networking - ubuntu - vocongminh's blog · 8/1/2018 · networking - ubuntu. 2 contents ......
TRANSCRIPT
Đặng Thanh Bình
Networking - Ubuntu
2
Contents
• Ethernet Interfaces • IP Addressing• Multiple IP Addresses for One Interface • Name Resolution • Bridging• NetworkManager
ETHERNET INTERFACE
4
Intro
• Ethernet interfaces are identified by the system using the naming convention of ethX, where X represents a numeric value
• The first Ethernet interface is typically identified as eth0, the second as eth1– All others should move up in numerical
order.
5
Identify Ethernet Interfaces
• Identify all available Ethernet interfacesifconfig a | grep etheth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a
• Another application that can help identify all network interfaces available to your system is the lshw command
6
lshw commandsudo lshw class network *network description: Ethernet interface product: BCM4401B0 100BaseTX vendor: Broadcom Corporation physical id: 0 bus info: pci@0000:03:00.0 logical name: eth0 version: 02 serial: 00:15:c5:4a:16:5a size: 10MB/s capacity: 100MB/s width: 32 bits clock: 33MHz capabilities: (snipped for brevity) configuration: (snipped for brevity) resources: irq:17 memory:ef9fe000ef9fffff
7
Ethernet Interfaces Logical Names
• Interface logical names are in the file /etc/udev/rules.d/70-persistent-net.rules.
• Procedure:– Find the line matching the interfaces
physical MAC address– Modify the value of NAME=ethX to the
desired logical name. – Reboot the system to commit your
changes.
8
Ethernet Interface Settings
• ethtool is a program that displays and changes Ethernet card settings such as– Auto-negotiation– port speed– duplex mode– Wake-on-LAN
• Not installed by default, but is available for installation in the repositories.
• sudo aptget install ethtool
9
ethtool examplesudo ethtool eth0Settings for eth0: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Half 1000baseT/Full Supports autonegotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Half 1000baseT/Full Advertised autonegotiation: Yes Speed: 1000Mb/s Duplex: Full Port: Twisted Pair PHYAD: 1 Transceiver: internal Autonegotiation: on Supports Wakeon: g Wakeon: d Current message level: 0x000000ff (255) Link detected: yes
10
ethtool
• Changes made with the ethtool command are temporary and will be lost after a reboot
• To retain settings, add the desired ethtool command to a pre-up statement in the interface config file /etc/network/interfaces.
• Exampleauto eth0
iface eth0 inet static
preup /sbin/ethtool s eth0 speed 1000 duplex full
11
ethtool
• Although the example above shows the interface configured to use the static method, it actually works with other methods as well, such as DHCP.
IP ADRESSING
13
Temporary Assignment
• Use standard commands such as ip, ifconfig and route
● Take effect immediately● Lost after a reboot
14
Temporary Assignment
• Modify the IP address and subnet mask:sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0
• Verify the IP address configuration of eth0 ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a
inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0
TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)
Interrupt:16
15
Temporary Assignment
• To configure a default gateway sudo route add default gw 10.0.0.1 eth0
• To verify your default gateway configuration route nKernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
16
Temporary Assignment
• If you require DNS for your temporary network configuration, you can add DNS server IP addresses in the file /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
• If you no longer need this configuration and wish to purge all IP config from an interface, use the ip command with flush option
ip addr flush eth0
17
Temporary Assignment
• Flushing the IP configuration using the ip command does not clear the contents of /etc/resolv.conf.
• You must remove or modify those entries manually, or re-boot which should also cause /etc/resolv.conf, which is actually now a symlink to /run/resolvconf/resolv.conf, to be re-written.
18
Dynamic IP Address Assignment● Add the dhcp method to the inet address family statement
for the appropriate interface in the file /etc/network/interfaces.
auto eth0
iface eth0 inet dhcp
● By adding an interface configuration as shown above, you can manually enable the interface through the ifup command which initiates the DHCP process via dhclient.
sudo ifup eth0
● To manually disable the interface, you can use the ifdown command, which in turn will initiate the DHCP release process and shut down the interface.
sudo ifdown eth0
19
Static IP Address Assignment● Add the static method to the inet address family
statement for the appropriate interface in the file /etc/network/interfaces.
auto eth0
iface eth0 inet static
address 10.0.0.100
netmask 255.255.255.0
Gateway 10.0.0.1
● Do the same up and down procedure like previous slide.
