Skip to main content

LFCS: Networking (25%)

This section covers Linux networking,networking, hostname resolution, time synchronization, OpenSSH,OpenSSH configuration, packet filtering, routing, bridges, and load balancing.

Goals

Networking 25%

    Configure IPv4 and IPv6 networking and hostname resolution Set and synchronize system time using time servers Monitor and troubleshoot networking Configure the OpenSSH server and client Configure packet filtering, port redirection, and NAT Configure static routing Configure bridge and bonding devices Implement reverse proxies and load balancers

    1. Configure IPv4/IPv6 Networking & Hostname Resolution

    Learn

    • Assign IP addresses (static & dynamic).
    • Configure hostnames and DNS resolution.
    • Understand /etc/hosts, /etc/resolv.conf, and hostnamectl.

    Commands

    # View network interfaces
ip addr show
ip link show

# Configure static IP (example)
sudo nmcli con mod eth0 ipv4.addresses 192.168.1.100/24
sudo nmcli con mod eth0 ipv4.gateway 192.168.1.1
sudo nmcli con mod eth0 ipv4.dns 8.8.8.8
sudo nmcli con mod eth0 ipv4.method manual
sudo nmcli con up eth0

# Set hostname
hostnamectl set-hostname myhost
hostnamectl status

# DNS check
cat /etc/resolv.conf
ping google.com

    Exercises

    1. Assign a static IP to an interface and verify connectivity.
    2. Change the hostname and update /etc/hosts accordingly.

    2. Time Synchronization

    Learn

    • Sync system time using chrony or ntpd.
    • Check and update time zone.

    Commands

    # Check current time
timedatectl

# Set time zone
timedatectl set-timezone Europe/Paris

# Sync time using chrony
sudo systemctl start chronyd
sudo systemctl enable chronyd
chronyc tracking
chronyc sources

    Exercises

    1. Configure NTP synchronization with a public server.
    2. Verify time sync status.status using chronyc tracking.

    3. Monitor & Troubleshoot Networking

    Learn

    • Use tools to check connectivity and troubleshoot issues.

    Commands

    ping <host>
traceroute <host>
ss -tulnp       # check listening ports
netstat -rn     # routing table
curl -I http://example.com
dig example.com # DNS query test

    Exercises

    1. Ping a remote host and check for packet loss.
    2. Check which service is listening on port 80.
    3. Use traceroute to identify network path latency.

    4. OpenSSH Configuration

    Learn

    • Configure SSH server and client.
    • Manage SSH keys and permissions.

    Commands

    # Start and enable SSH server
sudo systemctl start sshd
sudo systemctl enable sshd

# Connect to remote server
ssh user@remote_host

# Generate keysSSH key pair
ssh-keygen -t rsa -b 4096

# Copy SSH public key to remote server
ssh-copy-id user@remote_host

# Change SSH port (example: 2222)
sudo nano /etc/ssh/sshd_config
# Port 2222
sudo systemctl reload sshd

    Exercises

    1. Configure SSH to listen on a non-default port.
    2. Set up key-based authentication.
    3. Disable root password login for security.

    5. Packet Filtering, Port Redirection, and NAT

    Learn

    • Configure firewallfirewalls using iptables or firewalld.
    • Perform NAT and port forwarding.forwarding for network access.

    Commands

    # Check firewall status
sudo firewall-cmd --state

# Allow SSH port 22
sudo firewall-cmd --add-port=22/tcp --permanent
sudo firewall-cmd --reload

# ExampleAdd NAT rule (masquerade)
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# View rules
sudo iptables -t nat -L -n -v

    Exercises

    1. Open a specific port (e.g., 8080) on the firewall.
    2. Configure port forwarding for SSH.SSH (e.g., 2222 → 22).
    Enable masquerading to share internet from one interface to another.

    6. Static Routing

    Learn

    • Add static routes forto control network traffic control.paths.

    Commands

    # Add a static route
sudo ip route add 192.168.2.0/24 via 192.168.1.1 dev eth0

# Delete a static route
sudo ip route del 192.168.2.0/24

# Show routes
ip route show

    Exercises

    1. Add a static route to reach a remote network.
    2. Verify connectivity via the static route.route using ping or traceroute.

    7. Bridge & Bonding Devices

    Learn

    • NetworkCreate bridgingnetwork (e.g.,bridges for VMs).virtual machines or containers.
    • BondingCreate bonded interfaces for redundancy or link aggregation.

    Commands

    # Create a bridge
sudo nmcli con add type bridge con-name br0 ifname br0
sudo nmcli con add type bridge-slave con-name eth0-br0 ifname eth0 master br0

# BondingCreate examplebonded interface
sudo nmcli con add type bond con-name bond0 ifname bond0 mode active-backup
sudo nmcli con add type bond-slave con-name eth1-bond0 ifname eth1 master bond0
sudo nmcli con add type bond-slave con-name eth2-bond0 ifname eth2 master bond0

# View connection status
nmcli con show

    Exercises

    1. Create a networkbridge bridgeinterface and attach an interface.Ethernet device.
    2. Configure a bonded interface withusing two NICs.NICs in active-backup mode.

    8. Reverse Proxies & Load Balancers

    Learn

    • BasicsUnderstand ofreverse proxies and load balancing concepts.
    Use Nginx as a basic reverse proxy (e.g., Nginx) andor load balancing.balancer.

    Commands

    # Install and configure Nginx
sudo apt install nginx -y

# Nginx reverse proxy configuration example
sudo nano /etc/nginx/conf.d/reverse.conf

# Example config:
# server {
#     listen 80;
#     location / {
#         proxy_pass http://backend:8080;
#     }
# }

# Enable and reload Nginx
sudo systemctl enable nginx
sudo systemctl reload nginx

    Exercises

    1. Configure Nginx to proxy requests to a backend server.
    2. Set up basicImplement round-robin load balancing for multiple backend servers.
    Test the setup using Nginx.curl or a web browser.

    🧪 Exam Tips

      Always verify connectivity and DNS resolution (ping, dig, nslookup). Understand network configuration files:
        /etc/NetworkManager/system-connections/ /etc/sysconfig/network-scripts/ (RHEL-based) Practice switching between NetworkManager CLI (nmcli) and ip commands. Familiarize yourself with firewalld zones and NAT configurations. Understand basic Nginx directives for proxying and load balancing.
        Back to top