Linux and the Internet, Servers, Ports, Firewalls



Similar documents
Network Configuration Settings

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

How Your Computer Accesses the Internet through your Wi-Fi for Boats Router

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

NAT (Network Address Translation)

Network Address Translation (NAT)

Chapter 11 Cloud Application Development

Firewall Piercing. Alon Altman Haifa Linux Club

Linksys E2500 Wireless-N Router Configuration Guide

VIA CONNECT PRO Deployment Guide

Networking Basics for Automation Engineers

Network: several computers who can communicate. bus. Main example: Ethernet (1980 today: coaxial cable, twisted pair, 10Mb 1000Gb).

Setting up and creating a Local Area Network (LAN) within Windows XP by Buzzons

ASA/PIX: Load balancing between two ISP - options

To install the SMTP service:

CheckPoint Software Technologies LTD. How to Configure Firewall-1 With Connect Control

Web Browsing Examples. How Web Browsing and HTTP Works

Designing, Deploying and Managing a Network Solution for Small- and Medium-sized Businesses Course No. MS Days

The memoq server in a Corporate Network

Implementing Network Address Translation and Port Redirection in epipe

AXIGEN Mail Server. Quick Installation and Configuration Guide. Product version: 6.1 Document version: 1.0

Web24 Web Hosting Guide

The memoq server in a Corporate Network

How to change your Internet Service Provider

How to Guide: StorageCraft Cloud Services VPN

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

Virtual Server and DDNS. Virtual Server and DDNS. For BIPAC 741/743GE

RADAR NETWORK SETUP WITH WINDOWS XP/VISTA

Internet Service Guide

How to Remotely View Security Cameras Using the Internet

Basic IPv6 WAN and LAN Configuration

Chapter 1 Personal Computer Hardware hours

Machine control going www - Opportunities and risks when connecting a control system to the Internet

Web Development. Owen Sacco. ICS2205/ICS2230 Web Intelligence

Inbound Load Balance. User Manual

CMPT 471 Networking II

LinkProof DNS Quick Start Guide

DVR Network Security

1 Thunderbird v3 and IMAP/SMTP Configuration

The Benefits of Verio Virtual Private Servers (VPS) Verio Virtual Private Server (VPS) CONTENTS

BlackBerry Enterprise Service 10. Version: Configuration Guide

FIREWALL AND NAT Lecture 7a

ewon-vpn - User Guide Virtual Private Network by ewons

List of Common TCP/IP port numbers

LAN TCP/IP and DHCP Setup

inforouter V8.0 Server & Client Requirements

Using Remote Desktop with No-IP

Figure 41-1 IP Filter Rules

Linksys E2000 Wireless-N Router Configuration Guide

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Meraki MX50 Hardware Installation Guide

Small Business Server Part 2

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

OVERVIEW OF TYPICAL WINDOWS SERVER ROLES

VIA COLLAGE Deployment Guide

EZblue BusinessServer The All - In - One Server For Your Home And Business

Chapter 3 Security and Firewall Protection

Setup Guide for Exchange Server

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

CipherMail Gateway Quick Setup Guide

For extra services running behind your router. What to do after IP change

Mail Server Scenarios and Configurations

The Internet and Network Technologies

E-Commerce for IT Advanced. Louis Aguila & Matt Burt

6445A - Implementing and Administering Windows Small Business Server 2008

DEPLOYMENT GUIDE. This document gives a brief overview of deployment preparation, installation and configuration of a Vectra X-series platform.

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

IPv6 in Axis Video Products

Chapter 12 Supporting Network Address Translation (NAT)

ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration

Lab Configuring Access Policies and DMZ Settings

Quick Start Guide Managing Your Domain

Domain 3.0 Networking... 1

Proxy Server, Network Address Translator, Firewall. Proxy Server

Linking 2 Sites Together Using VPN How To

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Using VDOMs to host two FortiOS instances on a single FortiGate unit

This Lecture. The Internet and Sockets. The Start If everyone just sends a small packet of data, they can all use the line at the same.

Web Development. How the Web Works 3/3/2015. Clients / Server

Getting started. Creating a Web Server support application

Linux VPS with cpanel. Getting Started Guide

Using J-ISIS in a Local Network

Network Basics GRAPHISOFT. for connecting to a BIM Server (version 1.0)

Welcome to ECBuzz.com! Please go through this document carefully to make the experience of owning and using a website an enjoyable one.

Application Description

Quick Installation Guide

You can attach accounts to this domain name (eg. or which also increases your corporate branding.

Guideline for setting up a functional VPN

Installation Manual for Grid Monitoring Tool

Web Hosting: Pipeline Program Technical Self Study Guide

Volume SYSLOG JUNCTION. User s Guide. User s Guide

Configuring MassTransit Server to listen on ports less than 1024 using WaterRoof on Macintosh Workstations

Essential Curriculum Computer Networking 1. PC Systems Fundamentals 35 hours teaching time

Network Agent Quick Start

Chapter 1 Connecting Your Router to the Internet

Agency Pre Migration Tasks

Device Log Export ENGLISH

Transcription:

Linux and the Internet, Servers, Ports, Firewalls Linux User Group @ UTA Rohit Rawat

What is Linux Free and open source operating system Linux kernel was written by Linus Torvalds in 1991 Community developed [1]

