Linux Network Configuration

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

i realize that most of ya'll will dismiss as 'noob material' and it kind of is. but it still seems like a good way to spend an hour if you're not completely confident in your skills.

better than wasting time watching TV

👍︎︎ 3 👤︎︎ u/pingprocess 📅︎︎ Jan 28 2012 🗫︎ replies

that guy can't say "Ethernet" properly XD

👍︎︎ 3 👤︎︎ u/[deleted] 📅︎︎ Jan 28 2012 🗫︎ replies

ifconfig is deprecated, use the iproute2 suite, check out these links.

http://www.reddit.com/r/linux/comments/gabh3/til_ifconfig_is_deprecated_in_linux/c1m36iu

👍︎︎ 3 👤︎︎ u/boobsbr 📅︎︎ Jan 29 2012 🗫︎ replies
Captions
so hello again as you know I am Eli the computer guy over here for everyman IT today's class is Linux network configuration so now that you have your Linux server now that you understand how to use vim and users and all that kind of stuff now we need to get to the networking how to make sure your server can get on to the network and that other people can get to it if necessary again as with everything else in Linux this is not too complicated if you just take it slow and you understand some very specific commands so this class will teach you those commands will bring you through so that you can get your Linux server onto the network and onto the internet so give me a second to give a few put a few things together and then we will get into the class Linux network configuration so before we delve a deeply into the whole Linux network configuration we need to talk about a few tasks that you're going to be able to need to perform once you start configuring the networking for your linux server now the first task or the first command that you need to know how to use is what is called AI F config i f-con fig this is the linux version of the windows IP config or suppose i p config is a version of ifconfig whatever if you use the IP config command in Windows you the ifconfig looks basically the same if you run sudo ifconfig this will give you all the information about the network cards that are on your system so it will say you know F 0 whether it's DHCP whether has an IP address or not etc so so just like IP config in the windows world it'll say you know network card 1 now we're Cartoon Network card 3 gives you the MAC address gives you all the information so if you need to see if you have an IP address assigned to one of your network adapters you run sudo ifconfig and this will give you all the information you need enough pretty simple right now if you if you're a server if you're linux server is a DHCP client you know from a personal experience I always like to give my Linux servers a static IP addresses I think it works out better but if for whatever reason your Linux server is it you know it gives a client of DHCP and you need to to to get a new lease or a new IP address all you need to do is your need around the command sudo d-h client so da --k c li e NT will release and renew your IP address so you know if your network is acting a little weird and i think you think it might be because you have a bad IP address just run sudo d8 client and this will release and renew IP address it's pretty something now finally you know whenever you're messing with configuration files inside for any services on a Linux computer you need to start a restart the services once you are done playing with the configuration files the networking is the same way so you know when you go in we'll be talking about in a moment changing your network configuration files once you get done changing those configuration files you need to restart the service so that those configuration files load again we talked about way back a couple classes ago how to start and a restart and stop services with networking again it's pretty simple all you do is you do sudo su do slash e.t.c /i n I T period D forward slash and then it is networking and then you do space and then you say start stop or restart so you normally do restart so once you change the configuration network configuration files on your Linux server you do sudo space slash et Cie /i an IT period D slash networking is the service space restart and this will restart the networking service and load all those new configuration files that you just play with so those are the three simple tasks that you have to understand or basically it's just going to gonna turn into a whole mess when you start playing with networking so again I F config will show you all the information about your network cards D H client releases and renews your IP addresses and the networking service in ini period D is the service that you're going to need to restart whenever you change your networking configuration files you understand that and it's going to make your life a lot easier so here we are back of the terminal now the first thing we are going to do is we're going to use the ifconfig command to see what's going on with our network adapters so all you do is you do sudo space i F conf enter and now this this tells us so we have one network adapter on here so it's f zero the IE net address is 10.0 2.15 broadcast address 10.0 to 255 subnet mask is a Class C subnet mask etc so this is what gives us information about our network cards now on this this computer it does receive its IP address from a DHCP server so in order to release and renew an IP address you simply use the command D H client