How to create a network in Linux

[Spy$Eyes]

From small home networks to large corporate networks, from small office clusters of Linux computers for parallel computing in recent years has shown all its power and versatility when it comes to networks. Linux has all the features for them to perform the task of network servers in any environment, provided that you use the proper hardware (ranging from 486 to recover a multiprocessor servers as needed). Obviously the configuration and management of a server are tasks that require some practice and knowledge of basic concepts related to networks, but no one has to think that managing a network based on Linux is much more complicated task compared to the NT. Indeed, it is in managing complex issues such as the networks that the power of Unix comes out, thanks to the massive amount of such debugging tools they provide compared to NT. In this space we will try to provide the first tools to build a network from scratch in the home server based on Linux, allowing you to manage the dynamic assignment of IP to its clients, to share Internet access at the same time protecting techniques firewalling clients inside, use shared resources such as disks and printers and remote access to the server via the Internet or by telephone. The first step you lose mark an efficient network appear to the computer but not at his desk, with pen and paper. This is where you decide what will be the layout of the network, which should be the IP addresses used, what services should be offered what should be the policy of access to them. The planning phase must never be taken lightly, because once the network is operational and used at full capacity will become increasingly difficult to rectify their errors. Regarding the IP addresses are spoiled for choice. There is an official document (kfc 1597) specifying address ranges that are used in networks not connected to the Internet. These ranges have been specifically reserved for use in loose networks and promises not to interfere in any way with the functionality of the Internet, and they are:

• 10.0.0.0 to 10.255.255.255
  
• 172.16.0.0 to 172.31.255.255
  
• from 192.168.0.0 to 192.168.255.255

[Spy$Eyes]

The choice of either set of routes is left entirely to network administrators. By convention, if you think it will take not more than 254 Ip addresses should use the 192.168.xx range, and our suggestion is to not click abuse class C 192.168.0.x, so as not to create unnecessary problems in case you must interconnect with other networks probably have chosen this address space. A good choice might be the class 192.168.168.x, with x ranging from 0 to 255. Keep in mind, then, that the first and last numbers of the chosen space can not be used because they represent the first 'entire network and the second broadcast address. By convention, in the end, you choose the first or the last number output (in this case 1 or 254) as a gateway. In this case the Linux server will be used to share Internet access, making it a gateway to all effects. The data network server will be:

IP Address: 192.168.168.1
Netmask: 255.255.255.0
Network: 192.168.168.0
Broadcast: 192168168255
No default gateway installed

As for the rest of the network may be the case be split into several logical areas, such as reserving a range of IP to existing and future server, an additional band for clients with fixed IP (typically administration client, so you can restrict server access only to those IP), a band for clients with dynamic IP address and then a range for remote clients that connect via modem. In this case, therefore, could have a breakdown like this:

from 192.168.168.1 to 192.168.168.15: SERVER
from 192.168.168.16 to 192.168.168.30: CLIENT WITH FIXED IP
by 192.168.168.31 to 192,168,168,230: CLIENT WITH DYNAMIC IP
from 192,168,168,231 to 192,168,168,254: Remote Client

The Linux server with IP 192.168.168.1 will be the heart of the network and will provide IP addresses to clients with dynamic IP, share drives and printers and enable access to the Internet, as well as take calls on your modem connected to serial port. Obviously such detailed planning is well above the needs of those who must build a simple home network of two or three PCs, but knowing exactly what you're doing is useful in any environment, which can still be a good exercise for those ambitions of system administration prepare a peak pattern of work even for the simplest needs

[Spy$Eyes]

Once the software installation required, you can start with the system configuration. The first step is to configure the network adapter: This may involve the installation after recompiling the kernel and hardware appropriate to include support for your network card, as well as the Network and Firewall 'Ip firewall, which is then used to enable sharing of Internet access (in case you still using a 2.0.x series kernel should also enable the experimental support for drivers, IP forwarding, and support for IP chains.

