1234 lines
44 KiB
Plaintext
1234 lines
44 KiB
Plaintext
|
The Linux Networking Overview HOWTO
|
|||
|
Daniel Lopez Ridruejo, ridruejo@rawbyte.com
|
|||
|
v0.32, 8 July 2000
|
|||
|
|
|||
|
The purpose of this document is to give an overview of the networking
|
|||
|
capabilities of the Linux Operating System and to provide pointers for
|
|||
|
further information and implementation details.
|
|||
|
______________________________________________________________________
|
|||
|
|
|||
|
Table of Contents
|
|||
|
|
|||
|
|
|||
|
|
|||
|
1. Introduction
|
|||
|
2. Linux.
|
|||
|
2.1 What is Linux?
|
|||
|
2.2 What makes Linux different?
|
|||
|
|
|||
|
3. Networking protocols
|
|||
|
3.1 TCP/IP
|
|||
|
3.2 TCP/IP version 6
|
|||
|
3.3 IPX/SPX
|
|||
|
3.4 AppleTalk Protocol Suite
|
|||
|
3.5 WAN Networking: X.25, Frame-relay, etc...
|
|||
|
3.6 ISDN
|
|||
|
3.7 PPP, SLIP, PLIP
|
|||
|
3.8 Amateur Radio
|
|||
|
3.9 ATM
|
|||
|
|
|||
|
4. Networking hardware supported
|
|||
|
5. File Sharing and Printing
|
|||
|
5.1 Apple environment
|
|||
|
5.2 Windows Environment
|
|||
|
5.3 Novell Environment
|
|||
|
5.4 Unix Environment
|
|||
|
|
|||
|
6. Internet/Intranet
|
|||
|
6.1 Mail
|
|||
|
6.1.1 Mail servers
|
|||
|
6.1.2 Remote access to mail
|
|||
|
6.1.3 Mail User Agents
|
|||
|
6.1.4 Mailing list software
|
|||
|
6.1.5 Fetchmail
|
|||
|
6.2 Web Servers
|
|||
|
6.3 Web Browsers
|
|||
|
6.4 FTP Servers and clients
|
|||
|
6.5 News service
|
|||
|
6.6 Domain Name System
|
|||
|
6.7 DHCP, bootp
|
|||
|
6.8 NIS
|
|||
|
6.9 Authentication
|
|||
|
|
|||
|
7. Remote execution of applications
|
|||
|
7.1 Telnet
|
|||
|
7.2 Remote commands
|
|||
|
7.3 The X Window System
|
|||
|
7.4 VNC
|
|||
|
|
|||
|
8. Network Interconnection
|
|||
|
8.1 Router
|
|||
|
8.2 Bridge
|
|||
|
8.3 IP Masquerade
|
|||
|
8.4 IP Accounting
|
|||
|
8.5 IP aliasing
|
|||
|
8.6 Traffic Shaping
|
|||
|
8.7 Firewall
|
|||
|
8.8 Port forwarding
|
|||
|
8.9 Load Balancing
|
|||
|
8.10 EQL
|
|||
|
8.11 Proxy Server
|
|||
|
8.12 Diald on demand
|
|||
|
8.13 Tunnelling, mobile IP and virtual private networks
|
|||
|
|
|||
|
9. Network Management
|
|||
|
9.1 Network management applications
|
|||
|
9.2 SNMP
|
|||
|
|
|||
|
10. Enterprise Linux Networking
|
|||
|
10.1 High Availability
|
|||
|
10.2 RAID
|
|||
|
10.3 Redundant networking
|
|||
|
|
|||
|
11. Sources of Information
|
|||
|
12. Document history
|
|||
|
13. Acknowledgements and disclaimer
|
|||
|
|
|||
|
|
|||
|
______________________________________________________________________
|
|||
|
|
|||
|
1. Introduction
|
|||
|
|
|||
|
|
|||
|
The purpose of this document is to give an overview of the networking
|
|||
|
capabilities of the Linux operating system. Although one of the
|
|||
|
strengths of Linux is that plenty of information exists for nearly
|
|||
|
every component of it, most of this information is focused on
|
|||
|
implementation. New Linux users, particularly those coming from a
|
|||
|
Windows environment, are often unaware of the networking possibilities
|
|||
|
of Linux. This document aims to show a general picture of such
|
|||
|
possibilities with a brief description of each one and pointers for
|
|||
|
further information. The information has been gathered from many
|
|||
|
sources: HOWTOs, faqs, projects' web pages and my own hands-on
|
|||
|
experience. Full credit is given to the authors of these other
|
|||
|
sources. Without them and their programs this document would have not
|
|||
|
been possible or necessary.
|
|||
|
|
|||
|
|
|||
|
2. Linux.
|
|||
|
|
|||
|
|
|||
|
2.1. What is Linux?
|
|||
|
|
|||
|
The primary author of Linux is Linus Torvalds. Since his original
|
|||
|
versions, it has been improved by countless numbers of people. It is a
|
|||
|
clone, written entirely from scratch, of the Unix operating system.
|
|||
|
One of the more interesting facts about Linux is that its development
|
|||
|
occurs simultaneously around the world.
|
|||
|
|
|||
|
Linux has been copyrighted under the terms of the GNU General Public
|
|||
|
License (GPL). This is a license written by the Free Software
|
|||
|
Foundation (FSF) that is designed to prevent people from restricting
|
|||
|
the distribution of software. In brief, it says that although money
|
|||
|
can be charged for a copy, the person who received the copy can not be
|
|||
|
prevented from giving it away for free. It also means that the source
|
|||
|
code must be available. This is useful for programmers. Anybody can
|
|||
|
modify Linux and even distribute his/her modifications, provided that
|
|||
|
they keep the code under the same copyright.
|
|||
|
|
|||
|
|
|||
|
2.2. What makes Linux different?
|
|||
|
|
|||
|
Why work on Linux? Linux is generally cheaper (or at least no more
|
|||
|
expensive) than other operating systems and is frequently less
|
|||
|
problematic than many commercial systems. But what makes Linux
|
|||
|
different is not its price (after all, why would anyone want an OS -
|
|||
|
even a free one - if it is not good enough?) but its outstanding
|
|||
|
capabilities:
|
|||
|
|
|||
|
|
|||
|
<20> Linux is a true 32-bit multitasking operating system, robust and
|
|||
|
capable enough to be used in organizations ranging from
|
|||
|
universities to large corporations.
|
|||
|
|
|||
|
<20> It runs on hardware ranging from low-end 386 boxes to massive
|
|||
|
ultra-parallel machines in research centres.
|
|||
|
<20> Out-of-the-box versions are available for Intel, Sparc, and Alpha
|
|||
|
architectures, and experimental support exists for Power PC and
|
|||
|
embedded systems, among others such as SGI, Ultra Sparc, AP1000+,
|
|||
|
Strong ARM, and MIPS R3000/R4000.
|
|||
|
|
|||
|
<20> Finally, when it comes to networking, Linux is choice. Not only
|
|||
|
because networking is tightly integrated with the OS itself and a
|
|||
|
plethora of applications is freely available, but for the
|
|||
|
robustness under heavy loads that can only be achieved after years
|
|||
|
of debugging and testing in an Open Source project.
|
|||
|
|
|||
|
|
|||
|
3. Networking protocols
|
|||
|
|
|||
|
|
|||
|
Linux supports many different networking protocols:
|
|||
|
|
|||
|
|
|||
|
3.1. TCP/IP
|
|||
|
|
|||
|
|
|||
|
The Internet Protocol was originally developed two decades ago for the
|
|||
|
United States Department of Defense (DoD), mainly for the purpose of
|
|||
|
interconnecting different-brand computers. The TCP/IP suite of
|
|||
|
protocols allowed, through its layered structure, to insulate
|
|||
|
applications from networking hardware.
|
|||
|
|
|||
|
Although it is based on a layered model, it is focused more on
|
|||
|
delivering interconnectivity than on rigidly adhering to functional
|
|||
|
layers. This is one of the reasons why TCP/IP has become the de facto
|
|||
|
standard internetworking protocol as opposed to OSI.
|
|||
|
|
|||
|
TCP/IP networking has been present in Linux since its beginnings. It
|
|||
|
has been implemented from scratch. It is one of the most robust, fast
|
|||
|
and reliable implementations and is one of the key factors of the
|
|||
|
success of Linux.
|
|||
|
|
|||
|
Related HOWTO: http://metalab.unc.edu/mdw/HOWTO/NET3-4-HOWTO.html
|
|||
|
|
|||
|
|
|||
|
3.2. TCP/IP version 6
|
|||
|
|
|||
|
|
|||
|
IPv6, sometimes also referred to as IPng (IP Next Generation) is an
|
|||
|
upgrade to the IPv4 protocol in order to address many issues. These
|
|||
|
issues include: shortage of available IP addresses, lack of mechanisms
|
|||
|
to handle time-sensitive traffic, lack of network layer security, etc.
|
|||
|
|
|||
|
The larger name space will be accompanied by an improved addressing
|
|||
|
scheme, which will have a great impact on routing performance. A beta
|
|||
|
implementation exists for Linux, and a production version is expected
|
|||
|
for the 2.2.0 Linux kernel release.
|
|||
|
|
|||
|
<20> Linux IPv6 HOWTO:http://www.wcug.wwu.edu/ipv6/faq/
|
|||
|
|
|||
|
|
|||
|
3.3. IPX/SPX
|
|||
|
|
|||
|
IPX/SPX (Internet Packet Exchange/Sequenced Packet Exchange) is a
|
|||
|
proprietary protocol stack developed by Novell and based on the Xerox
|
|||
|
Network Systems (XNS) protocol. IPX/SPX became prominent during the
|
|||
|
early 1980s as an integral part of Novell, Inc.'s NetWare. NetWare
|
|||
|
became the de facto standard network operating system (NOS) of first
|
|||
|
generation LANs. Novell complemented its NOS with a business-oriented
|
|||
|
application suite and client-side connection utilities.
|
|||
|
|
|||
|
Linux has a very clean IPX/SPX implementation, allowing it to be
|
|||
|
configured as an:
|
|||
|
|
|||
|
<20> IPX router
|
|||
|
|
|||
|
<20> IPX bridge
|
|||
|
|
|||
|
<20> NCP client and/or NCP Server (for sharing files)
|
|||
|
|
|||
|
<20> Novell Print Client, Novell Print Server
|
|||
|
|
|||
|
And to:
|
|||
|
|
|||
|
<20> Enable PPP/IPX, allowing a Linux box to act as a PPP server/client
|
|||
|
|
|||
|
<20> Perform IPX tunnelling through IP, allowing the connection of two
|
|||
|
IPX networks through an IP only link
|
|||
|
|
|||
|
Additionally, Caldera <http://www.caldera.com> offers commercial
|
|||
|
support for Novell NetWare under Linux. Caldera provides a fully
|
|||
|
featured Novell NetWare client built on technology licensed from
|
|||
|
Novell Corporation. The client provides full client access to Novell
|
|||
|
3.x and 4.x fileservers and includes features such as NetWare
|
|||
|
Directory Service (NDS) and RSA encryption.
|
|||
|
|
|||
|
|
|||
|
<20> IPX HOWTO: http://metalab.unc.edu/mdw/HOWTO/IPX-HOWTO.html
|
|||
|
|
|||
|
|
|||
|
3.4. AppleTalk Protocol Suite
|
|||
|
|
|||
|
Appletalk is the name of Apple's internetworking stack. It allows a
|
|||
|
peer-to-peer network model which provides basic functionality such as
|
|||
|
file and printer sharing. Each machine can simultaneously act as a
|
|||
|
client and a server, and the software and hardware necessary are
|
|||
|
included with every Apple computer.
|
|||
|
|
|||
|
Linux provides full Appletalk networking. Netatalk is a kernel-level
|
|||
|
implementation of the AppleTalk Protocol Suite, originally for BSD-
|
|||
|
derived systems. It includes support for routing AppleTalk, serving
|
|||
|
Unix and AFS filesystems over AFP (AppleShare), serving Unix printers
|
|||
|
and accessing AppleTalk printers over PAP.
|
|||
|
|
|||
|
See section 5.1 for more information.
|
|||
|
|
|||
|
|
|||
|
3.5. WAN Networking: X.25, Frame-relay, etc...
|
|||
|
|
|||
|
Several third parties provide T-1, T-3, X.25 and Frame Relay products
|
|||
|
for Linux. Generally special hardware is required for these types of
|
|||
|
connections. Vendors that provide the hardware also provide the
|
|||
|
drivers with protocol support.
|
|||
|
|
|||
|
|
|||
|
<20> WAN resources for Linux:
|
|||
|
http://www.secretagent.com/networking/wan.html
|
|||
|
|
|||
|
|
|||
|
|
|||
|
3.6. ISDN
|
|||
|
|
|||
|
The Linux kernel has built-in ISDN capabilies. Isdn4linux controls
|
|||
|
ISDN PC cards and can emulate a modem with the Hayes command set ("AT"
|
|||
|
commands). The possibilities range from simply using a terminal
|
|||
|
program to connections via HDLC (using included devices) to full
|
|||
|
connection to the Internet with PPP to audio applications.
|
|||
|
|
|||
|
|
|||
|
<20> FAQ for isdn4linux: http://ww.isdn4linux.de/faq/
|
|||
|
|
|||
|
|
|||
|
|
|||
|
3.7. PPP, SLIP, PLIP
|
|||
|
|
|||
|
The Linux kernel has built-in support for PPP (Point-to-Point-
|
|||
|
Protocol), SLIP (Serial Line IP) and PLIP (Parallel Line IP). PPP is
|
|||
|
the most popular way individual users access their ISPs (Internet
|
|||
|
Service Providers). PLIP allows the cheap connection of two machines.
|
|||
|
It uses a parallel port and a special cable, achieving speeds of
|
|||
|
10kBps to 20kBps.
|
|||
|
|
|||
|
|
|||
|
<20> Linux PPP HOWTO <http://metalab.unc.edu/mdw/HOWTO/PPP-HOWTO.html>
|
|||
|
|
|||
|
<20> PPP/SLIP emulator <http://metalab.unc.edu/mdw/HOWTO/mini/SLIP-PPP-
|
|||
|
Emulator.html>
|
|||
|
|
|||
|
<20> PLIP information can be found in The Network Administrator Guide
|
|||
|
<http://metalab.unc.edu/mdw/LDP/nag/nag.html>
|
|||
|
|
|||
|
|
|||
|
3.8. Amateur Radio
|
|||
|
|
|||
|
The Linux kernel has built-in support for amateur radio protocols.
