LinuxNetworking

Contents
1Sponsors 2Introduction 3HowtoConfigureYourNIC'sIPAddress 3.1DeterminingYourIPAddress 3.2ChangingYourIPAddress 3.2.1Figure31Fileformatsfornetworkscripts 3.2.2HowDHCPAffectstheDNSServerYouUse 3.3MultipleIPAddressesonaSingleNIC 3.4IPAddressAssignmentforaDirectDSLConnection 3.4.1SomeImportantFilesCreatedByadslsetup 3.4.2SimpleTroubleshooting 3.5IPAddressAssignmentforaCableModemConnection 4HowtoActivate/ShutDownYourNIC 5HowtoViewYourCurrentRoutingTable 6HowtoChangeYourDefaultGateway 7HowtoConfigureTwoGateways 7.1AddingTemporaryStaticRoutes 7.2AddingPermanentStaticRoutes 8HowtoDeleteaRoute 9ChangingNICSpeedandDuplex 9.1Usingmiitool 9.1.1SettingYourNIC'sSpeedParameterswithmiitool 9.2Usingethtool 9.2.1SettingYourNIC'sSpeedParameterswithethtool 9.2.2ANoteAboutDuplexSettings 10HowtoConvertYourLinuxServerintoaSimpleRouter 10.1ConfiguringIPForwarding

 10.2ConfiguringProxyARP 11ConfiguringYour/etc/hostsFile 11.1TheloopbackInterface'slocalhostEntry 12Debian/UbuntuNetworkConfiguration 12.1The/etc/network/interfacesFile 12.1.1TheautoStanza 12.1.2ThemappingStanza 12.1.3TheifaceStanza 12.1.4CreatingInterfaceAliases 12.1.5AddingPermanentStaticRoutes 12.1.6Acomplete/etc/network/interfacesfile 13Conclusion

Introduction
Nowthatyouhaveafirmgraspofmanyofthemostcommonlyusednetworkingconcepts,itistimeto applythemtotheconfigurationofyourserver.Someoftheseactivitiesareautomaticallycovered duringaLinuxinstallation,butyouwilloftenfindyourselfhavingtoknowhowtomodifytheseinitial settingswheneveryouneedtomoveyourservertoanothernetwork,addanewnetworkinterfacecard oruseanalternativemeansofconnectingtotheInternet. InChapter2,"IntroductiontoNetworking",westartedwithanexplanationofTCP/IP,sowe'llstartthis LinuxnetworkingchapterwithadiscussiononhowtoconfiguretheIPaddressofyourserver.

HowtoConfigureYourNIC'sIPAddress
YouneedtoknowallthestepsneededtoconfigureIPaddressesonaNICcard.Websiteshoppingcart applicationsfrequentlyneedanadditionalIPaddressdedicatedtothem.Youalsomightneedtoadda secondaryNICinterfacetoyourservertohandledatabackups.Lastbutnotleast,youmightjustwant toplayaroundwiththeservertotestyourskills. ThissectionshowsyouhowtodothemostcommonserverIPactivitieswiththeleastamountof headaches.

DeterminingYourIPAddress
MostmodernPCscomewithanEthernetport.WhenLinuxisinstalled,thisdeviceiscalledeth0.You candeterminetheIPaddressofthisdevicewiththeifconfigcommand.

[root@bigboy tmp]# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:08:C7:10:74:A8 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:11 Base address:0x1820 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:787 errors:0 dropped:0 overruns:0 frame:0 TX packets:787 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:82644 (80.7 Kb) TX bytes:82644 (80.7 Kb) wlan0 Link encap:Ethernet HWaddr 00:06:25:09:6A:B5 inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:47379 errors:0 dropped:0 overruns:0 frame:0 TX packets:107900 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:4676853 (4.4 Mb) TX bytes:43209032 (41.2 Mb) Interrupt:11 Memory:c887a000-c887b000 wlan0:0 Link encap:Ethernet HWaddr 00:06:25:09:6A:B5 inet addr:192.168.1.99 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Memory:c887a000-c887b000 [root@bigboy tmp]#

Inthisexample,eth0hasnoIPaddressbecausethisboxisusingwirelessinterfacewlan0asitsmain NIC.Interfacewlan0hasanIPaddressof192.168.1.100andasubnetmaskof255.255.255.0 Youcanseethatthiscommandgivesgoodinformationontheinterrupts,orPCIbusID,usedbyeach card.OnveryrareoccasionsyoumightfindthatyourNICcarddoesn'tworkbecauseitsharesbothan interruptandmemoryaccessaddresswithsomeotherdevice.Youcanlookatthecontentsofthe /proc/interruptsfiletogetalistingofalltheinterruptIRQsusedbyyoursystem.Intheexamplebelow wecanseethattherearenoconflictswitheachIRQfrom0to15havingonlyasingleentry.Devices eth0andeth1useinterrupts10and5,respectively:

[root@bigboy tmp]# cat /proc/interrupts CPU0 0: 2707402473 XT-PIC timer 1: 67 XT-PIC i8042 2: 0 XT-PIC cascade 5: 411342 XT-PIC eth1 8: 1 XT-PIC rtc 10: 1898752 XT-PIC eth0 11: 0 XT-PIC uhci_hcd 12: 58 XT-PIC i8042 14: 5075806 XT-PIC ide0

15: 506 NMI: 0 ERR: 43 [root@bigboy tmp]#

XT-PIC

ide1

Ifthereareconflicts,youmightneedtorefertothemanualfortheoffendingdevicetotrytodetermine waystoeitheruseanotherinterruptormemoryI/Olocation.

ChangingYourIPAddress
Ifyouwanted,youcouldgivethiseth0interfaceanIPaddressusingtheifconfigcommand.
[root@bigboy tmp]# ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up

The"up"attheendofthecommandactivatestheinterface.Tomakethispermanenteachtimeyouboot upyou'llhavetoaddthiscommandinyour/etc/rc.localfilewhichisrunattheendofeveryreboot. FedoraLinuxalsomakeslifealittleeasierwithinterfaceconfigurationfileslocatedinthe /etc/sysconfig/networkscriptsdirectory.Interfaceeth0hasafilecalledifcfgeth0,eth1usesifcfgeth1, andsoon.YoucanplaceyourIPaddressinformationinthesefiles,whicharethenusedtoauto configureyourNICswhenLinuxboots.SeeFigure31fortwosamplesofinterfaceeth0.Oneassumes theinterfacehasafixedIPaddress,andtheotherassumesitrequiresanIPaddressassignmentusing DHCP.

