Linux Networking - Linux Administration (2016)

Linux Administration (2016)

Linux Networking

In this chapter, you'll learn how to configure and control the network interfaces on a Linux system as well as its hostname. You'll learn what DNS is and how to use the host and dig tools to resolve hostnames and IP addresses. You'll learn the roles that the /etc/hosts and /etc/nsswitch.conf files play in name resolution. You'll also be introduced to network ports. Next, you'll learn what DHCP is and how to configure your Linux system as a DHCP client. Finally, we'll look at menu driven tools that can assist you in managing the various network settings on the most popular Linux distributions.

To show your current IP address, or to get a list of all the IP addresses in use on your system, run the ip command with an argument of address. With the ip command, you can use abbreviations, so instead of running ip address you can run ip addr or even ip a. You can also be more explicit by running ip address show.

The following is some sample output from the ip address command. You can see two devices listed: lo and eth0. The lo device is the loopback device. This is a special virtual network interface that a Linux system uses to communicate with itself. The loopback device has an IP address of The other network device on this system is the eth0 device. This is an actual hardware device and it has an ip address of

# ip address

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

link/ether 08:00:27:43:f5:18 brd ff:ff:ff:ff:ff:ff

inet brd scope global dynamic eth0

valid_lft 84249sec preferred_lft 84249sec

inet6 fe80::a00:27ff:fe43:f518/64 scope link

valid_lft forever preferred_lft forever

In addition to the ip command, the ifconfig tool can be used to display IP address information. At this point the ifconfig utility is considered to be deprecated. However, this little utility hasn't quite yet disappeared on modern Linux systems and may be around for quite some time to come. If this is a refresher for you or if you are coming from a Unix background, you may already be familiar with the ifconfig command, but not its newer replacement, the ip command. In this chapter, you will learn how to use both the ip and ifconfig commands.

To display the ip address in use with the ifconfig command, execute it without any arguments. Here is some output from the ifconfig command. It lists two interfaces: eth0 and the loopback device. You'll notice that the output is slightly different from the ip command. However, it gets the job done by displaying the IP address, netmask, and more. Just like with the ip command, you can see that the eth0 device has an IP of and the loopback device has an IP of

# ifconfig

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet netmask broadcast

inet6 fe80::a00:27ff:fe43:f518 prefixlen 64 scopeid 0x20<link>

ether 08:00:27:43:f5:18 txqueuelen 1000 (Ethernet)

RX packets 82371 bytes 95773879 (91.3 MiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 32907 bytes 3386585 (3.2 MiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

inet netmask

inet6 addr: ::1/128 Scope:Host


RX packets:250935 errors:0 dropped:0 overruns:0 frame:0

TX packets:250935 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:70966872 (70.9 MB) TX bytes:70966872 (70.9 MB)


A host is a device connected to a network. Since we are talking about TCP/IP networking, a host in this case is a device with an IP address.

A hostname is simply a human-readable name that corresponds to an IP address. Let's say we have a Linux server that will act as a web server in production. We can give that server a hostname, webprod01 for example, and refer to it by that hostname instead of its IP address, which might be something like A one word hostname like this is sometimes called the short hostname or the unqualified hostname.

DNS Hostnames

The primary purpose of DNS, which stands for Domain Name System, is to translate human readable names into IP addresses. Of course, DNS does the reverse as well. It can translate an IP address to a hostname.

The fully qualified domain name, or FQDN, of a host also contains a domain name and a top-level domain name. Each section of the FQDN is separated by a period.

TLD stands for top-level domain and is the rightmost portion of a DNS name. Common top level domains include .com, .net, and .org, but there actually hundreds of other top level domains.

A domain appears just to the left of a top-level domain. This is often a company name, an organization name, or a brand name.

The FQDN, or long hostname, of our Linux server would contain at least three strings separated by periods. For example, its FQDN could be

However, domains can be further divided into sub-domains. Let's say "My Company" wants to use subdomains to identify where a server is located. It could use a country domain such as and maybe even a state subdomain, something like If our web server were in New York, its FQDN might actually be Subdomains do not have to correspond to geographical regions; they can be anything the DNS administrator has configured.

You can display the current hostname by using the hostname command or by running uname -n. In the following example, the hostname is webprod01. If you want to display the FQDN, run hostname -f.

$ hostname


$ uname -n


$ hostname -f

You can also temporarily change the hostname of a system by supplying it as an argument to the hostname command. However, to make this persist between reboots, you'll need to update the hostname configuration. This configuration varies slightly from distribution to distribution. For Ubuntu and RedHat systems, edit the /etc/hostname file and place your desired hostname there. For earlier versions of RedHat, you can edit the /etc/sysconfig/network file and set the HOSTNAME variable to the desired value.

# hostname webprod01

# echo 'webprod01' > /etc/hostname

# vi /etc/sysconfig/network


Resolving DNS Names

If you want to lookup or resolve a DNS name or an IP address, you can use the host or dig tools. In their simplest forms, you specify the IP address or dns name you want to lookup as an argument to the command. Here is an example of using the host command.

$ host has address

$ host domain name pointer

Here is an example using dig. Use the -x option to perform a reverse lookup.

$ dig

; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.1 <<>>

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22904

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1


; EDNS: version: 0, flags:; udp: 512


; IN A


;; Query time: 13 msec


;; WHEN: Wed Jan 13 03:30:17 JST 2016

;; MSG SIZE rcvd: 62

$ dig –x

; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.1 <<>> -x

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23203

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1


; EDNS: version: 0, flags:; udp: 512




;; Query time: 34 msec


;; WHEN: Wed Jan 13 03:33:16 JST 2016

;; MSG SIZE rcvd: 106


The Hosts File

The /etc/hosts file contains a list of IP addresses and hostnames. You can create entries in the hosts file by starting a line with an IP address and then following it with the name or names you want to translate that IP address to. The following example entry uses multiple names, but if you don't need or want to access the system by multiple names, you can simply list one name. This entry could be one of many in the hosts file. webprod02

After you have created an entry in /etc/hosts, you can start communicating with that IP address by using the name listed in the host file. This can be useful if you want to access computers that do not have DNS hostnames. Also, it's common to use /etc/host entries to override the DNS entry of a system. For example, if you have a cluster of web servers you could have a private network that only the web cluster members can access. You can create an entry for the members of the cluster in /etc/hosts and use their private address, thus forcing network communications through the private network.

It's important to note that /etc/hosts is local to the system. Adding an entry to the /etc/hosts file does not add an entry into DNS.

Here is an example /etc/hosts file. You'll see the first line contains an entry for localhost. Remember that this is used by the loopback device for internal communications. The next line contains the public IP address of the system followed by the FQDN and then the short name. The third line contains a non-routable IP address for webprod02. In this example, it's the private IP address of that system. There is another similar entry for webprod03 on the next line. The last line is only contains one name: dbcluster. localhost webprod01 webprod02 webprod03 dbcluster

Name Service Switch

Typically, the /etc/hosts file is checked first before a DNS server is queried, but you can change this behavior by editing the /etc/nsswitch.conf file. NSS stands for Name Service Switch and it controls the order in which lookups are performed.

The hosts line determines the order for name resolution. For example, if you have hosts: files dns in the nsswitch.conf file, the /etc/hosts file will be searched first. If an IP address is found, that IP is used and the search stops. If it is not found, then DNS is queried.

There are other services that can resolve hostnames. If you want to use NIS for name resolution you can add it to the hosts line in /etc/nsswitch.conf. Here is an example.

hosts: files nis dns

Here is an example /etc/nsswitch.conf file.


# /etc/nsswitch.conf


# An example Name Service Switch config file. This

# file should be sorted with the most-used services

# at the beginning.


# The entry '[NOTFOUND=return]' means that the search

# for an entry should stop if the search in the

# previous entry turned up nothing. Note that if the

# search failed due to some other reason(like no NIS

# server responding) then the search continues with

# the# next entry.

passwd: files sss

shadow: files sss

group: files sss

hosts: files dns myhostname

bootparams: nisplus [NOTFOUND=return] files

ethers: files

netmasks: files

networks: files

protocols: files

rpc: files

services: files sss

netgroup: files sss

publickey: nisplus

automount: files

aliases: files nisplus

Network Ports

Just like IP addresses identify hosts on a network, ports identify the services on a host. When a service starts on a system, it binds itself to a port and listens for traffic destined for its port.

Ports range from 1 to 65,535. Ports from 1 through 1,023 are called well-known ports or system ports. These ports are pre-assigned ports and are used for common system services. These ports are also called privileged ports since it requires superuser privileges to open these ports. Ports above 1,024 can be opened and used by normal users on a system and are called unprivileged ports.

The following is a very short list of common ports. For example, port 22 is reserved for SSH, 25 for SMTP, 80 for HTTP, 143 for IMAP, 389 for LDAP, and 443 for HTTPS. For a complete list of ports visit















When you type into address bar of your web browser, your computer translates into an IP address. Then, your web browser initiates a request to that IP address on port 443. The service—in this case a web server—will receive the traffic on port 443.

The /etc/services file translates human-readable names into port numbers. Here you'll find a list of predefined ports. You can also add to this list. For instance, when you install third party software, you may need to add an entry in /etc/services for the service that software provides. You can also create entries for your own custom written applications that use ports.

Here is what the ports from the previous table would look like in the /etc/services file.

ssh 22/tcp # SSH Remote Login Protocol

smtp 25/tcp # SMTP

https 80/tcp # HTTP

imap2 143/udp # IMAP

ldap 389/tcp # LDAP

https 443/tcp # HTTP protocol over TLS/SSL


DHCP stands for Dynamic Host Configuration Protocol. DHCP is primarily used to assign IP addresses to hosts on a network. When a DHCP client wants to request an IP address it sends a broadcast message looking for a DHCP server. The DHCP server then responds to the client and provides it with an IP address and other additional information such as the netmask, gateway, and DNS servers to use for name resolution. The DHCP client configures itself with this information and begins to communicate on the network.

The IP address assigned to a DHCP client is leased from the DHCP server. The client will be able to use that IP address for the lease expiration time configured by the DHCP server. If the DHCP client wants to continue using the IP address beyond the lease expiration time, it must send a renewal request to the DHCP server. If no renewal is received by the DHCP server, it will place this IP back into the pool of available addresses.

To configure a RedHat based system as a DHCP client, edit the network device configuration file located in the /etc/sysconfig/network-scripts directory. The name of this file will be ifcfg-network-device-name. Depending on the system configuration and the underlying hardware, it might be ifcfg-eth0 or even something like ifcfg-enp5s2. To get a list of network devices on your system, run ifconfig -a or ip link.

Once you've identified the configuration file for the network device, set the BOOTPROTO variable to "dhcp."

# ip link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000

link/ether 08:00:27:ba:8f:35 brd ff:ff:ff:ff:ff:ff

# cat /etc/sysconfig/network-scripts/ifcfg-enp0s3









To configure an Ubuntu system as a DHCP client, edit the /etc/network/interfaces file. Add the dhcp method to the inet address family statement for the interface. The line will read iface <network-device-name> inet dhcp. For eth0, this will be iface eth0 inet dhcp. Here are the contents of an example /etc/network/interfaces file.


# This file describes the network interfaces

# available on your system and how to activate them.

# For more information, see interfaces(5).

# The loopback network interface

auto lo

iface lo inet loopback

# The primary network interface

auto eth0

iface eth0 inet dhcp

You can also assign a static IP address to a Linux system. For RedHat based systems, edit the network interface configuration file located in /etc/sysconfig/network-scripts. Be sure to set the BOOTPROTO variable to static. Assign the IP address, netmask, network, broadcast, and gateway as shown in the following example. If you want the network device to be activated at boot time, set ONBOOT to yes.









To assign an interface a static IP address on an Ubuntu system, edit the /etc/network/interfaces file. Use the static keyword following inet on the iface line for the network interface. Next, supply the IP address, netmask, and gateway address.

auto eth0

iface eth0 inet static




You can use the ip command to manually assign an IP address to a network interface. The format is ip address add IP[/NETMASK] dev NETWORK_DEVICE. To add the IP address to eth0, run ip address add dev eth0. You can also supply the netmask by following the IP address with a forward slash and then providing the netmask like so: ip address add dev eth0. To bring the interface up, run ip link set eth0 up.

If the ifconfig tool is available, you can use it to assign IP addresses to network interfaces as well. The format is ifconfig NETWORK_DEVICE addr netmask SUBNET_MASK. To add the IP address to eth0 with ifconfig, run ifconfig eth0 To specify the netmask, use the netmask keyword and follow it by the netmask you intend to use. Run ifconfig eth0 netmask, for example. To bring the interface up, run ifconfig eth0 up.

An easier way to bring network interfaces up and down is by using the ifup and ifdown commands. These commands are actually scripts that are provided by many Linux distributions. They use the information specified in the network configuration files to configure the interfaces. If you make a configuration change you can test your change by using the ifup and ifdown commands. Here are a few examples.

# ifup eth0

# ifup enp5s2

# ifdown eth0

# ifdown enp5s2

Instead of manually editing network configuration files, some distributions supply GUI or TUI tools. GUI stands for graphical user interface and TUI stands for textual user interface.

RedHat supplies a TUI called nmtui. You can run nmtui as root and use the simple menu driven interface to configure your network devices. Older versions of RedHat include a very similar utility called system-config-network. You can use YaST, which stands for Yet Another Setup Tool, on Suse systems. At the time of this writing, there are no official Ubuntu network configuration tools available.


In this chapter, you learned to see what IP addresses are assigned to the network interfaces on a Linux system. You also learned how to manually add IP addresses using the ip and ifconfig utilities. Next, you learned how to set and get the hostname of a system. We also talked about DNS and using the host and dig utilities to resolve names and IP addresses. You learned how to make entries in /etc/hosts and how to control the order in which name resolutions take place by using the /etc/nsswitch.conf file.

Network ports were covered and you learned how superuser privileges are required to open ports below 1,024. You also learned that the primary purpose of DHCP is to assign IP addresses to hosts on a network. You learned how to configure Linux servers to use DHCP to obtain their networking information and how to assign static IP addresses.

You learned that the ifup and ifdown scripts are available on many linux distributions and that they can be used to easily bring up or down a network interface. Finally, you learned about GUI and TUI tools that you can use to configure the networking settings on a Linux server.


1. What command can be used to display the hostname of a Linux system?

1. hostname

2. uname -n

3. hostname -f

4. All of the above.

2. Entries added to the /etc/hosts file become automatically available in DNS.

1. True

2. False

3. Which configuration file controls the order in which lookups are performed?

1. /var/nsswitch.conf

2. /etc/nsswitch.conf

3. /etc/resolv.conf

4. /var/resolv.conf

4. What range of ports are considered unprivileged ports?

1. 0 - 1023

2. 0 - 1000

3. 1024 - 2048

4. 1024 - 65535

5. DHCP stands for Dynamic Host Configuration Protocol.

1. True

2. False

Quiz Answers

1. D

2. B

3. B

4. D

5. A