LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/www.debian.org/doc/manuals/network-administrator/ch-tcpip.html

1054 lines
37 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<title>Debian GNU/Linux Network Administrator's Manual (Obsolete Documentation) - TCP/IP</title>
<link href="index.html" rel="start">
<link href="ch-overview.html" rel="prev">
<link href="ch-uucp.html" rel="next">
<link href="index.html#contents" rel="contents">
<link href="index.html#copyright" rel="copyright">
<link href="ch-intro.html" rel="chapter" title="1 Introduction">
<link href="ch-overview.html" rel="chapter" title="2 Overview of a Debian GNU/Linux System">
<link href="ch-tcpip.html" rel="chapter" title="3 TCP/IP">
<link href="ch-uucp.html" rel="chapter" title="4 UUCP">
<link href="ch-ppp.html" rel="chapter" title="5 PPP, SLIP, PLIP">
<link href="ch-nfs.html" rel="chapter" title="6 NFS">
<link href="ch-nis.html" rel="chapter" title="7 NIS">
<link href="ch-bind.html" rel="chapter" title="8 DNS/BIND">
<link href="ch-router.html" rel="chapter" title="9 Router">
<link href="ch-mail.html" rel="chapter" title="10 Mail">
<link href="ch-news.html" rel="chapter" title="11 News">
<link href="ch-ftp.html" rel="chapter" title="12 FTP">
<link href="ch-www.html" rel="chapter" title="13 WWW">
<link href="ch-security.html" rel="chapter" title="14 Security">
<link href="ch-firewall.html" rel="chapter" title="15 Firewall">
<link href="ch-kernel.html" rel="chapter" title="16 Kernel Configuration">
<link href="ch-index.html" rel="chapter" title="17 Index">
<link href="ch-intro.html#s1.1" rel="section" title="1.1 About this manual">
<link href="ch-intro.html#s1.2" rel="section" title="1.2 Where to find newer versions">
<link href="ch-intro.html#s1.3" rel="section" title="1.3 How this manual came about">
<link href="ch-tcpip.html#s3.1" rel="section" title="3.1 Intro">
<link href="ch-tcpip.html#s3.2" rel="section" title="3.2 IP Addresses">
<link href="ch-tcpip.html#s3.3" rel="section" title="3.3 IP Interface Configuration">
<link href="ch-tcpip.html#s3.4" rel="section" title="3.4 Basic IP Routing">
<link href="ch-tcpip.html#s3.5" rel="section" title="3.5 Domain Name Service (DNS)">
<link href="ch-tcpip.html#s3.6" rel="section" title="3.6 ICMP and IP Troubleshooting">
<link href="ch-tcpip.html#s3.7" rel="section" title="3.7 TCP and UDP">
<link href="ch-tcpip.html#s3.8" rel="section" title="3.8 Servers, Daemons and the Superserver">
<link href="ch-bind.html#s-bindnecessary" rel="section" title="8.1 Obtaining the necessary files">
<link href="ch-bind.html#s-bindconfig" rel="section" title="8.2 Configuring BIND">
<link href="ch-bind.html#s-bindadvance" rel="section" title="8.3 Advanced Configuration">
<link href="ch-bind.html#s-bindprimary" rel="section" title="8.4 Setting up a Primary DNS Server">
<link href="ch-bind.html#s-bindsecondary" rel="section" title="8.5 Setting up a Secondary DNS Server">
<link href="ch-bind.html#s-bindtest" rel="section" title="8.6 Testing">
<link href="ch-bind.html#s-bindhelp" rel="section" title="8.7 Obtaining Help With BIND">
<link href="ch-mail.html#s10.1" rel="section" title="10.1 Post Office Protocol (POP3) software">
<link href="ch-mail.html#s10.2" rel="section" title="10.2 Interactive Mail Access Protocol (IMAP) software">
<link href="ch-mail.html#s10.3" rel="section" title="10.3 Simple Mail Transfer Protocol (SMTP) software">
<link href="ch-mail.html#s10.4" rel="section" title="10.4 Other mail processing tools">
<link href="ch-mail.html#s10.5" rel="section" title="10.5 Mailing lists handling software">
<link href="ch-www.html#s13.1" rel="section" title="13.1 Chosing a Web Server that's best for you">
<link href="ch-www.html#s13.2" rel="section" title="13.2 Setting up your Web Server">
<link href="ch-www.html#s13.3" rel="section" title="13.3 Web Proxies">
<link href="ch-www.html#s13.4" rel="section" title="13.4 Tools and Other Programs">
<link href="ch-www.html#s13.5" rel="section" title="13.5 Finding Help">
<link href="ch-security.html#s14.1" rel="section" title="14.1 Before you begin">
<link href="ch-security.html#s14.2" rel="section" title="14.2 Security from a Network standpoint">
<link href="ch-security.html#s14.3" rel="section" title="14.3 Security from a User standpoint">
<link href="ch-security.html#s14.4" rel="section" title="14.4 Security Tools">
<link href="ch-security.html#s14.5" rel="section" title="14.5 Things you can do">
<link href="ch-security.html#s14.6" rel="section" title="14.6 Finding Help">
<link href="ch-firewall.html#s15.1" rel="section" title="15.1 Background information">
<link href="ch-firewall.html#s15.2" rel="section" title="15.2 ipfwadm">
<link href="ch-firewall.html#s15.3" rel="section" title="15.3 IP Masquerading (NAT)">
<link href="ch-firewall.html#s15.4" rel="section" title="15.4 Using Proxy's">
<link href="ch-firewall.html#s15.5" rel="section" title="15.5 Finding Help">
<link href="ch-bind.html#s8.2.1" rel="subsection" title="8.2.1 bindconfig">
<link href="ch-bind.html#s8.2.1.1" rel="subsection" title="8.2.1.1 Step 1 (Ignore this step if installing for the first time via dselect or apt-get)">
<link href="ch-bind.html#s8.2.1.2" rel="subsection" title="8.2.1.2 Step 2">
<link href="ch-bind.html#s8.2.1.3" rel="subsection" title="8.2.1.3 Step 3">
<link href="ch-bind.html#s8.2.1.4" rel="subsection" title="8.2.1.4 Step 4">
<link href="ch-bind.html#s8.2.1.5" rel="subsection" title="8.2.1.5 Step 5">
<link href="ch-bind.html#s8.2.2" rel="subsection" title="8.2.2 resolv.conf">
<link href="ch-bind.html#s8.3.1" rel="subsection" title="8.3.1 named.conf">
<link href="ch-bind.html#s8.3.2" rel="subsection" title="8.3.2 zone files">
<link href="ch-bind.html#s8.3.2.1" rel="subsection" title="8.3.2.1 domain zone files">
<link href="ch-bind.html#s8.3.2.2" rel="subsection" title="8.3.2.2 Reverse Files">
<link href="ch-bind.html#s8.4.1" rel="subsection" title="8.4.1 Preparation">
<link href="ch-bind.html#s8.4.2" rel="subsection" title="8.4.2 Configuring BIND for your new DNS Domain">
<link href="ch-bind.html#s8.4.2.1" rel="subsection" title="8.4.2.1 zone files">
<link href="ch-bind.html#s8.4.2.2" rel="subsection" title="8.4.2.2 named.conf">
<link href="ch-bind.html#s8.5.1" rel="subsection" title="8.5.1 Preparation">
<link href="ch-bind.html#s8.5.2" rel="subsection" title="8.5.2 Configuring BIND as a Secondary Server for your new DNS Domain">
<link href="ch-bind.html#s8.5.2.1" rel="subsection" title="8.5.2.1 Changes to Primary Server">
<link href="ch-bind.html#s8.5.2.2" rel="subsection" title="8.5.2.2 named.conf">
<link href="ch-bind.html#s8.5.2.3" rel="subsection" title="8.5.2.3 zone files">
<link href="ch-bind.html#s8.5.2.4" rel="subsection" title="8.5.2.4 Information">
<link href="ch-mail.html#s10.1.1" rel="subsection" title="10.1.1 qpopper">
<link href="ch-mail.html#s10.1.2" rel="subsection" title="10.1.2 ipop3d">
<link href="ch-mail.html#s10.2.1" rel="subsection" title="10.2.1 imapd">
<link href="ch-mail.html#s10.3.1" rel="subsection" title="10.3.1 sendmail">
<link href="ch-mail.html#s10.3.2" rel="subsection" title="10.3.2 smail">
<link href="ch-mail.html#s10.3.3" rel="subsection" title="10.3.3 exim">
<link href="ch-mail.html#s10.3.4" rel="subsection" title="10.3.4 postfix">
<link href="ch-mail.html#s10.3.5" rel="subsection" title="10.3.5 zmailer">
<link href="ch-mail.html#s10.3.6" rel="subsection" title="10.3.6 ssmtp">
<link href="ch-mail.html#s10.4.1" rel="subsection" title="10.4.1 procmail">
<link href="ch-mail.html#s10.4.2" rel="subsection" title="10.4.2 mailagent">
<link href="ch-mail.html#s10.4.3" rel="subsection" title="10.4.3 deliver">
<link href="ch-mail.html#s10.4.4" rel="subsection" title="10.4.4 smtp-refuser">
<link href="ch-mail.html#s10.5.1" rel="subsection" title="10.5.1 smartlist">
<link href="ch-mail.html#s10.5.2" rel="subsection" title="10.5.2 majordomo">
<link href="ch-mail.html#s10.5.3" rel="subsection" title="10.5.3 listar">
<link href="ch-mail.html#s10.5.4" rel="subsection" title="10.5.4 mailman">
<link href="ch-www.html#s13.2.1" rel="subsection" title="13.2.1 Apache">
<link href="ch-www.html#s13.2.2" rel="subsection" title="13.2.2 Apache with SSL">
<link href="ch-www.html#s13.2.3" rel="subsection" title="13.2.3 Boa">
<link href="ch-www.html#s13.2.4" rel="subsection" title="13.2.4 CERN HTTP">
<link href="ch-www.html#s13.2.5" rel="subsection" title="13.2.5 dhttpd">
<link href="ch-www.html#s13.2.6" rel="subsection" title="13.2.6 NCSA">
<link href="ch-www.html#s13.2.7" rel="subsection" title="13.2.7 wn">
<link href="ch-www.html#s13.3.1" rel="subsection" title="13.3.1 Squid">
<link href="ch-www.html#s13.4.1" rel="subsection" title="13.4.1 Log Tools">
<link href="ch-www.html#s13.4.2" rel="subsection" title="13.4.2 Perl/CGI/Java related items">
<link href="ch-www.html#s13.4.3" rel="subsection" title="13.4.3 Web Development">
<link href="ch-www.html#s13.4.3.1" rel="subsection" title="13.4.3.1 Automation">
<link href="ch-www.html#s13.4.3.2" rel="subsection" title="13.4.3.2 Other Tools">
<link href="ch-security.html#s14.2.1" rel="subsection" title="14.2.1 Securing your Web Server">
<link href="ch-security.html#s14.2.2" rel="subsection" title="14.2.2 Securing your Mail Server">
<link href="ch-security.html#s14.2.3" rel="subsection" title="14.2.3 Securing FTP">
<link href="ch-security.html#s14.2.4" rel="subsection" title="14.2.4 Securing DNS">
<link href="ch-security.html#s14.2.5" rel="subsection" title="14.2.5 Securing Telnet">
<link href="ch-security.html#s14.2.6" rel="subsection" title="14.2.6 Protecting from Denial of Service attacks">
<link href="ch-security.html#s14.2.7" rel="subsection" title="14.2.7 Securing everything else">
<link href="ch-security.html#s14.2.8" rel="subsection" title="14.2.8 Monitoring Tools">
<link href="ch-security.html#s14.3.1" rel="subsection" title="14.3.1 File permissions">
<link href="ch-security.html#s14.3.2" rel="subsection" title="14.3.2 Installed applications">
<link href="ch-security.html#s14.3.3" rel="subsection" title="14.3.3 Other items">
<link href="ch-security.html#s14.3.4" rel="subsection" title="14.3.4 Monitoring tools">
<link href="ch-firewall.html#s15.2.1" rel="subsection" title="15.2.1 Obtaining and installing the software">
<link href="ch-firewall.html#s15.2.2" rel="subsection" title="15.2.2 Kernel changes">
<link href="ch-firewall.html#s15.2.3" rel="subsection" title="15.2.3 Setting up ipfwadm">
<link href="ch-firewall.html#s15.2.4" rel="subsection" title="15.2.4 Using ipfwadm in conjunction with PPP">
</head>
<body>
<p><a name="ch-tcpip"></a></p>
<hr>
<p>
[ <a href="ch-overview.html">previous</a> ]
[ <a href="index.html#contents">Contents</a> ]
[ <a href="ch-intro.html">1</a> ]
[ <a href="ch-overview.html">2</a> ]
[ 3 ]
[ <a href="ch-uucp.html">4</a> ]
[ <a href="ch-ppp.html">5</a> ]
[ <a href="ch-nfs.html">6</a> ]
[ <a href="ch-nis.html">7</a> ]
[ <a href="ch-bind.html">8</a> ]
[ <a href="ch-router.html">9</a> ]
[ <a href="ch-mail.html">10</a> ]
[ <a href="ch-news.html">11</a> ]
[ <a href="ch-ftp.html">12</a> ]
[ <a href="ch-www.html">13</a> ]
[ <a href="ch-security.html">14</a> ]
[ <a href="ch-firewall.html">15</a> ]
[ <a href="ch-kernel.html">16</a> ]
[ <a href="ch-index.html">17</a> ]
[ <a href="ch-uucp.html">next</a> ]
</p>
<hr>
<h1>
Debian GNU/Linux Network Administrator's Manual (Obsolete Documentation)
<br>Chapter 3 - TCP/IP
</h1>
<hr>
<p>
author = Duncan C Thomson <code><a
href="mailto:duncan@sciuro.demon.co.uk">duncan@sciuro.demon.co.uk</a></code>
</p>
<p>
topics = IP protocol, TCP protocol, IP addresses, IP interfaces, Routing
</p>
<hr>
<h2><a name="s3.1"></a>3.1 Intro</h2>
<p>
TCP/IP, as the name suggests, is a pair of protocols, and what most of the
Internet is built on. Although physically the Internet is made up of a wide
range of networking technologies, from slow modem links through Ethernet, to
high-speed ATM-based switched networks, and a wide range of different
applications run over it - the WWW and e-mail to name only two, the protocols
which tie everything together are Internet Protocol (IP), and, perhaps almost
as great an extent, Transmission Control Protocol. Another protocol, UDP, is
used in place of TCP for some applications, especially in LAN environments, but
on the Internet the TCP/IP partnership rules.
</p>
<p>
diagram: various physical networks, IP, TCP and UDP, apps
</p>
<p>
This chapter describes firstly the basics of IP networking, and later describes
some of the more advanced features of TCP/IP available to the Debian user.
</p>
<hr>
<h2><a name="s3.2"></a>3.2 IP Addresses</h2>
<p>
Every computer connected directly to the Internet (or to any IP-based network)
is identified by an IP address. IP addresses are four bytes long, and are
usually written as four decimal numbers separated by dots, as in the examples
below.
</p>
<ul>
<li>
<p>
10.34.92.111
</p>
</li>
</ul>
<ul>
<li>
<p>
127.0.0.1
</p>
</li>
</ul>
<ul>
<li>
<p>
172.19.220.2
</p>
</li>
</ul>
<ul>
<li>
<p>
192.168.50.109
</p>
</li>
</ul>
<p>
IP addresses typically identify two things. Firstly, they identify the network
on which a particular computer is located. Secondly, they identify a
particular computer on that network. Both these pieces of information are
present in an IP address, and they can be called the <em>network part</em> and
the <em>host part</em>. Two special values for the host part should be
mentioned here - if the host part is all zeros, the address refers to a network
(ie it is a <em>network address</em> as opposed to a <em>host address</em>).
If, alternatively, the host part is all ones, the address refers to all hosts
on the network (ie it is a <em>broadcast</em> address).
</p>
<p>
In order to identify which part of the IP address is the host part, and which
part is the network part, there are two methods we can use. The first (and
original) way is the easier by far to understand, so let's start by having a
look at how it works. IP addresses are split into a number of
<em>classes</em>, and it is this class which tells us how to split an IP
address into its network and host parts.
</p>
<dl>
<dt>Class A</dt>
<dd>
<p>
A class A IP address has as its first byte a number between 1 and 126. The
first byte of a class A IP address identifies the network, and the remaining
three bytes identify the host.
</p>
</dd>
</dl>
<dl>
<dt>Class B</dt>
<dd>
<p>
A class B IP address has as its first byte a number between 128 and 191. Its
first two bytes are the network identifier, and the remaining two bytes are the
host identifier on that network.
</p>
</dd>
</dl>
<dl>
<dt>Class C</dt>
<dd>
<p>
A class C IP address has as its first byte a number between 192 and 223. Its
first three bytes identify the network, and the remaining byte identifies an
individual host on that network.
</p>
</dd>
</dl>
<p>
From the above list you might notice that IP addresses beginning with bytes
from 224 and upwards are missing. These belong to other classes of IP address,
not used for a normal IP host, and are beyond the discussion in this section.
</p>
<p>
You might also notice that IP addresses beginning with 127 are missing. IP
addresses beginning with 127 are known as <em>loopback</em> addresses, and can
be used for testing TCP/IP without actually having a network connection.
</p>
<p>
This is all very well, but what if we have been assigned a single class C
address range, but want to split it among several networks? This is where the
second method of specifying the network and host parts can be used. This
method specifies, along with an IP address, a <em>netmask</em>, which has its
bits set to one in the network part, and set to zero in the host part. So, for
example, the default netmask for the various classes of network as as below:
</p>
<dl>
<dt>Class A</dt>
<dd>
<p>
255.0.0.0
</p>
</dd>
</dl>
<dl>
<dt>Class B</dt>
<dd>
<p>
255.255.0.0
</p>
</dd>
</dl>
<dl>
<dt>Class C</dt>
<dd>
<p>
255.255.255.0
</p>
</dd>
</dl>
<p>
These don't give us any new information beyond what the original address
classes told us. The power in using netmasks, though, is that we can choose
arbitrary splits between the network and host parts - for example, a netmask of
255.255.255.192 would allow us to split a class C network into four parts, each
with 62 host addresses. Confused? Let's look at that example in more detail.
</p>
<p>
Let's suppose we've been allocated a class C network with IP addresses
beginning with 192.168.50. If we convert the netmask 255.255.255.192 into
binary, we can see that in the last byte, the first two bits are one (that is,
they are included in the network part of the address) and the last six bits are
zeros (that is, they form the host part). So, by using the IP addresses we
have been given, along with this netmask, we have split our network into four,
with <em>network addresses</em> given by setting these two bits to their four
possible combinations (00, 01, 10, 11) while keeping the host part set to zeros
(to identify the network):
</p>
<ul>
<li>
<p>
192.168.50.0
</p>
</li>
</ul>
<ul>
<li>
<p>
192.168.50.64
</p>
</li>
</ul>
<ul>
<li>
<p>
192.168.50.128
</p>
</li>
</ul>
<ul>
<li>
<p>
192.168.50.192
</p>
</li>
</ul>
<p>
Now we know where our four network addresses come from. What about our host
addresses? They come from setting the host part in each <em>subnet</em> to all
values from 000001 to 111110 (remember - all ones is a broadcast address).
That gives us a total of 62 hosts in each network, with addresses:
</p>
<ul>
<li>
<p>
192.168.50.1 - 192.168.50.62
</p>
</li>
</ul>
<ul>
<li>
<p>
192.168.50.65 - 192.168.50.126
</p>
</li>
</ul>
<ul>
<li>
<p>
192.168.50.129 - 192.168.50.190
</p>
</li>
</ul>
<ul>
<li>
<p>
192.168.50.193 - 192.168.50.254
</p>
</li>
</ul>
<p>
In Linux, if we don't mention what netmask we are using, it's usually assumed
by the software that we want to use the default netmask for that particular
class of IP addresses. You should only need to specify a netmask if you are
using one which is not the standard scheme for a particular class of IP
addresses. It never does any harm to specify it though.
</p>
<p>
Each IP address should be <em>unique</em> on the Internet, or whichever IP
network you are connected to. This means that your cannot assign IP addresses
at random to your machines, since most IP addresses are already in use on the
Internet. In order to get a legal set of IP addresses for your machines, you
will normally go through an Internet Service Provider (ISP). If you have not
been assigned such a range of addresses, you should use one of the range of
<em>private</em> IP addresses, set aside for internet or testing use. Be aware
that you will not be able to connect to the Internet directly from such a
network; you will need to use some form of Network Address Translation (NAT) to
do this. The ranges of IP addresses set aside for private use are:
</p>
<ul>
<li>
<p>
10.0.0.0: a single class A network
</p>
</li>
</ul>
<ul>
<li>
<p>
172.16.0.0 - 172.31.0.0: 16 class B networks
</p>
</li>
</ul>
<ul>
<li>
<p>
192.168.0.0 - 192.168.255.0: 256 class C networks
</p>
</li>
</ul>
<hr>
<h2><a name="s3.3"></a>3.3 IP Interface Configuration</h2>
<p>
Once we know what IP address we wish to use for our machine, we will have to
bring up one of our network interfaces, and assign that IP address (possibly
along with a netmask) to it. On most Debian systems this is done when
installing the system, and you are seldom likely to need to change it on a
simple system.
</p>
<p>
The <code>ifconfig</code> command is used to configure interfaces in order to
use IP with them. There are a number of different network interfaces available
with the Linux kernel, some of which are summarised below:
</p>
<dl>
<dt>Loopback</dt>
<dd>
<p>
The loopback interface (<samp>lo</samp>), usually configured as IP address
127.0.0.1
</p>
</dd>
</dl>
<dl>
<dt>Ethernet</dt>
<dd>
<p>
Ethernet interfaces (with names like <samp>eth0</samp>, <samp>eth1</samp>,
<samp>eth2</samp>) are used to access Ethernet cards
</p>
</dd>
</dl>
<dl>
<dt>PPP</dt>
<dd>
<p>
PPP stands for Point-to-Point Protocol, and is used to run a variety of
networking protocols, including IP, over any kind of serial lines (null modem,
modem, ISDN). They have names like <samp>ppp0</samp>, <samp>ppp1</samp>
</p>
</dd>
</dl>
<dl>
<dt>Token Ring</dt>
<dd>
<p>
Token Ring devices are accessed with device names like <samp>tr0</samp>,
<samp>tr1</samp>
</p>
</dd>
</dl>
<dl>
<dt>Dummy</dt>
<dd>
<p>
The dummy network drivers are used in systems who have an interface which is
not always used, in order to provide a permanent IP interface for the relevant
address. The device names are <samp>dummy</samp>, or <samp>dummy0</samp>,
<samp>dummy1</samp>, and so on
</p>
</dd>
</dl>
<p>
There are a wide range of other network devices available, including SLIP, PLIP
(serial and parallel line IP), `shaper' devices for controlling the traffic on
certain interfaces, the ability to have several IP addresses on a single
device, as well as frame relay, AX.25, X.25, ARCnet, LocalTalk and more. Here,
though, we'll concentrate on one of the most common - the Ethernet interface.
</p>
<p>
In many cases, if you wish your kernel to automatically load modules for
certain device drviers, you may require to make changes to your
<code>/etc/conf.modules</code> or <code>/etc/modules</code> file. For example,
to automatically load the NE2000 driver, you could have the line:
</p>
<pre>
alias eth0 ne
</pre>
<p>
in your <code>/etc/conf.modules</code> file.
