Linux Networking Cookbook

Table of Contents

Linux Networking Cookbook

Credits

About the Author

About the Reviewer

www.PacktPub.com

eBooks, discount offers, and more

Why Subscribe?

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. Configuring a Router

Introduction

Setting up the physical network

How to do it…

How it works…

Configuring IPv4

How to do it…

How it works…

Configuring IPv4 permanently

How to do it…

How it works…

Connecting two networks

How to do it…

How it works…

Enabling NAT to the outside

How to do it…

How it works…

Setting up DHCP

How to do it…

How it works…

Setting up a firewall with IPtables

How to do it…

How it works…

Setting up port forwarding

How to do it…

How it works…

Adding VLAN Tagging

How to do it...

How it works...

2. Configuring DNS

Introduction

Setting up your system to talk to a nameserver

How to do it…

How it works…

Setting up a local recursive resolver

How to do it…

How it works…

There's more…

Configuring dynamic DNS on your local network

How to do it…

How it works…

Setting up a nameserver for your public domain

How to do it...

How it works…

Setting up a slave nameserver

How to do it…

How it works…

3. Configuring IPv6

Introduction

Setting up an IPv6 tunnel via Hurricane Electric

How to do it…

How it works…

Using ip6tables to firewall your IPv6 traffic

How to do it…

How it works…

Route an IPv6 netblock to your local network

How to do it...

How it works…

4. Remote Access

Introduction

Installing OpenSSH

How to do it…

How it works…

Using OpenSSH as a basic shell client

How to do it…

How it works…

Using OpenSSH to forward defined ports

How to do it…

How it works…

Using OpenSSH as a SOCKS proxy

How to do it…

How it works…

Using OpenVPN

How to do it…

How it works...

5. Web Servers

Introduction

Configuring Apache with TLS

How to do it…

How it works…

Improving scaling with the Worker MPM

How to do it…

How it works…

Setting up PHP using an Apache module

How to do it…

How it works…

Securing your web applications using mod_security

How to do it…

How it works…

Configuring NGINX with TLS

How to do it…

How it works...

Setting up PHP in NGINX with FastCGI

How to do it…

How it works…

6. Directory Services

Introduction

Configuring Samba as an Active Directory compatible directory service

How to do it…

How it works…

Active Directory requirements

Selecting a realm and domain name

Using Samba-tool

Bind configuration

Joining a Linux box to the domain

How to do it…

How it works…

7. Setting up File Storage

Introduction

Serving files with SMB/CIFS through Samba

How to do it…

How it works…

Granting authenticated access

How to do it…

How it works…

Setting up an NFS server

How to do it…

How it works…

There's more…

Configuring WebDAV through Apache

How to do it…

How it works…

Apache modules

Directory directive

Authnz_external configuration

Directory definition

Authentication/Authorization:

Basic Apache directory configuration:

Enable WebDAV:

Granting write access

8. Setting up E-mail

Introduction

Configuring Postfix to send and receive e-mail

How to do it…

How it works…

There's more…

Setting up aliases

Setting up a smarthost

Relays without authentication

Relays with Auth

Setting up DNS records for e-mail delivery

How to do it…

How it works…

Configuring IMAP

How to do it...

How it works…

Configuring authentication for outbound e-mail

How to do it…

How it works…

Configuring Postfix to support TLS

How to do it…

How it works…

Blocking spam with Greylisting

How to do it…

How it works…

Filtering spam with SpamAssassin

How to do it…

How it works…

9. Configuring XMPP

Introduction

Installing ejabberd

How to do it...

How it works…

Configuring authentication

Configuring listening ports

C2S service

S2S service

HTTP Service

Access control

Modules

mod_muc

mod_roster

mod_announce

Configuring DNS for XMPP

How to do it…

How it works…

Configuring the Pidgin client

How to do it…

Install pidgin

Configuring your account

How it works…

10. Monitoring Your Network

Introduction

Installing Nagios

How to do it…

How it works…

Adding Nagios users

How to do it…

How it works…

Adding Nagios hosts

How to do it…

How it works…

Monitoring services

How to do it…

How it works…

Defining commands

How to do it…

How it works…

Monitoring via NRPE

How to do it…

How it works…

On the target

On the Nagios host

Monitoring via SNMP

How to do it...

How it works…

11. Mapping Your Network

Introduction

Detecting systems on your network with NMAP

How to do it…

How it works…

Detecting Systems Using Arp-Scan

How to do it…

How it works…

Scanning TCP ports

How to do it…

TCP CONNECT scan

TCP SYN scan

How it works…

Scanning UDP ports

How to do it…

How it works…

Identifying services

How to do it…

How it works…

Identifying operating systems

How to do it...

How it works…

12. Watching Your Network

Introduction

Setting up centralized logging

Input methods

Output methods

How to do it…

How it works…

Installing a Snort IDS

How to do it…

How it works…

WAN Interface

LAN interface

Dedicated interface

Managing your Snort rules

How to do it...

How it works…

Managing Snort logging

How to do it...

How it works…

Ubuntu stock

Enable fast logging

Enabling Tcpdump logging

Other logging options

Index

Linux Networking Cookbook

Linux Networking Cookbook

Copyright © 2016 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author(s), nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: June 2016

Production reference: 1220616

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham B3 2PB, UK.

ISBN 978-1-78528-791-6

www.packtpub.com

Credits

Author

Gregory Boyce

Reviewer

Jean-Pol Landrain

Acquisition Editor

Sonali Vernekar

Content Development Editor

Onkar Wani

Technical Editor

Naveenkumar Jain

Copy Editor

Sneha Singh

Project Coordinator

Ulhas K

Proofreader

Safis Editing

Indexer

Hemangini Bari

Graphics

Kirk D'Penha

Production Coordinator

Shantanu N. Zagade

Cover Work

Shantanu N. Zagade

About the Author

Gregory Boyce is a technologist with nearly 20 years of experience in using and managing Linux systems. When he's not at work or spending time with his wife and two daughters, he is playing around with new technologies.

Gregory spent the last 15 years working at Akamai Technologies, where he has worked in roles ranging from Network Operations, Internal IT, Information Security, Software Testing, and Professional Services.

Currently, he heads up the Linux OS team that manages Akamai's custom Linux operating system, which runs on their massively distributed customer facing network.

I'd like to thank my wife, Vanessa, for all the support and Akamai for surrounding me with such a wonderful assortment of intelligent and interesting people.

About the Reviewer

Jean-Pol Landrain has a BSc degree in software engineering with a focus in network, real-time, and distributed computing. He gradually became a software architect with more than 18 years of experience in object-oriented programming, in particular with C++, Java/JEE, various application servers, and related technologies.

He works for Agile Partner, an IT consulting company based in Luxembourg. From early 2006 he became dedicated to the promotion, education, and application of agile development methodologies.

He has reviewed numerous books both for Manning and Packt Publishing about Docker, Git, Spring, and message-oriented middleware.

I would like to thank my fantastic wife, Marie, and my 9 year old daughter, Phoebe, for their daily patience regarding my passion for technology and the time I dedicate to it. I would also like to thank my friends and colleagues because a life dedicated to technology would be boring without the fun they bring to it.

www.PacktPub.com

eBooks, discount offers, and more

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www2.packtpub.com/books/subscription/packtlib

Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.

Why Subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Preface

Network administration is one of the main tasks of Linux system administration. By knowing how to configure system network interfaces in a reliable and optimal manner, Linux administrators can deploy and configure several network services including file, web, mail, and servers while working in large enterprise environments.

What this book covers

Chapter 1, Configuring a Router, starts by getting you to manually configure the IP address information on your system and then properly configure the system to bring up its interfaces automatically. From there, we'll move on to extending our system to act as a router for your own network, including DHCP for dynamically configuring client systems.

Chapter 2, Configuring DNS, will cover setting up your internal DNS server for both resolving external hostnames for you, as well as hosting DNS records for your own domain.

Chapter 3, Configuring IPv6, will provide a brief introduction of IPv6. We'll configure a tunnel to provide IPv6 connectivity, implement firewalling using iptables6, and provide IPv6 addresses to the rest of your network.

Chapter 4, Remote Access, will look at methods for remotely interacting with your new network using OpenSSH and OpenVPN.

Chapter 5, Web Servers, will set up web servers hosting PHP code, using both the Apache HTTPD server and NGINX.

Chapter 6, Directory Services, will tell us how to use Samba 4 to create an Active Directory-compatible directory service for your network.

Chapter 7, Setting up File Storage, will give us several options to explore for hosting your own file storage, including Samba, NFS, and WebDAV.

Chapter 8, Setting up E-mail, will tell us how to set up an e-mail server. We'll talk about how e-mail works as a service, set SMTP and IMAP mail services, and enable some spam filtering.

Chapter 9, Configuring XMPP, will tell us how to configure our own XMPP based IM service, configure it to communicate with other XMPP services, and configure Pidgin as a client to utilize the service.

Chapter 10 , Monitoring Your Network, will tell us how to start monitoring services on our network using Nagios.

Chapter 11, Mapping Your Network, will cover mapping out the network in order to discover what is actually there.

Chapter 12, Watching Your Network, will cover watching over our network through centralized logging and managing an intrusion detection system using Snort.

What you need for this book

For this book you'll need a copy of Linux, preferably Ubuntu 14.04.

You'll also want access to three computers to install Linux on. One of the servers will need to have three network cards built into it.

For this purpose, I would strongly recommend using Virtual