network administration
play

Network Administration Alessandro Barenghi Dipartimento di - PowerPoint PPT Presentation

Oct 09, 2023 •240 likes •628 views

Intro Network stack, brutalized Network Administration Firewalling S/DNAT Network Administration Alessandro Barenghi Dipartimento di Elettronica, Informazione e Bioingegneria Politecnico di Milano barenghi - at - elet.polimi.it April 9,

  1. Intro Network stack, brutalized Network Administration Firewalling S/DNAT Network Administration Alessandro Barenghi Dipartimento di Elettronica, Informazione e Bioingegneria Politecnico di Milano barenghi - at - elet.polimi.it April 9, 2013 Alessandro Barenghi Network Administration

  2. Intro Network stack, brutalized Network Administration Firewalling S/DNAT Summary of the talk Teaching you how to deal with networking Managing your own host: Packet Filtering (a.k.a. Firewalling) Source and Destination Network Address Translation Alessandro Barenghi Network Administration

  3. Intro Network stack, brutalized Network Administration Firewalling S/DNAT Caveats and prerequisites What you should already know This talk is intended for all audiences However, having an understanding of how a TCP/IPv4/Ethernet based network works will help a lot For those who do, you can play hunt during the next slides For those who do not have a clue, I’ll do my best to sum up the key concepts in the next slide a but you should dig deeper a Jon Postel forgive me, for I know what I’ll be doing... Alessandro Barenghi Network Administration

  4. Intro Network stack, brutalized Network Administration Firewalling S/DNAT TCP/IPv4/Ethernet based networks, brutalized The ISO/OSI Stack Network communications are managed by a set of protocols (ways to communicate among hosts) Protocols are organized as a stack: manage everything from the physical level, up to the bytes you get from the network Protocols on the bottom of the stack do their best to deliver the data produced by higher levels Higher levels are closer to the user, lower are close to the Iron Think of the whole stack as all the things involved in the postal service: streets, postmen, buildings, apartments Alessandro Barenghi Network Administration

  5. Intro Network stack, brutalized Network Administration Firewalling S/DNAT TCP/IPv4/Ethernet based networks, brutalized Level 2: Ethernet The Ethernet layer is the 2nd layer of our stack, handles a couple of things above the cables It is the equivalent of the common streets, crossroads and semaphores: Allows entities to carry something from a place to another, when incapsulated in cars Handles collisions when they do happen (in the case of Ethernet, it simply sends again the information) A place (host) is identified by a 6-byte Ethernet address Colloquially, it is also called MAC address as the 2nd layer of the stack is the Medium Access Control Alessandro Barenghi Network Administration

  6. Intro Network stack, brutalized Network Administration Firewalling S/DNAT TCP/IPv4/Ethernet based networks, brutalized Layer 3: IPv4 The IPv4 layer acts pretty much as postal lorries, carrying around our packets (moving on the streets) The IPv4 layer provides a best-effort delivery of our data to a place in the network An IPv4 packet should thus be routed around the network until it reaches the destination (or dies out of boredom) The IPv4 addresses are 4-byte wide and usually written as 4 dot-separated decimal digits, a.b.c.d , e.g. 216.34.181.45 Alessandro Barenghi Network Administration

  7. Intro Network stack, brutalized Network Administration Firewalling S/DNAT TCP/IP based networks, brutalized Layer 4: TCP Since postal lorries get lost every now and then, we send our data with return receipt letters :) TCP is the layer of the stack which handles the return receipts, and sends them again in case they fail to get there Additionally, the TCP layer allows multiple connections from the same IP address to another The connections are made on different ports , identified by a 16 bit number (0-65535) Alessandro Barenghi Network Administration

  8. Intro Network stack, brutalized Network Administration Firewalling S/DNAT Network Administration Local? The first step to become network administrator is to manage our host :) Local host management requires to configure properly: Check that Ethernet (level 2) is ok: pave the road IPv4 addresses (level 3): select your building/block Configure the Routing Tables (level 3): know the streets Firewalling (Level 3-4): meet new people and lock doors I’ll try to be as distribution agnostic as possible, only permanent network configurations will differ Still, you’ll have the knowledge required to cope with that Alessandro Barenghi Network Administration

  9. Intro Network stack, brutalized Network Administration Firewalling S/DNAT Network configuration Interfaces The networking architechture of Linux is based on interfaces Interfaces are the points of contact with the rest of the world Interfaces can be of various types, among which: Physical pieces of Iron (e.g. network card) An endpoint of a virtual channel (Tunnels and VPNs) A virtual confluence of two or more interfaces (bridges) For all the purposes of this talk, we won’t care how they send the data, as long as they do Alessandro Barenghi Network Administration

  10. Intro Network stack, brutalized Network Administration Firewalling S/DNAT The iproute2 suite One tool to bind them all Management of the network levels 2/3 is done with the iproute2 suite a The commands all share the same structure: ip [options] object command ip link and ip neigh manage the MAC level (physical interconnections addresses) ip addr and ip route manage Level 3 (IP addresses) Level 4 traffic control is demanded to the tc tool and the NetFilter/IpTables suite a Management of anything below the interface is usually better done with a proper soldering iron Alessandro Barenghi Network Administration

  11. Intro Network stack, brutalized Network Administration Firewalling S/DNAT iproute2 - Ethernet control (Level 2) Bringing up the communications/ Paving the road Interface management is done using the link keyword ip link set <iface> [up|down] will enable/disable an interface ip link show will list all the interfaces and show their MAC addresses (typical format : XX:XX:XX:XX:XX:XX) ip link set <iface> address <MAC address> changes the interface current MAC address with something else ip link set <iface> arp [on|off] toggles the ARP protocol, in case you do not want it Alessandro Barenghi Network Administration

  12. Intro Network stack, brutalized Network Administration Firewalling S/DNAT iproute2 - IPv4 Address control (Level 3) Setting addresses Once we have a working interface, we can assign one (or more) addresses to it via the addr keyword ip addr add <IP address>/<netmask length> dev <interface> will add an address to an interface ip addr del <IP address>/<netmask length> dev <interface> removes an address from the interface ip addr flush <iface> will wipe all the addresses from the interface ip address show will simply list the ip addresses assigned to the interfaces Alessandro Barenghi Network Administration

  13. Intro Network stack, brutalized Network Administration Firewalling S/DNAT iproute2 - Dynamic Addresses Getting an address IP addresses can also be assigned dynamically if a proper DHCP server is connected to the interface Useful when you have a large number of hosts continuously connecting and disconnecting (say, if you’re an ISP) The DHCP server will, upon query, lend an address to the client for a limited amount of time (lease time) The most common DHCP clients available are dhcpcd , dhclient and pump In all cases to obtain an address for an interface, simply go with <client name> <iface> This corresponds to the auto setting of all your favourite distribution tools Alessandro Barenghi Network Administration

  14. Intro Network stack, brutalized Network Administration Firewalling S/DNAT Subnets Who lives in my block? Once we have our IPv4 address, we need to know where the rest of the people are located That is, given a destination IPv4 address, which interface should we use send the packet to its destination To make this easier, we employ subnets (=groups of IPs) The common way to indicate a subnet is together with an IPv4 address belonging to it, e.g., 192.168.0.1/255.255.255.0 An IPv4 is in the subnet if IP&Subnet Mask =0 In the example, the addresses 192.168.0.[0-255] are in the subnet Alessandro Barenghi Network Administration

  15. Intro Network stack, brutalized Network Administration Firewalling S/DNAT Network Layer Routing Each of our interfaces has an IP and subnet associated If we want to talk to someone in the subnets, we already know where to send the data We need to manage when we do not know where someone is: we need a default gateway (= an host which will deliver the data for us) Note: the default gateway must be on one of our subnets (or we won’t know how to contact it) We will thus build a routing table, where to look when we want to send stuff Alessandro Barenghi Network Administration

  16. Intro Network stack, brutalized Network Administration Firewalling S/DNAT Network Layer Routing Adding a route is as simple as ip route add <address>/<mask length> via <address> You can enforce the packets down a specific interface by adding dev <interface> at the end To remove a route simply use ip route del <address>/<mask length> via <address> The default route is specified as the destination for the 0.0.0.0/0.0.0.0 subnet, as it will match anything If two routes match the destination of the packet, the one with the longest subnet is matched Alessandro Barenghi Network Administration

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

LAX LAX A toolset for network administration A toolset for network administration Thomas Gro

LAX LAX A toolset for network administration A toolset for network administration Thomas Gro

LAX LAX A toolset for network administration A toolset for network administration Thomas Gro teegee thomas.gross@teegee.de LK 2009 Dresden LAX LAX A toolset for network administration A toolset for network administration LAX is a

688 views • 20 slides
Welcome to the Master program in Network and System Administration (master's - 2 years)

Welcome to the Master program in Network and System Administration (master's - 2 years)

Welcome to the Master program in Network and System Administration (master's - 2 years) Department of informatics Mari Heln Vary E-mail : studieinfo@ifi.uio.no Phone: +47-22852410 Student reception, 4th floor at Ole Johan Dahls hus,

294 views • 14 slides
ADMINISTRATION NETWORK 2018 AGM &amp; CONFERENCE 23-25 July, 2018 KAMPALA, UGANDA Title:

ADMINISTRATION NETWORK 2018 AGM &amp; CONFERENCE 23-25 July, 2018 KAMPALA, UGANDA Title:

10 th EASTERN AFRICAN LAND ADMINISTRATION NETWORK 2018 AGM &amp; CONFERENCE 23-25 July, 2018 KAMPALA, UGANDA Title: Technological and Resource Deficiencies in Land Administration: Implications on land title delivery in 8 LGAs in Dodoma

682 views • 24 slides
CT 320: Network and System 2 Booting Administration 1. Bootstrap loaders 2. Run levels 3.

CT 320: Network and System 2 Booting Administration 1. Bootstrap loaders 2. Run levels 3.

9/10/12 Topics CT 320: Network and System 2 Booting Administration 1. Bootstrap loaders 2. Run levels 3. CHAPTER 3: BOOTING AND SHUTTING DOWN Startup scripts 4. Shutdown and reboot 5. COLORADO STATE UNIVERSITY COMPUTER SCIENCE DEPARTMENT

411 views • 8 slides
Network Administration HW1 zswu Computer Center, CS, NCTU Purposes The goal is to build an

Network Administration HW1 zswu Computer Center, CS, NCTU Purposes The goal is to build an

Network Administration HW1 zswu Computer Center, CS, NCTU Purposes The goal is to build an intranet provides several services, which may include DHCP, NAT, VPN, DNS, LDAP, Mail, WWW, etc. Know what you should know about configuring and

804 views • 15 slides
JOINT DEGREE MANAGEMENT AND ADMINISTRATION NETWORK TACKLING CURRENT ISSUES AND FACING FUTURE

JOINT DEGREE MANAGEMENT AND ADMINISTRATION NETWORK TACKLING CURRENT ISSUES AND FACING FUTURE

JOINT DEGREE MANAGEMENT AND ADMINISTRATION NETWORK TACKLING CURRENT ISSUES AND FACING FUTURE CHALLENGES National Legislation Regarding Tuition Fees of Master Programmes within the EU The following table is based on

317 views • 10 slides
Network Administration Practice Homework 1: Python Scripts weicc &amp; blzhuang Computer Center,

Network Administration Practice Homework 1: Python Scripts weicc &amp; blzhuang Computer Center,

Network Administration Practice Homework 1: Python Scripts weicc &amp; blzhuang Computer Center, CS, NCTU Requirements 1-1 Web crawler (45%+5%) Entry point: `nahw1-1_{student_ID}.py` Login options a) NCTU Portal (5% Bonus) b)

384 views • 17 slides
Independent Administration I c I can do i it! What is an Independent Administration?

Independent Administration I c I can do i it! What is an Independent Administration?

Independent Administration I c I can do i it! What is an Independent Administration? Been used in Texas since 1840s! Administration without judicial supervision EC 301-402 Quick and easy to probate Probate is a Civil

1.08k views • 84 slides
The Aging Network: What Does the Future Hold Edwin L. Walker Deputy Assistant Secretary for

The Aging Network: What Does the Future Hold Edwin L. Walker Deputy Assistant Secretary for

The Aging Network: What Does the Future Hold Edwin L. Walker Deputy Assistant Secretary for Aging Administration for Community Living Administration on Aging U.S. Department of Health and Human Services edwin.walker@acl.hhs.gov June 14, 2017

414 views • 16 slides
Welfare Peer Technical Assistance Network What is the Welfare Peer TA Network? A Federal

Welfare Peer Technical Assistance Network What is the Welfare Peer TA Network? A Federal

Welfare Peer Technical Assistance Network What is the Welfare Peer TA Network? A Federal initiative through the Office of Family Assistance (OFA), Administration for Children and Families (ACF), U.S. Department of Health and Human Services.

543 views • 9 slides
Someone actually benchmarks public pension administration Founded in 1992 Started with

Someone actually benchmarks public pension administration Founded in 1992 Started with

Someone actually benchmarks public pension administration Founded in 1992 Started with investment management in Canada and the United States The current service includes: comprehensive benchmarking a network for questions

148 views • 10 slides
1 Network Layer Network Layer Recall: Circuit Switching vs. Packet Interplay between routing

1 Network Layer Network Layer Recall: Circuit Switching vs. Packet Interplay between routing

Network Layer Network Layer Chapter 4: Network Layer Mobile network Chapter goals: Global ISP understand principles behind network layer Network Layer services: Home network network layer service models Regional ISP forwarding

550 views • 3 slides
The .ae Domain Administration (.aeDA) .ae Domain Administration (.aeDA) The .aeDA was

The .ae Domain Administration (.aeDA) .ae Domain Administration (.aeDA) The .aeDA was

The .ae Domain Administration (.aeDA) .ae Domain Administration (.aeDA) The .aeDA was established in 2007 by TRA as a department. It is the Regulatory Body and Registry Operator for the .ae country code namespace and dotEmarat the Arabic

262 views • 9 slides
IT SOLUTIONS AND FACILITIES IN SPAIN PORTAL OF JUSTICE ADMINISTRATION ID ELECTRONIC PROCEDURAL

IT SOLUTIONS AND FACILITIES IN SPAIN PORTAL OF JUSTICE ADMINISTRATION ID ELECTRONIC PROCEDURAL

IT SOLUTIONS AND FACILITIES IN SPAIN PORTAL OF JUSTICE ADMINISTRATION ID ELECTRONIC PROCEDURAL MANGEMENT SYSTEM COMPUTER PROGRAMS THAT COLLECT ALL COURT PROCEDINGS COMPATIBILITY TEST INTEROPERABILITY NEUTRAL JUDICIAL NETWORK It is a

230 views • 11 slides
ENSURING QUALITY CARE MEDICATION ADMINISTRATION Medication administration basics Medical

ENSURING QUALITY CARE MEDICATION ADMINISTRATION Medication administration basics Medical

ENSURING QUALITY CARE MEDICATION ADMINISTRATION Medication administration basics Medical orders and medication administration record (MAR) Dispensing and delivering medication Special considerations September 2019 Safety,

2k views • 133 slides
System Administration CSE598K/CSE545 - Advanced Network Security Luke St.Clair - Spring 2008

System Administration CSE598K/CSE545 - Advanced Network Security Luke St.Clair - Spring 2008

495 views • 32 slides
CSN09101 Networked Services Week 8: Essential Apache Week 8: Essential Apache Module Leader: Dr

CSN09101 Networked Services Week 8: Essential Apache Week 8: Essential Apache Module Leader: Dr

CSN09101 Networked Services Week 8: Essential Apache Week 8: Essential Apache Module Leader: Dr Gordon Russell Lecturers: G. Russell This lecture Configuring Apache Mod_rewrite Discussions Configuring Apache Apache

624 views • 48 slides
solution for rural and remote health care Aidan dan Hobbs bbs Business Lead Outreach

solution for rural and remote health care Aidan dan Hobbs bbs Business Lead Outreach

An integrated planning solution for rural and remote health care Aidan dan Hobbs bbs Business Lead Outreach CheckUP Australia Outr Ou treach each Ov Overvie view Rural al Health Outreach ach Fund (RHOF) OF) 1. 1. Medical l

507 views • 25 slides
ACI DADDi Runion du 18 novembre 2005 Herv Debar (France Tlcom R&amp;D) A partir des

ACI DADDi Runion du 18 novembre 2005 Herv Debar (France Tlcom R&amp;D) A partir des

ACI DADDi Runion du 18 novembre 2005 Herv Debar (France Tlcom R&amp;D) A partir des travaux d'Elvis Tombini France Telecom D1 - 21/11/05 Research &amp; Development Overview of WebAnalyser 664 signatures that recognize

324 views • 18 slides
Managements Discussion and Analysis BMOs President &amp; Chief Executive Officer and Chief

Managements Discussion and Analysis BMOs President &amp; Chief Executive Officer and Chief

MANAGEMENTS DISCUSSION AND ANALYSIS Managements Discussion and Analysis BMOs President &amp; Chief Executive Officer and Chief Financial Officer have signed a statement outlining managements responsibility for financial information in

1.2k views • 84 slides
Data types, arrays, pointer, memory storage classes, function call Jan Faigl Department of

Data types, arrays, pointer, memory storage classes, function call Jan Faigl Department of

Data types, arrays, pointer, memory storage classes, function call Jan Faigl Department of Computer Science Faculty of Electrical Engineering Czech Technical University in Prague Lecture 03 B3B36PRG C Programming Language Jan Faigl, 2020

1.14k views • 64 slides
Routing-Verification-as-a-Service (RVaaS) Trustworthy Routing Despite Insecure Providers Liron

Routing-Verification-as-a-Service (RVaaS) Trustworthy Routing Despite Insecure Providers Liron

Routing-Verification-as-a-Service (RVaaS) Trustworthy Routing Despite Insecure Providers Liron Schiff Kashyap Thimmaraju Stefan Schmid Tel Aviv University, IL TU Berlin, DE Aalborg University, DK June 28, 2016 Liron, Kashyap, Stefan

554 views • 20 slides
BUS Electronic Computers M Some drawings are from the Intel book

BUS Electronic Computers M Some drawings are from the Intel book

BUS Electronic Computers M Some drawings are from the Intel book Weaving_High_Performance_Multiprocessor_Fabric 1 Traditional bus Main Interfaces Memory Processor CPU Program Transit ALU Network and status Registers Registers

870 views • 51 slides
Introductions/Updates Richard Hancock Director of Childrens Services Tamesides Early Help

Introductions/Updates Richard Hancock Director of Childrens Services Tamesides Early Help

Introductions/Updates Richard Hancock Director of Childrens Services Tamesides Early Help Offer December 2019 Lorraine Hopkins Head of Service THE EARLY HELP ACCESS POINT Early Help Access Point was launched in March 2019, it has

1.09k views • 76 slides

More recommend