Setting Up a Local Area Network with Red Hat

Overview

Creating a local network of your own involves just a few simple steps. You can set up a Red Hat system to server as the main server for your own local area network (LAN), providing services like e-mail, a Web site, or shared printers. You can even connect different types of systems such as those running Windows or the Mac OS. You can also configure you system to serve as a gateway to the Internet, through which all your other systems will connect. In fact, you could have one Internet connection on your gateway that each host on your network could use. A few security precautions allow your system to work as firewall, protecting your local hosts from outside attacks. You could also set up a very simple configuration to provide Web access only. This chapter will cover the basic procedures for setting up such a network.

Later chapters in this book will cover these topics in detail.

Your local area network consists of a collection of host systems connected to the main host running Red Hat Linux. This main host will be referred to as the gateway. The steps for setting up a local network involve the following:

• Setting up and configuring the Ethernet cards on each system. Your Red Hat gateway should have two Ethernet cards.

• Setting up a proxy server to provide direct Web access (DNS not required).

• Setting up your DNS server on the Red Hat gateway.

• Configuring your DNS server to allow all other local hosts to access the Internet.

• Setting up firewall protection.

• Enabling e-mail services.

• Setting up local host access to the Internet through DNS (proxy server not required).

• Sharing printers with Windows hosts.

• Setting up a local Web site.

Along with setting up your connections, you will have to run at least one service on the main gateway computer you set up for your network. You can start and stop a service with the service command, and have the service automatically started with the Text Mode Setup utility. For a simple network, you should have the DNS and Network services running. If you have Windows systems on your network and you want to share printers with them, you will need the Samba service. The Network, Squid, Sendmail, DNS, and Samba may have to be restarted as you configure them. You will have to know the names used for the DNS, Sendmail, Squid, and Samba server programs to restart them with the service tool. They are shown here. In addition, you will have to add a firewall rule to enable your local hosts to access the Internet through your firewall.

Service Name Service Program

Service Name Service Program

Domain Name Service (DNS) named

Samba smb

Network connections network

Firewall iptables Squid squid Sendmail sendmail You use the start, stop, and restart arguments to start, stop, and restart a service. To restart the DNS service you would use the following:

service named restart

To have a service start automatically, select the Text Mode Setup Tool from the Gnome System menu, then use the arrow keys to move down to the System Services entry and press ENTER. This will list the different service programs such as smb and named. To start the DNS service automatically, use the arrow keys to move to the named entry and press the SPACEBAR to select it (some services may already be selected). Use the TAB key to move to the OK button and press ENTER.

Physical Configuration

To set up the physical connections between different computers on your system, you will need to install an Ethernet device on each. Some computers, such as Mac systems, may have this device built-in. Many computers may already have an Ethernet card installed. Most Ethernet configurations use lightweight cables to connect computers, though there are some that are wireless. The computers on a network are referred to as hosts. To connect several hosts together on a network, you will need Ethernet cables for each and a hub that will connect them all together. To connect up a host, connect one end of the cable to its Ethernet card and the other to the hub. A hub will have several plugs, one for each host on your network. For a larger network, you can connect several hubs together.

In the configuration described here, the host running a Red Hat Linux system will be used as the main server and gateway for the local network. Here, you will install various servers like the DNS and Web servers. This host also will function to connect all the local hosts to the Internet (or a larger network). To do this effectively, this gateway/server host will need an Ethernet card and an Internet connection device such as a modem, DSL (digital subscriber line) modem, or another Ethernet card. The type of device you use depends on the type of service that your Internet service provider (ISP) gives you. Some provide only modem

connections in which you dial in to connect to the Internet (AOL connections do not work for a LAN). Those that provide DSL connections will use a special DSL modem to allow you connect to the Internet. Both connect to a phone outlet. Cable modems, however, work like Ethernet networks. You need a second Ethernet network card that you connect to the cable modem. This is also the case if you are connecting directly to a larger Ethernet network. The examples in this chapter use a second Ethernet connection.

Note Another kind of network configuration uses a coaxial cable (thin Ethernet cable) to which hosts connect directly instead of to a hub.

When you start up your Red Hat system, Red Hat will automatically detect your Internet connection device and install the appropriate module for it. For some older Ethernet cards, you may have to perform special configuration tasks, such as making entries in

/etc/modules.conf with certain parameters (see "Ethernet Parameters" in the Red Hat Reference Guide).

Web Access with Squid

If you want only to provide your hosts Internet Web access, you can do so by just running the Squid server on your gateway host. You will not have to set up and run a DNS server. Squid is a proxy server and can handle the Internet connection between a browser and Internet sites directly. You only have to configure the network connections for each host, providing their IP address. Squid is included with the basic installation.

