By tradition in Unix most services come with networking capabilities. This includes the printing server. You
don't need to get third party software to make a printing server.
The lpd daemon allows you to print to your local printer, but also allows others to print on it, if you allow
them.
By default the printing software will read on port 515 on the UDP protocol. It will allow hosts listed in the
/etc/hosts.lpd to print using your printer.
For a full overview of the printing service, you should check the printing howto on the Web
Sunday, March 6, 2011
Tip 14: Who owns this port
Several utilities exist to check which ports are open, who is connected to your system and even what process
owns a port number.
First a few ground rules. Ports below 1024 are reserved for common services, and only root can use them.
Standard port numbers can be found in /etc/services. The maximum number of ports is 65k, so you have more
than enough Internet ports for all your services.
Here are some useful utilities. Netstat is a command that will list both the open ports and who is connected to
your system. You should run it like this:
netstat -an | more
This way you can find out who is connected to which service.
Another interesting command is the fuser program. This program can tell you which user and process owns a
port. For example, the following command will tell you who owns port 6000:
fuser -v -n tcp 6000
owns a port number.
First a few ground rules. Ports below 1024 are reserved for common services, and only root can use them.
Standard port numbers can be found in /etc/services. The maximum number of ports is 65k, so you have more
than enough Internet ports for all your services.
Here are some useful utilities. Netstat is a command that will list both the open ports and who is connected to
your system. You should run it like this:
netstat -an | more
This way you can find out who is connected to which service.
Another interesting command is the fuser program. This program can tell you which user and process owns a
port. For example, the following command will tell you who owns port 6000:
fuser -v -n tcp 6000
Tip 13: Names and name servers
Internet hostnames and domains are resolved using the Domain Name System (DNS) using Name Servers
(NS). These name servers are usually hosted by your Internet provider. You can also host your own name
server, using the program named. Every name server, upon receiving a request to resolve a hostname, will ask
an upstream name server if it doesn't know the answer. Your name server may ask your ISP's name server,
which will ask the backbone's main name server, which will ask a root server.
Linux knows which name server to ask by looking in /etc/resolv.conf. In that file, a number of name servers
may be specified in the following way:
nameserver 192.168.0.1
nameserver 205.237.65.254
The name server itself, named, has a configuration file which is usually /etc/named.conf. In that file, you
configure the domain names you are responsible for, and the zone file to use. A nice introduction to running a
name server is available in the various named man pages.
Various utilities are related to resolving hostnames. One is called whois, and will query the Internet main
name servers to know who owns a domain:
whois linux.org
Another utility is called nslookup. That command will allow you to resolve hosts, and to get all kinds of
information about a domain. See the man page for more.
(NS). These name servers are usually hosted by your Internet provider. You can also host your own name
server, using the program named. Every name server, upon receiving a request to resolve a hostname, will ask
an upstream name server if it doesn't know the answer. Your name server may ask your ISP's name server,
which will ask the backbone's main name server, which will ask a root server.
Linux knows which name server to ask by looking in /etc/resolv.conf. In that file, a number of name servers
may be specified in the following way:
nameserver 192.168.0.1
nameserver 205.237.65.254
The name server itself, named, has a configuration file which is usually /etc/named.conf. In that file, you
configure the domain names you are responsible for, and the zone file to use. A nice introduction to running a
name server is available in the various named man pages.
Various utilities are related to resolving hostnames. One is called whois, and will query the Internet main
name servers to know who owns a domain:
whois linux.org
Another utility is called nslookup. That command will allow you to resolve hosts, and to get all kinds of
information about a domain. See the man page for more.
Tip 12: Speed problems on a PPP connection
PPPd is the PPP connection daemon. It will try to connect to a server using a specified speed. The default
speed is 38400. If you use a serial connection, or a 56.7Kbps modem, it may not be enough. If you want to
use all the available bandwidth, you need to increase that number. For example, for a serial connection, you
want the speed set at 115200.
Another reason for speed drops is unwanted packets. You may want to filter unwanted packets out of your
network, like some ICMP messages and chat connections.
A last possibility for speed drops is Denial of Service attacks. DoS attacks are unfortunately very real and
they occur a lot. Malicious people that can't handle their problems elsewhere turn to the Internet and launch
attacks against networks. An attack against one user will always affect several thousands of people. By using
bandwidth of an Internet provider to cause trouble to any one user, the whole provider will be affected. To
prevent such attacks, firewalls exist, and tracking tools were invented to deal with abusers. MCI has a tool
called DoSTrack that can be of help if you are victim of such an attack. For more information about various
DoS attacks, you should search the Web.
speed is 38400. If you use a serial connection, or a 56.7Kbps modem, it may not be enough. If you want to
use all the available bandwidth, you need to increase that number. For example, for a serial connection, you
want the speed set at 115200.
