Manual configuration of the network software should always be the last alternative. Using YaST is recommended. However, this background information about the network configuration can also assist your work with YaST.
When the kernel detects a network card and creates a corresponding network interface, it assigns the device a name depending on the order of device discovery, or order of the loading of the kernel modules. The default kernel device names are only predictable in very simple or tightly controlled hardware environments. Systems which allow adding or removing hardware during runtime, or support automatic configuration of devices cannot expect stable network device names assigned by the kernel across reboots.
However, all system configuration tools rely on persistent interface names.
The problem is solved by udev. udev maintains a database of known network
interfaces and renames interfaces from their kernel assigned names to
persistent names stored in the database. The udev database of network
interfaces is stored in the file
/etc/udev/rules.d/70-persistent-net.rules
. Every line
in the file describes one network interface and specifies its persistent
name. System administrators can change the assigned names by editing the
NAME=""
entries. After the network device has been
renamed to the configured name by udev, the ifup command
applies the system configuration to the interface.
Table 14.5, “Manual Network Configuration Scripts” summarizes the most important scripts involved in the network configuration.
Table 14.5. Manual Network Configuration Scripts
Command | Function |
---|---|
if{up,down,status} |
The |
rcnetwork |
The |
More information about udev and persistent device names is available in Chapter 11, Dynamic Kernel Device Management with udev.
This section provides an overview of the network configuration files and explains their purpose and the format used.
These files contain the configurations for network interfaces. They include
information such as the start mode and the IP address. Possible parameters
are described in the manual page of ifup
.
Additionally, all variables from the files dhcp
,
wireless
, and config
can be used
in the ifcfg-*
files if a general setting should be
used for only one interface.
The file config
contains general settings for the
behavior of ifup, ifdown, and
ifstatus. dhcp
contains settings
for DHCP and wireless
for wireless LAN cards. The
variables in all three configuration files are commented and can also be
used in ifcfg-*
files, where they are treated with
higher priority.
The static routing of TCP/IP packets is determined here. All the static
routes required by the various system tasks can be entered in the
/etc/sysconfig/network/routes
file: routes to a host,
routes to a host via a gateway, and routes to a network. For each
interface that needs individual routing, define an additional
configuration file: /etc/sysconfig/network/ifroute-*
.
Replace *
with the name of the interface. The entries
in the routing configuration files look like this:
# Destination Dummy/Gateway Netmask Device # 127.0.0.0 0.0.0.0 255.255.255.0 lo 204.127.235.0 0.0.0.0 255.255.255.0 eth0 default 204.127.235.41 0.0.0.0 eth0 207.68.156.51 207.68.145.45 255.255.255.255 eth1 192.168.0.0 207.68.156.51 255.255.0.0 eth1
The route's destination is in the first column. This column may contain the IP address of a network or host or, in the case of reachable name servers, the fully qualified network or hostname.
The second column contains the default gateway or a gateway through which a
host or network can be accessed.
The third column contains the netmask for networks or hosts behind a
gateway. For example, the mask is 255.255.255.255
for a
host behind a gateway.
The fourth column is only relevant for networks connected to the local host such as loopback, Ethernet, ISDN, PPP, and dummy device. The device name must be entered here.
An (optional) fifth column can be used to specify the type of a route.
Columns that are not needed should contain a minus sign
-
to ensure that the parser correctly interprets the
command. For details, refer to the routes(5)
man
page.
The domain to which the host belongs is specified in this file (keyword
search
). Also listed is the status of the name
server address to access (keyword nameserver
).
Multiple domain names can be specified. When resolving a name that is not
fully qualified, an attempt is made to generate one by attaching the
individual search
entries. Use multiple
name servers
by entering several lines, each beginning with
nameserver
. Precede comments with
#
signs. YaST enters the specified
name server in this file. Example 14.5, “/etc/resolv.conf
”
shows what /etc/resolv.conf
could look like.
