Académique Documents
Professionnel Documents
Culture Documents
Contents
1Sponsors 2Introduction 3HowtoConfigureYourNIC'sIPAddress 3.1DeterminingYourIPAddress 3.2ChangingYourIPAddress 3.2.1Figure31Fileformatsfornetworkscripts 3.2.2HowDHCPAffectstheDNSServerYouUse 3.3MultipleIPAddressesonaSingleNIC 3.4IPAddressAssignmentforaDirectDSLConnection 3.4.1SomeImportantFilesCreatedByadslsetup 3.4.2SimpleTroubleshooting 3.5IPAddressAssignmentforaCableModemConnection 4HowtoActivate/ShutDownYourNIC 5HowtoViewYourCurrentRoutingTable 6HowtoChangeYourDefaultGateway 7HowtoConfigureTwoGateways 7.1AddingTemporaryStaticRoutes 7.2AddingPermanentStaticRoutes 8HowtoDeleteaRoute 9ChangingNICSpeedandDuplex 9.1Usingmiitool 9.1.1SettingYourNIC'sSpeedParameterswithmiitool 9.2Usingethtool 9.2.1SettingYourNIC'sSpeedParameterswithethtool 9.2.2ANoteAboutDuplexSettings 10HowtoConvertYourLinuxServerintoaSimpleRouter 10.1ConfiguringIPForwarding
10.2ConfiguringProxyARP 11ConfiguringYour/etc/hostsFile 11.1TheloopbackInterface'slocalhostEntry 12Debian/UbuntuNetworkConfiguration 12.1The/etc/network/interfacesFile 12.1.1TheautoStanza 12.1.2ThemappingStanza 12.1.3TheifaceStanza 12.1.4CreatingInterfaceAliases 12.1.5AddingPermanentStaticRoutes 12.1.6Acomplete/etc/network/interfacesfile 13Conclusion
Introduction
Nowthatyouhaveafirmgraspofmanyofthemostcommonlyusednetworkingconcepts,itistimeto applythemtotheconfigurationofyourserver.Someoftheseactivitiesareautomaticallycovered duringaLinuxinstallation,butyouwilloftenfindyourselfhavingtoknowhowtomodifytheseinitial settingswheneveryouneedtomoveyourservertoanothernetwork,addanewnetworkinterfacecard oruseanalternativemeansofconnectingtotheInternet. InChapter2,"IntroductiontoNetworking",westartedwithanexplanationofTCP/IP,sowe'llstartthis LinuxnetworkingchapterwithadiscussiononhowtoconfiguretheIPaddressofyourserver.
HowtoConfigureYourNIC'sIPAddress
YouneedtoknowallthestepsneededtoconfigureIPaddressesonaNICcard.Websiteshoppingcart applicationsfrequentlyneedanadditionalIPaddressdedicatedtothem.Youalsomightneedtoadda secondaryNICinterfacetoyourservertohandledatabackups.Lastbutnotleast,youmightjustwant toplayaroundwiththeservertotestyourskills. ThissectionshowsyouhowtodothemostcommonserverIPactivitieswiththeleastamountof headaches.
DeterminingYourIPAddress
MostmodernPCscomewithanEthernetport.WhenLinuxisinstalled,thisdeviceiscalledeth0.You candeterminetheIPaddressofthisdevicewiththeifconfigcommand.
[root@bigboy tmp]# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:08:C7:10:74:A8 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:11 Base address:0x1820 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:787 errors:0 dropped:0 overruns:0 frame:0 TX packets:787 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:82644 (80.7 Kb) TX bytes:82644 (80.7 Kb) wlan0 Link encap:Ethernet HWaddr 00:06:25:09:6A:B5 inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:47379 errors:0 dropped:0 overruns:0 frame:0 TX packets:107900 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:4676853 (4.4 Mb) TX bytes:43209032 (41.2 Mb) Interrupt:11 Memory:c887a000-c887b000 wlan0:0 Link encap:Ethernet HWaddr 00:06:25:09:6A:B5 inet addr:192.168.1.99 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Memory:c887a000-c887b000 [root@bigboy tmp]#
XT-PIC
ide1
Ifthereareconflicts,youmightneedtorefertothemanualfortheoffendingdevicetotrytodetermine waystoeitheruseanotherinterruptormemoryI/Olocation.
ChangingYourIPAddress
Ifyouwanted,youcouldgivethiseth0interfaceanIPaddressusingtheifconfigcommand.
[root@bigboy tmp]# ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up
Figure31Fileformatsfornetworkscripts
FixedIPAddress
[root@bigboy tmp]# cd /etc/sysconfig/network-scripts [root@bigboy network-scripts]# cat ifcfg-eth0 # # File: ifcfg-eth0 # DEVICE=eth0 IPADDR=192.168.1.100 NETMASK=255.255.255.0 BOOTPROTO=static ONBOOT=yes # # The following settings are optional # BROADCAST=192.168.1.255 NETWORK=192.168.1.0 [root@bigboy network-scripts]#
GettingtheIPAddressUsingDHCP
[root@bigboy tmp]# cd /etc/sysconfig/network-scripts
[root@bigboy network-scripts]# cat ifcfg-eth0 # # File: ifcfg-eth0 # DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes [root@bigboy network-scripts]#
YourserverwillhavetohaveadefaultgatewayforittobeabletocommunicatewiththeInternet.This willbecoveredlaterinthechapter.
HowDHCPAffectstheDNSServerYouUse
YourDHCPservernotonlysuppliestheIPaddressyourLinuxboxshoulduse,butalsothedesired DNSservers.WhenusingDHCPforaninterface,makesureyour/etc/resolv.conffilehastheservers configurationlinescommentedouttopreventanyconflicts.
MultipleIPAddressesonaSingleNIC
Intheprevioussection"DeterminingYourIPAddress"youmayhavenoticedthatthereweretwo wirelessinterfaces:wlan0andwlan0:0.Interfacewlan0:0isactuallyachildinterfacewlan0,avirtual subinterfacealsoknownasanIPalias.IPaliasingisoneofthemostcommonwaysofcreatingmultiple IPaddressesassociatedwithasingleNIC.Aliaseshavethenameformatparentinterfacename:X, whereXisthesubinterfacenumberofyourchoice. TheprocessforcreatinganIPaliasisverysimilartothestepsoutlinedfortherealinterfaceinthe previoussection,"ChangingYourIPAddress": Firstensuretheparentrealinterfaceexists VerifythatnootherIPaliaseswiththesamenameexistswiththenameyouplantouse.Inthis wewanttocreateinterfacewlan0:0. Createthevirtualinterfacewiththeifconfigcommand
[root@bigboy tmp]# ifconfig wlan0:0 192.168.1.99 netmask 255.255.255.0 up
Thecommandstoactivateanddeactivatethealiasinterfacewouldthereforebe:
[root@bigboy tmp]# ifup wlan0:0 [root@bigboy tmp]# ifdown wlan0:0
IPAddressAssignmentforaDirectDSLConnection
IfyouareusingaDSLconnectionwithfixedorstaticIPaddresses,thentheconfigurationstepsarethe sameasthoseoutlinedearlier.YouplugyourEthernetinterfaceintotheDSLmodem,configureitwith theIPaddress,subnetmask,broadcastaddress,andgatewayinformationprovidedbyyourISPandyou shouldhaveconnectivitywhenyourestartyourinterface.Rememberthatyoumightalsoneedto configureyourDNSservercorrectly. IfyouareusingaDSLconnectionwithaDHCPordynamicIPaddressassignment,thentheprocessis different.YourISPwillprovideyouwithaPPPauthenticationoverEthernet(PPPoE)usernameand passwordwhichwillallowyourcomputertologintransparentlytotheInterneteachtimeitbootsup. FedoraLinuxinstallstherppppoeRPMsoftwarepackagerequiredtosupportthis. Note:UnlessyouspecificallyrequeststaticIPaddresses,yourISPwillprovideyouwithaDHCPbased connection.TheDHCPIPaddressassignedtoyourcomputerand/orInternetrouterwilloftennot changeformanydaysandyoumaybefooledintothinkingitisstatic. DownloadingandinstallingRPMsisn'thard.Ifyouneedarefresher,Chapter6,"InstallingLinux Software",onRPMs,covershowtodothisindetail.Whensearchingforthefile,rememberthatthe PPPoERPM'sfilenameusuallystartswiththewordrppppoefollowedbyaversionnumberlikethis: rppppoe3.58.i386.rpm. AfterinstallingtheRPM,youneedtogothroughanumberofstepstocompletetheconnection.The PPPOEconfigurationwillcreateasoftwarebasedvirtualinterfacenamedppp0thatwillusethe physicalInternetinterfaceeth0forconnectivity.Here'swhatyouneedtodo: Makeabackupcopyofyourifcfgeth0file.
[root@bigboy [root@bigboy [root@bigboy ifcfg-eth0 [root@bigboy tmp]# tmp]# cd /etc/sysconfig/network-scripts/ network-scripts]# ls ifcfg-eth0 network-scripts]# cp ifcfg-eth0 DISABLED.ifcfg-eth0
Edityourifcfgeth0filetohavenoIPinformationandalsotobedeactivatedonboottime.
DEVICE=eth0 ONBOOT=no
Shutdownyoureth0interface.
[root@bigboy network-scripts]# ifdown eth0 [root@bigboy network-scripts]#
Runtheadslsetupconfigurationscript
[root@bigboy network-scripts]# adsl-setup
ItwillpromptyouforyourISPusername,theinterfacetobeused(eth0)andwhetheryouwantto theconnectiontostayupindefinitely.We'llusedefaultswhereverpossible.
Welcome to the ADSL client setup. First, I will run some checks on your system to make sure the PPPoE client is installed properly... LOGIN NAME Enter your Login Name (default root): bigboy-login@isp INTERFACE Enter the Ethernet interface connected to the ADSL modem For Solaris, this is likely to be something like /dev/hme0. For Linux, it will be ethX, where 'X' is a number. (default eth0): Do you want the link to come up on demand, or stay up continuously? If you want it to come up on demand, enter the idle time in seconds after which the link should be dropped. If you want the link to stay up permanently, enter 'no' (two letters, lower-case.) NOTE: Demand-activated links do not interact well with dynamic IP addresses. You might have some problems with demand-activated links. Enter the demand value (default no):
ThescriptwillthenpromptyouforyourISPpassword
PASSWORD Please enter your Password: Please re-enter your Password:
You'llthenbeaskedwhetheryouwanttheconnectiontobeactivateduponbooting.Mostpeople wouldsayyes.
Start this connection at boot time Do you want to start this connection at boot time? Please enter no or yes (default no):yes
Justbeforeexiting,you'llgetasummaryoftheparametersyouenteredandtherelevant configurationfileswillbeupdatedtoreflectyourchoiceswhenyouacceptthem:
** Summary of what you entered ** Ethernet Interface: eth0 User name: bigboy-login@isp Activate-on-demand: No DNS: Do not adjust Firewalling: NONE User Control: yes Accept these settings and adjust configuration files (y/n)? y Adjusting /etc/sysconfig/network-scripts/ifcfg-ppp0 Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets (But first backing it up to /etc/ppp/chap-secrets.bak) (But first backing it up to /etc/ppp/pap-secrets.bak)
Attheveryenditwilltellyouthecommandstousetoactivate/deactivateyournewppp0 interfaceandtogetastatusoftheinterface'scondition.
Congratulations, it should be all set up! Type '/sbin/ifup ppp0' to bring up your xDSL link and '/sbin/ifdown ppp0'to bring it down. Type '/sbin/adsl-status /etc/sysconfig/network-scripts/ifcfg-ppp0' to see the link status.
SomeImportantFilesCreatedByadslsetup
Theadslsetupscriptcreatesthreefilesthatwillbeofinteresttoyou.Thefirstistheifcfgppp0file withinterface'slinklayerconnectionparameters
[root@bigboy network-scripts]# more ifcfg-ppp0 USERCTL=yes BOOTPROTO=dialup NAME=DSLppp0
DEVICE=ppp0 TYPE=xDSL ONBOOT=yes PIDFILE=/var/run/pppoe-adsl.pid FIREWALL=NONE PING=. PPPOE_TIMEOUT=20 LCP_FAILURE=3 LCP_INTERVAL=80 CLAMPMSS=1412 CONNECT_POLL=6 CONNECT_TIMEOUT=60 DEFROUTE=yes SYNCHRONOUS=no ETH=eth0 PROVIDER=DSLppp0 USER= bigboy-login@isp PEERDNS=no [root@bigboy network-scripts]#
Theothersaretheduplicate/etc/ppp/papsecretsand/etc/ppp/chapsecretsfileswiththeusernameand passwordneededtologintoyourISP:
[root@bigboy network-scripts]# more /etc/ppp/pap-secrets # Secrets for authentication using PAP # client server secret IP addresses "bigboy-login@isp" * "password" [root@bigboy network-scripts]#
SimpleTroubleshooting
Youcanruntheadslstatuscommandtodeterminetheconditionofyourconnection.Inthiscasethe packagehasbeeninstalledbuttheinterfacehasn'tbeenactivated.
[root@bigboy tmp]# adsl-status Note: You have enabled demand-connection; adsl-status may be inaccurate. adsl-status: Link is attached to ppp0, but ppp0 is down [root@bigboy tmp]#
Afteractivation,theinterfaceappearstoworkcorrectly.
[root@bigboy tmp]# ifup ppp0 [root@bigboy tmp]# adsl-status adsl-status: Link is up and running on interface ppp0 ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1462 inet ... ... [root@bigboy tmp]#
IPAddressAssignmentforaCableModemConnection
CablemodemsuseDHCPtogettheirIPaddressessoyoucanconfigureyourserver'sEthernetinterface accordingly.
HowtoActivate/ShutDownYourNIC
TheifupandifdowncommandscanbeusedrespectivelytoactivateanddeactivateaNICinterface.You musthaveanifcfgfileinthe/etc/sysconfig/networkscriptsdirectoryforthesecommandstowork.Here isanexampleforinterfaceeth0:
[root@bigboy tmp]# ifdown eth0 [root@bigboy tmp]# ifup eth0
HowtoViewYourCurrentRoutingTable
Thenetstatnrcommandwillprovidethecontentsofthetoutingtable.Networkswithagatewayof 0.0.0.0areusuallydirectlyconnectedtotheinterface.Nogatewayisneededtoreachyourowndirectly connectedinterface,soagatewayaddressof0.0.0.0seemsappropriate.Theroutewithadestination addressof0.0.0.0isyourdefaultgateway. Inthisexampletherearetwogateways,thedefaultandoneto255.255.255.255whichisusually addedonDHCPservers.ServerbigboyisaDHCPserverinthiscase.
[root@bigboy tmp]# netstat -nr Kernel IP routing table Destination Gateway 255.255.255.255 0.0.0.0 192.168.1.0 0.0.0.0 127.0.0.0 0.0.0.0 0.0.0.0 192.168.1.1 [root@bigboy tmp]# Genmask 255.255.255.255 255.255.255.0 255.0.0.0 0.0.0.0 Flags UH U U UG MSS 40 40 40 40 Window 0 0 0 0 irtt 0 0 0 0 Iface wlan0 wlan0 lo wlan0
Inthisexample,therearemultiplegatewayshandlingtrafficdestinedfordifferentnetworkson differentinterfaces.
[root@bigboy tmp]# netstat -nr Kernel IP routing table Destination Gateway 172.16.68.64 172.16.69.193 172.16.11.96 172.16.69.193 172.16.68.32 172.16.69.193 172.16.67.0 172.16.67.135 172.16.69.192 0.0.0.0 172.16.67.128 0.0.0.0 172.160.0 172.16.67.135 172.16.0.0 172.16.67.131 127.0.0.0 0.0.0.0 Genmask 255.255.255.224 255.255.255.224 255.255.255.224 255.255.255.224 255.255.255.192 255.255.255.128 255.255.0.0 255.240.0.0 255.0.0.0 Flags UG UG UG UG U U UG UG U MSS 40 40 40 40 40 40 40 40 40 Window 0 0 0 0 0 0 0 0 0 irtt 0 0 0 0 0 0 0 0 0 Iface eth1 eth1 eth1 eth0 eth1 eth0 eth0 eth0 lo
UG
40
eth1
HowtoChangeYourDefaultGateway
Yourserverneedstohaveasingledefaultgateway.DHCPserverswillautomaticallyassignadefault gatewaytoDHCPconfiguredNICs,butNICswithconfiguredstaticIPaddresseswillneedtohavea manuallyconfigureddefaultgateway.Thiscanbedonewithasimplecommand.Thisexampleusesa newlyinstalledwirelessinterfacecalledwlan0,mostPCswouldbeusingthestandardEthernet interfaceeth0.
[root@bigboy tmp]# route add default gw 192.168.1.1 wlan0
Note:InDebianbasedsystemsthedefaultgatewayispermanentlydefinedinthe /etc/network/interfacesfile.Seethesection"Debian/UbuntuNetworkConfiguration"later inthischapterformoredetails. Somepeopledon'tbothermodifyingnetworkspecificfilesandjustplacetheroute addcommand inthescriptfile/etc/rc.d/rc.localwhichisrunattheendofeachreboot. ItispossibletodefinedefaultgatewaysintheNICconfigurationfileinthe /etc/sysconfig/network-scriptsdirectory,butyouruntheriskofinadvertentlyassigning morethanonedefaultgatewaywhenyouhavemorethanoneNIC.Thiscouldcauseconnectivity problems.Ifoneofthedefaultgatewayshasnoroutetotheintendeddestination,everyotherpacketwill becomelost.Firewallsthataredesignedtoblockpacketswithirregularsequencenumbersand unexpectedoriginscouldalsoobstructyourdataflow.
HowtoConfigureTwoGateways
Somenetworksmayhavemultiplerouter/firewallsprovidingconnectivity.Here'satypicalscenario: YouhaveonerouterprovidingaccesstotheInternetthatyou'dliketohaveasyourdefault gateway(seethedefaultgatewayexampleearlier) Youalsohaveanotherrouterprovidingaccesstoyourcorporatenetworkusingaddressesinthe range10.0.0.0to10.255.255.255.Let'sassumethatthisrouterhasanIPaddressof 192.168.1.254 TheLinuxboxusedinthisexampleusesinterfacewlan0foritsInternetconnectivity.Youmightbe mostlikelyusinginterfaceeth0,pleaseadjustyourstepsaccordingly.
Thereareanumberofwaystoaddthisnewroute.
AddingTemporaryStaticRoutes
Therouteaddcommandcanbeusedtoaddnewroutestoyourserverthatwilllasttillthenextreboot. IthastheadvantageofbeinguniveraltoallversionsofLinuxandiswelldocumentedinthemanpages. Inourexamplethereferencetothe10.0.0.0networkhastobeprecededwithanetswitchandthe subnetmaskandgatewayvaluesalsohavetobeprecededbythenetmaskandgwswitchesrespectively.
[root@bigboy tmp]# route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254 wlan0
Auniversalwayofmakingthischangepersistentafterarebootwouldbetoplacethisrouteadd commandinthefile/etc/rc.d/rc.local,whichisalwaysrunattheendofthebootingprocess.
AddingPermanentStaticRoutes
InFedoraLinux,permanentstaticroutesareaddedonaperinterfacebasisinfileslocatedinthe /etc/sysconfig/network-scriptsdirectory.Thefilenameformatisrouteinterfacenameso thefilenameforinterfacewlan0wouldberoute-wlan0. Theformatofthefileisquiteintuitivewiththetargetnetworkcominginthefirstcolumnfollowedby thewordviaandthenthegateway'sIPaddress.Inourroutingexample,tosetuparoutetonetwork 10.0.0.0withasubnetmaskof255.0.0.0(amaskwiththefirst8bitssetto1)viathe192.168.1.254 gateway,wewouldhavetoconfigurefile/etc/sysconfig/network-scripts/routewlan0tolooklikethis:
# # File /etc/sysconfig/network-scripts/route-wlan0 # 10.0.0.0/8 via 192.168.1.254
Kernel IP routing table Destination Gateway Genmask 192.168.1.0 0.0.0.0 255.255.255.0 169.254.0.0 0.0.0.0 255.255.0.0 0.0.0.0 192.168.1.1 0.0.0.0 [root@bigboy tmp]# ./ifup-routes wlan0 [root@bigboy tmp]# netstat -nr Kernel IP routing table Destination Gateway Genmask 192.168.1.0 0.0.0.0 255.255.255.0 169.254.0.0 0.0.0.0 255.255.0.0 10.0.0.0 192.168.1.254 255.0.0.0 0.0.0.0 192.168.1.1 0.0.0.0 [root@bigboy tmp]# Flags U U UG MSS 0 0 0 Window 0 0 0 irtt 0 0 0 Iface wlan0 wlan0 wlan0
Flags U U UG UG
MSS 0 0 0 0
Window 0 0 0 0
irtt 0 0 0 0
HowtoDeleteaRoute
Here'showtodeletetheroutesaddedintheprevioussection.
[root@bigboy tmp]# route del -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254 wlan0
Thefile/etc/sysconfig/network-scripts/route-wlan0willalsohavetobeupdatedso thatwhenyoureboottheserverwillnotreinserttheroute.Deletethelinethatreads:
10.0.0.0/8 via 192.168.1.254
ChangingNICSpeedandDuplex
ThereisnobetterLinuxinvestmentthanthepurchaseofafullyLinuxcompatibleNICcard.Most LinuxvendorswillhavealistofcompatiblehardwareontheirWebsites:readthiscarefullybeforeyou starthookingupyoumachinetothenetwork.Ifyoucan'tfindanyofthedesiredmodelsinyourlocal computerstore,thenamodelinthesamefamilyorseriesshouldbesufficient.Mostcardswillwork, butonlythefullycompatibleoneswillprovideyouwitherrorfree,consistentthroughput. Linuxdefaultstoautomaticallynegotiatingthespeedandduplexofit'sNICautomaticallywiththatof theswitchtowhichitisattached.Configuringaswitchporttoautonegotiatethespeedandduplex oftenisn'tsufficientbecausetherearefrequentlydifferencesintheimplementationoftheprotocol standard. Typically,NICswithfailednegotiationwillwork,butthisisusuallyaccompaniedbymanycollision typeerrorsbeingseenontheNICwhenusingtheifconfigacommandandonlymarginalperformance. Don'tlimityourtroubleshootingofthesetypesoferrorstojustfailednegotiation;theproblemcould alsobeduetoabadNICcard,switchport,orcabling.
Usingmiitool
OneoftheoriginalLinuxtoolsforsettingthespeedandduplexofyourNICcardwasthemiitool command.Itisdestinedtobedeprecatedandreplacedbythenewerethtoolcommand,butmanyolder NICssupportonlymiitoolsoyou'llneedtobeawareofit.Issuingthecommandwithoutany argumentsgivesabriefstatusreport,asseeninthenextexample,withunsupportedNICsprovidingan Operationnotsupportedmessage.NICsthatarenotcompatiblewithmiitooloftenwillstillwork,but youhavetorefertothemanufacturer'sguidestosetthespeedandduplextoanythingbutauto negotiate.
[root@bigboy tmp]# mii-tool SIOCGMIIPHY on 'eth0' failed: Operation not supported eth1: 100 Mbit, half duplex, link ok [root@bigboy tmp]#
Byusingtheverbosemodevswitchyoucangetmuchmoreinformation.Inthiscase,negotiationwas OK,withtheNICselecting100Mbps,fullduplexmode(FD):
[root@bigboy tmp]# mii-tool -v eth1: negotiated 100baseTx-FD, link ok product info: vendor 00:10:18, model 33 basic mode: autonegotiation enabled basic status: autonegotiation complete, capabilities: 100baseTx-FD 100baseTx-HD advertising: 100baseTx-FD 100baseTx-HD link partner: 100baseTx-FD 100baseTx-HD [root@bigboy tmp]# rev 2 link ok 10baseT-FD 10baseT-HD 10baseT-FD 10baseT-HD 10baseT-FD 10baseT-HD flow-control
SettingYourNIC'sSpeedParameterswithmiitool
YoucansetyourNICtoforceitselftoaparticularspeedandduplexbyusingtheFswitchwithanyof thefollowingoptions:100baseTxFD,100baseTxHD,10baseTFD,or10baseTHD.Rememberthat youcouldloseallnetworkconnectivitytoyourserverifyouforceyourNICtoaparticular speed/duplexthatdoesn'tmatchthatofyourswitch:
[root@bigboy tmp]# mii-tool -F 100baseTx-FD eth0
Usingethtool
Theethtoolcommandisslatedtobethereplacementformiitoolinthenearfutureandtendstobe supportedbynewerNICcards. Thecommandprovidesthestatusoftheinterfaceyouprovideasitsargument.Hereweseeinterface eth0notdoingautonegotiationandsettoaspeedof100Mbps,fullduplex.Alistofsupportedmodesis
alsoprovidedatthetopoftheoutput.
[root@bigboy tmp]# ethtool eth0 Settings for eth0: Supported ports: [ TP MII ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full Advertised auto-negotiation: No Speed: 100Mb/s Duplex: Full Port: MII PHYAD: 1 Transceiver: internal Auto-negotiation: off Supports Wake-on: g Wake-on: g Current message level: 0x00000007 (7) Link detected: yes [root@bigboy tmp]#
SettingYourNIC'sSpeedParameterswithethtool
Unlikemiitool,ethtoolsettingscanbepermanentlysetaspartoftheinterface'sconfigurationscript withtheETHTOOL_OPTSvariable.Inournextexample,thesettingswillbesetto100Mbps,full duplexwithnochanceforautonegotiationonthenextreboot:
# # File: /etc/sysconfig/network-scripts/ifcfg-eth0 # DEVICE=eth0 IPADDR=192.168.1.100 NETMASK=255.255.255.0 BOOTPROTO=static ONBOOT=yes ETHTOOL_OPTS="speed 100 duplex full autoneg off"
TheLinuxmanpagesgivemoredetailsonotherethtooloptions,butyoucangetaquickguidebyjust enteringtheethtoolcommandalone,whichprovidesaquickersummary.
[root@bigboy tmp]# ethtool ... ...
ANoteAboutDuplexSettings
Bydefault,LinuxNICsnegotiatetheirspeedandduplexsettingswiththeswitch.Thisisdoneby exchangingelectronicsignalscalledFastLinkPulses(FLP).Whenthespeedandduplexareforcedtoa particularsettingtheFLPsarenotsent.WhenaNICisinautonegotiationmodeanddetectsahealthy, viablelinkbutreceivesnoFLPs,iterrsonthesideofcautionandsetsitsduplextohalfduplexand sometimesitwillalsosetitsspeedtothelowestconfigurablevalue.Itisthereforepossibletoforcea switchportto100Mbpsfullduplex,buthavetheautonegotiatingserverNICsetitselfto100Mbps halfduplexwhichwillresultinerrors.Thesameistruefortheswitchiftheswitchportissettoauto negotiateandserverNICissetto100Mbpsfullduplex.Itisbesttoeitherforceboththeswitchport andserverNICtoeitherautonegotiateorthesameforcedspeedandduplexvalues.
HowtoConvertYourLinuxServerintoa SimpleRouter
Router/firewallappliancesthatprovidebasicInternetconnectivityforasmallofficeorhomenetwork arebecomingmoreaffordableeveryday,butwhenbudgetsaretightyoumightseriouslywantto considermodifyinganexistingLinuxservertodothejob. DetailsonhowtoconfigureLinuxfirewallsecurityarecoveredinChapter14,"LinuxFirewallsUsing iptables",butyouneedtounderstandhowtoactivateroutingthroughthefirewallbeforeitcanbecome afunctioningnetworkingdevice.
ConfiguringIPForwarding
ForyourLinuxservertobecomearouter,youhavetoenablepacketforwarding.Insimpleterms packetforwardingenablespacketstoflowthroughtheLinuxboxfromonenetworktoanother.The Linuxkernelconfigurationparametertoactivatethisisnamednet.ipv4.ip_forwardandcanbe foundinthefile/etc/sysctl.conf.Removethe"#"fromthelinerelatedtopacketforwarding.
Before: # Disables packet forwarding net.ipv4.ip_forward=0 After: # Enables packet forwarding
net.ipv4.ip_forward=1
Pleasereferto"AppendixI,MiscellaneousLinuxTopics"formoreinformationonadjustingkernel parameters.
ConfiguringProxyARP
Ifaserverneedstosendapackettoanotherdeviceonthesamenetwork,itsendsoutanARPrequestto thenetworkaskingfortheMACaddressoftheotherdevice. Ifthesameserverneedstosendapackettoanotherdeviceonaremotenetworktheprocessisdifferent. TheserverfirsttakesalookatitsroutingtabletofindouttheIPaddressofthebestrouteronits networkthatwillbeabletorelaythepackettothedestination.TheserverthensendsanARPrequest fortheMACaddressthatmatchestherouter'sIPaddress.Itthensendsthepackettotherouterusing therouter'sMACaddressandadestinationIPaddressoftheremoteserver. Ifthereisnosuitablerouteronitsnetwork,theserverwillthensendoutanARPrequestfortheMAC addressoftheremoteserver.SomerouterscanbeconfiguredtoanswerthesetypesofARPrequestsfor remotenetworks.ThisfeatureiscalledproxyARP.Therearesomedisadvantageswiththis.Oneofthe mostcommonproblemsoccursiftworoutersareonthenetworkconfiguredforproxyARP.Inthis scenariothereisthepossibilitythateitheronewillanswerthelocalserver'sARPrequestfortheMAC addressoftheremoteserver.Ifoneoftheroutershasanincorrectroutingtableentryfortheremote network,thenthereistheriskthattraffictotheremoteserverwilloccasionallygetlost.Inotherwords youcanloseroutingcontrol. Note:ItisforthisandotherreasonsthatitisgenerallynotagoodideatoconfigureproxyARPona router.Itisalsogoodtoalwaysconfigureadefaultgatewayonyourserveranduseseparaterouting entriesviaotherroutersforallnetworksyourdefaultgatewaymaynotknowabout. SometypesofbridgingmodefirewallsneedtohaveproxyARPenabledtooperateproperly.These devicesaretypicallyinsertedaspartofadaisychainconnectingmultiplenetworkswitchestogetheron thesameLANwhileprotectingonesectionofaLANfromtrafficoriginatingonanothersection.The firewalltypicallyisn'tconfiguredwithanIPaddressontheLANandappearstobeanintelligentcable capableofselectivelyblockingpackets. IfyouneedtoenableproxyARPonaLinuxserverthe/procfilesystemcomesintoplayagain.Proxy
Youcanthenactivatethesesettingswiththesysctlcommand.
[root@bigboy tmp] sysctl -p
ConfiguringYour/etc/hostsFile
The/etc/hostsfileisjustalistofIPaddressesandtheircorrespondingservernames.Yourserverwill typicallycheckthisfilebeforereferencingDNS.IfthenameisfoundwithacorrespondingIPaddress thenDNSwon'tbequeriedatall.Unfortunately,iftheIPaddressforthathostchanges,youalsohaveto alsoupdatethefile.Thismaynotbemuchofaconcernforasingleserver,butcanbecomelaboriousif ithastobedonecompanywide.Foreaseofmanagement,itisofteneasiesttolimitentriesinthisfileto justtheloopbackinterfaceandalsotheserver'sownhostname,anduseacentralizedDNSserverto handlemostoftherest.SometimesyoumightnotbetheonemanagingtheDNSserver,andinsuch casesitmaybeeasiertoaddaquick/etc/hostsfileentrytillthecentralizedchangecanbemade.
192.168.1.101 smallfry
YoushouldneverhaveanIPaddressmorethanonceinthisfilebecauseLinuxwilluseonlythevalues inthefirstentryitfinds.
192.168.1.101 192.168.1.101 192.168.1.101 smallfry tiny littleguy # (Wrong) # (Wrong) # (Wrong)
TheloopbackInterface'slocalhostEntry
Usuallythefirstentryin/etc/hostsdefinestheIPaddressoftheserver'svirtualloopbackinterface.This isusuallymappedtothenamelocalhost.localdomain(theuniversalnameusedwhenaserverrefersto itself)andlocalhost(theshortenedaliasname).Bydefault,Fedorainsertsthehostnameoftheserver betweenthe127.0.0.1andthelocalhostentrieslikethis:
127.0.0.1 bigboy localhost.localdomain localhost
WhentheserverisconnectedtotheInternetthisfirstentryafterthe127.0.0.1needstobethefully qualifieddomainname(FQDN)oftheserver.Forexample,bigboy.mysite.com,likethis:
127.0.0.1 bigboy.my-site.com localhost.localdomain localhost
Debian/UbuntuNetworkConfiguration
ManyofthecoreFedora/Redhatcommandsandconfigurationfilescoveredinthischaptercanbeused inDebianbasedoperatingsystems,buttherearesomekeydifferences.
The/etc/network/interfacesFile
Themainnetworkconfigurationfileisthe/etc/network/interfacesfileinwhichallthenetworkinterface
parametersaredefined.Thefileisdividedintostanzas:
TheautoStanza
Theautostanzadefinestheinterfacesthatshouldbeautomaticallyinitializedwhenthesystemboots up.
ThemappingStanza
Thisstanzamapsconfigurationparametersforaninterfacedependingontheoutputofascript.For example,onbootingthescriptcouldpromptyouastowhetheryourlaptopLinuxsystemisathomeor workwiththemappingstatementusingtheanswertoconfiguretheappropriateIPaddress. Bydefaultthemuchsimplerhotplugsystemisusedwhichassumesthattheinterfaceswillhaveonly onepurpose.Typicalhotplugconfigurationssimplyassigneachphysicalinterfacewithamatching logicalinterfacename(nickname).
mapping hotplug script grep map eth0 eth0 map eth1
Inthiscaseinterfaceeth0isspecificallygiventhelogicalnameeth0,whilethelogicalnameforeth1is impliedtobethesame.
TheifaceStanza
Theifacestanzadefinesthecharacteristicsofalogicalinterface.Typicallythefirstlineofthesestanzas startswiththewordiface,followedbythelogicalnameoftheinterface,theprotocolused,andfinally thetypeofaddressingschemetobeused,suchasDHCPorstatic.Protocolkeywordsincludeinetfor regularTCP/IP,inet6forIPv6,ipxfortheolderIPXprotocolusedbyNovell,andloopbackfor loopbackaddresses. Subsequentlinesinthestanzadefineprotocolcharacteristicssuchasaddresses,subnetmasks,and defaultgateways.Inthisexample,interfaceeth1isgiventheIPaddress216.10.119.240/27while interfaceeth0getsitsIPaddressusingDHCP.
# The primary network interface auto eth1 iface eth1 inet static address 216.10.119.240 netmask 255.255.255.224 network 216.10.119.224 broadcast 216.10.119.255 gateway 216.10.119.241 dns-nameservers 216.10.119.241 # The secondary network interface auto eth0 iface eth0 inet dhcp
Note:WhenstaticIPaddressesareused,adefaultgatewayusuallyneedstobedefined.Rememberto
placethegatewaystatementinthecorrectstanzawiththeappropriaterouterIPaddress.
CreatingInterfaceAliases
IPaliasescanbeeasilycreatedinthe/etc/network/interfacesfileoncethemaininterfacehasalready beendefined.Amodifiedduplicateofthemaininterfaces'ifacestanzaisrequired.Acolonfollowedby thesubinterfacenumberneedstobeaddedtothefirstline,andonlythesubnetmaskandthenewIP addressneedstofollowascanbeseeninthisexampleforinterfaceeth1:1withtheIPaddress 216.10.119.239.
auto eth1:1 iface eth1:1 inet static address 216.10.119.239 netmask 255.255.255.224
AddingPermanentStaticRoutes
Theupoptionintheappropriateifacestanzaofthe/etc/network/interfacesfileallows youtoselectivelyruncommandsoncethespecifiedinterfacebecomesactivatedwiththeifup command.Thismakesitusefulwhenaddingpermanentstaticroutes. Inthisexample,aroutetothe10.0.0.0/8networkviarouteraddress216.10.119.225hasbeenadded. Remember,theupoptionandthecommandmustresideonthesamelineofthestanza.
# The primary network interface auto eth1 iface eth1 inet static ... ... ... up route add -net 10.0.0.0 netmask 255.0.0.0 gw 216.10.119.225 eth1
Acomplete/etc/network/interfacesfile
Wecannowconstructacompletefilebasedonthepreviousexampleswediscussed.JustlikeinFedora, interfacescanbeactivatedwiththeifupandifdowncommands.
# # Debian / Ubuntu # # # File: /etc/network/interfaces # # The loopback network interface auto lo iface lo inet loopback # This is a list of hotpluggable network interfaces. # They will be activated automatically by the hotplug subsystem. mapping hotplug script grep
map eth0 eth0 map eth1 eth1 # The primary network interface auto eth1 iface eth1 inet static address 216.10.119.240 netmask 255.255.255.224 network 216.10.119.224 broadcast 216.10.119.255 gateway 216.10.119.241 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 216.10.119.241 wireless-key 98d126d5ac wireless-essid schaaffe up route add -net 10.0.0.0 netmask 255.0.0.0 gw 216.10.119.225 eth1 auto eth1:1 iface eth1:1 inet static address 216.10.119.239 netmask 255.255.255.224 # The secondary network interface auto eth0 iface eth0 inet dhcp
Formoreinformationonthe/etc/network/interfacesfilejustissuethecommandman interfacesfromthecommandline.
Conclusion
Asyoucanimagine,configuringLinuxnetworkingisjustafirststepinprovidingInternetaccessto yourserver.Therealwaysthingsthatcangowrongthatmaybetotallyoutofyourcontrol.Good systemsadministratorsknowthetoolsneededtobeabletoidentifytheprobablecausesofthesetypes ofproblemwhichenablesthemtoknowthetypeofhelptheyneedtofixit.Thenexttwochaptersshow youhowtoconfidentlytestyournetworkandLinuxserverapplicationsconfidentlywhenthingsappear togowrong.Theskillsyoudeveloptoidentifyandrectifytheseissuescouldprovetobeinvaluableto yourcompanyandcareer.