Quick HOWTO : Ch03 : Linux Networking/zh

来自Ubuntu中文
Apshai留言 | 贡献2008年1月3日 (四) 15:46的版本
跳到导航跳到搜索




{{#ifexist: :Quick HOWTO : Ch03 : Linux Networking/zh/zh | | {{#ifexist: Quick HOWTO : Ch03 : Linux Networking/zh/zh | | {{#ifeq: {{#titleparts:Quick HOWTO : Ch03 : Linux Networking/zh|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:Quick HOWTO : Ch03 : Linux Networking/zh|1|-1|}} | zh | | }}  

Introduction

Now that you have a firm grasp of many of the most commonly used networking concepts, it is time to apply them to the configuration of your server. Some of these activities are automatically covered during a Linux installation, but you will often find yourself having to know how to modify these initial settings whenever you need to move your server to another network, add a new network interface card or use an alternative means of connecting to the Internet.

In Chapter 2, "Introduction to Networking", we started with an explanation of TCP/IP, so we'll start this Linux networking chapter with a discussion on how to configure the IP address of your server.

How to Configure Your NIC's IP Address

You need to know all the steps needed to configure IP addresses on a NIC card. Web site shopping cart applications frequently need an additional IP address dedicated to them. You also might need to add a secondary NIC interface to your server to handle data backups. Last but not least, you might just want to play around with the server to test your skills.

This section shows you how to do the most common server IP activities with the least amount of headaches.

Determining Your IP Address

Most modern PCs come with an Ethernet port. When Linux is installed, this device is called eth0. You can determine the IP address of this device with the ifconfig command.

[root@bigboy tmp]# ifconfig -a

eth0 Link encap:Ethernet HWaddr 00:08:C7:10:74:A8 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:11 Base address:0x1820

lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:787 errors:0 dropped:0 overruns:0 frame:0 TX packets:787 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:82644 (80.7 Kb) TX bytes:82644 (80.7 Kb)

wlan0 Link encap:Ethernet HWaddr 00:06:25:09:6A:B5 inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:47379 errors:0 dropped:0 overruns:0 frame:0 TX packets:107900 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:4676853 (4.4 Mb) TX bytes:43209032 (41.2 Mb) Interrupt:11 Memory:c887a000-c887b000

wlan0:0 Link encap:Ethernet HWaddr 00:06:25:09:6A:B5 inet addr:192.168.1.99 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Memory:c887a000-c887b000

[root@bigboy tmp]#


In this example, eth0 has no IP address because this box is using wireless interface wlan0 as its main NIC. Interface wlan0 has an IP address of 192.168.1.100 and a subnet mask of 255.255.255.0

You can see that this command gives good information on the interrupts, or PCI bus ID, used by each card. On very rare occasions you might find that your NIC card doesn't work because it shares both an interrupt and memory access address with some other device. You can look at the contents of the /proc/interrupts file to get a listing of all the interrupt IRQs used by your system. In the example below we can see that there are no conflicts with each IRQ from 0 to 15 having only a single entry. Devices eth0 and eth1 use interrupts 10 and 5, respectively:

[root@bigboy tmp]# cat /proc/interrupts
CPU0
0: 2707402473 XT-PIC timer
1: 67 XT-PIC i8042
2: 0 XT-PIC cascade
5: 411342 XT-PIC eth1
8: 1 XT-PIC rtc
10: 1898752 XT-PIC eth0
11: 0 XT-PIC uhci_hcd
12: 58 XT-PIC i8042
14: 5075806 XT-PIC ide0
15: 506 XT-PIC ide1

NMI: 0 ERR: 43 [root@bigboy tmp]#

If there are conflicts, you might need to refer to the manual for the offending device to try to determine ways to either use another interrupt or memory I/O location.

Changing Your IP Address

If you wanted, you could give this eth0 interface an IP address using the ifconfig command.

[root@bigboy tmp]# ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up

The "up" at the end of the command activates the interface. To make this permanent each time you boot up you'll have to add this command in your /etc/rc.local file which is run at the end of every reboot.

Fedora Linux also makes life a little easier with interface configuration files located in the /etc/sysconfig/network-scripts directory. Interface eth0 has a file called ifcfg-eth0, eth1 uses ifcfg-eth1, and so on. You can place your IP address information in these files, which are then used to auto-configure your NICs when Linux boots. See Figure 3-1 for two samples of interface eth0. One assumes the interface has a fixed IP address, and the other assumes it requires an IP address assignment using DHCP.


Figure 3-1 - File formats for network-scripts

Fixed IP Address
[root@bigboy tmp]# cd /etc/sysconfig/network-scripts

[root@bigboy network-scripts]# cat ifcfg-eth0

  1. File: ifcfg-eth0

DEVICE=eth0 IPADDR=192.168.1.100 NETMASK=255.255.255.0 BOOTPROTO=static ONBOOT=yes

  1. The following settings are optional

BROADCAST=192.168.1.255 NETWORK=192.168.1.0

[root@bigboy network-scripts]#

Getting the IP Address Using DHCP
[root@bigboy tmp]# cd /etc/sysconfig/network-scripts

[root@bigboy network-scripts]# cat ifcfg-eth0

  1. File: ifcfg-eth0

DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes

[root@bigboy network-scripts]#


As you can see eth0 will be activated on booting, because the parameter ONBOOT has the value yes and not no. You can read more about netmasks and DHCP in Chapter 2, "Introduction to Networking", that acts as an introduction to networking.

The default RedHat/Fedora installation will include the broadcast and network options in the network-scripts file. These are optional.

After you change the values in the configuration files for the NIC you have to deactivate and activate it for the modifications to take effect. The ifdown and ifup commands can be used to do this:

[root@bigboy network-scripts]# ifdown eth0

[root@bigboy network-scripts]# ifup eth0

Your server will have to have a default gateway for it to be able to communicate with the Internet. This will be covered later in the chapter.

How DHCP Affects the DNS Server You Use

Your DHCP server not only supplies the IP address your Linux box should use, but also the desired DNS servers. When using DHCP for an interface, make sure your /etc/resolv.conf file has the servers configuration lines commented out to prevent any conflicts.

Multiple IP Addresses on a Single NIC

In the previous section "Determining Your IP Address" you may have noticed that there were two wireless interfaces: wlan0 and wlan0:0. Interface wlan0:0 is actually a child interface wlan0, a virtual subinterface also known as an IP alias. IP aliasing is one of the most common ways of creating multiple IP addresses associated with a single NIC. Aliases have the name format parent-interface-name:X, where X is the sub-interface number of your choice.

The process for creating an IP alias is very similar to the steps outlined for the real interface in the previous section, "Changing Your IP Address":

  • First ensure the parent real interface exists
  • Verify that no other IP aliases with the same name exists with the name you plan to use. In this we want to create interface wlan0:0.
  • Create the virtual interface with the ifconfig command
[root@bigboy tmp]# ifconfig wlan0:0 192.168.1.99 netmask 255.255.255.0 up
  • You should also create a /etc/sysconfig/network-scripts/ifcfg-wlan0:0 file so that the aliases will all be managed automatically with the ifup and ifdown commands. Here is a sample configuration:
DEVICE=wlan0:0

ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.99 NETMASK=255.255.255.0

The commands to activate and deactivate the alias interface would therefore be:

[root@bigboy tmp]# ifup wlan0:0

[root@bigboy tmp]# ifdown wlan0:0

Note: Shutting down the main interface also shuts down all its aliases too. Aliases can be shutdown independently of other interfaces.

After completing these four simple steps you should be able to ping the new IP alias from other servers on your network.

IP Address Assignment for a Direct DSL Connection

If you are using a DSL connection with fixed or static IP addresses, then the configuration steps are the same as those outlined earlier. You plug your Ethernet interface into the DSL modem, configure it with the IP address, subnet mask, broadcast address, and gateway information provided by your ISP and you should have connectivity when you restart your interface. Remember that you might also need to configure your DNS server correctly.

