When using Linux as a gateway between two Ethernet, the server needs to configure two network cards. In order to reduce problems that may occur at start-up, the Linux kernel does not automatically detect multiple network cards. If you need to install the multi-block on the server, you need to specify the parameter information of each NIC in the "/etc/lilo.conf" file for the system that has been compiled into the kernel, and is required to drive the network card. Compile to the kernel but as a system-dynamically loaded system, the corresponding configuration should be performed in the "conf.modules" file. If the device driver is compiled into a module (the module of the kernel): For the PCI device, the module will automatically detect all devices installed on the system; for the ISA card, you need to provide the module to the module to know where the module knows where Look for this card, which is available in "/etc/conf.modules". For example, we have two ISA bus 3C509 cards, one IO address is 0x300, and the other is 0x320. Edit the "conf.modules" files as follows: Alias Eth0 3C509Alias Eth1 3C509Options 3C509 IO = 0x300, 0x320 This is to explain the driver of 3C509 should be loaded by Eth0 or Eth1 (Alias Eth0, Eth1), and they should be parameter IO = 0x300, 0x320 Loaded, this driver know where to find the NIC, where 0x is indispensable. For the PCI card, only the alias command is required to associate the Ethn and the appropriate drive module name, and the IO address of the PCI card will be automatically detected. For the PCI card, editing the "conf.modules" files as follows: Alias Eth0 3C509Alias Eth1 3C509 If the driver has been compiled into the kernel: The PCI detector when the system starts will automatically find all related network cards. The ISA card can generally be automatically detected, but in some cases, the ISA card still needs to do the following configuration: In "/etc/lilo.conf", the configuration information is added, and the method is to start the parameters through the LILO program. The information is transmitted to the kernel. For the ISA card, edit the "lilo.conf" file, add the following: append = "ether =" 0, 0, EHT1 "Note: Do not join the startup parameters in" lilo.conf ", test your ISA card, If the startup parameters are fails. If the method of passing the startup parameters, ETH0 and Eth1 will be set in the order of startup. Because we have recompiled the kernel, there must be a second method (in lilo.conf) Add startup parameters) Install our second network card in the system. This method is only necessary for the ISA card, so the PCI card will be automatically found, so there is nothing necessary. Some configuration files related to the network are in the Linux system. The TCP / IP network is configured by several text files. Perhaps you need to edit these files to complete the networking work. The following section introduces the basic TCP / IP profile: "/ etc / hostname" file: This file contains the system The host name, including a complete domain name, such as: Deep.openarch.com "/ etc / sysconfig / network-scripts / ifcfg-ethn" file: In redhat6.1, the configuration file of the system network device is saved "/ etc / In the sysconfig / network-scripts directory, IFCFG-ETH0 includes configuration information of the first block, IFCFG-EHT1 contains configuration information of the second network card.
The following is an example of "/ etc / sysconfig / network-scripts / ifcfg-eth0" file: DEVICE = eth0IPADDR = 208.164.186.1NETMASK = 255.255.255.0NETWORK = 208.164.186.0BROADCAST = 208.164.186.255ONBOOT = yesBOOTPROTO = noneUSERCTL = no if Hand-to modify the network address or add a new network interface on a new interface, you can implement the corresponding file (ifcfg-ethn) or create a new file. Device = name name indicates the name of the physical device iPaddr = addr addr indicates that the IP address of the card is named Netmask = Mask Mask indicates that the network mask network = addr addr indicates that the network address Broadcast = addr addr indicates the broadcast address onboot = yes / no startup Whether to activate the card bootproto = proto proto Value is: None: No start protocol bootp: Using the BOOTP protocol DHCP: Use the DHCP protocol userctl = YES / NO to allow non-root users to control the device "/etc/resolv.conf" file : This file is the configuration file used by the parser (Resolver, a library parsing the IP address based on the host name), as follows: Search Openarch.comNameserver 208.164.186.1nameserver 208.164.186.2 "Search DomainName.com" said that one is provided When the host name does not include the host name of the full domain, the suffix of DomainName.com is added after the host name; "Nameserver" means that the host specified by the address is dominated by the domain name. The domain name server is queried in the order that appears in the file. "/Etc/host.conf" file: This file specifies how to resolve the host name. Linux gets the IP address corresponding to the host name by the parser library. Below is an example of "/etc/host.conf": Order Bind, HostSmulti OnoF on "Order Bind, Hosts" Specifies the host name query order, here, you must use DNS to parse domain names, then query "/ etc / hosts" file. "Multi On" Specifies whether the host specified in the "/ etc / hosts" file can have multiple addresses, and hosts with multiple IP addresses are generally referred to as having multiple network interfaces. "Nospook ON" means that the server is not allowed to deceive the server. IP spoof is a means of attacking system security, and the trust of other computers is achieved by implying IP addresses to other computers. "/ Etc / sysconfig / network" file This file is used to specify the network configuration information on the server. Here is an example: network = yesrorward_IPv4 = yeshostname = Deep.openarch.comgareway = 0.0.0.0gatewaydev = network = YES / NO network is Configured; forward_ipv4 = YES / NO Whether to turn on IP forwarding function Hostname = hostname hostname Represents the host name of the server GAREWAY = GW-IP GW-IP Represents the IP address of the network gateway GAREWAYDEV = GW-DEV GW-DW indicates the device name of the gateway. Such as: Etho, etc .: In order to be compatible with old software, the "/ etc / hostname" file should be used with HostName = Hostname.
"/ Etc / hosts" file When the machine is started, the machine needs to query some hostnames to the IP address before you can query DNS. These matching information is stored in the / etc / hosts file. In the case of a domain name server, all network programs on the system are queried by querying the file to parse the IP address corresponding to a host name. Here is an example "/ etc / hosts" file: IP AddressHostnameAlias127.0.0.1LocalhostGate.openarch.com208.164.186.1gate.openarch.comGate208.164.186.2forest.openarch.comForest208.164.186.3deep.openarch.comDeep leftmost column Is the host IP information, the middle one is the host name. Any back column is the alias of the host. Once the machine's network configuration file is configured, you should restart the network to make the modification take effect. Use the following command to restart the network: /etc/rc.d/init.d/network restart Note: The TCPD program is responsible for detecting service requests such as Telnet, FTP. Once the service request arrives, the inetd process will start the TCPD process, and TCPD logs the request in the log file and completes some other detection work. If everything is normal, TCPD will launch the corresponding server process and then end it. TCPD To pass the IP address of the client to get the host name by querying the DNS server, then resolve the IP address corresponding to the host name, then the IP address and the IP of the client's machine The address is compared, and the verification of clients that send requests are implemented by these steps. If the two do not match, TCPD thinks that the requested machine is disguised into other machines, which is why it is sometimes Telnet to Linux machine to wait for a long time, can pass in "/ etc / hosts" To join the client's machine's IP address and hostname, you can reduce the login wait time. The TCPD can be set to disable source path routing socket connection requests. This setting can avoid hackers to attack the IP address of the IP address into other computers, attack the server. Note that this setting is invalid for UDP. When the server tries to reverse the IP address of the client's client's IP address to the host name, a timeout error occurs. The reason may be that the DNS server is not configured, or the DNS does not have any information for client computers that request the service. Manually configure TCP / IP network ifconfig is used to set up and configure the network card for the command of the network card, and you need to be familiar with this command. The advantage of this command is not to restart the machine.
Assigning the ETH0 interface IP address 208.164.186.2, use commands: [root @ desk] #ifconfig eth0 208.164.186.2 Netmask 255.255.255.0 lists all network interfaces, you can use the command: [root @ deskp] # ifconfig this command such output is: eth0Link encap: Ethernet HWaddr 00: E0: 18: 90: 1B: 56inet addr: 208.164.186.2 Bcast: 208.164.186.255 Mask: 255.255.255.0UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1RX packets: 1295 errors : 0 dropped: 0 overruns: 0 frame: 0TX packets: 1163 errors: 0 dropped: 0 overruns: 0 carrier: 0collisions: 0 txqueuelen: 100Interrupt: 11 Base address: 0xa800loLink encap: Local Loopbackinet addr: 127.0.0.1 Mask: 255.0. 0.0UP loopback Running MTU: 3924 Metric: 1RX Packets: 139 Errors: 0 Dropped: 0 Overruns: 0 Frame: 0TX Packets: 139 Errors: 0 Dropped: 0 overruns: 0 Carrier: 0Collisions: 0 TXQUEELEN: 0 If you run without any The IFCONFIG command of the parameter, this command displays information about all activated interfaces of the machine.
This command with -A parameters displays information of all interfaces, including unmatched interfaces, for example: [root @ deskp] # ifconfig -a output is like this: eth0Link Encap: Ethernet Hwaddr 00: E0: 18: 90: 1B: 56inet addr: 208.164.186.2 Bcast: 208.164.186.255 Mask: 255.255.255.0UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1RX packets: 1295 errors: 0 dropped: 0 overruns: 0 frame: 0TX packets: 1163 errors: 0 dropped: 0 overruns: 0 carrier: 0collisions: 0 txqueuelen: 100Interrupt: 11 Base address: 0xa800eth1Link encap: Ethernet HWaddr 00: E0: 18: 90: 1B: 56inet addr: 192.168.1.1 Bcast: 192.168.1.255 Mask: 255.255.255.0UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1RX packets: 1295 errors: 0 dropped: 0 overruns: 0 frame: 0TX packets: 1163 errors: 0 dropped: 0 overruns: 0 carrier: 0collisions: 0 txqueuelen: 100Interrupt: 5 Base address: 0xa320loLink encap: Local Loopbackinet addr: 127.0.0.1 Mask: 255.0.0.0UP LOOPBACK RUNNING MTU: 3924 Metric: 1RX packets: 139 errors: 0 dropped: 0 overruns: 0 frame: 0TX packets: 139 errors: 0 dropped: 0 Overruns: 0 Carrier: 0Collisions: 0 TXQUEUELEN: 0 Note: The network device parameters configured with the ifconfig command will be lost after restarting. Configuring the default gateway for 208.164.186.1, use the command: [root @ desk] # Route Add Default GW 208.164.186.1 In this example, the default gateway is set to 208.164.186.1. Then, test whether the machine can be connected to this network segment, select a host from the network, such as 208.164.186.1.
Test it with the following command to connect this computer: [root @ Deep] # ping 208.164.186.1 The output will be like this: ping 208.164.186.1 (208.164.186.1) from 208.164.186.2: 56 data bytes64 bytes from 208.164. 186.2: icmp_seq = 0 ttl = 128 time = 1.0 ms64 bytes from 208.164.186.2: icmp_seq = 1 ttl = 128 time = 1.0 ms64 bytes from 208.164.186.2: icmp_seq = 2 ttl = 128 time = 1.0 ms64 bytes from 208.164.186.2: ICMP_SEQ = 3 TTL = 128 TIME = 1.0 ms --- 208.164.186.1 Ping Statistics --- 4 Packets Transmitted, 4 Packets Received, 0% Packet Lossround-Trip Min / Avg / Max = 1.0 / 1.0 / 1.0 ms can now be used Route command output routing table information to view.
Use the following command to display routing information: [root @ deep] # Route -n output is this: kernel ip routing TableDestination Gateway genmask flags metric ref use iface208.164.186.2 0.0.0.0 255.255.255.255 uh 0 0 0208.164.186 085.255.255.0 UG 0 0 0 ETH0208.164.186.0 0.0.0.0 255.255.255.0 U 0 0 0 0.0.0.0.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 LO In order to quickly check the interface status information, Use netstat -i command: [root @ desk] # netstat -i output is this: kernel interface Tableiface MTU MET RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR FLGETH0 1500 0 4236 0 0 0 0 0 0 0 0 0 0 0 0 0 13300 0 0 0 Lrupppp 0 1500 0 14 1 0 0 0 0 0 0 0 The other useful option of the prUnetStat command is -t, which will display all Activated TCP connection: [root @ desk] # netstat -t output is like this: Active Internet Connections (W / O Servers) Proto Recv-q send-q local address foreign address statetcp 0 0 Deep.Openar: NetBIOS-SSN GATE ADBIOS-SSN GATE .openarch.com: 1045 ESTABLISHEDTcp 0 0 localhost: 1032 localhost: 1033 ESTABLISHEDTcp 0 0 localhost: 1033 localhost: 1032 ESTABLISHEDTcp 0 0 localhost: 1030 localhost: 1034 ESTABLISHEDTcp 0 0 localhost: 1031 localhost: 1030 ESTABLISHEDTcp 0 0 localhost: 1028 localhost: 1029 ESTABLISHEDTcp 0 0 localhost: 1029 localhost: 1028 ESTABLISHEDTcp 0 0 localhost: 1026 localhost: 1027 ESTABLISHEDTcp 0 0 localhost: 1027 localhost: 1026 ESTABLISHEDTcp 0 0 localhost: 1024 localhost: 1025 ESTABLISHEDTcp 0 0 localhost: 1025 Localhost: 1024 Established Displays all activities and monitored TCP connections, use commands: [root @ desk] # netstat -vat output is like this:
