Linux distributions offer various automation and startup techniques for networks, but most of the essential commands and concepts are not distribution-dependent. The exam tests fundamental concepts and their relationships to one another as well as to system problems. This Objective covers the configuration of TCP/IP on common network interfaces such as Ethernet.
A computer must contain at least one network interface to be considered part of a network. The network interface provides a communications link between the computer and external network hardware. This could mean typical network adapters such as Ethernet or Token Ring, PPP dial-up connections, parallel ports, wireless, or other networking forms.
The following files contain important information about your system's network configuration:
This file contains simple mappings between IP addresses and names and is used for name resolution.
For very small private networks, /etc/hosts may be sufficient for basic name resolution. For example, this file associates the local address 192.168.1.30 with the system smp
and also with smp.mydomain.com
:
127.0.0.1 localhost localhost.localdomain 192.168.1.1 gate 192.168.1.30 smp smp.mydomain.com
This file controls the sources used by various system library lookup functions, such as name resolution. It allows the administrator to configure the use of traditional local files (/etc/hosts, /etc/passwd), an NIS server, or DNS. nsswitch.conf directly affects network configuration (among other things) by controlling how hostnames and other network parameters are resolved. For example, this fragment shows that local files are used for password, shadow password, group, and hostname resolution; for hostnames, DNS is used if a search of local files doesn't yield a result:
passwd: files nisplus nis shadow: files nisplus nis group: files nisplus nis hosts: files dns nisplus nis
For more information, view the manpage with man 5 nsswitch. The nsswitch.conf file supersedes host.conf.
This file controls name resolution sources for pre-glibc2 systems. It should contain:
order hosts,bind multi on
This configuration has the resolver checking /etc/hosts first for name resolution, then DNS. multi on
enables multiple IP addresses for hosts. Newer Linux system libraries use /etc/nsswitch.conf instead of /etc/host.conf.
This file controls the client-side portions of the DNS system, which is implemented in system library functions used by all programs to resolve system names. In particular, /etc/resolv.conf specifies the IP addresses of DNS servers. For example:
nameserver 192.168.1.5 nameserver 192.168.250.2
Additional parameters are also available. For more information, view the manpage with man 5 resolver.
Like /etc/hosts, this file sets up equivalence between addresses and names, but here the addresses represent entire networks (and thus must be valid network addresses, ending in 0). The result is that you can use a symbolic name to refer to a network just as you would a specific host. This may be convenient (though not required) in NFS or routing configuration, for example, and will be shown in commands such as netstat. For example:
loopback 127.0.0.0 mylan 192.168.1.0
It's not unusual for /etc/networks to be left blank.
The commands listed in this section are used to establish, monitor, and troubleshoot a network configuration under Linux.
host
host [options] name
[server
]
Look up the system with IP address or name
on the DNS server
.
List the entire domain, dumping all hosts registered on the DNS server (this can be very long).
Set verbose mode to view output.
$ host oreilly.com
oreilly.com has address 208.201.239.37
oreilly.com has address 208.201.239.36
$ host -v oreilly.com
Trying null domain
rcode = 0 (Success), ancount=1
The following answer is not authoritative:
The following answer is not verified as authentic by the server:
oreilly.com 17397 IN A 204.148.40.5
For authoritative answers, see:
oreilly.com 168597 IN NS AUTH03.NS.UU.NET oreilly.com 168597 IN NS NS.oreilly.com
Additional information:
AUTH03.NS.UU.NET 168838 IN A 198.6.1.83 NS.oreilly.com 168597 IN A 204.148.40.4 $
See also the nslookup command in the section "DNS query utilities" in Chapter 20.
hostname, domainname, dnsdomainname
hostname [localname
] domainname [nisname
] dnsdomainname
Set or display the current host, domain, or node name of the system. This is a single program with links defining additional names. When called as hostname, the system's hostname is displayed. If localname
is provided, the hostname is set. domainname displays or sets the NIS domain name. dnsdomainname displays the current DNS domain name but does not set it. See man 1 hostname for full information.
ifconfig
ifconfig interface parameters
Configure network interfaces. ifconfig is used to create and configure network interfaces and their parameters, usually at boot time. Without parameters, the interface and its configuration are displayed. If interface
is also omitted, a list of all active interfaces and their configurations is displayed.
address
The interface's IP address.
netmask
mask
The interface's subnet mask.
up
Activate an interface (implied if address
is specified).
down
Shut down the interface.
Display all interfaces:
# ifconfig
eth0 Link encap:Ethernet HWaddr 00:A0:24:D3:C7:21
inet addr:192.168.1.30 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1521805 errors:37 dropped:0 overruns:0 frame:37
TX packets:715468 errors:0 dropped:0 overruns:0 carrier:0
collisions:1955 txqueuelen:100
Interrupt:10 Base address:0xef00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:366567 errors:0 dropped:0 overruns:0 frame:0
TX packets:366567 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
Shut down eth0:
#ifconfig eth0 down
#ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:A0:24:D3:C7:21 inet addr:192.168.1.30 Bcast:192.168.1.255 Mask:255.255.255.0BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:1521901 errors:37 dropped:0 overruns:0 frame:37 TX packets:715476 errors:0 dropped:0 overruns:0 carrier:0 collisions:1955 txqueuelen:100 Interrupt:10 Base address:0xef00
Note in the emphasized line the lack of the UP
indicator, which is present in Example 1. The missing UP
indicates that the interface is down.
Configure eth0 from scratch:
# ifconfig eth0 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255
netstat
netstat [options
]
Depending on options, netstat displays network connections, routing tables, interface statistics, masquerade connections, netlink messages, and multicast memberships. Much of this is beyond the scope of the LPIC Level 1 Exams, but you must be aware of the command and its basic use.
Continuous operation. This option yields a netstat display every second until interrupted with Ctrl-C.
Display a list of interfaces.
Numeric mode. Display addresses instead of host, port, and usernames.
Programs mode. Display the PID and process name.
Routing mode. Display the routing table in the format of the route command.
Verbose mode.
Display the interfaces table and statistics (the example output is truncated):
# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK
eth0 1500 0 1518801 37 0 0 713297
lo 3924 0 365816 0 0 0 365816
ping
ping [options] destination
Send an ICMP ECHO_REQUEST
datagram to destination
, expecting an ICMP ECHO_RESPONSE
. ping is frequently used to test basic network connectivity. See "Objective 1: Fundamentals of TCP/IP" for a more complete description.
route
route [options
] route add [options and keywords] target
route del [options and keywords] target
In the first form, display the IP routing table. In the second and third forms, respectively, add or delete routes to target
from the table. target
can be a numeric IP address, a resolvable name, or the keyword default
. The route program is typically used to establish static routes to specific networks or hosts (such as the default gateway) after an interface is configured. On systems acting as routers, a potentially complex routing scheme can be established initially, but this is beyond the scope of the LPIC Level 1 Exams.
Display a usage message.
Numeric mode; don't resolve hostnames.
Verbose output.
Display the kernel routing cache.
Display the kernel routing table (the default behavior without add or delete keywords).
Specify that target
is a single host. Mutually exclusive with -net.
Specify that target
is a network. Mutually exclusive with -host.
gateway
IP packets for target
are routed through the gateway, which must be reachable.
mask
Specify the mask
of the route to be added. Often, the netmask is not required because it can be determined to be class A, B, or C, depending on the target
address.
When used to display routes, the following routing table columns are printed:
The destination network or host.
The gateway address. If no gateway is set for the route, an asterisk (*
) is displayed by default.
The netmask for the destination. 255.255.255.255 is used for a host and 0.0.0.0 is used for the default route.
!
Reject route.D
Dynamically installed by daemon or redirect.G
Use gateway.H
Target is a host.M
Modified from routing daemon or redirect.R
Reinstate route for dynamic routing.U
Route is up.
The distance in hops to the target.
Number of references to this route. This is displayed for compatibility with other route commands but is not used in the Linux kernel.
A count of lookups for the route. Depending on the use of -F and -C, the Use
is either route cache misses (-F) or hits (-C).
