Network Configuration in Linux

Article title: network configuration in Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Since the birth of linux, it has been doomed to an unprecedented powerful network function. therefore, it is very important to configure the network in linux to make it efficient and secure. next we will introduce the network settings in linux from three aspects: network device installation, network service settings, and network security.
　　
　　 1. install and configure network devices
When installing linux, if you have a Nic, the installer will prompt you to provide TCP/IP network configuration parameters, such as the local ip address, the default gateway ip address, and the DNS ip address. based on these configuration parameters, the installer automatically compiles the NIC (which must be supported first in linux) driver into the kernel. but we must understand the process of loading the NIC driver, so we will be very easy to operate when we change the Nic later and use multiple NICs. nic drivers are loaded into the kernel as modules. all Nic drivers supported by linux are stored in the directory/lib/modules/(linux version)/net /, for example, the driver of the inter 82559 series 10/100 M adaptive boot Nic is eepro100.o, and the driver of 3C509 ISA Nic of 3COM is 3C509. o, DLINK pci 10 NIC driver is via-rhine.o, NE2000 compatible NIC driver is ne2k-pci.o and ne. o. after learning about these basic drivers, we can modify the module configuration file to replace or add a Nic.
　　
1. modify the/etc/conf. modules file
This configuration file is an important parameter file for loading modules. let's take a look at an example file.
#/Etc/conf. modules
Alias eth0 eepro100
Alias eth1 eepro100
This file is a conf file in a linux system with two inter 82559 series NICs. contents in modules. the alias command indicates the name of the driver of the Ethernet port (such as eth0). The alias eth0 eepro100 indicates that the driver to be loaded on the Ethernet port 0 is eepro100.o. when modprobe eth0 is used, the system automatically loads eepro100.o to the kernel. for pci NICs, because the system will automatically find the NIC's io address and interrupt number, there is no need. in modules, use options to specify the NIC's io address and interrupt number. but corresponding to the ISA Nic, it must be in conf. the io address or interrupt number specified in the module, as shown below, indicates the conf of an ISA Nic of NE. modules file.
Alias eth0 ne
Options ne io = 0x300 irq = 5
After modifying the conf. modules file, run the following command to load the module:
# Insmod/lib/modules/2.2.14/net/eepro100.o
In this way, you can load the module eepro100.o at the Ethernet port. you can also run the following command to view the information of the currently loaded module:
[Root @ ice/etc] # lsmod
Module Size Used
Eepro100 15652 2 (autoclean)
The returned result indicates that the currently loaded module is eepro100, with a size of 15652 bytes and two users. the returned result is cleared automatically.
　　
2. modify the/etc/lilo. conf file.
In some newer linux versions, because the operating system automatically detects all related hardware, you do not have to modify/etc/lilo. conf file. however, for the ISA Nic and old version, you can modify lilo to initialize the newly added Nic in system initialization. conf file. in/etc/lilo. add the following command to the conf file:
Append = "ether = 240x300, eth0 ether = x, eth1"
This command indicates that the io address of eth0 is 0x240, the interrupt is 5, the io address of eth1 is 0x300, and the interrupt is 7.
In fact, this statement comes from the parameters passed when the system guides the image file,
LILO: linux ether = 240x300, eth0 ether = x, eth1
This method also enables the linux system to configure two Nics. Similarly, when using more than three NICs, you can follow the same method.
After configuring the network card, you should configure the TCP/IP parameters. In general, you will be prompted to configure the network parameters while installing the linux system. if you want to modify the network settings, run the following command:
# Ifconfig eth0 A. B .C.D netmask E.F. G. H
A. B .C.D is the IP address of eth0, and E.F. G. H is the network mask.
In fact, in linux, we can set multiple IP addresses for a network card, for example, the following command:
# Ifconfig eth0: 1 202.112.11.218 netmask quota limit 192
Then, run the command # ifconfig-a to view the interfaces of all network interfaces:
Eth0 Link encap: Ethernet HWaddr 00: 90: 27: 58: AF: 1A
Inet addr: 202.112.13.204 Bcast: 202.112.13.255 Mask: invalid bandwidth limit 192
Up broadcast running multicast mtu: 1500 Metric: 1
RX packets: 435510 errors: 0 dropped: 0 overruns: 0 frame: 2
TX packets: 538988 errors: 0 dropped: 0 overruns: 0 carrier: 0
Collisions: 318683 txqueuelen: 100
Interrupt: 10 Base address: 0xc000
　　
Eth0: 1 Link encap: Ethernet HWaddr 00: 90: 27: 58: AF: 1A
Inet addr: 202.112.11.218 Bcast: 202.112.11.255 Mask: invalid bandwidth limit 192
Up broadcast running multicast mtu: 1500 Metric: 1
Interrupt: 10 Base address: 0xc000
　　
Lo Link encap: Local Loopback
Inet addr: 127.0.0.1 Mask: 255.0.0.0
Up loopback running mtu: 3924 Metric: 1
RX packets: 2055 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 2055 errors: 0 dropped: 0 overruns: 0 carrier: 0
Collisions: 0 txqueuelen: 0
We can see three network interfaces: eth0, eth0: 1, lo, and eth0 are real Ethernet interfaces. eth0: 1 and eth0 are the same network interfaces, only when another address is bound, lo will send the address. Eth0 and eth0: 1 can use IP addresses of different network segments, which is useful when different network addresses are used for the same physical network segment.
In addition, the NIC has a prosimc mode. In this mode, the NIC will receive all the packets in the network. some network listening tools in linux, such as tcpdump, snort and so on are all set to the mixed mode Nic.
The ifconfig command can change the IP address of the NIC during the running time. However, if the system restarts, linux still starts the network interface according to the default settings. At this time, you can use the netconfig or netconf command to reset the default network parameters. The netconfig command is used to reconfigure basic TCP/IP parameters, including whether to dynamically obtain the ip address (dhcpd and bootp), the ip address of the NIC, and the network mask, default Gateway and preferred domain name server address. The netconf command can be used to configure all network parameters in detail, including client tasks, server tasks, and other configurations. in the client configuration, it mainly includes the configuration of the basic host (host name, valid domain name, network alias, IP address corresponding to the corresponding Nic, network mask, network device name, kernel driver of the network device), DNS address configuration, the default gateway address configuration, NIS address configuration, ipx interface configuration, ppp/slip configuration, and so on. The server configuration mainly includes NFS configuration, DNS configuration, ApacheWebServer configuration, Samba configuration, and Wu-ftpd configuration. Among other configuration options, one is about the host configuration in the/etc/hosts file, and the other is about the network configuration in the/etc/networks file, finally, the information about the use of linuxconf configuration.
You can also configure network information under the linuxconf command, but you can find that the linuxconf program calls netconf for network configuration.
In addition, the system's network configuration file is stored in the/etc/sysconfig/network-scripts directory. The example is as follows:
　　
Ifcfg-eth0 * ifdown-post * ifup-aliases * ifup-ppp *
Ifcfg-eth1 * ifdown-ppp * ifup-ipx * ifup-routes *
Ifcfg-lo * ifdown-sl * ifup-plip * ifup-sl *
Ifdown @ ifup-post * network-functions
　　
The ifcfg-eth0 is the configuration information of the Ethernet port eth0, its content is as follows:
　　
DEVICE = "eth0"/* specify the name of the network DEVICE */
IPADDR = "202.112.13.204"/* specify the IP address of the network device */
NETMASK = "255.255.255.255.192"/* specify the network mask */
NETWORK = 202.112.13.192/* specify the NETWORK address */
BROADCAST = 202.112.13.255/* specify the BROADCAST address */
ONBOOT = "yes"/* indicates whether to activate the Nic when the system starts */
BOOTPROTO = "none"/* indicates whether the bootp protocol is used */
　　
Therefore, we can modify this file to change the network parameters in linux.
　　
　　 2. network service configuration:
In this section, we do not detail the configuration of the specific network Server (DNS, FTP, WWW, SENDMAIL) (that will be a huge space ), this document describes the configuration of linux network services.
　　
1. LILO configuration file
In linux, there is a system boot program, that is, lilo (linux loadin), which can be used to start multiple operating systems. its configuration file is/etc/lilo. conf. in this configuration file, lilo configuration parameters are mainly divided into two parts: one is global configuration parameters, including setting the startup device and so on. the other is the local configuration parameters, including the configuration parameters for each boot image file. here I will not detail each parameter, especially the two important parameters -------- password and restricted options. the password option adds password protection to each Guide image file. we all know that there is a single-user mode in linux, in which users log on to the linux system as super users. you can add parameters (linux single or linux init 0) during lilo boot to directly enter the single-user mode superuser environment without a password, this will be very dangerous. so in lilo. added the password configuration option in conf to add password protection for each image file. you can use the password option in global mode (add the same password to all image files) or add a password to each individual image file. in this way, the user is required to enter the password each time the system is started. you may think it is troublesome to enter a password every time. you can use the restricted option, which enables lilo to check the password only when a parameter (such as linux single) is entered at linux startup. these two options greatly increase system security. we recommend that you. set them in the conf file. because the password is in/etc/lilo. the conf file is stored in plain text, so you must set/etc/lilo. change the attribute of the conf file to only root readable (0400 ).
In addition, in earlier versions of lilo, there is a limit that the boot sector must be stored in the first 1024 cylinder.