Note Squid also provides extensive security options, making it advisable to control Web access through a proxy server like Squid.

Once it is installed on the gateway host, you then have to configure Squid to allow access by hosts on your network. Edit the /etc/squid/squid.conf file and place the following entries in the security section.

acl mylan src 192.168.0.0/255.255.255.0 http_access allow mylan

The squid.conf file is a very large file with default settings commented in detail. An easy way to make your entries is to search for the corresponding localhost entries and add your network ones below them. The acl entry for localhost will begin with "acl localhost". The one for access will begin with "http_access allow localhost". Squid configuration is discussed in detail in Chapter 27. You can also use Linuxconf or Webmin to configure Squid.

Once it is configured, you can run Squid with the service command.

service squid start

Use chkconfig to have it start automatically when you boot.

chkconfig --level 35 squid on

When configuring a Web browser, select the Proxy option and enter for the proxy server, the IP address of the gateway running Squid and port 3128. On Netscape select the Proxy entry under Advanced in the Options panel, and then view the manual proxy connections. For example, using the sample network described in this chapter, the Squid proxy server would be running on 192.168.0.1 and use port 3128. So the entry used in Web browsers would be the following for the different servers:

192.168.0.1

And then use 3128 for the port:

3128

Now any user on your network with a correctly configured browser can access the Web.

DNS Setup

Now that your local network is physically set up, your Red Hat gateway/server needs to run certain services to allow your hosts to communicate over the network. You first have to configure and run a Domain Name Service (DNS), which will allow all the hosts on your local network to identify each other using a hostname. This involves several steps:

1. Decide on the IP addresses to assign to each local host. Use 192.168.1 as the network address.

2. Decide on the domain name for your local network.

3. Decide on the hostname for each host on your network.

4. Each host has to be configured with its IP address and domain name address.

5. On the Red Hat gateway/server, configure a DNS server listing each host's IP address and hostname.

6. Start the DNS service.

All hosts on the Internet are identified by their IP addresses. When you send a message to a host on the Internet, you must provide its IP address. Using a sequence of four numbers of an IP address, however, can be difficult. They are hard to remember, and it's easy to make mistakes when typing them. To make identifying a computer on the Internet easier, the Domain Name Service (DNS) was implemented. The DNS establishes a fully qualified domain name address for each IP address. The fully qualified domain name consists of the name of the host and the network (domain) that it belongs to. Whenever you use that name, it is automatically converted to an IP address, which is then used to identify that Internet host.

The fully qualified domain name is far easier to use than its corresponding IP address. For example, the name www.linux.org has an IP address of 198.182.196.56. A DNS server will translate www.linux.org into its IP address, 198.182.196.56.

In Figure 7-1 the user at rabbit.mytrek.com wants to connect to the remote host

lizard.mytrek.com. rabbit.mytrek.com first sends a request to the network's DNS server-in this case, turtle.mytrek.com-to look up the name lizard.mytrek.com and find its IP address.

It then returns the IP address for lizard.mytrek.com, 192.168.0.3, to the requesting host, rabbit.mytrek.com. With the IP address, the user at rabbit.mytrek.com can then connect to lizard.mytrek.com.

Figure 7-1: DNS server operation

You can then set up domain name services for your network by running a DNS server on one of the machines. This machine becomes your network's DNS server. You can then give your machines fully qualified domain names and configure your DNS server to translate the names to their corresponding IP addresses. As shown in Figure 7-2, for example, you could give the machine 192.168.0.1 the name turtle.mytrek.com, and the machine 192.168.0.2 the name rabbit.mytrek.com. You can also implement Internet services on your network such as FTP, Web, and mail services by setting up servers for them on your machines. You can then configure your DNS server to let users access those services using fully qualified domain names. For example, for mytrek.com network, the Web server could be accessed using the name www.mytrek.com.

Figure 7-2: DNS server and network

Note Instead of a Domain Name Service, you could have the /etc/hosts files in each machine contain the entire list of IP addresses and domain names for all the machines in your network. But, for any changes, you would have to update each machine's /etc/hosts file.

IP Addresses

Most networks, including the Internet, use a set of network protocols called TCP/IP, which stands for Transmission Control Protocol/Internet Protocol. On a TCP/IP network such as the Internet, each computer is given a unique address called an IP address. The IP address is used to identify and locate a particular host-a computer connected to the network. It consists of a number, usually four sets of three numbers separated by periods. An example of an IP address is 192.168.0.1.

You will have to assign an IP address to each host on your network. The IP address consists of a number composed of four segments separated by periods. Depending on the type of network, several of the first segments are used for the network address and several of the last segments are used for the host address. For a small local network, the first three segments are the computer's network address and the last segment is the computer's host ID (as used in these examples). For example, in the address 192.168.0.2, 192.168.0 is the network address and 2 is the computer's host ID within that network. Together, they make up an IP address with which the computer can be addressed from anywhere on the Internet. IP addresses, though, are difficult to remember and easy to get wrong.

To set up a DNS server for a local area network (LAN) whose hosts are not directly connected to the Internet, you would use a special set of IP numbers reserved for such non-Internet networks (also known as private networks or intranets). This is especially true if you are implementing IP masquerading, where only a gateway machine has an Internet address, and the others make use of that one address to connect to the Internet. For a small network (254 hosts or less), these are numbers that have the special network number 192.168.0, as used in these examples. If you are setting up a LAN, such as a small business or home network, you are free to use these numbers for your local machines. For a local network, assign IP

addresses starting from 192.168.0.1. The host segment can range from 1 to 254, where 255 is used for the broadcast address. If you have three hosts on your home network, you can give them the addresses 192.168.0.1, 192.168.0.2, and 192.168.0.3.

The network address for such a network would be the first three segments of the IP address, 192.168.0. The network netmask would cover those first three segments, using the number 255.255.255.0. The network netmask is used to determine the host and network parts of an IP address. The broadcast address is used to allow an administrator to contact all hosts at once.

You would then use these three IP addresses when configuring a host.

Network IP address 192.168.0.0

Network netmask 255.255.255.0

Host IP addresses From 192.168.0.1 to 192.168.0.254

Broadcast address 192.168.0.255

In the sample network used in these examples, there are three hosts, each with its own IP addresses and hostnames listed here. The network address, netmask, and broadcast address are the same as those listed above:

192.168.0.1 192.168.0.2 192.168.0.3

Figure 7-3 shows the format of the sample network with their Ethernet connections and IP addresses, along with their hostnames.

Figure 7-3: Sample local network Ethernet connections, IP addresses, and hostnames

IP Addresses for the Gateway

Though it may look like a single IP address is assigned to an entire computer, it is important to realize that this is not actually the case. An IP address is really assigned to a network device such as an Ethernet card or DSL modem. Ordinary computers on a network will have only one network device, giving them only one IP address. However, a gateway computer will normally have at least two network devices, each with its own IP address. The device used for the local network will have the IP address you decided to give it. The device used for the Internet connection will have an IP address assigned to it by your ISP. For example, in the sample network used in these examples, the computer used as the gateway will have two Ethernet cards, one for the local network and one for the Internet. Each will have its own IP address. The Ethernet card used for the local network will have the address 192.168.0.1, and the one used for the Internet connection will have the address 10.0.0.1 assigned by the ISP (a fabricated address used for this example):

10.0.0.1

Along with its IP address, each device will have its own hostname, as described in the next section. The Ethernet card for the local network will have the hostname you decided to give it, and the Ethernet card connected to the Internet will have a hostname assigned to it by your ISP. The hostnames used in these examples are turtle.mytrek.com for the local Ethernet card and myhost.my-internet-isp.com.

The Internet connection device on the gateway will either use a static or dynamic IP address.

A static IP address, such as those used for cable and DSL modems, will remain the same. This is the IP address you would assign to your Internet network device. The sample network described here uses a static address, 10.0.0.1. If your Internet connection device is a modem (in some cases, also DSL), your IP address is dynamic. Your ISP assigns you a different one each time you connect from a pool it keeps on hand. Since your Internet IP address keeps changing, you do not know what it will be any given time you connect. For this situation, when you have to reference the Internet IP address in your configurations, you reference the Internet network device instead.

Domain Name

Next you will have to decide on a domain name for your local network. The domain name is the name used to identify your network. It will be translated into the network part of the IP address, the first three segments. The domain name can be any name you want to give it. The extension is used to denote the type of domain:

domain-name.extension

The following is the domain name for a local network called mytrek:

mytrek.com

Hostnames will be attached to the front of the domain name to provide a complete domain name address for a particular host computer. This is referred to as the Fully Qualified Domain Name (FQDN), but actually references a particular host.

Hostnames

For the hosts on your local network, you need to create your own hostnames. The hostname itself can be any name you choose. The term "hostname" is also used to refer to the fully qualified domain name, also referred to as the full hostname. This consists of the hostname attached to the domain name. On a large network such as the Internet, the host is referenced with its fully qualified domain name. The full hostname consists of the hostname, the name you gave to your computer; a domain name, the name that identifies your network; and an extension that identifies the type of network you are on. Here is the syntax for the fully qualified domain name:

host-name.domain-name.extension

In the following example, the fully qualified domain name references a computer called turtle on a network referred to as mytrek. It is part of a commercial venture, as indicated by the extension com:

turtle.mytrek.com

turtle.mytrek.com