/hardware.htm"/> and
|
||
<ulink url="http://www.eecis.udel.edu/~mills/ntp/refclock.htm"/>. Either list may
|
||
or may not be up to date at any given time :-). The list of drivers
|
||
for ntpd is at
|
||
<ulink url="http://www.eecis.udel.edu/~ntp/ntp_spool/html/refclock.htm"/>.
|
||
</para>
|
||
|
||
<para>
|
||
Ntpd also includes drivers for several dial-up time services. These
|
||
are all long-distance (toll) calls, so be sure to calculate the effect
|
||
on your phone bill before using them.
|
||
</para>
|
||
|
||
3.4. Chrony
|
||
|
||
<para>
|
||
Xntpd was originally written for machines that have a full-time
|
||
connection to a network time server or radio clock. In theory it can
|
||
also be used with machines that are only connected intermittently, but
|
||
Richard Curnow couldn't get it to work the way he wanted it to, so he
|
||
wrote "chrony" as an alternative for those of us who only have network
|
||
access when we're dialed in to an ISP (this is the same problem that
|
||
ntpd's new "burst mode" was designed to solve). The current version
|
||
of chrony includes drift correction for the RTC, for machines that are
|
||
turned off for long periods of time.
|
||
</para>
|
||
|
||
<para>
|
||
You can get more information from Richard Curnow's website at
|
||
<ulink url="http://www.rrbcurnow.freeuk.com/chrony"/> or <ulink url="http://go.to/chrony"/>.
|
||
There are also two chrony mailing lists, one for announcements and one
|
||
for discussion by users. For information send email to chrony-users-
|
||
subscribe@egroups.com or chrony-announce-subscribe@egroups.com
|
||
</para>
|
||
|
||
<para>
|
||
Chrony is normally distributed as source code only, but Debian has
|
||
been including a binary in their "unstable" collection. The source
|
||
file is also available at the usual Linux archive sites.
|
||
</para>
|
||
|
||
3.5. Clockspeed
|
||
|
||
<para>
|
||
Another option is the clockspeed program by DJ Bernstein. It gets the
|
||
time from a network time server and simply resets the system clock
|
||
every three seconds. It can also be used to synchronize several
|
||
machines on a LAN.
|
||
</para>
|
||
|
||
<para>
|
||
I've sometimes had trouble reaching his website at
|
||
<ulink url="http://Cr.yp.to/clockspeed.html"/>, so if you get a DNS error try again
|
||
on another day. I'll try to update this section if I get some better
|
||
information.
|
||
</para>
|
||
|
||
<para>
|
||
Note
|
||
You must be logged in as "root" to run any program that affects
|
||
the RTC or the system time, which includes most of the programs
|
||
described here. If you normally use a graphical interface for
|
||
everything, you may also need to learn some basic unix shell
|
||
commands.
|
||
</para>
|
||
|
||
<para>
|
||
Note
|
||
If you run more than one OS on your machine, you should only let
|
||
one of them set the RTC, so they don't confuse each other. The
|
||
exception is the twice-a-year adjustment for Daylight Saving(s)
|
||
Time.
|
||
</para>
|
||
|
||
<para>
|
||
If you run a dual-boot system that spends a lot of time running
|
||
Windows, you may want to check out some of the clock software
|
||
available for that OS instead. Follow the links on the NTP website at
|
||
<ulink url="http://www.eecis.udel.edu/~ntp/software.html"/>.
