Learning Path: Linux: A to Z Linux Networking Concepts

Linux Networking Solutions - Part 1 29 lectures 01:58:20 Linux Networking Solutions - Part 1 - The Course Overview This video provides an overview of the entire course. Setting Up the Physical Network In this video, we will configure the network within Linux.

• Use the IP command
• Use ethtool, mii-tool, or mii-diag to perform the same action
• Run the same command on both the systems

Configuring IPv4 In this video, we will configure IPV4 in both the servers.

• Configure the IP addresses
• Start with server 1
• Perform the same action on server 2

Configuring IPv4 Permanently In this video, we will configure IPv4 permanently in Ubuntu as well as in centOS.

• See how it works in Debian or Ubuntu
• Add eth0 configuration
• See how it works in Red Hat or CentOS

Connecting Two Networks We will see how to connect two networks, here we will configure 3 servers and interchange the data.

• Configure the network interface on eth1 on server 1
• Configure eth0 on server 3 with an IP address of 192.168.0.2
• Add a default route on server 3 and server 2

Enabling NAT to the Outside Connecting two local networks is useful, but these days it's more common to want to connect a local network to the Internet.

• Configure eth2 to receive an IP address via DHCP
• Use iptables to enable NAT on packets heading out through eth2

Setting Up DHCP You now have a router that provides Internet access to all systems behind it, but the systems behind it need to be manually configured with IP addresses while avoiding conflicts.

• Set up DHCP in Debian/Ubuntu
• Set up DHCP in Red Hat/ CentOS

Setting Up a Firewall with iptables In this section, we're going to go a bit deeper into configuring a secure firewall for your network.

• Set an ACCEPT policy on traffic destined to the local system on the localhost adapter
• Set an ACCEPT policy for any packet that matches a state
• Define the default policies

Setting Up Port Forwarding Sometimes, you want to forward a port to a system behind the firewall instead of having the service run on the firewall itself.

• Rewrite packets addressed to port 80 to instead go to port 8080
• Accept any packets addressed to 192.168.0.200 port 8080

Adding VLAN Tagging What if we want to have multiple private networks behind the route?

• Hook it up to a switch that has VLAN enabled
• Create virtual interfaces assigned to the desired VLAN

Setting Up Your System to Talk to a nameserver We cannot visit web pages by requesting them by IP address; rather we will ping them by their domain name. This problem is solved using a recursive DNS server to resolve the hostnames into IP addresses.

• Configure Linux to use a DNS server
• Add a domain line

Setting Up a Local Recursive Resolver Set up your own recursive nameserver, which will help cut down on the round trips between you and your resolver.

• Install bind9 on Ubuntu
• Add an allow-recursion entry
• Use a forwarders

Configuring Dynamic DNS on Your Local Network With the use of Dynamic DNS, you can leverage your DNS server to address your local systems by name.

• Configure your bind instance to host DNS for your internal domain
• Populate the zone in example.org.db
• Generate a HMAC key for securing the communication

Setting Up a nameserver for Your Public Domain It works the same way as setting up a DNS server for an internal hostname, just with a few additional parts that we'll want to make sure are in a good state.

• Set up a properly configured SOA record
• Set up a record for NS hosts
• Set up glue records

Setting Up a Slave nameserver Bind/named can handle the synchronization internally, through the use of zone transfer (AXFR) requests or incremental zone transfer (IXFR) requests secured with the same type of HMAC keys utilized by the DHCP server to send updates to the DNS server.

• Generate another HMAC key to use in authenticated zone transfers
• Create a file called transfer.key
• Include transfer.key on both the master and slave servers

Setting Up an IPv6 Tunnel Via Hurricane Electric In addition to their hosting/transit services, they also host another free IPv6 tunnel provider, and a training and certificate site for learning about IPv6 networking.

• Visit and click Sign up now
• Enter your IP address under the IPv4 endpoint
• Collect the local and remote IPv4 and IPv6 addresses provided by HE's website

Using ip6tables to Firewall Your IPv6 Traffic This tool is the IPv6 version of the iptables command we've already used, and it operates in almost the same manner.

