Protecting Your Network with Firewalls

Understanding ipchains firewall rules

An ipchains target can be a simple command like ACCEPT or DENY, or it can be the name of another rule chain to begin examining. There are three default rule chains that the kernel will always examine. They are the input, output, and forward chains. You can create additional user-defined chains and call them from these original three, but for simple firewall configurations, the standard three should be sufficient.

The general syntax is to invoke ipchains with a parameter specifying the action to take, followed by the rule chain to take it on. A rule description and a rule target may follow this. Table 14-3 shows action parameters you can use with ipchains.

As you can see in Table 14-3, the ipchains action parameters can be expressed in two forms, either as a dash followed by a single capital letter, or two dashes followed by a descriptive word. Both will work, so use whichever you prefer. In the example in this chapter, I will use the abbreviated version.

Usually, we follow the action parameter with the rule chain to apply it to. Rules added to the input chain will be examined only when filtering network packets being received by the Linux box. Similarly, the output chain is examined only for packets being transmitted from the Linux box. The forward chain is examined only for network packets that are received by the Linux system but will be delivered to some other network system. Packet forwarding only occurs when your system is configured as a router.

After specifying a chain to act on, you may specify some optional parameters to define a rule. Table 14-4 lists the available optional parameters.

After specifying a rule for a particular type of packet, you must specify the target for it using the -j or --jump option. This tells ipchains what to do with that packet when it finds a rule that matches it. The target could be the name of another rule chain to traverse, but more often it is one of the predefined actions described in Table 14-5.

I've shown you the various components of an ipchains command. It is time to put them together into some practical examples. It is possible to create some very sophisticated and complicated rule lists with ipchains, but I will keep my examples rather simple. Keeping things simple is generally a good policy, since large, complicated rule chains can impact system performance. More time spent examining rules means less time delivering packets and serving up information. The higher the traffic level on your Linux box, the greater the performance impact of those complicated rule chains.

Changing ipchains firewall rules

Now let's try adding a rule. As an example, imagine we want to block ICMP packets to disallow "pinging" of our Linux box. You may do that to avoid various denial-of-service attacks that could be launched against your system. Block ICMP with a command like the following:

# ipchains -A input -p icmp -j DENY

This specifies that we are adding a rule to the input chain. It will match any ICMP packet and will drop it rather than allowing it through. Now if you are using the ping command against your Linux box, you should receive no response. Type the ipchains -L command again, and you'll see something like this:

Chain input  (policy ACCEPT):
target   prot opt     source       destination ports
DENY     icmp ------  anywhere     anywhere    any  -> any
Chain forward (policy ACCEPT):
Chain output  (policy ACCEPT):

You can see your new rule listed. This rule will block all ICMP packets entering your system, regardless of which computer sent those packets. If your Linux system is acting as a router, it will also block ICMP packets that are being forwarded from the Internet to your network, or vice versa. People on the Internet will be unable to ping anything on your network. Likewise, you will be unable to ping anything on the Internet. Perhaps that is not what you want. Assume then that you wish to block pinging of systems on your network by people on the Internet, but allow pinging of the router and allow the router to ping hosts on the Internet. First, we should flush the contents of the input chains using the -F parameter; then we can add our new rule.

# ipchains -F input
# ipchains -A forward -p icmp -j DENY

Now we can ping the Linux system and the Linux system can ping other boxes, but ping requests will not be passed through the Linux system. If you wish, use the ipchains -L command to verify that the rule has now been added to the forward chain rather than the input chain.

You may also wish to block the telnet protocol when coming from the Internet. For this example, let us assume that our Linux router is connected to the Internet via a dial-up connection called ppp0 and is connected to our internal LAN via an Ethernet connection called eth0. In that case, you could block telnet with a command like the following:

# ipchains -A input -i ppp0 -p tcp --dport 23 -j DENY

This rule basically says that any TCP packet with a destination port of 23 (the telnet port as specified in /etc/services) that is arriving on the ppp0 interface should be dropped. This does not prevent you from telneting to your Linux box from your internal network, but it does block telnet access from the Internet.

I'm going to finish up with one more useful example. Imagine you want to allow any type of outbound TCP connection to the Internet, but want to block any inbound TCP connection. Every TCP connection sends packets in both directions, so at first glance it would seem impossible. Block all inbound TCP packets, and the reply packets to your outbound connections will also be blocked. The trick is to block only the initial TCP packet that is used to start an inbound connection. We can do this because all TCP connection requests start with a packet that has something called the SYN bit set. We can use the --syn option to tell ipchains to look for that bit. Try the following command:

# ipchains -A input -i ppp0 -p tcp --syn -j DENY

There are many useful ways to filter traffic using ipchains. I encourage you to read the ipchains man page (type man ipchains) and the ipchains HOWTO document to learn more about it. You can find the HOWTO document at www.tldp.org/HOWTO/IPCHAINS-HOWTO.html.

Saving ipchains firewall rules

After you have created the ipchains rules you want, it is important to save them to a file; otherwise, they will be lost when you reboot the server. Fortunately, a pair of useful scripts (ipchains-save and ipchains-restore) is provided for exactly this purpose. Essentially, ipchains-save will echo the current ipchains rule list to the screen. The ipchains-restore script reads in the specially formatted rule list and makes it active. After customizing ipchains, save the new rules to a file by running ipchains-save and directing the output to a file such as:

# /sbin/ipchains-save > /tmp/ipchains.rules

Next, you can add the rules you have created to the /etc/sysconfig/ipchains file. As root user, open the file in any text editor. Then read in the ipchains.rules file you have created in the preceding example.

Turning on iptables

To turn on iptables, you might have to turn off ipchains. (This might be the case if you just upgraded from a release prior to Red Hat Linux 8, where ipchains was the default.) Then you can add the modules and create the rules you need for your iptables firewall. The following procedure describes how to get iptables going on your Red Hat Linux system.

1. Stop the ipchains script from starting automatically at boot time:

   # chkconfig ipchains off
   

2. Set the iptables script to start automatically at boot time:

   # chkconfig iptables on
   

3. Now you can either reboot Red Hat Linux, or stop ipchains and unload the ipchains module, as follows:

   # service ipchains stop
   # modprobe -r ipchains
   

4. Before you can start iptables you must have a working set of rules that have been placed in your /etc/sysconfig/iptables file. To create those rules, refer to the examples in the following sections. (Without the configuration file in place, iptables fails silently.)

5. If you are doing NAT or IP Masquerading, turn on IP packet forwarding. One way to do this is to change the value of net.ipv4.ip_forward to 1 in the /etc/sysctl.conf file. Open that file as root user with any text editor and change the line to appear as follows:

   net.ipv4.ip_forward = 1

6. Restart your network interfaces to have IP packet forwarding take effect.

   # /etc/init.d/network restart
   

7. Once the rules file is in place, start up iptables:

   # /etc/init.d/iptables start
   

8. At this point, iptables is installed as your firewall. You can check to see that the modules used by iptables are loaded by using the lsmod command, as follows:

   # lsmod |grep ip
   ipt_REJECT             3928   6  (autoclean)
   iptable_filter         2412   1  (autoclean)
   ip_tables             15096   2  [ipt_REJECT iptable_filter]

9. If you want to allow passive FTP or IRC connections from computers on your LAN, you may need to load those modules by adding them to the /etc/modules.conf file. (See the description of passive FTP and IRC after the firewall-example sections.)

If your iptables service didn't start, make sure that:

• An ipchains module is not loaded. (Unload it with modprobe -r as shown previously.)

• The /etc/sysconfig/iptables file exists. (You need to create one if one was not already created for you when you installed Red Hat Linux.)

  Tip?

  As you add iptables rules, more modules will have to be loaded. Appropriate modules should be loaded automatically when a new rule is entered. Run lsmod | grep ip again after you have added a few rules to see which modules were added. Note that these modules will not be unloaded if you decide to stop iptables. They will stay loaded until the next reboot or until you remove them (modprobe -r).

The following sections contain examples of iptables firewall rules.

Creating iptables firewall rules

One way to configure iptables is to start by adding and deleting rules to your kernel from the command line. Then when you get a set of rules that you like, you save the rules that are currently running on your system. The tools you use to create your firewall rules and then make them permanent are as follows:

• iptables — Use this command to append (-A), delete (-D), replace (-R) or insert (-I) a rule. Use the -L option to list all current rules.

• iptables-save -c — Use this command to save the rules from the kernel and install them in the configuration file.

• /etc/sysconfig/iptables — This is the configuration file that contains the rules that were saved from the iptables-save command.

• /etc/init.d/iptables — This is the iptables start-up script that must run automatically each time Red Hat Linux reboots. When it starts, it clears all iptables rules and counters and installs the new rules from the /etc/sysconfig/iptables file. You can also use this script with different options from the command line to check the status of iptables (status) or to run iptables-save for you to save the current rules (save).

To get you started with iptables, I'm providing a sample set of iptables rules along with descriptions of how you might change those rules for different situations. Here's how you could load and save any of the sets of rules described in the following example:

1. If you are currently running ipchains, complete the procedure in the previous "Turning on iptables" section.

2. Stop iptables and clear all existing rules:

   # /etc/init.d/iptables stop
   

3. Add the rules shown in the following example to a file, using any text editor. Modify the rules to suit your situation and save the file.

4. As root user, run the file as a shell script. For example, if you named the file firescript, you could run it as follows:

   # sh firescript
   

5. See how the rules were loaded into the kernel:

   # iptables -L
   

6. If everything looks okay, save the rules that are now in the kernel into the /etc/sysconfig/iptables file:

   # iptables-save > /etc/sysconfig/iptables
   

From now on the rules will be read each time you reboot or restart iptables. Save a copy of the script you used to create the rules, in case you ever need it again.

Example 1: Firewall for shared Internet connection (plus servers)

This example features a home or small-office LAN with a Red Hat Linux system acting as an iptables firewall between the LAN and the Internet. The firewall computer also acts as a Web server, FTP server, and DNS server. Figure 14-2 shows this configuration.

Figure 14-2: Using iptables as a firewall between the Internet and a LAN.

If you want to use the sample firewall script that follows, you must change the following information to match your configuration:

Firewall computer — The firewall computer is set up as follows:

• Local host — 127.0.0.1 (IP address) and lo (interface). You shouldn't need to change these.

• Connection to the Internet — 123.45.67.89 (IP address) and eth0 (interface). Replace them with the static IP address and interface name associated with your connection to the Internet, respectively.

• Connection to the LAN — 10.0.0.1 (IP address) and eth1 (interface). Replace 10.0.0.1 and eth1 with the static IP address and interface name associated with your connection to your LAN, respectively.

Computers on the LAN — Each computer on the LAN in the example has an IP address between 10.0.0.2 to 10.0.0.254. Change 10.0.0.255 to a number that matches your LAN's range of addresses.

Here is an example of a script to load firewall rules that could be used for the configuration shown in Figure 14-2:

# (1) Policies (default)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
   
# (2) User-defined chain for ACCEPTed TCP packets
iptables -N okay
iptables -A okay -p TCP --syn -j ACCEPT
iptables -A okay -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A okay -p TCP -j DROP
   
# (3) INPUT chain rules
   
# Rules for incoming packets from LAN
iptables -A INPUT -p ALL -i eth1 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 10.0.0.1 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 123.45.67.89 -j ACCEPT
iptables -A INPUT -p ALL -i eth1 -d 10.0.0.255 -j ACCEPT
   
# Rules for incoming packets from the Internet
   
# Packets for established connections
iptables -A INPUT -p ALL -d 123.45.67.89 -m state --state 
ESTABLISHED,RELATED -j ACCEPT
   
# TCP rules
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 21 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 22 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 80 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 113 -j okay
   
# UDP rules
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 53 -j ACCEPT
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 2074 -j ACCEPT
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 4000 -j ACCEPT
   
# ICMP rules
iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 11 -j ACCEPT
   
# (4) FORWARD chain rules
# Accept the packets we want to forward
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
   
# (5) OUTPUT chain rules
# Only output packets with local addresses (no spoofing)
iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -p ALL -s 10.0.0.1 -j ACCEPT
iptables -A OUTPUT -p ALL -s 123.45.67.89 -j ACCEPT
   
# (6) POSTROUTING chain rules
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 123.45.67.89

I divided the commands in the preceding script into six sections. The following text describes each of those sections.

(1) Policies — The iptables -P commands set the default policies for INPUT, OUTPUT, and FORWARD chains. By assigning each of those policies to DROP, any packet that isn't matched is discarded. In other words, for a packet to get through, it has to be specifically matched and ACCEPTed by one of the other rules in the script.

