Networking
- Utilities
- NetworkManager
- Netplan
- /etc/network/interfaces
Utilities
ip – show / manipulate routing, network devices, interfaces and tunnels
ip link – network device configuration
ip link
ip link set dev enp6s0 up
ip address – protocol address management
The ip addr command displays addresses and their properties, adds new addresses and deletes old ones.
ip address show
ip address add dev enp6s0 10.4.0.2/24
ip neighbour – neighbour/arp tables management
ip neighbour show
ip route – routing table management
ip route show
ip route get 192.168.0.70
ip route add 10.8.53.0/24 via 192.168.53.10 dev p2p1
Task: Add a vlan interface and an IP
ip link add link eno1 name eno1.400 type vlan id 400
ip addr add 192.168.10.100/24 brd 192.168.10.255 dev eno1.400
ip link set dev eno1.400 up
route – show / manipulate the IP routing table
Add or remove a route:
route add -net 192.168.108.0 netmask 255.255.252.0 gw 192.168.0.187
route del -net 192.168.108.0 netmask 255.255.252.0
arp – manipulate the system ARP cache
Display current ARP cache:
arp -a
find the MAC address of a host:
$ arp myhost
Address HWtype HWaddress Flags Mask Iface
myhost ether 15:1e:18:20:51:1e C eno1
arp-scan – The ARP scanner
arp-scan 192.168.2.0/24
netstat
Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
Print all listening process:
netstat --tcp --udp --listening --program --numeric | grep LISTEN
netstat -tulpn | grep LISTEN
-t
– Show TCP ports.-u
– Show UDP ports.-n
– Show numerical addresses instead of resolving hosts.-l
– Show only listening ports.-p
– Show the PID and name of the listener’s process. This information is shown only if you run the command as root or sudo user.
Print routing table:
$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 enp6s0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp6s0
ss – another utility to investigate sockets
-l, –listening | Display only listening sockets (these are omitted by default). |
-n, –numeric | Do not try to resolve service names. Show exact bandwidth values, instead of human-readable. |
-p, –processes | Show process using socket. |
-t, –tcp | Display TCP sockets. |
-u, –udp | Display UDP sockets. |
ss -lnptu
watch -d -n 0.5 ss -tulpn
sudo
might be needed to show which processes are listening (?).
lsof – list open files
- -i [i] selects the listing of files any of whose Internet address matches the address specified in i. If no address is specified, this option selects the listing of all Internet and x.25 (HP-UX) network files.
# lsof -i
# lsof -nP -iTCP -sTCP:LISTEN
NetworkManager
NetworkManager is a daemon that sits on top of libudev and other Linux kernel interfaces (and a couple of other daemons) and provides a high-level interface for the configuration of the network interfaces.
NetworkManager will only handle interfaces not declared in /etc/network/interfaces
.
NetworkManager keeps connection information on known individual networks in configuration files called profiles. Those are stored at /etc/NetworkManager/system-connections/
.
nmcli – command-line tool for controlling NetworkManager
nmcli
nmcli device show
nmcli connection show
nmcli connection up vlan0004_DHCP
nmcli connection down vlan0004_DHCP
General
nmcli general status
Connection
- add
- clone
- delete
- down
- edit
- export
- help
- import
- load
- modify
- monitor
- reload
- show
- up
nmcli connection add type ethernet con-name LAN ifname ens18 ip4 192.168.0.100/22 gw4 192.168.0.3 ipv4.dns 192.168.0.70 ipv4.dns-search om.local
nmcli connection add type vlan con-name WAN vlan.parent ens18 vlan.id 20 ip4 192.168.100.10/24 gw4 192.168.100.1
nmcli con modify WAN vlan.id 50
nmcli con mod LAN ipv4.gateway ''
nmcli connection edit LAN
Disable ipv6
nmcli connection modify LAN ipv6.method "disabled"
nm-settings-nmcli – Description of settings and properties of NetworkManager connection profiles for nmcli
nmtui – Text User Interface for controlling NetworkManager
Documentation
- https://wiki.debian.org/NetworkManager
- https://wiki.archlinux.org/index.php/NetworkManager
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/sec-configuring_ip_networking_with_nmcli
Netplan
YAML network configuration abstraction for various backends
In the example below, we must set up routes, because there’s a chance the system choose the wrong eth as default gateway…
/etc/netplan#$ more 00-installer-config.yaml
# This is the network config written by 'subiquity'
network:
version: 2
ethernets:
enp1s0:
addresses:
- 192.168.122.2/24
gateway4: 192.168.122.1
nameservers:
addresses: [192.168.122.1,8.8.8.8]
enp6s0:
addresses:
- 10.4.0.2/24
# gateway4: 10.4.0.1
routes:
- to: 0.0.0.0/0
via: 192.168.122.1
metric: 100
- to: 10.4.0.0/24
via: 10.4.0.1
metric: 50
# This is the network config written by 'subiquity'
network:
ethernets:
ens18:
dhcp4: true
version: 2
Alternatively, one can simply skip the gateway setting if the network is to be isolated anyway:
network:
version: 2
ethernets:
enp1s0:
addresses:
- 192.168.122.2/24
gateway4: 192.168.122.1
nameservers:
addresses: [192.168.122.1,8.8.8.8]
enp6s0:
addresses:
- 10.4.0.2/24
Once the YAML file is good:
netplan apply
or:
netplan try
Documentation: https://netplan.io/reference
/etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.0.70
netmask 255.255.255.0
gateway 192.168.0.1
dns-nameservers 192.168.0.1 192.168.0.2
dns-search contoso.com