CHAPTER 1 ■ APPLIANCE CONTROL 33 For a machine to have an address, it must be given one, either by a human or by a suitably configured computer. It cannot randomly generate one in case the address conflicts with another machine on the network or is one of the reserved addresses, such as 127.0.0.1. All the networked machines in the home should exist within a specific range of addresses, known as a subnet, and should be assigned to one of the private address ranges provided by the IPv4 specification. This not only stops conflicts with other existing sites on the Internet but also ensures the data within these networks is secure and invisible to machines outside the network, because all routers, switches, and gateways do not recommunicate any traffic with a private address range outside the local network. These private address ranges are 10.x.x.x, 8 172.16-31.x.x, and 192.168.x.x, where x can mean any value between 0 and 255. For the purposes of demonstration, I will assign my subnet to the 192.168.1.x range, giving me 254 9 possible devices on the network. Most people use this for private networks because nearly all the routers sold for the home allocate addresses within this range. Also, most questions found on the various Internet forums will probably have answers detailed using the same addresses as you have. Now knowing the address range of your network, you have to consider the individual addresses. The first one to assign is the router, which usually earns the 192.168.1.1 designation, 10 followed by the Linux server, which I will assign 192.168.1.2. ■ Caution Configuring properties such as IP addresses requires you to be logged in as root, so tread carefully! You can provide a Linux machine a static address either by using the tools in your desktop GUI or by configuring the /etc/network/interfaces file directly: auto eth1 iface eth1 inet static address 192.168.1.2 netmask 255.255.0.0 broadcast 192.168.1.255 network 192.168.1.0 This tells the system to use the network card assigned as eth1 11 for the static IPv4 address 192.168.1.2, with all the standard parameters. 8 You might also see this listed as 10.0.0.0/8, with the 8 detailing how many of the binary digits within the address are fixed. Similarly, you might also see 172.16.0.0/12 and 192.168.0.0/16 used, respectively. 9 There are two addresses reserved for the subnet (0) and broadcast (255), thus reducing the total number from 256 to 254. 10 Some routers can not be configured away from 192.168.1.1, so it’s best to avoid using this number for anything else. 11 Determine whether this is eth0 or eth1 by either checking the output of dmesg | grep eth or adding the alias eth1 mynetcarddevice to /etc/modules. CHAPTER 1 ■ APPLIANCE CONTROL 34 You can use this approach to assign static IPv4 addresses to every machine on your network— simply make note of which machine is given which number. However, this can become tiresome after a while, and many embedded devices don’t allow such control over the configuration. Either case requires you to upgrade to DHCP. DHCP stands for Dynamic Host Configuration Protocol and is a way of configuring the networking facilities of each client machine on the network. The software comes in two parts, a client and a server. The client says simply, “I’m a machine; where is the network?” by transmitting a message onto the cable for all machines to hear. The server listens for any and all of these messages and responds by returning all the configuration data that the sender should use for networking, such as its IPv4 address, domain name, and so on. Configuring a DHCP client in Linux is easy and involves replacing the earlier section of the /etc/network/interfaces file with the following: auto eth1 iface eth1 inet dhcp Creating a DHCP server takes a little more work but can often be avoided since many network routers include one, although it’s sometimes disabled by default. To prepare one in Linux, you should first install the DHCP server software with a command such as this: apt-get install dhcp3-server You can then edit the /etc/dhcpd.conf file to assign addresses to each machine. Prior to editing, you may need to run this: ln -s /etc/dhcp3/dhcpd.conf /etc/dhcpd.conf ln -s /usr/sbin/dhcpd3 /usr/sbin/dhcpd The addresses of each machine can be assigned by following these steps: 1. Giving it the next free number in a series, say 100–254. These are pooled addresses. 2. Looking at the MAC address of the network card that sent the message (all MACs are unique) and giving it a specific address based on that number. 3. Doing any combination of 1 and 2. Since these pooled addresses are finite in number, they are never given to a machine. Instead, they are leased, and the DHCP client of each machine must rerequest the address if it’s still using it after a certain amount of time. The software does this automatically behind the scenes. If you have a lot of visitors to your home (who’d rather use the Internet than talk with you!), then leasing addresses is the simplest way to go because each friend wouldn’t need to have a static address that would require configuration. Pooled addresses are configured like this: subnet 192.168.1.0 netmask 255.255.255.0 { option routers 192.168.1.1; range 192.168.1.5 192.168.1.115; } CHAPTER 1 ■ APPLIANCE CONTROL 35 Otherwise, the number of machines in your house is probably limited, so static addresses add very little work and make it quicker to troubleshoot since you know in advance what IP each computer should have. A typical configuration would appear like this: host teddyspc { hardware ethernet 00:A1:68:8E:9E:AA; fixed-address 192.168.1.4; } This host section can be included within the subnet section shown previously to create exceptions in the pooling rule. You can determine which leases have been granted by typing the following: more /var/lib/dhcp3/dhcpd.leases Many other options are available in the DHCP server, but these provide enough to get everything working. I’ll cover the specific extra cases as appropriate. Computer Names My name is Steven, often shortened to Steev. My computer’s name is 192.168.1.110, which is less easy to remember for nongeeks. Chances are there will be more nongeeks in your house than geeks who will want to refer to each computer by a name such as “Holly’s computer” or “Angela’s laptop.” There are two strains of problem here: getting the computers in the house to have usable names and getting them to know the names of each computer outside the house on the Internet. Computer names are usually distributed automatically around the local network, so they are not a problem, although it can sometimes take 30 seconds for the information to propagate to all machines. In case of problems, you can force-feed a mapping between IP addresses and computer names by adding a line like this: 192.168.1.110 mediapc to the file located at /etc/hosts or C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts depending on whether you’re working on Linux or Windows, respectively. Converting Internet domain names into numbers is done through a type of server known as Domain Name System (DNS). This is a simple client/server process whereby a client provides a domain name, such as google.com, and the server returns the globally accessible IPv4 address of the computer. There are many of these servers throughout the world, arranged in a hierarchy. So, if your local DNS server doesn’t know about a particular domain, it will ask its parent DNS server, and so on, all the way up to the master root zone server. All you need to do is configure your home machines to use the first DNS server in this chain, and the searches will happen automatically. If your ISP has provided you with a DNS server address, you can use this directly. Alternatively, if you are using a router, then this will often configure itself automatically by looking for a DNS server on the external part of the network (which only it can see) and then act as a DNS relay whereby it pretends to be a DNS server for internal network but instead passes all requests the ISP’s DNS, before returning the results to you. Having got an IP address of the DNS server (you’ll use the 192.168.1.1 of the router in this example), you can use the DHCP server to distribute this information to each machine when it also requests an IP address of its own. Since the same DNS server is used for all local machines, this can be done by setting the global option at the top of the /etc/dhcpd.conf file: CHAPTER 1 ■ APPLIANCE CONTROL 36 option domain-name-servers 192.168.1.1; Alternatively, if you are not using DHCP to provide the networking credentials, then you must revert to the same /etc/network/interfaces file in which you specified its static address and add the following: dns-nameservers 192.168.1.1 Network Services Having a machine on a working network is not enough to make one machine do something with another machine. Communication needs to take place. You’ve already seen two services in action (DHCP and DNS), and you’re probably aware of others such as HTTP to access web sites and FTP to transfer files. For your machine to work like this, you need to install a server of some kind. The trick is to know what kind of server is needed for any particular task. I will introduce these servers as needed. The first I’ll show how to set up is a file-sharing server with the ability to provide files across the local network, allowing a music collection to be situated on one machine but playable by any other on the subnet. ■ Note It is possible to make files from the internal network available externally, but I’ll cover that later. The service that makes files available is called Samba, which allows files (and printers) to be shared between machines. Because it operates on a well-understood protocol (called SMB/CIFS), it can share these resources between different operating systems including Linux, Windows, and Mac OS X. 12 It is installed in the usual way as your distribution, as shown here: apt-get install samba And it’s configured by editing this file: /etc/samba/smb.conf This is used to specify which folders on the local machine are available to the other computers and under what conditions, such as passwords or read/write privileges. Since the machine in question is on a private address range, the files will be accessible only to local machines, so you can generally make all these folders publicly accessible because in this context “public” means everyone in the house. Unlike a corporate network, abuse of networking facilities in a home environment (usually by the kids!) can be covered by not providing them with any dinner! There are many ways of configuring Samba to provide files, but the defaults are good for a home environment. I personally add sections to share various files in three specific ways. The first provides full access to my music and video files on my media server, such as //mediapc. These are mounted in a directory structure like this: 12 Version 10.2 and earlier CHAPTER 1 ■ APPLIANCE CONTROL 37 /media/mp3 /media/tv /media/movies and provided with the configuration section, like this: [media] comment = Media Server path = /media browseable = yes public = yes writable = no read only = yes guest ok = yes This gives anyone at home, including visitors, a chance to listen to whatever band I’ve been enthusing about. It’s public (meaning my visitors don’t need a user account on my computer) and browsable (so it can be found on the network, without anyone knowing its exact name). However, it is made read-only, preventing visitors from accidentally (or maliciously, with rogue viruses perhaps) deleting the files. They can see it from their Windows network neighborhood (or by typing \\mediapc\media) or from Linux (either by desktop or command line, with smbmount //mediapc/media local_media_folder -o guest 13 ). Next, I have a second share to the same location. This has a password, meaning that only I can add the latest DVD rips or music purchases to the system. [media_incoming] comment = Media Incoming path = /media browseable = no public = no writable = yes read only = no guest ok = no The final share is my computer’s DVD drive. This is almost unused in my house since I’ve had the time to rip all my CDs and DVDs into files on my local machine, but it is still occasionally useful. The default installation provides a suitable example on the method here: 13 Which, unless the mount is in /etc/fstab, can only be unmounted by using umount directory as root . disabled by default. To prepare one in Linux, you should first install the DHCP server software with a command such as this: apt-get install dhcp3-server You can then edit the /etc/dhcpd.conf. IPv4 address 192.168.1.2, with all the standard parameters. 8 You might also see this listed as 10.0.0.0/8, with the 8 detailing how many of the binary digits within the address are fixed the address conflicts with another machine on the network or is one of the reserved addresses, such as 127.0.0.1. All the networked machines in the home should exist within a specific range