The interface to which packets for this route are sent.
Display the current routing table for a workstation:
# route
Kernel IP routing table
Destination Gateway Genmask Flags Met Ref Use Iface
192.168.1.30 * 255.255.255.255 UH 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
10.0.0.0 - 255.0.0.0 ! 0 - 0 -
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default gate 0.0.0.0 UG 0 0 0 eth0
In this example, the route to the local host 192.168.1.30 uses interface eth0. Note the mask 255.255.255.255 is used for host routes. The route to the local subnet 192.168.1.0 (with corresponding class C mask 255.255.255.0) is also through eth0. The route to 10.0.0.0 is rejected as indicated by the !
flag. The class A loopback network route uses device lo. The last route shows the default gateway
route, which is used when no others match. This default uses eth0 to send data to router gate. The mask 0.0.0.0 is used for the default route.
Display the current routing cache; the Metric (M
) and Reference (R
) columns are abbreviated here:
# route -C
Kernel IP routing cache
Source Destination Gateway Flg M R Use Iface
smp 192.168.1.255 192.168.1.255 bl 0 0 1 eth0
192.168.1.102 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
192.168.1.102 smp smp il 0 0 1 lo
192.168.1.50 smp smp il 0 0 224 lo
smp 192.168.1.102 192.168.1.102 0 1 0 eth0
smp ns1.mynet.com gate 0 0 2 eth0
smp 192.168.1.50 192.168.1.50 0 1 0 eth0
localhost localhost localhost l 0 0 15 lo
ns1.mynet.com smp smp l 0 0 6 lo
smp ns1.mynet.com gate 0 0 6 eth0
Add the default gateway 192.168.1.1 via eth0:
# route add default gw 192.168.1.1 eth0
traceroute
traceroute [options] destination
Display the route that packets take to reach destination
, showing intermediate gateways (routers). There isn't a direct method to use to make this determination, so traceroute uses a trick to obtain as much information as it can. By using the time-to-live field in the IP header, traceroute stimulates error responses from gateways. The time-to-live field specifies the maximum number of gateway hops until the packet should expire. That number is decremented at each gateway hop, with the result that all packets will die at some point and not roam the Internet. To get the first gateway in the route, traceroute sets the time-to-live parameter to 1. The first gateway in the route to destination
decrements the counter, and finding a result, reports an ICMP TIME_EXCEEDED
message back to the sending host. The second gateway is identified by setting the initial time-to-live value to 2 and so on. This continues until a PORT_UNREACHABLE
message is returned, indicating that the host has been contacted. To account for the potential for multiple gateways at any one hop count, each probe is sent three times.
The display consists of lines showing each gateway, numbered for the initial time-to-live value. If no response is seen from a particular gateway, an asterisk is printed. This happens for gateways that don't return "time exceeded" messages, or do return them but set a very low time-to-live on the response. Transit times for each probe are also printed.
ttl
Set the initial probe's time-to-live value to ttl
, instead of 1.
Display numeric addresses instead of names.
Use verbose mode.
secs
Set the timeout on returned ICMP packets to secs
, instead of 5.