20
Loopback Interface● The loopback interface is identified by the system as lo
and has a default IP address of 127.0.0.1.
ifconfig lo
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2718 errors:0 dropped:0 overruns:0 frame:0
TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)
21
Loopback Interface● Two lines in /etc/network/interfaces responsible for
automatically configuring your loopback interface.
● It is recommended that you keep the default settings unless you have a specific purpose for changing them.
auto lo
iface lo inet loopback
22
No IP Address?● To create a network interface without an IP address at
all use the manual method and use pre-up and post-down commands to bring the interface up and down.
iface eth0 inet manual
preup ifconfig $IFACE up
postdown ifconfig $IFACE down
23
No IP Address?● If the interface is a VLAN interface, the up/down
commands must be executed after/before the vlan hooks. (You also have to install the vlan package.)
iface eth0.99 inet manual
postup ifconfig $IFACE up
predown ifconfig $IFACE down
● Note: If you create the VLAN interface only to put it into a bridge, there is no need to define the VLAN interface manually. Just configure the bridge, and the VLAN interface will be created automatically when creating the bridge
MULTIPLEIP ADDRESSES
25
Multiple IP addresses● Interface aliasing allows one interface to have multiple
IP addresses.
● This is useful when more than one server is to be visible via the Internet.
● Note that virtual hosts can support multiple Apache servers with a single IP address. Apache responds to the domain name supplied by the client in the HTTP header.
● In many other situations, one external IP is needed for each server using a port.
26
Legacy Method
This /etc/network/interfaces text assigns three IP addresses to eth0.auto eth0
allowhotplug eth0
iface eth0 inet static
address 192.168.1.42
netmask 255.255.255.0
gateway 192.168.1.1
auto eth0:0
allowhotplug eth0:0
iface eth0:0 inet static
address 192.168.1.43
netmask 255.255.255.0
auto eth0:1
allowhotplug eth0:1
iface eth0:1 inet static
address 192.168.1.44
netmask 255.255.255.0
27
Legacy Method● The above configuration is the previous traditional
method that reflects the traditional use of ifconfig to configure network devices.
● ifconfig has introduced the concept of aliased or virtual interfaces.
● Those types of virtual interfaces have names of the form interface:integer and ifconfig treats them very similarly to real interfaces.
28
iproute2 Method● Nowadays ifupdown uses the ip utility from the
iproute2 package instead of ifconfig.
● The newer ip utility does not use the same concept of aliases or virtual interfaces.
● However, it supports assigning arbitrary names to the interfaces (they're called labels)
● ifupdown uses this feature to support aliased interfaces while using ip.
29
iproute2 Method● ifupdown supports specifying multiple interfaces by
repeating iface sections with the same interface name.
● The key difference from the method described above is that all such sections are treated by ifupdown as just one interface, so user can't add or remove them individually
● However, up/down commands, as well as scripts, are called for every section as it used to be.
30
iproute2 Method
This /etc/network/interfaces text assigns three IP addresses to eth0.auto eth0
allowhotplug eth0
iface eth0 inet static
address 192.168.1.42
netmask 255.255.255.0
gateway 192.168.1.1
iface eth0 inet static
address 192.168.1.43
netmask 255.255.255.0
iface eth0 inet static
address 192.168.1.44
netmask 255.255.255.0
# adding IP addresses from different subnets is also possible
iface eth0 inet static
address 10.10.10.14
netmask 255.255.255.0
31
iproute2 Method● Manual approach:
auto eth0
allowhotplug eth0
iface eth0 inet static
address 192.168.1.42
netmask 255.255.255.0
gateway 192.168.1.1
up ip addr add 192.168.1.43/24 dev $IFACE label $IFACE:0
down ip addr del 192.168.1.43/24 dev $IFACE label $IFACE:0
up ip addr add 192.168.1.44/24 dev $IFACE label $IFACE:1
down ip addr del 192.168.1.44/24 dev $IFACE label $IFACE:1
up ip addr add 10.10.10.14/24 dev $IFACE label $IFACE:2
down ip addr del 10.10.10.14/24 dev $IFACE label $IFACE:2
NAME RESOLUTION
33
DNS Client Configuration● Traditionally, the file /etc/resolv.conf was a static
configuration file that rarely needed to be changed or automatically changed via DCHP client hooks
● Nowadays, a computer can switch from one network to another quite often and the resolvconf framework is now being used to track these changes and update the resolver's configuration automatically
● Any change manually done to /etc/resolv.conf will be lost as it gets overwritten each time something triggers resolvconf.
