19.2. Objective 3: TCP/IP Configuration and Troubleshooting Linux distributions offer various automation and startup techniques for networks, but most of the essential commands and concepts are not distribution-dependent. The exam tests fundamental concepts and their relationships to one another as well as to system problems. This Objective covers the configuration of TCP/IP on common network interfaces such as Ethernet. 19.2.1. Network Interfaces A computer must contain at least one network interface to be considered part of a network. The network interface provides a communications link between the computer and external network hardware. This could mean typical network adapters such as Ethernet or Token Ring, PPP dial-up connections, parallel ports, wireless, or other networking forms. 19.2.1.1. Configuration files The following files contain important information about your system's network configuration:
/etc/hosts This file contains simple mappings between IP addresses and names and is used for name resolution. For very small private networks, /etc/hosts may be sufficient for basic name resolution. For example, this file associates the local address 192.168.1.30 with the system smp and also with smp.mydomain.com: 127.0.0.1 localhost localhost.localdomain 192.168.1.1 gate 192.168.1.30 smp smp.mydomain.com
/etc/nsswitch.conf This file controls the sources used by various system library lookup functions, such as name resolution. It allows the administrator to configure the use of traditional local files (/etc/hosts, /etc/passwd), an NIS server, or DNS. nsswitch.conf directly affects network configuration (among other things) by controlling how hostnames and other network parameters are resolved. For example, this fragment shows that local files are used for password, shadow password, group, and hostname resolution; for hostnames, DNS is used if a search of local files doesn't yield a result: passwd: files nisplus nis shadow: files nisplus nis group: files nisplus nis hosts: files dns nisplus nis
For more information, view the manpage with man 5 nsswitch. The nsswitch.conf file supersedes host.conf.
/etc/host.conf This file controls name resolution sources for pre-glibc2 systems. It should contain: order hosts,bind multi on
This configuration has the resolver checking /etc/hosts first for name resolution, then DNS. multi on enables multiple IP addresses for hosts. Newer Linux system libraries use /etc/nsswitch.conf instead of /etc/host.conf.
/etc/resolv.conf This file controls the client-side portions of the DNS system, which is implemented in system library functions used by all programs to resolve system names. In particular, /etc/resolv.conf specifies the IP addresses of DNS servers. For example: nameserver 192.168.1.5 nameserver 192.168.250.2
Additional parameters are also available. For more information, view the manpage with man 5 resolver.
/etc/networks Like /etc/hosts, this file sets up equivalence between addresses and names, but here the addresses represent entire networks (and thus must be valid network addresses, ending in 0). The result is that you can use a symbolic name to refer to a network just as you would a specific host. This may be convenient (though not required) in NFS or routing configuration, for example, and will be shown in commands such as netstat. For example: loopback 127.0.0.0 mylan 192.168.1.0
It's not unusual for /etc/networks to be left blank. | On the Exam | Be familiar with all the files listed in this section; each contains specific information important for network setup. Watch for questions on /etc/host.conf, which is not used in newer glibc2 libraries. |
19.2.1.2. Configuration commands The commands listed in this section are used to establish, monitor, and troubleshoot a network configuration under Linux.
Syntax host [options] name [server]
Description Look up the system with IP address or name on the DNS server.
Frequently used options
-l List the entire domain, dumping all hosts registered on the DNS server (this can be very long).
-v Set verbose mode to view output.
Example 1 $ host oreilly.com oreilly.com has address 208.201.239.37 oreilly.com has address 208.201.239.36
Example 2 $ host -v oreilly.com Trying null domain rcode = 0 (Success), ancount=1
The following answer is not authoritative: The following answer is not verified as authentic by the server: oreilly.com 17397 IN A 204.148.40.5
For authoritative answers, see: oreilly.com 168597 IN NS AUTH03.NS.UU.NET oreilly.com 168597 IN NS NS.oreilly.com
Additional information: AUTH03.NS.UU.NET 168838 IN A 198.6.1.83 NS.oreilly.com 168597 IN A 204.148.40.4 $
See also the nslookup command in the section "DNS query utilities" in Chapter 20.
Syntax hostname [localname] domainname [nisname] dnsdomainname
Description Set or display the current host, domain, or node name of the system. This is a single program with links defining additional names. When called as hostname, the system's hostname is displayed. If localname is provided, the hostname is set. domainname displays or sets the NIS domain name. dnsdomainname displays the current DNS domain name but does not set it. See man 1 hostname for full information.
