Reele

JICA (Japan International Cooperation Agency) Voluntar Yasuyuki Shimura 02.06.2006

Cursul de S.O. Linux

Relaiile dintre lecii
Introducere Baz

astzi
Exerciiu avansat

Linux

Prezentare Linux

Folosirea de comenzi

Management sistem Management operaie

Reea

Concept reea (TCP/IP)

Securitate

Management Reea

Construcie de reea

Server

de stabilit

Cuprins i Scopurile leciei de astzi

Cuprins
1. Recapitulare (Conceptul TCP/IP, Aparat de reea, Securitate) 2. Comenzile pentru reea 3. Design de reea

Scopurile leciei de astzi [Practic] 1. Comenzile pentru reea. 2. Design de reea.

Recapiturale de conceptul TCP/IP

TCP/IP stiv de protocoale Protocol
OSI model Aplicaie Prezentare Sesiune Transport Reea Regtur de date Fizic Transport Reea Interfa de reea Ethernet ARP RARP TCP IP ATM PPP ICMP Etc

Set de proceduri pentru a permite calculatoarelor s se conecteze ntre ele i s fac schimb de informaii
strat de TCP/IP stack Aplicaie Exemplu de TCP/IP protocol stack HTTP/H SMTP TTPS POP3 FTP SNMP etc.

Recapiturale de conceptul TCP/IP

Ce este protocol de IP?

Se divizeaz datele transmise n date mai mici care se numesc pachete Se adaug adrese pachetelor (Adresa de IP(IP Address)) Se pot comunica pachetele ntre reele fizice diferite(Direcionare(Routare))
Pentru a comunica ntre calculatoare, adresa este organizat de
1. IP Address 2. Subnet mask(masc subreelei) 3. Default Gateway(poart prestabilit)

IP Address este adresa alocat pe plac de reea(nu pe calculator) Subnet mask definete reeaua careia calculatoarele i aparin Default Gateway este adresa de destinaie careia mai nti pachetele i sunt trimise, cnd adresa de destinaie final nu aparine reelei careia i aparine adresa de expediie

Recapiturale de conceptul TCP/IP i aparate pt. retea

Ce este protocol de TCP?(Despre funciile de protocol de TCP)
1. Prin protocol, datele sunt transferate cu siguran. 2. Date transferate ajunge cu ordine.

Cum funcioneaz protocolul TCP?

n protocolul de TCP, se comunic prin port-uri. port specific servicii(programare sau daemon)
Trebuie s pregteasc aparat pentru reea. Aparate principale sunt precum urmeaz. (pentru intranet)
1. Hub i Switching Hub 2. Router(pentru a accede internet) 3. cable

Recapiturale de securitate
Remediu mpotriva amenintrilor interceptare electric (electric interception) falsificare (falsification) joac (impersonation) sustragere virus folosire abuziv

Criptarea datelor(folosind SSH(Secure Shell)i SSL Face backup regulat. Seteaz alte drepturi asupra fiierelor i directoarelor fa de cele corecte. Utilizator gestioneaz ID i Password serios. Instaleaz soft antivirus care scaneaz la accesarea acestora Face controlul accesului folosind id, password, numele calculatorului i adresa de IP.(tcpwrapper etc.) Nu lansa programe inutile. Face actualizarea securitii(security update) reglate Face filtrarea pachetelor(pachet filtering) tot timpul. (ipfilter)
7

Comenzi pentru reea

Pentru a gestiona reeaua, se folosesc comenzi precum urmeaz.
1. 2. 3. 4. ifconfig/ipconfig ping traceroute(tracert) dig/nslookup

Cum se seteaz plac de reea?

ifconfig

A configura parametru de plac de reea

Confirmarea setrilor ifconfig -a Setarea pe plac de reea ifconfig [numele device] [adresa de IP] netmask [subnet mask] Pornirea i oprirea placii de reea ifconfig [numele device] up ifconfig [numele device] down
*ifconfig are multe opiuni, referii man
8

Comenzi pentru reea

Ce este ping? ping [adresa de IP sau numele calculatorului]

Aceasta comand confirm existena conexiunii ntre calculatoare

Ce este traceroute?(n windows, se folosete tracert)

traceroute [adresa de IP sau numele calculatorului] Aceasta comand confirm fluxul de pachete(adic routare)
Ce este nslookup/dig?

nslookup [adresa de IP sau numele calculatorului] dig [adresa de IP sau numele calculatorului] Aceasta comand confirm dac se poate cuta adresa de IP plecnd de la nume sau numele plecnd de la adresa de IP

Design de reea
ntrebare 1 Desenai linii care reprezint cablu pentru ca orice calculator s conecteze la internet
hub router DNS/Mail Server Reea exterioar

calculator

Legend plac de reea cablu legaturi directe calculator calculator cablu legaturi inversate
10

Design de reea
Rspuns 1
hub DNS/Mail Server Reea exterioar router

calculator

Legend plac de reea cablu legaturi directe calculator calculator cablu legaturi inversate
11

Design de reea
ntrebare 2: Scriei adresa de IP, Subnet mask, Default gateway, DNS. Dar eu pre-definesc placa de reea din reeaua
exterioar n avans. Iar despre default gateway, specificai serverul DNS din reea interioar. Reea interioar 192.168.2.0/24 100Mbps DNS/Mail Server hub IP Sub DG DNS IP Sub DG 1.2.3.1 DNS IP 1.2.3.4 Sub 255.255.255.0 DG 1.2.3.1 DNS 1.2.3.2 Reea exterioar 1.2.3.0/24 10Mbps IP Sub DG DNS IP Sub DG DNS router

IP Sub DG DNS calculator

Legend plac de reea cablu legaturi directe cablu legaturi inversate

calculator

calculator

12

Design de reea
Rspuns 2(Exemplu).

Reea interioar 192.168.2.0/24 100Mbps DNS/Mail Server hub IP 192.168.2.20 Sub 255.255.255.0 DG 192.168.2.10 DNS 192.168.2.20

router

IP 192.168.2.101 Sub 255.255.255.0 DG 192.168.2.10 DNS 192.168.2.20 calculator

IP 192.168.2.10 Sub 255.255.255.0 DG 1.2.3.1 DNS 192.168.2.20

IP 1.2.3.4 Sub 255.255.255.0 DG 1.2.3.1 DNS 1.2.3.2 Reea exterioar 1.2.3.0/24 10Mbps

IP 192.168.2.102 Sub 255.255.255.0 DG 192.168.2.10 DNS 192.168.2.20

IP 192.168.2.103 Sub 255.255.255.0 DG 192.168.2.10 DNS 192.168.2.20

Legend plac de reea cablu legaturi directe cablu legaturi inversate

calculator

calculator

13

Design de reea
ntrebare 3: Dispunei softuri precum urmeaz pentru securitate: Firewall, Antivirus, SSL, tcpwrapper
Reea interioar 192.168.2.0/24 100Mbps DNS/Mail Server hub IP 192.168.2.20 Sub 255.255.255.0 DG 192.168.2.10 DNS 192.168.2.20 IP 192.168.2.10 Sub 255.255.255.0 DG 1.2.3.1 DNS 192.168.2.20 IP 1.2.3.4 Sub 255.255.255.0 DG 1.2.3.1 DNS 1.2.3.2 Reea exterioar 1.2.3.0/24 10Mbps IP 192.168.2.102 Sub 255.255.255.0 DG 192.168.2.10 DNS 192.168.2.20 IP 192.168.2.103 Sub 255.255.255.0 DG 192.168.2.10 DNS 192.168.2.20 router

IP 192.168.2.101 Sub 255.255.255.0 DG 192.168.2.10 DNS 192.168.2.20 calculator

Legend plac de reea cablu legaturi directe cablu legaturi inversate

calculator

calculator

14

Design de reea
Rspuns 3:

Reea interioar 192.168.2.0/24 100Mbps DNS/Mail Server hub IP 192.168.2.20 Sub 255.255.255.0 DG 192.168.2.10 DNS 192.168.2.20

router

firewall Anti-virus

IP 192.168.2.101 Sub 255.255.255.0 DG 192.168.2.10 DNS 192.168.2.20

IP 192.168.2.10 Sub 255.255.255.0 DG 1.2.3.1 DNS 192.168.2.20 tcpwrapper firewall(ipfilter ) Anti-virus

IP 1.2.3.4 Sub 255.255.255.0 DG 1.2.3.1 DNS 1.2.3.2 Reea exterioar 1.2.3.0/24 10Mbps

calculator

tcpwrapper firewall(ipfilter ) Anti-virus SSL firewall IP 192.168.2.102 Sub 255.255.255.0 Anti-virus DG 192.168.2.10 DNS 192.168.2.20 IP 192.168.2.103 Sub 255.255.255.0 DG 192.168.2.10 DNS 192.168.2.20

firewall Anti-virus

Legend plac de reea cablu legaturi directe cablu legaturi inversate

calculator

calculator

15

ipconfig

Confirmarea setrilor
root@0[knoppix]# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:0D:60:F0:33:EC inet addr:172.16.0.165 Bcast:172.16.0.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:153 errors:0 dropped:0 overruns:0 frame:0 TX packets:3 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:18580 (18.1 KiB) TX bytes:1026 (1.0 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:600 (600.0 b) TX bytes:600 (600.0 b)

Setarea pentru placa de reea

root@0[knoppix]# ifconfig eth0 172.16.0.165 netmask 255.255.0.0

Pornirea i oprirea plcii de reea

root@0[knoppix]# ifconfig eth0 down root@0[knoppix]# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:0D:60:F0:33:EC inet addr:172.16.0.165 Bcast:172.16.0.255 Mask:255.255.0.0 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:289 errors:0 dropped:0 overruns:0 frame:0 TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:33586 (32.7 KiB) TX bytes:1362 (1.3 KiB) Nu exista ir de caracter UP lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:600 (600.0 b) TX bytes:600 (600.0 b)

root@0[knoppix]# ifconfig eth0 up root@0[knoppix]# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:0D:60:F0:33:EC inet addr:172.16.0.165 Bcast:172.16.0.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:289 errors:0 dropped:0 overruns:0 frame:0 TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:33586 (32.7 KiB) TX bytes:1362 (1.3 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:600 (600.0 b) TX bytes:600 (600.0 b)

ping

Confirmarea legaturii la reea

root@0[knoppix]# ping 172.16.0.135 PING 172.16.0.135 (172.16.0.135): 56 data bytes 64 bytes from 172.16.0.135: icmp_seq=0 ttl=255 time=1.5 ms 64 bytes from 172.16.0.135: icmp_seq=1 ttl=255 time=0.1 ms 64 bytes from 172.16.0.135: icmp_seq=2 ttl=255 time=0.5 ms --- 172.16.0.135 ping statistics --3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.1/0.7/1.5 ms root@0[knoppix]# ping www.yahoo.com PING www.yahoo.akadns.net (216.109.118.74): 56 data bytes 64 bytes from 216.109.118.74: icmp_seq=0 ttl=56 time=126.1 ms 64 bytes from 216.109.118.74: icmp_seq=1 ttl=56 time=125.4 ms 64 bytes from 216.109.118.74: icmp_seq=2 ttl=56 time=185.3 ms --- www.yahoo.akadns.net ping statistics --3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 125.4/145.6/185.3 ms root@0[knoppix]# ifconfig eth0 down root@0[knoppix]# ping www.yahoo.com ping: unknown host www.yahoo.com root@0[knoppix]# ping 216.109.118.74 PING 216.109.118.74 (216.109.118.74): 56 data bytes ping: sendto: Network is unreachable ping: wrote 216.109.118.74 64 chars, ret=-1 --- 216.109.118.74 ping statistics --4 packets transmitted, 0 packets received,

100% packet loss

traceroute

Confirmarea routri

root@0[knoppix]# traceroute www.yahoo.com traceroute: Warning: www.yahoo.com has multiple addresses; using 216.109.118.67 traceroute to www.yahoo.akadns.net (216.109.118.67), 30 hops max, 38 byte packets 1 172.16.0.135 (172.16.0.135) 0.165 ms 0.188 ms 0.121 ms 2 r-thor-cr0-fe2-vl700-0.botosani.rdsnet.ro (80.96.86.65) 1.019 ms 0.894 ms 0.829 ms 3 r-botosani-bb1-e0-0.botosani.rdsnet.ro (81.196.145.253) 1.886 ms 1.316 ms 1.788 ms 4 br01.frankfurt.rdsnet.ro (193.231.252.33) 36.241 ms 35.706 ms 35.044 ms 5 br01.frankfurt.rdsnet.ro (193.231.252.33) 35.995 ms 35.363 ms 34.866 ms 6 ge-5-1-0.100.ar2.FRA3.gblx.net (64.210.28.93) 124.931 ms 69.703 ms 70.292 ms 7 so2-1-0-2488M.ar1.DCA3.gblx.net (67.17.67.57) 143.549 ms 125.619 ms 124.714 ms 8 yahoo-2.ar1.DCA3.gblx.net (208.51.74.182) 125.194 ms yahoo-1.ar1.DCA3.gblx.net (208.50.13.210) 125.674 ms yahoo-2.ar1.DCA3.gblx.net (208.51.74.182) 150.928 ms 9 ge-1-0-0-p110.msr2.dcn.yahoo.com (216.115.108.45) 123.257 ms ge-0-0-0-p100.msr1.dcn.yahoo.com (216.115.108.1) 123.065 ms ge-1-0-0-p111.msr2.dcn.yahoo.com (216.115.108.47) 123.166 ms 10 ge3-1.bas1-m.dcn.yahoo.com (216.109.120.149) 128.270 ms ge7-2.bas2-m.dcn.yahoo.com (216.109.120.197) 123.251 ms ge3-1.bas2-m.dcn.yahoo.com (216.109.120.146) 125.701 ms 11 p4.www.dcn.yahoo.com (216.109.118.67) 146.936 ms 137.989 ms 123.683 ms

nslookup i dig

confirmarea funciei de DNS(Domain name server)

root@0[knoppix]# nslookup www.yahoo.com Server: 194.105.8.1 Address: 194.105.8.1#53 Non-authoritative answer: www.yahoo.com canonical name = www.yahoo.akadns.net. Name: www.yahoo.akadns.net Address: 216.109.118.74 Name: www.yahoo.akadns.net Address: 216.109.118.79 Name: www.yahoo.akadns.net Address: 216.109.117.205 Name: www.yahoo.akadns.net Address: 216.109.117.106 Name: www.yahoo.akadns.net Address: 216.109.118.69 Name: www.yahoo.akadns.net Address: 216.109.118.75 Name: www.yahoo.akadns.net Address: 216.109.117.110 Name: www.yahoo.akadns.net Address: 216.109.118.71 root@0[knoppix]# nslookup 216.109.118.74 Server: 194.105.8.1 Address: 194.105.8.1#53 74.118.109.216.in-addr.arpa name = p11.www.dcn.yahoo.com.

root@0[knoppix]# dig www.yahoo.com ; <<>> DiG 9.3.1 <<>> www.yahoo.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10277 ;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 9, ADDITIONAL: 9 ;; QUESTION SECTION: ;www.yahoo.com. ;; ANSWER SECTION: www.yahoo.com. www.yahoo.akadns.net. www.yahoo.akadns.net. www.yahoo.akadns.net. www.yahoo.akadns.net. www.yahoo.akadns.net. www.yahoo.akadns.net. www.yahoo.akadns.net. www.yahoo.akadns.net. ;; AUTHORITY SECTION: akadns.net. akadns.net. akadns.net. akadns.net. akadns.net. akadns.net. akadns.net. akadns.net. akadns.net. ;; ADDITIONAL SECTION: asia4.akadns.net. asia9.akadns.net. eur4.akadns.net. eur8.akadns.net. usw5.akadns.net. za.akadns.org. zb.akadns.org. zc.akadns.org. zd.akadns.org. ;; Query time: 5 msec 260 20 20 20 20 20 20 20 20 161811 161811 161811 161811 161811 161811 161811 161811 161811 8213 161811 161811 8213 161811 3421 3421 3421 3421 IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN A CNAME A A A A A A A A NS NS NS NS NS NS NS NS NS A A A A A A A A A www.yahoo.akadns.net. 216.109.117.110 216.109.118.71 216.109.118.74 216.109.118.79 216.109.117.205 216.109.117.106 216.109.118.69 216.109.118.75 asia4.akadns.net. asia9.akadns.net. eur4.akadns.net. eur8.akadns.net. usw5.akadns.net. za.akadns.org. zb.akadns.org. zc.akadns.org. zd.akadns.org. 61.213.147.96 220.73.220.4 195.219.3.169 62.4.69.96 63.241.73.200 81.52.250.134 206.132.100.105 69.45.78.3 65.203.234.28

;; SERVER: 194.105.8.1#53(194.105.8.1) ;; WHEN: Wed May 31 14:54:34 2006 ;; MSG SIZE rcvd: 512

root@0[knoppix]# dig 216.109.118.74 ; <<>> DiG 9.3.1 <<>> 216.109.118.74 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59908 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;216.109.118.74. IN A

;; AUTHORITY SECTION: . 10800 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2006053001 1800 900 604800 86400 ;; ;; ;; ;; Query time: 138 msec SERVER: 194.105.8.1#53(194.105.8.1) WHEN: Wed May 31 14:55:26 2006 MSG SIZE rcvd: 107