Once the boot machine with the new kernel and verified that the network card is properly displayed (for example with the command dmesg | grep eth) you can configure the combination thereof. The way to configure the network depends on the chosen distribution for example can be used on systems Linuxconf RedHat or derivatives or enter the network parameters in / etc / init.d / network on Debian systems. It will be sufficient to run this script or ask Linuxconf to activate the changes for the network adapter configured correctly while to test the functionality of all the commands you can type ifconfig-a and netstat-rn. To verify that the network is working correctly you can try to configure a client with consistent data to the network, using for example the range previously assigned to stations fixed IP (eg 192.168.168.16 and IP netmask 255.255.255.0). At this point you can check for example with a table (from DOS window if you have Windows 95/98/NT) 192.168.168.1 towards the smooth operation server and network just configured.

And now time to install the DHCP server, which will automatically configure and centrally address assignments for individual clients. The mechanism for DHCP is simple: each station connected to an Ethernet hardware address is recognized by the board, called a MAC address. This address is set at the factory and consists of a part that identifies the manufacturer and a serial number. The manufacturer is responsible for the unity of the MAC address of each card so that, in fact, each station on the network has its own fingerprint that makes it unique and recognizable. To check what is the MAC address of the card under Linux you can use the command ifconfig-a. while under Windows you can use Winipcfg.exe. During boot the operating system sends on the network (via broadcast) a configuration request by providing its MAC address. This request responds to the DHCP server, providing the station requesting the essential parameters to be configured, such as IP address, netmask, broadcast, DNS, gateway, WINS server possible.

[Spy$Eyes]

To provide such data, the DHCP server or can be based on a pool of addresses from which take the first free or MAC address provided by the board. This way you can with this Addr provide custom configurations based on single machine (with the foresight to update these settings if you change the network card). The configuration file (usually / etc / dhcpd.conf) is a normal text file. In its basic version, applied to the addresses that have above, simply specify:

subnet 192.168.168.0 netmask 255.255.255.0 (
range 192.168.168.31 192 168 168 230;
default-lease-time 86400;
max-lease-time 259200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1168.255;
option routers 192.166.168.1;
option domain-name-servers 192.168.168.1;
option domain-name "abcd.com"

This will tell the DHCP server for the network 192.168.168.0 to 192,168,168,255 there is a range that goes from lp 192.168.168.3l 192 168 168 230 be allocated to those who request it.

[Spy$Eyes]

These assignments have a deadline. ie the client must be renewed every 86,400 seconds (default lease-time), and in any case a machine may not have the same address for more than 259,200 seconds lp consecutive (max-lease-time). Together with the 'lp address is provided to the requesting station also some optional information: the netmask (subnet-mask option), broadcast (option broadcast-address), the default gateway (option routers), DNS (option domain-name- servers) and the domain name of machines (option domain names). In a more advanced configuration we could add the lines:

host laptop (
hardware ethernet 00:00: B4: 58: B5: D2;
fixed-address 192.168.168.16;
option host-name "laptop";
)

This will allow a station precise. identified by its network card, to take always the same address lp, ie 192.168.168.16. Once the configuration need to start dhcpd from the command prompt (as root, of course) and select "Obtain an IP address automatically" from a Windows station network. If everything works fine when you restart it you can check with Winipcfg.exe that the client has obtained a valid network address from the DHCP server. A first practical application may be that the sharing of Internet access. The mechanism that is used is the so-called Masquerading: Each internal client uses the Linux server as a gateway to the Internet.

[Spy$Eyes]

The configuration of ipchains masquerading is very simple: once you compiled the kernel with the necessary support, simply run the following commands as root to see their stations on the network can surf the Internet without problems, once the server is connected:

# Ipchains-P forward DENY
# Ipchains-A forward-i ppp +-j MASQ
# Echo 1> / proc/sys/net/ipv4/ip_forward

To use application specific individual stations may be appropriate to load additional modules as follows:

# Modprobe ip_masq_autofw.o
# Modprobe ip_masq_portfw.o
# Modprobe ip_masq_mfw.o
# Modprobe ip_masq_user.o
# Modprobe ip_masq_ftp.o
# Modprobe ip_masq_irc.o
# Modprobe ip_masq_raudio.o
# Modprobe ip_masq_quake.o
# Modprobe ip_masq_vdolive.o

Warning: This simple approach allows to use the Internet to their internal locations and in the meantime, somehow protects against attacks originating from 'outside, but leave intact the unguarded server. To achieve a good level of protection should include other commands that refuse any connection from outside and directed at the server.