IP Address: the per-network unique identifier used to find you on a network



Similar documents
IPv6.marceln.org.

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

TCP/IP Network Essentials. Linux System Administration and IP Services

THE HONG KONG POLYTECHNIC UNIVERSITY Department of Electronic and Information Engineering

Smoothwall Web Filter Deployment Guide

Lab Objectives & Turn In

Load Balancing Smoothwall Secure Web Gateway

Load Balancing Bloxx Web Filter. Deployment Guide

Load Balancing Trend Micro InterScan Web Gateway

ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration

Load Balancing Sophos Web Gateway. Deployment Guide

Corso di Configurazione e Gestione di Reti Locali

Linux Networking Basics

Getting started with IPv6 on Linux

Load Balancing Web Proxies Load Balancing Web Filters Load Balancing Web Gateways. Deployment Guide

Firewalls with IPTables. Jason Healy, Director of Networks and Systems

Networking Basics for Automation Engineers

Quick Note 53. Ethernet to W-WAN failover with logical Ethernet interface.

Load Balancing McAfee Web Gateway. Deployment Guide

pp=pod number, xxx=static IP address assigned to your pod

Basic IPv6 WAN and LAN Configuration

Load Balancing Clearswift Secure Web Gateway

Firewall Testing. Cameron Kerr Telecommunications Programme University of Otago. May 16, 2005

Load Balancing Barracuda Web Filter. Deployment Guide

Netfilter. GNU/Linux Kernel version 2.4+ Setting up firewall to allow NIS and NFS traffic. January 2008

DSL-G604T Install Guides

Linux Routers and Community Networks

Home Networking In Linux

Computer Networks. Introduc)on to Naming, Addressing, and Rou)ng. Week 09. College of Information Science and Engineering Ritsumeikan University

iproute2 and Advanced Linux Routing

Assignment 3 Firewalls

Install and configure a Debian based UniFi controller

Linux: 20 Iptables Examples For New SysAdmins

McAfee Web Filter Deployment Guide

+ iptables. packet filtering && firewall

Linux Firewall Wizardry. By Nemus

Multi-Homing Security Gateway

OSBRiDGE 5XLi. Configuration Manual. Firmware 3.10R

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

1 PC to WX64 direction connection with crossover cable or hub/switch

Linux Firewalls (Ubuntu IPTables) II

ICS 351: Today's plan

Using VDOMs to host two FortiOS instances on a single FortiGate unit

Firewall implementation and testing

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Dynamic Host Configuration Protocol (DHCP) 02 NAT and DHCP Tópicos Avançados de Redes

Main functions of Linux Netfilter

LAN TCP/IP and DHCP Setup

Chapter 4 Customizing Your Network Settings

Workshop on Scientific Applications for the Internet of Things (IoT) March

Bridgewalling - Using Netfilter in Bridge Mode

Savvius Insight Initial Configuration

Multi-Homing Dual WAN Firewall Router

10.4. Multiple Connections to the Internet

Packet filtering with Linux

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Linux Firewall. Linux workshop #2.

Rapid Access Cloud: Se1ng up a Proxy Host

IPv6 Network Security.

Chapter 4 Customizing Your Network Settings

Transport and Network Layer

Firewall. IPTables and its use in a realistic scenario. José Bateira ei10133 Pedro Cunha ei05064 Pedro Grilo ei09137 FEUP MIEIC SSIN

Technical Support Information Belkin internal use only

ipchains and iptables for Firewalling and Routing

Enabling NAT and Routing in DGW v2.0 June 6, 2012

Chapter 11 Network Address Translation

Linux as an IPv6 dual stack Firewall

Firewalls. Chien-Chung Shen

Building a Home Gateway/Firewall with Linux (aka Firewalling and NAT with iptables )

Network Security. Routing and Firewalls. Radboud University Nijmegen, The Netherlands. Autumn 2014

Internet Protocol (IP) IP - Network Layer. IP Routing. Advantages of Connectionless. CSCE 515: Computer Network Programming IP routing

Host Configuration (Linux)

For extra services running behind your router. What to do after IP change

Interconnecting Cisco Network Devices 1 Course, Class Outline

IP Subnetting and Addressing

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Configuring Network Address Translation (NAT)

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

Red Hat Linux Networking

Case Study 2 SPR500 Fall 2009

Firewall Tutorial. KAIST Dept. of EECS NC Lab.

Architecture. Dual homed box Internet /8

Chapter 7. Firewalls

GregSowell.com. Mikrotik Security

Netfilter / IPtables

Project 4: IP over DNS Due: 11:59 PM, Dec 14, 2015

Network Address Translation Commands

Focus on Security. Keeping the bad guys out

How to Create, Setup, and Configure an Ubuntu Router with a Transparent Proxy.

