Configuring a TCP/IP Network— the Software Side Part 3

Setting TCP/IP Server Properties

Setting up a server starts out with the same steps as setting up a client, but you’ll need to go beyond the default client setup steps described in the preceding section. Server software has lots more work to do than client software. A server reacts to requests from multiple clients. For example, a Web server receives requests from Web browsers and sends the requested information back to the browser. The Web server provides services to browser clients using the HyperText Transport Protocol (HTTP) or the Secure HyperText Transport Protocol (S-HTTP).

The most popular Web-server software is Apache.After you set up the basics, such as IP address, your next steps depend on what kind of server you’re configuring. Figure 6-9 demonstrates how to get started on Windows Server 2008.

The simplest way to get started setting up TCP/IP on Windows Server 2008 is to follow these steps:

1. Click the Network icon at the far right of the taskbar. This takes you to the Network and Sharing Center.

The Network and Sharing Center shows a map of your network and lists various server setup tasks (refer to Figure 6-9).

Another way to start working with TCP/IP on Windows Server 2008, is to click StartOControl Panel. What you do next depends on which view you’re using:

• If you’re in the Control Panel Home view, click Network and Sharing CenterOView Network Status and Tasks.


• If you’re in the Classic View, click Network and Sharing Center.

2. Choose Set Up a Connection or Network from the Task Center.

The Set Up a Connection or Network Wizard appears (refer to Figure 6-9).

Now you’re ready to get down to business and configure the specific services you want to offer.

Begin to configure a server in Windows Server 2008.

Figure 6-9:

Begin to configure a server in Windows Server 2008.

Installing TCP/IP from Scratch

Installing TCP/IP software separately from your operating system is a rare task. In fact, some operating systems try to protect you from having to reinstall them. Microsoft Windows XP, for example, considers TCP/IP a core component of the operating system and won’t let you uninstall it. When you’re looking at the NIC properties, look carefully at the Uninstall button next to TCP/IP. The button is not enabled.

Before you have a big layer cake to celebrate the fact that you will never have to install TCP/IP from scratch on Microsoft Windows (yeah, right), think again: It’s always possible that some software component may become corrupted and impossible to repair. If the corrupted software is TCP/IP, then yes, in unusual cases, you do have to install TCP/IP from the beginning.

If you run the netsh utility in a command window, you can delete and reinstall TCP/IP on Microsoft Windows XP and Vista. The only reason to do this is if your TCP/IP stack is corrupted and you have to reinstall the protocols.

tmp9-71_thumb[2][2]

The [log] option is not required. This option is a file specification that tells netsh where to create a log file of the command’s activities. If you don’t fill in this option, netsh doesn’t log its activities.

Don’t omit the log file. It might come in handy later for debugging.

Behind the scenes, the netsh utility is changing the following Windows Registry keys:

tmp9-72_thumb[2][2]

On Windows Server 2008, you can use netsh for these ticklish procedures:

✓ Uninstall IPv4:

tmp9-73_thumb[2][2]

✓ Install IPv4:

tmp9-74_thumb[2][2]

✓ Reset your IPv6 configuration:

tmp9-75_thumb[2][2]

If you decide to disable IPv6 in Windows Server 2008 and/or Vista, you do that by opening a command prompt and using the reg add (add to Registry) command to set IPv6 to disabled:

tmp9-76_thumb[2][2]

If you are running any applications that depend on IPv6, those applications will break if you disable IPv6, even though you still have IPv4 running.

Feasting on NetWork Files

Your operating system automatically creates most of the network files that TCP/IP needs. Nevertheless, you may need to edit these files based on your network setup. For example, you might want to make your account available to someone who’s working on another computer.

Linux, Unix, and Mac OS X usually store these files in a directory called /etc or sometimes in a subdirectory of /etc. Microsoft Windows operating systems store some of the files as files and others as Registry entries. Regardless of where and how the information is stored, the purpose of these files is the same — to tell TCP/IP to function the way you want it to.

The local hosts file

We start with the most fundamental file that you need for communicating with other computers on your network — the local hosts file.

A hosts file can improve network performance because you don’t have to go out to the network, ask for a translation, and have the translation sent back to you. You know the address of where you’re going lickety-split, in a trice, tout de suite.

When you access another host by name on the Internet or any intranet/ internet, your computer needs to know the remote host’s IP address. You can get remote host addresses from DNS or from your computer’s local hosts file. This file is extremely convenient. It lists the names and addresses of other hosts known by your computer. If you list your frequently accessed computers in the hosts file, your own host won’t have to access a host on the network to ask for a name/address translation.

On the other hand, when you need to know about thousands of hosts on the Internet, maintaining the local file is really too cumbersome a mechanism. Imagine having to spend all that time updating it as computers come and go — or relocate — on the Internet! In that case, you need DNS to locate remote hosts. (See the handy sidebar for more about that.)

Let DNS share the job with a hosts file

TCP/IP allows you to use a combination of DNS and a hosts file to find remote hosts by putting the most frequently accessed hosts into your hosts file. That way, you won’t have the performance overhead of accessing a DNS name server on the network to get an address for the hosts that you connect to on a regular basis. Let DNS help you find addresses for hosts that you access only occasionally. This is really the best of both worlds: performance and reliability. When a host name needs to be translated to an IP address, the application looks first at the local hosts file. If the application can’t find the translation it needs, it then goes across the network to a DNS server for the translation.

The location and name of the hosts file depend on the operating system and version of TCP/IP you use. Table 6-1 lists the hosts file locations for a few implementations of TCP/IP.

Table 6-1 Popular Locations for Hosts Files

Location

Operating Systems

Vendor

tmp9-77

Linux, UNIX

Various

tmp9-78

Windows XP, Vista, Server 2008

Microsoft

tmp9-79

Mac OS X

Apple

Discovering another appetizing use for your local hosts file

Your hosts file lets you redirect IP addresses to another location.This address is the localhost — your own computer. It functions like a trash can. You throw out any messages from annoying sites if you redirect them to yourself (localhost). Spybot finds and destroys spyware.

Any line in the local hosts file that starts with # is a comment.

Spybot has made lots of redirections too.

Figure 6-10:

Spybot has made lots of redirections too.

Improving the digestion of your local hosts file

Listing the computers in most frequently used order is a good idea. TCP/IP searches the hosts file sequentially from top to bottom until it finds the computer it’s looking for, so if you have a large hosts file, ordering the computers appropriately gives you a performance advantage.

The trusted hosts file, hosts.equiv

On Mac OS X, Linux, and Unix operating systems, the file /etc/hosts, equiv lists the other hosts on the network that your computer trusts; this is your trusted hosts file. This file is easy to create with any text editor. It has only one column — the host name of each computer you trust.

Be very careful with the hosts.equiv file. Any remote computer listed in this file is a trusted host — and all of its users can log on to your computer without having to know a password.

Don’t look for hosts.equiv on a Microsoft Windows operating system. Instead of using a trusted hosts file, you set up trust relationships when you set up security policies for your computer or Active Directory for your domain. Trust relationships are between domains as opposed to individual hosts.

Freddie’s nightmare: Your personal trust file

You should be aware of a special (and dangerous) file that exists on a per user basis on Mac OS X, Linux, and Unix. You and all the other users on a computer can create a personal trust file in your home directories. This file is named .rhosts, pronounced "dot are hosts." And yes, the dot is part of the filename.

The .rhosts file holds two pieces of information: the host name and the account name. Here are the contents of our niece Sarah’s .rhosts file in her home directory on computer elmst:

tmp9-81_thumb[2][2]

The file allows her sister, Emily (from computer mainst), to have the run of computer elmst without a password. If you live on Elm Street or elsewhere in cyberspace, don’t let personal trust become a nightmare. Please be careful about letting evil players into your computer.

Most network administrators, like Freddie, consider .rhosts files to be potential security problems. These files list trusted remote users — those who are permitted to log on to your account without entering a password. Logging on without a password allows users to copy any files from your directories and to remotely execute any command on your computer.

This is scary. Why would I ever want.rhosts?

If you do a lot of work on various hosts, it’s quite convenient to rlogin as yourself on all the computers on which you have accounts.If all of these computers have a .rhosts file that lets you in from anywhere, you can skip remembering all those passwords.

Surprise! The curse of the network administrator lives

If Emily has been wandering all over computer elmst because Sarah lets her, Emily may get a big surprise one day when she tries to log on remotely and permission is denied. Network administrators frequently hunt down and kill these .rhosts files. After Sarah’s .rhosts file is gone, Emily needs to know a valid password in order to log on, unless she gets Sarah to re-create the file.

The services file

The services file lists the network services being used on your computer. TCP/IP automatically maintains this file as you enable or disable new services. Most of these services are daemons (described in the next section) — although, in a Microsoft file, daemon names don’t end in "d". Each line in the file has the following columns:

✓ Service name

✓ Port number

✓ Protocol (separated from the port number by a /)

✓ Aliases (other, optional names for the service)

The following example shows an excerpt from a Windows Server 2008 services file. If the Status column is blank, the service is not started. The entire services file lists about 300 services. An enterprise-class server must do a lot of work because a Windows XP Pro system has only about 115 services.

tmp9-82

People like names, and computers like numbers

You’ve heard it before, and you’ll hear it again. Many applications, services, and protocols are named the same. Take FTP, for example, which is the name of an application, a service, and a protocol.

Applications communicate with services via a port id number. ID numbers 1 through 255 are reserved for the most commonly used services, such as telnet and FTP. You can create port numbers as needed. If you write your own TCP/

IP application and service, you simply use a port number greater than 255.

When an application, such as FTP, says to TCP/ IP, "Here I am, ready to work," TCP/IP doesn’t really care about the application’s name. Instead, TCP/IP sees only these numbers:

✓ The IP address of the host that provides the service

The port number through which the application intends to communicate

You can find the services file in /etc/services in Mac OS X, Linux, and Unix. The file location for Microsoft Windows operating systems is C:\windows\ system3 2\drivers\etc\services.

It’s a little more work to see the services on Microsoft Vista. Choose StartOControl PanelOSystem and MaintenanceOAdministrative ToolsO Services.

With so many services, how does an application know which one it should use? See the nearby sidebar for details.

Daemons Aren’t Devils

There’s nothing devilish about daemons. A daemon is a program that automatically runs in the background, where users can’t get their hands on it. Daemons manage most of the services shown in the services file (described previously).

Relishing your daemons

The inetd program (pronounced "eye net dee") is the father of all daemons. It manages the other daemons (and there are lots). Many programs spawn other programs called children. The inetd program works so hard managing its children that it’s often called the "superserver." The following list describes a few other TCP/IP daemons that you should know about:

✓ routed: The routed daemon manages routing tables.No, don’t say "row-ted" or even "roo-ted." It’s either "rowt dee" or "root dee." The routed daemon uses RIP, the Routing Information Protocol.

✓ named: The named daemon is pronounced "name dee." (Are you getting the hang of it yet?) This handy daemon runs on your name server to manage DNS and to do the host name/IP address resolution.

✓ Other handy-dandy daemons: All other daemons have names that end with d and are pronounced by saying the name of the service followed by "dee." We list some of the more famous daemons in Table 6-2, along with the services they provide.

Finding the daemons on your computer

In Figure 6-11, the ps command (process status) shows some popular daemons running on a UNIX system. You can also use the ps command on Mac OS X and Linux. Look for the daemons in the last column of each line. The rest of the information for each daemon is performance information.

If you have a problem using one of the services in Table 6-2, a quick troubleshooting technique is to check and see whether the daemon is started. On Windows NT and 2000, use the Services applet to see whether it’s running. On Linux and Unix, you can do this with the ps command.Look for the name of the daemon in the ps output (refer to Figure 6-11). If you don’t see the daemon required for the service, that’s the problem. To use the service, you need to get the daemon started in whatever way your operating system allows.

This computer is running some of our favorite daemons.

Figure 6-11:

This computer is running some of our favorite daemons.

Table 6-2

Popular Services and Their Daemons

Table 6-2

Popular Services and Their Daemons

Service

Daemon

chat (internet relay chat)

ircd

ftp

ftpd

telnet

telnetd

rlogin

rlogind

rsh

rshd

rexec

rexecd

talk

talkd

NFS client

nfsiod

NFS server

nfsd

Next post:

Previous post: