In Linux, many configuration files must be used to run network functions. Although many tools or programs can be used to set the content of these files, however, from the perspective of system maintenance, it is absolutely necessary to understand the content of these files. Because it is impossible to ensure that all commands or programs are available at any time, if the execution of commands or programs has problems, you must go back to the original configuration file for manual modification or maintenance. Therefore, in this section, the author chooses a network management-related and important network configuration file to describe it. I hope that the reader can understand the functions and use time of each configuration file, to facilitate smooth management.
Host address configuration file-/etc/hosts
In Linux, the default communication protocol is TCP/IP, and each host on the TCP/IP network represents its address with a unique number, which is called an IP address. No matter whether the host is located in the local network or the Internet, as long as TCP/IP is used as the communication protocol, hosts must rely on IP addresses to identify each other.
The current IP address is based on IPv4IP version 4th. Therefore, each IP address is in the form of xxx. xxx. The valid range of xxx is 0 ~ 255, such as 192.168.0.1. Because the IP address is specified by InterNIC, the IP address of each host is unique and will not be duplicated.
Although the IP address can accurately identify each host, it also creates a problem-address memory difficulties, because for users, the combination of numbers is hard to associate with a specific host.
If you use a name that is generally easy to remember, such as ns1.fc5linux.com host name) or ns1 alias, you may lose the host address. Therefore, there is a solution on the TCP/IP network-using an Intermediary Mechanism for IP address and easy to remember name conversion resolution ).
Generally, there are two ways to convert IP addresses and easy to remember names on TCP/IP networks: using a DNS server or/etc/hosts file. The DNS server is powerful in name resolution, but it involves a wide range of content, so this book will be discussed in chapter 11th.
Although the resolution function of the/etc/hosts file is not as good as that of DNS, because it can also provide the name resolution function and the setting content is simple, this book will describe its content here. The following is an example of a/etc/hosts file:
# Do not remove the following line,or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.0.1 ns1.fc5linux.com ns1 |
The above is a simple example where records can be automatically generated by the system or added by itself. The format of these records is as follows:
IP address host name alias
After entering the IP address, host name, or alias into the/etc/hosts file, you can replace the original IP address with the host name or Alias. For example, if the IP address of a Web server is 192.168.0.1 and its host name is www.fc5linux.com and its alias is www, you can enter any of the following addresses in the local browser to connect to the Web server:
Using http: // used in the 192.168.0.1 local area network and Internet)
Using in the http://www.fc5linux.com LAN and Internet)
Others http: // www is only available in the local area network)
Network Service information file/etc/services
/Etc/services is an information file that records various network services. Each record in this file represents an Internet service. Its format is as follows:
Service name connection port number/communication protocol name [alias] [annotation]
This file allows the format of the connection port number/communication protocol name to correspond to a specific service name, and some programs must use this file for specific functions.
For example, xinetd is a powerful program that specifically manages requests connected to the Internet. When a user requests remote check-in and file transfer protocols, it will automatically check the/etc/services file and find the corresponding program to meet the user's request. The following is an example of some content in the/etc/services file:
tcpmux 1/tcp # TCP port service multiplexer
tcpmux 1/udp # TCP port service multiplexer
rje 5/udp # Remote Job Entry
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
…………
|
Basically, each service must use a unique connection port number/communication protocol name. Therefore, if two services need to use the same connection port number, they must use different communication protocols. Similarly, if the two services use the same communication protocol, their connection port numbers must be different.
By the way, all available connection port numbers are between 0 and ~ 65535, according to different functions and usage, can be divided into three categories:
? From 0 ~ The port number in the range of 1023 is used by all types of servers, also Known as Well-Known Ports.
? Except for the dedicated connection port number used by the server, all connection port numbers published on the Internet use 1024 ~ The number within the range of 49151.
? Other dynamic or private connection port numbers, which can be 49152 ~ The number within the range of 65535.
Theoretically, you can modify the connection port number in the file at will. For example, you can change the 80/tcp used by HTTP to 81/tcp, or retain the original connection port number and use another name. However, I do not recommend that you do this because you can modify the default content at will to connect clients that know the modified content, and most users will be excluded.
Xinetd and/etc/xinetd. config files
In fact, the role of xinetd is equivalent to the inetd used in earlier Linux versions. It is responsible for receiving requests from Internet clients and sending client requests to the correct service programs, however, xinetd does not actually execute specific services.
The advantage of processing client requests in this mode is that xinetd is responsible for listening for request information from the network, and the service program listens for requests from the client because of xinetd, therefore, you do not need to load a large number of programs at each startup to avoid waste of system resources.
However, the system does not install the xinetd service by default. Therefore, you must install the xinetd service first. First, click the "application"/"Add/Remove Software" option, the system will start to obtain the currently installed and uninstalled software packages, and then open the "Software Package Manager" window, as shown in 1-5.
|
| Figure 1-5 "Software Package Manager" Window |
Click the Search option on the left side of the "Software Package Manager" window, enter "xinetd" in the field above, and then click "Search" to find the software package, select the "xinetd" project in the search results window, and then click the "application" button to install the software package, as shown in figure 1-6.
|
| Figure 1-6 select the "xinetd" Project |
After you press the "Apply" button in the previous window, the installation confirmation window of the software package appears. Click "continue" to install the software package, as shown in figure 1-7.
Next, the installer asks whether to import the key to verify that the installation package is positive. Press the import Key button to continue, as shown in figure 1-8.
If everything is correct, after the key is imported, the system starts to install the xinetd package, and the installation is successful after installation, as shown in 1-9.
After the software is successfully installed, you must start the software package to use it smoothly. To start xinetd, click "desktop", "manage", and "service", and then click "xinetd" on the left of the window in the "service configuration" window, then, start the xinetd service by pressing the start button, as shown in figure 1-10.
|
| Figure 1-10 start the xinetd service |
After xinetd is installed, we first open the configuration file-/etc/xinetd. conf of xinetd to describe the operation of xinetd. Its content is as follows:
# Simple configuration file for xinetd
#
# Some defaults,and include /etc/xinetd.d/
defaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}
includedir /etc/xinetd.d |
The following are the default projects and descriptions in the/etc/xinetd. conf file:
? Instances: the maximum number of requests that a single service allows a client to connect to within the same period of time. If it is set to Unlimited, there is no connection restriction. This setting helps to defend against DoS attacks.
Note: Denial of Service (DoS) is an intrusion program that prevents computers from performing certain actions or crashing without reason. Unlike General hacker intrusion, DoS attacks do not steal or tamper with internal computer data, but aim to paralyze hosts. Dos usually intrude into the computer in two ways: ICMP aggression and OOBOut Of Band aggression. The former will continuously send useless information to a specific host, the computer is slowed down, causing a crash. After an attacker learns the IP address of a computer, the hacker sends a command to the computer over the Internet, causing a blue crash.
? Log_type: this project can be used to set the location of the log record file output. "SYSLOG" indicates that logs are output to the system log file through the syslog service, while "authpriv" indicates the log record level.
? Log_on_success: indicates the information recorded when the connection is successful. "host pid" indicates the PIDProcess ID of the remote HOST and program ).
? Log_on_failure: indicates the information recorded when the connection fails. "HOST" indicates the information recorded only for the remote HOST.
? Cps: the speed at which an external host is allowed to connect to the internal network. It contains two parameters. The 1st parameter indicates the number of connections that can be processed per second. If the speed of connecting to the internal network is higher than this value, the service is temporarily stopped. The first parameter indicates the number of seconds waiting before the system restarts the service after the service is temporarily stopped.
? Includedir: Specifies the directory location of all Daemon configuration files that use the xinetd service. In theory, you can define all the settings in/etc/xinetd. in the conf file, but set different Daemon with different files, it can improve the management efficiency and avoid errors.
Note that after you modify the xinetd settings, restart xinetd to make the settings take effect. The startup command is as follows:
[Root @ ns1 ~] #/Etc/rc. d/init. d/xinetd restart
Stopping xinetd: OK]
Starting xinetd: OK] |
Allow and deny Address Configuration Files-/etc/hosts. allow and/etc/hosts. deny
In addition to forwarding requests from the client to the specified service program, xinetd also has another function, that is, centralized management client connection, which is mainly based on the content of the two files: /etc/hosts. allow and/etc/hosts. deny.
If you want some computers to access the Internet services provided by/usr/sbin/tcpd in the server, you can define the computers allowed to access in the/etc/hosts. allow file. Otherwise, if you do not want a specific computer to access Internet services on the server, you should define a host that denies access in the/etc/hosts. deny file.
After xinetd accepts the service request from the client, it will first check/etc/hosts. the content of the allow file to check whether access to the client is allowed. If yes, the request is forwarded to the specified service program and/etc/hosts is ignored. check the deny configuration file.
In the/etc/hosts. the allow file does not contain records permitted by this client, and xinetd will continue to check/etc/hosts. the content of the deny file. If the client data appears in this file, the request will be rejected, the client requests will still be forwarded to the specified service program. The review process for processing client requests is shown in Figure 1-11.
|
| Figure 1-11 audit process for processing client requests |
Because when xinetd reviews client connection requests, it does not check any matching records. Therefore, if a record is recorded in/etc/hosts at the same time. allow and/etc/hosts. in the deny file, xinetd will still check/etc/hosts. the request from the client is allowed when the allow file is used, so/etc/hosts. the deny file is not checked.
For the above reasons, we usually record the client that needs to provide the service in/etc/hosts. allow, and write only one simple row in/etc/hosts. deny:
To add additional records, use the following format:
Daemon: Address [: Option1 [: Option2]
The items in the preceding format are described as follows:
ナ DAEMON: the name of the service program that must be executed after receiving the client request, such as in. ftpd, or "ALL" is used to represent the names of ALL service programs.