Figure31Fileformatsfornetworkscripts
FixedIPAddress
[root@bigboy tmp]# cd /etc/sysconfig/network-scripts [root@bigboy network-scripts]# cat ifcfg-eth0 # # File: ifcfg-eth0 # DEVICE=eth0 IPADDR=192.168.1.100 NETMASK=255.255.255.0 BOOTPROTO=static ONBOOT=yes # # The following settings are optional # BROADCAST=192.168.1.255 NETWORK=192.168.1.0 [root@bigboy network-scripts]#

GettingtheIPAddressUsingDHCP
[root@bigboy tmp]# cd /etc/sysconfig/network-scripts

[root@bigboy network-scripts]# cat ifcfg-eth0 # # File: ifcfg-eth0 # DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes [root@bigboy network-scripts]#

Asyoucanseeeth0willbeactivatedonbooting,becausetheparameterONBOOThasthevalueyes andnotno.YoucanreadmoreaboutnetmasksandDHCPinChapter2,"IntroductiontoNetworking", thatactsasanintroductiontonetworking. ThedefaultRedHat/Fedorainstallationwillincludethebroadcastandnetworkoptionsinthenetwork scriptsfile.Theseareoptional. AfteryouchangethevaluesintheconfigurationfilesfortheNICyouhavetodeactivateandactivateit forthemodificationstotakeeffect.Theifdownandifupcommandscanbeusedtodothis:

[root@bigboy network-scripts]# ifdown eth0 [root@bigboy network-scripts]# ifup eth0

YourserverwillhavetohaveadefaultgatewayforittobeabletocommunicatewiththeInternet.This willbecoveredlaterinthechapter.

HowDHCPAffectstheDNSServerYouUse
YourDHCPservernotonlysuppliestheIPaddressyourLinuxboxshoulduse,butalsothedesired DNSservers.WhenusingDHCPforaninterface,makesureyour/etc/resolv.conffilehastheservers configurationlinescommentedouttopreventanyconflicts.

MultipleIPAddressesonaSingleNIC
Intheprevioussection"DeterminingYourIPAddress"youmayhavenoticedthatthereweretwo wirelessinterfaces:wlan0andwlan0:0.Interfacewlan0:0isactuallyachildinterfacewlan0,avirtual subinterfacealsoknownasanIPalias.IPaliasingisoneofthemostcommonwaysofcreatingmultiple IPaddressesassociatedwithasingleNIC.Aliaseshavethenameformatparentinterfacename:X, whereXisthesubinterfacenumberofyourchoice. TheprocessforcreatinganIPaliasisverysimilartothestepsoutlinedfortherealinterfaceinthe previoussection,"ChangingYourIPAddress": Firstensuretheparentrealinterfaceexists VerifythatnootherIPaliaseswiththesamenameexistswiththenameyouplantouse.Inthis wewanttocreateinterfacewlan0:0. Createthevirtualinterfacewiththeifconfigcommand
[root@bigboy tmp]# ifconfig wlan0:0 192.168.1.99 netmask 255.255.255.0 up

 Youshouldalsocreatea/etc/sysconfig/networkscripts/ifcfgwlan0:0filesothatthealiaseswill allbemanagedautomaticallywiththeifupandifdowncommands.Hereisasample configuration:

DEVICE=wlan0:0 ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.99 NETMASK=255.255.255.0

Thecommandstoactivateanddeactivatethealiasinterfacewouldthereforebe:
[root@bigboy tmp]# ifup wlan0:0 [root@bigboy tmp]# ifdown wlan0:0

Note:Shuttingdownthemaininterfacealsoshutsdownallitsaliasestoo.Aliasescanbeshutdown independentlyofotherinterfaces. AftercompletingthesefoursimplestepsyoushouldbeabletopingthenewIPaliasfromotherservers onyournetwork.

IPAddressAssignmentforaDirectDSLConnection
IfyouareusingaDSLconnectionwithfixedorstaticIPaddresses,thentheconfigurationstepsarethe sameasthoseoutlinedearlier.YouplugyourEthernetinterfaceintotheDSLmodem,configureitwith theIPaddress,subnetmask,broadcastaddress,andgatewayinformationprovidedbyyourISPandyou shouldhaveconnectivitywhenyourestartyourinterface.Rememberthatyoumightalsoneedto configureyourDNSservercorrectly. IfyouareusingaDSLconnectionwithaDHCPordynamicIPaddressassignment,thentheprocessis different.YourISPwillprovideyouwithaPPPauthenticationoverEthernet(PPPoE)usernameand passwordwhichwillallowyourcomputertologintransparentlytotheInterneteachtimeitbootsup. FedoraLinuxinstallstherppppoeRPMsoftwarepackagerequiredtosupportthis. Note:UnlessyouspecificallyrequeststaticIPaddresses,yourISPwillprovideyouwithaDHCPbased connection.TheDHCPIPaddressassignedtoyourcomputerand/orInternetrouterwilloftennot changeformanydaysandyoumaybefooledintothinkingitisstatic. DownloadingandinstallingRPMsisn'thard.Ifyouneedarefresher,Chapter6,"InstallingLinux Software",onRPMs,covershowtodothisindetail.Whensearchingforthefile,rememberthatthe PPPoERPM'sfilenameusuallystartswiththewordrppppoefollowedbyaversionnumberlikethis: rppppoe3.58.i386.rpm. AfterinstallingtheRPM,youneedtogothroughanumberofstepstocompletetheconnection.The PPPOEconfigurationwillcreateasoftwarebasedvirtualinterfacenamedppp0thatwillusethe physicalInternetinterfaceeth0forconnectivity.Here'swhatyouneedtodo: Makeabackupcopyofyourifcfgeth0file.
[root@bigboy [root@bigboy [root@bigboy ifcfg-eth0 [root@bigboy tmp]# tmp]# cd /etc/sysconfig/network-scripts/ network-scripts]# ls ifcfg-eth0 network-scripts]# cp ifcfg-eth0 DISABLED.ifcfg-eth0

 Edityourifcfgeth0filetohavenoIPinformationandalsotobedeactivatedonboottime.
DEVICE=eth0 ONBOOT=no

Shutdownyoureth0interface.
[root@bigboy network-scripts]# ifdown eth0 [root@bigboy network-scripts]#

