SUSE Linux Enterprise Server Administration (Course 3037)

1
SUSE Linux Enterprise Server Administration
(Course 3037)

• Chapter 7
• Connect the SUSE Linux Enterprise Server to the
  Network

2
Objectives

• Configure Your Network Connection
• Configure and Manage Routes
• Test the Network Interface

3
Configure Your Network Connection

• Objectives
• TCP/IP Fundamentals
• Network Interfaces in Linux
• Network Interface Requirements
• How to Configure a Network Card with YaST
• How to Modify a Network Card Manually

4
TCP/IP Fundamentals

• TCP/IP network components
• Host
• Receives requests for information from the
  Internet
• TCP/IP
• Defines how packets should be structured
• IP packet
• Electronic package of data sent over the Internet
• Router
• Forwards an IP packet to the next network point
• Firewall
• Protects the resources of a private intranet or
  network

5
TCP/IP Fundamentals (continued)

• IP address structure
• Host is also referred to as a node or station
• Routers locate hosts based on their IP addresses
• IP address consists of four bytes
• A network address (from 1 to 3 bytes)
• A node or station address (from 1 to 3 bytes)
• Node address 0, and 255 are reserved
• IP addresses take the form of a dotted octet
• Each byte is separated by a dot

6
TCP/IP Fundamentals (continued)
7
TCP/IP Fundamentals (continued)
8
TCP/IP Fundamentals (continued)
9
TCP/IP Fundamentals (continued)

• Network classes and IP addresses
• There are five address classes defined in IP
• Classes A through C can be assigned
• Classes D and E are reserved
• Class A addresses
• Networks 126
• Hosts per network 16,777,216
• Class B addresses
• Networks 16,384
• Hosts per network 65,534

10
TCP/IP Fundamentals (continued)
11
TCP/IP Fundamentals (continued)
12
TCP/IP Fundamentals (continued)

• Network classes and IP addresses
• Class C addresses
• Networks 2,097,152
• Hosts per network 255
• Class D addresses
• First byte is in the 224 to 239 range
• Used for multicast packets
• Class E addresses
• First byte is in the 240 to 255 range
• Reserved for experimental use

13
TCP/IP Fundamentals (continued)

• Special IP addresses
• See Table 7-1

14
TCP/IP Fundamentals (continued)
15
Network Interfaces in Linux

• Network interfaces
• Always referred to with a fixed name
• Name depends on type and position of the network
  card in the computer
• First card is called eth0, second is eth1, and so
  on
• Drives
• Provide support for network cards and protocols
• Kernel modules that can be loaded if required
• SUSE Linux Enterprise Server
• Contains drivers for all common network cards

16
Network Interface Requirements

• Network card is detected during installation
• And a suitable driver is loaded
• Command ifstatus device
• Verifies network card has been integrated
  correctly
• With the appropriate driver
• Kernel support implemented as a module
• Name of the module is entered by YaST
• In a file in /etc/sysconfig/hardware/
• Drivers are autodetected for hotplug cards
• No configuration is necessary

17
How to Configure a Network Card with YaST

• Steps
• Start the YaST Network Card module
• Select a network card from the list (conditional)
• Modify network card settings (conditional)

18
How to Configure a Network Card with YaST
(continued)
19
How to Configure a Network Card with YaST
(continued)
20
How to Configure a Network Card with YaST
(continued)
21
How to Configure a Network Card with YaST
(continued)

• Steps
• Do one of the following
• Add a new network card configuration
• Modify an existing configuration
• Delete a listed configuration
• Select Next
• Save the configuration by selecting Finish
• Check network card activation and settings
• From the command line using ifconfig or ip

22
How to Configure a Network Card with YaST
(continued)
23
How to Configure a Network Card with YaST
(continued)
24
How to Configure a Network Card with YaST
(continued)
25
How to Modify a Network Card Manually

• Configure the network interface with ifconfig
• ifconfig (/sbin/ifconfig)
• Used to manually configure a network card
• Display information about status of network
  interfaces
• Changes done with ifconfig are temporary
• Syntax
• ifconfig interface address options
• ifconfig eth0 192.168.0.1
• Assigns 192.168.0.1 to network card eth0
• ifconfig eth0 up
• Activates eth0

26
How to Modify a Network Card Manually (continued)
27
How to Modify a Network Card Manually (continued)

• Configure IP aliases with ifconfig
• IP aliases
• Used to define more than one IP address for a
  network card
• It is always better to use genuine addresses
• Configure an IP alias with ifconfig or YaST
• View IP aliases by entering ip address show

28
How to Modify a Network Card Manually (continued)

• Modify network interface configuration files
• Configuration files directory
• /etc/sysconfig/network/
• Contains file for each configured network adapter
• Network interfaces are activated at boot
• By script /etc/init.d/network
• /etc/sysconfig/network/config
• Contains general variables for the script
• Directory /etc/sysconfig/network/scripts/
• Contains additional scripts run by
  /etc/init.d/network

29
How to Modify a Network Card Manually (continued)

• Modify network interface configuration files
• Activating and deactivating network interfaces
• Use commands /sbin/ifup, /sbin/ifdown,
  /sbin/ifstatus
• Use script /etc/init.d/network
• Configure host and domain names
• Modify the following files
• /etc/HOSTNAME
• /etc/resolv.conf

30
Configure and Manage Routes

• Objectives
• Route Types
• How to Manage Routes with route
• How to Modify Route Configuration Files
• How to Activate Routing
• How to Manage the Network Interface and Routes
  with ip

31
Route Types

• Host routes
• Define path data packet can take for exactly one
  destination host
• Network and gateway routes
• Define path data packet can take for an entire
  destination network
• Default route
• Special gateway route
• Defines route data packet can take if no previous
  route matched destination of the packet

32
How to Manage Routes with route

• Use command route (/sbin/route)
• To check and edit the routing table
• Create a route
• Syntax
• route add -net -host destination netmask
  mask gw gateway metric n dev interface
• Static routing is set up by default
• Dynamic routing needs a routing daemon
• You also need to add the option metric n

33
How to Manage Routes with route (continued)

• Delete a route
• Syntax
• route del -net -host destination gw gateway
  netmask mask dev interface
• route del default
• Deletes the default route

34
How to Modify Route Configuration Files

• An entry is generated in the kernel routing table
• For all active network interfaces
• Additional static routes
• Configured in the files
• /etc/sysconfig/network/routes
• /etc/sysconfig/network/ifroute-Interface
• Configuration files include the following fields
• Destination network/destination host
• The gateway to use
• The network mask
• The network interface

35
How to Activate Routing

• A Linux host can also serve as a router itself
• This property is deactivated by default
• Activate routing by adding entry in the process
  file
• echo 1 gt /proc/sys/net/ipv4/ip_forward
• 0 will deactivate routing
• Activate routing permanently
• Set following variable in /etc/sysconfig/sysctl
• IP_FORWARDyes

36
How to Manage the Network Interface and Routes
with ip

• SUSE Linux Enterprise Server ip command
• Replaces ifconfig and route commands
• ip general syntax
• ip options object command parameters
• Modifications made with command ip are temporary
• Tasks performed with ip
• Assign Parameters for Network Interfaces (ip
  link)
• Assign IP Addresses (ip address)
• Set Up Routes (ip route)

37
How to Manage the Network Interface and Routes
with ip (continued)
38
How to Manage the Network Interface and Routes
with ip (continued)

• Assign Parameters for Network Interfaces (ip
  link)
• Use ip commands
• set and show
• Assign IP Addresses (ip address)
• Most important ip commands
• add, del, and show
• Set Up Routes (ip route)
• Use ip commands
• add, change, delete, and show

39
How to Manage the Network Interface and Routes
with ip (continued)
40
How to Manage the Network Interface and Routes
with ip (continued)
41
How to Manage the Network Interface and Routes
with ip (continued)
42
Test the Network Interface

• Objectives
• Check a Network Connection between Hosts (ping)
• Check the Routing (traceroute)
• Analyze Network Traffic (tcpdump and ethereal)
• Determine the Status of All Network Connections
  (netstat)
• Check for Service Availability (netcat)

43
Check a Network Connection between Hosts (ping)

• Command ping (/sbin/ping)
• Simple tool for checking network connections
• How the command tests a connection
• Enter ping host
• Server sends ICMP datagram to the target host
• With the echo request
• Target host answers with ICMP datagram
• Containing the message echo reply
• ICMP protocol does not involve higher level
  protocols
• Command options
• See Table 7-7

44
Check a Network Connection between Hosts (ping)
(continued)
45
Check a Network Connection between Hosts (ping)
(continued)

• Troubleshooting suggestions
• Start by checking the host-internal network
• ping localhost
• Then check network interface connected to your
  host
• ping interface_addr
• Check network segment to the next closest network
  element
• In the direction of the target host
• Until the check ends at the target host

46
Check the Routing (traceroute)

• Command traceroute (/usr/sbin/traceroute)
• Helps you follow route taken by an IP datagram
• How a route is traced
• traceroute sends three UDP datagrams with TTL 1
  
• Then increases value for the next three datagrams
• TTL is reduced by 1 when UDP datagram passes
  through a router
• Datagram is discarded at TTL0
• Gateway at TTL0 sends an ICMP datagram
• With message TTL exceeded back to the sender

47
Check the Routing (traceroute) (continued)

• How a route is traced
• If UDP datagram reaches the target host
• Host replies with ICMP datagram Port Unreachable
• From this message
• Sender recognizes that target host has now been
  reached
• Syntax
• traceroute host
• Command options
• See Table 7-8

48
Check the Routing (traceroute) (continued)
49
Check the Routing (traceroute) (continued)

• Troubleshooting suggestions
• Common reason for defective communication
• Transport path between these networks contains
  errors
• traceroute
• Excellent tool for checking routers located on
  this transport path
• Shows at which hop the transport path is faulty

50
Analyze Network Traffic (tcpdump and ethereal)

• How to use tcpdump
• Command tcpdump (/usr/sbin/tcpdump)
• Lets you analyze data packets
• Syntax
• tcpdump i interface
• Puts interface in promiscuous mode
• How to use ethereal
• Graphical tool
• Provides the same functionality as tcpdump
• Must be first installed using YaST

51
Analyze Network Traffic (tcpdump and ethereal)
(continued)
52
Analyze Network Traffic (tcpdump and ethereal)
(continued)
53
Analyze Network Traffic (tcpdump and ethereal)
(continued)

• Command options (tcpdump)
• See Table 7-9
• Troubleshooting suggestions
• Use tcpdump or ethereal to analyze network
  traffic
• Helps you find which packets are exchanged
• Recommended for security-critical environments

54
Determine the Status of All Network Connections
(netstat)

• Command netstat (/bin/netstat)
• Helps you determine the status of all network
  connections on a host
• How to use netstat
• Displays the status of all open sockets
• Information is displayed in two blocks
• First block
• Each socket is listed on a separate line
• Second block
• Contains information on the UNIX domain sockets
  active on the host

55
Determine the Status of All Network Connections
(netstat) (continued)

• Command options
• See Table 7-10
• Troubleshooting suggestions
• netstat
• Ideal for monitoring resources for network
  sockets on a host
• Provides detailed information on existing and
  available network sockets or resources

56
Determine the Status of All Network Connections
(netstat) (continued)
57
Check for Service Availability (netcat)

• Command netcat (/usr/bin/netcat)
• Uses TCP and UDP protocols
• To read and write data through network
  connections
• How to use netcat
• netcat host port
• Advanced use of netcat
• Query ports and display the responses of the
  services
• nmap command
• More suitable for a simple port scan
• Transmit files between hosts
• Command options (see Table 7-11)

58
Check for Service Availability (netcat)
(continued)
59
Exercise 7-1 Configure and Test Your Network
Connection

• In this exercise, you do the following
• Part I View and Record Network Configuration
• Part II Configure a Static Network with YaST
• Part III Test the Network Card Configuration

60
Summary

• Each host has an IP address and subnet mask
• IP classes normally used for IP addressing
• Class A, B, and C
• Commands ifconfig and ip
• View and change your TCP/IP configuration
• Network interface and TCP/IP information
• Stored in the /etc/sysconfig/network
• Started by the /etc/init.d/network script
• Each host contains a hostname
• Stored in the /etc/HOSTNAME file

61
Summary (continued)

• /etc/resolv.conf file
• Contains the addresses of up to three DNS servers
• TCP/IP networks are connected via routers
• Host has a routing table
• That typically contains a default gateway route
• Commands route and ip
• View and change the routing table
• Commands ping and traceroute
• Used to test network communication and routing

62
Summary (continued)

• Command netcat
• Used to test TCP and UDP connections
• Utilities tcpdump and ethereal
• Used to capture and analyze network traffic