/james/notes/computers

Linux Networking Cookbook

Note that the majority of commands on this page are non-persistent and will be undone when the system is rebooted. Persistent configuration will be specifically highlighted.

Basic Network Configuration

# Bring an interface up / down
sudo ip link set eth0 up
sudo ip link set eth0 down

# Set a static IP address for an interface
sudo ip addr add 192.168.0.10/24 dev eth0

# Remove a specific IP address from an interface
sudo ip addr del 192.168.0.10/24 dev eth0

# Clear all assigned IP addresses on an interface
sudo ip addr flush eth0

# Set the default route to 10.0.4.1 via interface eth0
sudo ip route add default via 10.0.4.1 dev eth0

# Set the route for 10.1.0.0/16 to be via 10.0.4.1 on interface eth0
sudo ip route add 10.1.0.0/16 via 10.0.4.1 dev eth0

# Delete the above route
sudo ip route del 10.1.0.0/16 via 10.0.4.1 dev eth0

Set a DNS Server (Persistent)

Edit: /etc/systemd/resolved.conf (needs root):

[Resolve]
DNS=1.1.1.1

sudo systemctl restart systemd-resolved

Note, this assumes the system is running systemd.

Network Managers

Most Linux distros use some kind of network manager that configures the network on boot up.

First, find out which network manager is actually running:

sudo systemctl status NetworkManager
sudo systemctl status systemd-networkd
sudo systemctl status networking  # Known as ifupdown

If the service is running then that network manager is likely in use.

Specific instructions for each of the different network managers can be found below.

NetworkManager

Stop NetworkManger from managing a connection (non-persistent)

sudo nmcli device set eth0 managed no

Stop NetworkManger from managing a connection (Persistent)

Create /etc/NetworkManager/conf.d/unmanaged-devices.conf (requires root) and set the contents to:

[keyfile]
unmanaged-devices=interface-name:eth0

# Reboot or restart NetworkManager
sudo systemctl restart NetworkManager
# Check the interface shows as "unmanaged"
nmcli device status

Set a static IP address (Persistent)

nmcli connection add con-name "My connection profile" ifname eth0 type ethernet ip4 192.168.0.100/24 gw4 192.168.0.1 ipv4.dns 1.1.1.1
nmcli connection up "My connection profile"

systemd-networkd

ifupdown

System Configuration

# Enable IPv4 Forwarding
sudo sysctl -w net.ipv4.ip_forward=1

# Turn off IPv6
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1

Note that the above commands apply to the current network namespace only. Use a command similar to sudo ip netns exec my_namespace sysctl -w net.ipv4.ip_forward=1 to set the configuration in another namespace.

VLANs

# Clean any current IP address on the interface
sudo ip addr flush eth0
# Add the VLAN interface
sudo ip link add link eth0 name myvlan10 type vlan id 10
# Set an IP of the VLAN interface
sudo ip addr add 10.0.4.1/24 dev myvlan10
# Bring the interface up
sudo ip link set myvlan10 up

Note that if you do a PCAP on eth0 you will see ethernet with the 802.1Q VLAN header. Meanwhile, if you do a PCAP on myvlan10 you will just see the normal ethernet header with no VLAN tag.

You can add multiple VLAN interfaces to a single "physical" interface.

Network Namespaces

Network namespaces in Linux isolate networking resources so that each namespace has its own network stack (interfaces, routing tables, firewall rules, etc.). This allows multiple independent network environments to run on the same system.

# Create Namespaces
sudo ip netns add blue
sudo ip netns add green

# Add interfaces to the namespaces
sudo ip link set dev eth0 netns blue
sudo ip link set dev eth1 netns green

# Set up IP addresses
sudo ip netns exec blue ip link set eth0 up
sudo ip netns exec blue ip addr add 10.0.3.1/24 dev eth0

sudo ip netns exec green ip link set eth1 up
sudo ip netns exec green ip addr add 10.0.3.2/24 dev eth1

# Run an application in a namespace
sudo ip netns exec blue ping 10.0.3.2
# Note ping will fail in this example unless eth0 and eth1 are connected 
# with an Ethernet cable. This is because even though the interfaces are on the
# same system and in the same subnet, they are fully isolated from each other.

# Move interface from a namespace back into the default ns
sudo ip netns exec blue ip link set dev eth0 netns 1

# Delete the namespace
# This will move any interfaces in the namespace back to the default namespace
sudo ip netns del blue