You should not normally have to manually create a loopback interface as Fedora creates one automatically for you during installation. To check that one is set up, you can use the ifconfig command while working as root to show something similar to this:

# /sbin/ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436 Metric:1
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:760 (760.0 b)  TX bytes:760 (760.0 b)

What you see in this example is evidence that the loopback interface is present and active. The inet addr is the IP number assigned to the localhost, typically 127.0.0.1 along with the broadcast mask of 255.255.255.0 and that there has been little activity on this interface (RX = receive and TX = transmit). If your output does not look like the one above, you must hand-configure the localhost interface after you finish the rest of this section.

The localhost interface’s IP address is specified in a text configuration file that is used by Fedora to keep record of various network-wide IP addresses. The file is called /etc/hosts and usually exists on a system, even if it is empty. The file is used by the Linux kernel and other networking tools to enable them to access local IP addresses and hostnames. If you have not configured any other networking interfaces then you may find that the file only contains one line:

127.0.0.1     localhost.localdomain     localhost

This line defines the special localhost interface and assigns it an IP address of 127.0.0.1. You might hear or read about terms such as localhost, loopback, and dummy interface; all these terms refer to the use of the IP address 127.0.0.1. The term loopback interface indicates that to Linux networking drivers, it looks as though the machine is talking to a network that consists of only one machine; the kernel sends network traffic to and from itself on the same computer. Dummy interface indicates that the interface doesn’t really exist as far as the outside world is concerned; it exists only for the local machine.

Each networked Fedora machine on a LAN will use this same IP address for its localhost. If for some reason a Fedora computer does not have this interface, edit the /etc/hosts file to add the localhost entry, and then use the ifconfig and route commands as root to create the interface like this:

# /sbin/ifconfig lo 127.0.0.1
# /sbin/route add 127.0.0.1 lo

These commands will create the localhost interface in memory (all interfaces, such as eth0 or ppp0, are created in memory when using Linux), and then add the IP address 127.0.0.1 to an internal (in-memory) table so that the Linux kernel’s networking code can keep track of routes to different addresses.

Use the ifconfig command as shown previously to test the interface.

You should now be able to use ping to check that the interface is responding properly like this (using either localhost or its IP address):

# /bin/ping -c 3 localhost
PING localhost.localdomain (127.0.0.1) from 127.0.0.1 : 56(84) bytes of data.
64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=0 ttl=255 time=212 
usec
64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=1 ttl=255 time=80 usec
64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=2 ttl=255 time=50 usec

--- localhost.localdomain ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.050/0.114/0.212/0.070 ms

The -c option is used to set the number of pings, and the command, if successful (as it was previously), returns information regarding the round-trip speed of sending a test packet to the specified host.

To understand networking with Linux, you need to know the basics of TCP/IP addressing. Internet IP addresses (also known as public IP addresses) are different from those used internally on a local area network, or LAN. Internet IP addresses are assigned (for the United States and some other hosts) by the American Registry for Internet Numbers, available at http://www.arin.net/. Entities that need an Internet address apply to this agency to be assigned an address. The agency assigns Internet service providers (ISPs) one or more blocks of IP addresses, which the ISPs can then assign to their subscribers.

You will quickly recognize the current form of TCP/IP addressing, known as IPv4 (IP version 4). In this method, a TCP/IP address is expressed of a series of four decimal numbers—a 32-bit value expressed in a format known as dotted decimal format, such as 192.168.120.135. Each set of numbers is known as an octet (eight ones and zeros, such as 10000000 to represent 128) and ranges from zero to 255.

The first octet usually determines what class the network belongs to. There are three classes of networks. The classes are

No host portion of an IP address can be all zeros or 255s. These addresses are reserved for broadcast addresses. IP addresses with all zeros in the host portion are reserved for network-to-network broadcast addresses. IP addresses with all 255s in the host portion are reserved for local network broadcasts. Broadcast messages are not typically seen by users.

These classes are the standard, but a netmask also determines what class your network is in. The netmask determines what part of an IP address represents the network and what part represents the host. Common netmasks for the different classes are

Because of the allocation of IP addresses for Internet hosts, it is now impossible to get a Class A network. It is also nearly impossible to get a Class B network (all the addresses have been given out, but some companies are said to be willing to sell theirs), and Class C network availability is dropping rapidly with the current growth of Internet use worldwide. See the following sidebar.

Three blocks of IP addresses are reserved for use on internal networks and hosts not directly connected to the Internet. The address ranges are from 10.0.0.0 to 10.255.255.255, or 1 Class A network; from 172.16.0.0 to 172.31.255.255, or 16 Class B networks; and from 192.168.0.0 to 192.168.255.255, or 256 Class C networks. Use these IP addresses when building a LAN for your business or home. Which class you choose can depend on the number of hosts on your network.

Internet access for your internal network can be provided by a PC running Fedora or other broadband or dial-up router. The host or device is connected to the Internet and is used as an Internet gateway to forward information to and from your LAN. The host should also be used as a firewall to protect your network from malicious data and users while functioning as an Internet gateway.

A PC used in this fashion typically has at least two network interfaces. One is connected to the Internet with the other connected to the computers on the LAN (via a hub or switch). Some broadband devices also incorporate four or more switching network interfaces. Data is then passed between the LAN and the Internet using network address translation, or NAT, better known in Linux circles as IP masquerading. See Chapter 35, “Securing Your Machines,” for more information.

Most servers on your network have more than one task. For example, web servers have to serve both standard and secure pages. You might also be running an FTP server on the same host. For this reason, applications are provided ports to use to make “direct” connections for specific software services. These ports help TCP/IP distinguish services so that data can get to the correct application. If you check the file /etc/services, you will see the common ports and their usage. For example, for FTP, HTTP, and Post Office Protocol (email retrieval server), you will see

ftp      21/tcp
http     80/tcp    www www-http  # WorldWideWeb HTTP
pop3    110/tcp    pop-3         # POP version 3

The ports defined in /etc/services in this example are 21 for FTP, 80 for HTTP, and 110 for POP3. Other common port assignments are 25 for simple mail transport protocol (SMTP) and 22 for secure shell (SSH) remote login. Note that these ports are not set in stone, and you can set up your server to respond to different ports. For example, although port 22 is listed in /etc/services as a common default for SSH, the sshd server can be configured to listen on a different port by editing its configuration file /etc/ssh/sshd_config. The default setting (commented out with a pound sign) looks like this:

#Port 22

Edit the entry to use a different port, making sure to select an unused port number, such as

Port 2224

Save your changes, and then restart the sshd server. (Refer to Chapter 15, “Automating Tasks,” to see how to restart a service.) Remote users must now access the host through port 2224, which can be done using ssh’s -p (port) option like so:

$ ssh -p 2224 remote_host_name_or_IP

Within Class A and B networks, there can be separate networks called subnets. Subnets are considered part of the host portion of an address for network class definitions. For example, in the 128. Class B network, you can have one computer with an address of 128.10.10.10 and another with an address of 128.10.200.20; these computers are on the same network (128.10.), but they have different subnets (128.10.10. and 128.10.200.). Because of this, communication between the two computers requires either a router or a switch. Subnets can be helpful for separating workgroups within your company.

Often subnets can be used to separate workgroups that have no real need to interact with or to shield from other groups information passing among members of a specific workgroup. For example, if your company is large enough to have its own HR department and payroll section, you could put those departments’ hosts on their own subnet and use your router configuration to limit the hosts that can connect to this subnet. This configuration prevents networked workers who are not members of the designated departments from being able to view some of the confidential information the HR and payroll personnel work with.

Subnet use also enables your network to grow beyond 254 hosts and share IP addresses. With proper routing configuration, users might not even know they are on a different subnet from their co-workers. Another common use for subnetting is with networks that cover a wide geographic area. It is not practical for a company with offices in Chicago and London to have both offices on the same subnet, so using a separate subnet for each office is the best solution.

Subnet masks are used by TCP/IP to show which part of an IP address is the network portion and which part is the host. Subnet masks are usually referred to as netmasks. For a pure Class A network, the netmask would be 255.0.0.0; for a Class B network, the netmask would be 255.255.0.0; and for a Class C network, the netmask would be 255.255.255.0. Netmasks can also be used to deviate from the standard classes.

By using customized netmasks, you can subnet your network to fit your needs. For example, your network has a single Class C address. You have a need to subnet your network. Although this isn’t possible with a normal Class C subnet mask, you can change the mask to break your network into subnets. By changing the last octet to a number greater than zero, you can break the network into as many subnets as you need.

For more information on how to create customized subnet masks, see Day 6, “The Art of Subnet Masking,” in Sams Teach Yourself TCP/IP Network Administration in 21 Days. That chapter goes into great detail on how to create custom netmasks and explains how to create an addressing cheat sheet for hosts on each subnet. You can also browse to the Linux Network Administrator’s Guide and read about how to create subnets at http://www.tldp.org/LDP/nag2/index.html.

Information can get to systems through three types of addresses: unicast, multicast, and broadcast. Each type of address is used according to the purpose of the information being sent, as explained here:

A computer must have a network interface card (NIC) to connect to a network. Currently, there are several topologies (ways of connecting computers) for network connections. These topologies range from the old and mostly outdated 10BASE-2 to the much newer and popular wireless Wi-Fi or 802.11 networking.

Each NIC has a unique address (the hardware address, known as media access control, or MAC), which identifies that NIC. This address is six pairs of hexadecimal bits separated by colons (:). A MAC address looks similar to this: 00:60:08:8F:5A:D9. The hardware address is used by DHCP (see “DHCP” later in this chapter) to identify a specific host. It is also used by the Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP) to map hosts to IP addresses.

This section covers some of the different types of NIC used to connect to your network.

Currently, three types of network cable exist: coaxial, unshielded twisted pair (UTP), and fiber. Coaxial cable (rarely used today) looks a lot like the coaxial cable used to connect your television to the cable jack or antenna. UTP looks a lot like the cable that runs from your phone to the wall jack (the jacks are a bit wider). Fiber cable looks sort of like the RCA cables used on your stereo or like the cable used on your electrical appliances in your house (two separate segments connected together). The following sections discuss UTP and fiber network cable in more detail.

