Introduction To C Programming v2

Linux/Unix 2: Networking and DNS
Lesson 1: Int roduct ion t o Net working

Introduction
The Structure of a Network
TCP/IP
Handing in a Quiz or Objective
Lesson 2: Binary Numbers
Binary Numbers
IP Addresses
Network, Broadcast, and Subnets
Subnet Mask Example
Prefix Length Notation
The Hardware
Lesson 3: If conf ig
Ifconfig
Hostnames and Domain names
Routing Basics
Lesson 4: Conf iguring an Et hernet Device
About this lesson
The Console
Connecting to your Console
Bringing the Network Up and Down
Disconnecting from the console
Lesson 5: Net work at St art up
Startup Scripts
Rebooting the System
Putting things back the way they were
Lesson 6: Services and Port s
Services and Ports
xinetd
Wu-ftpd
Turning off services
inetd
Lesson 7: Access Cont rol
Access Control
Access Control Files
Denying a host
Mostly Closed Policy
Lesson 8: DNS
/etc/hosts
/etc/resolv.conf
in-addr.arpa
whois
Caching
Types of DNS servers
Lesson 9: Bind
Bind
/etc/named.conf
Zone Files
Lesson 10: More on BIND
in-addr.apra Zone Files
The localhost zone file
Downloading BIND
Lesson 11: Set t ing Up t he Secondary DNS
named.conf
Preparations for Starting named
Running and Testing named
Copyright © 1998-2014 O'Reilly Media, Inc.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
See http://creativecommons.org/licenses/by-sa/3.0/legalcode for more information.
Introduction to Networking
Introduction
Befo re taking this co urse, yo u sho uld understand basic Unix file manipulatio n and be able to install and run pro grams
o n a server. Yo u sho uld also be able to keep track o f users and the pro cesses they are running o n a server. Ho wever,
no ne o f this will do us much go o d unless yo u understand ho w the server is co nnected to the rest o f the internet. All o f
o ur users aren't go ing to co me into the o ffice to lo gin to the co mputer, they need to be able to access it fro m the
netwo rk.
In this co urse, yo u'll learn the basics o f netwo rking. We will begin by discussing the structure o f IP addresses.
Eventually yo u will set up yo ur o wn DNS server.
All o f the examples, quizzes, and o bjectives fo r this co urse sho uld be co mpleted in the Unix Sandbo x. If
Note yo u have never taken an O'Reilly Scho o l o f Techno lo gy (OST) System Administratio n co urse, please
click here to learn abo ut the different features o f this to o l.
T he Structure of a Network
Befo re yo u can begin to understand the co mmands and co nfiguratio n necessary to set up a netwo rk, yo u need to learn
a little abo ut ho w o ur server will interact with the rest o f the co mputers aro und it. All o f the co mputers and o ther
netwo rking devices o n the internet are co nnected thro ugh so me physical means, usually so me fo rm o f cable o r
telepho ne line. But these days many o f them use wireless co nnectio ns. This physical hardware fo rms the first layer fo r
netwo rk co mmunicatio n and each type o f hardware has its o wn rules o f co mmunicatio n.
This graphic represents the physical co nnectio ns between yo ur co mputer at ho me and the rest o f the internet. Yo ur
co mputer is co nnected to yo ur ISP's (Internet Service Pro vider) netwo rk which pro bably has a bunch o f o ther users and
so me servers. The ISP is then co nnected to the internet. OST's servers are also co nnected thro ugh o ur netwo rk
pro vider.
Hardware is just o ne o f many layers o f netwo rk co mmunicatio n. In o rder fo r everything to wo rk co rrectly there have to
be rules o r protocols, that define ho w info rmatio n is passed do wn fro m the user to the hardware. This series o f
pro to co ls usually fo llo ws a structure similar to that o f the OSI m o de l.
When peo ple started building netwo rks so co mputers co uld co mmunicate with each o ther, they quickly realized that
they needed to agree o n ho w to do it. There is a lo t o f equipment invo lved in creating a netwo rk. Cables, hardware
devices, and so ftware are made by different manufacturers. All these manufacturers go t to gether and develo ped
pro t o co ls fo r ho w hardware wo uld wo rk with o perating systems, ho w cable wo uld wo rk with hardware, ho w so ftware
wo uld receive and transmit info rmatio n, etc.
The OSI mo del is part o f the agreement amo ng manufacturers fo r pro ducing equipment to wo rk with the netwo rk.
Belo w is a list o f layers that are part o f that mo del. If yo u manufacture things in the ne t wo rk laye r, then yo u must to
co mply with the pro to co ls used in the t ranspo rt laye r and the dat a link laye r.
OSI Mo de l Laye rs
Applicatio n (e.g., telnet pro gram)
Presentatio n (e.g., Telnet, SSH pro to co ls)
Sessio n (e.g., Operating System)
Transpo rt (e.g., TCP - Transmissio n Co ntro l Pro to co l, and UDP)
Netwo rk (e.g., internet pro to co l)
Data Link (e.g., ethernet pro to co l)
Physical (e.g., cables and Hubs)
It's no t impo rtant to kno w the details o f the OSI mo del fo r this co urse, but yo u sho uld be aware that it exists to help
maintain hardware and so ftware co mpatibility. Click here fo r a mo re detailed descriptio n o f the OSI Mo del.
T CP/IP
At so me po int, yo u have pro bably heard the term T CP/IP. TCP/IP is a set o f pro to co ls that is used fo r netwo rk
co mmunicatio n. TCP/IP varies fro m the OSI mo del in that it do esn't have seven unique layers.
Altho ugh TCP/IP has an applicatio n layer, it do esn't have a presentatio n o r sessio n layer. There is a transpo rt layer
(just like the OSI mo del) and a netwo rk layer (usually referred to as the internet layer fo r TCP/IP). The last two layers o f
the OSI mo del (data link and physical) are bo th co mbined into a ho st-to -netwo rk layer. Because there isn't a specified
pro to co l fo r the ho st-to -netwo rk layer, it can wo rk acro ss almo st any type o f physical netwo rk.
TCP/IP uses IP addresses to keep track o f each machine so it kno ws where to send data. This is a lo t like yo ur mailing
address, which tells peo ple where to send yo u letters, packages, and (unfo rtunately) bills. We'll learn all abo ut the
makeup o f IP addresses in the next lesso n.
Handing in a Quiz or Objective

After yo u have read the lesso n yo u have quizzes and o bjectives to co mplete that allo w yo u to demo nstrate
the co ncepts yo u have learned. Under the lesso n heading there is an o bjective and/o r quiz item. Click o n this
to reveal the instructio ns. When yo u are finished, scro ll do wn the to p half o f the Co derunner screen and select
the butto n that reads Hand in at the right side o f the windo w. Yo u will use the same pro cedure to hand in
o bjectives. Please do no t use the Dro p In bo x but simply click o n the Hand In butto n to hand in any files
created. This butto n will alert yo ur mento r that yo u are ready to be evaluated.
Binary Numbers
Binary Numbers
Befo re yo u can understand ho w IP addresses wo rk, yo u sho uld have a go o d understanding o f the binary number
system. In o ur daily lives we use what's kno wn as the base 10 number system. We use the digits 0 thro ugh 9 to
represent any number we wish. Each po sitio n in the number represents a po wer o f 10 . The number 5, fo r example, is
the same thing as 5 * 10 0 , o r 5 * 1. To get larger numbers we just add o n ano ther higher o rder digit.
23 2*10 1 + 3*10 0 = 20 + 3 = 23
4 5 23 4 *10 3 + 5 *10 2 + 2*10 1 + 3*10 0 = 40 0 0 + 50 0 + 20 + 3 = 4 5 23
111 1*10 2 + 1*10 1 + 1*10 0 = 10 0 + 10 + 1 = 111
Co mputers use the binary number system. This is because a co mputer can o nly keep track o f info rmatio n as a 0 o r 1
(o ff o r o n). It wo rks the same way as the base 10 system, except that yo u are dealing with po wers o f 2 instead o f
po wers o f 10 .
1 1*2 0 = 1
111 1*2 2 + 1*2 1 + 1*2 0 = 4 + 2 + 1 = 7
10 10 1*2 3 + 0 *2 2 + 1*2 1 + 0 *2 0 = 8 + 0 + 2 + 0 = 10
Each digit in a binary number is called a bit. Using an eight bit number yo u can represent any base 10 number fro m
zero (0 0 0 0 0 0 0 0 ) to 255 (11111111). Co mplicated math isn't really necessary as lo ng as yo u kno w what each o f the
bits stands fo r.
Bit 1/0 1/0 1/0 1/0 1/0 1/0 1/0 1/0

Value 128 6 4 32 16 8 4 2 1
If there's a 1, yo u simply add the co rrespo nding value to the to tal. Fo r example, 0 0 0 10 0 0 0 wo uld be 16 and
0 0 0 10 0 0 1 wo uld be 17. If this still seems a little co nfusing, here's so me mo re info rmatio n o n binary numbers.
IP Addresses
In o rder fo r co mputers to talk to each o ther o n the internet, they have to kno w where the o ther is lo cated. Over TCP/IP,
this is do ne with an IP (Internet Pro to co l) address. An IP address is represented by fo ur 8 -bit binary numbers. This
allo ws fo r appro ximately 4.3 billio n different addresses.
110 0 0 0 0 0 10 10 10 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1
19 2 16 8 1 1
This number wo uld be represented as 19 2.16 8.1.1, o therwise kno wn as dotted quad notation.
Just giving a co mputer an IP address wo n't do any go o d because no t all co mputers are co nnected to each o ther
directly. Yo u have to pass the info rmatio n thro ugh a lo t o f different places in o rder fo r it to reach its destinatio n. Yo u
can't drive fro m New Yo rk to San Francisco witho ut traveling thro ugh o ther cities. The internet is divided into lo ts o f
different segments that talk to each o ther. Each segment is referred to as a network and each individual machine o n a
netwo rk is called a host. Fo r this reaso n, an IP address is divided into a network po rtio n and a host po rtio n. The
difference between the network po rtio n and the host po rtio n is so rt o f like the difference between the city yo u live in and
yo ur street address. When the IP addresses were first created, the size o f the netwo rk po rtio n and the ho st po rtio n
were determined by dividing all o f the addresses into multiple classes. The class divisio ns were also used to assign
peo ple IP addresses. Large co mpanies wo uld get a class A, while smaller co mpanies wo uld get a class B o r class C.
All o f the addresses were divided into five classes.
Original IP Addre ss Classe s

Class Range
A 0 .xxx.xxx.xxx - 127.xxx.xxx.xxx
B 128 .xxx.xxx.xxx - 19 1.xxx.xxx.xxx
C 19 2.xxx.xxx.xxx - 223.xxx.xxx.xxx
Class D and class E addresses were also defined.

The re d x's represent part o f the network address and the blue x's are part o f the host address.
Network, Broadcast, and Subnets

Let's give o urselves a class C netwo rk o f 19 2.16 8.1.xxx. Two o f the addresses are auto matically used up--the
netwo rk address o f 19 2.16 8.1.0 and the bro adcast address o f 19 2.16 8.1.25 5 . The netwo rk address is used when
referring to the netwo rk itself, and the bro adcast address is used to refer to all o f the ho sts o n that netwo rk. This means
yo u can have 254 ho sts o n the netwo rk. That's quite a few ho sts to co nnect o n the same IP netwo rk! We need a way to
split up the netwo rk into smaller parts.
All classes also have what's called a subnet mask. By default a class C netwo rk has a subnet mask o f 25 5 .25 5 .25 5 .0 .
(No te that the "o n" bits are the same o nes represented by re d x's in the table abo ve.) In fact, this default mask is really
the o nly thing the o ld class structure is used fo r anymo re. By changing the subnet mask, we can split up the large IP
netwo rk into two o r mo re smaller netwo rks. The subnet mask is then used to determine which po rtio n o f an IP address
defines the netwo rk and which defines the ho st. Let's lo o k at o ur netwo rk again:
11111111 11111111 11111111 0 0 0 0 0 0 0 0 subnet mask (25 5 .25 5 .25 5 .0 )

110 0 0 0 0 0 10 10 10 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 ip address o f the first ho st (19 2.16 8.1.1)
No w let's split it into two subnets instead o f o ne. We'll do this by co nverting o ne o f the ho st bits into an additio nal
netwo rk bit. The new subnet mask wo uld be as fo llo ws:
11111111 11111111 11111111 10 0 0 0 0 0 0 (25 5 .25 5 .25 5 .128)
But no w, we have two netwo rks and two bro adcast addresses as well. This is because the gre e n number, altho ugh
part o f the netwo rk po rtio n, can be either a o ne o r a zero . Fo r the netwo rk addresses, all o f the ho st bits are 0 and fo r
the bro adcast addresses, all o f the ho st bits are 1.
110 0 0 0 0 0 10 10 10 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1st netwo rk address (19 2.16 8.1.0 )

110 0 0 0 0 0 10 10 10 0 0 0 0 0 0 0 0 0 1 0 1111111 1st bro adcast address (19 2.16 8.1.127 )
110 0 0 0 0 0 10 10 10 0 0 0 0 0 0 0 0 0 1 10 0 0 0 0 0 0 2nd netwo rk address (19 2.16 8.1.128)

110 0 0 0 0 0 10 10 10 0 0 0 0 0 0 0 0 0 1 11111111 2nd bro adcast address (19 2.16 8.1.25 5 )
The subnet mask is useful because when co upled with a ho st IP address, it pro vides all o f the necessary info rmatio n
abo ut a subnet. Let's say we're given the fo llo wing pair:
subnet mask: 25 5 .25 5 .25 5 .128

ho st address: 19 2.16 8.1.14 0
The subnet mask lets us determine the netwo rk and ho st parts o f the IP address. Fro m this IP address and subnet
mask, we kno w the netwo rk and bro adcast addresses fo r all o f the subnets, as well as which subnet co ntains the ho st
(which happen to be the seco nd set fro m abo ve).
The subnet mask is like a filter telling us which parts are fo r the netwo rk and which are fo r the ho sts. But why no t just
give the IP address and netwo rk address? Isn't that eno ugh to describe it? No t really.
netwo rk address: 19 2.16 8.1.0

ho st address: 19 2.16 8.1.22
Fro m this pair we kno w that the ho st is o n the 19 2.16 8 .1.0 netwo rk. Ho wever, there is no way o f kno wing whether that
netwo rk is split into multiple subnets o r no t. We do n't kno w if 19 2.16 8 .1.140 is o n the same subnet as 19 2.16 8 .1.22.
Subnet Mask Example

A slightly mo re co mplicated example wo uld be as fo llo ws:
subnet mask: 25 5 .25 5 .25 5 .224

ho st address: 19 2.16 8.1.16 3
Let's break it do wn, piece by piece. The subnet mask ends in 224, which lo o ks like 1110 0 0 0 0 in binary. This gives us
eight separate subnets.
Subne t Binary Ne t wo rk Bro adcast
1 0 0 0 0 0 0 0 0 19 2.16 8 .1.0 19 2.16 8 .1.31
2 0 0 10 0 0 0 0 19 2.16 8 .1.32 19 2.16 8 .1.6 3
3 0 10 0 0 0 0 0 19 2.16 8 .1.6 4 19 2.16 8 .1.9 5
4 0 110 0 0 0 0 19 2.16 8 .1.9 6 19 2.16 8 .1.127
5 10 0 0 0 0 0 0 19 2.16 8 .1.128 19 2.16 8 .1.159
6 10 10 0 0 0 0 19 2.16 8 .1.16 0 19 2.16 8 .1.19 1
7 110 0 0 0 0 0 19 2.16 8 .1.19 2 19 2.16 8 .1.223
8 1110 0 0 0 0 19 2.16 8 .1.224 19 2.16 8 .1.255
So no w we can lo o k at o ur IP address, 19 2.16 8.1.16 3, and see that it's part o f the 6 th subnet. We go t all o f this
info rmatio n just fro m using the subnet mask.
Having to o many subnets can severely reduce the number o f IPs available fo r ho sts since a netwo rk and
Note bro adcast address is necessary fo r each subnet. In the previo us example, we already reduced the
number o f IPs by 14 additio nal addresses.
Prefix Length Notation

Even tho ugh we can gain all o f the info rmatio n we need fro m the ho st IP address and its subnet mask, so meo ne
decided that it was still a waste o f time to write o ut all o f tho se numbers. Instead, we can deno te the same IP/subnet
pair using prefix length notation.
To do this, we add up the number o f netwo rk bits in o ur subnet mask and tack it o nto the end o f the ho st IP. Fo r
example, if we had a ho st address o f 19 2.16 8.3.11 with a subnet mask o f 25 5 .25 5 .25 5 .0 , we wo uld have 24 netwo rk
bits. The prefix length no tatio n wo uld then be 19 2.16 8.3.11/24 . Let's take a lo o k at it:
11111111 11111111 11111111 0 0 0 0 0 0 0 0 (25 5 .25 5 .25 5 .0 )
Here, the red numbers represent the ne t wo rk part o f the address and the blue numbers are the ho st part, just like
befo re. To determine the prefix length, all we need to do is co unt up the red netwo rk bits.
What if the subnet mask were 25 5 .25 5 .25 5 .224 instead?
11111111 11111111 11111111 1110 0 0 0 0 (25 5 .25 5 .25 5 .224 )
If we co unt up the netwo rk bits in the new subnet mask we get '27'. That gives us a prefix length no tatio n o f
19 2.16 8.3.11/27 .
T he Hardware
The type o f netwo rk hardware that is used to co nnect the ho ttub and bubbles is co mmo nly called e t he rne t . Mo re
specifically it's called 10 0 baseT (pro no unced "o ne hundred base tee"). This is the successo r to 10 baseT. Bo th o f
these run o ver a type o f cable called Cat 5 (catego ry 5 o r twisted pair). So me peo ple will refer to a netwo rk as Cat 5
when it's 10 baseT even tho ugh that's no t a very accurate descriptio n anymo re.
The cable is attached to either an ethernet card in the co mputer o r an ethernet po rt that's integrated into the co mputer's
mo therbo ard. The first ethernet device o n a Unix machine is usually setup as /eth0. This is the name given to the
ethernet card in yo ur machine. eth0 stands fo r ethernet number 0. The reaso ns yo u use "first" is because it's po ssible
fo r a machine to have multiple ethernet devices co nnected to different netwo rks. Fo r example, the next o ne wo uld be
called eth1.
The o ther ends o f the cables are attached to so me fo rm o f hub, switch, o r ro uter that handles the co mmunicatio n with
the rest o f the wo rld. We do n't need to wo rry abo ut the specifics o f these since they are typically handled by yo ur
netwo rk administrato r.
The netwo rk administrato r will usually give yo u the specific IP info rmatio n that they want yo u to use fo r yo ur servers.
(That'll be yo u so meday!) Yo u will beco me mo re familiar with these co ncepts as yo u co ntinue thro ugh the co urse.

Ifconfig
Ifconfig
The if co nf ig co mmand is used to setup the netwo rk devices o n a Unix machine. All o f the netwo rk devices o n the
ho ttub are already co nfigured, so let's use if co nf ig to view the current setup.
After the co mmand pro mpt, type the fo llo wing co mmands:
hottub:~$ ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:02:B3:09:7E:FD
inet addr:204.212.246.154 Bcast:204.212.246.191 Mask:255.255.255.192
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:65093 errors:0 dropped:0 overruns:0 frame:0
TX packets:27415 errors:0 dropped:0 overruns:0 carrier:0
collisions:144 txqueuelen:100
RX bytes:39742309 TX bytes:3264987 (3.1 Mb)
Base address:0x4000 Memory:fc200000-fc220000
The impo rtant info rmatio n abo ut eth0 is highlighted abo ve with co lo rs. The ine t addr is simply the IP address that has
been assigned to it. Then we have the Bcast (bro adcast) and Mask (subnet mask) which are already familiar. HWaddr
stands fo r hardware address. This is a unique number fo r that specific ethernet device. No device will have that same
hardware address since each manufacturer is given a different set to use. A lo t o f netwo rk pro to co ls and services will
keep track o f ho sts by their hardware address. The rest o f the info rmatio n is no t likely to be impo rtant to yo u, so we
wo n't wo rry abo ut it no w.
Take a lo o k at ano ther device.
hottub:~$ ifconfig lo
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX bytes:4226 (4.1 Kb) TX bytes:4226 (4.1 Kb)
No tice that the link type is no lo nger ethernet; it's Lo cal Lo o pback. The lo device pro vides a so rt o f fake netwo rk
co nnectio n that "lo o ps back" to itself.
Note The 127.0 .0 .0 netwo rk used o n the lo o pback device is reserved specifically fo r this purpo se.
Try typing if co nf ig all by itself to get a lo o k at all o f the active devices o n the ho ttub.
hottub:~$ ifconfig
Hostnames and Domain names

Up to this po int yo u've seen ho sts with numerical addresses. Given this info rmatio n, yo u might be wo ndering why we
refer ho ttub.useractive.co m instead o f 20 2.246 .212.154. This is made po ssible by the do m ain nam e syst e m o r
DNS. This system maps names to IP addresses. Each name can be divided into two parts, a hostname and a domain
name. (This is so rt o f like the ho st and netwo rk po rtio n o f IP addresses.) Let's use ho t t ub.use ract ive .co m as an
example. ho t t ub is the ho st name and use ract ive .co m is the do main name. There are usually many different ho sts
using the same do main name.
There is a very handy co mmand called ho st that allo ws yo u to determine an IP address given a ho stname o r vice
versa.
hottub:~$ host hottub.useractive.com

hottub.useractive.com has address 63.171.219.83
This info rmatio n gives the IP address fo r ho ttub.useractive.co m. We also co uld have entered an IP address instead o f
a ho stname.
Routing Basics
Yo u no w kno w that the internet is made up o f lo ts o f different netwo rks that are interco nnected. Since each co mputer
can't be directly co nnected to all o f the o thers, there must be so me way fo r info rmatio n to get fro m o ne to the next.
With TCP/IP, info rmatio n that needs to be sent is bro ken up into smaller parts called segments. Other pro to co ls and
mo st netwo rks refer to these as packets.
Packets co ntain the data that needs to be sent as well as info rmatio n abo ut the data's o rigin and destinatio n. These
packets typically travel fro m the o riginating ho st thro ugh a bunch o f different ro uters until they reach their destinatio n. A
router is a hardware device used to send packets to the co rrect place. It do es this using a set o f defined routes
depending o n a packet's destinatio n. Yo ur server also has a set o f ro utes. Usually there's o ne ro ute fo r each netwo rk
device.
In the first lesso n there was a graphic that represented the internet as a big black line that co nnects everything to gether.
That's no t very accurate. The internet really lo o ks mo re like this:
Who a! What a mess! Yo u can see ho w co nfusing it is to send data so mewhere. That's why we need to define ro utes.
Using the ro ut e co mmand, we can see the ro utes that are set up o n ho ttub.
hottub:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 * 255.255.0.0 U 0 0 0 eth1
64.5.96.128 * 255.255.255.192 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 64.5.96.129 0.0.0.0 UG 0 0 0 eth0
Yo ur table may have many mo re entries than what yo u see abo ve. Ho wever, the structure sho uld be the same.
The first thing listed fo r each ro ute is the De st inat io n netwo rk. There is a ro ute in re d that is defined fo r the netwo rk
attached to each device. The last ro ute is the de f ault ro ute. A packet that is destined fo r a netwo rk no t listed will go
here.
Next is the Gat e way. The gateway is the IP address o r ho stname o f the next ro uter o n the way to the destinatio n. If yo u
see a * in the gateway field, it means that that device is part o f that netwo rk so no gateway is necessary.
The Ge nm ask is simply the subnet mask. Why do they call it a genmask? Yo ur guess is as go o d as mine. In the case
o f the default ro ute yo u'll no tice that the mask is 0 .0 .0 .0 . This is because, like we said abo ve, the default ro ute is fo r
every ho st o n any netwo rk no t already defined.
The Flags field co ntains a U if the ro ute is "up." G stands fo r gateway and H stands fo r ho st.
If ace is the name o f the netwo rk interfaces with which we are already familiar.
This graphic represents the majo r ro utes o n the ho ttub. There is the main ro ute thro ugh the OST gateway that gives the
ho ttub access to the internet. Then we have a ro ute to the 10 .0 .0 .0 netwo rk where all o f the bubbles reside. The
bubbles can't get to the internet and no bo dy fro m the o utside can get to the bubbles witho ut lo gging into the ho ttub first.
We aren't do ing this to be mean; it's fo r security reaso ns.
If yo u want to make sure yo u are co nnected to a specific ho st, yo u can use ping. ping sends what is kno wn as ICMP
ECHO_REQUEST packets. By default, ping sends o ne packet every seco nd. Yo u will have to hit Ct rl+c in o rder to
break o ut o f this co mmand.
hottub:~$ ping hot.useractive.com
PING hot.useractive.com (209.16.196.243) from 204.212.246.154 : 56(84) bytes of
data.
64 bytes from hot.useractive.com (209.16.196.243): icmp_seq=0 ttl=247 time=28.677 msec
Ctrl+c
--- hot.useractive.com ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max/mdev = 28.641/31.869/38.414/4.266 ms
We see a line fo r every packet that is respo nded to by the target ho st. They all have an ICMP sequence number
(icmp_seq) and the amo unt o f time it to o k to get a respo nse. Once we hit Ct rl+c, ping gives us a nice little repo rt that
includes the to tal amo unt o f packe t s t hat we re lo st . Lo st packets mean that there is pro bably so mething wro ng with
the netwo rk co nnectio n o r there is just way to o much traffic fo r the speed o f the co nnectio n so mewhere alo ng the line.
So me machines require that yo u have ro o t access befo re running ping. This is because it's po ssible to
Note "ping flo o d" a ho st, thereby reducing the efficiency o f its netwo rk co nnectio n.
Ano ther useful co mmand is t race ro ut e . It's so rt o f like ping in that it can indicate a go o d co nnectio n to a remo te
ho st. T race ro ut e go es a step further in that it gives the ho stname o r IP address o f every ro uter between the two
machines. Each successive ro uter thro ugh which a packet travels is called a hop.
hottub:~$ traceroute hot.useractive.com
traceroute to hot.useractive.com (64.5.69.48), 30 hops max, 38 byte packets
1 64.5.96.129 (64.5.96.129) 1.498 ms 1.546 ms 1.681 ms
2 bacchus.soltec.net (64.5.64.11) 11.525 ms 5.099 ms 5.067 ms
3 gw.soltec.net (64.5.64.1) 3.642 ms 3.354 ms 3.616 ms
4 hot (64.5.69.48) 3.683 ms 3.756 ms 3.659 ms
If fo r so me reaso n yo u can't co nnect to a ho st yo u kno w is there, t race ro ut e can sho w yo u the lo catio n o f the
pro blem. This way yo u'll kno w immediately if yo u sho uld co ntact yo ur netwo rk pro vider o r if it's a pro blem o n the o ther
end.
Let's lo o k at ano ther example.
hottub:~$ traceroute www.cnn.com
traceroute: Warning: www.cnn.com has multiple addresses; using
207.25.71.20
traceroute to cnn.com (207.25.71.20), 30 hops max, 38 byte packets
1 gw-useractive.fgi.net (204.212.246.129) 1.346 ms 1.298 ms 1.385 ms
2 gw3-champaign.fgi.net (204.212.246.3) 6.380 ms 6.399 ms 6.419 ms
3 gw1-champaign.fgi.net (204.212.246.1) 7.238 ms 7.159 ms 7.211 ms
4 gw-noc.fgi.net (204.212.192.1) 13.846 ms 11.789 ms 11.837 ms
5 sl-gw31-chi-7-0-TS9.sprintlink.net (160.81.92.245) 15.105 ms 15.110 ms 15.363 ms
6 sl-bb21-chi-4-0.sprintlink.net (144.232.26.29) 17.611 ms 15.430 ms 15.382 ms
7 sl-bb21-atl-12-0.sprintlink.net (144.232.18.34) 27.918 ms 27.743 ms 27.699 ms
8 sl-gw11-atl-8-0.sprintlink.net (144.232.12.86) 27.745 ms 27.923 ms 27.841 ms
9 * sl-cnn-2-0-0.sprintlink.net (144.232.194.130) 87.883 ms !X *
15 * *
Ctrl+c
So mething is no t quite right here...let's try to ping the ho st.
hottub:~$ ping www.cnn.com
Warning: no SO_TIMESTAMP support, falling back to SIOCGSTAMP
PING cnn.com (207.25.71.22) from 204.212.246.154 : 56(84) bytes of data.
From sl-cnn-2-0-0.sprintlink.net (144.232.194.130): Packet filtered
Ctrl+c
--- cnn.com ping statistics ---
29 packets transmitted, 0 packets received, +3 errors, 100% packet loss
Note Yo u may no t see the "Packet filtered" messages.
Packe t f ilt e re d indicates that cnn.co m pro bably isn't letting ICMP packets thro ugh. If yo u didn't see this message, it
wo uld appear that www.cnn.com is do wn when it really is no t. This is o bvio us if yo u visit the website
http://www.cnn.co m.
Configuring an Ethernet Device
About this lesson

In this lesso n yo u'll be messing aro und with netwo rk co nnectio ns and even disco nnecting yo ur bubble co mputer fro m
the netwo rk. What if the co mputer isn't co nnected to the netwo rk? Ho w will we get it back o nline? Luckily there are
pro grams in place so that yo u can co nnect to the co nso le o f the co mputer. Think o f the co nso le as the screen yo u
wo uld see if yo u were sitting and lo o king at the mo nito r that is co nnected directly to the co mputer.
This lesso n discusses the co nso le and ho w we will co nnect to it in this co urse. Once yo u are able to co nnect to the
co nso le we'll learn abo ut netwo rking Unix machines.
T he Console
There are many ways yo u can access a Unix system. The main mo de o f access is thro ugh a terminal, which usually
includes a keybo ard and a video mo nito r. Yo u've been using ssh and telnet fo r terminal emulatio n. Fo r each terminal
co nnected to the Unix system, the kernel runs a pro cess called a t t y that accepts input fro m the terminal, and sends
o utput to the terminal (t t y stands fo rt elet ype). tty pro cesses are general pro grams and must be to ld the capabilities o f
the terminal in o rder to read fro m and write to the terminal co rrectly. If the tty pro cess receives inco rrect info rmatio n
abo ut the terminal type, unexpected results can o ccur.
hottub:~$ finger
Login Name Tty Idle Login Time Office Office Phone
certjosh pts/3 18 Feb 11 14:31 (cold.useractive.com)
certjosh pts/7 5 Feb 11 14:40 (faucet.useractive.com)
certjosh pts/9 Feb 11 16:21 (cold.useractive.com)
kerryvb pts/8 1:36 Feb 11 14:41 (faucet.useractive.com)
root root tty1 8d Feb 2 17:19
tljohnsn pts/1 19 Feb 11 14:22 (office.useractive.com)
Check o ut the t t y co lumn. Fo r each lo gin there is either a tty number o r pts number. pt s stands fo r psuedo t erminal.
These are the terminals to which peo ple are co nnected. No tice that o ne perso n can be co nnected to multiple terminals
using multiple shell sessio ns. The tty is no t impo rtant to understand fo r this lesso n.
In this co urse yo u've been using an Applet that is a t e rm inal e m ulat o r and yo u've been using the ssh and telnet
pro grams to co nnect to the machines. These shells are actually running o n so mething called a co nso le.
Every Unix system has a main co nso le that is co nnected directly to the machine. The co nso le is a special type o f
terminal that is reco gnized when the system is started. So me Unix system o peratio ns must be perfo rmed at the
co nso le. Typically, the co nso le is o nly accessible by the system o perato rs and administrato rs, and usually o nly by
sitting at the mo nito r that is directly co nnected to the machine.
In this co urse we will be co nnecting to the co nso le thro ugh a pro gram we wro te called co nso le .
Connecting to your Console

hottub:~$ console
Yo u'll be pro mpted to lo gin as usual. Use the same lo gin info rmatio n yo u used befo re. Yo u'll no tice a pro mpt that
lo o ks like this:
OBSERVE:
bubble12 (console):~$
This time, instead o f a telnet o r ssh co nnectio n, yo u are co nnecting with a pro gram called co nso le . The co nso le
pro gram is co nnecting yo u directly to the co nso le o f the bubble machine. Using this co nso le is exactly like using the
co mputer's mo nito r. At the end o f this lesso n yo u'll see ho w to disco nnect fro m the co nso le.
Take a lo o k at the current state o f the bubble's netwo rk.
bubble12 (console):~$/sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:30:05:06:13:A3
Interrupt:9 Base address:0x3400

inet addr:127.0.0.1 Mask:255.0.0.0
Take o ut a pen o r pencil and writ e do wn t he ine t addr yo u see in yo ur shell. Fo r example, MY
Note bubble's IP address is 10 .0 .0 .25 2. What yo u see will mo st likely be different when yo u do it.
No w lo o k at the ro uting table:
bubble12 (console):~$/sbin/route
10.0.0.0 * 255.255.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
Note The reaso n yo u included the /sbin is because the default path o n the bubbles may no t co ntain it.
No tice that there is no default gateway at the bo tto m o f this ro uting table like there was o n ho ttub that yo u saw in the
last lesso n. The ho ttub ro uting table lo o ked so mething like this:
Ro uting Table fo r ho ttub

hottub:~$ route
10.0.0.0 * 255.255.0.0 U 0 0 0 eth1
64.5.96.128 * 255.255.255.192 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 64.5.96.129 0.0.0.0 UG 0 0 0 eth0
Since yo ur bubble do esn't have a default gateway it do esn't have access to the internet right no w. To see this, try using
the ping co mmand to reach ano ther co mputer. Try to ping a co mputer that is o n the internet to see if yo u can reach it.
bubble12 (console):~$ping cold.useractive.com

connect: Network is unreachable
Yo u canno t ping co ld.useractive.co m. Because ho ttub is o n the same lo cal area netwo rk as the bubble machine, yo u
CAN ping ho ttub:
bubble12 (console):~$ ping hottub
PING hottub (10.0.0.1) from 10.0.0.11 : 56(84) bytes of data.
64 bytes from hottub (10.0.0.1): icmp_seq=0 ttl=255 time=12.905 msec
--- hottub ping statistics ---
To break o ut o f the ping co mmand, type Ct rl - C
Yo u are seeing packets co me back fro m the ho ttub co mputer. They're talking! No w let's make it so that yo u can talk to
co mputers o n the internet.
Fro m the last lesso n, yo u sho uld kno w that yo ur bubble co mputer needs a default gateway in o rder to be o n the
internet. Let's add a default gateway. Yo u will need to be a superuser in o rder to do this.
bubble12 (console):~$su suusername

Password:
bubble12 (console):~#
Under mo st circumstances we wo uld have a gateway that wo uld ro ute traffic to the rest o f the internet. In o rder fo r this
to wo rk, we wo uld need to set up a default ro ute. The gateway will likely be the first ho st o n yo ur netwo rk. Fo r us, this is
the ho ttub.
bubble12 (console)~:# /sbin/route add default gw 10.0.0.1
bubble12 (console)~:# /sbin/route
10.0.0.0 * 255.255.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default hottub 0.0.0.0 UG 0 0 0 eth0
Perfect. No w try pinging co ld.useractive.co m again:

bubble12 (console):~#ping cold.useractive.com
PING cold.useractive.com (64.5.69.49) from 10.0.0.252: 56 data bytes
64 bytes from 64.5.69.49: icmp_seq=0 ttl=255 time=0.3 ms
--- cold.useractive.com ping statistics ---

round-trip min/avg/max = 0.2/0.2/0.3 ms
No w let's remo ve the default gateway (because we're go ing to do it ano ther way in the next lesso n):
bubble12 (console):~#/sbin/route del default
Lo o k at the ro uting table and make sure that the default gateway is go ne.
Bringing the Network Up and Down

First, let's bring down the current ethernet settings. This will sto p the ethernet device fro m listening o n the netwo rk.
bubble12 (console):~# /sbin/ifconfig eth0 down
bubble12 (console):~# /sbin/ifconfig
inet addr:127.0.0.1 Mask:255.0.0.0
bubble12 (console):~# /sbin/route

Destination Gateway Genmask Flags Metric Ref Use Ife
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
. Take the time to co mpare this ifco nfig with the previo us o ne. Yo ur bubble co mputer is no lo nger co nnected to the
ho ttub co mputer. We can pro ve this by trying to ping the ho ttub.
bubble12 (console):~# ping hottub
connect: Network is unreachable
Just as suspected, the bubble netwo rk is do wn.
No w let's bring up the bubble's ethernet. We'll be using the same address yo u wro te do wn earlier in the lesso n.
Note If yo u fo rgo t yo ur address, yo u can find it by typing cat /e t c/sysco nf ig/ne t wo rk-script s/if cf g-e t h0 .
Yo u'll also be using a subnet mask o f 255.255.0 .0 which will put us o n the same netwo rk (10 .0 .0 .0 ) as the ho ttub.
bubble12 (console):~# /sbin/ifconfig eth0 10.0.0.252 netmask 255.255.0.0
bubble12 (console):~# /sbin/ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:30:05:06:13:A3
Interrupt:9
bubble12 (console):~# /sbin/route
10.0.0.0 * 255.255.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
Lo o ks like it's up! Let's do uble check just to be sure.
bubble12 (console):~# ping hottub
PING hottub (10.0.0.1) from 10.0.1.252 : 56(84) bytes of data.
64 bytes from hottub (10.0.0.1): icmp_seq=0 ttl=255 time=281 usec
64 bytes from hottub (10.0.0.1): icmp_seq=1 ttl=255 time=127 usec
Ctrl+c
--- hottub ping statistics ---
Co ngratulatio ns! Yo u just set up yo ur ethernet card by hand.
if co nf ig and ro ut e aren't to o difficult to use o nce yo u get the hang o f it and it's impo rtant to kno w ho w to use them if
yo ur netwo rk isn't co ming up auto matically as intended. Speaking o f having yo ur netwo rk co me up auto matically, ho w
wo uld we do that? This will be co vered in the next lesso n!
Disconnecting from the console

Let's disco nnect fro m the serial co nso le o f the bubble.
bubble12 (console)~:$ exit
The system will try to lo g yo u into the co nso le again. Yo u sho uld see so mething like this:
CODE TO TYPE:
bubble12 login:
So no w yo u have to de t ach fro m the co nso le. Yo u do that by typing Ct rl-a then type d.
Yo u can detach fro m the co nso le befo re exiting and yo ur sessio n will remain just as it was. When yo u
Note type console o n ho ttub the next time, yo u wo n't have to lo gin and yo u will be right where yo u left o ff.
Ho wever, it is no t a go o d idea to leave these sessio ns witho ut lo gging o ut fo r security reaso ns.
Network at Startup
Startup Scripts
In the last lesso n yo u learned ho w to change the IP address o f yo ur bubble using the if co nf ig co mmand. Yo u also
learned ho w to co nnect yo ur bubble to the internet using the ro ut e co mmand to specify a default gateway. In this
lesso n, yo u'll learn ho w to set the IP address and gateway auto matically when the machine is started. We will do this
by altering the netwo rk startup scripts.
Red Hat Linux (tm) has made it fairly easy to set up yo ur netwo rk so that it will start auto matically. There are a series o f
scripts (small pro grams) in /e t c/sysco nf ig/ne t wo rk-script s that will do mo st o f the wo rk fo r yo u.
Let's begin by lo o king at the /e t c/sysco nf ig/ne t wo rk co nfiguratio n file. Lo gin to yo ur bubble via the co nso le.
Remember, to do this yo u must enter the ho ttub and type co nso le .
bubble12 (console):~$ cd /etc/sysconfig
bubble12 (console):/etc/sysconfig$ cat network
NETWORKING=yes
FORWARD_IPV4=false
HOSTNAME=bubble12.private.useractive.com
As yo u can see, this file specifies that, ye s, we do want to have a netwo rk set up fo r us. The ho st name o f the machine
is also specified here.
In o rder to co nnect to the internet every time the machine is bo o ted, we must specify a GATEWAY in this file as well.
Remember, yo ur bubble do esn't have a default gateway specified (yo u added o ne using ro ute and remo ved it using
ro ute in the last lesso n). Let's add this line to the file.
Lo gin to the bubble as a superuser.
bubble12 (console):/etc/sysconfig$ su suusername

Password:
bubble12 (console):/etc/sysconfig#
Using yo ur favo rite Unix edito r (emacs, pico , o r vi), add the fo llo wing line to /e t c/sysco nf ig/ne t wo rk.
Add this line to /etc/sysco nfig/netwo rk:

GATEWAY=10.0.0.1
Here's what it sho uld lo o k like when yo u're do ne:
bubble12 (console):/etc/sysconfig# cat network
NETWORKING=yes
FORWARD_IPV4=false
GATEWAY=10.0.0.1
No w let's make it so that the IP address o f the machine is set to a different address than the o ne yo u are currently
using. Go into the ne t wo rk-script s directo ry.
bubble12 (console):/etc/sysconfig# cd network-scripts
bubble12 (console):/etc/sysconfig/network-scripts# ls
ifcfg-eth0 ifdown ifdown-sl ifup-plip ifup-sit
ifcfg-eth0.bak ifdown-ipv6 ifup ifup-plusb ifup-sl
ifcfg-eth0.dhcp ifdown-post ifup-aliases ifup-post network-functions
ifcfg-eth0~ ifdown-ppp ifup-ipv6 ifup-ppp network-functions-ipv6
ifcfg-lo ifdown-sit ifup-ipx ifup-routes
We've o nly go t o ne mo re file to edit, and that's ifcfg-eth0. There is o ne o f these files fo r every netwo rk device o n the
machine. Take a lo o k at the current setup:
bubble12 (console):/etc/sysconfig/network-scripts# cat ifcfg-eth0
DEVICE=eth0
ONBOOT=YES
IPADDR=10.0.0.12
NETMASK=255.255.0.0
NETWORK=10.0.0.0
BROADCAST=10.0.255.255
Be sure to take o ut a pencil and write do wn the number that's listed in the IPADDR line. The o ne listed
Note abo ve is 10 .0 .0 .12, but yo urs will be different. We will be using this number later in the lesso n.
In this part o f the lesso n, yo u will change the ifcfg-eth0 file and restart the co mputer. Then yo u'll change it back to its
o riginal state.
First, find an o pen IP address to use. To do that, ping so me addresses o n yo ur netwo rk to see if any o f them are o pen.
The IP addresses in yo ur netwo rk are o f the fo rm 10 .0 .x.x where the x is a number between 0 and 255; o ne po ssibility
wo uld be 10 .0 .253.2. If it is available yo u will have 10 0 % packet lo ss.
bubble12 (console):/etc/sysconfig/network-scripts#ping 10.0.253.2
If it do es no t have 10 0 % packet lo ss, try ano ther o ne until yo u find o ne that do es. Once yo u've fo und an IP address o f
the fo rm 10 .0 .x.x that isn't being used, write it do wn. Yo u will be using it in the next example.
Edit ifcfg-eth0 so that it lo o ks like this:

DEVICE=eth0
ONBOOT=YES
IPADDR=10.0.x.x
NETMASK=255.255.0.0
NETWORK=10.0.0.0
Make sure that 10 .0 .x.x is the number yo u just fo und (it wo n't be 10 .0 .x.x).
There are two scripts that will allo w us to test the new settings--if do wn and if up. Bo th scripts are lo cated in the same
directo ry.
bubble12 (console):/etc/sysconfig/network-scripts# ./ifdown eth0
bubble12 (console):/etc/sysconfig/network-scripts# ./ifup eth0
bubble12 (console):/etc/sysconfig/network-scripts# /sbin/route
Destination Gateway Genmask Flags Metric Ref Use Ife
10.0.0.0 * 255.255.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default hottub.private. 0.0.0.0 UG 0 0 0 eth0
Lo o ks go o d! The real test will be when we actually restart the machine.
Note Different Linux distributio ns may use a file called /e t c/rc.d/rc.ine t 1 instead o f these co nfiguratio n files.
Rebooting the System

To test o ut o ur new settings we're go ing to rebo o t the bubble remo tely. Since we're co nnected to the co nso le, we can
watch the shutdo wn pro cess, as well as part o f the bo o t pro cess.
bubble12 (console):/etc/sysconfig/network-scripts# /sbin/shutdown -r now
The -r flag stands fo r rebo o t. We co uld also use -h (halt), but then the system wo uld no t restart (please do n't do -h).
We also specified that the system sho uld restart no w. Under co nditio ns where there are o ther users lo gged in, it's a
go o d idea to give them time to finish up their wo rk and lo g o ff befo re shutting do wn the system. Yo u can do this by
replacing no w with the number o f minutes to wait befo re rebo o ting. The system will bro adcast to all o f the users o n the
system when the system will go do wn. Yo u will always bro adcast a system- wide message that the system is go ing
do wn.
Observe the fo llo wing:

Broadcast message from root (ttyS0) Wed Apr 4 15:10:12 2001...
The system is going down for reboot NOW !!

INIT: Switching to runlevel: 6
Yo u will then see a lo t o f info rmatio n listed o n the screen. Part o f them will be shutdo wn messages that lo o k similar to
this:
Stopping cron daemon: [ OK ]
The o utput will pause fo r a few seco nds while the machine restarts. Then yo u'll see a bunch o f kernel messages as
well as co mmands used to run Red Hat startup scripts. When it's finished, yo u will see a pro mpt to lo gin to the
co nso le again. Go ahead and lo gin no w.
There is a small chance that the o utput will sto p with a message abo ut "maximal mo unt co unt." Just wait
Note a co uple minutes and the rebo o t will co ntinue.

...
Bringing up interface eth0: [ OK ]
...
Starting cron daemon: [ OK ]
...
Yo u sho uld always halt a Unix machine befo re turning it o ff. Mo st Unix machines need to write data that's
Note being sto red in memo ry to the disk befo re they sho uld be restarted. Failing to do so usually just results in
a file system check o n startup, but it's po ssible fo r a disk to beco me co rrupted and data to be lo st.
Putting things back the way they were

Since these files do no t belo ng to us, we sho uld put them back the way they were befo re lo gging o ut o f the bubble. We
o nly mo dified two files, so that's all we have to change.
Edit /e t c/sysco nf ig/ne t wo rk and /e t c/sysco nf ig/ne t wo rk-script s/if cf g-e t h0 no w. When yo u're finished, yo u
sho uld o btain the fo llo wing results:
After the co mmand pro mpt, type the fo llo wing co mmands: *** BE SURE YOU SEE THE SAME RESULTS AS
THOSE LISTED BELOW ***
bubble12 (console):~# cat /etc/sysconfig/network
NETWORKING=yes
FORWARD_IPV4=false
bubble12 (console):~# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=put your original IP address here!
NETMASK=255.255.0.0
NETWORK=10.0.0.0
No w re st art the machine again (/sbin/shutdo wn -r no w). Once it's back up, lo go ut o f the bubble and clo se the
co nso le co nnectio n (Ctrl+a, d).
Fro m this po int o n, we'll be co nnecting to the bubbles the usual way (by typing the bubble co mmand o nce yo u are in
the ho ttub).
Services and Ports
Services and Ports

Our server can o ffer lo ts o f different services such as telnet, ftp, and httpd. These are all different things that we pro vide
to the rest o f the wo rld. When the server receives a packet we have to kno w what service to direct it to . We do n't kno w if
it's a request fo r an HTML file o r if so meo ne wants to lo gin via telnet. We get aro und this pro blem by assigning each
service a port.
These po rts are defined in /etc/services. Let's bro wse thro ugh this file a little bit.
hottub:~$ less /etc/services
Here is an excerpt:
ftp-data 20/tcp
ftp-data 20/udp
ftp 21/tcp
ftp 21/udp
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp # SSH Remote Login Protocol
telnet 23/tcp
telnet 23/udp
# 24 - private mail system
smtp 25/tcp mail
smtp 25/udp mail
time 37/tcp timserver
time 37/udp timserver
rlp 39/tcp resource # resource location
rlp 39/udp resource # resource location
nameserver 42/tcp name # IEN 116
The first part is the service name, fo llo wed by the po rt number and pro to co l. The last two fields are aliases fo r the
service, if there are any, and co mments. Fo r the mo st part, these po rt assignments are standard acro ss all Unix
systems. Telnet is always go ing to be po rt 23 and FTP will always be po rt 21. Yo u'll no tice that there are two pro to co ls
listed: TCP and UDP. We've mentio ned that TCP is used fo r mo st o f the data we'll be sending back and fo rth, but UDP
is used quite a bit as well.
The difference between them is that the TCP pro to co l makes sure that data has made it to its destinatio n, while UDP
do esn't have any such sanity checks built in to it.
With a specified po rt, the service can "listen" o n that po rt fo r inco ming packets. TCP and UDP packets will co ntain the
destinatio n po rt as part o f the info rmatio n being sent. So everything ends up wo rking o ut just fine.
xinetd
xine t d is the extended internet services daemon. The daemo n is co nfigured to listen o n a bunch o f different po rts fo r
inco ming packets. Then it starts the required service when it's needed. The reaso n fo r this is that it saves system
reso urces by no t having every service running all o f the time.
Each service is co nfigured separately fo r xine t d, either in a file called /etc/xinetd.conf o r in a service specific file lo cated
in the /etc/xinetd.d directo ry.
Co nnect to a bubble using the bubble co mmand. Let's take a lo o k at /etc/xinetd.conf.

bubble12~$ cat /etc/xinetd.conf

#
# Simple configuration file for xinetd
#
# Some defaults, and include /etc/xinetd.d/
defaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST RECORD
}
includedir /etc/xinetd.d
Mo st o f this is just represents default values fo r all services. We really do n't need to wo rry abo ut these values, but yo u
sho uld m an xine t d.co nf fo r mo re info rmatio n. No tice the includedir line at the bo tto m. Let's take a lo o k at the
/etc/xinetd.d directo ry.
bubble12~$ cd /etc/xinetd.d
bubble12:/etc/xinetd.d$ ls
chargen daytime echo telnet time wu-ftpd
chargen-udp daytime-udp echo-udp tftp time-udp
The info rmatio n co ntained in these files co uld have been included directly in the xinetd.conf file. Keeping everything
separated just helps to keep things a little mo re o rganized. Let's lo o k at t e lne t and f t p.
bubble12:/etc/xinetd.d$ cat telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable= no
}
No tice that the actual telnet server is called in.t e lne t d. All servers that are run o ut o f xine t d typically start with "in" and
end in "d" which deno tes a daemo n. Yo u sho uld read the man page fo r xinetd.conf fo r info rmatio n o n the o ther
settings.
bubble12:/etc/xinetd.d$ cat wu-ftpd |grep server
# description: The wu-ftpd FTP server serves FTP connections. It uses \
server = /usr/sbin/in.ftpd
server_args = -l -a
Again, the server is named in.f t pd. The se rve r_args setting lets yo u pass flags to the server pro cess when it's
started. The -l flag specifies that every ftp sessio n will be lo gged. -a indicates that the ftpaccess file will be used. The
ftpaccess file is lo cated in /etc and serves as a co nfiguratio n file fo r the ftp server. In mo st cases the default settings will
be sufficient unless we need to allo w ano nymo us uplo ads to o ur server.
Wu-ftpd
Let's go o ver the FTP server in a little mo re detail.
First, any username fo und in /etc/ftpusers is no t allo wed to ftp into the server. This helps prevent security pro blems with
peo ple trying to lo gin as ro o t o r o ther restricted users.
All o f the subdirecto ries fo r the ftp server are co ntained within /var/ftp (ano ther typical place wo uld be /home/ftp). Inside
o f this, any files that are publically o ffered will be in the pub subdirecto ry. These are accessed when so meo ne lo gs into
the ftp server ano nymo usly. If a user lo gs in with their username and passwo rd, they will be given their ho me directo ry
instead o f /var/ftp.
Many times a server will allo w peo ple to uplo ad files ano nymo usly. To do this we wo uld need to create an incoming
directo ry.
bubble12:/etc/xinetd.d# mkdir /var/ftp/incoming
Just creating the directo ry wo n't do us any go o d. The ano nymo us user needs to have write access to incoming.
bubble12:/etc/xinetd.d# chmod 777 /var/ftp/incoming
No w the directo ry is setup, but the FTP server still wo n't allo w peo ple to uplo ad to it. We have to add a line to the
/etc/ftpaccess file like we stated earlier. Edit /etc/ftpaccess with yo ur favo rite edito r and add the fo llo wing line at the end
o f the file.
Add the fo llo wing line to /etc/ftpaccess:

upload /var/ftp /incoming yes ftp daemon 0666
This specifies that inside o f the ro o t ftp directo ry (/var/ftp) there is a directo ry called /incoming that allo ws uplo ads. The
files created by the uplo ad will be o wned by "ftp" with a gro up o f "daemo n." The file permissio ns will be set to mo de
0666.
T urning off services

A freshly installed Unix machine, right o ut o f the bo x, typically isn't a very secure platfo rm. One o f the first things that
sho uld be do ne is to turn o ff services that aren't needed. Let's take ano ther lo o k at the services that xine t d is o ffering.
bubble12:/etc/xinetd.d$ ls
chargen daytime echo telnet time wu-ftpd
chargen-udp daytime-udp echo-udp tftp time-udp
t f t p stands fo r Trivial File Transfer Pro to co l. It is used fo r allo wing public access to files o n yo ur server. tftpd is o ften
used when bo o ting a machine o ff o f a netwo rk o r so mething similar because it do esn't require any so rt o f lo gin o r
passwo rd. This also makes it co mpletely unnecessary fo r us to have it available.
In o rder to disable a service pro vided by xine t d, we need to get that service's co nfiguratio n file o ut o f /etc/xinetd.d. One
way to do this is to delete the file, but then if we want to re-enable the service later we'd have to build the co nfiguratio n
file again. Instead, let's create a directo ry inside o f /etc/xinetd.d called off. Then mo ve the unwanted co nfiguratio n file
into the off directo ry. We'll need to su first.
bubble12:/etc/xinetd.d$ su suusername
Password:
bubble12:/etc/xinetd.d# mkdir off
bubble12:/etc/xinetd.d# mv tftp off
bubble12:/etc/xinetd.d# ls
chargen daytime echo off time wu-ftpd
chargen-udp daytime-udp echo-udp telnet time-udp
Aweso me, no mo re t f t pd right? Wro ng. These are just co nfiguratio n files and xine t d is already running with the o ld
setup. We need to restart xine t d.
If we were to lo o k in /etc/rc.d/init.d, we wo uld find startup scripts fo r many different daemo ns installed o n the system.
bubble12:/etc/xinetd.d# ls /etc/rc.d/init.d
crond identd keytable network rawdevices snmpd xfs
functions iptables killall portmap sendmail squid xinetd
halt kdcrotate netfs random single syslog
No tice that the last script is fo r xine t d. This isn't the actual daemo n itself, but merely a script o f the same name. Let's
use this to restart the xine t d daemo n.
bubble12:/etc/xinetd.d# /etc/rc.d/init.d/xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
As yo u may well have guessed, the o ther valid o ptio ns are "start" and "sto p."
inetd
Befo re xine t d there was ine t d. ine t d served exactly the same purpo se, but all o f the co nfiguratio n was lo cated in
o ne file called /etc/inetd.conf. Many systems use ine t d so it's a go o d idea to be familiar with it. A typical line fro m
/etc/inetd.conf might lo o k like this:
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
The text in gre e n is the co mmand used to run the service. The extra /usr/sbin/t cpd is part o f the TCP Wrappers
package which is typically added o n to ine t d to help pro vide access co ntro l. We will discuss access co ntro l in mo re
detail in the next lesso n.
Many Unix systems that will be using ine t d wo n't have the same style o f system start up scripts either. In tho se cases
yo u wo uld want to find the pro cess ID fo r the daemo n yo u want to restart. Then use kill -HUP ID# . HUP stands fo r
hang up. This causes mo st daemo ns to restart, thus re-reading their co nfiguratio n files.
So far yo u're do ing great! See yo u at the next lesso n!
Access Control
Access Control
Access control is o ur ability to restrict who is allo wed to co nnect to o ur server and use the services it o ffers. This lets us
restrict ho sts and/o r netwo rks that we do no t trust. Perhaps we have a server that needs access to the internet, but we
o nly want to be able to co nnect to it fro m a few select co mputers. Maybe we want everyo ne to be able to FTP to o ur
machine, but we'd like to restrict who is allo wed to telnet. All o f this can be do ne by co nfiguring the access co ntro l files.
If a system has the o lder ine t d, it sho uld have TCP Wrappers installed to give us this ability. TCP Wrappers is simply
an add-o n that pro vides us with the access co ntro l abilities that ine t d lacks. Fo rtunately, the same functio nality is part
o f xine t d so we do n't have to learn two different ways o f do ing it.
Access Control Files

There are two co nfiguratio n files that are used to setup access co ntro l. These are /etc/hosts.allow and /etc/hosts.deny.
The use o f these two files has beco me fairly standard so it is very impo rtant that we learn ho w to use them.
When a ho st tries to co nnect to the server, hosts.allow is checked first to see if the ho st has access. If access is no t
specifically granted, the hosts.deny file is checked to see if access is denied. If the co nnecting ho st is no t specifically
denied either, it will be allo wed to co nnect. This will beco me mo re clear as we learn ho w to grant and deny access to
o ur server.
Right no w, neither o ne o f these files sho uld have any info rmatio n in them. Currently, every ho st is allo wed to co nnect
to o ur server (igno ring the fact that it's no t directly co nnected to the internet).
Denying a host
Let's imagine fo r a mo ment that we've been having tro uble with so meo ne trying to co nnect fro m ho st2.badguys.co m
and they've made lo ts o f failed lo gin attempts. We want to deny this ho st's access to o ur services. Open up hosts.deny
and add the line in blue . Yo u will need to have ro o t access in o rder to edit this file.
The line we added has two parts separated by a co lo n. The first part is the daemon list, which lists all o f the services
that ho st2 is no t allo wed to access. In this case we put ALL to indicate that ho st2 isn't allo wed to use any o f the
services. The seco nd part is the host list where we've included ho st 2.badguys.co m . Co ntinuing o ur scenario , let's
say after blo cking ho st2, ho st3.badguys.co m starts making co nnectio ns to o ur server. We can simply add it to the ho st
list as fo llo ws:
Add the blue text to yo ur ho sts.deny file

ALL : host2.badguys.com , host3.badguys.com
We can use a co mma to separate several ho sts. No w let's add a seco nd line that will blo ck all traffic fro m every ho st in
the baddudes.co m do main.

ALL : host2.badguys.com , host3.badguys.com , .baddudes.com
The leading do t acts like a wildcard so that every ho st will be denied access. We can also deny IP addresses o r IP
blo cks.

ALL : 199.3.14. , 207.239.115.11
The trailing do t in 19 9 .3.14. wo rks just like the leading do t in do main names. It acts as a wildcard to represent all o f the
ho sts in that IP range. Excellent. We kno w ho w to blo ck ho sts by either their do main name, IP address, o r even a
who le blo ck o f IPs.
Let's lo o k in mo re depth at the daemo n list no w. We do n't have to deny every service to these ho sts. We can be very
selective. There is a gro up o f ho sts in the no tallbad.co m do main that needs to have FTP access to o ur servers, but we
do n't trust them to do anything else. In this case, we co uld do so mething like the fo llo wing:

ALL : 199.3.14. , 207.239.115.11
ALL EXCEPT in.ftpd : .notallbad.com
If we wanted, we co uld even use the EXCEPT keywo rd in the ho st list.

ALL : 199.3.14. , 207.239.115.11
ALL EXCEPT in.ftpd : .notallbad.com EXCEPT joe.notallbad.com
Here, every ho st in .no tallbad.co m is denied access to every service but FTP, except fo r jo e.no tallbad.co m. Instead o f
using the ALL keywo rd, we co uld give a list o f services to be denied.

ALL : 199.3.14. , 207.239.115.11
ALL EXCEPT in.ftpd : .notallbad.com EXCEPT joe.notallbad.com
in.telnetd, in.fingerd : .mostlyokay.com
Save hosts.deny and quit yo ur edito r.
Overall, we've denied a few ho sts, but everybo dy else is still allo wed to co nnect (even tho ugh ho sts.allo w is empty).
This is kno wn as a mostly open access po licy. It means the same as it so unds. A few peo ple are denied access, but
mo st peo ple are allo wed to co nnect to all o f o ur services.
Mostly Closed Policy

The o ppo site scho o l o f tho ught wo uld be to use a mo stly clo sed po licy. The idea here is to allo w a few specific ho sts
and deny everyo ne else. We'll do this by first adding entries in hosts.allow. Luckily, entries in hosts.allow have the exact
same fo rmat as entries in hosts.deny. Open up hosts.allow and add the fo llo wing lines:
Add the blue text to yo ur ho sts.allo w file
ALL : hottub.private.useractive.com, .trusted.com, ben.goodguys.com
in.telnetd, in.ftpd : george.mostlyokay.com
ALL EXCEPT in.telnetd : bigbird.friendly.com
All o f these ho sts and services will be allo wed to co nnect to o ur server. The final step in a mo stly clo sed po licy is to
deny everyo ne else. Save hosts.allow and o pen up hosts.deny. Remo ve all o ther entries in ho sts.deny except this:
ALL : ALL
It's always a go o d idea to do this part last. We wo uldn't want to deny co nnectio ns fro m everyo ne witho ut giving
o urselves a way back in first. That wo uld get kind o f tricky. Right no w, yo u'll still be able to co nnect to yo ur bubble fro m
the ho ttub, but the o ther bubbles wo n't be able to use any o f the services o n yo ur server.
Whether yo u use a mo stly o pen o r mo stly clo sed access po licy depends a lo t o n the type o f server yo u're running. A
mo stly clo sed po licy tends to be mo re secure, but it is really a pain if there are a lo t o f peo ple that need to be able to
co nnect to the server.
Fo r mo re info rmatio n, yo u sho uld read the man pages o n hosts.allow and hosts.deny.
DNS
/etc/hosts
The previo us lesso n mentio ned the need fo r do main names, but it didn't go into any depth abo ut ho w they wo rk.
Whenever yo u try to do anything by specifying a ho stname, whether it's by telneting so mewhere o r typing a URL in
yo ur bro wser windo w, yo ur co mputer needs to translate that name into an IP address befo re it can attempt to make a
co nnectio n. This will typically take place witho ut yo ur no tice.

bubble12:~$ telnet hottub.private.useractive.com
Trying 10.0.0.1...
telnet: Unable to connect to remote host: Connection refused
Here the t e lne t pro gram tells yo u it's trying to co nnect to an IP address even tho ugh yo u typed in a ho stname. When
a Unix machine needs to translate a ho stname into an IP address, it first co nsults a lo cal file called /etc/hosts. Let's take
a lo o k at this file:
bubble12:~$ cat /etc/hosts
127.0.0.1 localhost
10.0.0.12 bubble126.private.useractive.com
10.0.0.1 hottub.private.useractive.com hottub
Mo st likely the file yo u are viewing has many mo re entries (tho se entries are machines that yo u and o ther students are
using). On the left side is the IP address and o n the right side are the aliases that can be used to refer to that IP
address. It acts like a simplified versio n o f a DNS table. Yo u can add mo re entries in this file. The benefit o f having this
file is that yo ur co mputer wo n't have to make an o utside request fo r an IP address because it already kno ws it.
The drawback to /etc/hosts is that if so meo ne changes their IP address, the entries will no t update
Note themselves and they will always po int to the o ld address until yo u change it.
/etc/resolv.conf
Let's say we're lo o king fo r an IP address that isn't in /etc/hosts. What happens next? Do we have to call up the site
administrato r and ask him fo r the IP address o f his machine? Thankfully no . The next thing lo o ked at is the
/etc/resolv.conf file.
bubble12:~$ cat /etc/resolv.conf

search private.useractive.com useractive.com
nameserver 10.0.0.1
The se arch line specifies do main suffixes to search thro ugh. Fo r example, if yo u type t e lne t www, it will lo o k fo r
www.private.useractive.co m first and then lo o k fo r www.useractive.co m. Witho ut a search o rder it's so rt o f like saying,
"I live in Springfield." There are 24 states in the U.S. with a city o f Springfield. The co mputer wo uldn't kno w what to do
witho ut giving it so me directio n.
The nam e se rve r line specifies which DNS server to use when trying to lo o kup a do main name. There are typically two
o r three nameserver lines to allo w fo r redundancy.
A large number o f do mains in the search o rder can be co nvenient, but it will also reduce the respo nse
Note time fro m the DNS server since it has to search thro ugh all o f them.
Let's say o ur co mputer is trying to lo o kup www.use ract ive .co m . It's no t in /etc/hosts so it lo o ks up the IP address o f
the nameserver (10 .0 .0 .1). The co mputer then asks the DNS server, "Hey, what's the IP address o f
www.useractive.co m?" There are two situatio ns in which the DNS server will immediately kno w the IP address. The first
is when the DNS server happens to be the autho ritative server fo r the useractive.co m do main. Seco nd, it's po ssible
that the DNS server has already received a request fo r www.useractive.co m and it has cached the IP address so it
do esn't have to lo o k it up again. If either o f tho se are the case, the DNS server will respo nd to o ur co mputer, telling it
the IP address o f www.useractive.co m is 20 9 .16 .19 6 .242.
What if the DNS server do esn't kno w the IP address tho ugh? Ho w do es it find o ut? The DNS server will query a root
level nameserver to find o ut the IP address o f the autho ritative nameserver fo r useractive.co m. The ro o t level
nameservers co ntain info rmatio n fo r where to find the to p level do main (.co m, .edu, .net, .o rg, etc) nameservers. Our
DNS server then asks the .co m nameserver fo r the IP address o f the DNS server o n the next level do wn
(useractive.co m). The .co m nameserver respo nds with the IP address o f the useractive.co m nameserver. Then a
request is made to the useractive.co m nameserver fo r the IP address o f www.useractive.co m. Finally, we get a
respo nse o f 20 9 .16 .19 6 .242. It seems fairly co mplex, but it typically happens in a matter o f seco nds at mo st.
in-addr.arpa
We've discussed ho w to find an IP address if yo u kno w the do main name o f a website. We also need a way to find the
do main name if we kno w the IP address. The special in-addr.arpa do main lets us do just that.
The in-addr.arpa do main is used to find the do main name using an IP address. This is so metimes called a re ve rse
lo o kup. The fo rmat o f every do main name is such that the beginning o f the name is very spe cif ic and the end o f the
name is very bro ad:
f auce t .use ract ive .co m

co ld.use ract ive .co m
IP address are just the o ppo site. Recall fro m lesso n 2 that the netwo rk address is listed first, fo llo wed by the ho st
address. The in-addr.arpa do main is used to list IP addresses in the same fo rmat as do main names. It is really just an
IP address in reverse. Fo r example, a webserver IP address o f 20 9 .16 .19 6 .24 2 wo uld have an in-addr.arpa do main
o f 24 2.19 6 .16 .20 9 .in-addr.arpa.
whois
Ho w can we find o ut mo re abo ut a do main name? Who o wns it? What are the names o f it's DNS servers? We'll find
these things o ut by using the who is co mmand. When yo u register a do main with a registrar they need lo ts o f different
co ntact info rmatio n fro m yo u. This info rmatio n is made available publicly in case there are any pro blems with the
do main.
If yo u are lo gged into a bubble right no w, e xit , because we will need access to the rest o f the internet fro m ho ttub to
lo o k up this info rmatio n.
hottub:~$ whois linux.org
...
Domain Name: LINUX.ORG
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: www.networksolutions.com
Name Server: NS.INVLOGIC.COM
Name Server: NS0.AITCOM.NET
Updated Date: 28-jul-2000
...
I've o mitted lo ts o f info rmatio n to save space. The info rmatio n returned includes the name o f registrar, the primary and
seco ndary DNS servers fo r the do main, and farther do wn, the administrative co ntact info rmatio n.
If who is o nly returns a small amo unt o f info rmatio n, yo u can use who is -h who isse rve r to specify the
Note who is server fo r ano ther lo o kup attempt. Replace who isserver with the Who is Server name fro m the first
respo nse yo u received.
Caching
The pro cess o f querying all o f these different nameservers to lo o kup a ho stname seems like a pain, but happens very
quickly, partly because DNS servers cache info rmatio n that they've already lo o ked up. This allo ws fo r a faster
respo nse and it reduces the lo ad o n the higher level nameservers.
The way caching wo rks is when a DNS server receives a request fo r an IP address, it queries all o f the necessary
nameservers. Then it remembers all o f tho se addresses so that later, when asked fo r the same ho stname o r o ne
under the same do main, it either kno ws the answer right away o r o nly needs to make o ne query instead o f several.
The drawback to caching is that the info rmatio n isn't up-to -date. Let's use ho st and ho st -v to lo o k up
www.o reillyscho o l.co m twice in a ro w.
hottub:~$ host www.oreillyschool.com
www.oreillyschool.com has address 63.171.219.89
hottub:~$ host -v www.oreillyschool.com

Trying "www.oreillyschool.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28111
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;www.oreillyschool.com. IN A
;; ANSWER SECTION:
www.oreillyschool.com. 472 IN A 63.171.219.89
;; AUTHORITY SECTION:
oreillyschool.com. 472 IN NS ns1.useractive.com.
oreillyschool.com. 472 IN NS secretmeeting.oreillyschool.com.
;; ADDITIONAL SECTION:
secretmeeting.oreillyschool.com. 472 IN A 50.17.197.6
Received 164 bytes from 127.0.0.1#53 in 19 ms
No tice the flags in the header sectio n o f the seco nd o utput. Yo u will see qr rd ra flags but it is lacking an aa flag. That
aa flag is fo r aut ho rit at ive (no t cached) so we get a no t aut ho rit at ive answer. What this means is that o ur DNS
server didn't ask the o reillyscho o l.co m nameserver the seco nd time because it had the answer cached. It's just letting
us kno w that it's no t 10 0 % sure that's the right address.
It's fo r this reaso n that the cached info rmatio n needs to expire so the DNS server wo n't be full o f inco rrect info rmatio n.
When a nameserver respo nds with an IP address, it includes a time to live. After this time elapses, the cache entry is
discarded.
T ypes of DNS servers

There are two main types o f DNS servers: primary and secondary. A primary DNS server fo r a do main is autho ritative,
meaning it's the o ne in charge. A seco ndary server is a backup. Every so o ften is asks the primary server fo r the
co rrect info rmatio n. It is used in case the primary server crashes o r if there are eno ugh DNS queries that a single
server wo uld be o verlo aded. Often times there are multiple seco ndary servers.
Typically a DNS server will be a primary o r seco ndary server fo r all o f it's do mains. Ho wever, a DNS server can be
autho ritative fo r so me do mains while being seco ndary fo r o thers. This is the situatio n we will use while setting up o ur
o wn DNS server.
See yo u at the next lesso n!

Bind
Bind
The so ftware package that a DNS server typically runs is called BIND (Berkeley Internet Name Do main). This package
includes the nameserver daemo n which is called nam e d as well as a few utilities including ho st . The ho ttub is set up
as the primary server fo r the private.useractive.co m do main. Let's go o ver the co nfiguratio n fo r ho ttub's DNS server to
get a feel fo r it. There's a lo t o f info rmatio n, so we'll just take it o ne step at a time.
/etc/named.conf
The main co nfiguratio n file fo r the nameserver is /etc/named.conf. Yo u pro bably co uld have guessed that by no w, huh?
Take a lo o k at /etc/named.conf o n t he ho t t ub and then we'll go o ver it piece by piece.
Observe this line fro m /etc/named.co nf o n ho ttub:

options {
directory "/var/named";
};
The /etc/named.conf file co ntains different statements o f the fo rm:
st at e m e nt -t ype { inst ruct io ns; } ;
The first statement in o ur co nfiguratio n file is the o pt io ns statement. This sets up glo bal o ptio ns fo r the nameserver.
The o nly o ptio n we've included here is dire ct o ry " /var/nam e d" ;. This specifies the wo rking directo ry o f the server.
Any database, cache, o r zo ne files will be fo und so mewhere under that directo ry. Let's lo o k at the next statement in
/etc/named.conf.
Observe this line fro m /etc/named.co nf:
// root level
zone "." {
type hint;
file "root.cache";
};
This is a zo ne statement. Every zo ne statement refers to a specific do main. Here, the "." is the ro o t level do main. The
zo ne statements also need a t ype . This is a special zo ne because it pro vides nam e d with a "hint" as to where to find
the ro o t level servers. The root.cache file is fo und in /var/named, since that is the directo ry we specified earlier. It
co ntains info rmatio n regarding the ro o t level server IP addresses.
Note Co mments in named.conf begin with //
The next zo ne is the reverse lo o kup entry fo r the lo cal lo o pback netwo rk.
// localhost
zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
};
Here, the netwo rk address is 127.0 .0 .0 . Since we o nly need the do main po rtio n and no t the ho st po rtio n, we do n't use
the last zero when co nverting it into its in-addr.arpa equivalent. The m ast e r type means that o ur DNS server will be a
primary server fo r this zo ne. The zo ne info rmatio n will be sto red in /var/named/pz/127.0.0. pz is a directo ry inside o f
/var/named where we've sto red o ur primary zo ne files. Yo u can call this whatever yo u want. So me peo ple use primary
o r master instead. We'll check o ut the zo ne files sho rtly.
zone "0.0.10.in-addr.arpa" {
type master;
file "pz/10.0.0";
};
This is just like the previo us example except that it's fo r a different IP range. Again, this server will respo nd as if it's the
primary nameserver fo r 0 .0 .10 .in-addr.arpa. The final entry in ho ttub's /etc/named.conf is fo r the actual
private.useractive.co m do main.
//
// Our Primaries
//
zone "private.useractive.com" {
type master;
file "pz/private.useractive.com";
};
The private.useractive.co m entry is a lo t easier to read than tho se in-addr.arpa entries. Here, like befo re, the zo ne
info rmatio n will be sto red in a file called /var/named/pz/private.useractive.com
That's pretty much all we need to kno w abo ut /etc/named.conf. It's just a series o f different statements abo ut zo nes and
so me o ptio ns. Ho wever, there are to ns o f different co nfiguratio n o ptio ns that yo u can read abo ut in the named.co nf
man page.
The o lder versio ns o f BIND do n't use a /etc/named.conf file. Instead they use a /etc/named.boot file that
requires a different co nfiguratio n. Versio ns 8 .2.3 and 9 .x o f BIND have so me security fixes that o lder
Note versio ns do no t. If yo u co me acro ss a machine using an o lder versio n o f BIND yo u sho uld co nsider
upgrading it as so o n as po ssible, especially if it's as o ld as versio n 4.x
Zone Files
Zo ne files co ntain all o f the info rmatio n abo ut a particular do main. Let's take a lo o k at the zo ne file fo r
private.useractive.co m
hottub:~$ head -n 25 /var/named/pz/private.useractive.com
@ IN SOA ns1.private.useractive.com. root.private.useractive.com. (
5 ;serial
21600 ;refresh
3600 ;retry
1209600 ;expire
172800 ;ttl
)
IN NS ns1.private.useractive.com.
IN MX 5 mail.private.useractive.com.
; This machine
ns1 IN A 10.0.0.1
hottub IN A 10.0.0.1
mail IN A 10.0.0.1
; Cnames
whirlpool IN CNAME hottub
bathtub IN CNAME hottub
; The bubbles
bubble2 IN A 10.0.0.2
Let's break this file up fo r discussio n.
Observe the fo llo wing line(s):

5 ;serial
21600 ;refresh 6 hours
3600 ;retry 1 hour
1209600 ;expire 2 weeks
172800 ;ttl 2 days
)
The @ symbo l is sho rthand fo r the do main itself: private.useractive.co m. This is an Internet class reco rd so we include
the IN. Next is the type o f reco rd we're handling, in this case, SOA. SOA stands fo r start of authority. The autho ritative
nameserver fo r a do main is always go ing to have an SOA reco rd in the zo ne file.
ns1.privat e .use ract ive .co m . is the name o f the primary DNS server fo r this do main. No tice that the name ends in a
perio d. This is because nam e d will attempt to append the .private.useractive.co m do main to the end o f any name that
do esn't end in a perio d. It seems silly no w, but it saves a lo t o f hassle fo r the o ther reco rds do wn belo w.
After the primary nameserver entry co mes the email address o f the perso n in charge o f maintaining the zo ne
info rmatio n. ro o t .privat e .use ract ive .co m . (no te the perio d) do esn't lo o k like a typical email address, but that's
because yo u wo uld need to replace the first perio d with @. It then beco mes, ro o t@private.useractive.co m.
Inside o f the parentheses are a bunch o f numbers. The first o f is called the serial number. This acts as a so rt o f versio n
number fo r the zo ne info rmatio n. It is used by seco ndary nameservers to determine if their info rmatio n is up-to -date o r
no t. It's fo r this reaso n that yo u need to increase the serial value whenever yo u change the info rmatio n in yo ur zo ne
files.
The rest o f the numbers indicate a length o f time (in seco nds). The refresh number is ho w o ften the seco ndary
nameservers are suppo sed to co ntact the primary nameserver to check and see if their info rmatio n is co rrect. If fo r
so me reaso n the seco ndary nameserver can't co nnect, it will try again after the retry perio d has passed. It will keep
trying until it can co nnect to the primary server. If the expire time passes and the seco ndary server has been unable to
co nnect to the primary server, the seco ndary server will sto p respo nding to info rmatio n abo ut that zo ne. The
seco ndary server decides that the info rmatio n is to o o ld and pro bably isn't accurate anymo re. Finally, the ttl number is
the time to live number we discussed earlier. It tells machines ho w lo ng they sho uld cache data fro m this server.
All o f these times can be changed depending o n the typical frequency o f do main updates and the tradeo ff o f lo ad o n
the primary nameserver.
Note Co mments in a zo ne file begin with a semi-co lo n.
The rest o f the entries in the zo ne file are all a lo t easier to decipher than the SOA reco rd.

This is an NS o r nameserver reco rd. It specifies the name o f a nameserver fo r this do main. The entry starts with a
blank space because the o rigin do main (private.useractive.co m) is implied fo r NS entries (tho ugh we co uld have
written it o ut if we wanted). This is the primary nameserver fo r this do main, but seco ndary nameservers wo uld be listed
here as well.

IN MX 5 mail.private.useractive.com.
Here we have a mail exchanger (MX) reco rd. This is the mail exchanger reco rd fo r the entire do main. The blank at the
beginning o f this line is no t auto matically assumed to be the o rigin do main as with the NS reco rds. Here, the blank
simply repeats the name fro m the line abo ve it. It just so happens that the line abo ve was fo r the o rigin do main.
m ail.privat e .use ract ive .co m . is the name o f o ur mail exchanger, but what's this 5 all abo ut? MX reco rds also have
a preference value. It's simply a way o f listing several mail exchangers fo r redundancy purpo ses, while keeping track o f
which o ne wo uld be the best to use. Typically, two o r mo re wo uld be listed and the o ne with the lo west preference
wo uld be used first. Any mail sent to so meo ne at this do main (i.e. bo b@private.useractive.co m) will be directed to the
mail exchanger.
Mail sent to ho sts instead o f to the do main itself (i.e. bo b@ho ttub.private.useractive.co m) will be delivered to that ho st,
unless the ho st has its o wn MX entries.
Note Yo u'll learn a lo t mo re abo ut mail exchangers in the Sendmail co urse.

; This machine
ns1 IN A 10.0.0.1
hottub IN A 10.0.0.1
mail IN A 10.0.0.1
These are address reco rds. They're pro bably the easiest to understand and they're really the who le po int o f DNS.
Address reco rds define a name to be mapped to an IP address. Since the names here do n't end in a perio d the
do main is added to the end. The first o ne, fo r example, says that ns1.private.useractive.co m has an address o f
10 .0 .0 .1. No tice tho ugh, that all three o f these entries have the same IP address. This is because ns1 is also kno wn as
ho ttub and mail. A single machine can have multiple names. It's also po ssible fo r a ho stname to have multiple IP
addresses (in the case o f ro uters o r lo ad balancing applicatio ns).
The ho st listed as the mail exchanger must have an address entry. In this case it's
Note mail.private.useractive.co m.

; Cnames
whirlpool IN CNAME hottub
bathtub IN CNAME hottub
CNAME stands fo r canonical name. These are aliases fo r o ther ho stnames. CNAME reco rds are o ften used when the
ho stname o f a machine is changed. Typically yo u still want the o ld name to wo rk until everyo ne kno ws it has changed.
During a nameserver lo o kup, the alias will be replaced by the real ho stname. Let's check this o ut.
hottub:~$ host whirlpool
whirlpool.private.useractive.com is a nickname for hottub.private.useractive.com
hottub.private.useractive.com has address 10.0.0.1
Finally, we have a lo t mo re address reco rds.

; The bubbles
These are the ho stnames and IP addresses fo r all o f the bubbles. We co uld have given them any names, but we
named them in numerical o rder to help keep things neat.
There's a lo t o f info rmatio n to digest in this lesso n. Yo u might want to go back and read thro ugh it a few times. Next,
we're go ing to discuss the reverse lo o kup zo ne files fo r the in-addr.arpa addresses.
More on BIND
in-addr.apra Zone Files

So far, we've co vered the fo rmat o f a zo ne file fo r a primary do main, but what abo ut the reverse lo o kup o f IP
addresses? We'll need to take a lo o k at the zo ne file fo r 0 .0 .10 .in-addr.arpa. I do n't remember the lo catio n o f the zo ne
file tho ugh, so let's take a lo o k back in /etc/named.conf. We co uld o pen up the file and search fo r it, but I bet we co uld
make a quick and educated guess with just a little mo re info rmatio n.
hottub:~$ cat /etc/named.conf |grep file
file "root.cache";
file "pz/127.0.0";
file "pz/10.0.0";
file "pz/private.useractive.com";
This is a list o f all o f the zo ne files fro m /etc/named.conf. If yo u remember fro m the previo us lesso n that all o f these
files are under /var/named, it's no t much o f a stretch to assume that /var/named/pz/10.0.0 is the file we want to lo o k at
no w.
hottub:~$ head -n 15 /var/named/pz/10.0.0

5 ; Serial
21600 ; Refresh
3600 ; Retry
1209600 ; Expire
172800) ; Minimum TTL
; this machine
1 IN PTR ns1.private.useractive.com.
; the bubbles
2 IN PTR bubble2.private.useractive.com.
The first thing we see is an SOA reco rd. The primary nameserver is ns1.private.useractive.co m. (If yo u have any
pro blems, yo u sho uld email ro o t@private.useractive.co m substituting an @ fo r the first perio d.) The NS reco rd is still
the same.
The o nly new things are all o f these PTR o r pointer entries. These are the o ppo site o f the address reco rds we saw in
the private.useractive.com zo ne file. On the left side is the "ho stname" which is actually the ho st part o f the IP address.
On the far right is the ho stname to which it po ints. We have to include the full do main name with a trailing perio d
because this is the zo ne file fo r 0 .0 .10 .in-addr.arpa. If we didn't include o ur do main name, the o rigin wo uld be
appended to it. Fo r example, if we just said bubble2, it wo uld end up as bubble2.0 .0 .10 .in-addr.arpa, which is co mplete
no nsense.
Be aware that 10 .0 .0 .1 o nly po ints to ns1.private.useractive.co m. Fo r the do main, ns1, ho ttub, and mail all had an
address o f 10 .0 .0 .1 in the zo ne file. This is because ns1 is the "real" name o f the machine as far as the rest o f the
internet is co ncerned, and a reverse lo o kup is o nly go ing to return o ne ho stname.
T he localhost zone file

DNS servers are o nly go ing to have reverse lo o kup zo ne files fo r IP ranges o f which they are in charge. There is
usually a zo ne file fo r the 127.0 .0 .0 range o f lo cal IP addresses as well. Since no bo dy can o wn that range, DNS
servers will always keep track o f the lo cal lo o pback IP range.
hottub:~$ cat /var/named/pz/127.0.0

@ IN SOA ns.linux.bogus. hostmaster.linux.bogus. (
1 ; Serial
28800 ; Refresh
7200 ; Retry
604800 ; Expire
86400) ; Minimum TTL
IN NS ns.linux.bogus.
1 IN PTR localhost.
The lo calho st range is fo r internal use o nly, so the info rmatio n co ntained in the zo ne file is typically useless fo r all
practical purpo ses. Fo r example, if yo u have a pro blem yo u're suppo sed to co ntact ho stmaster@linux.bo gus. That's
o bvio usly no t go ing to wo rk.
Downloading BIND
In the first co urse o f this series we had yo u do wnlo ad and install ssh by do wnlo ading a tar.gz file and co mpiling the
so ftware yo urself. With BIND we're go ing to take advantage o f the fact that we're using Red Hat Linux and we have the
rpm package manager available to us. Befo re we lo gin to a bubble, let's use rpm to find o ut which specific package
we're lo o king fo r. We kno w that the DNS server daemo n is called nam e d. Let's find o ut the full path fo r named.
hottub:~$ which named
/usr/sbin/named
rpm has a query feature that let's yo u figure o ut what package a file belo ngs to . We'll use the q flag fo r query and the f
flag to specify a filename. (Read the man page o n rpm fo r mo re query o ptio ns.)
hottub:~$ rpm -qf /usr/sbin/named
bind-9.2.4-22.e13
Alright, no w we kno w what to find. The package has already been do wnlo aded to the ho ttub's ftp server, so let's go
ahead and lo gin to a bubble by using the bubble co mmand.
hottub:~$ bubble
Rebooting the bubble (10.0.0.152), this make take a couple minutes.
username@10.0.0.12's password:
Last login: Tue Apr 17 10:55:06 2001
No mail.
bubble12:~$
No w we need to co nnect to ho ttub's ftp server and do wnlo ad the bind package.
bubble12:~$ ncftp hottub
NcFTP 3.0.2 (October 19, 2000) by Mike Gleason (ncftp@ncftp.com).
Connecting to 10.0.0.1...
hottub.useractive.com NcFTPd Server (free personal license) ready.
Logging in...
You are user #1 of 3 simultaneous users allowed.
Logged in anonymously.
Logged in to hottub.
ncftp / > cd pub
ncftp /pub > ls
apache passwdreset
apache_1.3.19.tar.gz php-4.0.6.tar.gz
bashrc pop3
bind-8.2.3-1.i386.rpm qpopper4.0.4.tar.gz
bind-utils-8.2.3-1.i386.rpm rc.sysinit
emacs slocate-2.5-5.i386.rpm
flex-2.5.4a-13.i386.rpm ssh-1.2.27-bin.tar.gz
inittab ssh-1.2.27.tar.gz
make-3.79.1-5.i386.rpm tftp
mysql-3.23.42.tar.gz ua_support
ncftp-3.0.2-1.i386.rpm uatest.php
openssl-0.9.6.tar.gz
Here we can see BIND and bind-utils. Red Hat has divided it into two parts. BIND co ntains the nam e d daemo n and
BIND-utils co ntains utilities such as nslo o kup. BIND-utils sho uld already be installed o n the bubble, so we'll just
do wnlo ad bind-8.2.3-1.i386.rpm
ncftp /pub > get bind-8.2.3-1.i386.rpm
bind-8.2.3-1.i386.rpm: ETA: 0:00 1.87/ 1.87 MB 2.71 MB
ncftp /pub > exit
bubble12:~$ ls
bind-8.2.3-1.i386.rpm ssh-1.2.27 ssh-1.2.27.tar.gz
Let's install BIND with rpm . First we'll need to su.
bubble12:~$ su suusername
bubble12:~# rpm -i bind-8.2.3-1.i386.rpm
bubble12:~# ls -la /usr/sbin/named
-rwxr-xr-x 1 root root 711932 Jan 27 2001 /usr/sbin/named
The rpm will install a startup file in /etc/rc.d/init.d, but o ther than that, we're go ing to have to do the rest by hand. In the
next lesso n we'll go thro ugh the steps o f setting up o ur bubble as a seco ndary DNS server fo r the
private.useractive.co m do main.
Setting Up the Secondary DNS
named.conf
Fo r this lesso n, all o f o ur wo rk will take place o n the bubbles as the super user. If yo u aren't already lo gged into o ne,
do so no w.
Alright, so we have nam e d installed, but we still have to co nfigure it. Let's start by creating an /etc/named.conf file. It's
go ing to be very similar to the o ne o n the ho ttub, so we may as well start by co pying that o ne.
bubble12:~# scp username@hottub:/etc/named.conf /etc
username@hottub's password:
named.conf | 0 KB | 0.5 kB/s | ETA: 00:00:00 | 100%
Open up /etc/named.conf in yo ur favo rite edito r and let's make so me changes.
In the first sectio n o f the file the o nly thing we've changed is the co mment at the to p indicating the lo catio n o f the file o n
bubble.private.useractive.co m. The o pt io ns sectio n is still the same and we'll be the master o f o ur o wn lo calho st IP
zo ne. It's in the next sectio n that we'll have to make so me changes.
Bo th o f these zo ne statements sho uld lo o k very familiar, but we've made a few changes. First, and pro bably the mo st
impo rtant, we've changed the zo ne type to slave instead o f master. This indicates that we want to be a seco ndary
nameserver fo r tho se do mains. Next, we've made a slight change to the lo catio n o f the zo ne files. Instead o f pz, we
sho uld sto re these in so mething alo ng the lines o f sz, which stands fo r secondary zones. Our server will ask the
primary DNS server fo r the zo ne info rmatio n, so we do n't need to create these files, they will be created fo r us.
Finally, using the m ast e rs o ptio n we list the nameserver that we want to o btain o ur zo ne data fro m. In this case, we
want to co ntact the ho ttub that has an IP address o f 10 .0 .0 .1. The inclusio n o f brackets and semi-co lo ns is necessary
fo r nam e d to read the co nfiguratio n file co rrectly.
Preparations for Starting named

No w, let's set up a few things we've specified in named.conf. Fo r instance, let's check to make sure the /var/named
directo ry exists.
bubble12:~# cd /var
bubble12:/var# ls
agentx db lib lock mail nis preserve spool ucd-snmp
cache ftp local log named opt run tmp
bubble12:/var# cd named
bubble12:/var/named# ls
bubble12:/var/named#
Excellent. /var/named exists, but we still need to make the pz and sz directo ries inside o f it.
bubble12:/var/named# mkdir pz ; mkdir sz
We also need to get a co py o f the root.cache file so o ur DNS server kno ws where to lo o k fo r the ro o t level
nameservers. We can co py this o ver fro m ho ttub as well.
bubble12:/var/named# scp username@hottub:/var/named/root.cache .

usernamed@hottub's password:
root.cache | 1 KB | 1.4 kB/s | ETA: 00:00:00 | 100%
Note An updated versio n can be fo und at ftp.rs.internic.net.
There is o ne mo re file we can co py fro m the ho ttub because it's exactly the same as what we'll be using. That's the
127.0 .0 zo ne file.
bubble12:/var/named# scp username@hottub:/var/named/pz/127.0.0 pz
usernamed@hottub's password:
pz | 0 KB | 0.4 kB/s | ETA: 00:00:00 | 100%
Well, we've go t a few files that we need and named.conf is setup, what next? No w we get to start o ur nameserver and
make sure everything wo rked.
Running and T esting named

Here we go ...
bubble12:/var/named# /usr/sbin/named &
bubble12:/var/named# tail /var/log/messages
Apr 24 12:02:05 bubble named[4583]: master zone "0.0.127.in-addr.arpa" (IN) loaded (ser
ial 1)
Apr 24 12:02:05 bubble named[4583]: listening on [127.0.0.1].53 (lo)
Apr 24 12:02:05 bubble named[4583]: listening on [10.0.0.152].53 (eth0)
Apr 24 12:02:05 bubble named[4583]: Forwarding source address is [0.0.0.0].1026
Apr 24 12:02:05 bubble named[4584]: Ready to answer queries.
Apr 24 12:02:05 bubble named-xfer[4585]: send AXFR query 0 to 10.0.0.1
Apr 24 12:02:05 bubble named-xfer[4586]: send AXFR query 0 to 10.0.0.1
Apr 24 12:02:05 bubble named[4584]: slave zone "0.0.10.in-addr.arpa" (IN) loaded (seria
l 5)
Apr 24 12:02:05 bubble named[4584]: slave zone "private.useractive.com" (IN) loaded (se
rial 5)
There are even mo re lo g entries than these, but it lo o ks like everything went o kay. Mo st impo rtantly, we can see that
the server is "ready to answer queries" and that the two slave zo nes were lo aded successfully.
bubble12:/var/named# ls sz
10.0.0 private.useractive.com
We can see here that the seco ndary server was able to query the primary server and thus make co pies o f the zo ne
files. Ho wever, they aren't exact co pies. If yo u take a lo o k at them yo u'll see that they lo o k quite a bit different. That's
o kay tho ugh, because these will always be updated fro m the master server and we never need to to uch them.
No rmally, we wo uld change o ur /etc/resolv.conf to po int to o ur bubble's seco ndary DNS server since it's lo cal, but we
can't do that because the next time yo u lo gin to a bubble, yo u'll pro bably have a different IP address. In o rder to test o ut
o ur new nameserver we'll specify the nameserver as an o ptio n fo r nslo o kup.
bubble12:/var/named# nslookup hottub.private.useractive.com localhost
Server: localhost
Address: 127.0.0.1
Name: hottub.private.useractive.com
Address: 10.0.0.1
Here, the o nly thing we did differently is tell nslo o kup that we wanted to use the nameserver o n the lo cal machine. We
co uld also replace lo calho st with the name o r IP address o f any DNS server.
Since o ur seco ndary nameserver wo rks, no w wo uld be the time to add ano ther NS reco rd to the appro priate zo ne files
o n the ho ttub. Also , if yo u want yo ur nameserver to start up every time yo u co nnect to yo ur bubble, yo u sho uld add
/e t c/rc.d/init .d/nam e d st art to yo ur /etc/rc.local file.
Remember, if yo u make any co nfiguratio n changes, update a zo ne file o r add a new DNS, yo u'll need to restart the
daemo n.
Co ngratulatio ns! Yo u've co nfigured and setup yo ur very o wn seco ndary DNS server. That's no small feat and yo u
sho uld be very pro ud.
Do n't fo rget to lo g o ut o f the bubble.

Introduction To C Programming v2

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Introduction To C Programming v2

Hochgeladen von

Copyright:

Verfügbare Formate

Linux/Unix 2: Networking and DNS

Lesson 1: Int roduct ion t o Net working

Copyright © 1998-2014 O'Reilly Media, Inc.

Handing in a Quiz or Objective

Copyright © 1998-2014 O'Reilly Media, Inc.

4 5 23 4 *10 3 + 5 *10 2 + 2*10 1 + 3*10 0 = 40 0 0 + 50 0 + 20 + 3 = 4 5 23

111 1*10 2 + 1*10 1 + 1*10 0 = 10 0 + 10 + 1 = 111

111 1*2 2 + 1*2 1 + 1*2 0 = 4 + 2 + 1 = 7

Bit 1/0 1/0 1/0 1/0 1/0 1/0 1/0 1/0

Original IP Addre ss Classe s

Class D and class E addresses were also defined.

Network, Broadcast, and Subnets

11111111 11111111 11111111 0 0 0 0 0 0 0 0 subnet mask (25 5 .25 5 .25 5 .0 )

11111111 11111111 11111111 10 0 0 0 0 0 0 (25 5 .25 5 .25 5 .128)

110 0 0 0 0 0 10 10 10 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1st netwo rk address (19 2.16 8.1.0 )

110 0 0 0 0 0 10 10 10 0 0 0 0 0 0 0 0 0 1 10 0 0 0 0 0 0 2nd netwo rk address (19 2.16 8.1.128)

subnet mask: 25 5 .25 5 .25 5 .128

netwo rk address: 19 2.16 8.1.0

Subnet Mask Example

subnet mask: 25 5 .25 5 .25 5 .224

Prefix Length Notation

11111111 11111111 11111111 0 0 0 0 0 0 0 0 (25 5 .25 5 .25 5 .0 )

What if the subnet mask were 25 5 .25 5 .25 5 .224 instead?

11111111 11111111 11111111 1110 0 0 0 0 (25 5 .25 5 .25 5 .224 )

Copyright © 1998-2014 O'Reilly Media, Inc.

Take a lo o k at ano ther device.

Hostnames and Domain names

hottub:~$ host hottub.useractive.com

Let's lo o k at ano ther example.

So mething is no t quite right here...let's try to ping the ho st.

Note Yo u may no t see the "Packet filtered" messages.

Copyright © 1998-2014 O'Reilly Media, Inc.

About this lesson

Connecting to your Console

Take a lo o k at the current state o f the bubble's netwo rk.

lo Link encap:Local Loopback

No w lo o k at the ro uting table:

Ro uting Table fo r ho ttub

bubble12 (console):~$ping cold.useractive.com

To break o ut o f the ping co mmand, type Ct rl - C

bubble12 (console):~$su suusername

Perfect. No w try pinging co ld.useractive.co m again:

--- cold.useractive.com ping statistics ---

bubble12 (console):~#/sbin/route del default

Bringing the Network Up and Down

bubble12 (console):~# /sbin/route

Just as suspected, the bubble netwo rk is do wn.

Lo o ks like it's up! Let's do uble check just to be sure.

Co ngratulatio ns! Yo u just set up yo ur ethernet card by hand.

Disconnecting from the console

Copyright © 1998-2014 O'Reilly Media, Inc.

Lo gin to the bubble as a superuser.

bubble12 (console):/etc/sysconfig$ su suusername

Add this line to /etc/sysco nfig/netwo rk:

Here's what it sho uld lo o k like when yo u're do ne:

bubble12 (console):/etc/sysconfig/network-scripts#ping 10.0.253.2

Edit ifcfg-eth0 so that it lo o ks like this:

Lo o ks go o d! The real test will be when we actually restart the machine.

Rebooting the System

Observe the fo llo wing:

The system is going down for reboot NOW !!

Observe the fo llo wing:

Stopping cron daemon: [ OK ]

4 5 23 4 10 3 + 5 10 2 + 210 1 + 310 0 = 40 0 0 + 50 0 + 20 + 3 = 4 5 23

111 110 2 + 110 1 + 1*10 0 = 10 0 + 10 + 1 = 111

111 12 2 + 12 1 + 1*2 0 = 4 + 2 + 1 = 7