Title: Network Environment of Linux
1Network Environment of Linux
2Configure IP Address
- ifconfig a
- List all IP addresses in your Linux
- To change your IP address, type the command
setup in the shell and then choose Network
configuration from the menu. - You can find the detail network configuration
from the file - /etc/sysconfig/network-scripts/ifcfg-eth0
3ping an IP
- To test the network connect of your ping, you can
use the command ping - ping 127.0.0.1
- A loop back test of your PC
- ping xxx.xxx.xxx.xxx
- xxx.xxx.xxx.xxx is the IP address of other PC in
the same domain - ping www.yahoo.com
- To test the connection between your PC and the
Internet.
4Shut down and Bring up a netwrok
- ifdown eth0
- Shut Down the network adapter eth0
- ifup eth0
- Bring up the network adapter eth0
- You can try to use ping to test the above two
commands
5Multiple IP Addresses
- First ensure the parent real interface exists, in
general, eth0 should exist. - ifconfig eth00 192.168.1.99 netmask
255.255.255.0 up - eth00 is a child interface eth0
- You should also create a /etc/sysconfig/network-sc
ripts/ifcfg-eth00 file so that the aliases will
all be managed automatically with the ifup and
ifdown commands.
6Configure Gateway
- route add default gw 192.168.1.1 eth0
- Assign the default gateways IP address to the
interface eth0 - You can also need to update the file
/etc/sysconfig/network.
7Configure DHCP Server
- To simplify the work of IP assignment, Dynamic
Host Configuration Protocol Server can help. - You can find the dhcp RPM packages from the
Fedoras CD - To check the install of your dhcp, you can use
- rpm -qa dhcp
- You can start the dhcp service by using setup,
System services, and then check dhcpd
8The /etc/dhcpd.conf File
- When DHCP starts, it reads the file
/etc/dhcpd.conf to configure your network. - DHCP RPM package doesn't automatically install a
/etc/dhcpd.conf file. - You can find a sample copy of dhcpd.conf in the
following directory - /usr/share/doc/dhcpd.conf.sample
9Sample dhcpd.conf
ddns-update-style interim ignore
client-updates  subnet 192.168.1.0 netmask
255.255.255.0 Â Â Â Â The range of IP addresses
the server will issue to DHCP enabled PC
clients    booting up on the network     range
192.168.1.201 192.168.1.220 Â Â Â Â Set the
amount of time in seconds that a client may keep
the IP address    default-lease-time
86400Â Â Â max-lease-time 86400 Â Â Â Â Set the
default gateway to be used by the PC clients
option routers 192.168.1.1
10Sample dhcpd.conf (2)
   Don't forward DHCP requests from this NIC
interface to any other NIC interfaces     option
ip-forwarding off     Set the broadcast
address and subnet mask to be used by the DHCP
clients    option broadcast-address
192.168.1.255Â Â Â option subnet-mask
255.255.255.0 Â Â Â Â Set the DNS server to be
used by the DHCP clients    option
domain-name-servers 192.168.1.100 Â Â Â Â Set the
NTP server to be used by the DHCP
clients     option nntp-server 192.168.1.100
11Sample dhcpd.conf(3)
   If you specify a WINS server for your
Windows clients, Â Â Â you need to include the
following option in the dhcpd.conf
file   option netbios-name-servers
192.168.1.100 Â Â Â Â You can also assign
specific IP addresses based on the clients' Â Â Â
ethernet MAC address as follows (Host's name is
"laser-printer"Â Â Â host laser-printer
      hardware ethernet 08002b4c5923    Â
 fixed-address 192.168.1.222   Â
12Start your dhcp
- Ensure there is an existing dhcpd.leases file in
the directory /var/lib/dhcp - You can create this file by using
- touch /var/lib/dhcp/dhcpd.leases
- Use the chkconfig command to start DHCP at boot
- chkconfig dhcpd on
- Use the service command to start/stop/restart
DHCP - service dhcpd start
- service dhcpd stop
- service dhcpd restart
13Configuring Linux dhcp Clients
- You can find the detail network configuration
from the file - /etc/sysconfig/network-scripts/ifcfg-eth0
- Change the content so that the IP address will be
assigned by a dhcp server
DEVICEeth0BOOTPROTOdhcpONBOOTyes
14Apache the most popular web server on the
Internet
15http Hyper Text Transfer Protocol
- Apache basically is a http server.
- The main function is to transfer HTML file.
- Nowadays, many modules (plug-in) enhance the
functions of Apache. - Use the chkconfig command to configure Apache
to start at boot - chkconfig httpd on
- Use service httpd to start,stop, and restart
Apache after booting - service httpd start
- service httpd stop
- service httpd restart
16Basic Configuration of Apache
- DocumentRoot /var/www/html
- Default directory to place your HTML files.
- User apache, Group apache
- Default user and group for the httpd processes.
- Listen Port 80
- Default Home Page - index.html
- Log files Directory - /var/log/httpd
- All these configurations are stored in
- /etc/httpd/conf/httpd.conf
17Fine Tune your Apache
- Before going to change httpd.conf, remember to
make a backup - cp httpd.conf httpd.conf.bak
- Open httpd.conf and start to change setting.
- KeepAlive On
- To reduce the overhead on the connection.
- TimeOut 60
- Waiting too long is not necessary.
- AddDefaultCharset Big5
- Display Traditional Chinese.
- You must restart your Apache after the
modification
18Configure your ltDirectorygt
- To control the files access inside a directory,
we need to use ltDirectorygt tab inside httpd.conf. - For example, find the ltDirectory /var/www/htmlgt
which is the access control of default
DocumentRoot
ltDirectory "/var/www/html"gt Options Indexes
FollowSymLinks AllowOverride None Order
allow,deny Allow from all lt/Directorygt
19Configure your ltDirectorygt (2)
- Options Indexes FollowSymLinks
- Indexes Allow users read the directories index
if home page index.html cannot find. - FollowSymLink Allow web admin to create a
Symbolic Link which let users access other files
outside /var/www/html. - These two Options SHOULD BE REMOVED for security
concern. - AllowOverride None
- Do not allow users to use a file .htaccess
(explain later).
20Configure your ltDirectorygt (3)
- Order allow,deny
- The sequence to read the access IP address or
domain name. In this case, read allow first and
then deny. If allow conflict with deny,
deny override allow (reverse order). - Allow from all
- Allow all IPs or domain to access this Directory.
- Some input methods for allow, deny
- Deny from 192.168.1.100 192.168.1.101
- Deny from vtc.edu.hk 192.168.1.0/24
21Create a sub web site
- In general, all HTML files must store under
/var/www/html. - We can create another web directory which is not
under /var/www/html and use Alias to point to
it. - Create a new directory site1 under the
directory /var/www. - Add this line to httpd.conf
- Alias /site1 /var/www/site1
- And then use ltDirectory /var/www/site1gt to
control the access.
22Personal Web Site
- Each user in a Linux can create his/her own web
site under his/her home directory. - Default directory is public_html.
- Other users can access the personal web site by
using username. - For user alan, the URL access his personal web
is - http//www.xxx.com/alan
23Personal Web Site (2)
- Backup httpd.conf and then open it.
- Remove the line UserDir disable in httpd.conf.
- Uncomment (remove the mark ) the line UserDir
public_html. - Login as the user which want to create his/her
own web site. - Create a directory public_html under his/her
home directory - Change the permission of the home directory and
public_html directory - chmod 755 /home/alan
- chmod 755 public_html
24Virtual Host
- One IP can have more than one domain name or host
name. - One PC can have more than one IP address.
- As a result, One Web Server can contains more
than one web site. - For example, www.abc.com, www.bbb.com, are two
web sites in a PC which store the contents in
different directories.
25Named Base Virtual Host
- Create two directories, site1, site2 under
the directory /var/www. - Backup httpd.conf and then open it.
- Add following lines to your httpd.conf
NameVirtualHost ltVirtualHost gt ServerName
www.abc.com DocumentRoot
/var/www/site1 lt/VirtualHostgt ltVirtualHost gt
ServerName www.bbb.com DocumentRoot
/var/www/site2 lt/VirtualHostgt
26IP Based Virtual Host
- Add two more ip addresses to your eth0
- Backup httpd.conf and then open it.
- Add following lines to your httpd.conf
ltVirtualHost 192.168.1.xxxgt     DocumentRoot
/var/www/site1 lt/VirtualHostgt  ltVirtualHost
192.168.1.yyygt     DocumentRoot
/var/www/site2 lt/VirtualHostgt
27Protected Content
- We can apply a username and password to a web
directory. - Go to the directory /var/www
- Use htpasswd to create a user file.
- htpasswd -c password_file_name User_name
- e.g. htpasswd -c httpusers alan
- Backup httpd.conf and then open it.
- File permission of password file should be 644.
28Protected Content (2)
- Add following statements to httpd.conf
- Other input method for require
- require user alan mary
- Only allow alan and mary to use this site.
ltDirectory "/var/www/site1"gt AuthName
"Protected Directory" AuthType Basic
AuthUserFile /var/www/httpusers
require valid-user
lt/Directorygt
29.htaccess, remote control a directory
- If Apache contains too many ltDirectorygt, any
changes on the access will cause RESTART! - Open httpd.conf, we can find
- AccessFileName .htaccess
- We can create a .htaccess file which contain
files access control attributes and place this
file under a directory. - httpd.conf use following statement to restrict
users access .htaccess through Internet
ltFiles "\.ht"gt Order allow,deny Deny
from all lt/Filesgt
30.htaccess, remote control a directory(2)
- For the previous web site, we can move the
authentication setting to a .htaccess . - ltDirectorygt also need to change
- AllowOverride AuthConfig
- Allow to use a .htaccess file to override the
authenication setting.
ltDirectory "/var/www/site1"gt AllowOverride
AuthConfig Order allow,deny Allow from
all lt/Directorygt
31.htaccess, remote control a directory(3)
- Under the directory /var/www/site1, create a file
with name .htaccess and the content is
AuthName "Protected Directory" AuthType
Basic AuthUserFile
/var/www/httpusers require valid-user