Linux Networking: Sirak Kaewjamnong
Linux Networking: Sirak Kaewjamnong
Linux Networking: Sirak Kaewjamnong
Sirak Kaewjamnong
NIC: Network Interface Card Use ipconfig command to determine IP address, interface devices, and change NIC configuration Any device use symbol to determine
eth0: Ethernet device number 0 eth1: ethernet device number 1 lo : local loopback device Wlan0 : Wireless lan 0
Changing IP Address
We could give this eth0 interface an IP address using the ifconfig command.
Permanent IP configuration
Fedora Linux also makes life a little easier with interface configuration files located in the /etc/sysconfig/network-scripts directory. Interface eth0 has a file called ifcfg-eth0, eth1 uses ifcfg-eth1, and so on. Admin can place your IP address information in these files
BROADCAST=192.168.1.255 NETWORK=192.168.1.0
[root@network-scripts]#
6
After change the values in the configuration files for the NIC you have to deactivate and activate it for the modifications to take effect. The ifdown and ifup commands can be used to do this:
[root@network-scripts]# ifdown eth0 [root@network-scripts]# ifup eth0
In the previous slide, there were two wireless interfaces: wlan0 and wlan0:0. Interface wlan0:0 is actually a child interface wlan0, a virtual subinterface also known as an IP alias. IP aliasing is one of the most common ways of creating multiple IP addresses associated with a single NIC. Aliases have the name format parent-interfacename:X, where X is the sub-interface number of your choice.
10
First ensure the parent real interface exists Verify that no other IP aliases with the same name exists with the name you plan to use. In this we want to create interface wlan0:0. Create the virtual interface with the ifconfig command
Shutting down the main interface also shuts down all its aliases too. Aliases can be shutdown independently of other interfaces
11
Admin should also create a /etc/sysconfig/network-scripts/ifcfg-wlan0:0 file so that the aliases will all be managed automatically with the ifup and ifdown commands
DEVICE=wlan0:0 ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.99 NETMASK=255.255.255.0
The commands to activate and deactivate the alias interface would therefore be:
[root@tmp]# ifup wlan0:0 [root@tmp]# ifdown wlan0:0
12
The netstat -nr command will provide the contents of the touting table. Networks with a gateway of 0.0.0.0 are usually directly connected to the interface. No gateway is needed to reach your own directly connected interface, so a gateway address of 0.0.0.0 seems appropriate. The route with a destination address of 0.0.0.0 is your default gateway
13
#natstat nr command
[root@tmp]# netstat -nr Kernel IP routing table Destination Gateway Genmask 172.16.68.64 172.16.69.193 255.255.255.224 172.16.11.96 172.16.69.193 255.255.255.224 172.16.68.32 172.16.69.193 255.255.255.224 172.16.67.0 172.16.67.135 255.255.255.224 172.16.69.192 0.0.0.0 255.255.255.192 U 40 172.16.67.128 0.0.0.0 255.255.255.128 U 40 172.160.0 172.16.67.135 255.255.0.0 172.16.0.0 172.16.67.131 255.240.0.0 127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo 0.0.0.0 172.16.69.193 0.0.0.0 UG 40 0 0 eth1 [root@tmp]# Flags UG UG UG UG 0 0 0 0 UG UG MSS Window irtt Iface 40 0 0 eth1 40 0 0 eth1 40 0 0 eth1 40 0 0 eth0 eth1 eth0 40 0 0 eth0 40 0 0 eth0
14
In this case, make sure that the router/firewall with IP address 192.168.1.1 is connected to the same network as interface wlan0 Once done, you'll need to update /etc/sysconfig/network file to reflect the change. This file is used to configure your default gateway each time Linux boots.
NETWORKING=yes HOSTNAME=bigboy GATEWAY=192.168.1.1
15
16
Linux router
Router/firewall appliances that provide basic Internet connectivity for a small office or home network are becoming more affordable every day when budgets are tight you might want to consider modifying an existing Linux server to be a router
17
Configuring IP Forwarding
For your Linux server to become a router, you have to enable packet forwarding. In simple terms packet forwarding enables packets to flow through the Linux server from one network to another. The Linux kernel configuration parameter to activate this is named net.ipv4.ip_forward and can be found in the file /etc/sysctl.conf. Remove the "#" from the line related to packet forwarding.
18
/etc/sysctl.conf changing
Before: # Disables packet forwarding net.ipv4.ip_forward=0 After: # Enables packet forwarding net.ipv4.ip_forward=1
To activate the feature immediately you have to force Linux to read the /etc/sysctl.conf file with the sysctl command using the -p switch
[root@tmp]# sysctl -p
19
The /etc/hosts file is just a list of IP addresses and their corresponding server names. Your server will typically check this file before referencing DNS. If the name is found with a corresponding IP address then DNS won't be queried at all. Unfortunately, if the IP address for that host changes, you also have to also update the file. This may not be much of a concern for a single server, but can become laborious if it has to be done companywide. Use a centralized DNS server to handle most of the rest. Sometimes you might not be the one managing the DNS server, and in such cases it may be easier to add a quick /etc/hosts file entry till the centralized change can be made.
20
/etc/hosts
192.168.1.101 smallfry
You can also add aliases to the end of the line which enable you to refer to the server using other names. Here we have set it up so that smallfry can also be accessed using the names tiny and littleguy.
192.168.1.101 smallfry tiny littleguy
21
/etc/hosts
You should never have an IP address more than once in this file because Linux will use only the values in the first entry it finds.
192.168.1.101 smallfry # (Wrong) 192.168.1.101 tiny # (Wrong) 192.168.1.101 littleguy # (Wrong)
22
NIC duplex and speed incompatibilities Network congestion Poor routing Bad cabling Electrical interference An overloaded server at the remote end of the connection Misconfigured DNS
24
All sources of slowness can become so severe that connectivity is lost. Additional sources of disconnections are:
Power failures The remote server or an application on the remote server being shut down.
25
Server won't be able to communicate with any other device on network unless the NIC's "link" light is on. This indicates that the connection between server and the switch/router is functioning correctly. In most cases a lack of link is due to the wrong cable type being used. There are two types of Ethernet cables crossover and straight-through. Always make sure you are using the correct type.
26
If you have an extensive network, investment in a battery-operated cable tester for basic connectivity testing is invaluable. More sophisticated models in the market will be able to tell you the approximate location of a cable break and whether an Ethernet cable is too long to be used
27
The ifconfig command without any arguments gives all the active interfaces on the system. Interfaces will not appear if they are shut down. The ifconfig -a command provides all the network interfaces, whether they are functional or not. Interfaces that are shut down by the systems administrator or are nonfunctional will not show an IP address line and the word UP will not show in the second line of the output
28
Shutdown interface
wlan0 Link encap:Ethernet HWaddr 00:06:25:09:6A:D7 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:2924 errors:0 dropped:0 overruns:0 frame:0 TX packets:2287 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:180948 (176.7 Kb) TX bytes:166377 (162.4 Kb) Interrupt:10 Memory:c88b5000-c88b6000
Active interface
wlan0 Link encap:Ethernet HWaddr 00:06:25:09:6A:D7 inet addr:216.10.119.243 Bcast:216.10.119.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2924 errors:0 dropped:0 overruns:0 frame:0 TX packets:2295 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:180948 (176.7 Kb) TX bytes:166521 (162.6 Kb) Interrupt:10 Memory:c88b5000-c88b6000
29
Using mii-tool
The mii-tool command is the original Linux tools for setting the speed and duplex of NIC card. It is destined to be deprecated and replaced by the newer ethtool command, but many older NICs support only mii-tool. Issuing the command without any arguments gives a brief status report
[root@rose ~]# mii-tool eth0: negotiated 100baseTx-FD, link ok eth1: negotiated 100baseTx-FD, link ok [root@rose ~]#
30
#mii-tool -v
By using the verbose mode -v switch can get much more information. In this case, negotiation was OK, with the NIC selecting 100Mbps, full duplex mode (FD):
[root@rose ~]# mii-tool -v eth0: negotiated 100baseTx-FD, link ok product info: vendor 00:00:00, model 0 rev 0 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control eth1: negotiated 100baseTx-FD, link ok product info: Intel 82555 rev 4 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD [root@rose ~]#
31
Using ethtool
The ethtool command is slated to be the replacement for mii-tool in the near future and tends to be supported by newer NIC cards.
The command provides the status of the interface you provide as its argument
#ethtool eth0
32
ethtool example
[root@rose ~]# ethtool eth1 Settings for eth1: Supported ports: [ TP MII ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full Advertised auto-negotiation: Yes Speed: 100Mb/s Duplex: Full Port: MII PHYAD: 1 Transceiver: internal Auto-negotiation: on Supports Wake-on: g Wake-on: g Current message level: 0x00000007 (7) Link detected: yes [root@rose ~]#
33
Unlike mii-tool, ethtool settings can be permanently set as part of the interface's configuration script with the ETHTOOL_OPTS variable. In example, the settings will be set to 100 Mbps, full duplex with no chance for auto-negotiation on the next reboot:
# # File: /etc/sysconfig/network-script/ifcfg-eth0 # DEVICE=eth0 IPADDR=192.168.1.100 NETMASK=255.255.255.0 BOOTPROTO=static ONBOOT=yes ETHTOOL_OPTS="speed 100 duplex full autoneg off"
34
Collisions: Signifies when the NIC card detects itself and another server on the LAN attempting data transmissions at the same time. Collisions can be expected as a normal part of Ethernet operation and are typically below 0.1% of all frames sent. Higher error rates are likely to be caused by faulty NIC cards or poorly terminated cables. Single Collisions: The Ethernet frame went through after only one collision Multiple Collisions: The NIC had to attempt multiple times before successfully sending the frame due to collisions.
35
CRC Errors: Frames were sent but were corrupted in transit. The presence of CRC errors, but not many collisions usually is an indication of electrical noise.
Make sure that you are using the correct type of cable, that the cabling is undamaged and that the connectors are securely fastened.
Frame Errors: An incorrect CRC and a non-integer number of bytes are received. This is usually the result of collisions or a bad Ethernet device.
36
FIFO and Overrun Errors: The number of times that the NIC was unable of handing data to its memory buffers because the data rate the capabilities of the hardware. This is usually a sign of excessive traffic. Length Errors: The received frame length was less than or exceeded the Ethernet standard. This is most frequently due to incompatible duplex settings. Carrier Errors: Errors are caused by the NIC card losing its link connection to the hub or switch. Check for faulty cabling or faulty interfaces on the NIC and networking equipment.
37
The ifconfig command shows the number of overrun, carrier, dropped packet and frame errors.
eth1
Link encap:Ethernet HWaddr 00:D0:B7:17:33:7D inet addr:172.27.21.199 Bcast:172.27.21.255 Mask:255.255.255.0 inet6 addr: fe80::2d0:b7ff:fe17:337d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2153169 errors:0 dropped:0 overruns:0 frame:0 TX packets:312348 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:260613351 (248.5 MiB) TX bytes:363578058 (346.7 MiB)
38
The netstat command is very versatile and can provide a limited report when used with the -i switch. This is useful for systems where mii-tool or ethtool are not available.
-i
RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg 10313242 0 0 6 13684527 0 0 0 BMRU 2153176 0 0 0 312348 0 0 0 BMRU 17407 0 0 0 17407 0 0 0 LRU
[root@rose ~]# netstat Kernel Interface table Iface MTU Met eth0 1500 0 eth1 1500 0 lo 164360 [root@rose ~]#
39
The Linux ping command will send continuous pings, once a second, until stopped with a Ctrl-C. Here is an example of a successful ping to the server bigboy at 192.168.1.100
[root@smallfry tmp]# ping 192.168.1.101 PING 192.168.1.101 (192.168.1.101) from 192.168.1.100 : 56(84) bytes of data. 64 bytes from 192.168.1.101: icmp_seq=1 ttl=128 time=3.95 ms 64 bytes from 192.168.1.101: icmp_seq=2 ttl=128 time=7.07 ms 64 bytes from 192.168.1.101: icmp_seq=3 ttl=128 time=4.46 ms 64 bytes from 192.168.1.101: icmp_seq=4 ttl=128 time=4.31 ms --- 192.168.1.101 ping statistics --4 packets transmitted, 4 received, 0% loss, time 3026ms rtt min/avg/max/mdev = 3.950/4.948/7.072/1.242 ms [root@smallfry tmp]#
40
A server with that IP address doesn't exist The server has been configured not to respond to pings A firewall or router along the network path is blocking ICMP traffic You have incorrect routing. Check the routes and subnet masks on both the local and remote servers and all routers in between. Either the source or destination device having an incorrect IP address or subnet mask.
41
References
http://www.linuxhomenetworking.com/ http://en.wikipedia.org/wiki/Main_Page
42