Chapter 2: network applications

5.1 common network commands

In Red Hat Linux 7.1, network-related tools are provided. It is necessary to master these tools:
Category 1: Setup tools
1. netconf:
Netconf is a part of Linuxconf provided by Red Hat Linux and is mainly used to set network-related parameters. It can run in consystemic (Text menu) or in X-Window (graphic interface ). In the previous sections, we introduced some netconf applications. The use of netconf is simple. You only need to know the English above, so I will not talk about it here. BTW. If you have set X-Window, use the netconf in the graphic interface.
2. ifconfig
Ifconfig is the most commonly used tool in Linux to display and SET network devices. "If" is the abbreviation of "interface. It can be used to display the status of the device Nic or the current settings.
The following describes the common command combinations:
1) set the IP address of the first Nic to 192.168.0.1:
Ifconfig eth0 192.168.0.1 (Format: ifconfig network device name IP address)
2) temporarily disable or enable the NIC:
Disable the first NIC: ifconfig eth0 down
Enable the first NIC: ifconfig eth0 up
3) set the subnet mask of the first Nic to 255.255.255.0:
Ifconfig eth0 netmask 255.255.255.0 (Format: ifconfig network device name netmask subnet mask)
We can also set the IP address and subnet mask at the same time:
Ifconfig eth0 192.168.0.1 netmask 255.255.255.0
4) set the broadcast address of the first Nic to 192.168.0.255:
Ifconfig eth0-broadcast 192.168.0.255
5) set the first Nic to not receive multicast packets:
Ifconifg eth0 allmulti
To receive the message, run the command ifconfig eth0-allmulti.
6) view the status of the first ENI:
Ifconfig eth0
To view the status of all NICs, use the ifconfig command without parameters.
The status information output by ifconfig is very useful. The following is a brief description:
Several statuses are important:
Ø UP/DOWN: indicates whether the NIC is enabled. If it is DOWN, it cannot be used;
Ø if the number of errors packets in the RX packets is too large, it indicates that the NIC is faulty when receiving the packets;
Ø if the number of errors packets in the TX packets is too large, it indicates that the NIC is faulty when being sent;
3. route
The route command is used to view and set the route information of the Linux system for communication with other networks. To achieve network communication between two different subnets, you need to connect two network routers or a gateway located in both networks.
In a Linux system, we usually set a route to solve the following problems: the Linux machine has a gateway in the LAN to allow your machine to access the Internet, then we need to set the IP address of this machine to the default route of the Linux machine.
1) Add a default route:
Route add 0.0.0.0 gw gateway address
2) delete a default route:
Route del 0.0.0.0 gw gateway address
3) The current route table is displayed.
Route

Category 2: Diagnostic Tools
1. ping
Ping is the most common method to detect whether a network communication connection can be established with a remote machine. It is implemented through the Internet Control Packet protocol ICMP. However, some hosts filter ICMP requests. In this special case, some hosts may fail to be pinged, but network connections can be established. This is a special case.
Similarly, all the optional parameters of the ping command are not listed here, but some common combinations are described through instances, which requires more detailed understanding, you can use the command query tool for online training on www.linuxaid.com.cn.
1) check whether the connection to a machine is normal:
Ping 192.168.0.1
Ping www.linuxaid.com.cn
In other words, we can use IP addresses or domain names to specify machines.
2) specify the number of ping responses as 4:
In Linux, if you do not specify the number of responses, the ping command will continuously send ICMP messages to remote machines. We can use the-c parameter to limit: ping-c 4 192.168.0.1
3) ping through a specific NIC:
Sometimes, we need to check whether a NIC (multiple in the system) can be pinged to a remote machine. We need to point out when executing the ping command:
Ping-I eth0 192.168.0.1
2. traceroute
If you cannot ping a remote machine and want to know where the problem occurred, or you want to know which routers your information has been sent to the remote machine, you can use the traceroute command. As the name suggests, trace is a trace, and route is a route, that is, a trace route.
Using this command is simple:
Traceroute Remote Host IP address or domain name
The output of this command is similar:
1. Time required for IP address access of the router (GATEWAY) 1 time required for access 2 time required for access 3
2. Time required for IP address access of the router (GATEWAY) 1 time required for access 2 time required for access 3
.........
1) the number at the top indicates the number of stations that have passed ";
2) the IP address of the router (GATEWAY) is the IP address of the station;
3) The access time 1, 2, and 3 are the time required to access the vro (GATEWAY.