• Run the command to establish
• Explore ip6tables

Route an IPv6 netblock to Your Local Network IPv6 has ability to obtain a large number of public IP addresses for your local networks rather than using NAT.

• Configure /etc/radvd.conf
• Start radvd via the init script or as appropriate for your distribution

Installing OpenSSH All Linux distributions offer the ability to install a Secure Shell (SSH) server.

• Install SSH server in Debian/Ubuntu
• Install Fedora, CentOS, and other RedHat derivatives through sudo yum install openssh-server

Using OpenSSH as a Basic Shell Client If you are connecting from another Unix system, such as Linux or Mac OS X, you can launch a terminal and use the SSH command-line tool from OpenSSH.

• Launch Terminal.app on your Mac or an xterm on your Linux system
• Run sshusername@host

Using OpenSSH to Forward Defined Ports In this section we will see ability of Openssh to forward ports from the remote system to your local system or vice versa

• Forward a remote port locally
• Forward a local port remotely
• Make either port available from remote systems

Using OpenSSH as a SOCKS Proxy If you're looking to access webpages through an SSH proxy, you may find that the —L option is a bit too limiting, since you need to specify each individual web server that you're forwarding and give each one its own local port.

• Specify —D 8000
• Configure your client to use that port as a SOCKS proxy

Using OpenVPN OpenVPN is a full SSL VPN solution that allows you to connect two networks at layer 2 or 3 via a TCP or UDP tunnel.

• Install OpenVPN on the server and generate a static key
• Set up the server configuration and Create a client configuration file
• Copy the static key to the client and connect the VPN from the client as root

Configuring Apache with TLS Installing Apache with TLS is easier than ever, although the specific process can vary from distribution to distribution due to differences in configuration layout.

• Install the package
• Enable the SSL modules and stock SSL configuration
• Add the appropriate SSL certs to the machine

Improving Scaling with the Worker MPM Apache2 offers a variety of Multi-Processing Modules (MPM) for defining how the daemon will handle scaling.

• Configure the worker MPM on Ubuntu 14.04
• Execute a2query
• Swap out the existing MPM

Setting Up PHP Using an Apache Module PHP is a very common programming language to use on Apache webserver, largely due to its ease of use.

• Set up PHP on Ubuntu 14.04
• Set up PHP on CentOS 7

Securing Your Web Applications Using mod_security PHP code can certainly be secure, it often appeals to new developers who have not yet learned secure coding practices.

• Set up the mod_security configuration file(Ubuntu 14.04)
• Set up the mod_security core rules set(CentOS 7)
• Switch the configuration to detection only

Configuring NGINX with TLS NGINX works well as a lightweight, fast, multithreaded offering.

• Install the software and Configure the server for TLS by uncommenting the HTTPS server section(Ubuntu 14.04)
• Install the EPEL repo And Install the nginx package: (CentOS 7)
• Configure the server for TLS by adding an https server section and Enable nginx to start on boot(CentOS 7)

Setting Up PHP in NGINX with FastCGI Using this approach can limit what content runs through the processor.

• Install the PHP FastCGI wrapper and Configure nginx to talk to the php5-fpm daemon (Ubuntu 14.04)
• Install the PHP FastCGI wrapper: and Modify PHP's configuration file to disable cgi.fix_pathinfo,(CentOS 7)

Linux Networking Solutions - Part 1. 29 lectures 01:58:20 Linux Networking Solutions - Part 1 - The Course Overview This video provides an overview of the entire course. Setting Up the Physical Network In this video, we will configure the network within Linux.

• Use the IP command
• Use ethtool, mii-tool, or mii-diag to perform the same action
• Run the same command on both the systems

Configuring IPv4 In this video, we will configure IPV4 in both the servers.

• Configure the IP addresses
• Start with server 1
• Perform the same action on server 2

Configuring IPv4 Permanently In this video, we will configure IPv4 permanently in Ubuntu as well as in centOS.

• See how it works in Debian or Ubuntu
• Add eth0 configuration
• See how it works in Red Hat or CentOS

Connecting Two Networks We will see how to connect two networks, here we will configure 3 servers and interchange the data.

• Configure the network interface on eth1 on server 1
• Configure eth0 on server 3 with an IP address of 192.168.0.2
• Add a default route on server 3 and server 2

Enabling NAT to the Outside Connecting two local networks is useful, but these days it's more common to want to connect a local network to the Internet.

• Configure eth2 to receive an IP address via DHCP
• Use iptables to enable NAT on packets heading out through eth2

Setting Up DHCP You now have a router that provides Internet access to all systems behind it, but the systems behind it need to be manually configured with IP addresses while avoiding conflicts.

• Set up DHCP in Debian/Ubuntu
• Set up DHCP in Red Hat/ CentOS

Setting Up a Firewall with iptables In this section, we're going to go a bit deeper into configuring a secure firewall for your network.

• Set an ACCEPT policy on traffic destined to the local system on the localhost adapter
• Set an ACCEPT policy for any packet that matches a state
• Define the default policies

Setting Up Port Forwarding Sometimes, you want to forward a port to a system behind the firewall instead of having the service run on the firewall itself.

• Rewrite packets addressed to port 80 to instead go to port 8080
• Accept any packets addressed to 192.168.0.200 port 8080

Adding VLAN Tagging What if we want to have multiple private networks behind the route?

• Hook it up to a switch that has VLAN enabled
• Create virtual interfaces assigned to the desired VLAN

Setting Up Your System to Talk to a nameserver We cannot visit web pages by requesting them by IP address; rather we will ping them by their domain name. This problem is solved using a recursive DNS server to resolve the hostnames into IP addresses.

• Configure Linux to use a DNS server
• Add a domain line

Setting Up a Local Recursive Resolver Set up your own recursive nameserver, which will help cut down on the round trips between you and your resolver.

• Install bind9 on Ubuntu
• Add an allow-recursion entry
• Use a forwarders

Configuring Dynamic DNS on Your Local Network With the use of Dynamic DNS, you can leverage your DNS server to address your local systems by name.

• Configure your bind instance to host DNS for your internal domain
• Populate the zone in example.org.db
• Generate a HMAC key for securing the communication

Setting Up a nameserver for Your Public Domain It works the same way as setting up a DNS server for an internal hostname, just with a few additional parts that we'll want to make sure are in a good state.

• Set up a properly configured SOA record
• Set up a record for NS hosts
• Set up glue records

Setting Up a Slave nameserver Bind/named can handle the synchronization internally, through the use of zone transfer (AXFR) requests or incremental zone transfer (IXFR) requests secured with the same type of HMAC keys utilized by the DHCP server to send updates to the DNS server.

• Generate another HMAC key to use in authenticated zone transfers
• Create a file called transfer.key
• Include transfer.key on both the master and slave servers

Setting Up an IPv6 Tunnel Via Hurricane Electric In addition to their hosting/transit services, they also host another free IPv6 tunnel provider, and a training and certificate site for learning about IPv6 networking.

• Visit and click Sign up now
• Enter your IP address under the IPv4 endpoint
• Collect the local and remote IPv4 and IPv6 addresses provided by HE's website

Using ip6tables to Firewall Your IPv6 Traffic This tool is the IPv6 version of the iptables command we've already used, and it operates in almost the same manner.

• Run the command to establish
• Explore ip6tables

Route an IPv6 netblock to Your Local Network IPv6 has ability to obtain a large number of public IP addresses for your local networks rather than using NAT.

• Configure /etc/radvd.conf
• Start radvd via the init script or as appropriate for your distribution

Installing OpenSSH All Linux distributions offer the ability to install a Secure Shell (SSH) server ng Connecting Two Networks We will see how to connect two networks, here we will configure 3 servers and interchange the data.

• Configure the network interface on eth1 on server 1
• Configure eth0 on server 3 with an IP address...