Networking & Services
Network Layers
Physical Layer: Hardware, interface card
Link layer: Hardware/interface card device driver
MAC Address = Media Access Control Address
ifconfig : 00:A0:CC 24:BA:02
First half Company ID Second half Product ID
Network layer: IPv4, IPv6, data packet, ICMP (Internet Control Message Protocol), ping, error msg
Broadcast
All computers on the network
Logically: IP or not(Mask) = 192.168.255.255
Testing broadcast: ping b 192.168.255.255
Transport layer: TCP (Transmission Control Protocol), email, UDP (User Datagram Protocol), no order, no guarantee
Application layer (highest layer): FTP, Telnet, rlogin, ssh, SMTP
Network Address
Network address includes public and private IP addresses.
Private IP addresses
192.168.x.x 172.16.x.x 172.31.x.x, 10.x.x.x
Can be freely used in private networks
Cannot be routed over the Internet
Public IP addresses
IPs allocated by a central authority IANA
Authority delegated to regional centres
Does not include private IPs and a few others e.g. link local
Network Address Translation (NAT): Packets with private IPs can be processed by NAT. Private IPs are replaced by public IPs. Packet then routable over the Internet.
Network Configuration
NetworkManager ( NM)
NM is default networking service. Keep network device and connection up and active when they are available: create temporary connections to provide connectivity even without network configuration in the system.
network.service is deprecated in CentOS8 and no longer provided by default.
New version ifup and ifdown are available, but require NetworkManager.service be running, through nmcli tool.
To run “ systemctl start network ”, we need to install
yum install network-scripts
Tools Provided: GUI ( nm-connection-editor , GNOME ), nmtui, nmcli
Support configuration flexibility: scan interface (e.g., WiFi ), manage IP address, static route, DNS information, VPN connection, etc.
Support traditional ifcfg type configuration files
systemctl is active|restart|start|enable } NetworkManager
If stop NM, nmcli cannot work, but current network setup is still available
Network Configuration
ifconfig
This command displays information about computer local network settings for all network interfaces.
route
This command can display information about computer local network settings for all network interfaces.
hostname
Set or print name of current host system. The hostname utility prints the name of the current host. The super-user can set the hostname by supplying an argument.
Check IP Address
Using the IP utility tool we can view and change the IP from a Linux Terminal
man ip
ip addr help
Persistent change on networking configuration files
/ sysconfig /network
system wide networking configuration, update automatically now
/etc/ resolv.conf
define DNS server, updated automatically now
/etc/ sysconfig /network-scripts/ ifcfg-xxx (name)
xxx: ens33 (Ethernet, PCI E network card), eth0 before CentOS7
interface specific configuration for Ethernet 33 and 37
TYPE, DEVICE (e.g., ens33), ONBOOT (yes or no), BOOTPROTO (none, static, dhcp , bootp ), IP Address, netmask, DNS, MAC address, broadcast address
Require manually put interface down and up: nmcli or ifup /down
Persistent change through tools
mn-connection-editior
GNOM
Edit and turn off/on to it effective
hostname
There are generally three classes of hostname- static, transient & pretty. Persistent change saved in /etc/hostname . Manual change in etc /hostname will not be effective automatically, run systemctl restart NetworkManager or reboot, or systemctl restart systemd-hostnamed to make it effective.
hostnamectl (static/transient/pretty)
hostnamecli status #query
hostnamectl set-hostname localhost.localdomain #effective instantly
Static - hostname
Traditional hostname.
Stored in /etc/hostname
nmcli (static hostname)
nmcli general hostname #query
nmcli general hostname localhost.localdomain #effective instantly
Transient - hostname
Dynamic hostname maintained by the kernel: localhost by default
Can be changed by DHCP or mDNS at runtime.
Transient change:
# hostname hostname.example.com
Pretty - hostname
free-from UTF-8 hostname for presentation to the user
Basic UNIX network security
Apply patches - most security patches are related to networking vulnerabilities.
Plug known security holes
Remove /etc/.rhosts files
configure /etc/hosts.allow and /etc/hosts.deny
Use encrypted services on top of OpenSSH - ssh/scp/sftp/ https
Use xinetd instead of inetd as super server
iptables
Provide a firewall between the LAN and Internet
IP masquerading (NAT)
Rewrites IP address in header to enable Internet access from private IPs
Packet filtering
list of rules, checked in order
first match usually terminates search through list
unmatched packets will follow default policy
can match on source/destination IP address, source/ dest port, protocol, state, etc.
firewalld
Front end tool, back end: iptables
Can update rules when process is still running
Default reject in firewalld , default allow in iptables
Define 9 zones: block, work, home, public, trusted, drop, DMZ, internal, external. / usr / firewalld /zones
Tools: firewall-cmd , firewall-config (GUI) and modify xml file
System Time
Unix Time = GMT (Greenwich Mean Time)
Also called UTC ( Universal Time Coordinated
Many countries but one time zone for Unix
Abbreviations (UTC, GMT, EST…): http://timeanddate.com/library/abbreviations/timezones/