Complete RHCE doc
description
Transcript of Complete RHCE doc
![Page 1: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/1.jpg)
1
RHCERed Hat Certified
Engineer
Session 1Session 1
M. A. AgheliM. A. Agheli
![Page 2: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/2.jpg)
2
History Of UNIX & History Of UNIX & LinuxLinux 1957:1957: Bell Labs found they needed an operating Bell Labs found they needed an operating
systemsystem which at the time was which at the time was running various batch jobs.running various batch jobs.
1965:1965: Bell Labs create Multics Bell Labs create Multics ((Multiplexed Multiplexed Information and Information and Computing Service Computing Service))
1969:1969: Summer 1969 UNIX was developed by AT&T Summer 1969 UNIX was developed by AT&T 1975:1975: Sixth edition of UNIX released May 1975 Sixth edition of UNIX released May 1975 19851985: GNU project startedGNU project started 19911991: Linux is introduced by Linus Benedict Torvalds Linux is introduced by Linus Benedict Torvalds
who who was a second year student of Computer was a second year student of Computer Science at the Science at the University of Helsinki University of Helsinki
19931993: NetBSD & FreeBSD releasedNetBSD & FreeBSD released 19941994: Red Hat Linux is introducedRed Hat Linux is introduced
![Page 3: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/3.jpg)
3
First Article About First Article About LinuxLinux
From: [email protected] (Linus Benedict Torvalds) From: [email protected] (Linus Benedict Torvalds) Newsgroups: comp.os.minix Newsgroups: comp.os.minix Subject: What would you like to see most in minix? Subject: What would you like to see most in minix? Summary: small poll for my new operating system Summary: small poll for my new operating system Message-ID: <[email protected]> Message-ID: <[email protected]> Date: 25 Aug 91 20:57:08 GMT Date: 25 Aug 91 20:57:08 GMT Organization: University of Helsinki Organization: University of Helsinki
Hello everybody out there using Hello everybody out there using minixminix - - I'm doing a (free) operating system (just a hobby, won't be big and I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. This has been brewing professional like gnu) for 386(486) AT clones. This has been brewing since april, and is starting to get ready. I'd like any feedback on since april, and is starting to get ready. I'd like any feedback on things people like/dislike in minix, as my OS resembles it somewhat things people like/dislike in minix, as my OS resembles it somewhat (same physical layout of the file-system (due to practical reasons) (same physical layout of the file-system (due to practical reasons) among other things). I've currently ported bash(1.08) and among other things). I've currently ported bash(1.08) and gcc(1.40),and gcc(1.40),and things seem to work.This implies that I'll get something practical things seem to work.This implies that I'll get something practical within a within a few months, andI'd like to know what features most people would few months, andI'd like to know what features most people would want.a want.a Any suggestions are welcome, but I won't promise I'll Any suggestions are welcome, but I won't promise I'll implement them :-) implement them :-) Linus ([email protected]) Linus ([email protected]) PS. Yes - it's free of any minix code, and it has a multi-threaded fs. PS. Yes - it's free of any minix code, and it has a multi-threaded fs. It is NOT protable (uses 386 task switching etc), and it probably It is NOT protable (uses 386 task switching etc), and it probably never never will support anything other than AT-harddisks, as that's all I have :-(.will support anything other than AT-harddisks, as that's all I have :-(.
![Page 4: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/4.jpg)
4
GNU & GPLGNU & GPLGNU Project:
Focused on creating a Unix like operating systemthat could be freely distributed
GPL:
Global Public license(Copyleft)
![Page 5: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/5.jpg)
5
Major Linux DistributorsMajor Linux Distributors
Caldera Caldera LinuxLinux Corel LinuxCorel Linux Debian Debian LinuxLinux Kondara Kondara LinuxLinux Red Hat Red Hat LinuxLinux
Mandrake Mandrake LinuxLinux Slackware Slackware LinuxLinux SuSE LinuxSuSE Linux Turbo LinuxTurbo Linux Vector Vector LinuxLinux
![Page 6: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/6.jpg)
6
The Advantage of LinuxThe Advantage of Linux Low purchase costLow purchase cost Open Source Software Open Source Software
(OSS)(OSS) UNIX heritageUNIX heritage Multi UserMulti User ScalabilityScalability Vendor supportVendor support Reliable uptimeReliable uptime SecuritySecurity Logging SystemLogging System ……
![Page 7: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/7.jpg)
7
The Disadvantage of The Disadvantage of LinuxLinux
Steep learning curveSteep learning curve Hardware supportHardware support End-user applicationsEnd-user applications
![Page 8: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/8.jpg)
8
A Comparison Of Win 9x, A Comparison Of Win 9x, NT, and LinuxNT, and Linux
FeatureFeatureWin 9xWin 9xWin NTWin NTLinuxLinux
ScalabilityScalabilityPoorPoorGoodGoodGoodGood
Desktop App. Desktop App. SupportSupport
ExcelleExcellentnt
GoodGoodGoodGood
Enterprise App. Enterprise App. SupportSupportNoneNoneGoodGoodGoodGood
Hardware SupportHardware SupportExcelleExcellentnt
GoodGoodGoodGood
Licensing CostLicensing CostGoodGoodPoorPoorExcelleExcellentnt
Network Network PerformancePerformance
GoodGoodGoodGoodExcelleExcellentnt
SecuritySecurityPoorPoorGoodGoodGoodGood
![Page 9: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/9.jpg)
9
Linux Filesystem HierarchyLinux Filesystem Hierarchy//binbin Essential Binary FilesEssential Binary Files
//bootboot Boot Loader FilesBoot Loader Files
//devdev Device FilesDevice Files
//etcetc Configuration FilesConfiguration Files
//homehome User Home DirectoriesUser Home Directories
//liblib Shared Libraries and Kernel ModulesShared Libraries and Kernel Modules
//mntmnt Mount Point for Temporarily Mounted FSMount Point for Temporarily Mounted FS
//procproc System Information Virtual File SystemSystem Information Virtual File System
//rootroot root User Home Directoryroot User Home Directory
//sbinsbin Essential System BinariesEssential System Binaries
//tmptmp Temporary FilesTemporary Files
//usrusr Shareable FilesShareable Files
//varvar Non-Shareable FilesNon-Shareable Files
![Page 10: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/10.jpg)
10
RHCERed Hat Certified
Engineer
Session 2Session 2
M. A. AgheliM. A. Agheli
![Page 11: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/11.jpg)
11
Installing LinuxInstalling Linux
Hardware Hardware RequirementsRequirements
Harddisk PartitioningHarddisk Partitioning Boot LoaderBoot Loader Install PackagesInstall Packages X ConfigurationX Configuration
![Page 12: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/12.jpg)
12
Overview of the Installation Overview of the Installation ProcessProcess
1.1. Starting the installation processStarting the installation process Installation ModeInstallation Mode LanguageLanguage KeyboardKeyboard MouseMouse
2.2. Partitioning Partitioning
3.3. Boot Loader InstallationBoot Loader Installation
4.4. Network ConfigurationNetwork Configuration
5.5. Setting the time zoneSetting the time zone
![Page 13: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/13.jpg)
13
5.5. Firewall ConfigurationFirewall Configuration6.6. Specifying authentication Specifying authentication
options (optional)options (optional)7.7. Specifying user accountsSpecifying user accounts8.8. Selecting packagesSelecting packages9.9. Installing packagesInstalling packages10.10. Creating a boot diskCreating a boot disk11.11. Configuration the X Windows Configuration the X Windows
system (optional)system (optional)
Overview of the Installation Overview of the Installation ProcessProcess
![Page 14: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/14.jpg)
14
Installing Linux:Installing Linux: Consoles & Consoles & Message LogsMessage Logs
ConsoleKeystrokesContents
1Ctrl+Alt+F1 Text-based installation procedure
2Ctrl+Alt+F2 Shell prompt
3Ctrl+Alt+F3 Messages from installation program
4Ctrl+Alt+F4 Kernel messages
5Ctrl+Alt+F5 Other messages, including file system creation messages
7Ctrl+Alt+F7 Graphical installation procedure
![Page 15: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/15.jpg)
15
Configuring InstallTime Configuring InstallTime Options after InstallationOptions after Installation
kbdconfigkbdconfigmouseconfigmouseconfigtimeconfigtimeconfigsndconfigsndconfignetconfignetconfig
authconfigauthconfigntsysvntsysvsetupsetupredhat-redhat-config-…config-…
![Page 16: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/16.jpg)
16
RHCERed Hat Certified
Engineer
Session 3Session 3
M. A. AgheliM. A. Agheli
![Page 17: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/17.jpg)
17
SHELLSHELL
Some of Important BASH VariablesSome of Important BASH VariablesPATHPATH SHELLSHELL PS1PS1 PS2PS2
bash (Bourne Again bash (Bourne Again Shell)Shell)
ashash sachsach tcshtcsh mcmc
PS1, PS2 SwitchesPS1, PS2 Switches
\u , \h , \W , \d , \t , \s , \$ , $\u , \h , \W , \d , \t , \s , \$ , $
![Page 18: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/18.jpg)
18
Some of Linux Some of Linux CommandsCommands(1)(1)
echoecho manman helphelp infoinfo lsls
catcat tactac cpcp mvmv rmrm
cdcd touchtouch
pwdpwd mkdirmkdir
rmdirrmdir
clearclear
aliasalias lessless datedate logoutlogout
exitexit rebootreboot
halthalt
![Page 19: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/19.jpg)
19
RHCERed Hat Certified
Engineer
Session 4Session 4
M. A. AgheliM. A. Agheli
![Page 20: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/20.jpg)
20
BASHBASH• TAB key FeaturesTAB key Features• Review Pages & CommandsReview Pages & Commands
Quoting in BASH:Quoting in BASH:““value”value” ‘value’‘value’ `value``value`
Redirection Operators:Redirection Operators:>> >>>> || <<<< <<
Standard Input & Standard Output:Standard Input & Standard Output:stdinstdin 00stdoutstdout 11stderrstderr 22
![Page 21: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/21.jpg)
21
Important Command Important Command FormsFormscmdcmd
cmd &cmd & (fg, ctrl+z, bg)(fg, ctrl+z, bg)
cmd1 ; cmd2cmd1 ; cmd2(cmd1 ; cmd2)(cmd1 ; cmd2)cmd1 `cmd2`cmd1 `cmd2`cmd1 | cmd2cmd1 | cmd2cmd1 && cmd2cmd1 && cmd2cmd1 || cmd2cmd1 || cmd2{ cmd1 ; cmd2 }{ cmd1 ; cmd2 }
![Page 22: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/22.jpg)
22
Linux File TypesLinux File TypesNormalNormal--Normal fileNormal file
DirectoriesDirectoriesddNormal directoryNormal directory
Hard linkHard link--
Symbolic Symbolic linklinkllShortcut to a file or directoryShortcut to a file or directory
SocketSocketssPass data between 2 processPass data between 2 process
Named pipeNamed pipeppLike sockets, user can’t work Like sockets, user can’t work directly withdirectly with
Character Character devicedeviceccProcesses character hw Processes character hw
communicationcommunication
Block deviceBlock devicebbMajor & minor numbers for Major & minor numbers for controling dev.controling dev.
![Page 23: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/23.jpg)
23
Bash Special VariablesBash Special Variables
$#$#Specifies number of arguments given to the Specifies number of arguments given to the commandcommand
$?$?Returns value of the last program to be usedReturns value of the last program to be used
$$$$Processes number of the current shellProcesses number of the current shell
$!$!Processes number of the last child processProcesses number of the last child process
$@$@Specifies individually quoted argumentsSpecifies individually quoted arguments
$*$*Specifies all arguments quoted as wholeSpecifies all arguments quoted as whole
$n$nSpecifies positional argument value, where Specifies positional argument value, where nn is the position is the position
$0$0Specifies name of the current shellSpecifies name of the current shell
![Page 24: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/24.jpg)
24
Process Text StreamsProcess Text Streamssort, cut, head, tail, split, wc, uniq, grepsort, cut, head, tail, split, wc, uniq, grep
Redirecting Command’s outputRedirecting Command’s outputteetee
Create, Monitor & Kill ProcessesCreate, Monitor & Kill Processesps, pstree, top, kill, killallps, pstree, top, kill, killall
Modify Process PriorityModify Process Priority ((renicerenice))
Some of Linux Some of Linux CommandsCommands(2)(2)
![Page 25: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/25.jpg)
25
RHCERed Hat Certified
Engineer
M. A. AgheliM. A. Agheli
Session 5Session 5
![Page 26: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/26.jpg)
26
Create Partitions and FilesystemCreate Partitions and Filesystemfdisk, mke2fs, mkfs.*fdisk, mke2fs, mkfs.*
Maintain the Integrity of FilesystemMaintain the Integrity of Filesysteme2fsck, fsck.*, du, dfe2fsck, fsck.*, du, df
Filesystem Mounting & UmountingFilesystem Mounting & Umountingmount, umount, /etc/fstabmount, umount, /etc/fstab
Some of Linux Some of Linux CommandsCommands(3)(3)
![Page 27: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/27.jpg)
27
Use File PermissionsUse File Permissionschmod, chown, chgrp, suchmod, chown, chgrp, su
Create Hard & Symbolic Links Create Hard & Symbolic Links ((lnln))
Find System Files (Find System Files (find, locate, find, locate,
whichwhich))Using Emergency & Single User Using Emergency & Single User
ModeMode
Some of Linux Some of Linux CommandsCommands(4)(4)
![Page 28: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/28.jpg)
28
Insert ModeInsert Mode
Normal ModeNormal Mode
Command ModeCommand Mode
‘‘vi’ Powerful Text vi’ Powerful Text EditorEditor
• dd n+dd (Delete)
• yy n+yy (Copy)
• p (paste)
• P (Paste)
• / (Search)
• v (Visual) (Text Selection)
• Insert Text
• Delete
• w
• q
• wq = x
• q!
• r
• s///
![Page 29: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/29.jpg)
29
RHCERed Hat Certified
Engineer
M. A. AgheliM. A. Agheli
Session 6Session 6
![Page 30: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/30.jpg)
30
Run LevelsRun LevelsRun LevelsDefinition
0This runlevel halts the system
1This runlevel sets single-user mode
2Multiuser mode without networking
3Multiuser mode with networking
4Not used
5X-based log in
6This runlevel reboot the system
init & chkconfig Commandsinit & chkconfig Commands
/etc/inittab/etc/inittab
/etc/rc.d/init.d & /etc/rc.d/init.d & /etc/rc[0123456].d//etc/rc[0123456].d/
![Page 31: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/31.jpg)
31
Configuring Boot Configuring Boot loaderloader
LILOLILOEdit /etc/lilo.conf & Edit /etc/lilo.conf &
execute ‘lilo’ commandexecute ‘lilo’ command GRUBGRUB
Edit /boot/grub/grub.confEdit /boot/grub/grub.conf
![Page 32: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/32.jpg)
32
Manage Users, Groups & Related Files Manage Users, Groups & Related Files useradd, userdel, groupadd, groupdel, passwd, vipw, useradd, userdel, groupadd, groupdel, passwd, vipw,
vigrvigr/etc/passwd, /etc/shadow, /etc/skel, /etc/profile, …/etc/passwd, /etc/shadow, /etc/skel, /etc/profile, …
Configure and use system log filesConfigure and use system log files/etc/syslog.conf, /etc/logrotate.conf/etc/syslog.conf, /etc/logrotate.conf
Scheduling Jobs (at & crontab Scheduling Jobs (at & crontab commands)commands)
Backup & Restore ToolsBackup & Restore Toolstar, bzip2, gziptar, bzip2, gzip
Administrative TasksAdministrative Tasks
![Page 33: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/33.jpg)
33
RHCERed Hat Certified
Engineer
M. A. AgheliM. A. Agheli
Session 7Session 7
![Page 34: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/34.jpg)
34
Linux Installation andLinux Installation and Package Management Package Management
Make and Install Make and Install Programs from SourcePrograms from Source
RPM RPM
(Redhat Package (Redhat Package Manager)Manager)
![Page 35: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/35.jpg)
35
KernelKernelAbout Kernel and About Kernel and Loadable ModulesLoadable Modules
Manage Kernel Modules at Manage Kernel Modules at Runtime (Runtime (/etc/modules.conf/etc/modules.conf))
Reconfigure, Build and Reconfigure, Build and Install a Custom KernelInstall a Custom Kernel
![Page 36: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/36.jpg)
37
RHCERed Hat Certified
Engineer
M. A. AgheliM. A. Agheli
Session 8Session 8
![Page 37: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/37.jpg)
38
Shell ScriptsShell Scripts # Comments# Comments #! Special Comments#! Special Comments Assign a ValueAssign a Value
x=yx=y x=‘$y’x=‘$y’
x=${y}x=${y} x=\$yx=\$y
x=$yx=$y export x,y,zexport x,y,z
x=${y}esx=${y}es export x=$yexport x=$y
x=$yesx=$yes
![Page 38: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/38.jpg)
39
Shell ScriptsShell Scripts Control ConstructsControl Constructs
‘‘read’ commandread’ command ‘‘test’ command ( [ ] )test’ command ( [ ] ) if …; then …; else …; fiif …; then …; else …; fi case ...; in pattern) …;; esaccase ...; in pattern) …;; esac while …; do …; donewhile …; do …; done until …; do …; doneuntil …; do …; done for x in …; do …; donefor x in …; do …; done break, continue, exit (for, while, break, continue, exit (for, while,
until)until)
![Page 39: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/39.jpg)
40
RHCERed Hat Certified Engineer
M. A. AgheliM. A. Agheli
Session 9Session 9
![Page 40: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/40.jpg)
41
Installing and Installing and ConfiguringConfiguring
XX
![Page 41: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/41.jpg)
42
Basic X ConceptsBasic X Concepts
X ClientX Client
X ServerX Server
X ProtocolX Protocol
![Page 42: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/42.jpg)
43
Basic X ConceptsBasic X Concepts X Window X Window
ManagerManager
X Desktop X Desktop ManagerManager
X Display ManagerX Display Manager
![Page 43: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/43.jpg)
44
Installing XInstalling X
1.1. Determine the proper X Determine the proper X serverserver
2.2. Install the proper packagesInstall the proper packages
![Page 44: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/44.jpg)
45
X Server SelectionX Server Selection XFree86-*XFree86-*
Installation the PackagesInstallation the Packages freetypefreetype gtk+gtk+ XFree86-libsXFree86-libs XFree86-75dpi-fontsXFree86-75dpi-fonts redhat-config-xfree86redhat-config-xfree86
XFree86-xfsXFree86-xfs XFree86-xdmXFree86-xdm XFree86-twmXFree86-twm XFree86-XFree86-
tools tools xinitrcxinitrc
![Page 45: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/45.jpg)
46
Configuring XConfiguring X
redhat-config-redhat-config-xfree86xfree86
xvidtunexvidtune
![Page 46: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/46.jpg)
47
Important X Directories & FilesImportant X Directories & Files
/usr/X11R6/bin/usr/X11R6/bin /etc/X11/etc/X11 /etc/X11//etc/X11/
XF86ConfigXF86Config
![Page 47: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/47.jpg)
48
Configure and Use PPPConfigure and Use PPP
‘‘redhat-config-network-tui’ redhat-config-network-tui’ Command in Text ModeCommand in Text Mode
Modem Configuration FilesModem Configuration Files kppp Command in X window kppp Command in X window
![Page 48: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/48.jpg)
49
RHCERed Hat Certified Engineer
M. A. AgheliM. A. Agheli
Session 10Session 10
![Page 49: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/49.jpg)
50
IP (network & host portion)IP (network & host portion)192.168.168.1 192.168.168.1 ::1100000011000000..1010100010101000..1010100010101000..0000000100000001
Static IPStatic IP Dynamic IP Dynamic IP Netmask AddressNetmask Address255.255.255.0 :255.255.255.0 :1111111111111111..1111111111111111..1111111111111111..0000000000000000
Network AddressNetwork Address192.168.168.0 :192.168.168.0 :1100000011000000..1010100010101000..1010100010101000..0000000000000000
Broadcast AddressBroadcast Address192.168.168.255 :192.168.168.255 :1100000011000000..1010100010101000..1010100010101000..1111111111111111
Network BasicsNetwork Basics
![Page 50: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/50.jpg)
51
Classfull Addressing SystemClassfull Addressing System Network ClassesNetwork Classes
Class AClass A 1.0.0.0-126.0.0.01.0.0.0-126.0.0.0 (8 bits)(8 bits) Class BClass B 128.0.0.0-191.0.0.0128.0.0.0-191.0.0.0 (16 bits)(16 bits) Class CClass C 192.0.0.0-223.0.0.0192.0.0.0-223.0.0.0 (24 bits)(24 bits)
Reserved IPReserved IP 127.0.0.0-127.255.255.255127.0.0.0-127.255.255.255 (Loop back Addr.)(Loop back Addr.) 224.0.0.0-239.255.255.255 224.0.0.0-239.255.255.255 (Multicast Protocols)(Multicast Protocols) 240.0.0.0-255.255.255.255240.0.0.0-255.255.255.255 (do not used)(do not used)
Public & Private Networks (Valid & Public & Private Networks (Valid & Invalid IPes)Invalid IPes)
10.0.0.0-10.255.255.25510.0.0.0-10.255.255.255 172.16.0.0-172.31.255.255172.16.0.0-172.31.255.255 192.168.0.0-192.168.255.255192.168.0.0-192.168.255.255
![Page 51: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/51.jpg)
52
Net. Addr.:Net. Addr.: 192.168.168.0 = 192.168.168.0 = 1100000011000000..1010100010101000..1010100010101000..0000000000000000
Netmasks:Netmasks:255.255.255.0 (*/24) :255.255.255.0 (*/24) :1111111111111111..1111111111111111..1111111111111111..0000000000000000
255.255.255.128 (*/25) :255.255.255.128 (*/25) :1111111111111111..1111111111111111..1111111111111111..1100000000000000
255.255.255.192 (*/26) :255.255.255.192 (*/26) :1111111111111111..1111111111111111..1111111111111111..1111000000000000
255.255.255.224 (*/27) :255.255.255.224 (*/27) :1111111111111111..1111111111111111..1111111111111111..1111110000000000
255.255.255.240 (*/28) :255.255.255.240 (*/28) :1111111111111111..1111111111111111..1111111111111111..1111111100000000
255.255.255.248 (*/29) :255.255.255.248 (*/29) :1111111111111111..1111111111111111..1111111111111111..1111111111000000
255.255.255.252 (*/30) :255.255.255.252 (*/30) :1111111111111111..1111111111111111..1111111111111111..1111111111110000
255.255.255.254 (*/31) :255.255.255.254 (*/31) :1111111111111111..1111111111111111..1111111111111111..1111111111111100
Classless Addressing System Classless Addressing System (Subnet)(Subnet)
![Page 52: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/52.jpg)
53
TCP/IP Model (1)TCP/IP Model (1)
ApplicationProtocols
TransportProtocols
InternetProtocols
Network AccessProtocols
![Page 53: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/53.jpg)
54
TCP/IP Model (2)TCP/IP Model (2)
Network Access ProtocolsNetwork Access Protocols All functions necessary to access All functions necessary to access
the physical networkthe physical network
Internet ProtocolsInternet Protocols IPIP ((Internet Protocol – Internet Protocol –
ConnectionlessConnectionless)) ICMPICMP ((Internet Control Message Internet Control Message
ProtocolProtocol))
![Page 54: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/54.jpg)
55
TCP/IP Model (3)TCP/IP Model (3)
Transport ProtocolsTransport Protocols TCP TCP (Transmission Control (Transmission Control
Protocol)Protocol) Connection-basedConnection-based
UDP UDP (User Datagram Protocol)(User Datagram Protocol) ConnectionlessConnectionless
Application ProtocolsApplication Protocols Previlage Ports (0-1023)Previlage Ports (0-1023) /etc/services/etc/services
![Page 55: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/55.jpg)
56
Types of TCP/IP ServicesTypes of TCP/IP Services
Stand-aloneStand-alone
xinetd xinetd (and its config)(and its config)
![Page 56: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/56.jpg)
57
Related TCP/IP CommandsRelated TCP/IP Commands ps xps x netstat -ap --inet | grep netstat -ap --inet | grep
LISTENLISTEN
Start the daemonStart the daemon Stop the daemonStop the daemon Restart the daemonRestart the daemon Status the daemonStatus the daemon
Controlling TCP/IP DaemonsControlling TCP/IP Daemons
![Page 57: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/57.jpg)
58
RHCERed Hat Certified Engineer
M. A. AgheliM. A. Agheli
Session 11Session 11
![Page 58: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/58.jpg)
59
Configuration NetworkConfiguration Network
Initializing Network HardwareInitializing Network Hardware Load related moduleLoad related module
Network Configuration ToolsNetwork Configuration Tools netconfignetconfig redhat-config-networkredhat-config-network
![Page 59: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/59.jpg)
60
Configuration NetworkConfiguration Network Other Network ToolsOther Network Tools
•ifconfigifconfig•pingping•traceroutetraceroute•netstatnetstat
•tcpdumptcpdump•nmapnmap•tetherealtethereal•iptraffiptraff
![Page 60: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/60.jpg)
61
Configuration NetworkConfiguration Network
Network Configuration Network Configuration FilesFiles /etc/hosts/etc/hosts /etc/host.conf/etc/host.conf /etc/services/etc/services /etc/resolv.conf/etc/resolv.conf /etc/sysconfig/network/etc/sysconfig/network /etc/sysconfig/network-/etc/sysconfig/network-
scripts/*scripts/* IP AliasingIP Aliasing
![Page 61: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/61.jpg)
62
RHCERed Hat Certified Engineer
M. A. AgheliM. A. Agheli
Session 12Session 12
![Page 62: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/62.jpg)
63
DHCPDHCP Advantage & Advantage &
disadvantage of DHCPdisadvantage of DHCP DHCP Server DHCP Server
ConfigurationConfiguration /etc/dhcpd.conf/etc/dhcpd.conf /var/lib/dhcp/dhcpd.leases/var/lib/dhcp/dhcpd.leases
DHCP Client DHCP Client ConfigurationConfiguration netconfig commandnetconfig command
![Page 63: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/63.jpg)
64
An Example of dhcpd.confAn Example of dhcpd.confddns-update-style ad-hocddns-update-style ad-hoc;;subnet 192.168.0.0 netmask 255.255.255.0 {subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.1 192.168.0.25range 192.168.0.1 192.168.0.25;;option routersoption routers 192.168.0.1192.168.0.1;;option subnet-maskoption subnet-mask 255.255.255.0255.255.255.0;;option domain-nameoption domain-name "domain.com""domain.com";;option domain-name-serversoption domain-name-servers 192.168.1.1192.168.1.1;;default-lease-time 21600default-lease-time 21600;;max-lease-time 43200max-lease-time 43200;;
# we want the nameserver to appear at a fixed # we want the nameserver to appear at a fixed addressaddresshost dns1 {host dns1 {
hardware ethernet 12:34:56:78:AB:CDhardware ethernet 12:34:56:78:AB:CD;;fixed-address 192.168.0.20fixed-address 192.168.0.20;;
}}}}
![Page 64: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/64.jpg)
65
dhcpd.leases Formatdhcpd.leases Format
lease 192.168.1.8 {lease 192.168.1.8 {
starts 3 2004/04/12 09:34:12starts 3 2004/04/12 09:34:12
ends 6 2004/07/15 23:49:57ends 6 2004/07/15 23:49:57
hardware ethernet hardware ethernet 00:09:e6:88:0a:0500:09:e6:88:0a:05
}}
......
![Page 65: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/65.jpg)
2004 Agust 66
NFSNFS Related DaemonsRelated Daemons
rpc.nfsdrpc.nfsd rpc.portmaprpc.portmap rpc.mountdrpc.mountd
InstallationInstallation nfs-utilsnfs-utils portmapportmap
![Page 66: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/66.jpg)
67
NFS ConfigurationNFS Configuration Server SideServer Side
Edit /etc/exports fileEdit /etc/exports file
PATHPATHhost_lists(options)host_lists(options)
Run ‘exportfs –r’ commandRun ‘exportfs –r’ command ‘‘redhat-config-nfsredhat-config-nfs’ Command’ Command
Client SideClient Side mount –t nfs server:PATH mount –t nfs server:PATH
MountpointMountpoint Edit ‘/etc/fstab’ fileEdit ‘/etc/fstab’ file
server:PATH M.P.server:PATH M.P. nfsnfs roro 0000
![Page 67: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/67.jpg)
68
SAMBA (1)SAMBA (1) Related ServicesRelated Services
smbdsmbd nmbdnmbd
Related PackagesRelated Packages sambasamba samba-commonsamba-common samba-clientsamba-client
![Page 68: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/68.jpg)
69
SAMBA (2)SAMBA (2) Server ConfigurationServer Configuration
Global DirectivesGlobal Directives Service DirectivesService Directives
Client ConfigurationClient Configuration smbmount //server/share smbmount //server/share
/m.p./m.p. smbclient //server/sharesmbclient //server/share
Configuration with SWATConfiguration with SWAT
![Page 69: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/69.jpg)
70
RHCERed Hat Certified Engineer
M. A. AgheliM. A. Agheli
Session 13Session 13
![Page 70: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/70.jpg)
71
TCP/IP ServicesTCP/IP Services
Client Server
Process
Port
Port
Port
Process
2. Client binds to port
1. server binds to port and listens
4. Server designates port
3. Client connects to server
5. Client and server communicate
![Page 71: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/71.jpg)
72
Remote LoginRemote Login
TelnetTelnet Server & Client Server & Client
SSHSSH Server & ClientServer & Client
![Page 72: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/72.jpg)
73
The Apache Web ServerThe Apache Web Server ModulesModules
mod_authmod_auth mod_infomod_info mod_phpmod_php mod_includemod_include mod_perlmod_perl mod_sslmod_ssl
![Page 73: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/73.jpg)
74
Installation ApacheInstallation Apache
rpm –Uvh httpd-[^d]*.rpmrpm –Uvh httpd-[^d]*.rpm
rpm –Uvh httpd-devel*.rpmrpm –Uvh httpd-devel*.rpm(for support apache modules)(for support apache modules)
![Page 74: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/74.jpg)
75
Basic ConfigurationBasic Configuration
httpd.confhttpd.conf Section 1:Section 1:
The Global EnvironmentThe Global Environment Section 2:Section 2:
The Main ConfigurationThe Main Configuration Section 3:Section 3:
The Virtual Host The Virtual Host ConfigurationConfiguration
