Configuring Network Settings Without Sysinstall
| Using Sysinstall to configure your cards makes things easy in some ways; it's nice and visual, for instance, and it does everything in one place. But configuring with Sysinstall is a less-than-versatile option for many of the networking tasks you may need to do. You can access and modify the network settings more directly from the command line. Naturally, you must be root in order to run these commands in a way that alters the system's configuration; also, you should perform these steps from the physical console, because any misconfigurations will cause you to lose connectivity to the machine. Caution Some of the functions we'll be discussing cannot be done in Sysinstall, such as adding IP aliases and modifying the routing tables. In fact, if you have a customized IP setup (for example, a card with many IP aliases bound to it) and then you do an additional configuration of the card using Sysinstall, you might lose your customized settings. Be aware that Sysinstall is useful for the most basic and common of configuration tasks, but it should be avoided for more complex situations, for which it is not intended. Using ifconfig to Apply Network SettingsThe interface configurator, ifconfig, is the multipurpose tool for applying network settings on the fly. Its main purpose is to assign an IP address to an Ethernet card (interface), although, as with most other UNIX tools, it can do a lot more. Here, we cover the most frequently used functions of ifconfig; check the man ifconfig page for further information. First, let's use ifconfig to gather information on our network interfaces. In the previous chapter, you saw an example of ifconfig -a, which shows all interfaces and tells you which ones are available. Using ifconfig -a provides an easy way to find out whether your Ethernet driver is ed0, fxp0, xl0, or whatever. After you know, you can specify that device name as a parameter to ifconfig to just get that interface's settings: # ifconfig fxp1 fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet6 fe80::2d0:b7ff:feaa:11a9%fxp0 prefixlen 64 scopeid 0x1 inet 64.41.131.102 netmask 0xffffff00 broadcast 64.41.131.255 ether 00:d0:b7:aa:11:a9 media: Ethernet autoselect (100baseTX <full-duplex>) status: activeCaution We're about to go through a few configuration examples that will almost certainly cause your Ethernet interface to lose connectivity to any connected sessions. If you want to try out the functionality of ifconfig on your own machine, do it from the physical console rather than when you're connected via Telnet or SSH! If you want to only change your IP address, use the following command: # ifconfig fxp1 64.41.131.103That's all there is to it. However, note that if you don't specify a netmask, it's assumed you're setting a Class A addressand the netmask and broadcast address are set accordingly, as you can see in the updated ifconfig fxp1 output: inet 64.41.131.103 netmask 0xff000000 broadcast 64.255.255.255 Let's try this again, but this time let's make it a Class C addresswhich means that you'll need to set your netmask, too. You do this with the netmask keyword in combination with the IP address. Note that ifconfig accepts netmasks in hex notation, in dotteddecimal notation, or by a symbolic name defined in /etc/networks. Therefore, the following commands are equivalent: # ifconfig fxp1 64.41.131.103 netmask 255.255.255.0 # ifconfig fxp1 64.41.131.103 netmask 0xffffff00 # ifconfig fxp1 64.41.131.103 netmask my-netmask You can also specify the broadcast address, although this generally isn't useful except in really exceptional networks. Note that although the broadcast address is automatically extrapolated from the IP address and netmask if you omit it (as discussed earlier), the reverse is not true: Omitting the netmask makes ifconfig assume a Class A mask. If you have to set the broadcast address, make sure you set both it and the netmask at the same time: # ifconfig fxp1 64.41.131.103 netmask 255.255.0.0 broadcast 64.41.255.255One final trick that ifconfig can use involves the media keyword, which allows you to make the card switch between the various listed media types. This capability is very handy if you have a card with multiple interfaces and you want to switch from the BNC connector to the RJ-45 (UTP) connector or from the RJ-45 to the AUI connector. If you have a 10/100 Ethernet card and an auto-sensing hub that has auto-negotiated a speed of 100Mbps full-duplex with your card, you can force it into 10Mbps mode with the media and mediaopt keywords. Take a look at what ifconfig fxp1 reports to be the supported media types (the following is a typical example): media: Ethernet autoselect (100baseTX <full-duplex>) This example tells you that you're in auto-select mode. In that mode, the card negotiates the highest possible speed with the hub or switch to which it's connected, which in this case is 100Mbps full-duplex. Let's set it instead to 10Mbps mode (assuming, for instance, that you're connecting it to a 10base-T hub that can't auto-negotiate the speed, or that auto-negotiated it incorrectly when you connected it). Each Ethernet driver