Network

Ethernet configuration and configuration files
IP Aliasing, Assign multiple IP to a network card
Global Network Parameters (hostname, gateway, NIS Domain, etc.
Managing routes - Add, delete, etc.
Change the Network speed settings
Configuring CISCO VPN client in RHCE
Make your system as router and give redundany and load balance to internet
Bonding in RHEL
Replacing Network Cards in a server
Other Networking Tips

Network Configuration and Configuration files and tools

Interface configuration files:

  • ifcfg-xxx located in /etc/sysconfig/network-scripts/ directory

Redhat Linux stores network interface configuration information files in directory /etc/sys-config/network-scripts. The file names are pre-fixed with ifcfg- . For example, the file for the first ethernet interface would be ifcfg-eth0.

For an interface with the static IP address configuration, the following is required. 

  DEVICE=eth0
  IPADDR=xxx.xxx.xxx.xxx
  NETMASK=xxx.xxx.xxx.xxx
  TYPE=Ethernet
  PEERDNS=yes
  BOOTPROTO=static           # dhcp for interface under DHCP ontrol
  ONBOOT=yes
  USERCTL=no
  GATEWAY=xxx.xxx.xxx.xxx

IF the ifcfg-eth0 file is modified, the network services can be restarted using the following command 

 # service network restart

To start or stop a particular network interface 

 # ifup eth0    # To start eth0
 # ifdown eth0  # to bring down interface eth0

Configuration utilities:

netconfig: netconfig is a curses-based tool that is used to configure network interfaces, either as a DHCP client or with static IP address., nameserver, and gateway. By default it modifies the settings for the first wthernet interface (eth0), but the --device argument can be used to setup other network interfaces. 

 # netconfig --device eth2

redhat-config-network The redhat Network Administration tool is a X-based utility that can be used to setup Ethernet, PPP, ISDN or wireless network interfaces. It can be stated by running redhat-config-network command.

The redhat-config-network creates an alternate file hierarchy under /etc/sysconfig/networking. Modifying and interface with these tools will update two configuration files. One in /etc/syscofnig/network and another in /etc/sysconfig/networking/profiles/<profile>. Both files will have the same name (e.g. ifcfg-eth0) and are hard linked to each other.

IP Aliasing

1. Go to the directory /etc/sysconfig/network-scripts/

2. To add an IP alias to interface eth0, copy file ifcfg-eth0 file to ifcfg-eth0:1 (and to ifcfg-eth0:2 if you want to add more than one alias).

3. Now edit each of the files you have just created 

 a. Change the DEVICE setting to match the name specified in the name of this file, e.g. DEVICE=eth0:1
 b. Change the IPADDR setting to the address you want to add.
 c. If necessary, change the NETMASK setting
 d. You can delete any other settings that are the same as in the original file. 
    Their values will default from there. (E.g. settings for  eth0:1 will default from the file ifcfg-eth0)

A sample ifcfg-etho:1 file: 

  # cat ifcfg-eth0:1
  DEVICE=eth0:1
  ONBOOT=yes
  BOOTPROTO=static
  IPADDR=10.5.5.5
  NETMASK=255.0.0.0
  DEVICE=eth0
  ONBOOT=yes

4. Restart the network servives to make the changes effect immediatly.


Global Network Parameters:

Global network parameters such as hostnae, gateway, NISdomain etc.. are stored in /etc/syscofig/network file. 

  #cat /etc/sysconfig/network
  NETWORKING=yes
  HOSTNAME=rhl.mydomain.com 
  GATEWAY=<Gateway IP>
  NISDOMAIN=<NIS domain name>

Routing in Linux

To add or delete routes 

  route del default gw 0.0.0.0
  route add default gw <new gateway>
  route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.123.1

Make the Static route persistent after reboot
In the older Redhat system older than redhat 9, /etc/sysconfig/static-routes file is used 

  # cat static-routes
  eth0 net 100.2.0.0 netmask 255.255.0.0 gw 100.4.1.3
  eth0 net 100.8.0.0 netmask 255.255.0.0 gw 100.4.1.3
  eth0 net 100.16.0.0 netmask 255.255.0.0 gw 100.4.1.3
  eth0 net 100.34.0.0 netmask 255.255.0.0 gw 100.4.1.3

In the newer system, route-eth# file can be used instead 

  # cat /etc/sysconfig/network-scripts/route-eth0
  ADDRESS0=100.2.0.0
  NETMASK0=255.255.0.0
  GATEWAY0=100.4.1.3

  ADDRESS1=100.8.0.0
  NETMASK1=255.255.0.0
  GATEWAY1=100.4.1.3

Finding and changing Network card speed settings

ethtool can be used to find out the current speed and duplex settings or to change the speed settings 

  # ethtool eth0
  Settings for eth0:
        Supported ports: [ FIBRE ]
        Supported link modes:   1000baseT/Full
        Supports auto-negotiation: Yes
        Advertised link modes:  1000baseT/Full
        Advertised auto-negotiation: Yes
        Speed: 1000Mb/s
        Duplex: Full
        Port: FIBRE
        PHYAD: 2
        Transceiver: internal
        Auto-negotiation: on
        Supports Wake-on: d
        Wake-on: d
        Link detected: yes

To Change the Network Speed settings:
Download and install the ethtool package from www.rpmfind.net

To set the network speed to 100Mbps full Duplex and autonegotiation off: 

  # ethtool -s eth0 speed 100 duplex full autoneg off

To force the above settings in system Startup, add the following line at the end of /etc/sysconfig/network-scripts/ifcfg-eth0 file. 

  ETHTOOL_OPTS=speed 100 duplex full autoneg off

Cisco VPN Client for Linux (Centos and Redhat)

The Cisco VPN client, vpnc, enables your Linux workstation to connect to a Cisco 3000 series VPN concentrator PIX firewall.

01. Configure epel repository if not already configured
02. Install the VPNC software 

  # yum install vpnc.x86_64 NetworkManager-vpnc.x86_64 vpnc-consoleuser.x86_64

03. Configure the vpnc 

  a. Go to /etc/vpnc directory
  b. Create a configuration file for vpnc
    # cat /etc/vpnc/test.conf
    IPSec gateway <VPN server IP address>
    IPSec ID <group name>
    IPSec secret <group_password>
    Xauth username <user_name> 
    Xauth password <password>

If you have the eccrypted group password and does not know the actual group password, use the following link to de-crypt the group password
http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode

04. Start the VPN 

  $ sudo /usr/sbin/vpnc test.conf

05. To stop the vpn 

  # sudo vpnc-disconnect

Make your RHEL system as router

01. Make sure the system has at least two Network Cards. The following assumptions are made 

   a. Internal network in 192.168.1.0/24
   b. System is connected to internet using eth1
   c. System is connected to internal network using eth0

02. Turn on IP forwarding. Edit the /etc/sysctl.conf file and change the value of "net.ipv4.ip_forward" value from "0" to "1". 

   net.ipv4.ip_forward=1

03. Make the changes to effect using the sysctl command 

   # sysctl -p

04. Set IP tables so that the internal network can route packets to the Internet. 

 a.Routing packets to Internet connected to ISP using NAT
   # iptables –t nat –A POSTROUTING –o eth1 –j MASQUERADE  

 b. To accept all connection from Internal network
   # iptables –A FORWARD –d 192.168.1.0/24 –j ACCEPT 

 c. To drop connection if not from 192.168.1.0 network
   # iptables –A FORWARD –s ! 192.168.1.0/24 –j DROP

05. Save the Changes made to iptables configuration file 

 # iptables-save > /etc/sysconfig/iptables

06. Restart the network and iptables services 

   # service network restart
   # service iptables restart

Load Balance and Redundancy to the internet
If system is connected to two ISPs, and if you want to provide redundancy and load balancing to internet connection using this router, do the following additional steps.

07. Connect system to the second ISP using eth2.

08. Let us assume the IP address of eth1 (first ISP) is 202.61.19.29 with netmask 255.255.255.0 and IP address of eth2 (second ISP) is 202.63.89.45 with netmask 255.255.255.248

09. Configure Route Failover 

    a. Add the Default routes provided by the ISP
      # route add default gw 202.61.19.1 dev eth1
      # route add default gw 202.63.89.1 dev eth2
    Add the appropriate entries to the config files or add the above two lines to 
    /etc/rc.d/rc.local so that these routes are configured even after reboot.

  b. Finally, open /proc/sys/net/ipv4/route/gc_timeout file  from  a terminal window and 
     set the value from 300 to 10 and save  this file. The gc_timeout file contains some 
     timeout value, after which the kernel declares a route to be dead and automatically 
     switches to other route. Your system  will now  automatically  switch to the second 
     route every time the primary route fails. Add the  appropriate line to  sysctl.conf
     make it permanent

10. Configure Load Balance (Skip step 9) 

 # ip route del default
 # ip route add default equalize nexthop via 202.61.19.1 dev eth1 nexthop via 202.63.89.1 dev eth2

Add these commands in /etc/rc.d/rc.local file, otherwise the route will vanish every time you reboot the system. Finally, open /proc/sys/net/ipv4/route/gc_timeout file from a terminal window and set the value from 300 to 10 and save this file. The gc_timeout file contains some timeout value, after which the kernel declares a route to be dead and automatically switches to other route. Your system will now automatically switch to the second route every time the primary route fails.

