Saturday, May 21, 2011

Network Configuration

In this chapter we will look at the configuration of ethernet networking devices, the procedures for starting and stopping the interfaces, and some basic routing principles. If you only have one computer which you are using for your server and workstation (not ideal, but possible), then you may not have a network device to configure if you are using a USB modem.

Loading the Drivers

An operating system needs to work effectively with the hardware on the host computer, to achieve this it communicates with the internal devices using custom software which details the device's operational parameters. This small piece of software is called the device driver, and it needs to be loaded into the kernel before the devices will function effectively.

To load the network drivers automatically, they are placed into the /etc/modprobe.conf file so the modprobe application can load the drivers into the kernel in an intelligent fashion as required; normally by starting the network service.

The example modprobe configuration below is loading two sets of Realtek drivers r8169 and 8139too. Both of the drivers have been assigned an alias called eth0 and eth1 respectively. It is common during manual system configuration, that the drivers may be accidentally allocated the incorrect aliases. This is a simple issue to fix by swapping which drivers are allocated to which "eth" alias.

[bash]# vi /etc/modprobe.conf

alias eth0 r8169
alias eth1 8139too

Device drivers may be added manually as extra devices are installed.

Caution !! This HOWTO assumes the eth0 device will be located on the external (public) network.

You may also note that both IPv4 and IPv6 are fully active on your fresh Linux installation. If you want to disable IPv6 and only run IPv4, you can add the following entry to your "/etc/modprobe.conf" file (this will require a system reboot).

[bash]# vi /etc/modprobe.conf
alias net-pf-10 off

Internal Network Device

The configuration files and initialisation scripts for all of the networking devices are located in the /etc/sysconfig/network-scripts directory, and can easily be edited to adjust the parameters for each device.

The following configuration file for the eth1 device resembles a typical setup.

[bash]# vi /etc/sysconfig/network-scripts/ifcfg-eth1

# Internal Ethernet Device (STATIC)
DEVICE=eth1
TYPE=Ethernet
IPADDR=192.168.1.1
NETMASK=255.255.255.0
ONBOOT=yes
USERCTL=no
BOOTPROTO=static
PEERDNS=no
HWADDR=00:0D:61:67:D0:B2             <-- Adjust this, or leave MAC address blank.
IPV6INIT=no

This device is configured with the internal parameters used for the home network. Some minor points to note about the configuration file are:

ONBOOT
Specifies whether the devices should start when the system starts (depending on network service)
USERCTL
Directs that only root, or all system users can control the device
BOOTPROTO
The protocol type used to initialise the device (static | dhcp | none)
PEERDNS
Import the DNS nameserver settings into /etc/resolv.conf (careful if running own DNS)
HWADDR
Binds the physical MAC address of the device - see caution below

Caution !! Using the HWADDR parameter may cause problems if the MAC address does not match the intended device. For example, changing the physical devices or the name of the alias in /etc/modprobe.conf file. Leave this parameter blank if problematic and adjust later as required.

Note !! Some of the older style parameters like NETMASK and BROADCAST have been deprecated because they can be calculated by the system with the ipcalc command.

The /etc/sysconfig/network file contains basic information about the network in general. The GATEWAYDEV variable should specify which network device will be the gateway to the Internet when the network is fully functional (this may even be the "ppp0" device if using a modem connected to your ISP as your gateway).

[bash]# vi /etc/sysconfig/network

# Network Details
NETWORKING=yes
HOSTNAME=galaxy.example.com
GATEWAYDEV=eth0

External Network Device

The system being used as the gateway server will require at least two networking devices if the internal (private) network is going to be separated from the Internet, this will maintain a level of security for the private network. The external device may be another network card, broadband DSL/Cable modem, or another capable device.

The following configuration details the eth0 device is bound to MAC 00:00:21:E0:B8:B9, will be using the dhcp protocol, will not import the peer DNS settings, and will start up as the system boots. This configuration may be typical of a broadband modem that supplies an IP address to an internal host.

[bash]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

# External Ethernet Device (DYNAMIC)
DEVICE=eth0
TYPE=Ethernet
IPADDR=
NETMASK=
ONBOOT=yes
USERCTL=no
BOOTPROTO=dhcp
PEERDNS=no
HWADDR=00:00:21:E0:B8:B9
IPV6INIT=no

Starting the Interfaces

After the networking devices have been configured on the server, its time to start the interfaces to test if they are functioning. Network devices can be brought to the 'up' (active) state by using either of the following two commands if assigned a static IP address.

[bash]# ifup eth0
[bash]# ifconfig eth0 up

Alternatively, the following two commands will activate a device that is configured with a dynamic IP address.

[bash]# ifup eth0
[bash]# ifconfig eth0 dynamic up

Be sure to check the system log /var/log/messages to see if the devices are functioning as expected.

[bash]# tail /var/log/messages

The devices can also be put in the 'down' (inactive) state using either of these two commands.

[bash]# ifdown eth0
[bash]# ifconfig eth0 down

To enable the networking service to start automatically at boot time, use the chkconfig command to specify which runlevels the network service will be active. The service should also be tested with the initscripts by restarting the network service.

You should not need to do this however, as the network service should already to configured to run at startup automatically.

[bash]# chkconfig --level 2345 network on
[bash]# chkconfig --list network
[bash]# /etc/init.d/network restart

All going well, the network cards that have been configured are working correctly and the configurations can be checked with the following commands. This will display general configuration details about the interface, like the IP address, netmask address, and various packet counters.

[bash]# ifconfig eth1
[bash]# ifconfig -a

eth1      Link encap:Ethernet  HWaddr 00:0D:61:67:D0:B2
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:4812 (4.6 KiB)
          Interrupt:217 Base address:0xd000

Earlier on, the interfaces where configured using the setup files located in the /etc/sysconfig/network-scripts directory. The ifconfig command also allows the interfaces to be configured from the command line which allows quick initialisation if the configuration files are not available, or if the settings in the file need to be overridden for a short time, like in the following example.

[bash]# ifconfig eth1 inet 192.168.1.1 broadcast 192.168.1.255 netmask 255.255.255.0 up

Type 'man ifconfig' for more information on the interface configurator.

IP Routing Table

Before you send a letter to a colleague, you must write the destination address on the front of the envelope so that postal workers know where it needs to be sent. You also need to place your own address on the back of the envelope so the sender can reply to your letter, or in case it needs to be returned for some reason.

Sending packets of information across the Internet is based on the same principles; the packets need a destination and source address so the communicating entities can exchange data. When your local workstation sends a packet of information, it checks its local routing table to see if the packet's destination address is directly connected to any of its interfaces, if so it sends the packet directly out the correct interface and onto that host. If the packet is not destined for the local network, then the workstation searches the routing table for a routing device (gateway) that will take the packet for further processing; possibly outside and off to the Internet. If a gateway does not exist in the routing table, then the local workstation has no option but to reject sending the packet because it does not know where to send it.

Below is a basic diagram showing a server with two network devices, each connected to separate networks; eth1 to the private internal network, and eth0 to the ISP which is connected to the Internet.

                                  /-----------------------\
         /-----------------\      |   Server (Routing)    |      /-----------------\
         | Private Network |------|  eth1 : 192.168.1.1   |      | ISP Connection  |
         | 192.168.1.0/24  |      |-----------------------|      | REMOTE IP ADDR  |---> INTERNET
         \-----------------/      | 10.214.64.253 : eth0  |------| 10.214.64.254   |
                                  \-----------------------/      \-----------------/

If the server needs to send a data packet to address 192.168.1.15, it will deliver the packet out eth1 directly to the host in the private network. However, if the server now needs to send a packet to the 123.123.xxx.xxx network, then it can not decide which interface to send the packet, so it will be rejected.

By checking the routing table on the server, we can see there is no gateway device configured.

[bash]# route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.214.64.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1

This can be fixed by providing the routing table with a known gateway device using the following command.

[bash]# route add default gw 10.214.64.254 dev eth0

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.214.64.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
0.0.0.0         10.214.64.254   0.0.0.0         UG    0      0        0 eth0      <-- Default Gateway

The server has now been configured with a gateway device, so any packet of information that will not be delivered locally, will be transferred to the ISPs router at 10.214.64.254 for further processing. The ISPs router will then check its routing table and so forth through the Internet until the packet reaches its final destination.

                                   /-----------------------\
          /-----------------\      |   Server (Routing)    |      /-----------------\
          | Private Network |------|  eth1 : 192.168.1.1   |      | ISP Connection  |
          | 192.168.1.0/24  |      |-----------------------|      | REMOTE IP ADDR  |---> INTERNET
          \-----------------/      | 10.214.64.253 : eth0  |------| 10.214.64.254   |
                                   \-----------------------/      \-----------------/
                                gateway (eth0) = 10.214.64.245

During the configuration of the global network settings, each attached device (ethernet, modem, etc..) can be configured to act as a default gateway when the device is in the active state.

ZEROCONF

Most Linux distributions utilise the Zero Configuration Network (ZEROCONF) automation suite. This is an IETF workgroup that planned and coordinated a series of dynamic configuration protocols to allow many operating systems to automatically configure themselves and communicate on a network without the need of DHCP or DNS servers. ZEROCONF utilises the 169.254.0.0/16 network address to autoconfigure using a series of unanswered "ARP" queries and then assumes an address if the queries yield an empty result.

A route to the ZEROCONF network is added to the routing table by the network initscripts.

[bash]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.214.64.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1      <-- ZEROCONF default IP route
0.0.0.0         10.214.64.254   0.0.0.0         UG    0      0        0 eth0

ZEROCONF can be turned off by adding the following entry to the "/etc/sysconfig/network" configuration file.

[bash]# vi /etc/sysconfig/network
NOZEROCONF=yes

Note !! The value for the "NOZEROCONF" parameter can actually be set to any value, the initscripts only check to determine whether the parameter has zero length. So setting "NOZEROCONF=no" will have the same effect as setting it to "yes". You will need to comment or remove the variable to reactive ZEROCONF.

The networking service will need to be restarted before the changes will take effect.

[bash]# /etc/init.d/network restart

Checking the network routing table again will identify the ZEROCONF route has been disabled and removed from the routing table.

[bash]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.214.64.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
0.0.0.0         10.214.64.254   0.0.0.0         UG    0      0        0 eth0

ZEROCONF is also commonly referred to as IPv4 Link-Local (IPv4LL) and Automatic Private IP Addressing (APIPA).

http://www.brennan.id.au/04-Network_Configuration.html#external