has a man page. Consult this page to find out what media types and keywords are supported by the card. In this case, man fxp tells you the following: The fxp driver supports the following media types: autoselect Enable autoselection of the media type and options 10baseT/UTP Set 10Mbps operation 100baseTX Set 100Mbps (Fast Ethernet) operation The fxp driver supports the following media options: full-duplex Set full duplex operation This tells you that the keyword for 10Mbps operation is 10baseT/UTP, and that there's an option of full-duplex that you can set if you choose to (using the mediaopt keyword). Here's how to set this interface to each of the two available 10BaseT/UTP modes: # ifconfig fxp1 media 10baseT/UTP # ifconfig fxp1 media 10baseT/UTP mediaopt full-duplex If you're doing this on a machine that's near the hub or switch where the Ethernet cable is plugged in, or if you can see the back of the computer, check the lights on the card. You should see that the "100" light has gone out, indicating that the connection has renegotiated to 10Mpbs mode. Here's how to switch back again to the previous mode: # ifconfig fxp1 media autoselectRecall that full-duplex mode is where the card can both read and write at the same time, so 10base-T in full-duplex mode means 10Mbps total in each direction. Half-duplex mode means a maximum of 10Mbps as the aggregate total of both directions. A hub can't do full-duplex mode. You need a switch if you want to take full advantage of full-duplex mode. Using route to Set the Gateway RouterWe've now covered ifconfig in as much detail as you're likely to need. However, we haven't yet touched on how to set the gateway router or the DNS information from the command line, both of which are functions that the network configuration screen in Sysinstall handles all at once. First, let's talk about gateway routers. You don't set the gateway in ifconfig because a gateway address isn't bound to an individual Ethernet interface. Instead, FreeBSD's routing tablewhich allows the system to function as a full-fledged router in its own right (something you'll see how to do in Chapter 28, "Configuring an Internet Gateway")has a single "default" route that receives all traffic not destined for any of the LANs accessible from your Ethernet cards, regardless of how many such cards you have. This default route is what you set to specify your gateway router. The route command is another large and complex beast, more so than ifconfig, in fact. However, because you're not actually setting up any routes right now, you need to concern yourself only with its most fundamental functions: the add and delete keywords. Note As long as you're on the same LAN as the FreeBSD machine, you can modify the routesincluding the default routewithout losing network connectivity. If you're going through these examples while connected via Telnet or SSH, you may have accidentally disconnected yourself with the ifconfig examples. This won't happen if you're just setting the router address, as long as there aren't any routers between you and the FreeBSD machine. Advanced users might want to hedge their bets by setting up a second IP address with its own dedicated route as a "recovery" method for accessing the machine in the case of lost connectivity. For example, a web server on a DMZ might also be assigned a 192.168.xxx.xxx address so it can be accessed from the internal LAN. The first thing to do is to check the output of netstat -rn. The netstat tool displays the state of the routing tables and other network information; the r option tells it to show the currently configured routes, and n says to show the addresses numerically (rather than trying to resolve them into hostnames, which can be time-consuming and can confuse the tabular output). This will show what default route is currently set, if any: # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 64.41.131.1 UGSc 1 1 fxp0 ...It seems you already have a gateway router set. This will almost certainly be the case whether the network is running properly or not; there is little error-checking in route, and it's pretty easy to set up a default route that would be unreachable from any of your LANs. The system might also set up a dummy default route. In any case, setting a new router address is a two-step process: You must first delete the existing default route and then you must add the new one: # route delete default delete net default # route add default 64.2.43.1 add net default: gateway 64.2.43.1 Note It's worth pointing out that the route command is one of those parts of UNIX that gives people fits because it's implemented differently on almost every single UNIX variant on the planet. The differences are subtle and syntactical; although the functionality is pretty much the same whether you're on FreeBSD or Linux or Solaris or IRIX, the way you access that functionality is maddeningly varied. To get an idea of this lack of standardization, install portsentry (from /usr/ports/security), and look through /usr/local/etc/portsentry.conf. It lists no fewer than nine different ways (on nine different platforms) to use route to set up a "blackhole" route. It's a