LDP
/
LDP
mirror of https://github.com/tLDP/LDP
0
1
Fork 0
Code Releases Activity
LDP/LDP/guide/docbook/linux-ip/basic.xml

1016 lines
45 KiB
XML
Raw Permalink Blame History

<!-- $Id$ -->
<chapter id="ch-basic">
<title>Basic IP Connectivity</title>
<para>
Internet Protocol (<acronym>IP</acronym>) networking is now among the
most common networking technologies in use today. The IP stack
under linux is mature, robust and reliable. This chapter covers
the basics of configuring a linux machine or multiple linux machines
to join an IP network.
</para>
<para>
This chapter covers a quick overview of the
<link linkend="basic-control-files">locations of the
networking control files</link> on different distributions of linux.
The remainder of the chapter is devoted to outlining the basics of
IP networking with linux.
</para>
<para>
These basics are written in a more tutorial style than the remainder of
the first part of the book. Reading and understanding
<link linkend="basic-reading">IP addressing and routing information</link>
is a key skill to master when beginning with linux. Naturally, the next
step is to
<link linkend="basic-changing">alter the IP configuration</link> of a
machine. This chapter will introduce these two key skills in a tutorial
style. Subsequent chapters will engage specific subtopics of linux
networking in a more thorough and less tutorial manner.
</para>
<section id="basic-control-files">
<title>IP Networking Control Files</title>
<para>
Different linux distribution vendors put their networking configuration
files in different places in the filesystem. Here is a brief summary
of the locations of the IP networking configuration information under
a few common linux distributions along with links to further
documentation.
</para>
<itemizedlist id="basic-conf-files">
<title>Location of networking configuration files</title>
<listitem>
<para>
RedHat (and Mandrake)
</para>
<itemizedlist>
<listitem>
<para>
Interface definitions
<ulink url="http://www.redhat.com/support/resources/howto/sysconfig.html"><filename>/etc/sysconfig/network-scripts/ifcfg-*</filename></ulink>
</para>
</listitem>
<listitem>
<para>
Hostname and default gateway definition
<ulink url="http://www.redhat.com/support/resources/howto/sysconfig.html"><filename>/etc/sysconfig/network</filename></ulink>
</para>
</listitem>
<listitem>
<para>
Definition of static routes
<ulink url="http://www.redhat.com/support/resources/howto/sysconfig.html"><filename>/etc/sysconfig/static-routes</filename></ulink>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
SuSe (version &gt;= 8.0)
</para>
<itemizedlist>
<listitem>
<para>
Interface definitions
<ulink url="http://sdb.suse.de/en/sdb/html/mmj_network80.html"><filename>/etc/sysconfig/network/ifcfg-*</filename></ulink>
</para>
</listitem>
<listitem>
<para>
Static route definition
<ulink url="http://sdb.suse.de/en/sdb/html/mmj_network80.html"><filename>/etc/sysconfig/network/routes</filename></ulink>
</para>
</listitem>
<listitem>
<para>
Interface specific static route definition
<ulink url="http://sdb.suse.de/en/sdb/html/mmj_network80.html"><filename>/etc/sysconfig/network/ifroute-*</filename></ulink>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
SuSe (version &lt;= 8.0)
</para>
<itemizedlist>
<listitem>
<para>
Interface and route definitions
<filename>/etc/rc.config</filename>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Debian
</para>
<itemizedlist>
<listitem>
<para>
Interface and route definitions
<ulink url="http://documents.made-it.com/Debian_Internet_Server/Debian_Internet_Server-5.html"><filename>/etc/network/interfaces</filename></ulink>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Gentoo
</para>
<itemizedlist>
<listitem>
<para>
Interface and route definitions
<ulink url="http://www.gentoo.org/doc/en/rc-scripts.xml"><filename>/etc/conf.d/net</filename></ulink>
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
Slackware
</para>
<itemizedlist>
<listitem>
<para>
Interface and route definitions
<ulink url="http://www.slackware.com/config/network.php"><filename>/etc/rc.d/rc.inet1</filename></ulink>
</para>
</listitem>
</itemizedlist>
</listitem>
</itemizedlist>
<para>
The format of the networking configuration
files differs significantly from distribution to distribution, yet
the tools used by these scripts are the same. This documentation will
focus on these tools and how they instruct the kernel
to alter interface and route information.
