Complete RHCE
Complete RHCE
Complete RHCE
RHCE
Red Hat Certified Engineer
M. A. Agheli
1
History Of UNIX & Linux
1957: Bell Labs found they needed an operating system
which at the time was running various batch jobs.
1965: Bell Labs create Multics (Multiplexed Information and
Computing Service)
1969: Summer 1969 UNIX was developed by AT&T
1975: Sixth edition of UNIX released May 1975
1985:
1985 GNU project started
1991:
1991 Linux is introduced by Linus Benedict Torvalds who
was a second year student of Computer Science at the
University of Helsinki
1993:
1993 NetBSD & FreeBSD released
1994:
1994 Red Hat Linux is introduced
2
First Article About Linux
From: torvalds@klaava.Helsinki.FI (Linus Benedict Torvalds)
Newsgroups: comp.os.minix
Subject: What would you like to see most in minix?
Summary: small poll for my new operating system
Message-ID: <1991Aug25.205708.9541@klaava.Helsinki.FI>
Date: 25 Aug 91 20:57:08 GMT
Organization: University of Helsinki
Hello everybody out there using minix -
I'm doing a (free) operating system (just a hobby, won't be big and
professional like gnu) for 386(486) AT clones. This has been brewing
since april, and is starting to get ready. I'd like any feedback on
things people like/dislike in minix, as my OS resembles it somewhat
(same physical layout of the file-system (due to practical reasons)
among other things). I've currently ported bash(1.08) and gcc(1.40),and
things seem to work.This implies that I'll get something practical within a
few months, andI'd like to know what features most people would want.a
Any suggestions are welcome, but I won't promise I'll implement them :-)
Linus (torvalds@kruuna.helsinki.fi)
PS. Yes - it's free of any minix code, and it has a multi-threaded fs.
It is NOT protable (uses 386 task switching etc), and it probably never
will support anything other than AT-harddisks, as that's all I have :-(.
3
GNU & GPL
GNU Project:
Focused on creating a Unix like
operating systemthat could be
freely distributed
GPL:
Global Public license(Copyleft)
4
Major Linux Distributors
Vector Linux
5
The Advantage of Linux
Low purchase cost
Open Source Software (OSS)
UNIX heritage
Multi User
Scalability
Vendor support
Reliable uptime
Security
Logging System
…
6
The Disadvantage of Linux
Hardware support
End-user applications
7
A Comparison Of Win 9x, NT, and
Linux
Linux Win NT Win 9x Feature
Good Good Poor Scalability
Good Good Excellen Desktop App. Support
t
Good Good None Enterprise App. Support
Good Good Excellen Hardware Support
t
Excellent Poor Good Licensing Cost
Excellent Good Good Network Performance
Good Good Poor Security
8
Linux Filesystem Hierarchy
Essential Binary Files bin/
Boot Loader Files boot/
Device Files dev/
Configuration Files etc/
User Home Directories home/
Shared Libraries and Kernel Modules lib/
Mount Point for Temporarily Mounted FS mnt/
System Information Virtual File System proc/
root User Home Directory root/
Essential System Binaries sbin/
Temporary Files tmp/
Shareable Files usr/
Non-Shareable Files var/
9
Session 2
RHCE
Red Hat Certified Engineer
M. A. Agheli
10
Installing Linux
Hardware Requirements
Harddisk Partitioning
Boot Loader
Install Packages
X Configuration
11
Overview of the Installation Process
1. Starting the installation process
Installation Mode
Language
Keyboard
Mouse
2. Partitioning
3. Boot Loader Installation
4. Network Configuration
5. Setting the time zone 12
Overview of the Installation Process
5. Firewall Configuration
6. Specifying authentication options
(optional)
7. Specifying user accounts
8. Selecting packages
9. Installing packages
10. Creating a boot disk
11. Configuration the X Windows system
(optional)
13
Installing Linux: Consoles & Message Logs
Contents Keystrokes Console
14
Configuring InstallTime Options
after Installation
authconfig kbdconfig
ntsysv mouseconfig
setup timeconfig
redhat-config- sndconfig
… netconfig
15
Session 3
RHCE
Red Hat Certified Engineer
M. A. Agheli
16
SHELL
bash (Bourne Again Shell)
sach ash
mc tcsh
Some of Important BASH Variables
PATH SHELL PS1 PS2
rm mv cp tac cat
RHCE
Red Hat Certified Engineer
M. A. Agheli
19
BASH
• TAB key Features
• Review Pages & Commands
Quoting in BASH:
“value” ‘value’ `value`
Redirection Operators:
> >> | << <
RHCE
Red Hat Certified Engineer
M. A. Agheli
25
Some of Linux Commands(3)
Create Partitions and Filesystem
26
Some of Linux Commands(4)
Use File Permissions
• Insert Text
Insert Mode
• dd n+dd (Delete)
• Delete
• yy n+yy (Copy)
•p (paste)
Normal Mode
•P (Paste)
•/ (Search)
•w • q!
• v (Visual) (Text Selection)
Command Mode •q •r
• wq = x • s///
28
Session 6
RHCE
Red Hat Certified Engineer
M. A. Agheli
29
Run Levels
Definition Run Levels
This runlevel halts the system 0
This runlevel sets single-user mode 1
Multiuser mode without networking 2
Multiuser mode with networking 3
Not used 4
X-based log in 5
This runlevel reboot the system 6
LILO
Edit /etc/lilo.conf & execute ‘lilo’
command
GRUB
Edit /boot/grub/grub.conf
31
Administrative Tasks
Manage Users, Groups & Related Files
useradd, userdel, groupadd, groupdel, passwd, vipw, vigr
/etc/passwd, /etc/shadow, /etc/skel, /etc/profile, …
Configure and use system log files
/etc/syslog.conf, /etc/logrotate.conf
Scheduling Jobs (at & crontab commands)
Backup & Restore Tools
tar, bzip2, gzip
32
Session 7
RHCE
Red Hat Certified Engineer
M. A. Agheli
33
Linux Installation and
Package Management
RHCE
Red Hat Certified Engineer
M. A. Agheli
37
Shell Scripts
# Comments
#! Special Comments
Assign a Value
x=y x=‘$y’
x=${y} x=\$y
x=$y export x,y,z
x=${y}es export x=$y
x=$yes
38
Shell Scripts
Control Constructs
‘read’ command
‘test’ command ( [ ] )
if …; then …; else …; fi
while …; do …; done
until …; do …; done
for x in …; do …; done
RHCE
Red Hat Certified Engineer
M. A. Agheli
40
Installing and
Configuring
X
41
Basic X Concepts
X Client
X Server
X Protocol
42
Basic X Concepts
X Window Manager
X Desktop Manager
X Display Manager
43
Installing X
44
X Server Selection
XFree86-*
45
Configuring X
redhat-config-xfree86
xvidtune
46
Important X Directories & Files
/usr/X11R6/bin
/etc/X11
/etc/X11/XF86Config
47
Configure and Use PPP
‘redhat-config-network-tui’
Command in Text Mode
Modem Configuration Files
kppp Command in X window
48
Session 10
RHCE
Red Hat Certified Engineer
M. A. Agheli
49
Network Basics
IP (network & host portion)
192.168.168.1 :
11000000.10101000.10101000.00000001
Static IP Dynamic IP
Netmask Address
255.255.255.0 : 11111111.11111111.11111111.00000000
Network Address
192.168.168.0 :
11000000.10101000.10101000.00000000
Broadcast Address 50
Classfull Addressing System
Network Classes
Class A 1.0.0.0-126.0.0.0 (8 bits)
Class B 128.0.0.0-191.0.0.0 (16 bits)
Class C 192.0.0.0-223.0.0.0 (24 bits)
Reserved IP
127.0.0.0-127.255.255.255 (Loop back Addr.)
