Linux Networking
Please Select a Licence from the LICENCE_HEADERS page |
And place at top of your page |
If no Licence is Selected/Appended, Default will be CC0 Default Licence IF there is no Licence placed below this notice!
When you edit this page, you agree to release your contribution under the CC0 Licence LICENCE:
More information about the cc0 licence can be found here: You can copy, modify, distribute and perform the work, even for commercial purposes, all without asking permission. Licence: Statement of Purpose The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work"). Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others. For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights. 1. Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following: the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work; moral rights retained by the original author(s) and/or performer(s); publicity and privacy rights pertaining to a person's image or likeness depicted in a Work; rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below; rights protecting the extraction, dissemination, use and reuse of data in a Work; database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof. 2. Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose. 3. Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose. 4. Limitations and Disclaimers. No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document. Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law. Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work. Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work. |
Linux Networking
Linux networking is an essential aspect of system administration and daily operations, as it enables communication between systems and provides access to various network resources.
Network configuration and troubleshooting
Configuring network interfaces
On Ubuntu, the network configuration is usually handled by the netplan utility, which generates configuration files for the system's network manager (e.g., NetworkManager or systemd-networkd) based on YAML configuration files. These files are typically located in /etc/netplan/.
To configure a static IP address, follow these steps:
- a. List available network interfaces:
ip link show
- b. Create or edit the netplan configuration file (e.g., /etc/netplan/01-netcfg.yaml):
sudo $EDITOR /etc/netplan/01-netcfg.yaml
- c. Add the following configuration, replacing INTERFACE_NAME with the appropriate interface name (e.g., eth0 or enp0s3) and adjusting the IP addresses and gateway as needed:
network: version: 2 renderer: networkd ethernets: INTERFACE_NAME: dhcp4: no addresses: - 192.168.1.100/24 gateway4: 192.168.1.1 nameservers: addresses: [8.8.8.8, 8.8.4.4]
/etc/netplan/01-netcfg.yaml line-by-line explanation:
- network:: This is the root element of the configuration file. It defines the start of the network configuration.
- version: 2: This specifies the configuration format version. Netplan uses version 2 by default.
- renderer: networkd: This sets the backend renderer that Netplan will use to generate the configuration files. networkd is a system service provided by systemd for managing networks. The other common renderer is NetworkManager, which is a more user-friendly network management tool.
- ethernets:: This is a key representing a dictionary of Ethernet devices. Each entry in the dictionary corresponds to a single network interface.
- INTERFACE_NAME:: This is a placeholder for the actual network interface name (e.g., eth0, enp0s3). Replace it with the name of the network interface you want to configure.
- dhcp4: no: This disables DHCPv4 for the network interface. When set to "no," the interface will not request an IP address automatically from a DHCP server. Instead, you will have to set a static IP address.
- addresses:: This key represents a list of IP addresses to assign to the network interface.
- - 192.168.1.100/24: This is the static IP address assigned to the network interface. The /24 notation represents the subnet mask, which is equivalent to 255.255.255.0.
- gateway4: 192.168.1.1: This sets the IPv4 gateway (default route) for the network interface. This is the address of the router that connects the local network to other networks, such as the internet.
- nameservers:: This key represents the DNS configuration for the network interface.
- addresses: [8.8.8.8, 8.8.4.4]: This is a list of DNS server addresses that the system will use for domain name resolution. In this example, Google's public DNS servers (8.8.8.8 and 8.8.4.4) are used.
This configuration sets up a network interface with a static IP address, disables DHCP, configures the gateway and DNS servers, and uses networkd as the renderer.
- d. Apply the changes:
sudo netplan apply
Troubleshooting network issues
To diagnose connectivity issues, use the ping, traceroute, and nslookup or dig commands:
- a. Check if you can reach a specific IP address:
ping 8.8.8.8
- b. Check if you can resolve a domain name:
nslookup example.com
or
dig example.com
- c. Trace the network path to a destination:
traceroute example.com
If you have connectivity issues, you can try to restart the networking service or the specific network interface:
- Restart the networking service:
sudo systemctl restart networking
- Restart a specific network interface:
Replace INTERFACE_NAME with the appropriate interface name.
sudo ip link set INTERFACE_NAME down sudo ip link set INTERFACE_NAME up
Network protocols and services
TCP/IP
TCP/IP (Transmission Control Protocol/Internet Protocol) is the foundation of the internet and the most commonly used protocol suite for networking. It consists of multiple protocols that facilitate communication between devices on a network.
