1. Working with Ethernet
Interface |
- 1.1. How do I enable DHCP on a ethernet interface?
- 1.2. How can I assign a Static IP address to ethernet
interface
|
| 1.1.
|
How do I enable DHCP on a ethernet interface? |
|
DHCP lets the ehternet interface automatically get a dynamic IP address
from a DHCP server.
To enable DHCP on eth0, edit the /etc/sysconfig/network-scripts/ifcfg-eth0 file:
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
|
Set the BOOTPROTO to dhcp:
DEVICE=eth0
BOOTPROTO=dhcp
NETMASK=255.0.0.0
ONBOOT=yes
|
There should be no entry for IPADDR |
| 1.2.
|
How can I assign a Static IP address to ethernet interface |
|
To assign a static IP address to the eth0 ethernet interface, edit the
file /etc/sysconfig/network-scripts/ifcfg-eth0
file:
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
|
Set BOOTPROTO to static and assign a static IP address using the IPADDR
directive. e.g.
DEVICE=eth0
BOOTPROTO=static
IPADDR=10.26.8.12
NETMASK=255.0.0.0
ONBOOT=yes
|
Next edit the /etc/sysconfig/network to specify
the GATEWAY:
# vi /etc/sysconfig/network
|
Add the GATEWAY directive if doesn't already exist
NETWORKING=yes
HOSTNAME=localhost.localdomain
GATEWAY=10.26.0.1
| |
2. Working with xinetd |
- 2.1. How can enable/disable a service from accepting
connections
- 2.2. How do I restart xinetd?
|
| 2.1.
|
How can enable/disable a service from accepting connections |
|
Services like wu-ftpd, telnetd, finger, rsh, rlogin etc. can be
disable/enable, by editting appropriate file under the /etc/xinet.d
For e.g. to enable wu-ftpd, edit the cat
/etc/xinetd.d/wu-ftpd and set disable to no
# vi /etc/xinetd.d/wu-ftpd
|
# default: on
# description: The wu-ftpd FTP server serves FTP connections. It uses \
# normal, unencrypted usernames and passwords for authentication.
service ftp
{
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.ftpd
server_args = -l -a
log_on_success += DURATION
nice = 10
disable = no
}
|
To disable a service from accepting connections, set disable to
yes |
| 2.2.
|
How do I restart xinetd? |
|
|
3. SSHing |
- 3.1. How can I use SSH to connect to external ports that are
blocked by firewall?
|
| 3.1.
|
How can I use SSH to connect to external ports that are blocked by
firewall? |
|
You will need to use SSH tunneling. All you need is computer running
SSHD (SSH Daemon) that is outside the firewall. Using this computer you
can connect to blocked ports from inside the firewall.
Let's say you can not connect to a IRC server outside the firewall, but
you are dying to chat with other SysAdmin of Apache/Tomcat on
irc.us.openprojects.net
Worry not - just create a tunnel using SSH. Let us say you have a
machine at home (your.linux.box.at.home) that is running SSHD and is
outside the firewall:
# ssh -L 6667:irc.us.openprojects.net:6667 username@your.linux.box.at.home
|
This tells SSH to forward the local port 6667 to port 6667 of
irc.us.openprojects.net
Now you can tell you irc client to use localhost as the server, and SSH
will forward all the traffic for you. e.g. on IRC window
You can use the same technique to connect to websites that are blocked
by the firewall. For e.g. Sun Microsystem has it's Discussion Forum
website running on port 9613.
Just create a tunnel for port 9613 on the machine
Mysun-mail.sun.com:9613
# ssh -L 9613:Mysun-mail.sun.com:9613
|
Now can connect to the wesbite by typing in http://localhost:9613 on
your browser |
4. Security |
- 4.1. Howto get a list of open ports, and the
processes
- 4.2. How can I turn off the init rc script from starting during
the boot
|
| 4.1.
|
Howto get a list of open ports, and the processes |
|
An easy way to find the open ports, and the processes that have them
open is using the netstat command as follows:
If you already know the port number, and would like to know which
process owns the port, use the lsof command
|
| 4.2.
|
How can I turn off the init rc script from starting during the
boot |
|
The best way is to use the chkconfig command as follows
# chkconfig servicename off
|
e.g.
Another way to stop a service from being started at boot time is to
change it's name
# mv /etc/rc3.d/S55sshd /etc/rc3.d/s55sshd
|
Note: Only scripts that start with a capital 'S' are processed by the
rc deamon. Changing to 's' prevents the rc deamon to process those
scripts. |
5. sendmail |
- 5.1. How can I start receiving email on my linux box, or how do
I enable Internet email on my linux box
- 5.2. How do I re-start sendmail
|
| 5.1.
|
How can I start receiving email on my linux box, or how do I enable
Internet email on my linux box |
|
To start receiving email over the network, comment out the DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
line in the /etc/mail/sendmail.mc file. After
commenting out, the line should look as follows:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') |
Then re-generate the /etc/mail/sendmail.cf file
as follows:
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
|
NoteYou need the sendmail-cf rpm installed to run
this command successfully.
You might also need to create a file called /etc/mail/relay-domains. The content of the file
should list the IP address and domain name of the mailhosti. e.g.
# cat /etc/mail/relay-domains
193.10.20.90
mail.domain.net
|
Once new sendmail.cf is generated, you will have restart the sendmail
service, using the following command:
# /etc/init.d/sendmail restart
| |
| 5.2.
|
How do I re-start sendmail |
|
# /etc/init.d/sendmail restart
|
|
Tips para usuarios
Responder a este mensaje