To load balance outbound network connections from the internal network, the CONFIG_IP_ROUTE_MULTIPATH kernel option is used, which allows you to have multiple default gateways. It is set up by removing the default gateway from the /etc/sysconfig/network file and setting up the default gateway using advanced routing features with the command we issued.

Link Aggregation and High Availability with Bonding

Linux allows binding of multiple network interfaces into a single channel/NIC using special kernel module called bonding.

The Linux bonding driver provides a method for aggregating multiple network interfaces into a single logical "bonded" interface. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed.

Step #1: Create a Bond0 Configuration File

Red Hat Enterprise Linux (and its clone such as CentOS) stores network configuration in /etc/sysconfig/network-scripts/ directory. First, you need to create a bond0 config file as follows: 

 # vi /etc/sysconfig/network-scripts/ifcfg-bond0
 DEVICE=bond0
 IPADDR=192.168.1.20
 NETWORK=192.168.1.0
 NETMASK=255.255.255.0
 USERCTL=no
 BOOTPROTO=none
 ONBOOT=yes

Step #2: Modify eth0 and eth1 config files 

 # vi /etc/sysconfig/network-scripts/ifcfg-eth0
 DEVICE=eth0
 USERCTL=no
 ONBOOT=yes
 MASTER=bond0
 SLAVE=yes
 BOOTPROTO=none

 # vi /etc/sysconfig/network-scripts/ifcfg-eth1
 DEVICE=eth1
 USERCTL=no
 ONBOOT=yes
 MASTER=bond0
 SLAVE=yes
 BOOTPROTO=none

Step # 3: Load bond driver/module

Make sure bonding module is loaded when the channel-bonding interface (bond0) is brought up. You need to modify kernel modules configuration file: 

 # vi /etc/modprobe.conf

Append following two lines: 

 alias bond0 bonding
 options bond0 mode=balance-alb miimon=100

Step # 4: Test configuration

First, load the bonding module, enter: 

 # modprobe bonding

Restart the networking service in order to bring up bond0 interface, enter: 

 # service network restart

Make sure everything is working. Type the following cat command to query the current status of Linux kernel bounding driver, enter: 

 # cat /proc/net/bonding/bond0

Sample outputs: 

 Bonding Mode: load balancing (round-robin)
 MII Status: up
 MII Polling Interval (ms): 100
 Up Delay (ms): 200
 Down Delay (ms): 200

 Slave Interface: eth0
 MII Status: up
 Link Failure Count: 0
 Permanent HW addr: 00:0c:29:c6:be:59

 Slave Interface: eth1
 MII Status: up
 Link Failure Count: 0
 Permanent HW addr: 00:0c:29:c6:be:63

Replacing the NIC cards in Linux

Once you added the NIC card using system-config-network command, eth0 or eht1 entry will be added. If a NIC card eth0 goes bad and replaced by a new NIC card, the entry for the old NIC card will be still there and the new NIC card will appear as eth1 or eth2 instead of eth1. To remove the eth0 completely and to make eth1 as eth0, edit /etc/udev/rules/70-persistant-net.rules 

 $ sudo vi /etc/udev/rules/70-persistent-net.rules
 # This file was automatically generated by the /lib/udev/write_net_rules
 # program, run by the persistent-net-generator.rules rules file.
 # You can modify it, as long as you keep each rule on a single
 # line, and change only the value of the NAME= key.

 # PCI device 0x8086:0x100f (e1000) 
 SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0c:29:90:e1:e0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

 # PCI device 0x8086:0x100f (e1000) 
 SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0c:29:91:e2:f0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"

Now, remove the line which has NAME="eth0"
Change NAME="eth1" to NAME="eth0"
Reboot the system. After reboot, the newly replaced NIC card will have the name of eth0.

The updated /etc/udev/rules/70-persistent-net.rules files will looks like: 

 $ cat /etc/udev/rules/70-persistant-net.rules
 # This file was automatically generated by the /lib/udev/write_net_rules
 # program, run by the persistent-net-generator.rules rules file.
 # You can modify it, as long as you keep each rule on a single
 # line, and change only the value of the NAME= key.

 # PCI device 0x8086:0x100f (e1000) 
 SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0c:29:91:e2:f0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

Other Networking Tips

To analyze network traffic 

  use tcpdump or wireshark (tshark) or ethereal

To list all the listioning ports 

  # netstat -tap

To scan a host for open ports 

 # nmap

http://www.cyberciti.biz/howto/question/static/linux-ethernet-bonding-driver-howto.php#section_4
http://linux-ip.net/html/ether-bonding.html
http://www.cyberciti.biz/tips/linux-bond-or-team-multiple-network-interfaces-nic-into-single-interface.html

Configuring Wireless NIC
http://www.linuxant.com/driverloader/wlan/install.php