The first edition of TCP/IP Network Administration was written in 1992. In the decade since, many things have changed, yet some things remain the same. TCP/IP is still the preeminent communications protocol for linking together diverse computer systems. It remains the basis of interoperable data communications and global computer networking. The underlying Internet Protocol (IP), Transmission Control Protocol, and User Datagram Protocol (UDP) are remarkably unchanged. But change has come in the way TCP/IP is used and how it is managed.

A clear symbol of this change is the fact that my mother-in-law has a TCP/IP network connection in her home that she uses to exchange electronic mail, compressed graphics, and hypertext documents with other senior citizens. She thinks of this as “just being on the Internet,” but the truth is that her small system contains a functioning TCP/IP protocol stack, manages a dynamically assigned IP address, and handles data types that did not even exist a decade ago.

In 1991, TCP/IP was a tool of sophisticated users. Network administrators managed a limited number of systems and could count on the users for a certain level of technical knowledge. No more. In 2002, the need for highly trained network administrators is greater than ever because the user base is larger, more diverse, and less capable of handling technical problems on its own. This book provides the information needed to become an effective TCP/IP network administrator.

TCP/IP Network Administration was the first book of practical information for the professional TCP/IP network administrator, and it is still the best. Since the first edition was published there has been an explosion of books about TCP/IP and the Internet. Still, too few books concentrate on what a system administrator really needs to know about TCP/IP administration. Most books are either scholarly texts written from the point of view of the protocol designer, or instructions on how to use TCP/IP applications. All of those books lack the practical, detailed network information needed by the Unix system administrator. This book strives to focus on TCP/IP and Unix and to find the right balance of theory and practice.

I am proud of the earlier editions of TCP/IP Network Administration. In this edition, I have done everything I can to maintain the essential character of the book while making it better. Dynamic address assignment based on Dynamic Host Configuration Protocol (DHCP) is covered. The Domain Name System material has been updated to cover BIND 8 and, to a lesser extent, BIND 9. The email configuration is based on current version of sendmail 8, and the operating system examples are from the current versions of Solaris and Linux. The routing protocol coverage includes Routing Information Protocol version 2 (RIPv2), Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP). I have also added a chapter on Apache web server configuration, new material on xinetd, and information about building a firewall with iptables. Despite the additional topics, the book has been kept to a reasonable length.

TCP/IP is a set of communications protocols that define how different types of computers talk to each other. TCP/IP Network Administration is a book about building your own network based on TCP/IP. It is both a tutorial covering the “why” and “how” of TCP/IP networking, and a reference manual for the details about specific network programs.


This book is intended for everyone who has a Unix computer connected to a TCP/IP network.[1] This obviously includes the network managers and the system administrators who are responsible for setting up and running computers and networks, but it also includes any user who wants to understand how his or her computer communicates with other systems. The distinction between a “system administrator” and an “end user” is a fuzzy one. You may think of yourself as an end user, but if you have a Unix workstation on your desk, you’re probably also involved in system administration tasks.

Over the last several years there has been a rash of books for “dummies” and “idiots.” If you really think of yourself as an “idiot” when it comes to Unix, this book is not for you. Likewise, if you are a network administration “genius,” this book is probably not suitable either. If you fall anywhere between these two extremes, however, you’ll find this book has a lot to offer.

This book assumes that you have a good understanding of computers and their operation and that you’re generally familiar with Unix system administration. If you’re not, the Nutshell Handbook Essential System Administration by Æleen Frisch (published by O’Reilly & Associates) will fill you in on the basics.


Conceptually, this book is divided into three parts: fundamental concepts, tutorial, and reference. The first three chapters are a basic discussion of the TCP/IP protocols and services. This discussion provides the fundamental concepts necessary to understand the rest of the book. The remaining chapters provide a “how-to” tutorial. Chapter 4Chapter 7 discuss how to plan a network installation and configure the basic software necessary to get a network running. Chapter 8Chapter 11 discuss how to set up various important network services. Chapter 12 and Chapter 13 cover how to perform the ongoing tasks that are essential for a reliable network: security and troubleshooting. The book concludes with a series of appendixes that are technical references for important commands and programs.

This book contains the following chapters:

Chapter 1 gives the history of TCP/IP, a description of the protocol architecture, and a basic explanation of how the protocols function.

Chapter 2 describes addressing and how data passes through a network to reach the proper destination.

Chapter 3 discusses the relationship between clients and server systems and the various services that are central to the function of a modern internet.

Chapter 4 begins the discussion of network setup and configuration. This chapter discusses the preliminary configuration planning needed before you configure the systems on your network.

Chapter 5 describes how to configure TCP/IP in the Unix kernel, and how to configure the system to start the network services.

Chapter 6 tells you how to identify a network interface to the network software. This chapter provides examples of Ethernet and PPP interface configurations.

Chapter 7 describes how to set up routing so that systems on your network can communicate properly with other networks. It covers the static routing table, commonly used routing protocols, and gated, a package that provides the latest implementations of several routing protocols.

Chapter 8 describes how to administer the name server program that converts system names to Internet addresses.

Chapter 9 describes how to configure many common network servers. The chapter discusses the DHCP configuration server, the LPD print server, the POP and IMAP mail servers, the Network File System (NFS), the Samba file and print server, and the Network Information System (NIS).

Chapter 10 discusses how to configure sendmail, which is the daemon responsible for delivering electronic mail.

Chapter 11 describes how the Apache web server software is configured.

