More Linux Server Topics - Network Diagram - About This Site

 

Chapter 8

Linux Networking

 

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

In This Chapter

Chapter 8

Linux Networking

How To Configure Your NIC's IP Address

How To Change Your Default Gateway

How Configure Two Gateways

How To Delete A Route

How To View Your Current Routing Table

How To Convert Your Linux Server Into A Router

Configuring Your /etc/hosts File

 

© Peter Harrison, www.linuxhomenetworking.com

 

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

This chapter covers how to configure your Linux box’s networking features.  

 

How To Configure Your NIC's IP Address 

Determining Your IP Address

Most modern PCs come with an ethernet port. When Linux is installed, this device is called "eth0". You can determine the IP address of this device with the "ifconfig" command.

[root@bigboy tmp]# ifconfig -a

 

eth0 Link encap:Ethernet HWaddr 00:08:C7:10:74:A8
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:11 Base address:0x1820


lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:787 errors:0 dropped:0 overruns:0 frame:0
TX packets:787 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:82644 (80.7 Kb) TX bytes:82644 (80.7 Kb)

wlan0 Link encap:Ethernet HWaddr 00:06:25:09:6A:B5
inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:47379 errors:0 dropped:0 overruns:0 frame:0
TX packets:107900 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:4676853 (4.4 Mb) TX bytes:43209032 (41.2 Mb)
Interrupt:11 Memory:c887a000-c887b000

wlan0:0 Link encap:Ethernet HWaddr 00:06:25:09:6A:B5
inet addr:192.168.1.99 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:11 Memory:c887a000-c887b000


[root@bigboy tmp]#

 

In this example, eth0 has no IP address as this box is using wireless interface wlan0 as it's main NIC. Interface wlan0 has an IP address of 192.168.1.100 and a subnet mask of 255.255.255.0 

You can see that this command gives good information on the interrupts used by each card. This can also be found in less detail in the file /proc/interrupts 

Changing Your IP Address

If you wanted, you could give this eth0 interface an IP address using the ifconfig command.

 

[root@bigboy tmp]# ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up

 

The "up" at the end of the command activates the interface. To make this permanent each time you boot up you'll have to add this command in your /etc/rc.d/rc.local file.

Linux also makes life a little easier with special files in the /etc/sysconfig/network-scripts. Each interface has its own dedicated configuration file. Interface eth0 has a file called ifcfg-eth0, eth1 uses ifcfg-eth1 ... etc. You can place your IP address information in these files which are used to auto-configure your NICs when Linux boots. Here are two samples for interface eth0, one assumes the interface has a fixed IP address, the other assumes it requires an IP address assignment using DHCP.

 


network-scripts File Formats 

Fixed IP Address

[root@bigboy tmp]#  cd /etc/sysconfig/network-scripts

[root@bigboy network-scripts]# more ifcfg-eth0


DEVICE=eth0
BROADCAST=192.168.1.255
IPADDR=192.168.1.100
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=no


[root@bigboy network-scripts]#

 

Getting the IP Address using DHCP

[root@bigboy tmp]#  cd /etc/sysconfig/network-scripts

[root@bigboy network-scripts]# more ifcfg-eth0


DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes


[root@bigboy network-scripts]#

 

 

As you can see eth0 will be activated on booting as the parameter ONBOOT has the value "yes" and not "no". You can read more about netmasks and DHCP on the introduction to networking chapter.

Once you change the values in the configuration files for the NIC you'll have to deactivate and activate it for the modifications to take effect. The ifdown and ifup commands can be used to do this.

 

[root@bigboy network-scripts]# ifdown eth0

[root@bigboy network-scripts]# ifup eth0

 

Multiple IP Addresses On A Single NIC

In the previous "determining your IP address" section you may have noticed that there were two wireless interfaces. One's named wlan0 and the other wlan0:0. Interface wlan0:0 is actually a "child" of interface wlan0, a virtual sub-interface also known as an "IP alias". IP aliasing is one of the most common ways of creating multiple IP addresses associated with a single NIC. Aliases have the name format "parent-interface-name:X", where  "X" is the sub-interface number of your choice. 

 

The process for creating an IP alias is very similar to the steps outlined for the real interface in the previous "changing your IP address" section.

 

o        First ensure the "parent" real interface exists

o        Verify that no other IP aliases with the same name exists with the name you plan to use. In this we want to create interface wlan0:0

o        Create the virtual interface with the ifconfig command

 

[root@bigboy tmp]# ifconfig wlan0:0 192.168.1.99 netmask 255.255.255.0 up

 

o        You then have the choice of creating a /etc/sysconfig/network-scripts/ifcfg-wlan0:0 file or adding the ifconfig command used above to your /etc/rc.d/rc.local file to ensure the IP address is assigned properly when you reboot.

 

IP Address Assignment For A Direct DSL Connection

If you are using a DSL connection with fixed or “static” IP addresses, then the configuration steps are the same as those outlined above. You plug your ethernet interface into the DSL modem, configure it with the IP address, subnet mask, broadcast address and gateway information provided by your ISP and you should have connectivity once you restart your interface. Remember that you may also need to configure your DNS server correctly.

If you are using a DSL connection with a DHCP or “dynamic” IP address assignment, then the process is different. Your ISP will provide you with a “username” and “password” which will allow your computer to login to the ISP’s network transparently each time it boots up. By default, as of version 8.0, RedHat Linux installs the rp-pppoe RPM software package required to support this.

Downloading and installing RPMs isn’t hard. If you need a refresher, the chapter on RPMs covers how to do this in detail. The latest version of the RPM for RedHat 8.0 is rp-pppoe-3.4-7.i386.rpm. Install the package using the following command:

 

[root@bigboy tmp]# rpm -Uvh rp-pppoe-3.4-7.i386.rpm
Preparing...    ########################################### [100%]
1:rp-pppoe      ########################################### [100%]

[root@bigboy tmp]#

 

You’ll need to go through a number of further steps to configure your connection. This example assumes that your eth0 interface will be connecting to the Internet. The PPPOE configuration will create a software based virtual interface named ppp0 that will use the physical interface eth0 for connectivity. Here’s what you need to do:


 

o        Make a backup copy of your ifcfg-eth0 file.

 

[root@bigboy tmp]#

[root@bigboy tmp]# cd /etc/sysconfig/network-scripts/

[root@bigboy network-scripts]# ls ifcfg-eth0

ifcfg-eth0

[root@bigboy network-scripts]# cp ifcfg-eth0 DISABLED.ifcfg-eth0

 

o        Edit your ifcfg-eth0 file to have no IP information and also to be deactivated on boot time.

 

DEVICE=eth0

ONBOOT=no

 

o        Shutdown your eth0 interface.

[root@bigboy network-scripts]# ifdown eth0

[root@bigboy network-scripts]#

 

o        Run the adsl-setup configuration script

 

[root@bigboy network-scripts]# adsl-setup

 

o        It will prompt you for your ISP username, the interface to be used (eth0) and whether you want to the connection to stay up indefinitely. We’ll use defaults wherever possible.

 

Welcome to the ADSL client setup.  First, I will run some checks on

your system to make sure the PPPoE client is installed properly...

 

LOGIN NAME

 

Enter your Login Name (default root): bigboy-login@isp

 

INTERFACE

 

Enter the Ethernet interface connected to the ADSL modem

For Solaris, this is likely to be something like /dev/hme0.

For Linux, it will be ethX, where 'X' is a number.

(default eth0):

 

Do you want the link to come up on demand, or stay up continuously?

If you want it to come up on demand, enter the idle time in seconds

after which the link should be dropped.  If you want the link to

stay up permanently, enter 'no' (two letters, lower-case.)

NOTE: Demand-activated links do not interact well with dynamic IP

addresses.  You may have some problems with demand-activated links.

Enter the demand value (default no):


 

o        It will then prompt you for your DNS server information. This step will edit your /etc/resolv.conf file. If you’re running BIND on your server in a caching DNS mode then you may want to leave this option blank. If you want your ISP to automatically provide the IP address of its DNS server then enter the word “server”.

 

DNS

 

Please enter the IP address of your ISP's primary DNS server.

If your ISP claims that 'the server will provide dynamic DNS addresses', enter 'server' (all lower-case) here.

If you just press enter, I will assume you know what you are

doing and not modify your DNS setup.

Enter the DNS information here:  

 

o        The script will then prompt you for your ISP password

 

PASSWORD

 

Please enter your Password:

Please re-enter your Password:

 

o        Then it will ask whether you want regular users (not superuser “root”) to be able to activate/deactivate the new ppp0 interface

 

USERCTRL

 

Please enter 'yes' (two letters, lower-case.) if you want to allow

normal user to start or stop DSL connection (default yes):

 

o        The rp-pppoe package has two sample ipchains firewall scripts located in the directory /etc/ppp directory named firewall-standalone and firewall-masq. They are very basic and don’t cover rules to make your Linux box a web server, DNS server nor mail server. I’d recommend selecting “none” and using a variant of the basic script samples in the firewall chapter, or the more comprehensive one found in the Appendix.

 

FIREWALLING

 

Please choose the firewall rules to use.  Note that these rules are

very basic.  You are strongly encouraged to use a more sophisticated

firewall setup; however, these will provide basic security.  If you

are running any servers on your machine, you must choose 'NONE' and

set up firewalling yourself.  Otherwise, the firewall rules will deny

access to all standard servers like Web, e-mail, ftp, etc.  If you

are using SSH, the rules will block outgoing SSH connections which

allocate a privileged source port.

 

The firewall choices are:

0 - NONE: This script will not set any firewall rules.  You are responsible

          for ensuring the security of your machine.  You are STRONGLY

          recommended to use some kind of firewall rules.

1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation

2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway

                for a LAN

Choose a type of firewall (0-2): 0


 

o        You’ll then be asked whether you want the connection to be activated upon booting. Most people would say “yes”.

 

Start this connection at boot time

 

Do you want to start this connection at boot time?

Please enter no or yes (default no):yes

 

o        Just before exiting, you’ll get a summary of the parameters you entered and the relevant configuration files will be updated to reflect your choices when you accept them.

 

** Summary of what you entered **

 

Ethernet Interface: eth0

User name:          bigboy-login@isp

Activate-on-demand: No

DNS:                Do not adjust

Firewalling:        NONE

User Control:       yes

Accept these settings and adjust configuration files (y/n)? y

 

Adjusting /etc/sysconfig/network-scripts/ifcfg-ppp0

Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets

  (But first backing it up to /etc/ppp/chap-secrets.bak)

  (But first backing it up to /etc/ppp/pap-secrets.bak)

 

o        At the very end it will tell you the commands to use to activate /deactivate your new ppp0 interface and to get a status of the interface’s condition.

 

Congratulations, it should be all set up!

 

Type '/sbin/ifup ppp0' to bring up your xDSL link and '/sbin/ifdown ppp0'to bring it down.

Type '/sbin/adsl-status /etc/sysconfig/network-scripts/ifcfg-ppp0'

to see the link status.

 

By default, ADSL status provides information on interface ppp0, so the ifcfg-ppp0 filename doesn’t need to be entered on the command line.

 

Some Important Files Created By adsl-setup

·         The adsl-setup script creates three files that will be of interest to you. The first is the ifcfg-ppp0 file with interface’s link layer connection parameters

 

[root@bigboy network-scripts]# more ifcfg-ppp0

USERCTL=yes

BOOTPROTO=dialup

NAME=DSLppp0

DEVICE=ppp0

TYPE=xDSL

ONBOOT=yes

PIDFILE=/var/run/pppoe-adsl.pid

FIREWALL=NONE

PING=.

PPPOE_TIMEOUT=20

LCP_FAILURE=3

LCP_INTERVAL=80

CLAMPMSS=1412

CONNECT_POLL=6

CONNECT_TIMEOUT=60

DEFROUTE=yes

SYNCHRONOUS=no

ETH=eth0

PROVIDER=DSLppp0

USER= bigboy-login@isp

PEERDNS=no

[root@bigboy network-scripts]#

 

·         The others are the duplicate /etc/ppp/pap-secrets and /etc/ppp/chap-secrets files with the username and password needed to login to your ISP.

 

[root@bigboy network-scripts]# more /etc/ppp/pap-secrets

# Secrets for authentication using PAP

# client        server  secret                  IP addresses

"bigboy-login@isp" *       "password"

[root@bigboy network-scripts]#

 

Simple Troubleshooting

·         You can run the adsl-status command to determine the condition of your connection. In this case the package has been installed but the interface hasn’t been activated.

 

[root@bigboy tmp]# adsl-status

Note: You have enabled demand-connection; adsl-status may be inaccurate.

adsl-status: Link is attached to ppp0, but ppp0 is down

[root@bigboy tmp]#

 

·         After activation, the interface appears to work correctly.

