book

Linux Network Administrator's Guide, Second Edition

by Olaf Kirch, Terry Dawson

June 2000

Intermediate to advanced

512 pages

15h 18m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Purpose and Audience for This Book
Documentation Available via FTPDocumentation Available via WWWDocumentation Available CommerciallyLinux Journal and Linux MagazineLinuxUsenet NewsgroupsLinux Mailing ListsOnline Linux SupportLinux User GroupsObtaining Linux

The Hall of Fame
History
Introduction to TCP/IP NetworksEthernetsOther Types of HardwareThe Internet ProtocolIP Over Serial LinesThe Transmission Control ProtocolThe User Datagram ProtocolMore on PortsThe Socket Library
Different Streaks of DevelopmentWhere to Get the Code
System Security
Networking Interfaces
IP NetworksSubnetworksGatewaysThe Routing TableMetric Values
Kernel ConfigurationKernel Options in Linux 2.0 and HigherKernel Networking Options in Linux 2.0.0 and Higher
Ethernet Autoprobing
Communications Software for Modem Links
The Serial Device Special Files
The setserial CommandThe stty Command
Configuring the mgetty Daemon
Mounting the /proc Filesystem
The Loopback InterfaceEthernet InterfacesRouting Through a GatewayConfiguring a GatewayThe PLIP InterfaceThe SLIP and PPP InterfacesThe Dummy InterfaceIP Alias
Displaying the Routing TableDisplaying Interface StatisticsDisplaying Connections
The Resolver LibraryThe host.conf FileResolver environment variablesThe nsswitch.conf FileConfiguring Name Server Lookups Using resolv.confResolver Robustness
Name Lookups with DNSTypes of Name ServersThe DNS DatabaseReverse Lookups
The named.boot FileThe BIND 8 host.conf FileThe DNS Database FilesCaching-only named ConfigurationWriting the Master FilesVerifying the Name Server SetupOther Useful Tools
General Requirements
A Sample ScriptA dip ReferenceThe modem commandsThe echo commandThe get commandThe print commandVariable namesThe if and goto commandssend, wait, and sleepmode and default
PPP on Linux
Choosing IP AddressesRouting Through a PPP Link
PAP Versus CHAPThe CHAP Secrets FileThe PAP Secrets File
PPP ServerDemand DialingPersistent Dialing
Methods of Attack
Kernel Configured with IP FirewallThe ipfwadm UtilityThe ipchains UtilityThe iptables Utility
Using ipfwadmA naïve exampleAn important refinementListing our rulesA More Complex ExampleSummary of ipfwadm ArgumentsCategoriesCommandsParametersOptional argumentsICMP datagram types
Using ipchainsipchains Command SyntaxCommandsRule specification parametersOptionsOur Naïve Example RevisitedListing Our Rules with ipchainsMaking Good Use of ChainsUser-defined chainsThe ipchains support scripts
Backward Compatability with ipfwadm and ipchainsUsing iptablesCommandsRule specification parametersOptionsExtensionsTCP Extensions: used with -m tcp -p tcpUDP Extensions: used with -m udp -p udpICMP Extensions: used with -m icmp -p icmpMAC Extensions: used with -m macOur Naïve Example Revisited, Yet Again
Setting the TOS Bits Using ipfwadm or ipchainsSetting the TOS Bits Using iptables
Configuring the Kernel for IP Accounting
Accounting by AddressAccounting by Service PortAccounting of ICMP DatagramsAccounting by Protocol
Listing Accounting Data with ipfwadmListing Accounting Data with ipchainsListing Accounting Data with iptables
Side Effects and Fringe Benefits
Setting Timing Parameters for IP Masquerade
The inetd Super Server
Disabling the r; CommandsInstalling and Configuring sshThe ssh daemonThe ssh clientUsing ssh
Getting Acquainted with NIS
Preparing NFS
Xerox, Novell, and History
Caldera SupportMore on NDS Support
Network Devices Supporting IPXIPX Interface Configuration ToolsThe ipx_configure CommandThe ipx_interface Command
Static IPX Routing Using the ipx_route CommandInternal IPX Networks and Routing
A Simple ncpmount ExampleThe ncpmount Command in DetailHiding Your NetWare Login PasswordA More Complex ncpmount Example
Server ListSend Messages to NetWare UsersBrowsing and Manipulating Bindery Data
Using nprint with the Line Printer DaemonManaging Print Queues
UUCP Transfers and Remote ExecutionThe Inner Workings of uucicouucico Command-line Options
A Gentle Introduction to Taylor UUCPWhat UUCP Needs to KnowSite NamingTaylor Configuration FilesGeneral Configuration Options Using the config FileHow to Tell UUCP About Other Systems Using the sys FileSystem nameTelephone numberport and speedThe login chatAlternatesRestricting call timesIdentifying Available Devices Through the port FileHow to Dial a Number Using the dial FileUUCP Over TCPUsing a Direct Connection
Command ExecutionFile TransfersForwarding
Providing UUCP AccountsProtecting Yourself Against SwindlersBe Paranoid: Call Sequence ChecksAnonymous UUCP
Protocol OverviewTuning the Transmission ProtocolSelecting Specific Protocols
uucico Keeps Saying “Wrong Time to Call”uucico Complains That the Site Is Already LockedYou Can Connect to the Remote Site, but the Chat Script FailsYour Modem Does Not DialYour Modem Tries to Dial but Doesn’t Get OutLogin Succeeds, but the Handshake Fails
What Is a Mail Message?
RFC-822Obsolete Mail FormatsMixing Different Mail Formats
Mail Routing on the InternetMail Routing in the UUCP WorldMixing UUCP and RFC-822
Global elm OptionsNational Character Sets
Introduction to sendmail
Two Example sendmail.mc FilesTypically Used sendmail.mc ParametersCommentsVERSIONID and OSTYPEDOMAINFEATURELocal macro definitionsDefining mail transport protocolsConfigure mail routing for local hosts
sendmail.cf R and S CommandsSome Useful Macro DefinitionsThe Lefthand SideThe Righthand SideA Simple Rule Pattern ExampleRuleset SemanticsInterpreting the rule in our example
Trusting Users to Set the From: FieldManaging Mail AliasesUsing a Smart HostManaging Unwanted or Unsolicited Mail (Spam)The Real-time Blackhole ListThe access databaseBarring users from receiving mailConfiguring Virtual Email HostingAccepting mail for other domainsForwarding virtual-hosted mail to other destinations
Managing the Mail SpoolForcing a Remote Host to Process its Mail QueueAnalyzing Mail Statisticsmailstatshoststat
Running Exim
Routing MessagesDelivering Messages to Local AddressesLocal usersForwardingAlias FilesMailing Lists
Usenet History
Delivering News
The cancel Messagenewgroup and rmgroupThe checkgroups Messagesendsys, version, and senduuname
The NNTP ProtocolConnecting to the News ServerPushing a News Article onto a ServerChanging to NNRP Reader ModeListing Available GroupsListing Active GroupsPosting an ArticleListing New ArticlesSelecting a Group on Which to OperateListing Articles in a GroupRetrieving an Article Header OnlyRetrieving an Article Body OnlyReading an Article from a Group
Some INN Internals
Global ParametersThe inn.conf fileConfiguring NewsgroupsThe active and newsgroups filesConfiguring NewsfeedsThe newsfeeds fileThe nntpsend.ctl fileControlling Newsreader AccessThe incoming.conf fileThe nnrp.access fileExpiring News ArticlesThe expire.ctl fileHandling Control MessagesThe control.ctl file
Add a New GroupChange a GroupRemove a GroupRenumber a GroupAllow/Disallow NewsreadersReject Newsfeed ConnectionsAllow Newsfeed ConnectionsDisable News ServerRestart News ServerDisplay Status of a NewsfeedDrop a NewsfeedBegin a NewsfeedCancel an Article
tin Configuration
Connecting the Virtual Subsidiary Network
A PLIP Parallel Cable
0. Preamble