Another reason for speed drops is unwanted packets. You may want to filter unwanted packets out of your
network, like some ICMP messages and chat connections.
A last possibility for speed drops is Denial of Service attacks. DoS attacks are unfortunately very real and
they occur a lot. Malicious people that can't handle their problems elsewhere turn to the Internet and launch
attacks against networks. An attack against one user will always affect several thousands of people. By using
bandwidth of an Internet provider to cause trouble to any one user, the whole provider will be affected. To
prevent such attacks, firewalls exist, and tracking tools were invented to deal with abusers. MCI has a tool
called DoSTrack that can be of help if you are victim of such an attack. For more information about various
DoS attacks, you should search the Web.
Tip 11: Secure alternative to telnet
Telnet is a protocol allowing you to connect to a remote system and run programs and commands on that
system. It is very old and still very much in use today.
Unfortunately, a telnet client sends the user password as clear text, and the connection is not encrypted. On
the other hand, a program called ssh exists that can replace both telnet and ftp in a secure, encrypted way.
Ssh stands for Secure Shell. It will encrypt each connection with a random key, so that it is impossible or at
least very hard for a third party to decrypt the connection and find the password, or spy on you
system. It is very old and still very much in use today.
Unfortunately, a telnet client sends the user password as clear text, and the connection is not encrypted. On
the other hand, a program called ssh exists that can replace both telnet and ftp in a secure, encrypted way.
Ssh stands for Secure Shell. It will encrypt each connection with a random key, so that it is impossible or at
least very hard for a third party to decrypt the connection and find the password, or spy on you
Tip 10: Secure Web server
Electronic commerce is becoming very popular on the Internet. Companies will often pay thousands of
dollars for commercial packages to deliver secure content to customers on the Web. You can setup one of the
most popular Web servers, Apache, running on Linux and serving secure content, for free.
To setup Apache to deliver secure content, you will need to get a cryptographic package called OpenSSL,
based on the SSLeay library. The place to start is at http://www.apache-ssl.org. From there, you can
download the needed patches to make Apache into a secure web server.
Detailed instructions are available in the packages, but here is a quick step-by-step guide:
· First, you need to download 3 packages: Apache itself, the corresponding Apache-SSL patch
and OpenSSL.
· Then you need to patch the Apache distribution and compile the SSL library.
· After editing the configuration file in the Apache directory, and setting the right paths and
libraries to use, you can compile Apache and then create a test certificate.
· All you have to do now is install Apache and configure it to use your test certificate.
Note that while Apache and the SSLeay libray are free, you may need to pay to get signed certificates from
commercial companies. Also, due to export laws in various countries, you may want to check your local laws
before using any encrypting product.
dollars for commercial packages to deliver secure content to customers on the Web. You can setup one of the
most popular Web servers, Apache, running on Linux and serving secure content, for free.
To setup Apache to deliver secure content, you will need to get a cryptographic package called OpenSSL,
based on the SSLeay library. The place to start is at http://www.apache-ssl.org. From there, you can
download the needed patches to make Apache into a secure web server.
Detailed instructions are available in the packages, but here is a quick step-by-step guide:
· First, you need to download 3 packages: Apache itself, the corresponding Apache-SSL patch
and OpenSSL.
· Then you need to patch the Apache distribution and compile the SSL library.
· After editing the configuration file in the Apache directory, and setting the right paths and
libraries to use, you can compile Apache and then create a test certificate.
· All you have to do now is install Apache and configure it to use your test certificate.
Note that while Apache and the SSLeay libray are free, you may need to pay to get signed certificates from
commercial companies. Also, due to export laws in various countries, you may want to check your local laws
before using any encrypting product.
Tip 9: Accessing remote file systems
SMB is the most popular protocol to access Windows systems. But from the Unix world comes NFS. NFS is
a way to share files that predates SMB and Samba, and comes compiled in most Linux distributions. To
enable file sharing, you must have the nfsd and mountd daemons running. You also need to add the IPs of the
systems you want to allow in /etc/exports.
To access remote file systems, you simply mount them like local hard drives. To mount /usr/files from 1.2.3.4
into /mnt/files, simply type:
mount -tnfs 1.2.3.4:/usr/files /mnt/files
The -tnfs parameter may be omited.
a way to share files that predates SMB and Samba, and comes compiled in most Linux distributions. To
enable file sharing, you must have the nfsd and mountd daemons running. You also need to add the IPs of the
systems you want to allow in /etc/exports.
To access remote file systems, you simply mount them like local hard drives. To mount /usr/files from 1.2.3.4
into /mnt/files, simply type:
mount -tnfs 1.2.3.4:/usr/files /mnt/files
The -tnfs parameter may be omited.
Subscribe to:
Posts (Atom)