Hubs and switches are used to connect several hosts together on a star architecture network. They can have any number of connections; the common sizes are 4, 8, 16, 24, and 48 connections (ports)—each port has a light that comes on when a network connection is made (link light). Their use enables you to expand your network easily; you can just add new hubs or switches when you need to add new connections. Each unit can connect to the other hubs or switches on the network, typically, through a port on the hub or switch called an uplink port. This enables two hubs or switches, connected by their uplink ports, to act as one hub or switch. Having a central location where all the hosts on your network can connect allows for easier troubleshooting of problems. If one host goes down, none of the other hosts are affected (depending on the purpose of the downed host). Because hubs and switches are not directly involved with the Linux operating system, compatibility is not an issue.

If you are constructing a small to mid-size network, it is important to consider whether you intend to use either hubs or switches. Hubs and switches are visually the same in that they have rows of network ports. However, under the hood, the difference is quite important. Data is sent as packets of information across the network; with a hub the data is transmitted simultaneously to all the network ports, irrespective of which port the destination computer is attached to.

Switches, however, are more intelligent because they can direct packets of information directly to the correct network port that leads to the destination computer. They do this by “learning” the MAC addresses of each computer that is attached to them. In short, using switches minimizes excess packets being sent across the network, thus increasing network bandwidth. In a small network with a handful of computers, the use of hubs might be perfectly acceptable and you will find that hubs are generally cheaper than switches. However, for larger networks of 15 computers or more, you might want consider implementing a switched network.

Routers and bridges are used to connect different networks to your network and to connect different subnets within your network. Routers and bridges both serve the same purpose of connecting networks and subnets, but they do so with different techniques. The information in the following sections will help you choose the connection method that best suits your needs.

All the initial network configuration and hardware initialization for Fedora is normally done during installation. At times, however, you will have to reconfigure networking on your system, such as when a host needs to be moved to a different subnet or a different network, or if you replace any of your computer’s networking hardware.

Linux creates network interfaces in memory when the kernel recognizes that a NIC or other network device is attached to the system. These interfaces are unlike other Linux interfaces, such as serial communications ports, and do not have a corresponding device file in the /dev directory. Unless support for a particular NIC is built in to your kernel, Linux must be told to load a specific kernel module to support your NIC. More than 100 such modules are located in the /lib/modules/2.6.XX-XX/kernel/drivers/net directory (where XX-XX is your version of the kernel).

You can initialize a NIC in several ways when using Linux. When you first install Fedora, automatic hardware probing detects and configures your system to use any installed NICs. If you remove the original NIC and replace it with a different make and model, your system will not automatically detect and initialize the device unless you configure Fedora to use automatic hardware detection when booting. If you have enabled the kudzu hardware daemon, (refer to Chapters 7, “Managing Software,” and 15, “Automating Tasks”), it detects the absence of the old NIC and the presence of the new NIC at boot time and prompts you for permission to change your system’s NIC configuration information.

If you do not use automatic hardware detection and configuration, you can initialize network hardware by

The following sections explain the first and last of the preceding methods.

alias eth0 8139too

alias eth0 eepro100

# modprobe 8139too

$ dmesg
...
eth0: RealTek RTL8139 Fast Ethernet at 0xce8ee000, 00:30:1b:0b:07:0d, IRQ 11
eth0: Identified 8139 chip type 'RTL-8139C'
eth0: Setting half-duplex based on auto-negotiated partner ability 0000.
...

$ dmesg
...
eepro100.c:v1.09j-t 9/29/99 Donald Becker http://cesdis.gsfc.nasa.gov/linux/drive
rs/eepro100.html
eepro100.c: $Revision: 1.36 $ 2000/11/17 Modified by Andrey V. Savochkin <[email protected]> and others
PCI: Found IRQ 10 for device 00:0d.0
eth0: Intel Corporation 82557 [Ethernet Pro 100], 00:90:27:91:92:B5, IRQ 10.
 Board assembly 721383-007, Physical connectors present: RJ45
 Primary interface chip i82555 PHY #1.
 General self-test: passed.
 Serial sub-system self-test: passed.
 Internal registers self-test: passed.
 ROM checksum self-test: passed (0x04f4518b).
...

You can configure a network interface from the command line using the basic Linux networking utilities. You configure your network client hosts with the command line by using commands to change your current settings or by editing a number of system files. Two commands, ifconfig and route, are used for network configuration. The netstat command displays information about the network connections.

/sbin/ifconfig [network device] options

# /sbin/ifconfig

eth0   Link encap:Ethernet HWaddr 00:30:1B:0B:07:0D
       inet addr:192.168.2.7 Bcast:192.168.2.255 Mask:255.255.255.0
       UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
       RX packets:127948 errors:0 dropped:0 overruns:0 frame:0
       TX packets:172675 errors:0 dropped:0 overruns:0 carrier:0
       collisions:7874 txqueuelen:100
       RX bytes:19098389 (18.2 Mb) TX bytes:73768657 (70.3 Mb)
       Interrupt:11 Base address:0x2000


lo     Link encap:Local Loopback
       inet addr:127.0.0.1 Mask:255.0.0.0
       UP LOOPBACK RUNNING MTU:16436 Metric:1
       RX packets:215214 errors:0 dropped:0 overruns:0 frame:0
       TX packets:215214 errors:0 dropped:0 overruns:0 carrier:0
       collisions:0 txqueuelen:0
       RX bytes:68739080 (65.5 Mb) TX bytes:68739080 (65.5 Mb)

# ifconfig eth0 down

# ifconfig eth0 192.168.2.9 netmask 255.255.255.0 up

# ifconfig eth0 dogdog.hudson.com up

/sbin/route [options] [commands] [parameters]

# /sbin/route
Kernel IP routing table
Destination    Gateway        Genmask         Flags  Metric  Ref  Use  Iface
149.112.50.64  *              255.255.255.192 U      0       0    0    eth0
208.59.243.0   *              255.255.255.0   U      0       0    0    eth0
127.0.0.0      *              255.0.0.0       U      0       0    0    lo
default         149.112.50.65 0.0.0.0         UG     0       0    0    eth0

# /sbin/route -n
Kernel IP routing table
Destination    Gateway        Genmask          Flags  Metric  Ref  Use  Iface
149.112.50.64  0.0.0.0        255.255.255.192  U      0       0    0    eth0
208.59.243.0   0.0.0.0        255.255.255.0    U      0       0    0    eth0
127.0.0.0      0.0.0.0        255.0.0.0        U      0       0    0    lo
0.0.0.0        149.112.50.65  0.0.0.0          UG     0       0    0    eth0

# /sbin/route add default gw 149.112.50.65

# /sbin/route add -net 208.59.243.0 netmask 255.255.255.0 dev eth0

# /sbin/route add -host 198.135.62.25 gw 149.112.50.65

As previously stated, seven network configuration files can be modified to make changes to basic network interaction of your system. The files are

After the first six of these files are modified, the changes are active. As with most configuration files, comments can be added with a hash mark (#) preceding the comment. The last file (/etc/sysconfig/network) requires the networking daemons to be restarted before the file is used. All seven of these files have a man page written about them for more information.

127.0.0.1      localhost.localdomain  localhost
128.112.50.69  myhost.mydomain.com    myhost
128.112.50.169 yourhost.mydomain.com  yourhost

# Each line describes one service, and is of the form:
#
# service-name port/protocol [aliases ...] [# comment]

tcpmux    1/tcp              # TCP port service multiplexer
tcpmux    1/udp              # TCP port service multiplexer
rje       5/tcp              # Remote Job Entry
rje       5/udp              # Remote Job Entry
echo      7/tcp
echo      7/udp
discard   9/tcp      sink null
discard   9/udp      sink null
systat    11/tcp     users

passwd:  files
shadow:  files
group:   files

#hosts:  db files nisplus nis dns
hosts:   files dns

nameserver 192.172.3.8
nameserver 192.172.3.9
search mydomain.com

order hosts, bind

NETWORKING=yes
HOSTNAME=myhost
GATEWAY=192.112.50.99

NISDOMAIN=rebel

As mentioned earlier, if you are new to networking or still becoming proficient with the command line, the graphical configuration tool is your best method for configuring new hardware in Fedora. Like most graphical tools, system-config-network allows you to fill in the blanks; press the proper buttons, and the tool modifies the required files and issues the proper commands. Remember, you must be root to run system-config-network.

There are two ways to start system-config-network: from the command line of an X11 terminal window with the command system-config-network, using the panel’s Run Application menu item, or by clicking the System Setting’s Network menu item from a GNOME or KDE desktop panel menu. (In either case, you are prompted to enter the root password.)

After it is started, system-config-network might ask whether you would like to create a new device. If you have installed Fedora on a computer with an existing network card, however, the screen shown in Figure 18.1 appears after you start system-config-network.

Figure 18.1. Use the initial system-config-network networking screen to begin configuring your network client host.

Click the DNS tab to configure your system’s DNS settings, hostname, or DNS search path. Click the Hosts tab, and then either click the New or Edit button (after selecting a host) to create or edit an entry in your system’s /etc/hosts file, for example, to add the IP addresses, hostnames, and aliases of hosts on your network. See Figure 18.2 for an example of editing a host entry.

Figure 18.2. Highlight an existing entry, and then click the Edit button to change /etc/hosts entries in the Hosts tab of the Network Configuration screen.

Click the Devices tab, and then either click New or select an existing setting and click Edit to automatically or manually set up an ethernet device. Figure 18.3 shows the Add New Device Type dialog box with all necessary information in place for a static, or fixed, IP address assignment. Choose how your card will get its configuration, manually from Dynamic Host Control Protocol (see the next section) or from Bootp. Just fill in the blanks as needed.

Figure 18.3. Configure an ethernet device in the Configure Network Setting screen of the Add New Device Type dialog.

When you finish configuring your NIC or editing an IP address or assignment scheme for a NIC, save your changes using the File menu’s Save menu item. Note that you can also use the Profile menu (as shown previously in Figure 18.1) to create different network configurations and IP address assignments for your installed NICs. This is handy if you want to create, for example, a different network setup for home or work on a laptop running Fedora.

DHCP provides persistent storage of network parameters by holding identifying information for each network client that might connect to the network. The three most common pairs of identifying information are

DHCP also allocates to clients temporary or permanent network (IP) addresses. When a temporary assignment, known as a lease, elapses, the client can request to have the lease extended, or, if the address is no longer needed, the client can relinquish the address. For hosts that will be permanently connected to a network with adequate addresses available, DHCP allocates infinite leases.

DHCP offers your network some advantages. First, it shifts responsibility for assigning IP addresses from the network administrator (who can accidentally assign duplicate IP addresses) to the DHCP server. Second, DHCP makes better use of limited IP addresses. If a user is away from the office for whatever reason, the user’s host can release its IP address for use by other hosts.

Like most things in life, DHCP is not perfect. Servers cannot be configured through DHCP alone because DNS does not know what addresses that DHCP assigns to a host. This means that DNS lookups are not possible on machines configured through DHCP alone; therefore, services cannot be provided. However, DHCP can make assignments based on DNS entries when using subnet/hostname or subnet/hardware address identifiers.

During installation, you can instruct the Fedora installer to save DHCP settings for your NIC. After installation, you can also use the system-config-network client to edit the TCP/IP configuration information required to properly initialize and configure your NIC to connect your system to the local network and Internet. When you select a dynamic, or DHCP-assigned IP addressing scheme for your NIC, the broadcast address is set at 255.255.255.255 because dhclient, the DHCP client used for IP configuration, is initially unaware of where the DHCP server is located, so the request must travel every network until a server replies.

DHCP-specific information is simply saved as a BOOTPROTO=dhcp entry for your NIC under the /etc/sysconfig/network directory (in settings and scripts for a specific device, such as eth0).

Other settings specific to obtaining DHCP settings are saved in the file named dhclient.conf under the /etc directory and are documented in the dhclient.conf man page. More than 100 options are also documented in the dhcp-options man page.

However, using DHCP is not that complicated. If you want to use DHCP and know that there is a server on your network, you can quickly configure your NIC by using the dhclient like so:

# dhclient
Internet Software Consortium DHCP Client V3.0pl2
Copyright 1995-2001 Internet Software Consortium.
All rights reserved.
For info, please visit http://www.isc.org/products/DHCP
Listening on LPF/lo/
Sending on   LPF/lo/
Listening on LPF/eth0/00:a0:24:aa:f5:17
Sending on   LPF/eth0/00:a0:24:aa:f5:17
Sending on   Socket/fallback
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPACK from 192.168.2.254
save_previous /etc/yp.conf
save_previous /etc/resolv.conf
bound to 192.168.2.253 -- renewal in 9906 seconds.

In this example, the first ethernet device, eth0, has been assigned an IP address of 192.168.2.253 from a DHCP server at 192.168.2.54. The renewal will take place in about two hours and 45 minutes.

Installation of the DHCP client and server might be easiest during the initial install of Fedora, but you can also use RPMs later on, or download and build the source code yourself. The RPMs are available on your Fedora DVD or from a mirror FTP site (refer to Chapter 7 for more information). This section describes configuring the dhclient and setting up and running the dhpcd daemon.

Configuring your network with DHCP can look difficult, but is actually easy if your needs are simple. The server configuration can take a bit more work if your network is more complex and depending on how much you want DHCP to do.

subnet 10.5.5.0 netmask 255.255.255.224 {
 range 10.5.5.26 10.5.5.30;
 option domain-name-servers ns1.internal.example.org;
 option domain-name "internal.example.org";
 option routers 10.5.5.1;
 option broadcast-address 10.5.5.31;
 default-lease-time 600;
 max-lease-time 7200;
}

subnet 10.152.187.0 netmask 255.255.255.0 {
}

host fantasia {
  hardware ethernet 08:00:07:26:c0:a5;
  fixed-address fantasia.fugue.com;
}

host passacaglia {
 hardware ethernet 0:0:c0:5d:bd:95;
 filename "vmunix.passacaglia";
 server-name "toccata.fugue.com";
}

A whole host of options can be used in dhcpd.conf: Entire books are dedicated to DHCP. The most comprehensive book is The DHCP Handbook, available at http://www.dhcp-handbook.com/. You can define NIS domains, configure NETBIOS, set subnet masks, and define time servers, or many other types of servers—to name a few of the DHCP options you can use. The preceding example will get your DHCP server and client up and running.

The DHCP server distribution contains an example of the dhcpd.conf file that you can use as a template for your network. The file shows a basic configuration that can get you started with explanations for the options used.

The Linux kernel that ships with Fedora provides extensive support for wireless networking. Related wireless tools for configuring, managing, or displaying information about a wireless connection include

Support varies for wireless devices—most likely in the form of a PCMCIA adapter—although some USB wireless devices now work with Linux. In general, Linux wireless device software (usually in the form of a kernel module) supports the creation of an ethernet device that can be managed by traditional interface tools such as ifconfig—with wireless features of the device managed by the various wireless software tools.

For example, when a wireless networking device is first recognized and initialized for use, the driver will most likely report a new device:

wvlan_cs: WaveLAN/IEEE PCMCIA driver v1.0.6
wvlan_cs: (c) Andreas Neuhaus <[email protected]>
wvlan_cs: index 0x01: Vcc 3.3, irq 3, io 0x0100-0x013f
wvlan_cs: Registered netdevice eth0
wvlan_cs: MAC address on eth0 is 00 05 5d f3 1d da

This output (from the dmesg command) shows that the eth0 device has been reported. If DHCP is in use, the device should automatically join the nearest wireless subnet and be automatically assigned an IP address. If not, the next step is to use a wireless tool such as iwconfig to set various parameters of the wireless device. The iwconfig command, along with the device name (eth0 in this example), will show the status:

# iwconfig eth0
eth0   IEEE 802.11-DS ESSID:"GreyUFO" Nickname:"Prism I"
       Mode:Managed Frequency:2.412GHz Access Point: 00:02:2D:2E:FA:3C
       Bit Rate:2Mb/s Tx-Power=15 dBm Sensitivity:1/3
       RTS thr:off Fragment thr:off
       Encryption key:off
       Power Management:off
       Link Quality:92/92 Signal level:-11 dBm Noise level:-102 dBm
       Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
       Tx excessive retries:0 Invalid misc:4 Missed beacon:0

This example shows a 2Mbps connection to a network named GreyUFO. To change a parameter, such as the transmission rate, use a command-line option with the iwconfig command like so:

# iwconfig eth0 rate 11M

Other options supported by the iwconfig command include essid, used to set the NIC to connect to a specific network by named; mode, used to enable the NIC to automatically retrieve settings from an access point or connect to another wireless host; or freq, to set a frequency to use for communication. Additional options include channel, frag, enc (for encryption), power, and txpower. Details and examples of these options are in the iwconfig manual page.

You can then use the ifconfig command or perhaps a graphical Fedora tool to set the device networking parameters, and the interface will work as on a hardwired LAN. One handy output of the iwconfig command is the link quality output, which can be used in shell scripts or other graphical utilities for signal monitoring purposes (refer to Chapter 15 for an example).

The ads are starting to crop up on TV: This cellular service allows you to check your email anywhere your cellular phone can reach; that cellular company provides news and other information via the Internet to your phone. Personal digital assistants have cellular add-ons or even built-in options.

For example, if your laptop has a cellular modem, you can use it to dial in to your network. This is not truly wireless networking if the network dialed in to is wired, but it illustrates how far-reaching wireless networks can go. As long as your cellular service follows you, you can dial in to any network you have access to (be it home or office) from any location in the world to check your email and use it to send electronic files to your associates. And many newer cell phones can be used as a modem by attaching a cable from the phone to a serial or USB port on a laptop. As with most devices, the majority of brand-name PCMCIA cards work with Linux. A lot of generic equipment (such as serial I/O cards) should work, but you are taking a chance if the card is not supported (see the section “Managing PCMCIA” in Chapter 4, “Post-Installation Configuration”).

Advantages of wireless networking are its mobility and potential range. If you have a large enough antenna network, your network can stretch many miles. This would be an expensive network, but one that would easily break out of the brick and mortar confines of the office.

Wireless networking would also be a great advantage to college campuses to eliminate the need to tear through walls to install cabling because more and more students expect to have a network connection in their dorm rooms. Wireless networking cards are becoming more reasonable in price and can easily be issued to each student as he requires them.

Home networkers can also benefit from wireless networking. For those who cannot make wired network modifications to their homes, wireless networking removes the unsightly wires running along baseboards and ceilings that are required to connect computers in different rooms. With a wireless home network, you are not even confined to inside the house. Depending on the transmit power of your router, you can sit out in your backyard and watch clouds drifting by as you type away. Wireless routers are coming down in price with each passing day.

Choosing the right types of wireless devices is an important decision. The next sections discuss some of the basic differences between current protocols used for wireless networking.

The Institute of Electrical and Electronics Engineers (IEEE) started to look seriously at wireless networking in 1990. This is when the 802.11 Standard was first introduced by the Wireless Local Area Networks Standards Working Group. The group based the standard roughly around the architecture used in cellular phone networks. The wireless network is controlled by a base station, which can be just a transmitter attached to the network or, more commonly these days, a router.

Larger networks can use more than one base station. Networks with more than one base station are usually referred to as distribution systems. A distribution system can be used to increase coverage area and support roaming of wireless hosts. You can also employ external omnidirectional antennas to increase coverage area, or if required, use point-to-point, or directional antennas to connect distant computers or networks. Right now, the least expensive wireless Linux networks are built using devices (such as access points or NICs) supporting 802.11b, although prices are rapidly dropping for faster 802.11g devices.

An early standard, 802.11a, offers greater transmission rates than 802.11b, and a number of 802.11a wireless NICs are available (some products provide up to 72Mbps, but will not work with 802.11b devices). Wireless networking devices based on 802.11g, which has the speed improvement of 802.11a and is compatible with 802.11b, are more widely available. Other wireless protocols include Bluetooth, which provides up to 720Kbps data transfers. Bluetooth is intended for short-range device communications (such as for a printer) and supports a typical range of only 10 meters. Bluetooth is unlike IrDA, which requires line-of-sight (devices that are aimed at each other). Bluetooth use conflicts with 802.11 networks because it also uses the 2.4GHz band. You can find out more by browsing to http://www.bluetooth.com/.

The 802.11 standard specifies that wireless devices use a frequency range of 2400–2483.5MHz. This is the standard used in North America and Europe. In Japan, however, wireless networks are limited to a frequency range of 2471MHz–2479MHz because of Japanese regulations. Within these ranges, each network is given up to 79 nonoverlapping frequency channels to use. This reduces the chance of two closely located wireless networks using the same channel at the same time. It also allows for channel hopping, which can be used for security.

Establishing a DSL connection with an ISP providing a static IP address is easy. Unfortunately, many DSL providers use a type of PPP protocol named Point-to-Point Protocol over Ethernet (PPPoE) that provides dynamic IP address assignment and authentication by encapsulating PPP information inside ethernet frames. Roaring Penguin’s rp-pppoe clients are included with Fedora, and these clients make the difficult-to-configure PPPoE connection much easier to deal with. You can download and install newer versions (see the Roaring Penguin link in the “Reference” section at the end of this chapter).

The basic steps involved in manually setting up a DSL connection using Fedora Linux involve connecting the proper hardware, and then running a simple configuration script if you use rp-pppoe from Roaring Penguin.

First, connect your DSL modem to your telephone line, and then plug in your ethernet cable from the modem to your computer’s network interface card. If you plan to share your DSL connection with the rest of your LAN, you need at least two network cards—designated eth0 (for your LAN) and eth1 (for the DSL connection).

The following example assumes that you have more than one computer and will share your DSL connection on a LAN. First, log in as root, and ensure that your first eth0 device is enabled and up (perhaps using the ifconfig command). Next, bring up the other interface, but assign a null IP address like this:

# /sbin/ifconfig eth1 0.0.0.0 up

Now use the adsl-setup command to set up your system. Type the command like this:

# /sbin/adsl-setup

You will be presented with a text script and be asked to enter your username and the ethernet interface used for the connection (such as eth1). You will then be asked to use “on demand” service or have the connection stay up all the time (until brought down by the root operator). You can also set a timeout in seconds, if desired. You’ll then be asked to enter the IP addresses of your ISP’s DNS servers if you haven’t configured the system’s /etc/resolv.conf file.

After that, you will be prompted to enter your password two times, and have to choose the type of firewall and IP masquerading to use. (You learned about IP masquerading in the “Using IP Masquerading in Fedora” section, earlier in this chapter.) The actual configuration is done automatically. Using a firewall is essential nowadays, so you should choose this option unless you intend to craft your own set of firewall rules—a discussion of which is beyond the scope of this book. After you have chosen your firewall and IP masquerading setup, you will be asked to confirm, save, and implement your settings. You are also given a choice to allow users to manage the connection, a handy option for home users.

Changes will be made to your system’s /etc/sysconfig/network-scripts/ifcfg-ppp0, /etc/resolv.conf, /etc/ppp/pap-secrets, and /etc/ppp/chap-secrets files.

After configuration has finished, use the adsl-start command to start a connection and DSL session, like this:

# /sbin/adsl-start

The DSL connection should be nearly instantaneous, but if problems occur, check to make sure that your DSL modem is communicating with the phone company’s central office by examining the status LEDs on the modem. Because this varies from modem to modem, consult your modem user’s manual.

Check to make certain that all cables are properly attached, that your interfaces are properly configured, and that you have entered the correct information to the setup script.

If IP masquerading is enabled, other computers on your LAN on the same subnet address (such as 192.168.1.XXX) can use the Internet, but must have the same /etc/resolv.conf name server entries and a routing entry with the DSL-connected computer as a gateway. For example, if the host computer with the DSL connection has an IP address of 192.168.1.1, and other computers on your LAN use addresses in the 192.168.1.XXX range, use the route command on each computer like this:

# /sbin/route add default gw 192.168.1.1

Note that you can also use a hostname instead if each computer has an /etc/hosts file with hostname and IP address entries for your LAN. To stop your connection, use the adsl-stop command like this:

# /sbin/adsl-stop

The first step in manually configuring PPP is to log in as root to copy and edit the necessary files. After you are logged in, you use the chat command, the pppd daemon, and several files to configure PPP:

Begin by copying the scripts from the /usr/share/doc/ppp*/scripts directory to the /etc/ppp directory, like so:

# cp -ar /usr/share/doc/ppp*/scripts/ppp-o* /etc/ppp

Using your favorite text editor, edit the ppp-on file (making sure to disable the line wrapping function in your editor—that varies from editor to editor—and line-wrapping inserts carriage returns that cause these scripts to stop working) and change the first four entries to reflect your ISP’s phone number and your username and password, like this:

TELEPHONE=555-1212     # The telephone number for the connection
ACCOUNT=hudzilla         # The account name for logon
PASSWORD=spasm        # The password for this account
LOCAL_IP=0.0.0.0       # Local IP address if known. Dynamic = 0.0.0.0

Change the values for TELEPHONE, ACCOUNT, and PASSWORD, substituting your ISP’s phone number and your username and password. Change the LOCAL_IP entry to an IP address only if your ISP provides one for use. (Dynamic IPs are typical of dial-up accounts.) Otherwise, leave the entry blank. Next, scroll through the script until you find the dialing setup, which can look like this:

exec /usr/sbin/pppd debug lock modem crtscts /dev/ttyS0 38400 
        asyncmap 20A0000 escape FF kdebug 0 $LOCAL_IP:$REMOTE_IP 
        noipdefault netmask $NETMASK defaultroute connect $DIALER_SCRIPT

These lines (actually a single script line) contain modem options for the chat script used in the ppp-on-dialer script and will start the pppd daemon on your computer after establishing a connection. Using a text editor, change the modem device (/dev/ttyS0 in this example) to /dev/modem.

# ln -s /dev/ttyS2 /dev/modem

Set the baud rate (38400 in the default case) to the desired connection speed—most likely 115200 or 57600. When finished, save the file.