|
|||
|
|
|||
|
Especially interesting is the AX.25 support. The AX.25 protocol offers
|
|||
|
both connected and connectionless modes of operation, and is used
|
|||
|
either by itself for point-point links, or to carry other protocols
|
|||
|
such as TCP/IP and NetRom.
|
|||
|
|
|||
|
It is similar to X.25 level 2 in structure, with some extensions to
|
|||
|
make it more useful in the amateur radio environment.
|
|||
|
|
|||
|
<20> Amateur radio on Linux web site <http://radio.linux.org.au/>
|
|||
|
|
|||
|
|
|||
|
3.9. ATM
|
|||
|
|
|||
|
ATM support for Linux is currently in pre-alpha stage. There is an
|
|||
|
experimental release, which supports raw ATM connections (PVCs and
|
|||
|
SVCs), IP over ATM, LAN emulation...
|
|||
|
|
|||
|
|
|||
|
<20> Linux ATM-Linux home page <http://lrcwww.epfl.ch/linux-atm/>
|
|||
|
|
|||
|
|
|||
|
4. Networking hardware supported
|
|||
|
|
|||
|
Linux supports a great variety of networking hardware, including some
|
|||
|
obsolete equipment.
|
|||
|
|
|||
|
Some interesting documents:
|
|||
|
|
|||
|
<20> Hardware HOWTO <http://metalab.unc.edu/mdw/HOWTO/Hardware-
|
|||
|
HOWTO.html>
|
|||
|
|
|||
|
<20> Ethernet HOWTO <http://metalab.unc.edu/mdw/HOWTO/Ethernet-
|
|||
|
HOWTO.html>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
5. File Sharing and Printing
|
|||
|
|
|||
|
The primary purpose of many PC based Local Area Networks is to provide
|
|||
|
file and printer sharing services to the users. Linux as a corporate
|
|||
|
file and print server turns out to be a great solution.
|
|||
|
|
|||
|
|
|||
|
5.1. Apple environment
|
|||
|
|
|||
|
As outlined in previous sections, Linux supports the Appletalk family
|
|||
|
of protocols. Linux netatalk allows Macintosh clients to see Linux
|
|||
|
Systems as another Macintosh on the network, share files and use
|
|||
|
printers connected to Linux servers.
|
|||
|
|
|||
|
Netatalk faq and HOWTO:
|
|||
|
|
|||
|
<20> http://thehamptons.com/anders/netatalk/
|
|||
|
|
|||
|
<20> http://www.umich.edu/~rsug/netatalk/
|
|||
|
|
|||
|
<20> http://www.umich.edu/~rsug/netatalk/faq.html
|
|||
|
|
|||
|
|
|||
|
5.2. Windows Environment
|
|||
|
|
|||
|
Samba is a suite of applications that allow most Unices (and in
|
|||
|
particular Linux) to integrate into a Microsoft network both as a
|
|||
|
client and a server. Acting as a server it allows Windows 95, Windows
|
|||
|
for Workgroups, DOS and Windows NT clients to access Linux files and
|
|||
|
printing services. It can completely replace Windows NT for file and
|
|||
|
printing services, including the automatic downloading of printer
|
|||
|
drivers to clients. Acting as a client allows the Linux workstation to
|
|||
|
mount locally exported windows file shares.
|
|||
|
|
|||
|
According to the SAMBA Meta-FAQ:
|
|||
|
|
|||
|
|
|||
|
|
|||
|
"Many users report that compared to other SMB implementations Samba is more stable,
|
|||
|
faster, and compatible with more clients. Administrators of some large installations say
|
|||
|
that Samba is the only SMB server available which will scale to many tens of thousands
|
|||
|
of users without crashing"
|
|||
|
|
|||
|
|
|||
|
|
|||
|
<20> Samba project home page <http://samba.anu.edu.au/samba/>
|
|||
|
|
|||
|
<20> SMB HOWTO <http://metalab.unc.edu/mdw/HOWTO/SMB-HOWTO.html>
|
|||
|
|
|||
|
<20> Printing HOWTO <http://metalab.unc.edu/mdw/HOWTO/Printing-
|
|||
|
HOWTO.html>
|
|||
|
|
|||
|
|
|||
|
5.3. Novell Environment
|
|||
|
|
|||
|
As stated in previous sections, Linux can be configured to act as an
|
|||
|
NCP client or server, thus allowing file and printing services over a
|
|||
|
Novell network for both Novell and Unix clients.
|
|||
|
|
|||
|
|
|||
|
<20> IPX HOWTO <http://metalab.unc.edu/mdw/HOWTO/IPX-HOWTO.html>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
5.4. Unix Environment
|
|||
|
|
|||
|
The preferred way to share files in a Unix networking environment is
|
|||
|
through NFS. NFS stands for Network File Sharing and it is a protocol
|
|||
|
originally developed by Sun Microsystems. It is a way to share files
|
|||
|
between machines as if they were local. A client "mounts" a filesystem
|
|||
|
"exported" by an NFS server. The mounted filesystem will appear to the
|
|||
|
client machine as if it was part of the local filesystem.
|
|||
|
|
|||
|
It is possible to mount the root filesystem at startup time, thus
|
|||
|
allowing diskless clients to boot up and access all files from a
|
|||
|
server. In other words, it is possible to have a fully functional
|
|||
|
computer without a hard disk.
|
|||
|
|
|||
|
Coda is a network filesystem (like NFS) that supports disconnected
|
|||
|
operation, persistant caching, among other goodies. It's included in
|
|||
|
2.2.x kernels. Really handy for slow or unreliable networks and
|
|||
|
laptops.
|
|||
|
|
|||
|
NFS-related documents:
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/mini/NFS-Root.html
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/Diskless-HOWTO.html
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/mini/NFS-Root-Client-mini-
|
|||
|
HOWTO/index.html
|
|||
|
|
|||
|
<20> http://www.redhat.com/support/docs/rhl/NFS-Tips/NFS-Tips.html
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/NFS-HOWTO.html
|
|||
|
|
|||
|
CODA can be found at: http://www.coda.cs.cmu.edu/
|
|||
|
|
|||
|
6. Internet/Intranet
|
|||
|
|
|||
|
Linux is a great platform to act as an Intranet / Internet server. The
|
|||
|
term Intranet refers to the application of Internet technologies
|
|||
|
inside an organisation mainly for the purpose of distributing and
|
|||
|
making available information inside the company. Internet and Intranet
|
|||
|
services offered by Linux include mail, news, WWW servers and many
|
|||
|
more that will be outlined in the next sections.
|
|||
|
|
|||
|
|
|||
|
6.1. Mail
|
|||
|
|
|||
|
|
|||
|
6.1.1. Mail servers
|
|||
|
|
|||
|
Sendmail is the de facto standard mail server program (called an MTA,
|
|||
|
or Mail Transport Agent) for Unix platforms. It is robust, scalable,
|
|||
|
and properly configured and with the necessary hardware, can handle
|
|||
|
loads of thousands of users without blinking. Alternative mail
|
|||
|
servers, such as smail and qmail, are also available.
