Project73.Manage Network Settings

Previous page
Table of content
Next page

Project 73. Manage Network Settings

"How do I examine the current network location or the settings applied to my Ethernet connections?"

This project looks at commands to query and change network settings. It considers the commands ifconfig, hostname, scselect, and ipfw. Project 37 uses System Profiler to gather network information. Chapter 10 covers networking in general.

View and Change Interface Settings

You'll usually configure networking from the Network pane of System Preferences. Should you wish to configure a machine remotely or by running a shell script, however, Mac OS X provides several command-line tools that let you do so. First, we'll look at the command ifconfig, which is used to query and change the settings applied to network interfaces such as Ethernet.

To view the settings of all network interfaces, type

$ ifconfig


You'll see a list of interface names such as en0, each followed by its current settings. Interface en0 is the first Ethernet connection; en1 is the second, usually used by AirPort; fw0 is TCP over FireWire; and lo0 is the local loopback interface. View the settings for a particular interfacefor example, en1by typing

$ ifconfig en1 en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX, MULTICAST> mtu 1500     inet6 fe80::210:a7ff:fe2e:b674 prefixlen 64 scopeid 0x5     inet 10.0.2.4 netmask 0xffffff00 broadcast 10.0.2.255     ether 99:10:a7:2e:b6:74     media: autoselect status: active     supported media: autoselectking interfaces, type


The output from this command tells us that the IP address assigned to en1 is 10.0.2.4, and the subnet mask (netmask) is 255.255.255.0 (or 0xffffff00 in hexadecimal notation).

Interface lo0

The special interface lo0 is known as the local loopback interface. It's a software interface and responds to the IP address 127.0.0.1 as the address of the local machine. The host name localhost is mapped to the address 127.0.0.1.


Switch an Interface Off and On

To reset an interface, or to turn it off or on, use ifconfig, stating the interface name and either down (off) or up (not off). All such commands must be issued as the root user. Let's reset the second Ethernet interface.

$ sudo ifconfig en1 down Password:


(Where did all my iChat buddies go?)

$ sudo ifconfig en1 up


Learn More

For more information on using the sudo command to issue commands as the root user, see "How to Become the Root User" in Project 2.


Multi-Home

To demonstrate how we might use ifconfig to change network settings, we'll multi-home en0. Multi-homing assigns a second IP address to an interfacea technique used when one host has to act temporarily as a backup for a second and must assume two network addresses.

First, let's check our current IP address, employing the grep command to display just the information in which we are interested.

$ ifconfig en0 | grep "inet " inet 217.155.168.146 netmask 0xfffffff8 broadcast 217.155.168.151


To add an IP address, we specify the alias command to ifconfig, giving the new IP address and an appropriate subnet mask.

$ sudo ifconfig en0 alias 217.155.168.145 ¬     netmask 255.255.255.248


Let's check that the command has worked.

$ ifconfig en0 | grep "inet " inet 217.155.168.146 netmask 0xfffffff8 broadcast 217.155.168.151 inet 217.155.168.145 netmask 0xfffffff8 broadcast 217.155.168.151


To remove the second IP address (you probably don't want to keep it), use the -alias command.

$ sudo ifconfig en0 -alias 217.155.168.145


Tip

Add IP addresses to lo0, and use them to test such things as IP-based virtual hosting on the Apache Web server.

$ sudo ifconfig lo0 ¬      alias 127.0.0.2 ¬      netmask 255.0.0.0



Check Host Names with hostname

You might find it useful when writing a script to check the host name of the current machine, perhaps to take specific action on a particular host. Do this with the hostname command. In the following example, we set two shell variables to be used by the script; domain is set to the full domain name of the host, and host is set to be just the host part.

$ domain=$(hostname) $ host=$(hostname -s) $ echo "I'm known locally as $host and globally as $domain" I'm known locally as sauron and globally as sauron.mayo-family.com


You may also use hostname, run as the root user, to assign a new host name to a machine.

Change Network Locations

Apple provides a command-line utility for switching network settings. This utility is equivalent to choosing a network location from the Location command in the Apple menu or from the Location pop-up menu in the Network pane of System Preferences.

The command is called scselect. Issued without any arguments, it lists all locations.

$ scselect Defined sets include: (* == current set)    E5B52A04-857F-11D8-A6EA-000393B2D604 (carcharoth.zen)    E5BBB531-857F-11D8-A6EA-000393B2D604 (sauron.zen)  * E5A8E3FA-857F-11D8-A6EA-000393B2D604 (melkor.zen)    E5C2A2A6-857F-11D8-A6EA-000393B2D604 (smeagol.zen)    AC642A1F-84F1-11D8-A6EA-000393B2D604 (saruman.zen)    0    (Automatic)


To change to a new location, name the location as an argument to scselect. To change to the location to saruman.zen, for example, type

$ scselect saruman.zen CurrentSet updated to AC642A1F-84F1-11D8-A6EA-000393B2D604 (saruman.zen)


Eyeball the Firewall

Configuration of the firewall is beyond the scope of this project. We'll simply introduce the ipfw command and give some examples of how to use it.

Check the current firewall settings by typing the following command.

$ sudo ipfw list 02000 allow ip from any to any via lo* 02010 deny ip from 127.0.0.0/8 to any in ... 65535 allow ip from any to any


To configure the firewall manually, flush the existing rule set, and add your own set by using the add command.

$ sudo ipfw flush Are you sure? [yn] y Flushed all rules.


Let's add a rule to allow established connections.

$ sudo ipfw add allow tcp from any to any established 00100 allow tcp from any to any established


Next, we'll open port 80 so we can serve Web pages.

$ sudo ipfw add 00200 allow tcp from any to any 80 in 00200 allow tcp from any to any 80 in


Finally, we'll close all other ports.

$ sudo ipfw add 09000 deny tcp from any to any 09000 deny tcp from any to any


Tip

If you use the ipfw command to configure the firewall by hand, System Preferences will disable its own firewall configuration. To change back to using System Preferences, you must flush all firewall rules by typing

$ sudo ipfw flush



Check that the rules have been added as expected.

$ sudo ipfw list 00100 allow tcp from any to any established 00200 allow tcp from any to any 80 in 09000 deny tcp from any to any 65535 allow ip from any to any


The Unix man page for ipfw has a great deal of information on configuring the firewall.



Previous page
Table of content
Next page
Mac OS X UNIX 101 Byte-Sized Projects
Mac OS X Unix 101 Byte-Sized Projects
ISBN: 0321374118
EAN: 2147483647
Year: 2003
Pages: 153
Authors: Adrian Mayo
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
MySQL Clustering
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy