Network Environment of Linux

1
Network Environment of Linux
2
Configure IP Address

• ifconfig a
• List all IP addresses in your Linux
• To change your IP address, type the command
  setup in the shell and then choose Network
  configuration from the menu.
• You can find the detail network configuration
  from the file
• /etc/sysconfig/network-scripts/ifcfg-eth0

3
ping an IP

• To test the network connect of your ping, you can
  use the command ping
• ping 127.0.0.1
• A loop back test of your PC
• ping xxx.xxx.xxx.xxx
• xxx.xxx.xxx.xxx is the IP address of other PC in
  the same domain
• ping www.yahoo.com
• To test the connection between your PC and the
  Internet.

4
Shut down and Bring up a netwrok

• ifdown eth0
• Shut Down the network adapter eth0
• ifup eth0
• Bring up the network adapter eth0
• You can try to use ping to test the above two
  commands

5
Multiple IP Addresses

• First ensure the parent real interface exists, in
  general, eth0 should exist.
• ifconfig eth00 192.168.1.99 netmask
  255.255.255.0 up
• eth00 is a child interface eth0
• You should also create a /etc/sysconfig/network-sc
  ripts/ifcfg-eth00 file so that the aliases will
  all be managed automatically with the ifup and
  ifdown commands.

6
Configure Gateway

• route add default gw 192.168.1.1 eth0
• Assign the default gateways IP address to the
  interface eth0
• You can also need to update the file
  /etc/sysconfig/network.

7
Configure DHCP Server

• To simplify the work of IP assignment, Dynamic
  Host Configuration Protocol Server can help.
• You can find the dhcp RPM packages from the
  Fedoras CD
• To check the install of your dhcp, you can use
• rpm -qa dhcp
• You can start the dhcp service by using setup,
  System services, and then check dhcpd

8
The /etc/dhcpd.conf File

• When DHCP starts, it reads the file
  /etc/dhcpd.conf to configure your network.
• DHCP RPM package doesn't automatically install a
  /etc/dhcpd.conf file.
• You can find a sample copy of dhcpd.conf in the
  following directory
• /usr/share/doc/dhcpd.conf.sample

9
Sample dhcpd.conf
ddns-update-style interim ignore
client-updates   subnet 192.168.1.0 netmask
255.255.255.0       The range of IP addresses
the server will issue to DHCP enabled PC
clients     booting up on the network      range
192.168.1.201 192.168.1.220       Set the
amount of time in seconds that a client may keep
the IP address    default-lease-time
86400   max-lease-time 86400       Set the
default gateway to be used by the PC clients
option routers 192.168.1.1
10
Sample dhcpd.conf (2)
    Don't forward DHCP requests from this NIC
interface to any other NIC interfaces      option
ip-forwarding off       Set the broadcast
address and subnet mask to be used by the DHCP
clients    option broadcast-address
192.168.1.255   option subnet-mask
255.255.255.0       Set the DNS server to be
used by the DHCP clients    option
domain-name-servers 192.168.1.100       Set the
NTP server to be used by the DHCP
clients      option nntp-server 192.168.1.100
11
Sample dhcpd.conf(3)
    If you specify a WINS server for your
Windows clients,     you need to include the
following option in the dhcpd.conf
file   option netbios-name-servers
192.168.1.100       You can also assign
specific IP addresses based on the clients'    
ethernet MAC address as follows (Host's name is
"laser-printer"   host laser-printer
      hardware ethernet 08002b4c5923     
 fixed-address 192.168.1.222    
12
Start your dhcp

• Ensure there is an existing dhcpd.leases file in
  the directory /var/lib/dhcp
• You can create this file by using
• touch /var/lib/dhcp/dhcpd.leases
• Use the chkconfig command to start DHCP at boot
• chkconfig dhcpd on
• Use the service command to start/stop/restart
  DHCP
• service dhcpd start
• service dhcpd stop
• service dhcpd restart

13
Configuring Linux dhcp Clients

• You can find the detail network configuration
  from the file
• /etc/sysconfig/network-scripts/ifcfg-eth0
• Change the content so that the IP address will be
  assigned by a dhcp server

DEVICEeth0BOOTPROTOdhcpONBOOTyes
14
Apache the most popular web server on the
Internet
15
http Hyper Text Transfer Protocol

• Apache basically is a http server.
• The main function is to transfer HTML file.
• Nowadays, many modules (plug-in) enhance the
  functions of Apache.
• Use the chkconfig command to configure Apache
  to start at boot
• chkconfig httpd on
• Use service httpd to start,stop, and restart
  Apache after booting
• service httpd start
• service httpd stop
• service httpd restart

16
Basic Configuration of Apache

• DocumentRoot /var/www/html
• Default directory to place your HTML files.
• User apache, Group apache
• Default user and group for the httpd processes.
• Listen Port 80
• Default Home Page - index.html
• Log files Directory - /var/log/httpd
• All these configurations are stored in
• /etc/httpd/conf/httpd.conf

17
Fine Tune your Apache

• Before going to change httpd.conf, remember to
  make a backup
• cp httpd.conf httpd.conf.bak
• Open httpd.conf and start to change setting.
• KeepAlive On
• To reduce the overhead on the connection.
• TimeOut 60
• Waiting too long is not necessary.
• AddDefaultCharset Big5
• Display Traditional Chinese.
• You must restart your Apache after the
  modification

18
Configure your ltDirectorygt

• To control the files access inside a directory,
  we need to use ltDirectorygt tab inside httpd.conf.
• For example, find the ltDirectory /var/www/htmlgt
  which is the access control of default
  DocumentRoot

ltDirectory "/var/www/html"gt Options Indexes
FollowSymLinks AllowOverride None Order
allow,deny Allow from all lt/Directorygt
19
Configure your ltDirectorygt (2)

• Options Indexes FollowSymLinks
• Indexes Allow users read the directories index
  if home page index.html cannot find.
• FollowSymLink Allow web admin to create a
  Symbolic Link which let users access other files
  outside /var/www/html.
• These two Options SHOULD BE REMOVED for security
  concern.
• AllowOverride None
• Do not allow users to use a file .htaccess
  (explain later).

20
Configure your ltDirectorygt (3)

• Order allow,deny
• The sequence to read the access IP address or
  domain name. In this case, read allow first and
  then deny. If allow conflict with deny,
  deny override allow (reverse order).
• Allow from all
• Allow all IPs or domain to access this Directory.
• Some input methods for allow, deny
• Deny from 192.168.1.100 192.168.1.101
• Deny from vtc.edu.hk 192.168.1.0/24

21
Create a sub web site

• In general, all HTML files must store under
  /var/www/html.
• We can create another web directory which is not
  under /var/www/html and use Alias to point to
  it.
• Create a new directory site1 under the
  directory /var/www.
• Add this line to httpd.conf
• Alias /site1 /var/www/site1
• And then use ltDirectory /var/www/site1gt to
  control the access.

22
Personal Web Site

• Each user in a Linux can create his/her own web
  site under his/her home directory.
• Default directory is public_html.
• Other users can access the personal web site by
  using username.
• For user alan, the URL access his personal web
  is
• http//www.xxx.com/alan

23
Personal Web Site (2)

• Backup httpd.conf and then open it.
• Remove the line UserDir disable in httpd.conf.
• Uncomment (remove the mark ) the line UserDir
  public_html.
• Login as the user which want to create his/her
  own web site.
• Create a directory public_html under his/her
  home directory
• Change the permission of the home directory and
  public_html directory
• chmod 755 /home/alan
• chmod 755 public_html

24
Virtual Host

• One IP can have more than one domain name or host
  name.
• One PC can have more than one IP address.
• As a result, One Web Server can contains more
  than one web site.
• For example, www.abc.com, www.bbb.com, are two
  web sites in a PC which store the contents in
  different directories.

25
Named Base Virtual Host

• Create two directories, site1, site2 under
  the directory /var/www.
• Backup httpd.conf and then open it.
• Add following lines to your httpd.conf

NameVirtualHost ltVirtualHost gt ServerName
www.abc.com DocumentRoot
/var/www/site1 lt/VirtualHostgt ltVirtualHost gt
ServerName www.bbb.com DocumentRoot
/var/www/site2 lt/VirtualHostgt
26
IP Based Virtual Host

• Add two more ip addresses to your eth0
• Backup httpd.conf and then open it.
• Add following lines to your httpd.conf

ltVirtualHost 192.168.1.xxxgt     DocumentRoot
/var/www/site1 lt/VirtualHostgt   ltVirtualHost
192.168.1.yyygt     DocumentRoot
/var/www/site2 lt/VirtualHostgt
27
Protected Content

• We can apply a username and password to a web
  directory.
• Go to the directory /var/www
• Use htpasswd to create a user file.
• htpasswd -c password_file_name User_name
• e.g. htpasswd -c httpusers alan
• Backup httpd.conf and then open it.
• File permission of password file should be 644.

28
Protected Content (2)

• Add following statements to httpd.conf
• Other input method for require
• require user alan mary
• Only allow alan and mary to use this site.

ltDirectory "/var/www/site1"gt AuthName
"Protected Directory" AuthType Basic
AuthUserFile /var/www/httpusers
require valid-user
lt/Directorygt
29
.htaccess, remote control a directory

• If Apache contains too many ltDirectorygt, any
  changes on the access will cause RESTART!
• Open httpd.conf, we can find
• AccessFileName .htaccess
• We can create a .htaccess file which contain
  files access control attributes and place this
  file under a directory.
• httpd.conf use following statement to restrict
  users access .htaccess through Internet

ltFiles "\.ht"gt Order allow,deny Deny
from all lt/Filesgt
30
.htaccess, remote control a directory(2)

• For the previous web site, we can move the
  authentication setting to a .htaccess .
• ltDirectorygt also need to change
• AllowOverride AuthConfig
• Allow to use a .htaccess file to override the
  authenication setting.

ltDirectory "/var/www/site1"gt AllowOverride
AuthConfig Order allow,deny Allow from
all lt/Directorygt
31
.htaccess, remote control a directory(3)

• Under the directory /var/www/site1, create a file
  with name .htaccess and the content is

AuthName "Protected Directory" AuthType
Basic AuthUserFile
/var/www/httpusers require valid-user