Although DHCP is a common method of configuration on many networks, it's not used universally . It's awkward to configure some systems (such as DHCP servers) via DHCP, and some networks simply lack DHCP servers. In these situations, you'll need to configure your computer's IP address manually. This section describes how to do this, starting with the tools to do the job a single time. The section entitled "Making Your Changes Permanent" describes how to configure your system to use your settings automatically whenever it reboots.
Configuring Network Interfaces
Loading a driver, as described earlier in this chapter, is the first step in making a network interface available. To use the interface, you must assign it an IP address and associated information, such as its network mask (also called the subnet mask or netmask ). This job is handled by the ifconfig utility, which displays information on an interface or changes its configuration, depending upon how it's called.
Basic ifconfig Syntax and Use
The ifconfig utility's syntax is deceptively simple:
ifconfig [ interface ] [ options ]
The program behaves differently depending upon what parameters it's given. On a broad level, ifconfig can do several different things:
If you're using ifconfig to configure an interface, you'll be most concerned with the options you can pass to the utility. The utility's man page gives a complete listing of options, but the most important are the following:
Table 2.2. Traditional TCP/IP Classes and Their Network Masks
In most cases, a simple ifconfig command will suffice to activate an interface. For instance, the following command activates the first Ethernet card with the address 172.23.45.67:
# ifconfig eth0 172.23.45.67
If you must use a more complex configuration, you may do so by adding parameters to the command, such as:
# ifconfig eth0 172.23.45.67 netmask 255.255.255.0 mtu 1420
The netmask specifies which parts of an IP address correspond to the network address, and which parts identify a specific computer. A computer uses this information in determining how to address outgoing packets, so setting it incorrectly can result in some computers being inaccessible. When converted to binary, the netmask consists of a series of binary 1 values followed by a series of binary 0 values. For instance, 255.255.255.0 is twenty-four 1 values followed by eight 0 values. A shorthand notation for the IP address and netmask is to follow the IP address with a slash ( / ) and the number of bits in the network portion of the address. For instance, 172.23.45.67/24 is equivalent to 172.23.45.67 with a netmask of 255.255.255.0. You can use this notation as part of the up addres option to ifconfig , instead of specifying a separate netmask nm option.
Configuring Multiple Network Interfaces
If a computer has multiple network interfaces, you must issue the ifconfig command once for each interface. For instance, you might issue the following two commands:
# ifconfig eth0 up 192.168.1.1 # ifconfig eth1 up 172.23.45.67/24
These commands configure eth0 on the 192.168.1.1 address (presumably for a local private network), and eth1 on 172.23.45.67, using a netmask of 255.255.255.0. Both interfaces will then function. How, though, does the computer know to which interface to send any given network packet? For instance, suppose a program tries to contact the computer at 10.9.8.7. Over which interface should Linux send this packet? It's the job of the routing table to answer this question. In fact, this question is important even for a single-interface computer, as described shortly.
Adjusting the Routing Table
The routing table directs traffic in two ways. First, it tells Linux over what interface to send traffic. This may seem obvious in a single-interface computer, but Linux supports a special virtual interface known as the localhost or loopback interface. This interface uses the 127.0.0.0/8 network, but it's usually addressed using just one IP address: 127.0.0.1. Because this interface exists on all computers, programs can use it when they need to use networking protocols to interface to other local programs. It's also faster than using the computer's regular network interface. Rules must exist to properly direct traffic to the localhost interface or the physical interface (and to a particular physical interface, if a computer has more than one). The second job of the routing table is to direct traffic that's destined for other computers on the local network, as opposed to computers that are located on remote networks and thus must be routed. In the case of local network traffic, Linux can use the Address Resolution Protocol (ARP) to communicate directly with the destination system, but remote targets need to be handled by a router or gateway system ”a computer that passes packets from one network to another. Most Linux systems' routing tables list just one gateway computer, but some complex configurations use multiple gateways. Configuring the routing table is the job of the route command.