![Page 75: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/75.jpg)
76
Apache Advanced Apache Advanced ConfigurationConfiguration
Authentication in ApacheAuthentication in Apache Configure with PHPConfigure with PHP Configure with SSLConfigure with SSL Configure Virtual HostConfigure Virtual Host
![Page 76: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/76.jpg)
77
Authentication in ApacheAuthentication in Apache
<Location /dir_name><Location /dir_name>
AuthTypeAuthType BasicBasic
AuthNameAuthName “NAME”“NAME”
AuthUserFileAuthUserFile “.htpasswd”“.htpasswd”
RequireRequire valid-uservalid-user
</Location></Location>
Create ‘/etc/httpd/.htpasswd’ Create ‘/etc/httpd/.htpasswd’ filefile
Configuring ‘httpd.conf’ fileConfiguring ‘httpd.conf’ file
![Page 77: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/77.jpg)
78
Configure Apache with PHPConfigure Apache with PHP
rpm –Uvh php-4*.rpmrpm –Uvh php-4*.rpm
Configure Apache with SSLConfigure Apache with SSL rpm –Uvh mod_ssl*.rpmrpm –Uvh mod_ssl*.rpm
![Page 78: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/78.jpg)
79
Configure Virtual HostConfigure Virtual Host
<VirtualHost 127.0.0.2><VirtualHost 127.0.0.2>
ServerAdminServerAdmin [email protected]@vh.com
DocumentRootDocumentRoot /var/www/html//var/www/html/vh/vh/
ServerNameServerName www.vh.comwww.vh.com
</VirtualHost></VirtualHost>
Configuring ‘/etc/hosts’ fileConfiguring ‘/etc/hosts’ file Configuring ‘httpd.conf’ fileConfiguring ‘httpd.conf’ file
![Page 79: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/79.jpg)
80
StartStart StopStop RestartRestart ReloadReload StatusStatus
Apache AdministrationApache Administration
![Page 80: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/80.jpg)
81
Troubleshooting the ApacheTroubleshooting the Apache
/var/log/messages/var/log/messages
/var/log/httpd//var/log/httpd/
/usr/sbin/httpd –S /usr/sbin/httpd –S (for virtual host)(for virtual host)
![Page 81: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/81.jpg)
82
Securing Your NetworkSecuring Your Network Using ‘Using ‘lokkitlokkit’ or ‘’ or ‘redhat-redhat-
config-securitylevelconfig-securitylevel’ ’ CommandCommand
Password & Physical SecurityPassword & Physical Security Securing TCP/IPSecuring TCP/IP Using TripwireUsing Tripwire Keeping Up-to-Date on Linux Keeping Up-to-Date on Linux
Security IssuesSecurity Issues
![Page 82: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/82.jpg)
83
RHCERed Hat Certified Engineer
M. A. AgheliM. A. Agheli
Session 14Session 14
![Page 83: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/83.jpg)
84
FTPFTP InstallationInstallation
rpm –ivh vsftp*.rpmrpm –ivh vsftp*.rpm Config FileConfig File
/etc/vsftpd/vsftpd.conf/etc/vsftpd/vsftpd.conf Access LevelsAccess Levels
Anonymouse Access Anonymouse Access ((anonymouse_enableanonymouse_enable))
User Access (User Access (tcp_wrappers needstcp_wrappers needs))
![Page 84: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/84.jpg)
85
Cache Server (Squid)Cache Server (Squid)
Install squidInstall squid rpm –ivh squid*.rpmrpm –ivh squid*.rpm
Managing squidManaging squid start, stop, restart, start, stop, restart,
status, reloadstatus, reload
![Page 85: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/85.jpg)
86
Squid Log FilesSquid Log Files /var/log/squid/access.log /var/log/squid/access.log
((cache_access_logcache_access_log)) //varvar//loglog//squidsquid//cachecache..log log
((cache_logcache_log)) //varvar//loglog//squidsquid//storestore..loglog
((cache_store_logcache_store_log))
![Page 86: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/86.jpg)
87
An Example of ‘squid.conf’An Example of ‘squid.conf’http_port 8081http_port 8081
cache_effective_user squidcache_effective_user squid
cache_effective_group squidcache_effective_group squid
acl all src 0.0.0.0/0.0.0.0acl all src 0.0.0.0/0.0.0.0
http_access allow allhttp_access allow all
cache_dir ufs /cache 1024 16 cache_dir ufs /cache 1024 16 3232
visible_hostname ws1visible_hostname ws1
![Page 87: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/87.jpg)
88
Running SquidRunning Squid service squid startservice squid start
squid –d1 –zsquid –d1 –z
squid –d1 –f squid –d1 –f
/etc/squid/squid.conf/etc/squid/squid.conf
![Page 88: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/88.jpg)
89
The Kind of ProxiesThe Kind of Proxies Upstream ProxyUpstream Proxy
cache_peer cache_peer youryourproxy.com parent proxy.com parent 3128 31303128 3130
prefer_direct ofprefer_direct offf
Transparent Transparent ProxyProxyhttpd_accel_host virtualhttpd_accel_host virtual
httpd_accel_port 80httpd_accel_port 80
httpd_accel_with_proxy onhttpd_accel_with_proxy on
httpd_accel_uses_host_header onhttpd_accel_uses_host_header on
![Page 89: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/89.jpg)
90
RHCERed Hat Certified Engineer
M. A. AgheliM. A. Agheli
Session 15Session 15
![Page 90: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/90.jpg)
91
Configuring a Linux RouterConfiguring a Linux Router
Configuring KernelConfiguring KernelIP: advanced routerIP: advanced router
Enable IP ForwadingEnable IP ForwadingAdd ‘net.ipv4.ip_forward=1’ to Add ‘net.ipv4.ip_forward=1’ to
/etc/sysctl.conf/etc/sysctl.confecho “1” > echo “1” >
/proc/sys/net/ipv4/ip_forward/proc/sys/net/ipv4/ip_forward
![Page 91: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/91.jpg)
92
Type of RoutesType of Routes
Static routeStatic route
Dynamic Dynamic routeroute
![Page 92: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/92.jpg)
93
Components of Routing RulesComponents of Routing Rules
Destination IP Destination IP AddressAddress
An InterfaceAn Interface An Optional Gateway An Optional Gateway
IP AddressIP Address
![Page 93: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/93.jpg)
94
Routing CommandRouting Command route add –net route add –net net_addrnet_addr
netmask netmask mask_addrmask_addr interfaceinterface
route add –host route add –host ip_addrip_addr interfaceinterface
route add default gateway route add default gateway ip_addrip_addr interfaceinterface
![Page 94: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/94.jpg)
95
A
192.168.1.2
B
192.168.1.3
C
192.168.1.4
D
192.168.1.5
E
192.168.100.2
F
192.168.100.3
G
192.168.100.4
H
192.168.100.5
Gateway 192.168.1.1
192.168.100.110.1.1.1
Router 10.1.1.2
Internet
eth0 eth1
eth2
An ExampleAn Example
![Page 95: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/95.jpg)
96
Related RulesRelated Rules route add –net 192.168.1.0 netmask route add –net 192.168.1.0 netmask
255.255.255.0 eth0255.255.255.0 eth0 route add –net 192.168.100.0 netmask route add –net 192.168.100.0 netmask
255.255.255.0 eth1255.255.255.0 eth1 route add –net 10.1.1.0 netmask route add –net 10.1.1.0 netmask
255.255.255.0 eth2255.255.255.0 eth2 route add default gateway 10.1.1.2 eth2route add default gateway 10.1.1.2 eth2
![Page 96: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/96.jpg)
97
ResultResultDestinationDestinationGatewayGatewayGenmaskGenmaskFlagsFlagsMetrMetr
icicRefRefUsUs
eeIfaceIface
192.168.1.1192.168.1.1**255.255.255.255.255.255.255255UHUH000000eth0eth0
192.168.100192.168.100.1.1
**255.255.255.255.255.255.255255UHUH000000Eth1Eth1
10.1.1.110.1.1.1**255.255.255.255.255.255.255255UHUH000000Eth2Eth2
192.168.1.0192.168.1.0**255.255.255.255.255.255.00
UU000000eth0eth0
192.168.100192.168.100.0.0
**255.255.255.255.255.255.00
UU000000Eth1Eth1
10.1.1.010.1.1.0**255.255.255.255.255.255.00
UU000000Eth2Eth2
0.0.0.00.0.0.010.1.1.10.1.1.22
0.0.0.00.0.0.0UGUG000000eth2eth2
127.0.0.0127.0.0.0**255.0.0.0255.0.0.0UU000000lolo
U: Network link is up H: Dest. Addr. Refers to a host G: Gateway
![Page 97: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/97.jpg)
98
Electronic Electronic MailMail
(Sendmail)(Sendmail)
![Page 98: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/98.jpg)
99
How Email Is Sent and ReceivedHow Email Is Sent and Receivedmail2 MTA
[email protected]@mail1.com
mail1 MTA
?
?