Linux Adoption Most popular server OS >95% worlds fastest 500 supercomputers Leader in cloud computing Embedded devices Android phones and tablets Network routers Smart TVs [1]

Reasons Reduced operating system cost Open source Better performance and stability Security Customizable

Internet Global network of computers using the Internet Protocol (IP) Most commonly used services: World Wide Web (WWW) Email Peer-to-peer Most services use the client-server model

Client server model [2]

Internet Addressing Internet addresses can be compared to postal addresses If a computer connected to the internet is an apartment building: Domain name building's well known name IP addresses building's street address Port / protocol apartment number

Domain name & IP address Well known registered name for a website Google.com, yahoo.com DNS service maps these names to IP address Google.com 173.194.115.116 Yahoo.com 98.139.183.24 Just like yellow pages map the name of a building to a street address UTA ERB 500 UTA Blvd., Arlington, TX

Services and ports One server may be offering both WWW and email services WWW is offered through port 80 of the server Email is sent through port 25 of the server Ports are a part of TCP/IP Virtual connection end points Keep data flow separated Standard ports defined for well known services

Services and ports One server may be offering both WWW and email services WWW is offered through port 80 of the server Email is sent through port 25 of the server Mail example: ERB building Bioengineering department 2 nd floor CSE department 6 th floor

Server Runs dedicated programs to handle user requests Web server like Apache or Nginx runs and listens to requests coming on port 80 Email routing program like Sendmail listens to requests coming on port 25

Client Runs a client software WWW clients like Firefox/Chrome/Opera Email clients like Thunderbird/Outlook For every new connection the WWW client Uses any random unused port on the computer Always sends request to port 80 of the web server For every email transmission the Email client Again uses a random port at its end Always sends requests to port 25 of the email server Server replies to the port from which the request came

Multiple connections Your computer Firefox Firefox 9328 4482 Outlook 7233 Google.com Web Server 80 Mail Server 25 Yahoo.com Web Server 80 Mail Server 25

Linux system as a WWW server Linux is robust enough for 24x7 operation Free & easy to integrate software to serve complex websites Core web server to respond to requests PHP for dynamic content MySQL for databases

Basic static website Install the Apache or Nginx server Review the web server configuration file Save your web content in designated folder Give your IP address to other people to let them see your site WEB SERVER SETUP DEMO -- Continued..

May not work Firewalls Network Address Translation (NAT) On laptops using the UTA network: UTA's firewall implements wifi client isolation one wifi device cannot make direct connections to other wifi devices on the network (probably)

Firewall Blocks connections to ports on computers which are not supposed to be servers Open ports on machines running out of date software are a security risk Port 80 is blocked by many ISPs Also block port 21 (ftp), port 25 (smtp) etc. Sometimes we cannot change firewall rules (corporate?) Solution: Run our server on a different non-blocked port

Apache config file Apache config files are stored in /etc/apache2/ Look in /etc/apache2/ports.conf

NAT Most ISPs give one public IP address per internet connection We usually have several computers sharing the same internet connection at home through a router Each computer cannot have its own public IP, so the router assigns a private IP to each local device 10.0.0.0 10.255.255.255 172.16.0.0 172.31.255.255 192.168.0.0 192.168.255.255

NAT - outgoing Firefox on machine 1 uses port 2700 to send a request to google.com at port 80 192.168.1.5:2700 router google.com:80 Chrome on machine 2 uses port 5107 to send a request to google.com at port 80 192.168.1.6:5107 router google.com:80 To avoid potential conflicts, the router changes the return address on the requests to a different port, and sends from the public IP (e.g. 44.19.33.204) 192.168.1.5:2700 router 44.19.33.204:2357 google.com:80 192.168.1.6:5107 router 44.19.33.204:2433 google.com:80

Server side Google sees multiple requests from thousands of IPs at its port 80 In case of multiple requests from the same IP, it uses the source port number and cookies to distinguish between clients and gives them different content

NAT - incoming The router receives responses from google.com for both clients at respective ports google.com:80 router 44.19.33.204:2357 google.com:80 router 44.19.33.204:2433 The router looks up the port number in it's NAT table and sends the request to the appropriate machine External port Internal IP:port 2357 192.168.1.5:2700 2433 192.168.1.6:5107

Router firewalls As the router does NAT, it has full control on connections Most routers have firewalls enabled Blocks unsolicited incoming connections Outgoing connections are usually not blocked Running a web server on port 80 behind a NAT router Random clients will be sending requests to you Since you did not initiate these connections, they are not in the NAT table and the router will block them your web server won't work!

Port forwarding All routers have a port forwarding option in their config page You can redirect all traffic coming to port 80 on your router to a specific local machine If machine 1 is running a WWW server at port 80 Create a rule to redirect all requests coming on public port 44.19.33.204:80 to local IP 192.168.1.5:80 Configuration help: www.portforward.com Instructions with screencaps for all brands of routers

Debugging a live web server Trueability.com is Linux job screening company Also host Linux server debugging competitions You can try out past challenges and view solutions We will look at one of the introductory blogs at http://blog.trueability.com/category/give-it-a-shot/ DEMO GIVE-IT-A-SHOT CHALLENGE --

References [1] http://en.wikipedia.org/wiki/linux [2] http://en.wikipedia.org/wiki/client-server_model

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information