Understanding Routing Table Structure
The routing table consists of a series of entries specifying what to do with packets sent to certain ranges of IP addresses. When a program sends an outgoing packet to the kernel, the kernel compares the destination address to the destination address ranges in the routing table, starting with the most specific destination address ranges (that is, those that define the smallest networks). If the packet's destination matches one of these ranges, it's sent in the way specified by the routing table rule. If not, the next rule is checked. Normally, the most general rule in the routing table is known as the default route, which matches any address. The default route normally directs packets through the local network's gateway computer.
To understand this better, it may help to examine a sample routing table. Figure 2.2 shows the result of the route -n command, which displays the routing table, on one system. (The route command is discussed in more detail in the next section, "Basic route Syntax and Use.") Figure 2.2 shows the routing table entries from the most to the least specific. The first entry, for a destination of 255.255.255.255, is for broadcasts. These go out over the eth0 interface and do not involve a gateway. The next two entries, for destinations of 10.92.68.0 and 192.168.1.0, represent local network traffic for networks with netmasks of 255.255.255.0 (as shown in the Genmask column). Network addresses usually end in 0, but the network portion of the address is defined by the netmask, as described earlier. These entries send traffic to the eth1 and eth0 interfaces, respectively; a computer with just one network interface would probably have only one entry of this form. The fourth entry, for 127.0.0.0, is the localhost interface, as described earlier. (Some distributions, such as Debian, don't explicitly show this route, but it still works.) Note its interface device (in the Iface column) is lo . The final entry, for a destination of 0.0.0.0, is the default route. This address, in conjunction with the netmask of 0.0.0.0, matches any traffic that has not already been matched. It sends traffic over the eth1 interface, and it's the only route in this sample that uses a gateway ”10.92.68.1 in this case.
Figure 2.2. You can determine how Linux will route a packet by comparing its destination address to the Destination and Genmask columns of the routing table.
When you activated an interface with ifconfig , the utility automatically added one entry for the interface to your routing table. This entry corresponds to the local network route for the interface (the routes with netmasks of 255.255.255.0 in Figure 2.2). Default Linux startup scripts automatically add the localhost interface entry. The broadcast entry (for 255.255.255.255) is not required or active on most systems, but some utilities need this entry. In normal operation, the main routing table entry that's left to be defined is the one for the default route.
Basic route Syntax and Use
If it's given without any parameters, or with only certain parameters like -n (which produces numeric output rather than hostnames for entries like the gateway systems), route displays the current routing table. You can also use this tool to add, delete, or change routing table entries. To do this, you use route with additional parameters. The syntax for such use is as follows :
route add del [-net -host] target [netmask nm ] [gateway gw ] [metric m ] [mss m ] [window W ] [[dev] interface ]
Each of these parameters has a specific meaning:
The most common use of route is to add the default route after adding the primary network interface using ifconfig . This use is fairly simple, as illustrated by this example:
# route add 0.0.0.0 gw 10.92.68.1
If you prefer, you can substitute the keyword default for 0.0.0.0 ; the two have precisely the same effect. On rare occasions, you must add a -net specification, device name, or some other option.
Multiple Interfaces with One Gateway
As noted earlier, each time you add an interface with ifconfig , that utility automatically adds an entry to your routing table for that interface. This does not extend to adding a gateway, however. As a consequence, the configuration required on many computers with multiple interfaces consists of two types of action:
This set of steps will be adequate for a small router, such as a Linux computer that functions as a router for a small department in a larger organization. For a router, you'll also have to enable routing by turning on IP forwarding. You can do this by typing the following command:
# echo "1" > /proc/sys/net/ipv4/ip_forward
If you have just one external IP address but want to connect several computers to the Internet, you can use a special type of routing known as Network Address Translation (NAT). Chapter 25, Configuring iptables, covers this technology. The basic steps are the same as for a normal router, but NAT requires you to run extra commands to allow the router to translate addresses in order to make your entire network look like a single computer to the outside world.
