Proxy, news, and search servers

Linux provides for proxy, news, and search services with several different software packages. Linux provides a proxy-caching server that caches Web information, which increases the client’s access speed, and also reduces bandwidth costs to a company. The most popular proxy-caching server for Linux is called Squid. Squid is a high-performance proxy-caching server that supports FTP, gopher, and HTTP data objects. It is used to cache (store information) that was previously accessed by clients. When a user makes a request for a Web page, Squid checks to see if it has a copy of the requested information in its cache. If Squid has this information, it checks to see if the information is current, updates it if necessary, and then forwards this information to the client. This saves the client time if the information was previously accessed and saves the company money and resources because Squid removes the need to access the requested information from the Internet. Squid also allows the creation of access control lists (ACL), thus enabling the filtering and tracking of Web traffic that the clients are requesting. Therefore, Squid provides an excellent proxy server with comprehensive Web-filtering tools.

News servers are supported in Linux by InterNetNews package (INN) and Leafnode. Leafnode is a USENET software package designed for small sites with few readers and only a slow link to the Net, and is therefore not really beneficial in the enterprise environment. INN, however, is a full Usenet system that includes a NNTP (Network News Transport Protocol) server and a newsreading server. INN was originally written by Rich Salz, but has since been taken over by the Internet Software Consortium (ISC). InterNetnews is used to exchange messages between networks of news servers.

News articles are placed into newsgroups.

Each individual news server locally stores all articles that it has received for a given newsgroup.

The newsgroups are organized in hierarchical fashion ensuring that all messages are distributed to local servers, making access to stored articles extremely fast.

Searching for documents in a newsgroup or on the World Wide Web can be a challenge to the user. Due to the vast amount of information available, it can be a daunting task to search individual web sites and newsgroups for a particular piece of information. Luckily, you have Dig (or the ht://Dig system), which is a complete World Wide Web (WWW) indexing and searching system for a domain or intranet. Dig is intended to provide a searching and indexing system for local websites and Intranet information. Although it is competent for its intended area of use, it is not meant to replace large-scale Internet search engines, such as Google, Yahoo, Lycos, Infoseek, or AltaVista. Dig supports both simple and complex searches. It supports Boolean search methods, with arbitrarily complex Boolean expressions and fuzzy search methods to search both HTML and text documents. Fuzzy search methods

use exact, soundex, metaphone, common word endings, synonyms, and configurable algorithms to search the documents. Dig can be configured to search subsections of the databases for any number of keywords, and to then send the output to a customized HTML template. You can use Dig to index a server or parts of a server that are protected by a username and password.

FTP servers

The FTP (File Transfer Protocol) is a protocol that allows computers to send and receive files over the Internet. A counterpart to FTP is TFTP, or Trivial File Transfer Protocol. TFTP is the connection-less protocol that is often used for streaming files, such as audio or video, where missing one piece of information is less important than continuing the stream of information. Due to the design of the protocol, different machines using different operating systems and different hardware can exchange files in a safe manner. FTP provides for guaranteed delivery of data from an FTP server to the FTP client. Most versions of Linux come with some form of FTP server package. After the server is configured, users can connect to it with any FTP client.

Firewalls

A firewall protects the resources of a private network from unauthorized access from an outside network. A typical firewall is often created on a router, or a specially designated computer, which acts as a gateway to separate the outside network from the internal network. This creates a secure path so that only authorized incoming requests are allowed into the private network. An inexpensive Linux machine with a connection to the outside network and with another connection to the internal network can be used as a firewall. Linux provides many resources to create a firewall, including ipchains, Netfilter (which uses iptables and NAT or Network Address Translation), and IP Masquerade. Firewalls are very important servers that must be constantly updated and tested. The ability of any firewall solution is only as good as the person administering it. If you have the world’s best firewall but don’t keep it up-to-date, vulnerabilities may be discovered that can compromise the firewall.

ipchains

ipchains work by using a set of rules to filter traffic. The rules are initially organized into three groups (called chains):

The input chain is used to control which packet comes into the box.

The forward chain intercepts packets that come from one network and are destined for another network but are routed through the firewall.

The output chain examines packets that are leaving the firewall.

The chain that is used to decide the fate of the packet depends on where the packet was intercepted. Several basic targets and functions are used with ipchains, including:

ACCEPT, which allows the packet to pass through

DENY, which denies access by the packet

REJECT, which denies access and notifies the sender

MASQ, which masquerades the packet

REDIRECT, which sends the packet to a local socket or process on the firewall

RETURN, which sends the packet to the end of the chain and lets the default target process the packet

Netfilter

Netfilter uses a true package-filtering tool to filter incoming packets. To perform this task, Netfilter uses iptables. These tables are established with rules based on particular network protocols. Therefore, different tables with rules can be created to select packets according to different criteria. After the packet is selected and passed to the table, the table handles the dropping or accepting of the packet. This greatly reduces the overhead of packet filtering because only the table that handles the packet actually determines the status of the packet — and not an entire set of rules, as in ipchains.

NAT

NAT (Network Address Translation) is the translation of an IP address that is used within one network to a different IP address known within another network. One network is designated as the inside network and the other is designated as the outside network. Typically, NAT is used to map a user’s local network address to an outside IP addresses, and resolves the IP address on incoming packets back into its local IP address. This helps to ensure security because each outgoing or incoming request must go through a translation process that also offers the opportunity to qualify or authenticate the request or match it to a previous request. NAT also conserves on the number of IP addresses that are needed and lets a single public IP address communicate with external networks. Every packet coming from the internal network will be seen from the outside world as coming from that particular IP address. Most of today’s inexpensive routers use NAT to provide services such as sharing dedicated digital connections. IP Masquerade is really a form of NAT that is used with ipchains.

Stateful packet inspection

Stateful Packet Filtering Firewalls operate around the connections between network firewalls. In filtering packets by the information that is contained within the packet header, firewalls allow or deny access to the network. Stateful filtering firewalls