![Page 99: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/99.jpg)
100
ConceptsConcepts MTA : MTA : Mail Transport AgentMail Transport Agent SMTP (server-to-server)SMTP (server-to-server)
Simple Mail Transport ProtocolSimple Mail Transport Protocol POP (Mail Access)POP (Mail Access)
Post Office ProtocolPost Office Protocol IMAP (Mail Access)IMAP (Mail Access)
Interim Mail Access ProtocolInterim Mail Access Protocol MDA : MDA : Mail Delivery AgentMail Delivery Agent MUA : MUA : Mail User AgentMail User Agent
![Page 100: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/100.jpg)
101
Advantage of SendmailAdvantage of Sendmail Older MTAOlder MTA Powerful MTAPowerful MTA
Disadvantage of SendmailDisadvantage of Sendmail SlowSlow High Load EnvironmentHigh Load Environment Crypto ConfigurationCrypto Configuration
![Page 101: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/101.jpg)
102
MTAsMTAs SendmailSendmail PostfixPostfix EximExim QmailQmail
MUAsMUAs Evolution, KmailEvolution, Kmail
(KDE)(KDE) BalsaBalsa (GNOME)(GNOME) Mozilla MailMozilla Mail
![Page 102: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/102.jpg)
103
Required PackagesRequired Packages sendmailsendmail sendmail-cfsendmail-cf imap imap (Config xinetd)(Config xinetd)
(contains IMAP & (contains IMAP & POP3)POP3)
![Page 103: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/103.jpg)
104
Sendmail Sendmail ConfigurationConfiguration
Config Config ‘/etc/mail/sendmail.mc’ file‘/etc/mail/sendmail.mc’ file LOCAL_DOMAIN(‘example.coLOCAL_DOMAIN(‘example.co
m’)dnlm’)dnl Run ‘make –C /etc/mail/’Run ‘make –C /etc/mail/’ Config DNSConfig DNS
![Page 104: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/104.jpg)
105
Email AliasesEmail Aliases Edit ‘/etc/aliases’ fileEdit ‘/etc/aliases’ file
postmaster: josephpostmaster: joseph
Run ‘newaliases’ CommandRun ‘newaliases’ Command
![Page 105: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/105.jpg)
106
Rejecting EmailRejecting Email Edit ‘/etc/mail/access’ fileEdit ‘/etc/mail/access’ file
spam.comspam.com REJECTREJECT
yahoo.comyahoo.com OKOK
service sendmail restartservice sendmail restart
![Page 106: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/106.jpg)
107
RHCERed Hat Certified Engineer
M. A. AgheliM. A. Agheli
Session 16Session 16
![Page 107: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/107.jpg)
108
DNSDNS
![Page 108: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/108.jpg)
109
Where do I lookWhere do I look??
/etc/nsswitch.conf/etc/nsswitch.conf (nameservice switch)(nameservice switch)
t@localhost:~$ cat /etc/nsswitch.conft@localhost:~$ cat /etc/nsswitch.conf
hosts: files dnshosts: files dns
![Page 109: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/109.jpg)
110
FilesFiles Search order determined by Search order determined by
nsswitch.confnsswitch.conf It is polite to have /etc/hosts It is polite to have /etc/hosts
first!first!
sjh@mccoy:~$ cat /etc/hostssjh@mccoy:~$ cat /etc/hosts
127.0.0.1127.0.0.1 localhostlocalhost
193.62.81.135193.62.81.135 mccoy.tardis.ed.ac.uk mccoymccoy.tardis.ed.ac.uk mccoy
193.62.81.134193.62.81.134 baker.tardis.ed.ac.uk bakerbaker.tardis.ed.ac.uk baker
193.62.81.132193.62.81.132 packages.tardis.ed.ac.uk packagespackages.tardis.ed.ac.uk packages
![Page 110: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/110.jpg)
111
DNS TraversalDNS Traversal
1.1. Local filesLocal files
2.2. Dns server locallyDns server locally
3.3. Item in cache?Item in cache?
4.4. Root server, work your Root server, work your way down…way down…
![Page 111: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/111.jpg)
112
Resolving NamesResolving Names
Configuration Files for the Configuration Files for the Local Host Name Resolution Local Host Name Resolution (important for testing)(important for testing) /etc/resolv.conf/etc/resolv.conf /etc/nsswitch.conf/etc/nsswitch.conf /etc/host.conf/etc/host.conf
![Page 112: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/112.jpg)
113
DNSDNS
BIND – Berkley Internet Name BIND – Berkley Internet Name DaemonDaemon
Dents – buggy as hell (still in alpha?)Dents – buggy as hell (still in alpha?) Djbdns – Dan Bernstein’s DNS serverDjbdns – Dan Bernstein’s DNS server Banyan VINES – don’t go there!Banyan VINES – don’t go there!
![Page 113: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/113.jpg)
114
Named (name dee)Named (name dee) /etc/named.conf:/etc/named.conf:
this defines a directory to store the DNS config this defines a directory to store the DNS config filesfiles
Contains info about what zones we serve, and Contains info about what zones we serve, and where to find config files!where to find config files!
Config file for named – tells us if we are master / Config file for named – tells us if we are master / slave, allow or deny zone transfers, what the IPs of slave, allow or deny zone transfers, what the IPs of other master / slave servers are, etc.other master / slave servers are, etc.
<DNSROOT>/root.hints: <DNSROOT>/root.hints: Contains "pointers" to the Root ServersContains "pointers" to the Root Servers
<DNSROOT>/127.0.0: <DNSROOT>/127.0.0: Config for reverse-lookup to the local host/subnetConfig for reverse-lookup to the local host/subnet
<DNSROOT>/<zone>:<DNSROOT>/<zone>: Config for zoneConfig for zone
<DNSROOT>/<in-addr.arpa file> <DNSROOT>/<in-addr.arpa file> Config for reverse lookup for your zoneConfig for reverse lookup for your zone
![Page 114: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/114.jpg)
115
A simple named.confA simple named.conf## named.custom - custom configuration for bind## named.custom - custom configuration for bind
zone "." { zone "." {
type hint; type hint;
file "root.lists";file "root.lists";
};};
options {options {
directory "/var/named/";directory "/var/named/";
};};
zone "0.0.127.in-addr.arpa" {zone "0.0.127.in-addr.arpa" {
type master;type master;
file "127.0.0";file "127.0.0";
};};
zone "hq.alim.ir" {zone "hq.alim.ir" {
type master;type master;
file "hq.alim.ir";file "hq.alim.ir";
};};
zone "168.168.192.in-addr.arpa" {zone "168.168.192.in-addr.arpa" {
type master;type master;
file "192.168.168";file "192.168.168";
};};
![Page 115: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/115.jpg)
116
DNS DataDNS DataDNS databases contain more than DNS databases contain more than
just hostname-to-address records:just hostname-to-address records: SOA – Start Of Authority – it is the SOA – Start Of Authority – it is the
daddy!daddy! IN NS – Name ServerIN NS – Name Server IN MX – Mail eXchangerIN MX – Mail eXchanger IN A – A record (Address record)IN A – A record (Address record) IN CNAME – Canonical NAMEIN CNAME – Canonical NAME
![Page 116: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/116.jpg)
117
A simple zone fileA simple zone file@ IN SOA hq.alim.ir. root.hq.alim.ir. (@ IN SOA hq.alim.ir. root.hq.alim.ir. (
199609206 ; serial, todays date + todays serial 199609206 ; serial, todays date + todays serial ##
8H ; refresh, seconds8H ; refresh, seconds
2H ; retry, seconds2H ; retry, seconds
4W ; expire, seconds4W ; expire, seconds
1D ) ; minimum, seconds1D ) ; minimum, seconds
NSNS hq.alim.ir.hq.alim.ir.
MXMX 10 hq.alim.ir. ; Primary Mail Exchanger10 hq.alim.ir. ; Primary Mail Exchanger
TXTTXT "Alim IT Center""Alim IT Center"
localhostlocalhost A 127.0.0.1A 127.0.0.1
routerrouter A 192.168.168.1A 192.168.168.1
hq.alim.ir.hq.alim.ir. A 192.168.168.2A 192.168.168.2
nsns A 192.168.168.3A 192.168.168.3
wwwwww A 207.159.141.192A 207.159.141.192
ftpftp CNAMECNAME hq.alim.ir.hq.alim.ir.
mailmail CNAMECNAME hq.alim.ir.hq.alim.ir.
newsnews CNAMECNAME hq.alim.ir.hq.alim.ir.
![Page 117: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/117.jpg)
118
A simple in-addr.arpa fileA simple in-addr.arpa file$TTL 3D$TTL 3D
@ IN SOA hq.alim.ir. root.hq.alim.ir. (@ IN SOA hq.alim.ir. root.hq.alim.ir. (
199609206 ; Serial199609206 ; Serial
28800 ; Refresh28800 ; Refresh
7200 ; Retry7200 ; Retry
604800 ; Expire604800 ; Expire
86400) ; Minimum TTL86400) ; Minimum TTL
NS hq.alim.ir.NS hq.alim.ir.
