 | Level: Introductory Chris Walden (dwinfo@us.ibm.com), e-business Architect, IBM
11 Nov 2003 IBM e-business architect Chris Walden is your guide through a nine-part developerWorks series on moving your operational skills from a Windows to a Linux environment. He covers everything from logging to networking, and from the command-line to help systems -- even compiling packages from available source code. In this part, we explore networking, which is one of the things that Linux does best.
It is almost inconceivable to run a computer in this age without being
connected to a network. E-mail, Web browsing, and file sharing are all as
expected as printing and viewing information on a screen.
Fortunately, Linux was made for the network from the very beginning. In
fact, networking is one of the things that Linux does best. Linux supports
the popular networking protocols such as TCP/IP and SMB (NetBIOS). Linux
also has sophisticated tools for monitoring and filtering network traffic.
Services such as FTP, Windows file and print sharing, and Web serving are
available. Linux even provides facilities for centralized directory
services, Virtual Private Networking (VPN), and remote procedure calls.
Network
hardware
Linux can work with any network hardware for which it has a driver.
Linux drivers are compiled into the kernel, either
monolithically or as loadable modules. Many popular network cards are
supported by default in the Linux kernel. When selecting network hardware,
it is always good to use a device listed on the "Hardware
Compatibility List" (see Resources for
links). Use the most up-to-date version for your Linux distribution.
Generally, if you are using compatible network hardware, your card will
be automatically recognized when you install the system. You can check the
network hardware found on your system by using the ifconfig command. By default, ifconfig shows you active network devices. You see
all network devices by adding the -a switch:
Listing 1. Using ifconfig
refname: ifconfig-a
[root@cmw-t30 root]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:09:6B:60:8B:1E
inet addr:9.41.209.160 Bcast:9.41.209.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:47255 errors:0 dropped:0 overruns:0 frame:0
TX packets:32949 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:22140365 (21.1 Mb) TX bytes:13519623 (12.8 Mb)
Interrupt:11 Base address:0xf000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1308081 errors:0 dropped:0 overruns:0 frame:0
TX packets:1308081 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:183376967 (174.8 Mb) TX bytes:183376967 (174.8 Mb)
|
In the listing above, there is only one network card in the system,
identified as eth0. The lo adapter is a loopback, used by Linux to
talk to itself. We'll look more at the ifconfig
command later.
Network device
names
When they are configured, Linux network devices are given aliases, which
consist of a descriptive abbreviation and a number. The first device of
a type is numbered 0, and the others are numbered 1, 2, 3, etc. The
following naming conventions are used. The information is taken from the
Linux Network Administrator's Guide (see the Resources section at the end of this article for links).
- eth0, eth1 ...
These are the Ethernet card interfaces. They are used for most Ethernet
cards, including many of the parallel port Ethernet cards.
- tr0, tr1 ...
These are the Token Ring card interfaces. They are used for most Token
Ring cards, including non-IBM manufactured cards.
- s10, s11 ...
These are the SLIP interfaces. SLIP interfaces are associated with serial
lines in the order in which they are allocated for SLIP.
- ppp0, ppp1 ...
These are the PPP interfaces. Just like SLIP interfaces, a PPP interface
is associated with a serial line once it is converted to PPP mode.
- plip0. plip1 ...
These are the PLIP interfaces. PLIP transports IP datagrams over parallel
lines. The interfaces are allocated by the PLIP driver at system boot time
and are mapped onto parallel ports. In the 2.0.x kernels, there is a
direct relationship between the device name and the I/O port of the
parallel port, but in later kernels, the device names are allocated
sequentially, just as for SLIP and PPP devices.
- ax0, ax1 ...
These are the AX.25 interfaces. AX.25 is the primary protocol used by
amateur radio operators. AX.25 interfaces are allocated and mapped in a
similar fashion to SLIP devices.
There are many other types of interfaces available for other network
drivers. We've listed only the most common ones.
Since Ethernet is the most common configuration, we will focus on that.
For more information about other kinds of connections, see the Resources at the end of this article.
Network
configuration
When you installed your distribution of Linux, the networking was
configured. You probably already have an active eth0 from that
initial configuration. This configuration is probably adequate for your
use right now, but you may need to make changes over time. We will cover
different configuration items related to IP networking and the files and
tools for working with them.
Webmin
Webmin offers a good set of network configuration tools under Networking,
Network Configuration. You can configure individual interfaces and adjust
their current settings or their saved settings. Also the Routing and
Gateways, DNS Client settings, and local host addresses can be configured.
Once all of the configurations have been edited, you can apply them by clicking Apply Configuration. Rebooting the system is not necessary.
|
Localhost
The local host addresses are contained in /etc/hosts. This file is
equivalent to the C:\winnt\system32\drivers\etc\hosts file.
Entries show aliases for IP addresses and are used to assign names without
having to consult a DNS.
127.0.0.1 localhost.localdomain localhost
10.10.10.10 cmw-t30
|
|
Distribution
tools
Each distribution has its own tools for configuring network settings. You
should consult your particular distribution's documentation to see what it
uses. Each tool provides essentially the same configuration options as the
Webmin tool. Some of them may provide options specific to the
distribution.
Figure 1. Red Hat 8.x and 9.x use the redhat-config-network tool
Figure 2. SuSE and United Linux use the YAST tool
Manual configuration is also possible, but it is a very deep subject.
Please refer to your distribution documentation and the Resources at the
end of this article for information about manual network configuration.
Tools to
analyze and monitor
Linux comes with many tools to monitor networking tasks.
ifconfig
We used the ifconfig command above to see the
status of the ethernet card. However, ifconfig
can configure devices as well as report on them. Suppose you want to set
up a temporary network configuration for testing. You could edit the
configuration through the distribution tool, but you would need to note
all of the settings to put it back when you're done. By using ifconfig, we can configure the card quickly without
touching the saved settings:
ipconfig eth0 192.168.13.13 netmask 255.255.255.0 up
The command above will set eth0 to the address 192.168.13.13 with a Class
C IP address and make sure that it is up.
ipconfig eth0 down
The command above will shut down the eth0 device. See the info ifconfig page for full details on using ifconfig.
ifup/ifdown
To activate and deactivate network devices using their saved
configurations, use ifup and ifdown, respectively.
# Bring up eth0 using the saved configuration
ifup eth0
# Shut down eth0
ifdown eth0
netstat
Use the netstat console command to print
network connections, routing tables, interface statistics, masquerade
connections, and multicast memberships. netstat has several command line switches to control
its function. Here are some of the common ones:
Printing network status
netstat -p | Shows the PID and name of the program to which each socket belongs | netstat -a | Shows both listening and non-listening sockets | netstat -t | Shows TCP connections | netstat -u | Shows UDP connections | netstat -e | Displays additional information; use this option twice for maximum detail |
Here's an example of netstat -tp:
Listing 2. Using netstat
[root@cmw-t30 root]# netstat -tp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 localhost.localdo:29000 *:* LISTEN
2389/attvpnctl
tcp 0 0 *:10000 *:* LISTEN
5945/perl
tcp 0 0 *:x11 *:* LISTEN
1120/X
tcp 0 0 *:ftp *:* LISTEN
724/xinetd
tcp 0 0 *:ssh *:* LISTEN
710/sshd
tcp 0 0 *:ipp *:* LISTEN
797/cupsd
tcp 0 0 *:505 *:* LISTEN
1043/rcd
tcp 0 0 localhost.localdoma:ipp localhost.localdo:32772 ESTABLISHED
797/cupsd
tcp 0 0 sig-9-65-39-140.m:44916 sdoprods2.austin.i:1352 TIME_WAIT
-
tcp 0 0 10.100.100.101:33020 64.12.29.100:5190 ESTABLISHED
1433/gaim
tcp 0 0 localhost.localdo:44954 localhost.localdoma:ipp TIME_WAIT
-
tcp 0 0 localhost.localdo:44955 localhost.localdoma:ipp TIME_WAIT
-
tcp 0 0 localhost.localdo:44897 localhost.localdoma:ipp TIME_WAIT
-
tcp 0 0 localhost.localdo:44902 localhost.localdoma:ipp TIME_WAIT
-
tcp 0 0 localhost.localdo:44903 localhost.localdoma:ipp TIME_WAIT
-
tcp 0 0 localhost.localdo:44900 localhost.localdoma:ipp TIME_WAIT
-
tcp 0 0 localhost.localdo:44901 localhost.localdoma:ipp TIME_WAIT
-
tcp 0 0 10.100.100.101:44888 cs9336-61.austin.r:pop3 TIME_WAIT
-
tcp 0 0 localhost.localdo:32772 localhost.localdoma:ipp ESTABLISHED
1246/gnome-cups-man
tcp 1 0 localhost.localdo:32774 localhost.localdoma:ipp CLOSE_WAIT
1246/gnome-cups-man
tcp 0 0 10.100.100.101:33019 cs46.msg.sc5.yahoo:5050 ESTABLISHED
1433/gaim
tcp 0 0 sig-9-65-39-140.m:35061 d03nm119.boulder.i:1352 CLOSE_WAIT
1720/wineserver
tcp 0 0 10.100.100.101:33021 64.12.30.4:5190 ESTABLISHED
1433/gaim
|
I use netstat most often to view connections
that are in the LISTEN or ESTABLISHED states. LISTEN are the services on
your system that are accepting connections from other machines.
ESTABLISHED are the active connections between your machine and others.
Make sure you know all of the LISTEN programs that are running. If you
see something you don't recognize, it could be a security concern. netstat has many options. Type info netstat at the command line for details.
route
The route console command lets you show
and manipulate the IP routing table.
Listing 3. Using route
[root@cmw-t30 plugins]# route|grep -v ipsec
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
204.146.24.42 10.100.100.1 255.255.255.255 UGH 0 0 0 eth1
10.100.100.0 * 255.255.255.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 10.100.100.1 0.0.0.0 UG 0 0 0 eth1
|
Running route with no switches will show the
current routing table. You can make very elaborate changes to the routing
table using route.
route add default gw 10.10.10.1
The above command adds a default route (which will be used if no other
route matches). All packets using this route will be gatewayed through
"10.10.10.1". The device that will actually be used for that
route depends on how we can reach "10.10.10.1" -- the static
route to "10.10.10.1" will have to be set up before.
route add -net 192.56.76.0 netmask 255.255.255.0 dev eth0
The above command adds a route to the network 192.56.76.x via "eth0."
The Class C netmask modifier is not really necessary
here because 192.* is a Class C IP address. The word "dev" can
be omitted here.
Routing is a very deep subject. Full information about the route options is available with info route.
Summary
Linux was designed for networking from the start. It has built into it
sophisticated functions that were previously found only on high-end
enterprise offerings. However, even
with all of this power, configuration of Linux networking is no
more complex than configuration in Windows. Tools such as Webmin,
redhat-config-network, and YAST allow graphical configuration. Tools such
as ifconfig and route allow viewing and modification of network
parameters from the console or scripts. Tools such as netstat allow viewing of individual network
connections and show their relationships to running processes.
Resources
- Check out the other parts in the Windows-to-Linux roadmap series (developerWorks, November 2003).
-
The online Linux
Network Administrator's Guide, Second Edition is a
single reference for network administration in a Linux environment.
Beginners and experienced users alike will find the information on nearly all important administration activities required to manage a Linux network configuration.
-
The Linux
Ethernet HOWTO has information about which ethernet devices can be
used for Linux, and how to set them up (with a focus on the hardware and
low-level driver aspect of the ethernet cards).
-
The Linux Documentation Project also has a
list of
HOWTOs by category to help you find relevant documentation easily.
-
Hardware Control Lists include the Red Hat Hardware search
page, the SuSE Linux Component
DataBase, and the UnitedLinux Certified and
Compatible Hardware.
-
System security is a vast and complex topic, but in an interconnected
world, it affects everyone. Luckily, it is never too early nor too late to
get started with it. The documents Adding
Security to Common Linux Distributions and Strategies
for Keeping a Secure Server (which is the twelfth chapter from the
earlier referenced Linux Administration Made Easy guide) will help
you to do just that.
-
The IBM developerWorks article "Linux
hardware stability guide" shows you how to diagnose and fix many
potential hardware troubles.
-
Learn more about networking in the IBM developerWorks articles "Sharing
computers on a Linux (or heterogeneous) network" and "Setting up a Local Area Network".
-
Emulate Cisco behavior by following the IBM developerWorks article
"Build
a network router on Linux".
-
Employ better security -- the IBM developerWorks article "Connect
securely with ssh" shows you how.
-
Another great resource for those transitioning from Windows to Linux is
the Technical
FAQ for Linux users.
- For getting started with IBM software on Linux, there's no better resource than the Speed-start your Linux app page. You'll find installation tips and links to resources for DB2, Lotus Domino, WebSphere Application Server, WebSphere Studio, and more. You can also sign up to receive a Linux Software Evaluation Kit, containing trial software and training resources.
- Find more resources for Linux developers in the developerWorks Linux zone.
About the author | | | Chris Walden is an e-business Architect for IBM Developer Relations Technical Consulting in Austin, Texas, providing education, enablement, and consulting to IBM Business Partners. He is the official Linux fanatic on his hallway and does his best to spread the good news to all who will hear it. In addition to his architect duties, he manages the area's all-Linux infrastructure servers, which include file, print, and other application services in a mixed-platform user environment. Chris has ten years of experience in the computer industry ranging from field support to Web application development and consulting. |
Rate this page
| |
