1 / 15

COP 4343 Unix System Administration

COP 4343 Unix System Administration. Unit 12: basic network services concepts dhcpd, named superserver. Basic Network Services. service listens on port for requests examples: http uses port 80 ssh uses port 22 firewall must allow IP packets through /etc/sysconfig/iptables

joelle-lancaster
Télécharger la présentation

COP 4343 Unix System Administration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COP 4343Unix System Administration Unit 12: basic network services concepts dhcpd, named superserver

  2. Basic Network Services • service listens on port for requests • examples: • http uses port 80 • ssh uses port 22 • firewall must allow IP packets through • /etc/sysconfig/iptables • service iptables restart

  3. /etc/sysconfig/iptables # ftp -A RH-Firewall-1-INPUT -p tcp --dport 20 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp --dport 21 -j ACCEPT # ssh -A RH-Firewall-1-INPUT -p tcp --dport 22 -j ACCEPT # http -A RH-Firewall-1-INPUT -p tcp --dport 80 -j ACCEPT # mail -A RH-Firewall-1-INPUT -p tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp --dport 143 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp --dport 587 -j ACCEPT

  4. Basic Network Services • examples: • dhcpd: UPD ports 67 and 68 • named: UPD port 53 • superserver: can be configured to listen on any port

  5. dhcpd server • install dhcpd package • configuration file: /etc/dhcpd.conf • enable in run-level

  6. dhcpd configuration example subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.2 192.168.0.8; Range of available IP addresses default-lease-time 604800; Default lease time in seconds max-lease-time 604800; Maximum time a lease will be given option subnet-mask 255.255.255.0; subnetmask given to clients option domain-name-servers 1.2.3.4, 1.2.3.5; List of name server IP addresses option domain-name "your.domain.name"; option routers 192.168.0.1; Gateway router }

  7. named server • implements domain name server (DNS) • Configuration file: /var/named/chroot/etc/named.conf • example: zone "ege.com" { type master; file "ege.hosts"; };

  8. Example: ege.hosts @ IN SOA ege.com. raimund.ege.com. ( 75 8H ; refresh 2H ; retry 1W ; expire 1H) ; min time to live NS ns3.ege.com. NS ns4.ege.com. MX 10 mail.ege.com. TXT "Ege Consulting Inc" A 131.94.130.39 mail A 131.94.130.39 ns3 A 131.94.130.39 ns4 A 66.92.213.193 instructor A 131.94.132.84 www.instructor A 131.94.132.84

  9. Superserver • configurable server to handle multiple network services • xinetd • xinetd.conf • xinetd.d • listens on multiple network ports and starts the appropriate service when a client connects to that port • traditional Unix: inetd

  10. example configuration file service echo { type = INTERNAL id = echo-stream socket_type = stream protocol = tcp user = root wait = no disable = yes }

  11. example configuration file service ntalk { disable = yes socket_type = dgram wait = yes user = root group = tty server = /usr/bin/ktalkd }

  12. xinetd security • enable port in firewall • iptables • host specific: • /etc/hosts.allow • /etc/hosts.deny

  13. xinetd • to enable: disable = no • reload xinetd service service xinetd reload • test via telnet host port

  14. example services port 7: echo • repeats back whatever you type port 19: chargen • returns a character stream until control-D port 9: discard • like /dev/null port 37: time • returns a number corresponding to the current time port 13: daytime • returns the current date/time in human-readable form

  15. Services Beyond the Superserver • services do not rely on superservers: • Apache Web • SMTP • FTP • ... • run as service in run level

More Related