tyt09fi.htm

tcpip 协议学习电子书籍 第一次上传东西

snmp            161/udp

snmp-trap       162/udp

bgp             179/tcp

#

# UNIX specific services

#

exec            512/tcp

biff            512/udp         comsat

login           513/tcp

who             513/udp         whod

shell           514/tcp         cmd             # no passwords used

syslog          514/udp

printer         515/tcp         spooler         # line printer spooler

talk            517/udp

ntalk           518/udp

efs             520/tcp                         # for LucasFilm

route           520/udp         router routed   # 521 also

timed           525/udp         timeserver

tempo           526/tcp         newdate

courier         530/tcp         rpc

conference      531/tcp         chat

netnews         532/tcp         readnews

netwall         533/udp                         # -for emergency broadcasts

uucp            540/tcp         uucpd           # uucp daemon

remotefs        556/tcp         rfs_server rfs  # Brunhoff remote filesystem

pppmsg          911/tcp                         # PPP daemon

listen         1025/tcp         listener RFS remote_file_sharing

nterm          1026/tcp         remote_login network_terminal

ingreslock     1524/tcp</FONT></PRE>

<P>The /etc/hosts.equiv file controls access from other machines. The /etc/ftpusers file prevents unauthorized logins with specific user names. Both files are examined in more detail in the sections later today titled &quot;User Equivalence&quot; and &quot;Anonymous FTP.&quot;

<BR>

<P>The /etc/inetd.conf file, mentioned earlier, controls the processes started by the inetd daemon when the system boots. The default inetd.conf file is fine for the sample system and seldom requires modification. The file appears as follows:

<BR>

<PRE>

<FONT COLOR="#000080">#      @(#)inetd.conf    5.2 Lachman System V STREAMS TCP  source

#

#    System V STREAMS TCP - Release 4.0

#

#      SCCS IDENTIFICATION

ftp       stream    tcp  nowait    NOLUID    /etc/ftpd      ftpd

telnet    stream    tcp  nowait    NOLUID    /etc/telnetd   telnetd

shell     stream    tcp  nowait    NOLUID    /etc/rshd      rshd

login     stream    tcp  nowait    NOLUID    /etc/rlogind   rlogind

exec      stream    tcp  nowait    NOLUID    /etc/rexecd    rexecd

finger    stream    tcp  nowait    nouser    /etc/fingerd   fingerd

#uucp     stream    tcp  nowait    NOLUID    /etc/uucpd     uucpd

# Enabling this allows public read files to be accessed via TFTP.

#tftp     dgram     udp  wait      nouser    /etc/tftpd     tftpd

comsat    dgram     udp  wait      root      /etc/comsat    comsat

ntalk     dgram     udp  wait      root      /etc/talkd     talkd

#bootps   dgram     udp  wait      root      /etc/bootpd    bootpd

echo      stream    tcp  nowait    root      internal

discard   stream    tcp  nowait    root      internal

chargen   stream    tcp  nowait    root      internal

daytime   stream    tcp  nowait    root      internal

time      stream    tcp  nowait    root      internal

echo      dgram     udp  wait      root      internal

discard   dgram     udp  wait      root      internal

chargen   dgram     udp  wait      root      internal

daytime   dgram     udp  wait      root      internal

time      dgram     udp  wait      root      internal

smtp      stream    tcp  nowait    mmdf      /usr/mmdf/chans/smtpd smtpd /usr/mmdf/chans/smtpsrvr smtp</FONT></PRE>

<P>With the files set up as shown and the daemons properly loading, TCP/IP and UDP should both be active and available. Most operating systems require a reboot after any changes to the kernel or some configuration files, so modifications to the TCP/IP files should be followed by system resets.

<BR>

<P>When the system boots, the TCP/IP daemons should be listed in the startup messages shown on the console. Any errors in the daemon startups are shown on the display or mailed to the system administrator. Usually, these error messages are cryptic but at least indicate the presence of a problem (which is better than you worrying about configuration information when the daemon is at fault).

<BR>

<BR>

<A ID="E69E129" NAME="E69E129"></A>

<H4 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>Configuring Linux</B></FONT></CENTER></H4>

<BR>

<P>Linux is a public domain UNIX version that has become very popular. In this section I configure the SlakWare release of Linux on the sample network. Many other Linux versions use the same TCP/IP configuration process as SlakWare, but you should check your version's release notes for any changes. Linux is a combination of BSD UNIX and SVR4 UNIX, but most of the configuration files for TCP/IP are identical to those for SCO UNIX and Solaris 2.4. Before you start configuring the TCP/IP files, though, you need to check a few details on your Linux system.

<BR>

<P>Most networked versions of Linux rely on the /proc filesystem, which must be created and mounted before networking can be configured and tested. Most Linux versions automatically create the /proc filesystem when the operating system is installed, so you shouldn't have to do anything more than make sure it is properly mounted by the kernel. The /proc filesystem is essentially a quick interface point for the kernel to obtain network information, as well maintaining important tables that are usually kept in the subdirectory /proc/net, which is created by the network installation routine.

<BR>

<P>If the /proc filesystem is not created by your Linux kernel, you have to rebuild the kernel and select the /proc option. Change to the source directory (such as /usr/src/Linux) and run the configuration routine with this command:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">make config</FONT></PRE>

<P>When you are asked if you want the procfs support, answer yes. If you do not get asked about the /proc filesystem support, and the /proc directory is not created on your filesystem, you need to upgrade your kernel to support networking.

<BR>

<P>You can make sure the /proc filesystem is mounted automatically on your Linux system by examining the startup code for the kernel. To force the /proc filesystem to be mounted automatically, modify the /etc/fstab file and add the mount command there. Check the entries in /etc/fstab to see if there is a line like this:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">none  /proc  proc  defaults</FONT></PRE>

<P>If no such line exists, you should add it to the contents of the /etc/fstab file using an ASCII editor.

<BR>

<P>Another step you must take before configuring TCP/IP under Linux is to set the hostname. To set the hostname, use this command:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">hostname <I>name</I></FONT></PRE>

<P>The <I>name</I> is the system name you want for your local machine. If a hostname is not already set, you can set the full domain name using this command:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">hostname freya.tpci.com</FONT></PRE>

<P>This sets the hostname to freya on the sample network. When you set the local machine's name with the hostname command, an entry is usually made in the /etc/hosts file. You should verify that your machine name appears in that file.

<BR>

<P>The next step in configuring TCP/IP on your Linux machine is to make the network interface accessible. This is done with the ifconfig command. When run, ifconfig essentially makes the network layer of the kernel work with the network interface by giving it an IP address. When the interface is active, the kernel can send and receive data through the interface.

<BR>

<P>There are several interfaces you need to set up for your Linux machine, including the loopback driver (if it is not already created) and the Ethernet interface. The ifconfig command is used for each interface in turn. The general format of the ifconfig command is this:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">ifconfig <I>interface_type</I> <I>IP_Address</I></FONT></PRE>

<P>The <I>interface_type</I> is the interface's device driver name (such as lo for loopback and eth for Ethernet). The <I>IP_Address</I> is the IP address used by that interface.

<BR>

<P>When the ifconfig command has been run and the interface is active, you can use the route command to add or remove routes in the kernel's routing table. This is needed to enable the local machine to find other machines. The general format of the route command is this:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">route add|del <I>IP_Address</I></FONT></PRE>

<P>Either add or del is specified to add or remove the route from the kernel's routing table, and <I>IP_Address</I> is the remote route being affected.

<BR>

<P>You can display the current contents of the kernel's routing table at any time by entering the command route all by itself on the command line. For example, if your system is set up with only the loopback driver, you see an output like this:

<BR>

<PRE>

<FONT COLOR="#000080">$ route

Kernel Routing Table

Destination    Gateway   Genmask   Flags  MSS  Window  Use Iface

loopback         *       255.0.0.0   U    1936  0       16  lo</FONT></PRE>

<P>The important columns are the destination name, which shows the name of the configured target (in this case, loopback), the mask to be used (Genmask), and the interface (Iface, in this case /dev/lo). You can force route to display IP addresses instead of symbolic names by using the -n option:

<BR>

<PRE>

<FONT COLOR="#000080">$ route -n

Kernel Routing Table

Destination    Gateway   Genmask   Flags  MSS  Window  Use Iface

127.0.0.1         *      255.0.0.0   U    1936  0       16  lo</FONT></PRE>

<P>A typical Linux network configuration includes a couple of interfaces. The loopback interface should exist on every machine. Once the loopback driver is configured, you can add the Ethernet driver for the network. You begin by installing the loopback driver.

<BR>

<P>The loopback interface should exist on every machine. The loopback interface always has the IP address 127.0.0.1, so the /etc/hosts file should have an entry for this interface. The loopback driver might have been created by the kernel during software installation, so check the /etc/hosts file for a line similar to this:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">localhost  127.0.0.1</FONT></PRE>

<P>If the line exists, the loopback driver is in place. Make sure the line doesn't have a pound sign ahead of it, which would comment it out. You can also use the ifconfig utility to display all the information it knows about the loopback driver. Use this command:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">ifconfig lo</FONT></PRE>

<P>You should see several lines of information about the loopback driver. If you get an error message, the loopback driver does not exist. 

<BR>

<P>If the loopback interface is not in the /etc/hosts file, you need to create it with the ifconfig command. The command

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">ifconfig lo 127.0.0.1</FONT></PRE>

<P>creates the necessary line in /etc/hosts.

<BR>

<P>Next you should add the loopback driver to the kernel routing tables with one of these two commands:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">route add 127.0.0.1</FONT></PRE>

<P>or

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">route add localhost</FONT></PRE>

<P>It doesn't matter which command you use because they both refer to the same thing. The command essentially tells the kernel that it can use the route to address 127.0.0.1 or to the name localhost.

<BR>

<P>As a quick check that all is correct with the loopback driver, you can use the ping command to check the routing. If you issue either of these two commands:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">ping localhost</FONT></PRE>

<P>or

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">ping 127.0.0.1</FONT></PRE>

<P>you should see output like this:

<BR>

<PRE>

<FONT COLOR="#000080">PING localhost: 56 data bytes