The next category of commands we ll examine is designed to help you configure and control networking on your Linux computer. Some commands provide fundamental information to your network card(s). Others set up where your network looks for domains, network settings, and similar information.
Commands for troubleshooting your network and for protecting your system with an iptables firewall also fall into this category. For more information on the commands in this section, see Chapters 21 and 22 .
The two key commands for setting up a network card are ifconfig and arp . Related commands let you activate and deactivate the network card of your choice. These commands are listed in Table A.19.
Command | Description |
---|---|
arp | Controls a database of hardware and IP addresses. |
ifconfig | Returns active network adapters. You can specify TCP/IP information such as IP address, network mask, hardware address, etc.; you can also specify special IRQ or I/O ports for a card. |
ifdown device | A command that deactivates a network device. |
ifdown-* | A command that starts a script in /etc/sysconfig/network-scripts for deactivating a specific device. |
ifup device | Activates a network device. |
ifup-* | Starts a script in /etc/sysconfig/network-scripts for activating a specific device. |
Commands are available that help you identify your Linux computer on different kinds of networks. When you run a command such as hostname by itself, the shell returns the current domain name. Alternatively, you can assign a new name with the command, such as hostname newname . Table A.20 describes the network domain management commands.
Command | Description |
---|---|
domainname | Lists or assigns an NIS domain name to the current computer; permanent changes should be in /etc/sysconfig/network in NISDOMAIN= domainname format. |
hostname | Lists or assigns a hostname to the current computer; permanent changes should be in /etc/sysconfig/network in HOSTNAME= hostname format. |
nisdomainname | See domainname . |
ypdomainname | See domainname . |
Linux provides three basic network troubleshooting commands: netstat , ping , and traceroute . See Chapter 22 for examples of these commands in action.
The netstat command shows information about your current network connections. Some netstat options are shown in Table A.21.
Command | Result |
---|---|
netstat | Lists all open TCP/IP network connections on different ports. |
netstat -a | Lists activity on all available network ports. |
netstat -c | Like netstat -a , but the command is rerun every second, and the results are continuously sent to the screen. |
netstat -e | Provides extra information on each connection. |
netstat -l | Limits the list to services such as Telnet and Apache ( httpd ) that are listening for requests . |
netstat -n | Specifies that IP addresses are OK; a good alternative if there s a problem finding the hostname, such as a problem with a reverse DNS zone. |
netstat -p | Includes the name and PID of the process for each open port. |
The ping command sends a packet of data to test connectivity to a specified host computer. Chapter 21 describes the standard ping troubleshooting commands. Other options for this command are shown in Table A.22.
Command | Result |
---|---|
ping hostname | Tests connectivity between your computer and hostname . |
ping -c n hostname | Limits the connectivity test to n packets; you don t need to press Ctrl+C to stop the process. |
ping -i n hostname | Waits n seconds between pings ; the default is one second. |
ping - n hostname | Uses IP addresses in the output; useful if you re having trouble finding a DNS server. |
ping -s data | Sends a packet of data bytes in a ping; the source of some "ping of death" commands. |
Note | This book does not endorse the use of ping of death commands, unless you re using them to test your own system s resistance to attack. Chapter 22 describes an iptables command that can stop the "ping of death." |
The traceroute command helps you isolate problems on a large network. As it travels from router to router, it listens for ICMP "time exceeded" messages, and returns them to your computer. In that way, it lets you track the path of a message. If you re tracking a message on the Internet, the default 30 hops may not be sufficient; the following command allows you to trace that message for 40 hops:
# traceroute -m 40 www.example.com
Alternatively, if the Internet is responding slowly, you can give it additional time to send the ICMP messages back to your computer; for example, the following waits up to 10 seconds:
# traceroute -w 10 www.example.com
The iptables command is complex; Chapter 22 provides a basic explanation. For your reference, iptables commands are built to a very specific format:
# iptables -t table option pattern -j target
Table A.23 describes each of these items.
Item | Description |
---|---|
-t table | This item specifies the type of table. The options are filter and nat; filter is the default. |
option | You can add a rule to ( -A ), delete from ( -D ), or insert into an iptables chain; the three standard chains are INPUT , OUTPUT , and FORWARD . You can create your own chain; for example, Red Hat s lokkit creates the RH-Lokkit-0-50-INPUT chain. |
pattern | You can set iptables to look for a pattern in each packet; the pattern can match IP address, TCP/IP port number, or type of protocol. |
-j target | If there is a pattern match, this tells iptables what to do; target options are to ACCEPT , DROP , REJECT , or LOG . |