; Servers; Servers
1 PTR router.hq.alim.ir.1 PTR router.hq.alim.ir.
2 PTR hq.alim.ir.2 PTR hq.alim.ir.
2 PTR funn.hq.alim.ir.2 PTR funn.hq.alim.ir.
; Workstations; Workstations
200 PTR ws-177200.hq.alim.ir.200 PTR ws-177200.hq.alim.ir.
201 PTR ws-177201.hq.alim.ir.201 PTR ws-177201.hq.alim.ir.
202 PTR ws-177202.hq.alim.ir.202 PTR ws-177202.hq.alim.ir.
![Page 118: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/118.jpg)
119
Forward DNSForward DNS hq.alim.ir (as per /etc/named.conf)hq.alim.ir (as per /etc/named.conf)
SOA – Start Of Authority – it is the SOA – Start Of Authority – it is the daddy!daddy!
IN NS – Name ServerIN NS – Name Server IN MX – Mail eXchangerIN MX – Mail eXchanger IN A – A record (Address record)IN A – A record (Address record) IN CNAME – Canonical NAMEIN CNAME – Canonical NAME
![Page 119: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/119.jpg)
120
Reverse DNSReverse DNS
192.168.168192.168.168 ( (as per as per /etc/named.conf/etc/named.conf))
SOASOA IN NSIN NS IN PTR – PointerIN PTR – Pointer
![Page 120: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/120.jpg)
121
DNS Round RobinDNS Round Robin Fault tolerance? Through Fault tolerance? Through
nifty DNS hacksnifty DNS hacks
www.teviot.com.www.teviot.com. 6060 ININ AA 10.0.1.10010.0.1.100
www.teviot.com.www.teviot.com. 6060 ININ AA 10.0.2.10010.0.2.100
www.teviot.com.www.teviot.com. 6060 ININ AA 10.0.3.10010.0.3.100
![Page 121: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/121.jpg)
122
Common MistakesCommon Mistakes Forgetting to increment the Serial Forgetting to increment the Serial
Number!Number! CNAME pointing at another CNAME!CNAME pointing at another CNAME! Forgetting the “.” In appropriate places!Forgetting the “.” In appropriate places! Underscores in hostnames!Underscores in hostnames! Forgetting to reload the daemon!Forgetting to reload the daemon! Version control issues – clobber changes!Version control issues – clobber changes! TTL IssuesTTL Issues
![Page 122: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/122.jpg)
123
Test ToolsTest Tools nslookupnslookup digdig
dig mail.hq.alim.irdig mail.hq.alim.ir dig -x 192.168.168.2dig -x 192.168.168.2 dig 168.168.192.in-addr.arpa. AXFRdig 168.168.192.in-addr.arpa. AXFR
whoiswhois
http://www.squish.net/dnscheck/http://www.squish.net/dnscheck/ James Ponder’s DNS check web pageJames Ponder’s DNS check web page
![Page 123: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/123.jpg)
124
RHCERed Hat Certified Engineer
M. A. AgheliM. A. Agheli
Session 17Session 17
![Page 124: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/124.jpg)
125
FirewallFirewall
ControlControlAllow only those packets that you Allow only those packets that you
are interested to pass through.are interested to pass through. SecuritySecurity
Reject packets from malicious Reject packets from malicious outsidersoutsiders
WatchfulnessWatchfulnessLog packets to/from outside worldLog packets to/from outside world
Required PropertiesRequired Properties::
![Page 125: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/125.jpg)
126
Firewall TypesFirewall Types
Packet FilteringPacket Filtering
Proxy-Based FirewallProxy-Based Firewall
Statefull
Stateless
![Page 126: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/126.jpg)
127
Packet Filter under LinuxPacket Filter under Linux 11st generationst generation
ipfw (from BSD)ipfw (from BSD) 2nd generation2nd generation
ipfwadm (Linux 2.0)ipfwadm (Linux 2.0) 3rd generation3rd generation
ipchains (Linux 2.2)ipchains (Linux 2.2) 4th generation4th generation
iptable (Linux 2.4 & 2.6)iptable (Linux 2.4 & 2.6)
![Page 127: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/127.jpg)
128
Installing IptablesInstalling Iptables Kernel Supports IptablesKernel Supports Iptables
Networking Options -> TCP/IP Networking ->Network Networking Options -> TCP/IP Networking ->Network Packet FilteringPacket Filtering
Networking Options -> TCP/IP Networking ->IP: advanced Networking Options -> TCP/IP Networking ->IP: advanced router -> *router -> *
Networking Options -> IP: NetfilterNetworking Options -> Networking Options -> IP: NetfilterNetworking Options -> IP: NetfilterIP: Netfilter
For Packets Traffic Control :For Packets Traffic Control : Networking Options> QoS and/or fair queueing -> *Networking Options> QoS and/or fair queueing -> *
# rpm -ivh \# rpm -ivh \
iptables-1.2.6a-2.i386.rpm iptables-1.2.6a-2.i386.rpm
![Page 128: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/128.jpg)
129
INPUTINPUT Controls packets entering your systemControls packets entering your system
OUTPUTOUTPUT Controls packets leaving your systemControls packets leaving your system
FORWARDFORWARD Controls what packets can move from Controls what packets can move from
one network to another through your one network to another through your systemsystem
Chains of TablesChains of Tables
![Page 129: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/129.jpg)
130
Forward
Input
Output
Local Process
RoutingDecision
![Page 130: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/130.jpg)
131
1.1. When a packet comes in, the kernel When a packet comes in, the kernel first looks at the destination of the first looks at the destination of the packet: this is called routing.packet: this is called routing.
2.2. If it’s destined for this boxIf it’s destined for this box• Passes downwards in the diagramPasses downwards in the diagram• To INPUT chainTo INPUT chain
If it passes, any processes waiting for that If it passes, any processes waiting for that packet will receive it.packet will receive it.
Otherwise go to step 3Otherwise go to step 3
Continue…
![Page 131: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/131.jpg)
132
3.3. If forwarding is not enabled The If forwarding is not enabled The packet will be droppedpacket will be droppedIf forwarding is enable and the packet is destined for another If forwarding is enable and the packet is destined for another network interface.network interface.
The packet goes rightwards on our diagram to the The packet goes rightwards on our diagram to the FORWARD chain.FORWARD chain.
If it is accepted, it will be sent out.If it is accepted, it will be sent out.
4.4. Packets generated from local process Packets generated from local process pass to the OUPUT chain pass to the OUPUT chain immediately.immediately.If its says accept, the packet will be sent out.If its says accept, the packet will be sent out.
![Page 132: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/132.jpg)
133
Packet Status in Packet Status in IptablesIptables
EstablishedEstablished NewNew RelatedRelated InvalidInvalid
![Page 133: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/133.jpg)
134
Results of Packet CheckingResults of Packet Checking
ACCEPTACCEPT DROPDROP REJECTREJECT ……
![Page 134: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/134.jpg)
135
Tables of IptablesTables of Iptables
FilterFilter NATNAT MangleMangle
![Page 135: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/135.jpg)
136
Network
Mangle TablePREROUTING Chain
NAT TablePREROUTING Chain Destination NAT
Mangle INPUT
Filter INPUT
Local process
Routing decision
Mangle OUTPUT
Mangle FORWARD
Mangle POSTROUTING
NATPOSTROUTING Chain
Network
Source NAT
Based on routing
Routingdecision
The Path of Packet The Path of Packet in Iptablesin Iptables
NAT OUTPUT
Filter OUTPUT
Filter FORWARD
![Page 136: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/136.jpg)
137
Tables of ChainsTables of Chains
ChainChain
tabletableINPUINPU
TTOUTPUOUTPU
TTFORWARFORWAR
DDPREROUTINPREROUTIN
GGPOSTROUPOSTROU
TINGTING
MANGLMANGLEE**********
NATNAT--**--****
FILTERFILTER******----
![Page 137: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/137.jpg)
138
Building a Rule source/destinationBuilding a Rule source/destination
iptables –s 200.200.200.1iptables –s 200.200.200.1 Refers to packet from a specific IP addressRefers to packet from a specific IP address The “-s” refers to the source of the packet, The “-s” refers to the source of the packet,
where the packet is coming from.where the packet is coming from. A corresponding “-d” refers to the A corresponding “-d” refers to the
destination, where the packet is going to.destination, where the packet is going to.
