Contents
- Configuration files
- Configuration tools
- Network console tools
- Firewall files and tools
- Enable temporary telnet connection on server
- Testing bonding speed on 2 NICs (1000GBit)
- NMAP examples
1. Configuration files
/etc/sysconfig/network - Example:
NETWORKING=yes # configure network
NETWORKING_IPV6=no # enable IPV6
HOSTNAME=khmel.org # hostname
# Additional
DHCP_HOSTNAME=khmel.org # hostname on DHCP
GATEWAY=192.168.0.1 # default route also can be in /etc/sysconfig/network-scripts/ifcfg-eth0
GATEWAYDEV=eth0 # gateway device
FORWARD_IPV4=no # disable IP forwarding
/etc/hostname - needed only for old applications (do not exists by default)
/etc/sysconfig/network-scripts/ - interface configuration directory.
/etc/sysconfig/network-scripts/ifcfg-eth0 - first interface configuration file.
Example DHCP:
DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=XX:XX:XX:XX:XX:XX
ONBOOT=yes
Example static IP:
DEVICE=eth0 # device name
BOOTPROTO=none # none - do not use BOOTP protocol, bootp - use BOOTP protocol, dhcp - use DHCP.
HWADDR=XX:XX:XX:XX:XX:XX # MAC address
ONBOOT=yes # activate interface on boot.
NETMASK=255.255.255.0 # netmask.
IPADDR=192.168.0.10 # IP address.
GATEWAY=192.168.0.1 # default gateway
TYPE=Ethernet
# In additional
NETWORK=192.168.0.0 # network IP address.
BROADCAST=192.168.0.255 # broadcast IP address.
USERCTL=no # do not allow not-root user control interface.
Change MAC address, rename HWADDR to MACADDR:
MACADDR=YY:YY:YY:YY:YY:YY
/etc/sysconfig/networking/profiles/profilename/ - user profile directory.
Change profile:
system-config-network-cmd -p profilename --activate
Set default profile on boot in file /boot/grub/grub.conf
title Red Hat Enterprise Linux (2.6.9-5.EL)
root (hd0,0)
kernel /vmlinuz-2.6.9-5.EL ro root=/dev/VolGroup00/LogVol00
netprofile=
rhgb quiet
initrd /initrd-2.6.9-5.EL.img
/etc/resolv.conf - set DNS servres
/etc/hosts - static IP and hostnames
192.168.0.5 khmel.org
/etc/nsswich.conf - System Databases and Name Service Switch configuration file. Useful "hosts: files dns" first look at /etc/hosts than DNS.
/etc/sysconfig/static-routes - static routes on boot, does not exist by default. Example:
any net 10.200.30.24 netmask 255.255.255.248 gw 10.10.10.1
/etc/sysconfig/network-scripts/route-eth0 - new location for static routes.
ADDRESS0=10.10.10.0
NETMASK0=255.255.255.0
GATEWAY0=192.168.0.1
ADDRESS1=172.16.1.0
NETMASK1=255.255.255.0
GATEWAY1=192.168.0.1
/etc/init.d/network - startup script
restart network
service network restart
# or
/etc/init.d/network restart
2. Configuration tools
ifconfig - show or set network interface (settings until reboot).
iwconfig - show or set wireless network interface (settings until reboot).
ifup ethX - activate network interface.
ifdown ethX - deactivate network interface.
system-config-network-tui - network settings, terminal user interface.
system-config-network-cmd - command line configuration tool.
Export, import settings
system-config-network-cmd -e > /tmp/network-config
system-config-network-cmd -i -c -f /tmp/network-config
system-config-network - GUI tool
Load routes from file:
/bin/sh -c 'cat /etc/sysconfig/static-routes | while read ignore args ; do /sbin/route add -$args; done'
3. Network console tools
tcpdump - dump network traffic.
tcpdump -n -i eth0
tcpdump -n -i eth0 src 10.0.2.15
tcpdump -n -i eth0 dst 123.123.123.123
tcpdump -n -i eth0 src port 2203
tcpdump -n -i eth0 dst port 2203
tcpdump -n -i eth0 src port 2203 and tcp
tcpdump -n -i eth0 src 10.0.2.15 and port 2203
tcpdump -n -i eth0 src 10.0.2.15 and port 2203 and tcp
nc - netcat.
# Check TCP port:
nc -zvv 192.168.0.1 123
# Check UDP port:
nc -uzvv 192.168.0.1 123
route - show / manipulate the IP routing table
route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.8.2.65 eth0
route add -net 12.13.0.0 netmask 255.255.0.0 gw 12.34.56.1
route add -host 11.22.33.44 gw 12.34.56.1
route add default gw 12.34.56.1
route del default gw 12.34.56.1
ipcalc - perform simple manipulation of IP addresses
$ ipcalc -n 10.0.2.15 255.255.255.224
NETWORK=10.0.2.0
$ ipcalc -n 10.0.2.180 255.255.255.224
NETWORK=10.0.2.160
$ ipcalc -p 10.0.2.180 255.255.255.224
PREFIX=27
Other useful tools:
ping
traceroute
tracert
tracepath
host
nslookup
dig
finger
telnet
ssh
ethtool
ip
netstat
whois
mutt
links
wget
ftp
wall
talk
mtr
4. Firewall files and tools
/etc/sysconfig/iptables-config - iptables options, additional modules, ...
/etc/sysconfig/iptables - iptables rules.
/etc/init.d/iptables - firewall startup script.
iptables - administration tool for IPv4 packet filtering and NAT
system-config-securitylevel-tui - basic security configuration tool (firewall, SELinux)
5. Enable temporary telnet connection on server
Edit /etc/xinetd.d/krb5-telnet
set disable = no
Run
service xinetd restart
And you can login remotely but not as a root
6. Testing bonding speed on 2 NICs (1000GBit)
On server “A” run listening:
$ nc -v -l -n 2222 >/dev/null
Connection from 192.168.0.1 port 2222 [tcp/*] accepted
On server “B” send data:
If "BONDING mode=1"
$ time dd if=/dev/zero bs=1024 count=1000000|nc -v -v -n 192.168.0.1 2222
Connection to 192.168.0.1 2222 port [tcp/*] succeeded!
1000000+0 records in
1000000+0 records out
1024000000 bytes (1.0 GB) copied, 8.63591 seconds, 119 MB/s
real 0m8.667s
user 0m1.139s
sys 0m4.131s
If "BONDING mode=0"
$ time dd if=/dev/zero bs=1024 count=1000000|nc -v -v -n 192.168.0.1 2222
Connection to 192.168.0.1 2222 port [tcp/*] succeeded!
1000000+0 records in
1000000+0 records out
1024000000 bytes (1.0 GB) copied, 4.34445 seconds, 236 MB/s
real 0m4.362s
user 0m0.609s
sys 0m3.830s
7. NMAP examples
# Scanning for open ports:
nmap 192.168.0.1
# Scanning for separate ports:
nmap –p 22,443 192.168.0.1
# Scanning for only ports. Without hostname, operating system, and uptime etc.
nmap –F 192.168.0.1
# Scanning only TCP ports:
nmap –sT 192.168.0.1
# Scanning for only UDP ports
nmap –sU 192.168.0.1
# Scanning for ports with the version of services:
nmap –sV 192.168.0.1
# Scanning for operating system and uptime details:
nmap -O 192.168.0.1
# Scanning a network:
nmap 192.168.0.0/24
# Ping scan:
nmap -sP 192.168.0.*