Linux Training : i. Networking

This page last changed on Aug 13, 2013 by jkinney.

Home Page

Networking

Linux, like it's UNIX parents, was designed to be networked.

Static IP vs. DHCP

RHEL uses /etc/sysconfig/network-scripts/ifcfg-<foo> for the interface configuration. <foo> will be eth0, eth1, bond0, wlan0 (for wireless). A file for eth0 running DHCP looks like

# Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller
DEVICE=eth0
BOOTPROTO=dhcp
DHCPCLASS=
HWADDR=00:24:1D:80:2E:52
ONBOOT=yes

The full list of configurable parameters from RedHat's networking site is

BONDING_OPTS=<parameters>
BOOTPROTO=<protocol>
BROADCAST=<address>
DEVICE=<name>
DHCP_HOSTNAME
DNS{1,2}=<address>
ETHTOOL_OPTS=<options>
GATEWAY=<address>
HWADDR=<MAC-address>
IPADDR=<address>
MACADDR=<MAC-address>
MASTER=<bond-interface>
NETMASK=<mask>
NETWORK=<address>
ONBOOT=<answer>
PEERDNS=<answer>
SLAVE=<bond-interface>
SRCADDR=<address>
USERCTL=<answer>

NOTE

The DEVICE= line must match the device name in the ifcfg-<device> filename.

It is also possible to have virtual interfaces (VIP). Simply create an ifcfg-eth0:1 file with the device named eth0:1. It can have separate IP space from the physical device. The parameters that refer to hardware should be excluded from the ifcfg- file for VIPs as it makes no sense.

DNS

DNS is configured using the /etc/resolv.conf file. Note the misspelling (missing "e" on the end). For system using DHCP, DNS is usually handled automatically by the dhclient process as seen here:

; generated by /sbin/dhclient-script
search http://jimkinney.us
nameserver 130.207.197.75
nameserver 130.207.197.73
nameserver 130.207.244.251

The first line begins with a ";" which is a valid comment as is "#". The search line defines the default domain to append to a bare host name. The rest is simply the nameservers to use in order of preference.

NOTE

The file /etc/nsswitch.conf is used to determine the ordering of nameservers as far as static hosts files, DNS and other sources are concerned. Typically, this will be set to hosts: files dns but it has other options as well like db, nis, nisplus. Those are not in use at GTRI and should not be used in the nsswitch configuration.

NOTE

If /etc/resolv.conf is changed, the name service caching daemon nscd will have to be restarted.

Firewalling with iptables

iptables is a very potent firewall process. It uses configuration files found in /etc/sysconfig/ and includes both an IPv4 and IPv6 configuration. The iptables-config and ip6tables-config are high-level configuration files controlling the general operation of iptables. The iptables and ip6tables files contain the actual rules used for the process when it is started by init. The rules files are only rw for the root user for security reasons. The iptables howto on the CentOS wiki is an excellent starter for iptables fundamentals. The RHEL 5.5 Firewall pages and the RHEL 5.5 iptables pages are essential reading for a solid background.

  • Commands for network control and information

    The network system(s) will typically start at boot time from the init scripts. /etc/init.d/network controls the start and stop of the networking while /etc/init.d/NetworkManager is used (in RHEL5) to make the best connection the default one for use. As is expected for init scripts, they typically require being run as root: /etc/init.d/<script> start|stop|restart|status. Another way is service <init script> start|stop|restart|status
    Occasionally only a single network interface needs to be stopped or started. ifconfig <interface name> up|down
Networking exercise
  1. Set up a virtual interface on IP 192.168.100.42. Use gateway 192.168.100.1 and a 24 bit netmask.
  2. Generate iptables rules that will only allow ssh connections to the new device that originate from the real device network.

Networking tools and testing

  • ping

    ping is a first line check to see if a system is network-alive. ping -c 1 <host> will send a single icmp request