Configure Linux as a Router on Red Hat Enterprise Linux 5

Configure Linux as a Router on RHEL5

In this tutorial you will show that how to configure Linux Machine as a Router. Routers are the devices those are used to connect two or more different networks. Routers are very costly devices. Linux could be a cost effective solution of routing in a small company.

In this practical I am using three computers. One System will be use for routing and two others will remain in two different networks. First we will configure the system which is going to play the role of router.

Pre-requisites for both Router and Other Machines:

• A Linux Machine named Linuxrouter with two different LAN card
• Two different IP address of Router Machine on two LAN Card one is 210.207.201.100 another is 192.168.161.10
• Enable IP forwarding.
• Configure both of the NIC card on Router machine.
• Two Client machine, both could be Linux or one could be Linux and another could be Windows machine
• Client Machine one IP address is 210.207.201.1 and another machine IP address is 192.168.161.1

Necessary configuration for Router Machine

IP Configuration: Change the IP address of both LAN card

[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

#Broadcom Corporation Net link BCM57875 Gigabyte Ethernet PCI Express

DEVICE=eth0

BOOTPROTO=static

HWADDR=00:0C:29: EB: B2: CA

ONBOOT=yes

TYPE=Ethernet

PEERDNS=no

USERCTL=no

IPV6INIT=no

IPADDR=210.207.201.100

NETMASK=255.255.255.0

NETWORK=210.207.201.0

BROADCAST=210.207.201.255

[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1

#Broadcom Corporation Net link BCM57875 Gigabyte Ethernet PCI Express

DEVICE=eth0

BOOTPROTO=static

HWADDR=00:0C:29: EB: B2: CA

ONBOOT=yes

TYPE=Ethernet

PEERDNS=no

USERCTL=no

IPV6INIT=no

IPADDR=192.168.161.100

NETMASK=255.255.255.0

NETWORK=210.207.201.0

BROADCAST=210.207.201.255

Changing Host name: Change the host name of your Router machine as Linuxrouter.

[root@localhost ~]# vi /etc/sysconfig/network

NETWORKING=yes

NETWORKING_IPV6=no

HOSTNAME=Linuxrouter

Restart or Reload the NIC card: After changing the NIC card and hosting name you have to restart the network of router machine by following this command.

[root@localhost ~]# service iptables stop

[root@localhost ~]# chkconfig iptables off

[root@localhost ~]# service network restart

Enable IP Forwarding: Enable the IP forwarding by editng /etc/sysctl.conf file. So open the File using vi editor.

[root@Linuxrouter ~]# vi /etc/sysctl.conf

                                         Locate the               net.ipv4. ip_forward =0

Replace the Value ‘0’ to 1. This will enable the IP forwarding with permanently. But this requires a system reboot.

Restart Machine: After editing the sysctl.conf file restart your machine by following command.

[root@Linuxrouter ~]# init 6

Necessary configuration for Client Machine

On windows machine:  Right click on Network Place → Right click Local area connection → Select Internet Protocol (TCP/IP) → Click Properties → Select Use the following IP address then put the following IP configuration.

 

On Linux machine:  Change the IP address of both LAN card

[root@ns1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

#Broadcom Corporation Net link BCM57875 Gigabyte Ethernet PCI Express

DEVICE=eth0

BOOTPROTO=static

HWADDR=00:0C:29: EB: B2: CA

ONBOOT=yes

TYPE=Ethernet

PEERDNS=no

USERCTL=no

IPV6INIT=no

IPADDR=210.207.201.1

NETMASK=255.255.255.0

Gateway=210.207.201.100

NETWORK=210.207.201.0

BROADCAST=210.207.201.255

GATEWAY=210.207.201.100

Restart or Reload the NIC card: After changing the NIC card restart the network card by following this command.

[root@ns1 ~]# service iptables stop

[root@ns1 ~]# chkconfig iptables off

[root@ns1 ~]# service network restart

Testing the connection from both Linux and windows machine

On windows machine: Type the Following IP address on your command prompt like below, if you get this message then your router is working properly.

On Linux Machine: Open your terminal window by Right clicking on Desktop and then select Terminal.

Now the the Router is properly working.

Read More

History of Linux

In 1969 (Linus Torvalds was born), Ken Thompson & Dennis Ritchie (both were worked at AT&T's Bell Laboratories in the United States) wrote a small, general purpose operating system called UNIX. This operating system was written mostly in assembly language. In 1973, Thompson & Ritchie rewrote the operating system in C breaking way from the tradition of writing operating systems in assembly language. Around 1974, UNIX was licensed to universities for educational purpose, and a few years later it was made commercially available.

Many vendors such as Sun, IBM, HP and others purchased the source code of UNIX and develop their own version of UNIX. Most of these versions were proprietary and maintained by their respective hardware vendor. Developer waits for a long time for bug fixes to get released because the source code of these versions was not freely available.

In 1984, Richard Stallman’s began the GNU Project to create a free version of the UNIX operating system. The free software foundation successfully built a large number of tools that could be freely used, read, modified and distributed. Around 1990, it had developed a number of tools but was having trouble creating a kernel.

In 1987, Andrew Tanenbaum, at the Vrije Universities in Amsterdam, The Netherlands wrote a new and much smaller operating system—MINIX—which stands for Mini-UNIX. and was the first UNIX clone with all the source code available. He was designed the MINIX for educational purpose in computer science.

In 1991 while Linus Torvalds student in University of Helsinki, he curious about the workings of operating system kernels and frustrated by the licensing of MINIX (available for Intel-based PCs) limiting it to educational use only (which prevented any commercial use). He began to work on his own kernel which eventually became the Linux kernel. In august he released first version 0.01 of Linux Kernel, after one month later released another version 0.02 of Linux Kernel and then he worked steadily until 1994 when version 1.0 of the Linux Kernel was released.

The Linux operating system has been designed and built by hundreds of programmers around the world. The goal has been to create a UNIX clone, free of any commercially copyrighted software, which the entire world can use.

In 1996 Torvalds announced that there would be a mascot for Linux, a penguin called Tux.

Read More

Configure FTP Server on Red Hat Enterprise Linux 5

FTP Server Configuration on RHEL5

The File Transfer Protocol (FTP) is one of the most common means of copying files between servers over the Internet. Most Web-based download sites use the built-in FTP capabilities of Web browsers, and, therefore, most server oriented operating systems usually include an FTP server application as part of the software suite. Linux is one of them.

Step-1:  Check FTP server package is installed or not

[root@ftp ~]# rpm -qa | grep –i vsftpd*  or

[root@ftp ~]#  rpm –qa vsftpd*

            If not installed, then installed the packages using Yum command:

[root@ftp ~]# Yum Install vsftpd*

Step-2: Check and Configure the Network Card:

[root@ftp ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

(Modified File):

#Broadcom Corporation Net link BCM57875 Gigabyte Ethernet PCI Express

DEVICE=eth0

BOOTPROTO=static

HWADDR=00:0C:29: EB: B2: CA

ONBOOT=yes

TYPE=Ethernet

PEERDNS=no

USERCTL=no

IPV6INIT=no

IPADDR=210.207.201.7

NETMASK=255.255.255.0

NETWORK=210.207.201.0

BROADCAST=210.207.201.255

Step-3: Change the host name by following this command:

[root@ftp ~]# vi /etc/sysconfig/network

(Modified File):

NETWORKING=yes

NETWORKING_IPV6=no

HOSTNAME=ftp

Step-4: Now Edit the hosts file for locally host name resolution by following this command:

[root@ftp ~]# vi /etc/hosts

(Modified File):

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1       localhost.localdomain localhost

210.207.201.7   ftp.alphabd.net      ftp

Step-5:  Edit the resolv.conf file by following this command

[root@ftp ~]# vi /etc/resolv.conf

search alphabd.net

nameserver 210.207.201.1

nameserver 210.207.201.2

After changing the above configuration you have to reload/restart the NIC(eth0) card by following command:

[root@ftp ~]# ifdown eth0

[root@ftp ~]# ifup eth0

[root@ftp ~]# service network restart

Change In Primary DNS Server:

Step-6:  Edit Forward Lookup zone file for ftp server record

[root@ns1 ~]# cd /var/named/chroot/var/named/

[root@ns1 named]# vi alphabd.fz

Modified File:  alphabd.fz

$TTL 86400

@          IN SOA     ns1.alphabd.net.       root.alphabd.net. (

                           2011022501 ; serial (d. adams)

                           3H         ; refresh

                           15M        ; retry

                           1W         ; expiry

                           1D )       ; minimum

           IN NS     ns1.alphabd.net.

     `    IN NS      ns2.alphabd.net.

ns1        IN A       210.207.201.1

ns2        IN A       210.207.201.2

ftp        IN A       210.207.201.7

Note:  Remember must change the zone file serial number (Forward lookup).

Step-7:  Edit Reverse Lookup zone file for ftp server record

[root@ns1 named]# vi alphabd.rz

Modified File:  alphabd.rz

$TTL 86400

@          IN SOA     ns1.alphabd.net.       root.alphabd.net. (

                           2011022501 ; serial (d. adams)

                           3H         ; refresh

                           15M        ; retry

                           1W         ; expiry

                           1D )       ; minimum

           IN NS          ns1.alphabd.net.

           IN NS           ns2.alphabd.net.

1        IN PTR          ns1.alphabd.net.

2          IN PTR          ns2.alphabd.net.

7          IN PTR          ftp.alphabd.net.

Testing FTP server :

To connect with FTP server from any client machine follow the steps:

First time when you try to connect with ftp server the connection will refuse by the server because the vsftpd services is by default stopped, so restart all the services,

Step-1:  Test the ftp connection

[root@client ~]# ftp 210.207.201.7

ftp: connect: Connection refused

ftp>

Now quit from ftp connecting shell by using “bye” command & restart all the required services

Step-2: Testing the status of vsftpd:

You can test the vsftpd process is running or not by using “netstat –a” command:

[root@ftp ~]# netstat –a | grep ftp

Or you can also use the following command to test that ftp is running or not. If not running then restart all the services.

[root@ftp ~]# service vsftpd status

[root@ftp ~]# service iptables stop

[root@ftp ~]# service network restart

[root@ftp ~]# chkconfig vsftpd on

[root@ftp ~]# service vsftpd restart

Now try to connect with ftp server by following this command & you will get the result below that will ensure you’re connected with ftp server, but if you want to connect with ftp properly put the ftp username & password.

[root@client ~]# ftp 210.207.201.7

Connected to 210.207.201.7.

220 (vsFTPd 2.0.5)

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (210.207.201.7:root):

Step-3: Create ftp account with Shared directory

            Create group ftp-users as a group of ftp user account and share a directory named Resources in to /home/ as a share directory for the remote users.

[root@ftp ~]# groupadd ftp-users

[root@ftp ~]# mkdir /home/Resources 

Make the directory accessible to the ftp-users group.

[root@ftp ~]# chmod 750 /home/Resources  

[root@ftp ~]# chown root:ftp-users /home/Resources

Now add some users into ftp-users groups and make their default directory /home/Resources

[root@ftp ~]# useradd -g ftp-users -d /home/Resources user1

[root@ftp ~]# useradd -g ftp-users -d /home/Resources user2

[root@ftp ~]# passwd user1

[root@ftp ~]# passwd user2

Copy files to be downloaded by your users into the /home/Resources directory

Change the permissions of the files in the /home/Resources directory for read only access by the group

[root@ftp ~]# chown root:ftp-users /home/Resources/*

[root@ftp ~]# chmod 740 /home/Resources/*

Step-4: Now restart all the required services

[root@ftp ~]# service iptables stop

[root@ftp ~]# service network restart

[root@ftp ~]# service vsftpd restart

Step-5: Now go to any Linux client machine & type the following command

[root@client ~]# ftp 210.207.201.7

Connected to 210.207.201.2.

220 (vsFTPd 2.0.5)

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (210.207.201.2:root): user1

331 Please specify the password.

Password:type the user1 password

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp>

If you can successfully connect with ftp server with user name & password, then your Server is running properly. After a success full login you can disconnect from ftp server by using “bye” command:

ftp>bye

Step-6: Connecting ftp server with FileZilla

            FileZilla is a fast, reliable, and secure FTP/SFTP client that allows you to transfer files between Web sites and PCs running Windows.

After Installing FileZilla you will find it, Start → Program → FileZilla FTP Client → FileZilla. Open FileZilla, & the window will look like below.

To connect with ftp server put the Host name, Username with password then click Quickconnect button, after a successful login you will see the window as like below,

Look at the window below here you will find two section of file directory one is Remote Site which is the ftp server shared directory & another is Local Site which is your Local machine directory. Now drag & drop a file from Remote site to Local site.

