TCP/IP Network Administration
Table of Contents
_____________________________________________________________________________
Preface ................................................................ xvii
Audience ......................................................... xviii
Organization ..................................................... xviii
UNIX Versions ....................................................... xx
Conventions ........................................................ xxi
Acknowledgments ................................................... xxii
1: Overview of TCP/IP ................................................... 1
TCP/IP and the Internet ................................................... 2
TCP/IP Features ...................................................... 3
Protocol Standards ................................................... 4
A Data Communications Model ............................................... 5
TCP/IP Protocol Architecture .............................................. 8
Network Access Layer ..................................................... 11
Internet Layer ........................................................... 12
Internet Protocol ................................................... 12
Internet Control Message Protocol ................................... 17
Transport Layer .......................................................... 18
User Datagram Protocol .............................................. 19
Transmission Control Protocol ....................................... 20
Application Layer ........................................................ 24
2: Delivering the Data ................................................. 27
Addressing, Routing, and Multiplexing .................................... 27
The IP Address ........................................................... 29
Address Depletion ................................................... 32
Subnets ............................................................. 34
Internet Routing Architecture ............................................ 36
The Routing Table ........................................................ 38
Address Resolution ....................................................... 42
RARP ................................................................ 43
Protocols, Ports, and Sockets ............................................ 44
Protocol Numbers .................................................... 45
Port Numbers ........................................................ 46
Sockets ............................................................. 48
3: Name Service Concepts ............................................... 51
Names and Addresses ...................................................... 51
The Host Table ........................................................... 52
The NIC Host Table .................................................. 54
Domain Name Service ...................................................... 58
The Domain Hierarchy ................................................ 59
Creating Domains and Subdomains ..................................... 61
Domain Names ........................................................ 63
BIND, resolver, and named ........................................... 64
Network Information Service .............................................. 66
4: Getting Started .................................................... 67
Connected and Non-connected Networks ..................................... 68
Obtaining an IP Address .................................................. 69
The Network Address Application ..................................... 70
Assigning Host Addresses ............................................ 73
Obtaining a Domain Name .................................................. 74
Obtaining an IN-ADDR.ARPA Domain .................................... 75
Choosing a Host Name ..................................................... 76
Planning Routing ......................................................... 77
Obtaining an Autonomous System Number ............................... 80
Defining the Subnet Mask ................................................. 81
Specifying the Broadcast Address ......................................... 83
Sample Planning Sheets ................................................... 83
5: Basic Configuration ................................................. 85
Kernel Configuration ..................................................... 85
The BSD Kernel Configuration File ........................................ 86
TCP/IP in the BSD Kernel ............................................ 87
BSD TCP/IP System Parameters ........................................ 90
Adding Network Devices ................................................... 92
System V Kernel Configuration ............................................ 94
SCO's netconfig ..................................................... 97
The Internet Daemon ...................................................... 98
6: Configuring the Interface .......................................... 103
The ifconfig Command .................................................... 104
Determining the Interface with netstat ............................. 105
Checking the Interface with ifconfig ............................... 109
Assigning a Subnet Mask ............................................ 110
Setting the Broadcast Address ...................................... 112
Assigning the Network Interface Address ............................ 112
The Other Command Options .......................................... 114
TCP/IP Over a Serial Line ............................................... 116
The Serial Protocols ............................................... 117
Choosing a Serial Protocol ......................................... 120
Installing SLIP ......................................................... 121
SLIP for Sun ....................................................... 121
Configuring the SLIP Interface .......................................... 124
slattach ........................................................... 124
sliplogin .......................................................... 126
Installing PPP .......................................................... 129
Configuring the PPP Interface ...................................... 130
7: Configuring Routing ................................................ 133
Common Routing Configurations ........................................... 134
The Minimal Routing Table ............................................... 135
Building a Static Routing Table ......................................... 137
Adding Static Routes ............................................... 138
The Variety of Routing Protocols ........................................ 142
Interior Routing Protocols ......................................... 142
Exterior Protocols ................................................. 144
Choosing a Routing Protocol ........................................ 146
Routing Information Protocol ............................................ 147
Running RIP with routed ............................................ 148
Exterior Gateway Protocol ............................................... 150
Configuring the EGP User Process ................................... 150
Gateway Routing Daemon .................................................. 152
gated's Preference Value ........................................... 152
Configuring gated ....................................................... 154
Sample gated.conf Configurations ................................... 156
The gated Command .................................................. 163
8: Configuring DNS Name Service ....................................... 167
BIND: UNIX Name Service ................................................. 168
BIND Configurations ................................................ 168
Configuring the Resolver ................................................ 170
The Resolver Configuration File .................................... 171
Configuring named ....................................................... 173
The named.boot File ................................................ 173
Standard Resource Records .......................................... 177
The Cache Initialization File ...................................... 179
The named.local File ............................................... 180
The Reverse Domain File ............................................ 181
The named.hosts File ............................................... 183
Using nslookup .......................................................... 186
9: Network Applications ............................................... 191
The r Commands .......................................................... 192
Securing the r Commands ................................................. 193
The .rhosts File ................................................... 196
The /usr/hosts Directory ................................................ 197
Network Information Service ............................................. 198
The /etc/netgroup File ............................................. 201
The Network File System ................................................. 203
NFS Daemons ........................................................ 204
Exporting Filesystems ................................................... 206
The /etc/exports File .............................................. 207
Mounting Remote Filesystems ............................................. 208
The mount Command .................................................. 210
The /etc/fstab File ................................................ 211
10: sendmail ......................................................... 213
sendmail's Function ..................................................... 214
Running sendmail as a Daemon ............................................ 215
sendmail Aliases ........................................................ 216
The sendmail.cf File .................................................... 218
Locating a Sample sendmail.cf File ................................. 219
General sendmail.cf Structure ...................................... 219
sendmail Configuration .................................................. 222
The Define Macro Command ........................................... 223
The Define Class Command ........................................... 226
The Set Option Command ............................................. 228
Defining Trusted Users ............................................. 230
Defining Mail Precedence ........................................... 230
Defining Mail Headers .............................................. 231
Defining Mailers ................................................... 232
Rewriting the Mail Address .............................................. 236
Pattern Matching ................................................... 236
Transforming the Address ........................................... 238
The Set Ruleset Command ............................................ 242
Modifying a sendmail.cf File ............................................ 243
Modifying Local Information ........................................ 244
Modifying the General Macros ....................................... 244
Modifying the Classes .............................................. 245
Modifying the Version Number ....................................... 246
Modifying Options .................................................. 247
Modifying the Rewrite Rules ........................................ 248
Testing sendmail.cf ..................................................... 248
Testing Rewrite Rules .............................................. 251
11: Troubleshooting TCP/IP ............................................ 257
Approaching a Problem ................................................... 258
Troubleshooting Hints .............................................. 259
Diagnostic Tools ........................................................ 260
Testing Basic Connectivity .............................................. 262
The ping Command ................................................... 264
Troubleshooting Network Access .......................................... 266
Troubleshooting with the ifconfig Command .......................... 266
Troubleshooting with the arp Command ............................... 268
Checking the Interface with netstat ................................ 271
Network Hardware Problems .......................................... 275
Checking Routing ........................................................ 275
Checking RIP Updates ............................................... 277
Tracing routes ..................................................... 278
Checking Name Service ................................................... 282
dig, an Alternative to nslookup .................................... 288
Analyzing Protocol Problems ............................................. 290
Packet Filters ..................................................... 291
Protocol Case Study ..................................................... 295
12: Network Security .................................................. 301
Security Planning ....................................................... 302
Assessing the Threat ............................................... 302
Distributed Control ................................................ 304
