Linux Administration (2016)
Linux Networking
In this chapter, you'll learn how to configure and control the network interfaces on a Linux system as well as its hostname. You'll learn what DNS is and how to use the host and dig tools to resolve hostnames and IP addresses. You'll learn the roles that the /etc/hosts and /etc/nsswitch.conf files play in name resolution. You'll also be introduced to network ports. Next, you'll learn what DHCP is and how to configure your Linux system as a DHCP client. Finally, we'll look at menu driven tools that can assist you in managing the various network settings on the most popular Linux distributions.
To show your current IP address, or to get a list of all the IP addresses in use on your system, run the ip command with an argument of address. With the ip command, you can use abbreviations, so instead of running ip address you can run ip addr or even ip a. You can also be more explicit by running ip address show.
The following is some sample output from the ip address command. You can see two devices listed: lo and eth0. The lo device is the loopback device. This is a special virtual network interface that a Linux system uses to communicate with itself. The loopback device has an IP address of 127.0.0.1. The other network device on this system is the eth0 device. This is an actual hardware device and it has an ip address of 192.168.1.122.
# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:43:f5:18 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.122/24 brd 192.168.1.255 scope global dynamic eth0
valid_lft 84249sec preferred_lft 84249sec
inet6 fe80::a00:27ff:fe43:f518/64 scope link
valid_lft forever preferred_lft forever
In addition to the ip command, the ifconfig tool can be used to display IP address information. At this point the ifconfig utility is considered to be deprecated. However, this little utility hasn't quite yet disappeared on modern Linux systems and may be around for quite some time to come. If this is a refresher for you or if you are coming from a Unix background, you may already be familiar with the ifconfig command, but not its newer replacement, the ip command. In this chapter, you will learn how to use both the ip and ifconfig commands.
To display the ip address in use with the ifconfig command, execute it without any arguments. Here is some output from the ifconfig command. It lists two interfaces: eth0 and the loopback device. You'll notice that the output is slightly different from the ip command. However, it gets the job done by displaying the IP address, netmask, and more. Just like with the ip command, you can see that the eth0 device has an IP of 192.168.1.122 and the loopback device has an IP of 127.0.0.1.
# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.122 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::a00:27ff:fe43:f518 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:43:f5:18 txqueuelen 1000 (Ethernet)
RX packets 82371 bytes 95773879 (91.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 32907 bytes 3386585 (3.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:250935 errors:0 dropped:0 overruns:0 frame:0
TX packets:250935 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:70966872 (70.9 MB) TX bytes:70966872 (70.9 MB)
Hostnames
A host is a device connected to a network. Since we are talking about TCP/IP networking, a host in this case is a device with an IP address.
A hostname is simply a human-readable name that corresponds to an IP address. Let's say we have a Linux server that will act as a web server in production. We can give that server a hostname, webprod01 for example, and refer to it by that hostname instead of its IP address, which might be something like 10.109.155.174. A one word hostname like this is sometimes called the short hostname or the unqualified hostname.
DNS Hostnames
The primary purpose of DNS, which stands for Domain Name System, is to translate human readable names into IP addresses. Of course, DNS does the reverse as well. It can translate an IP address to a hostname.
The fully qualified domain name, or FQDN, of a host also contains a domain name and a top-level domain name. Each section of the FQDN is separated by a period.
TLD stands for top-level domain and is the rightmost portion of a DNS name. Common top level domains include .com, .net, and .org, but there actually hundreds of other top level domains.
A domain appears just to the left of a top-level domain. This is often a company name, an organization name, or a brand name.
The FQDN, or long hostname, of our Linux server would contain at least three strings separated by periods. For example, its FQDN could be webprod01.mycompany.com.
However, domains can be further divided into sub-domains. Let's say "My Company" wants to use subdomains to identify where a server is located. It could use a country domain such as us.mycompany.com and maybe even a state subdomain, something like ny.us.mycompany.com. If our web server were in New York, its FQDN might actually be webprod01.ny.us.mycompany.com. Subdomains do not have to correspond to geographical regions; they can be anything the DNS administrator has configured.
You can display the current hostname by using the hostname command or by running uname -n. In the following example, the hostname is webprod01. If you want to display the FQDN, run hostname -f.
