Advanced Linux Networking

Apple developed its AppleTalk protocol stack in conjunction with the LocalTalk networking hardware for some of its earliest Macintoshes in the mid-1980s. (In fact, early on, both the hardware and software went by the name AppleTalk, although today this name is reserved for the software side.) As Ethernet grew in popularity, Apple developed a way to use AppleTalk over Ethernet hardware ”a variant that's sometimes called EtherTalk. Linux supports AppleTalk over either the original LocalTalk hardware (if your system has a supported LocalTalk network card, as described in Chapter 1) or over Ethernet.

NOTE

Ironically, Linux doesn't support the LocalTalk hardware built into Macintosh computers. If you run Linux on such a system, you will not be able to use the LocalTalk hardware, although you may still use AppleTalk over Ethernet, if the computer has a built-in Ethernet adapter or a supported Ethernet expansion card.

AppleTalk Features and Capabilities

Like TCP/IP, AppleTalk uses a 32-bit machine address. Also like TCP/IP, the AppleTalk address is broken down into two components ”a network address and a computer address; however, the division of these two components is fixed, with each consuming 16 of the 32 bits available for the address. AppleTalk includes a procedure by which the computers on the network can negotiate their own AppleTalk addresses, so you need not set this address explicitly. (You can request a specific address or an address in a specific range if you want to, but this usually isn't necessary.)

Above the AppleTalk numeric addresses lies a two-tiered alphabetic naming system that humans use more directly. Each computer has a name, and resides in a zone, which is a logical group of computers. Small networks may be zoneless, meaning that the zone name doesn't obtrude itself upon users. When you start Netatalk, the primary AppleTalk package for Linux, the software sets the system's AppleTalk name based upon the TCP/IP hostname, unless you override this setting. For instance, if a computer has the TCP/IP hostname larch.threeroomco.com , the computer's AppleTalk name becomes larch . The domain information is lost, though. (In a zoned network, the computer attempts to set its zone automatically, and the zone name may bear no resemblance to anything in the TCP/IP hostname.) The two-tiered nature of AppleTalk names is an important limiting factor on AppleTalk networks; without more layers of names , creating an AppleTalk network with more than a few hundred computers becomes awkward .

The primary applications for AppleTalk are the file and printer sharing for which the protocols were developed. Many network-enabled printers "speak" AppleTalk natively, and AppleTalk file-sharing protocols are understood by MacOS, Windows NT and 2000, Linux, BeOS, and other systems. There's seldom any reason to use AppleTalk except on a network that contains MacOS systems, though, because most other OSs provide better support for other network protocols. Even in the case of Macintosh-dominated networks, the Unix-based MacOS X supports NFS as well as AppleTalk, so you may prefer to use NFS if your network's Macintoshes run MacOS X. The Netatalk package (see http://netatalk. sourceforge .net) is the main program that uses AppleTalk in Linux; it's discussed in the next section.

TIP

The fact that AppleTalk packets are seldom routable by typical routers makes AppleTalk a good choice for providing a little extra security. You can disable TCP/IP on a Netatalk server if you want to be absolutely certain that nobody can break into your system from outside your local network by exploiting a flaw in your Netatalk server. Similarly, disabling everything but AppleTalk printing on a network-enabled printer or print server can keep this system from being abused by outsiders, unless they first gain a foothold on another system in your local network. Good security practices, as discussed in Part IV, can help secure a TCP/IP network, though, so AppleTalk isn't the only option for improving security.

Using Linux AppleTalk Software

The Netatalk package, which comes with most Linux distributions, is the primary AppleTalk software for Linux. This package provides three features:

  • An AppleTalk file server ” The afpd program allows a Linux computer to operate as a file server for Macintosh systems. The file server supports both native AppleTalk and TCP/IP, so Linux can serve even old Macintoshes, so long as they share a network hardware type. (In the event they don't, LocalTalk-to-Ethernet converter devices are available to bridge the gap.) This server is controlled through a file called afpd.conf , typically in /etc/atalk . In addition, the AppleVolumes.default file controls which directories are shared, and AppleVolumes.system maps filename extensions onto Macintosh file and creator types, which are stored directly on MacOS-native filesystems.

  • An AppleTalk print server ” The papd program allows a Linux computer to operate as a print server for Macintosh systems. Used in conjunction with Ghostscript (part of Linux's standard print queue), this allows you to share even an inexpensive inkjet printer as if it were a full-featured PostScript device. The print server features work only over the original AppleTalk, not via TCP/IP. The papd server is controlled through papd.conf , which is usually located in /etc/atalk .

  • An AppleTalk print client ” The pap program allows Linux to submit print jobs to AppleTalk-enabled printers or print servers. This can be useful if your Linux computer is on a Macintosh-dominated network that hosts printers that don't understand other protocols. You can even print from one Linux computer to another using this tool, although in most cases Linux's native printing tools, as described in Chapter 9, Printer Sharing via LPD, will be simpler to configure. The pap client has no control file; you specify the printer to which you want to send a file with the -p parameter, as in pap -p Laser2 sample.ps to print sample.ps to the printer called Laser2 .

The first two of these programs rely upon another one, atalkd , which configures the computer's overall AppleTalk presence ”features such as the AppleTalk name and address. This program is controlled through a file called atalkd.conf , which is also typically stored in /etc/atalk .

NOTE

Netatalk doesn't include a file-sharing client program. Therefore, you can't access AppleTalk file shares from Linux using Netatalk. The afpfs package (http://www.panix.com/~dfoster/afpfs/) theoretically provides this capability as of version 1.03b-alpha, but it's very old and unreliable. If you want to access Macintosh files from Linux, you're better off using a Macintosh NFS or SMB/CIFS server, such as MacOS X's native NFS server or DAVE (http://www.thursby.com).

Most default installations of AppleTalk work correctly as soon as they're installed, but they're typically configured to share only the home directory of the user who logs in. You can alter this configuration by editing AppleVolumes.default . For instance, the following lines in this file tell the system to export both the user's home directory (specified by a tilde, ~ ) and the /mnt directory:

~ /mnt "Mount Points" options=noadouble

The first of these lines is the default, and includes no special options. The second includes a name to use instead of /mnt for the share as seen on a Macintosh client, as well as an options specification, which sets special options. In this case, the only option set is noadouble , which makes Netatalk not create AppleDouble files (these are special files stored in the .AppleDouble subdirectory to hold MacOS-specific data) unless they're absolutely required.

If your Netatalk package shipped with your distribution, it will probably start up automatically when you start the computer. If not, consult Chapter 4, Starting Servers, for general server startup information (a SysV or local startup script are the best options for starting Netatalk). You should start atalkd first, then afpd and papd . One of the quirks of Netatalk, and particularly of atalkd , is that this server can take quite some time to start ”sometimes over a minute, particularly on older hardware. You can avoid a pause in your system startup procedure by including an ampersand ( & ) after the program call in your startup script.

Категории