- Configure Networking
- Setting System Hostname
- Configuring DNS
- Enabling IPv6 (Optional)
- Interface Configuration
- Loopback Configuration (Required)
- Wireless Configuration
- Ethernet Configuration
- Initial Configuration
- IPv4 DHCP Configuration
- IPv4 Static Address Configuration
- Additional IP addresses
- IPv6 DHCP Configuration
- IPv6 Stateless Autoconfiguration
- IPv6 Static Address Configuration
- Example: Dual-Stack Configuration
- Firewalling with iptables and ip6tables
- Install iptables/ip6tables
- Configure iptables/ip6tables
- Save Firewall Rules
- For iptables
- For ip6tables
- Activating Changes and Testing Connectivity
- Additional Utilities
- iproute2
- drill
- Related articles
- How to setup a wireless access point
- Install needed packages
- Check that the card is detected
- Setup Bridge
- Setup Encryption
- Setup hostapd
- Associate clients
- See also
- NetworkManager
- Installation
- Wireless networks
- wpa_supplicant backend
- iwd backend
- VPN support
- not authorized to control networking
Configure Networking
This page will assist you in setting up networking on Alpine Linux.
Setting System Hostname
To set the system hostname:
echo «shortname» > /etc/hostname
Then, to activate the change:
If you’re using IPv6, you should also add the following special IPv6 addresses to your /etc/hosts file:
::1 localhost ipv6-localhost ipv6-loopback fe00::0 ipv6-localnet ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts
Tip: If you’re going to use automatic IP configuration, such as IPv4 DHCP or IPv6 Stateless Autoconfiguration, you can skip ahead to Configuring DNS. Otherwise, if you’re going to use a static IPv4 or IPv6 address, continue below.
For a static IP configuration, it’s common to also add the machine’s hostname you just set (above) to the /etc/hosts file.
192.168.1.150 shortname.domain.com
And here’s an IPv6 example:
2001:470:ffff:ff::2 shortname.domain.com
Configuring DNS
Tip: For users of IPv4 DHCP: Please note that /etc/resolv.conf will be completely overwritten with any nameservers provided by DHCP. If DHCP does not provide any nameservers, then /etc/resolv.conf will still be overwritten, but will not contain any nameservers!
For a static IP address and static nameservers, use one of the following examples.
For IPv4 nameservers, edit your /etc/resolv.conf file to look like this:
The following example uses Google’s Public DNS servers.
nameserver 8.8.8.8 nameserver 8.8.4.4
For IPv6 nameservers, edit your /etc/resolv.conf file to look like this:
The following example uses Hurricane Electric’s public DNS server.
You can also use Hurricane Electric’s public IPv4 DNS server:
Tip: If you decide to use Hurricane Electric’s nameserver, be aware that it is ‘Google-whitelisted’. What does this mean? It allows you access to many of Google’s services via IPv6. (Just don’t add other, non-whitelisted, nameservers to /etc/resolv.conf — ironically, such as Google’s Public DNS Servers.) Read here for more information.
Enabling IPv6 (Optional)
If you use IPv6, do the following to enable IPv6 now and at each boot:
modprobe ipv6 echo «ipv6» >> /etc/modules
Interface Configuration
Loopback Configuration (Required)
Note: The loopback configuration must appear first in /etc/network/interfaces to prevent networking issues.
To configure loopback, add the following to a new file /etc/network/interfaces :
auto lo iface lo inet loopback
The above works to set up the IPv4 loopback address (127.0.0.1), and the IPv6 loopback address ( ::1 ) — if you enabled IPv6.
Wireless Configuration
Ethernet Configuration
For the following Ethernet configuration examples, we will assume that you are using Ethernet device eth0 .
Initial Configuration
Add the following to the file /etc/network/interfaces , above any IP configuration for eth0 :
IPv4 DHCP Configuration
Add the following to the file /etc/network/interfaces , below the auto eth0 definition:
By default, the busybox DHCP client (udhcpc) requests a static set of options from the DHCP server. If you need to extend this set, you can do so by setting some additional command line options for the DHCP client, via the udhcpc_opts in your interface configuration. The following example requests domain-search option:
iface eth0 inet dhcp udhcpc_opts -O search
For a complete list of command line options for udhcpc, see this document.