(2) User-defined chain — A user-defined chain I call okay is created to do a few more checks on packets requesting certain TCP services that I'm going to allow through (Web, FTP, and DNS services). The -N okay option creates the okay chain. The next line says that a SYN packet (--syn), which requests a new connection, is fine to let through. The next line allows through packets associated with an ESTABLISHED connection (one that has already had traffic pass through the interface) or a RELATED connection (one that is starting a new connection related to an already-established connection). The final line in this set tells iptables to DROP packets that don't meet one of those checks.

(3) INPUT chain rules — The bulk of the packet filtering is done in the INPUT chain. The first sets of input rules indicates to iptables when to always accept packets from the Internet and from the LAN. The next three sets determine which requests for specific protocols (TCP, UDP, and ICMP) are accepted.

• Packets from LAN — Because you want the users on your LAN and the firewall computer itself to be able to use the Internet, this set of rules lets through packets that are initiated from those computers. The first line tells iptables to accept packets for ALL protocols for which the source is an acceptable addresses on your LAN (-s 10.0.0.0/8, which represents IP numbers 10.0.0.1 through 10.0.0.254). The next three lines allow packets that come from all valid IP addresses on the firewall computer itself (-s 127.0.0.1, 10.0.0.1, and 123.45.67.89). The last line accepts broadcast packets (-d 10.0.0.255) on the LAN.

• Packets from Internet (already connected) — This line is split in two (I just used the backslash to join the lines because the page wasn't wide enough to show it as one line). It ACCEPTs packets that are both associated with connections that are already established (--state ESTABLISHED,RELATED) and are requested directly to the firewall's IP address (123.45.67.89).

• TCP rules (new connections) — Here is where you open up the ports for the TCP services you want to provide to anyone from the Internet. In these lines you open ports for FTP service (--destination-port 21), secure shell service (22), Web service (80), and IDENTD authentication (113), the last of which might be necessary for protocols such as IRC. Instead of accepting these requests immediately, you jump to the okay chain you defined to further check that the packets was formed properly.

  Caution?

  You want to ensure that the services on the ports to which you are allowing access are properly configured before you allow packets to be accepted to them.

• UDP rules (new connections) — These lines define the ports where connection packets are accepted from the Internet for UDP services. In this example I chose to accept requests for DNS service (--destination-port 53) because the computer is set up as a DNS server. The example also illustrates lines that accept requests for a couple of other optional ports. Port 2074 is needed by some multimedia applications the users on your LAN might want to use, and port 4000 is used by the ICQ protocol (for online chats).

• ICMP rules — ICMP messages are really more for reporting conditions of the server than for actually providing services. Packets from the Internet that are accepted for ICMP protocol requests are those for ICMP types 8 and 11. Type 8 service, which allows your computer to accept echo reply messages, makes it possible for people to ping your computer to see if it is available. Type 11 service relates to packets whose time to live (TTL) was exceeded in transit, and for which you are accepting a Time Exceeded message that is being returned to us. (You need to accept Type 11 messages to use the traceroute command to find broken routes to hosts you want to reach.)

(4) FORWARD chain rules — Because this firewall is also acting as a router, FORWARD rules are needed to limit what the firewall will and will not pass between the two networks (Internet and local LAN). The first line forwards everything from the local LAN (-A FORWARD -i eth1). The second line forwards anything from the Internet that is associated with an established connection (--state ESTABLISHED, RELATED).

(5) OUTPUT chain rules — These rules basically exist to prevent anyone from your local computer from spoofing IP addresses (that is, from saying packets are coming from somewhere that they are not). According to these three rules, each packet output from your firewall must have as its source address one of the addresses from the firewall computer's interfaces (127.0.0.1, 10.0.0.0.1, or 123.45.67.89).

(6) POSTROUTING chain rules — The POSTROUTING chain defines rules for packets that have been accepted, but need additional processing. This is where the actual network-address translation (NAT) work takes place. For the NAT table (-t nat), in the POSTROUTING chain, all packets that go out to the Internet have their addresses translated to that of the firewall's external interface (--to-source 123.45.67.89). In this case I used the Source Network Address Translation (SNAT) chain because I have a static IP address (123.45.67.89) associated with my Internet connection. If I were using a dynamic IP address (via DHCP), I would use MASQUERADE instead of SNAT. I would also have to change any references to -d 123.45.67.89 to -i eth0. (Of course, you would be using a different IP address and possibly a different Ethernet interface.)

