Книга: Linux Network Administrator Guide, Second Edition

Kernel Networking Options in Linux 2.0.0 and Higher

Kernel Networking Options in Linux 2.0.0 and Higher

Linux 2.0.0 marked a significant change in Linux Networking. Many features were made a standard part of the Kernel, such as support for IPX. A number of options were also added and made configurable. Many of these options are used only in very special circumstances and we won't cover them in detail. The Networking HOWTO probably addresses what is not covered here. We'll list a number of useful options in this section, and explain when you'd want to use each one:

Basics

To use TCP/IP networking, you must answer this question with y. If you answer with n, however, you will still be able to compile the kernel with IPX support:

Networking options --›
     [*] TCP/IP networking

Gateways

You have to enable this option if your system acts as a gateway between two networks or between a LAN and a SLIP link, etc. It doesn't hurt to enable this by default, but you may want to disable it to configure a host as a so-called firewall. Firewalls are hosts that are connected to two or more networks, but don't route traffic between them. They're commonly used to provide users with Internet access at minimal risk to the internal network. Users are allowed to log in to the firewall and use Internet services, but the company's machines are protected from outside attacks because incoming connections can't cross the firewall (firewalls are covered in detail in Chapter 9, TCP/IP Firewall):

[*] IP: forwarding/gatewaying

Virtual hosting

These options together allow to you configure more than one IP address onto an interface. This is sometimes useful if you want to do "virtual hosting," through which a single machine can be configured to look and act as though it were actually many separate machines, each with its own network personality. We'll talk more about IP aliasing in a moment:

[*] Network aliasing
    ‹*› IP: aliasing support

Accounting

This option enables you to collect data on the volume of IP traffic leaving and arriving at your machine (we cover this is detail in Chapter 10, IP Accounting):

[*] IP: accounting

PC hug

This option works around an incompatibility with some versions of PC/TCP, a commercial TCP/IP implementation for DOS-based PCs. If you enable this option, you will still be able to communicate with normal Unix machines, but performance may be hurt over slow links:

- - (it is safe to leave these untouched)
[*] IP: PC/TCP compatibility mode

Diskless booting

This function enables Reverse Address Resolution Protocol (RARP). RARP is used by diskless clients and X terminals to request their IP address when booting. You should enable RARP if you plan to serve this sort of client. A small program called rarp, included with the standard networking utilities, is used to add entries to the kernel RARP table:

‹*› IP: Reverse ARP

MTU

When sending data over TCP, the kernel has to break up the stream into blocks of data to pass to IP. The size of the block is called the Maximum Transmission Unit, or MTU. For hosts that can be reached over a local network such as an Ethernet, it is typical to use an MTU as large as the maximum length of an Ethernet packet - 1,500 bytes. When routing IP over a Wide Area Network like the Internet, it is preferable to use smaller-sized datagrams to ensure that they don't need to be further broken down along the route through a process called IP fragmentation.[19] The kernel is able to automatically determine the smallest MTU of an IP route and to automatically configure a TCP connection to use it. This behavior is on by default. If you answer y to this option this feature will be disabled.

If you do want to use smaller packet sizes for data sent to specific hosts (because, for example, the data goes through a SLIP link), you can do so using the mss option of the route command, which is briefly discussed at the end of this chapter:

[] IP: Disable Path MTU Discovery (normally enabled)

Security feature

The IP protocol supports a feature called Source Routing. Source routing allows you to specify the route a datagram should follow by coding the route into the datagram itself. This was once probably useful before routing protocols such as RIP and OSPF became commonplace. But today it's considered a security threat because it can provide clever attackers with a way of circumventing certain types of firewall protection by bypassing the routing table of a router. You would normally want to filter out source routed datagrams, so this option is normally enabled:

[*] IP: Drop source routed frames

Novell support

This option enables support for IPX, the transport protocol Novell Networking uses. Linux will function quite happily as an IPX router and this support is useful in environments where you have Novell fileservers. The NCP filesystem also requires IPX support enabled in your kernel; if you wish to attach to and mount your Novell filesystems you must have this option enabled (we'll dicuss IPX and the NCP filesystem in Chapter 15, IPX and the NCP Filesystem):

‹*› The IPX protocol

Amateur radio

These three options select support for the three Amateur Radio protocols supported by Linux: AX.25, NetRom and Rose (we don't describe them in this book, but they are covered in detail in the AX25 HOWTO):

‹*› Amateur Radio AX.25 Level 2
‹*› Amateur Radio NET/ROM
‹*› Amateur Radio X.25 PLP (Rose)

Linux supports another driver type: the dummy driver. The following question appears toward the start of the device-driver section:

‹*› Dummy net driver support

The dummy driver doesn't really do much, but it is quite useful on standalone or PPP/SLIP hosts. It is basically a masqueraded loopback interface. On hosts that offer PPP/SLIP but have no other network interface, you want to have an interface that bears your IP address all the time. This is discussed in a little more detail in "The Dummy Interface" in Chapter 5, Configuring TCP/IP Networking. Note that today you can achieve the same result by using the IP alias feature and configuring your IP address as an alias on the loopback interface.

Оглавление книги


Генерация: 1.472. Запросов К БД/Cache: 3 / 1
поделиться
Вверх Вниз