![Page 138: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/138.jpg)
139
Building a Rule ActionBuilding a Rule Action iptables –s 200.200.200.1 iptables –s 200.200.200.1 -j DROP-j DROP
The “-j” determines what happens to theThe “-j” determines what happens to the
Building a RuleBuilding a RuleIP address rangesIP address ranges
iptables –s iptables –s 200.200.200.0/24200.200.200.0/24 -j DROP -j DROP IPs that match 200.200.200.*IPs that match 200.200.200.* The “/24” refers to the number of bits that The “/24” refers to the number of bits that
are fixed, counting from the left.are fixed, counting from the left.
![Page 139: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/139.jpg)
140
Other ActionsOther Actions
REDIRECTREDIRECT Sends packets to a proxySends packets to a proxy
LOGLOG Tracks packets as they match Tracks packets as they match
rulesrules RETURNRETURN
Terminates user defined chainsTerminates user defined chains
![Page 140: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/140.jpg)
141
Building a RuleBuilding a Ruleappending rules to tablesappending rules to tables
iptables iptables –A–A INPUT INPUT –s 200.200.200.1 -j DROP –s 200.200.200.1 -j DROP The “-A” appends the rule to an iptableThe “-A” appends the rule to an iptable The “INPUT” specifies the iptableThe “INPUT” specifies the iptable This command makes your system to ignore all This command makes your system to ignore all
packets from 200.200.200.1packets from 200.200.200.1 iptables –A iptables –A OUTPUT OUTPUT –d–d 200.200.200.1 –j DROP 200.200.200.1 –j DROP
This command does not allow your system to sent packets This command does not allow your system to sent packets to 200.200.200.1to 200.200.200.1
![Page 141: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/141.jpg)
142
Building a RuleBuilding a Ruleonly blocking some packetsonly blocking some packets
iptables –A INPUT –s 200.200.200.1iptables –A INPUT –s 200.200.200.1 –p tcp --–p tcp --destination-port telenetdestination-port telenet –j DROP–j DROP The “-p” specifies a specific protocol: tcp, udp, or The “-p” specifies a specific protocol: tcp, udp, or
icmpicmp The “-destination-port” is where the packet is goingThe “-destination-port” is where the packet is going
You can user the service name or the port numberYou can user the service name or the port number Could use 23 in this exampleCould use 23 in this example
Keep in mind that the source-port is very different from Keep in mind that the source-port is very different from the destination-port. In this example the inbound message the destination-port. In this example the inbound message is going to your telenet server. The telenet client that is is going to your telenet server. The telenet client that is sending you the message could be running on any port.sending you the message could be running on any port.
--dport == --destination-port--dport == --destination-port --sport == --source-port--sport == --source-port
![Page 142: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/142.jpg)
143
Building a RuleBuilding a Rulemultiple network interfacesmultiple network interfaces
Assume your machine has two interface cards. One to a Assume your machine has two interface cards. One to a LAN named eth0 and the other to the Internet named ppp0LAN named eth0 and the other to the Internet named ppp0
iptables –A INPUT –p tcp --dport telnet –i ppp0 –j DROPiptables –A INPUT –p tcp --dport telnet –i ppp0 –j DROP The “-i” option specifies the input interfaceThe “-i” option specifies the input interface
The is also a “-o” option for the output interfaceThe is also a “-o” option for the output interface
iptables –A INPUT –p tcp --dport telnet –i eth0 –j ACCEPTiptables –A INPUT –p tcp --dport telnet –i eth0 –j ACCEPT
Together these rules would accept telnet requests from the Together these rules would accept telnet requests from the LAN but block telnet requests from the Internet.LAN but block telnet requests from the Internet.
![Page 143: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/143.jpg)
144
Building a Rule Table PoliciesBuilding a Rule Table Policies
iptables –P FORWARD ACCEPTiptables –P FORWARD ACCEPT The “-P” option followed by a table name The “-P” option followed by a table name
and action determines the default policy and action determines the default policy of the table. If no rule in the table of the table. If no rule in the table matches this default action is taken.matches this default action is taken.
The usual policies areThe usual policies are INPUT = ACCEPTINPUT = ACCEPT OUTPUT = ACCEPTOUTPUT = ACCEPT FORWARD = DENYFORWARD = DENY
![Page 144: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/144.jpg)
145
Building a RuleBuilding a RuleAdding Rules to TablesAdding Rules to Tables
iptables –A INPUT –s 200.200.200.1 -j DROPiptables –A INPUT –s 200.200.200.1 -j DROP Appends the rule to the end of the tableAppends the rule to the end of the table
iptables –I INPUT 3 –s 200.200.200.1 -j DROPiptables –I INPUT 3 –s 200.200.200.1 -j DROP Inserts the rule as rule 3 in the table, moving all Inserts the rule as rule 3 in the table, moving all
other rules down 1.other rules down 1. iptables –R INPUT 3 –s 200.200.200.1 -j DROPiptables –R INPUT 3 –s 200.200.200.1 -j DROP
Replaces rule 3 in the tableReplaces rule 3 in the table iptables –D INPUT 3 iptables –D INPUT 3
Deletes rule 3 in the tableDeletes rule 3 in the table
![Page 145: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/145.jpg)
146
Operations to manage whole Operations to manage whole chainschains
--NNCreate a new chainCreate a new chain
--XXDelete an empty chainDelete an empty chain
--PPChange the policy for a built-in Change the policy for a built-in chainchain
--LLList the rules in a chainList the rules in a chain
--FFFlush the rules out of a chainFlush the rules out of a chain
--ZZZero the packet and byte counters Zero the packet and byte counters on all rules in a chainon all rules in a chain
![Page 146: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/146.jpg)
147
Manipulate rules inside a chainManipulate rules inside a chain
--AAAppend a new rule to a chainAppend a new rule to a chain
--IIInsert a new rule at some Insert a new rule at some position in a chainposition in a chain
--RRReplace a rule at some position Replace a rule at some position in a chainin a chain
--DDDelete a rule at some position in Delete a rule at some position in a chaina chain
--D D Delete the first rule that Delete the first rule that matches in a chainmatches in a chain
![Page 147: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/147.jpg)
148
An ExampleAn Example
192.168.1.5 GW: 192.168.1.1
192.168.1.6 GW: 192.168.1.1
192.168.1.7 GW: 192.168.1.1
192.168.1.1
Internet
Firewall
eth0
eth1Web Server
SSH ServerAccessible ONLY via LAN
![Page 148: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/148.jpg)
149
RHCERed Hat Certified Engineer
M. A. AgheliM. A. Agheli
Session 18Session 18
AdvancedAdvanced
![Page 149: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/149.jpg)
150
Traffic Shaping (CBQ)Traffic Shaping (CBQ) /etc/rc.d/init.d/cbq.init/etc/rc.d/init.d/cbq.init
((http://ovh.dl.sourceforge.net/sourceforge/cbqinit/cbq.init-v0.7.3http://ovh.dl.sourceforge.net/sourceforge/cbqinit/cbq.init-v0.7.3))
Install ‘shapecfg’ RPMInstall ‘shapecfg’ RPM
/etc/sysconfig/cbq/*/etc/sysconfig/cbq/*(0002-(0002-FFFF)FFFF)
/etc/rc.d/init.d/cbq.init start/etc/rc.d/init.d/cbq.init start
![Page 150: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/150.jpg)
151
Sample of CBQ Sample of CBQ ConfigurationConfiguration
DEVICE=eth0,10Mbit,1MDEVICE=eth0,10Mbit,1Mbit RATE=10 Kbit bit RATE=10 Kbit
PRIO=5PRIO=5
RULE=:21,192.168.1.0/24RULE=:21,192.168.1.0/24
![Page 151: Complete RHCE doc](https://reader031.fdocuments.net/reader031/viewer/2022020710/546bdd05b4af9f4c628b4628/html5/thumbnails/151.jpg)
152
The EndGood Luck