Understanding iptables

Now that you've seen something about what iptables rules look like and how you can get them going, step back a bit and see how iptables works.

The iptables feature works by having IP packets (that is, network data) that enter or leave the firewall computer, traverse a set of chains that define what is done with the packet. Each rule that you add essentially does the following:

• Checks if a particular criterion is met (such as that a packet requests a particular service or comes from a particular address) and

• Takes an action (such as dropping, accepting, or further processing a packet).

Different sets of rules are implemented for different types of tables. For example, tables exist for filtering (filter), network address translation (nat), and changing packet headers (mangle). Depending on the packet's source and destination, it traverses different chains. Most of the rules you create will relate to the filter table (which is implied if no other table is given).

The chains associated with the filter table are INPUT, OUTPUT, and FORWARD. You can add user-defined chains as well. You will probably be most interested in adding or removing particular TCP and UDP services using the basic rules shown in the previous example. Assign ACCEPT to packets you want to go through and DROP to those you want to discard. You can also assign REJECT to drop a packet but return a message to the sender, or LOG to neither drop nor accept the message, but to log information about the packet.

A lot of great features are built into iptables. The following descriptions tell you about some cool things you can do with iptables and give you some tips on using it.

insmod ip_conntrack_irc.o ports=6668,6669

Using iptables to do NAT or IP Masquerading

BackCover Red Hat Linux Bible - Fedora and Enterprise Edition Preface This Book's Learn-through-Tasks Approach What You Need Red Hat Linux Bible Improvements Conventions Used in This Book How This Book Is Organized About the Companion CD-ROMs About the Companion Web Site Reach Out Acknowledgments Part I: Getting Started in Red Hat Linux Chapter 1: An Overview of Red Hat Linux Introducing Red Hat Linux What Is Linux? Linux's Roots in UNIX Common Linux Features Primary Advantages of Linux What Is Red Hat Linux? Why Choose Red Hat Linux? Features in Red Hat Linux The Culture of Free Software Summary Chapter 2: Installing Red Hat Linux Quick Installation Detailed Installation Instructions Installing More Red Hat Linux Packages Special Installation Procedures Special Installation Topics Troubleshooting Your Installation Summary Part II: Using Red Hat Linux Chapter 3: Getting Started with the Desktop Logging in to Red Hat Linux Getting Familiar with the Desktop Using the GNOME Desktop Using the KDE Desktop Troubleshooting Your Desktop Summary Chapter 4: Using Linux Commands The Shell Interface Understanding the Red Hat Linux Shell Using the Shell in Red Hat Linux Working with the Red Hat Linux File System Using the vi Text Editor Summary Chapter 5: Accessing and Running Applications Using Red Hat Linux as an Application Platform Finding Windows-Equivalent Applications in Linux Obtaining Red Hat Linux Applications Installing Red Hat Linux Applications Running X Window Applications Running Window, DOS, and Macintosh Applications Summary Chapter 6: Publishing with Red Hat Linux Using OpenOffice Other Word Processors Using Traditional Linux Publishing Tools Creating Documents in Groff or LaTeX Printing Documents with Red Hat Linux Displaying Documents with Ghostscript and Acrobat Working with Graphics Using Scanners Driven by SANE Summary Chapter 7: Playing Games with Red Hat Linux Basic Linux Gaming Information X Window Games Commercial Linux Games Summary Chapter 8: Multimedia in Red Hat Linux Listening to Audio Viewing TV and Webcams Playing Video Using a Digital Camera with gtkam and gphoto2 Recording Music CDs Summary Chapter 9: Tools for Using the Internet and the Web Browsing the Web Communicating with E-mail Participating in Newsgroups Participating in AOL Instant Messaging with Gaim Using Remote Login, Copy, and Execution Summary Part III: Administering Red Hat Linux Chapter 10: Understanding System Administration Using the root Login Becoming Super User (The su Command) Learning about Administrative GUI Tools, Commands, Configuration Files, and Log Files Administering Your Red Hat Linux System Configuring Hardware Managing File Systems and Disk Space Monitoring System Performance Choosing