Advanced Linux Networking

Although DHCP is a common method of configuration on many networks, it's not used universally . It's awkward to configure some systems (such as DHCP servers) via DHCP, and some networks simply lack DHCP servers. In these situations, you'll need to configure your computer's IP address manually. This section describes how to do this, starting with the tools to do the job a single time. The section entitled "Making Your Changes Permanent" describes how to configure your system to use your settings automatically whenever it reboots.

NOTE

Configuring Network Interfaces

Loading a driver, as described earlier in this chapter, is the first step in making a network interface available. To use the interface, you must assign it an IP address and associated information, such as its network mask (also called the subnet mask or netmask ). This job is handled by the ifconfig utility, which displays information on an interface or changes its configuration, depending upon how it's called.

Basic ifconfig Syntax and Use

The ifconfig utility's syntax is deceptively simple:

ifconfig [ interface ] [ options ]

The program behaves differently depending upon what parameters it's given. On a broad level, ifconfig can do several different things:

• If used without any parameters, ifconfig returns the status of all currently active network interfaces. Used in this way, ifconfig is a helpful diagnostic tool.

• If given a single interface name (such as eth0 or tr1 ), ifconfig returns information on that interface only. Again, this is a useful diagnostic tool.

• If fed options in addition to an interface name, ifconfig modifies the interface's operation according to the options' specifications. Most commonly, this means activating or deactivating an interface.

If you're using ifconfig to configure an interface, you'll be most concerned with the options you can pass to the utility. The utility's man page gives a complete listing of options, but the most important are the following:

• up address ” This option activates an interface and associates the specified IP address with the new interface. If the command doesn't also include a netmask option (described shortly), ifconfig assigns a netmask based on the class of the address, as shown in Table 2.2. In many cases, you can actually omit the up keyword; ifconfig assumes this if you give it an interface name and IP address.

• down ” This option is the opposite of up ; it closes down an interface.

• netmask nm ” This option sets the network mask of the interface, which determines which bits of the IP address correspond to a network address and which identify a specific computer on a network. If this option is omitted, ifconfig sets the netmask to a default value, as shown in Table 2.2. You can also provide the netmask as the number of bits of network address in part of the up address option, as described shortly.

• [-]promisc ” Ordinarily, a network card accepts only those packets that are directed at it, or at all systems on its network segment. This option enables ( promisc ) or disables ( -promisc ) promiscuous mode, in which the card reads all network packets that traverse its local network segment. Promiscuous mode is necessary for packet sniffers, which can be used as network diagnostic tools. (Crackers also use packet sniffers to acquire passwords that are sent unencrypted.) Some programs can enable promiscuous mode themselves . The default is to bring up an interface in nonpromiscuous mode.

Table 2.2. Traditional TCP/IP Classes and Their Network Masks

• mtu n ” This option sets the Maximum Transfer Unit (MTU) of an interface, which is the maximum size of low-level data packets. For Ethernet networks, the MTU is normally 1500, but you can set it to something else if you like. (Some routers and protocols use smaller MTUs, which can degrade performance if your system's MTU is set higher, because your larger packets will have to be broken up and sent as multiple packets.)

• add address/prefixlength ” This option is the equivalent of up and netmask , but works with IPv6, the next -generation Internet standard. As described in Chapter 1, IPv6 permits many more IP addresses than does the current IPv4. In 2002, IPv6 is still uncommon, but it's likely to become important in coming years .

• del address/prefixlength ” This option is the opposite of add ; it removes an IPv6 address from the interface.

• media type ” Some network cards include two or more media connectors (for instance, connectors for 10Base-2 and 10Base-T cabling). You can specify which connector you want to use with this option, as in media 10baseT . Consult the driver's documentation for details about what type values it accepts.

• hw class address ” This option allows you to control the hardware address of the network card. You might want to change this if you've replaced one network card with another but want to use the old hardware address to continue receiving the same IP address from a DHCP server, for instance. Also, manufacturers occasionally slip up and ship a large number of cards with identical hardware addresses, which can wreak havoc if you try to use several such cards on a single network. This option requires two suboptions: the class of the network device (such as ether for Ethernet or ARCnet for ARCnet) and the hardware address . This function works with many, but not all, network cards.

• txqueulen length ” This option sets the length of the transmit queue, which is the number of packets the interface will attempt to queue together. The default for Ethernet devices is 100, which usually works well. Setting a lower transmit queue length on slow connections may improve interactive performance (say, for a Telnet or SSH session).

In most cases, a simple ifconfig command will suffice to activate an interface. For instance, the following command activates the first Ethernet card with the address 172.23.45.67:

# ifconfig eth0 172.23.45.67

If you must use a more complex configuration, you may do so by adding parameters to the command, such as:

# ifconfig eth0 172.23.45.67 netmask 255.255.255.0 mtu 1420

The netmask specifies which parts of an IP address correspond to the network address, and which parts identify a specific computer. A computer uses this information in determining how to address outgoing packets, so setting it incorrectly can result in some computers being inaccessible. When converted to binary, the netmask consists of a series of binary 1 values followed by a series of binary 0 values. For instance, 255.255.255.0 is twenty-four 1 values followed by eight 0 values. A shorthand notation for the IP address and netmask is to follow the IP address with a slash ( / ) and the number of bits in the network portion of the address. For instance, 172.23.45.67/24 is equivalent to 172.23.45.67 with a netmask of 255.255.255.0. You can use this notation as part of the up addres option to ifconfig , instead of specifying a separate netmask nm option.

Configuring Multiple Network Interfaces

If a computer has multiple network interfaces, you must issue the ifconfig command once for each interface. For instance, you might issue the following two commands:

# ifconfig eth0 up 192.168.1.1 # ifconfig eth1 up 172.23.45.67/24

These commands configure eth0 on the 192.168.1.1 address (presumably for a local private network), and eth1 on 172.23.45.67, using a netmask of 255.255.255.0. Both interfaces will then function. How, though, does the computer know to which interface to send any given network packet? For instance, suppose a program tries to contact the computer at 10.9.8.7. Over which interface should Linux send this packet? It's the job of the routing table to answer this question. In fact, this question is important even for a single-interface computer, as described shortly.

Adjusting the Routing Table

The routing table directs traffic in two ways. First, it tells Linux over what interface to send traffic. This may seem obvious in a single-interface computer, but Linux supports a special virtual interface known as the localhost or loopback interface. This interface uses the 127.0.0.0/8 network, but it's usually addressed using just one IP address: 127.0.0.1. Because this interface exists on all computers, programs can use it when they need to use networking protocols to interface to other local programs. It's also faster than using the computer's regular network interface. Rules must exist to properly direct traffic to the localhost interface or the physical interface (and to a particular physical interface, if a computer has more than one). The second job of the routing table is to direct traffic that's destined for other computers on the local network, as opposed to computers that are located on remote networks and thus must be routed. In the case of local network traffic, Linux can use the Address Resolution Protocol (ARP) to communicate directly with the destination system, but remote targets need to be handled by a router or gateway system ”a computer that passes packets from one network to another. Most Linux systems' routing tables list just one gateway computer, but some complex configurations use multiple gateways. Configuring the routing table is the job of the route command.

NOTE

Understanding Routing Table Structure

The routing table consists of a series of entries specifying what to do with packets sent to certain ranges of IP addresses. When a program sends an outgoing packet to the kernel, the kernel compares the destination address to the destination address ranges in the routing table, starting with the most specific destination address ranges (that is, those that define the smallest networks). If the packet's destination matches one of these ranges, it's sent in the way specified by the routing table rule. If not, the next rule is checked. Normally, the most general rule in the routing table is known as the default route, which matches any address. The default route normally directs packets through the local network's gateway computer.

To understand this better, it may help to examine a sample routing table. Figure 2.2 shows the result of the route -n command, which displays the routing table, on one system. (The route command is discussed in more detail in the next section, "Basic route Syntax and Use.") Figure 2.2 shows the routing table entries from the most to the least specific. The first entry, for a destination of 255.255.255.255, is for broadcasts. These go out over the eth0 interface and do not involve a gateway. The next two entries, for destinations of 10.92.68.0 and 192.168.1.0, represent local network traffic for networks with netmasks of 255.255.255.0 (as shown in the Genmask column). Network addresses usually end in 0, but the network portion of the address is defined by the netmask, as described earlier. These entries send traffic to the eth1 and eth0 interfaces, respectively; a computer with just one network interface would probably have only one entry of this form. The fourth entry, for 127.0.0.0, is the localhost interface, as described earlier. (Some distributions, such as Debian, don't explicitly show this route, but it still works.) Note its interface device (in the Iface column) is lo . The final entry, for a destination of 0.0.0.0, is the default route. This address, in conjunction with the netmask of 0.0.0.0, matches any traffic that has not already been matched. It sends traffic over the eth1 interface, and it's the only route in this sample that uses a gateway ”10.92.68.1 in this case.

When you activated an interface with ifconfig , the utility automatically added one entry for the interface to your routing table. This entry corresponds to the local network route for the interface (the routes with netmasks of 255.255.255.0 in Figure 2.2). Default Linux startup scripts automatically add the localhost interface entry. The broadcast entry (for 255.255.255.255) is not required or active on most systems, but some utilities need this entry. In normal operation, the main routing table entry that's left to be defined is the one for the default route.

Basic route Syntax and Use

If it's given without any parameters, or with only certain parameters like -n (which produces numeric output rather than hostnames for entries like the gateway systems), route displays the current routing table. You can also use this tool to add, delete, or change routing table entries. To do this, you use route with additional parameters. The syntax for such use is as follows :

route add del [-net -host] target [netmask nm ] [gateway gw ] [metric m ] [mss m ] [window W ] [[dev] interface ]

Each of these parameters has a specific meaning:

• add del ” Specify add if you want to add a route, or del if you want to delete one. In either case, you must give enough information for route to act on the route. (For deletions, you can usually get away with nothing more than the target .)

• [-net -host] ” You can specify a target address as either a network ( -net ) or a single computer ( -host ). In most cases, route can figure this out for itself, but sometimes it needs prompting. This is particularly likely if you're adding a route for a second gateway (like a gateway that only handles one small subnet, rather than the default route's gateway).

• target ” The target address is the computer or network whose packets should be defined by the route. In the case of the default route, this will be 0.0.0.0 , or the equivalent keyword, default . This parameter is required when you add or delete a route.

• [netmask nm ] ” If your target network follows the traditional class structure for network addresses, Linux can determine what the netmask should be. If your network doesn't follow this pattern, though, you must include the netmask nm parameter, in which you give route the netmask. (Alternatively, you can include this information with the target address as the number of bits in the network component, as described earlier.)

• [gateway gw ] ” If you're adding a route that doesn't involve a gateway, you can omit this parameter. If you want to specify a gateway system, though, you must include the gateway gw parameter. You'll use this to define the default gateway or any other gateway system.

• [metric m ] ” If you examine Figure 2.2, you'll see a column labeled Metric . This column shows the routing metric for a route ”its estimated "cost" of delivery, which is normally associated with time. Slow routes should have high metrics, whereas fast routes should have low metrics. You can set this feature with the metric m parameter. This feature is normally only used on router computers, as described in Chapter 24, Advanced Router Options.

• [mss m ] ” The mss m option sets the Maximum Segment Size (MSS). Like the metric m option, this option is useful primarily on routers.

• [window W ] ” The TCP Window Size is the amount of data that a computer will send before it requires an acknowledgment from the recipient. If this value is set too small, network transfers may be slowed because the system will end up waiting for acknowledgments before sending new data. If it's set too high, the risk of having to re-send a lot of data because of errors will be increased. As a general rule, Linux's default TCP Window size of 64KB is acceptable. If your system uses a connection that's fast but that has very high latencies, such as a satellite broadband connection, you might consider raising this to 128KB or so.

• [[dev] interface ] ” Usually, Linux can figure out what interface to use from the target IP address or the gateway system's address. This might not always be true, though, and in such cases, you can force the issue by using the [dev] interface parameter. (The dev keyword is optional, and interface is the interface name, such as eth0 or tr1 .)

The most common use of route is to add the default route after adding the primary network interface using ifconfig . This use is fairly simple, as illustrated by this example:

# route add 0.0.0.0 gw 10.92.68.1

If you prefer, you can substitute the keyword default for 0.0.0.0 ; the two have precisely the same effect. On rare occasions, you must add a -net specification, device name, or some other option.

Multiple Interfaces with One Gateway

As noted earlier, each time you add an interface with ifconfig , that utility automatically adds an entry to your routing table for that interface. This does not extend to adding a gateway, however. As a consequence, the configuration required on many computers with multiple interfaces consists of two types of action:

1. Run ifconfig for each of the computer's interfaces.

2. Run route once to add the computer's default route to the routing table.

This set of steps will be adequate for a small router, such as a Linux computer that functions as a router for a small department in a larger organization. For a router, you'll also have to enable routing by turning on IP forwarding. You can do this by typing the following command:

# echo "1" > /proc/sys/net/ipv4/ip_forward

NOTE

NOTE

If you have just one external IP address but want to connect several computers to the Internet, you can use a special type of routing known as Network Address Translation (NAT). Chapter 25, Configuring iptables, covers this technology. The basic steps are the same as for a normal router, but NAT requires you to run extra commands to allow the router to translate addresses in order to make your entire network look like a single computer to the outside world.

Multiple Interfaces with Multiple Gateways

A trickier configuration is one in which a computer can use multiple gateways. Most systems use just one gateway, which is associated with the default route. The gateway ties the local network to some other network, and often ultimately to the Internet. There are other configurations possible, however. For instance, consider Figure 2.3. This figure depicts an environment in which an organization has connected two subnetworks via routers. The regular computers in both offices can be configured quite simply ”they need only point to their local routers as their gateways. Likewise, the router in Office 2 can point to the router in Office 1 as its sole gateway system, although the Office 2 router has two interfaces, as just discussed. The router in Office 1, however, requires a more complex configuration. Its default route leads to the Internet, but it must also configure a route to the Office 2 router for traffic destined for the 172.20.0.0/16 network. You might use a route command like the following to accomplish this goal:

# route add -net 172.20.0.0 netmask 255.255.0.0 gw 172.21.1.1

NOTE

This command assumes that Office 2's router talks to Office 1's router using the 172.21.1.1 address. (Note that this address is not part of the Office 2 network proper; it's on a different network card in Office 2's router.) The end result of issuing this command as well as a normal route command to define the default route will be a routing table that includes two gateways: one for the default route and one to handle traffic destined to Room 2's systems. None of the other computers that link to Office 1's router need to know anything about this arrangement; they only need to know that this router is the gateway for the default route.

There are other situations in which a similar configuration might be required. For instance, if Office 1 used a second router to link to the Internet, all of the computers in Office 1 would need to have two gateways defined: one default route pointing to the system that leads to the Internet, and a second route pointing to the router that leads to Office 2. (Alternatively, regular systems could list just one router, which could pass traffic to the other router when appropriate, but this would increase local network traffic.) Because a network with two routers involves more tricky configuration for all computers on the network, it's best to use a single router on any given subnet whenever possible.

Configuring DNS

Once an interface is active and a gateway set, a computer can send and receive network traffic destined for anywhere on its local network or any other network to which the gateway connects, directly or indirectly. Traffic must be addressed by IP address, though, which is tedious at best. It's the job of the Domain Name System (DNS) to provide a better user interface by converting the alphanumeric names (such as www.awl.com ) used by people to IP addresses used by computers. (DNS can also do the reverse conversion.)

DNS is a globally distributed database, but any given computer needs to know just one IP address to gain entry to that database: the address of a single DNS server. Most organizations and ISPs provide at least one DNS server, and many provide two or three. You should consult your network administrator to learn the addresses of your network's DNS servers. When you've obtained this information, you can enter it into the /etc/resolv.conf file. This file can have up to three lines that begin with the keyword nameserver and end with the IP address of a DNS server. The file can also specify the default domain of the Linux system (using the domain keyword) and an arbitrary number of domains that are to be searched when you omit a domain name (for instance, if you specify mail rather than mail.threeroomco.com ) using the search keyword. Listing 2.1 shows an example of an /etc/resolv.conf file illustrating these three keywords.

Listing 2.1 An example /etc/resolv.conf file

domain threeroomco.com search tworoomco.com fourroomco.com nameserver 10.98.17.34 nameserver 172.20.13.109

WARNING

Once you've edited /etc/resolv.conf to your liking, there's no command needed to activate the changes. Linux will simply begin using the specified name servers and searching the specified domains.

If you want Linux to function as a DNS server for your network, consult Chapter 18. This chapter includes information on running a DNS server, which can be used by other computers on your own network, by computers on the Internet at large, or by both, depending upon the server's configuration.

Setting the Hostname

Many TCP/IP protocols require that computers identify themselves by name to each other. To simplify configuration of individual programs, Linux maintains a global hostname setting, which can be viewed or set with the hostname command. Typing the command alone displays the current hostname. Typing the command followed by a hostname (as in hostnamelarch.threeroomco.com ) sets the hostname to the specified name. You can store the hostname in a file and pass that file to the hostname command with the -F or ”file option, as in hostname -f /etc/HOSTNAME . Most distributions do this automatically at boot time, although the location of the hostname varies from one distribution to another. Check /etc/ hostname , /etc/HOSTNAME , and the files listed in the Extra Configuration Files column of Table 2.1.

