CHAPTER 1

INTRODUCTION TO PXE

1.1) WHAT IS PXE:

PXE or Pre Execution Environment is a syslinux derivative for, booting of a Linux

server using a network ROM conforming to the Intel PXE specification. PXELINUX
is not a program that is intended to be flashed or burned into a PROM on the network
card; if you want that, check out Ether boot. If you want to create PXE-compliant
boot PROM for your network card (to use with PXELINUX, for example), check out
NetBoot.

Installing Linux via PXE boot over a network can be a really nice way to do it and it
is especially useful, if client machine does not have a CD / DVD drive. However, it
can be a bit tricky to understand how it all works.

For the Server

Setting up a Linux PXE server requires server and two key software components that
provide basic PXE functionality:
(1) DHCP server
(2) TFTP server
The DHCP server and the TFTP server components can reside on separate servers.
For a PXE server to be useful, additional server software is required such as NFS,
FTP, HTTP, and Samba. Pxelinux allows further configuration based on a directory
and configuration files versus modifying the dhcpd.conf file directly when using the
DHCP and TFTP server components alone. The additional file sharing services can
reside on the same PXE server or can exist as a separate server on the network. The
described method in this paper places NFS and FTP on the same PXE server.
The PXE portion will be handled by the syslinux package. The syslinux 3.0 package
is included in Red Hat Enterprise Linux 5.4.

For the clients

The clients must have a PXE-enabled network interface controller (NIC).

1.2) PXE FUNCTIONALITY:

1
The Pxelinux functionality occurs in this order:
• The client machine boots to PXE which requests a DHCP address.
• The DHCP server responds with an IP address for the client machine along with the
address of a TFTP server and a filename to load (pxelinux.0) from that server.
• The client then downloads pxelinux.0 from the specified TFTP server and executes
it.
• pxelinux.0 then searches the pxelinux.cfg directory on the server for a configuration
file that matches the IP address of the machine. If no matches are found, it will
attempt to load a file called default.
• The configuration file loaded by pxelinux.0 will have instructions on what to do
next. Some of the choices include boot to local hard drive, boot to an image file
(floppy image), or load vmlinuz and initrd.img.

The client searches for a configuration file with the IP address converted to HEX (for
example, 172.48.1.253 becomes AC3001FD). In this example, the client looks for the
following configuration file names and uses the first one it finds.

1.3) KICKSTART FILES

An automated installation of Red Hat Enterprise Linux is performed through a process
called kickstart. A kickstart file is a collection of instructions and keywords that the
Red Hat Linux installer, called anaconda, uses to perform an unattended install.
Often a kickstart file is created by using the program called system-config-kickstart or
ksconfig which is used by older versions of Red Hat Linux. Anaconda also places a
kickstart file in the /root directory upon installation completion.
A kickstart file, commonly labeled ks.cfg, may be placed in several locations so that
anaconda can find it. These locations include being placed on an NFS server, FTP
server, HTTP server, floppy, CD-ROM, or hard drive. The method described in this
HOWTO places the ks.cfg file on an NFS server.

CHAPTER 2
2
 SETUP PXE SERVER

2.1) CONFIGURE PXELINUX

PXELINUX operates in many ways like SYSLINUX. If you are not familiar with
SYSLINUX, read the SYSLINUX FAQ first, since this documentation only explains
the differences.

On the TFTP server, create the directory "/tftpboot", and copy pxelinux.0 (from the
SYSLINUX distribution) and any kernel or initrd images that you want to boot.

Finally, create the directory "/tftpboot/pxelinux.cfg". The configuration file

(equivalent of syslinux.cfg -- see the SYSLINUX FAQ for the options here) will live
in this directory. Because more than one system may be booted from the same server,
the configuration file name depends on the IP address of the booting machine.
PXELINUX will search for its config file on the boot server in the following way:

• First, it will search for the config file using the hardware type (using its ARP
type code) and address, all in lower case hexadecimal with dash separators; for
example, for an Ethernet (ARP type 1) with address 88:99:AA:BB:CC:DD it
would search for the filename 01-88-99-aa-bb-cc-dd.