If you are using a DSL connection with a DHCP or dynamic IP address assignment, then the process is different. Your ISP will provide you with a PPP authentication over Ethernet (PPPoE) username and password which will allow your computer to login transparently to the Internet each time it boots up. Fedora Linux installs the rp-pppoe RPM software package required to support this.

Note: Unless you specifically request static IP addresses, your ISP will provide you with a DHCP based connection. The DHCP IP address assigned to your computer and/or Internet router will often not change for many days and you may be fooled into thinking it is static.

Downloading and installing RPMs isn't hard. If you need a refresher, Chapter 6, "Installing Linux Software", on RPMs, covers how to do this in detail. When searching for the file, remember that the PPPoE RPM's filename usually starts with the word rp-pppoe followed by a version number like this: rp-pppoe-3.5-8.i386.rpm.

After installing the RPM, you need to go through a number of steps to complete the connection. The PPPOE configuration will create a software-based virtual interface named ppp0 that will use the physical Internet interface eth0 for connectivity. Here's what you need to do:

  • Make a backup copy of your ifcfg-eth0 file.
[root@bigboy tmp]#

[root@bigboy tmp]# cd /etc/sysconfig/network-scripts/ [root@bigboy network-scripts]# ls ifcfg-eth0 ifcfg-eth0 [root@bigboy network-scripts]# cp ifcfg-eth0 DISABLED.ifcfg-eth0

  • Edit your ifcfg-eth0 file to have no IP information and also to be deactivated on boot time.
DEVICE=eth0

ONBOOT=no

  • Shutdown your eth0 interface.
[root@bigboy network-scripts]# ifdown eth0

[root@bigboy network-scripts]#

  • Run the adsl-setup configuration script
[root@bigboy network-scripts]# adsl-setup
It will prompt you for your ISP username, the interface to be used (eth0) and whether you want to the connection to stay up indefinitely. We'll use defaults wherever possible.
Welcome to the ADSL client setup.� First, I will run some checks on

your system to make sure the PPPoE client is installed properly...

LOGIN NAME

Enter your Login Name (default root): bigboy-login@isp

INTERFACE

Enter the Ethernet interface connected to the ADSL modem For Solaris, this is likely to be something like /dev/hme0. For Linux, it will be ethX, where 'X' is a number. (default eth0):

Do you want the link to come up on demand, or stay up continuously? If you want it to come up on demand, enter the idle time in seconds after which the link should be dropped.� If you want the link to stay up permanently, enter 'no' (two letters, lower-case.) NOTE: Demand-activated links do not interact well with dynamic IP addresses. You might have some problems with demand-activated links.

Enter the demand value (default no):

It will then prompt you for your DNS server information. This step edits your /etc/resolv.conf file. If you're running BIND on your server in a caching DNS mode then you might want to leave this option blank. If you want your ISP to provide the IP address of its DNS server automatically then enter the word server.
Please refer to Chapter 18, "Configuring DNS", for more information on BIND and DNS.
DNS

Please enter the IP address of your ISP's primary DNS server. If your ISP claims that 'the server will provide dynamic DNS addresses', enter 'server' (all lower-case) here. If you just press enter, I will assume you know what you are doing and not modify your DNS setup. Enter the DNS information here:

The script will then prompt you for your ISP password
PASSWORD

Please enter your Password: Please re-enter your Password:


Then it will ask whether you want regular users (not superuser root) to be able to activate/deactivate the new ppp0 interface. This may be required if non-root members of your family or home office need to get access to the Internet:
USERCTRL

Please enter 'yes' (two letters, lower-case.) if you want to allow normal user to start or stop DSL connection (default yes):

The rp-pppoe package has two sample iptables firewall scripts located in the /etc/ppp directory named firewall-standalone and firewall-masq. They are very basic and don't cover rules to make your Linux box a web server, DNS server, or mail server. I'd recommend selecting none and using a variant of the basic script samples in Chapter 14, "Linux Firewalls Using iptables", or the more comprehensive one found in Appendix II, "Codes, Scripts, and Configurations".
FIREWALLING

Please choose the firewall rules to use. Note that these rules are very basic. You are strongly encouraged to use a more sophisticated firewall setup; however, these will provide basic security. If you are running any servers on your machine, you must choose 'NONE' and set up firewalling yourself. Otherwise, the firewall rules will deny access to all standard servers like Web, e-mail, ftp, etc. If you are using SSH, the rules will block outgoing SSH connections which allocate a privileged source port.

The firewall choices are:

0 - NONE: This script will not set any firewall rules. You are responsible

for ensuring the security of your machine. You are STRONGLY
recommended to use some kind of firewall rules.

1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation 2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway

for a LAN

Choose a type of firewall (0-2): 0

You'll then be asked whether you want the connection to be activated upon booting. Most people would say yes.
Start this connection at boot time

Do you want to start this connection at boot time? Please enter no or yes (default no):yes

Just before exiting, you'll get a summary of the parameters you entered and the relevant configuration files will be updated to reflect your choices when you accept them:
** Summary of what you entered **


Ethernet Interface: eth0

User name: bigboy-login@isp Activate-on-demand: No DNS: Do not adjust Firewalling: NONE User Control: yes Accept these settings and adjust configuration files (y/n)? y

Adjusting /etc/sysconfig/network-scripts/ifcfg-ppp0 Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets

(But first backing it up to /etc/ppp/chap-secrets.bak)
(But first backing it up to /etc/ppp/pap-secrets.bak)
At the very end it will tell you the commands to use to activate /deactivate your new ppp0 interface and to get a status of the interface's condition.
Congratulations, it should be all set up!

Type '/sbin/ifup ppp0' to bring up your xDSL link and '/sbin/ifdown ppp0'to bring it down. Type '/sbin/adsl-status /etc/sysconfig/network-scripts/ifcfg-ppp0' to see the link status.


Note: This example recommends using the adsl-status command with the name of the PPPoE interface configuration file. This command defaults to show information for interface ppp0, and therefore listing the ifcfg-ppp0 filename won't be necessary in most home environments.

After you have completed installing rp-pppoe you should be able to access the Internet over your DHCP DSL connection as expected.


Some Important Files Created By adsl-setup

The adsl-setup script creates three files that will be of interest to you. The first is the ifcfg-ppp0 file with interface's link layer connection parameters

[root@bigboy network-scripts]# more ifcfg-ppp0

USERCTL=yes BOOTPROTO=dialup NAME=DSLppp0 DEVICE=ppp0 TYPE=xDSL ONBOOT=yes PIDFILE=/var/run/pppoe-adsl.pid FIREWALL=NONE PING=. PPPOE_TIMEOUT=20 LCP_FAILURE=3 LCP_INTERVAL=80 CLAMPMSS=1412 CONNECT_POLL=6 CONNECT_TIMEOUT=60 DEFROUTE=yes SYNCHRONOUS=no ETH=eth0 PROVIDER=DSLppp0 USER= bigboy-login@isp PEERDNS=no [root@bigboy network-scripts]#

The others are the duplicate /etc/ppp/pap-secrets and /etc/ppp/chap-secrets files with the username and password needed to login to your ISP:

[root@bigboy network-scripts]# more /etc/ppp/pap-secrets
  1. Secrets for authentication using PAP
  2. client server secret IP addresses

"bigboy-login@isp" * "password" [root@bigboy network-scripts]#


Simple Troubleshooting

You can run the adsl-status command to determine the condition of your connection. In this case the package has been installed but the interface hasn't been activated.

[root@bigboy tmp]# adsl-status

Note: You have enabled demand-connection; adsl-status may be inaccurate. adsl-status: Link is attached to ppp0, but ppp0 is down [root@bigboy tmp]#

After activation, the interface appears to work correctly.

[root@bigboy tmp]# ifup ppp0

[root@bigboy tmp]# adsl-status adsl-status: Link is up and running on interface ppp0 ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1462 inet ... ... [root@bigboy tmp]#

For further troubleshooting information you can visit the Web site of rp-ppoe at Roaring Penguin (www.roaringpenguin.com). There are some good tips there on how to avoid problems with VPN clients.

IP Address Assignment for a Cable Modem Connection

Cable modems use DHCP to get their IP addresses so you can configure your server's Ethernet interface accordingly.