3. netstat
In Linux, netstat is a powerful tool for viewing network status. It allows you to know the network conditions of the entire Linux system.
1) collect statistics on data packets transmitted and received by various network devices:
Run netstat-I.
This command will output a table, including:
Iface: Network Interface Name MTU: Maximum Transmission Unit
RX-OK: Total successfully received packets RX-ERR: Total number of received packets error packets
RX-DRP: How many packets are lost when receiving RX-OVR: How many collision packets are received
TX-OK: Total successfully sent packets TX-ERR: Total number of error packets in sent packets
TX-DRP: how many bags lost during lbs TX-OVR: How many collision packets were received
2) display network statistics
Run netstat-s.
By using this command, the communication information in the form of IP, ICMP, TCP, UDP, and TCPEXT will be collected as a summary.
3) display the network connection of TCP transmission protocol:
Run netstat-t.
The output of this command is also a table, including:
Local Address: Local Address. Format: IP Address: Port Number
Foreign Address: Remote Address. Format: IP Address: Port Number
State: the connection status, including LISTEN, ESTABLISHED, and TIME_WAIT.
4) Only the network connections using UDP are displayed:
Run netstat-t.
The output format is the same.
5) display the route table:
Run netstat-r.
The output of this command is the same as that of the route command.
　　
　　 5.2 network configuration file
In Red Hat Linux 7.1, there are some files used to store network configurations:
1./etc/hosts
The file contains a list of IP addresses and host names. If the IP addresses of a host are specified in the list, no DNS resolution is required when accessing the host.
2./etc/host. conf
This file is used to specify the order of domain name resolution methods, such:
Order hosts, bind
It indicates that it is first parsed through the/etc/hosts file. If there is no correspondence between the host name and the IP address in the file, it is then parsed through the Domain Name Server bind.
3./etc/resolv. conf
Store the IP address of the Domain Name Server in this file.
4./etc/protocols
The Red Hat Linux 7.1 system uses this file to identify the use of the host, and uses it to map the protocol and Protocol number. You should not modify this file.
5./etc/services
This user defines an existing network service. You do not need to modify it. It is usually maintained by the program that installs the network service. This file includes the network service name, network port number, and the protocol type used. The network port number and the protocol type used are separated by a slash, you can add service aliases at the end of the set row.
5./etc/xinetd. d directory
In Linux, there is a super service program inetd. Most network services are started by it, such as chargen, echo, finger, talk, telnet, wu-ftpd, etc ..., In versions between 7.0, It is configured in/etc/inetd. conf. After Red Hat 7.0, it is changed to an xinetd. d directory.
In the xinetd. d directory, each service has a corresponding configuration file. We use telnet as an example to describe the meaning of each configuration line:
Service telnet
{
Socket_type = stream
Wait = no
User = root
Server =/usr/sbin/in. telnetd
Log_on_failure + = USERID
Disable = yes
}
The first line indicates that this configuration is used to set the telnet service.
The second line indicates that the Socket connection type is stream, that is, TCP
The third line means that the startup is not completed until the startup is complete.
The fourth line is to start the service process as a root user.
The fifth line indicates that the service process is/usr/sbin/in. telnetd.
The sixth line is used to make some error logs.
Row 7 indicates that remote telnet is prohibited. If you need to enable telnet, change the configuration to disable = no.
After you modify the xinetd configuration, You need to restart the xinetd to make it take effect. There are two ways to achieve this:
1) execute the following command:
/Etc/rc. d/init. d/xinetd restart
2) execute the following command:
Killall-HUP xinetd
　　
5.3 Network Service Access Restrictions
In Red Hat Linux 7.1, network security is enhanced. If the security level is not the lowest during installation, all access outside the local machine may be rejected. This is because some default ipchains settings are made in Red Hat 7.1. This is a built-in firewall mechanism in Linux. It can use some rules to allow or disable some access.
Its rules are stored in the/etc/sysconfig/ipchains file. If you want to temporarily disable the rules, run/etc/rc. d/init. d/ipchains stop, all rules are canceled, and all network access is allowed.
You can run/etc/rc. d/init. d/ipchains status to learn the current network access restrictions. This article is not detailed in length. If you are interested, refer to "Linux firewall.

