Now that we have discussed some of the basic elements assocated

Setting Up A Secure Server/Firewall
Which Services Are Offered

Now that we have discussed some of the basic elements of network communication we are going to specify which services we will set up on our Local Area Network (LAN).

The server we are going to install will offer the following services to our local area network:

Routing. This is the method by which packets of data, whether they be parts of a word processor document, a piece of music, or data for a picture, find a route from one computer to another; for example, from your network nodes (clients) to another computer, for example on the Internet. The router, as the name implies, routes the packets according to the IP address they need to get to. Linux routing is set up by a configuration file on the server called route.conf which is stored in the /etc directory.
Domain name service, (DNS). This is the service on your server that translates a URL such as www.microsoft.com into an IP address, i.e. Computers only understand numbers - not words, so everything has to be translated into a suitable format for them. DNS is implemented by a package called BIND, an acronym for Berkeley Internet Name Daemon. DNS is set up on the server by a small number of configuration files and offers it service to network clients by the use of a program called a daemon that runs on the server. When a client on the local area network wants to know the IP address of a particular web-site, for instance, DNS tells it.
File sharing/Printer services. Files can be stored on the server and shared/copied between users on the network. Actually, I will not be covering printer sharing but it uses the same mechanism - a program called 'Samba'. Samba configuration is set up by a file called smb.conf which resides in the /etc directory on the server.
Shared/cached Internet connection. A single phone line can be used to provide internet services, i.e. web browsing, file downloading, etc., to several people at the same time using a product called 'Squid'. Squid is a computer program that runs on a server and, when a client on the network wants a web-page, squid goes and gets it for it and passes it on. However, it doesn't just get it, it also keeps a copy for itself so that, if someone else wants the page again, it can just 'serve up' the copy. This makes the whole web browsing experience much faster for the client computer and reduces internet traffic. Using squid a single channel (64K) ISDN line can service 10-15 people web browsing depending on their browsing habits. Squid has it's own set up file called squid.conf which is in the /etc directory on the server
Dynamic Host Configuration Protocol (DHCP). How do your network clients know which computer to ask for information about computer name/IP address translation? - Which computer to route their outgoing data packets via? - Which network workgroup they are in? - Even what their own IP address is? This can all be handled by DHCP. DHCP has a configuration file stored on the server called dhcpd.conf that has all this information in. We'll see how to set it up later.

Linux users, groups and files

Linux contains the idea of a user being responsible for his/her own work and files. Indeed, it is one of the aspects that make these operating system inherently more secure than some operating systems I could mention ;-)

Put simply, any program running on a Linux computer runs under the ownership and control of a particular user. Any file created on the Linux computer is owned by a particular user. So, to work on a Linux computer a user has to be set up on that computer as, otherwise, the operating system won't know who he is. There is also a 'superuser', (called the 'root' user), who runs all the important programs including the operating system itself.

What this means is that if I create a file on a Linux computer I can set it to have permissions for myself to read and write to it and someone else to read it but not write or not even read it. The concepts of groups also adds additional flexibility so that a file can be set to have permissions such that anyone from a particular group can read and write to a file but no-one else. It is this combination of users and groups combined with file permissions for reading, writing and executing that give Linux and Unix their power and flexibility.

It is most important that, other than for editing configuration files and other system configuration which we are doing at the moment, YOU NEVER LOG IN AND WORK AS ROOT because, as stated, the superuser has complete power over the computer he logs into. For any other day to day work for word processing, accounts work, etc., log in as a normal user.

Internet Communications < Previous - Next > Hardware And Required Information