# LFCS: Networking (25%) This section covers **Linux networking**, hostname resolution, time synchronization, OpenSSH configuration, packet filtering, routing, bridges, and load balancing. --- ## Goals ### Networking 25% 1) Configure IPv4 and IPv6 networking and hostname resolution 2) Set and synchronize system time using time servers 3) Monitor and troubleshoot networking 4) Configure the OpenSSH server and client 5) Configure packet filtering, port redirection, and NAT 6) Configure static routing 7) Configure bridge and bonding devices 8) Implement reverse proxies and load balancers --- ## 1. Configure IPv4/IPv6 Networking & Hostname Resolution ### Learn - Assign IP addresses (static & dynamic). - Configure hostnames and DNS resolution. - Understand `/etc/hosts`, `/etc/resolv.conf`, and `hostnamectl`. ### Commands ```bash # View network interfaces ip addr show ip link show # Configure static IP (example) sudo nmcli con mod eth0 ipv4.addresses 192.168.1.100/24 sudo nmcli con mod eth0 ipv4.gateway 192.168.1.1 sudo nmcli con mod eth0 ipv4.dns 8.8.8.8 sudo nmcli con mod eth0 ipv4.method manual sudo nmcli con up eth0 # Set hostname hostnamectl set-hostname myhost hostnamectl status # DNS check cat /etc/resolv.conf ping google.com ``` ### Exercises 1. Assign a static IP to an interface and verify connectivity. 2. Change the hostname and update `/etc/hosts` accordingly. --- ## 2. Time Synchronization ### Learn - Sync system time using `chrony` or `ntpd`. - Check and update time zone. ### Commands ```bash # Check current time timedatectl # Set time zone timedatectl set-timezone Europe/Paris # Sync time using chrony sudo systemctl start chronyd sudo systemctl enable chronyd chronyc tracking chronyc sources ``` ### Exercises 1. Configure NTP synchronization with a public server. 2. Verify time sync status using `chronyc tracking`. --- ## 3. Monitor & Troubleshoot Networking ### Learn - Use tools to check connectivity and troubleshoot issues. ### Commands ```bash ping traceroute ss -tulnp # check listening ports netstat -rn # routing table curl -I http://example.com dig example.com # DNS query test ``` ### Exercises 1. Ping a remote host and check for packet loss. 2. Check which service is listening on port 80. 3. Use `traceroute` to identify network path latency. --- ## 4. OpenSSH Configuration ### Learn - Configure SSH server and client. - Manage SSH keys and permissions. ### Commands ```bash # Start and enable SSH server sudo systemctl start sshd sudo systemctl enable sshd # Connect to remote server ssh user@remote_host # Generate SSH key pair ssh-keygen -t rsa -b 4096 # Copy SSH public key to remote server ssh-copy-id user@remote_host # Change SSH port (example: 2222) sudo nano /etc/ssh/sshd_config # Port 2222 sudo systemctl reload sshd ``` ### Exercises 1. Configure SSH to listen on a non-default port. 2. Set up key-based authentication. 3. Disable root password login for security. --- ## 5. Packet Filtering, Port Redirection, and NAT ### Learn - Configure firewalls using `iptables` or `firewalld`. - Perform NAT and port forwarding for network access. ### Commands ```bash # Check firewall status sudo firewall-cmd --state # Allow SSH port 22 sudo firewall-cmd --add-port=22/tcp --permanent sudo firewall-cmd --reload # Add NAT rule (masquerade) sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # View rules sudo iptables -t nat -L -n -v ``` ### Exercises 1. Open a specific port (e.g., 8080) on the firewall. 2. Configure port forwarding for SSH (e.g., 2222 → 22). 3. Enable masquerading to share internet from one interface to another. --- ## 6. Static Routing ### Learn - Add static routes to control network traffic paths. ### Commands ```bash # Add a static route sudo ip route add 192.168.2.0/24 via 192.168.1.1 dev eth0 # Delete a static route sudo ip route del 192.168.2.0/24 # Show routes ip route show ``` ### Exercises 1. Add a static route to reach a remote network. 2. Verify connectivity via the static route using `ping` or `traceroute`. --- ## 7. Bridge & Bonding Devices ### Learn - Create network **bridges** for virtual machines or containers. - Create **bonded interfaces** for redundancy or link aggregation. ### Commands ```bash # Create a bridge sudo nmcli con add type bridge con-name br0 ifname br0 sudo nmcli con add type bridge-slave con-name eth0-br0 ifname eth0 master br0 # Create bonded interface sudo nmcli con add type bond con-name bond0 ifname bond0 mode active-backup sudo nmcli con add type bond-slave con-name eth1-bond0 ifname eth1 master bond0 sudo nmcli con add type bond-slave con-name eth2-bond0 ifname eth2 master bond0 # View connection status nmcli con show ``` ### Exercises 1. Create a bridge interface and attach an Ethernet device. 2. Configure a bonded interface using two NICs in active-backup mode. --- ## 8. Reverse Proxies & Load Balancers ### Learn - Understand reverse proxies and load balancing concepts. - Use **Nginx** as a basic reverse proxy or load balancer. ### Commands ```bash # Install and configure Nginx sudo apt install nginx -y # Nginx reverse proxy configuration example sudo nano /etc/nginx/conf.d/reverse.conf # Example config: # server { # listen 80; # location / { # proxy_pass http://backend:8080; # } # } # Enable and reload Nginx sudo systemctl enable nginx sudo systemctl reload nginx ``` ### Exercises 1. Configure Nginx to proxy requests to a backend server. 2. Implement round-robin load balancing for multiple backend servers. 3. Test the setup using `curl` or a web browser. --- ## 🧪 Exam Tips - Always verify **connectivity and DNS resolution** (`ping`, `dig`, `nslookup`). - Understand **network configuration files**: - `/etc/NetworkManager/system-connections/` - `/etc/sysconfig/network-scripts/` (RHEL-based) - Practice switching between **NetworkManager CLI (`nmcli`)** and **`ip`** commands. - Familiarize yourself with **firewalld zones** and **NAT configurations**. - Understand **basic Nginx directives** for proxying and load balancing. ---