mirror of https://github.com/tLDP/LDP
1016 lines
45 KiB
XML
1016 lines
45 KiB
XML
<!-- $Id$ -->
|
|
|
|
<chapter id="ch-basic">
|
|
<title>Basic IP Connectivity</title>
|
|
<para>
|
|
Internet Protocol (<acronym>IP</acronym>) networking is now among the
|
|
most common networking technologies in use today. The IP stack
|
|
under linux is mature, robust and reliable. This chapter covers
|
|
the basics of configuring a linux machine or multiple linux machines
|
|
to join an IP network.
|
|
</para>
|
|
<para>
|
|
This chapter covers a quick overview of the
|
|
<link linkend="basic-control-files">locations of the
|
|
networking control files</link> on different distributions of linux.
|
|
The remainder of the chapter is devoted to outlining the basics of
|
|
IP networking with linux.
|
|
</para>
|
|
<para>
|
|
These basics are written in a more tutorial style than the remainder of
|
|
the first part of the book. Reading and understanding
|
|
<link linkend="basic-reading">IP addressing and routing information</link>
|
|
is a key skill to master when beginning with linux. Naturally, the next
|
|
step is to
|
|
<link linkend="basic-changing">alter the IP configuration</link> of a
|
|
machine. This chapter will introduce these two key skills in a tutorial
|
|
style. Subsequent chapters will engage specific subtopics of linux
|
|
networking in a more thorough and less tutorial manner.
|
|
</para>
|
|
<section id="basic-control-files">
|
|
<title>IP Networking Control Files</title>
|
|
<para>
|
|
Different linux distribution vendors put their networking configuration
|
|
files in different places in the filesystem. Here is a brief summary
|
|
of the locations of the IP networking configuration information under
|
|
a few common linux distributions along with links to further
|
|
documentation.
|
|
</para>
|
|
<itemizedlist id="basic-conf-files">
|
|
<title>Location of networking configuration files</title>
|
|
<listitem>
|
|
<para>
|
|
RedHat (and Mandrake)
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Interface definitions
|
|
<ulink url="http://www.redhat.com/support/resources/howto/sysconfig.html"><filename>/etc/sysconfig/network-scripts/ifcfg-*</filename></ulink>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Hostname and default gateway definition
|
|
<ulink url="http://www.redhat.com/support/resources/howto/sysconfig.html"><filename>/etc/sysconfig/network</filename></ulink>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Definition of static routes
|
|
<ulink url="http://www.redhat.com/support/resources/howto/sysconfig.html"><filename>/etc/sysconfig/static-routes</filename></ulink>
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
SuSe (version >= 8.0)
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Interface definitions
|
|
<ulink url="http://sdb.suse.de/en/sdb/html/mmj_network80.html"><filename>/etc/sysconfig/network/ifcfg-*</filename></ulink>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Static route definition
|
|
<ulink url="http://sdb.suse.de/en/sdb/html/mmj_network80.html"><filename>/etc/sysconfig/network/routes</filename></ulink>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Interface specific static route definition
|
|
<ulink url="http://sdb.suse.de/en/sdb/html/mmj_network80.html"><filename>/etc/sysconfig/network/ifroute-*</filename></ulink>
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
SuSe (version <= 8.0)
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Interface and route definitions
|
|
<filename>/etc/rc.config</filename>
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Debian
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Interface and route definitions
|
|
<ulink url="http://documents.made-it.com/Debian_Internet_Server/Debian_Internet_Server-5.html"><filename>/etc/network/interfaces</filename></ulink>
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Gentoo
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Interface and route definitions
|
|
<ulink url="http://www.gentoo.org/doc/en/rc-scripts.xml"><filename>/etc/conf.d/net</filename></ulink>
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Slackware
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Interface and route definitions
|
|
<ulink url="http://www.slackware.com/config/network.php"><filename>/etc/rc.d/rc.inet1</filename></ulink>
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<para>
|
|
The format of the networking configuration
|
|
files differs significantly from distribution to distribution, yet
|
|
the tools used by these scripts are the same. This documentation will
|
|
focus on these tools and how they instruct the kernel
|
|
to alter interface and route information.
|
|
Consult the distribution's documentation for questions of file format
|
|
and order of operation.
|
|
</para>
|
|
<para>
|
|
For the remainder of this document, many examples refer to
|
|
machines in a hypothetical network. Refer to the
|
|
<link linkend="ax-example-network">example network description</link>
|
|
for the network map and addressing scheme.
|
|
</para>
|
|
</section>
|
|
<section id="basic-reading">
|
|
<title>Reading Routes and IP Information</title>
|
|
<para>
|
|
Assuming an already configured machine named &tristan;, let's
|
|
<link linkend="basic-reading">look at the IP addressing and routing
|
|
table</link>. Next we'll examine how the machine
|
|
communicates with computers (hosts) on the <link
|
|
linkend="basic-local-network">locally reachable network</link>. We'll
|
|
then <link linkend="basic-default-gateway">send packets through our
|
|
default gateway to other networks</link>. After learning what a default
|
|
route is, we'll <link linkend="ex-basic-static">look at a static
|
|
route</link>.
|
|
</para>
|
|
<para>
|
|
One of the first things to learn about a machine attached to an IP
|
|
network is its IP address. We'll begin by looking at
|
|
a machine named &tristan; on the main desktop network (192.168.99.0/24).
|
|
</para>
|
|
<para>
|
|
The machine &tristan;
|
|
is alive on IP 192.168.99.35 and
|
|
has been properly configured by the system administrator.
|
|
By examining the
|
|
<link linkend="tools-route"><command>route</command></link>
|
|
and <link linkend="tools-ifconfig"><command>ifconfig</command></link>
|
|
output we can learn a good deal about the network to which
|
|
&tristan; is connected
|
|
<footnote>
|
|
<para>
|
|
For BSD and UNIX users, the idiom <command>netstat
|
|
-rn</command> may be more familiar than the common
|
|
<command>route -n</command> on a linux machine. Both of
|
|
these commands provide the same
|
|
basic information although the formatting is a bit different. For a
|
|
fuller discussion of these, see either <xref linkend="tools-netstat"/>
|
|
or <xref linkend="tools-route"/>. For access to all of the routing
|
|
features of the linux kernel, use
|
|
<link linkend="tools-ip-route"><command>ip route</command></link>
|
|
instead.
|
|
</para>
|
|
</footnote>.
|
|
</para>
|
|
<example id="ex-basic-ifconfig">
|
|
<title>Sample <command>ifconfig</command> output</title>
|
|
<programlisting>
|
|
<prompt>[root@tristan]# </prompt><userinput>ifconfig</userinput>
|
|
<computeroutput>eth0 Link encap:Ethernet HWaddr 00:80:C8:F8:4A:51
|
|
inet addr:192.168.99.35 Bcast:192.168.99.255 Mask:255.255.255.0
|
|
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
|
RX packets:27849718 errors:1 dropped:0 overruns:0 frame:0
|
|
TX packets:29968044 errors:5 dropped:0 overruns:2 carrier:3
|
|
collisions:0 txqueuelen:100
|
|
RX bytes:943447653 (899.7 Mb) TX bytes:2599122310 (2478.7 Mb)
|
|
Interrupt:9 Base address:0x1000
|
|
|
|
lo Link encap:Local Loopback
|
|
inet addr:127.0.0.1 Mask:255.0.0.0
|
|
UP LOOPBACK RUNNING MTU:16436 Metric:1
|
|
RX packets:7028982 errors:0 dropped:0 overruns:0 frame:0
|
|
TX packets:7028982 errors:0 dropped:0 overruns:0 carrier:0
|
|
collisions:0 txqueuelen:0
|
|
RX bytes:1206918001 (1151.0 Mb) TX bytes:1206918001 (1151.0 Mb)
|
|
</computeroutput>
|
|
<prompt>[root@tristan]# </prompt><userinput>route -n</userinput>
|
|
<computeroutput>Kernel IP routing table
|
|
Destination Gateway Genmask Flags Metric Ref Use Iface
|
|
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
|
|
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
|
|
0.0.0.0 192.168.99.254 0.0.0.0 UG 0 0 0 eth0</computeroutput>
|
|
</programlisting>
|
|
</example>
|
|
<para>
|
|
For the moment, ignore the loopback interface (lo) and concentrate
|
|
on the Ethernet interface. Examine the output of the
|
|
<command>ifconfig</command> command. We can learn a great deal about
|
|
the IP network to which we are connected simply by reading the
|
|
<command>ifconfig</command> output. For a thorough discussion of
|
|
<command>ifconfig</command>, see
|
|
<xref linkend="tools-ifconfig"/>.
|
|
</para>
|
|
<para>
|
|
The IP address active on &tristan; is 192.168.99.35. This means that
|
|
any IP packets created by &tristan; will have a
|
|
source address of 192.168.99.35. Similarly any packet received by
|
|
&tristan; will have the destination address of 192.168.99.35.
|
|
When creating an outbound packet &tristan; will set the destination
|
|
address to the server's IP. This gives the remote host and the
|
|
networking devices in between these hosts enough information to
|
|
carry packets between the two devices.
|
|
</para>
|
|
<para>
|
|
Because &tristan; will
|
|
advertise that it accepts packets with a destination address of
|
|
192.168.99.35, any frames (packets) appearing on the Ethernet
|
|
bound for 192.168.99.35 will reach &tristan;. The process of
|
|
communicating the ownership of an IP address is called ARP. Read
|
|
<xref linkend="ether-arp-overview"/> for a complete discussion of
|
|
this process.
|
|
</para>
|
|
<para>
|
|
This is fundamental to IP networking. It is fundamental that a host
|
|
be able to generate and receive packets on an IP address assigned to it.
|
|
This IP address is a unique identifier for the machine on the network to
|
|
which it is connected.
|
|
</para>
|
|
<para>
|
|
Common traffic to and from machines today is unicast IP traffic.
|
|
Unicast traffic is essentially a conversation between two hosts.
|
|
Though there may be routers between them, the two hosts are carrying
|
|
on a private conversation. Examples of common unicast traffic
|
|
are protocols such as HTTP (web), SMTP (sending mail), POP3 (fetching
|
|
mail), IRC (chat), SSH (secure shell), and LDAP (directory access).
|
|
To participate in any of these kinds of traffic,
|
|
&tristan; will send and receive packets on 192.168.99.35.
|
|
</para>
|
|
<para>
|
|
In contrast to unicast traffic, there is another common IP networking
|
|
technique called broadcasting. Broadcast traffic is a way of addressing
|
|
all hosts in a given network range with a single destination IP address.
|
|
To continue the analogy of the unicast conversation, a broadcast is more
|
|
like shouting in a room.
|
|
Occasionally, network administrators will refer to broadcast techniques
|
|
and broadcasting as "chatty network traffic".
|
|
</para>
|
|
<para>
|
|
Broadcast techniques are used at the Ethernet layer and the IP layer, so
|
|
the cautious person talks about Ethernet broadcasts or IP broadcast.
|
|
Refer to
|
|
<xref linkend="ether-arp-overview"/>, for more information on a common
|
|
use of broadcast Ethernet frames.
|
|
</para>
|
|
<para>
|
|
IP Broadcast techniques can be used to share information with all
|
|
partners on a network or to discover characteristics of other members of
|
|
a network.
|
|
SMB (Server Message Block) as implemented by Microsoft products and the
|
|
<ulink url="http://samba.org/"><command>samba</command></ulink>
|
|
package makes extensive use of broadcasting techniques for discovery and
|
|
information sharing. Dynamic Host Configuration Protocol
|
|
(<ulink url="http://www.isc.org/products/DHCP/"><acronym>DHCP</acronym></ulink>)
|
|
also makes use of broadcasting techniques to manage IP addressing.
|
|
</para>
|
|
<para>
|
|
The IP broadcast address is, usually, correctly derived from the IP
|
|
address and network mask although it can be easily be set explicitly
|
|
to a different address. Because the broadcast address
|
|
is used for autodiscovery (e.g, <acronym>SMB</acronym> under
|
|
some protocols, an incorrect broadcast
|
|
address can inhibit a machine's ability to participate in networked
|
|
communication
|
|
<footnote>
|
|
<para>
|
|
An incorrect broadcast address often highlights a mismatch of
|
|
the configured IP address and netmask on an interface. If in
|
|
doubt, be sure to use an
|
|
<link linkend="tools-ipcalc">IP calculator</link> to set the correct
|
|
netmask and broadcast addresses.
|
|
</para>
|
|
</footnote>.
|
|
</para>
|
|
<para>
|
|
The netmask on the interface should match the netmask in the routing
|
|
table for the locally connected network. Typically, the route and
|
|
the IP interface definition are calculated from the same configuration
|
|
data so they should match perfectly.
|
|
</para>
|
|
<para>
|
|
If you are at all confused about how to address a network or how to read
|
|
either the traditional notation or the CIDR notation for network
|
|
addressing, see one of the CIDR/netmask references in
|
|
<xref linkend="links-general-ip"/>.
|
|
</para>
|
|
<section id="basic-local-network">
|
|
<title>Sending Packets to the Local Network</title>
|
|
<para>
|
|
We can see from the output above that the IP address 192.168.99.35
|
|
falls inside the address space 192.168.99.0/24. We also note that
|
|
the machine &tristan;
|
|
will route packets bound for 192.168.99.0/24 directly onto the
|
|
Ethernet attached to eth0. This line in the routing table
|
|
identifies a network available on the Ethernet attached to eth0
|
|
("Iface") by its network address ("Destination") and size ("Genmask").
|
|
</para>
|
|
<programlisting>
|
|
<computeroutput>Destination Gateway Genmask Flags Metric Ref Use Iface
|
|
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0</computeroutput>
|
|
</programlisting>
|
|
<para>
|
|
Every host on the 192.168.99.0/24 network should share the network
|
|
address and netmask specified above. No two hosts should share the
|
|
same IP address.
|
|
</para>
|
|
<para>
|
|
Currently, there are two hosts connected to the example desktop network.
|
|
Both &tristan; and &masq-gw; are connected to 192.168.99.0/24. Thus,
|
|
192.168.99.254 (&masq-gw;) should be reachable from &tristan;.
|
|
Success of this test provides evidence that &tristan; is
|
|
configured properly. N.B., Assume that the network
|
|
administrator has properly configured &masq-gw;. Since the
|
|
<link linkend="routing-default">default gateway</link> in any
|
|
network is an important host, testing reachability of the default
|
|
gateway also has a value in determining the proper operation of the
|
|
local network.
|
|
</para>
|
|
<para>
|
|
The <command>ping</command> tool, designed to take advantage of
|
|
Internet Control Message Protocol (<acronym>ICMP</acronym>), can be
|
|
used to test reachability of IP addresses. For a command summary
|
|
and examples of the use of <command>ping</command>, see
|
|
<xref linkend="tools-ping"/>.
|
|
</para>
|
|
<example id="ex-basic-ping">
|
|
<title>Testing reachability of a locally connected host with
|
|
<command>ping</command></title>
|
|
<programlisting>
|
|
<prompt>[root@tristan]# </prompt><userinput>ping -c 1 -n 192.168.99.254</userinput>
|
|
<computeroutput>PING 192.168.99.254 (192.168.99.254) from 192.168.99.35 : 56(84) bytes of data.
|
|
|
|
--- 192.168.99.254 ping statistics ---
|
|
1 packets transmitted, 0 packets received, 100% packet loss
|
|
PING 192.168.99.254 (192.168.99.254) from 192.168.99.35 : 56(84) bytes of data.
|
|
64 bytes from 192.168.99.254: icmp_seq=0 ttl=255 time=238 usec
|
|
|
|
--- 192.168.99.254 ping statistics ---
|
|
1 packets transmitted, 1 packets received, 0% packet loss
|
|
round-trip min/avg/max/mdev = 0.238/0.238/0.238/0.000 ms</computeroutput>
|
|
</programlisting>
|
|
</example>
|
|
</section>
|
|
<section id="basic-default-gateway">
|
|
<title>Sending Packets to Unknown Networks Through the Default
|
|
Gateway</title>
|
|
<para>
|
|
In <xref linkend="basic-local-network"/>, we verified that hosts
|
|
connected to the same local network can reach each other and,
|
|
importantly, the default gateway. Now, let's see what happens to
|
|
packets which have a destination address outside the locally connected
|
|
network.
|
|
</para>
|
|
<para>
|
|
Assuming that the network administrator allows ping packets
|
|
from the desktop network into the public network,
|
|
<command>ping</command> can be invoked with the
|
|
record route option to show the path the packet travels from
|
|
&tristan; to &wan-gw; and back.
|
|
</para>
|
|
<example id="ex-basic-ping-non-local">
|
|
<title>Testing reachability of non-local hosts</title>
|
|
<programlisting>
|
|
<prompt>[root@tristan]# </prompt><userinput>ping -R -c 1 -n 205.254.211.254</userinput>
|
|
<computeroutput>PING 205.254.211.254 (205.254.211.254) from 192.168.99.35 : 56(84) bytes of data.
|
|
|
|
--- 205.254.211.254 ping statistics ---
|
|
1 packets transmitted, 0 packets received, 100% packet loss
|
|
PING 205.254.211.254 (205.254.211.254) from 192.168.99.35 : 56(84) bytes of data.
|
|
64 bytes from 205.254.211.254: icmp_seq=0 ttl=255 time=238 usec
|
|
RR: 192.168.99.35 <co id="ex-bpnl-tristan-out" linkends="ex-bpnl-tristan-out-text"/>
|
|
205.254.211.179 <co id="ex-bpnl-masq-gw-out" linkends="ex-bpnl-masq-gw-out-text"/>
|
|
205.254.211.254 <co id="ex-bpnl-wan-gw-in" linkends="ex-bpnl-bpnl-wan-gw-in-text"/>
|
|
205.254.211.254
|
|
192.168.99.254 <co id="ex-bpnl-masq-gw-in" linkends="ex-bpnl-masq-gw-in-text"/>
|
|
192.168.99.35 <co id="ex-bpnl-tristan-in" linkends="ex-bpnl-tristan-in-text"/>
|
|
|
|
--- 192.168.99.254 ping statistics ---
|
|
1 packets transmitted, 1 packets received, 0% packet loss
|
|
round-trip min/avg/max/mdev = 0.238/0.238/0.238/0.000 ms</computeroutput>
|
|
</programlisting>
|
|
<calloutlist>
|
|
<callout
|
|
arearefs="ex-bpnl-tristan-out"
|
|
id="ex-bpnl-tristan-out-text">
|
|
<simpara>
|
|
As the packet passes through the IP stack on &tristan;,
|
|
before hitting the Ethernet, &tristan; adds its IP to the
|
|
list of IPs in the option field in the header.
|
|
</simpara>
|
|
</callout>
|
|
<callout
|
|
arearefs="ex-bpnl-masq-gw-out"
|
|
id="ex-bpnl-masq-gw-out-text">
|
|
<simpara>
|
|
This is &masq-gw;'s public IP address.
|
|
</simpara>
|
|
</callout>
|
|
<callout
|
|
arearefs="ex-bpnl-wan-gw-in"
|
|
id="ex-bpnl-bpnl-wan-gw-in-text">
|
|
<simpara>
|
|
Our intended destination! (Anybody know why there are
|
|
two entries in the record route output?)
|
|
</simpara>
|
|
</callout>
|
|
<callout
|
|
arearefs="ex-bpnl-masq-gw-in"
|
|
id="ex-bpnl-masq-gw-in-text">
|
|
<simpara>
|
|
This is &masq-gw;'s private IP address.
|
|
</simpara>
|
|
</callout>
|
|
<callout
|
|
arearefs="ex-bpnl-tristan-in"
|
|
id="ex-bpnl-tristan-in-text">
|
|
<simpara>
|
|
And finally, &tristan; will add its IP to the option field
|
|
in the header of the IP packet just before the packet
|
|
reaches the calling <command>ping</command> program.
|
|
</simpara>
|
|
</callout>
|
|
</calloutlist>
|
|
</example>
|
|
<para>
|
|
By testing reachability of the local network 192.168.99.0/24 and
|
|
an IP address outside our local network, we have verified the basic
|
|
elements of IP connectivity.
|
|
</para>
|
|
<para>
|
|
To summarize this section, we have:
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
identified the IP address, network address and netmask in use
|
|
on &tristan; using the tools <command>ifconfig</command> and
|
|
<command>route</command>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
verified that &tristan; can reach its default gateway
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
tested that packets bound for destinations outside our
|
|
local network reach the intended destination and return
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
</section>
|
|
<section id="basic-static">
|
|
<title>Static Routes to Networks</title>
|
|
<para>
|
|
Static routes instruct the kernel to route packets
|
|
for a known destination host or network to a router or
|
|
gateway different from the default gateway.
|
|
In the example network, the desktop machine &tristan; would need
|
|
a static route to reach hosts in the 192.168.98.0/24 network.
|
|
Note that the branch office network is reachable over an ISDN line.
|
|
The ISDN router's IP in &tristan;'s network is 192.168.99.1. This
|
|
means that there are two gateways in the example desktop network,
|
|
one connected to a small branch office network, and the other
|
|
connected to the Internet.
|
|
</para>
|
|
<para>
|
|
Without a static route to the branch office network, &tristan; would
|
|
use &masq-gw; as the gateway, which is not the most efficient path for
|
|
packets bound for &morgan;. Let's examine why a static route would
|
|
be better here.
|
|
</para>
|
|
<para>
|
|
If &tristan; generates a packet bound for &morgan; and
|
|
sends the packet to the default gateway, &masq-gw; will forward the
|
|
packet to &isdn-router; as well as generate an ICMP redirect message
|
|
to &tristan;. This ICMP redirect message tells &tristan; to send
|
|
future packets with a destination address of 192.168.98.82 (&morgan;)
|
|
directly to &isdn-router;. For a fuller discussion of ICMP redirect,
|
|
see
|
|
<xref linkend="routing-icmp-redirect"/>.
|
|
</para>
|
|
<para>
|
|
The absence of a static route has caused two extra packets to be
|
|
generated on the Ethernet for no benefit. Not only that, but
|
|
&tristan; will eventually expire the temporary route entry
|
|
<footnote>
|
|
<para>
|
|
If the machine is a linux machine, then the temporary route entry
|
|
is stored in the routing cache. Consult
|
|
<xref linkend="routing-cache"/> for more information on the
|
|
routing cache.
|
|
</para>
|
|
</footnote>
|
|
for 192.168.98.82, which means that subsequent packets bound for
|
|
&morgan; will repeat this process
|
|
<footnote>
|
|
<para>
|
|
It is quite reasonable to ignore ICMP redirect messages from
|
|
unknown hosts on the Internet, but ICMP redirect messages on a
|
|
LAN indicate that a host has mismatched netmasks or missing
|
|
static routes.
|
|
</para>
|
|
</footnote>.
|
|
</para>
|
|
<para>
|
|
To solve this problem, add a static route to &tristan;'s routing
|
|
table. Below is a modified routing table (see
|
|
<xref linkend="basic-changing"/> to learn how to change the routing
|
|
table).
|
|
</para>
|
|
<example id="ex-basic-static">
|
|
<title>Sample routing table with a static route</title>
|
|
<programlisting>
|
|
<prompt>[root@tristan]# </prompt><userinput>route -n</userinput>
|
|
<computeroutput>Kernel IP routing table
|
|
Destination Gateway Genmask Flags Metric Ref Use Iface
|
|
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
|
|
192.168.98.0 192.168.99.1 255.255.255.0 UG 0 0 0 eth0
|
|
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
|
|
0.0.0.0 192.168.99.254 0.0.0.0 UG 0 0 0 eth0</computeroutput>
|
|
</programlisting>
|
|
</example>
|
|
<para>
|
|
According to this routing table, any packets with a destination
|
|
address in the 192.168.98.0/24 network will be routed to the
|
|
gateway 192.168.99.1 instead of the default gateway. This will
|
|
prevent unnecessary ICMP redirect messages.
|
|
</para>
|
|
<para>
|
|
These are the basic tools for inspecting the IP
|
|
address and the routes on a linux machine. Understanding
|
|
the output of these tools will help you understand how
|
|
machines fit into simple networks, and will be a base on which
|
|
you can build an understanding of more complex networks.
|
|
</para>
|
|
</section>
|
|
</section>
|
|
<section id="basic-changing">
|
|
<title>Changing IP Addresses and Routes</title>
|
|
<para>
|
|
This section introduces
|
|
<link linkend="basic-changing-ip">changing the IP address
|
|
on an interface</link>,
|
|
<link linkend="basic-changing-default">changing the default
|
|
gateway</link>, and
|
|
<link linkend="basic-changing-static">adding and removing a
|
|
static route</link>. With the knowledge of
|
|
<command>ifconfig</command> and <command>route</command> output
|
|
it's a small step to
|
|
learn how to change IP configuration with these same tools.
|
|
</para>
|
|
<section id="basic-changing-ip">
|
|
<title>Changing the IP on a machine</title>
|
|
<para>
|
|
For a practical example, let's say that the branch office server,
|
|
&morgan;, needs to visit the main office for some hardware maintenance.
|
|
Since the services on the machine are not in use, it's a convenient
|
|
time to fetch some software updates, after configuring the machine to
|
|
join the LAN.
|
|
</para>
|
|
<para>
|
|
Once the machine is booted and connected to the Ethernet, it's
|
|
ready for IP reconfiguration. In order to join an
|
|
IP network, the following information is required. Refer to the
|
|
<link linkend="example-network-netmap">network map and
|
|
appendix</link> to gather the required information below.
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
An unused IP address (<emphasis>Use 192.168.99.14.</emphasis>)
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
netmask (<emphasis>What's your guess?</emphasis>)
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
IP address of the default gateway (<emphasis>What's your
|
|
guess?</emphasis>)
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
network address
|
|
<footnote>
|
|
<para>
|
|
The network address can be calculated from the IP address and
|
|
netmask. Refer to
|
|
<xref linkend="tools-ipcalc"/>. Especially handy is the
|
|
variable length subnet mask RFC,
|
|
<ulink url="http://www.isi.edu/in-notes/rfc1878.txt">RFC
|
|
1878</ulink>.
|
|
</para>
|
|
</footnote>
|
|
(<emphasis>What's your guess?</emphasis>)
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The IP address of a name resolver. (<emphasis>Use the IP
|
|
of the default gateway here</emphasis>
|
|
<footnote>
|
|
<para>
|
|
Many networks are configured with
|
|
the name resolution services on a publicly connected host.
|
|
See <xref linkend="trouble-dns"/>.
|
|
</para>
|
|
</footnote>.
|
|
)
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<example id="ex-basic-before-change">
|
|
<title><command>ifconfig</command> and <command>route</command>
|
|
output before the change</title>
|
|
<programlisting>
|
|
<prompt>[root@morgan]# </prompt><userinput>ifconfig eth0</userinput>
|
|
<computeroutput>eth0 Link encap:Ethernet HWaddr 00:80:C8:F8:4A:53
|
|
inet addr:192.168.98.82 Bcast:192.168.98.255 Mask:255.255.255.0
|
|
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
|
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
|
|
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
|
|
collisions:0 txqueuelen:100
|
|
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
|
Interrupt:9 Base address:0x5000
|
|
</computeroutput>
|
|
<prompt>[root@morgan]# </prompt><userinput>route -n</userinput>
|
|
<computeroutput>Kernel IP routing table
|
|
Destination Gateway Genmask Flags Metric Ref Use Iface
|
|
192.168.98.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
|
|
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
|
|
0.0.0.0 192.168.98.254 0.0.0.0 UG 0 0 0 eth0</computeroutput>
|
|
</programlisting>
|
|
</example>
|
|
<para>
|
|
The process of readdressing for the new network involves three steps.
|
|
It is clear in
|
|
<xref linkend="ex-basic-before-change"/>, that &morgan; is configured
|
|
for a different network than the main office desktop network.
|
|
First, the
|
|
<link linkend="ex-basic-ifconfig-down">active interface must be
|
|
brought down</link>, then a
|
|
<link linkend="ex-basic-ifconfig-up">new address must be configured
|
|
on the interface and brought up</link>, and finally
|
|
<link linkend="ex-basic-set-default">a new default route must be
|
|
added</link>. If the networking configuration is correct and the
|
|
process is successful, the machine should be able to connect to local
|
|
and non-local destinations.
|
|
</para>
|
|
<example id="ex-basic-ifconfig-down">
|
|
<title>Bringing down a network interface with
|
|
<command>ifconfig</command></title>
|
|
<programlisting>
|
|
<prompt>[root@morgan]# </prompt><userinput>ifconfig eth0 down</userinput>
|
|
</programlisting>
|
|
</example>
|
|
<para>
|
|
This is a fast way to stop networking on a single-homed machine such
|
|
as a server or workstation. On multi-homed hosts, other
|
|
interfaces on the machine would
|
|
be unaffected by this command. This method of bringing down an
|
|
interface has some serious side effects, which should be understood.
|
|
Here is a summary of the side effects of bringing down an interface.
|
|
</para>
|
|
<anchor id="list-basic-ifconfig-side-effects-down"/>
|
|
<itemizedlist>
|
|
<title>Side effects of bringing down an interface with
|
|
<command>ifconfig</command></title>
|
|
<listitem>
|
|
<para>
|
|
all IP addresses on the specified interface are deactivated
|
|
and removed
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
any connections established to or from IPs on the specified
|
|
interface are broken
|
|
<footnote>
|
|
<para>
|
|
It is possible for a linux box which meets the following three
|
|
criteria to maintain connections and provide services without
|
|
having the service IP configured on an interface. It must be
|
|
functioning as a router, be configured to support non-local
|
|
binding and be in the route path of the client machine. This
|
|
is an uncommon need, frequently accomplished by the use of
|
|
transparent proxying software.
|
|
</para>
|
|
</footnote>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
all routes to any destinations through the specified interface
|
|
are removed from the routing tables
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
the link layer device is deactivated
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<para>
|
|
The next step, bringing up the interface, requires the new
|
|
networking configuration information. It's a good habit to check the
|
|
interface after configuration to verify settings.
|
|
</para>
|
|
<example id="ex-basic-ifconfig-up">
|
|
<title>Bringing up an Ethernet interface with <command>ifconfig</command></title>
|
|
<programlisting>
|
|
<prompt>[root@morgan]# </prompt><userinput>ifconfig eth0 192.168.99.14 netmask 255.255.255.0 up</userinput>
|
|
<prompt>[root@morgan]# </prompt><userinput>ifconfig eth0</userinput>
|
|
<computeroutput>eth0 Link encap:Ethernet HWaddr 00:80:C8:F8:4A:53
|
|
inet addr:192.168.99.14 Bcast:192.168.99.255 Mask:255.255.255.0
|
|
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
|
|
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
|
|
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
|
|
collisions:0 txqueuelen:100
|
|
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
|
Interrupt:9 Base address:0x5000
|
|
</computeroutput>
|
|
</programlisting>
|
|
</example>
|
|
<para>
|
|
The second call to <command>ifconfig</command> allows verification of
|
|
the IP addressing information. The currently configured IP address on
|
|
eth0 is 192.168.99.14. Bringing up an interface also has a small set
|
|
of side effects.
|
|
</para>
|
|
<anchor id="list-basic-ifconfig-side-effects-up"/>
|
|
<itemizedlist>
|
|
<title>Side effects of bringing up an interface</title>
|
|
<listitem>
|
|
<para>
|
|
the link layer device is activated
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
the requested IP address is assigned to the specified interface
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
all local, network, and broadcast routes implied by the
|
|
IP configuration are added to the routing tables
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<para>
|
|
Use
|
|
<link linkend="tools-ping"><command>ping</command></link> to
|
|
verify the reachability of other locally connected hosts or skip
|
|
directly to setting the default gateway.
|
|
</para>
|
|
</section>
|
|
<section id="basic-changing-default">
|
|
<title>Setting the Default Route</title>
|
|
<para>
|
|
It should come as no surprise to a close reader
|
|
(<link linkend="list-basic-ifconfig-side-effects-down">hint</link>),
|
|
that the default route was removed at the execution of
|
|
<userinput>ifconfig eth0 down</userinput>. The crucial final step is
|
|
configuring the default route.
|
|
</para>
|
|
<example id="ex-basic-set-default">
|
|
<title>Adding a default route with <command>route</command></title>
|
|
<programlisting>
|
|
<prompt>[root@morgan]# </prompt><userinput>route -n</userinput>
|
|
<computeroutput>Kernel IP routing table
|
|
Destination Gateway Genmask Flags Metric Ref Use Iface
|
|
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
|
|
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo</computeroutput>
|
|
<prompt>[root@morgan]# </prompt><userinput>route add default gw 192.168.99.254</userinput>
|
|
<prompt>[root@morgan]# </prompt><userinput>route -n</userinput>
|
|
<computeroutput>Kernel IP routing table
|
|
Destination Gateway Genmask Flags Metric Ref Use Iface
|
|
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
|
|
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
|
|
0.0.0.0 192.168.99.254 0.0.0.0 UG 0 0 0 eth0</computeroutput>
|
|
</programlisting>
|
|
</example>
|
|
<para>
|
|
The routing table on &morgan; should look exactly like the initial
|
|
routing table on &tristan;. Compare the routing tables in
|
|
<xref linkend="ex-basic-ifconfig"/> and
|
|
<xref linkend="ex-basic-set-default"/>.
|
|
</para>
|
|
<para>
|
|
These changes to the routing table on &morgan; will stay in effect
|
|
until they are manually changed, the network is restarted, or the
|
|
machine reboots. With knowledge of the addressing scheme of a
|
|
network, and the use of
|
|
<link linkend="tools-ifconfig"><command>ifconfig</command></link> and
|
|
<link linkend="tools-route"><command>route</command></link> it's
|
|
simple to readdress a machine on just about any Ethernet you can
|
|
attach to. The benefits of familiarity with these commands extend to
|
|
non-Ethernet IP networks as well, because these commands operate on the
|
|
IP layer, independent of the link layer.
|
|
</para>
|
|
</section>
|
|
<section id="basic-changing-static">
|
|
<title>Adding and removing a static route</title>
|
|
<para>
|
|
Now that &morgan; has joined the LAN at the main office and can
|
|
reach the Internet, a static route to the branch office would be
|
|
convenient for accessing resources on that network.
|
|
</para>
|
|
<para>
|
|
A static route is any route entered into a routing table
|
|
which specifies at least a destination address and a gateway or device.
|
|
Static routes are special instructions regarding the
|
|
path a packet should take to reach a destination and are
|
|
usually used to specify reachability of a destination through a router
|
|
other than the default gateway.
|
|
</para>
|
|
<para>
|
|
As we saw above, in <xref linkend="basic-static"/>, a static route
|
|
provides a specific route to a known destination. There are several
|
|
pieces of information we need to know in order to be able to add a
|
|
static route.
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
the address of the destination (<emphasis>192.168.98.0</emphasis>)
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
the netmask of the destination (<emphasis>255.255.255.0</emphasis>)
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
EITHER the IP address of the router through which the
|
|
destination (<emphasis>192.168.99.1</emphasis>) is reachable
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
OR the name of the link layer device to which the
|
|
destination is directly connected
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<example id="ex-basic-add-static">
|
|
<title>Adding a static route with <command>route</command></title>
|
|
<programlisting>
|
|
<prompt>[root@morgan]# </prompt><userinput>route -n</userinput>
|
|
<computeroutput>Kernel IP routing table
|
|
Destination Gateway Genmask Flags Metric Ref Use Iface
|
|
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
|
|
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
|
|
0.0.0.0 192.168.99.254 0.0.0.0 UG 0 0 0 eth0</computeroutput>
|
|
<prompt>[root@morgan]# </prompt><userinput>route add -net 192.168.98.0 netmask 255.255.255.0 gw 192.168.99.1</userinput>
|
|
<prompt>[root@morgan]# </prompt><userinput>route -n</userinput>
|
|
<computeroutput>Kernel IP routing table
|
|
Destination Gateway Genmask Flags Metric Ref Use Iface
|
|
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
|
|
192.168.98.0 192.168.99.1 255.255.255.0 UG 0 0 0 eth0
|
|
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
|
|
0.0.0.0 192.168.99.254 0.0.0.0 UG 0 0 0 eth0</computeroutput>
|
|
</programlisting>
|
|
</example>
|
|
<para>
|
|
<xref linkend="ex-basic-add-static"/> shows how to add a static
|
|
route to the 192.168.98.0/24 network.
|
|
In order to test the reachability of the remote network,
|
|
ping any machine on the 192.168.98.0/24 network. Routers are
|
|
usually a good choice, since they rarely have packet
|
|
filters and are usually alive.
|
|
</para>
|
|
<para>
|
|
Because a more specific route is always chosen over a less specific
|
|
route, it is even possible to support host routes. These are routes
|
|
for destinations which are single IP addresses. This can be
|
|
accomplished with a manually added static route as below.
|
|
</para>
|
|
<example id="ex-basic-del-static">
|
|
<title>Removing a static network route and adding a static host
|
|
route</title>
|
|
<programlisting>
|
|
<prompt>[root@morgan]# </prompt><userinput>route del -net 192.168.98.0 netmask 255.255.255.0 gw 192.168.99.1</userinput>
|
|
<prompt>[root@morgan]# </prompt><userinput>route add -net 192.168.98.42 netmask 255.255.255.255 gw 192.168.99.1</userinput>
|
|
<prompt>[root@morgan]# </prompt><userinput>route add -host 192.168.98.42 gw 192.168.99.1</userinput>
|
|
<computeroutput>SIOCADDRT: File exists</computeroutput>
|
|
<prompt>[root@morgan]# </prompt><userinput>route -n</userinput>
|
|
<computeroutput>Kernel IP routing table
|
|
Destination Gateway Genmask Flags Metric Ref Use Iface
|
|
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
|
|
192.168.98.42 192.168.99.1 255.255.255.255 UGH 0 0 0 eth0
|
|
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
|
|
0.0.0.0 192.168.99.254 0.0.0.0 UG 0 0 0 eth0</computeroutput>
|
|
</programlisting>
|
|
</example>
|
|
<para>
|
|
This should serve as an illustration that there is no difference to
|
|
the kernel in selecting a route between a host route and a network
|
|
route with a host netmask. If this is a surprise or is at all
|
|
confusing, review the use of netmasks in IP networking.
|
|
Some collected links on general IP networking are available in
|
|
<xref linkend="links-general-ip"/>.
|
|
</para>
|
|
</section>
|
|
</section>
|
|
<section id="basic-conclusion">
|
|
<title>Conclusion</title>
|
|
<para>
|
|
This chapter has introduced the simplest uses of
|
|
<command>ifconfig</command> and <command>route</command> to view and
|
|
alter the IP configuration of a host. To reiterate the minimum
|
|
requirements to create an IP network between two machines:
|
|
</para>
|
|
<anchor id="basic-ip-requirements"/>
|
|
<itemizedlist>
|
|
<title>Requirements for Two Hosts on the Same Ethernet to
|
|
Communicate Using IP</title>
|
|
<listitem>
|
|
<para>
|
|
Each host must have a good connection to the Ethernet. Verify a
|
|
good connection to the Ethernet with <command>mii-tool</command>,
|
|
documented in
|
|
<xref linkend="tools-mii-tool"/>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Each host must share IP network space. Practically, this means
|
|
that each host should have the same network address, netmask,
|
|
and broadcast address
|
|
<footnote>
|
|
<para>
|
|
Technically, the two hosts simply need to have routes to
|
|
each other, but we are discussing the simplest case here,
|
|
so we'll leave this for a discussion of
|
|
<link linkend="adv-media-share">shared media</link>.
|
|
</para>
|
|
</footnote>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Each host must have a unique IP address.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Neither host must block the other's IP packets. (Host based
|
|
packet filtering may hinder connections!)
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
<para>
|
|
This concludes the tour of basic host networking and IP layer
|
|
configuration as well as some basic tools available to the
|
|
linux user. For further documentation on these tools, other tips,
|
|
tricks, and more advanced content, keep reading!
|
|
</para>
|
|
</section>
|
|
</chapter>
|
|
|