• Next, it will search for the config file using its own IP address in upper case
hexadecimal, e.g. 192.0.2.91 -> C000025B (you can use the included progam
gethostip to compute the hexadecimal IP address for any host). If that file is
not found, it will remove one hex digit and try again. Ultimately, it will try
looking for a file named default (in lower case). As an example, if the boot file
name is /tftpboot/pxelinux.0, the Ethernet MAC address is
`88:99:AA:BB:CC:DD` and the IP address 192.0.2.91, it will try following
files (in that order):

/tftpboot/pxelinux.cfg/01-88-99-aa-bb-cc-dd
/tftpboot/pxelinux.cfg/C000025B
/tftpboot/pxelinux.cfg/C000025
/tftpboot/pxelinux.cfg/C00002
/tftpboot/pxelinux.cfg/C0000
/tftpboot/pxelinux.cfg/C000
/tftpboot/pxelinux.cfg/C00
/tftpboot/pxelinux.cfg/C0
/tftpboot/pxelinux.cfg/C
/tftpboot/pxelinux.cfg/default

Here all filename references are relative to the directory pxelinux.0 lives in.
PXELINUX generally requires that filenames (including any relative path) are 127
characters or shorter in length.

3
PXELINUX does not support MTFTP. It is possible to use MTFTP for the initial
boot, if you have such a setup.

2.2) STEPS TO CREATE PXE SERVER

 Install Red Hat Enterprise Linux 5.4 on a suitable server.

 . Install the following packages available in Red Hat Linux DVD:
 DHCP Package
 XINETD Package
 NFS Package
 VSFTPD Package

Set up the date and time on the PXE server.

4. Set up the PXE server hostname.

• Use this method for a static IP address when modifying /etc/hosts:

127.0.0.1 localhost.localdomain localhost
192.168.0.254 JEET2050 pxe1
• Use this method for a dynamic IP address when modifying /etc/hosts:
127.0.0.1 JEET2050 localhost.localdomain localhost pxe1

• After updating /etc/hosts, run the hostname command to change the hostname:

hostname JEET2050

• Edit the /etc/sysconfig/network as follows:

Static:
NETWORKING=yes
HOSTNAME="JEET2050"
Dynamic:
NETWORKING=yes
HOSTNAME="JEET2050"
DHCP_HOSTNAME="JEET2050"

5. Set up the DHCP service.

• A sample /etc/dhcpd.conf configuration file is located at /usr/share/doc/dhcp-

3.0pl1/dhcpd.conf.sample. Copy this sample to /etc/dhcpd.conf.

4
 • If more than one network card resides in the DHCP server, HP recommends
specifying which interfaces the DHCP server will use. Edit
/etc/sysconfig/dhcpd by adding the appropriate interface to the DHCPDARGS=
line. The entry in /etc/sysconfig/dhcpd should appear as follows:
DHCPDARGS=eth0
• Run the following command to ensure that the DHCP service will be started at
each boot:
chkconfig --level 345 dhcpd on

6. Configure xinetd and TFTP services. At this point, the TFTP server should be
installed.
• Enable the TFTP server by using the chkconfig command line utility as follows:
chkconfig tftp on
• Ensure that xinetd is enabled, as TFTP is started and stopped by xinetd, using the
following command:
chkconfig --level 345 xinetd on
• Notify xinetd that the TFTP service has been enabled. Use the following
command:

service xinetd restart

7. Add the next-server and filename options into the /etc/dhcpd.conf files. To
accomplish this task, add the following to the global section:
if substring (option vendor-class-identifier, 0, 9) = "PXEClient"
{
filename "pxelinux.0";
next-server 192.168.0.254;
}
8. Optional step: Assign fixed addresses to each of the clients. The benefit is having
the ability to access the clients with the same IP address. The alternative s to use
name resolution such as DNS:

host 00080246e75d {
hardware ethernet 00:08:02:46:e7:5d;
fixed-address 172.48.1.253;
}In this example, the server was named according to its MAC address. Its MAC
address is listed along with the fixed IP address we want associated with it.
9. After modifying /etc/dhcpd.conf, notify the dhcpd server of the changes by using
the following method or a similar one:
service dhcpd restart
10. Download and install Syslinux 2.00 or later as follows:
5
 • Download and unpack the latest syslinux package from
www.kernel.org/pub/linux/utils/boot/syslinux/RPMS.
• Install the syslinux package using this command:
rpm -hUv syslinux-2.02-1.i386.rpm
• Install pxelinux.0 and memdisk into the /tftpboot directory:
mkdir -p /tftpboot/pxelinux.cfg
cp -a /usr/lib/syslinux/pxelinux.0 /tftpboot/
cp -a /usr/lib/syslinux/memdisk /tftpboot/
11. Enable NFS on the server as follows:
• Edit /etc/exports by adding the following line:
/var/ftp/pub *(ro,insecure,sync,all_squash)
• Enable the NFS server on boot by using the following commands:
chkconfig --level 345 portmap on
chkconfig --level 345 nfslock on
chkconfig --level 345 nfs on
• Start or restart the NFS service by using the following commands:
service portmap restart
service nfslock restart

