A DHCP (Dynamic Host Configuration Protocol) server and relay
agent.
DHCP (Dynamic Host Configuration Protocol) is a protocol which
allows
individual devices on an IP network to get their own network
configuration information (IP address, subnetmask, broadcast
address,
etc.) from a DHCP server. The overall purpose of DHCP is to make
it
easier to administer a large network. The dhcp package includes
the
DHCP server and a DHCP relay agent.
You should install dhcp if you want to set up a DHCP server on
your
network. You must also install the dhclient package, which
provides the
DHCP client, on machines that will obtain their IP address via
DHCP.
rpm
dhcp-3.0pl1-23
You can configure a DHCP server using the configuration file
/etc/dhcpd.conf.
DHCP also uses the file /var/lib/dhcp/dhcpd.leases to store the client
lease
database.
see "man dhcpd.conf" for details
service dhcpd {start|restart|stop}
must run "service dhcpd restart" after making any changes to the config
file for them to take effect
Before you start the DHCP server for the first time, it will fail unless
there is an existing dhcpd.leases file. Use the command touch
/var/lib/dhcp/dhcpd.leases to create the file if it does not exist.
can be configured to listen on only a certain interface (e.g. only
listen
and respond on internal interface of a firewall or gateway machine)
in /etc/sysconfig/dhcpd, add the name of the interface to the list of
DHCPDARGS:
DHCPDARGS=eth0
debugging
start with "-d" option to log to stderr; if not specified, logs go to
/var log messages
The DHCP daemon could be killed or the system could crash after the
lease
database has been renamed to the backup file but before the new file
has been
written. If this happens, there is no dhcpd.leases file that is
required to
start the service. Do not create a new lease file if this occurs. If
you do,
all the old leases will be lost and cause many problems. The correct
solution
is to rename the dhcpd.leases~ backup file to dhcpd.leases and then
start the
daemon.
DHCP Relay Agent
The DHCP Relay Agent (dhcrelay) allows you to relay DHCP and BOOTP
requests
from a subnet with no DHCP server on it to one or more DHCP servers on
other
subnets.
When a DHCP client requests information, the DHCP Relay Agent forwards
the
request to the list of DHCP servers specified when the DHCP Relay Agent
is
started. When a DHCP server returns a reply, the reply is broadcast or
unicast
on the network that sent the original request.
The DHCP Relay Agent listens for DHCP requests on all interfaces unless
the
interfaces are specified in /etc/sysconfig/dhcrelay with the INTERFACES
directive.
To start the DHCP Relay Agent, use the command service dhcrelay start.
Development headers and libraries for interfacing to the DHCP
server
DHCP (Dynamic Host Configuration Protocol) is a protocol which
allows
individual devices on an IP network to get their own network
configuration information (IP address, subnetmask, broadcast
address,
and more) from a DHCP server. The overall purpose of DHCP is to
make it
easier to administer a large network.
To use DHCP on your network, install a DHCP service (or relay
agent),
and on clients run a DHCP client daemon. The dhclient
package
provides the ISC DHCP client daemon.
rpm
dhclient-3.0pl1-23
To configure DHCP client manually:
The /etc/sysconfig/network-scripts/ifcfg-eth0 file should contain the
following lines:
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
You need a configuration file for each device that you want to
configure to use DHCP.
To configure via Red Hat's tools, use
redhat-config-network
(GUI)
redhat-config-network-tui
(text-based)
Select "Automatically obtain IP address settings with DHCP"
Also make sure "Automatically obtain DNS information from provider"
is checked. (I just installed RHL 9, and this option wasn't
configured after the install. Makes it impossible to automatically
use the DHCP-provided DNS servers. This adds "PEERDNS=yes" to
/etc/sysconfig/network-scripts/ifcfg-eth0.) If this is selected,
each time
the interface (e.g. eth0) comes up, /etc/resolv.conf is overwritten by
/sbin/dhclient-script with DHCP-provided DNS info.
debugging
look for "dhclinet" logs in /var/log/messages
run redhat-config-network and let it re-write (and sanitize) the
network-scripts files
Installed DHCP Documentation:
dhcpd man page -- describes how the DHCP daemon works
dhcpd.conf man page -- explains how to configure the DHCP
configuration file; includes some examples
dhcpd.leases man page -- explains how to configure the DHCP
leases file; includes some examples
dhcp-options man page -- explains the syntax for declaring DHCP
options in dhcpd.conf; includes some examples
dhcrelay man page -- explains the DHCP Relay Agent and its
configuration options.
Mail delivery from a client application to the server, and from an
originating
server to the destination server is handled by the Simple Mail Transfer
Protocol (SMTP).
Note that SMTP does not require authentication.
Red Hat Linux uses Sendmail (/usr/sbin/sendmail) as its default SMTP
program.
However, a simpler mail server application called Postfix
(/usr/sbin/postfix)
is also available.
choose between sendmail and postfix via
redhat-switch-mail command
the actual mechanics of how this (and alternate
printing subsystems) works
is via symlinks in /etc/alternatives/
The Sendmail program is a very widely used Mail
Transport Agent (MTA).
MTAs send mail from one machine to another. Sendmail
is not a client
program, which you use to read your email. Sendmail
is a
behind-the-scenes program which actually moves your
email over
networks or the Internet to where you want it to go.
If you ever need to reconfigure Sendmail, you will
also need to have
the sendmail.cf package installed. If you need
documentation on
Sendmail, you can install the sendmail-doc package.
configs are found in /etc/mail
main config file in sendmail.cf
unless you REALLY know what you are doing, it's best
not to edit this file
by hand
the recommended way of doing configuration is to
edit the
more-easily-readable sendmail.mc file
then use
m4 /etc/mail/sendmail.mc
> /etc/mail/sendmail.cf
to create a new sendmail.cf file
for the other files in /etc/mail, you can update
them by editing the
file and running
makemap hash
/etc/mail/<name> < /etc/mail/<name>
to update the database files
the easiest way to update the .cf and .db files
after editing one of the
source files is to simply type "make" in
/etc/mail. The Makefile will
take care of generating the files that
sendmail uses.
postfix
Postfix Mail Transport Agent
Postfix is a Mail Transport Agent (MTA), supporting
LDAP, SMTP AUTH (SASL),
TLS and running in a chroot environment.
rpm
postfix-1.1.11-11
[ RHL 9 documentation does not go into detail about
postfix ]
fetchmail
rpm
fetchmail-6.2.0-3
A remote mail retrieval and forwarding
utility.
Fetchmail is a remote mail retrieval and
forwarding utility intended
for use over on-demand TCP/IP links,
like SLIP or PPP connections.
Fetchmail supports every remote-mail
protocol currently in use on the
Internet (POP2, POP3, RPOP, APOP, KPOP,
all IMAPs, ESMTP ETRN, IPv6,
and IPSEC) for retrieval. Then Fetchmail
forwards the mail through
SMTP so you can read it through your
favorite mail client.
Install fetchmail if you need to
retrieve mail over SLIP or PPP
connections.
Fetchmail is an MTA which retrieves email from
remote servers and delivers
it to the local MTA.
configured through a .fetchmailrc file in the user's
home directory
Using preferences in the .fetchmailrc file,
Fetchmail checks for email on a
remote server and pulls it off. It then attempts to
deliver it to port 25
on the local machine, using the local MTA to place
the email in the correct
user's spool file. If Procmail is available, it can
then be used to filter
the email and place it in a mailbox so that it can
be read by an MUA.
Mail - MDA
procmail
rpm
procmail-3.22-9
The procmail mail processing program.
The procmail program is used by Red Hat
Linux for all local mail
delivery. In addition to just delivering
mail, procmail can be used
for automatic filtering, presorting, and
other mail handling jobs.
Procmail is also the basis for the
SmartList mailing list processor.
Procmail delivers and filters email as it is placed
in the mail spool file of the localhost.
Procmail can be invoked in several different ways:
- Whenever an MTA places an email into
the mail spool file, Procmail is
launched. Procmail then
filters and files the email so the MUA can find
it, and quits.
- Alternatively, the MUA can be
configured to execute Procmail any time a
message is received so that
messages are moved into their correct
mailboxes.
By default,the presence of a .procmailrc file in the
user's home directory
will invoke Procmail whenever an MTA receives a new
message.
The actions Procmail takes with an email are
dependent upon instructions from
particular recipes, or rules that are defined in
either the system config
files, /etc/procmailrc and rc files in
/etc/procmailrcs/, or a .procmailrc
file in the user's home directory. (By default
-- on RHL 9, at least -- there
is no default system rc files.)
Mail - Mail Access
Protocols
There are two primary protocols used by email client applications to
retrieve
email from mail servers: the Post Office Protocol (POP) and the Internet
Message Access Protocol (IMAP).
Unlike SMTP, both of these protocols require connecting clients to
authenticate
using a username and password. By default, passwords for both protocols
are
passed over the network unencrypted.
IMAP / POP
University of Washington IMAP toolkit
Version 2001 of IMAP toolkit
Server daemons for IMAP and POP network mail
protocols.
The imap package provides server daemons for both
the IMAP (Internet
Message Access Protocol) and POP (Post Office
Protocol) mail access
protocols. The POP protocol uses a "post office"
machine to collect
mail for users and allows users to download their
mail to their local
machine for reading. The IMAP protocol allows a user
to read mail on a
remote machine without downloading it to their local
machine.
Install the imap package if you need a server to
support the IMAP or
the POP mail access protocols.
rpm
imap-2001a-18
kicked off via xinetd
/etc/xinetd.d/ipop2
/etc/xinetd.d/ipop3
/etc/xinetd.d/pop3s (over SSL)
Note: section 11.5.1.2. Securing Email Client Communications of
RHL 9 Reference Guide is incorrect in saying that imaps and pop3s are
started
as services
rpm
imap-2001a-18
kicked off via xinetd
/etc/xinetd.d/imap
/etc/xinetd.d/imaps (over SSL)
To create a self-signed SSL cert (for testing) for
IMAP:
cd /usr/share/ssl/certs/
make imapd.pem
# Answer all of the questions to
complete the process.
To create a self-signed SSL cert (for testing) for
POP:
cd /usr/share/ssl/certs/
make ipop3d.pem
# Answer all of the questions to
complete the process.
Once finished, you can start the imaps or pop3s
services.
stunnel can also be used
To create a self-signed SSL cert (for testing) for
stunnel:
cd /usr/share/ssl/certs/
make stunnel.pem
# Answer all of the questions to
complete the process.
Once the certificate is generated, it is possible to
use the stunnel command to
start the imapd mail daemon using the following
command:
/usr/sbin/stunnel -d 993 -l
/usr/sbin/imapd imapd
Once this command is issued, it is possible to open
an IMAP email client and
connect to the email server using SSL encryption.
To start the pop3d using the stunnel command, type
the following command:
/usr/sbin/stunnel -d 993 -l
/usr/sbin/pop3d pop3d
For more information about how to use stunnel, read
the stunnel man page or
refer to the documents in the
/usr/share/doc/stunnel-<version-number>/
directory.
xinetd aside:
enable a service by changing xinetd config file to
have "disable = no"
looks like
xinetd figures out the port number from
a "port = X" line in the config
file, or if it's not specified, it
matches the name of the config file
with a service in /etc/services
Squid Proxy
The Squid proxy caching server.
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and
especially
hot objects cached in RAM, caches DNS lookups, supports
non-blocking
DNS lookups, and implements negative caching of failed requests.
Squid consists of a main server program squid, a Domain Name
System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.
other info
hooks in with PAM, LDAP, ... ?
need lots of memory to run squid
rpm
squid-2.5.STABLE1-2
config
/etc/squid/*
chkconfig squid on
service squid start
Synchronizes system time using the
Network Time Protocol (NTP).
The Network Time Protocol (NTP) is used
to synchronize a computer's
time with another reference time source.
The ntp package contains
utilities and daemons that will
synchronize your computer's time to
Coordinated Universal Time (UTC) via the
NTP protocol and NTP servers.
The ntp package includes ntpdate (a
program for retrieving the date
and time from remote machines via a
network) and ntpd (a daemon which
continuously adjusts system time).
Install the ntp package if you need
tools for keeping your system's
time synchronized via the NTP protocol.
synchronized and accurate time is a Good Thing(tm)
edit /etc/ntp.conf with the name or ip addresses of the
NTP servers you
want to use
note: if you are going to use a public ntp server, it's
best to either let
the owner know or ask permission
specify options to ntp in /etc/sysconfig/ntpd
ntp is started as a service (see /etc/rc.d/init.d/ntpd)
one of the things the init script does is initially sets
the local clock
from the ntp server. this helps if the
time is too far off since ntpd
will either refuse to update saying the time
is too far off, or it will
take a *very* long time to slowly bring your
clock in sync
check /var/log/messages to debug
can use ntpdc and ntpq (as root) to query the state of
ntpd as well