Chapter #18: Setting Up Network Services in Linux
In this article, youโll learn how to install and manage Linux network services like NFS, Apache, Squid, Postfix, Iptables, UFW, Firewalld, and NTP.
When it comes to setting up and running network services, itโs hard to think of a situation where Linux doesnโt play a role.
In this chapter, weโll walk through how to install key network services on Linux, while the details of configuring each service will be explained in their own separate chapters.
- NFS (Network File System) server
- Apache web server
- Squid proxy server + squidguard
- Email server
- Iptables
In addition, we will ensure all those services can be automatically started on boot or on-demand. We must note that even when you can run all these network services in the same physical machine or virtual private server, a rule of thumb of network security tells system administrators to avoid doing so to the extent possible.
What is the judgment that supports that statement? Itโs rather simple: if for some reason a network service is compromised in a machine that runs more than one of them, it can be relatively easy for an attacker to compromise the rest as well.
Now, if you really need to install multiple network services on the same machine (in a test lab, for example), make sure you enable only those that you need at a certain moment, and disable them later.
Before we begin, we need to clarify that the current chapter (along with the rest in this course) is focused on a performance-based perspective, and thus cannot examine every theoretical detail about the covered topics.
We will, however, introduce each topic with the necessary information as a starting point.
Disabling the Firewall (Temporarily for Learning)
To use the following network services, you will need to disable the firewall for the time being until we learn how to allow the corresponding traffic through it.
Please note that this is NOT recommended for a production setup, but we will do so for learning purposes only.
In a default Ubuntu installation, the firewall (usually UFW) is typically inactive, you can still verify with sudo ufw status.
For RHEL, recent versions do include firewalld by default and it runs in an active state.
To disable it:
systemctl stop firewalld
systemctl disable firewalld # To prevent it from starting at boot
systemctl mask --now firewalld # To prevent activation by other services
Disabling or masking the firewall should only be done in testing environments. Remember to re-enable it for real deployments.
Installing an NFS Server
NFS stands for Network File System, which is a network protocol that allows Linux and other Unix-like clients to access files over a network as if they were stored locally.
A known limitation of NFS (versions 3 and older) is that both clients and server must be located on the same local or trusted network since data travels unencrypted from one end to the other.
Thus, it goes without saying that setting up NFS over the Internet is not a very good idea. This limitation was addressed through NFS version 4 using Kerberos.
Since that technology is not within the scope of either Linux Foundation exams, we will not cover it in this book.
What you need to remember: An NFS server is the traditional solution that allows Unix-like clients to mount remote shares over a network and interact with those file systems as though they are mounted locally, allowing to centralize storage resources for the network.
To install NFS server packages on modern systems: