August 20, 2008
10 quick tips to make Linux networking easier
- Date: August 14th, 2008
- Author: Jack Wallen
Linux makes networking simple and secure — if you know a few tricks. Jack Wallen shares some pointers to help admins knock out various Linux networking tasks with a minimum of effort.
Networking is a must-have on all levels of computing. Be it home or corporate, networking is the one aspect of computing that is, without a shadow of a doubt, a deal breaker. And with some help, the Linux operating system can be the king of networking, in both ease of use and security. But that doesn’t mean the average (and sometimes even the above-average) user can’t use some help. These tips should help make Linux networking go a little more smoothly.
Note: This information is also available as a PDF download.
#1: Make use of your /etc/hosts file
The hosts file is used for static host names and offers a quick way to create networking shortcuts. One of the first things I do on a Linux machine is add various machines to the /etc/hosts file. This saves me from having to type a lot of IP addresses. The format of an address for this file is:
For example, if I use one machine for a backup location at IP address 192.168.1.101, I could enter:
Now if I have to connect to that machine, say with secure shell, I can just type ssh -v -l username backups to make the connection.
#2: Keep out unwanted users with /etc/hosts.deny
Yet another helpful “hosts” file is the hosts.deny file. This file allows you to create access control based on client or server names. This is helpful in many ways. You can block blacklist domains from gaining access to your network or you can block certain users from gaining access to certain machines. But no matter how you use it, the format is the same.
Let’s say you want to block the domain bad.domain.name from gaining access to a machine. To do this, open up the /etc/hosts.deny file (you will need either root or sudo privileges) and add this to the bottom of the file:
Save it and you’re good to go.
#3: Let WICD handle your wireless woes
I can’t tell you how many times I have found myself banging my head against a server rack. For the longest time Linux and wireless networking were simply not good bedfellows. But that is quickly becoming a thing of the past. With modern distributions, wireless card detection has become a no-brainer. The issue now is encryption.
Many of the Linux wireless tools have trouble when any encryption is involved. But the WICD tool takes care of this. Now, connecting to WPA or WPA2 encrypted wireless networks is simple. Add to that the amazingly easy GUI employed by WICD and you can check one nasty headache off your list.
#4: Download and install a front end for iptables
You can’t assume that just because you are using Linux, you are secure. You still need some security. And the best security you can have with Linux is iptables. The only problem with iptables is that it can be challenging (especially for the new user). Fortunately, there are outstanding graphical front ends for iptables. One of the best is Firestarter. This front end makes employing iptables a simple process, so you won’t keep bypassing security out of fear of the learning curve.
#5: Get to know the command-line tools
Let’s face it: If you’re running Linux, there might be an instance where you will need to restart your network and you won’t have access to the GUI. In this particular case, knowing that /etc/rc.d/network restart will do the trick will solve your problem. Of course, that’s not the only networking command-line tool. You’ll also want to know tools like dhclient, traceroute, samba, ping, and netstat.
#6: Hard-code your DNS server addresses
I don’t know how many times I have had networking problems that pointed directly at missing DNS server addresses. To this end, I have made it habit to hard-code my DNS servers into the /etc/resolv.conf file. The format of the entries is:
where IP_ADDRESS is the actual address of your name server. You can have as many name servers listed as you need.
#7: Install ClamAV
If you run a mail server, an antivirus is essential. Even though you are running Linux and you know your mail server is immune to 99.9999999% of the viruses in the wild, that doesn’t mean all those clients that download mail from your server are immune. With this in mind, you will make your administrating life far easier if you install an antivirus like ClamAV onto your Linux mail server. It will give you peace of mind and enough security to ensure that your users most likely won’t come knocking at your office door demanding retribution.
#8: Know how to configure an IP address manually
Yes, there are GUI tools for this. And yes, they all work very well. But as you will eventually find if you administer any operating system long enough, it’s never bad to have backup tools to help you do your job. And one of the best backup tools for Linux networking is the ifconfig command. Not only will this command return to you (with no arguments) your network card information, it will also allow you to configure your network card manually. This is done like so:
/sbin/ifconfig eth0 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255
Of course, you will want to plug in your particular information as it applies to the above.
#9: Get to know your /etc/interfaces (Ubuntu) or /etc/sysconfig/network-scripts (Red Hat/Fedora) file(s)
This file (or files) is where the information for each network interface is stored. The format for this file is:
auto lo iface lo inet loopback
auto eth0 iface eth0 inet dhcp
auto eth1 iface eth1 inet dhcp
auto eth2 iface eth2 inet dhcp
auto ath0 iface ath0 inet dhcp
auto wlan0 iface wlan0 inet dhcp
As you can see above, all of my interfaces are set up for dhcp. This is my laptop, which goes with me everywhere, so dhcp is a necessity. But what if I use the wired interface in only one location? For that, I can hard-code the information here under the eth0 interface like so (for Ubuntu):
iface eth0 inet static address 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255 network 192.168.1.104 gateway 192.168.1.1
Or like so (For Red Hat/Fedora):
DEVICE=eth0 BOOTPROTO=static BROADCAST=192.168.1.255 IPADDR=192.168.1.10 NETMASK=255.255.255.0 NETWORK=192.168.1.104.0 ONBOOT=yes
Again, you would plug in all the information suited to your network and your device.
#10: Don’t forget smbpasswd when setting up Samba
Nearly every time clients come to me with Samba issues, the problem is that they haven’t added the user and a password with smbpasswd. Without doing this, propecia msd the user will not be able to authenticate to the Samba server. And when using smbpasswd to add a new user, you have to add the “-a” switch like so:
smbpasswd -a USERNAME
After you hit Enter, you will be asked for the users’ password (twice). NOTE: You must have root access (or sudo) to pull this off.
These 10 quick tips should help make various aspects of Linux networking easier. You never know when you’ll wind up having to rely on the command line or you’ll need to enlist the help of a graphical front end for iptables. Now, if you do, you should be good to go.