1 / 56

LINUX NETWORKING ……. By : SHAIVI KOCHAR 11CSS56

LINUX NETWORKING ……. By : SHAIVI KOCHAR 11CSS56. Dynamic Host Configuration Protocol (DHCP).

nadine
Télécharger la présentation

LINUX NETWORKING ……. By : SHAIVI KOCHAR 11CSS56

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LINUX NETWORKING…….By : SHAIVI KOCHAR11CSS56

  2. Dynamic Host Configuration Protocol (DHCP) The Dynamic Host Configuration Protocol (DHCP) is a client server protocol that automatically provides an Internet Protocol host with its IP address and other related configuration information such as the subnet mask and default gateway DHCP allows host to obtain necessary TCP/IP configuration information from a DHCP server. Computers configured to be DHCP clients have no control over the settings they receive from the DHCP server, and the configuration is transparent to the computer's user.

  3. DHCP Contd.. The most common settings provided by a DHCP server to DHCP clients include: IP-Address and Netmask DNS : Domain Name System. WINS : Window Internet Naming Service.

  4. A DHCP server can provide configuration settings using two methods: MAC Address : This method entails using DHCP to identify the unique hardware address of each network card connected to the network and then continually supplying a constant configuration each time the DHCP client makes a request to the DHCP server using that network device. Address Pool : This method entails defining a pool (sometimes also called a range or scope) of IP addresses from which DHCP clients are supplied their configuration properties dynamically and on a "first come, first served" basis. When a DHCP client is no longer on the network for a specified period, the configuration is expired and released back to the address pool for use by other DHCP Clients.

  5. Advantage of using DHCP • Reliable IP Address configuration : DHCP minimizes configuration errors caused by manual IP address configuration such as typographical error, or address conflicts caused by the assignment of an IP address to more than one computer at a same time. • Reduced Network Administration : • Centralized and automated TCP/IP configuration. • The efficient handling of IP address changes for client that must be updated frequently , such as those for portable computers that move to different locations on a wireless network. • The ability to assign a full range of additional TCP/IP configuration values by means of DHCP options.

  6. Installation • Enter the following command to install dhcpd • sudo apt-get install dhcp3-server

  7. Configuration Most commonly, what you want to do is assign an IP address randomly. This can be done with settings as follows: # Sample /etc/dhcpd.conf # (add your comments here) default-lease-time 600; max-lease-time 7200; option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.254; option domain-name-servers 192.168.1.1, 192.168.1.2; option domain-name "mydomain.example"; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.10 192.168.1.100; range 192.168.1.150 192.168.1.200; }

  8. After changing the /etc/dhcpd.conf file restart the service : • sudoservice isc-dhcp-server restart • To check for all active internet connections • sudonetstat -uap

  9. Network Time Protocol

  10. TIME SYNCHRONIZATION USING NTP • This describes methods for automatically keeping your computer's time accurate. • This is extremely useful for servers, and is also recommended for desktop machines. • Network Time Protocol (NTP) is a UDP/IP protocol for synchronizing time over a network connection. • Basically a client requests the current time from a server, and then uses the servers response to set its own clock.

  11. NTP Contd.. • Beyond this simple description, there is a lot of complexity. There are multiple tiers of NTP servers • The tier one servers : NTP servers connected to atomic clocks (often via GPS) • The tier two and three servers : NTP servers spreading the load of actually handling requests across the internet.

  12. UBUNTU HAS TWO WAYS OF AUTOMATICALLY SETTING YOUR TIME : ntpdateAND ntpd NTPDATE • Ubuntu comes with ntpdate as standard, and will run it once at boot time to set up your time according to Ubuntu's NTP server. However, a server's clock is likely to drift considerably between reboots, so it makes sense to correct the time occasionally. The easiest way to do this is to get cron to run ntpdate every day. • Create a file /etc/cron.daily/ntpdate containing: • ntpdate ntp.ubuntu.com • The file /etc/cron.daily/ntpdate must also be executable. • sudochmod 755 /etc/cron.daily/ntpdate

  13. NTPD • ntpdate is a bit of a blunt instrument - it can only adjust the time once a day, in one big correction. The ntp daemon ntpd is far more subtle. It calculates the drift of your system clock and continuously adjusts it, so there are no large corrections that could lead to inconsistent logs for instance. The cost is a little processing power and memory, but for a modern server this is negligible. • To set up ntpd: • sudo apt-get install ntp

  14. CHANGING TIME SERVERS In both cases above, your system will use Ubuntu's NTP server at ntp.ubuntu.com by default. This is OK, but you might want to use several servers to increase accuracy and resilience, and you may want to use time servers that are geographically closer to you. to do this for ntpdate, change the contents of /etc/cron.daily/ntpdate to: ntpdate ntp.ubuntu.com pool.ntp.org for ntpd edit /etc/ntp.conf to include additional server lines: server ntp.ubuntu.com server pool.ntp.org