Example 14.5. /etc/resolv.conf
# Our domain search example.com # # We use dns.example.com (192.168.1.116) as nameserver nameserver 192.168.1.116
Some services, like pppd (wvdial),
ipppd (isdn),
dhcp (dhcpcd and
dhclient), and pcmcia modify the
file /etc/resolv.conf
by means of the script
modify_resolvconf
. If the file
/etc/resolv.conf
has been temporarily modified by
this script, it contains a predefined comment giving information about the
service that modified it, the location where the original file has been
backed up, and how to turn off the automatic modification mechanism. If
/etc/resolv.conf
is modified several times, the file
includes modifications in a nested form. These can be reverted in a clean
way even if this reversal takes place in an order different from the order
in which modifications were introduced. Services that may need this
flexibility include isdn and pcmcia.
If a service was not terminated in a normal, clean way,
modify_resolvconf
can be used to restore the original
file. Also, on system boot, a check is performed to see whether there is
an uncleaned, modified resolv.conf
, for example,
after a system crash, in which case the original (unmodified)
resolv.conf
is restored.
YaST uses the command modify_resolvconf
check
to find out whether
resolv.conf
has been modified and subsequently
warns the user that changes will be lost after restoring the file.
Apart from this, YaST does not rely on
modify_resolvconf
, which means that the impact of
changing resolv.conf
through YaST is the same as
that of any manual change. In both cases, changes have
a permanent effect. Modifications requested by the
mentioned services are only temporary.
In this file, shown in Example 14.6, “/etc/hosts
”, IP addresses
are assigned to hostnames. If no name server is implemented, all hosts to
which an IP connection will be set up must be listed here. For each host,
enter a line consisting of the IP address, the fully qualified hostname,
and the hostname into the file. The IP address must be at the beginning of
the line and the entries separated by blanks and tabs. Comments are always
preceded by the #
sign.
Example 14.6. /etc/hosts
127.0.0.1 localhost 192.168.2.100 jupiter.example.com jupiter 192.168.2.101 venus.example.com venus
Here, network names are converted to network addresses. The format is
similar to that of the hosts
file, except the network
names precede the addresses. See Example 14.7, “/etc/networks
”.
Name resolution—the translation of host and network names via the
resolver library—is controlled by this file.
This file is only used for programs linked to libc4 or libc5. For
current glibc programs, refer to the settings in
/etc/nsswitch.conf
. A parameter must always stand
alone in its own line. Comments are preceded by a #
sign. Table 14.6, “Parameters for /etc/host.conf” shows
the parameters available. A sample /etc/host.conf
is shown in
Example 14.8, “
/etc/host.conf
”.
Table 14.6. Parameters for /etc/host.conf
order hosts, bind | Specifies in which order the services are accessed for the name resolution. Available arguments are (separated by blank spaces or commas): |
hosts: Searches the
| |
bind: Accesses a name server | |
nis: Uses NIS | |
multi on/off | Defines if a host entered in
|
nospoof on spoofalert on/off | These parameters influence the name server spoofing, but, apart from that, do not exert any influence on the network configuration. |
trim domainname |
The specified domain name is separated from the hostname after
hostname resolution (as long as the hostname includes the domain
name).
This option is useful if only names from the local domain are in the
|
Example 14.8.
/etc/host.conf
# We have named running order hosts bind # Allow multiple address multi on
The introduction of the GNU C Library 2.0 was accompanied by the
introduction of the Name Service Switch (NSS). Refer
to the nsswitch.conf(5)
man page and
The GNU C Library Reference Manual for details.
The order for queries is defined in the file
/etc/nsswitch.conf
. A sample
nsswitch.conf
is shown
in Example 14.9, “/etc/nsswitch.conf
”.
Comments are introduced by #
signs.
In this example, the entry under the hosts
database means that a request is
sent to /etc/hosts
(files
)
via DNS.
Example 14.9. /etc/nsswitch.conf
passwd: compat group: compat hosts: files dns networks: files dns services: db files protocols: db files netgroup: files automount: files nis
The “databases” available over NSS are listed in
Table 14.7, “Databases Available via /etc/nsswitch.conf”. In addition,
automount
, bootparams
,
netmasks
, and publickey
are
expected in the near future.
The configuration options for NSS databases are listed in
Table 14.8, “Configuration Options for NSS “Databases””.