service nfs restart

2.3) INTEGRATING THE CLIENTS

The following explain how to get a Red Hat Enterprise Linux 5.4 client setup and
integrated into the PXE server. When using other Linux distributions, slight changes
to the commands and scripts are required.
1. Populate the NFS server with Linux installation files using either of the
following methods:
6
 Method 1: storing the Linux installation media as ISO images
 To use RHupdate with this method, place the updates.img file next to the ISO
images.
 To perform an ISO image dump, use the following commands:
mkdir -p /var/ftp/pub/fedora12
cd /var/ftp/pub/ fedora12
insert DVD
dd if=/dev/cdrom of=fedora12.iso
Method 2: unpacking the Linux installation media to a directory
To use RHupdate with this method, place the updates.img file image in the
RedHat/base/ directory. Alternatively, you may place the contents of the updates.img
file image into the RedHat/RHupdates/ directory of the unpacked source media.
Unpacking the source media will also allow for updated RPMs.
To unpack the base media to a directory, choose one of the following options:
Option 1: dumping from ISO images
mkdir -p /var/ftp/pub/fedora12/i386
cd /var/ftp/pub/fedora12
for X in enigma-i386-disc1.iso enigma-i386-disc2.iso; do
mkdir $X.dir;
mount $X $X.dir -o loop;
(cd $X.dir && tar -cf - .)|(cd i386 && tar -xvf -);
umount $X.dir;
rmdir $X.dir;

done

Option 2:
1. dumping directly from CD-ROM
mkdir -p /var/ftp/pub/fedora12/i386
Use the following command for each binary CD:
(cd /mnt/cdrom && tar -cf - .)|(cd /var/ftp/pub/rhl72/i386 && tar -xvf -); eject

2. Place the kickstart file on the NFS server along with fedora12 ISO image to ensure
that the kickstart installation can operate correctly.
7
mkdir /var/ftp/pub/kickstart
cp ks.cfg /var/ftp/pub/kickstart/ks.cfg

3. Populate the PXE server with items to boot from.

In this client we use fedora12 installation. Most files will be placed into the /tftpboot
directory and syslinux.cfg will be placed in /tftpboot/pxelinux.cfg. With the fedora12
CD-ROM and bootnet.img floppy inserted, perform the following commands:
cp -a /mnt/cdrom/images/bootnet.img /tftpboot/fedora12.img
cd /mnt/floppy
cp -a syslinux.cfg /tftpboot/pxelinux.cfg/fedora12-syslinux.cfg

All other files are stored in the /tftpboot directory:

cp -a initrd.img /tftpboot/fedora12-initrd.img
cp -a vmlinuz /tftpboot/fedora12-vmlinuz
for X in *.msg; do cp -a $X /tftpboot/rhl80-$X; done

The initrd.img and vmlinuz can also be copied from the /images/pxeboot directory of
fedora12 DVD. The vmlinuz from /images/pxeboot is an exact copy of the one on the
bootnet floppy. The initrd.img file contains more drivers than the bootnet.img file.
Ensure that the permissions on /tftpboot allow anonymous access by using this
command:
chmod -R o=rx /tftpboot

4. Edit the /tftpboot/pxelinux.cfg/fedora12-syslinux.cfg configuration file so that the

filenames match those in the /tftpboot directory. The following commands used in vi
are helpful to make these global changes in the fedora12-syslinux.cfg file:

:%s/ \(.*msg\)/ rhl80-\1/g

:%s/kernel \(.*vmlinuz\)/kernel rhl80-\1/

:%s/\(initrd=\)\(.*initrd.img\)/\1rhl80-\2/

Once the previous steps are complete, the following directory structure will exist:
• /tftpboot/
• /tftpboot/pxelinux.0
• /tftpboot/fedora12-vmlinuz
• /tftpboot/fedora12-initrd.img
• /tftpboot/pxelinux.cfg/
• /tftpboot/pxelinux.cfg/fedora12-syslinux.cfg

5. A configuration file must be created to control what happens when the PXE client
boots to PXE.
8
As an example, we will create the fedora12-kickstart-install-syslinux.cfg file by
copying it from rhl80-syslinux.cfg using the following command:
cp -a fedora12-syslinux.cfg fedora12-kickstart-install-syslinux.cfg

6. Create a soft link from the syslinux.cfg file to the IP address of the client server,
which is converted to HEX. In this example, the client server, 172.48.1.253,
converted to HEX is AC3001FD. Use these commands to create the soft link:
cd /tftpboot/pxelinux.cfg
ln -s fedora12-kickstart-install-syslinux.cfg AC3001FD

Another acceptable soft link to create is one named "default." The use of the default
entry affects any clients that may PXE boot and do not have a specific HEX IP
address entry in /tftpboot/pxelinux.cfg. In the following example, we demonstrate
linking the sample "localboot-syslinux.cfg" to a soft link called "default":
cd /tftpboot/pxelinux.cfg
ln -s localboot-syslinux.cfg default

7. Boot the client to PXE to begin kickstart installation.

PXE is often the fourth choice in the boot order list. If no bootable media is found in
the floppy, CD-ROM drive, or hard drive, it will default to PXE. If the hard drive has
been partitioned, it may no longer default to PXE even though the hard drive is not
bootable. In some large cluster farms, boot to PXE is moved to the top of the boot
order. Then the PXE server, through the use of soft links in the /tftpboot/pxelinux.cfg
directory, controls whether the client loads a new operating system or if the client
boots to its hard drive.

Alternative methods include:

• Press F12 during POST to boot to PXE.
• If the HP Server Management Drivers and Agents (hpasm) are loaded on the server
being reprovisioned, set the server to a one-time PXE boot by typing:
/sbin/bootcfg -P

This setting allows for changes in the boot process without updating the BIOS or the
need to press F12.

9
 CHAPTER 3

BOOT PROCESS

 BIOS initialization – looks for hardware, boot sequence etc.

 BIOS then loads Master Boot Record (MBR), 512 byte of size and contain
machine instructions for booting the machine (called boot loader, in this case
GRUB) and partition table.
 GRUB stage 1: Small machine code binary on the MBR. Its sole job is to
locate the second stage boot loader and load the first part of it into memory.

10
  GRUB stage 2: It presents the user with a graphical screen showing the
different operating systems or kernels. On this screen a user can use the arrow
keys to choose OS or kernel they wish to boot. If no key is pressed, the boot
loader loads the default selection after a period of time. It then locates the
corresponding kernel binary in the /boot/ directory.
 The control then passes to /boot/grub/grub.conf. Controls the kernel version to
be used.
 The boot loader then places one or more appropriate initramfs images into
memory. Kernel decompresses these images from memory to /sysroot/, a
RAM-based virtual file system, via cpio. The initramfs is used by the kernel to
load drivers and modules necessary to boot the system.
 Kernel is loaded, initializes and configures the hardware attached to the
system, ex. CPU, I/O, Storage devices. Loads decompress initramfs directly
from /sysroot/, and loads all necessary drivers. Next, it initializes virtual
devices related to the file system, such as LVM or software RAID.
 Kernel is loaded into memory and operational. To set up the user environment,
the kernel executes the /sbin/init program.
 /sbin/init program (also called init) coordinates the rest of the boot process and
configures the environment for the user. First, it runs the /etc/rc.d/rc.sysinit
script, which sets the environment path, starts swap, checks the file systems,
and executes all other steps required for system initialization.
 init then runs the /etc/inittab script, which describes the runleves. Runlevels
are a state defined by the services listed in the SysV /etc/rc.d/rc <x> .d/
directory, where <x> is the number of the runlevel.
 Last things the init program executes is the /etc/rc.d/rc.local file.
Loads the X server [ If Run Level 5 is selected ]
prefdm script loads [ /etc/X11/prefdm ]
prefdm reads the file /etc/sysconfig/desktop file to load display mangers such
as kdm,gdm,xdm.
 Then system reads file [ /etc/X11/xorg.conf ] this specifies the hardware
components resources
 Monitor
 Keyboard
 Mouse
 Display Adaptor

CHAPTER 4
DHCP SERVER

4.1) WHAT IS DHCP

DHCP stands for Dynamic Host Control Protocol. It allows a client computer to get
network configuration information from a DHCP Server. Using DHCP, we can have
an IP address and the other information automatically assigned to the hosts connected
to our network. This method is quite efficient and convenient for large networks with
many hosts, because the process of manually configuring each host is quite time
consuming. By using DHCP, we can ensure that every host on our network has a valid
11
IP address, subnet mask, broadcast address, and gateway, with minimum effort on our
part.

Figure 4.1 DHCP NETWORK

4.2) SETTING UP THE SERVER

The program which runs on the server is dhcpd and is included as an RPM on Red
Hat installation DVD. In Red Hat Linux the DHCP server is controlled by the text file
/etc/ dhcpd.conf.

The server configuration of the DHCP Server is:

ddns-update-style interim;
ignore client-updates;

subnet 132.32.32.254 netmask 255.255.255.0

{
option routers 132.32.32.254;
12
option domain-name-server 132.32.32.254;
option subnet-mask 255.255.255.0;
option domain-name “networkutils.net”;

range dynamic bootp 132.32.32.10 132.32.32.200

default-lease-time 14500;
max-lease-time 86400;
# Set name server to appear at a fixed address
host JEET2050-PC
{
next-server nu1.networkutils.net;
hardware Ethernet 00:17:A4:DA:5D:8A;
fixed-address 132.32.32.16;
}
}

There are few ways by which we can check our DHCP Server is working:
/var/lib/dhcp/dhcpd.leases
By default, a DHCP Server, which listens for request on the eth0 network card.
Alternatively, to have a DHCP Server listen on the eth1 network interface, run the
following command
service dhcpd restart eth1
We can watch the DHCP Server in action. Stop the DHCP Server using the command
“service dhcpd stop” and then restart in the foreground by the following command
/usr/sbin/dhcpd –d –f

4.3) DHCP RELAY AGENT

 The DHCP Relay Agent (dhcrelay) allows for the relay of DHCP and BOOTP
requests from a subnet with no DHCP server on it to one or more DHCP
Servers on the subnets.
 When DHCP client requests information, the DHCP relay agent forwards the
requests to the list of DHCP Servers specified when the DHCP Relay agent is
started. When a DHCP Server returns a reply, the reply is broadcast or unicast
on the network that sent the original request.
 The DHCP Relay Agent listens for DHCP requests on all interfaces unless the
interfaces are specified in /etc/sysconfig/dhcrelay with the interfaces
directives.
 To start the DHCP Relay Agent, use the command service dhcrelay start.

4.4) DHCP CLIENT CONFIGURATION

To obtain IP-Address from DHCP Server: netconfig /neat

For IP-Address from DHCP Server: dhclient
To release IP-Address from DHCP Server: dhclient -r

13
 4.2 DHCP Configuration

CHAPTER 5
NFS SERVER

5.1) WHAT IS NFS SERVER

NFS, the Network File System, is the most common method for providing file sharing
services on Linux and UNIX networks. It is a distributed file system that enables local
access to remote disks and file systems. NFS is a popular file sharing protocol,
developed by SUN MICROSYSTEMS in mid 1980’s, so NFS clients are available for
many non-Unix operating systems, including the various Windows versions, MacOS,
VAX/VMS, and MVS. NFS uses a standard client/server architecture. The server
portion consists of the physical disks containing shared file systems and several
daemons that make the shared file systems (or entire disks, for that matter) visible to
and available for use by client systems on the network. This process is normally

14
referred to as exporting a file system. Server daemons also provide for file locking
and, optionally, quota management on NFS exports. NFS clients simply mount the
exported file systems, colloquially but accurately called NFS mounts, on their local
system just as they would mount file systems on local disks.

FIGURE 5.1 Exporting Home Directories

5.2) ADVANTAGES OF NFS SERVER

 NFS allows local access to remote files.

 Uses standard Client/Server Architecture.
 Using NFS Server, “exports” his data to clients.
 Provides centralize storage solution.
 Users get their data irrespective of their physical location.

5.3) DISADVANTAGES OF NFS SERVER

 Network congestion.
 Heavy Disk activity on the NFS Server.
 Its design assumes a trusted environment, not a hostile environment.
 NFS is based on RPC (Remote Procedure Call) which is easy to exploit.
 For security reasons, NFS cannot be used over internet.

5.4) SETTING UP THE NFS SERVER

5.4.1) SERVER SIDE CONFIGURATION

The program which runs the NFS Server is nfs which included as RPM in the Red Hat
installation DVD. The NFS Server in the Red Hat Linux is controlled by exports file
in the /etc folder. To create NFS Server follow the instructions:

15
  Create a directory in /. For example mkdir /nfsshared.
 Install the nfs package.
 Edit the exports file using vim or vim editor. eg: vim /etc/exports as
“/nfsshared (rw, sync) Network IP/Subnet-mask”
 Use the command “service nfs restart” to restart the service.
 To permanently start the service use command “chkconfig nfs on”.