External Address: represents a Client IP Address, host name, URL, or a range of IP addresses, host name or URL, but can also be a special string in Table 1-1.
Special strings of Table 1-1 Address
String description
ALL indicates ALL addresses
Host Name with no decimal point in LOCAL
UNKNOWN indicates all hosts whose names or IP addresses are UNKNOWN.
KNOWN indicates that all names and IP addresses are KNOWN hosts.
PARANOID indicates that all hosts with different host names and IP addresses
Optional Option: This is a selective project, so it does not need to be set. In table 1-2, it is a commonly used project description in the Option field.
Table 1-2 Description of common options
Description
No matter what the settings of hosts. allow and hosts. deny are, the client that meets the conditions can make connection requests, and the setting content of this option should be placed at the end of the row.
No matter what the settings of hosts. allow and hosts. deny are, clients that meet the requirements cannot make connection requests. At the same time, this option setting should be placed at the end of the row.
Spawn automatically starts a Shell command when receiving a connection request. This option must be placed at the end of the set content.
Twist automatically starts a Shell command when receiving a connection request. However, when the Shell command is executed, the connection is terminated. This option must also be placed at the end of the Setting line.
Network Configuration File-/etc/sysconfig/network
Although this file is simple, it is an important configuration file in the TCP/IP network host. Taking the author's computer as an example, its default content is as follows:
[root@ns1 ~]# vi /etc/sysconfig/networkNETWORKING=yes
HOSTNAME=ns1.fc5linux.com |
In the preceding example, "NETWORKING = yes" indicates to enable the network function of the Linux server. We recommend that you retain this default value. Otherwise, the Linux server that loses the network function seems useless, the following "HOST-NAME = ns1.fc5linux.com" indicates the host name.
In addition to the preceding settings, you can also add many options. Table 1-3 is a common setting item and description.
Table 1-3 set items and descriptions
Description
FORWARD_IPV4: sets whether the server can forward IPV4IP Version 4 from the client .)
DOMAINNAME the Domain Name of the server
GATEWAYDEV is the gateway device. Generally, eth0 indicates that the network card is used as the network connection device. If it is a dial-up connection user, it is set to ppp0.
Host search configuration file-/etc/host. conf
Previously, we mentioned that host name resolution can be completed through the/etc/hosts file or DNS server, but which one should be used for resolution first? The answer is in the/etc/host. conf file, because this file can be used to set the priority of host name resolution. The following is the default content of this file:
Order hosts, bind
In the above default content, there is only one record, which indicates the host name parsing process. First, use the content of the/etc/hosts file. If the parsing fails, attempt to use the DNS server. However, in addition to this main function, the/etc/host. conf file can also contain other configuration information. Table 1-4 is a description of all available configuration items.
Table 1-4 Project Description
Description
Order specifies the search order for host name resolution
Trim specifies the default domain name. One or more default domain names can be specified here, such as fc5linux.com. In this way, when querying a host information, you only need to enter the host name, such as ns1, the system automatically adds the default domain name after the host name, such as ns1.fc5linux.com. This method can improve resolution efficiency and allow multiple default domain names to be added to this file. To add a default domain name named fc5linux.com, you can add the following records:
Whether multi allows the same host name to correspond to multiple IP addresses in the/etc/hosts file. For example, both 192.168.250.23 and 192.168.200.10 correspond to ns1.fc5linux.com. To enable this function, add the following records:
Multi on
Whether nospoof allows reverse query of host names can improve the accuracy of host names. To enable this function, add the following record content:
Nospoof on
Name Server search sequence configuration file-/etc/resolv. conf
The/etc/resolv. conf setting file is mainly used to set options for the DNS server. There are three common items available for setting:
ナ nameserver
Set the name server. Here, the name server refers to the DNS server. You can set up to three namesever servers, and each DNS server record must have its own line. After nameserver is set, when the host performs name resolution, it first queries the first nameserver in the record. If the resolution fails, it will continue to ask the next nameserver.
For example, if you want the client to use three DNS servers for name resolution, enter the following content:
nameserver 0.0.0.0
nameserver 192.168.78.100
nameserver 192.168.78.111 |
Note: If the host itself is a DNS server, you can use 0.0.0.0.
ナ domain
Specifies the Domain Name of the host. This option can be skipped.
Elastic search
This is a selective option. Here, you can use the space key to separate multiple domain names. Its role is, the domain name set here is automatically added after the host name to be queried. A maximum of six domain names can be added, but the total length cannot exceed 256 characters. For example, three different domain names and three names must be separated by the Space key:
Name1.com name2.com name3.com
When the name to be queried is host1, the system will query host1.name1.com, host1.name2.com, and host1.name3.com in sequence. If the query results are obtained successfully, the resolution is stopped. However, if no query results are returned, the system returns the query failure information.
This book provides an example to add three domain names:
search name1.com name2.com name3.com
|
| BibliographyPrevious sectionNext section |