5.4 WEB Server
In Linux, Apache is the most suitable server. In Red Hat Linux 7.1, Apache 1.3.19 is integrated. You only need to select the WEB server during installation, the system automatically installs the Apache server. By default, the WWW Service is started.
If you do not select a WEB server package during installation, it does not matter. You only need to execute the following command:
1) put the first installation disc of Red Hat Linux 7.1 into the optical drive, and then execute the following command:
# Mount/mnt/cdrom
2) Go to the directory where the apache installation file is located:
# Cd/mnt/cdrom/RedHat/RPMS
3) Use RPM to complete installation:
# Rpm-ivh apache-1.3.19-5.i386.rpm
Now you have a Linux-based WEB server. Its configuration file is located in the/etc/httpd/conf directory. You can modify it as needed, after modification, run:/etc/rc. d/init. d/httpd restart. The main directory of the WEB service is in the/var/www/html directory. You can upload your WEB page here to update it.
If every user wants to have his/her own homepage, then:
1) First, create a public_html directory under your home directory:
# Cd
# Mkdir public_html
2) Change the permission of your user's home directory to readable.
# Chmod 755 main directory
3) Then you can use "localhost /~ The user name/"is used to access the home page of each user.
　　
　　 5.5 FTP Server
In Red Hat Linux 7.1, Wu-FTP 2.6.1 is integrated as the FTP server. If you select an FTP package during installation, your Linux Server is an FTP server, if it is not installed at the time, it does not matter, just like installing apache:
1) put the first installation disc of Red Hat Linux 7.1 into the optical drive, and then execute the following command:
# Mount/mnt/cdrom
2) Go to the directory where the wu-ftp Installation File is located:
# Cd/mnt/cdrom/RedHat/RPMS
3) Use RPM to complete installation:
# Rpm-ivh wu-ftp-2.6.1-16.i386.rpm
Because the FTP service is created by the xinetd super server, the configuration of the FTP server is in the wu-ftpd file under the/etc/xinetd. d directory:
Service ftp
{
Socket_type = stream
Wait = no
User = root
Server =/usr/sbin/in. ftpd
Server_args =-l-
Log_on_success + = DURATION USERID
Log_on_failure + = USERID
Nice = 10
Disable = no
}
Next, we will introduce some management methods for FTP servers:
1. temporarily disable the FTP service
There are two ways to pause the FTP service:
1) run the following command as the root user:
# Ftpshut now
In this case, a shutmsg file will be generated under the/etc directory, and the FTP server will not be available until you delete the file.
2) modify the configuration file/etc/xinetd. d/wu-ftpd, change disable = no to disable = yes, and restart xinetd.
2. prohibit a user from using the FTP service
There are two ways to disable a user from using the FTP server:
1) write the user account name in/etc/ftpuser
2) Write a configuration line in/etc/ftpaccess:
Deny-uid User Name
This method can also be used by users in a group.
Deny-gid group name
3. anonymous Users (anonymous) are prohibited from logging on to the FTP server.
There are many ways to achieve this, but I think the simplest and most effective method is to write anonymous into the configuration file:/etc/ftpuser.

　　5.6 File Server
We can also use Samba built in Red Hat Linux 7.1 as a file server for Windows hosts in the LAN. If you select the SMB server software package when installing the system, the Samba service will be Ready after installation.
To facilitate configuration, we recommend that you install swat, which provides a WEB interface configuration tool. Its installation package is the second disc's/RedHat/RPMS/samba-swat-2.0.7-36.i386.rpm.
After the installation is complete, it will create a new swat file in the xinetd. d directory with the following content:
Service swat
{
Port = 901
Socket_type = stream
Wait = no
Only_from = 127.0.0.1
Server =/usr/sbin/swat
Log_on_failure + = USERID
Disable = yes
}
We can see that the value of disable is yes, that is, swat is not enabled yet, so we need to change it to disable = no, and then restart xinted. In addition, there is a sentence:
Only_from = 127.0.0.1
Note that swat can only be used on the local machine. If you want to use IE for configuration in Windows, comment out or delete this sentence.
Next, we will take setting a homes directory that everyone can access as an example to describe how to set SWAT:
1) Open IE and enter the Linux host name or IP address and ": 901" in the address bar. For example:
Http: // 192.168.0.1: 901
2) If the connection is normal, a logon Prompt window is displayed, asking you to enter the user name and password. Here, use root as the user name, enter the password of the root user, and click OK;
3) if the input is correct, the Samba configuration page is displayed: the homepage of Swat;
We can see the Top 7 icons on the Swat interface: HOME, GLOBALS, SHARES, and PRINTERS) STATUS, VIEW, and PASSWORD)
4) First, click the GLOBALS icon. The GLOBALS settings page is displayed, where we set the following items:
BaseOption à Workgroup: Enter the Working Group Name (for example, the Working Group name in NetBIOS)
Ø BaseOption à Netbios name: Host name
Ø SecurityOption à Security: select the Security level and select "SHARE" in the options"
Ø SecurityOption à hosts allow: The allowed host, which is usually written into your network number, such as 192.168.0.
Ø SecurityOption à hosts deny: if you do not allow a machine to use it, write its IP address
After modification, click the "Commit Changes" button (below the seven icons) to save the settings.
5) then, click the SHARES icon to set the sharing:
Step 1: enter the name of the Share to be set in the text box on the right of the Create Share button.
Step 2: click "Create Share;
Step 3: Check the value of "BaseOptions à Path" for the directory you want to share, such as/home/smb/test (note that this must be an existing Directory );
Step 4: set the value of "SecurityOptions à writeable" to Yes so that the directory can be shared as Writable;
Step 5: set the value of "SecurityOptions à guest OK" to Yes, so that the directory does not require password access;
Step 6: Set the Host IP address in "SecurityOptions à hosts allow and hosts deny;
Step 7: Set "BrowseOptions à browseable" to Yes for ease of use
Finally, click "Commit Changes" to save the settings.
Now, we can access this Samba server through network neighbors on Windows 9x and have a readable and writable shared directory.
During normal usage, the system administrator can click the "STATUS" button to switch to the STATUS page for monitoring. on this page, you can:
1) Start (Start smbd button), Stop Samba (Stop Smbd button), and Restart (Restart smbd button );
2) In addition, you can see the current connection with the Samba server (Active Connections), and you can press the "X" button to stop its access;
3) at the same time, you can also detect the accessed folder (Active Shares) and Open Files ).
The Samba service can also authenticate users, integrate with the Window NT domain, and provide other powerful functions. For more information, see Samba.

　　Postscript
After a period of use, we found that Red Hat Linux 7.1, Whether installed or used, has been paying more and more attention to ease of use. A large number of graphic interfaces have been used, making it possible to launch a desktop. It also integrates the latest version of a large number of software, which can be described as excellent performance, but it can be described as "success or failure ", I encountered a crash when I started KDE during the trial (this is rare in previous versions !) Also caused a system crash, probably caused by XFree86 4 BUG. In addition, the excellent graphic interface makes the entire X Window very slow, so ease of use and performance are always unable to work completely.
In any case, from Red Hat Linux 7.1's rich application software, efficient network performance, and good graphic interfaces all show that Linux is becoming more and more mature. I believe that with the strong support of many well-known IT vendors, A bright future is coming.