TCPIP Network Administration, 3rd Edition (Craig Hunt) (Z-Library)

📄 File Format: PDF

💾 File Size: 3.8 MB

📖 Read Online ⬇️ Download

Registered users can read the full content for free

Register as a Gaohf Library member to read the complete e-book online for free and enjoy a better reading experience.

📄 Page 1

(This page has no text content)

📄 Page 2

(This page has no text content)

📄 Page 3

TCP/IP Network Administration

📄 Page 4

(This page has no text content)

📄 Page 5

TCP/IP Network Administration THIRD EDITION Craig Hunt Beijing • Cambridge • Farnham • Köln • Sebastopol • Taipei • Tokyo

📄 Page 6

TCP/IP Network Administration, Third Edition by Craig Hunt Copyright © 2002, 1998, 1992 Craig Hunt. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly Media, Inc. books may be purchased for educational, business, or sales promotional use. On- line editions are also available for most titles (safari.oreilly.com). For more information contact our cor- porate/institutional sales department: (800) 998-9938 or corporate@oreilly.com. Editors: Mike Loukides and Debra Cameron Production Editor: Emily Quill Cover Designer: Edie Freedman Interior Designer: Melanie Wang Printing History: August 1992: First Edition. January 1998: Second Edition. April 2002: Third Edition. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. TCP/IP Network Administration, Third Edition, the image of a land crab, and related trade dress are trademarks of O’Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. This book uses RepKover™, a durable and flexible lay-flat binding. ISBN: 978-0-596-00297-8 [C] [10/08]

📄 Page 7

—To Alana, the beginning of a new life.

📄 Page 8

(This page has no text content)

📄 Page 9

vii Table of Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi 1. Overview of TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 TCP/IP and the Internet 2 A Data Communications Model 6 TCP/IP Protocol Architecture 9 Network Access Layer 11 Internet Layer 12 Transport Layer 18 Application Layer 22 Summary 23 2. Delivering the Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Addressing, Routing, and Multiplexing 24 The IP Address 25 Internet Routing Architecture 35 The Routing Table 37 Address Resolution 43 Protocols, Ports, and Sockets 44 Summary 50 3. Network Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Names and Addresses 51 The Host Table 52 DNS 54 Mail Services 62 File and Print Servers 75 Configuration Servers 76 Summary 82

📄 Page 10

viii | Table of Contents 4. Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Connected and Non-Connected Networks 85 Basic Information 86 Planning Routing 97 Planning Naming Service 101 Other Services 104 Informing the Users 106 Summary 107 5. Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Kernel Configuration 108 Startup Files 124 The Internet Daemon 129 The Extended Internet Daemon 132 Summary 133 6. Configuring the Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 The ifconfig Command 134 TCP/IP Over a Serial Line 150 Installing PPP 153 Summary 169 7. Configuring Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 Common Routing Configurations 170 The Minimal Routing Table 171 Building a Static Routing Table 173 Interior Routing Protocols 178 Exterior Routing Protocols 188 Gateway Routing Daemon 191 Configuring gated 193 Summary 204 8. Configuring DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 BIND: Unix Name Service 205 Configuring the Resolver 207 Configuring named 211 Using nslookup 228 Summary 232

📄 Page 11

Table of Contents | ix 9. Local Network Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233 The Network File System 233 Sharing Unix Printers 252 Using Samba to Share Resources with Windows 259 Network Information Service 268 DHCP 272 Managing Distributed Servers 277 Post Office Servers 280 Summary 283 10. sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285 sendmail’s Function 285 Running sendmail as a Daemon 286 sendmail Aliases 288 The sendmail.cf File 290 sendmail.cf Configuration Language 297 Rewriting the Mail Address 309 Modifying a sendmail.cf File 319 Testing sendmail.cf 323 Summary 332 11. Configuring Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 Installing Apache Software 334 Configuring the Apache Server 338 Understanding an httpd.conf File 341 Web Server Security 361 Managing Your Web Server 378 Summary 380 12. Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381 Security Planning 382 User Authentication 387 Application Security 402 Security Monitoring 404 Access Control 409 Encryption 418 Firewalls 425 Words to the Wise 433 Summary 434

📄 Page 12

x | Table of Contents 13. Troubleshooting TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435 Approaching a Problem 435 Diagnostic Tools 438 Testing Basic Connectivity 440 Troubleshooting Network Access 443 Checking Routing 450 Checking Name Service 456 Analyzing Protocol Problems 471 Protocol Case Study 474 Summary 478 A. PPP Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479 B. A gated Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503 C. A named Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548 D. A dhcpd Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586 E. A sendmail Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599 F. Solaris httpd.conf File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 661 G. RFC Excerpts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 679 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 687

📄 Page 13

xi Preface The first edition of TCP/IP Network Administration was written in 1992. In the decade since, many things have changed, yet some things remain the same. TCP/IP is still the preeminent communications protocol for linking together diverse computer systems. It remains the basis of interoperable data communications and global com- puter networking. The underlying Internet Protocol (IP), Transmission Control Pro- tocol, and User Datagram Protocol (UDP) are remarkably unchanged. But change has come in the way TCP/IP is used and how it is managed. A clear symbol of this change is the fact that my mother-in-law has a TCP/IP net- work connection in her home that she uses to exchange electronic mail, compressed graphics, and hypertext documents with other senior citizens. She thinks of this as “just being on the Internet,” but the truth is that her small system contains a func- tioning TCP/IP protocol stack, manages a dynamically assigned IP address, and han- dles data types that did not even exist a decade ago. In 1991, TCP/IP was a tool of sophisticated users. Network administrators managed a limited number of systems and could count on the users for a certain level of tech- nical knowledge. No more. In 2002, the need for highly trained network administra- tors is greater than ever because the user base is larger, more diverse, and less capable of handling technical problems on its own. This book provides the informa- tion needed to become an effective TCP/IP network administrator. TCP/IP Network Administration was the first book of practical information for the professional TCP/IP network administrator, and it is still the best. Since the first edi- tion was published there has been an explosion of books about TCP/IP and the Inter- net. Still, too few books concentrate on what a system administrator really needs to know about TCP/IP administration. Most books are either scholarly texts written from the point of view of the protocol designer, or instructions on how to use TCP/IP applications. All of those books lack the practical, detailed network information needed by the Unix system administrator. This book strives to focus on TCP/IP and Unix and to find the right balance of theory and practice.

📄 Page 14

xii | Preface I am proud of the earlier editions of TCP/IP Network Administration. In this edition, I have done everything I can to maintain the essential character of the book while making it better. Dynamic address assignment based on Dynamic Host Configura- tion Protocol (DHCP) is covered. The Domain Name System material has been updated to cover BIND 8 and, to a lesser extent, BIND 9. The email configuration is based on current version of sendmail 8, and the operating system examples are from the current versions of Solaris and Linux. The routing protocol coverage includes Routing Information Protocol version 2 (RIPv2), Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP). I have also added a chapter on Apache web server configuration, new material on xinetd, and information about building a fire- wall with iptables. Despite the additional topics, the book has been kept to a rea- sonable length. TCP/IP is a set of communications protocols that define how different types of com- puters talk to each other. TCP/IP Network Administration is a book about building your own network based on TCP/IP. It is both a tutorial covering the “why” and “how” of TCP/IP networking, and a reference manual for the details about specific network programs. Audience This book is intended for everyone who has a Unix computer connected to a TCP/IP network.* This obviously includes the network managers and the system administra- tors who are responsible for setting up and running computers and networks, but it also includes any user who wants to understand how his or her computer communi- cates with other systems. The distinction between a “system administrator” and an “end user” is a fuzzy one. You may think of yourself as an end user, but if you have a Unix workstation on your desk, you’re probably also involved in system administra- tion tasks. Over the last several years there has been a rash of books for “dummies” and “idiots.” If you really think of yourself as an “idiot” when it comes to Unix, this book is not for you. Likewise, if you are a network administration “genius,” this book is probably not suitable either. If you fall anywhere between these two extremes, however, you’ll find this book has a lot to offer. This book assumes that you have a good understanding of computers and their oper- ation and that you’re generally familiar with Unix system administration. If you’re not, the Nutshell Handbook Essential System Administration by Æleen Frisch (pub- lished by O’Reilly & Associates) will fill you in on the basics. * Much of this text also applies to non-Unix systems. Many of the file formats and commands and all of the protocol descriptions apply equally well to Windows 9x, Windows NT/2000, and other operating systems. If you’re an NT administrator, you should read Windows NT TCP/IP Network Administration (O’Reilly).

📄 Page 15

Preface | xiii Organization Conceptually, this book is divided into three parts: fundamental concepts, tutorial, and reference. The first three chapters are a basic discussion of the TCP/IP protocols and services. This discussion provides the fundamental concepts necessary to under- stand the rest of the book. The remaining chapters provide a “how-to” tutorial. Chapters 4–7 discuss how to plan a network installation and configure the basic soft- ware necessary to get a network running. Chapters 8–11 discuss how to set up vari- ous important network services. Chapters 12 and 13 cover how to perform the ongoing tasks that are essential for a reliable network: security and troubleshooting. The book concludes with a series of appendixes that are technical references for important commands and programs. This book contains the following chapters: Chapter 1, Overview of TCP/IP, gives the history of TCP/IP, a description of the pro- tocol architecture, and a basic explanation of how the protocols function. Chapter 2, Delivering the Data, describes addressing and how data passes through a network to reach the proper destination. Chapter 3, Network Services, discusses the relationship between clients and server systems and the various services that are central to the function of a modern internet. Chapter 4, Getting Started, begins the discussion of network setup and configura- tion. This chapter discusses the preliminary configuration planning needed before you configure the systems on your network. Chapter 5, Basic Configuration, describes how to configure TCP/IP in the Unix ker- nel, and how to configure the system to start the network services. Chapter 6, Configuring the Interface, tells you how to identify a network interface to the network software. This chapter provides examples of Ethernet and PPP interface configurations. Chapter 7, Configuring Routing, describes how to set up routing so that systems on your network can communicate properly with other networks. It covers the static routing table, commonly used routing protocols, and gated, a package that provides the latest implementations of several routing protocols. Chapter 8, Configuring DNS, describes how to administer the name server program that converts system names to Internet addresses. Chapter 9, Local Network Services, describes how to configure many common net- work servers. The chapter discusses the DHCP configuration server, the LPD print server, the POP and IMAP mail servers, the Network File System (NFS), the Samba file and print server, and the Network Information System (NIS).

📄 Page 16

xiv | Preface Chapter 10, sendmail, discusses how to configure sendmail, which is the daemon responsible for delivering electronic mail. Chapter 11, Configuring Apache, describes how the Apache web server software is configured. Chapter 12, Network Security, discusses how to live on the Internet without exces- sive risk. This chapter covers the security threats introduced by the network, and describes the plans and preparations you can make to meet those threats. Chapter 13, Troubleshooting TCP/IP, tells you what to do when something goes wrong. It describes the techniques and tools used to troubleshoot TCP/IP problems and gives examples of actual problems and their solutions. Appendix A, PPP Tools, is a reference guide to the various programs used to config- ure a serial port for TCP/IP. The reference covers dip, pppd, and chat. Appendix B, A gated Reference, is a reference guide to the configuration language of the gated routing package. Appendix C, A named Reference, is a reference guide to the Berkeley Internet Name Domain (BIND) name server software. Appendix D, A dhcpd Reference, is a reference guide to the Dynamic Host Configura- tion Protocol Daemon (dhcpd). Appendix E, A sendmail Reference, is a reference guide to sendmail syntax, options, and flags. Appendix F, Solaris httpd.conf File, lists the contents of the Apache configuration file discussed in Chapter 11. Appendix G, RFC Excerpts, contains detailed protocol references taken directly from the RFCs that support the protocol troubleshooting examples in Chapter 13. This appendix explains how to obtain your own copies of the RFCs. Unix Versions Most of the examples in this book are taken from Red Hat Linux, currently the most popular Linux distribution, and from Solaris 8, the Sun operating system based on System V Unix. Fortunately, TCP/IP software is remarkably standard from system to system, and because of this uniformity, the examples should be applicable to any Linux, System V, or BSD-based Unix system. There are small variations in command output or command-line options, but these should not present a problem. Some of the ancillary networking software is identified separately from the Unix operating system by its own release number. Many such packages are discussed, and when appropriate are identified by their release numbers. The most important of these packages are:

📄 Page 17

Preface | xv BIND Our discussion of the BIND software is based on version 8 running on a Solaris 8 system. BIND 8 is the version of the BIND software delivered with Solaris, and supports all of the standard resource records. There are relatively few adminis- trative differences between BIND 8 and the newer BIND 9 release for basic con- figurations. sendmail Our discussion of sendmail is based on release 8.11.3. This version should be compatible with other releases of sendmail v8. Conventions This book uses the following typographical conventions: Italic is used for the names of files, directories, hostnames, domain names, and to emphasize new terms when they are introduced. Constant width is used to show the contents of files or the output from commands. It is also used to represent commands, options, and keywords in text. Constant width bold is used in examples to show commands typed on the command line. Constant width italic is used in examples and text to show variables for which a context-specific sub- stitution should be made. (The variable filename, for example, would be replaced by some actual filename.) %, # Commands that you would give interactively are shown using the default C shell prompt (%). If the command must be executed as root, it is shown using the default superuser prompt (#). Because the examples may include multiple sys- tems on a network, the prompt may be preceded by the name of the system on which the command was given. [ option ] When showing command syntax, optional parts of the command are placed within brackets. For example, ls [ -l ] means that the -l option is not required. We’d Like to Hear from You We have tested and verified all of the information in this book to the best of our ability, but you may find that features have changed (or even that we have made

📄 Page 18

xvi | Preface mistakes!). Please let us know about any errors you find, as well as your suggestions for future editions, by writing: O’Reilly & Associates, Inc. 1005 Gravenstein Highway North Sebastopol, CA 95472 (800) 998-9938 (in the United States or Canada) (707) 829-0515 (international or local) (707) 829-0104 (fax) There is a web page for this book, where we list errata, examples, or any additional information. You can access this page at: http://www.oreilly.com/catalog/tcp3 To comment or ask technical questions about this book, send email to: bookquestions@oreilly.com For more information about books, conferences, Resource Centers, and the O’Reilly Network, see our web site at: http://www.oreilly.com To find out what else Craig is doing, visit his web site, http://www.wrotethebook.com. Acknowledgments I would like to thank the many people who helped in the preparation of this book. All of the people who contributed to the first and second editions deserve thanks because so much of their input lives on in this edition. For the first edition that’s John Wack, Matt Bishop, Wietse Venema, Eric Allman, Jeff Honig, Scott Brim, and John Dorgan. For the second edition that’s Eric Allman again, Bryan Costales, Cricket Liu, Paul Albitz, Ted Lemon, Elizabeth Zwicky, Brent Chapman, Simson Garfinkel, Jeff Sedayao, and Æleen Frisch. The third edition has also benefited from many contributors—a surprising number of whom are authors in their own right. They set me straight about the technical details and improved my prose. Three authors are due special thanks. Cricket Liu, one of the authors of the best book ever written about DNS, provided many com- ments that improved the sections on Domain Name System. David Collier-Brown, one of the authors of Using Samba, did a complete technical review of the Samba material. Charles Aulds, author of a best-selling book on Apache administration, provided insights into Apache configuration. All of these people helped me make this book better than earlier editions. Thanks! All the people at O’Reilly & Associates have been very helpful. Deb Cameron, my editor, deserves a special thanks. Deb kept everything moving forward while balanc- ing the demands of a beautiful newborn daughter, Bethany Rose. Emily Quill was

📄 Page 19

Preface | xvii the production editor and project manager. Jeff Holcomb and Jane Ellin performed quality control checks. Leanne Soylemez provided production assistance. Tom Dinse wrote the index. Edie Freedman designed the cover, and Melanie Wang designed the interior format of the book. Neil Walls converted the book from Microsoft Word to Framemaker. Chris Reilley and Robert Romano’s illustrations from the earlier edi- tions have been updated by Robert Romano and Jessamyn Read. Finally, I want to thank my family—Kathy, Sara, David, and Rebecca. They keep my feet on the ground when the pressure to meet deadlines is driving me into orbit. They are the best.

📄 Page 20

(This page has no text content)