 

[root@bigboy tmp]# ifup ppp0

[root@bigboy tmp]#  adsl-status

adsl-status: Link is up and running on interface ppp0

ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1462 inet

[root@bigboy tmp]#

 

·         For further troubleshooting information you can visit the website of rp-ppoe at Roaring Penguin (www.roaringpenguin.com). There are some good tips there on how to avoid problems with VPN clients.


 

How To Change Your Default Gateway

This can be done with a simple command. This example uses a newly installed wireless interface called wlan0, most PCs would be using the standard ethernet interface eth0.

 

[root@bigboy tmp]# route add default gw 192.168.1.1 wlan0

 

In this case, make sure that the router / firewall with IP address 192.168.1.1 is connected to the same network as interface wlan0 !

Once done, you'll need to update your /etc/sysconfig/network file to reflect the change. This file is used to configure your default gateway each time Linux boots.

 

NETWORKING=yes
HOSTNAME=bigboy
GATEWAY=192.168.1.1
 

Some people don't bother with this step and just place the "route add" command in the file /etc/rc.d/rc.local

 

How Configure Two Gateways 

Some networks may have multiple router / firewalls providing connectivity. Here's a typical scenario:

·     You have one router providing access to the Internet which you'd like to have as your default gateway (See the default gateway example above)

·     You also have another router providing access to your corporate network using addresses in the range 10.0.0.0 to 10.255.255.255. Let's assume that this router has an IP address of 192.168.1.254

The Linux box used in this example uses interface wlan0 for its connectivity. You may be most likely using interface eth0, please adjust your steps accordingly.  

Add the new route as follows:

 

route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254 wlan0

 

The file etc/sysconfig/static-routes will also have to updated to reload this route when you reboot. Here is a sample.

 

wlan0 net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254

 

Some people don't bother with this step and just place the "route add" command in the file /etc/rc.d/rc.local. A more complicated /etc/sysconfig/static-routes file is located in the following section

 

How To Delete A Route 

Here's how to delete the routes added in the previous section.

 

route del -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254 wlan0

 

The file etc/sysconfig/static-routes will also have to be updated so that when you reboot the server will not reinsert the route. Delete the line that reads:

 

wlan0 net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254 

 

How To View Your Current Routing Table 

The netstat -nr command will give a good listing. Networks with a gateway of 0.0.0.0 are usually directly connected to the interface, no gateway is needed which explains the 0.0.0.0 value for the IP address.

 

·     In this example there is only one gateway for a DHCP server

[root@bigboy tmp]# netstat -nr
Kernel IP routing table
Destination     Gateway     Genmask         Flags MSS Window irtt Iface
255.255.255.255 0.0.0.0     255.255.255.255 UH    40  0      0    wlan0
192.168.1.0     0.0.0.0     255.255.255.0   U     40  0      0    wlan0
127.0.0.0       0.0.0.0     255.0.0.0       U     40  0      0    lo
0.0.0.0         192.168.1.1 0.0.0.0         UG    40  0      0    wlan0
[root@bigboy tmp]#

 

·     In this example, there are multiple gateways handling traffic destined for different networks on different interfaces.

 

[root@bigboy tmp]# netstat -nr
Kernel IP routing table
Destination   Gateway       Genmask         Flags MSS Window irtt Iface
172.16.68.64  172.16.69.193 255.255.255.224 UG    40  0      0    eth1
172.16.11.96  172.16.69.193 255.255.255.224 UG    40  0      0    eth1
172.16.68.32  172.16.69.193 255.255.255.224 UG    40  0      0    eth1
172.16.67.0   172.16.67.135 255.255.255.224 UG    40  0      0    eth0
172.16.69.192 0.0.0.0       255.255.255.192 U     40  0      0    eth1
172.16.67.128 0.0.0.0       255.255.255.128 U     40  0      0    eth0
172.160.0     172.16.67.135 255.255.0.0     UG    40  0      0    eth0
172.16.0.0    172.16.67.131 255.240.0.0     UG    40  0      0    eth0
127.0.0.0     0.0.0.0       255.0.0.0       U     40  0      0    lo
0.0.0.0       172.16.69.193 0.0.0.0         UG    40  0      0    eth1
[root@bigboy tmp]#
 

·     Here is what the static routes file looks like for this multi-homed (Multiple NICs) server

 

[root@bigboy tmp]# more /etc/sysconfig/static-routes
eth0 net 172.16.0.0   netmask 255.240.0.0     gw 172.16.67.131
eth0 net 172.160.0    netmask 255.255.0.0     gw 172.16.67.135
eth0 net 172.16.67.0  netmask 255.255.255.224 gw 172.16.67.135
eth1 net 172.16.68.64 netmask 255.255.255.224 gw 172.16.69.193
eth1 net 172.16.68.32 netmask 255.255.255.224 gw 172.16.69.193
eth1 net 172.16.11.96 netmask 255.255.255.224 gw 172.16.69.193
[root@bigboy tmp]#   

 

How To Convert Your Linux Server Into A Router 

For your Linux server to become a router, you have to enable packet forwarding. In simple terms packet forwarding lets packets flow through the Linux box from one network to another.

The configuration parameter to activate this is found in the file /etc/sysctl.conf. Remove the "#" from the line related to packet forwarding.

 

Before

 

# Disables packet forwarding
#net.ipv4.ip_forward=1

 

After

 

# Disables packet forwarding
net.ipv4.ip_forward=1

 

This will only enable it when you reboot at which time Linux will create a file in one of the subdirectories of the special RAM memory based /proc filesystem. To activate the feature immediately you have to create a single lined text file called /proc/sys/net/ipv4/ip_forward and it only contain the value "1". Here is how it's done:

 

[root@bigboy tmp] echo 1 > /proc/sys/net/ipv4/ip_forward

 

The next step needed will be activating proxy ARP. All computers that need to communicate with a computer on another network send out an ARP request to get the Ethernet MAC address (separate from the IP address) of the most desirable router in their routing table. The router will reply with its MAC address which the server will use when forwarding the packet to the router. Proxy ARP has to be enabled for the Linux box to answer ARP requests. Proxy ARP activation needs to be done for each ethernet interface on your Linux box. This example is for interfaces eth0 and wlan0.

 

[root@bigboy tmp] echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp

[root@bigboy tmp] echo 1 > /proc/sys/net/ipv4/conf/wlan0/proxy_arp

 

(You can determine your network interface names with the ifconfig -a command)

 

There is no purpose built configuration file to force Linux to do proxy ARP on booting. The best way to do this is put the commands above in your /etc/rc.d/rc.local file

 

echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp

echo 1 > /proc/sys/net/ipv4/conf/wlan0/proxy_arp

 

Remember to configure a default route on your Linux box to point to your Internet gateway. You may also want to convert your new Linux router into a firewall to protect your home network. The Netfilter - iptables pages show how to do this.

Configuring Your /etc/hosts File

The /etc/hosts lists the name and IP address of local hosts. Your server will typically check this file before referencing DNS, if the name is found then DNS won't be queried. Unfortunately, if the IP address for that host changes, you'll have to update file. For ease of management, it is best to limit entries in this file to just the loopback interface, and also the local host's name. 

·     The /etc/hosts file has the following format:

 

ip-address fully-qualified-domain-name alias1 alias2 alias3 etc

 

·     The very first line should always look like this with "localhost" being the only alias:

 

127.0.0.1        localhost.localdomain  localhost
 

·     If you have a NIC card in the server, then you have to add another entry in this file.

 

o        First determine what your true hostname is:

 

[root@bigboy mail]# hostname
bigboy
[root@bigboy mail]#

 

o        Add the corresponding entry in the /etc/hosts file for the NIC's IP address 

 

Your NIC's /etc/hosts File Format 

Your machine's name is NOT

listed with a DNS server

Your machine's name is

listed with a DNS server

IP-address hostname.localdomain  hostname

IP-address hostname.my-site.com  hostname

 

 

Here are some examples:

 

·     Host bigboy with an IP address of 192.168.1.100 isn't part of any DNS domain

 

192.168.1.100    bigboy.localdomain     bigboy

 

·     Host bigboy with an IP address of 192.168.1.100 is the mail and web server for domain my-site.com with corresponding entries in the DNS zone file for my-site.com

 

192.168.1.100    bigboy.my-site.com     bigboy     mail   www

 

Note: Only have one line per IP address in this file. If you server has multiple names, then just put the two or three aliases that you feel are most important.