5.4.2) CLIENT SIDE CONFIGURATION

 Mounting can be done by using the following methods:

 Mount command permanent(edit the /etc/fstab file)
 Network-IP:/nfsshared /mnt nfs defaults 0 0
(/mnt is a system directory present in the linux by default for use by the user to
temporary or permanently mount directories.)
 Mount command( temporary)
mount –t nfs Network-IP/data /mnt.

5.5) NFS SERVICES

portmap: Map calls from other machines.

nfs: Translates NFS requests in requests on the local system.
rpc.mountd: Mounts and umounts file systems.

5.6) NFS COMMANDS

 showmount -e: Shows the available shares.

 exportfs –v: Displays a list of shares files and option on a server.
 exportfs –a: Exports all shares listed in /etc/exports or given name.
 exportfs –u: Unexports all shares listed in /etc/exports or given name.
 exportfs –r: Refresh the server’s list after modifying /etc/exports

CHAPTER 6
TFTP SERVER

6.1) INTRODUCTION

The Trivial File Transfer Protocol (TFTP) is normally used only for booting diskless
workstations. The tftp-server package provides the server for TFTP, which allows
users to transfer files to and from a remote machine. TFTP provides very little
security, and should not be enabled unless it is expressly needed. The TFTP server is
run from/etc/ xinetd.d/tftp, and is disabled by default on Red Hat Linux systems.

6.2) CONFIGURATION

TFTP provides a default /tftpboot directory. To change the file system you can
append and make changes in /etc/xinetd.d/tftp, in the server_args field. Don’t forget to
16
reload xinetd after you change it. To reload xinetd services use the command:
service xinetd restart
chkconfig xinetd on

1. Install the tftp server software and enable it:

/usr/bin/up2date tftp-server
/sbin/chkconfig tftp on

3. Because it runs via xinetd reload that to pick up the configuration file change:

/sbin/service xinetd reload

4. Edit /etc/sysconfig/iptables-config and edit the IPTABLES_MODULES line to

read:

IPTABLES_MODULES="ip_conntrack_tftp"

If you already have something in that line just add the new module with a space as a
delimiter, like:

IPTABLES_MODULES="ip_conntrack_ftp ip_conntrack_tftp"

5. Add firewall rules to /etc/sysconfig/iptables. You probably only need UDP, though
I always add the TCP rules, too (they’re both listed in /etc/services for port 69):

-A RH-Firewall-1-INPUT -s 10.1.0.0/16 -m tcp -p tcp --dport 69 -j ACCEPT

-A RH-Firewall-1-INPUT -s 10.1.0.0/16 -m udp -p udp --dport 69 -j ACCEPT

6. Restart iptables to pick up the changes from steps 4 and 5:

/sbin/service iptables restart

7. Add the proper lines to /etc/hosts.allow:

in.tftpd: 10.1.

8. Put something in /tftpboot to retrieve with a client, for testing.

9. Use a client from an allowed IP range to test:

$ tftp my.tftp.server.com
tftp> get filename.bin

9. If you get an error check /var/log/secure and /var/log/messages on the server, and
start eliminating potential problems one at a time (disable iptables, put ALL in
17
hosts.allow, etc.) until you find the problem.

The configuration of of tftp server in xinetd services are available in

/etc/xinetd.d/ tftp

6.1 TFTP Configuration

CHAPTER 7
FTP SERVER

7.1) WHAT IS FTP SERVER

FTP is the user interface to the ARPANET standard File Transfer Protocol. The
program allows a user to transfer files to and from a remote network site.FTP is one
of the original network applications developed with the TCP/IP protocol suite. It
follows the standard model for network services, as FTP requires a client and a server,
the first implementations of FTP date back to 1971. FTP set out to solve the need to
publish documents and software so that people could get them easily from other
computer systems. On the FTP server, files were organized in a directory structure;
users could connect to the server over the network, and download files from (and
possibly upload files to) the server.

7.2) WHAT IS VSFTPD

18
The Very Secure FTP Server (vsFTPd) is the only FTP server software included in
the Red Hat Linux distribution , vsFTPd is becoming the FTP server of choice for
sites that need to support thousands of concurrent downloads. It was also designed to
secure your systems against most common attacks.

7.3) SETTING UP THE SERVER

The main configuration file of an FTP Server is

/etc/vsftpd/vsftpd.conf : Main Configuration File

/etc/vsftpd/ftpusers : Contains Users list to deny permanently
/etc/vsftpd/user_list : Contains Users list to allow or deny

 To setup an FTP Server follow the instructions:

 Install the vsftpd package from the Red Hat installation DVD by using
command rpm -ivh vsftpd*
 Start the FTP Server by the command service vsftpd start.
 If the ftp server doesnot work then check the IP table rules by the command
iptables -nvL
 If the rules are defined then flush the IP table enteries by using the command
iptables -F
 Save the iptable rules by service iptables save
 Restart the iptable rules by using service iptables restart
 Make the changes permanent by using chkconfig iptables on
 Reset the SELINUX settings by setenforce 0
 Edit the vsftpd.conf file by using vim /etc/vsftpd/vsftpd.conf
 Uncomment the following lines in the files
 anon_upload_enable=yes
 anon_mkdir_write_enable=yes
 Restart the ftp service by service vsftpd restart
 Make the changes permanent by chkconfig vsftpd on

To login using FTP ftp 127.0.0.1

19
 Figure 7.1 FTP Server

7.4) COMMANDS USED IN FTP SERVER

account [passwd]
Supply a supplemental password required by a remote system for access to resources
once a login has been successfully completed.
chmod mode file-name
Change the permission modes of the file file-name on the remote system to mode.
delete remote-file
Delete the file remote-file on the remote machine.
get remote-file [local-file]
Retrieve the file remote-file and store it on the local machine. If the local file name is
not specified, it is given the same name it has on the remote machine, subject to
alteration by the current case, ntrans, and nmap settings. The current settings
for type, form, mode, and structure are used while transferring the file.
mdelete [remote-files]
Delete remote-files on the remote machine.

mdir remote-files local-file

Like dir, except multiple remote files may be specified. If interactive prompting is on,
ftp will prompt the user to verify that the last argument is indeed the target local file
for receiving mdir output.
mget remote-files

20
Expand the remote-files on the remote machine and do a get for each file name thus
produced. Files are transferred into the local working directory, which can be
changed with ‘lcd directory’; new local directories can be created with ‘! mkdir
directory’.
bye
Terminate the FTP session with the remote server and exit ftp. An end of file will also
terminate the session and exit.
pwd
Print the name of the current working directory on the remote machine.

CHAPTER 8
DNS SERVER

8.1) WHAT IS DNS SERVER

21
DNS associates hostnames with their respective IP addresses, so that when users want
to connect to other machines on the network, they can refer to them by name, without
having to remember IP addresses.
Use of DNS and FQDNs also has advantages for system administrators, allowing the
flexibility to change the IP address for a host without affecting name-based queries to
the machine. Conversely, administrators can shuffle which machines handle a
name-based query.
DNS is normally implemented using centralized servers that are authoritative for
some domains and refer to other DNS servers for other domains.
When a client host requests information from a nameserver, it usually connects to port
53. The nameserver then attempts to resolve the FQDN based on its resolver library,
which may contain authoritative information about the host requested or cached data
from an earlier query. If the nameserver does not already have the answer in its
resolver library, it queries other nameservers, called root nameservers, to determine
which nameservers are authoritative for the FQDN in question. Then, with that
information, it queries the authoritative nameservers to determine the IP address of
the requested host. If a reverse lookup is performed, the same procedure
is used, except that the query is made with an unknown IP address rather than a name.

8.2) NAMESERVER ZONES

On the Internet, the FQDN of a host can be broken down into different sections.
These sections are organized into a hierarchy (much like a tree), with a main trunk,
primary branches, secondary branches, and so forth. Consider the following FQDN:
bob.example.com When looking at how an FQDN is resolved to find the IP address
that relates to a particular system, read the name from right to left, with each level of
the hierarchy divided by periods (.). In this example, com defines the top level domain
for this FQDN. The example is a sub-domain. The name furthest to the left, bob,
identifies a specific machine hostname.
Except for the hostname, each section is called a zone, which defines a specific
namespace. A namespace controls the naming of the sub-domains to its left. FQDN
must contain at least one sub-domain but may include many more, depending upon
how the namespace is organized.
Zones are defined on authoritative nameservers through the use of zone files (which
describe the namespace of that zone), the mail servers to be used for a particular
domain or sub-domain, and more. Zone files are stored on primary nameservers (also
called master nameservers), which are truly authoritative and where changes are made
to the files, and secondary nameservers (also called slave nameservers), which receive
their zone files from the primary nameservers. Any nameserver can be a primary and
secondary nameserver for different zones at the same time, and they may also be
considered authoritative for multiple zones. It all depends on how the nameserver is
configured.

