LPIC-2 Advanced Networking Configuration • Complete Question Bank
Complete LPIC-2 Advanced Networking Configuration question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. # ip route show default via 192.168.1.1 dev eth0 10.0.0.0/8 via 192.168.2.1 dev eth1 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100 192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.100
You are a network administrator for a medium-sized company. The company has a Linux server acting as a router/firewall with three network interfaces: eth0 (public, 203.0.113.2/24, gateway 203.0.113.1), eth1 (DMZ, 10.0.1.1/24), and eth2 (internal, 192.168.1.1/24). The DMZ hosts a web server with IP 10.0.1.100, and the internal network has client machines. The firewall rules are currently set to default DROP on INPUT and FORWARD, ACCEPT on OUTPUT. The administrator wants to allow internal clients (192.168.1.0/24) to access the web server (10.0.1.100) on port 80. Additionally, the administrator wants to allow external users (from the internet) to access the web server's public IP (203.0.113.2) on port 80, which should be DNATed to 10.0.1.100. The administrator has enabled IP forwarding and added the following rules:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.1.100:80 iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 80 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -p tcp --sport 80 -j ACCEPT
Internal clients cannot access the web server. External users are able to access the web server successfully. What is the most likely reason internal clients cannot access the web server?
A company has a Linux server with two network interfaces: eth0 connected to the internal 192.168.1.0/24 network, and eth1 connected to the internet via a public IP of 203.0.113.10. The server runs a web server on port 80 and needs to allow internal clients to access the internet while hiding their private IPs (MASQUERADE). Additionally, external users should be able to reach the web server using the public IP. The administrator has enabled IP forwarding and configured iptables with the following rules:
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
However, internal clients can access the internet, but external users cannot reach the web server. What should the administrator do to fix the issue?
Refer to the exhibit. ``` # ip route show table 100 192.168.10.0/24 dev eth0 scope link 0.0.0.0/1 via 10.0.0.1 dev eth1 ``` ``` # ip rule show 0: from all lookup local 32765: from 192.168.10.0/24 lookup 100 32766: from all lookup main 32767: from all lookup default ```
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Assigns IP addresses and network configuration automatically
Resolves hostnames to IP addresses
Synchronizes system time over a network
Provides directory services for authentication and authorization
Caching proxy for HTTP, HTTPS, and FTP
Drag a concept onto its matching description — or click a concept then click the description.
General system messages (legacy)
System log on Debian-based systems
Authentication and security events
Kernel messages
Mail server logs
Refer to the exhibit.
# ip addr show eth0
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:1a:2b:3c:4d:5e brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::21a:2bff:fe3c:4d5e/64 scope link
valid_lft forever preferred_lft foreverRefer to the exhibit.
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.001122334455 yes eth0
eth1
# brctl showstp br0
br0
bridge id 8000.001122334455
designated root 8000.001122334455
root port 0 path cost 0
max age 20.00
hello time 2.00
forward delay 15.00
bridge hello time 2.00
bridge max age 20.00
bridge forward delay 15.00
ageing time 300.00
hello timer 0.00
tcn timer 0.00
topology change timer 0.00
gc timer 0.00
eth0 (1)
port id 8001 state forwarding
designated root 8000.001122334455 path cost 4
designated bridge 8000.001122334455 message age timer 0.00
designated port 8001 forward delay timer 0.00
designated cost 0 hold timer 0.00
eth1 (2)
port id 8002 state blocking
designated root 8000.001122334455 path cost 4
designated bridge 8000.001122334455 message age timer 0.00
designated port 8002 forward delay timer 0.00
designated cost 0 hold timer 0.00Refer to the exhibit. # ip rule show 0: from all lookup local 32766: from all lookup main 32767: from all lookup default # ip route show table 100 default via 10.0.0.1 dev eth0 # ip route show table 200 default via 172.16.0.1 dev eth1 # ip rule add from 10.1.1.0/24 lookup 200 # ip rule add from 10.2.2.0/24 lookup 100
Refer to the exhibit. Output of 'ip route show' on a Linux router: default via 10.0.0.1 dev eth0 metric 100 10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.2 metric 100 192.168.1.0/24 via 10.0.0.254 dev eth0 metric 50 192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.1 metric 100
Refer to the exhibit. Output of 'tcpdump -i eth0 -n' on a server: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 18:34:22.123456 IP 10.0.0.1 > 10.0.0.2: ICMP echo request, id 1, seq 1, length 64 18:34:22.123789 IP 10.0.0.2 > 10.0.0.1: ICMP echo reply, id 1, seq 1, length 64 18:34:23.124456 IP 10.0.0.1.54321 > 10.0.0.3.80: Flags [S], seq 123456, win 65535, options [mss 1460], length 0 18:34:23.125001 IP 10.0.0.3.80 > 10.0.0.1.54321: Flags [S.], seq 654321, ack 123457, win 65535, options [mss 1460], length 0 18:34:23.125200 IP 10.0.0.1.54321 > 10.0.0.3.80: Flags [.], ack 654322, win 65535, length 0
Refer to the exhibit.
Contents of /etc/network/interfaces:
auto br0
iface br0 inet static
address 192.168.1.1
netmask 255.255.255.0
bridge_ports eth0 eth1
auto eth0
iface eth0 inet manual
auto eth1
iface eth1 inet manualRefer to the exhibit.
# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ff
3: eth0.10@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ff
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ff
# bridge vlan show
port vlan ids
eth0 1 PVID Egress Untagged
br0 1 PVID Egress Untagged
eth0.10 10Refer to the exhibit.
# nft list ruleset
table ip filter {
chain input {
type filter hook input priority 0; policy drop;
ct state established,related accept
iifname lo accept
ip saddr 192.168.1.0/24 tcp dport { 22, 80, 443 } accept
ip saddr 192.168.2.0/24 tcp dport 22 accept
}
chain forward {
type filter hook forward priority 0; policy drop;
ip saddr 192.168.1.0/24 oifname eth0 accept
oifname eth0 ip daddr 192.168.1.0/24 accept
}
}Refer to the exhibit.
# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::211:22ff:fe33:4455/64 scope link
valid_lft forever preferred_lft forever