- Chapter 31. Configuring ip networking with ifcfg files
- 31.1. Configuring an interface with static network settings using ifcfg files
- 31.2. Configuring an interface with dynamic network settings using ifcfg files
- 31.3. Managing system-wide and private connection profiles with ifcfg files
- Learn the networking basics every sysadmin needs to know
- Linux security
- Great Linux resources
- Cloud services
Chapter 31. Configuring ip networking with ifcfg files
Interface configuration ( ifcfg ) files control the software interfaces for individual network devices. As the system boots, it uses these files to determine what interfaces to bring up and how to configure them. These files are named ifcfg- name_pass , where the suffix name refers to the name of the device that the configuration file controls. By convention, the ifcfg file’s suffix is the same as the string given by the DEVICE directive in the configuration file itself.
NetworkManager supports profiles stored in the keyfile format. However, by default, NetworkManager uses the ifcfg format when you use the NetworkManager API to create or update profiles.
In a future major RHEL release, the keyfile format will be default. Consider using the keyfile format if you want to manually create and manage configuration files. For details, see Manually creating NetworkManager profiles in keyfile format.
31.1. Configuring an interface with static network settings using ifcfg files
If you do not use the NetworkManager utilities and applications, you can manually configure a network interface by creating ifcfg files.
- To configure an interface with static network settings using ifcfg files, for an interface with the name enp1s0 , create a file with the name ifcfg-enp1s0 in the /etc/sysconfig/network-scripts/ directory that contains:
DEVICE=enp1s0 BOOTPROTO=none ONBOOT=yes PREFIX=24 IPADDR=10.0.1.27 GATEWAY=10.0.1.1
DEVICE=enp1s0 BOOTPROTO=none ONBOOT=yes IPV6INIT=yes IPV6ADDR=2001:db8:1::2/64
Additional resources
31.2. Configuring an interface with dynamic network settings using ifcfg files
If you do not use the NetworkManager utilities and applications, you can manually configure a network interface by creating ifcfg files.
- To configure an interface named em1 with dynamic network settings using ifcfg files, create a file with the name ifcfg-em1 in the /etc/sysconfig/network-scripts/ directory that contains:
DEVICE=em1 BOOTPROTO=dhcp ONBOOT=yes
DHCP_FQDN=fully.qualified.domain.name
You can use only one of these settings. If you specify both DHCP_HOSTNAME and DHCP_FQDN , only DHCP_FQDN is used.
PEERDNS=no DNS1=ip-address DNS2=ip-address
31.3. Managing system-wide and private connection profiles with ifcfg files
By default, all users on a host can use the connections defined in ifcfg files. You can limit this behavior to specific users by adding the USERS parameter to the ifcfg file.
Prerequisite
- Edit the ifcfg file in the /etc/sysconfig/network-scripts/ directory that you want to limit to certain users, and add:
USERS emphasis">username1 username2 . "
# nmcli connection up connection_name
Learn the networking basics every sysadmin needs to know
Networking is one of a sysadmin’s most important duties, so make sure you have the essentials covered.
One of the sysadmin’s most important domains is the network.
While understanding everything there is to know about networking is a big topic, there’s much to learn from your own humble Linux computer’s networking stack.
Learning basic networking commands can help you understand how a device knows what network to connect to, how to find a shared printer or a file share—or the biggest network of all, the internet.
This article covers the basics of network management using open source.
In computing, a network is a collection of two or more computers that can communicate.
In order for networking to facilitate communication between devices, the machines on the network must be able to find each other.
The systems responsible for making this possible are TCP and IP.
Transmission Control Protocol (TCP)
Communication requires a means of transport for messages between them, and computers communicate using digital signals carried over Ethernet cables or radio waves or microwaves.
The specifications for this are formally defined as the TCP protocol.
Linux security
Computers on a network identify themselves and each other with IP addresses, such as 10.0.0.1 or 192.168.0.8.
These are also generally mapped to hostnames, such as laptop and desktop or darkstar or penguin or whatever name you give each machine.
The specifications for this are formally defined as the IP protocol.
The most simple network possible is a single-node network.
This might seem like it’s cheating, but in fact, it’s a valid network in the sense that a computer needs to know how to address itself.
Each computer considers itself as the localhost node, with an internal-only IP address of 127.0.0.1.
You can verify this with the ping command:
$ ping -c 1 localhost PING localhost (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.031 ms
The localhost designation is defined in the /etc/hosts file:
$ cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
Having an internal IP address is significant because important services, such as the CUPS print server and the server management system Cockpit, provide interfaces over TCP/IP connections. To access them from the machine they’re running on, you can use localhost plus the port number (for instance localhost:631 or 127.0.0.1:631 ) in a web browser.
While a single-node network is useful for some tasks, a network usually refers to more than one computer.
Linux and the TCP/IP stack do a lot of work to make networking simple, but when automated settings aren’t good enough to get you the setup your organization needs, it’s up to you as the sysadmin to understand how to create network configurations.
To begin with, start simple and try creating a two-computer network.
To eliminate automatic settings so that you can get used to building a network yourself, try using a specially wired Ethernet cable called a crossover cable.
A crossover cable connects transmit signals coming from one computer to the appropriate receptors on another computer.
With no router between the computers, all network management must be done manually on each machine, making this a good introductory exercise for networking basics.
Using a crossover cable to connect two computers together, you eliminate any external network controller to offer guidance, so neither computer does anything to create or join a network.
In this simple setup, you are the ultimate networking authority.
To create a network, you first must assign an IP address to each computer.
The block reserved for self-assigned IP addresses is 169.254.x.x.
View your network interfaces on Linux
To create a network, you need network interfaces.
The Ethernet port is usually designated with the term eth plus a number starting with 0 , but some devices get reported with different terms.
You can discover the interfaces on a computer with the ip command:
$ ip address show 1: lo: mtu 65536 . link/loopback 00:00:00:00:00:00 brd . inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: . link/ether dc:a6:32:be:a3:e1 brd . 3: wlan0: . link/ether dc:a6:32:be:a3:e2 brd .
In this case, eth0 turns out to be the correct interface name.
However, you’ll see en0 or enp0s1 or similar in some cases, so it’s important to always verify a device name before using it.
Great Linux resources
Assign a static IP address on Linux
Normally, an IP address is assigned dynamically from a dedicated DHCP server or a router running an embedded DHCP server.
It’s the job of the DHCP server to broadcast offers for addresses over its network.
When a computer gets connected to a network, it requests an address.
The DHCP server assigns it one and registers which device on the network, identified by its media access control (MAC) address, has been assigned which address.
That’s how computers know how to find one another across a network.
In the case of this simple network, however, there is no DHCP server handing out IP addresses or registering devices, so you must create an IP address yourself.
To assign an IP address to a computer, use the ip command:
$ sudo ip address add 169.254.0.1 dev eth0
And again on the other computer, this time incrementing the IP address by 1:
$ sudo ip address add 169.254.0.2 dev eth0
Now each computer has a means of transport (the crossover cable) and a way to be found on the network (a unique IP address).
The problem is, neither computer knows it’s a member of a network.
Setting up a network route on Linux
Normally, an external router defines the paths that network traffic must take in order to get from point A to point B.
This is called a routing table, and it’s essentially a «city map» for your network.
For the simple network you’ve created, no routing table yet exists.
You can verify this with the route command on either or both computers:
$ route Kernel IP routing table Destination | Gateway | Genmask | Flags|Metric|Ref | Use | Iface $
Alternatively, you can use the ip command:
Either way, there’s no meaningful output because there is currently no route defined.
But you can add a route with the ip command:
$ sudo ip route \ add 169.254.0.0/24 \ dev eth0 \ proto static
This command adds a route to an address range starting from 169.254.0.0 and ending at 169.254.0.255 over the eth0 interface.
It sets the routing protocol to static to indicate that the route was created by you, the administrator, as an intentional override for any dynamic routing.
Verify your routing table with the route command:
$ route Kernel IP routing table Destination | Gateway | Genmask | . | Iface link-local | 0.0.0.0 | 255.255.255.0 | . | eth0
Or use the ip command for a different view:
$ ip route 169.254.0.0/24 dev eth0 proto static scope link
With those components in place, each computer can reach hosts beyond just localhost .
For example, from the computer assigned the address 169.254.0.1:
$ ping -c1 169.254.0.2 64 bytes from 169.254.0.2: icmp_seq=1 ttl=64 time=0.233 ms --- 169.254.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.244/0.244/0.244/0.000 ms
You can also view the neighbors you’ve interacted with:
$ ip neighbour 169.254.0.2 dev eth0 lladdr e8:6a:64:ac:ef:7c STALE
While it’s great for surprisingly fast file transfers, there aren’t many other needs for two-node hard-wired networks.
That’s where hardware like a network switch comes in.
A switch allows several Ethernet cables to be attached to it, and it distributes messages from the computer sending them to the intended destination, identified by its IP address.
On many modern general-purpose networks, a physical switch for physical cables isn’t practical or desired, so a WiFi access point is used instead, but the same principles apply.
Cloud services
Local networks connect many devices in practice, and the number is growing as more devices become network-aware.
When you connect a network to the internet (a network of inter-connected networks), that number goes up by orders of magnitude.
It’s impractical to configure a network manually. So everyday tasks are assigned to specific nodes on the network, and each computer runs a daemon to populate network settings received from authoritative servers on the network.
Each task is usually assigned to a separate dedicated server in a large network to ensure focus and resiliency.
- DHCP server to assign and track IP addresses to devices joining the network
- DNS server to convert registered domain names like redhat.com to IP addresses like 209.132.183.105
- Firewall to protect your network from unwanted incoming traffic or forbidden outgoing traffic
- Router to efficiently direct traffic on the network, serve as a gateway to other networks (such as the Internet), and perform network address translation (NAT)
Thanks to open source projects like VyOS, you can even run your own open source router built out of commodity hardware.
The more networking schemes you implement in your lab, the better you understand all the issues that can arise in the real world.
Sometimes the issues are borne of individual computers and devices; other times it’s hardware and infrastructure, and still other times it’s non-optimal design.
Practice setting up different network topographies, either with virtual machines or real hardware (or both), and get to know the open source tools of the trade.
Networking is a big topic, but networks are everywhere.
Invest in learning it now, and it’ll pay dividends, one way or another, sooner than later.