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="Traffic-Control">
|
||
|
||
8.6. Traffic Shaping
|
||
|
||
The traffic shaper is a virtual network device that makes it possible
|
||
to limit the rate of outgoing data flow over another network device.
|
||
This is especially useful in scenarios such as ISPs, where it is
|
||
desirable to control and enforce policies regarding how much bandwidth
|
||
is used by each client. Another alternative (for web services only)
|
||
may be certain Apache modules which restrict the number of IP
|
||
connections by client or the bandwidth used.
|
||
|
||
<title>Traffic-Control</title>
|
||
|
||
<para>
|
||
Traffic control encompasses the sets of mechanisms and operations by which
|
||
packets are queued for transmission/reception on a network interface. The
|
||
operations include enqueuing, policing, classifying, scheduling, shaping and
|
||
dropping. This HOWTO provides an introduction and overview of the
|
||
capabilities and implementation of traffic control under Linux.
|
||
</para>
|
||
|
||
* the linux DiffServ project
|
||
|
||
* HTB site (Martin "devik" Devera)
|
||
|
||
* Traffic Control Next Generation (tcng)
|
||
|
||
TCNG manual (Werner Almesberger)
|
||
|
||
* iproute2 (Alexey Kuznetsov)
|
||
|
||
iproute2 manual (Alexey Kuznetsov)
|
||
|
||
* Research and documentation on traffic control under linux (Stef Coene)
|
||
|
||
* LARTC HOWTO (bert hubert, et. al.)
|
||
|
||
* guide to IP networking with linux (Martin A. Brown)
|
||
|
||
* <ulink url="http://metalab.unc.edu/mdw/HOWTO/NET3-4-HOWTO-6.html#ss6.15"/>
|
||
|
||
* Traffic Control HOWTO
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="Load-Balancing">
|
||
|
||
<title>Load-Balancing</title>
|
||
|
||
<para>
|
||
Demand for load balancing usually arises in database/web access when
|
||
many clients make simultaneous requests to a server. It would be
|
||
desirable to have multiple identical servers and redirect requests to
|
||
the less loaded server. This can be achieved through Network Address
|
||
Translation techniques (NAT) of which IP masquerading is a subset.
|
||
Network administrators can replace a single server providing Web
|
||
services - or any other application - with a logical pool of servers
|
||
sharing a common IP address. Incoming connections are directed to a
|
||
particular server using one load-balancing algorithm. The virtual
|
||
server rewrites incoming and outgoing packets to give clients the
|
||
appearance that only one server exists.
|
||
</para>
|
||
|
||
<para>
|
||
Linux IP-NAT information may be found here <ulink url="http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html"/>
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="Bandwidth-Limiting">
|
||
|
||
<title>Bandwidth-Limiting</title>
|
||
|
||
<para>
|
||
This section describes how to set up your Linux server to limit download
|
||
bandwidth or incoming traffic and how to use your internet link more
|
||
efficiently. It is meant to provide an easy solution for limiting
|
||
incoming traffic, thus preventing our LAN users from consuming all the
|
||
bandwidth of our internet link. This is useful when our internet link
|
||
is slow or our LAN users download tons of mp3s and the newest Linux
|
||
distro's *.iso files.
|
||
</para>
|
||
|
||
* Bandwidth Limiting HOWTO
|
||
|
||
6. Miscellaneous
|
||
|
||
6.1. Useful resources
|
||
|
||
Squid Web Proxy Cache
|
||
[http://www.squid-cache.org] http://www.squid-cache.org
|
||
|
||
Squid 2.4 Stable 1 Configuration manual
|
||
[http://www.visolve.com/squidman/Configuration%20Guide.html] http://
|
||
www.visolve.com/squidman/Configuration%20Guide.html
|
||
[http://www.visolve.com/squidman/Delaypool%20parameters.htm] http://
|
||
www.visolve.com/squidman/Delaypool%20parameters.htm
|
||
|
||
Squid FAQ
|
||
[http://www.squid-cache.org/Doc/FAQ/FAQ-19.html#ss19.8] http://
|
||
www.squid-cache.org/Doc/FAQ/FAQ-19.html#ss19.8
|
||
|
||
cbq-init script
|
||
[ftp://ftp.equinox.gu.net/pub/linux/cbq/] ftp://ftp.equinox.gu.net/pub/linux/
|
||
cbq/
|
||
|
||
Linux 2.4 Advanced Routing HOWTO
|
||
[http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html] http://
|
||
www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html
|
||
|
||
Traffic control (in Polish)
|
||
[http://ceti.pl/~kravietz/cbq/] http://ceti.pl/~kravietz/cbq/
|
||
|
||
Securing and Optimizing Linux Red Hat Edition - A Hands on Guide
|
||
[http://www.linuxdoc.org/guides.html] http://www.linuxdoc.org/guides.html
|
||
|
||
IPTraf
|
||
[http://cebu.mozcom.com/riker/iptraf/] http://cebu.mozcom.com/riker/iptraf/
|
||
|
||
IPCHAINS
|
||
[http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html] http://www.linuxdoc.org/
|
||
HOWTO/IPCHAINS-HOWTO.html
|
||
|
||
Nylon socks proxy server
|
||
[http://mesh.eecs.umich.edu/projects/nylon/] http://mesh.eecs.umich.edu/
|
||
projects/nylon/
|
||
|
||
Indonesian translation of this HOWTO by Rahmat Rafiudin mjl_id@yahoo.com
|
||
[http://raf.unisba.ac.id/resources/BandwidthLimitingHOWTO/index.html] http://
|
||
raf.unisba.ac.id/resources/BandwidthLimitingHOWTO/index.html
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="IP-Accounting">
|
||
|
||
<title>IP-Accounting</title>
|
||
|
||
<para>
|
||
This option of the Linux kernel keeps track of IP network traffic,
|
||
performs packet logging and produces some statistics. A series of
|
||
rules may be defined so when a packet matches a given pattern, some
|
||
action is performed: a counter is increased, it is accepted/rejected,
|
||
etc.
|
||
</para>
|
||
|
||
<para>
|
||
6.3. IP Accounting (for Linux-2.0)
|
||
The IP accounting features of the Linux kernel allow you to collect
|
||
and analyze some network usage data. The data collected comprises the
|
||
number of packets and the number of bytes accumulated since the
|
||
figures were last reset. You may specify a variety of rules to
|
||
categorize the figures to suit whatever purpose you may have. This
|
||
option has been removed in kernel 2.1.102, because the old ipfwadm-
|
||
based firewalling was replaced by ``ipfwchains''.
|
||
</para>
|
||
|
||
<para>
|
||
<screen>
|
||
Kernel Compile Options:
|
||
|
||
Networking options --->
|
||
[*] IP: accounting
|
||
</screen>
|
||
</para>
|
||
|
||
<para>
|
||
After you have compiled and installed the kernel you need to use the
|
||
ipfwadm command to configure IP accounting. There are many different
|
||
ways of breaking down the accounting information that you might
|
||
choose. I've picked a simple example of what might be useful to use,
|
||
you should read the ipfwadm man page for more information.
|
||
Scenario: You have a ethernet network that is linked to the internet
|
||
via a PPP link. On the ethernet you have a machine that offers a
|
||
number of services and that you are interested in knowing how much
|
||
traffic is generated by each of ftp and world wide web traffic, as
|
||
well as total tcp and udp traffic.
|
||
</para>
|
||
|
||
<para>
|
||
You might use a command set that looks like the following, which is
|
||
shown as a shell script:
|
||
</para>
|
||
|
||
<para>
|
||
<screen>
|
||
#!/bin/sh
|
||
#
|
||
# Flush the accounting rules
|
||
ipfwadm -A -f
|
||
#
|
||
# Set shortcuts
|
||
localnet=44.136.8.96/29
|
||
any=0/0
|
||
# Add rules for local ethernet segment
|
||
ipfwadm -A in -a -P tcp -D $localnet ftp-data
|
||
ipfwadm -A out -a -P tcp -S $localnet ftp-data
|
||
ipfwadm -A in -a -P tcp -D $localnet www
|
||
ipfwadm -A out -a -P tcp -S $localnet www
|
||
ipfwadm -A in -a -P tcp -D $localnet
|
||
ipfwadm -A out -a -P tcp -S $localnet
|
||
ipfwadm -A in -a -P udp -D $localnet
|
||
ipfwadm -A out -a -P udp -S $localnet
|
||
#
|
||
# Rules for default
|
||
ipfwadm -A in -a -P tcp -D $any ftp-data
|
||
ipfwadm -A out -a -P tcp -S $any ftp-data
|
||
ipfwadm -A in -a -P tcp -D $any www
|
||
ipfwadm -A out -a -P tcp -S $any www
|
||
ipfwadm -A in -a -P tcp -D $any
|
||
ipfwadm -A out -a -P tcp -S $any
|
||
ipfwadm -A in -a -P udp -D $any
|
||
ipfwadm -A out -a -P udp -S $any
|
||
#
|
||
# List the rules
|
||
ipfwadm -A -l -n
|
||
#
|
||
</screen>
|
||
</para>
|
||
|
||
<para>
|
||
The names ``ftp-data'' and ``www'' refer to lines in /etc/services.