8.3) NAME SERVER TYPES

There are four primary nameserver configuration types:

22
master
Stores original and authoritative zone records for a namespace, and answers
queries about the namespace from other nameservers.

slave
Answers queries from other nameservers concerning namespaces for which it is
considered an authority. However, slave nameservers get their namespace
information from master nameservers.

caching-only
Offers name-to-IP resolution services, but is not authoritative for any zones.
Answers for all resolutions are cached in memory for a fixed period of time,
which is specified by the retrieved zone record.

forwarding
Forwards requests to a specific list of nameservers for name resolution. If none of the
specified nameservers can perform the resolution, the resolution fails. A nameserver
may be one or more of these types. For example, a nameserver can be a master for
some zones, a slave for others, and only offer forwarding resolutions for others.

8.4) ZONE

8.4.1) What is Zone

A zone is a part of the DNS database administered by a single name server.

Zone files contain information about a namespace and are stored in the named
working directory (/var/named/) by default. Each zone file is named according to the
file option data in the zone statement, usually in a way that relates to the domain in
question and identifies the file as containing zone data, such as example.com.zone.

8.4.2) Types of Zones

Forward lookup [Maps Host name to IP-Address ]

Reverse lookup [Maps IP-Address to Host name ]

8.5) DNS SERVER CONFIGURATION

/etc/named.conf (or /var/named/chroot/etc)

[ Main Configuration File ]

/var/named (or /var/named/chroot/var/named)

23
[ Main Configuration Folder contains Zone Files ]

8.5.1) acl Statement

The acl statement (or access control statement) defines groups of hosts which can then
be permitted or denied access to the nameserver.
An acl statement takes the following form:
acl <acl-name>
{
<match-element>;
[<match-element>; ...]
};

8.6) SETTING UP DNS SERVER

To create a DNS Server install the bind rpm package available in the Red Hat
installation disc.
Edit the named.conf file using vim /etc/named.conf
options
{
directory “/var/named”;
};
zone “prasanjeet.com”
{
type master;
file “for”;
};
zone “0.168.192.in-addr.arpa”
{
type master;
file “rev”;
};

Now, edit for file using vim /var/for

$TTL 86400
IN SOA @ root
(
42 ; Serial
3H ; Refresh
15H ; Retry
24
 100 ; Expiry
1D ; Minimum
)
INNS @
INA 127.0.0.1
INAAAA :: 1

IN NS www.prasanjeet.com
IN cname www.prasanjeet.com
www IN A 192.168.0.254

Edit the rev file using the vim /var/rev

$TTL 86400
IN SOA localhost.root.localhost
(
1997022 700 ; Serial
28800 ; Refresh
14400 ; Retry
36000000 ; Expiry
86400 ; Minimum
)
IN NS www.prasanjeet.com
254 IN PTR www.prasanjeet.com

Restart the named service using service named restart

Make the changes permanent using chkconfig named on

Edit the resolv.conf file and enter the ip address of the computer using vim
/etc/resolv.conf
Restart the network service using service network restart.
Make the changes permanent using chkconfig network on.

8.7) TESTING THE SERVER

nslookup 192.168.0.254
or
nslookup www.prasanjeet.com

CHAPTER 9
CONCLUSION

Linux is a free and open source operating system. The main advantage of using linux
is it’s free from viruses. This report creates awareness for the linux and encourages us
to use this operating system. Most people in India are afraid of using linux and feel
themselves much comfortable in using windows operating system, especially
Microsoft Windows XP. Although newer windows operating systems have been

25
launched by Microsoft but all of them lack the basic feature of security and threats.
We can modify linux operating system according to our own requirements. The
system files of the Microsoft family operating system are packed in dll(dynamic
linked libraries) while in linux we can modify the whole source code of the system
and install packages as per our own requirement. Most of the servers, all over the
world are based on Linux or UNIX operating system because these operating system
are reliable and cost less for their maintenance.

In my training, I got a chance to learn the basic features of linux and came to know
about open source technology and open source softwares. We are provided with 24*7
help online. Any query or problem in using linux is solved and we get the help from
experts. There are a number of user groups who promote the linux operating system
and distribute their distros free of cost to the people by arranging workshops and
seminars in different cities.

CHAPTER 10
BIBLIOGRAPHY

10.1 OFFLINE RESOURCES:

 Red Hat Linux Bible Fedora and Enterprise Edition - John Wiley and Sons

26
  Red Hat Linux Networking And System Administration – Collings & Wall
 Red Hat Certified Engineer Linux Study Guide – Miachel Jang

10.2 ONLINE RESOURCES:

 www.redhat.com

 www.wikipedia.com

 www.lugj.in

 www.google.com

27