You probably already know these, in which case here's a reminder.
|DNS||Domain Name Service|
|PPP||Point to Point Protocol|
|DHCP||Dynamic Host Configuration Protocol|
|LAN||Local Area Network|
|ISP||Internet Service Provider|
|FTP||File Transfer Protocol|
|SFTP||Secure File Transfer Protocol|
Linux became a low-cost and reliable server environment partly as a consequence of the availability of free software implementing all significant Internet protocols. An introduction to programming on Linux would leave a large gap without mention of popular networking utilities which assist with the process of setting up networks and network programming, and used for remote login and file transfer. Many engineers and students now want to setup Linux themselves, so information is provided to help you get your Linux installation networked.
Many network services are used in connection with Unix and Linux, for providing networked file services, logins shared across a network, providing mail and web services etc. Setting these up may involve installing and configure programs such as:
Linux is also often used for complex networking setups, e.g. for routers or firewalls involving multiple network cards and zones. These possibilities require building on a foundation of more basic knowledge which can partly be acquired by successfully connecting single machines to simple networks. Designing networks and diagnosing network faults are skilled actitities. These notes are intended to help you get started using Linux within this context.
Cases 2 and 3 generally require the same setup on the PC. In most cases, assuming that you have all the information needed to make a connection, the network configuration wizard software which comes with your Linux distribution will ask you to input this information at installation time, and this can be changed using helpful graphical programs such as Mandrake Control centre, Netconf etc.
Some ISPs only officially support connection using closed source software on a CD which doesn't work on Linux. If you need to connect through such an ISP you might try asking in suitable Linux support mailing lists or newsgroups to find out if any of their Linux-using customers can give you any setup information or hints required, so you can find out the rest yourself. You are more likely to get useful help from newsgroup and list questions if you first make sure that your question is within the topic area of the group, and secondly try to find out as much as you reasonably can yourself e.g. if someone else has already asked the same question and this is searchable in the list archives or using the Google search engine. Those who might answer your questions are more likely to be able to give you useful answers if you are also willing to do some reading of the relevant Howto's, FAQs and manual pages which are readily accessible, and state what experiments you have tried yourself.
In almost all cases Internet connections are made using standard and open network protocols fully supported by Linux, (e.g. DHCP which allocates an Internet address from a pool every time you dial up). There are also many ISPs that explicitly support Linux users. In some cases you are better off as a customer of an ISP that can offer such support. Various links are available.
If you are using a dial up modem you will need the remote phone number of the modems at your Internet service provider. They will also allocate you a username and password when you subscribe to their service. Many ISPs expect you to sign up to obtain your userid and password on-line using their web sites.
If you connect using DHCP, most of the information that might otherwise be needed is likely to be supplied and configured automatically when you connect. Creating a DHCP connection is often described on the networking setup wizards as "obtain network address automatically from a server" or similarly. Other information likely to be required includes:
In most simple cases the network can successfully be installed by supplying the correct information as described above, either when Linux is installed, or by rerunning the network configuration wizard provided with your distribution (e.g. Netconf). In cases where things don't work, if you are operating within a LAN environment, it is worth checking that other parts of the network, (e.g. hubs, cables, routers and servers) are functional with other PCs if possible.
Sometimes you may need a non-standard setup, which can require you to carry out minor edits to scripts and/or configuration files. If you have to do this experimentally, always take dated backups of the files you are going to change first, so that you can restore these if the changes you try don't seem to have the desired effect.
If you are using a dial-up modem you are likely to need to slightly modify the default chat script used to dial your modem up. See chat(8) for details. Some of the configuration for PPP networking is in /etc/ppp . It is also worth studying the scripts in /etc/sysconfig which relate to networking and any associated manual pages you can find . On most Linux systems, system services are started by using shell scripts in /etc/rc.d and /etc/rc.d/init.d or similar pathnames . Most of these startup scripts can be run with parameters: start, stop and restart e.g:
cd /etc/rc.d/init.d ./network restart
If your Linux kernel was unable to identify drivers for network cards you are likely to get some useful clues by studying the boot message transcript obtainable using the dmesg(8) command.
Here is a section of the boot transcript obtained using dmesg showing details of the loading of a device driver for a 3COM PCI Ethernet card:
3c59x: Donald Becker and others. www.scyld.com/network/vortex.html See Documentation/networking/vortex.txt 02:02.0: 3Com PCI 3c905C Tornado at 0xa400. Vers LK1.1.18-ac 00:01:01:f7:3d:21, IRQ 22 product code 87cd rev 00.14 date 01-02-65 Internal config register is 3800000, transceivers 0xa. 8K byte-wide RAM 5:3 Rx:Tx split, autoselect/Autonegotiate interface. MII transceiver found at address 24, status 782d. Enabling bus-master transmits and whole-frame receives. 02:02.0: scatter/gather enabled. h/w checksums enabled
ping(8) is typically used to evaluate whether a route exists to a host, and whether that host replies to ICMP (Internet Control Message Protocol) packets. E.G:
copsewood$ ping 10.1.1.1 PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data. 64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.460 ms 64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.440 ms 64 bytes from 10.1.1.1: icmp_seq=3 ttl=64 time=0.432 ms --- 10.1.1.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1998ms rtt min/avg/max/mdev = 0.432/0.444/0.460/0.011 ms
To stop the sequence of packets being sent, <CTRL%gt; and <c%gt; keys were pressed simultaneously. I could have sent exactly 3 pings instead using the command: ping -c 3 10.1.1.1 .
You can use ping to also test whether your DNS setup works e.g:
copsewood$ ping www.your-site.com PING www.your-site.com (22.214.171.124) 56(84) bytes of data. 64 bytes from www.your-site.com (126.96.36.199): icmp_seq=1 ttl=113 time=109 ms 64 bytes from www.your-site.com (188.8.131.52): icmp_seq=2 ttl=113 time=106 ms 64 bytes from www.your-site.com (184.108.40.206): icmp_seq=3 ttl=113 time=105 ms --- www.your-site.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2023ms rtt min/avg/max/mdev = 105.883/107.268/109.349/1.544 ms
Clearly if you can ping an IP address, but not the name of the same host, this would indicate that low-level routing was working as far as the host concerned, but that DNS was not.
As root user, you can also use /sbin/ifconfig , to setup an experimental interface configuration see ifconfig(8). E.G:
ifconfig eth0 10.1.1.4
Sets the first ethernet adaptor to receive and send traffic using IP address: 10.1.1.4 . You can use /sbin/ifconfig from any userid without parameters to check the status of the network and loopback interfaces:
copsewood$ /sbin/ifconfig eth0 Link encap:Ethernet HWaddr 00:01:01:F7:3D:21 inet addr:10.1.1.2 Bcast:10.1.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1394045 errors:0 dropped:0 overruns:0 frame:0 TX packets:1393996 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:219979223 (209.7 Mb) TX bytes:198606294 (189.4 Mb) Interrupt:22 Base address:0xa400 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:347 errors:0 dropped:0 overruns:0 frame:0 TX packets:347 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:34059 (33.2 Kb) TX bytes:34059 (33.2 Kb)
If an inet addr has not been configured this would indicate a problem with network startup when the PC booted.
telnet(1) was a service allowing for remote shell login from a user on one computer (the client) to access services provided by another (the server). This provided a platform for remote access to a variety of interactive text-based public services, e.g. library catalogues prior to the existence of the world-wide web. Since then, to the extent that public access is needed to well-defined system functions or information, HTTP has provided a more usable protocol. However, where access is required privately by programmers or systems administrators to facilities on a remote computer less susceptible to time- consuming design and definition as web pages and web-accessible data and services, the need for remote login and remote control facilities has continued.
Traditional telnet is no longer believed to be secure enough to carry out this task over the Internet, given the greater probability of surveillance by those interested in exploiting secrets which can be sniffed from a plain-text network interaction. Consequently, for the purposes for which a remote shell login application is required, Secure Shell ssh(1) has effectively replaced telnet.
Telnet is, however, still useful for debugging text mode network protocols, where you are trying to find out what a server is doing. In the following dialogue, a SMTP mail relay was accessed on TCP port 25 to see whether it's relay backup function was correctly setup for a particular domain.
[rich@february rich]$ telnet 220.127.116.11 25 Trying 18.104.22.168... Connected to host-212-158-214-187.bulldogdsl.com (22.214.171.124). Escape character is '^]'. 220 pirhana.office.bytemark.co.uk ESMTP HELO 250 pirhana.office.bytemark.co.uk MAIL From: email@example.com 250 ok RCPT To: firstname.lastname@example.org 250 ok DATA 354 go ahead Subject: testing the new MX relay a message xxxxxx . 250 ok 1068112145 qp 7650 quit 221 pirhana.office.bytemark.co.uk Connection closed by foreign host.
ssh uses a technique known as public key encryption to authenticate the originator of the connection to the server and also to authenticate the server to the client. After key exchange, the connection is carried out over an encrypted tunnel.
ssh can be setup to require a password, or in cases where the connection has to be automated, simple automated exchange of keys. A trust relationship has to be established first. This is achieve when the server knows the validity of the client public key and the client knows the validity of the server key. When you first make a connection from a ssh client to ssh server, you will be asked to confirm the identity of the server key, to make it more difficult for a bogus server to steal your password or other details using a "man in the middle" attack.
To use ssh on a server to allow remote login etc. you will need to install sshd, or request that this package be installed at installation time. Use the ps -fe command to check whether sshd is running.
From the client use the command:
to initiate a secure shell login. You will need to specify your real userid on the server, and either the DNS domain or the IP address for the server_address. If this is the first time you have connected to the specific server you will be asked to confirm its public key fingerprint. Details of these public keys are stored in ~/.ssh/known_hosts . To finish a shell login use the exit or logout commands.