bit ridiculous, but that's part of the price we pay for the flexibility we demand from UNIX. Using hostnameSetting your machine's hostname is dead simple. All it involves is the hostname command, with the desired hostname (as a fully qualified domain name) as its argument: # hostname tiger.example.comYou can also print out the currently set hostname in either fully qualified or standalone format: # hostname tiger.example.com # hostname -s tiger Network Settings in /etc/rc.confNow that you have command-line tools at your disposal for setting the IP address, netmask, hostname, and gateway router, and now that you've seen how to set them manually on a one-time basis, it's time to make sure the system takes care of all that for us. That's what /etc/rc.conf is for, as you'll no doubt recall from Chapter 14, "System Configuration and Startup Scripts." Recall that the system's default settings are in /etc/defaults/rc.conf (which shouldn't be touched), and any overrides that supersede those defaults go into /etc/rc.conf. If you look in the defaults file, you'll find vague, generic, disabled settings for the various TCP/IP options. You'll be enabling your Ethernet cards permanently by putting everything relevant into /etc/rc.conf. If you've configured the card using Sysinstall (as we discussed earlier in the chapter), there will already be some settings in the file, such as the following (a block of "deltas" is added each time you use Sysinstall to change the configuration): #-- sysinstall generated deltas -- # ifconfig_fxp1="inet 64.41.131.102 netmask 255.255.255.0" defaultrouter="64.41.131.1" hostname="tiger.example.com" Tip The order in which these options are specified doesn't matter; the startup scripts read them all into variables at once. However, later repetitions of the same variable take precedence over earlier ones. The values written into the file by Sysinstall include the following:
All these values are read into the resource configuration scripts when the system boots and are passed to the appropriate utilities (ifconfig, route, and hostname) automatically. Perhaps you're wondering: What about DNS? We'll be getting to that shortly. DNS isn't really a part of the TCP/IP stack configuration; it's an application-level helper service, consulted independently by networking applications before any connections are really initiated, and you don't need it in place to get networking up and running. Using /etc/netstartA nice courtesy provided by FreeBSD is the /etc/netstart script. It's not a necessary part of the boot-time configuration process, and it can safely be removed from your system without hurting anything (although that would be silly, considering how useful it is). At one time, most network services were started explicitly within /etc/netstart. Back in the days when administrators had to edit scripts to add new services, it was a crucial part of the resource configuration process. Now, though, in keeping with FreeBSD's modern ideal of having each individual system function controlled by a separate script in /etc/rc.d and launched automatically at boot time, the /etc/netstart script is just a batch file that executes all of the appropriate network-related startup scripts at once. (You can examine the script's contents using cat or more to see which scripts it invokes.) The various command-line tools that we've just discussedifconfig, route, hostname, and the likeare all run from within /etc/rc.d/netif, subject to various conditionals and consistency checks, and with syntax built up from the various global config files to prevent input errors and potential illegal maneuvers. For everyday networking changes, /etc/netstart is the best and safest way to activate networking configuration changes, rather than running the various commands individually. There's a caveat, however. The /etc/netstart script invokes /etc/rc.d/routing to set the default gateway using the route command, as you've seen; however, you can't add a new default route without deleting the old one first. The /etc/rc.d/routing script doesn't issue a route delete default commandbecause it's designed to run at boot time, it shouldn't need to. So to use /etc/netstart, you have to delete the default route first. This makes using /etc/netstart a two-step process, as shown in Listing 23.1. Listing 23.1. Restarting the Network Using /etc/netstart
This will work fine if you're on the same LAN as the FreeBSD machine or logged in at the console. You may have noticed, however, that this will contain a nasty trap if you're controlling the machine from elsewhere in the Internet. When you delete the default route, you effectively make the machine unable to communicate with you further, so you can't issue the /etc/netstart command (which re-enables the default route). A trick to get around this is to put both commands on the same line, separated using a semicolon (;). This is risky because it still has the potential to result in a few dropped response packets. If everything is configured properly in /etc/rc.conf, however, your terminal connection will pick back up where it left off after just a brief hiccup: # route delete default; /etc/netstart |
