Linux is at its best when it is connected to a network. Configuring a LAN enables you to share resources with other computers in your home or organization. These resources can include files, printers, CD-ROM
This chapter describes how to create a LAN with a Fedora system being used on one of the computers on that LAN. It helps you determine the kind of equipment you need to obtain, and the layout (topology) of the network.
If something isn’t working with your network interface to the LAN, you can use utilities such as ifconfig to check that your Ethernet interface is configured and running properly. You can also check that Linux found and installed the proper driver for your Ethernet card. After an Ethernet interface is working, you can use the Ethereal window to monitor the packets coming and going across the interface between your computer and the network.
If a wired network in not possible or
Connections to the Internet described in this chapter include a simple dial-up connection from your own Fedora system. The most popular protocol for making dial-up connections to the Internet is Point-to-Point Protocol (PPP). It also builds on the procedures in Chapter 15 for creating your own Local Area Network (LAN) by teaching you how to connect your LAN to the Internet.
This chapter first provides an overview of the structure of the Internet, including descriptions of domains, routing, and proxy service. It then discusses how to connect your Fedora system to the Internet using PPP dial-up connections. For those who want to connect a LAN to the Internet, it describes how to use Fedora as a router and set it up to do IP masquerading (to protect your private LAN addresses). Finally, it describes how to configure Fedora as a proxy server, including how to configure client applications such as Mozilla and Microsoft Internet Explorer.
In order to
An Internet Service Provider (ISP) will give you the information you need to set up a connection to the Internet. You plug that information into the programs used to create that connection, such as scripts to create a Point-to-Point Protocol (PPP) connection over telephone lines. See the “Using Dial-up Connections to the Internet” section later in this chapter for descriptions of the information needed from your ISP and the procedures for configuring PPP to connect to the Internet.
The following list describes the basic Internet structure in more detail:
— These are the numbers that uniquely define each computer known to the Internet. Internet authorities assign pools of IP addresses (along with network masks, or
See Chapter 15 for a description of IP addresses.
— Port numbers provide access points to particular services. A server computer will listen on the network for packets that are addressed to its IP address, along with one or more port numbers. For example, a Web server listens to port 80 to respond to
Domain names — On the Internet, computer names are organized in a hierarchy of domain names and host names. If you want to have and maintain your own Internet domain, you need to be assigned one that fits into one of the top-level domains (domains such as .com, .org, .net, .edu, .us, and so on).
— If a domain name is assigned to your organization, you are free to create your own host names within that domain. This is a way of associating a name (host
Within an organization, you should choose a host-naming scheme that makes sense to you. For example, for handsonhistory.com , you could have host names dedicated to different crafts ( baskets , decoys , weaving , and so on). Some organizations use the names from Norse mythology such as thor, odin, and loki, or beer brands such as summit, jamespage, guinness, and so on.
For a list of naming schemes, see ttp:// c2.com/cgi/wiki?NamesGivenToComputers .
— If you have a LAN or other type of network in your home or organization that you want to connect to the Internet, you can share an Internet connection. You do this by setting up a router. The router connects to both your network and the Internet, providing a route for data to pass between your network and the Internet. This is
Firewalls and IP masquerading — To keep your private network somewhat secure, yet still allow some data to pass between it and the Internet, you can set up a firewall. The firewall restricts the kind of data packets or services that can pass through the boundary between the private and public networks. If your network uses private addresses, or if you just want to protect the addresses of computers behind your firewall, you can use techniques such as Network Address Translation (NAT) or IP masquerading.
Although you can set up a firewall to filter packets on any computer on your private network, firewalls are typically configured most stringently on the machine that routes packets between the public and private networks. In this way, intruders can be
— You can bypass some of the configuration required to allow the computers on your LAN to communicate directly with the Internet by configuring a proxy server. A proxy server can store (referred to as
) Internet objects (such as data from Web and FTP servers) so that
You can read about firewalls in Chapter 14. IP masquerading and proxy servers are described in the “Enable forwarding and masquerading” and “Setting up Fedora as a Proxy Server” sections later in this chapter.
You can’t read a magazine, watch a TV commercial, or
Internet domains are organized in a structure called the
domain name system
(DNS). At the top of that structure is a set of
(or TLDs). Some of the top-level domains are used commonly in the United States, although they are available for worldwide use. TLDs such as
(for colleges and universities),
(for United States government), and
(for United States military sites) were among the most used TLDs in the early Internet. In more recent
domain was added to include U.S. institutions, such as local
To facilitate the entry of other
Several RFCs (Request for Comments) define the domain name system. RFC 1034 covers domain name concepts and facilities. RFC 1035 is a technical description of how DNS works. RFC 1480 describes the us domain. For a more general description of DNS, there is RFC 1591. You can view RFCs at the RFC Database ( www.rfc-editor.org/rfc.html ).
Of the generic TLDs in use today, several are used throughout the world, while two are available only in the United States. Here are descriptions of common TLDs:
com — Businesses, corporations, and other commercial organizations fall into this TLD. As the Internet has grown into an important tool for commerce, domains in this TLD have grown at a dramatic rate.
edu — Colleges and universities fall under this TLD. Although it was originally intended for all educational institutions, two-year colleges, high schools, and elementary schools are now organized by location under country codes (such as US in the United States).
gov — This TLD is used primarily for U.S. federal government locations. Although most local government sites are expected to fall under the us domain, some states (including Washington state) are making the .gov TLD available to local cities and counties.
— This domain includes international databases and organizations created by international
mil — U.S. military organizations fall under this domain.
net — Computer network providers fall under this domain.
— A variety of organizations that are
As noted earlier, other TLDs have been added recently to relieve some of the drain on .com names. In particular, those doing business on the Internet can get a .biz name. If you want to create a gathering point for information on a subject, you might choose a domain name from the info TLD.
As noted earlier, domain names are hierarchical, which means there can be subdomains
In this example, the top-level domain is
. The second-level domain name assigned to the organization that controls the domain is
. Within that domain is a subdomain, or third-level domain, called
. The last name (
) refers to a particular computer within that third-level domain. From other
For more details on how the domain-name system is structured, and for information on how to set up your own DNS server in Fedora, see Chapter 25.
In the early days of the Internet, every known host computer name and address was collected into a file called
and distributed throughout the Internet. This quickly became cumbersome because of the
To make the domain names friendly, the names contain no network addresses, routes, or other information needed to deliver messages. Instead, each computer must rely on some method to translate domain names and host names into IP addresses. The DNS server is the primary means of resolving the names to addresses. If you request a service from a computer using a fully qualified domain name (including all domains and subdomains), the request will go to a DNS server to resolve that name into an IP address. It will gather that information either directly from the DNS server that owns that information or, which is more likely, from another DNS server along the way that has gathered that information.
If you have a private LAN or other network, you can keep your own list of host names and IP addresses. For the computers you work with all the time, it’s easier to type baskets than baskets.crafts.handsonhistory.com . There are a couple of ways (besides DNS) that your computer can resolve the IP address for computers for which you give only the host name:
Check the /etc/hosts file. In your computer’s /etc/hosts file, you can place the names and IP addresses for the computers on your local network. In this way, your computer doesn’t need to query the DNS server to get the address (which may not be there anyway if you are on a private network and don’t have your own DNS server).
Check specified domains. You can specify that if the host name requested doesn’t include a fully qualified domain name and the host name is not in your /etc/hosts file, then your computer should check certain specified domain names.
On your Fedora system, when you make a request to resolve a host name into an IP address, the contents of the /etc/resolv.conf file will most likely determine where your computer searches for that information. That file can specify your local domain, an alternative list of domains, and the location of one or more DNS servers. Here is an example of an /etc/resolv.conf file:
domain crafts.handsonhistory.com search crafts.handsonhistory.com handsonhistory.com nameserver 10.0.0.10 nameserver 10.0.0.12
In this example, the local domain is
. If you try to contact a host by giving only its host name (with no domain name), your computer can check in both
domains to find the host. If you give the fully qualified domain name, it can contact the name servers (first
) to resolve the address. (You can specify up to six name servers that your computer will query in order until the address is resolved. The total search line is limited to 256
If your system uses DHCP, where another server on your network
; generated by /sbin/dhclient-script search ce1.client2.big_isp.com nameserver 10.0.0.10 nameserver 10.0.0.12
In this example, the /etc/resolv.conf file was created by the DHCP client code, based on information from the DHCP server. Note that big_isp.com is an alias for a large communications company.
Knowing the IP address of the computer you want to reach is one thing; being able to reach that IP address is another. Even if you connect your computers on a LAN, to have full connectivity to the Internet there must be at least one node (that is, a computer or dedicated device) through which you can route messages that are destined for locations outside your LAN. That is the job of a router .
A router is a device that has interfaces to at least two networks and is able to route network traffic between the two networks. In my example of a small business that has a LAN that it wants to connect to the Internet, the router would have a connection and IP address on the LAN, as well as a connection and IP address to a network that provides access to the Internet.
A computer running Linux can act as a router between any two TCP/IP interfaces, for example, if the computer has two LAN cards or if it has a network interface card and a modem (for a dial-up connection to the Internet). Alternatively, you can purchase a dedicated router, such as Cisco ADSL routers, that can exclusively perform routing between your LAN and the Internet or network service provider.
Unlike regular dial-up modems, xDSL routers or bridges have several different standards that are not all compatible. Before purchasing an xDSL modem, check with your ISP. If your ISP supports xDSL, it can tell you the exact models of xDSL modems you can use to get xDSL service.
Instead of having direct access to the Internet (as you do with routing), you can have indirect access via the computers on your LAN by setting up a
. With a proxy server, you don’t have to configure and secure every computer on the LAN for Internet access. When, for example, a client computer