Resolv - Conf Hosts: Linux TCP/IP Network Configuration Files: File Description
Resolv - Conf Hosts: Linux TCP/IP Network Configuration Files: File Description
File                                                         Description
        /etc/resolve.conf                                              List DNS servers for internet domain name resolution.
                                                                       Manual page for: /etc/resolv.conf
        /etc/hosts                                                     Lists hosts to be resolved locally (not by DNS).
                                                                       Manual page for: /etc/hosts
        /etc/nsswitch.conf                                             List order of host name search. Typically look at local files,
                                                                       then NIS server, thenDNS server.
                                                                       Manual page for: /etc/nsswitch.conf
        Red Hat/Fedora/CentOS: /etc/sysconfig/network                  Specify network configuration. eg. Static IP, DHCP, NIS, etc.
        Red Hat/Fedora/CentOS: /etc/sysconfig/network-
                                                                       Specify TCP network information.
        scripts/ifcfg-device
        Ubuntu/Debian: /etc/network/interfaces                         Specify network configuration and devices. eg. Static IP and info,
                                                                       DHCP, etc.
        search name-of-domain.com - Name of your domain or ISP's domain if using their name server
        nameserver XXX.XXX.XXX.XXX - IP address of primary name server
        nameserver XXX.XXX.XXX.XXX - IP address of secondary name server
       This configures Linux so that it knows which DNS server will be resolving domain names into IP addresses. If using
        DHCP client, this will automatically be sent to you by the ISP and loaded into this file as part of the DHCP protocol. If
        using a static IP address, ask the ISP or check another machine on your network. 
        Red Hat/Fedora GUI: /usr/sbin/system-config-network (select tab "DNS").
       File: /etc/hosts - locally resolve node names to IP addresses
       Note when adding hosts to this file, place the fully qualified name first. (It helps sendmail identify your server
        correctly) i.e.:
         XXX.XXX.XXX.XXX superserver.yolinux.com superserver
       This informs Linux of local systems on the network which are not handled by the DNS server. (or for all systems in
        your LAN if you are not using DNSor NIS)
       The file format for the hosts file is specified by RFC 952.
       Red Hat/Fedora configuration GUI: /usr/sbin/system-config-network (select tab "Hosts").
       File: /etc/nsswitch.conf - System Databases and Name Service Switch configuration file
       This example tells Linux to first resolve a host name by looking at the local hosts file(/etc/hosts), then if the name is not
        found look to your DNS server as defined by /etc/resolv.conf and if not found there look to your NIS server.
       In the past this file has had the following names: /etc/nsswitch.conf, /etc/svc.conf, /etc/netsvc.conf, ... depending on the
        distribution.
Fedora / Red Hat Network Configuration Files:
 /etc/sysconfig/network
Red Hat network configuration file used by the system during the boot process.
        File: /etc/sysconfig/network-scripts/ifcfg-eth0 
         Configuration settings for your first ethernet port (0). Your second port is eth1.
        File:
               o /etc/modprobe.conf (kernel 2.6)
               o /etc/modules.conf (kernel 2.4)
               o (or for older systems: /etc/conf.modules)
         Modules for other devices on the system will also be listed. This tells the kernel which device driver to use if
         configured as a loadable module. (default for Red Hat)
The following GUI tools edit the system configuration files. There is no difference in the configuration developed with the GUI
tools and that developed by editing
system configuration files directly.
        Network configuration: 
         /usr/sbin/system-config-
         network (FC-2/3) GUI
         shown here ---> 
         /usr/bin/redhat-config-
         network (/usr/bin/neat)
         (RH 7.2+ FC-1)
        Text console configuration
         tool: 
         /usr/sbin/system-config-
         network-tui (Text User
         Interface (TUI) for Fedora
         Core 2/3) 
         /usr/bin/redhat-config-
         network-tui (RH 9.0 - FC-
         1)
        Text console network
         configuration tool. 
         First interface only -
         eth0: /usr/sbin/netconfig
        /usr/bin/netcfg (GUI) (last
         available with RH 7.1)
Gnome Desktop:
         Gnome Desktop Network
          Configuration 
          /usr/bin/gnome-network-
          preferences (RH 9.0 - FC-
          3) 
          Proxy configuration.
          Choose one of three
          options:
               1. Direct internet
                    connection
               2. Manual proxy
                    configuration
                    (specify proxy
                    and port)
               3. Automatic proxy
                    configuration
                    (give URL)
Assigning an IP address:
Computers may be assiged a static IP address or assigned one dynamically. Typically a server will require a static IP while a
workstation will use DHCP (dynamic IP assignment). The Linux server requires a static IP so that those who wish to use its
resources can find the system. It is more easily found if the IP address does not change and is static. This is not important for the
Linux client workstation and thus it is easier to use an automated Dynamic Host Configuration Protocol (DHCP) for IP address
assignment.
 Command Line:
          Note: the highest and lowest addresses are based on the netmask. The previous example is based on a netmask of
          255.255.255.0
The ifconfig command does NOT store this information permanently. Upon reboot this information is lost. Manually add the
network configuration to/etc/sysconfig/network-scripts/ifcfg-eth0 (Red Hat/Fedora/CentOS) for the first NIC, ifcfg-eth1 for the
second, etc, or /etc/network/interfaces(Ubuntu) as shown below. Any other commands you may want to add to the system boot
sequence can be added to the end of the file/etc/rc.d/rc.local. The commands netcfg and netconfig make permanent changes to
system network configuration files located in/etc/sysconfig/network-scripts/, so that this information is retained and used upon
system boot.
The IANA has allocated IP addresses in the range of 192.168.0.0 to 192.168.255.255 for private networks.
Helpful tools:
          Network Calculators: Subnet mask calculator, node calculator, mask inverter, ...
          IP subnet calculator
where:
Options:
                      Option                                                            Description
           up                             Activate the interface. Implied if IP addresses are specified.
           down                           Shut down interface
                                          Enable ARP protocol on this interface. Allow ARP to detect the addresses of computer hosts
           arp
                                          attached to the network.
           -arp                           Disable ARP protocol on this interface
                                          Enable promiscuous mode. Receive all packets on the network not just those destined for this
           promisc
                                          interface.
           -promisc                       Disable promiscuous mode.
                                          Specify the Maximum Transfer Unit (MTU) of the interface. The MTU is the maximum number of
           mtu ##
                                          octets the interface is able to handle in a single transaction. Defaults: Ethernet: 1500 SLIP: 296
           broadcast
                                          Set the network broadcast address for this interface.
           XXX.XXX.XXX.XXX
           netmask
                                          Set the IP network mask for this interface.
           XXX.XXX.XXX.XXX
           Man page: ifconfig
File: /etc/network/interfaces
           Static IP example:
           auto lo
           iface lo inet loopback
           auto eth0
           iface eth0 inet static
                address 208.88.34.106
                netmask 255.255.255.248
               broadcast 208.88.34.111
               network 208.88.34.104
               gateway 208.88.34.110
          auto lo
          iface lo inet loopback
          auto eth0
          iface eth0 inet dhcp
          auto eth1
          iface eth1 inet dhcp
          auto eth2
          iface eth2 inet dhcp
          auto ath0
          iface ath0 inet dhcp
          auto wlan0
          iface wlan0 inet dhcp
Interfaces:
                   lo: Loopback interface (network within your system without slowing down for the real ethernet based
                    network)
                   eth0: First ethernet interface card
                   wlan0: First wireless network interface
The Red Hat configuration tools store the configuration information in the file /etc/sysconfig/network. 
They will also allow one to configure routing information.
 File: /etc/sysconfig/network
          NETWORKING=yes
          HOSTNAME=my-hostname      - Hostname is defined here and by command hostname
          FORWARD_IPV4=true      - True for NAT firewall gateways and linux routers.
                     False for everyone else - desktops and servers.
          GATEWAY="XXX.XXX.XXX.YYY" - Used if your network is connected to another network or the internet.
                     Static IP configuration. Gateway not defined here for DHCP client.
    OR for DHCP client configuration:
    NETWORKING=yes
    HOSTNAME=my-hostname               - Hostname is defined here and by command hostname
    NETWORKING=yes
    HOSTNAME=my-hostname             - Hostname is defined here and by command hostname
    NISDOMAIN=NISProject1          - NIS domain to attach
    DEVICE=eth0
    BOOTPROTO=static
    BROADCAST=XXX.XXX.XXX.255
    IPADDR=XXX.XXX.XXX.XXX
    NETMASK=255.255.255.0
    NETWORK=XXX.XXX.XXX.0
    ONBOOT=yes            - Will activate upon system boot
RHEL4/FC3 additions:
         o    TYPE=Ethernet
         o    HWADDR=XX:XX:XX:XX:XX:XX
         o    GATEWAY=XXX.XXX.XXX.XXX
    DEVICE=eth0
    ONBOOT=yes
    BOOTPROTO=dhcp
RHEL4/FC3 additions:
         o    IPV6INIT=no
         o    USERCTL=no
         o    PEERDNS=yes
         o    TYPE=Ethernet
         o    HWADDR=XX:XX:XX:XX:XX:XX
(Used by script /etc/sysconfig/network-scripts/ifup to bring the various network interfaces on-line) 
To disable DHCP change BOOTPROTO=dhcp to BOOTPROTO=none
In order for updated information in any of these files to take effect, one must issue the command: service network
restart (or: /etc/init.d/network restart)
Network IP aliasing:
Config file: /etc/sysconfig/network-scripts/ifcfg-eth0:0
            DEVICE=eth0:0
            ONBOOT=yes
            BOOTPROTO=static
            BROADCAST=192.168.10.255
            IPADDR=192.168.10.12
            NETMASK=255.255.255.0
            NETWORK=192.168.10.0
            ONBOOT=yes
Aliases can also be shut down independently. i.e.: ifdown eth0:0
The option during kernel compile is: CONFIG_IP_ALIAS=y (Enabled by default in Redhat)
Note: The Apache web server can be configured so that different IP addresses can be assigned to specific domains being hosted.
See Apache configuration and "configuring an IP based virtual host" in the YoLinux Web site configuration tutorial.
DHCP Linux Client: get connection info: /sbin/pump -i eth0 --status 
(Red Hat Linux 7.1 and older)
          Device eth0
            IP: 4.XXX.XXX.XXX
            Netmask: 255.255.252.0
            Broadcast: 4.XXX.XXX.255
            Network: 4.XXX.XXX.0
            Boot server 131.XXX.XXX.4
            Next server 0.0.0.0
            Gateway: 4.XXX.XXX.1
            Domain: vz.dsl.genuity.net
            Nameservers: 4.XXX.XXX.1 4.XXX.XXX.2 4.XXX.XXX.3
            Renewal time: Sat Aug 11 08:28:55 2001
            Expiration time: Sat Aug 11 11:28:55 2001
One may also want to check the file /etc/hosts for an entry using the system name which allows the system to be self aware.
Note that hostnames may only contain alphanumeric characters, minus signs ("-"), and periods ("."). They must begin with an
alphabetic character and end with an alphanumeric character.
         Activate: /sbin/ifup
          eth0 
          (Also: ifconfig eth0 up -
          Note: Even if no IP
          address is assigned you
          can listen.)
         De-Activate: /sbin/ifdo
          wn eth0 
          (Also: ifconfig eth0
          down)
          Start/Stop network
           interfaces 
           /usr/bin/system-control-
           network (Fedora Core
           2/3) 
           /usr/bin/redhat-control-
           network (RH 9.0 - FC-
           1)
          Configure Ethernet,
           ISDN, modem, token
           Ring, Wireless or DSL
           network connection: 
           /usr/sbin/system-config-
           network-druid (FC2/3) 
           /usr/sbin/redhat-config-
           network-druid (RH 9 -
           FC-1)
Subnets:
 M       # OF                                                                                 CLASS
                                      CLASS                           CLASS
 A       SUB Slash       CLASS A            CLASS B        CLASS B              CLASS C       C SUB     CLASS C SUB
                                        A                               C
 S       NETS Fmt         HOSTS              HOSTS          MASK                 MASK         HOSTS       MASK
                                      MASK                            HOSTS
 K
    1
                                                                                              Invalid
255 or         /32     16,777,214     255.0.0.0 65,534    255.255.0.0 254     255.255.255.0             255.255.255.255
                                                                                              1 address
    256
                                                                                            Invalid
254 128        /31     33,554,430     254.0.0.0 131,070   255.254.0.0 510     255.255.254.0 2         255.255.255.254
                                                                                            addresses
                                                                                            2 hosts
252 64         /30     67,108,862     252.0.0.0 262,142   255.252.0.0 1,022   255.255.252.0 4         255.255.255.252
                                                                                            addresses
                                                                                            6 hosts
248 32         /29     134,217,726    248.0.0.0 524,286   255.248.0.0 2,046   255.255.248.0 8         255.255.255.248
                                                                                            addresses
                                                                                            14 hosts
240 16         /28     268,435,454    240.0.0.0 1,048,574 255.240.0.0 4,094   255.255.240.0 16        255.255.255.240
                                                                                            addresses
                                                                                            30 hosts
224 8          /27     536,870,910    224.0.0.0 2,097,150 255.224.0.0 8,190   255.255.224.0 32        255.255.255.224
                                                                                            addresses
                                                                                            62 hosts
192 4          /26     1,073,741,822 192.0.0.0 4,194,302 255.192.0.0 16,382   255.255.192.0 64        255.255.255.192
                                                                                            addresses
                                                                                            126 hosts
128 2          /25     2,147,483,646 128.0.0.0 8,388,606 255.128.0.0 32,766   255.255.128.0 128       255.255.255.128
                                                                                            addresses
Binary position 8   7 6 5 4 3 2 1
Value           128 64 32 16 8 4 2 1
Example: 192       1    1   0 0   0 0 0 0
Example 192=128+64
Some addresses are reserved and outside this scope. Loopback (127.0.0.1), reserved class C 192.168.XXX.XXX, reserved class
B 172.31.XXX.XXX and reserved class A 10.XXX.XXX.XXX.
Subnet Example:
Your ISP assigns you a subnet mask of 255.255.255.248 for your office.
Of the eight addresses, there are six assigned to hardware systems and ultimately only five usable addresses.
Links:
Network Classes:
The concept of network classes is a little obsolete as subnets are now used to define smaller networks using CIDR (Classless
Inter-Domain Routing) as detailed above. These subnets may be part of a class A, B, C, etc network. For historical reference the
network classes are defined as follows:
The bridge configuration will merge two (or several) networks into one single network topology. IpTables firewall rules can be
used to filter traffic.
A router configuration can support multicast and basic IP routing using the "route" command. IP masquerading (NAT) can be
used to connect private local area networks (LAN) to the internet or load balance servers.
Another method is to alter the Linux kernel config file: /etc/sysctl.conf Set the following value:
net.ipv4.ip_forward = 1
FORWARD_IPV4=true
All methods will result in a proc file value of "1". Test: cat /proc/sys/net/ipv4/ip_forward
         Configure Linux as an internet gateway router: Using Linux and iptables/ipchains to set up an internet gateway for
          home or office (iptables)
         Load balancing servers using LVS (Linux Virtual Server) (ipvsadm)
Manual method: This does not alter the permanent configuration and will only configure support until the next reboot.
         cd /lib/modules/2.2.5-15/net/ - Use kernel version for your system. This example uses 2.2.5-15 
          (Fedora Core 3: /lib/modules/2.6.12-1.1381_FC3/kernel/net/) 
          Here you will find the modules supported by your system. 
          It can be permanently added to:
                o /etc/modprobe.conf (kernel 2.6)
                o /etc/modules.conf (kernel 2.4)
                o (or for older systems: /etc/conf.modules)
          Example:
            alias eth0 3c59x
The easy way: Red Hat versions 6.2 and later, ship with Kudzu, a device detection program which runs during system
initialization. (/etc/rc.d/init.d/kudzu) This can detect a newly installed NIC and load the appropriate driver. Then
use /usr/sbin/netconfig to configure the IP address and network settings. The configuration will be stored so that it will be utilized
upon system boot.
Systems with two NIC cards: Typically two cards are used when connecting to two networks. In this case the device must be
defined using one of three methods:
OR
          DEVICE=eth1
          BOOTPROTO=static
          IPADDR=192.168.10.12
          NETMASK=255.255.255.0
          GATEWAY=XXX.XXX.XXX.XXX
          HOSTNAME=node-name.name-of-domain.com
          DOMAIN=name-of-domain.com
Example:
OR
          Define IP address:
            ifconfig eth0 XXX.XXX.XXX.XXX netmask 255.255.255.0 broadcast XXX.XXX.XXX.255
            ifconfig eth1 192.168.10.12 netmask 255.255.255.0 broadcast 192.168.10.255
Where XXX.XXX.XXX.XXX is the gateway to the internet as defined by your ISP or network operator.
If a mistake is made just repeat the route command substituting "del" in place of "add".
This is usually not necessary because most ethernet adapters can auto-negotiate link speed and duplex setting.
Verbose mode: mii-tool -v
           Option Parameters
          -F     100baseTx-FD
                 100baseTx-HD
                 10baseT-FD
                 10baseT-HD
          -A     100baseT4
                 100baseTx-FD
                 100baseTx-HD
                 10baseT-FD
                 10baseT-HD
            Command                                 Description
          ethtool -g eth0 Queries ethernet device for rx/tx ring parameter information.
          ethtool -a eth0 Queries ethernet device for pause parameter information.
          ethtool -c eth0 Queries ethernet device for coalescing information.
          ethtool -i eth0   Queries ethernet device for associated driver information.
          ethtool -d eth0 Prints a register dump for the specified ethernet device.
          ethtool -k eth0 Queries ethernet device for offload information.
          ethtool -S eth0 Queries ethernet device for NIC and driver statistics.
Man Pages:
Route:
Static routes: IP (Internet Protocol) uses a routing table to determine where packets should be sent. First the packet is examined to
see if its' destination is for the local or remote network. If it is to be sent to a remote network, the routing table is consulted to
determine the path. If there is no information in the routing table then the packet is sent to the default gateway. Static routes are
set with the route command and with the configuration file 
(Red Hat/Fedora): /etc/sysconfig/network-scripts/route-eth0 
or 
(Red Hat 7: /etc/sysconfig/static-routes) 
(S.u.s.e. 9.2: /etc/sysconfig/network/routes):
Dynamic routes: RIP (Routing Information Protocol) is used to define dynamic routes. If multiple routes are possible, RIP will
choose the shortest route. (Fewest hops between routers not physical distance.) Routers use RIP to broadcast the routing table
over UDP port 520. The routers would then add new or improved routes to their routing tables.
Man pages:
          Show routes:
             Option                                                           Description
          -n             display IP addresses. Do not resolve host names for faster results.
          -e             Print more extensive information about routes.
          -v             Verbose.
          --help         Route command information.
          Manipulate routes:
                         Option                                                          Description
          add or del or neither                Add or delete route information. If not specified then print route table information.
          -host XXX.XXX.XXX.XXX                Add a single computer host identified by the IP address.
          -net XXX.XXX.XXX.XXX                 Add a network identified by the network address, to the route.
          gw XXX.XXX.XXX.XXX                   Specify the network gateway.
          netmask XXX.XXX.XXX.XXX              Specify the network netmask.
          default                              Of all the routes specified, identify one as the default network route. 
                                               (typically the gateway is specified as the default route)
Examples:
VPN, Tunneling:
         o    Flags:
                       G: route uses gateway
                       U: Interface is "up"
                       H: Only a single host is accessible (eg. loopback)
                       D: Entry generated by ICMP redirect message
                       M: Modified by ICMP redirect message
         o    Display interface statistics: netstat -i
              $ netstat -i
              Kernel Interface table
              Iface     MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
              eth0     1500 0 2224   0 0   0 1969    0  0  0 BMRU
              lo     16436 0 1428    0  0  0 1428    0  0  0 LRU
         o    Where:
                       RX-OK/TX-OK: number of packets transmitted/received error free
                       RX-ERR/TX-ERR: number of dammaged/error packets transmitted/received
                       RX-DRP/TX-DRP: number of dropped packets
                       RX-OVR/TX-OVR: number of packets dropped because of a buffer overrun
Flags:
The network listening daemons listen and respond to all network socket connections made on the TCP/IP ports assigned to it. The
ports are defined by the file /etc/services. When a connection is made, the listener will attempt to invoke the assigned program
and pipe the data to it. This simplified matters by allowing the assigned program to read from stdin instead of making its own
sockets connection. The listener hadles the network socket connection. Two network listening and management daemons have
been used in Red Hat Linux distributions:
inetd:
         Configuration file: /etc/inetd.conf 
         Entries in this file consist of a single line made up of the following fields:
              service socket-type protocol wait user server cmdline
                  service: The name assigned to the service. Matches the name given in the file /etc/services
                  socket-type:
                        o stream: connection protocols (TCP)
                        o dgram: datagram protocols (UDP)
                        o raw
                        o rdm
                        o seqpacket
                  protocol: Transport protocol name which matches a name in the file /etc/protocols. i.e. udp, icmp, tcp,
                   rpc/udp, rpc/tcp, ip, ipv6
                  wait: Applies only to datagram protocols (UDP).
                        o wait[.max]: One server for the specified port at any time (RPC)
                        o nowait[.max]: Continue to listen and launch new services if a new connection is made. (multi-
                             threaded)
Max refers to the maximum number of server instances spawned in 60 seconds. (default=40)
                  user[.group]: login id of the user the process is executed under. Often nobody, root or a special restricted id
                   for that service.
                  server: Full path name of the server program to be executed.
                  cmdline: Command line to be passed to the server. This includes argument 0 (argv[0]), that is the command
                   name. This field is empty for internal services. Example of internal TCP services: echo, discard, chargen
                   (character generator), daytime (human readable time), and time (machine readable time). (see RFC)
Sample File: /etc/inetd.conf
         The inet daemon must be restarted to pick up the changes made to the file: 
         /etc/rc.d/init.d/inetd restart
         For more information see the man pages "inetd" and "inetd.conf".
xinetd: Extended Internet Services Daemon:
         Xinetd has access control machanisms, logging capabilities, the ability to make services available based on time, and
         can place limits on the number of servers that can be started, redirect services to different ports and network interfaces
         (NIC) or even to a different server, chroot a service etc... and thus a worthy upgrade from inetd.
          Use the command chkconfig --list to view all system services and their state. It will also list all network services
          controlled by xinetd and their respective state under the title "xinetd based services". (Works for xinetd (RH7.0+) but
          not inetd)
          The xinetd network daemon uses PAM also called network wrappers which invoke
          the /etc/hosts.allow and /etc/hosts.deny files.
          disable = yes 
          or 
          disable = no
                   Use the chkconfig command: chkconfig service-name on 
                    (or off) 
                    This command will also restart the xinetd process to pick up the new configuration.
              service service-name
              {
                attribute assignment-operator value value ...
                ...
              {
Where:
                   attribute:
                         o disable:
                                    yes
                                    no
                         o type:
                                    RPC
                                    INTERNAL:
                                    UNLISTED: Not found in /etc/rpc or /etc/services
                         o id: By default the service id is the same as the service name.
                        o    socket_type:
                                       stream: TCP
                                       dgram: UDP
                                       raw: Direct IP access
                                       seqpacket: service that requires reliable sequential datagram transmission
                        o    flags: Combination of: REUSE, INTERCEPT, NORETRY, IDONLY, NAMEINARGS,
                             NODELAY, DISABLE, KEEPALIVE, NOLIBWRAP. 
                             See the xinetd man page for details.
                        o    protocol: Transport protocol name which matches a name in the file /etc/protocols.
                        o    wait:
                                       no: multi-threaded
                                       yes: single-threaded - One server for the specified port at any time (RPC)
                        o    user: See file : /etc/passwd
                        o    group: See file : /etc/group
                        o    server: Program to execute and recieve data stream from socket. (Fully qualified name - full pathe
                             name of program)
                        o    server_args: Unlike inetd, arg[0] or the name of the service is not passed.
                        o    only_from: IP address, factorized address, netmask range, hostname or network name from
                             file /etc/networks.
                        o    no_access: Deny from ... (inverse of only_from)
                        o    access_times
                        o    port: See file /etc/services
                  assignment-operator:
                        o =
                        o +=: add a value to the set of values
                        o -=: delete a value from the set of values
Example from man page: Limit telnet sessions to 8 Mbytes of memory and a total 20 CPU seconds for child processes.
         service telnet
         {
             socket_type     = stream
             wait        = no
             nice        = 10
             user        = root
             server      = /usr/etc/in.telnetd
             rlimit_as    = 8M
             rlimit_cpu     = 20
         }
         [Pitfall] Red Hat 7.1 with updates as of 07/06/2001 required that I restart the xinetd services before FTP would work
         properly even though xinetdhad started without failure during the boot sequence. I have no explanation as to why this
         occurs or how to fix it other than to restart xinetd:/etc/rc.d/init.d/xinetd restart.
See the YoLinux.com secure shell tutorial for use of ssh, rssh, scp and sftp
The "rwho" command is used to display users logged into computers on your LAN.
By default, Red Hat Linux has the network interface to the rwhod disabled. Thus if one issues the command "rwho", you will
only see who is logged into the system you are logged into and not remote systems on the network. This is a safe approach for
internet servers as it reduces the exposure of a service which could be exploited by hackers. If you wish to use rwhod on a local
private and firewall protected network, here is how:
Start service:
Man pages:
Portmapper is a network service required to support RPC's. Many services such as NFS (file sharing services) and NIS (Network
Information Services) require portmapper.
An RPC server makes available a collection of procedures (programs) that a client system may call and then receive the returned
results. The list of services available is listed in /etc/rpc on the server. The message communication is in a machine independent
form called XDR (External Data Representation format).
         /etc/rc.d/init.d/portmap start
         service portmap start (Red Hat/Fedora Core)
Man Pages:
This system allows or denies network access. One can reject or allow specific IP addresses or subnets to access your system.
File: /etc/hosts.allow
  in.ftpd:208.188.34.105
This specifically allows the given IP address to ftp to your system. One can also specify an entire domain. i.e. .name-of-
domain.com 
Note the beginning ".".
File: /etc/hosts.deny
 ALL:ALL
This generally denies any access.
File: /etc/inetd.conf
The inet daemon accepts the incoming network stream and assigns it to the PAM TCP wrapper, /usr/sbin/tcpd, which accepts or
denies the network connection as defined by /etc/hosts.allow and /etc/hosts.deny and then passes it along to ftp. This is logged
to /var/log/secure
Advanced PAM: More specific access can be assigned and controlled by controlling the level of authentication required for
access.
Files reflect the inet service name. Rules and modules are stacked to achieve the level of security desired.
Modules:
ICMP:
ICMP redirect packets are sent from the router to the host to inform the host of a better route. To enable ICMP redirect, add the
following line to/etc/sysctl.conf :
net.ipv4.conf.all.accept_redirects = 1
           for f in /proc/sys/net/ipv4/conf/*/accept_redirects
           do
             echo 1 > $f
           done
NOTE: This may leave you vulnerable to hackers as attackers may alter your routes.
          Iptables:
          iptables -A OUTPUT -p icmp -d 0/0 -j DROP
          Ipchains:
          ipchains -A output -p icmp -d 0/0 -j DENY
OR drop all incomming pings:
          echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
This is sometimes necessary to look invisible to DOS (Denial Of Service) attackers who use ping to watch your machine and
launch an attack when it's pressence is detected
   Examples:
          o tcpdump tcp port 80 and host server-1
          o tcpdump ip host server-1 and not server-2
   iptraf - Interactive Colorful IP LAN Monitor
   nmap - Network exploration tool and security scanner
          o List pingable nodes on network: nmap -sP 192.168.0.0/24 
                Scans network for IP addresses 192.168.0.0 to 192.168.0.255 using ping.
   Ethereal - Network protocol analyzer. Examine data from a live network. 
RPM's required:
    There is an error in the ethereal package because it does not show the snmp libraries as a dependancies, but you can
    deduce this from the errors that you get if the ucd-snmp libraries are not installed.
   EtherApe - Graphical network monitor for Unix modeled after etherman. This is a great network discovery program
    with cool graphics. (Red Hat Powertools CD 7.1)
   Gkrellm - Network and system monitor. Good for monitoring your workstation. (Red Hat Powertools CD)
   IPTraf - ncurses-based IP LAN monitor. (Red Hat Powertools CD)
   Cheops - Network discovery, location, diagnosis and management. Cheops can identify all of the computers that are on
    your network, their IP address, their DNS name, the operating system they are running. Cheops can run a port scan on
    any system on your network. (Red Hat Powertools CD)
   ntop - Shows network usage in a way similar to what top does for processes. Monitors how much data is being sent and
    received on your network. (Red Hat Powertools CD)
   MRTG - Multi Router Traffic Grapher - Monitor network traffic load using SNMP and generate an HTML/GIF report.
    (See sample output)
   dnsad - IP traffic capture. Export to Cisco Netflow for network analysis reporting.
   scotty - Obtain status and configuration information about your network. Supports SNMP, ICMP, DNS, HTTP,
    SUN RPC, NTP, & UDP. (Red Hat Powertools CD)
         Big Brother - Monitoring ans services availablility.
         OpenNMS.org - Network Management using SNMP.
         Nagios - host, service and network monitoring
         Angel network monitor
[root]# ifconfig eth0 promisc    - Put nic into promiscuous mode to sniff traffic.
[root]# tcpdump -n host not XXX.XXX.XXX.XXX | more - Sniff net but ignore IP which is your remote session.
[root]# ifconfig eth0 -promisc   - Pull nic out of promiscuous mode.
SNORT: Monitor the network, performing real-time traffic analysis and packet logging on IP networks for the detection of an
attack or probe.
Ethernet hosts use the Address Resolution Protocol (ARP) to convert a 32-bit internet IP addresses into a 48-bit Ethernet MAC
address used by network hardware. (See: RFC 826) ARP broadcasts are sent to all hosts on the subnet by the data transmitting
host to see who replies. The broadcast is ignored by all except the intended receiver which recognizes the IP address as its own.
The MAC addresses are remembered (APR cache) for future network communications. Computers on the subnet typically keep a
cache of ARP responses. ARP broadcasts are passed on by hubs and switches but are blocked by routers.
Reverse ARP (See: RFC 903) is a bootstrap protocol which allows a client to broadcast requesting a server to reply with its IP
address.
Note that the use of a switch instead of a hub will limit your view of other hosts. Typically all you will see in the arp table is your
router or gateway.
Set/Configure ARP tables:
Man pages:
ARP is something that simply works. No Linux system configuration is necessary. It's all part of the ethernet and IP protocol. The
aforementioned information is just part of the Linux culture of full visibility into what is going on.
Regular network exchanges of data are peer to peer unicast transactions. An HTTP request to a web server (TCP/IP), email
SNMP (TCP/IP), DNS (UDP), FTP (TCP/IP), ... are all peer to peer unicast transactions. If one wants to transmit a video, audio
or data stream to multiple nodes with one transmission stream instead of multiple individual peer to peer connections, one for
each node, one may use multicasting to reduce network load. Note that multicast and a network broadcast are different. Multicast
messages are only "heard" by the nodes on the network that have "joined the multicast group" which are those that are interested
in the information.
The Linux kernel is Level-2 Multicast-Compliant. It meets all requirements to send, receive and act as a router for multicast
datagrams. For a process to receive multicast datagrams it has to request the kernel to join the multicast group and bind the port
receiving the datagrams. When a process is no longer interested in the multicast group, a request is made to the kernel to leave the
group. It is the kernel/host which joins the multicast group and not the process. Kernel configuration requires
"CONFIG_IP_MULTICAST=y". In order for the Linux kernel to support multicast routing, set the following in the kernel
config:
         CONFIG_IP_MULTICAST=y
         CONFIG_IP_ROUTER=y
         CONFIG_IP_MROUTE=y
         CONFIG_NET_IPIP=y
The default Red Hat / Fedora kernels are compiled to support multicast.
Note that on multihomed systems (more than one IP address/network card), only one device can be configured to handle
multicast.
Class D networks with a range of IP addresses from 224.0.0.0 to 239.255.255.255 (See Network Classes above) have typically
been reserved for multicast.
Usefull commands:
                Command                                                      Description
                                  List multicast group to which the host is subscribed. Use "Internet Group Management
          cat /proc/net/igmp      Protocol".
                                  (See /usr/src/linux/net/core/igmp.c)
                                  List multicast interfaces.
          cat /proc/net/dev_mcast
                                  (See /usr/src/linux/net/core/dev_mcast.c)
          ping 224.0.0.1          All hosts configured for multicast will respond with their IP addresses
          ping 224.0.0.2          All routers configured for multicast will respond
          ping 224.0.0.3          All PIM routers configured for multicast will respond
          ping 224.0.0.4          All DVMRP routers configured for multicast will respond
          ping 224.0.0.5          All OSPF routers configured for multicast will respond
Multicast transmissions are achieved through proper routing, router configuration (if communicating through subnets) and
programatically with the use of the following "C" function library calls:
           Function Call                   Description
           setsockopt()  Pass information to the Kernel.
           getsockopt() Retrieve information broadcast using multicast.
           For more on multicast programming see: Multicast Howto.
           The multicast application will specify the multicast loopback interface, TTL (network time to live), network interface
           and the multicast group to add or drop.
Note that if adding a route to forward packets through a router, that the router MUST be configured to forward multicast packets.
Many routers do not support forwarding of multicast packets or have a default configuration which does not. The internet by
default does not forward multicast packets.
Linux can support IP protocol over serial device interfaces. Over long distances this is typically supported using a modem over
telephone lines (POTS: Plain Old Telephone Service) or satellite communications.
Thisis the most common form of IP over serial line and is the most common technique used by telephone dial-up ISPs. The
following tutorials use a Hayes command set compatible modem.
Devices:
                          Interfaces                                       Description
           sl0        sl1      sl2           sl3       SLIP interfaces. Linux kernel supports up to four.
           COM1       COM2     COM3          COM4      Serial Ports (RS-232 hardware)
                                                       Serial devices (dial in)
           /dev/ttyS0 /dev/ttyS1 /dev/ttyS2 /dev/ttyS3
                                                       (virtual terminal consoles)
           /dev/cua0 /dev/cua1 /dev/cua2 /dev/cua3 Serial devices (dial out)
           4          4          4          4          Interface major numbers (dial in)
          5          5          5          5           Interface major numbers (dial out)
          64         65         66         67          Interface minor numbers
          The command ls -l /dev/ttyS* /dev/cua* will show the device major and minor numbers.
          The major and minor numbers are used when creating a SPLIP interface: 
          Example:
SLIP configuration:
         Configure /etc/resolve.conf 
          (See notes above in this tutorial)
         Attach network interface to serial line on COM2: /sbin/slattach -p slip -s 19200 /dev/ttyS1 &
         Assign local and remote IP: /sbin/ifconfig sl0 192.168.1.10 pointopoint 192.168.1.40 up 
          Assign local IP (192.168.1.10) and connect to remote server (192.168.1.40) 
          Alternate example: /sbin/route add plip1 192.168.1.10 pointopoint 192.168.1.40
         Add route: /sbin/route add default dev sl0 &
Point to point serial links (rather than broadcast networks line ethernet), can alsobe supported over parallel printer ports.
An IP network at 10 to 20 kBps over parallel printer ports lp0 or lp1 are much faster than serial. Linux supports mode 0 PLIP
transferring half bytes of data at a time. Requires "NULL Printer" or "Turbo Laplink" printer connection. See kernel
source drivers/net/Space.c.
           Interface I/O Port IRQ
           plip0      0x3BC 7
           plip1      0x378      7
           plip2      0x278      5
PLIP Configuration:
On the remote host at the other end of the cable, the opposite must be specified:
        Make your life simple and use the GUI/File Manager LinNeighborhood. It uses smbmount, samba and smbclient to
        give you access to MS/Windows servers and printers.
Network Definitions:
       IPv4: Most of the Internet servers and personal computers use Internet Protocol version 4 (IPv4). This uses 32 bits to
        assign a network address as defined by the four octets of an IP address up to 255.255.255.255. Which is the
        representation of four 8 bit numbers thus totaling 32 bits.
       IPv6: Internet Protocol version 6 (IPv6) uses a 128 bit address and thus billions and billions of potential addresses. The
        protocol has also been upgraded to include new quality of service features and security. Currently Linux supports IPv6
        but IPv4 is used when connecting your computer to the internet.
       TCP/IP: (Transmission Control Protocol/Internet Protocol) uses a client - server model for communications. The
        protocol defines the data packets transmitted (packet header, data section), data integrity verification (error detection
        bytes), connection and acknowledgement protocol, and re-transmission.
       TCP/IP time to live (TTL): This is a counting mechanism to determine how long a packet is valid before it reaches its
        destination. Each time a TCP/IP packet passes through a router it will decrement its TTL count. When the count
        reaches zero the packet is dropped by the router. This ensures that errant routing and looping aimless packets will not
        flood the network.
       MAC Address: (media access control) is the network card address used for communication between other network
        devices on the subnet. This info is not routable. The ARP table maps TCP/IP address (global internet) to the local
        hardware on the local network. Use the command /sbin/ifconfigto view both the IP address and the MAC address. The
        MAC address uniquely identifies each node of a network and is used by the Ethernet protocol.
       Full Duplex: Allows the simultaneous sending and receiving of packets. Most modern modems support full duplex.
       Half Duplex: Allows the sending and receiving of packets in one direction at a time only.
       OSI 7 Layer Model: The ISO (International Standards Organization) has defined the OSI (Open Systems
        Interconnection) model for current networking protocols.
   Network Hub: Hardware to connect network devices together. The devices will all be on the same network and/or
    subnet. All network traffic is shared and can be sniffed by any other node connected to the same hub.
   Network Switch: Like a hub but creates a private link between any two connected nodes when a network connection is
    established. This reduces the amount of network collisions and thus improves speed. Broadcast messages are still sent
    to all nodes.