Upload
mahisella
View
235
Download
0
Embed Size (px)
Citation preview
7/27/2019 network config
1/12
Ex No : 7 SETTING UP THE COMPLETE NETWORKINTERFACE
Aim :
To setup the completenetwork interfaceusingifconfig command like settinggateway,
DNS, IP tables,firewall.
Procedure :
Step 1 Setting up a static IP:
IFCONFIG is a toolprovided by Fedorasystem to configurenetwork interface(like
settingup a staticIP)
OPTION PURPOSE
-a Display all interfaceswhich are
available,even ifdown.
-s Display a short list.
-v Be more verbose for errorconditions.
Interface The name of the device interface,
usuallya drivername, followed by a unit
number. For eg. eth0
interface[up/do
wn]
upcauses the interfacetobe
deactivated.
For eg. ifconfig eth0 up
ifconfig eth0 down
interface
address
The ip address is assisnedto the
interface.
For eg. ifconfig eth0 192.168.0.10
Assignan IP address to the interfacecurrentlybeingconfigured.The address
configuredis static.
Usage:
Identifythe name of the network interfacesconfiguredwith the help of the a
option of ifconfig:
$ ifconfig a
7/27/2019 network config
2/12
To assignan IP address to aparticularinterface,say eth0 :
$ ifconfig eth0 192.168.0.10
To activatethe interface,afterthe IP address has been assigned:
$ ifconfig eth0 up
To deactivatethe interface:
$ ifconfig eth0 down
ifconfig with options a, -s :
7/27/2019 network config
3/12
A
7/27/2019 network config
4/12
Step 2 Set up a default gateway, using route:
Once a static IP address has been assignedto the interfaceunder
consideration, ROUTE system call is used to set up staticroutes to specifichosts or
networks via the interface.
OPTION PURPOSE
-v Selectverbose operation.
-n Show numerical address instead of trying to
determine.
-e Displays routingtablein netstat format.
Del Deletea route.
Add Add a new route.
target The destinationnetwork/host.
Gw Route packets via a GATEWAY (staticroute to
the gateway must be setbeforehand)
netmask When addinga network route, a network is to
be used.
7/27/2019 network config
5/12
Usage:
To add defaultgateway to the network interfacecurrentlyconfigured,use the
addoption of route:
$ route add default192.168.0.0
NOTE: The gateway is identifiedas defaultand must fall under the networkof
the interfaceconfigured,in order to be routed correctly.
To specifythe network address to route to a gateway (a more general usage)
$ route add net 292.168.0.0 netmask 255.255.0.0
route with options v, -n, -e, -net (adding a network), -host (adding a
host) :
7/27/2019 network config
6/12
7/27/2019 network config
7/12
7/27/2019 network config
8/12
Step 3 Setting up a nameserver(DNS):
When configuring the resolverlibrary to use the bindname service for lookups,
the name servers to be used are to be specified.
The details of such name servers are stored in a file resolv.conf in the etc
directory.
The most importantoptionis the name server, which givesthe IP address of
the server to be used.
For eg.
# /etc/resolv.conf
#domain
domainmydomian.com
#nameserver
nameserver 192.168.0.210
This settingcan be verified by usingthe PINGtool.
$ pingfacebook.com
Ifthe output command is:
unknown host facebook.com,
then the DNS server is eitherdown or not configuredproperly.
Manual And Dynamic Settings :
7/27/2019 network config
9/12
Step 4 Setting up network firewall using iptables:
Once nameservers have been successfullyconfigured,Firewall/NATpackages are
installedusingIPTABLES. Iptablesis an administrationtool forpacket filtering and
NAT.
Several tablesmay be defined.Each tableconsists of a numberofbuilt-in
chainsand user-definedchains.
A firewall rulespecifiesa criterion for a packet and a target. Ifpacket is
matched, the correspondingnext ruleis specifiedby value of the target, which
can be the name of the user-definedchains or one of the special values:
ACCEPT, DROP, QUEUE or RETURN.
ACCEPT:L
etpacket through.
DROP: Droppacket.
QUEUE: Pass packet to userspace.
RETURN: Stop traversingthe chainand return the next rulein calling
(previous)chain.
Chainscan be added to the following 4 tables:
OPTION PURPOSE
Filter Defaulttable
3 chains:
o INPUT: forpackets designedlocal sockets
o OUTPUT: for locally generated sockets
o FORWARD: forpacketsbeingrouted through the
box
nat Constructed,when a packet that creates a new
connectionis encountered.
7/27/2019 network config
10/12
3 built-in chains:
o PRE-ROUTING: alteringpackets as soon as they
come in
o OUTPUT: alteringlocally generatedpackets
before routing
o POST-ROUTING: alteringpackets as they are
about to go out
Manage Used for specializedpacket alteration.
Raw Configuring exceptionsfrom connectiontracking.
Usage:
To add a ruleto the inputchainto drop all the packets incomingthrough port
80:
$ iptablesA INPUT p tcp dport 80 j DROP
The above ruleonce added drops all packets coming intothe system through
port 80, usingtcp.
To add a ruleto the output chain:
$ iptablesA output p tcp --dport 80
This ruledrops all packets sent by the host through port 80, usingtcp.
To deletea rulefrom the inputchain,providethe chainname and no. of rulesto
delete:
$ iptablesD input2
The list of services, protocolsused and port numbers can be found in the file
etc/services.
7/27/2019 network config
11/12
Adding a rule to the INPUTchain
7/27/2019 network config
12/12
CONCLUSION : Thus the complete network interface using ifconfig commands like
setting gateway, DNS, IP tables,firewall have been performed successfully.