Part 7. Networking
A quick guide to Linux networking
It is almost inconceivable to run a computer in this age without being connected to a network. E-mail, Web browsing, and file sharing are all as expected as printing and viewing information on a screen.
Fortunately, Linux was made for the network from the very beginning. In fact, networking is one of the things that Linux does best. Linux supports the popular networking protocols such as TCP/IP and SMB (NetBIOS). Linux also has sophisticated tools for monitoring and filtering network traffic. Services such as FTP, Windows file and print sharing, and Web serving are available. Linux even provides facilities for centralized directory services, Virtual Private Networking (VPN), and remote procedure calls.
Linux can work with any network hardware for which it has a driver. Linux drivers are compiled into the kernel, either monolithically or as loadable modules. Many popular network cards are supported by default in the Linux kernel. When selecting network hardware, it is always good to use a device listed on the "Hardware Compatibility List" (see Related topics for links). Use the most up-to-date version for your Linux distribution.
Generally, if you are using compatible network hardware, your card will be
automatically recognized when you install the system. You can check the
network hardware found on your system by using the
command. By default,
ifconfig shows you active network
devices. You see all network devices by adding the
Listing 1. Using ifconfig
refname: ifconfig-a [root@cmw-t30 root]# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:09:6B:60:8B:1E inet addr:22.214.171.124 Bcast:126.96.36.199 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:47255 errors:0 dropped:0 overruns:0 frame:0 TX packets:32949 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:22140365 (21.1 Mb) TX bytes:13519623 (12.8 Mb) Interrupt:11 Base address:0xf000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1308081 errors:0 dropped:0 overruns:0 frame:0 TX packets:1308081 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:183376967 (174.8 Mb) TX bytes:183376967 (174.8 Mb)
In the listing above, there is only one network card in the system,
identified as eth0. The
lo adapter is a loopback, used by
Linux to talk to itself. We'll look more at the
Network device names
When they are configured, Linux network devices are given aliases, which consist of a descriptive abbreviation and a number. The first device of a type is numbered 0, and the others are numbered 1, 2, 3, etc. The following naming conventions are used. The information is taken from the Linux Network Administrator's Guide (see the Related topics section at the end of this article for links).
- eth0, eth1 ...
These are the Ethernet card interfaces. They are used for most Ethernet cards, including many of the parallel port Ethernet cards.
- tr0, tr1 ...
These are the Token Ring card interfaces. They are used for most Token Ring cards, including non-IBM manufactured cards.
- s10, s11 ...
These are the SLIP interfaces. SLIP interfaces are associated with serial lines in the order in which they are allocated for SLIP.
- ppp0, ppp1 ...
These are the PPP interfaces. Just like SLIP interfaces, a PPP interface is associated with a serial line once it is converted to PPP mode.
- plip0. plip1 ...
These are the PLIP interfaces. PLIP transports IP datagrams over parallel lines. The interfaces are allocated by the PLIP driver at system boot time and are mapped onto parallel ports. In the 2.0.x kernels, there is a direct relationship between the device name and the I/O port of the parallel port, but in later kernels, the device names are allocated sequentially, just as for SLIP and PPP devices.
- ax0, ax1 ...
These are the AX.25 interfaces. AX.25 is the primary protocol used by amateur radio operators. AX.25 interfaces are allocated and mapped in a similar fashion to SLIP devices.
There are many other types of interfaces available for other network drivers. We've listed only the most common ones.
Since Ethernet is the most common configuration, we will focus on that. For more information about other kinds of connections, see the Related topics at the end of this article.
When you installed your distribution of Linux, the networking was configured. You probably already have an active eth0 from that initial configuration. This configuration is probably adequate for your use right now, but you may need to make changes over time. We will cover different configuration items related to IP networking and the files and tools for working with them.
Webmin offers a good set of network configuration tools under Networking, Network Configuration. You can configure individual interfaces and adjust their current settings or their saved settings. Also the Routing and Gateways, DNS Client settings, and local host addresses can be configured. Once all of the configurations have been edited, you can apply them by clicking Apply Configuration. Rebooting the system is not necessary.
Each distribution has its own tools for configuring network settings. You should consult your particular distribution's documentation to see what it uses. Each tool provides essentially the same configuration options as the Webmin tool. Some of them may provide options specific to the distribution.
Figure 1. Red Hat 8.x and 9.x use the redhat-config-network tool
Figure 2. SuSE and United Linux use the YAST tool
Manual configuration is also possible, but it is a very deep subject. Please refer to your distribution documentation and the Related topics at the end of this article for information about manual network configuration.
Tools to analyze and monitor
Linux comes with many tools to monitor networking tasks.
We used the
above to see the status of the ethernet card. However,
ifconfig can configure devices as well as report on them.
Suppose you want to set up a temporary network configuration for testing.
You could edit the configuration through the distribution tool, but you
would need to note all of the settings to put it back when you're done. By
ifconfig, we can configure the card quickly without
touching the saved settings:
ipconfig eth0 192.168.13.13 netmask 255.255.255.0 up
The command above will set eth0 to the address 192.168.13.13 with a Class C IP address and make sure that it is up.
ipconfig eth0 down
The command above will shut down the eth0 device. See the
info ifconfig page for full details on using
To activate and deactivate network devices using their saved configurations, use
# Bring up eth0 using the saved configuration
# Shut down eth0
netstat console command
to print network connections, routing tables, interface statistics,
masquerade connections, and multicast memberships.
has several command line switches to control its function. Here are some
of the common ones:
Printing network status
|Shows the PID and name of the program to which each socket belongs|
|Shows both listening and non-listening sockets|
|Shows TCP connections|
|Shows UDP connections|
|Displays additional information; use this option twice for maximum detail|
Here's an example of
Listing 2. Using netstat
[root@cmw-t30 root]# netstat -tp Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost.localdo:29000 *:* LISTEN 2389/attvpnctl tcp 0 0 *:10000 *:* LISTEN 5945/perl tcp 0 0 *:x11 *:* LISTEN 1120/X tcp 0 0 *:ftp *:* LISTEN 724/xinetd tcp 0 0 *:ssh *:* LISTEN 710/sshd tcp 0 0 *:ipp *:* LISTEN 797/cupsd tcp 0 0 *:505 *:* LISTEN 1043/rcd tcp 0 0 localhost.localdoma:ipp localhost.localdo:32772 ESTABLISHED 797/cupsd tcp 0 0 sig-9-65-39-140.m:44916 sdoprods2.austin.i:1352 TIME_WAIT - tcp 0 0 10.100.100.101:33020 188.8.131.52:5190 ESTABLISHED 1433/gaim tcp 0 0 localhost.localdo:44954 localhost.localdoma:ipp TIME_WAIT - tcp 0 0 localhost.localdo:44955 localhost.localdoma:ipp TIME_WAIT - tcp 0 0 localhost.localdo:44897 localhost.localdoma:ipp TIME_WAIT - tcp 0 0 localhost.localdo:44902 localhost.localdoma:ipp TIME_WAIT - tcp 0 0 localhost.localdo:44903 localhost.localdoma:ipp TIME_WAIT - tcp 0 0 localhost.localdo:44900 localhost.localdoma:ipp TIME_WAIT - tcp 0 0 localhost.localdo:44901 localhost.localdoma:ipp TIME_WAIT - tcp 0 0 10.100.100.101:44888 cs9336-61.austin.r:pop3 TIME_WAIT - tcp 0 0 localhost.localdo:32772 localhost.localdoma:ipp ESTABLISHED 1246/gnome-cups-man tcp 1 0 localhost.localdo:32774 localhost.localdoma:ipp CLOSE_WAIT 1246/gnome-cups-man tcp 0 0 10.100.100.101:33019 cs46.msg.sc5.yahoo:5050 ESTABLISHED 1433/gaim tcp 0 0 sig-9-65-39-140.m:35061 d03nm119.boulder.i:1352 CLOSE_WAIT 1720/wineserver tcp 0 0 10.100.100.101:33021 184.108.40.206:5190 ESTABLISHED 1433/gaim
netstat most often to view connections that are in the
LISTEN or ESTABLISHED states. LISTEN are the services on your system that
are accepting connections from other machines. ESTABLISHED are the active
connections between your machine and others. Make sure you know all of the
LISTEN programs that are running. If you see something you don't
recognize, it could be a security concern.
netstat has many
info netstat at the command line for details.
route console command lets you
show and manipulate the IP routing table.
Listing 3. Using route
[root@cmw-t30 plugins]# route|grep -v ipsec Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 220.127.116.11 10.100.100.1 255.255.255.255 UGH 0 0 0 eth1 10.100.100.0 * 255.255.255.0 U 0 0 0 eth1 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 10.100.100.1 0.0.0.0 UG 0 0 0 eth1
route with no switches will show the current routing
table. You can make very elaborate changes to the routing table using
route add default gw 10.10.10.1
The above command adds a default route (which will be used if no other route matches). All packets using this route will be gatewayed through "10.10.10.1". The device that will actually be used for that route depends on how we can reach "10.10.10.1" -- the static route to "10.10.10.1" will have to be set up before.
route add -net 18.104.22.168 netmask 255.255.255.0 dev eth0
The above command adds a route to the network 192.56.76.x via "eth0." The Class C netmask modifier is not really necessary here because 192.* is a Class C IP address. The word "dev" can be omitted here.
Routing is a very deep subject. Full information about the
route options is available with
Linux was designed for networking from the start. It has built into it
sophisticated functions that were previously found only on high-end
enterprise offerings. However, even with all of this power, configuration
of Linux networking is no more complex than configuration in Windows.
Tools such as Webmin, redhat-config-network, and YAST allow graphical
configuration. Tools such as
allow viewing and modification of network parameters from the console or
scripts. Tools such as
netstat allow viewing of individual
network connections and show their relationships to running processes.
- Check out the other parts in the Windows-to-Linux roadmap series (developerWorks, November 2003).
- The online Linux Network Administrator's Guide, Second Edition is a single reference for network administration in a Linux environment. Beginners and experienced users alike will find the information on nearly all important administration activities required to manage a Linux network configuration.
- The Linux Ethernet HOWTO has information about which ethernet devices can be used for Linux, and how to set them up (with a focus on the hardware and low-level driver aspect of the ethernet cards).
- The Linux Documentation Project also has a list of HOWTOs by category to help you find relevant documentation easily.
- Hardware Control Lists include the Red Hat Hardware search page, the openSUSE Hardware Portal, and the UnitedLinux Certified and Compatible Hardware.
- System security is a vast and complex topic, but in an interconnected world, it affects everyone. Luckily, it is never too early nor too late to get started with it. The documents Network Security and Strategies for Keeping a Secure Server (which is the twelfth chapter from the earlier referenced Linux Administration Made Easy guide) will help you to do just that.
- Learn more about networking in the IBM developerWorks articles "Sharing computers on a Linux (or heterogeneous) network" and "Setting up a Local Area Network".
- Employ better security -- the IBM developerWorks article "Connect securely with ssh" shows you how.