$ hostname
webprod01
$ uname -n
webprod01
$ hostname -f
webprod01.mycompany.com
You can also temporarily change the hostname of a system by supplying it as an argument to the hostname command. However, to make this persist between reboots, you'll need to update the hostname configuration. This configuration varies slightly from distribution to distribution. For Ubuntu and RedHat systems, edit the /etc/hostname file and place your desired hostname there. For earlier versions of RedHat, you can edit the /etc/sysconfig/network file and set the HOSTNAME variable to the desired value.
# hostname webprod01
# echo 'webprod01' > /etc/hostname
# vi /etc/sysconfig/network
HOSTNAME=webprod01
Resolving DNS Names
If you want to lookup or resolve a DNS name or an IP address, you can use the host or dig tools. In their simplest forms, you specify the IP address or dns name you want to lookup as an argument to the command. Here is an example of using the host command.
$ host www.mycompany.com
webprod01.mycompany.com has address 1.2.1.6
$ host 1.2.1.6
6.1.2.1.in-addr.arpa domain name pointer www.mycompany.com.
Here is an example using dig. Use the -x option to perform a reverse lookup.
$ dig www.mycompany.com
; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.1 <<>> www.mycompany.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22904
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.mycompany.com. IN A
;; ANSWER SECTION:
www.mycompany.com. 292 IN A 1.2.1.6
;; Query time: 13 msec
;; SERVER: 10.0.2.3#53(10.0.2.3)
;; WHEN: Wed Jan 13 03:30:17 JST 2016
;; MSG SIZE rcvd: 62
$ dig –x 1.2.1.6
; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.1 <<>> -x 52.5.196.34
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23203
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;6.1.2.1.in-addr.arpa. IN PTR
;; ANSWER SECTION:
6.1.2.1.in-addr.arpa. 299 IN PTR www.mycompany.com
;; Query time: 34 msec
;; SERVER: 10.0.2.3#53(10.0.2.3)
;; WHEN: Wed Jan 13 03:33:16 JST 2016
;; MSG SIZE rcvd: 106
$
The Hosts File
The /etc/hosts file contains a list of IP addresses and hostnames. You can create entries in the hosts file by starting a line with an IP address and then following it with the name or names you want to translate that IP address to. The following example entry uses multiple names, but if you don't need or want to access the system by multiple names, you can simply list one name. This entry could be one of many in the hosts file.
10.11.12.13 webprod02.mycorp.com webprod02
After you have created an entry in /etc/hosts, you can start communicating with that IP address by using the name listed in the host file. This can be useful if you want to access computers that do not have DNS hostnames. Also, it's common to use /etc/host entries to override the DNS entry of a system. For example, if you have a cluster of web servers you could have a private network that only the web cluster members can access. You can create an entry for the members of the cluster in /etc/hosts and use their private address, thus forcing network communications through the private network.
It's important to note that /etc/hosts is local to the system. Adding an entry to the /etc/hosts file does not add an entry into DNS.
Here is an example /etc/hosts file. You'll see the first line contains an entry for localhost. Remember that this is used by the loopback device for internal communications. The next line contains the public IP address of the system followed by the FQDN and then the short name. The third line contains a non-routable IP address for webprod02. In this example, it's the private IP address of that system. There is another similar entry for webprod03 on the next line. The last line is only contains one name: dbcluster.
127.0.0.1 localhost
1.2.1.6 webprod01.mycompany.com webprod01
10.11.12.14 webprod02.mycompany.com webprod02
10.11.12.15 webprod03.mycompany.com webprod03
10.11.13.7 dbcluster
Name Service Switch
Typically, the /etc/hosts file is checked first before a DNS server is queried, but you can change this behavior by editing the /etc/nsswitch.conf file. NSS stands for Name Service Switch and it controls the order in which lookups are performed.
The hosts line determines the order for name resolution. For example, if you have hosts: files dns in the nsswitch.conf file, the /etc/hosts file will be searched first. If an IP address is found, that IP is used and the search stops. If it is not found, then DNS is queried.
There are other services that can resolve hostnames. If you want to use NIS for name resolution you can add it to the hosts line in /etc/nsswitch.conf. Here is an example.
hosts: files nis dns
Here is an example /etc/nsswitch.conf file.