Multiple Interfaces with Multiple Gateways
A trickier configuration is one in which a computer can use multiple gateways. Most systems use just one gateway, which is associated with the default route. The gateway ties the local network to some other network, and often ultimately to the Internet. There are other configurations possible, however. For instance, consider Figure 2.3. This figure depicts an environment in which an organization has connected two subnetworks via routers. The regular computers in both offices can be configured quite simply ”they need only point to their local routers as their gateways. Likewise, the router in Office 2 can point to the router in Office 1 as its sole gateway system, although the Office 2 router has two interfaces, as just discussed. The router in Office 1, however, requires a more complex configuration. Its default route leads to the Internet, but it must also configure a route to the Office 2 router for traffic destined for the 172.20.0.0/16 network. You might use a route command like the following to accomplish this goal:
# route add -net 172.20.0.0 netmask 255.255.0.0 gw 172.21.1.1
Figure 2.3. Routers with more than two interfaces require at least two gateway definitions in order to function properly.
This command assumes that Office 2's router talks to Office 1's router using the 172.21.1.1 address. (Note that this address is not part of the Office 2 network proper; it's on a different network card in Office 2's router.) The end result of issuing this command as well as a normal route command to define the default route will be a routing table that includes two gateways: one for the default route and one to handle traffic destined to Room 2's systems. None of the other computers that link to Office 1's router need to know anything about this arrangement; they only need to know that this router is the gateway for the default route.
There are other situations in which a similar configuration might be required. For instance, if Office 1 used a second router to link to the Internet, all of the computers in Office 1 would need to have two gateways defined: one default route pointing to the system that leads to the Internet, and a second route pointing to the router that leads to Office 2. (Alternatively, regular systems could list just one router, which could pass traffic to the other router when appropriate, but this would increase local network traffic.) Because a network with two routers involves more tricky configuration for all computers on the network, it's best to use a single router on any given subnet whenever possible.
Once an interface is active and a gateway set, a computer can send and receive network traffic destined for anywhere on its local network or any other network to which the gateway connects, directly or indirectly. Traffic must be addressed by IP address, though, which is tedious at best. It's the job of the Domain Name System (DNS) to provide a better user interface by converting the alphanumeric names (such as www.awl.com ) used by people to IP addresses used by computers. (DNS can also do the reverse conversion.)
DNS is a globally distributed database, but any given computer needs to know just one IP address to gain entry to that database: the address of a single DNS server. Most organizations and ISPs provide at least one DNS server, and many provide two or three. You should consult your network administrator to learn the addresses of your network's DNS servers. When you've obtained this information, you can enter it into the /etc/resolv.conf file. This file can have up to three lines that begin with the keyword nameserver and end with the IP address of a DNS server. The file can also specify the default domain of the Linux system (using the domain keyword) and an arbitrary number of domains that are to be searched when you omit a domain name (for instance, if you specify mail rather than mail.threeroomco.com ) using the search keyword. Listing 2.1 shows an example of an /etc/resolv.conf file illustrating these three keywords.
Listing 2.1 An example /etc/resolv.conf file
domain threeroomco.com search tworoomco.com fourroomco.com nameserver 10.98.17.34 nameserver 172.20.13.109
Once you've edited /etc/resolv.conf to your liking, there's no command needed to activate the changes. Linux will simply begin using the specified name servers and searching the specified domains.
If you want Linux to function as a DNS server for your network, consult Chapter 18. This chapter includes information on running a DNS server, which can be used by other computers on your own network, by computers on the Internet at large, or by both, depending upon the server's configuration.
Setting the Hostname
Many TCP/IP protocols require that computers identify themselves by name to each other. To simplify configuration of individual programs, Linux maintains a global hostname setting, which can be viewed or set with the hostname command. Typing the command alone displays the current hostname. Typing the command followed by a hostname (as in hostnamelarch.threeroomco.com ) sets the hostname to the specified name. You can store the hostname in a file and pass that file to the hostname command with the -F or ”file option, as in hostname -f /etc/HOSTNAME . Most distributions do this automatically at boot time, although the location of the hostname varies from one distribution to another. Check /etc/ hostname , /etc/HOSTNAME , and the files listed in the Extra Configuration Files column of Table 2.1.
Unfortunately, although the ideal is to set the hostname once, this isn't always possible. Some user-level programs ”particularly e-mail clients and Usenet news readers ”allow users to override the default hostname setting. You or your users may therefore need to set the hostname in these programs, particularly if you ever change the hostname. You might also want to set the hostname in /etc/hosts . This file exists as a method of name resolution that's an alternative to DNS. It consists of lines that begin with an IP address and continue with a series of hostnames. Most commonly, the first hostname is a Fully-Qualified Domain Name (FQDN) ”that is, a complete hostname, including the machine name and the domain to which it belongs, as in larch.threeroomco.com . Subsequent names on the same line are "nicknames" ”normally shortened forms, such as larch . If your system's DNS settings are correct, and if your computer has appropriate entries in your network's DNS server, it won't be necessary to create an /etc/hosts entry for the computer. If your network's DNS servers, or the network path to those servers, is unreliable, however, creating an /etc/hosts entry for your computer can improve overall reliability. You might also want to ensure that the 127.0.0.1 address is represented, with hostnames of localhost.localdomain and localhost . Examples of both entries might resemble the following:
10.92.68.1 larch.threeroomco.com larch 127.0.0.1 localhost.localdomain localhost
If a computer has multiple network interfaces, you'll set one hostname using the hostname command, but you'll normally create multiple hostnames, one for each interface, in the /etc/hosts file, although this isn't required. (Your network's DNS servers will also normally have two or more names for the computer in this case.)
Making Your Changes Permanent
Some of the preceding procedures, such as adjusting hostnames in /etc/hosts and setting up name server addresses in /etc/resolv.conf , involve editing configuration files. These changes are permanent; once you make them, you won't need to make them again unless your configuration files become damaged or you reinstall Linux. Other changes, by contrast, are transient in nature. When you run ifconfig , route , or hostname to adjust a system feature, that change will last only as long as the computer runs or until it's undone by another action. If you reboot, the change will be lost. In order to make such a change permanent, you must adjust a startup script or configuration file, either by editing the file in a text editor or by using a GUI configuration tool.
Using a GUI Configuration Tool
One of the easiest ways to make a permanent change in a network setting is to do it with a GUI configuration tool ”at least, if your distribution includes such a tool. (Debian and Slackware both eschew the use of such tools.) Specific options include the following:
The exact details differ from one tool to another, but to configure a system using GUI tools, you must normally locate a network configuration menu, and possibly delve another layer or two into the interface to locate the settings you need to alter. You then enter the configuration options you want to set permanently. For instance, in Figure 2.1, you can click Static Address Setup and enter the IP address and netmask in the fields provided, then click the Hostname and Nameserver button and the Routing button to adjust these features.
One drawback to GUI tools is that they sometimes don't permit more advanced configurations. For instance, there might be no way to adjust a routing table with the precision required for configurations like those discussed earlier, in the section "Multiple Interfaces with Multiple Gateways." These tools are almost always adequate for simpler configurations, though. If you have trouble with the GUI tools, you can resort to directly editing the configuration files.
Editing Configuration Files
Table 2.1 gives the locations of configuration files in which DHCP client commands and extra configuration information are listed. These files also hold commands and configurations for handling static IP addresses. You should peruse these files, looking for calls to ifconfig , route , hostname , or other configuration commands. Some files don't include commands, but instead set environment variables that hold information such as whether the system uses DHCP or a static IP address configuration, and hold the static configuration information in the latter case. A perusal of the scripts and configuration files involved should be enough to let you configure your system.
Should you encounter problems with the normal configuration scripts, one way to force the issue is to create entries in a local startup script that call the configuration commands you want to use. Most distributions use /etc/rc.d/rc.local as a local startup script, but SuSE uses /etc/rc.d/ boot.local . Debian has no single local startup script, but you can create such a file in the /etc/rc.boot directory. When you create or edit such a script, you can enter any commands you like, including network commands like ifconfig and route . These commands will execute after other startup scripts, though, so this isn't the ideal location for most network configuration commands. It might be an acceptable way to get the system to add an unusual route, however, such as a gateway route for a single small subnet, as discussed earlier.