Content preview from Linux Network Administrator's Guide, Second Edition

Testing a Firewall Configuration

After you’ve designed an appropriate firewall configuration, it’s important to validate that it does in fact do what you want it to do. One way to do this is to use a test host outside your network to attempt to pierce your firewall: this can be quite clumsy and slow, though, and is limited to testing only those addresses that you can actually use.

A faster and easier method is available with the Linux firewall implementation. It allows you to manually generate tests and run them through the firewall configuration just as if you were testing with actual datagrams. All varieties of the Linux kernel firewall software, ipfwadm, ipchains, and iptables, provide support for this style of testing. The implementation involves use of the relevant check command.

The general test procedure is as follows:

Design and configure your firewall using ipfwadm, ipchains, or iptables.
Design a series of tests that will determine whether your firewall is actually working as you intend. For these tests you may use any source or destination address, so choose some address combinations that should be accepted and some others that should be dropped. If you’re allowing or disallowing only certain ranges of addresses, it is a good idea to test addresses on either side of the boundary of the range—one address just inside the boundary and one address just outside the boundary. This will help ensure that you have the correct boundaries configured, because it is sometimes easy to ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Linux Network Administrator's Guide, 3rd Edition

Publisher Resources

ISBN: 1565924002Catalog Page Errata

Linux Network Administrator's Guide, Second Edition

by Olaf Kirch, Terry Dawson

Testing a Firewall Configuration

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Linux Network Administrator's Guide, 3rd Edition

Linux Networking Cookbook

Red Hat RHCSA 8 Cert Guide: EX200, 2nd Edition

OpenVPN Cookbook - Second Edition

Publisher Resources