Note: Download the latest FileZilla Software from http://filezilla.en.softonic.com/download

Step-7: Connecting ftp Server with Anonymous User

            Enable upload & Download access Permission for anonymous user:

Download

/var/ftp/pub is the ftp path for anonymous user to upload and download. If you want to provide download facilities for anonymous user, you have to keep default value (YES) for anonymous_enable (line no 12)

In this situation I m describing how to keep RHEL5 dvd file in /var/ftp/pub directory that your all clients can download & install packages via ftp server using yum.

Step-1: Copy the entire file from DVD source & keep it to /home/rhel5 directory

Step-2: Create a repository file for the DVD source in to the same directory

Step-3: Now create an ISO file for this DVD source named RHEL_5.4.iso in to /opt directory

Step-4: Now mount the ISO file in to /var/ftp/pub directory

Step-5: Now finally tell to your clients use this directory by configuring yum in every clients machine

Step-6: To download packages via ftp by using yum, you have to tell ftp full link in yum.conf file

Note: For more information see Yum configuration (also FTP section)

Upload

Generally, the anonymous user has no permission to upload file in ftp server. To provide  upload in ftp server follow the steps:

Step-1: First create a directory in to /var/ftp/pub named “upload” & provide required permission for this directory

[root@ftp ~]# mkdir /var/pub/upload

[root@ftp ~]# cd /var/pub/

[root@ftp pub]#chown root:ftp  upload

[root@ftp pub]# chmod 777 upload

Step-2: Now restart all the required services

[root@ftp ~]# service iptables stop

[root@ftp ~]# service network restart

[root@ftp ~]# service vsftpd restart

[root@ftp ~]# chkconfig vsftpd on

Step-3: From windows machine Open Internet explorer and then type ftp://ftp.alphabd.net, then you will see the pub directory as like below

Vsftpd.conf files Parameter:

Step-8:  Now edit the vsftpd.conf file

To activate or deactivate a feature, remove or add the # at the beginning of the appropriate line.

[root@ftp ~]# vi /etc/vsftpd/vsftpd.conf

Directives	Line Number	Orginal File Text	Modified File Text
anonymous_enable	12	YES	NO/YES
anon_upload_enable	27	YES	YES
anon_mkdir_write_enable	31	YES	YES
dirmessage_enable	35	YES	YES
xferlog_enable	39	YES	YES
chown_uploads	47	YES	YES
chown_username	48	Whoever	deamon
ascii_upload_enable	81	YES	YES
ascii_download_enable	82	YES	YES
deny_email_enable	89	YES	YES
banned_email_file	91	/etc/vsftpd/banned_emails	/etc/vsftpd/banned_emails
pam_service_name	116	vsftpd	vsftpd
userlist_enable	117	YES	YES/NO
anon_other_write_enable	New Line	NO	YES/NO

Note: Remove the “#” from line number 27, 31, 39, 47, 48, 81, 82 but do not remove “#” symbol from line number 89 & 91.

Some useful ftp command:

Command	Description
ascii	Set ascii transfer type
bell	Beep when command completed
binary	Set binary transfer type
bye	Terminate ftp session and exit
cd	Change remote working directory
cdup	Change remote working directory to parent directory
chmod	Change file permission of remote file
dir	List content of remote directory
delete	Delete remote file
get	Recive file from remote server
image	Set binary transfer type
lcd	Change local working directory
ls  -a	List content of remote directory
mdelete	Delete multiple file
mdir	Make directory on the remote machine
mget	Get multiple file
mkdir	Make directory on the remote machine
mls	List content of multiple directory
mput	Send multiple file
pwd	Print working directory on remote machine
quit	Terminate ftp session and exit
rmdir	Remove directory on the remote machine
rename	Rename file
rstatus	show status of remote machine
type	set file transfer type

Example of ftp command:

[root@client ~]# ftp 210.207.201.7

ftp> mdelete  *.jpg

ftp> mput  *.jpg

ftp> mget  *.jpg

ftp> cd  /var/ftp/pub

ftp> bye

TIPS- For FTP Server

View FTP Log File:

[root@ftp ~]# tail –f /var/log/vsftpd.log

Restrict Access to Anonymous User Only: Add the following line in vsftpd.conf file

local_enable=NO

Disable FTP Upload: Edit the following line in vsftpd.conf file

write_enable=NO

USER LIMITATION: Add the following lines into the vsftpd.conf file

local_max_rate=50
max_per_ip=5
max_clients=10

336

Read More