|
|||
|
|
|||
|
|
|||
|
<20> Sendmail web site <http://www.sendmail.org/>
|
|||
|
|
|||
|
<20> Smail faq <http://www.sbay.org/smail-faq.html>
|
|||
|
|
|||
|
<20> Qmail web site <http://www.qmail.org>
|
|||
|
|
|||
|
Mail HOWTOs:
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/Mail-User-HOWTO.html
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/mini/Qmail+MH.html
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/mini/Sendmail+UUCP.html
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/mini/Mail-Queue.html
|
|||
|
|
|||
|
|
|||
|
6.1.2. Remote access to mail
|
|||
|
|
|||
|
In an organisation or ISP, users will likely access their mail
|
|||
|
remotely from their desktops. Several alternatives exist in Linux,
|
|||
|
including POP (Post Office Protocol) and IMAP (Internet Message Access
|
|||
|
Protocol) servers. The POP protocol is usually used to transfer
|
|||
|
messages from the server to the client. IMAP permits also manipulation
|
|||
|
of the messages in the server, remote creation and deletion of folders
|
|||
|
in the server, concurrent access to shared mail folders, etc.
|
|||
|
|
|||
|
|
|||
|
<20> Brief comparison IMAP and POP
|
|||
|
<http://www.imap.org/imap.vs.pop.brief.html>
|
|||
|
|
|||
|
Mail related HOWTOs:
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/Mail-User-HOWTO.html
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/Cyrus-IMAP.html
|
|||
|
|
|||
|
|
|||
|
6.1.3. Mail User Agents
|
|||
|
|
|||
|
There are a number of MUA (Mail User Agents) in Linux, both graphical
|
|||
|
and text mode. The most widely used ones include: pine, elm, mutt and
|
|||
|
Netscape.
|
|||
|
|
|||
|
|
|||
|
<20> List of mail related software
|
|||
|
<http://www.linuxlinks.com/Software/Internet/Mail/>
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/mini/TkRat.html
|
|||
|
|
|||
|
|
|||
|
6.1.4. Mailing list software
|
|||
|
|
|||
|
There are many MLM (Mail List Management) programs available for Unix
|
|||
|
in general and for Linux in particular.
|
|||
|
|
|||
|
|
|||
|
<20> A good comparison of existing MLMs may be found
|
|||
|
at:ftp://ftp.uu.net/usenet/news.answers/mail/list-admin/
|
|||
|
|
|||
|
<20> Listserv <http://www.lsoft.com/>
|
|||
|
|
|||
|
<20> Majordomo home page <http://www.greatcircle.com/majordomo/>
|
|||
|
|
|||
|
|
|||
|
6.1.5. Fetchmail
|
|||
|
|
|||
|
One userful mail-related utility is fetchmail. Fetchmail is a free,
|
|||
|
full-featured, robust, well-documented remote-mail retrieval and
|
|||
|
forwarding utility intended to be used over on-demand TCP/IP links
|
|||
|
(such as SLIP or PPP connections). It supports every remote-mail
|
|||
|
protocol now in use on the Internet. It can even support IPv6 and
|
|||
|
IPSEC.
|
|||
|
|
|||
|
Fetchmail retrieves mail from remote mail servers and forwards it via
|
|||
|
SMTP, so it can then be be read by normal mail user agents such as
|
|||
|
mutt, elm or BSD Mail. It allows all the system MTA's filtering,
|
|||
|
forwarding, and aliasing facilities to work just as they would on
|
|||
|
normal mail.
|
|||
|
|
|||
|
Fetchmail can be used as a POP/IMAP-to-SMTP gateway for an entire DNS
|
|||
|
domain, collecting mail from a single drop box on an ISP and SMTP-
|
|||
|
forwarding it based on header addresses.
|
|||
|
|
|||
|
A small company may centralise its mail in a single mailbox, configure
|
|||
|
fetchmail to collect all outgoing mail, send it via a single mailbox
|
|||
|
at their ISP and retrieve all incoming mail from the same mailbox.
|
|||
|
|
|||
|
|
|||
|
<20> Fetchmail home page <http://www.tuxedo.org/~esr/fetchmail/>
|
|||
|
|
|||
|
|
|||
|
6.2. Web Servers
|
|||
|
|
|||
|
Most Linux distributions include Apache <http://www.apache.org>.
|
|||
|
Apache is the number one server on the internet according to
|
|||
|
http://www.netcraft.co.uk/survey/ . More than a half of all internet
|
|||
|
sites are running Apache or one of it derivatives. Apache's advantages
|
|||
|
include its modular design, stability and speed. Given the appropriate
|
|||
|
hardware and configuration it can support the highest loads: Yahoo,
|
|||
|
Altavista, GeoCities, and Hotmail are based on customized versions of
|
|||
|
this server.
|
|||
|
|
|||
|
Optional support for SSL (which enables secure transactions) is also
|
|||
|
available at:
|
|||
|
|
|||
|
<20> http://www.apache-ssl.org/
|
|||
|
|
|||
|
<20> http://raven.covalent.net/
|
|||
|
|
|||
|
<20> http://www.c2.net/
|
|||
|
|
|||
|
Related HOWTOs:
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/WWW-HOWTO.html
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/Virtual-Services-HOWTO.html
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/Intranet-Server-HOWTO.html
|
|||
|
|
|||
|
<20> Web servers for Linux
|
|||
|
<http://www.linuxlinks.com/Software/Internet/WebServers/>
|
|||
|
|
|||
|
|
|||
|
6.3. Web Browsers
|
|||
|
|
|||
|
A number of web browsers exist for the Linux platform. Netscape
|
|||
|
Navigator has been one of the choices from the very beginning and the
|
|||
|
upcoming Mozilla (http://www.mozilla.org) will have a Linux version.
|
|||
|
Another popular text based web browser is lynx. It is fast and handy
|
|||
|
when no graphical environment is available.
|
|||
|
|
|||
|
|
|||
|
<20> Browser software for Linux
|
|||
|
<http://www.linuxlinks.com/Software/Internet/WebBrowsers/>
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/mini/Public-Web-Browser.html
|
|||
|
|
|||
|
|
|||
|
|
|||
|
6.4. FTP Servers and clients
|
|||
|
|
|||
|
FTP stands for File Transfer Protocol. An FTP server allows clients to
|
|||
|
connect to it and retrieve (download) files. Many ftp servers and
|
|||
|
clients exist for Linux and are included with most distributions.
|
|||
|
There are text-based clients as well as GUI based ones. FTP related
|
|||
|
software (servers and clients) for Linux may be found at:
|
|||
|
http://metalab.unc.edu/pub/Linux/system/network/file-transfer/
|
|||
|
|
|||
|
|
|||
|
6.5. News service
|
|||
|
|
|||
|
Usenet (also known as news) is a big bulletin board system that covers
|
|||
|
all kinds of topics and it is organised hierarchically. A network of
|
|||
|
computers across the internet (Usenet) exchange articles through the
|
|||
|
NNTP protocol. Several implementations exist for Linux, either for
|
|||
|
heavily loaded sites or for small sites receiving only a few
|
|||
|
newsgroups.
|
|||
|
|
|||
|
<20> INN home page <http://www.isc.org/>
|
|||
|
|
|||
|
<20> Linux news related software
|
|||
|
<http://www.linuxlinks.com/Software/Internet/News/>
|
|||
|
|
|||
|
|
|||
|
6.6. Domain Name System
|
|||
|
|
|||
|
A DNS server has the job of translating names (readable by humans) to
|
|||
|
IP addresses. A DNS server does not know all the IP addresses in the
|
|||
|
world; rather, it is able to request other servers for the unknown
|
|||
|
addresses. The DNS server will either return the wanted IP address to
|
|||
|
the user or report that the name cannot be found in the tables.
|
|||
|
|
|||
|
Name serving on Unix (and on the vast majority of the Internet) is
|
|||
|
done by a program called named. This is a part of the bind package of
|
|||
|
The Internet Software Consortium.
|
|||
|
|
|||
|
<20> BIND <http://www.isc.org/>
|
|||
|
|
|||
|
<20> DNS HOWTO <http://metalab.unc.edu/mdw/HOWTO/DNS-HOWTO.html>
|
|||
|
|
|||
|
|
|||
|
6.7. DHCP, bootp
|
|||
|
|
|||
|
DHCP and bootp are protocols that allow a client machine to obtain
|
|||
|
network information (such as their IP number) from a server. Many
|
|||
|
organisations are starting to use it because it eases network
|
|||
|
administration, especially in large networks or networks which have
|
|||
|
lots of mobile users.
|
|||
|
|
|||
|
Related documents:
|
|||
|
|
|||
|
<20> DHCP mini-HOWTO
|
|||
|
<http://metalab.unc.edu/mdw/HOWTO/mini/DHCP/index.html>
|
|||
|
|
|||
|
|
|||
|
6.8. NIS
|
|||
|
|
|||
|
The Network Information Service (NIS) provides a simple network lookup
|
|||
|
service consisting of databases and processes. Its purpose is to
|
|||
|
provide information that has to be known throughout the network to all
|
|||
|
machines on the network. For example, it enables an administrator to
|
|||
|
allow users access to any machine in a network running NIS without a
|
|||
|
password entry existing on each machine; only the main database needs
|
|||
|
to be maintained.
|
|||
|
|
|||
|
Related HOWTO:
|
|||
|
|
|||
|
<20> NIS HOWTO <http://metalab.unc.edu/mdw/HOWTO/NIS-HOWTO.html>
|
|||
|
|
|||
|
|
|||
|
6.9. Authentication
|
|||
|
|
|||
|
There are also various ways of authenticating users in mixed networks.
|
|||
|
|
|||
|
<20> For Linux/Windows NT:http://www.mindware.com.au/ftp/smb-NT-
|
|||
|
verify.1.1.tar.gz
|
|||
|
|
|||
|
<20> The PAM (pluggable authentication module) which is a flexible
|
|||
|
method of Unix authentication: PAM library
|
|||
|
<http://www.kernel.org/pub/linux/libs/pam/index.html>.
|
|||
|
|
|||
|
<20> Finally, LDAP in Linux
|
|||
|
<http://www.umich.edu/~dirsvcs/ldap/index.html>
|
|||
|
|
|||
|
7. Remote execution of applications
|
|||
|
|
|||
|
One of the most amazing features of Unix (yet one of the most unknown
|
|||
|
to new users) is its great support for remote and distributed
|
|||
|
execution of applications.
|
|||
|
|
|||
|
|
|||
|
7.1. Telnet
|
|||
|
|
|||
|
Telnet is a program that allows a person to use a remote computer as
|
|||
|
if that person were actually at the remote site. Telnet is one of the
|
|||
|
most powerful tools for Unix, allowing for true remote administration.
|
|||
|
It is also an interesting program from the point of view of users,
|
|||
|
because it allows remote access to all their files and programs from
|
|||
|
anywhere in the Internet. Combined with an X server, there is no
|
|||
|
difference (apart from the delay) between being at the console or on
|
|||
|
the other side of the planet. Telnet daemons and clients are available
|
|||
|
with most Linux distributions.
|
|||
|
|
|||
|
Encrypted remote shell sessions are available through SSH
|
|||
|
(http://www.ssh.fi/sshprotocols2/index.html
|
|||
|
<http://www.ssh.fi/sshprotocols2/index.html>) thus effectively
|
|||
|
allowing secure remote administration.
|
|||
|
|
|||
|
|
|||
|
<20> Telnet related software
|
|||
|
<http://metalab.unc.edu/pub/Linux/system/network/telnet/>
|
|||
|
|
|||
|
|
|||
|
7.2. Remote commands
|
|||
|
|
|||
|
In Unix, and in particular in Linux, remote commands exist that allow
|
|||
|
for interaction with other computers from the shell prompt. Examples
|
|||
|
are: rlogin, which allows for login in a remote machine in a similar
|
|||
|
way to telnet, rcp, which allows for the remote transfer of files
|
|||
|
among machines, etc. Finally, the remote shell command rsh allows the
|
|||
|
execution of a command on a remote machine without actually logging
|
|||
|
onto that machine.
|
|||
|
|
|||
|
|
|||
|
7.3. The X Window System
|
|||
|
|
|||
|
The X Window System was developed at MIT in the late 1980s, rapidly
|
|||
|
becoming the industry standard windowing system for Unix graphics
|
|||
|
workstations. The software is freely available, very versatile, and is
|
|||
|
suitable for a wide range of hardware platforms. Any X environment
|
|||
|
consists of two distinct parts, the X server and one or more X
|
|||
|
clients. It is important to realise the distinction between the server
|
|||
|
and the client. The server controls the display directly and is
|
|||
|
responsible for all input/output via the keyboard, mouse or display.
|
|||
|
The clients, on the other hand, do not access the screen directly -
|
|||
|
they communicate with the server, which handles all input and output.
|
|||
|
It is the clients which do the "real" computing work - running
|
|||
|
applications or whatever. The clients communicate with the server,
|
|||
|
causing the server to open one or more windows to handle input and
|
|||
|
output for that client.
|
|||
|
|
|||
|
In short, the X Window System allows a user to log in into a remote
|
|||
|
machine, execute a process (for example, open a web browser) and have
|
|||
|
the output displayed on his own machine. Because the process is
|
|||
|
actually being executed on the remote system, very little CPU power is
|
|||
|
needed in the local one. Indeed, computers exist whose primary purpose
|
|||
|
is to act as pure X servers. Such systems are called X terminals.
|
|||
|
|
|||
|
A free port of the X Window System exists for Linux and can be found
|
|||
|
at: Xfree <http://www.xfree86.org/>. It is included in most Linux
|
|||
|
distributions.
|
|||
|
|
|||
|
Related HOWTO:
|
|||
|
|
|||
|
<20> Remote X Apps HOWTO <http://metalab.unc.edu/mdw/HOWTO/mini/Remote-
|
|||
|
X-Apps.html>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
7.4. VNC
|
|||
|
|
|||
|
VNC stands for Virtual Network Computing. It is, in essence, a remote
|
|||
|
display system which allows one to view a computing 'desktop'
|
|||
|
environment not only on the machine where it is running, but from
|
|||
|
anywhere on the Internet and from a wide variety of machine
|
|||
|
architectures. Both clients and servers exist for Linux as well as for
|
|||
|
many other platforms. It is possible to execute MS-Word in a Windows
|
|||
|
NT or 95 machine and have the output displayed in a Linux machine. The
|
|||
|
opposite is also true; it is possible to execute an application in a
|
|||
|
Linux machine and have the output displayed in any other Linux or
|
|||
|
Windows machine. One of the available clients is a Java applet,
|
|||
|
allowing the remote display to be run inside a web browser. Another
|
|||
|
client is a port for Linux using the SVGAlib graphics library,
|
|||
|
allowing 386s with as little as 4 MB of RAM to become fully functional
|
|||
|
X-Terminals.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
<20> VNC web site <http://www.realvnc.com/>
|
|||
|
|
|||
|
|
|||
|
8. Network Interconnection
|
|||
|
|
|||
|
Linux networking is rich in features. A Linux box can be configured so
|
|||
|
it can act as a router, bridge, etc... Some of the available options
|
|||
|
are described below.
|
|||
|
|
|||
|
|
|||
|
8.1. Router
|
|||
|
|
|||
|
The Linux kernel has built-in support for routing functions. A Linux
|
|||
|
box can act either as an IP or IPX router for a fraction of the cost
|
|||
|
of a commercial router. Recent kernels include special options for
|
|||
|
machines acting primarily as routers:
|
|||
|
|
|||
|
<20> Multicasting: Allows the Linux machine to act as a router for IP
|
|||
|
packets that have several destination addresses. It is needed on
|
|||
|
the MBONE, a high bandwidth network on top of the Internet which
|
|||
|
carries audio and video broadcasts.
|
|||
|
|
|||
|
<20> IP policy routing: Normally a router decides what to do with a
|
|||
|
received packet based solely on the packet's final destination
|
|||
|
address, but routing can also take into account the originating
|
|||
|
address and the network device from which the packet reached it.
|
|||
|
|
|||
|
There are some related projects which include one aiming at building a
|
|||
|
complete, running Linux router on a floppy disk: Linux router project
|
|||
|
<http://www.linuxrouter.org>
|
|||
|
|
|||
|
|
|||
|
8.2. Bridge
|
|||
|
|
|||
|
The Linux kernel has built-in support for acting as an Ethernet
|
|||
|
bridge, which means that the different Ethernet segments it is
|
|||
|
connected to will appear as one Ethernet to the participants. Several
|
|||
|
bridges can work together to create even larger networks of Ethernets
|
|||
|
using the IEEE802.1 spanning tree algorithm. As this is a standard,
|
|||
|
Linux bridges will interoperate properly with other third party bridge
|
|||
|
products. Additional packages allow filtering based on IP, IPX or MAC
|
|||
|
addresses.
|
|||
|
|
|||
|
Related HOWTOs:
|
|||
|
|
|||
|
<20> Bridge+Firewall
|
|||
|
<http://metalab.unc.edu/mdw/HOWTO/mini/Bridge+Firewall.html>
|
|||
|
|
|||
|
<20> Bridge <http://metalab.unc.edu/mdw/HOWTO/mini/Bridge.html>
|
|||
|
|
|||
|
|
|||
|
8.3. IP Masquerade
|
|||
|
|
|||
|
IP Masquerade is a developing networking function in Linux. If a Linux
|
|||
|
host is connected to the Internet with IP Masquerade enabled, then
|
|||
|
computers connecting to it (either on the same LAN or connected with
|
|||
|
modems) can reach the Internet as well, even though they have no
|
|||
|
officially assigned IP addresses. This allows for reduction of costs,
|
|||
|
since many people may be able to access the Internet using a single
|
|||
|
modem connection as well as contributes to increased security (in some
|
|||
|
way the machine is acting as a firewall, since unofficially assigned
|
|||
|
addresses cannot be accessed outside of that network).
|
|||
|
|
|||
|
IP masquerade related pages and documents:
|
|||
|
|
|||
|
<20> http://ipmasq.home.ml.org/
|
|||
|
|
|||
|
<20> http://www.indyramp.com/masq/links.pfhtml
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/IP-Masquerade-HOWTO.html
|
|||
|
|
|||
|
|
|||
|
8.4. IP Accounting
|
|||
|
|
|||
|
This option of the Linux kernel keeps track of IP network traffic,
|
|||
|
performs packet logging and produces some statistics. A series of
|
|||
|
rules may be defined so when a packet matches a given pattern, some
|
|||
|
action is performed: a counter is increased, it is accepted/rejected,
|
|||
|
etc.
|
|||
|
|
|||
|
|
|||
|
8.5. IP aliasing
|
|||
|
|
|||
|
This feature of the Linux kernel provides the possibility of setting
|
|||
|
multiple network addresses on the same low-level network device driver
|
|||
|
(e.g two IP addresses in one Ethernet card). It is typically used for
|
|||
|
services that act differently based on the address they listen on
|
|||
|
(e.g. "multihosting" or "virtual domains" or "virtual hosting
|
|||
|
services".
|
|||
|
|
|||
|
Related HOWTO:
|
|||
|
|
|||
|
<20> IP Aliasing HOWTO <http://metalab.unc.edu/mdw/HOWTO/mini/IP-
|
|||
|
Alias.html>
|
|||
|
|
|||
|
|
|||
|
8.6. Traffic Shaping
|
|||
|
|
|||
|
The traffic shaper is a virtual network device that makes it possible
|
|||
|
to limit the rate of outgoing data flow over another network device.
|
|||
|
This is especially useful in scenarios such as ISPs, where it is
|
|||
|
desirable to control and enforce policies regarding how much bandwidth
|
|||
|
is used by each client. Another alternative (for web services only)
|
|||
|
may be certain Apache modules which restrict the number of IP
|
|||
|
connections by client or the bandwidth used.
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/NET3-4-HOWTO-6.html#ss6.15
|
|||
|
|
|||
|
8.7. Firewall
|
|||
|
|
|||
|
A firewall is a device that protects a private network from the public
|
|||
|
part (the internet as a whole). It is designed to control the flow of
|
|||
|
packets based on the source, destination, port and packet type
|
|||
|
information contained in each packet.
|
|||
|
|
|||
|
Different firewall toolkits exist for Linux as well as built-in
|
|||
|
support in the kernel. Other firewalls are TIS and SOCKS. These
|
|||
|
firewall toolkits are very complete and combined with other tools
|
|||
|
allow blocking/redirection of all kinds of traffic and protocols.
|
|||
|
Different policies can be implemented via configuration files or GUI
|
|||
|
programs.
|
|||
|
|
|||
|
|
|||
|
<20> TIS home page <http://www.tis.com>
|
|||
|
|
|||
|
<20> SOCKS <http://www.socks.nec.com/socksfaq.html>
|
|||
|
|
|||
|
<20> Firewall HOWTO <http://metalab.unc.edu/mdw/HOWTO/Firewall-
|
|||
|
HOWTO.html>
|
|||
|
|
|||
|
|
|||
|
8.8. Port forwarding
|
|||
|
|
|||
|
An increasing number of web sites are becoming interactive by having
|
|||
|
cgi-bins or Java applets that access some database or other service.
|
|||
|
Since this access may pose a security problem, the machine containing
|
|||
|
the database should not be directly connected to the Internet.
|
|||
|
|
|||
|
Port Forwarding can provide an almost ideal solution to this access
|
|||
|
problem. On the firewall, IP packets that come in to a specific port
|
|||
|
number can be re-written and forwarded to the internal server
|
|||
|
providing the actual service. The reply packets from the internal
|
|||
|
server are re-written to make it appear that they came from the
|
|||
|
firewall.
|
|||
|
|
|||
|
Port forwarding information may be found here
|
|||
|
<http://www.ox.compsoc.net/~steve/portforwarding.html>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
8.9. Load Balancing
|
|||
|
|
|||
|
Demand for load balancing usually arises in database/web access when
|
|||
|
many clients make simultaneous requests to a server. It would be
|
|||
|
desirable to have multiple identical servers and redirect requests to
|
|||
|
the less loaded server. This can be achieved through Network Address
|
|||
|
Translation techniques (NAT) of which IP masquerading is a subset.
|
|||
|
Network administrators can replace a single server providing Web
|
|||
|
services - or any other application - with a logical pool of servers
|
|||
|
sharing a common IP address. Incoming connections are directed to a
|
|||
|
particular server using one load-balancing algorithm. The virtual
|
|||
|
server rewrites incoming and outgoing packets to give clients the
|
|||
|
appearance that only one server exists.
|
|||
|
|
|||
|
Linux IP-NAT information may be found here <http://www.csn.tu-
|
|||
|
chemnitz.de/HyperNews/get/linux-ip-nat.html>
|
|||
|
|
|||
|
|
|||
|
8.10. EQL
|
|||
|
|
|||
|
EQL is integrated into the Linux kernel. If two serial connections
|
|||
|
exist to some other computer (this usually requires two modems and two
|
|||
|
telephone lines) and SLIP or PPP (protocols for sending Internet
|
|||
|
traffic over telephone lines) are used on them, it is possible to make
|
|||
|
them behave like one double speed connection using this driver.
|
|||
|
Naturally, this has to be supported at the other end as well.
|
|||
|
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/NET3-4-HOWTO-6.html#ss6.2
|
|||
|
|
|||
|
|
|||
|
8.11. Proxy Server
|
|||
|
|
|||
|
The term proxy means "to do something on behalf of someone else." In
|
|||
|
networking terms, a proxy server computer can act on the behalf of
|
|||
|
several clients. An HTTP proxy is a machine that receives requests for
|
|||
|
web pages from another machine (Machine A). The proxy gets the page
|
|||
|
requested and returns the result to Machine A. The proxy may have a
|
|||
|
cache with the requested pages, so if another machine asks for the
|
|||
|
same page the copy in the cache will be returned instead. This allows
|
|||
|
efficient use of bandwidth resources and less response time. As a side
|
|||
|
effect, as client machines are not directly connected to the outside
|
|||
|
world this is a way of securing the internal network. A well-
|
|||
|
configured proxy can be as effective as a good firewall.
|
|||
|
|
|||
|
Several proxy servers exist for Linux. One popular solution is the
|
|||
|
Apache proxy module. A more complete and robust implementation of an
|
|||
|
HTTP proxy is SQUID.
|
|||
|
|
|||
|
|
|||
|
<20> Apache <http://www.apache.org>
|
|||
|
|
|||
|
<20> Squid <http://squid.nlanr.net/>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
8.12. Diald on demand
|
|||
|
|
|||
|
The purpose of dial on demand is to make it transparently appear that
|
|||
|
the users have a permanent connection to a remote site. Usually,
|
|||
|
there is a daemon who monitors the traffic of packets and where an
|
|||
|
interesting packet (interesting is defined usually by a set of
|
|||
|
rules/priorities/permissions) arrives it establishes a connection with
|
|||
|
the remote end. When the channel is idle for a certain period of time,
|
|||
|
it drops the connection.
|
|||
|
|
|||
|
<20> Diald HOWTO <http://metalab.unc.edu/mdw/HOWTO/Diald-HOWTO.html>
|
|||
|
|
|||
|
|
|||
|
8.13. Tunnelling, mobile IP and virtual private networks
|
|||
|
|
|||
|
The Linux kernel allows the tunnelling (encapsulation) of protocols.
|
|||
|
It can do IPX tunnelling through IP, allowing the connection of two
|
|||
|
IPX networks through an IP only link. It can also do IP-IP tunnelling,
|
|||
|
which it is essential for mobile IP support, multicast support and
|
|||
|
amateur radio. (see
|
|||
|
http://metalab.unc.edu/mdw/HOWTO/NET3-4-HOWTO-6.html#ss6.8)
|
|||
|
|
|||
|
Mobile IP specifies enhancements that allow transparent routing of IP
|
|||
|
datagrams to mobile nodes in the Internet. Each mobile node is always
|
|||
|
identified by its home address, regardless of its current point of
|
|||
|
attachment to the Internet. While situated away from its home, a
|
|||
|
mobile node is also associated with a care-of address, which provides
|
|||
|
information about its current point of attachment to the Internet.
|
|||
|
The protocol provides for registering the care-of address with a home
|
|||
|
agent. The home agent sends datagrams destined for the mobile node
|
|||
|
through a tunnel to the care-of address. After arriving at the end of
|
|||
|
the tunnel, each datagram is then delivered to the mobile node.
|
|||
|
|
|||
|
Point-to-Point Tunneling Protocol (PPTP) is a networking technology
|
|||
|
that allows the use of the Internet as a secure virtual private
|
|||
|
network (VPN). PPTP is integrated with the Remote Access Services
|
|||
|
(RAS) server which is built into Windows NT Server. With PPTP, users
|
|||
|
can dial into a local ISP, or connect directly to the Internet, and
|
|||
|
access their network as if they were at their desks. PPTP is a closed
|
|||
|
protocol and its security has recently being compromised. It is highly
|
|||
|
recomendable to use other Linux based alternatives, since they rely on
|
|||
|
open standards which have been carefully examined and tested.
|
|||
|
|
|||
|
|
|||
|
<20> A client implementation of the PPTP for Linux is available here
|
|||
|
<http://www.pdos.lcs.mit.edu/~cananian/Projects/PPTP/>
|
|||
|
|
|||
|
<20> More on Linux PPTP can be found here
|
|||
|
<http://bmrc.berkeley.edu/people/chaffee/linux_pptp.html>
|
|||
|
|
|||
|
Mobile IP:
|
|||
|
|
|||
|
<20> http://www.hpl.hp.com/personal/Jean_Tourrilhes/MobileIP/mip.html
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/NET3-4-HOWTO-6.html#ss6.12
|
|||
|
|
|||
|
Virtual Private Networks related documents:
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/mini/VPN.html
|
|||
|
|
|||
|
<20> http://sites.inka.de/sites/bigred/devel/cipe.html
|
|||
|
|
|||
|
|
|||
|
|
|||
|
9. Network Management
|
|||
|
|
|||
|
|
|||
|
9.1. Network management applications
|
|||
|
|
|||
|
There is an impressive number of tools focused on network management
|
|||
|
and remote administration. Some interesting remote administration
|
|||
|
projects are linuxconf and webmin:
|
|||
|
|
|||
|
<20> Webmin <http://www.webmin.com/webmin/>
|
|||
|
|
|||
|
|
|||
|
<20> Linuxconf <http://www.solucorp.qc.ca/linuxconf/>
|
|||
|
|
|||
|
Other tools include network traffic analysis tools, network security
|
|||
|
tools, monitoring tools, configuration tools, etc. An archive of many
|
|||
|
of these tools may be found at Metalab
|
|||
|
<http://www.metalab.unc.edu/pub/Linux/system/network/>
|
|||
|
|
|||
|
|
|||
|
9.2. SNMP
|
|||
|
|
|||
|
The Simple Network Management Protocol is a protocol for Internet
|
|||
|
network management services. It allows for remote monitoring and
|
|||
|
configuration of routers, bridges, network cards, switches, etc...
|
|||
|
There is a large amount of libraries, clients, daemons and SNMP based
|
|||
|
monitoring programs available for Linux. A good page dealing with SNMP
|
|||
|
and Linux software may be found at : http://linas.org/linux/NMS.html
|
|||
|
|
|||
|
|
|||
|
10. Enterprise Linux Networking
|
|||
|
|
|||
|
In certain situations it is necessary for the networking
|
|||
|
infrastructure to have proper mechanisms to guarantee network
|
|||
|
availability nearly 100% of the time. Some related techniques are
|
|||
|
described in the following sections. Most of the following material
|
|||
|
can be found at the excellent Linas website:
|
|||
|
http://linas.org/linux/index.html and in the Linux High-Availability
|
|||
|
HOWTO <http://metalab.unc.edu/pub/Linux/ALPHA/linux-ha/High-
|
|||
|
Availability-HOWTO.html>
|
|||
|
|
|||
|
|
|||
|
10.1. High Availability
|
|||
|
|
|||
|
Redundancy is used to prevent the overall IT system from having single
|
|||
|
points of failure. A server with only one network card or a single
|
|||
|
SCSI disk has two single points of failure. The objective is to mask
|
|||
|
unplanned outages from users in a manner that lets users continue to
|
|||
|
work quickly. High availability software is a set of scripts and tools
|
|||
|
that automatically monitor and detect failures, taking the appropriate
|
|||
|
steps to restore normal operation and to notifying system
|
|||
|
administrators.
|
|||
|
|
|||
|
|
|||
|
10.2. RAID
|
|||
|
|
|||
|
RAID, short for Redundant Array of Inexpensive Disks, is a method
|
|||
|
whereby information is spread across several disks, using techniques
|
|||
|
such as disk striping (RAID Level 0) and disk mirroring (RAID level 1)
|
|||
|
to achieve redundancy, lower latency and/or higher bandwidth for
|
|||
|
reading and/or writing, and recoverability from hard-disk crashes.
|
|||
|
Over six different types of RAID configurations have been defined.
|
|||
|
There are three types of RAID solution options available to Linux
|
|||
|
users: software RAID, outboard DASD boxes, and RAID disk controllers.
|
|||
|
|
|||
|
|
|||
|
<20> Software RAID: Pure software RAID implements the various RAID
|
|||
|
levels in the kernel disk (block device) code.
|
|||
|
|
|||
|
<20> Outboard DASD Solutions: DASD (Direct Access Storage Device) are
|
|||
|
separate boxes that come with their own power supply, provide a
|
|||
|
cabinet/chassis for holding the hard drives, and appear to Linux as
|
|||
|
just another SCSI device. In many ways, these offer the most robust
|
|||
|
RAID solution.
|
|||
|
|
|||
|
<20> RAID Disk Controllers: Disk Controllers are adapter cards that plug
|
|||
|
into the ISA/EISA/PCI bus. Just like regular disk controller cards,
|
|||
|
a cable attaches them to the disk drives. Unlike regular disk
|
|||
|
controllers, the RAID controllers will implement RAID on the card
|
|||
|
itself, performing all necessary operations to provide various RAID
|
|||
|
levels.
|
|||
|
|
|||
|
Related HOWTOs:
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/mini/DPT-Hardware-RAID.html
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/Root-RAID-HOWTO.html
|
|||
|
|
|||
|
<20> http://metalab.unc.edu/mdw/HOWTO/Software-RAID-HOWTO.html
|
|||
|
|
|||
|
RAID at linas.org:
|
|||
|
|
|||
|
<20> http://linas.org/linux/raid.html
|
|||
|
|
|||
|
|
|||
|
10.3. Redundant networking
|
|||
|
|
|||
|
IP Address Takeover (IPAT). When a network adapter card fails, its IP
|
|||
|
address should be taken by a working network card in the same node or
|
|||
|
in another node. MAC Address Takeover: when an IP takeover occurs, it
|
|||
|
should be made sure that all the nodes in the network update their ARP
|
|||
|
caches (the mapping between IP and MAC addresses).
|
|||
|
|
|||
|
See the High-Availability HOWTO for more details:
|
|||
|
http://metalab.unc.edu/pub/Linux/ALPHA/linux-ha/High-Availability-
|
|||
|
HOWTO.html
|
|||
|
|
|||
|
|
|||
|
11. Sources of Information
|
|||
|
|
|||
|
If you have networking problems with Linux, please do not e-mail the
|
|||
|
questions to me. I just simply do not have the time to answer them.
|
|||
|
You have better chances to obtain help if you post a question in the
|
|||
|
comp.os.linux.networking newsgroup (which you can access through
|
|||
|
http://www.dejanews.com). Before posting there, make sure that you
|
|||
|
have read the relevant documentation. Then search the news archive,
|
|||
|
because chances are that somebody, sometime made the same question
|
|||
|
(and somebody answered). When posting, remember to explain all the
|
|||
|
steps you have followed and the error messages you got. Where to get
|
|||
|
further information:
|
|||
|
|
|||
|
<20> Linux: http://www.linux.org
|
|||
|
|
|||
|
<20> Linux Documentation Project: http://metalab.unc.edu/mdw/linux.html
|
|||
|
(check out the Linux Network Administrator Guide)
|
|||
|
|
|||
|
<20> Freshmeat: The latest releases of Linux Software.
|
|||
|
http://www.freshmeat.net
|
|||
|
|
|||
|
<20> Linux links: http://www.linuxlinks.com/Networking/
|
|||
|
|
|||
|
|
|||
|
12. Document history
|
|||
|
|
|||
|
|
|||
|
<20> 0.32 Updated many links that have changed. Special thanks go here
|
|||
|
to Kontiki <mailto:kontiki@lares.dtui.ne.jp> for his careful review
|
|||
|
and detailed description of what needed to change. Many thanks also
|
|||
|
to Anne <mailto:annabell@ixos.de> and Mathias
|
|||
|
<hessler@isdn4linux.de> who pointed out other links that were no
|
|||
|
longer valid.
|
|||
|
|
|||
|
<20> 0.31 (17 Sept 1999) Changed address for linux router project
|
|||
|
(thanks to John Ellis) and added another PPTP link (thanks to
|
|||
|
Benjamin Smith)
|
|||
|
|
|||
|
<20> 0.30 (6 April 1999) Included section on CODA (thanks to Brian
|
|||
|
Ristuccia <mailto:brianr@osiris.978.org>
|
|||
|
|
|||
|
<20> 0.2-0.29 Bugfixes :-) (see acknowledgements, at the end of this
|
|||
|
document)
|
|||
|
|
|||
|
<20> 0.1 (5 june 1998)
|
|||
|
|
|||
|
|
|||
|
13. Acknowledgements and disclaimer
|
|||
|
|
|||
|
This document is based on the work of many other people who have made
|
|||
|
it possible for Linux to be what it is now: one of the best network
|
|||
|
operating systems. All credit is theirs. A lot of effort has been put
|
|||
|
into this document to make it simple but accurate and complete but not
|
|||
|
excessively long. Nevertheless, no liability will be assumed by the
|
|||
|
author under any circumstance. Use the information contained here at
|
|||
|
your own risk. Please feel free to e-mail me suggestions, corrections
|
|||
|
or general comments about the document so I can improve it. Other
|
|||
|
topics that will probably be included in futures revisions of this
|
|||
|
document may include radius, web/ftp mirroring tools such as wget,
|
|||
|
traffic analyzers, CORBA... and many others that may be suggested and
|
|||
|
suitable. You can reach me at daniel@rawbyte.com.
|
|||
|
|
|||
|
Finally I would like to thank Finnbjorn av Teigum, Cesar Kant,
|
|||
|
Mathieu Arnold and specially Hisakuni Nogami and Phil Garcia for their
|
|||
|
careful reviews and comments on this HOWTO. Their help is greatly
|
|||
|
appreciated.
|
|||
|
|
|||
|
You can find a version of this document at http://www.rawbyte.com/lno/
|
|||
|
<http://www.rawbyte.com/lno>.
|
|||
|
|
|||
|
Daniel Lopez Ridruejo 8 July 2000
|
|||
|
|
|||
|
|
|||
|
|