Software Alternatives Getting Linux Software " up2date " Summary Chapter 11: Setting Up and Supporting Users Creating User Accounts Setting User Defaults Creating Portable Desktops Providing Support to Users Modifying Accounts Deleting User Accounts Checking Disk Quotas Sending Mail to All Users Summary Chapter 12: Automating System Tasks Understanding Shell Scripts System Initialization System Start-Up and Shutdown Scheduling System Tasks Summary Chapter 13: Backing Up and Restoring Files Selecting a Backup Strategy Selecting a Backup Medium Backing Up to a Hard Drive Backing Up Files with dump Automating Backups with cron Restoring Backed Up Files Using the pax Archiving Tool Summary Chapter 14: Computer Security Issues Hacker versus Cracker Understanding Attack Techniques Protecting Against Denial-of-Service Attacks Protecting Against Distributed DOS Attacks Protecting Against Intrusion Attacks Protecting Your Network with Firewalls Detecting Intrusions from Log Files Monitoring Log Files with LogSentry Using Password Protection Using Encryption Techniques Guarding Your Computer with PortSentry Summary Part IV: Red Hat Linux Network and Server Setup Chapter 15: Setting Up a Local Area Network Understanding Local Area Networks Setting Up a Wireless LAN Understanding IP Addresses Troubleshooting Your LAN Summary Chapter 16: Connecting to the Internet Understanding How the Internet Is Structured Using Dial-up Connections to the Internet Connecting your LAN to the Internet Setting up Red Hat Linux as a Router Configuring a Virtual Private Network Connection Setting up Red Hat Linux as a Proxy Server Setting up Proxy Clients Summary Chapter 17: Setting Up a Print Server Choosing CUPS or LPRng Print Services Setting Up Printers Working with CUPS Printing Managing Printing Using Printing Commands Configuring Print Servers Summary Chapter 18: Setting Up a File Server Goals of Setting Up a File Server Setting Up an NFS File Server in Red Hat Linux Setting Up a Samba File Server in Red Hat Linux Setting Up a NetWare File Server in Red Hat Linux Summary Chapter 19: Setting Up a Mail Server Introduction to SMTP and sendmail Installing and Running sendmail Configuring sendmail Introducing Postfix Stopping Spam with SpamAssassin Getting Mail from the Server (POP) Administering a Mailing List Summary Chapter 20: Setting Up an FTP Server Understanding FTP Servers Using the Very Secure FTP Server (vsFTPd) Using the Washington University FTP Server (WU-FTPD) Getting More Information about FTP Servers Summary Chapter 21: Setting Up a Web Server Introduction to Web Servers Quick Starting the Apache Web Server Configuring the Apache Server Starting and Stopping the Server Monitoring Server Activities Summary Chapter 22: Setting Up a News Server Understanding News Transports Planning Your News Server Configuring an INN News Server Setting Up News Feeds Choosing How Articles Are Stored Setting Up Expiration Times Allowing Users to Access Your Server Starting the News Service Checking News Log Files Summary Chapter 23: Setting Up Boot Servers: DHCP and NIS Using Dynamic Host Configuration Protocol Setting Up a DHCP Server Setting Up a DHCP Client Understanding Network Information Service Setting Up Red Hat Linux as an NIS Client Setting Up Red Hat Linux as an NIS Master Server Setting Up Red Hat Linux as an NIS Slave Server Summary Chapter 24: Setting Up a MySQL Database Server Finding MySQL Packages Configuring the MySQL Server Starting the MySQL Server Checking That MySQL Server Is Working Working with MySQL Databases Understanding MySQL Tables Displaying MySQL Databases Making Changes to Tables and Records Adding and Removing User Access Checking and Fixing Databases Summary Chapter 25: Making Servers Public with DNS Determining Goals for Your Server Connecting a Public Server Configuring Your Public Server Setting Up a Domain Name System Server Getting More Information about BIND Summary Chapter 26: Using Linux Servers from a Mac Looking inside Mac OS X Using Network Services from Mac OS X Configuring an AppleTalk Server in Linux Accessing NFS servers from the Mac Summary Appendix A: What's on the CD-ROMs Using Linux Kernel Source Code Appendix B: Red Hat Linux RPMs Comparing Fedora and Enterprise Packages Removed Packages Red Hat Linux Packages on the CDs Appendix C: Running Network Services Checklist for Running Networking Services Networking Service Daemons Choosing Alternatives Referencing Network Services List of Figures List of Tables List of Sidebars