Unfortunately, although the ideal is to set the hostname once, this isn't always possible. Some user-level programs ”particularly e-mail clients and Usenet news readers ”allow users to override the default hostname setting. You or your users may therefore need to set the hostname in these programs, particularly if you ever change the hostname. You might also want to set the hostname in /etc/hosts . This file exists as a method of name resolution that's an alternative to DNS. It consists of lines that begin with an IP address and continue with a series of hostnames. Most commonly, the first hostname is a Fully-Qualified Domain Name (FQDN) ”that is, a complete hostname, including the machine name and the domain to which it belongs, as in larch.threeroomco.com . Subsequent names on the same line are "nicknames" ”normally shortened forms, such as larch . If your system's DNS settings are correct, and if your computer has appropriate entries in your network's DNS server, it won't be necessary to create an /etc/hosts entry for the computer. If your network's DNS servers, or the network path to those servers, is unreliable, however, creating an /etc/hosts entry for your computer can improve overall reliability. You might also want to ensure that the 127.0.0.1 address is represented, with hostnames of localhost.localdomain and localhost . Examples of both entries might resemble the following:

10.92.68.1 larch.threeroomco.com larch 127.0.0.1 localhost.localdomain localhost

TIP

If a computer has multiple network interfaces, you'll set one hostname using the hostname command, but you'll normally create multiple hostnames, one for each interface, in the /etc/hosts file, although this isn't required. (Your network's DNS servers will also normally have two or more names for the computer in this case.)

TIP

Making Your Changes Permanent

Some of the preceding procedures, such as adjusting hostnames in /etc/hosts and setting up name server addresses in /etc/resolv.conf , involve editing configuration files. These changes are permanent; once you make them, you won't need to make them again unless your configuration files become damaged or you reinstall Linux. Other changes, by contrast, are transient in nature. When you run ifconfig , route , or hostname to adjust a system feature, that change will last only as long as the computer runs or until it's undone by another action. If you reboot, the change will be lost. In order to make such a change permanent, you must adjust a startup script or configuration file, either by editing the file in a text editor or by using a GUI configuration tool.

Using a GUI Configuration Tool

One of the easiest ways to make a permanent change in a network setting is to do it with a GUI configuration tool ”at least, if your distribution includes such a tool. (Debian and Slackware both eschew the use of such tools.) Specific options include the following:

• Red Hat and Mandrake ” These distributions use a GUI configuration tool called Linuxconf, which is also used by some other distributions, such as LinuxPPC. The user interface differs slightly from one distribution to another. You can launch this tool by typing linuxconf . It operates in text mode using text-based menus, in GUI mode using GUI menus , and in an optional Web server mode to permit remote administration.

• SuSE ” SuSE uses Yet Another Setup Tool (YaST) as a menu-driven text-based tool, and YaST2 as a GUI counterpart to YaST. (Figure 2.1 shows YaST2 in operation.) Type yast or yast2 to launch these tools.

• Caldera ” Caldera uses the Caldera Open Administration System (COAS) as its GUI setup tool. It can be launched by typing coastool in an xterm window.

• TurboLinux ” TurboLinux uses the TurboLinux Configuration Center for a GUI configuration tool. You can launch it by typing turbocfgcenter .

• All Distributions ” The Webmin project (http://www.webmin.com/webmin/) is a Web-based administration tool that can be used with many different Linux distributions and non-Linux Unix-like systems. It's not installed by default with most distributions, but if your distribution is supported by Webmin, getting it running shouldn't be too difficult.

The exact details differ from one tool to another, but to configure a system using GUI tools, you must normally locate a network configuration menu, and possibly delve another layer or two into the interface to locate the settings you need to alter. You then enter the configuration options you want to set permanently. For instance, in Figure 2.1, you can click Static Address Setup and enter the IP address and netmask in the fields provided, then click the Hostname and Nameserver button and the Routing button to adjust these features.

One drawback to GUI tools is that they sometimes don't permit more advanced configurations. For instance, there might be no way to adjust a routing table with the precision required for configurations like those discussed earlier, in the section "Multiple Interfaces with Multiple Gateways." These tools are almost always adequate for simpler configurations, though. If you have trouble with the GUI tools, you can resort to directly editing the configuration files.

Editing Configuration Files

Table 2.1 gives the locations of configuration files in which DHCP client commands and extra configuration information are listed. These files also hold commands and configurations for handling static IP addresses. You should peruse these files, looking for calls to ifconfig , route , hostname , or other configuration commands. Some files don't include commands, but instead set environment variables that hold information such as whether the system uses DHCP or a static IP address configuration, and hold the static configuration information in the latter case. A perusal of the scripts and configuration files involved should be enough to let you configure your system.

Should you encounter problems with the normal configuration scripts, one way to force the issue is to create entries in a local startup script that call the configuration commands you want to use. Most distributions use /etc/rc.d/rc.local as a local startup script, but SuSE uses /etc/rc.d/ boot.local . Debian has no single local startup script, but you can create such a file in the /etc/rc.boot directory. When you create or edit such a script, you can enter any commands you like, including network commands like ifconfig and route . These commands will execute after other startup scripts, though, so this isn't the ideal location for most network configuration commands. It might be an acceptable way to get the system to add an unusual route, however, such as a gateway route for a single small subnet, as discussed earlier.