Website hosting mac, affordable, php5, plesk – linux experts blog

the Ethernet broadcast address. Sometimes, an optional mask value is used to publish a single Ethernet address for an entire subnet. In that case, the mask required for the specific subnet is used. However, this is not recommended. Subnets should be connected through routing, not through proxy ARP. Proxy ARP ARP requests are sent via Ethernet broadcasts. It is possible for a host to connect to an Ethernet through another network technology that cannot respond to an ARP request. To address this problem, you can use proxy ARP. Assume that two systems connect to subnet 172.16.55.0 through bluejay using some hardware that does not respond to ARP requests. Both killdeer (172.16.55.8) and meadowlark (172.16.55.23) systems have been assigned addresses on subnet 172.16.55.0. bluejay is configured to provide proxy ARP for both systems with the following commands: # arp -s killdeer 00:00:C0:4F:3E:DD pub # arp -s meadowlark 00:00:C0:4F:3E:DD pub # arp killdeer Address HWtype HWaddress Flags Mask Iface killdeer ether 00:00:C0:4F:3E:DD CMP eth0 # arp meadowlark Address HWtype HWaddress Flags Mask Iface meadowlark ether 00:00:C0:4F:3E:DD CMP eth0 The s command-line argument tells arp that this is a static entry, and the pub argument says that this entry will be published. Notice that the same Ethernet address is used for both killdeer and meadowlark, and that the address is the Ethernet address of bluejay. bluejay responds to ARP requests with its own Ethernet address so that it receives packets bound for killdeer and meadowlark. Because bluejay is configured to forward packets, when it receives packets for these systems, it sends those packets to the correct host through the non-Ethernet hardware those systems use. The IP address must be converted to a Physical layer address for all types of external data delivery, whether the system is making a direct delivery or forwarding a packet for further processing. A traditional host only accepts packets from the network that are addressed to the host. It does not accept packets addressed to other hosts or forward those packets on. Routers, on the other hand, do exactly that. To get this behavior, you must enable forwarding on a router. Enabling IP Packet Forwarding When a computer forwards a packet that it has received from the network on to a remote system, it is called IP forwarding. All Linux systems can be configured to forward IP packets. In general, hosts do not forward datagrams, but routers must. 196

Hint: This post is supported by Gama besplatan domen provider

raven (172.16.55.251) at 08:00:20:82:D5:1D [ether] on eth0 gw50 (172.16.50.254) at 00:00:0C:43:8D:FB [ether] on eth1 The arp command lists the hostname, IP address, and Ethernet address of every system currently stored in the ARP table. The keyword ether enclosed in square brackets indicates the hardware type. This will always be ether on an Ethernet network. There are other hardware values, but they are for obscure networks such as ARCnet. Most of the entries in the example are for the network connected to network interface eth0. However, a router has more than one network interface, so it is possible to see an arp display with more than one Ethernet interface indicated. The last line in the display shows this. gw50 is reached through interface eth1. You can also use the arp command to check for the table entry of an individual host: Listing 7.2: Viewing a Single arp Table Entry $ arp bluejay Address HWtype HWaddress Flags Mask Iface bluejay ether 00:00:C0:4F:3E:DD C eth0 Note It is possible to enter the arp command looking for a specific host and to receive the response no entry. This does not necessarily indicate a problem. Try sending a ping to the host first in order to prime the cache. Then, enter the arp command. You should see the correct table entry. Listing 7.2 contains much the same information as Listing 7.1. Again, there’s the hardware type, the Ethernet address, the network interface name, and the hostname. (If you prefer the IP address to the hostname, use the n option on the arp command line.) There are two fields, however, that you didn’t see in the earlier listing: the Flags field and the Mask field. The Flags field can contain three possible values: C Indicates that this is a complete entry. To be valid, an entry must be complete. Therefore, the C flag should always be set. M Indicates a static entry that was manually entered. ARP table entries are normally dynamic. They are learned from the computers on the network, and they are held in the ARP table for only a few minutes. However, the system administrator can place static entries in the table. These entries stay in the table as long as the system is running. See Chapter 13, “Troubleshooting,” for information on how a static entry is used to troubleshoot an address assignment problem. P Indicates an entry that will be published. In other words, if this computer receives an ARP broadcast for the IP address in this entry, the local host responds with the Ethernet address, even though the IP address does not really belong to the local host. This is called proxy ARP, which is used to help systems that cannot respond themselves. See the “Proxy ARP” sidebar for an example of when this is used. The Mask field contains an optional network mask, if one is used. By default, the mask is 255.255.255.255, which says that the entire IP address is matched to the Ethernet address. Other masks are rarely used. Solaris Unix systems use the mask 240.0.0.0 to map multicast addresses to 195
Note: If you are looking for good and high quality web space to host and run your java application check Vision java hosting services

Understanding Routing Routing turns TCP/IP networks into an internet and is an essential function of the Internet Protocol (IP). Even a Linux system, which has the Transport layer and the Application layer sitting above the IP layer, makes routing decisions in the IP layer. When the IP layer receives a packet, it evaluates the destination address in the header of the packet, as follows: If the destination address is the address of the local computer, IP evaluates the protocol number and passes the packet up to the appropriate transport protocol. (See the discussion of protocol numbers in Chapter 3, “Login Services.”) If the destination address is on a directly connected network, IP delivers the packet to the destination host. If the destination is on a remote network, IP forwards the datagram to a local router. The router that the packet is sent to must share a physical network with the local system. It is the responsibility of that router to then forward the packet on to the next router and so on, hop by hop, until the packet reaches its destination. Based on this list of possible decisions, IP will either directly deliver the packet or forward it to a router for additional processing. From reading Chapter 3, you know how IP uses the protocol number and the port number to deliver data to the correct application within the local host. But you may not yet know how IP delivers data across a network. To deliver a packet to another host on a directly attached network, IP must use the Physical layer addressing of that network by converting the IP address to a Physical layer address. Converting IP Addresses to Ethernet Addresses As Figure 7.2 illustrates, IP can run over many different types of networks. The IP address is a logical address. The address means something to the logical IP network, but it doesn’t mean anything to the physical networks over which IP must transport the data. To send data over a physical network, IP must convert the IP address to an address understood by the network. The most common example of this is the conversion from an IP address to an Ethernet address. The protocol that performs this conversion is the Address Resolution Protocol (ARP). Note The ARP protocol is included with Linux systems, and is installed by default as part of the TCP/IP network software. You don’t have to do anything to activate ARP, and it should run without problems. The ARP protocol dynamically builds a table that maps IP addresses to Ethernet addresses. It does this using the broadcast facilities of the Ethernet. When ARP receives a request to convert an IP address to an Ethernet address, it checks to see whether it has the mapping for that address in the ARP table. If the mapping is there, it uses it. If it isn’t in the table, ARP sends a broadcast on the Ethernet, asking who owns the IP address. When a computer sees an ARP broadcast for its IP address, it responds with its Ethernet address. ARP then adds that response to the table. Use the arp command to examine the contents of the ARP table on your Linux system. Use the a command-line option to view the entire table, as shown in Listing 7.1. Listing 7.1: Viewing the arp Cache $ arp -a bluejay (172.16.55.1) at 00:00:C0:4F:3E:DD [ether] on eth0 duck (172.16.55.11) at 00:10:4B:87:D4:A8 [ether] on eth0 194
Note: If you are looking for good and high quality web space to host and run your java application check Vision java hosting services

Figure 7.1: Circuit switching versus packet switching Note Whether you configure your system as a host or as an IP router, it will not have end-to-end knowledge of the routes through the network. It will know only about local routers. The Internet and all TCP/IP networks are packet-switched networks. An IP packet switch is called a gateway or an IP router. Routers interconnect networks, moving data from one network to another until the destination network is reached. At that point, direct delivery is made to the destination host. This is illustrated in Figure 7.2. Figure 7.2: Routing through networks In the figure, an IP datagram from finch to walrus would first go to router A, then to router B, then to router C, and finally to walrus. Notice that IP routers can interconnect different types of physical networks. And, as this chapter demonstrates, any Linux system can be configured to be an IP router. 193
Note: If you are looking for good and high quality web space to host and run your java application check Vision java hosting services

Chapter 7: Network Gateway Services Overview A computer can communicate directly only with computers with which it shares a physical connection. Given this fact, the computer on your desk should be able to communicate only with computers that are electrically connected to the network cable that connects to your system. So, how does it communicate with a computer on the other side of the world? There are two primary techniques: circuit switching and packet switching. Circuit switching is the technique used by the voice telephone network. When you pick up the telephone, you hear a dial tone. At this point, you have an electrical connection to the telephone switch at the local telephone company’s central office. As you dial the telephone number, you provide the switch with the information it needs to make additional connections. Using this information, the switch connects your inbound port to an outbound port. If the number you are calling is serviced by the local switch, it sets up a connection between the port your telephone is attached to and the port connected to the phone you’re calling. If the number you are calling is remotely located, the local switch sets up a connection to the next switch down the line. Each switch connects to the next switch in line until the switch servicing the remote phone is reached. This creates a circuit from your phone to the remote phone, wherever it is located, which is dedicated to your use until you hang up the phone. When your computer communicates over a modem, it uses the telephone system to create a circuit between itself and the remote system, which is often the server at an ISP that connects your system into the packet-switched Internet. Packet switching is the technique used by most data networks. Every packet in the network contains an address that tells the switch where the packet is bound. When the packet arrives at a switch, the switch reads the address and determines how the packet should be forwarded. If the switch has a physical connection to the destination node, it delivers the packet itself. Otherwise, it forwards the packet to the next switch in the path toward the destination node. Each packet is handled separately. No end-to-end connection is established In the circuit-switched model, the connection is between your phone and the phone at the remote end. In the packet-switched system, the connection is between your host and the local router. Figure 7.1 illustrates that packet switches use hop-by-hop routes versus the end-to-end connections used by circuit switches. 192

Hint: If you are looking for high quality and reliable webspace provider to host and run your jsp hosting application check Virtualwebstudio jsp web hosting provider

401: Unauthorized The client or user is denied access. 403: Forbidden The requested access is not allowed. 404: Not Found The requested document does not exist. 500: Server Error There was an unspecified server error. 503: Out of Resources (Service Unavailable) The server has insufficient resources to honor the request. 501: Not Implemented The requested server feature is not available. 502: Bad Gateway The client specified an invalid gateway. To make a field conditional, put a status code on the field in the LogFormat entry. For example, suppose you want to log the browser name only if the browser requests a service that is not implemented in your server. Combine the Not Implemented (501) status code with User-agent header in this manner: %501{User-agent}i If this value appears in the LogFormat, the name of the browser is only logged when the status code is 501. You can also use an exclamation point to specify that you want to log a value only when the status code is not a certain value; the exclamation point indicates “not.” For example, to log the address of the site that referred the user to your web page if the status code is not one of the good status codes, add the following to a LogFormat: %!200,302,304{Referer}i This particular conditional log entry is actually very useful. It tells you when a remote page has a stale link pointing to your website. It also shows that you can use multiple status codes. Use the LogFormat directive to define exactly what information is logged and the conditions under which it is logged. In Sum Web servers are an essential part of any organization’s Internet. Linux is an excellent platform for a web server using the Apache software that is included in the distribution. Apache is the most popular web server on the Internet. With Linux, it can effectively support a large organization’s website. Thus far, this book has covered some of the services, such as e-mail, DNS, and the Web, that Linux does best. The next chapter concludes the part of this book that focuses on creating an Internet server with a look at how Linux can be used to create a low-cost Internet router. Although Linux may not create the most powerful router, it is certainly one of the most cost-effective. 191

Hint: If you are looking for high quality and reliable webspace provider to host and run your jsp hosting application check Virtualwebstudio jsp web hosting provider

most log entries, this field contains a hyphen. %t Logs the date and time. %r Logs the first line of the request, which is often the URL of the requested document. The ” characters are just there to insert quotes in the output. %>s Logs the status of the last request. This is the three-digit response code that the server returned to the client. (More on response codes in a minute.) The > is a literal character that will appear in the log file in front of the response code. %b Logs the number of bytes sent. The format of the LogFormat directive is enclosed in quotes. The label “common” is not part of the format. It is an arbitrary string used to tie the LogFormat directive to a CustomLog directive. In the default Red Hat configuration, this particular LogFormat directive is not used by a CustomLog directive. Instead, the Red Hat configuration uses the following “combined” LogFormat. LogFormat “%h %l %u %t “%r” %>s %b “%{Referer}i” “%{User-Agent}i”" combined Notice that this LogFormat starts with the same seven parameters as the “common” format to which it adds more information. Apache logs can be customized to log just the information you want to track. In addition to the standard CLF fields, Apache can log the contents of any header records received or sent. For example, to log the value received from the client in the User-agent header, add the following to a LogFormat directive: %{User-agent)i This works for any header. Simply replace User-agent with the name of the header. The i indicates this is an input header. To log an output header, use an o at the end of the description. The “combined” LogFormat used on our sample Red Hat system logs everything in the CLF plus the contents of the input User-agent and Referer headers. The User-agent header contains the name of the browser used by the client. The Referer header contains the name of the remote server that linked to your web page. Using Conditional Logging Apache also supports conditional logging, which logs specified fields only when certain conditions are met. The conditions that can be tested for are the status codes returned by the server. The status codes are 200: OK The request is valid. 302: Found The requested document was found. 304: Not Modified The requested document has not been modified. 400: Bad Request The request is invalid. 190

Hint: If you are looking for high quality and reliable webspace provider to host and run your jsp hosting application check Virtualwebstudio jsp web hosting provider

are eight possible LogLevel settings: debug, info, notice, warn, error, crit, alert, and emerg. The log levels are cumulative. debug provides debugging information and all other types of logging. warn provides warnings, errors, critical messages, alerts, and emergency messages. debug causes the file to grow at a very rapid rate. emerg keeps the file small, but only notifies you of disasters. warn is a good compromise between enough detail and too much detail. The TransferLog directive defines the path to the log in which httpd writes information about server activity. Just as important as errors, the logs provide information about who is using your server, how much it is being used, and how well it is servicing the users. Use the transfer log to monitor activity and performance. Web servers are used to distribute information. If no one wants or uses the information, you need to know it. Much of the logging configuration controls what activity is logged, as well as where it is logged. The LogFormat directives define the format of log file entries. The files that these entries are written to are defined by the CustomLog directives. In the default Red Hat configuration, there are four active LogFormat directives and one active CustomLog directive: CustomLog logs/access_log combined LogFormat “%h %l %u %t “%r” %>s %b “%{Referer}i” “%{User-Agent}i”" combined LogFormat “%h %l %u %t “%r” %>s %b” common LogFormat “%{Referer}i -> %U” referer LogFormat “%{User-agent}i” agent Notice that a CustomLog statement and an associated LogFormat statement end with the same label. This label is an arbitrary name used to bind the format and the file together. In the example, the LogFormat that ends with the label “combined” is the format linked to the CustomLog directive. The LogFormat directives have a complex syntax. Defining Log Formats Apache log files conform to the Common Log Format (CLF). CLF is a standard used by all web server vendors. Using this format means that the logs generated by Apache servers can be processed by any log-analysis tool that also conforms to the standard, and most do. The format of a standard CLF entry is defined by the following LogFormat directive from our sample httpd.conf file: LogFormat “%h %l %u %t “%r” %>s %b” common A CLF entry contains seven fields, each represented by a parameter in the LogFormat directive: %h Logs the IP address or hostname of the client. If HostnameLookups is set to on, this is the client’s fully qualified hostname. On the sample Red Hat system, this would be the IP address because HostnameLookups is turned off to enhance server performance. %l Logs the username assigned to the user on the client. The username is retrieved using the identd protocol. Most clients do not run identd, and thus do not provide this information, so this field usually contains a hyphen to indicate a missing value %u Logs the username used to access a password protected web page. This should match a name defined in the AuthUser file or the AuthDBMUser database you created for the server. Most documents are not password-protected; therefore, in 189

Hint: This post is supported by Gama hrvatski web hosting services

Figure 6.7: The Apache server-status display Monitoring tells you about the real-time status of your server, but even more can be learned by looking at the way your server is used over time. Logging provides that information. Apache Logging Several directives in the Red Hat httpd.conf file configure logging. The ErrorLog directive defines the path of the error log file. Use the error log to detect failures. Review the error log at least once a day and look for problems. To keep a close eye on the file while you’re logged-in, use the tail command with the -f option: $ tail l 1 f /var/log/httpd/apache/error_log The tail l 1 command prints the last record in the error file, and the -f option keeps the tail process running so that you will see any record as it is written to the file. This allows you to monitor the file in real time. The LogLevel directive defines what types of events are written to the error log. The Red Hat configuration specifies that warnings and other more critical errors are to be written to the log. There 188

Hint: This post is supported by Gama hrvatski web hosting services

Monitoring Your Server Apache provides tools to monitor the status of your server and logs that keep a history of how the system is used and how it performs over time. One of these tools is the server-status monitor. To use this monitor, it must either be compiled into httpd or installed as a dynamically loadable module. The following two lines from the Red Hat httpd.conf configuration file load the required module: LoadModule status_module modules/mod_status.so AddModule mod_status.c To get the maximum amount of information from the server-status display, add the ExtendedStatus directive to your httpd.conf file. By default, it is commented out of the Red Hat configuration. Remove the hash mark (#) to active this directive; for example: ExtendedStatus on Enable the monitor by locating the Location /server-status container directive in the httpd.conf file and removing the hash marks to activate the directives in that container. Edit the Allow from directive to control access to the server status screen. For example, you might grant access to the localhost or to all hosts in your domain. Listing 6.12 shows the uncommented container after it has been configured to allow access from all hosts in the foobirds.org domain. Listing 6.12: The Server-Status Location Container SetHandler server-status order deny,allow deny from all allow from foobirds.org After the monitor is installed and enabled, access it from a browser at www.foobirds.org/server-status/?refresh=20. The refresh value is not required, but when used, the status display is automatically updated. In Listing 6.12, we ask for a status update every 20 seconds. Figure 6.7 shows the status screen for our test server. 187

Hint: This post is supported by Gama hrvatski web hosting services