Olaf Kirch - Linux Network Administrator Guide, Second Edition

Anyone remember Pink Floyd's "Echoes"?

For example, all applications based on RPC use the loopback interface to register themselves with the portmapper daemon at startup. These applications include NIS and NFS.

Note that pointopoint is not a typo. It's really spelled like this.

As a matter of caution, you should configure a PLIP or SLIP link only after you have completely set up the routing table entries for your Ethernets. With some older kernels, your network route might otherwise end up pointing at the point-to-point link.

The dummy device is called dummy0 if you have loaded it as a module rather than choosing it as an inbuilt kernel option. This is because you are able to load multiple modules and have more than one dummy device.

More correctly, using IP aliasing is known as network layer virtual hosting. It is more common in the WWW and STMP worlds to use application layer virtual hosting, in which the same IP address is used for each virtual host, but a different hostname is passed with each application layer request. Services like FTP are not capable of operating in this way, and they demand network layer virtual hosting.

RIP chooses the optimal route to a given host based on the "length" of the path. It is computed by summing up the individual metric values of each host-to-host link. By default, a hop has length 1, but this may be any positive integer less than 16. (A route length of 16 is equal to infinity. Such routes are considered unusable.) The metric parameter sets this hop cost, which is then broadcast by the routing daemon.

ssh can be obtained from ftp.cs.hut.fi in /pub/ssh.

You can tell whether a connection is outgoing from the port numbers. The port number shown for the calling host will always be a simple integer. On the host being called, a well-known service port will be in use for which netstat uses the symbolic name such as smtp, found in /etc/services.

If information weren't cached, then DNS would be as inefficient as any other method because each query would involve the root name servers.

Well, almost. A name server has to provide at least name service for localhost and reverse lookups of 127.0.0.1.

BIND 4.9 was developed by Paul Vixie, paul@vix.com, but BIND is now maintained by the Internet Software Consortium, bind-bugs@isc.org.

Note that you can't query your name server for the root servers if you don't have any root server hints installed. To escape this dilemma, you can either make nslookup use a different name server, or use the sample file in Example 6.10 as a starting point, and then obtain the full list of valid servers.

diplogin must be run as setuid to root, too. See the section at the end of this chapter.

Relevant RFCs are listed in the Bibiliography at the end of this book.

In fact, HDLC is a much more general protocol devised by the International Standards Organization (ISO) and is also an essential component of the X.25 specification.

If you have any general questions about PPP, ask the people on the Linux-net mailing list at vger.rutgers.edu.

Karl can be reached at karl@morningstar.com.

The default network route is installed only if none is already present.

If you edit syslog.conf to redirect these log messages to a file, make sure this file isn't world readable, as chat also logs the entire chat script by default - including passwords.

More information on two dynamic host assignment mechanisms can be found at http://www.dynip.com/ and http://www.justlinux.com/dynamic_dns.html.

Using hostnames in this option has consequences for CHAP authentication. Please refer to the "Authentication with PPP" section later in this chapter.

The ipcp-accept-local and ipcp-accept-remote options instruct your pppd to accept the local and remote IP addresses being offered by the remote PPP, even if you've supplied some in your configuration. If these options are not configured, your pppd will reject any attempt to negotiate the IP addresses used.

If we wanted to have routes for other sites created when they dial in, we'd add appropriate case statements to cover those in which the… appears in the example.

"Secret" is just the PPP name for passwords. PPP secrets don't have the same length limitation as Linux login passwords.

The double quotes are not part of the secret; they merely serve to protect the whitespace within it.

This hostname is taken from the CHAP challenge.

The useradd or adduser utility, if you have it, will simplify this task.

The term firewall comes from a device used to protect people from fire. The firewall is a shield of material resistant to fire that is placed between a potential fire and the people it is protecting.

Firewall packet logging is a special feature that writes a line of information about each datagram that matches a particular firewall rule out to a special device so you can see them.

FTP active mode is somewhat nonintuitively enabled using the PORT command. FTP passive mode is enabled using the PASV command.

The ProFTPd daemon is a good example of an FTP server that doesn't, at least in older versions.

Paul can be reached at Paul.Russell@rustcorp.com.au.

Take a look at /etc/protocols for protocol names and numbers.

This isn't a good thing to do if your Linux machine serves as a router. If you disable IP forwarding, it will cease to route! Do this only on a machine with a single physical network interface.

RealAudio is a trademark of the Progressive Networks Corporation.

You can contact Ambrose at ambrose@writeme.com.

… and perhaps even a whole book!

Written by Wietse Venema, wietse@wzv.win.tue.nl.

Usually only local hostnames obtained from lookups in /etc/hosts contain no dots.

While its name suggests it is an extreme measure, the PARANOID keyword is a good default, as it protects you against mailicious hosts pretending to be someone they are not. Not all tcpd are supplied with PARANOID compiled in; if yours is not, you need to recompile tcpd to use it.

OpenSSH was developed by the OpenBSD project and is a fine example of the benefit of free software.

Swen can be reached at swen@uni-paderborn.de. The NIS clients are available as yp-linux.tar.gz from metalab.unc.edu in system/Network.

Peter may be reached at pen@lysator.liu.se. The current version of NYS is 1.2.8.

Thorsten may be reached at kukuk@uni-paderborn.de.