224.0.0.0-239.255.255.255 (Multicast Protocols)
240.0.0.0-255.255.255.255 (do not used)
Public & Private Networks (Valid & Invalid
IPes)
10.0.0.0-10.255.255.255
172.16.0.0-172.31.255.255
51
192.168.0.0-192.168.255.255
Classless Addressing System (Subnet)
Net. Addr.: 192.168.168.0 =
11000000.10101000.10101000.00000000
Netmasks:
255.255.255.0 (*/24) : 11111111.11111111.11111111.00000000
255.255.255.128 (*/25) : 11111111.11111111.11111111.10000000
255.255.255.192 (*/26) : 11111111.11111111.11111111.11000000
255.255.255.224 (*/27) : 11111111.11111111.11111111.11100000
255.255.255.240 (*/28) : 11111111.11111111.11111111.11110000
255.255.255.248 (*/29) : 11111111.11111111.11111111.11111000
255.255.255.252 (*/30) : 11111111.11111111.11111111.11111100
255.255.255.254 (*/31) : 11111111.11111111.11111111
52
.11111110
TCP/IP Model (1)
Application
Protocols
Transport
Protocols
Internet
Protocols
Network Access
Protocols
53
TCP/IP Model (2)
Network Access Protocols
All functions necessary to access the
physical network
Internet Protocols
IP (Internet Protocol – Connectionless)
ICMP (Internet Control Message Protocol)
54
TCP/IP Model (3)
Transport Protocols
TCP (Transmission Control Protocol)
Connection-based
UDP (User Datagram Protocol)
Connectionless
Application Protocols
Previlage Ports (0-1023)
/etc/services
55
Types of TCP/IP Services
Stand-alone
56
Related TCP/IP Commands
ps x
netstat -ap --inet | grep LISTEN
RHCE
Red Hat Certified Engineer
M. A. Agheli
58
Configuration Network
Initializing Network Hardware
Load related module
59
Configuration Network
Other Network Tools
•tcpdump •ifconfig
•nmap •ping
•tethereal •traceroute
•iptraff •netstat
60
Configuration Network
Network Configuration Files
/etc/hosts
/etc/host.conf
/etc/services
/etc/resolv.conf
/etc/sysconfig/network
/etc/sysconfig/network-scripts/*
IP Aliasing
61
Session 12
RHCE
Red Hat Certified Engineer
M. A. Agheli
62
DHCP
Advantage & disadvantage of
DHCP
DHCP Server Configuration
/etc/dhcpd.conf
/var/lib/dhcp/dhcpd.leases
DHCP Client Configuration
netconfig command
63
An Example of dhcpd.conf
ddns-update-style ad-hoc;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.1 192.168.0.25;
option routers 192.168.0.1;
option subnet-mask 255.255.255.0;
option domain-name "domain.com";
option domain-name-servers 192.168.1.1;
default-lease-time 21600;
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
host dns1 {
hardware ethernet 12:34:56:78:AB:CD;
fixed-address 192.168.0.20;
}
} 64
dhcpd.leases Format
lease 192.168.1.8 {
starts 3 2004/04/12 09:34:12
ends 6 2004/07/15 23:49:57
hardware ethernet 00:09:e6:88:0a:05
}
...
65
NFS
Related Daemons
rpc.nfsd
rpc.portmap
rpc.mountd
Installation
nfs-utils
portmap
2004 Agust 66
NFS Configuration
Server Side
Edit /etc/exports file
PATH host_lists(options)
Run ‘exportfs –r’ command
‘redhat-config-nfs’ Command
Client Side
mount –t nfs server:PATH Mountpoint
Edit ‘/etc/fstab’ file
server:PATH M.P. nfs ro 0 0
67
SAMBA (1)
Related Services
smbd
nmbd
Related Packages
samba
samba-common
samba-client
68
SAMBA (2)
Server Configuration
Global Directives
Service Directives
Client Configuration
smbmount //server/share /m.p.
smbclient //server/share
Configuration with SWAT
69
Session 13
RHCE
Red Hat Certified Engineer
M. A. Agheli
70
TCP/IP Services
Client Server
Process
Process 1. server binds to
2. Client binds port and listens
3. Client connects
to port Port
to server
4. Server
Port designates port
5. Client and server Port
communicate
71
Remote Login
Telnet
Server & Client
SSH
Server & Client
72
The Apache Web Server
Modules
mod_auth
mod_info
mod_php
mod_include
mod_perl
mod_ssl
73
Installation Apache
74
Basic Configuration
httpd.conf
Section 1:
The Global Environment
Section 2:
The Main Configuration
Section 3:
The Virtual Host Configuration
75
Apache Advanced
Configuration
Authentication in Apache
Configure with PHP
Configure with SSL
Configure Virtual Host
76
Authentication in Apache
Create ‘/etc/httpd/.htpasswd’ file
Configuring ‘httpd.conf’ file
<Location /dir_name>
AuthType Basic
AuthName “NAME”
AuthUserFile “.htpasswd”
Require valid-user
</Location>
77
Configure Apache with PHP
rpm –Uvh php-4*.rpm
78
Configure Virtual Host
Configuring ‘/etc/hosts’ file
Configuring ‘httpd.conf’ file
<VirtualHost 127.0.0.2>
ServerAdmin webmaster@vh.com
DocumentRoot /var/www/html/vh/
ServerName www.vh.com
</VirtualHost>
79
Apache Administration
Start
Stop
Restart
Reload
Status
80
Troubleshooting the Apache
/var/log/messages
/var/log/httpd/
/usr/sbin/httpd –S
(for virtual host)
81
Securing Your Network
Using ‘lokkit’ or ‘redhat-config-
securitylevel’ Command
Password & Physical Security
Securing TCP/IP
Using Tripwire
Keeping Up-to-Date on Linux Security
Issues
82
Session 14
RHCE
Red Hat Certified Engineer
M. A. Agheli
83
FTP
Installation
rpm –ivh vsftp*.rpm
Config File
/etc/vsftpd/vsftpd.conf
Access Levels
Anonymouse Access (anonymouse_enable)
User Access (tcp_wrappers needs)
84
Cache Server (Squid)
Install squid
rpm –ivh squid*.rpm
Managing squid
start, stop, restart, status,
reload
85
Squid Log Files
/var/log/squid/access.log
(cache_access_log)
/var/log/squid/cache.log (cache_log)
/var/log/squid/store.log
(cache_store_log)
86
An Example of ‘squid.conf’
http_port 8081
cache_effective_user squid
cache_effective_group squid
acl all src 0.0.0.0/0.0.0.0
http_access allow all
cache_dir ufs /cache 1024 16 32
visible_hostname ws1
87
Running Squid
service squid start
squid –d1 –z
88
The Kind of Proxies
Upstream Proxy
cache_peer yourproxy.com parent 3128 3130
prefer_direct off
Transparent Proxy
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
89
Session 15
RHCE
Red Hat Certified Engineer
M. A. Agheli
90
Configuring a Linux Router
Configuring Kernel
IP: advanced router
Enable IP Forwading
Add ‘net.ipv4.ip_forward=1’ to /etc/sysctl.conf
91
Type of Routes
Static route
Dynamic route
92
Components of Routing Rules
Destination IP Address
An Interface
An Optional Gateway IP
Address
93
Routing Command
route add –net net_addr netmask
mask_addr interface
94
A An Example E
B
F
Router
10.1.1.2
192.168.1.3
eth2 192.168.100.3
C eth0 eth1
G
192.168.1.5 192.168.100.5
95
Related Rules
route add –net 192.168.1.0 netmask 255.255.255.0
eth0
route add –net 192.168.100.0 netmask 255.255.255.0
eth1
route add –net 10.1.1.0 netmask 255.255.255.0 eth2
route add default gateway 10.1.1.2 eth2
96
Iface Use Ref
Result
Metric Flags Genmask Gateway Destination
97
Electronic
Mail
(Sendmail)
98
How Email Is Sent and Received
mail1 MTA mail2 MTA
?
user1@mail1.com
?
user2@mail2.com
99
Concepts
MTA : Mail Transport Agent
SMTP (server-to-server)
Simple Mail Transport Protocol
POP (Mail Access)
Post Office Protocol
IMAP (Mail Access)
Interim Mail Access Protocol
MDA : Mail Delivery Agent
MUA : Mail User Agent
100
Advantage of Sendmail
Older MTA
Powerful MTA
Disadvantage of Sendmail
Slow
High Load Environment
Crypto Configuration
101
MTAs
Sendmail
Postfix
Exim
Qmail
MUAs
Evolution, Kmail (KDE)
Balsa (GNOME)
Mozilla Mail
102
Required Packages
sendmail
sendmail-cf
imap (Config xinetd)
(contains IMAP & POP3)
103
Sendmail
Configuration
Config ‘/etc/mail/sendmail.mc’ file
LOCAL_DOMAIN(‘example.com’)dnl
Run ‘make –C /etc/mail/’
Config DNS
104
Email Aliases
Edit ‘/etc/aliases’ file
postmaster: joseph
105
Rejecting Email
Edit ‘/etc/mail/access’ file
spam.com REJECT
yahoo.com OK
106
Session 16
RHCE
Red Hat Certified Engineer
M. A. Agheli
107
DNS
108
?Where do I look
/etc/nsswitch.conf
(nameservice switch)
t@localhost:~$ cat /etc/nsswitch.conf
hosts: files dns
109
Files
Search order determined by
nsswitch.conf
It is polite to have /etc/hosts first!
110
DNS Traversal
1. Local files
2. Dns server locally
3. Item in cache?
4. Root server, work your way
down…
111
Resolving Names
Configuration Files for the Local
Host Name Resolution (important
for testing)
/etc/resolv.conf
/etc/nsswitch.conf
/etc/host.conf
112
DNS
BIND – Berkley Internet Name Daemon
Dents – buggy as hell (still in alpha?)
Djbdns – Dan Bernstein’s DNS server
Banyan VINES – don’t go there!
113
Named (name dee)
/etc/named.conf:
this defines a directory to store the DNS config files
Contains info about what zones we serve, and where to find config
files!
Config file for named – tells us if we are master / slave, allow or deny
zone transfers, what the IPs of other master / slave servers are, etc.
<DNSROOT>/root.hints:
Contains "pointers" to the Root Servers
<DNSROOT>/127.0.0:
Config for reverse-lookup to the local host/subnet
<DNSROOT>/<zone>:
Config for zone
<DNSROOT>/<in-addr.arpa file>
Config for reverse lookup for your zone
114
A simple named.conf
## named.custom - custom configuration for bind
zone "." {
type hint;
file "root.lists";
};
options {
directory "/var/named/";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "127.0.0";
};
zone "hq.alim.ir" {
type master;
file "hq.alim.ir";
};
zone "168.168.192.in-addr.arpa" {
type master;
file "192.168.168";
};
115
DNS Data
DNS databases contain more than just
hostname-to-address records:
SOA – Start Of Authority – it is the daddy!
IN NS – Name Server
IN MX – Mail eXchanger
IN A – A record (Address record)
IN CNAME – Canonical NAME
116
A simple zone file
@ IN SOA hq.alim.ir. root.hq.alim.ir. (
199609206 ; serial, todays date + todays serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds
NS hq.alim.ir.
MX 10 hq.alim.ir. ; Primary Mail Exchanger
TXT "Alim IT Center"
localhost A 127.0.0.1
router A 192.168.168.1
hq.alim.ir. A 192.168.168.2
ns A 192.168.168.3
www A 207.159.141.192
ftp CNAME hq.alim.ir.
mail CNAME hq.alim.ir.
news CNAME hq.alim.ir.
117
A simple in-addr.arpa file
$TTL 3D
@ IN SOA hq.alim.ir. root.hq.alim.ir. (
199609206 ; Serial
28800 ; Refresh
7200 ; Retry
604800 ; Expire
86400) ; Minimum TTL
NS hq.alim.ir.
; Servers
1 PTR router.hq.alim.ir.
2 PTR hq.alim.ir.
2 PTR funn.hq.alim.ir.
; Workstations
200 PTR ws-177200.hq.alim.ir.
201 PTR ws-177201.hq.alim.ir.
202 PTR ws-177202.hq.alim.ir.
118
Forward DNS
hq.alim.ir (as per /etc/named.conf)
119
Reverse DNS
192.168.168 (as per /etc/named.conf)
SOA
IN NS
IN PTR – Pointer
120
DNS Round Robin
Fault tolerance? Through nifty DNS
hacks
www.teviot.com. 60 IN A 10.0.1.100
www.teviot.com. 60 IN A 10.0.2.100
www.teviot.com. 60 IN A 10.0.3.100
121
Common Mistakes
Forgetting to increment the Serial Number!
CNAME pointing at another CNAME!
Forgetting the “.” In appropriate places!
Underscores in hostnames!
Forgetting to reload the daemon!
Version control issues – clobber changes!
TTL Issues
122
Test Tools
nslookup
dig
dig mail.hq.alim.ir
dig -x 192.168.168.2
dig 168.168.192.in-addr.arpa. AXFR
whois
http://www.squish.net/dnscheck/
James Ponder’s DNS check web page
123
Session 17
RHCE
Red Hat Certified Engineer
M. A. Agheli
124
Firewall
:Required Properties
Control
Allow only those packets that you are
interested to pass through.
Security
Reject packets from malicious outsiders
Watchfulness
Log packets to/from outside world
125
Firewall Types
Statefull
Packet Filtering
Stateless
Proxy-Based Firewall
126
Packet Filter under Linux
1st generation
ipfw (from BSD)
2nd generation
ipfwadm (Linux 2.0)
3rd generation
ipchains (Linux 2.2)
4th generation
iptable (Linux 2.4 & 2.6)
127
Installing Iptables
Kernel Supports Iptables
Networking Options -> TCP/IP Networking ->Network Packet Filtering
Networking Options -> TCP/IP Networking ->IP: advanced router -> *
Networking Options -> IP: NetfilterNetworking Options -> IP: Netfilter
For Packets Traffic Control :
Networking Options> QoS and/or fair queueing -> *
# rpm -ivh \
iptables-1.2.6a-2.i386.rpm
128
Chains of Tables
INPUT
Controls packets entering your system
OUTPUT
Controls packets leaving your system
FORWARD
Controls what packets can move from one
network to another through your system
129
Routing Forward
Decision
Output
Input
Local Process
130
1. When a packet comes in, the kernel first looks at
the destination of the packet: this is called
routing.
2. If it’s destined for this box
• Passes downwards in the diagram
• To INPUT chain
If it passes, any processes waiting for that packet will
receive it.
Otherwise go to step 3
…Continue
131
3. If forwarding is not enabled The packet will be
dropped
If forwarding is enable and the packet is destined for another network
interface.
The packet goes rightwards on our diagram to the FORWARD chain.
132
Packet Status in
Iptables
Established
New
Related
Invalid
133
Results of Packet Checking
ACCEPT
DROP
REJECT
…
134
Tables of Iptables
Filter
NAT
Mangle
135
The Path of Packet Network
NAT Table
PREROUTING Chain Destination NAT
Routing
decision
Mangle INPUT Mangle FORWARD
Local process
Mangle
Routing decision POSTROUTING
Mangle OUTPUT
NAT Source NAT
POSTROUTING Chain
NAT OUTPUT Based on routing
Filter OUTPUT
Network
136
Tables of Chains
POSTROUTI Chain
PREROUTING FORWARD OUTPUT INPUT
NG table
* * * * * MANGLE
* * - * - NAT
- - * * * FILTER
137
Building a Rule source/destination
iptables –s 200.200.200.1
Refers to packet from a specific IP address
The “-s” refers to the source of the packet, where
the packet is coming from.
A corresponding “-d” refers to the destination,
where the packet is going to.
138
Building a Rule Action
iptables –s 200.200.200.1 -j DROP
The “-j” determines what happens to the
Building a Rule
IP address ranges
iptables –s 200.200.200.0/24 -j DROP
IPs that match 200.200.200.*
The “/24” refers to the number of bits that are
fixed, counting from the left.
139
Other Actions
REDIRECT
Sends packets to a proxy
LOG
Tracks packets as they match rules
RETURN
Terminates user defined chains
140
Building a Rule
appending rules to tables
iptables –A INPUT –s 200.200.200.1 -j DROP
The “-A” appends the rule to an iptable
The “INPUT” specifies the iptable
141
Building a Rule
only blocking some packets
iptables –A INPUT –s 200.200.200.1 –p tcp --destination-port telenet –j
DROP
The “-p” specifies a specific protocol: tcp, udp, or icmp
The “-destination-port” is where the packet is going
You can user the service name or the port number
Could use 23 in this example
Keep in mind that the source-port is very different from the destination-
port. In this example the inbound message is going to your telenet server.
The telenet client that is sending you the message could be running on any
port.
--dport == --destination-port
--sport == --source-port
142
Building a Rule
multiple network interfaces
Assume your machine has two interface cards. One to a LAN
named eth0 and the other to the Internet named ppp0
Together these rules would accept telnet requests from the LAN but
block telnet requests from the Internet.
143
Building a Rule Table Policies
iptables –P FORWARD ACCEPT
The “-P” option followed by a table name and
action determines the default policy of the table. If
no rule in the table matches this default action is
taken.
The usual policies are
INPUT = ACCEPT
OUTPUT = ACCEPT
FORWARD = DENY
144
Building a Rule
Adding Rules to Tables
iptables –A INPUT –s 200.200.200.1 -j DROP
Appends the rule to the end of the table
iptables –I INPUT 3 –s 200.200.200.1 -j DROP
Inserts the rule as rule 3 in the table, moving all other rules
down 1.
iptables –R INPUT 3 –s 200.200.200.1 -j DROP
Replaces rule 3 in the table
iptables –D INPUT 3
Deletes rule 3 in the table
145
Operations to manage whole
chains
Create a new chain N-
148
Session 18
RHCE
Red Hat Certified Engineer
Advanced
M. A. Agheli
149
Traffic Shaping (CBQ)
/etc/rc.d/init.d/cbq.init
(http://ovh.dl.sourceforge.net/sourceforge/cbqinit/cbq.init-v0.7.3 )
/etc/sysconfig/cbq/*(0002-FFFF)
/etc/rc.d/init.d/cbq.init start
150
Sample of CBQ
Configuration
DEVICE=eth0,10Mbit,1Mbit
RATE=10 Kbit
PRIO=5
RULE=:21,192.168.1.0/24
151
The
End
Good Luck
152