SysAdmin - Networking

In

Linux Foundation Certified SysAdmin (LFCS): Networking

Configure networking and hostname resolution statically or dynamically

  • Older Debian
    • etc/network/interfaces contains loopback asks for further configuration in interfaces.d
      1
      2
      3
      4
      cd etc/network
      cat interfaces.d
      # change configuration for ethernet0
      nano eth0.cfg
    • file content example
      1
      2
      3
      4
      5
      6
      7
      8
      9
      10
      11
      12
      # bring this up automatically
      auto eth0
      ## This commented configuration is for dinamic
      ## keyword (iface), id
      # iface eth0 inet dhcp
      ## This uncommented configuration is for static
      iface eth0 inet static
      address 10.9.8.7
      netmask 255.255.255.0
      gateway 10.9.8.1
      dns-search mydomain.com
      dns-nameservers 8.8.8.8.8.8.4.4
    • restart after changes to enforce them
      1
      sudo ifup eth0
  • New Ubuntu

    • etc/network/interfaces contains loopback asks for further configuration in interfaces.d

      1
      2
      3
      4
      5
      cd etc/network
      ifconfig -a
      cat interfaces.d
      # change configuration for ethernet0
      nano 50-cloud-init.cfg

    • everything else from the older Debian machine applies

  • CentOS 7
    • etc/sysconfig/network-scripts most interesting files are ifconfig-eth0 and ifcfg-lo
      1
      2
      3
      4
      5
      cd etc/sysconfig/network-scripts
      cat interfaces.d
      # ethernet=ifconfig-eth0, loopback=ifcfg-lo
      # change configuration for ethernet0
      nano ifconfig-eth0.cfg
    • file content example
      1
      2
      3
      4
      5
      6
      7
      8
      9
      10
      11
      12
      13
      14
      15
      16
      17
      18
      19
      20
      ## dynamic address
      BOOTPROTO=dhcp
      DEVICE=eth0
      HWADDR=0a:67:42:8f:24:9e
      ONBOOT=yes
      TYPE=Ethernet
      USERCTL=no
      ## static address
      # BOOTPROTO=none
      # DEVICE=eth0
      # HWADDR=0a:67:42:8f:24:9e
      # ONBOOT=yes
      # TYPE=Ethernet
      # IPADDR=10.9.8.7
      ## subnet/mask in CENTOS-> number of 1s begore we hit our 1st 0
      # PREFIX=24
      # GATEWAY=10.9.8.1
      # DNS1=10.9.8.53
      # DNS2=8.8.8.8
      # DNS3=8.8.4.4
    • restart after changes to enforce them
      1
      systemctl restart network
    • you may also use the old school ifconfig commands
      1
      ifconfig eth1 10.1.0.122 netmask 255.255.255.0 && ifconfig eth1 up

      When setting a static route for a network or IP address on your system, you are bypassing the default gateway

Configure network services to start automatically at boot

Example with telnet: old, not recommended, now we use SSH

  • systemd
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    # is it already installed?
    sudo systemctl | grep telnet
    # if not, install it
    sudo apt install telnet
    sudo apt install telnetd
    # management platform for network connections
    sudo apt install xinetd
    # enable that service, is it running?
    sudo /etc/init.d/inet status
    sudo /etc/services
    telnet localhost
    sudo sysctl enable xinetd
  • System V init (sysvinit)
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    # install it, it brings inet with it
    sudo yum install telnet-server
    sudo yum install telnet
    # enable that service, is it running?
    chkconfig xinetd
    chkconfig telnet on
    chkconfig
    service xinet start
    # go for it
    telnet localhost
    # disable
    sudo chkconfig telnet off
    sudo chkconfig
    sudo service xinet stop

Implement packet filtering

You will need a second machine to check the results (ping)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
## check chain policies
iptables -L
# get blank slate
iptables --flush
# change the forward policy to accept
# we will not be filtering anything
iptables -P FORWARD ACCEPT
## create a filter to prevent access
# check your interfaces
ifconfig
# reject on ethernet0 the icmp protocol traffic -> get error
ipdatebles -A INPUT --protocol icmp --in-interface eth0 -j reject
# drop on ethernet0 the icmp protocol traffic -> not return anything at all
ipdatebles -A INPUT --protocol icmp --in-interface eth0 -j drop

Start, stop, and check the status of network services

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#protocol information, sockets...
netstat
# sudo gets additional information
# ports in which you are listening now
netstat -at
# UDP ports in which you are listening now
netstat -ua
# everything connected: -u for UDP, -x for UNIX
netstat -l
# check protocols
netstat -s | more
# display service names with their pids
netstat -tp
# display interfaces and loopback address
netstat -i
# kernel interface table, almost identical to ifconfig -a
netstat -ie
# groups
netstat -g
# find ssh listening programs
netstat -ap | grep ssh
# get the statistics
netstat --statistics-raw

Statically route IP traffic

1
2
3
4
5
6
7
8
9
10
11
12
13
# all Ip adresses, you may use ipconfig too
ip a
## what if it is not a local package (123.123.123.xxx)
## learn the routes, 'route -n' gets the same value
ip route list
# how IP addresses of each hub on the way (if not blocked)
traceroute 8.8.8.8
## make it go through a certain device first
# send all packages starting with 8.8, static protocol
# metric -> kernel selects the one with lower metric, via inet <ip>, device <id>
sudo ip route add 8.8.0.0/16 proto static metric 10 via inet 10.9.185.143 dev eth0
## remove jump
sudo ip route del 8.8.0.0/16 proto static metric 10 via inet 10.9.185.143 dev eth0

Synchronize time using other network peers

Same time in severla machines is important (e.g. using docker)

1
2
3
4
5
6
7
# the most important is ntp, ntpd if you want it to run in boot
sudo apt install ntp
# edit configuration
sudo nano /etc/ntp.conf
## www.pool.ntp.org -> select an active ntp server constantly update
# restart
sudo /etc/init.d/ntp restart