Runtheadslsetupconfigurationscript
[root@bigboy network-scripts]# adsl-setup

ItwillpromptyouforyourISPusername,theinterfacetobeused(eth0)andwhetheryouwantto theconnectiontostayupindefinitely.We'llusedefaultswhereverpossible.
Welcome to the ADSL client setup. First, I will run some checks on your system to make sure the PPPoE client is installed properly... LOGIN NAME Enter your Login Name (default root): bigboy-login@isp INTERFACE Enter the Ethernet interface connected to the ADSL modem For Solaris, this is likely to be something like /dev/hme0. For Linux, it will be ethX, where 'X' is a number. (default eth0): Do you want the link to come up on demand, or stay up continuously? If you want it to come up on demand, enter the idle time in seconds after which the link should be dropped. If you want the link to stay up permanently, enter 'no' (two letters, lower-case.) NOTE: Demand-activated links do not interact well with dynamic IP addresses. You might have some problems with demand-activated links. Enter the demand value (default no):

ItwillthenpromptyouforyourDNSserverinformation.Thisstepeditsyour/etc/resolv.conffile. Ifyou'rerunningBINDonyourserverinacachingDNSmodethenyoumightwanttoleavethis optionblank.IfyouwantyourISPtoprovidetheIPaddressofitsDNSserverautomaticallythen enterthewordserver. PleaserefertoChapter18,"ConfiguringDNS",formoreinformationonBINDandDNS.

DNS Please enter the IP address of your ISP's primary DNS server. If your ISP claims that 'the server will provide dynamic DNS addresses', enter 'server' (all lower-case) here. If you just press enter, I will assume you know what you are doing and not modify your DNS setup.

Enter the DNS information here:

ThescriptwillthenpromptyouforyourISPpassword
PASSWORD Please enter your Password: Please re-enter your Password:

Thenitwillaskwhetheryouwantregularusers(notsuperuserroot)tobeableto activate/deactivatethenewppp0interface.Thismayberequiredifnonrootmembersofyour familyorhomeofficeneedtogetaccesstotheInternet:

USERCTRL Please enter 'yes' (two letters, lower-case.) if you want to allow normal user to start or stop DSL connection (default yes):

Therppppoepackagehastwosampleiptablesfirewallscriptslocatedinthe/etc/pppdirectory namedfirewallstandaloneandfirewallmasq.Theyareverybasicanddon'tcoverrulestomake yourLinuxboxawebserver,DNSserver,ormailserver.I'drecommendselectingnoneandusing avariantofthebasicscriptsamplesinChapter14,"LinuxFirewallsUsingiptables",orthemore comprehensiveonefoundinAppendixII,"Codes,Scripts,andConfigurations".

FIREWALLING Please choose the firewall rules to use. Note that these rules are very basic. You are strongly encouraged to use a more sophisticated firewall setup; however, these will provide basic security. If you are running any servers on your machine, you must choose 'NONE' and set up firewalling yourself. Otherwise, the firewall rules will deny access to all standard servers like Web, e-mail, ftp, etc. If you are using SSH, the rules will block outgoing SSH connections which allocate a privileged source port. The firewall choices are: 0 - NONE: This script will not set any firewall rules. You are responsible for ensuring the security of your machine. You are STRONGLY recommended to use some kind of firewall rules. 1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation 2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway for a LAN Choose a type of firewall (0-2): 0

You'llthenbeaskedwhetheryouwanttheconnectiontobeactivateduponbooting.Mostpeople wouldsayyes.

Start this connection at boot time Do you want to start this connection at boot time? Please enter no or yes (default no):yes

Justbeforeexiting,you'llgetasummaryoftheparametersyouenteredandtherelevant configurationfileswillbeupdatedtoreflectyourchoiceswhenyouacceptthem:
** Summary of what you entered ** Ethernet Interface: eth0 User name: bigboy-login@isp Activate-on-demand: No DNS: Do not adjust Firewalling: NONE User Control: yes Accept these settings and adjust configuration files (y/n)? y Adjusting /etc/sysconfig/network-scripts/ifcfg-ppp0 Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets (But first backing it up to /etc/ppp/chap-secrets.bak) (But first backing it up to /etc/ppp/pap-secrets.bak)

Attheveryenditwilltellyouthecommandstousetoactivate/deactivateyournewppp0 interfaceandtogetastatusoftheinterface'scondition.
Congratulations, it should be all set up! Type '/sbin/ifup ppp0' to bring up your xDSL link and '/sbin/ifdown ppp0'to bring it down. Type '/sbin/adsl-status /etc/sysconfig/network-scripts/ifcfg-ppp0' to see the link status.

Note:ThisexamplerecommendsusingtheadslstatuscommandwiththenameofthePPPoE interfaceconfigurationfile.Thiscommanddefaultstoshowinformationforinterfaceppp0,and thereforelistingtheifcfgppp0filenamewon'tbenecessaryinmosthomeenvironments. AfteryouhavecompletedinstallingrppppoeyoushouldbeabletoaccesstheInternetoveryourDHCP DSLconnectionasexpected.

SomeImportantFilesCreatedByadslsetup
Theadslsetupscriptcreatesthreefilesthatwillbeofinteresttoyou.Thefirstistheifcfgppp0file withinterface'slinklayerconnectionparameters
[root@bigboy network-scripts]# more ifcfg-ppp0 USERCTL=yes BOOTPROTO=dialup NAME=DSLppp0

DEVICE=ppp0 TYPE=xDSL ONBOOT=yes PIDFILE=/var/run/pppoe-adsl.pid FIREWALL=NONE PING=. PPPOE_TIMEOUT=20 LCP_FAILURE=3 LCP_INTERVAL=80 CLAMPMSS=1412 CONNECT_POLL=6 CONNECT_TIMEOUT=60 DEFROUTE=yes SYNCHRONOUS=no ETH=eth0 PROVIDER=DSLppp0 USER= bigboy-login@isp PEERDNS=no [root@bigboy network-scripts]#

Theothersaretheduplicate/etc/ppp/papsecretsand/etc/ppp/chapsecretsfileswiththeusernameand passwordneededtologintoyourISP:
[root@bigboy network-scripts]# more /etc/ppp/pap-secrets # Secrets for authentication using PAP # client server secret IP addresses "bigboy-login@isp" * "password" [root@bigboy network-scripts]#

SimpleTroubleshooting
Youcanruntheadslstatuscommandtodeterminetheconditionofyourconnection.Inthiscasethe packagehasbeeninstalledbuttheinterfacehasn'tbeenactivated.
[root@bigboy tmp]# adsl-status Note: You have enabled demand-connection; adsl-status may be inaccurate. adsl-status: Link is attached to ppp0, but ppp0 is down [root@bigboy tmp]#

Afteractivation,theinterfaceappearstoworkcorrectly.
[root@bigboy tmp]# ifup ppp0 [root@bigboy tmp]# adsl-status adsl-status: Link is up and running on interface ppp0 ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1462 inet ... ... [root@bigboy tmp]#

ForfurthertroubleshootinginformationyoucanvisittheWebsiteofrpppoeatRoaringPenguin (www.roaringpenguin.com).TherearesomegoodtipsthereonhowtoavoidproblemswithVPN clients.