IPv4 Static Address Configuration
Add the following to the file /etc/network/interfaces , below the auto eth0 definition:
iface eth0 inet static address 192.168.1.150 netmask 255.255.255.0 gateway 192.168.1.1
Since Alpine 3.13 (and only if you have ifupdown-ng installed) must be:
iface eth0 inet static address 192.168.1.150/24 gateway 192.168.1.1
Additional IP addresses
iface eth0 inet static address 192.168.1.150 netmask 255.255.255.0 iface eth0 inet static address 192.168.1.151/24
Since Alpine 3.13 (and only if you have ifupdown-ng installed) must be:
iface eth0 inet static address 192.168.1.150/24 gateway 192.168.1.1 iface eth0 inet static address 192.168.1.151/24
IPv6 DHCP Configuration
Alpine’s use of ifupdown-ng supports three DHCP clients: udhcpc, dhclient, and dhcpcd. Of these, only dhcpcd can interact with both DHCP and DHCPv6 from the same process, which ifupdown-ng requires. Thus the IPv4 DHCP configuration given above will also result in the use of DHCPv6, but only if you install the dhcpcd package. (The ifupdown-ng scripts prioritize dhclient over udhcpc, and they prioritize dhcpcd over dhclient; see /usr/libexec/ifupdown-ng/dhcp .)
IPv6 Stateless Autoconfiguration
Add the following to the file /etc/network/interfaces , below the auto eth0 definition:
IPv6 Static Address Configuration
Add the following to the file /etc/network/interfaces , below the auto eth0 definition:
iface eth0 inet6 static address 2001:470:ffff:ff::2 netmask 64 gateway 2001:470:ffff:ff::1 pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra
Since Alpine Linux 3.13 (and only if you have ifupdown-ng installed) must be as:
iface eth0 inet6 static address 2001:470:ffff:ff::2/64 gateway 2001:470:ffff:ff::1 pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra
Example: Dual-Stack Configuration
This example shows a dual-stack configuration.
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.1.150 netmask 255.255.255.0 gateway 192.168.1.1 iface eth0 inet6 static address 2001:470:ffff:ff::2 netmask 64 gateway 2001:470:ffff:ff::1 pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra
Take care since Alpine 3.13 (and only if you have ifupdown-ng installed) must be as:
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.1.150/24 gateway 192.168.1.1 iface eth0 inet6 static address 2001:470:ffff:ff::2/64 gateway 2001:470:ffff:ff::1 pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra
Firewalling with iptables and ip6tables
Install iptables/ip6tables
Configure iptables/ip6tables
Save Firewall Rules
For iptables
- Set iptables to start on reboot
- rc-update add iptables
- Write the firewall rules to disk
- /etc/init.d/iptables save
- If you use Alpine Local Backup:
- Save the configuration
- lbu ci
For ip6tables
- Set ip6tables to start on reboot
- rc-update add ip6tables
- Write the firewall rules to disk
- /etc/init.d/ip6tables save
- If you use Alpine Local Backup:
- Save the configuration
- lbu ci
Activating Changes and Testing Connectivity
Changes made to /etc/network/interfaces can be activated by running:
If you did not get any errors, you can now test that networking is configured properly by attempting to ping out:
PING www.l.google.com (74.125.47.103) 56(84) bytes of data. 64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=1 ttl=48 time=58.5 ms 64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=2 ttl=48 time=56.4 ms 64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=3 ttl=48 time=57.0 ms 64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=4 ttl=48 time=60.2 ms ^C --- www.l.google.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3007ms rtt min/avg/max/mdev = 56.411/58.069/60.256/1.501 ms
For an IPv6 traceroute ( traceroute6 ), you will first need to install the iputils package:
traceroute to ipv6.l.google.com (2001:4860:8009::67) from 2001:470:ffff:ff::2, 30 hops max, 16 byte packets 1 2001:470:ffff:ff::1 (2001:470:ffff:ff::1) 3.49 ms 0.62 ms 0.607 ms 2 * * * 3 * * * 4 pr61.iad07.net.google.com (2001:504:0:2:0:1:5169:1) 134.313 ms 95.342 ms 88.425 ms 5 2001:4860::1:0:9ff (2001:4860::1:0:9ff) 100.759 ms 100.537 ms 89.907 ms 6 2001:4860::1:0:5db (2001:4860::1:0:5db) 115.563 ms 102.946 ms 106.191 ms 7 2001:4860::2:0:a7 (2001:4860::2:0:a7) 101.754 ms 100.475 ms 100.512 ms 8 2001:4860:0:1::c3 (2001:4860:0:1::c3) 99.272 ms 111.989 ms 99.835 ms 9 yw-in-x67.1e100.net (2001:4860:8009::67) 101.545 ms 109.675 ms 99.431 ms
Additional Utilities
iproute2
You may wish to install the ‘iproute2’ package (note that this will also install iptables if not yet installed)
This provides the ‘ss’ command which is IMHO a ‘better’ version of netstat.
Show listening tcp ports and associated processes:
Show listening and established tcp connections:
Show socket usage summary:
drill
You may also wish to install ‘drill’ (it will also install the ‘ldns’ package) which is a superior (IMHO) replacement for nslookup and dig etc:
Then use it as you would for dig:
drill alpinelinux.org @8.8.8.8
To perform a reverse lookup (get a name from an IP) use the following syntax:
Related articles
You may also wish to review the following network related articles:
How to setup a wireless access point
This material is work-in-progress .
Do not follow instructions here until this notice is removed.
(Last edited by Bt129 on 25 Jul 2021.)Install needed packages
apk add bridge hostapd wireless-tools wpa_supplicant
Check that the card is detected
Run cat /proc/net/dev to see which cards are detected. If no cards are available, check what driver the card uses and modprobe it. Check that the card is in master mode.
Setup Bridge
Setup the bridge by editing /etc/network/interfaces . Assuming you wish to bridge the access point to the ethernet device eth0 , you can add something like this:
auto br0 iface br0 inet dhcp hostname alpine bridge-ports eth0
Comment out any existing lines configuring eth0 as this should now be handled via the bridge configuration. It is not necessary to mention wlan0 here, as hostapd will take care of adding the device to the bridge later.
Please see Bridge for more information on network bridges.
Setup Encryption
Edit /etc/hostapd/hostapd.wpa_psk and insert the following, replacing PASSPHRASE with the WPA_PSK key you would like to use (remove keys that you don’t want to use):
Setup hostapd
Edit /etc/hostapd/hostapd.conf and make the necessary changes such as interface, bridge, driver, ssid, etc. Example file below:
interface=wlan0 bridge=br0 driver=hostap logger_syslog=-1 logger_syslog_level=2 logger_stdout=-1 logger_stdout_level=2 debug=0 dump_file=/tmp/hostapd.dump ctrl_interface=/var/run/hostapd ctrl_interface_group=0 ssid=SecureSSID #macaddr_acl=1 #accept_mac_file=/etc/hostapd/accept auth_algs=3 eapol_key_index_workaround=0 eap_server=0 wpa=3 wpa_psk_file=/etc/hostapd/hostapd.wpa_psk wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP
If you wish to use MAC address filtering, uncomment the lines starting with macaddr_acl and accept_mac_file, create /etc/hostapd/accept (with permissions set to 600) and add the allowed clients’ MAC address to the file.
Associate clients
Associate a few clients to test.
See also
NetworkManager
NetworkManager is a program that provides automatic detection and configuration for systems to connect to networks.
Installation
Then set it to autostart the service on boot:
# rc-update add networkmanager default
Also your user needs to be in the plugdev group:
Wireless networks
wpa_supplicant backend
Todo: (KDE Plasma Desktop) find out if it is possible to prevent requesting the password for KDE Wallet on login
[main] dhcp=internal plugins=ifupdown,keyfile [ifupdown] managed=true [device] wifi.scan-rand-mac-address=yes wifi.backend=wpa_supplicant
Now you need to stop conflicting services:
# rc-service networking stop
# rc-service wpa_supplicant stop
Now restart NetworkManager:
# rc-service networkmanager restart
Now connect to a network using one of the interfaces mentioned in Installation
If that connects and stays connected with no issues enable the networkmanager service and disable the networking and wpa_supplicant boot services:
# rc-update add networkmanager
# rc-update del networking boot
# rc-update del wpa_supplicant boot
iwd backend
NetworkManager supports wireless networks through existing issues before using it. After installation, enable the server and restart NetworkManager:
rc-service iwd start rc-service networkmanager restart
VPN support
Since version 1.16, NetworkManager has support for Wireguard[1].
Support for other VPN types is provided by plugins. They are provided in the following packages:
not authorized to control networking
You can enable all users to edit connections without adding polkit. First, make the conf.d directory for networkmanager: # mkdir -p /etc/NetworkManager/conf.d Then, add following content to /etc/NetworkManager/conf.d/any-user.conf :
- Save the configuration
- Save the configuration