System & Network

Administration
Course
Code: COSC4036
Salale University
College of Natural Sciences
Department of Computer Science
Chapter-4
Network Management
4.1. TCP/IP Networking:

TCP/IP (Transmission Control Protocol/Internet Protocol) is a suite of

communication protocols that form the foundation of the internet. It enables
communication between devices on a network by establishing a common
language for data exchange. Here's a breakdown of key concepts:
The TCP/IP Model:

Application Layer: Provides network services to applications

like w eb browsing (HTTP), email (SMTP), and file transfer (FTP).
Transport Layer: Responsible for reliable data deliv ery
betw een applications on different devices. Key protocols
include TCP (Transmission Control Protocol) for reliable, in-
The TCP/IP model is a layered framework that order deliv ery, and UDP (User Datagram Protocol) for faster,
defines how data is packaged, addressed, connectionless communication.
transmitted, and received across networks. It Network Layer: Handles routing and addressing of data
packets across networks. The primary protocol here is I P
consists of four main layers: (I nternet Protocol), w hich assigns unique I P addresses to
dev ices and defines the format of data packets.
Link Layer: Deals with physical transmission of data ov er the
netw ork medium (cables, Wi-Fi). Protocols like Ethernet and
Wi-Fi operate at this layer.
How it Works:

Application initiates communication: An application on a dev ice (e.g., your web browser)
sends data to the network layer.

Data is segmented and encapsulated: The data is broken down into smaller packets and
wrapped with headers containing addressing and control information at each layer.

Packets travel through the layers: Each layer adds its own header and performs specific
tasks before passing the packet down to the next layer.

Packets reach the destination device: The packets trav el across the network, and the
destination dev ice's network layers process the headers to reassemble the original data and
deliv er it to the corresponding application.
 Standardized: Enables communication
between diverse devices and networks
due to its universal nature.
Modular: The layered structure allows
for independent development and
improvement of each layer.
Benefits of
TCP/IP
Scalable: The architecture can
accommodate a vast number of
interconnected devices.
Reliable: TCP ensures reliable data
delivery, while UDP offers speed for
time-sensitive applications.
4.2. Configuring a Linux Box for
Networking

Configuring a Linux box for networking involves establishing

a network connection and setting up essential parameters.
Here's a roadmap to guide you through the process:
 Wired or Wireless: Determine if
you're connecting via Ethernet
cable or Wi-Fi.

Identifying Network Interface Name: Use the ip

Network addr or ifconfig command
Hardware: (depending on your Linux
distribution) to identify the network
interface name (e.g., eth0, wlan0).
 Command Line: Offers granular
control and is suitable for
experienced users. Common
tools include ifconfig, nmcli,
and network configuration files.
Choosing a
Configuration Desktop Environment GUI: Most
Method: desktop environments provide
user-friendly interfaces for
network configuration.
 Here's a general outline for static IP configuration using
the command line (steps might v ary slightly depending on
your distribution):

Edit network interface configuration file: Use sudo nano

/etc/network/interfaces (or similar file based on your
distro).

Network Configure settings: Specify details like DEVICE (interface

Configuration name), ONBOOT=yes (enable interface at
boot), IPADDR (static IP address), NETMASK (subnet mask),
(Command and optionally GATEWAY (default gateway)
and DNSNAMESERVER (DNS serv er addresses).
Line):
Save and restart networking: Sav e the configuration file
and restart the network serv ice using sudo systemctl
restart networking (or similar command for your distro).
Verification:

Once configured, use commands like ping or ip addr to

verify network connectivity and confirm you can reach
the internet or other devices on the network.
4.3. Configuring a Linux Box as a Router

Transforming your Linux box

into a capable router involves
several configuration steps.
Here's a breakdown of the
essential processes:
Prerequisites:

Network Hardware: You'll need a Linux machine with two or more network
interfaces (Ethernet ports). One interface will connect to your modem/internet
source (WAN), and the others will connect to your internal network devices
(LAN).

IP Forwarding: Enable IP forwarding in your Linux kernel using sysctl -w

net.ipv4.ip_forward=1 (for IPv4) or the equivalent for IPv6. You can make this
setting persistent by editing the relevant configuration file (e.g., /etc/sysctl.conf).
Network Interface Configuration:

Static IPs: Assign static IP addresses to each network interface. The WAN
interface will typically have an IP address provided by your ISP, while the LAN
interface can be configured within a private network range (e.g.,
192.168.1.0/24).

Routing Table: Configure the routing table using the route command or a
graphical tool to direct network traffic. The WAN interface will be the default
gateway for internet access.
Network Address Translation
(NAT):

iptables/nftables: Utilize firewall tools like iptables (legacy)

or nftables (newer) to implement Network Address
Translation (NAT). NAT allows multiple dev ices on your
internal network (priv ate IP addresses) to share a single
public IP address prov ided by your ISP.
DHCP Server (Optional):

DHCP Service: For a more conv enient experience on your internal network,
consider setting up a DHCP (Dynamic Host Configuration Protocol) serv er. This
serv ice automatically assigns IP addresses, subnet masks, and default gateway
information to dev ices connecting to your network. Common DHCP serv er
options include ISC DHCP or dnsmasq.
Security Considerations:

Firewall Rules: Configure firewall rules using iptables/nftables to

restrict incoming and outgoing traffic, enhancing security on your
network. Only allow necessary traffic and block potential threats.
4.4. Configuring a Web Server
(Apache)

Configuring Apache, a popular web server software, on your Linux

box allows you to host websites and make them accessible over
the internet. Here's a step-by-step guide to get you started:
Installation

Package Manager: Use your distribution's package manager to install

the Apache web serv er package. For example, on Ubuntu/Debian,
you'd use sudo apt update followed by sudo apt install apache2.
Verification

Basic Test: Once installed, open a web browser and navigate

to http://localhost or the IP address of your Linux machine. You
should see the default Apache welcome page.
Document Root

Content Location: The document root directory stores the website's

content (HTML files, images, etc.). By default, it's located
in /var/www/html on many distributions. You can place your website files
there.
Virtual Hosts

Multiple Websites: If you plan to host multiple websites on the same serv er, you'll need
to configure v irtual hosts. This tells Apache which website content to serv e based on
the domain name or IP address. Edit configuration files (usually in /etc/apache2/sites-
av ailable/) to create v irtual host configurations.
Permissions

Ownership and Access: Ensure the Apache user has ownership and
appropriate permissions to access the document root directory and website
files. Use commands like chown and chmod to adjust permissions if needed.
Firewall Rules

Port Access: If you have a firewall enabled, make sure it allows

incoming traffic on port 80 (default HTTP port) to access your
web server.
Restarting Apache

Saving Changes: Whenever you make configuration changes to Apache,

you'll need to restart the service for them to take effect. Use sudo systemctl
restart apache2 (or similar command for your distro).
4.5. Configuring a DNS Server (BIND) on Your
Linux Box

BIND (Berkeley Internet Name Domain) is a popular and powerful DNS (Domain
Name System) serv er software. Configuring a BIND serv er on your Linux box allows you
to manage your own DNS zone and resolv e domain names for dev ices on your
network. Here's a roadmap to guide you through the process:
Installation

Use your distribution's package manager to install the BIND

package. For example, on Ubuntu/Debian, use sudo apt
update followed by sudo apt install bind9.
Configuration Files

/etc/bind/named.conf: The main configuration file that

specifies options, includes other files, and defines zones.

Zone files (usually in /etc/bind/zones): These files define the

resource records for your domain name and subdomains
(e.g., yourdomain.com.zone, www.yourdomain.com.zone).
 Each zone file contains different types of DNS records
that map domain names to IP addresses and other
information. Here are some common record types:

A record: Maps a hostname (e.g., www) to an IP

address.

Zone File
Configuration: MX record: Specifies mail exchange servers for your
domain.

CNAME record: Creates an alias for another

hostname.
Restarting BIND:

After making configuration

changes, restart the BIND
service using sudo systemctl
restart named (or similar
command for your distro).
Verification

Use tools like dig or host to test

your DNS server's functionality
and confirm it can resolve
domain names correctly.
4.6. Configuring a Mail Transfer Agent
(MTA) with Postfix on Linux

Postfix is a popular and robust open-source

Mail Transfer Agent (MTA) used to handle
email routing on Linux systems. Configuring
Postfix allows you to establish your own email
server and manage incoming and outgoing
email for your domain. Here's a breakdown
to guide you through the process:
Installation

Use your distribution's package

manager to install the Postfix
package. For example, on
Ubuntu/Debian, use sudo apt
update followed by sudo apt install
postfix.
Basic Configuration

The main Postfix configuration file is /etc/postfix/main.cf. Here are some essential
settings to configure:

myhostname: Set this to your fully qualified domain name (FQDN).

mydomain: Specify your domain name for outgoing email addresses.

relayhost (Optional): If you're not setting up a full-fledged email server and want to
relay emails through an external provider, configure a relayhost here.

mynetworks: Define the IP address range of your trusted network from which emails
can be sent.
Restarting Postfix

After making configuration

changes, restart the Postfix
service using sudo systemctl
restart postfix (or similar
command for your distro).
Verification

Use tools like mail or telnet to test

basic email sending functionality.
You can also send a test email
from another account to your new
email address to verify reception.
4.7. Configuring a Proxy Caches (Squid)

Squid is a popular and efficient caching

proxy server software used to improve
network performance and reduce
internet bandwidth consumption. Here's
a roadmap to guide you through
configuring Squid on your Linux box:
Installation

Use your distribution's package

manager to install the Squid
package. For example, on
Ubuntu/Debian, use sudo apt
update followed by sudo apt install
squid.
Configuration File

The main Squid configuration file is typically located at /etc/squid/squid.conf. This file defines v arious
settings for Squid's operation, including:

http_port: Define the port on which Squid listens for incoming client connections (default: port 3128).

cache_dir: Specify the directory on disk where Squid will store cached web content.

acl: Define Access Control Lists (ACLs) to control which clients or networks can use the proxy serv er.

http_access: Specify access rules based on the defined ACLs to allow or deny proxy access.

cache_mem: Configure the amount of memory Squid can utilize for caching frequently accessed
data.
Restarting Squid:

After making configuration

changes, restart the Squid
service using sudo systemctl
restart squid (or similar
command for your distro).
Verification

Use a web browser configured to use

your Squid proxy server as the proxy
to access websites. Monitor Squid
logs (usually in /var/log/squid/) to
analyze caching activity and identify
any potential issues.
4.8. Network Services

DHCP Installation

sudo apt update

sudo apt install isc-dhcp-server

Configuration File

The main configuration file for ISC DHCP is typically located at /etc/dhcp/dhcpd.conf.
This file defines various settings for the DHCP server, including:

Subnet declarations: Define the range of IP addresses available for lease within a
specific subnet.

Pool options: Specify options like subnet mask, default gateway, DNS server addresses,
and lease times to be offered to clients in that pool.

Host declarations (optional): Assign static leases to specific devices based on their MAC
addresses.
Restarting and Verification:

sudo systemctl
restart isc-
dhcp-server
4.9. Network Time Services and
Sharing Desktops with VNC

Check the service managing time

synchronization:

systemctl status systemd-timesyncd # For

systemd-timesyncd
systemctl status chronyd # For
chronyd (replace if applicable)
Configuring NTP with systemd-timesyncd
(common on most distros):

The configuration file might not require manual editing

as systemd-timesyncd uses public NTP servers by
default. However, you can specify preferred NTP servers
if desired. The file is usually located at:

/etc/systemd/timesyncd.conf
Restarting the Service

sudo systemctl
restart systemd-
timesyncd
Sharing Desktops with VNC:

Installation:

sudo apt update

sudo apt install tightvncserver
Sharing Desktops with VNC:

Setting a VNC Password:

vncpasswd
Sharing Desktops with VNC:

Start the VNC Server (basic

example):

vncserver
 Install a VNC viewer on your local machine
(computer you want to control from). Many options
are available, including built-in viewers on some
desktops or standalone software like RealVNC or
TigerVNC Viewer.

Start the VNC viewer and specify the remote

machine's hostname or IP address followed by the
Connecting display number (e.g., your_server_ip:2 if using
display number 2).
with VNC
Viewer:
Enter the VNC password you set earlier.