so you do sudo space th CL I II and T enter and that's all I had to do pretty quick so it released the 10.0 2.15 and it looks like it got it back so depending on how fast your DHCP server is and how everything talks to each other this can be a rather quick process or it could take 30 or 40 seconds to do but that's all you do to release and renew your IP address now like I say we're going to go into changing configuration files so when you change your your network configuration files you need to remember to restart the service remember when a service starts it loads all the information from the configuration files into memory and it doesn't go back to those configuration files generally until the service itself restarts so you can cause yourself an absolute nightmare of a time if you go in you change configuration files and then you go to test those changes if you haven't restarted the service you'll be wondering why the changes haven't taken effect so you'll make more changes more changes more changes you'll go down to the what's called the rabbit hole of Hell where you just want to rip all your hair out because it's just it doesn't make a damn bit of sense well the reason is is because you did not restart the service and therefore those new configuration files never got uploaded into the system so it's still using the old configuration files so just remember this you know whenever you change configurations for anything whether it's networking Apache PHP whatever make sure to restart the correspondent service so with networking it's the networking service we go to sudo space forward slash UTC /i and I T period D forward slash networking space restart so this will restart the service header and that quick it restarted the service so by doing that it flushed out all the old configuration files it looked at the configuration files as they are right at the second and then it pulled them in and is now using those configuration files so just remember ifconfig shows you the the current network cards that are attached to your system and what they're doing d-h client is what releases and renews your IP address and then the sudo EDC ini period D towards networking that is a service that you're going to have to restart once you change configurations since you've got that down let's go and talk about the actual network configuration file so I think you'll agree those those tasks are pretty simple to do so now we need to talk about the configuration file configuration files for networking on your your computer your Linux server so you know like I say in the windows world you right-click you left-click and you change stuff in Linux you have to change specific files and actually edit them with something like them now with with Ubuntu Linux you go to the network interfaces file so you go to su do e you do su do and then vim so sudo vemma is the editor of slash UTC slash network slash interfaces this is the file that controls the IP addresses and all that kind of stuff for the network cards that are on your system now once you open up that configuration file you'll see the first thing it says will be Auto and then F probably zero now you have to remember whenever you're dealing with a Linux world Linux works on the ordinal number system what this means is in the ordinal system zero is the first number not one so whenever you're dealing with the first hard drive it would be the zero hard drive if you're dealing with the first network card it would be zero so f 0 is the first network card in the system so if you're trying to change your first network card don't do F 1 to F 0 so f 0 is the first network card Auto what this is this states the speed so Auto is auto negotiate so you know most most network cards nowadays are 10 100 or 10 100 gig cards all this Auto means that it will auto decide what speed it should go when whether it should be half duplex or full duplex unless you're doing something really special you just just just leave that Auto there you can change it but there's there's not a whole lot to it under that you'll see I face and then you'll see if this is a static IP address we'll show you the static IP address it'll say F again I'll say F zero then I'll say I met and it'll say static so interface Ethernet 0 I net is static so this is a static IP address then under that you'll see address and it will have the IP address 10.1 10.5 whatever that is you'll see netmask that is the subnet mask 255.255.255.0 then you'll see the network this is basically just just what network is this on so if the IP address is 10.1 10.5 the network will be 10.1 10.0 just how it works then the broadcast when you're dealing in the in the windows world you don't normally you know put in what the broadcast addresses but as long as you're dealing with normal subnets we'll have another class on something normally when you're dealing with normal subnets all you do is you take whatever the IP address that they that that you put into the system and then you put two five five at the end so 10 dot one dot ten dot five you would put in 10.1 10.25 five is the broadcast address again if you don't know what the broadcast address is it's kind of a different class do a Google search on it basically a broadcast address is what is the address that I can send out on in every single computer that's part of this address range will here and then finally underneath this is the Gateway the Gateway is of course the default gateway so normally that's the the dot wanted to rest so if we have ten dot one dot 10.5 the default gateway is 10.1 10.1 so you know that is your route or that is your modem that's how you get to the outside world like I say a pretty simple so in order to change your interfaces file this is what has your network configurations it's sudo them space forward slash UTC forward slash forward slash interfaces then you'll see if you're setting up a static IP address Auto this is auto negotiate is this 10 megabits per second 100 megabits per second a gig what this means is that it will figure it out for you for at 0 this is the first network card then under that I face s0 I net and then if there's a static IP address you say static under that you say address space and then you put the IP address under that the net mask this is a subnet mask space whatever the subnet mask is under that and network again normally it's whatever the first three digits are so it's 10.1 10.0 10.1 10.0 basically just says what network they're on broadcast again we'll have another something that will have a class on all this but the broadcast address is if this computer needs to talk to everybody out there on the network how do they do it and they use a 10.1 10.25 5 address and then finally the default gateway so you know this is your router this is your modem this is whatever how do you get to the internet or how do you get off your your little internal network 10.1 dot ten dot one one of the things you'll notice here is there's no place for the DNS address that is actually a different configuration file we're going to talk about in a second so so so this is the major configuration but remember there's no DNS so if you did these configurations and then you try to go to cnn.com/sotu now finally with this if you want a DHCP this network card setup for DHCP it is really easy you keep basically these first two lines of code here only here for eye net instead of static you simply put the HCP so if you want this computer to get a dhcp address you just do Auto f0i phase at zero my net dhcp and you don't need all the rest of this because all the rest of this will come from your DHCP server it's pretty simple so you know once you get done with this with them you know you do a : WQ you write the file and you quit and you're done now once you've saved whatever configuration changes you need to save remember you need to restart the networking services so sue to sudo ET ce / i and i period d / networking restart make sure you restart the services the networking services once you have messed with this configuration now like I said with this if you put in a static IP address there is no place in that interfaces file for the DNS the reason is is because for whatever reason uh that they put the DNS information into a different file so the file for that you'll go to is su do again them so we've been using them as the editor then it's et Cie and then it's resolved ar e s0 l v dot Kampf that's the file that you're going to edit to edit the the DNS information so basically with sudo vim slash GT c / resolve Kampf when that opens up all you do is you plug in the IP addresses so it'll open up and then you can plug in you know I want my first DNS address to be 10.1 10.1 and then you go enter and I want my second DNS we 10.1 tend to them I want my third to be 207 dot 88 44.1 so basically unlike in Windows where you can only put two DNS addresses and Linux file you can put 500 if you wanted to just remember that Linux will process these in order so it'll go to the first IP address that you give it first and then it will go to the second and then go to the third and the fourth and the fifth and six all the way down to the hundreds again just like I said before once you change is resolved not confer file and make sure to restart the networking service if you don't restart the networking service you're probably still not going to use DNS and then you're going to be wondering you know what the hell's going on now finally we need to talk about the whole thing again that was something you know not in the interfaces in the interfaces file so if you need to find out what the host name of your computer is all you do is you type in the command sudo /bin forward slash host name this will echo or this will print or this will tell you what the host name is so you know you put in sudo band host name and it will succumb back as sir so it'll just tell you what the host name is pretty simple now what if you need to change the host name again it is rather dirt simple like almost all these Linux tasks are all you do is you do sudo the same command bin host name and then you do space okay that's all you have to do to rename your computer so you know you wanted to go from being server one to be in server 10 all you do is you say sudo space /bin forward slash host name space server 10 and then you're done let's you know as as I always say it's that simple now again once you do that then you need to restart the networking service to make sure that all processes and all so with that I would probably if I have a DHCP client I would run that d-h client command just to kind of make sure that the DNS had has my IP address for that new name but that's all you have to do so if you're trying to change the host name of your computer sudo been host name and the net it's all really you know like I said really that simple the main thing to remember is it's the e.t.c network interface is a file that contains all the information of 4:44 your networking for the Knicks the network cards that are on your system remember like I say in the Linux world they work on the ordinal system zero is the first number not one so if you're dealing with your first Ethernet card you're dealing with F zero if you're dealing with your first hard drive you're doing with hard drive 0 etc you go through you know I gave you all the information it's all like I say pretty simple the main thing with that interface is file is that it does not contain the hostname and it does not contain DNS addresses so you know if you can't get to the websites or if you can't do updates like you should it's probably because your dns isn't configured properly all you do is you go to ET see resolve comm are es olv Kampf plug in the DNS address is there and you should be good to go so now I've explained all this on the whiteboard let's go over to the terminal and I'll just just just run through this pretty quick to show you how it works so here we are back at the server so the first thing that we're going to do is we're going to open that interfaces file with them so that we can edit and give this computer a static IP address so we do sudo space them space /e TC forward slash net work four slash interfaces and then you just hit enter and give it my password so this is the interfaces file and like I say you open it up with them you just open it up with a normal text editor if you go in see this information about the loopback address this point don't worry about it and then as you scroll down it says the primary network interface so as I told you I see Auto F zero so that means the first network card it only has one network card which is f 0 and it's Auto negotiate that means the computer itself decides whether it'll be a hundred megabits per second 10 megabits per second a gig per second and whether it be half duplex or full duplex again that's a whole bunch of stuff for another class now if you go down to the next line you say I face zero so it means the interface at zero and then I net DHCP so as I showed you in the first example the the first little lab thing this is receiving a DHCP address so now we want to change that we now want to give this a this the server a static IP address so since we're using them I will now hit the a key and this goes into insert mode I can then go over I can delete DHCP and insert static St I see now that I've inserted static I can go down and I can plug in all the information that I want to give for this after net card so we do address D D re SS and then it'll be 10.1 10 dot I don't know let's say 54 and then we go down to the next and we say netmask so this is your subnet mask so 255.255.255.0 this is a Class C subnet mask and by and large will most likely always be put in a class II subnet mask so what's asking for the network oh it's asking yep for the network and this generally is the IP address but with that last number being 0 so 10.1 10.0 generally then you have the broadcast address the broadcast address again is that it's the last address in the subnet mask and that is used to broadcast messages out to all computers within a certain subnet mask again if you don't really understand that it's it's it's its own class but if you have a Class C net mask if you have a Class C subnet mask which is 255.255.255.0 then the broadcast address will be whatever IP address you're putting in only with two five five at the end so 10.1 10.25 5 that would be the broadcast address again there's a reason for it but it would take a long time to explain then finally you have the Gateway so this is the default gateway so generally on a home or small business network this will be your DSL modem your cable modem your your t1 csu/dsu etc so this is the IP address of the router or whatever will get you off the local network and so for us here it's 10.1 10.1 and so that is all you do I have now inserted all the information to give this computer a static IP address and now has an address of 10.1 10.5 for a subnet mask or a net mask of 255.255.255.0 a network is like I say just take the IP address and put a 0 at the end broadcast take the IP address but to put a 255 10 and then the the default gateway the Gateway is well you know whatever the Gateway is so once you get done with this you escape again out of the insert mode and then you do : and they do WQ so right and quit and now it is done I have now changed the configuration for this server since we have done that now we should go over and change the resolve confiar to make sure that if it has or doesn't have the DNS address because if I want to go out to the web for anything of course you know the web browsers or everything is basically based off DNS addresses so you have to put in a DNS address into the resolve can't file so that the computer can resolve the DNS address so you do sudo space them space /ut c /r e s au l v Kampf and then hit enter so when we open it up it has here name server 10.1 10.1 so it was already in here if it was not in here we would hit a again and we would actually insert him but it's already in here so we can just quit cute now that we've done that the next thing is the host name so to see what the host name of the computer is you run sudo /bin forward slash host name so sudo space forward slash been forward slash host name and this says that the hostname of this computer is server so that is the the computer name now let's say we wanted to change that so we do sudo again space /bin forward slash host name space and then new server server and then enter and that's all you have to do to change the host name now if we run the host name command again we will see that the computer is now called new server so that is all you have to do to configure the the IP address on your Linux server the DNS address there the DNS resolution on your ear Linux server and to change the host name on your Linux server just remember that the DNS and the host name are not in the interfaces file again like I say a lot of windows people you assume everything will be at the exact same place but you know being Linux no it's not so with that let's go back out to the real world and we'll talk about using ping for troubleshooting now the one little tool no we should remind you about it works in the Linux world it works in the windows world etc is ping P ing if for some reason they you know you're trying to troubleshoot you know your network you're trying to trying to figure out what's going on with your Linux computer the ping command can be absolutely invaluable this tells you whether or not your computer is talking to anything else on the network or how far out in the network it's talking so so basically if you're trying to see if your computer can reach can contact let's say the router so your your modem or your router that goes to the outside world let's imagine that that router the IP address is 10.1 10.1 so this is a pretty normal IP address for routers all you do is you type in ping 10.1 10 1 and this will go out and will ping it will touch or will try to touch that router and then that router will send a reply back so it'll say hey are you there yeah hey are you there yeah yeah that's basically what happens in computer space so you say ping 10.1 a 10 on one so it goes out and they'll communicate back if you you get destination not found it means for whatever reason you cannot see that that that default gateway so that means you may have a problem with your IP addresses like maybe everyone in the interfaces file and you fat thumbed it you put in the wrong numbers I may mean your network card is disabled it may mean something is unplugged you know god knows what it means but it means that you can't see it the next thing is to make sure that your dns is working is you can ping a domain name so like with me every once in a while I'll try to ping every man I t.com you know this is my website so you ping every man I t-dot-com say hey I hear you hey I hear you well if I try to ping every man IPT calm and it gets destination not found but I can ping the IP address of every man i com that means my dns on the server is not working properly that's where I need to go into the resolved file and see what's going on so the ping command is a works in Windows works in Linux and it's is absolutely wonderful the one thing with Linux that's kind of low weird different than Windows I suppose is that it doesn't automatically stop in the windows world if you do ping every man I t.com it'll do it four times and then it'll stop in Linux it'll just keep going and going and going and go on and go on forever so the main thing I think we talked about one of our other classes in order to break out of a routine in Linux is you put hold control C so if it's pinging out there ping ping ping ping ping ping ping and it won't stop because it won't stop and you need to break out of that you hold down control and then you hit C and that will break out of the ping routine so let's go over to the computer and I'll just show this to you real quick so here we are back at the server so like I said this is just a very very simple tool to make sure your networking is working properly so right now what we'll try to do is we'll try to ping the router so the router is 10.1 10.1 so just do ping 10 dot one dot ten dot one and then we hit enter and so now we can see you know 64 bytes I see em so basically this means that it is working and it's going to keep pinging and pinging and pinging and pinging and pinging and pinging and pinging oh well and until you stop it so like I say in order to stop the ping command you just hit control hold down control and you hit C and that will stop the ping command now let's say I want to make sure that my dns is working so things are resolving properly so I would do ping again then I would do WWE mnit comm so this is going to ping my website and make sure it can resolve or this computer can resolve a domain name to an IP address so if I hit that so it says ping everyman IT it shows the actual IP address 207 dot 1 1 4.53 dot 132 and then basically now you're you're getting the same thing 64 bytes from yada-yada ICP sequence time to live time seconds the whole nine yards so that is all you have to do for the ping command and this shows you if you're connected to the network so let's say you try to ping the your router you know 10.1 10.1 if that is your router if you try to ping that and it's not working well then you can go into your network your interfaces file and make sure that you set up the interfaces file right if that all seems correct then you can take a look at the back of your computer and make sure that that that little plug the the network cables still plugged into your computer you know sometimes that gets popped up you know if that's still plugged in go down make sure the switch is ok make sure it's still turned on you know maybe you have to restart the switch the ping is just a very commanding very just easy command you can use like I say to go out there and see if you can touch other computers either on the local network or out on the worldwide web again like I say to make sure that your dns is working because a lot of times like if you try to do updates or if you try to do things in Linux it will you will try to contact servers using their DNS address well if your DNS is not resolving properly then that process will fail out so pinging using a domain name like aaaww every man IT comm that will that will you'll get feedback back and make sure that you can actually resolve that domain but that's all there is to ping now get to get into the fun of the UFW firewall now the final thing that we need to talk about for networking is of course the firewall for security for your server Ubuntu Linux comes with a built-in firewall and it's called you f/w and by and large it is very secure very robust and and easy to use it as long as you know the commands so the first command that you should learn is called pseudo ufw status so sue do you FW status this will show you the status of the firewall is it up is it down and if it is up what are the rules so it'll tell you this is blocked this is allowed etcetera so basically the first command is sudo UFW status this shows you the status of your firewall then next is to set the default parameters for for your firewall so if you turn your firewall on will it allow everything or will it block everything so depending on what you want for your server you may want your server to be completely open with a firewall or you may want it to be completely blocked with firewall that's that's you know all up to you so all you do is you do sudo you FW default so this says what is the default setting and then use either say allow or deny those are the two words so if you want to block if you if when you turn on the firewall the default you're going to you're going to change the rules later but if you want the default to be block then you do sudo ufw default deny and this means when you bring that firewall online it will block all network traffic by default if you want to allow all traffic by default sudo ufw default oh wow again you know as we talked about this is a security decision on your part I can only tell you how to do it I can't tell you why you should or should it to it so that's a status and that's the default setting pretty simple now to turn on ufw all you do is you do sudo you f w and then you either do in Abell or disabled so if you want to turn on your firewall sudu ufw enable if you want to turn off your firewall sudo UFW disable really pretty simple right there then if you want to allow specific ports so this is where you start adding rules to to your firewall do you want to allow traffic to come in or do you want to deny traffic to come in so all you do is you do sudo ufw and then you say allow or deny and then what port number you're talking about so like I say if you want to secure your web server you would bring ufw online and then you would allow port 80 so this means people can come into your server on port 80 sudo ufw allow port 80 allows people to come in now let's say their ports that you don't want people to use all you do is you'd say sudo ufw deny and whatever the ports are so so basically you know when you're normally during dealing with servers normally the idea is for default the default is when you turn your firewall on everything should be blocked and then you go in and then you will allow certain ports so you would allow port 80 you would allow the ftp port you would allow the secure shell port that we'll talk about so basically the idea is that you lock down every port except a couple that you're going to need so in order to allow again sudo ufw allow or deny and then the port number pretty simple now again like I said I showed you the the status command sudo ufw status that's where it will show you if the firewall is up or if it's down and then it will show you what rules you have program programmed into the firewall now let's say you know for whatever reason you decide to delete a rule you don't like whatever rule is again very simple sudo UFW delete delete and then again allow or deny so whatever the rule is it's your rule and then whatever poured it is let's say port 80 so so let's say I had a web server I'm allowing people to come in then I decide to take the web server offline and use it only for a file server sudo ufw delete allow 80 that will delete the rule whatever the rule is that's all you do like sudo ufw delete allow or deny and then whatever port number basically uh what the thing is so the final two things that are really cool is you can block people or allow people by IP addresses so so let's say you know you you like with me if I want to get to the web server I want to allow only my static IP addresses to be able to get the secure shell on the web server well one of the ways you can you can block access by IP addresses you can do sudo and then what is it sudo a ufw of course allow or deny from from and then whatever the IP address is 207 88 44.1 so this you know if i say i want to allow traffic from this IP address it will allow my that that particular IP address to connect to the system and do whatever it wants again this is a very simple thing this also does wildcards so you could do let's say 207 da 10 star star so this means any IP address 207 10 would be allowed in this might be good let's say you have a corporate you have an enterprise environment when you go out to the internet you don't always necessarily know which specific IP address you're using to get out to the Internet you may have an IP range this allows you to use that IP range to connect to whatever system it is you're connecting to so the pseudo ufw allow from this says again from any specific IP address then if you want to tighten that down you can say from whatever specific IP here ress to a specific port number so again so you'd say sue do you fw allow let's say from 207 88 142 then go to let's say 22 like 22 sssh so basically what this would say is people coming from this particular IP address are allowed to go to this particular port makes life easier like I say remember these Linux servers that you're gonna be using most they're most the reason people use Linux is because they need a robust you know powerful secure server that's going to be facing the internet so it's going to be connected directly to the internet so being able to put in these rules basically makes your your server a whole hell a lot more secure so like I say you know with me in the web servers I make it so my home static IP address and my business static IP address can't get in nobody else can get in I say makes things more secure for that pseudo ufw allow or deny if there's a reason to deny it from IP address to that particular port number you just continue like I says if you if you have to add a number of IP addresses you would just do this command a couple of times and add in whatever IP addresses you need so applies a pretty simple let's go over to the the Ubuntu server and then I'll show you how this works so here we are back of the Ubuntu server now the first thing that we should do is check on the status of ufw of the firewall so to check on the status you do sudo space ufw space status sta tus and you can see that the current status is inactive so so before we turn it on we want to make sure that the default for the firewall is to block everything because if a default is to allow everything when the firewall is on that kind of defeats the purpose so the command to make sure that the default is to deny everything as sudo space ufw space default space deny and this will make sure that when you turn the firewall on that everything is blocked so we hit better you know default incoming policy change to deny now in order to turn the firewall on we do sudo space you ufw space enable enter and now that has turned the firewall on since the firewall is now on we should check to see what the status of the rules are so so when you check the status and the firewall is off you just see status inactive when you check the rules and the firewall is on or we can check the status and the firewalls on you see what the current rules are so we go in and we can see that there are some rules in here so so we won't worry about that now but it's good to know this is where you can go in and once the firewall is on you can see what it is blocking or what it is allowing now the next thing that we need to do is we need to enable some ports so let's say that this is a web server web servers you know require port 80 to be open you know web sites work off of port 80 so if this is going to be a web server the people from the outside world need to be able to access port 80 people from the inside world basically everybody needs to access port 80 so we can open it up for everybody to that for that you just do sudo space you FW space allow space 80 so that's allow port 80 and the rule has been added if we go back and we check the status so we do sudo ufw status we can see now at the bottom port 80 is open so to port 80 action allow from anywhere so anywhere means absolutely anywhere in the world now that that's happened let's say that we want to delete a rule so so let's say we wanted to not allow people to get to port 80 that again is just very simple you just sudo space ufw space all you say is delete the rule that you wanted to leave so our rule that we wanted was allow 80 so if we allowed 80 means people can get in through the web service if we delete the rule now it means people cannot get through the web service now let's say that we have an administrative computer and that that's local here and we want that administrative computer to be able to access absolutely any ports it wants to be able to access on this web server so you know my need SSH am I need FTP a mighty poor 80 it just needs to be able to do whatever it wants to do on the server to open up all the ports on the server for a specific IP address all you do is you do sudo space UFW space allow space from and let's say local computer so 10.1 10.0 65 so by running this rule it means that the computer at IP address 10.1 10.65 will be able to access all the ports on the server we hit enter and the rule has been at it now let's say I have a computer at home and I want to be able to access this can visit this web server at work for ssh for for secure shell is something it's a way you can remotely control a server so what I want to do is I want to say from my external IP address at home I want to be able to access port 22 for that all you do is you put in sudo space ufw space allow space from space now you put in whatever the IP address is so the expert knowledge IP address at home I don't say it's 208 50 5.67 dot for then you say to space any this allows any protocol to get to the port and then you save port and then whatever port you want this IP address be of access so like I say we're trying to access port 22 now you hit enter and now if I'm at a computer at home when I try to access this server at work I will be able to access the server work at port 22 if we go back and we look at the rules so we do sudo space you FW space status we can now see that if you look at the bottom two port 22 I'll allow 208 50 5.67 dot four or you can also see up a third from the bottom you see 22 allow from 22 22 22 22 so that may be like an old rule that you want to get rid of so so using the status you can see like I say everything should be denied and then you can come in here and you can see who is allowed to get to what you know if a hacker can get in and and open up a port for themselves that they could they could do a lot of damage they can hack your system and then then then launch attacks from your system but that's all there is to ufw it does take a little bit of playing around with but overall it's it's a very simple firewall system basically again as long as you know that the commands so let's go back out to the real world and have some final thoughts so that's basically all you need to know for for for Linux server and network configurations we showed you the can I show you the configuration file I'll show you how that worked I showed you some of the basic tools I showed you the ping command and I showed you the firewall etc let's keep saying with all this track you know it's all pretty simple as long as you know the commands I know one of the questions that come up because most of you guys are from the windows world is what about drivers well here's the funny thing with Linux the drivers it has out of the box almost always work I mean like 99.9 percent of the time especially for for things like networking it just works it just works well you normally don't have to worry about it so if you have one of the random computers that you actually need to worry about the network card drivers that's kind of just an advanced topic because it just happens so unusually also we did not go out for wireless configurations in this class because again you know talking to you guys this is mainly about servers usually servers are not actually connected using wireless networking again you can connect your Ubuntu server using wireless networking but it's its own little kind of its own kettle of fish it's it takes its own its own little class to understand we may have a class on it later if not you can just do a little researching and you can see how it's done again for servers you rarely put them into a wireless environment so if you're one of the people that dove you know you can figure it all out but but like I say networking is pretty simple at the end of the day the main thing I need you to remember with all this is again when you change the interfaces file or any network configurations make sure to restart the service if you do not restart the networking service you're going to have all kinds of problems you're not going to understand what's going on and the only reason you're having the problems is because the server has not reloaded all those configurations the other thing is remember that DNS and the hostname are not in the interfaces file you have to go in to resolve dot Kampf to add your DNS addresses for your computer and then you need to use that little in a hostname utility to change the hostname that's just a big thing you know I say people forget and then they wonder why they can't get any updates or anything the reason is if you guys use the updates little update program requires dns and then DNS isn't working and all those again like I say ping works the same way basically in Linux as it does in Windows so if you're if you're trying to do some basic network troubleshooting do ping you know ping will keep running it's not like Windows where it shuts off after four attempts so we just hit the ctrl C to break out of the little little ping command you should be good and also like I says if you're trying to find information about your network cards you know IP addresses etc the ifconfig command will show you that so it'll say at the zero this is the MAC address this is the IP address whatever you know f1 this is the MAC address that oh so you know really that's all there is to to Linux networking again like I say showed you the firewall and everything so that there are more complicated things that you can do but what I just showed you that you can basically set up your networking for for almost any server that you need with this class so so as you know I'm Eli the computer guy over here for everyman IT this was Linux networking and I look forward to seeing you at the next class
Info
Channel: Eli the Computer Guy
Views: 525,262
Rating: undefined out of 5
Keywords: linux, network, configuration, 5Mbps
Id: PEa1xopeufQ
Channel Id: undefined
Length: 51min 19sec (3079 seconds)
Published: Tue Feb 15 2011
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.