● Instead, resolvconf uses DHCP client hooks, and /etc/network/interfaces to generate a list of nameservers and domains to put in /etc/resolv.conf, which is now a symlink:
/etc/resolv.conf > ../run/resolvconf/resolv.conf
34
DNS Client Configuration● To configure the resolver, add the IP addresses of the
nameservers in the file /etc/network/interfaces
● You can also add an optional DNS suffix search-lists to match your network domain names.
iface eth0 inet static
address 192.168.3.3
netmask 255.255.255.0
gateway 192.168.3.1
dnssearch example.com
dnsnameservers 192.168.3.45 192.168.8.10
35
DNS Client Configuration● If you have multiple domains you wish to search, your configuration
might look like the following:
iface eth0 inet static
address 192.168.3.3
netmask 255.255.255.0
gateway 192.168.3.1
dnssearch example.com sales.example.com dev.example.com
dnsnameservers 192.168.3.45 192.168.8.10
● If you try to ping a host with the name of server1, your system will automatically query DNS for its Fully Qualified Domain Name (FQDN) in the following order:
1. server1.example.com
2. server1.sales.example.com
3. server1.dev.example.com
36
Static Hostname● Static hostnames are locally defined hostname-to-IP
mappings located in the file /etc/hosts
127.0.0.1 localhost
127.0.1.1 ubuntuserver
10.0.0.11 server1 server1.example.com vpn
10.0.0.12 server2 server2.example.com mail
10.0.0.13 server3 server3.example.com www
10.0.0.14 server4 server4.example.com file
37
Change Hostname Permanently● On Ubuntu the hostname is stored in both the
/etc/hosts and /etc/hostname files. There are several ways that we can change the hostname in these files.
● We can manually edit these files using a basic text editor like nano:
sudo nano /etc/hosts
sudo nano /etc/hostname
● In /etc/hostname simply overwrite the existing hostname with a new one.
● In /etc/hosts you will find the hostname on the line beginning 127.0.0.1 – overwrite only the hostname with the new one, and then reboot.
38
DNS config for NetworkManager● NetworkManager will override dhcp settings,
overwriting resolv.conf even if you've configured DNS in /etc/dhcp/dhclient.conf
– causing DNS to first search the local domain, which may have to time out before DNS resolution continues causing lengthy DNS resolution times.
● You can get an idea of what NetworkManager thinks the settings should be by executing nm-tool at the command line.
39
DNS config for NetworkManager● After launching:
1) Choose a connection (from the Wired or Wireless tab) and click Edit.
2) Click on the IPv4 Settings tab
3) Choose 'Automatic (DHCP) addresses only' instead of just 'Automatic (DHCP)'.
4) Enter the DNS servers in the “DNS servers” field, separated by spaces (e.g. 208.67.222.222 for OpenDNS).
5) Click “Apply.”
● NetworkManager saves these settings in /etc/NetworkManager/system-connections/name-of-connection.
40
Example
/etc/NetworkManager/system-connections/Wired connection 1
[8023ethernet]
duplex=full
macaddress=XX:XX:XX:XX:XX:XX
[connection]
id=Wired connection 1
uuid=xxxxxxxxxxxxxxxxxxxxxxxx
type=8023ethernet
timestamp=1385213042
[ipv6]
method=auto
[ipv4]
method=auto
dns=208.67.222.222;
ignoreautodns=true
41
DHCP Client DNS Configuration● Example: dhclient3 uses /etc/dhcp/dhclient.conf. The
setting you want is
supersede domainnameservers 12.34.56.78, 12.34.56.79;
● or perhaps
prepend domainnameservers 12.34.56.78, 12.34.56.79;
● See the dhclient.conf(5) manual page for details.
BRIDGING
43
Bridging● Bridging multiple interfaces is a more advanced
configuration, but is very useful in multiple scenarios.
● One scenario is setting up a bridge with multiple network interfaces, then using a firewall to filter traffic between two network segments.
● Another scenario is using bridge on a system with one interface to allow virtual machines direct access to the outside network.
● Before configuring a bridge you will need to install the bridge-utils package.
sudo aptget install bridgeutils
44
Example● Connect a server to 2 switches (via eth0 and eth1) by defining
bridge 0 and give the server an IP address in this subnet:
auto br0
iface br0 inet static
address 10.10.0.15
netmask 255.255.255.0
gateway 10.10.0.1
bridge_ports eth0 eth1
up /usr/sbin/brctl stp br0 on● If a server is connected to multiple switches then you usually need
to run the spanning tree protocol to avoid loops. ● Therefore STP must be turned on via an "up" command as shown
above.
45
Bridging● Now bring up the bridge:
sudo ifup br0
● The new bridge interface should now be up and running.
● The brctl provides useful information about the state of the bridge, controls which interfaces are part of the bridge, etc.
● See man brctl for more information.
NETWORKMANAGER
47
NetworkManager
48
NetworkManager
49
NetworkManager
50
NetworkManager
51
NetworkManager
52
NetworkManager● NetworkManager attempts to keep an active network
connection available at all times.
● The point of NetworkManager is to make networking configuration and setup as painless and automatic as possible.
● If using DHCP, NetworkManager is intended to replace default routes, obtain IP addresses from a DHCP server and change nameservers whenever it sees fit.
● In effect, the goal of NetworkManager is to make networking Just Work.
53
Components● NetworkManager is composed of two parts:
– A daemon running as root (network-manager).
– A front-end (network-manager-gnome, plasma-nm).
● Note:
– NetworkManager will only handle interfaces not declared in /etc/network/interfaces
54
Installation● NetworkManager should be installed by default on
Ubuntu Desktop installs, as well as most flavours of Ubuntu.
● To install NetworkManager:
sudo aptget install networkmanager
● To install the GNOME applet / indicator:
sudo aptget install networkmanagergnome
55
Start, Stop NetworkManager● To start NetworkManager, do one of the followings:
– sudo start networkmanager
– sudo service networkmanager start
● And to stop, as you all can guess– sudo stop networkmanager
– sudo service networkmanager stop
56
VPN support● Network Manager VPN support is based on a plug-in
system. If you need VPN support via network manager you have to install one of the following packages:
– networkmanageropenvpn
– networkmanagervpnc
– networkmanageropenconnect
● The network-manager-pptp plugin is installed by default.
● On GNOME, you also need to install the -gnome packages for the VPN plugin you choose:
– networkmanageropenvpngnome
– networkmanagervpncgnome
– networkmanageropenconnectgnome
57
Wired Networks are Unmanaged● As of Debian 6.0 "Squeeze", NetworkManager does not manage
any interface defined in /etc/network/interfaces by default.
● This occurs when two conditions are met:
– The file /etc/network/interfaces contains anything about the interface, even:
● allowhotplug eth0● iface eth0 inet dhcp
– And /etc/NetworkManager/NetworkManager.conf contains:
[main]
plugins=ifupdown,keyfile
[ifupdown]
managed=false
58
Enabling Interface Management
If you want NetworkManager to handle interfaces that are enabled in /etc/network/interfaces:
● Set managed=true in /etc/NetworkManager/NetworkManager.conf.
● Restart NetworkManager:
/etc/init.d/networkmanager restart
59
"Auto Ethernet" and "Auto eth0"● Auto Ethernet means "Select an Ethernet interface
automatically"
● Auto eth0 means "autoconfigure the eth0 interface".
60
FAQ● Q. How do I configure a static IP address (for a server,
etc) ?
– A. Use nmconnectioneditor or configure /etc/network/interfaces
● Q. How can I configure DNS for NetworkManager?
– A. The short answer is to use nmconnectioneditor.
● Q. Why can't I see NetworkManager with my new user account ?
– A. Make sure human users are in the netdev group
61
Q&A