Consult the distribution's documentation for questions of file format
and order of operation.
</para>
<para>
For the remainder of this document, many examples refer to
machines in a hypothetical network. Refer to the
<link linkend="ax-example-network">example network description</link>
for the network map and addressing scheme.
</para>
</section>
<section id="basic-reading">
<title>Reading Routes and IP Information</title>
<para>
Assuming an already configured machine named &tristan;, let's
<link linkend="basic-reading">look at the IP addressing and routing
table</link>. Next we'll examine how the machine
communicates with computers (hosts) on the <link
linkend="basic-local-network">locally reachable network</link>. We'll
then <link linkend="basic-default-gateway">send packets through our
default gateway to other networks</link>. After learning what a default
route is, we'll <link linkend="ex-basic-static">look at a static
route</link>.
</para>
<para>
One of the first things to learn about a machine attached to an IP
network is its IP address. We'll begin by looking at
a machine named &tristan; on the main desktop network (192.168.99.0/24).
</para>
<para>
The machine &tristan;
is alive on IP 192.168.99.35 and
has been properly configured by the system administrator.
By examining the
<link linkend="tools-route"><command>route</command></link>
and <link linkend="tools-ifconfig"><command>ifconfig</command></link>
output we can learn a good deal about the network to which
&tristan; is connected
<footnote>
<para>
For BSD and UNIX users, the idiom <command>netstat
-rn</command> may be more familiar than the common
<command>route -n</command> on a linux machine. Both of
these commands provide the same
basic information although the formatting is a bit different. For a
fuller discussion of these, see either <xref linkend="tools-netstat"/>
or <xref linkend="tools-route"/>. For access to all of the routing
features of the linux kernel, use
<link linkend="tools-ip-route"><command>ip route</command></link>
instead.
</para>
</footnote>.
</para>
<example id="ex-basic-ifconfig">
<title>Sample <command>ifconfig</command> output</title>
<programlisting>
<prompt>[root@tristan]# </prompt><userinput>ifconfig</userinput>
<computeroutput>eth0 Link encap:Ethernet HWaddr 00:80:C8:F8:4A:51
inet addr:192.168.99.35 Bcast:192.168.99.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:27849718 errors:1 dropped:0 overruns:0 frame:0
TX packets:29968044 errors:5 dropped:0 overruns:2 carrier:3
collisions:0 txqueuelen:100
RX bytes:943447653 (899.7 Mb) TX bytes:2599122310 (2478.7 Mb)
Interrupt:9 Base address:0x1000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:7028982 errors:0 dropped:0 overruns:0 frame:0
TX packets:7028982 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1206918001 (1151.0 Mb) TX bytes:1206918001 (1151.0 Mb)
</computeroutput>
<prompt>[root@tristan]# </prompt><userinput>route -n</userinput>
<computeroutput>Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.99.254 0.0.0.0 UG 0 0 0 eth0</computeroutput>
</programlisting>
</example>
<para>
For the moment, ignore the loopback interface (lo) and concentrate
on the Ethernet interface. Examine the output of the
<command>ifconfig</command> command. We can learn a great deal about
the IP network to which we are connected simply by reading the
<command>ifconfig</command> output. For a thorough discussion of
<command>ifconfig</command>, see
<xref linkend="tools-ifconfig"/>.
</para>
<para>
The IP address active on &tristan; is 192.168.99.35. This means that
any IP packets created by &tristan; will have a
source address of 192.168.99.35. Similarly any packet received by
&tristan; will have the destination address of 192.168.99.35.
When creating an outbound packet &tristan; will set the destination
address to the server's IP. This gives the remote host and the
networking devices in between these hosts enough information to
carry packets between the two devices.
</para>
<para>
Because &tristan; will
advertise that it accepts packets with a destination address of
192.168.99.35, any frames (packets) appearing on the Ethernet
bound for 192.168.99.35 will reach &tristan;. The process of
communicating the ownership of an IP address is called ARP. Read
<xref linkend="ether-arp-overview"/> for a complete discussion of
this process.
</para>
<para>
This is fundamental to IP networking. It is fundamental that a host
be able to generate and receive packets on an IP address assigned to it.
This IP address is a unique identifier for the machine on the network to
which it is connected.
</para>
<para>
Common traffic to and from machines today is unicast IP traffic.
Unicast traffic is essentially a conversation between two hosts.
Though there may be routers between them, the two hosts are carrying
on a private conversation. Examples of common unicast traffic
are protocols such as HTTP (web), SMTP (sending mail), POP3 (fetching
mail), IRC (chat), SSH (secure shell), and LDAP (directory access).
To participate in any of these kinds of traffic,
&tristan; will send and receive packets on 192.168.99.35.
</para>
<para>
In contrast to unicast traffic, there is another common IP networking
technique called broadcasting. Broadcast traffic is a way of addressing
all hosts in a given network range with a single destination IP address.
To continue the analogy of the unicast conversation, a broadcast is more
like shouting in a room.
Occasionally, network administrators will refer to broadcast techniques
and broadcasting as "chatty network traffic".
</para>
<para>
Broadcast techniques are used at the Ethernet layer and the IP layer, so
the cautious person talks about Ethernet broadcasts or IP broadcast.
Refer to
<xref linkend="ether-arp-overview"/>, for more information on a common
use of broadcast Ethernet frames.
</para>
<para>
IP Broadcast techniques can be used to share information with all
partners on a network or to discover characteristics of other members of
a network.
SMB (Server Message Block) as implemented by Microsoft products and the
<ulink url="http://samba.org/"><command>samba</command></ulink>
package makes extensive use of broadcasting techniques for discovery and
information sharing. Dynamic Host Configuration Protocol
(<ulink url="http://www.isc.org/products/DHCP/"><acronym>DHCP</acronym></ulink>)
also makes use of broadcasting techniques to manage IP addressing.
</para>
<para>
The IP broadcast address is, usually, correctly derived from the IP
address and network mask although it can be easily be set explicitly
to a different address. Because the broadcast address
is used for autodiscovery (e.g, <acronym>SMB</acronym> under
some protocols, an incorrect broadcast
address can inhibit a machine's ability to participate in networked
communication
<footnote>
<para>
An incorrect broadcast address often highlights a mismatch of
the configured IP address and netmask on an interface. If in
doubt, be sure to use an
<link linkend="tools-ipcalc">IP calculator</link> to set the correct
netmask and broadcast addresses.
</para>
</footnote>.
</para>
<para>
The netmask on the interface should match the netmask in the routing
table for the locally connected network. Typically, the route and
the IP interface definition are calculated from the same configuration
data so they should match perfectly.
</para>
<para>
If you are at all confused about how to address a network or how to read
either the traditional notation or the CIDR notation for network
addressing, see one of the CIDR/netmask references in
<xref linkend="links-general-ip"/>.
</para>
<section id="basic-local-network">
<title>Sending Packets to the Local Network</title>
<para>
We can see from the output above that the IP address 192.168.99.35
falls inside the address space 192.168.99.0/24. We also note that
the machine &tristan;
will route packets bound for 192.168.99.0/24 directly onto the
Ethernet attached to eth0. This line in the routing table
identifies a network available on the Ethernet attached to eth0
("Iface") by its network address ("Destination") and size ("Genmask").
</para>
<programlisting>
<computeroutput>Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0</computeroutput>
</programlisting>
<para>
Every host on the 192.168.99.0/24 network should share the network
address and netmask specified above. No two hosts should share the
same IP address.
</para>
<para>
Currently, there are two hosts connected to the example desktop network.
Both &tristan; and &masq-gw; are connected to 192.168.99.0/24. Thus,
192.168.99.254 (&masq-gw;) should be reachable from &tristan;.
Success of this test provides evidence that &tristan; is
configured properly. N.B., Assume that the network
administrator has properly configured &masq-gw;. Since the
<link linkend="routing-default">default gateway</link> in any
network is an important host, testing reachability of the default
gateway also has a value in determining the proper operation of the
local network.
</para>
<para>
The <command>ping</command> tool, designed to take advantage of
Internet Control Message Protocol (<acronym>ICMP</acronym>), can be
used to test reachability of IP addresses. For a command summary
and examples of the use of <command>ping</command>, see
<xref linkend="tools-ping"/>.
</para>
<example id="ex-basic-ping">
<title>Testing reachability of a locally connected host with
<command>ping</command></title>
<programlisting>
<prompt>[root@tristan]# </prompt><userinput>ping -c 1 -n 192.168.99.254</userinput>
<computeroutput>PING 192.168.99.254 (192.168.99.254) from 192.168.99.35 : 56(84) bytes of data.
--- 192.168.99.254 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss
PING 192.168.99.254 (192.168.99.254) from 192.168.99.35 : 56(84) bytes of data.
64 bytes from 192.168.99.254: icmp_seq=0 ttl=255 time=238 usec
--- 192.168.99.254 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.238/0.238/0.238/0.000 ms</computeroutput>
</programlisting>
</example>
</section>
<section id="basic-default-gateway">
<title>Sending Packets to Unknown Networks Through the Default
Gateway</title>
<para>
In <xref linkend="basic-local-network"/>, we verified that hosts
connected to the same local network can reach each other and,
importantly, the default gateway. Now, let's see what happens to
packets which have a destination address outside the locally connected
network.
</para>
<para>
Assuming that the network administrator allows ping packets
from the desktop network into the public network,
<command>ping</command> can be invoked with the
record route option to show the path the packet travels from
&tristan; to &wan-gw; and back.
</para>
<example id="ex-basic-ping-non-local">
<title>Testing reachability of non-local hosts</title>
<programlisting>
<prompt>[root@tristan]# </prompt><userinput>ping -R -c 1 -n 205.254.211.254</userinput>
<computeroutput>PING 205.254.211.254 (205.254.211.254) from 192.168.99.35 : 56(84) bytes of data.
--- 205.254.211.254 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss
PING 205.254.211.254 (205.254.211.254) from 192.168.99.35 : 56(84) bytes of data.
64 bytes from 205.254.211.254: icmp_seq=0 ttl=255 time=238 usec
RR: 192.168.99.35 <co id="ex-bpnl-tristan-out" linkends="ex-bpnl-tristan-out-text"/>
205.254.211.179 <co id="ex-bpnl-masq-gw-out" linkends="ex-bpnl-masq-gw-out-text"/>
205.254.211.254 <co id="ex-bpnl-wan-gw-in" linkends="ex-bpnl-bpnl-wan-gw-in-text"/>
205.254.211.254
192.168.99.254 <co id="ex-bpnl-masq-gw-in" linkends="ex-bpnl-masq-gw-in-text"/>
192.168.99.35 <co id="ex-bpnl-tristan-in" linkends="ex-bpnl-tristan-in-text"/>
--- 192.168.99.254 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.238/0.238/0.238/0.000 ms</computeroutput>
</programlisting>
<calloutlist>
<callout
arearefs="ex-bpnl-tristan-out"
id="ex-bpnl-tristan-out-text">
<simpara>
As the packet passes through the IP stack on &tristan;,
before hitting the Ethernet, &tristan; adds its IP to the
list of IPs in the option field in the header.
</simpara>
</callout>
<callout
arearefs="ex-bpnl-masq-gw-out"
id="ex-bpnl-masq-gw-out-text">
<simpara>
This is &masq-gw;'s public IP address.
</simpara>
</callout>
<callout
arearefs="ex-bpnl-wan-gw-in"
id="ex-bpnl-bpnl-wan-gw-in-text">
<simpara>
Our intended destination! (Anybody know why there are
two entries in the record route output?)
</simpara>
</callout>
<callout
arearefs="ex-bpnl-masq-gw-in"
id="ex-bpnl-masq-gw-in-text">
<simpara>
This is &masq-gw;'s private IP address.
</simpara>
</callout>
<callout
arearefs="ex-bpnl-tristan-in"
id="ex-bpnl-tristan-in-text">
<simpara>
And finally, &tristan; will add its IP to the option field
in the header of the IP packet just before the packet
reaches the calling <command>ping</command> program.
</simpara>
</callout>
</calloutlist>
</example>
<para>
By testing reachability of the local network 192.168.99.0/24 and
an IP address outside our local network, we have verified the basic
elements of IP connectivity.
</para>
<para>
To summarize this section, we have:
<itemizedlist>
<listitem>
<para>
identified the IP address, network address and netmask in use
on &tristan; using the tools <command>ifconfig</command> and
<command>route</command>
</para>
</listitem>
<listitem>
<para>
verified that &tristan; can reach its default gateway
</para>
</listitem>
<listitem>
<para>
tested that packets bound for destinations outside our
local network reach the intended destination and return
</para>
</listitem>
</itemizedlist>
</para>
</section>
<section id="basic-static">
<title>Static Routes to Networks</title>
<para>
Static routes instruct the kernel to route packets
for a known destination host or network to a router or
gateway different from the default gateway.
In the example network, the desktop machine &tristan; would need
a static route to reach hosts in the 192.168.98.0/24 network.
Note that the branch office network is reachable over an ISDN line.
The ISDN router's IP in &tristan;'s network is 192.168.99.1. This
means that there are two gateways in the example desktop network,
one connected to a small branch office network, and the other
connected to the Internet.
</para>
<para>
Without a static route to the branch office network, &tristan; would
use &masq-gw; as the gateway, which is not the most efficient path for
packets bound for &morgan;. Let's examine why a static route would
be better here.
</para>
<para>
If &tristan; generates a packet bound for &morgan; and
sends the packet to the default gateway, &masq-gw; will forward the
packet to &isdn-router; as well as generate an ICMP redirect message
to &tristan;. This ICMP redirect message tells &tristan; to send
future packets with a destination address of 192.168.98.82 (&morgan;)
directly to &isdn-router;. For a fuller discussion of ICMP redirect,
see
<xref linkend="routing-icmp-redirect"/>.
</para>
<para>
The absence of a static route has caused two extra packets to be
generated on the Ethernet for no benefit. Not only that, but
&tristan; will eventually expire the temporary route entry
<footnote>
<para>
If the machine is a linux machine, then the temporary route entry
is stored in the routing cache. Consult
<xref linkend="routing-cache"/> for more information on the
routing cache.
</para>
</footnote>
for 192.168.98.82, which means that subsequent packets bound for
&morgan; will repeat this process
<footnote>
<para>
It is quite reasonable to ignore ICMP redirect messages from
unknown hosts on the Internet, but ICMP redirect messages on a
LAN indicate that a host has mismatched netmasks or missing
static routes.
</para>
</footnote>.
</para>
<para>
To solve this problem, add a static route to &tristan;'s routing
table. Below is a modified routing table (see
<xref linkend="basic-changing"/> to learn how to change the routing
table).
</para>
<example id="ex-basic-static">
<title>Sample routing table with a static route</title>
<programlisting>
<prompt>[root@tristan]# </prompt><userinput>route -n</userinput>
<computeroutput>Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.98.0 192.168.99.1 255.255.255.0 UG 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.99.254 0.0.0.0 UG 0 0 0 eth0</computeroutput>
</programlisting>
</example>
<para>
According to this routing table, any packets with a destination
address in the 192.168.98.0/24 network will be routed to the
gateway 192.168.99.1 instead of the default gateway. This will
prevent unnecessary ICMP redirect messages.
</para>
<para>
These are the basic tools for inspecting the IP
address and the routes on a linux machine. Understanding
the output of these tools will help you understand how
machines fit into simple networks, and will be a base on which
you can build an understanding of more complex networks.
</para>
</section>
</section>
<section id="basic-changing">
<title>Changing IP Addresses and Routes</title>
<para>
This section introduces
<link linkend="basic-changing-ip">changing the IP address
on an interface</link>,
<link linkend="basic-changing-default">changing the default
gateway</link>, and
<link linkend="basic-changing-static">adding and removing a
static route</link>. With the knowledge of
<command>ifconfig</command> and <command>route</command> output
it's a small step to
learn how to change IP configuration with these same tools.
</para>
<section id="basic-changing-ip">
<title>Changing the IP on a machine</title>
<para>
For a practical example, let's say that the branch office server,
&morgan;, needs to visit the main office for some hardware maintenance.
Since the services on the machine are not in use, it's a convenient
time to fetch some software updates, after configuring the machine to
join the LAN.
</para>
<para>
Once the machine is booted and connected to the Ethernet, it's
ready for IP reconfiguration. In order to join an
IP network, the following information is required. Refer to the
<link linkend="example-network-netmap">network map and
appendix</link> to gather the required information below.
</para>
<itemizedlist>
<listitem>
<para>
An unused IP address (<emphasis>Use 192.168.99.14.</emphasis>)
</para>
</listitem>
<listitem>
<para>
netmask (<emphasis>What's your guess?</emphasis>)
</para>
</listitem>
<listitem>
<para>
IP address of the default gateway (<emphasis>What's your
guess?</emphasis>)
</para>
</listitem>
<listitem>
<para>
network address
<footnote>
<para>
The network address can be calculated from the IP address and
netmask. Refer to
<xref linkend="tools-ipcalc"/>. Especially handy is the
variable length subnet mask RFC,
<ulink url="http://www.isi.edu/in-notes/rfc1878.txt">RFC
1878</ulink>.
</para>
</footnote>
(<emphasis>What's your guess?</emphasis>)
</para>
</listitem>
<listitem>
<para>
The IP address of a name resolver. (<emphasis>Use the IP
of the default gateway here</emphasis>
<footnote>
<para>
Many networks are configured with
the name resolution services on a publicly connected host.
See <xref linkend="trouble-dns"/>.
</para>
</footnote>.
)
</para>
</listitem>
</itemizedlist>
<example id="ex-basic-before-change">
<title><command>ifconfig</command> and <command>route</command>
output before the change</title>
<programlisting>
<prompt>[root@morgan]# </prompt><userinput>ifconfig eth0</userinput>
<computeroutput>eth0 Link encap:Ethernet HWaddr 00:80:C8:F8:4A:53
inet addr:192.168.98.82 Bcast:192.168.98.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:9 Base address:0x5000
</computeroutput>
<prompt>[root@morgan]# </prompt><userinput>route -n</userinput>
<computeroutput>Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.98.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.98.254 0.0.0.0 UG 0 0 0 eth0</computeroutput>
</programlisting>
</example>
<para>
The process of readdressing for the new network involves three steps.
It is clear in
<xref linkend="ex-basic-before-change"/>, that &morgan; is configured
for a different network than the main office desktop network.
First, the
<link linkend="ex-basic-ifconfig-down">active interface must be
brought down</link>, then a
<link linkend="ex-basic-ifconfig-up">new address must be configured
on the interface and brought up</link>, and finally
<link linkend="ex-basic-set-default">a new default route must be
added</link>. If the networking configuration is correct and the
process is successful, the machine should be able to connect to local
and non-local destinations.
</para>
<example id="ex-basic-ifconfig-down">
<title>Bringing down a network interface with
<command>ifconfig</command></title>
<programlisting>
<prompt>[root@morgan]# </prompt><userinput>ifconfig eth0 down</userinput>
</programlisting>
</example>
<para>
This is a fast way to stop networking on a single-homed machine such
as a server or workstation. On multi-homed hosts, other
interfaces on the machine would
be unaffected by this command. This method of bringing down an
interface has some serious side effects, which should be understood.
Here is a summary of the side effects of bringing down an interface.
</para>
<anchor id="list-basic-ifconfig-side-effects-down"/>
<itemizedlist>
<title>Side effects of bringing down an interface with
<command>ifconfig</command></title>
<listitem>
<para>
all IP addresses on the specified interface are deactivated
and removed
</para>
</listitem>
<listitem>
<para>
any connections established to or from IPs on the specified
interface are broken
<footnote>
<para>
It is possible for a linux box which meets the following three
criteria to maintain connections and provide services without
having the service IP configured on an interface. It must be
functioning as a router, be configured to support non-local
binding and be in the route path of the client machine. This
is an uncommon need, frequently accomplished by the use of
transparent proxying software.
</para>
</footnote>
</para>
</listitem>
<listitem>
<para>
all routes to any destinations through the specified interface
are removed from the routing tables
</para>
</listitem>
<listitem>
<para>
the link layer device is deactivated
</para>
</listitem>
</itemizedlist>
<para>
The next step, bringing up the interface, requires the new
networking configuration information. It's a good habit to check the
interface after configuration to verify settings.
</para>
<example id="ex-basic-ifconfig-up">
<title>Bringing up an Ethernet interface with <command>ifconfig</command></title>
<programlisting>
<prompt>[root@morgan]# </prompt><userinput>ifconfig eth0 192.168.99.14 netmask 255.255.255.0 up</userinput>
<prompt>[root@morgan]# </prompt><userinput>ifconfig eth0</userinput>
<computeroutput>eth0 Link encap:Ethernet HWaddr 00:80:C8:F8:4A:53
inet addr:192.168.99.14 Bcast:192.168.99.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:9 Base address:0x5000
</computeroutput>
</programlisting>
</example>
<para>
The second call to <command>ifconfig</command> allows verification of
the IP addressing information. The currently configured IP address on
eth0 is 192.168.99.14. Bringing up an interface also has a small set
of side effects.
</para>
<anchor id="list-basic-ifconfig-side-effects-up"/>
<itemizedlist>
<title>Side effects of bringing up an interface</title>
<listitem>
<para>
the link layer device is activated
</para>
</listitem>
<listitem>
<para>
the requested IP address is assigned to the specified interface
</para>
</listitem>
<listitem>
<para>
all local, network, and broadcast routes implied by the
IP configuration are added to the routing tables
</para>
</listitem>
</itemizedlist>
<para>
Use
<link linkend="tools-ping"><command>ping</command></link> to
verify the reachability of other locally connected hosts or skip
directly to setting the default gateway.
</para>
</section>
<section id="basic-changing-default">
<title>Setting the Default Route</title>
<para>
It should come as no surprise to a close reader
(<link linkend="list-basic-ifconfig-side-effects-down">hint</link>),
that the default route was removed at the execution of
<userinput>ifconfig eth0 down</userinput>. The crucial final step is
configuring the default route.
</para>
<example id="ex-basic-set-default">
<title>Adding a default route with <command>route</command></title>
<programlisting>
<prompt>[root@morgan]# </prompt><userinput>route -n</userinput>
<computeroutput>Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo</computeroutput>
<prompt>[root@morgan]# </prompt><userinput>route add default gw 192.168.99.254</userinput>
<prompt>[root@morgan]# </prompt><userinput>route -n</userinput>
<computeroutput>Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.99.254 0.0.0.0 UG 0 0 0 eth0</computeroutput>
</programlisting>
</example>
<para>
The routing table on &morgan; should look exactly like the initial
routing table on &tristan;. Compare the routing tables in
<xref linkend="ex-basic-ifconfig"/> and
<xref linkend="ex-basic-set-default"/>.
</para>
<para>
These changes to the routing table on &morgan; will stay in effect
until they are manually changed, the network is restarted, or the
machine reboots. With knowledge of the addressing scheme of a
network, and the use of
<link linkend="tools-ifconfig"><command>ifconfig</command></link> and
<link linkend="tools-route"><command>route</command></link> it's
simple to readdress a machine on just about any Ethernet you can
attach to. The benefits of familiarity with these commands extend to
non-Ethernet IP networks as well, because these commands operate on the
IP layer, independent of the link layer.
</para>
</section>
<section id="basic-changing-static">
<title>Adding and removing a static route</title>
<para>
Now that &morgan; has joined the LAN at the main office and can
reach the Internet, a static route to the branch office would be
convenient for accessing resources on that network.
</para>
<para>
A static route is any route entered into a routing table
which specifies at least a destination address and a gateway or device.
Static routes are special instructions regarding the
path a packet should take to reach a destination and are
usually used to specify reachability of a destination through a router
other than the default gateway.
</para>
<para>
As we saw above, in <xref linkend="basic-static"/>, a static route
provides a specific route to a known destination. There are several
pieces of information we need to know in order to be able to add a
static route.
</para>
<itemizedlist>
<listitem>
<para>
the address of the destination (<emphasis>192.168.98.0</emphasis>)
</para>
</listitem>
<listitem>
<para>
the netmask of the destination (<emphasis>255.255.255.0</emphasis>)
<itemizedlist>
<listitem>
<para>
EITHER the IP address of the router through which the
destination (<emphasis>192.168.99.1</emphasis>) is reachable
</para>
</listitem>
<listitem>
<para>
OR the name of the link layer device to which the
destination is directly connected
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
</itemizedlist>
<example id="ex-basic-add-static">
<title>Adding a static route with <command>route</command></title>
<programlisting>
<prompt>[root@morgan]# </prompt><userinput>route -n</userinput>
<computeroutput>Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.99.254 0.0.0.0 UG 0 0 0 eth0</computeroutput>
<prompt>[root@morgan]# </prompt><userinput>route add -net 192.168.98.0 netmask 255.255.255.0 gw 192.168.99.1</userinput>
<prompt>[root@morgan]# </prompt><userinput>route -n</userinput>
<computeroutput>Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.98.0 192.168.99.1 255.255.255.0 UG 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.99.254 0.0.0.0 UG 0 0 0 eth0</computeroutput>
</programlisting>
</example>
<para>
<xref linkend="ex-basic-add-static"/> shows how to add a static
route to the 192.168.98.0/24 network.
In order to test the reachability of the remote network,
ping any machine on the 192.168.98.0/24 network. Routers are
usually a good choice, since they rarely have packet
filters and are usually alive.
</para>
<para>
Because a more specific route is always chosen over a less specific
route, it is even possible to support host routes. These are routes
for destinations which are single IP addresses. This can be
accomplished with a manually added static route as below.
</para>
<example id="ex-basic-del-static">
<title>Removing a static network route and adding a static host
route</title>
<programlisting>
<prompt>[root@morgan]# </prompt><userinput>route del -net 192.168.98.0 netmask 255.255.255.0 gw 192.168.99.1</userinput>
<prompt>[root@morgan]# </prompt><userinput>route add -net 192.168.98.42 netmask 255.255.255.255 gw 192.168.99.1</userinput>
<prompt>[root@morgan]# </prompt><userinput>route add -host 192.168.98.42 gw 192.168.99.1</userinput>
<computeroutput>SIOCADDRT: File exists</computeroutput>
<prompt>[root@morgan]# </prompt><userinput>route -n</userinput>
<computeroutput>Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.98.42 192.168.99.1 255.255.255.255 UGH 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.99.254 0.0.0.0 UG 0 0 0 eth0</computeroutput>
</programlisting>
</example>
<para>
This should serve as an illustration that there is no difference to
the kernel in selecting a route between a host route and a network
route with a host netmask. If this is a surprise or is at all
confusing, review the use of netmasks in IP networking.
Some collected links on general IP networking are available in
<xref linkend="links-general-ip"/>.
</para>
</section>
</section>
<section id="basic-conclusion">
<title>Conclusion</title>
<para>
This chapter has introduced the simplest uses of
<command>ifconfig</command> and <command>route</command> to view and
alter the IP configuration of a host. To reiterate the minimum
requirements to create an IP network between two machines:
</para>
<anchor id="basic-ip-requirements"/>
<itemizedlist>
<title>Requirements for Two Hosts on the Same Ethernet to
Communicate Using IP</title>
<listitem>
<para>
Each host must have a good connection to the Ethernet. Verify a
good connection to the Ethernet with <command>mii-tool</command>,
documented in
<xref linkend="tools-mii-tool"/>.
</para>
</listitem>
<listitem>
<para>
Each host must share IP network space. Practically, this means
that each host should have the same network address, netmask,
and broadcast address
<footnote>
<para>
Technically, the two hosts simply need to have routes to
each other, but we are discussing the simplest case here,
so we'll leave this for a discussion of
<link linkend="adv-media-share">shared media</link>.
</para>
</footnote>.
</para>
</listitem>
<listitem>
<para>
Each host must have a unique IP address.
</para>
</listitem>
<listitem>
<para>
Neither host must block the other's IP packets. (Host based
packet filtering may hinder connections!)
</para>
</listitem>
</itemizedlist>
<para>
This concludes the tour of basic host networking and IP layer
configuration as well as some basic tools available to the
linux user. For further documentation on these tools, other tips,
tricks, and more advanced content, keep reading!
</para>
</section>
</chapter>
View Git Blame Copy Permalink