This is not recommended over a slow network connection, due to the bandwidth requirements of GUI software. However, it is often useful to run an application on a server which is displayed on a client. If the application and client use X-Window protocols (all modern Unixes, Linux etc) this is possible.
The display of an application running on the server is redirected by changing the DISPLAY environment variable to the client display.
-bash-2.05b$ echo $DISPLAY localhost:10.0 -bash-2.05b$ DISPLAY=10.1.1.2:0.0 -bash-2.05b$ export DISPLAY -bash-2.05b$ which konqueror /usr/bin/konqueror -bash-2.05b$ konqueror &
This session caused the KDE file manager (konqueror) to run on the ssh server with a GUI window displayed on and controllable by the ssh client PC.
ftp(1) is used for anonymous and private file transfer, and for uploading files to web servers. For all but anonymous public file access ftp has become insecure for the same reasons that telnet is now obsolete. However, many low-cost or free web-hosting companies reason that ftp reduces their support costs as it is so widely used, and it is only their users data and websites which are at risk. If you need to transfer files onto a system on which you have a ssh session e.g. to upgrade a software package on a remote server, command line ftp is likely to be useful. Anonymous ftp uses the ftp username: anonymous and the password, by convention is your email address.
Transfer of files using ftp allows for the regular and automated synchronisation of large data collections.
Anonymous ftp is very widely used to distribute freely available software packages. Here are selected parts of a ftp session transcript:
[rich@copsewood rich]$ ftp ftp.mirror.ac.uk Connected to ftp.mirror.ac.uk. 220 UK Mirror Service FTP server version 1.4 ready Name (ftp.mirror.ac.uk:rich): anonymous 331 Guest login ok: please send your email address as the password Password: 230- Welcome to the UK Mirror Service funded by JISC 230- More information can be found at our web site: http://www.mirror.ac.uk/ 230- Please send comments or questions to email@example.com 230 Logged in for anonymous FTP Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (212,219,56,152,237,212) 150 About to open data connection drwxr-xr-x 1 ukms ukms 1024 Oct 29 00:00 collections drwxrwxr-x 1 ukms ukms 1024 Oct 29 08:08 indexes drwxr-xr-x 1 ukms ukms 512 Oct 29 07:03 pub 226 Transfer complete ftp> cd indexes 250 Current directory now /indexes ftp> ls 227 Entering Passive Mode (212,219,56,152,238,9) 150 About to open data connection drwxrwxr-x 1 ukms ukms 8704 Oct 26 08:05 by-mirror -rw-r--r-- 1 ukms ukms 29040129 Oct 29 08:08 ls-lR.gz -rw-r--r-- 1 ukms ukms 0 Oct 7 08:05 ls-lR.gz.new-29835 226 Transfer complete ftp> cd by-mirror 250 Current directory now /indexes/by-mirror ftp> ls -rw-r--r-- 1 ukms ukms 5245 Oct 26 01:01 rsync.ls-lR.gz ftp> binary 200 Type set to I 226 Transfer complete ftp> get rsync.ls-lR.gz local: rsync.ls-lR.gz remote: rsync.ls-lR.gz 150 About to open data connection for file (5245 bytes). 226 Transfer complete 5245 bytes received in 0.056 seconds (91 Kbytes/s) ftp> quit 221 Goodbye [rich@copsewood rich]$
ftp has various subcommands. cd and ls have the same purpose as within a local shell, but on the remote system. put and get are used to copy a file from the client to the server or from the server to the client. These work in a similar manner to the cp shell command, but you don't need to specify the target name if you are happy to have the same filename on the transferred file. help obtains help information and quit and/or exit will terminate your ftp session. You may need to use binary and ascii commands to switch between binary and text transfer modes. Text transfer involves converting line ending characters in the transferred file if the operating system text conventions are different on the client and server. The hash ftp command was sometimes useful with large files over slow connections as it allows the speed of transfer to be monitored.
For secure file transfer, using private logins and passwords the sshd server will also transfer files between client and server using the sftp(1) command, which works in much the same way as ftp. One difference is that you will need to start the session using a command of the form:
instead of ftp server and then being prompted for userid.
Another useful difference is that you don't need to run a seperate server for sftp service. The secure shell daemon: sshd also provides sftp file transfers.
traceroute(8) is useful for investigating routing problems to a host. dig(1) is used to check DNS records for the Domain Name Service.
Linux is typically installed with a range of conventional GUI-based programs for network browsing and email such as Mozilla and Evolution. For some purposes, e.g. when accessing a remote system using ssh, the faster and smaller text-based tools can be used. These are also worth investigation if you want to automate operations involving mail or web page access, e.g. within shell scripts.
|lynx(1)||text mode web browser|
|mutt(1)||powerful email client for fast mailbox acess etc.|
|mail(1)||an ancient mail program useful in shell scripts and commands.|