|
||
The last command lists each of the Accounting rules and displays the
|
||
collected totals.
|
||
</para>
|
||
|
||
<para>
|
||
An important point to note when analyzing IP accounting is that totals
|
||
for all rules that match will be incremented so that to obtain
|
||
differential figures you need to perform appropriate maths. For
|
||
example if I wanted to know how much data was not ftp nor www I would
|
||
substract the individual totals from the rule that matches all ports.
|
||
</para>
|
||
|
||
<para>
|
||
<screen>
|
||
root# ipfwadm -A -l -n
|
||
IP accounting rules
|
||
pkts bytes dir prot source destination ports
|
||
0 0 in tcp 0.0.0.0/0 44.136.8.96/29 * -> 20
|
||
0 0 out tcp 44.136.8.96/29 0.0.0.0/0 20 -> *
|
||
10 1166 in tcp 0.0.0.0/0 44.136.8.96/29 * -> 80
|
||
10 572 out tcp 44.136.8.96/29 0.0.0.0/0 80 -> *
|
||
252 10943 in tcp 0.0.0.0/0 44.136.8.96/29 * -> *
|
||
231 18831 out tcp 44.136.8.96/29 0.0.0.0/0 * -> *
|
||
0 0 in udp 0.0.0.0/0 44.136.8.96/29 * -> *
|
||
0 0 out udp 44.136.8.96/29 0.0.0.0/0 * -> *
|
||
0 0 in tcp 0.0.0.0/0 0.0.0.0/0 * -> 20
|
||
0 0 out tcp 0.0.0.0/0 0.0.0.0/0 20 -> *
|
||
10 1166 in tcp 0.0.0.0/0 0.0.0.0/0 * -> 80
|
||
10 572 out tcp 0.0.0.0/0 0.0.0.0/0 80 -> *
|
||
253 10983 in tcp 0.0.0.0/0 0.0.0.0/0 * -> *
|
||
231 18831 out tcp 0.0.0.0/0 0.0.0.0/0 * -> *
|
||
0 0 in udp 0.0.0.0/0 0.0.0.0/0 * -> *
|
||
0 0 out udp 0.0.0.0/0 0.0.0.0/0 * -> *
|
||
</screen>
|
||
</para>
|
||
|
||
<para>
|
||
6.4. IP Accounting (for Linux-2.2)
|
||
|
||
The new accounting code is accessed via ``IP Firewall Chains''. See
|
||
the IP chains home page for more information. Among other things,
|
||
you'll now need to use ipchains instead of ipfwadm to configure your
|
||
filters. (From Documentation/Changes in the latest kernel sources).