Next, use the chmod command to make these scripts executable, like this:

# chmod +x /etc/ppp/ppp-o*

To debug or check the progress of your modem connection, dialing, and connection to your ISP, monitor the syslog messages by using the tail command with its -f “loop forever” option, like this:

# /sbin/tail -f /var/log/messages

To connect to your ISP, run the ppp- script:

# /etc/ppp/ppp-on

Use the ppp-off script to stop the PPP connection like so:

# /etc/ppp/ppp-off

You can also move the ppp-on and ppp-off scripts to a recognized $PATH, such as /usr/local/bin. Enabling use of these scripts by normal users will entail changing permissions of the serial port and other files (which can be a security problem because unauthorized users can access it).

$ minicom -s

# echo "AT&W" > /dev/modem

The Fedora Modem Configuration Wizard can be used to set up the many kinds of network connection types that exist. Fedora provides wizards for the following connections:

The example provided here uses the wizard to configure a modem connection—the most commonly encountered home network connection. The other types are configured in essentially the same manner.

From the System menu, select the Administration sub-menu and click Network to open up the Network configuration tool. Enter the root password to gain access to the tool and click New in the toolbar to start the wizard. Select Modem Connection from the list of options, shown in Figure 18.4 and click Forward.

Figure 18.4. The Network Configuration tool can be used to quickly and easily configure many different kinds of Internet connections.

Select Modem Connection in the Device Type list, and then click the Forward button. You are then asked to select a provider, designate a name for the service, enter your ISP’s phone number, and enter your username and password on the remote system, as shown in Figure 18.5. A dialing prefix (to disable call waiting, for example) can be added in the Prefix field. Additional special settings are also included for PPP users in various countries with different ISPs, as shown by the country flags on the left.

Figure 18.5. Enter a name for your ISP’s service, along with the telephone number, username, and password for the service.

Enter the telephone number of your ISP’s remote computer’s modem. Enter a country code if needed, along with an area code and telephone number. Note that some areas require a 10-digit number for local telephone service. When finished, click the Forward button. You’ll then be able to confirm the settings. Click the Finish button to create the interface. When you are done, you will see a new ppp0 entry in the Network Configuration window, as shown in Figure 18.6.

Figure 18.6. Your new PPP dial-up connection appears in the Network Configuration dialog, which also shows the status of the connection.

To edit the new connection identified as ppp0, select the interface, and then click the Edit button. A configuration dialog appears as shown in Figure 18.7 Each tab presents an easy-to-use interface for setting dial-up options.

Figure 18.7. Here you can edit the dial-up configuration if necessary to set IP addresses and other custom values; the defaults work for most people.

This window can be reached later from the System Settings menu as the Network menu item. Fedora also provides a simple control interface via the System Tools menu as the Network Device Control menu item, as shown in Figure 18.8.

Figure 18.8. The Network Device Control allows you to start and stop a network interface.

Launch a PPP connection by selecting the ppp0 interface and then clicking the Activate button.

You can also use the ifup command manually (only as root) to bring up the connection like this:

# /sbin/ifup ppp0

To close the connection manually, use ifdown:

# /sbin/ifdown ppp0

If you named the dial-up connection something other than ppp0, use that name instead. Because we named ours Cavtel, we can bring it up manually with

# /sbin/ifup Cavtel

One of the keys to security not mentioned previously is to keep up-to-date with at least the latest stable versions of your software. Each time a new version of a software package comes out, it corrects any known security holes found in the previous release. Also be sure to keep your operating systems patched to the latest patch level. Your network security is only as strong as the weakest host.

Refer to Chapter 7 for details on how to use RPM to update Fedora with newer software packages. See Chapter 39, “Kernel and Module Management,” to learn how to update your Linux kernel (even if you use RPM).

With effort, your system can be secure enough to keep most intruders out. Just keep your software up-to-date and keep yourself informed of potential security threats to your software, and you should be fine.

http://fedora.redhat.com/docs—Links to additional documentation for Fedora.

http://www.ietf.org/rfc.html—Go here to search for, or get a list of, Request for Comments (RFC).

http://www.oth.net/dyndns.html—For a list of Dynamic DNS service providers, go to this site.

http://www.isc.org/products/DHCP/dhcpv3-README.html—The DHCP README is available at this site.

http://www.ieee.org—The Institute of Electrical and Electronics Engineers (IEEE) website.

http://www.mozillaquest.com/Network_02/Wireless_Network_Technology_03_Story-01.html—Wireless networking with Red Hat 7.2.

http://crl.cs.uiuc.edu/doc/wireless_redhat.html—Wireless networking using Red Hat Linux at the Computing Research Laboratory (CRL), the information technology support group for the Department of Computer Science at the University of Illinois at Urbana-Champaign.

http://www.sorgonet.com/network/wirelessnoap/—Building a wireless network without using an access point, using Red Hat 8.0.

Sams Teach Yourself TCP/IP Network Administration in 21 Days, Sams Publishing, ISBN: 0-672-31250-6

TCP/IP Network Administration, O’Reilly Publishing, ISBN: 1-56592-322-7

Practical Networking, Que Publishing, ISBN: 0-7897-2252-6

Samba Unleashed, Sams Publishing, ISBN: 0-672-31862-8

The DHCP Handbook, Sams Publishing, ISBN: 0-672-32327-3