  15. SQUID (PROXY SERVER)

  16. What is Proxy ? • A proxy server, also known as a "proxy" or "application-level gateway", is a computer that acts as a gateway between a local network (e.g., all the computers at one company or in one building) and a larger-scale network such as the Internet. Proxy servers provide increased performance and security. In some cases, they monitor employees' use of outside resources. • A proxy server works by intercepting connections between sender and receiver. All incoming data enters through one port and is forwarded to the rest of the network via another port. By blocking direct access between two networks, proxy servers make it much more difficult for hackers to get internal addresses and details of a private network. LAN INTERNET

  17. Main purpose of using proxies • Improve Performance • Act as Cache server • Cache web pages & provide them back without requesting the page again fromwebsite server. • Bandwidth control • Reduces the Bandwidth requirements for an large Organization. • Filter Requests • Prevent access to some web sites!!! • Prevent access to some protocols • Prevent access of network on Time Basis. • Surfing Anonymously • Browsing the WWW without any identification!!!

  18. Improving Performance • Caching • Reduces latency (Sites takes less time to open) • Reduces Network Traffic • (Reduces Data uses) Caching can greatly speed up Internet access. If one or more Internet sites are frequently requested, they are kept in the proxy's cache, so that when a user requests them, they are delivered directly from the proxy's cache instead of from the original Internet site. Caches diminish the need for network bandwidth, typically by 35% or more, by reducing the traffic from browsers to content servers. • Bandwidth control • Policy-based Bandwidth • Limits • Deny by content type INTERNET 512 Kbps 1 Mbps 128 Kbps 64Kbps

  19. Filtering Requests • Prevent access to some web sites!!! • Educational • Advertisements & Pop-Ups • Chat • Games • Hacking • Peer-to-Peer • Categories web sites • Check by content type • .Exe / .Com • .Mid / .MP3 / .Wav • .Avi/ .Mpeg / .Rm

  20. How A Proxy Works?

  21. Source IP 172.16.0.2 LAN www.yahoo.com Dest IP 209.191.93.52 IP : 172.16.0.2 Gw : 172.16.0.1 IP : 172.16.0.1 Proxy Server INTERNET IP : 217.219.66.2 Gw : 217.219.66.1

  22. IP : 172.16.0.2 Gw : 172.16.0.1 LAN Source IP 172.16.0.2 Change Source IP Address www.yahoo.com Dest IP 209.191.93.52 Source IP 217.219.66.2 www.yahoo.com Dest IP 209.191.93.52 IP : 172.16.0.1 Proxy Server INTERNET IP : 217.219.66.2 Gw : 217.219.66.1

  23. IP : 172.16.0.2 Gw : 172.16.0.1 LAN IP : 172.16.0.1 Proxy Server INTERNET Source IP 209.191.93.52 IP : 217.219.66.2 Gw : 217.219.66.1 Dest IP 217.219.66.2 Change Source IP Address & Destination IP Address

  24. IP : 172.16.0.2 Gw : 172.16.0.1 LAN Source IP 209.191.93.52 Dest IP 172.16.0.2 Source IP 209.191.93.52 Change Dest. IP Address Dest IP 217.219.66.2 IP : 172.16.0.1 Proxy Server INTERNET IP : 217.219.66.2 Gw : 217.219.66.1

  25. LAN IP : 172.16.0.2 Gw : 172.16.0.1 Source IP 209.191.93.52 Dest IP 172.16.0.2 IP : 172.16.0.1 Proxy Server INTERNET IP : 217.219.66.2 Gw : 217.219.66.1

  26. Coming Back To Squid…

  27. Squid is a free, open source, proxy caching server for Web clients. • It operates as an intermediary between the Web browsers (clients) and the servers they access. • Technically, A proxy server can simply manage traffic between a Web server and the clients that want to communicate with it, without doing caching at all. Squid combines both capabilities as a server. • Squid is supported and distributed under a GNU Public by the National Laboratory for Applied Network (NLANR) at the University of California, San Diego.

  28. Squid supports following protocols: • It works on port no. 3128. • Other works that a Proxy does. • Free-ware • Apache 1.2+ proxy support • Commercial • Netscape Proxy • Microsoft Proxy Server • NetAppliance’sNetCache • CacheFlow • Cisco Cache Engine

  29. Check cache for existing copy of object(lookup based on MD5 hash of URL), If it exists in cache. • Check object’s expire time; if expired, fall back to origin server. • If object still considered fresh, return cached object to requester. • If object is not in cache, expired, or otherwise invalidated • Fetch object from origin server • If 500 error from origin server, and expired object available, returns expired object Test object for cacheability; if cacheable, store local copy

  30. Source IP 172.16.0.2 LAN www.yahoo.com Dest IP 209.191.93.52 IP : 172.16.0.2 Gw : 172.16.0.1 Cached Pages: IP : 172.16.0.1 Proxy Server INTERNET IP : 217.219.66.2 Gw : 217.219.66.1

  31. IP : 172.16.0.2 Gw : 172.16.0.1 LAN Source IP 172.16.0.2 Change Source IP Address www.yahoo.com Dest IP 209.191.93.52 Source IP 217.219.66.2 Cached Pages: www.yahoo.com Dest IP 209.191.93.52 IP : 172.16.0.1 Proxy Server INTERNET IP : 217.219.66.2 Gw : 217.219.66.1

  32. IP : 172.16.0.2 Gw : 172.16.0.1 LAN Cached Pages: IP : 172.16.0.1 Proxy Server INTERNET Source IP 209.191.93.52 IP : 217.219.66.2 Gw : 217.219.66.1 Dest IP 217.219.66.2 Change Source IP Address & Destination IP Address

  33. IP : 172.16.0.2 Gw : 172.16.0.1 LAN Cached Pages: www.yahoo.com Source IP 209.191.93.52 Dest IP 172.16.0.2 Source IP 209.191.93.52 Change Dest. IP Address Dest IP 217.219.66.2 IP : 172.16.0.1 Proxy Server INTERNET IP : 217.219.66.2 Gw : 217.219.66.1

  34. LAN IP : 172.16.0.2 Gw : 172.16.0.1 Source IP 209.191.93.52 Dest IP 172.16.0.2 Cached Pages: www.yahoo.com IP : 172.16.0.1 Proxy Server INTERNET IP : 217.219.66.2 Gw : 217.219.66.1

  35. Source IP 172.16.0.3 LAN www.yahoo.com Dest IP 209.191.93.52 IP : 172.16.0.3 Gw : 172.16.0.1 Cached Pages: www.yahoo.com IP : 172.16.0.1 Proxy Server INTERNET IP : 217.219.66.2 Gw : 217.219.66.1

  36. IP : 172.16.0.3 Gw : 172.16.0.1 LAN Source IP 172.16.0.3 Cached Pages: www.yahoo.com Check for cached page www.yahoo.com Dest IP 209.191.93.52 Page Found IP : 172.16.0.1 Proxy Server INTERNET IP : 217.219.66.2 Gw : 217.219.66.1

  37. IP : 172.16.0.2 Gw : 172.16.0.1 LAN Source IP 209.191.93.52 Dest IP 172.16.0.3 Cached Pages: www.yahoo.com Retrieve page from cache IP : 172.16.0.1 Proxy Server INTERNET No Need to contact Yahoo server IP : 217.219.66.2 Gw : 217.219.66.1

  38. LAN IP : 172.16.0.3 Gw : 172.16.0.1 Dest IP 172.16.0.3 IP : 172.16.0.1 Proxy Server INTERNET IP : 217.219.66.2 Gw : 217.219.66.1

  39. Cacheable objects • HTTP • Must have a Last-Modified: tag • If origin server required HTTP authentication for request, must have Cache-Control: public tag • Ideally also has an Expires or Cache-Control: max-age tag • FTP • Squid sets Expires time to fetch timestamp + 2 days

  40. Non-cacheable objects • HTTPS • HTTP • No Last-Modified: tag • Authenticated objects • URLs with cgi-bin or ? in them • POST method (form submission)

  41. Open SSH

  42. What Is SSH? • One essential tool to master as a system administrator is SSH. • SSH, or Secure Shell, is a protocol used to securely log onto remote systems. • It is the most common way to access remote Linux and Unix-like servers, such as VPS instances. • In this guide, we will discuss how to use SSH to connect to a remote system. • Basic Syntax • The tool on Linux for connecting to a remote system using SSH is called, unsurprisingly, ssh. • The most basic form of the command is: • sshremote_host

  43. The remote_host in this example is the IP address or domain name that you are trying to connect to. • This command assumes that your username on the remote system is the same as your username on your local system. • If your username is different on the remote system, you can specify it by using this syntax: • sshremote_username@remote_host

  44. Once you have connected to the server, you will probably be asked to verify your identity by providing a password. • We can even generate keys to use instead of passwords. • To exit back into your local session, simply type: exit

  45. How Does SSH Work? • SSH works by connecting a client program to an ssh server. • In the above commands, ssh is the client program. The ssh server is already running on the remote_host that we specified. • In your VPS, the sshd server should already be running. If this is not the case, click on the Console Access button from your droplet page, You will be presented with a login screen. Log in with your credentials.

  46. The process needed to start an ssh server depends on the distribution of Linux that you are using. • On Ubuntu, you can start the ssh server on the VPS by typing: • sudo service sshdstart • That should start the sshd server and you can then log in remotely.

  47. How To Configure SSH • When you change the configuration of SSH, you are changing the settings of the sshd server. • In Ubuntu, the main sshd configuration file is located at /etc/ssh/sshd_config. • Back up the current version of this file before editing: • sudocp /etc/ssh/sshd_config.bak • Open it with a text editor: • sudogedit/etc/ssh/sshd_config

More Related