Writing a Security Policy .......................................... 306
Passwords ............................................................... 307
Choosing a Password ................................................ 309
Password Software .................................................. 310
Other Precautions ....................................................... 313
Check Application Security ......................................... 313
Remove Unnecessary Secure Terminals ................................ 314
Remove Unnecessary Software ........................................ 314
Keep Software Updated .............................................. 315
Security Monitoring ..................................................... 316
Know Your System ................................................... 316
Looking for Trouble ................................................ 317
COPS ............................................................... 321
Limiting Access ......................................................... 322
Encryption ......................................................... 322
Firewalls .......................................................... 325
Routing Control .................................................... 329
Access Control .......................................................... 330
wrapper ............................................................ 331
Words to the Wise ....................................................... 334
13: Internet Information Resources ..................................... 337
Anonymous ftp ........................................................... 338
Creating an ftp Server ............................................. 339
Retrieving RFCs ......................................................... 341
Retrieving RFCs by Mail ............................................ 343
Mailing Lists ........................................................... 344
Resource Discovery Programs ............................................. 345
archie ............................................................. 346
gopher ............................................................. 348
The White Pages ......................................................... 352
X.500 .............................................................. 356
More Reading ............................................................ 357
A: Network Contacts ................................................... 359
Internet Contacts ....................................................... 360
B: Forms, Forms, Forms ................................................. 363
Whois Registration ...................................................... 365
Network Number Request .................................................. 368
Internet Domain Name Registration ....................................... 370
IN-ADDR.ARPA Registration ............................................... 373
Autonomous System Number Application .................................... 374
C: A gated Reference .................................................. 379
The gated Command ....................................................... 379
Signal Processing .................................................. 382
The gated Configuration Language ........................................ 383
Directive Statements .................................................... 384
Trace Statements ........................................................ 385
Definition Statements ................................................... 386
Protocol Statements ..................................................... 389
The rip Statement .................................................. 390
The hello Statement ................................................ 391
The redirect Statement ............................................. 392
The egp Statement .................................................. 392
The bgp Statement .................................................. 396
Static Statements ....................................................... 397
Control Statements ...................................................... 398
The accept Statement ............................................... 398
The propagate Statement ............................................ 400
Preference Precedence ................................................... 403
D: named Reference .................................................... 405
The named Command ....................................................... 405
Signal Processing .................................................. 406
named.boot Configuration Commands ....................................... 407
Zone File Records ....................................................... 409
Standard Resource Records .......................................... 410
Experimental Resource Record ....................................... 424
E: Sample sendmail.cf ................................................. 427
The sendmail Configuration File ......................................... 428
F: Selected TCP/IP Headers ............................................. 439
IP Datagram Header ...................................................... 440
TCP Segment Header ...................................................... 442
ICMP Parameter Problem Message Header ................................... 444
G: Reference for passwd+ ............................................... 445
The Configuration File .................................................. 445
The GECOS Data .......................................................... 446
Logging passwd+ Activity ................................................ 448
Password Tests .......................................................... 449
Escape Sequences ................................................... 450
Final Words ............................................................. 452
H: Software Sources ................................................... 453
Index .................................................................. 455
Figures
_____________________________________________________________________________
1: Overview of TCP/IP .................................................... 1
1.1 The OSI Reference Model ............................................... 6
1.2 Layers in the TCP/IP Protocol Architecture ............................ 9
1.3 Data Encapsulation ................................................... 10
1.4 Data Structures ...................................................... 11
1.5 IP Datagram Format ................................................... 14
1.6 Routing Through Gateways ............................................. 15
1.7 Networks, Gateways, and Hosts ........................................ 16
1.8 UDP Message Format ................................................... 19
1.9 TCP Segment Format ................................................... 20
1.10 Three-way Handshake ................................................. 21
1.11 TCP Data Stream ..................................................... 23
1.12 TCP/IP Protocols Inside a Sample Gateway ............................ 25
2: Delivering the Data .................................................. 27
2.1 Sample Network ....................................................... 28
2.2 IP Address Structure ................................................. 31
2.3 Gateway Hierarchy .................................................... 37
2.4 Routing Domains ...................................................... 38
2.5 Table Based Routing .................................................. 41
2.6 Protocol and Port Numbers ............................................ 48
2.7 Passing Port Numbers ................................................. 49
3: Name Service Concepts ................................................ 51
3.1 hosts.txt Records .................................................... 55
3.2 Domain Hierarchy ..................................................... 61
3.3 Non-recursive Query .................................................. 62
4: Getting Started ..................................................... 67
4.1 Routing and Subnets .................................................. 79
7: Configuring Routing ................................................. 133
7.1 Routing on a Subnet ................................................. 139
7.2 nuts-net Routing Configuration ...................................... 157
9: Network Applications ................................................ 191
9.1 File Export Information for mountd .................................. 206
10: sendmail .......................................................... 213
10.1 Mail is routed through sendmail .................................... 214
10.2 A sendmail.cf Configuration Command ................................ 223
10.3 Rewriting an Address ............................................... 239
10.4 Sequence of Rulesets ............................................... 243
10.5 Verbose Mail Output ................................................ 251
11: Troubleshooting TCP/IP ............................................. 257
11.1 Subdividing a Network with Bridges and Routers ..................... 274
11.2 traceroute Output .................................................. 279
11.3 Flow of traceroute Packets ......................................... 280
11.4 Packet Header Structure ............................................ 295
11.5 FTP Test Summary ................................................... 296
11.6 ICMP Header Format ................................................. 298
12: Network Security ................................................... 301
12.1 last Command Output ................................................ 319
12.2 Firewalls versus Routers ........................................... 326
12.3 Internal and External Firewalls .................................... 327
Tables
_____________________________________________________________________________
2: Delivering the Data .................................................. 27
2.1 Effect of a Subnet Mask .............................................. 35
5: Basic Configuration .................................................. 85
5.1 Ethernet Cards Supported by SCO ...................................... 96
7: Configuring Routing ................................................. 133
7.1 Routing Protocol Metrics ............................................ 153
7.2 Default Preference Values ........................................... 154
7.3 gated Configuration Statements ...................................... 155
8: Configuring DNS Name Service ........................................ 167
8.1 named.boot Configuration Commands ................................... 174
8.2 Standard Resource Records ........................................... 177
10: sendmail .......................................................... 213
10.1 sendmail Configuration Commands .................................... 222
10.2 Required sendmail Macros ........................................... 224
10.3 sendmail's Internal Macros ......................................... 225
10.4 sendmail Options ................................................... 228
10.5 Mailer Definition Fields ........................................... 232
10.6 sendmail Mailer Flags .............................................. 233
10.7 Pattern Matching Symbols ........................................... 236
10.8 Transformation Metasymbols ......................................... 238
10.9 sendmail Command-line Arguments .................................... 249
11: Troubleshooting TCP/IP ............................................. 257
11.1 Vendor Ethernet Prefixes ........................................... 269
11.2 dig Query Types .................................................... 289
11.3 Expression Primitives .............................................. 292
11.4 Breakout of the Router's Packet .................................... 298
11.5 Breakout of the ICMP Packet ........................................ 299
12: Network Security ................................................... 301
12.1 checkpasswd Configuration Commands ................................. 311
13: Internet Information Resources ...................................... 337
13.1 RFC Repositories ................................................... 342
13.2 gopher Commands .................................................... 349
A: Network Contacts ................................................... 359
A.1 U.S. Network Providers .............................................. 360
A.2 International Network Providers ..................................... 361
A.3 Canadian Network Providers .......................................... 361
C: A gated Reference .................................................. 379
C.1 Trace Options ....................................................... 385
C.2 Summary of gated Preference ......................................... 404
G: Reference for passwd+ ............................................... 445
G.1 Predefined passwd+ Variables ........................................ 447
G.2 Logging Types for passwd+ ........................................... 448
G.3 Redirecting Logging Output .......................................... 449
H: Software Sources ................................................... 453
H.1 Free Software Used in This Book ..................................... 454