# traceroute www.lpi.org
traceroute to www.lpi.org (209.167.177.93),
30 hops max, 40 byte packets
1 gate (192.168.1.1)
3.181 ms 1.200 ms 1.104 ms
2 209.125.145.1 (209.125.135.1)
16.041 ms 15.149 ms 14.747 ms
3 a1-9-1-0-1.a01.phl1.us.io.net (137.94.47.1)
84.132 ms 133.937 ms 77.865 ms
4 ge-6-0.r01.phlapa01.us.io.net (126.250.29.17)
22.450 ms 16.114 ms 16.051 ms
5 p4-6-0-0.r01.nycmny01.us.bb.verio.net (129.250.3.126)
18.043 ms 18.485 ms 18.175 ms
6 nyc1.uunet.verio.net (129.250.9.62)
19.735 ms 21.135 ms 19.212 ms
7 105.ATM3-0.XR1.NYC1.ALTER.NET (146.188.177.154)
20.237 ms 18.515 ms 18.712 ms
8 295.ATM6-0.XR1.NYC4.ALTER.NET (146.188.178.90)
26.855 ms 29.540 ms 35.908 ms
9 189.ATM8-0-0.GW5.NYC4.ALTER.NET (146.188.179.225)
36.541 ms 36.127 ms 30.849 ms
10 224.ATM1-0-0.BB1.TOR2.UUNET.CA.ALTER.NET (137.39.75.26)
58.823 ms 68.675 ms 62.522 ms
11 f0-0-0.bb2.tor2.uunet.ca (205.150.242.110)
336.310 ms 174.557 ms 394.909 ms
12 209.167.167.118 (209.167.167.118)
56.027 ms 58.555 ms 56.289 ms
13 209.167.177.90 (209.167.177.90)
59.349 ms 57.409 ms 57.993 ms
14 new.lpi.org (209.167.177.93)
57.021 ms 56.162 ms 58.809 ms
In this example, there are 13 hops to www.lpi.org, reached with a time-to-live value of 14. All three probes of all time-to-live counts are successful.
Network interfaces are established in the kernel at boot time through the probing of Ethernet hardware. As a result, these interfaces always exist unless the hardware or kernel module is removed. Other types of interfaces, such as PPP, are created by user programs. These interfaces are transient and exist only when they are in use.
To list interface parameters, use ifconfig with the interface name:
# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:A0:24:D3:C7:21
inet addr:192.168.1.30 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:1857128 errors:46 dropped:0 overruns:0 frame:46
TX packets:871709 errors:0 dropped:0 overruns:0 carrier:0
collisions:2557 txqueuelen:100
Interrupt:10 Base address:0xef00
If you run ifconfig without any parameters, it displays all active interfaces, including the loopback interface lo and perhaps a PPP interface if a modem is dialed into a service provider.
To shut down a network interface that is currently running, simply use ifconfig with the down
keyword:
# ifconfig eth0 down
When the interface goes down, any routes associated with it are removed from the routing table. For a typical system with a single Ethernet interface, this means that the routes to both the interface and the default gateway will be lost. Therefore, to start a previously configured network interface, ifconfig is used with up
followed by the necessary route commands. For example:
#ifconfig eth0 up
#route add -host 192.168.1.30 eth0
#route add default gw 192.168.1.1 eth0
To reconfigure interface parameters, follow those same procedures and include the changes. For example, to change to a different IP address, the address is specified when bringing up the interface and adding the interface route:
#ifconfig eth0 down
#ifconfig eth0 192.168.1.60 up
#route add -host 192.168.1.60 eth0
#route add default gw 192.168.1.1 eth0
Your distribution probably supplies scripts to handle some of these chores. For example, Red Hat systems come with scripts such as ifup, which handle all the details necessary to get an interface and its routes up and running.
The Dynamic Host Configuration Protocol (DHCP) is a protocol extension of the BOOTP protocol, which provides automated IP address assignment (among other things) to client systems on a network. It handles IP address allocation in one of three ways:
In this scheme, a DHCP server maintains a preset list of IP addresses designated by the system administrator. IP addresses are assigned as clients request an address from the available addresses in the pool. The address can be used, or leased, for a limited period of time. The client must continually renegotiate the lease with the server to maintain use of the address beyond the allotted period. When the lease expires, the IP address is placed back into the pool for use by other requesting clients and a new IP address is assigned.
The system administrator may wish to designate specific IP addresses to specific network interfaces (for example, to an Ethernet MAC address) while still using DHCP to deliver the address to the client. This allows the convenience of automated address setup and assures the same address each time.
This method assigns a permanent address to a client. Typically DHCP is used to assign a temporary address (either dynamically or statically assigned) to a client, but a DHCP server can allow an infinite lease time.
DHCP can be configured to assign not only the IP address to the client but also such things as name servers, gateways, and architecture-specific parameters. Here's an overview of how it works:
A DHCP client sends a broadcast message to the network to discover a DHCP server.
One or more DHCP servers respond to the request via their own broadcast messages, offering an IP address to the client.