IPAddressAssignmentforaCableModemConnection
CablemodemsuseDHCPtogettheirIPaddressessoyoucanconfigureyourserver'sEthernetinterface accordingly.

HowtoActivate/ShutDownYourNIC
TheifupandifdowncommandscanbeusedrespectivelytoactivateanddeactivateaNICinterface.You musthaveanifcfgfileinthe/etc/sysconfig/networkscriptsdirectoryforthesecommandstowork.Here isanexampleforinterfaceeth0:
[root@bigboy tmp]# ifdown eth0 [root@bigboy tmp]# ifup eth0

HowtoViewYourCurrentRoutingTable
Thenetstatnrcommandwillprovidethecontentsofthetoutingtable.Networkswithagatewayof 0.0.0.0areusuallydirectlyconnectedtotheinterface.Nogatewayisneededtoreachyourowndirectly connectedinterface,soagatewayaddressof0.0.0.0seemsappropriate.Theroutewithadestination addressof0.0.0.0isyourdefaultgateway. Inthisexampletherearetwogateways,thedefaultandoneto255.255.255.255whichisusually addedonDHCPservers.ServerbigboyisaDHCPserverinthiscase.
[root@bigboy tmp]# netstat -nr Kernel IP routing table Destination Gateway 255.255.255.255 0.0.0.0 192.168.1.0 0.0.0.0 127.0.0.0 0.0.0.0 0.0.0.0 192.168.1.1 [root@bigboy tmp]# Genmask 255.255.255.255 255.255.255.0 255.0.0.0 0.0.0.0 Flags UH U U UG MSS 40 40 40 40 Window 0 0 0 0 irtt 0 0 0 0 Iface wlan0 wlan0 lo wlan0

Inthisexample,therearemultiplegatewayshandlingtrafficdestinedfordifferentnetworkson differentinterfaces.
[root@bigboy tmp]# netstat -nr Kernel IP routing table Destination Gateway 172.16.68.64 172.16.69.193 172.16.11.96 172.16.69.193 172.16.68.32 172.16.69.193 172.16.67.0 172.16.67.135 172.16.69.192 0.0.0.0 172.16.67.128 0.0.0.0 172.160.0 172.16.67.135 172.16.0.0 172.16.67.131 127.0.0.0 0.0.0.0 Genmask 255.255.255.224 255.255.255.224 255.255.255.224 255.255.255.224 255.255.255.192 255.255.255.128 255.255.0.0 255.240.0.0 255.0.0.0 Flags UG UG UG UG U U UG UG U MSS 40 40 40 40 40 40 40 40 40 Window 0 0 0 0 0 0 0 0 0 irtt 0 0 0 0 0 0 0 0 0 Iface eth1 eth1 eth1 eth0 eth1 eth0 eth0 eth0 lo

0.0.0.0 172.16.69.193 0.0.0.0 [root@bigboy tmp]#

UG

40

eth1

HowtoChangeYourDefaultGateway
Yourserverneedstohaveasingledefaultgateway.DHCPserverswillautomaticallyassignadefault gatewaytoDHCPconfiguredNICs,butNICswithconfiguredstaticIPaddresseswillneedtohavea manuallyconfigureddefaultgateway.Thiscanbedonewithasimplecommand.Thisexampleusesa newlyinstalledwirelessinterfacecalledwlan0,mostPCswouldbeusingthestandardEthernet interfaceeth0.
[root@bigboy tmp]# route add default gw 192.168.1.1 wlan0

Inthiscase,makesurethattherouter/firewallwithIPaddress192.168.1.1isconnectedtothesame networkasinterfacewlan0! Oncedone,you'llneedtoupdateyour/etc/sysconfig/networkfiletoreflectthechange.This fileisusedtoconfigureyourdefaultgatewayeachtimeLinuxboots.

NETWORKING=yes HOSTNAME=bigboy GATEWAY=192.168.1.1

Note:InDebianbasedsystemsthedefaultgatewayispermanentlydefinedinthe /etc/network/interfacesfile.Seethesection"Debian/UbuntuNetworkConfiguration"later inthischapterformoredetails. Somepeopledon'tbothermodifyingnetworkspecificfilesandjustplacetheroute addcommand inthescriptfile/etc/rc.d/rc.localwhichisrunattheendofeachreboot. ItispossibletodefinedefaultgatewaysintheNICconfigurationfileinthe /etc/sysconfig/network-scriptsdirectory,butyouruntheriskofinadvertentlyassigning morethanonedefaultgatewaywhenyouhavemorethanoneNIC.Thiscouldcauseconnectivity problems.Ifoneofthedefaultgatewayshasnoroutetotheintendeddestination,everyotherpacketwill becomelost.Firewallsthataredesignedtoblockpacketswithirregularsequencenumbersand unexpectedoriginscouldalsoobstructyourdataflow.

HowtoConfigureTwoGateways
Somenetworksmayhavemultiplerouter/firewallsprovidingconnectivity.Here'satypicalscenario: YouhaveonerouterprovidingaccesstotheInternetthatyou'dliketohaveasyourdefault gateway(seethedefaultgatewayexampleearlier) Youalsohaveanotherrouterprovidingaccesstoyourcorporatenetworkusingaddressesinthe range10.0.0.0to10.255.255.255.Let'sassumethatthisrouterhasanIPaddressof 192.168.1.254 TheLinuxboxusedinthisexampleusesinterfacewlan0foritsInternetconnectivity.Youmightbe mostlikelyusinginterfaceeth0,pleaseadjustyourstepsaccordingly.

Thereareanumberofwaystoaddthisnewroute.

AddingTemporaryStaticRoutes
Therouteaddcommandcanbeusedtoaddnewroutestoyourserverthatwilllasttillthenextreboot. IthastheadvantageofbeinguniveraltoallversionsofLinuxandiswelldocumentedinthemanpages. Inourexamplethereferencetothe10.0.0.0networkhastobeprecededwithanetswitchandthe subnetmaskandgatewayvaluesalsohavetobeprecededbythenetmaskandgwswitchesrespectively.
[root@bigboy tmp]# route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254 wlan0

Ifyouwantedtoaddaroutetoanindividualserver,thenthe"host"switchwouldbeusedwithno netmaskvalue.(Theroutecommandautomaticallyknowsthemaskshouldbe255.255.255.255).Here isanexampleforaroutetohost10.0.0.1.

[root@bigboy tmp]# route add -host 10.0.0.1 gw 192.168.1.254 wlan0

Auniversalwayofmakingthischangepersistentafterarebootwouldbetoplacethisrouteadd commandinthefile/etc/rc.d/rc.local,whichisalwaysrunattheendofthebootingprocess.

AddingPermanentStaticRoutes
InFedoraLinux,permanentstaticroutesareaddedonaperinterfacebasisinfileslocatedinthe /etc/sysconfig/network-scriptsdirectory.Thefilenameformatisrouteinterfacenameso thefilenameforinterfacewlan0wouldberoute-wlan0. Theformatofthefileisquiteintuitivewiththetargetnetworkcominginthefirstcolumnfollowedby thewordviaandthenthegateway'sIPaddress.Inourroutingexample,tosetuparoutetonetwork 10.0.0.0withasubnetmaskof255.0.0.0(amaskwiththefirst8bitssetto1)viathe192.168.1.254 gateway,wewouldhavetoconfigurefile/etc/sysconfig/network-scripts/routewlan0tolooklikethis:
# # File /etc/sysconfig/network-scripts/route-wlan0 # 10.0.0.0/8 via 192.168.1.254

Note:The/etc/sysconfig/network-scripts/route-*filenameisveryimportant. Addingthewronginterfaceextensionattheendwillresultintheroutesnotbeingaddedafterthenext reboot.Therewillalsobenoreportederrorsonthescreenoranyofthelogfilesinthe/var/log/ directory. Youcantestthenewfilebyrunningthe/etc/sysconfig/network-scripts/ifup-routes commandwiththeinterfacenameasthesoleargument.Inthenextexamplewechecktheroutingtable toseenoroutestothe10.0.0.0networkandexecutetheifup-routescommand,whichthenadds theroute:

[root@bigboy tmp]# netstat -nr

Kernel IP routing table Destination Gateway Genmask 192.168.1.0 0.0.0.0 255.255.255.0 169.254.0.0 0.0.0.0 255.255.0.0 0.0.0.0 192.168.1.1 0.0.0.0 [root@bigboy tmp]# ./ifup-routes wlan0 [root@bigboy tmp]# netstat -nr Kernel IP routing table Destination Gateway Genmask 192.168.1.0 0.0.0.0 255.255.255.0 169.254.0.0 0.0.0.0 255.255.0.0 10.0.0.0 192.168.1.254 255.0.0.0 0.0.0.0 192.168.1.1 0.0.0.0 [root@bigboy tmp]# Flags U U UG MSS 0 0 0 Window 0 0 0 irtt 0 0 0 Iface wlan0 wlan0 wlan0

Flags U U UG UG

MSS 0 0 0 0

Window 0 0 0 0

irtt 0 0 0 0

Iface wlan0 wlan0 wlan0 wlan0

Note:InDebianbasedsystems,permanentstaticroutesareconfiguredusingthe /etc/network/interfacesfile.Seethesection"Debian/UbuntuNetworkConfiguration"later inthischapterformoredetails.

HowtoDeleteaRoute
Here'showtodeletetheroutesaddedintheprevioussection.
[root@bigboy tmp]# route del -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254 wlan0

Thefile/etc/sysconfig/network-scripts/route-wlan0willalsohavetobeupdatedso thatwhenyoureboottheserverwillnotreinserttheroute.Deletethelinethatreads:
10.0.0.0/8 via 192.168.1.254

ChangingNICSpeedandDuplex
ThereisnobetterLinuxinvestmentthanthepurchaseofafullyLinuxcompatibleNICcard.Most LinuxvendorswillhavealistofcompatiblehardwareontheirWebsites:readthiscarefullybeforeyou starthookingupyoumachinetothenetwork.Ifyoucan'tfindanyofthedesiredmodelsinyourlocal computerstore,thenamodelinthesamefamilyorseriesshouldbesufficient.Mostcardswillwork, butonlythefullycompatibleoneswillprovideyouwitherrorfree,consistentthroughput. Linuxdefaultstoautomaticallynegotiatingthespeedandduplexofit'sNICautomaticallywiththatof theswitchtowhichitisattached.Configuringaswitchporttoautonegotiatethespeedandduplex oftenisn'tsufficientbecausetherearefrequentlydifferencesintheimplementationoftheprotocol standard. Typically,NICswithfailednegotiationwillwork,butthisisusuallyaccompaniedbymanycollision typeerrorsbeingseenontheNICwhenusingtheifconfigacommandandonlymarginalperformance. Don'tlimityourtroubleshootingofthesetypesoferrorstojustfailednegotiation;theproblemcould alsobeduetoabadNICcard,switchport,orcabling.

Usingmiitool
OneoftheoriginalLinuxtoolsforsettingthespeedandduplexofyourNICcardwasthemiitool command.Itisdestinedtobedeprecatedandreplacedbythenewerethtoolcommand,butmanyolder NICssupportonlymiitoolsoyou'llneedtobeawareofit.Issuingthecommandwithoutany argumentsgivesabriefstatusreport,asseeninthenextexample,withunsupportedNICsprovidingan Operationnotsupportedmessage.NICsthatarenotcompatiblewithmiitooloftenwillstillwork,but youhavetorefertothemanufacturer'sguidestosetthespeedandduplextoanythingbutauto negotiate.
[root@bigboy tmp]# mii-tool SIOCGMIIPHY on 'eth0' failed: Operation not supported eth1: 100 Mbit, half duplex, link ok [root@bigboy tmp]#

