Networking & Services

Network Layers

Physical Layer: Hardware, interface card

Link layer: Hardware/interface card device driver

  • MAC Address = Media Access Control Address

  • ifconfig : 00:A0:CC 24:BA:02

  • First half Company ID Second half Product ID

Network layer: IPv4, IPv6, data packet, ICMP (Internet Control Message Protocol), ping, error msg

Broadcast

  • All computers on the network

  • Logically: IP or not(Mask) = 192.168.255.255

  • Testing broadcast: ping b 192.168.255.255

Transport layer: TCP (Transmission Control Protocol), email, UDP (User Datagram Protocol), no order, no guarantee

Application layer (highest layer): FTP, Telnet, rlogin, ssh, SMTP

Network Address

Network address includes public and private IP addresses.

Private IP addresses

  • 192.168.x.x 172.16.x.x 172.31.x.x, 10.x.x.x

  • Can be freely used in private networks

  • Cannot be routed over the Internet

Public IP addresses

  • IPs allocated by a central authority IANA

  • Authority delegated to regional centres

  • Does not include private IPs and a few others e.g. link local

Network Address Translation (NAT): Packets with private IPs can be processed by NAT. Private IPs are replaced by public IPs. Packet then routable over the Internet.

Network Configuration

NetworkManager ( NM)

NM is default networking service. Keep network device and connection up and active when they are available: create temporary connections to provide connectivity even without network configuration in the system.

  • network.service is deprecated in CentOS8 and no longer provided by default.

  • New version ifup and ifdown are available, but require NetworkManager.service be running, through nmcli tool.

To run “ systemctl start network ”, we need to install

yum install network-scripts

Tools Provided: GUI ( nm-connection-editor , GNOME ), nmtui, nmcli

Support configuration flexibility: scan interface (e.g., WiFi ), manage IP address, static route, DNS information, VPN connection, etc.

  • Support traditional ifcfg type configuration files

  • systemctl is active|restart|start|enable } NetworkManager

If stop NM, nmcli cannot work, but current network setup is still available

Network Configuration

ifconfig

This command displays information about computer local network settings for all network interfaces.

route

This command can display information about computer local network settings for all network interfaces.

hostname

Set or print name of current host system. The hostname utility prints the name of the current host. The super-user can set the hostname by supplying an argument.

Check IP Address

Using the IP utility tool we can view and change the IP from a Linux Terminal

  • man ip

  • ip addr help

Persistent change on networking configuration files

/ sysconfig /network

    • system wide networking configuration, update automatically now

/etc/ resolv.conf

  • define DNS server, updated automatically now

/etc/ sysconfig /network-scripts/ ifcfg-xxx (name)

  • xxx: ens33 (Ethernet, PCI E network card), eth0 before CentOS7

  • interface specific configuration for Ethernet 33 and 37

    • TYPE, DEVICE (e.g., ens33), ONBOOT (yes or no), BOOTPROTO (none, static, dhcp , bootp ), IP Address, netmask, DNS, MAC address, broadcast address

  • Require manually put interface down and up: nmcli or ifup /down

Persistent change through tools

  • mn-connection-editior

  • GNOM

    • Edit and turn off/on to it effective

hostname

There are generally three classes of hostname- static, transient & pretty. Persistent change saved in /etc/hostname . Manual change in etc /hostname will not be effective automatically, run systemctl restart NetworkManager or reboot, or systemctl restart systemd-hostnamed to make it effective.

hostnamectl (static/transient/pretty)

  • hostnamecli status #query

  • hostnamectl set-hostname localhost.localdomain #effective instantly

Static - hostname

  • Traditional hostname.

  • Stored in /etc/hostname

  • nmcli (static hostname)

    • nmcli general hostname #query

    • nmcli general hostname localhost.localdomain #effective instantly

Transient - hostname

  • Dynamic hostname maintained by the kernel: localhost by default

  • Can be changed by DHCP or mDNS at runtime.

  • Transient change:

    • # hostname hostname.example.com

Pretty - hostname

free-from UTF-8 hostname for presentation to the user

Basic UNIX network security

  • Apply patches - most security patches are related to networking vulnerabilities.

  • Plug known security holes

    • Remove /etc/.rhosts files

    • configure /etc/hosts.allow and /etc/hosts.deny

  • Use encrypted services on top of OpenSSH - ssh/scp/sftp/ https

  • Use xinetd instead of inetd as super server

iptables

  • Provide a firewall between the LAN and Internet

  • IP masquerading (NAT)

    • Rewrites IP address in header to enable Internet access from private IPs

  • Packet filtering

    • list of rules, checked in order

    • first match usually terminates search through list

    • unmatched packets will follow default policy

    • can match on source/destination IP address, source/ dest port, protocol, state, etc.

firewalld

  • Front end tool, back end: iptables

  • Can update rules when process is still running

  • Default reject in firewalld , default allow in iptables

  • Define 9 zones: block, work, home, public, trusted, drop, DMZ, internal, external. / usr / firewalld /zones

  • Tools: firewall-cmd , firewall-config (GUI) and modify xml file

System Time

Unix Time = GMT (Greenwich Mean Time)

  • Also called UTC ( Universal Time Coordinated

  • Many countries but one time zone for Unix

Abbreviations (UTC, GMT, EST…): http://timeanddate.com/library/abbreviations/timezones/