The client chooses one of the servers and broadcasts an acknowledgment, requesting the chosen server's identity.
The selected server logs the connection with the client and responds with an acknowledgment and possibly additional information. All of the other servers do nothing because the client declined their offer.
Because DHCP communications are initiated using broadcasts, they are normally confined to a single subnet. To accommodate DHCP clients and servers separated by one or more routers, a DHCP relay system can be established on subnets without DHCP servers. A relay system listens for DHCP client broadcasts, forwards them to a DHCP server on another subnet, and returns DHCP traffic back to the client. This configuration can centralize DHCP management in a large routed environment.
As already mentioned, when a client receives a dynamically assigned IP address from a DHCP server, the address is said to be leased for a finite duration. The length of a DHCP lease is configurable by the system administrator and typically lasts for one or more days. Shorter leases allow for faster turnover of addresses and are useful when the number of available addresses is small or when many transient systems (such as laptops) are being served. Longer leases reduce DHCP activity, thus reducing broadcast traffic on the network.
When a lease expires without being renegotiated by the client, it as assumed that the client system is unavailable, and the address is put back into the free pool of addresses. A lease may also be terminated by a client that no longer needs the IP address, in which case it is released. When this occurs, the DHCP server immediately places the IP address back in the free pool.
The DHCP server process is called dhcpd. It is typically started at boot time and listens for incoming DHCP request broadcasts. dhcpd can serve multiple subnets via multiple interfaces, serving a different pool of IP addresses to each.
dhcpd is configured using the text configuration file /etc/dhcpd.conf, which contains one or more subnet declarations. These are text lines of the following form:
subnet network-address netmask subnet-mask {
parameter...
parameter...
... }
Each subnet declaration encloses parameters for each subnet between curly braces. Parameters include one or more ranges of IP addresses to serve, lease times, and optional items such as gateways (routers), DNS servers, and so forth. Each parameter line is terminated with a semicolon. For example:
subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.200 192.168.1.204; default-lease-time 600; option subnet-mask 255.255.255.0; option broadcast-address 192.168.1.255; option routers 192.168.1.1; option domain-name-servers 192.168.1.25; }
In this example, the private class C network 192.168.1.0 is served five IP addresses, 200 through 204. The default DHCP lease is 600 seconds (10 minutes). Options are also set for the subnet mask, broadcast address, router (or gateway), and DNS server. For full information on dhcpd.conf, see its manpage.
The preceding option lines are not required to create a minimal DHCP setup that simply serves IP addresses. Details on the daemon follow.
dhcpd
dhcpd [options
] [interface
[...]]
Launch the DHCP server daemon . dhcpd requires that both its configuration file /etc/dhcpd.conf and its lease log file (which by default is /var/state/dhcp/dhcpd.leases, although many distributions use /var/lib/dhcp/dhcpd.leases) exist. The daemon puts itself in the background and returns control to the calling shell.
config-file
Use config-file
instead of the default /etc/dhcpd.conf.
lease-file
Use lease-file
instead of the default to store lease information.
Use quiet mode. This option suppresses the default copyright message, keeping log files a little cleaner.
interface
By default, dhcpd will attempt to listen for requests on every network interface that is configured up. It can be limited to specific network interfaces by including one or more interface names on the command line.
A full and detailed description of the configuration file syntax can be found in the dhcpd.conf manpage. When dhcpd runs, it sends output, including information on each transaction, to syslogd. For example, this series of four log entries in /var/log/messages shows a successful exchange between dhcpd and a requesting DHCP client:
Apr 24 02:27:00 rh62 dhcpd: DHCPDISCOVER from 00:60:97:93:f6:8a via eth0 Apr 24 02:27:00 rh62 dhcpd: DHCPOFFER on 192.168.1.200 to 00:60:97:93:f6:8a via eth0 Apr 24 02:27:01 rh62 dhcpd: DHCPREQUEST for 192.168.1.200 from 00:60:97:93:f6:8a via eth0 Apr 24 02:27:01 rh62 dhcpd: DHCPACK on 192.168.1.200 to 00:60:97:93:f6:8a via eth0