Andrew Hudson - Fedora™ Unleashed, 2008 edition

A whole host of options can be used in dhcpd.conf; entire books are dedicated to DHCP. The most comprehensive book is The DHCP Handbook , available at http://www.dhcp- handbook.com/. You can define NIS domains, configure NETBIOS, set subnet masks, and define time servers or many other types of servers — to name a few of the DHCP options you can use. The preceding example will get your DHCP server and client up and running.

The DHCP server distribution contains an example of the dhcpd.conf file that you can use as a template for your network. The file shows a basic configuration that can get you started with explanations for the options used.

Three blocks of IP addresses are reserved for use on internal networks and hosts not directly connected to the Internet. The address ranges are from 10.0.0.0 to 10.255.255.255, or 1 Class A network; from 172.16.0.0 to 172.31.255.255, or 16 Class B networks; and from 192.168.0.0 to 192.168.255.255, or 256 Class C networks. Use these IP addresses when building a LAN for your business or home. Which class you choose can depend on the number of hosts on your network.

Internet access for your internal network can be provided by a PC running Fedora or other broadband or dialup router. The host or device is connected to the Internet and is used as an Internet gateway to forward information to and from your LAN. The host should also be used as a firewall to protect your network from malicious data and users while functioning as an Internet gateway.

A PC used in this fashion typically has at least two network interfaces. One is connected to the Internet with the other connected to the computers on the LAN (via a hub or switch). Some broadband devices also incorporate four or more switching network inter faces. Data is then passed between the LAN and the Internet using network address translation , or NAT , better known in Linux circles as IP masquerading . See Chapter 30, "Securing Your Machines," for more information.

Do not rely on a single point of protection for your LAN, especially if you use wireless networking, provide dial-in services, or allow mobile (laptop or PDA) users internal or external access to your network. Companies, institutions, and individuals relying on a "moat mentality" have often discovered to their dismay that such an approach to security is easily breached. Make sure that your network operation is accompanied by a security policy that stresses multiple levels of secure access, with protection built in to every server and workstation — something easily accomplished with Linux.

Most servers on your network have more than one task. For example, web servers have to serve both standard and secure pages. You might also be running an FTP server on the same host. For this reason, applications are provided ports to use to make "direct" connections for specific software services. These ports help TCP/IP distinguish services so that data can get to the correct application. If you check the file /etc/services, you will see the common ports and their usage. For example, for FTP, HTTP, and Post Office Protocol (email retrieval server), you will see the following:

ftp 21/tcp

http 80/tcp www www-http # WorldWideWeb HTTP

pop3 110/tcp pop-3 # POP version 3

The ports defined in /etc/servicesin this example are 21for FTP, 80for HTTP, and 110for POP3. Other common port assignments are 25for Simple Mail Transport Protocol (SMTP) and 22for Secure Shell (SSH) remote login. Note that these ports are not set in stone, and you can set up your server to respond to different ports. For example, although port 22is listed in /etc/servicesas a common default for SSH, the sshdserver can be configured to listen on a different port if you edit its configuration file /etc/ssh/sshd_config. The default setting (commented out with a pound sign) looks like this:

#Port 22

Edit the entry to use a different port, making sure to select an unused port number, such as this:

Port 2224

Save your changes, and then restart the sshd server. (Refer to Chapter 11, "Automating Tasks," to see how to restart a service.) Remote users must now access the host through port 2224, which can be done using ssh's - p(port) option like so:

$ ssh -p 2224 remote_host_name_or_IP

Fedora supports Internet connections and the use of Internet resources in many different ways. You will find a wealth of Internet-related software included with this book's version of Fedora, and you can download hundreds of additional free utilities from a variety of sources. To use them, you must have a working Internet connection.

In this section, you learn how to set up an Internet connection in Fedora, using a modem and Point-to-Point Protocol (PPP) as well as other connection methods, including Digital Subscriber Line (DSL) and cable modem services. Just a few years ago, getting a dialup connection working was difficult — hence, an entire chapter of this book was devoted to it. Nowadays, as long as you have a hardware modem, dialup configuration is simple. The Fedora developers and the wider Linux community have made great progress in making connectivity easier.

Although many experienced Linux users continue to use manual scripts to establish their Internet connectivity, new users and experienced system administrators alike will find Fedora's graphical network configuration interface, the Internet Connection Wizard, much easier to use. You learn how to use the Internet Connection Wizard in this chapter, as well as how to configure Fedora to provide dial-in PPP support. The chapter also describes how to use Roaring Penguin's DSL utilities for managing connectivity through a cable modem connection.

Although Fedora enables great flexibility in configuring Internet connections, that flexibility comes at the price of an increase in complexity. To configure Internet connectivity in Fedora, you must know more about the details of the connection process than you can learn from the information typically provided by your ISP. In this section, you learn what to ask about and how to use the information.

Some ISPs are unaware of Linux or unwilling to support its use with their service. Fortunately, that attitude is rapidly changing, and the majority of ISPs offer services using standard protocols that are compatible with Linux, even if they (or their technical support people) aren't aware that their own ISPs are Linux-friendly. You just need to press a little for the information you require.

If you are using a dialup modem account (referred to in Linux as PPP for the Point-to-Point Protocol it uses), your ISP provides your computer with a static or dynamic IP ( Internet Protocol ) address. A dynamic IP address changes each time you dial in, whereas a static IP address remains the same. The ISP also might automatically provide your computer with the names of the Domain Name Service (DNS) servers. You need to know the telephone number that your computer dials in to for making the connection; your ISP supplies that number, too. You also need a working modem and need to know the device name of the modem (usually /dev/modem).

Most IP addresses are dynamically assigned by ISPs; ISPs have a pool of addresses, and you get whatever address is available. From the ISP's viewpoint, a small number of addresses can serve a large number of people because not everyone will be online at the same time. For most Internet services, a dynamic IP works well because it is the ISP's job to route that information to you, and it sits in the middle —between you and the service you want to use. But a dynamic IP address changes, and if someone needs to find you at the same address (if you run a website or a file transfer site, for example), an IP that changes every time you log on will not work well. For that, you need a static IP. Because your ISP cannot reuse that IP with its other customers, it will likely charge you more for a static IP than a dynamic If? The average consumer doesn't need the benefit of a static IP so he is happy paying less for a dynamically assigned IP Also, the DNS information can be provided automatically by the ISP by the DHCP