Syntax ifconfig interface parameters
Description Configure network interfaces. ifconfig is used to create and configure network interfaces and their parameters, usually at boot time. Without parameters, the interface and its configuration are displayed. If interface is also omitted, a list of all active interfaces and their configurations is displayed.
Frequently used parameters
address The interface's IP address.
netmask mask The interface's subnet mask.
up Activate an interface (implied if address is specified).
down Shut down the interface.
Example 1 Display all interfaces: # ifconfig eth0 Link encap:Ethernet HWaddr 00:A0:24:D3:C7:21 inet addr:192.168.1.30 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1521805 errors:37 dropped:0 overruns:0 frame:37 TX packets:715468 errors:0 dropped:0 overruns:0 carrier:0 collisions:1955 txqueuelen:100 Interrupt:10 Base address:0xef00 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:366567 errors:0 dropped:0 overruns:0 frame:0 TX packets:366567 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0
Example 2 Shut down eth0: # ifconfig eth0 down # ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:A0:24:D3:C7:21 inet addr:192.168.1.30 Bcast:192.168.1.255 Mask:255.255.255.0 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:1521901 errors:37 dropped:0 overruns:0 frame:37 TX packets:715476 errors:0 dropped:0 overruns:0 carrier:0 collisions:1955 txqueuelen:100 Interrupt:10 Base address:0xef00
Note in the emphasized line the lack of the UP indicator, which is present in Example 1. The missing UP indicates that the interface is down.
Example 3 Configure eth0 from scratch: # ifconfig eth0 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255
Syntax netstat [options]
Description Depending on options, netstat displays network connections, routing tables, interface statistics, masquerade connections, netlink messages, and multicast memberships. Much of this is beyond the scope of the LPIC Level 1 Exams, but you must be aware of the command and its basic use.
Frequently used options
-c Continuous operation. This option yields a netstat display every second until interrupted with Ctrl-C.
-i Display a list of interfaces.
-n Numeric mode. Display addresses instead of host, port, and usernames.
-p Programs mode. Display the PID and process name.
-r Routing mode. Display the routing table in the format of the route command.
-v Verbose mode.
Example Display the interfaces table and statistics (the example output is truncated): # netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK eth0 1500 0 1518801 37 0 0 713297 lo 3924 0 365816 0 0 0 365816
Syntax ping [options] destination
Description Send an ICMP ECHO_REQUEST datagram to destination, expecting an ICMP ECHO_RESPONSE. ping is frequently used to test basic network connectivity. See "Objective 1: Fundamentals of TCP/IP" for a more complete description.
Syntax route [options] route add [options and keywords] target route del [options and keywords] target
Description In the first form, display the IP routing table. In the second and third forms, respectively, add or delete routes to target from the table. target can be a numeric IP address, a resolvable name, or the keyword default. The route program is typically used to establish static routes to specific networks or hosts (such as the default gateway) after an interface is configured. On systems acting as routers, a potentially complex routing scheme can be established initially, but this is beyond the scope of the LPIC Level 1 Exams.
Frequently used options and keywords
-h Display a usage message.
-n Numeric mode; don't resolve hostnames.
-v Verbose output.
-C Display the kernel routing cache.
-F Display the kernel routing table (the default behavior without add or delete keywords).
-host Specify that target is a single host. Mutually exclusive with -net.
-net Specify that target is a network. Mutually exclusive with -host.
gw gateway IP packets for target are routed through the gateway, which must be reachable.
netmask mask Specify the mask of the route to be added. Often, the netmask is not required because it can be determined to be class A, B, or C, depending on the target address. When used to display routes, the following routing table columns are printed:
Destination The destination network or host.
Gateway The gateway address. If no gateway is set for the route, an asterisk (*) is displayed by default.
Genmask The netmask for the destination. 255.255.255.255 is used for a host and 0.0.0.0 is used for the default route.
Route status flags ! Reject route. D Dynamically installed by daemon or redirect. G Use gateway. H Target is a host. M Modified from routing daemon or redirect. R Reinstate route for dynamic routing. U Route is up.
Metric The distance in hops to the target.
Ref Number of references to this route. This is displayed for compatibility with other route commands but is not used in the Linux kernel.
Use A count of lookups for the route. Depending on the use of -F and -C, the Use is either route cache misses (-F) or hits (-C).
Iface The interface to which packets for this route are sent.
Example 1 Display the current routing table for a workstation: # route Kernel IP routing table Destination Gateway Genmask Flags Met Ref Use Iface 192.168.1.30 * 255.255.255.255 UH 0 0 0 eth0 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 10.0.0.0 - 255.0.0.0 ! 0 - 0 - 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default gate 0.0.0.0 UG 0 0 0 eth0
In this example, the route to the local host 192.168.1.30 uses interface eth0. Note the mask 255.255.255.255 is used for host routes. The route to the local subnet 192.168.1.0 (with corresponding class C mask 255.255.255.0) is also through eth0. The route to 10.0.0.0 is rejected as indicated by the ! flag. The class A loopback network route uses device lo. The last route shows the default gateway route, which is used when no others match. This default uses eth0 to send data to router gate. The mask 0.0.0.0 is used for the default route.
Example 2 Display the current routing cache; the Metric (M) and Reference (R) columns are abbreviated here: # route -C Kernel IP routing cache Source Destination Gateway Flg M R Use Iface smp 192.168.1.255 192.168.1.255 bl 0 0 1 eth0 192.168.1.102 192.168.1.255 192.168.1.255 ibl 0 0 0 lo 192.168.1.102 smp smp il 0 0 1 lo 192.168.1.50 smp smp il 0 0 224 lo smp 192.168.1.102 192.168.1.102 0 1 0 eth0 smp ns1.mynet.com gate 0 0 2 eth0 smp 192.168.1.50 192.168.1.50 0 1 0 eth0 localhost localhost localhost l 0 0 15 lo ns1.mynet.com smp smp l 0 0 6 lo smp ns1.mynet.com gate 0 0 6 eth0
Example 3 Add the default gateway 192.168.1.1 via eth0: # route add default gw 192.168.1.1 eth0
Syntax traceroute [options] destination
Description Display the route that packets take to reach destination, showing intermediate gateways (routers). There isn't a direct method to use to make this determination, so traceroute uses a trick to obtain as much information as it can. By using the time-to-live field in the IP header, traceroute stimulates error responses from gateways. The time-to-live field specifies the maximum number of gateway hops until the packet should expire. That number is decremented at each gateway hop, with the result that all packets will die at some point and not roam the Internet. To get the first gateway in the route, traceroute sets the time-to-live parameter to 1. The first gateway in the route to destination decrements the counter, and finding a result, reports an ICMP TIME_EXCEEDED message back to the sending host. The second gateway is identified by setting the initial time-to-live value to 2 and so on. This continues until a PORT_UNREACHABLE message is returned, indicating that the host has been contacted. To account for the potential for multiple gateways at any one hop count, each probe is sent three times. The display consists of lines showing each gateway, numbered for the initial time-to-live value. If no response is seen from a particular gateway, an asterisk is printed. This happens for gateways that don't return "time exceeded" messages, or do return them but set a very low time-to-live on the response. Transit times for each probe are also printed.
Frequently used options
-f ttl Set the initial probe's time-to-live value to ttl, instead of 1.
-n Display numeric addresses instead of names.
-v Use verbose mode.
-w secs Set the timeout on returned ICMP packets to secs, instead of 5.
Example # traceroute www.lpi.org traceroute to www.lpi.org (209.167.177.93), 30 hops max, 40 byte packets 1 gate (192.168.1.1) 3.181 ms 1.200 ms 1.104 ms 2 209.125.145.1 (209.125.135.1) 16.041 ms 15.149 ms 14.747 ms 3 a1-9-1-0-1.a01.phl1.us.io.net (137.94.47.1) 84.132 ms 133.937 ms 77.865 ms 4 ge-6-0.r01.phlapa01.us.io.net (126.250.29.17) 22.450 ms 16.114 ms 16.051 ms 5 p4-6-0-0.r01.nycmny01.us.bb.verio.net (129.250.3.126) 18.043 ms 18.485 ms 18.175 ms 6 nyc1.uunet.verio.net (129.250.9.62) 19.735 ms 21.135 ms 19.212 ms 7 105.ATM3-0.XR1.NYC1.ALTER.NET (146.188.177.154) 20.237 ms 18.515 ms 18.712 ms 8 295.ATM6-0.XR1.NYC4.ALTER.NET (146.188.178.90) 26.855 ms 29.540 ms 35.908 ms 9 189.ATM8-0-0.GW5.NYC4.ALTER.NET (146.188.179.225) 36.541 ms 36.127 ms 30.849 ms 10 224.ATM1-0-0.BB1.TOR2.UUNET.CA.ALTER.NET (137.39.75.26) 58.823 ms 68.675 ms 62.522 ms 11 f0-0-0.bb2.tor2.uunet.ca (205.150.242.110) 336.310 ms 174.557 ms 394.909 ms 12 209.167.167.118 (209.167.167.118) 56.027 ms 58.555 ms 56.289 ms 13 209.167.177.90 (209.167.177.90) 59.349 ms 57.409 ms 57.993 ms 14 new.lpi.org (209.167.177.93) 57.021 ms 56.162 ms 58.809 ms
In this example, there are 13 hops to www.lpi.org, reached with a time-to-live value of 14. All three probes of all time-to-live counts are successful. | On the Exam | While the creation of complete network management scripts from scratch is beyond the scope of the LPIC Level 1 Exams, you must be familiar with these commands individually, their functions, how they are used, as well as why they are used. For example, you must be familiar with route and its use in establishing routes to the loopback device, the localhost, the gateway machine, and the creation of the default gateway route. A general understanding of the routing table display is also required. Questions may ask you to determine the cause of a network problem based on the routing configuration (such as a missing default route). |
19.2.1.3. Common manual network interface tasks Network interfaces are established in the kernel at boot time through the probing of Ethernet hardware. As a result, these interfaces always exist unless the hardware or kernel module is removed. Other types of interfaces, such as PPP, are created by user programs. These interfaces are transient and exist only when they are in use. To list interface parameters, use ifconfig with the interface name: # ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:A0:24:D3:C7:21 inet addr:192.168.1.30 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:1857128 errors:46 dropped:0 overruns:0 frame:46 TX packets:871709 errors:0 dropped:0 overruns:0 carrier:0 collisions:2557 txqueuelen:100 Interrupt:10 Base address:0xef00
If you run ifconfig without any parameters, it displays all active interfaces, including the loopback interface lo and perhaps a PPP interface if a modem is dialed into a service provider. To shut down a network interface that is currently running, simply use ifconfig with the down keyword: # ifconfig eth0 down
When the interface goes down, any routes associated with it are removed from the routing table. For a typical system with a single Ethernet interface, this means that the routes to both the interface and the default gateway will be lost. Therefore, to start a previously configured network interface, ifconfig is used with up followed by the necessary route commands. For example: # ifconfig eth0 up # route add -host 192.168.1.30 eth0 # route add default gw 192.168.1.1 eth0
To reconfigure interface parameters, follow those same procedures and include the changes. For example, to change to a different IP address, the address is specified when bringing up the interface and adding the interface route: # ifconfig eth0 down # ifconfig eth0 192.168.1.60 up # route add -host 192.168.1.60 eth0 # route add default gw 192.168.1.1 eth0
Your distribution probably supplies scripts to handle some of these chores. For example, Red Hat systems come with scripts such as ifup, which handle all the details necessary to get an interface and its routes up and running. | On the Exam | Be prepared to answer questions on the use of ifconfig and route for basic interface manipulation. Also remember that scripts that use these commands, both manually and automatically, are usually available at boot time. |
19.2.2. DHCP The Dynamic Host Configuration Protocol (DHCP) is a protocol extension of the BOOTP protocol, which provides automated IP address assignment (among other things) to client systems on a network. It handles IP address allocation in one of three ways:
Dynamic allocation In this scheme, a DHCP server maintains a preset list of IP addresses designated by the system administrator. IP addresses are assigned as clients request an address from the available addresses in the pool. The address can be used, or leased, for a limited period of time. The client must continually renegotiate the lease with the server to maintain use of the address beyond the allotted period. When the lease expires, the IP address is placed back into the pool for use by other requesting clients and a new IP address is assigned.
Manual allocation The system administrator may wish to designate specific IP addresses to specific network interfaces (for example, to an Ethernet MAC address) while still using DHCP to deliver the address to the client. This allows the convenience of automated address setup and assures the same address each time.
Automatic allocation This method assigns a permanent address to a client. Typically DHCP is used to assign a temporary address (either dynamically or statically assigned) to a client, but a DHCP server can allow an infinite lease time. DHCP can be configured to assign not only the IP address to the client but also such things as name servers, gateways, and architecture-specific parameters. Here's an overview of how it works: A DHCP client sends a broadcast message to the network to discover a DHCP server. One or more DHCP servers respond to the request via their own broadcast messages, offering an IP address to the client. The client chooses one of the servers and broadcasts an acknowledgment, requesting the chosen server's identity. The selected server logs the connection with the client and responds with an acknowledgment and possibly additional information. All of the other servers do nothing because the client declined their offer.
19.2.2.1. Subnets and relays Because DHCP communications are initiated using broadcasts, they are normally confined to a single subnet. To accommodate DHCP clients and servers separated by one or more routers, a DHCP relay system can be established on subnets without DHCP servers. A relay system listens for DHCP client broadcasts, forwards them to a DHCP server on another subnet, and returns DHCP traffic back to the client. This configuration can centralize DHCP management in a large routed environment. 19.2.2.2. Leases As already mentioned, when a client receives a dynamically assigned IP address from a DHCP server, the address is said to be leased for a finite duration. The length of a DHCP lease is configurable by the system administrator and typically lasts for one or more days. Shorter leases allow for faster turnover of addresses and are useful when the number of available addresses is small or when many transient systems (such as laptops) are being served. Longer leases reduce DHCP activity, thus reducing broadcast traffic on the network. When a lease expires without being renegotiated by the client, it as assumed that the client system is unavailable, and the address is put back into the free pool of addresses. A lease may also be terminated by a client that no longer needs the IP address, in which case it is released. When this occurs, the DHCP server immediately places the IP address back in the free pool. 19.2.2.3. dhcpd The DHCP server process is called dhcpd. It is typically started at boot time and listens for incoming DHCP request broadcasts. dhcpd can serve multiple subnets via multiple interfaces, serving a different pool of IP addresses to each. dhcpd is configured using the text configuration file /etc/dhcpd.conf, which contains one or more subnet declarations. These are text lines of the following form: subnet network-address netmask subnet-mask { parameter... parameter... ... }
Each subnet declaration encloses parameters for each subnet between curly braces. Parameters include one or more ranges of IP addresses to serve, lease times, and optional items such as gateways (routers), DNS servers, and so forth. Each parameter line is terminated with a semicolon. For example: subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.200 192.168.1.204; default-lease-time 600; option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.1; option domain-name-servers 192.168.1.25; }
In this example, the private class C network 192.168.1.0 is served five IP addresses, 200 through 204. The default DHCP lease is 600 seconds (10 minutes). Options are also set for the subnet mask, broadcast address, router (or gateway), and DNS server. For full information on dhcpd.conf, see its manpage. The preceding option lines are not required to create a minimal DHCP setup that simply serves IP addresses. Details on the daemon follow.
Syntax dhcpd [options] [interface [...]]
Description Launch the DHCP server daemon . dhcpd requires that both its configuration file /etc/dhcpd.conf and its lease log file (which by default is /var/state/dhcp/dhcpd.leases, although many distributions use /var/lib/dhcp/dhcpd.leases) exist. The daemon puts itself in the background and returns control to the calling shell.
Frequently used options
-cf config-file Use config-file instead of the default /etc/dhcpd.conf.
-lf lease-file Use lease-file instead of the default to store lease information.
-q Use quiet mode. This option suppresses the default copyright message, keeping log files a little cleaner.
interface By default, dhcpd will attempt to listen for requests on every network interface that is configured up. It can be limited to specific network interfaces by including one or more interface names on the command line. A full and detailed description of the configuration file syntax can be found in the dhcpd.conf manpage. When dhcpd runs, it sends output, including information on each transaction, to syslogd. For example, this series of four log entries in /var/log/messages shows a successful exchange between dhcpd and a requesting DHCP client: Apr 24 02:27:00 rh62 dhcpd: DHCPDISCOVER from 00:60:97:93:f6:8a via eth0 Apr 24 02:27:00 rh62 dhcpd: DHCPOFFER on 192.168.1.200 to 00:60:97:93:f6:8a via eth0 Apr 24 02:27:01 rh62 dhcpd: DHCPREQUEST for 192.168.1.200 from 00:60:97:93:f6:8a via eth0 Apr 24 02:27:01 rh62 dhcpd: DHCPACK on 192.168.1.200 to 00:60:97:93:f6:8a via eth0
|