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="IP-Aliasing">
|
||
|
||
<title>IP-Aliasing</title>
|
||
|
||
<para>
|
||
This is a cookbook recipe on how to set up and run IP aliasing on a Linux box
|
||
and how to set up the machine to receive e-mail on the aliased IP addresses.
|
||
</para>
|
||
|
||
<para>
|
||
This feature of the Linux kernel provides the possibility of setting
|
||
multiple network addresses on the same low-level network device driver
|
||
(e.g two IP addresses in one Ethernet card). It is typically used for
|
||
services that act differently based on the address they listen on
|
||
(e.g. "multihosting" or "virtual domains" or "virtual hosting
|
||
services".
|
||
</para>
|
||
|
||
<para>
|
||
There are some applications where being able to configure multiple IP
|
||
addresses to a single network device is useful. Internet Service
|
||
Providers often use this facility to provide a `customized' to their
|
||
World Wide Web and ftp offerings for their customers. You can refer to
|
||
the ``IP-Alias mini-HOWTO'' for more information than you find here.
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="Multicasting">
|
||
|
||
<title>Multicasting</title>
|
||
|
||
<para>
|
||
* Multicast HOWTO
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="Network-Management">
|
||
|
||
<title>Network-Management</title>
|
||
|
||
<para>
|
||
There is an impressive number of tools focused on network management
|
||
and remote administration under Linux. Some interesting remote administration
|
||
projects are linuxconf and webmin:
|
||
</para>
|
||
|
||
<para>
|
||
· <ulink url="http://www.webmin.com/webmin/">Webmin</ulink>
|
||
· <ulink url="http://www.solucorp.qc.ca/linuxconf/">Linuxconf</ulink>
|
||
</para>
|
||
|
||
<para>
|
||
Other tools include network traffic analysis tools, network security
|
||
tools, monitoring tools, configuration tools, etc. An archive of many
|
||
of these tools may be found at Metalab
|
||
<ulink url="http://www.metalab.unc.edu/pub/Linux/system/network/"/>
|
||
</para>
|
||
|
||
9.2. SNMP
|
||
|
||
<para>
|
||
The Simple Network Management Protocol is a protocol for Internet
|
||
network management services. It allows for remote monitoring and
|
||
configuration of routers, bridges, network cards, switches, etc...
|
||
There is a large amount of libraries, clients, daemons and SNMP based
|
||
monitoring programs available for Linux. A good page dealing with SNMP
|
||
and Linux software may be found at : http://linas.org/linux/NMS.html
|
||
</para>
|
||
|
||
10. Enterprise Linux Networking
|
||
|
||
<para>
|
||
In certain situations it is necessary for the networking
|
||
infrastructure to have proper mechanisms to guarantee network
|
||
availability nearly 100% of the time. Some related techniques are
|
||
described in the following sections. Most of the following material
|
||
can be found at the excellent Linas website:
|
||
http://linas.org/linux/index.html and in the
|
||
<ulink url="http://metalab.unc.edu/pub/Linux/ALPHA/linux-ha/High-Availability-HOWTO.html">Linux High-Availability
|
||
HOWTO</ulink>
|
||
|
||
</para>
|
||
|
||
10.1. High Availability
|
||
|
||
<para>
|
||
Redundancy is used to prevent the overall IT system from having single
|
||
points of failure. A server with only one network card or a single
|
||
SCSI disk has two single points of failure. The objective is to mask
|
||
unplanned outages from users in a manner that lets users continue to
|
||
work quickly. High availability software is a set of scripts and tools
|
||
that automatically monitor and detect failures, taking the appropriate
|
||
steps to restore normal operation and to notifying system
|
||
administrators.
|
||
</para>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="Redundant-Networking">
|
||
|
||
<title>Redundant-Networking</title>
|
||
|
||
<para>
|
||
IP Address Takeover (IPAT). When a network adapter card fails, its IP
|
||
address should be taken by a working network card in the same node or
|
||
in another node. MAC Address Takeover: when an IP takeover occurs, it
|
||
should be made sure that all the nodes in the network update their ARP
|
||
caches (the mapping between IP and MAC addresses).
|
||
</para>
|
||
|
||
<para>
|
||
See the High-Availability HOWTO for more details:
|
||
http://metalab.unc.edu/pub/Linux/ALPHA/linux-ha/High-Availability-
|
||
HOWTO.html
|
||
</para>
|
||
|
||
</sect1>
|