Last Update: 6 June 1999 Last Update: 6 June 1999
Network Configuration
The RedHat installer has probably done a fine job of setting up your network. This section is for those who want to really tweek their networking setups, and contains technical details that might overwhelm a complete computer newby. Its OK to skip this section if it seems too much for you to deal with right now.
This section describes how to customize the network interface of your RedHat Linux system. I assume your system will have an Ethernet card (ignore modems for now). In any case these configurations often apply to a modem-based network connection as well.
Many aspects of Linux are intimately tied to the concept of networking. With a properly configured network interface its possible to communicate with, and run programs on any computer on the network to which you have access. Regardless of system type, intel, DEC/Alpha, Amiga, and Sparc computers may cooperate on the network as equals. The capability to remotely operate and configure Linux machines is one benefit of the operating-system which I often use at home and work.
Most of the network configuration is controlled by files present in the /etc directory tree.
A look inside my
/etc/hosts file:127.0.0.1 localhost localhost.localdomain 10.1.1.21 lurker.rjf.net lurker 10.1.1.13 spareparts.rjf.net spareparts parts
The purpose of the hosts file is to provide part of the translation system that converts computer names (preferred by humans) to the numeric IP address required by computers and the Internet.
The first entry, localhost is required, and is predefined to mean "this computer", although the internal implementation isn't quite this simple. If you telnet, ping, or ftp to localhost, your own computer will intercept the message and issue a local response if possible. The purpose of localhost is to help network administrators and developers verify the operation of the local networking system before actually sending message across the real network.
The second entry should contain the IP address of your computer, followed by its fully qualified name, followed by any aliases.
Any additional entries should contain the IP addresses and names of local computers, or any computers unknown to nameservers present on the internet or your local network. I have setup a nameserver for my home network which knows the names of all my local computers. This means that all my hosts files contain only the top two entries as shown above, since the nameserver returns the name/IP of all computers that are local or on the Internet.
Changes made to this file take effect immediately.
For additional details read the manpage for hosts.
A look inside my
/etc/resolv.conf file:search rjf.net cs.twsu.edu nameserver 127.0.0.1 204.233.71.1
The purpose of the
The search line tells nameservers that you want these domains to be part of the default search group for names specified without a domain. For example, if I wish to contact the computer mccoy at the university (whose domain is cs.twsu.edu) I may simply type 'telnet mccoy' instead of 'telnet mccoy.cs.twsu.edu'. This can save a lot of typing with often-used names and URLs.
The nameserver line allows you to specify a list of nameservers that your computer may contact when it needs to translate names to IP addresses. the 127.0.0.1 ( localhost ) entry is usually present here because many Linux systems provide a local caching nameserver. If the local nameserver can't resolve the name, the next nameserver in the list will be consulted.
Changes made to this file take effect immediately.
For additional details read the manpage for resolver, and nslookup.
A look inside my
/etc/exports file:/ *.rjf.net(rw,link_relative) / 10.1.1.21(rw,link_relative) /tmp/ crash(rw,link_relative)
Note
: the link_relative option is no longer supported in 2.2.x kernels.The exports file serves two purposes, the second of which is actually a side-effect.
First, the exports file lets you specify a list of machines or domains whom you consider trustworthy enough to allow mounting directories on your computer.
Second, the side-effect is that any computer listed here is also considered a 'friend' by PAM (a network security module), and will be allowed to telnet, ftp, etc, into your computer. If a computer is unable to telnet or ftp into your system, and a ping test indicates the physical connection is OK, see if adding an entry to the exports file will solve the problem. This is a PAM security issue. In truth, the proper way to solve this problem is to make sure your nameserver can perform reverse name-resolution for the machine trying to get in, but this may not be possible if you don't have administrator rights or skills on the nameserver.
If you make a change to this file you must shutdown and restart the nfs daemon:
Issue the shell commands: /etc/rc.d/init.d/nfs stop /etc/rc.d/init.d/nfs start
For additional details read the manpage for exports, nfs, and nfsd.
An excerpt from my
/etc/fstab file:<snip>
spareparts:/ /Parts nfs soft,noauto 0 0
<snip>
Normally you wouldn't think of fstab as being part of the network configuration, but fstab is the file that tells Linux how and where to mount remote filesystems, such as NFS (Network FileSystem).
The first column indicates the remote computers name is spareparts, and we will mount its filesystem from the root directory (signified by the single slash).
The second column is the name of a local directory on this machine that is the local mountpoint for the other systems root directory. After I mount /Parts, the local /Parts directory will behave as if it was the root directory on the other system.
The third column is the type of filesystem (NFS in this case).
The fourth column (noauto) indicates that I want to manually mount this filesystem. Except when using NIS, automounting NFS volumes at startup is a bad idea, especially if you mount the remote systems root directory (also not recommended). The soft option is recommended to prevent kernel device-locks if the remote site is unreachable.
The fifth group indicates mount order (just leave as "0 0").
For additional details read the manpages for fstab, nfs, nfsd, and mount.
A look inside my
/etc/sysconfig/network file:NETWORKING=yes FORWARD_IPV4=false HOSTNAME=lurker.rjf.net DOMAINNAME=rjf.net GATEWAY=10.0.0.2 GATEWAYDEV=eth0
Only in unusual cases will you need to alter these setting after initial Linux installation.
NETWORKING tells Linux whether or not networking operations are supported. This entry should be set to "yes" if you have an Ethernet card or plan on using a modem.
FORWARD_IPV4 controls the operation of a special kernel option called IP Forwarding. Used in conjunction with the ipfwadm program, your computer can act as a gateway, routing traffic from your local network through another network interface such as a modem. When used with the masquerading module, all the computers on your network may access the Internet through a single modem on your Linux machine.
Generally this feature should always be disabled in the network file. If you wish to use IP Forwarding you should enable it later in the system startup sequence, in one of the /etc/rc.d runlevel scripts for example. The preferred method to enable IP Forwarding at runtime is to execute the following shell command from a script:
echo 1 > /proc/sys/net/ipv4/ip_forward
HOSTNAME specifies the name of your computer. The term host is Unix-ese for any computer on the network. The hostname is the Fully Qualified name of your computer, which is simply the name (or nickname) of your computer along with your domain.
DOMAINNAME specifies the network domain your computer is connected to. Unless you are using your computer at home, your domain-name may be obtained from your network administrator. If you are setting up a home computer, you must decide whether to use the domain-name of your ISP (Internet Service Provider), or to make one up of your own (like my bogus .rjf home domain).
GATEWAY specifies the IP address of your network gateway, which should be available from your network administrator. If you are using a home modem connection, or your system is acting as a gateway directly to the internet, this entry should be commented-out by preceding it with a hash-mark ( # ).
GATEWAYDEV specifies the hardware interface through which to access the network gateway. This field will normally contain the string "eth0" which means "the first ethernet interface". You only need to change this if you have more than one Ethernet card, or if your system
is the gateway machine via a modem (in which case this entry would be commented-out).If you wish to make temporary changes to networking parameters initialized by this file (without resetting the machine), consult the manpages for the route, ifconfig, ifup, ifdown commands.
Its best to restart the machine after making changes to this file (to ensure the settings are correct).
A look inside my
/etc/sysconfig/network-scripts/ifcfg-eth0 file:DEVICE=eth0 IPADDR=10.1.1.21 NETMASK=255.0.0.0 NETWORK=10.0.0.0 BROADCAST=10.255.255.255 ONBOOT=yes
Only in unusual cases will you need to alter these setting after initial Linux installation.
DEVICE specifies the resource to be configured by this file, which is "the first ethernet interface" in this case.
IPADDR specifies the IP Address of this ethernet interface. If you are operating on somebody else's network, the network administrator should be able to provide you with your own IP address. It is vitally important that your address is unique; different from all other systems on the local or global network. If you are running a local, isolated network you should use an IP address that is within the address ranges set aside for this purpose. Such local addresses are guaranteed to be blocked by routers on the Internet, thus preventing interference between isolated local networks.
Internet Standards RFC1597 explicitly defines several such addresses for local networks:
10.0.0.0 thru 10.255.255.254, 'Netmask' = 10.255.255.255 172.16.0.0 thru 172.31.255.254, 'Netmask' = 172.31.255.255 192.168.0.0 thru 192.168.255.254, 'Netmask' = 192.168.255.255
No other IP addresses may be used for local networks
(if you ever plan to access the Internet).If you have defined a local address outside this range I strongly urge you to change it to comply with worldwide Internet standards, or you will experience and/or cause 'problems'..
If you have a completely local network, I suggest using a class-A IP address of 10.0.0.10 and a netmask of 255.0.0.0. RedHat default settings for this range work fine, and it will allow you to easily connect to the real Internet in the future.
NETMASK is a logical bitmask applied to the IPADDR field, which is used to determine which portion of the 32-bit IP address space refers to the local network, and which part applies to the machines on the network.
NETWORK, after being logically AND'ed with the above NETMASK, specifies the address range of the local network.
BROADCAST specifies the IP address reserved for broadcasts on your network. Generally it should be set to the value of NETWORK OR'ed with the 1's compliment of the NETMASK.
So, to review my settings, lets see what they all mean:
IPADDR = 0001 0000 0000 0001 0000 0001 0001 0101 10.1.1.21 NETMASK = 1111 1111 0000 0000 0000 0000 0000 0000 255.0.0.0 NETWORK = 0001 0000 0000 0000 0000 0000 0000 0000 10.0.0.0 BROADCAST = 0001 0000 1111 1111 1111 1111 1111 1111 10.255.255.255
In this example, my home network is 10, which leaves a 24-bit address region for individual machines ( more than enough! ). My ethernet interface eth0 will broadcast to address 10.255.255.255. Broadcasts are used by the TCP/IP protocol to discover other machines on the network, and for other low-level operations.
ONBOOT tells the networking system whether or not this interface should be started at boot-time, or deferred until manually launched at a later time. This field should normally set to 'yes'.
If you wish to make temporary changes to networking parameters initialized by this file (without resetting the machine), consult the manpages for the route, ifconfig, ifup, ifdown commands.
Its best to restart the machine after making changes to this file (to ensure the settings are correct).