Introduction to Network Security Lab 1 - Wireshark

Guardian Digital WebTool Firewall HOWTO. by Pete O Hara

Document No. FO1101 Issue Date: Work Group: FibreOP Technical Team October 31, 2013 FINAL:

Lab Configuring Access Policies and DMZ Settings

50.XXX is based on your station number

How to connect your new virtual machine to the Internet

Computer Networks. Lecture 3: IP Protocol. Marcin Bieńkowski. Institute of Computer Science University of Wrocław

Advanced Topics: IP Subnetting A WHITE PAPER PREPARED FOR ASPE TECHNOLOGY. toll-free:

PasserellesNumeriquesCambodia (PNC)

Transcription:

Linux Networking

What is a network? A collection of devices connected together Can use IPv4, IPv6, other schemes Different devices on a network can talk to each other May be walls to separate different networks

Terminology Overview IP Address: the per-network unique identifier used to find you on a network MAC Address: a globally unique identifier given to every network interface IPv4: 4 bytes, typically shown as decimal numbers, e.g. 123.234.321.003 Groups of IPv4 addresses are shown using /X notation, where X is fixed bits 192.168.0.0/16 means 192.168 is fixed, but the 0 s can be any number 0-255 IPv6: 16 bytes, shown as hex numbers, e.g. 3614:DEAD:BEEF:4A7C:3614:::4A7C 12 bytes, shown as hex numbers, e.g. dc:0e:a1:f3:fb:99 Not supposed to be changeable (but can be changed) Subnet: an isolated network separated from the global internet MTU: the maximum packet size sent from your interface Gateway: a device that routes traffic between two or more networks NAT: network address translation, used to allow devices to share IPs DHCP: a protocol for requesting ip addresses from a gateway Subnet Mask: a bitmask for finding the part of an ip is in subnet e.g. 255.255.255.0: IP 192.168.1.123 masked by 255.255.255.0 equals 0.0.0.123

The Internet and Networks Internet was originally intended to have all devices publicly addressable via IPv4, without need to wall off certain sections Privacy, security, and IPv4 exhaustion concerns led to the creation of isolated networks Individuals on isolated networks needed methods to contact the outside world via a single public IP address Private networks can use 192.168.0.0/16, 10.0.0.0/8, and 172.16.0.0/12 These ip addresses can NEVER be used for a public facing IP All other ip addresses can be actual websites/destinations, so they CANNOT be used for personal networks

NAT and Subnetting Your home/work network will use a gateway to contact the outside world Your private network will have its own subnet, typically 192.168.1.0/24 This means that your computer can directly contact anything in that subnet, but must go through the gateway to contact anything else The router performs Network Address Translation (NAT) to keep track of what packets go to which computer on the subnet

Networking and Linux Most non-server distros include a connection manager, such as Manual configuration is always available, typically using ifconfig (most common, legacy) ip (newer) DHCP can be performed using: Network-manager (gui, Most common) Netctl (cli, Arch Linux) wicd (cli) dhclient (most common) dhcpcd Make sure to stop/disable the connection manager when trying to do manual configuration (service network-manager stop or similar)

DHCP Network Connection The easiest way to connect to a network is with DHCP Most computers can be set up using: dhclient <device> dhcpcd <device> This will get the machine and ip, setup the subnet mask, and find DNS servers

IFCONFIG/IP Common Commands Show connection status: ifconfig <device> or ip addr show <device> Turn on/off ifconfig <device> <up/down> or ip link set <device> <up/down> Set IP Address: Device is the name of the interface (eth0, eth1, wlan0, etc) Can be left blank to show all ifconfig <device> <ip> netmask <netmask> ip addr add <ip>/<mask> dev <device> A netmask of 255.255.255.0 is the same as /24, 255.0.0.0 is /8 Set Gateway: route add default gw <gateway ip> ip route add default via <gateway ip> dev <device>

DNS Setup DNS is used to find the ip address of a web service based on its text name DNS Servers must be added in order to be able to use text website names instead of IPs Linux looks for DNS servers in /etc/resolv.conf For simple setup, simply write, one per line: nameserver <ip> To add a search path, write: search <domain> e.g. purdue.edu -> 128.210.7.200 A search path of purdue.edu would make typing mypurdue into your browser automatically check mypurdue.purdue.edu resolv.conf is automatically rewritten anytime you run a DHCP client or when your connection manager runs a DHCP client. Purdue s DNS servers are: 128.210.11.5, 128.210.11.57 Engineering Computer Network s DNS is: 128.46.154.76

Static IP Setup If you need a simple static ip setup, files can be edited to save the setting between reboots Debian Based: /etc/network/interfaces Fedora Based: /etc/sysconfig/network and /etc/sysconfig/network-scripts/ifcfg<device> Archlinux: use netctl or write a startup script that calls ip Quick setup details available at http://goo.gl/8jekse

Firewalls Firewalls allow certain computers to access network services on your device while prohibiting others The linux kernel contains iptables, which is used for all firewalls Several software packages exist to generate and manage iptables Simple setups can be done using scripts that run on startup

iptables simple firewall iptables follows the following syntax (many variations exist): A Simple firewall that allows only SSH could be: iptools -A <chain> -p <protocol> <filters> -j <destination chain> Default chains are INPUT, OUTPUT, FORWARD, and ACCEPT. Custom chains can be made. protocols can be tcp, udp, or icmp filters can be things like --dport 22 (destination port 22) iptables -P FORWARD DROP; iptables -P OUTPUT ACCEPT; iptables -P INPUT DROP iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT A more robust simple stateful firewall example is at https://wiki.archlinux. org/index.php/simple_stateful_firewall

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information