Byusingtheverbosemodevswitchyoucangetmuchmoreinformation.Inthiscase,negotiationwas OK,withtheNICselecting100Mbps,fullduplexmode(FD):
[root@bigboy tmp]# mii-tool -v eth1: negotiated 100baseTx-FD, link ok product info: vendor 00:10:18, model 33 basic mode: autonegotiation enabled basic status: autonegotiation complete, capabilities: 100baseTx-FD 100baseTx-HD advertising: 100baseTx-FD 100baseTx-HD link partner: 100baseTx-FD 100baseTx-HD [root@bigboy tmp]# rev 2 link ok 10baseT-FD 10baseT-HD 10baseT-FD 10baseT-HD 10baseT-FD 10baseT-HD flow-control

SettingYourNIC'sSpeedParameterswithmiitool
YoucansetyourNICtoforceitselftoaparticularspeedandduplexbyusingtheFswitchwithanyof thefollowingoptions:100baseTxFD,100baseTxHD,10baseTFD,or10baseTHD.Rememberthat youcouldloseallnetworkconnectivitytoyourserverifyouforceyourNICtoaparticular speed/duplexthatdoesn'tmatchthatofyourswitch:
[root@bigboy tmp]# mii-tool -F 100baseTx-FD eth0

Unfortunatelythereisnowaytosetthisonrebootpermanentlyexceptbyplacingitthecommandinthe /etc/rc.localfiletoletitberunattheveryendofthebootingprocessorbycreatingyourownstartup scriptifyouneeditsetearlier.CreatingyourownstartupscriptsiscoveredinChapter7,"TheLinux BootProcess".

Usingethtool
Theethtoolcommandisslatedtobethereplacementformiitoolinthenearfutureandtendstobe supportedbynewerNICcards. Thecommandprovidesthestatusoftheinterfaceyouprovideasitsargument.Hereweseeinterface eth0notdoingautonegotiationandsettoaspeedof100Mbps,fullduplex.Alistofsupportedmodesis

alsoprovidedatthetopoftheoutput.
[root@bigboy tmp]# ethtool eth0 Settings for eth0: Supported ports: [ TP MII ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full Advertised auto-negotiation: No Speed: 100Mb/s Duplex: Full Port: MII PHYAD: 1 Transceiver: internal Auto-negotiation: off Supports Wake-on: g Wake-on: g Current message level: 0x00000007 (7) Link detected: yes [root@bigboy tmp]#

SettingYourNIC'sSpeedParameterswithethtool
Unlikemiitool,ethtoolsettingscanbepermanentlysetaspartoftheinterface'sconfigurationscript withtheETHTOOL_OPTSvariable.Inournextexample,thesettingswillbesetto100Mbps,full duplexwithnochanceforautonegotiationonthenextreboot:
# # File: /etc/sysconfig/network-scripts/ifcfg-eth0 # DEVICE=eth0 IPADDR=192.168.1.100 NETMASK=255.255.255.0 BOOTPROTO=static ONBOOT=yes ETHTOOL_OPTS="speed 100 duplex full autoneg off"

Youcantesttheapplicationoftheseparametersbyshuttingdowntheinterfaceandactivatingitagain withtheifupandifdowncommands.Thesesettingscanalsobechangedfromthecommandlineusing thesswitchfollowedbytheinterfacenameanditsdesiredconfigurationparameters.

[root@bigboy tmp]# ethtool -s eth1 speed 100 duplex full autoneg off [root@bigboy tmp]#

TheLinuxmanpagesgivemoredetailsonotherethtooloptions,butyoucangetaquickguidebyjust enteringtheethtoolcommandalone,whichprovidesaquickersummary.
[root@bigboy tmp]# ethtool ... ...

... ... [root@bigboy tmp]#

ethtool -s DEVNAME \ [ speed 10|100|1000 ] \ [ duplex half|full ] \ [ port tp|aui|bnc|mii|fibre ] \

ANoteAboutDuplexSettings
Bydefault,LinuxNICsnegotiatetheirspeedandduplexsettingswiththeswitch.Thisisdoneby exchangingelectronicsignalscalledFastLinkPulses(FLP).Whenthespeedandduplexareforcedtoa particularsettingtheFLPsarenotsent.WhenaNICisinautonegotiationmodeanddetectsahealthy, viablelinkbutreceivesnoFLPs,iterrsonthesideofcautionandsetsitsduplextohalfduplexand sometimesitwillalsosetitsspeedtothelowestconfigurablevalue.Itisthereforepossibletoforcea switchportto100Mbpsfullduplex,buthavetheautonegotiatingserverNICsetitselfto100Mbps halfduplexwhichwillresultinerrors.Thesameistruefortheswitchiftheswitchportissettoauto negotiateandserverNICissetto100Mbpsfullduplex.Itisbesttoeitherforceboththeswitchport andserverNICtoeitherautonegotiateorthesameforcedspeedandduplexvalues.

HowtoConvertYourLinuxServerintoa SimpleRouter
Router/firewallappliancesthatprovidebasicInternetconnectivityforasmallofficeorhomenetwork arebecomingmoreaffordableeveryday,butwhenbudgetsaretightyoumightseriouslywantto considermodifyinganexistingLinuxservertodothejob. DetailsonhowtoconfigureLinuxfirewallsecurityarecoveredinChapter14,"LinuxFirewallsUsing iptables",butyouneedtounderstandhowtoactivateroutingthroughthefirewallbeforeitcanbecome afunctioningnetworkingdevice.

ConfiguringIPForwarding
ForyourLinuxservertobecomearouter,youhavetoenablepacketforwarding.Insimpleterms packetforwardingenablespacketstoflowthroughtheLinuxboxfromonenetworktoanother.The Linuxkernelconfigurationparametertoactivatethisisnamednet.ipv4.ip_forwardandcanbe foundinthefile/etc/sysctl.conf.Removethe"#"fromthelinerelatedtopacketforwarding.
Before: # Disables packet forwarding net.ipv4.ip_forward=0 After: # Enables packet forwarding

net.ipv4.ip_forward=1

ThisenablespacketforwardingonlywhenyourebootatwhichtimeLinuxwillcreateafileinoneof thesubdirectoriesofthespecialRAMmemorybased/procfilesystem.Toactivatethefeature immediatelyyouhavetoforceLinuxtoreadthe/etc/sysctl.conffilewiththesysctlcommand usingthe-pswitch.Hereishowit'sdone:

[root@bigboy tmp] sysctl -p sysctl -p net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 1 kernel.sysrq = 0 kernel.core_uses_pid = 1 [root@bigboy tmp]#

Pleasereferto"AppendixI,MiscellaneousLinuxTopics"formoreinformationonadjustingkernel parameters.

ConfiguringProxyARP
Ifaserverneedstosendapackettoanotherdeviceonthesamenetwork,itsendsoutanARPrequestto thenetworkaskingfortheMACaddressoftheotherdevice. Ifthesameserverneedstosendapackettoanotherdeviceonaremotenetworktheprocessisdifferent. TheserverfirsttakesalookatitsroutingtabletofindouttheIPaddressofthebestrouteronits networkthatwillbeabletorelaythepackettothedestination.TheserverthensendsanARPrequest fortheMACaddressthatmatchestherouter'sIPaddress.Itthensendsthepackettotherouterusing therouter'sMACaddressandadestinationIPaddressoftheremoteserver. Ifthereisnosuitablerouteronitsnetwork,theserverwillthensendoutanARPrequestfortheMAC addressoftheremoteserver.SomerouterscanbeconfiguredtoanswerthesetypesofARPrequestsfor remotenetworks.ThisfeatureiscalledproxyARP.Therearesomedisadvantageswiththis.Oneofthe mostcommonproblemsoccursiftworoutersareonthenetworkconfiguredforproxyARP.Inthis scenariothereisthepossibilitythateitheronewillanswerthelocalserver'sARPrequestfortheMAC addressoftheremoteserver.Ifoneoftheroutershasanincorrectroutingtableentryfortheremote network,thenthereistheriskthattraffictotheremoteserverwilloccasionallygetlost.Inotherwords youcanloseroutingcontrol. Note:ItisforthisandotherreasonsthatitisgenerallynotagoodideatoconfigureproxyARPona router.Itisalsogoodtoalwaysconfigureadefaultgatewayonyourserveranduseseparaterouting entriesviaotherroutersforallnetworksyourdefaultgatewaymaynotknowabout. SometypesofbridgingmodefirewallsneedtohaveproxyARPenabledtooperateproperly.These devicesaretypicallyinsertedaspartofadaisychainconnectingmultiplenetworkswitchestogetheron thesameLANwhileprotectingonesectionofaLANfromtrafficoriginatingonanothersection.The firewalltypicallyisn'tconfiguredwithanIPaddressontheLANandappearstobeanintelligentcable capableofselectivelyblockingpackets. IfyouneedtoenableproxyARPonaLinuxserverthe/procfilesystemcomesintoplayagain.Proxy

ARPishandledbyfilesinthe/proc/sys/net/ipv4/conf/directory.Thisdirectorythenhas subdirectoriescorrespondingtoeachfunctioningNICcardonyourserver.Eachsubdirectorythenhasa filecalledproxy_arp.Ifthevaluewithinthisfileis0,thenproxyARPontheinterfaceisdisabled; ifthevalueis1thenitisenabled. Youcanusethe/etc/sysctl.conf filementionedin"AppendixI,MiscellaneousLinux Topics"toactivateordisableproxyARP.ThenextexampleactivatesproxyARP,firstforallinterfaces andthenforinterfaceseth0andwlan0.

# # File: /etc/sysctl.conf # # Enables Proxy ARP on all interfaces net/ipv4/conf/all/proxy_arp = 1 # Enables Proxy ARP on interfaces eth1 and wlan0 net/ipv4/conf/eth1/proxy_arp = 1 net/ipv4/conf/wlan0/proxy_arp = 1

Youcanthenactivatethesesettingswiththesysctlcommand.
[root@bigboy tmp] sysctl -p

ConfiguringYour/etc/hostsFile
The/etc/hostsfileisjustalistofIPaddressesandtheircorrespondingservernames.Yourserverwill typicallycheckthisfilebeforereferencingDNS.IfthenameisfoundwithacorrespondingIPaddress thenDNSwon'tbequeriedatall.Unfortunately,iftheIPaddressforthathostchanges,youalsohaveto alsoupdatethefile.Thismaynotbemuchofaconcernforasingleserver,butcanbecomelaboriousif ithastobedonecompanywide.Foreaseofmanagement,itisofteneasiesttolimitentriesinthisfileto justtheloopbackinterfaceandalsotheserver'sownhostname,anduseacentralizedDNSserverto handlemostoftherest.SometimesyoumightnotbetheonemanagingtheDNSserver,andinsuch casesitmaybeeasiertoaddaquick/etc/hostsfileentrytillthecentralizedchangecanbemade.
192.168.1.101 smallfry

IntheexampleaboveserversmallfryhasanIPaddressof192.168.1.101.Youcanaccess192.168.1.101 usingtheping,telnetoranyothernetworkawareprogrambyreferringtoitassmallfry.Hereisan exampleusingthepingcommandtoseewhethersmallfryisaliveandwellonthenetwork:

[root@bigboy tmp]# ping smallfry PING zero (192.168.1.101) 56(84) bytes of data. 64 bytes from smallfry (192.168.1.101): icmp_seq=0 ttl=64 time=0.197 ms 64 bytes from smallfry (192.168.1.101): icmp_seq=1 ttl=64 time=0.047 ms --- smallfry ping statistics --2 packets transmitted, 2 received, 0% packet loss, time 2017ms rtt min/avg/max/mdev = 0.034/0.092/0.197/0.074 ms, pipe 2 [root@bigboy tmp]#

Youcanalsoaddaliasestotheendofthelinewhichenableyoutorefertotheserverusingother names.Herewehavesetitupsothatsmallfrycanalsobeaccessedusingthenamestinyand littleguy.

192.168.1.101 smallfry tiny littleguy

YoushouldneverhaveanIPaddressmorethanonceinthisfilebecauseLinuxwilluseonlythevalues inthefirstentryitfinds.
192.168.1.101 192.168.1.101 192.168.1.101 smallfry tiny littleguy # (Wrong) # (Wrong) # (Wrong)

TheloopbackInterface'slocalhostEntry
Usuallythefirstentryin/etc/hostsdefinestheIPaddressoftheserver'svirtualloopbackinterface.This isusuallymappedtothenamelocalhost.localdomain(theuniversalnameusedwhenaserverrefersto itself)andlocalhost(theshortenedaliasname).Bydefault,Fedorainsertsthehostnameoftheserver betweenthe127.0.0.1andthelocalhostentrieslikethis:
127.0.0.1 bigboy localhost.localdomain localhost

WhentheserverisconnectedtotheInternetthisfirstentryafterthe127.0.0.1needstobethefully qualifieddomainname(FQDN)oftheserver.Forexample,bigboy.mysite.com,likethis:
127.0.0.1 bigboy.my-site.com localhost.localdomain localhost

SomeprogramssuchasSendmailareverysensitivetothisandiftheydetectwhattheyfeelisan incorrectFQDNtheywilldefaulttousingthenamelocalhost.localdomainwhencommunicatingwith anotherserveronthenetwork.Thiscancauseconfusion,astheotherserveralsofeelsitis localhost.localdomain. Note:Youmustalwayshavealocalhostandlocalhost.localdomainentrymappingto127.0.0.1for Linuxtoworkproperlyandsecurely.