TCP: A connection-oriented protocol that ensures reliable and ordered delivery of data packets between devices on a network. It establishes a connection, maintains the data flow, and closes the connection once data transmission is complete.
IP: A connectionless protocol responsible for addressing and routing data packets across networks. It encapsulates data into packets and sends them to their destination based on the IP addresses of the source and destination devices.
DHCP (Dynamic Host Configuration Protocol)
DHCP is a network protocol that automatically assigns IP addresses and other network configuration parameters to devices on a network. It helps to automate IP address allocation, reducing the need for manual configuration.
Example: To install and configure a DHCP server on Ubuntu, follow these steps:
- Install the DHCP server package:
sudo apt update sudo apt install isc-dhcp-server
- Configure the DHCP server by editing its configuration file:
sudo $EDITOR /etc/dhcp/dhcpd.conf
- Add the following example configuration to the file (adjust the values according to your network requirements):
subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.100 192.168.1.200; option domain-name-servers 8.8.8.8, 8.8.4.4; option routers 192.168.1.1; option subnet-mask 255.255.255.0; default-lease-time 600; max-lease-time 7200; }
/etc/dhcp/dhcpd.conf :Explanation
- subnet 192.168.1.0 netmask 255.255.255.0 {: This line defines the subnet (192.168.1.0) and its netmask (255.255.255.0). The netmask denotes that the first three octets (192.168.1) are the network part, and the last octet is for host addresses.
- range 192.168.1.100 192.168.1.200;: This line specifies the range of IP addresses (from 192.168.1.100 to 192.168.1.200) that the DHCP server can assign to devices on the network.
- option domain-name-servers 8.8.8.8, 8.8.4.4;: This line sets the DNS servers (8.8.8.8 and 8.8.4.4, which are Google's public DNS servers) that the DHCP server will provide to the devices on the network.
- option routers 192.168.1.1;: This line specifies the default gateway (192.168.1.1) that the DHCP server will provide to devices on the network for routing traffic outside the local subnet.
- option subnet-mask 255.255.255.0;: This line sets the subnet mask (255.255.255.0) that the DHCP server will provide to devices on the network.
- default-lease-time 600;: This line defines the default lease time (600 seconds, or 10 minutes) for the IP addresses assigned by the DHCP server. The lease time is the duration for which a device holds an IP address before it needs to be renewed.
- max-lease-time 7200;: This line sets the maximum lease time (7200 seconds, or 2 hours) for the IP addresses assigned by the DHCP server. If a device requests a lease time longer than the maximum lease time, the server will assign it the maximum lease time instead.
- }: This line marks the end of the configuration block for the specified subnet.
- Restart the DHCP server to apply the changes:
sudo systemctl restart isc-dhcp-server
DNS (Domain Name System)
DNS is a system that translates human-friendly domain names (e.g., www.example.com) into IP addresses (e.g., 192.0.2.1) that computers can understand. It acts as a phone book for the internet, allowing users to access websites and resources using domain names instead of IP addresses.
Example: To configure a DNS server on Ubuntu using BIND9, follow these steps:
- Install the BIND9 package:
sudo apt update sudo apt install bind9
- Configure the DNS server by editing its configuration file:
sudo $EDITOR /etc/bind/named.conf.options
- Add the following example configuration to the file (you can replace the forwarders with the DNS servers of your choice):
options { directory "/var/cache/bind"; recursion yes; allow-query { any; }; forwarders { 8.8.8.8; 8.8.4.4; }; };
/etc/bind/named.conf.options explanation of each line:
- options {: This line marks the beginning of the options block, which contains various settings for the DNS server.
- directory "/var/cache/bind";: This line sets the working directory for the BIND server to "/var/cache/bind", which is where the server will store its cache and other working files.
- recursion yes;: This line enables recursive queries on the DNS server. Recursive queries allow the server to forward queries to other DNS servers if it doesn't have the requested information in its cache or zone files.
- allow-query { any; };: This line sets the allowed sources for DNS queries. In this case, the server is configured to accept queries from any IP address.
- forwarders {: This line marks the beginning of the forwarders block, which contains a list of DNS servers to which the BIND server will forward queries it cannot answer.
- 8.8.8.8;: This line specifies one of the forwarder DNS servers (8.8.8.8), which is one of Google's public DNS servers.
- 8.8.4.4;: This line specifies another forwarder DNS server (8.8.4.4), which is another one of Google's public DNS servers.
- };: This line marks the end of the forwarders block.
- };: This line marks the end of the options block.
- Restart the BIND9 service to apply the changes:
sudo systemctl restart bind9
Now, your Ubuntu system is configured to use BIND9 as its local DNS server, forwarding DNS queries to the specified forwarders.
Remote access and management (SSH, SCP, SFTP)
SSH (Secure Shell) is a protocol used to securely access and manage remote Linux systems over an unsecured network. It encrypts all data transmitted between the client and server, ensuring the confidentiality and integrity of the data. SSH can be used for executing commands, managing files, and launching applications on remote systems.
SSH
SSH: To connect to a remote server using SSH, you need to have the OpenSSH client installed on your local machine and the OpenSSH server installed on the remote machine. In Ubuntu, you can install them using the following commands:
sudo apt-get update sudo apt-get install openssh-client
On the remote machine:
sudo apt-get update sudo apt-get install openssh-server
To connect to the remote server, use the following command:
ssh username@remote_host
Replace "username" with the remote user's username and "remote_host" with the remote server's IP address or hostname.
SCP (Secure Copy)
- SCP (Secure Copy): SCP is a file transfer protocol that uses SSH for secure data transfer. It allows you to copy files between local and remote systems or between two remote systems.
To copy a file from the local machine to a remote machine, use the following command:
scp /path/to/local/file username@remote_host:/path/to/remote/directory
To copy a file from a remote machine to the local machine, use the following command:
scp username@remote_host:/path/to/remote/file /path/to/local/directory
SFTP (Secure File Transfer Protocol)
- SFTP (Secure File Transfer Protocol): SFTP is another secure file transfer protocol that uses SSH for secure data transfer. Unlike SCP, SFTP provides an interactive command-line interface, similar to FTP, for managing files on the remote system.
To start an SFTP session with a remote server, use the following command:
sftp username@remote_host
Once connected, you can use commands like ls, cd, get, put, and mkdir to navigate and manage files on the remote system. To exit the SFTP session, type exit or bye.
These protocols and tools are essential for securely managing remote Linux systems and transferring files between them.
Network Security and Firewalls: iptables and ufw
Network security is crucial to protect your Linux system from malicious traffic and unauthorized access. Firewalls act as a barrier between your system and the external network, allowing or blocking network traffic based on predefined rules. In this tutorial, we will discuss how to configure and manage firewalls using iptables and ufw.
iptables
iptables is a powerful command-line utility for managing the Linux kernel's netfilter framework. It allows you to create, modify, and manage firewall rules to control incoming and outgoing network traffic.
Installing iptables
iptables comes pre-installed on most Linux distributions, including Ubuntu. You can verify its installation by running:
sudo iptables --version
Basic iptables commands
- List current rules: sudo iptables -L
- Flush/Delete all rules: sudo iptables -F
- Save current rules: sudo iptables-save > /path/to/backup/file
- Restore saved rules: sudo iptables-restore < /path/to/backup/file
Creating rules
iptables rules are based on chains (INPUT, OUTPUT, and FORWARD) and targets (ACCEPT, DROP, and REJECT).
- Allow all incoming SSH traffic:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
- Block all incoming traffic from a specific IP address:
sudo iptables -A INPUT -s <IP_ADDRESS> -j DROP
- Allow all outgoing HTTP traffic:
sudo iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
- Block all incoming traffic on a specific port:
sudo iptables -A INPUT -p tcp --dport <PORT_NUMBER> -j DROP
ufw (Uncomplicated Firewall)
ufw is a user-friendly frontend for iptables that simplifies the process of configuring and managing firewalls. It is recommended for beginners and users who prefer a straightforward approach to firewall management.
Installing ufw
On Ubuntu, ufw comes pre-installed. You can verify its installation by running:
sudo ufw version
Enabling and disabling ufw
- Enable ufw: sudo ufw enable
- Disable ufw: sudo ufw disable
Basic ufw commands
- Check ufw status and rules: sudo ufw status
- Reset ufw to default settings: sudo ufw reset
Creating rules
- Allow incoming SSH traffic: sudo ufw allow ssh
- Block incoming traffic from a specific IP address: sudo ufw deny from <IP_ADDRESS>
- Allow outgoing HTTP traffic: sudo ufw allow out http
- Block incoming traffic on a specific port: sudo ufw deny in <PORT_NUMBER>
In summary, network security and firewalls play a crucial role in protecting your Linux system. iptables and ufw are two powerful tools that can help you configure and manage firewalls to safeguard your system from unauthorized access and malicious traffic.