Chapter 12 discusses how to live on the Internet without excessive risk. This chapter covers the security threats introduced by the network, and describes the plans and preparations you can make to meet those threats.

Chapter 13 tells you what to do when something goes wrong. It describes the techniques and tools used to troubleshoot TCP/IP problems and gives examples of actual problems and their solutions.

Appendix A is a reference guide to the various programs used to configure a serial port for TCP/IP. The reference covers dip, pppd, and chat.

Appendix B is a reference guide to the configuration language of the gated routing package.

Appendix C is a reference guide to the Berkeley Internet Name Domain (BIND) name server software.

Appendix D is a reference guide to the Dynamic Host Configuration Protocol Daemon (dhcpd).

Appendix E is a reference guide to sendmail syntax, options, and flags.

Appendix F lists the contents of the Apache configuration file discussed in Chapter 11.

Appendix G contains detailed protocol references taken directly from the RFCs that support the protocol troubleshooting examples in Chapter 13. This appendix explains how to obtain your own copies of the RFCs.

Unix Versions

Most of the examples in this book are taken from Red Hat Linux, currently the most popular Linux distribution, and from Solaris 8, the Sun operating system based on System V Unix. Fortunately, TCP/IP software is remarkably standard from system to system, and because of this uniformity, the examples should be applicable to any Linux, System V, or BSD-based Unix system. There are small variations in command output or command-line options, but these should not present a problem.

Some of the ancillary networking software is identified separately from the Unix operating system by its own release number. Many such packages are discussed, and when appropriate are identified by their release numbers. The most important of these packages are:


Our discussion of the BIND software is based on version 8 running on a Solaris 8 system. BIND 8 is the version of the BIND software delivered with Solaris, and supports all of the standard resource records. There are relatively few administrative differences between BIND 8 and the newer BIND 9 release for basic configurations.


Our discussion of sendmail is based on release 8.11.3. This version should be compatible with other releases of sendmail v8.


This book uses the following typographical conventions:


is used for the names of files, directories, hostnames, domain names, and to emphasize new terms when they are introduced.

Constant width

is used to show the contents of files or the output from commands. It is also used to represent commands, options, and keywords in text.

Constant width bold

is used in examples to show commands typed on the command line.

Constant width italic

is used in examples and text to show variables for which a context-specific substitution should be made. (The variable filename, for example, would be replaced by some actual filename.)

%, #

Commands that you would give interactively are shown using the default C shell prompt (%). If the command must be executed as root, it is shown using the default superuser prompt (#). Because the examples may include multiple systems on a network, the prompt may be preceded by the name of the system on which the command was given.

[ option ]

When showing command syntax, optional parts of the command are placed within brackets. For example, ls [ -l ] means that the -l option is not required.

We’d Like to Hear from You

We have tested and verified all of the information in this book to the best of our ability, but you may find that features have changed (or even that we have made mistakes!). Please let us know about any errors you find, as well as your suggestions for future editions, by writing:

O’Reilly & Associates, Inc.
1005 Gravenstein Highway North
Sebastopol, CA 95472
(800) 998-9938 (in the United States or Canada)
(707) 829-0515 (international or local)
(707) 829-0104 (fax)

There is a web page for this book, where we list errata, examples, or any additional information. You can access this page at:

To comment or ask technical questions about this book, send email to:

For more information about books, conferences, Resource Centers, and the O’Reilly Network, see our web site at:

To find out what else Craig is doing, visit his web site,


I would like to thank the many people who helped in the preparation of this book. All of the people who contributed to the first and second editions deserve thanks because so much of their input lives on in this edition. For the first edition that’s John Wack, Matt Bishop, Wietse Venema, Eric Allman, Jeff Honig, Scott Brim, and John Dorgan. For the second edition that’s Eric Allman again, Bryan Costales, Cricket Liu, Paul Albitz, Ted Lemon, Elizabeth Zwicky, Brent Chapman, Simson Garfinkel, Jeff Sedayao, and Æleen Frisch.

The third edition has also benefited from many contributors—a surprising number of whom are authors in their own right. They set me straight about the technical details and improved my prose. Three authors are due special thanks. Cricket Liu, one of the authors of the best book ever written about DNS, provided many comments that improved the sections on Domain Name System. David Collier-Brown, one of the authors of Using Samba, did a complete technical review of the Samba material. Charles Aulds, author of a best-selling book on Apache administration, provided insights into Apache configuration. All of these people helped me make this book better than earlier editions. Thanks!

All the people at O’Reilly & Associates have been very helpful. Deb Cameron, my editor, deserves a special thanks. Deb kept everything moving forward while balancing the demands of a beautiful newborn daughter, Bethany Rose. Emily Quill was the production editor and project manager. Jeff Holcomb and Jane Ellin performed quality control checks. Leanne Soylemez provided production assistance. Tom Dinse wrote the index. Edie Freedman designed the cover, and Melanie Wang designed the interior format of the book. Neil Walls converted the book from Microsoft Word to Framemaker. Chris Reilley and Robert Romano’s illustrations from the earlier editions have been updated by Robert Romano and Jessamyn Read.

Finally, I want to thank my family—Kathy, Sara, David, and Rebecca. They keep my feet on the ground when the pressure to meet deadlines is driving me into orbit. They are the best.

[1] Much of this text also applies to non-Unix systems. Many of the file formats and commands and all of the protocol descriptions apply equally well to Windows 9x, Windows NT/2000, and other operating systems. If you’re an NT administrator, you should read Windows NT TCP/IP Network Administration (O’Reilly).

Get TCP/IP Network Administration, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.