네트웍 관련 설정(NIC,service)

2010.05.11 16:53

조인상 조회 수:11414

원문 : http://www.ischo.net -- 조인상 // 시스템 엔지니어

Writer : http://www.ischo.net -- ischo // System Engineer in Replubic Of Korea

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

본문 : http://www.ischo.net -- 조인상 //시스템 엔지니어

+++++++++++++++++++++++++++++++++++++++++++++++++++++++


출처 : http://www.systemadmin.pe.kr



3. configuring IP connectivity

• ioscan –funC lan
Class I H/W Path Driver S/W State H/W Type Description
===================================================================
lan 0 60/6 lan2 CLAIMED INTERFACE Built-in LAN
/dev/diag/lan0 /dev/ether0
- insf –eC lan 자동lan device file 생성
- lanscan
- ifconfig lan0

• configuring network connectivity
- /etc/rc.config.d/netconf ip,gateway,netmask등 환경구성정의
/sbin/init.d/net stop,start 적용
- /usr/bin/hostname $hostname
/sbin/init.d/hostname stop,start 적용
- /usr/sbin/ifconfig lan0 210.133.109.23 netmask 255.255.255.0 up(down)
lancard 구성적용,down시키기
run level 2에서 적용 -> who –r 확인 후 init 2 실행
- multiple ip 적용
ifconfig lan0:0 inet 210.233.109.23
ifconfig lan0:1 inet 210.233.108.22
- set_parms hostname, timezone, date_time, root_passwd, ip_address,
addl_netwrk or initial (for entire initial boot-time dialog sequence)

4. configuring routing

• netstat –rn 으로 routing table 확인
Routing tables
Dest/Netmask Gateway Flags Refs Use Interface Pmtu
127.0.0.1 127.0.0.1 UH 0 10326 lo0 4136
203.233.109.23 203.233.109.23 UH 0 616 lan0 4136
203.233.109.0 203.233.109.23 U 2 0 lan0 1500
127.0.0.0 127.0.0.1 U 0 0 lo0 4136
default 203.233.109.254 UG 0 0 lan0 1500
- flags U : up H : host (blak) : network G : gateway

• routing table 조작
- default route(gateway)
route add default 203.233.109.23.254 1
- /usr/sbin/route [-f] [-n] [-p pmtu] add|delete [net|host] destination
[netmask mask] gateway [count]
6. trobleshooting network connectivity
• lanscan
• linkloop 0x0800093B16C2
Link connectivity to LAN station: 0x0800093B16C2
-- OK
-> data link level connectivity test
• lanadmin
Enter command: display
LAN INTERFACE STATUS DISPLAY
Mon, Dec 18,2000 22:50:13

PPA Number = 0
Description = lan0 Hewlett-Packard LAN Interface Hw Rev 0
Type (value) = ethernet-csmacd(6)
MTU Size = 1500
Speed = 10000000
Station Address = 0x800093b16c2
Administration Status (value) = up(1)
Operation Status (value) = up(1)
Last Change = 100
Inbound Octets = 297076
Inbound Unicast Packets = 230
Inbound Non-Unicast Packets = 579
Inbound Discards = 0
Inbound Errors = 7
Inbound Unknown Protocols = 395
Outbound Octets = 18173
Outbound Unicast Packets = 248
Outbound Non-Unicast Packets = 2
Outbound Discards = 0
Outbound Errors = 0
Outbound Queue Length = 0
Specific = 655367
• arp : ARP kernel table
• ping : IP connectivity
• netstat –i : LAN interface status
• nslookup : hostname 을 IP 로 변환

7. starting network service

• /sbin/rc*.d/K|S###file : symbolic link file
/sbin/init.d 실행_script
/etc/rc.config.d/configure_file
- 이 script를 고치려면 /sbin/init.d/template file을 고쳐서 샤용한다.
• run revel
- s single user mode(adminisrator) only consol
- S s와 동일하나 terminal을 consol 대신 사용한다
- 1 s와 동일하나 file system이 mount되고 syncer가 실행됨
• /sbin/init 가 system을 /etc/inittab 에 정의된 initdefault까지 revel up 시킨다 이때 각 레벨 마다 init 가 /sbin/rc를 실행시킨다.

8.9 NFS

• 간단히 말하면 remount mount 이며 window에서 파일공유와 유사하다
• nfs configuration
server
1. ps –ef|grep nfs
2. /etc/rc.config.d/nfsconf 에서 NFS_SERVER=1, AUTO_MOUNT=1 로 변경
3. /sbin/init.d/nfs.server start 시킴
4. vi /etc/exports 에 file system, directory, file등이 포함될 수 있다.
5. exportfs -a

client
1. nfsconf 구성 NFS_CLIENT=1 AUTO_MOUNT=1로 변경
2. /sbin/init.d/nfs.client start
3. showmount –e nfs_server_ip
nfs 목록을 알 수있다
4. mkdir nfs_dir(mount point)
5. mount server_ip:목록 nfs_dir
6. bdf로 확인
-> 여기서 client의 user UID와 PID는 server에서 file permission인증에 적용된다.
• nfs server daemon
- rpcbind(hp10.30이후버전), nfsd 4, rpc.pcnfsd, rpc.mounted, rpc.statd,
rpc.lockd
nfs client daemon
- rpcbind, rpc.statd, rpc.lockd
• /etc/exports file 구성 – client 제한하기
- /usr/games cocoa fudge # export to only these machines
/usr -access=clients # export to my clients
/usr/local # export to the world
/usr2 -access=bison:deer:pup # export to only these machines
/var/adm -root=bison:deer # give root access only to these
/usr/new -anon=0 # give all machines root access
(unknown user 에게 root의 UID 부여)
/usr/temp -rw=ram:alligator # export read-write only to these
/usr/bin -ro # export read-only to everyone
/usr/stuff -access=bear,anon=65534,ro
# several options on one line
• /etc/exports, /etc/xtab file
- exportfs –a 실행을 하면 exportfs의 내용을 xtab file로 구성한다. client는 xtab을 기초로 요청을 하게된다. exports file은 수동으로 구성가능 하지만 xtab file 은 자동생성되는 것이다.
• boot시 자동 mount
- /etc/fstab 구성
server:/mnt /mnt nfs defaults(or rw,hard(option)) 0 0 #mount from server.
- client /etc/mnttab file 생성 : nfs mounted file system list
- server /etc/rmtab file 생성 : nfs mount client 기록

• NFS troubleshooting
- /etc/exports file
- exportfs
- inetd daemon
- rpcbind daemon
- rpc.mountd
-> rpcinfo –p로 daemon 확인
- nfs 상태확인 nfsstat –s(server) –c(client)

10.automounter (nfs client)

• automounter maps
- master map
- direct map
- indirect map
- special map

• master map
- /etc/auto_master
/- /etc/auto.direct
/home /etc/auto.home
/net -hosts -soft
- master map 재 구성
1. ps –ef|grep automount
2. kill –TERM pid
3. automount
• direct map
- nfs server의 /etc/exports file
/usr/project -access=client_hostname
- nfs client의
1. /etc/auto_master
/- /etc/auto.direct
2. /etc/auto.direct
/local_mount_dir nfs_server_ip(or hostname):/usr/project
3. /sbin/init.d/nfs.client start
ps –ef | grep –e rpcbind –e biod –e automount
- client /tmp_mnt/local_mount_dir mount 되고 이것이 /local_mount_dir로 symbolic link된다

11.NIS (network information service)

• nis maps
- /var/yp/domainname/ 에 map file생성
- 예) /etc/passwd 는 다음의 database file로 생성
passwd.byname.dir
passwd.byname.pag
passwd.byuid.dir
passwd.byuid.pag
ypservers는 자동으로 생성되는 nis domain list file

/var/yp/Stratus> ls
./ netgroup.byhost.pag protocols.bynumber.dir
../ netgroup.byuser.dir protocols.bynumber.pag
aliases.time netgroup.byuser.pag protocols.time
auto.master.dir netgroup.dir publickey.byname.dir
auto.master.pag netgroup.pag publickey.byname.pag
auto_master.time netgroup.time publickey.time
group.bygid.dir netid.byname.dir rpc.byname.dir
group.bygid.pag netid.byname.pag rpc.byname.pag
group.byname.dir netid.time rpc.bynumber.dir
group.byname.pag networks.byaddr.dir rpc.bynumber.pag
group.time networks.byaddr.pag rpc.time
hosts.byaddr.dir networks.byname.dir servi.bynp.dir
hosts.byaddr.pag networks.byname.pag servi.bynp.pag
hosts.byname.dir networks.time services.byname.dir
hosts.byname.pag passwd.byname.dir services.byname.pag
hosts.time passwd.byname.pag services.time
mail.aliases.dir passwd.byuid.dir vhe_list.dir
mail.aliases.pag passwd.byuid.pag vhe_list.pag
mail.byaddr.dir passwd.time vhe_list.time
mail.byaddr.pag protocols.byname.dir ypservers.dir
netgroup.byhost.dir protocols.byname.pag ypservers.pag

• nis startup file
- /etc/rc.config.d/namesvrs
/sbin/init.d/nis.server nis.client
• nis daemons

nis server nis slave nis client
rpcbind
ypserv
ypxfrd
rpc.yppasswdd
rpc.ypupdated
keyserv
ypbind rpcbind
ypserv
ypxfrd
keyserv
ypbind rpcbind
ypbind
keyserv

• configuring nis
- nis master server
1. domainname domain
2. ypinit –m(master)
You will be required to answer a few questions to install the Network Information Ser
vice.
All questions will be asked at the beginning of this procedure.
Do you want this procedure to quit on non-fatal errors? [y/n: n] y
Can the existing directory "/var/yp/Stratus"
and its contents be destroyed? [y/n: n] y
At this point, you must construct a list of the hosts which will be
NIS servers for the "Stratus" domain.
This machine, kccfep, is in the list of Network Information Service servers.
Please provide the hostnames of the slave servers, one per line.
When you have no more names to add, enter a <ctrl-D> or a blank line.

next host to add: kccfep
next host to add:
The current list of NIS servers looks like this:
kccfep
Is this correct? [y/n: y] y
There will be no further questions. The remainder of the procedure should take
5 to 10 minutes.
Building the ypservers database... ypservers build complete.

Running make in /var/yp:
updated passwd
updated group
updated hosts
updated networks

updated rpc
updated services
updated protocols
updated netgroup
WARNING: writable directory /var/yp/Stratus
WARNING: writable directory /var/yp/Stratus
WARNING: writable directory /var/yp/Stratus
updated aliases
updated publickey
updated netid
updated vhe_list
updated auto.master
kccfep has been set up as a master Network Information Service server without any
errors.
If there are running slave NIS servers, run yppush(1M) now for any databases
which have been changed. If there are no running slaves, run ypinit on
those hosts which are to be slave servers.
3. vi /etc/rc.config.d/namesvrs
NIS_MASTER_SERVER=1
NIS_CLIENT=1
NIS_DOMAIN=domainname
4. /sbin/init.d/nis.server start
- nis slave server
1. domainname domain
2. ypinit –s master_server
3. vi /etc/rc.config.d/namesvrs
NIS_SLAVE_SERVER=1
NIS_CLIENT=1
NIS_DOMAIN=domainname
4. /sbin/init.d/nis.server start
- nis client
1. domainname domain
2. vi /etc/rc.config.d/namesvrs
NIS_CLIENT=1
NIS_DOMAIN=domainname
3. /sbin/init.d/nis.client start
• change user passwd in nis environment
- client : user passwd 변경
master server : rpc.yppasswdd daemon 이 /etc/passwd 와 map file을 변경시킴
- user 가 passwd를 잊은경우(master server의 root가 master server에서)
1. vi /etc/passwd
2. passwd –r map_file username
3. /var/yp/ypmake passwd
• master server에서 map file 가져오기 : map file update 방법
- slave server
ypxfr –h server mapname : ypxfr passwd.byuid
- master server
yppush passwd.byuid
• restricting access client, slave
1. /etc/nsswitch.conf
passwd : compat
group : compat
2. /etc/passwd
…………………….
+user1
+user2
-> 모든 local user와 nis user1,2 만이 사용가능
• restricting access master server
-> master server 사용가능한 user 제한하기
1. cp /etc/passwd /etc/passwd.nis
2. vipw
제한하고픈 user 지우고 + 표기를 file 끝에 남김
3. vi /etc/nsswitch.conf
passwd: compat
group: compat
4. vi /etc/rc.config.d/namesvrs
YPPASSWDD_OPTIONS=”/etc/passwd..nis –m passwd PWFILE=/etc/passwd.nis”
5. /sbin/init.d/nis.server start
6. vi /var/yp/ypmake
PWFILE=${PWFILE:-$DIR/PASSWD.NIS}
7. /var/yp/ypmake passwd

• NIS+
-
12.DNS name resolution

• hostname 을 ip로 변경하기
- BIND, /etc/hosts/ ,NIS
• configuring primary name server
1. vi /etc/hosts
203.233.109.29 airjo21.sysone.co.kr airjo21
2. mkdir /etc/named.data
3. vi /etc/named.data/param
-d sysone.co.kr (domain) : 여러 개의 domain을 포함하는경우 모두 기재
-n 203.233.109 (subnet) : 여러 개의 domain을 포함하는경우 모두 기재
-z 203.233.109.primary_server_ip
-b /etc/named.boot (boot file for named)
4. hosts_to_named –f param
DNS data file 생성
/etc/named.boot
/etc/named.data/에 db.ca, db.127.0.0, db.203.233.109, db.root, boot.sec
boot.sec.save, boot.cachonly
5. vi /etc/rc.config.d/namesvrs
NAMED=1
6. vi /etc/resolv.conf
domain sysone.co.kr
nameserver pri_ip
nameserver sec_ip
7. /sbin/init.d/named start

• configuring secondary name server
1. vi /etc/hosts
자신의 것만 구성되어도 됨
2. mkdir /etc/named.data
chmod 755 /etc/named.data
3. ftp pri_ip
mget /etc/named.data/db.*
get /etc/named.data/boot.sec.save
get /etc/named.boot
4. vi /etc/rc.config.d/namesvrs
NAMED=1
5. vi /etc/named.data/db.cache
. IN NS hostname.sysone.co.kr
hostname.sysone.co.kr IN A pri_ip
6. /sbin/init.d/named start

• configuring clients
1. vi /etc/resolv.conf
search(doamin) sysone.co.kr
nameserver 164.124.101.2
2. /vi/etc/nsswitch.conf
hsots: dns nis files

- /etc/nsswitch.hp_defaults 예제파일을 복사하여 사용
# /etc/nsswitch.hp_defaults:

# An example file that could be copied over to /etc/nsswitch.conf; it
# uses NIS (YP) in conjunction with files.
#

passwd: compat
group: compat
hosts: dns [NOTFOUND=return] nis [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files
netgroup: nis [NOTFOUND=return] files
automount: files nis
aliases: files nis
services: nis [NOTFOUND=return] files

3. vi /etc/hosts
127.0.0.1 localhost
203.233.109.33 airjo21.sysone.co.kr airjo21
4. vi /.rhosts /etc/hosts.equiv

• /etc/named.boot file : DNS boot file
;
; type domain source file
;
directory /etc/named.data ; running directory for named
primary 0.0.127.IN-ADDR.ARPA db.127.0.0
primary sysone.co.kr db.sysone
primary 109.233.203.IN-ADDR.ARPA db.203.233.109
cache . db.cache
-> db.sysone : hostname and ip
db.cache : root server location
• updating primary server
1. vi /etc/hosts
2. /etc/named.data/hosts_to_named –f param
3. sig_named restart
sig_named - send signals to the domain name server

• updating secondary server
1. auto
2. 즉각적인 적용
sig_named restart


13.internet services

• /sbin/init.d/inetd : super services process
- boot시 실행되어 system shutdown시 down 되며 client의 services 요구에 telnetd,
ftpd, rlogind 등을 실행시킨다 이것은 오직 server에서만 필요하며 client가 telnet등을
실행시에는 필요없다
/etc/inetd.conf
/etc/services
/var/adm/inetd.sec
• /etc/inetd.conf file
# ARPA/Berkeley services
#
##
#ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l
telnet stream tcp nowait root /usr/lbin/telnetd telnetd
# Before uncommenting the "tftp" entry below, please make sure
# that you have a "tftp" user in /etc/passwd. If you don't
# have one, please consult the tftpd(1M) manual entry for
# information about setting up this service.
tftp dgram udp wait root /usr/lbin/tftpd tftpd\
/opt/ignite\
/var/opt/ignite
bootps dgram udp wait root /usr/lbin/bootpd bootpd
#finger stream tcp nowait bin /usr/lbin/fingerd fingerd
login stream tcp nowait root /usr/lbin/rlogind rlogind
shell stream tcp nowait root /usr/lbin/remshd remshd
exec stream tcp nowait root /usr/lbin/rexecd rexecd
#uucp stream tcp nowait root /usr/sbin/uucpd uucpd
ntalk dgram udp wait root /usr/lbin/ntalkd ntalkd
ident stream tcp wait bin /usr/lbin/identd identd

- # 그 service 막기
- wait option은 daemon을 하나만 실행시켜 이미 실행되고 있을 때 요청한 client는 끝
날때까지 기다려야 한다
- 변경한 내용 강제적용 inetd -c

• /etc/services
- service port number
• /var/adm/inetd.sec
- login allow 10.* 192.54.24.5
to allow all hosts with network addresses starting with a
10, as well as the single host with address 192.54.24.5 to use rlogin:
- sprayd deny 192.54.24.5
On a system running NFS, deny host 192.54.24.5 access to sprayd, an
RPC-based server:
- shell deny 10.3-5.*
A range is a field containing a - character. To deny hosts in network
10 (arpa) with subnets 3 through 5 access to remsh:
- login deny 192.54.24.5 cory.berkeley.edu testlan
The following entry denies rlogin access to host cory.berkeley.edu,
any hosts on the network named testlan, and the host with internet
address 192.54.24.5:
- If a remote service is not listed in the security file, or if it is listed but it is not followed by allow or deny, all remote hosts can attempt to use it. Security is then provided by the service itself.
- ftp
Allow all hosts to use ftp:
- shell deny
Deny all access to the shell service; i.e., remsh:

• inetd logging
- /var/adm/syslog/syslog.log에 기록됨
Dec 22 23:20:55 unknown inetd[1048]: telnet/tcp: Connection from unknown (203.233.109.29) at Fri Dec 22 23:20:55 2000
- /etc/rc.config.d/netdaemons
export INETD_ARGS="-l"
- last
user를 확인
성공 login log /var/adm/wtmp에 실패 login log /var/adm/btmp에 기록
lastb 실패 user 보기
• system and user equivalency
- user passwd free access to remote host
- only rlogin, remsh, rcp
- root homedir/.rhosts만 검사하며 user는 /etc/hosts.equiv와 homedir/.rhosts가 있을 경우 /etc/hosts.equiv에 우선적으로 적용을 받는다.
- r—r—r-- /etc/hosts.equiv
rw----- ~/.rhosts

• FTP configure
- ~/.netrc (rw--------)
machine hpxdzg login guest password sesame
-> host hpxdzg whose guest account has the password sesame
ftp시 passewd 확인 없시 사용
root는 불가능
- /etc/ftpusers(r—r—r--)
deny ftp access
- anonymous ftp access 계정 만들기
/etc/passwd
ftp:*:500:10::/home/ftp/:/user/bin/false
mkdir /home/ftp

14. bootp and tftp server

• /sbin/init.d/inetd : super

15. NTP network time protocol

• NTP roles
- local NTP server
vi /etc/ntp.conf
server 127.127.1.1
fudge 127.127.1.1 stratum 10
-> 127.127.1.1 : ntp use internal clock
- client direct server polling
vi /etc/ntp.conf
server ntp_server_ip
driftfile /etc/ntp.drift
-> default polling interval 64초
- client broadcast polling
vi /etc/ntp.conf
brodcastclient yes
driftfile /etc/ntp.drift
-> clients same subnet, reduce traffic
• configuring NTP server
1. vi /etc/rc.config.d/netdaemons
######################################
# xntp configuration. See xntpd(1m) #
######################################
#
# Time synchronization daemon
#
# NTPDATE_SERVER: name of trusted timeserver to synchronize with at boot
# (default is rootserver for diskess clients)
# XNTPD: Set to 1 to start xntpd (0 to not run xntpd)
# XNTPD_ARGS: command line arguments for xntpd
# Also, see the /etc/ntp.conf and /etc/ntp.keys file for additional
# configuration.
#
export NTPDATE_SERVER=
export XNTPD=1
export XNTPD_ARGS=
2. vi /etc/TIMEZONE
3. vi /etc/ntp.conf
server 127.127.1.1
fudge 127.127.1.1 stratum 10
- 127.127.1.1 pshedo server ip
- stratum 1 ~ 15 , 1 most accurate
4. /sbin/init.d/xntpd start
5. ntpq -p
• configuring NTP client
1. vi /etc/ntp.conf
2. vi /etc/rc.config.d/netdaemons
export NTPDATE_SERVER=server_ip
export XNTPD=1
export XNTPD_ARGS=
3. /sbin/init.d/xntpd start




======= 추가내용 ==========

서비스 올리는 방법
nd start
nd restart
nd stop
서버에 요청 중입니다. 잠시만 기다려 주십시오...