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This
# file should be sorted with the most-used services
# at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search
# for an entry should stop if the search in the
# previous entry turned up nothing. Note that if the
# search failed due to some other reason(like no NIS
# server responding) then the search continues with
# the# next entry.
passwd: files sss
shadow: files sss
group: files sss
hosts: files dns myhostname
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: files sss
publickey: nisplus
automount: files
aliases: files nisplus
Network Ports
Just like IP addresses identify hosts on a network, ports identify the services on a host. When a service starts on a system, it binds itself to a port and listens for traffic destined for its port.
Ports range from 1 to 65,535. Ports from 1 through 1,023 are called well-known ports or system ports. These ports are pre-assigned ports and are used for common system services. These ports are also called privileged ports since it requires superuser privileges to open these ports. Ports above 1,024 can be opened and used by normal users on a system and are called unprivileged ports.
The following is a very short list of common ports. For example, port 22 is reserved for SSH, 25 for SMTP, 80 for HTTP, 143 for IMAP, 389 for LDAP, and 443 for HTTPS. For a complete list of ports visit http://www.linuxtrainingacademy.com/ports.
|
Port |
Service |
|
22 |
SSH |
|
25 |
SMTP |
|
80 |
HTTP |
|
143 |
IMAP |
|
389 |
LDAP |
|
443 |
HTTPS |
When you type https://www.mybank.com into address bar of your web browser, your computer translates www.mybank.com into an IP address. Then, your web browser initiates a request to that IP address on port 443. The service—in this case a web server—will receive the traffic on port 443.
The /etc/services file translates human-readable names into port numbers. Here you'll find a list of predefined ports. You can also add to this list. For instance, when you install third party software, you may need to add an entry in /etc/services for the service that software provides. You can also create entries for your own custom written applications that use ports.
Here is what the ports from the previous table would look like in the /etc/services file.
ssh 22/tcp # SSH Remote Login Protocol
smtp 25/tcp # SMTP
https 80/tcp # HTTP
imap2 143/udp # IMAP
ldap 389/tcp # LDAP
https 443/tcp # HTTP protocol over TLS/SSL
DHCP
DHCP stands for Dynamic Host Configuration Protocol. DHCP is primarily used to assign IP addresses to hosts on a network. When a DHCP client wants to request an IP address it sends a broadcast message looking for a DHCP server. The DHCP server then responds to the client and provides it with an IP address and other additional information such as the netmask, gateway, and DNS servers to use for name resolution. The DHCP client configures itself with this information and begins to communicate on the network.
The IP address assigned to a DHCP client is leased from the DHCP server. The client will be able to use that IP address for the lease expiration time configured by the DHCP server. If the DHCP client wants to continue using the IP address beyond the lease expiration time, it must send a renewal request to the DHCP server. If no renewal is received by the DHCP server, it will place this IP back into the pool of available addresses.
To configure a RedHat based system as a DHCP client, edit the network device configuration file located in the /etc/sysconfig/network-scripts directory. The name of this file will be ifcfg-network-device-name. Depending on the system configuration and the underlying hardware, it might be ifcfg-eth0 or even something like ifcfg-enp5s2. To get a list of network devices on your system, run ifconfig -a or ip link.
Once you've identified the configuration file for the network device, set the BOOTPROTO variable to "dhcp."
# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 08:00:27:ba:8f:35 brd ff:ff:ff:ff:ff:ff
# cat /etc/sysconfig/network-scripts/ifcfg-enp0s3
DEVICE="enp0s3"
ONBOOT=yes
NETBOOT=yes
IPV6INIT=yes
BOOTPROTO=dhcp
TYPE=Ethernet
NAME="enp0s3"
#
To configure an Ubuntu system as a DHCP client, edit the /etc/network/interfaces file. Add the dhcp method to the inet address family statement for the interface. The line will read iface <network-device-name> inet dhcp. For eth0, this will be iface eth0 inet dhcp. Here are the contents of an example /etc/network/interfaces file.
#/etc/network/interfaces
# This file describes the network interfaces
# available on your system and how to activate them.
# For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet dhcp
You can also assign a static IP address to a Linux system. For RedHat based systems, edit the network interface configuration file located in /etc/sysconfig/network-scripts. Be sure to set the BOOTPROTO variable to static. Assign the IP address, netmask, network, broadcast, and gateway as shown in the following example. If you want the network device to be activated at boot time, set ONBOOT to yes.
DEVICE="enp0s3"
BOOTPROTO=static
IPADDR=10.109.155.174
NETMASK=255.255.255.0
NETWORK=10.109.155.0
BROADCAST=10.109.155.255
GATEWAY=10.109.155.1
ONBOOT=yes
To assign an interface a static IP address on an Ubuntu system, edit the /etc/network/interfaces file. Use the static keyword following inet on the iface line for the network interface. Next, supply the IP address, netmask, and gateway address.
auto eth0
iface eth0 inet static
address 10.109.155.174
netmask 255.255.255.0
gateway 10.109.155.1
You can use the ip command to manually assign an IP address to a network interface. The format is ip address add IP[/NETMASK] dev NETWORK_DEVICE. To add the IP address 10.11.12.13 to eth0, run ip address add 10.11.12.13 dev eth0. You can also supply the netmask by following the IP address with a forward slash and then providing the netmask like so: ip address add 10.11.12.13/255.255.255.0 dev eth0. To bring the interface up, run ip link set eth0 up.
If the ifconfig tool is available, you can use it to assign IP addresses to network interfaces as well. The format is ifconfig NETWORK_DEVICE addr netmask SUBNET_MASK. To add the IP address 10.11.12.13 to eth0 with ifconfig, run ifconfig eth0 10.11.12.13. To specify the netmask, use the netmask keyword and follow it by the netmask you intend to use. Run ifconfig eth0 10.11.12.13 netmask 255.255.255.0, for example. To bring the interface up, run ifconfig eth0 up.
An easier way to bring network interfaces up and down is by using the ifup and ifdown commands. These commands are actually scripts that are provided by many Linux distributions. They use the information specified in the network configuration files to configure the interfaces. If you make a configuration change you can test your change by using the ifup and ifdown commands. Here are a few examples.
# ifup eth0
# ifup enp5s2
# ifdown eth0
# ifdown enp5s2
Instead of manually editing network configuration files, some distributions supply GUI or TUI tools. GUI stands for graphical user interface and TUI stands for textual user interface.
RedHat supplies a TUI called nmtui. You can run nmtui as root and use the simple menu driven interface to configure your network devices. Older versions of RedHat include a very similar utility called system-config-network. You can use YaST, which stands for Yet Another Setup Tool, on Suse systems. At the time of this writing, there are no official Ubuntu network configuration tools available.
Summary
In this chapter, you learned to see what IP addresses are assigned to the network interfaces on a Linux system. You also learned how to manually add IP addresses using the ip and ifconfig utilities. Next, you learned how to set and get the hostname of a system. We also talked about DNS and using the host and dig utilities to resolve names and IP addresses. You learned how to make entries in /etc/hosts and how to control the order in which name resolutions take place by using the /etc/nsswitch.conf file.
Network ports were covered and you learned how superuser privileges are required to open ports below 1,024. You also learned that the primary purpose of DHCP is to assign IP addresses to hosts on a network. You learned how to configure Linux servers to use DHCP to obtain their networking information and how to assign static IP addresses.
You learned that the ifup and ifdown scripts are available on many linux distributions and that they can be used to easily bring up or down a network interface. Finally, you learned about GUI and TUI tools that you can use to configure the networking settings on a Linux server.
Quiz
1. What command can be used to display the hostname of a Linux system?
1. hostname
2. uname -n
3. hostname -f
4. All of the above.
2. Entries added to the /etc/hosts file become automatically available in DNS.
1. True
2. False
3. Which configuration file controls the order in which lookups are performed?
1. /var/nsswitch.conf
2. /etc/nsswitch.conf
3. /etc/resolv.conf
4. /var/resolv.conf
4. What range of ports are considered unprivileged ports?
1. 0 - 1023
2. 0 - 1000
3. 1024 - 2048
4. 1024 - 65535
5. DHCP stands for Dynamic Host Configuration Protocol.
1. True
2. False
Quiz Answers
1. D
2. B
3. B
4. D
5. A