Table 14.7. Databases Available via /etc/nsswitch.conf
|
Mail aliases implemented by |
| Ethernet addresses. |
|
For user groups, used by |
|
For hostnames and IP addresses, used by
|
|
Valid host and user lists in the network for the purpose of
controlling access permissions; see
the |
|
Network names and addresses, used by
|
|
User passwords, used by |
|
Network protocols, used by |
|
Remote procedure call names and
addresses, used by |
|
Network services, used by |
|
Shadow passwords of users, used by
|
Table 14.8. Configuration Options for NSS “Databases”
|
directly access files, for example,
|
| access via a database |
| NIS, see also Chapter 19, Using NIS |
|
can only be used as an extension for |
|
can only be used as an extension for |
This file is used to configure nscd
(name service cache daemon). See
the nscd(8)
and
nscd.conf(5)
man pages.
By default, the system entries of passwd
and
groups
are cached by nscd.
This is important for the performance of
directory services, like NIS and LDAP,
because otherwise the network connection needs to be used
for every access to names or groups.
hosts
is not cached by default, because the mechanism
in nscd to cache hosts makes the local
system unable to trust forward and reverse lookup checks. Instead
of asking nscd to cache names, set up
a caching DNS server.
If the caching for passwd
is activated, it usually takes about fifteen seconds
until a newly added local user is recognized. Reduce this waiting
time by restarting nscd
with the command
rcnscd restart
.
Before you write your configuration to the configuration files, you can test it. To set up a test configuration, use the ip command. To test the connection, use the ping command. Older configuration tools, ifconfig and route, are also available.
The commands ip, ifconfig, and route change the network configuration directly without saving it in the configuration file. Unless you enter your configuration in the correct configuration files, the changed network configuration is lost on reboot.
ip is a tool to show and configure routing, network devices, policy routing, and tunnels. It was designed as a replacement for the older tools ifconfig and route.
ip is very a complex tool.
Its common syntax is
ip
.
You can work with the following objects:options
object
command
This object represents a network device.
This object represents the IP address of device.
This object represents a ARP or NDISC cache entry.
This object represents the routing table entry.
This object represents a rule in the routing policy database.
This object represents a multicast address.
This object represents a multicast routing cache entry.
This object represents a tunnel over IP.
If no command is given, the default command is used, usually list.
Change the state of a device with the command ip link
set device_name
command
.
For example, to deactivate device eth0, enter ip link
seteth0 down
. To activate it again, use
ip link seteth0 up
.
After activating a device, you can configure it. To set the IP address,
use ip addr
add
. For example, to set the
address of the interface eth0 to 192.168.12.154/30 with standard broadcast
(option ip_address
+ dev
device_name
brd
), enter ip
addr add 192.168.12.154/30 brd + dev
eth0
.
To have a working connection, you must also configure the default gateway.
To set a gateway for your system, enter ip route
add gateway_ip_address
. To translate one
IP address to another, use nat: ip route add
nat ip_address
via other_ip_address
.
To display all devices, use ip link ls. To display the
running interfaces only, use ip link ls up. To print
interface statistics for a device, enter ip -s link
ls device_name
. To view addresses of your
devices, enter ip addr. In the output of the
ip addr, also find information about MAC addresses of
your devices. To show all routes, use ip route show.
For more information about using ip, enter
ip help
or see the
ip(8)
man page. The help
option
is also available for all ip objects. If, for example, you want to read
help for ip addr
, enter
ip addr help
. Find the ip manual
in /usr/share/doc/packages/iproute2/ip-cref.pdf
.
The ping command is the standard tool for testing whether a TCP/IP connection works. It uses the ICMP protocol to send a small data packet, ECHO_REQUEST datagram, to the destination host, requesting an immediate reply. If this works, ping displays a message to that effect, which indicates that the network link is basically functioning.
ping does more than test only the function of the connection between two computers: it also provides some basic information about the quality of the connection. In Example 14.10, “Output of the Command ping”, you can see an example of the ping output. The second-to-last line contains information about number of transmitted packets, packet loss, and total time of ping running.
As the destination, you can use a hostname or IP address, for example,
ping example.com
or
ping 192.168.3.100
.
The program sends packets until you press
Ctrl+C.
If you only need to check the functionality of the connection, you can
limit the number of the packets with the -c
option. For
example to limit ping to three packets, enter
ping -c 3 example.com
.
Example 14.10. Output of the Command ping
ping -c 3 example.com PING example.com (192.168.3.100) 56(84) bytes of data. 64 bytes from example.com (192.168.3.100): icmp_seq=1 ttl=49 time=188 ms 64 bytes from example.com (192.168.3.100): icmp_seq=2 ttl=49 time=184 ms 64 bytes from example.com (192.168.3.100): icmp_seq=3 ttl=49 time=183 ms --- example.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2007ms rtt min/avg/max/mdev = 183.417/185.447/188.259/2.052 ms
The default interval between two packets is one second. To change the interval,
ping provides option -i
. For example to
increase ping interval to ten seconds, enter
ping -i 10 example.com
.
In a system with multiple network devices, it is sometimes useful to send
the ping through a specific interface address. To do so, use the
-I
option with the name of the selected device, for
example,
ping -I wlan1 example.com
.
For more options and information about using ping,
enter ping -h
or see the
ping (8)
man page.
ifconfig is a traditional network configuration tool. In contrast to ip, you can use it only for interface configuration. If you want to configure routing, use route.
![]() | ifconfig and ip |
---|---|
The program ifconfig is obsolete. Use ip instead. |
Without arguments, ifconfig displays the status of the currently active
interfaces. As you can see in Example 14.11, “Output of the ifconfig Command”, ifconfig has very well-arranged
and detailed output. The output also contains information about the MAC
address of your device, the value of HWaddr
, in the first
line.
Example 14.11. Output of the ifconfig Command
eth0 Link encap:Ethernet HWaddr 00:08:74:98:ED:51 inet6 addr: fe80::208:74ff:fe98:ed51/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:634735 errors:0 dropped:0 overruns:4 frame:0 TX packets:154779 errors:0 dropped:0 overruns:0 carrier:1 collisions:0 txqueuelen:1000 RX bytes:162531992 (155.0 Mb) TX bytes:49575995 (47.2 Mb) Interrupt:11 Base address:0xec80 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:8559 errors:0 dropped:0 overruns:0 frame:0 TX packets:8559 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:533234 (520.7 Kb) TX bytes:533234 (520.7 Kb) wlan1 Link encap:Ethernet HWaddr 00:0E:2E:52:3B:1D inet addr:192.168.2.4 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::20e:2eff:fe52:3b1d/64 Scope:Link UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 RX packets:50828 errors:0 dropped:0 overruns:0 frame:0 TX packets:43770 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:45978185 (43.8 Mb) TX bytes:7526693 (7.1 Mb)
For more options and information about using ifconfig,
enter ifconfig -h
or see the
ifconfig (8)
man page.
route is a program for manipulating the IP routing table. You can use it to view your routing configuration and add or remove of routes.
![]() | route and ip |
---|---|
The program route is obsolete. Use ip instead. |
route is especially useful if you need quick and comprehensible
information about your routing configuration to determine problems
with routing. To view your current routing configuration, enter
route
-n
as root
.
Example 14.12. Output of the route -n Command
route -n Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.20.0.0 * 255.255.248.0 U 0 0 0 eth0 link-local * 255.255.0.0 U 0 0 0 eth0 loopback * 255.0.0.0 U 0 0 0 lo default styx.exam.com 0.0.0.0 UG 0 0 0 eth0
For more options and information about using route,
enter route -h
or see the
route (8)
man page.
Apart from the configuration files described above, there are also various scripts that load the network programs while the machine is booting. These are started as soon as the system is switched to one of the multiuser runlevels. Some of these scripts are described in Table 14.9, “Some Start-Up Scripts for Network Programs”.
Table 14.9. Some Start-Up Scripts for Network Programs
This script handles the configuration of the network interfaces. If the network service was not started, no network interfaces are implemented. | |
Starts xinetd. xinetd can be used to make server services available on the system. For example, it can start vsftpd whenever an FTP connection is initiated. | |
Starts the portmapper needed for the RPC server, such as an NFS server. | |
Starts the NFS server. | |
Controls the postfix process. | |
Starts the NIS server. | |
Starts the NIS client. |