</p>
<p>
The simplest way to call <code>ifconfig</code> is to simply type its name:
</p>
<pre>
# /sbin/ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
RX packets:18584 errors:0 dropped:0 overruns:0 frame:0
TX packets:18584 errors:0 dropped:0 overruns:0 carrier:0
Collisions:0
</pre>
<p>
which simply returns information about the interfaces currently configured. If
we wish now to bring up an Ethernet interface with the address 192.168.50.23,
we'd specify the interface name and the IP address on <code>ifconfig</code>'s
command line:
</p>
<pre>
# /sbin/ifconfig eth0 192.168.50.23
# /sbin/ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
RX packets:18584 errors:0 dropped:0 overruns:0 frame:0
TX packets:18584 errors:0 dropped:0 overruns:0 carrier:0
Collisions:0
eth0 Link encap:Ethernet HWaddr 00:00:E8:C5:64:2A
inet addr:192.168.50.23 Bcast:192.168.50.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:55 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
Collisions:7
Interrupt:10 Base address:0x300
</pre>
<p>
As can be seen from the example, the <code>ifconfig</code> now gives
information about the new interface, including the netmask, network statistics,
and information about the network driver itself. The <code>ifconfig</code>
also allows the specification of a netmask when the interface is configured,
for example:
</p>
<pre>
# /sbin/ifconfig eth0 192.168.50.23 netmask 255.255.255.192
</pre>
<p>
Finally, to bring down an interface, use the following invocation of
<code>ifconfig</code>:
</p>
<pre>
# /sbin/ifconfig eth0 down
</pre>
<p>
Full information on the options available to <code>ifconfig</code> are
available in the manual page - <code>ifconfig(8)</code>.
</p>
<p>
If you set up the IP addressing on your machine when you installed Debian
GNU/Linux, you should find that the <code>ifconfig</code> command is run
automatically on bootup. This is done from the file
<code>/etc/init.d/network</code>. Looking at this file should reveal a number
of lines similar to the following:
</p>
<pre>
IPADDR=192.168.50.23
NETMASK=255.255.255.0
BROADCAST=192.168.50.255
ifconfig eth0 ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST}
</pre>
<p>
This is where the setting up of the Ethernet interface takes place. Above
these lines, you should see a line setting up the loopback interface, and you
should see a number of lines which appear to run a command called
<code>route</code>. This program, and its function, is the subject of the next
section.
</p>
<hr>
<h2><a name="s3.4"></a>3.4 Basic IP Routing</h2>
<p>
Once an IP interface has been set up, it is necessary that the Linux kernel be
told where to send IP information for various machines on the IP network. The
kernel holds a table, called a <em>routing table</em>, which lists a number of
host or network addresses, along with information on how to send IP packets to
these destinations.
</p>
<p>
The <code>route</code> command is use to examine or update this table. If only
your loopback interface has been configured, this command used on its own will
typically give output which looks something like the following:
</p>
<pre>
# /sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
127.0.0.0 * 255.0.0.0 U 0 0 2 lo
</pre>
<p>
This says that any traffic for the network identified as `127' should be routed
through the loopback interface (<samp>lo</samp>). The `genmask' column
specifies, in a similar way to a netmask, that this particular routing table
entry should be used to match any IP address beginning with the number 127, no
matter what the remainder is.
</p>
<p>
If our machine is connected to an Ethernet network, then typically we will want
to make sure that the kernel routing table knows how to send information to
this. Assuming we have set up our machine to be 192.168.50.23, with a default
class C netmask, the following command will add a routing table entry for our
local network:
</p>
<pre>
# /sbin/route add -net 192.168.50.0
# /sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
127.0.0.0 * 255.0.0.0 U 0 0 2 lo
192.168.50.0 * 255.255.255.0 U 0 0 137 eth0
</pre>
<p>
This tells the kernel that any IP addresses which start with 192.168.50 are on
our local Ethernet network, and that they should be routed through the `eth0'
interface. If you are using a non-standard netmask, this can be specified as a
command line option to the <code>route</code> command:
</p>
<pre>
/sbin/route add -net 192.158.50.0 netmask 255.255.255.192
</pre>
<p>
A command like one of the above would be sufficient if our TCP/IP network
consisted of just a single network, not connected to anywhere else. However,
the strengths of TCP/IP are its <em>internetworking</em> abilities, and
normally a IP-based network consists of more than one network. In order to
route IP packets from your machines to these other networks, you require to
specify <em>gateway</em> hosts (often called <em>routers</em>) which deal with
sending information to these other networks. There are in general two
possibilities.
</p>
<p>
The first possibility is that we want to route IP packets to a specific
network, and we know the address of a gateway host or router which deals with
information for that network. Suppose, for example, that there is a machine
192.168.50.1 on our network, which is a router for the network 172.20.0.0 (a
class B network). The following options to the <code>route</code> command
specify this:
</p>
<pre>
# route add -net 172.20.0.0 gw 192.168.50.1
</pre>
<p>
Since our routing table already contains an entry telling us how to send
information to 192.168.50.1 (it's on our local network), any traffic for the
remote network 172.20.0.0 is now sent to that machine, which deals with it
appropriately.
</p>
<p>
The other possibility is that we use a certain gateway as a <em>default
route</em> - a route used for all IP packets which don't match other rules in
our routing table. If, for example, the machine with IP address 192.168.50.254
is our router to the rest of the world (the Internet, for example), we use the
<code>route</code> command as follows:
</p>
<pre>
# /sbin/route add default gw 192.168.23.254
</pre>
<p>
At this stage, let's have another look at our routing table:
</p>
<pre>
# /sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
127.0.0.0 * 255.0.0.0 U 0 0 2 lo
192.168.50.0 * 255.255.255.0 U 0 0 137 eth0
172.20.0.0 192.168.50.1 255.255.0.0 UG 1 0 7 eth0
default 192.168.50.254 0.0.0.0 UG 1 0 36 eth0
</pre>
<p>
Going through the above table one line at a time:
</p>
<ol type="1" start="1" >
<li>
<p>
We first specify a loopback address for all 127.*.*.* addresses
</p>
</li>
</ol>
<ol type="1" start="2" >
<li>
<p>
Next, we specify how to reach all machines on our local network, identified as
192.168.50.*
</p>
</li>
</ol>
<ol type="1" start="3" >
<li>
<p>
Next, we give a route to all machines on the network (172.20.*.*) connected to
the machine 192.168.50.1, which is a router (or gateway) for that network
</p>
</li>
</ol>
<ol type="1" start="4" >
<li>
<p>
Finally, we specify that the machine 192.168.50.254 will deal with all other IP
traffic
</p>
</li>
</ol>
<p>
For now, we won't look at what the the various `flags', `metric' and `ref'
entries mean.
</p>
<p>
Let's have another look at a typical <code>/etc/init.d/network</code> file,
setup by Debian's installation procedure on a typical Ethernet-connected
machine:
</p>
<pre>
#! /bin/sh
ifconfig lo 127.0.0.1
route add -net 127.0.0.0
IPADDR=192.168.50.23
NETMASK=255.255.255.0
NETWORK=192.168.50.0
BROADCAST=192.168.50.255
GATEWAY=192.168.50.254
ifconfig eth0 ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST}
route add -net ${NETWORK}
[ &quot;${GATEWAY}&quot; ] &amp;&amp; route add default gw ${GATEWAY} metric 1
</pre>
<p>
The first two lines of this shell script set up the loopback interface, and add
an entry to the routing table for it. The variables which follow set up the IP
address of our machine, the netmask, the address of our local network, the
broadcast address, and the IP address of our default router. Finally, our
local Ethernet interface is set up with <code>ifconfig</code>, and two
invocations of the <code>route</code> command add routing table entries for
firstly the local network and secondly our default gateway.
</p>
<p>
You may well find that the addresses (of networks and of machines) in the
output from the <code>route</code> command do not appear as IP addresses, but
are named. The names of networks can be set up in the
<code>/etc/networks</code> file (which is normally set up by a Debian's network
setup routines at installation times), and the names of hosts can come from a
variety of machines, including the <code>/etc/hosts</code> file and the Domain
Name Service (DNS). Let's now have a look at what DNS is and what it does.
</p>
<hr>
<h2><a name="s3.5"></a>3.5 Domain Name Service (DNS)</h2>
<p>
Every computer connected to the Internet, or any network using IP as its
network protocol, has an IP address, in order that information be able to be
routed correctly to and from it. IP addresses, though, are a bit difficult for
humans to remember, and for this reason, each machine is also normally given a
name. When you install Debian, this is one of the questions you will be asked
- what the name of your computer will be.
</p>
<p>
The name of your computer will be stored in a few locations. You can find out
the name of your computer by typing the <code>hostname</code> command, which
returns the value in the file <code>/etc/hostname</code>. If you are connected
to the Internet, this name will usually have several parts, separated from each
other by dots, for example:
</p>
<pre>
debian.anon.com
</pre>
<p>
It is only the first part of this which is the name of your own computer - the
rest is known as the <em>domain name</em> - this is the <samp>anon.com</samp>
part. Since there are likely to be several computers with the same name on the
Internet, each one is made unique by putting it in its own domain. Within a
domain, normally one person is responsible for giving out computers names, and
administering a database which holds all the names and addresses of the
computers in that domain. This system is known as DNS, and is like a telephone
directory - you can look up a computer by name, and find out its IP address.
</p>
<p>
Before DNS, people had to remember IP addresses in order to use the Internet,
and names were only known for a small subset of machines - typically the
machines in the local network, and maybe one or two machines which were
permanently connected to our site. These names were stored in a single file -
<code>/etc/hosts</code> - and you'll normally find that your own machine's name
and IP address were added to that file when Debian was installed.
</p>
<p>
DNS is a fairly complex system, and we'll look into more detail on it later,
along with the software (<code>bind</code>) which allows you to look after your
own DNS domain.
</p>
<p>
Here, though, we'll have a look at how DNS works from a <em>client's</em> point
of view - ie from the point of view of a machine which only needs to look up
machines in the DNS, rather than one which has to provide a DNS service.
</p>
<p>
When a Debian machine needs to look up another computer's name in order to find
out its IP address, it uses a set of routines in the C library called the
<em>resolver</em>. The resolver routines, in turn, consult firstly the file
<code>/etc/nsswitch.conf</code>, which, against an entry for <samp>hosts</samp>
will list the places that the resolver should check in order to find out the IP
address. There are three possible entries here, and if more than one of them
is present, the resolver will check each one in order. These entries are:
</p>
<dl>
<dt>files</dt>
<dd>
<p>
Check the file <code>/etc/hosts</code> for an entry for the particular hostname
</p>
</dd>
</dl>
<dl>
<dt>nis</dt>
<dd>
<p>
Check the NIS database (which we will look at later) for the hostname
</p>
</dd>
</dl>
<dl>
<dt>dns</dt>
<dd>
<p>
Check the Domain Name Service
</p>
</dd>
</dl>
<p>
A typical entry in <code>/etc/nsswitch</code> might be:
</p>
<pre>
hosts: files dns
</pre>
<p>
This tells the resolver to check firstly the file <code>/etc/hosts</code> and
then query the DNS.
</p>
<p>
The DNS is configured by the file <code>/etc/resolv.conf</code>. This file
normally specifies two things - firstly, the domain in which our machine is,
and secondly, a number of nameservers to ask for information. An example would
be:
</p>
<pre>
domain anon.org
nameserver 172.19.0.1
nameserver 172.19.5.1
</pre>
<p>
The first line tells the resolver library that if we ask for a machine and
don't specify a domain name, it should have <samp>anon.org</samp> appended to
it - ie the resolver, assuming that the machine is in our own domain, should
search it. The two lines beginning with <samp>nameserver</samp> specify the IP
addresses of machines which we should query using DNS. These should always be
IP addresses - not names - for obvious reasons.
</p>
<p>
Most networking utilities will automatically look up a machine's IP address if
you specify a name, but if you want to query the DNS directly, the
<samp>dnsutils</samp> package contains a program called <code>nslookup</code>.
<code>nslookup</code> can be used either one-off, by giving the name of the
machine you are searching for, possibly along with command-line arguments, or
interactively, by just typing <code>nslookup</code> on its own. The
interactive mode allows a number of searches to be made, and provides some
limited help.
</p>
<p>
<code>nslookup</code>, along with other programs to query the DNS, and the
software to provide a DNS service, will all be described in more detail later.
</p>
<p>
For more information on DNS, please see <a href="ch-bind.html">DNS/BIND,
Chapter 8</a>.
</p>
<hr>
<h2><a name="s3.6"></a>3.6 ICMP and IP Troubleshooting</h2>
<hr>
<h2><a name="s3.7"></a>3.7 TCP and UDP</h2>
<hr>
<h2><a name="s3.8"></a>3.8 Servers, Daemons and the Superserver</h2>
<hr>
<p>
[ <a href="ch-overview.html">previous</a> ]
[ <a href="index.html#contents">Contents</a> ]
[ <a href="ch-intro.html">1</a> ]
[ <a href="ch-overview.html">2</a> ]
[ 3 ]
[ <a href="ch-uucp.html">4</a> ]
[ <a href="ch-ppp.html">5</a> ]
[ <a href="ch-nfs.html">6</a> ]
[ <a href="ch-nis.html">7</a> ]
[ <a href="ch-bind.html">8</a> ]
[ <a href="ch-router.html">9</a> ]
[ <a href="ch-mail.html">10</a> ]
[ <a href="ch-news.html">11</a> ]
[ <a href="ch-ftp.html">12</a> ]
[ <a href="ch-www.html">13</a> ]
[ <a href="ch-security.html">14</a> ]
[ <a href="ch-firewall.html">15</a> ]
[ <a href="ch-kernel.html">16</a> ]
[ <a href="ch-index.html">17</a> ]
[ <a href="ch-uucp.html">next</a> ]
</p>
<hr>
<p>
Debian GNU/Linux Network Administrator's Manual (Obsolete Documentation)
</p>
<address>
This manual is OBSOLETE and DEPRECATED since 2000, Instead see http://www.debian.org/doc/user-manuals#quick-reference<br>
<br>
Ardo van Rangelrooij <code><a href="mailto:ardo.van.rangelrooij@tip.nl">ardo.van.rangelrooij@tip.nl</a></code><br>
Oliver Elphick <code><a href="mailto:olly@lfix.co.uk">olly@lfix.co.uk</a></code><br>
Ivan E. Moore II <code><a href="mailto:rkrusty@debian.org">rkrusty@debian.org</a></code><br>
Duncan C. Thomson <code><a href="mailto:duncan@sciuro.demon.co.uk">duncan@sciuro.demon.co.uk</a></code><br>
<br>
</address>
<hr>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink