home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Chip 2000 May
/
Chip_2000-05_cd2.bin
/
docu
/
ascii
/
suselxen
/
slxen-05.txt
< prev
next >
Wrap
Text File
|
2000-03-11
|
36KB
|
867 lines
Part II
Network configuration
131
Chapter 5
Networking Linux
Preliminary Words. . .
In this age of communication, the number of computers connected to one
another is already so large that a standalone machine that is not networked at
least some of the time, is quite a rarity. Linux is in its element in the Internet,
and offers you all the resources necessary to connect to multiple networks.
This chapter presents an overview of the tools needed for installing and main-
taining your network connections. The most important configuration files will
be discussed, together with some of the more important tools.
First, we will show you how a Linux machine can be integrated into an
existing LAN and how you can create a network of Linux machines. Then,
connecting to other hosts via modem is explained. We show you how to
make an Internet connection using PPP. A longer section is dedicated to ISDN
configuration. Then the configuration of mail and news systems is discussed,
and the chapter ends with the description of a fax system in Linux.
Almost everything to do with networks can be adjusted in YaST (see Sec-
tion 3.6 page 89 and Section 17.6 page 400); since configuring a network can
become very complex, however, only the basic mechanisms and the relevant
files for configuring the network will be discussed.
Good Neighborhoods-Connecting to a LAN
Connecting a Linux machine to other UNIX machines (this can include other
Linux machines as well, of course) via a LAN is not a problem. Certain
pre-requirements need to be fulfilled, but these do not restrict the use of a
Linux machine in a networking environment.
Requirements and Preliminary Work
Linux supports almost every type of network card (Ethernet, Arcnet, To-
ken Ring) and is familiar with almost every known networking protocol
(TCP/IP, AppleTalk, IPX). Taking every possible configuration into consid-
eration would go far beyond the scope of this chapter. We will discuss
the most general case (integrating Linux into a TCP/IP network via an eth-
ernet card). The latest information about other networks can be found in
Documentation in your kernel source directory. The kernel's help func-
tion (when you configure it) supplies you with very useful additional infor-
mation.
133
5. Networking Linux
The following requirements have to be met:
* Your machine has to have a supported network card; you can see if your
card has been started correctly with the following command:
earth:/ # cat /proc/net/dev
There should be a line beginning with eth0:.
If kernel support for network cards is by means of modules, (see Sec-
tion 13.2 page 318-as is the general case for SuSE kernels) the name
of the module has to be entered in /etc/modules.conf. For your first
ethernet card, this might look like:
alias eth0 tulip
This is done automatically if you selected the network module in Linuxrc
during installation. It can also be done at a later time using YaST (see
Section 3.6.1 page 89).
If these requirements are fulfilled, there are some things to be considered
before you start configuring your machine:
Host name The name of your machine on the network. Host-
name should not exceed 8 characters and should not
already be used on the local net.
Domain name The name of the domain your machine belongs
to. Domains help to structure big networks (such
as the Internet). A host is addressed via its fully
qualified name, which consists of a hostname, do-
main name and top level domain. For exam-
ple, earth.cosmos.com addresses the computer
earth in the domain cosmos.com. The top
level domain may contain up to 4 letters. The pat-
tern for a fully qualified domain name is computer-
name.domainname.top level domain.
Table 5.1: continued overleaf. . . ...
134
5. Networking Linux
IP address The address of your machine in the network. Ev-
ery machine has at least one IP address for each
network interface (e.g. a network or ISDN card),
which is unique. This address consists of a sequence
of 4 bytes, normally separated by full stops (e. g.,
193.141.17.1).
If you choose an IP address, you should consider
whether you plan to connect to the Internet in the
near future. If so, it is recommended that you use
registered IP addresses from the very start.
If you only have a private local network, there are
some address ranges defined by the pseudo-standard
RFC1597 which ensures that even if one of these ad-
dresses "escapes" to the Internet, it won't hurt any-
body or cause any damage.
10.0.0.0 10.255.255.255 (Class A)
172.16.0.0 172.31.255.255 (Class B)
192.168.0.0 192.168.255.255 (Class C)
Some IP addresses are not intended for computers,
but have special functions. For example, the address
192.168.0.0 represents the network itself, and
192.168.0.255 is the broadcast address which
belongs to it.
Gateway address If there is a gateway computer on your network (that
is, a machine that is connected to more than one net-
work and which transports packets from one network
to the other), you can enter the appropriate address
while configuring your network.
Netmask By means of the netmask, it is clear which network
the machine belongs to. The IP address is added to
the netmask via a logical AND. Thus, the host part is
cut out and leaves the network's address as a result.
Address of the Name servers provide a DNS (Domain Name Ser-
name server vice) which converts host names into IP addresses.
Thus the computer name earthis assigned the IP
address 192.168.0.20.
If there is a reachable name server on the net and
you want to use it by default, its IP address should
be entered when you configure the network.
Table 5.1: Values for network configuration
135
5. Networking Linux
5.1 Configuration Using YaST
If all the preliminary requirements from Section 5 page 133, are fulfilled, you
can start configuring your network via YaST.
1. Log in as `root'.
2. Start YaST and change to `System administration', `Net-
work configuration', `Basic network configuration'.
Figure 5.1: Configure network using YaST
3. Now select a free number, e. g. 0.
4. Press F5 and select `Ethernet'. Leave this mask by pressing `Con-
tinue'.
5. Now press F6 (`IP addresses') and enter the IP address of your
machine (e. g. 192.168.0.20). Then you should enter the netmask.
For a class C network (up to 254 machines in one subnet) this typically is
255.255.255.0. If there is no gateway on your network you should
leave this entry blank.
6. Leave this entry by hitting `Continue'.
7. Activate the network with F4
.
8. Pressing F10 lets you save your network configuration, Esc leaves the
mask without changes.
9. `Change hostname' lets you assign or change the host name. You
also need to enter the domain the host belongs to.
10. `Configure network services' enables you to configure
whether the inetd, portmapper, or the NFS server should be started.
And you may enter the name that is posted to news articles on USENET.
* inetd is needed to invoke certain services on demand, such as telnet,
finger, ftp and more. The inetd should always be started, as otherwise
some services are not available. On systems where security is an issue,
please follow the guidelines in Section 18.2.2 page 421.
136
5.2. Manual Network Configuration-Where Do I Find What?
* If you want to use this machine either as an NFS or NIS server you
will need to start the portmapper (portmapper) at boot up. If you have
decided on starting the portmapper, you are asked whether you want to
start the NFS server as well.
11. `Configure nameservers' lets you assign one or more name-
servers. Up to three IP addresses may be entered.
12. `Configure sendmail' allows you to install a basic configuration
for sendmail. A detailed reference on sendmail configuration is located in
Section 6.8 page 176.
Moreover there are a couple of settings in /etc/rc.config which you
might find useful in setting up your network. YaST provides an easy frontend
to edit this file (see Section 17.6 page 400).
The basic network configuration should now be complete. YaST then
launches SuSEconfig and adds the changes to the respective files (see Sec-
tion 5.2). For the changes to take effect, it is necessary to restart the daemons.
This might be achieved by entering:
earth: # rcnetwork restart
(see Chapter 17 page 395).
5.2 Manual Network Configuration-Where Do I Find
What?
You should use YaST to configure your network, but since, unfortunately, it
doesn't cover all parts of network configuration, there may be some work to
be done by hand.
Generally, all settings should be made in /etc/rc.config. If you do
change this file using YaST, you don't have to bother. If you change this file
manually, don't forget to launch SuSEconfig each time you've changed it, in
order for the configuration changes to take effect!
5.2.1 Configuration Files
This section gives you an overview of the most important configuration files
for your network and roughly explains their functions and format.
/etc/rc.config
In this central configuration file, almost everything concerning your net-
work can be set. After changing it with YaST and launching SuSEconfig,
most of the necessary configuration files will be generated automatically.
Even boot scripts are built via settings in this file.
/etc/hosts
Here, machines are assigned IP addresses (see File contents 5.2.1 on the
next page). If no nameserver is used, every machine you want to be able
to reach has to be set ¡ one line per machine. This line consists of the IP
address, the fully qualified hostname (full name), and the unofficial name
(nickname). The IP address has to be at the beginning of the line, entries
are separated by blanks, or tab-stops. Comments are started with a `#'.
137
5. Networking Linux
## hosts This file describes a number of hostname-to-address
# mappings for the TCP/IP subsystem. It is mostly
# used at boot time, when no nameservers are running.
# On small systems, this file can be used instead of a
# "named" nameserver. Just add the names, addresses
# and any aliases to this file...
#127.0.0.1 localhost
193.141.17.1 gauss.suse.de gauss
193.141.17.42 sofa.suse.de sofa
# End of hosts
File contents 5.2.1: /etc/hosts
/etc/networks
Here, network names are converted to network addresses. The format of
this file resembles the hosts file. Here, however, network names are put
in front of the addresses (see File contents 5.2.2).
## networks This file describes a number of netname-to-address
# mappings for the TCP/IP subsystem. It is mostly
# used at boot time, when no nameservers are running.
#loopback 127.0.0.0
localnet 193.141.17.0
# End of networks.
File contents 5.2.2: /etc/networks
/etc/host.conf
This file is for resolving hostnames. Hostnames (or networks) are entered
here; resolving itself is done by the resolver library. Comments begin
with a `#'. The following parameters can be set:
order bind hosts Order in which services for resolving a host-
name are called. Possible arguments are:
bind: using a nameserver
hosts: searching /etc/hosts
multi on off Determines if a machine in /etc/hosts is
allowed to have multiple IP addresses.
nospoof on
alert on off Just influences the spoofing of the name-
server, without any other consequences.
Table 5.2: continued overleaf. . . ...
138
5.2. Manual Network Configuration-Where Do I Find What?
trim <domainname> The given domain name is cut off from its
hostname before being resolved (provided
this machine name contains the given do-
main name). This might come in handy if in
/etc/hosts there are only local domains
which should be recognized even with the
full domain name attached.
Table 5.2: Parameters for /etc/host.conf
An example for /etc/host.conf can be seen in file contents 5.2.3Con-
figuration Filestable.5.2, page 139.
## /etc/host.conf
## We have named running
order hosts bind
# Allow multiple addrs
multi on
# End of host.conf
File contents 5.2.3: /etc/host.conf
/etc/nsswitch.conf
With the GNU C library 2.0, SuSE Linux now makes use of the
"Name Service Switch" (NSS) (see manpage for nsswitch.conf
(man 5 nsswitch.conf). More detailed information can be found
in The GNU C Library Reference Manual, in the chapter "System
Databases and Name Service Switch" 1).
The file /etc/nsswitch.conf lets you set the order in which certain
information is requested. There is an example for nsswitch.conf in
File contents 5.2.4 on the next page. Comments are marked with a `#'.
An entry in the so called "database" hosts means that after /etc/
hosts (files) is run, a DNS request (see package named) is sent.
The "databases" that are available under NSS are listed in Table 5.3 on
the following page. For future releases the parameters automount,
bootparams, netmasks and publickey should be available.
1 package libcinfo, series doc.
139
5. Networking Linux
## /etc/nsswitch.conf
#passwd: compat
group: compat
hosts: files dns
networks: files dns
services: db files
protocols: db files
netgroup: files
File contents 5.2.4: /etc/nsswitch.conf
aliases Mail aliases, used by sendmail(8); see manpage
for aliases (man 5 aliases).
ethers Ethernet addresses.
group For user groups, used by getgrent(3) see man-
page for group (man 5 group).
hosts Hostnames and IP addresses, used by
gethostbyname(3) and similar functions.
netgroup Valid list of hosts and users in the current net-
work for setting user permissions; see manpage for
netgroup (man 5 netgroup).
networks Network names and addresses, used by
getnetent(3).
passwd User passwords used by getpwent(3); see man-
page for passwd (man 5 passwd).
protocols Network protocols, used by getprotoent(3) see
manpage for protocols (man 5 protocols).
rpc "Remote Procedure Call" names and addresses, used
by getrpcbyname(3) and similar functions.
services Network services, used by getservent(3).
shadow "Shadow" passwords of the users, used by
getspnam(3); see manpage for shadow
(man 5 shadow).
Table 5.3: Via /etc/nsswitch.conf available "data bases"
140
5.2. Manual Network Configuration-Where Do I Find What?
All configuration possibilities of NSS "databases" are listed in Table 5.4.
files directly access files, e. g. /etc/aliases.
db access via a database.
nis see Section 5.4 page 144.
nisplus
dns Only available with hosts and networks as ex-
tension.
compat Only available with passwd, shadow and group
as extension.
additionally it is possible to trigger different reactions on dif-
ferent lookup results. Details in manpage for
nsswitch.conf (man 5 nsswitch.conf)
Table 5.4: Possible settings of the NSS-"data base"
/etc/resolv.conf
As with /etc/host.conf, this file plays a vital role in resolving ma-
chine names by means of the resolver library.
The domain for a given machine is specified here (keyword search),
together with the address of the nameserver. There can be several entries
for domain names in here.2 If a not fully-qualified name is resolved,
entries in search are appended one after the other, to create a fully
qualified name.
Several nameservers can be given here, each on a line of its own; these
entries have to start with nameserver. Comments are entered as usual
using `#'.
# /etc/resolv.conf
## Our domain
search suse.de
## We use Gauss (193.141.17.1) as nameserver
nameserver 193.141.17.1
# End of resolv.conf
File contents 5.2.5: /etc/resolv.conf
YaST (see Section 5.1 page 136) enters the specified nameserver here
automatically!
/etc/HOSTNAME
The complete name of the machine is entered here, along with its domain
name (this is called the fully qualified domain name). This file is read
by a couple of scripts at startup. It should only contain one line with the
2 The more entries there are the longer it will take to resolve a name!
141
5. Networking Linux
machine's name! The file is also automatically generated via settings in
/etc/rc.config.
5.2.2 Startup Scripts
Besides the configuration files described above, there are a couple of scripts
that start networking programs at startup. These scripts are run as soon as the
machine switches to one of the multiuser runlevels.
/sbin/init.d/network This script is responsible for config-
uring your (network) hard- and soft-
ware at boot time; it also evaluates
the IP address, network address, net-
mask, and gateway given in /etc/
rc.config (created by YaST; see
Section 5.1 page 136).
/sbin/init.d/inetd Starts inetd if defined in /etc/rc.
config. This is necessary if you
want to login to this machine via a net-
work.
/sbin/init.d/rpc Starts the various RPC servers which
are needed if filesystems are exported
to other machines via NFS (NFS
server).
/sbin/init.d/sendmail Controls sendmail process according
to settings in /etc/rc.config.
Table 5.5: The network startup scripts
5.3 Routing Under SuSE Linux
Preliminaries
Setting the routing table on SuSE Linux is not done by means of variables
in the central configuration file /etc/rc.config, but through a special
script in /sbin/init.d. and another configuration file in /etc.
After the network has been initialized by the boot scripts in /sbin/init.
d/network, i4l_hardware and possible additional boot scripts, /etc/
route.conf is searched by /sbin/init.d/route to build a routing
table. This table is then configured for the system.
Any static routes that are needed may be added to /etc/route.conf:
routes to a host, routes to a host via a gateway and routes to a network.
Another possibility is to use the program routed, but configuring this is more
complicated. For more information, please see the routed manpage.
142
5.3. Routing Under SuSE Linux
How to Use /etc/route.conf
The rules that apply to /etc/route.conf are adapted from the output
of route. If route is called without parameters, the routing table in use
is displayed. Apart from Flags, Metric, Ref and Use, the entries in
/etc/route.conf are identical.
These are the rules that apply to /etc/route.conf:
* Lines beginning with # or blank lines are ignored. An entry consists of
one line and from 2 to 4 columns.
* The first column gives the target of a route. Here, the IP address of a host,
a network, or a reachable nameserver may be given. Even the full name
is allowed (Fully Qualified Domain Name).
* The keyword default is reserved for the default gateway. Please do not
use 0.0.0.0 as the target for routing entries.
* The second column either contains a separator (0.0.0.0) or the IP ad-
dress (or the FQDN) of a host. This host may be the default gateway or a
gateway behind a host or network.
* The third column is for entering the netmask of networks or hosts behind
a gateway. For hosts behind a gateway this is 255.255.255.255.
* The last column is only important for networks (loopback, Ethernet,
ISDN, PPP, dummy device, etc.) connected to the local machine. Here,
the device has to be specified.
A simple example of /etc/route.conf is shown in figure 5.3.1. If new
entries are added to /etc/route.conf, just enter:
root@earth:/ > /sbin/init.d/route stop
root@earth:/ > /sbin/init.d/route start
to run the routing table with the new entries.
# Destination Dummy/Gateway Netmask Device
## Net devices
#127.0.0.0 0.0.0.0 255.255.255.0 lo
204.127.235.0 0.0.0.0 255.255.255.0 eth0
## Gateway
#default 204.127.235.41
## Host behind Gateway
#207.68.156.51 207.68.145.45 255.255.255.255
## Net behind a Gateway
#192.168.0.0 207.68.156.51 255.255.0.0
File contents 5.3.1: Simple example of /etc/route.conf
143
5. Networking Linux
5.4 NIS, Yellow Pages on a LAN
5.4.1 What is NIS?
As soon as multiple UNIX systems in a network want to access common re-
sources, you have to make sure, for example, that all user and group identities
are the same for all machines in that network. The network should be trans-
parent to the user: whatever machine a user is working on, he will always find
himself in exactly the same environment. This is made possible by means of
NIS and NFS services. NFS distributes filesystems over a network, and is
discussed in Section 5.5 on the next page.
NIS (Network Information Service)3 is a database service which enables ac-
cess to /etc/passwd, /etc/shadow and /etc/group across a net-
work. NIS can be used for other, more specialized tasks (such as for /etc/
hosts or /etc/services), but we will spare you the details here.
5.4.2 Installing an NIS Client
SuSE Linux contains all the packages needed to install a NIS client. These
tools are bundled in package ypclient, series n. To install an NIS client,
proceed as follows:
* Adjust the NIS domain at startup by setting YP DOMAINNAME in
/etc/rc.config. When switching to a (networking) runlevel,
/sbin/init.d/network evaluates these settings and assigns the
domain name accordingly.
The NIS domain name should not be confused with the DNS domain
name ; they have nothing to do with one another, even though they might
have the same name!
* Assign the NIS server. The NIS server is set via /etc/rc.config in
the variable YP SERVER . SuSEconfig then writes the correct values to
/etc/yp.conf (see file contents 5.4.1). If you have set up this variable
using YaST, this step is performed automatically.
This file must contain a line starting with ypserver, followed by the
name of the NIS server.
## yp.conf
## Legal entries are:
## ypserver <servername> Define which host to contact
# for YP service.
#ypserver galois.suse.de
# End of yp.conf
File contents 5.4.1: /etc/yp.conf
3 NIS is commonly referred to as YP. This comes from "yellow pages", the "yellow pages" on
the net.
144
5.5. NFS-Distributed Filesystems
* Ensure that the RPC portmapper is started. NIS utilizes RPC (Remote
Procedure Calls). Therefore the RPC portmapper needs to be running.
This server is started by /sbin/init.d/rpc and is performed auto-
matically if you have configured it in /etc/rc.config.
* Complete the entries in /etc/passwd and /etc/group.
In order for a request to be sent to the NIS server, after the local files have
been searched, a line containing only a `+' has to be added to the relevant
files. NIS allows you to set a multitude of other options, such as netgroups
or local overwriting of NIS entries. The corresponding README files
have more information on these settings.4
* Start ypbind. The final step in activating the NIS server is to launch
ypbind. This is what actually starts the NIS client.5 This program is
launched automatically if you have configured your network with YaST.
* To activate your changes, either restart your system or enter:
earth: # rcnetwork restart
earth: # rcypclient restart
5.4.3 NIS Master and Slave Server
For this feature you need to install package ypserver, series n. The proce-
dure is explained in /usr/doc/packages/yp/HOWTO.
5.5 NFS-Distributed Filesystems
As mentioned above in Section 5.4 on the facing page, NFS (together with
NIS) makes a network transparent to the user. By means of NFS it is possible
to distribute filesystems over the network. It doesn't matter at which terminal
a user is logged in. He will always find himself in the same environment.
As with NIS, NFS is an asymmetric service. There are NFS servers and NFS
clients. A machine can be both-it can supply filesystems over the network
(export) and mount filesystems from other hosts (import). Generally, these are
servers with a very large hard drive capacity, whose filesystems are mounted
by other clients.
5.5.1 Importing Filesystems
To import filesystems from an NFS server, the only requirement is that the
RPC portmapper is already running. How to start this server has already
been covered in connection with NIS (see page Section 5.4.2). If this is the
case, other filesystems can be mounted (as long as they are exported by the
server) just as easily as local filesystems, using the program mount with the
following syntax:
mount -t nfs <host>:<remote path> <local path>
If user directories from the machine Gauss.suse.de, for example, are to
be imported, the following command can be used:
earth:/ # mount -t nfs helios:/home /home
4 /usr/doc/packages/ypclient/yp-clients-2.2.
5 Strictly speaking, this is no longer necessary, but it guarantees a reconnection if, for example,
the NIS server has been booted.
145
5. Networking Linux
5.5.2 Exporting Filesystems
A machine that exports filesystems is called a NFS server. On a NFS server,
there are a couple of tools that need to be started:
* RPC portmapper (rpc.portmap)
* RPC mount-daemon (rpc.mountd)
* RPC NFS-daemon (rpc.nfsd)
These are started by /sbin/init.d/rpc at startup. (see above)
The configuration file /etc/exports decides which directories should be
exported to which machines. For each directory to be exported, one line
is needed to specify which machines may access that directory, and with
what permissions; all sub-directories of this directory will automatically be
exported as well. All authorized machines are usually denoted with their full
name (including domain name), but it is possible to use wildcards like `*'
or `?' as well. If no machine is specified here, any machine is allowed to
import this filesystem with the given permissions.
Permissions of the filesystem to be exported are denoted in brackets after the
machine name. The most important options are:
ro Filesystem is exported with read-only permission (de-
fault).
rw Filesystem is exported with read-write permission.
root squash This makes sure that the user `root' of the given
machine doesn't have `root' specific permissions on
this filesystem. This is achieved by assigning user-ID
65534 to users with user-ID 0 (root). This user-ID
should be set to `nobody'
no root squash Doesn't assign user-ID 0 to user-ID 65534 (default).
link relative Converts absolute links (those beginning with `/') to
a sequence of `../'. This is only useful if the whole
filesystem of a machine is mounted (default).
link absolute Symbolic links remain untouched.
map identity User-ID's are exactly the same on both client and
server (default).
map-daemon Client and server don't have matching user-IDs. This
tells nfsd to create a conversion table for user-IDs.
ugidd is required for this to work.
Table 5.6: Permissions for exported filesystems
Your exports file might look like File contents 5.5.1 on the facing page.
File /etc/exports is read by mountd. So if you have changed anything
in this file, make sure you restart mountd and nfsd for your changes to take
146
5.5. NFS-Distributed Filesystems
## /etc/exports
#/home helios(rw) venus(rw)
/usr/X11 helios(ro) venus(ro)
/usr/lib/texmf helios(ro) venus(rw)
/ earth(ro,root_squash)
/home/ftp (ro)
# End of exports
File contents 5.5.1: /etc/exports
effect. This can easily be done by:
earth: # rcnfsserver restart
147
5. Networking Linux
148