Debian/UbuntuNetworkConfiguration
ManyofthecoreFedora/Redhatcommandsandconfigurationfilescoveredinthischaptercanbeused inDebianbasedoperatingsystems,buttherearesomekeydifferences.

The/etc/network/interfacesFile
Themainnetworkconfigurationfileisthe/etc/network/interfacesfileinwhichallthenetworkinterface

parametersaredefined.Thefileisdividedintostanzas:

TheautoStanza
Theautostanzadefinestheinterfacesthatshouldbeautomaticallyinitializedwhenthesystemboots up.

ThemappingStanza
Thisstanzamapsconfigurationparametersforaninterfacedependingontheoutputofascript.For example,onbootingthescriptcouldpromptyouastowhetheryourlaptopLinuxsystemisathomeor workwiththemappingstatementusingtheanswertoconfiguretheappropriateIPaddress. Bydefaultthemuchsimplerhotplugsystemisusedwhichassumesthattheinterfaceswillhaveonly onepurpose.Typicalhotplugconfigurationssimplyassigneachphysicalinterfacewithamatching logicalinterfacename(nickname).
mapping hotplug script grep map eth0 eth0 map eth1

Inthiscaseinterfaceeth0isspecificallygiventhelogicalnameeth0,whilethelogicalnameforeth1is impliedtobethesame.

TheifaceStanza
Theifacestanzadefinesthecharacteristicsofalogicalinterface.Typicallythefirstlineofthesestanzas startswiththewordiface,followedbythelogicalnameoftheinterface,theprotocolused,andfinally thetypeofaddressingschemetobeused,suchasDHCPorstatic.Protocolkeywordsincludeinetfor regularTCP/IP,inet6forIPv6,ipxfortheolderIPXprotocolusedbyNovell,andloopbackfor loopbackaddresses. Subsequentlinesinthestanzadefineprotocolcharacteristicssuchasaddresses,subnetmasks,and defaultgateways.Inthisexample,interfaceeth1isgiventheIPaddress216.10.119.240/27while interfaceeth0getsitsIPaddressusingDHCP.
# The primary network interface auto eth1 iface eth1 inet static address 216.10.119.240 netmask 255.255.255.224 network 216.10.119.224 broadcast 216.10.119.255 gateway 216.10.119.241 dns-nameservers 216.10.119.241 # The secondary network interface auto eth0 iface eth0 inet dhcp

Note:WhenstaticIPaddressesareused,adefaultgatewayusuallyneedstobedefined.Rememberto

placethegatewaystatementinthecorrectstanzawiththeappropriaterouterIPaddress.

CreatingInterfaceAliases
IPaliasescanbeeasilycreatedinthe/etc/network/interfacesfileoncethemaininterfacehasalready beendefined.Amodifiedduplicateofthemaininterfaces'ifacestanzaisrequired.Acolonfollowedby thesubinterfacenumberneedstobeaddedtothefirstline,andonlythesubnetmaskandthenewIP addressneedstofollowascanbeseeninthisexampleforinterfaceeth1:1withtheIPaddress 216.10.119.239.
auto eth1:1 iface eth1:1 inet static address 216.10.119.239 netmask 255.255.255.224

AddingPermanentStaticRoutes
Theupoptionintheappropriateifacestanzaofthe/etc/network/interfacesfileallows youtoselectivelyruncommandsoncethespecifiedinterfacebecomesactivatedwiththeifup command.Thismakesitusefulwhenaddingpermanentstaticroutes. Inthisexample,aroutetothe10.0.0.0/8networkviarouteraddress216.10.119.225hasbeenadded. Remember,theupoptionandthecommandmustresideonthesamelineofthestanza.
# The primary network interface auto eth1 iface eth1 inet static ... ... ... up route add -net 10.0.0.0 netmask 255.0.0.0 gw 216.10.119.225 eth1

Acomplete/etc/network/interfacesfile
Wecannowconstructacompletefilebasedonthepreviousexampleswediscussed.JustlikeinFedora, interfacescanbeactivatedwiththeifupandifdowncommands.
# # Debian / Ubuntu # # # File: /etc/network/interfaces # # The loopback network interface auto lo iface lo inet loopback # This is a list of hotpluggable network interfaces. # They will be activated automatically by the hotplug subsystem. mapping hotplug script grep

map eth0 eth0 map eth1 eth1 # The primary network interface auto eth1 iface eth1 inet static address 216.10.119.240 netmask 255.255.255.224 network 216.10.119.224 broadcast 216.10.119.255 gateway 216.10.119.241 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 216.10.119.241 wireless-key 98d126d5ac wireless-essid schaaffe up route add -net 10.0.0.0 netmask 255.0.0.0 gw 216.10.119.225 eth1 auto eth1:1 iface eth1:1 inet static address 216.10.119.239 netmask 255.255.255.224 # The secondary network interface auto eth0 iface eth0 inet dhcp

Formoreinformationonthe/etc/network/interfacesfilejustissuethecommandman interfacesfromthecommandline.

Conclusion
Asyoucanimagine,configuringLinuxnetworkingisjustafirststepinprovidingInternetaccessto yourserver.Therealwaysthingsthatcangowrongthatmaybetotallyoutofyourcontrol.Good systemsadministratorsknowthetoolsneededtobeabletoidentifytheprobablecausesofthesetypes ofproblemwhichenablesthemtoknowthetypeofhelptheyneedtofixit.Thenexttwochaptersshow youhowtoconfidentlytestyournetworkandLinuxserverapplicationsconfidentlywhenthingsappear togowrong.Theskillsyoudeveloptoidentifyandrectifytheseissuescouldprovetobeinvaluableto yourcompanyandcareer.