- 1 Summary
- 2 Network configuration files
- 2.1 /etc/hosts
- 2.2 /etc/services
- 2.3 /etc/hosts.allow and /etc/hosts.deny
- 2.4 /etc/sysconfig/network
- 2.5 /etc/host.conf
- 2.6 /etc/resolv.conf
- 2.7 /etc/sysconfig/network-scrips/ifcfg-ethx
- 3 Commands for network management
- 4 Common network management operations
- 5 Frequently asked questions
- 6 References
This entry introducce briefly the network management in Linux, including modifying network configuration files and commands for managing network.
Network configuration files
Here are some commonly used configuration files for network:
- Host address configuration: /etc/hosts
- Information of network services: /etc/services
- List of allowed and rejected addresses: /etc/hosts.allow and /etc/hosts.deny
- Configuration of network interfaces: /etc/network/interfaces
- Rules for looking up hostnames: /etc/host.conf
- Rules for domain name service: /etc/resolv.conf
- Network card configurations: etc/network/interfaces
File /etc/hosts is used for quick name resolving in Linux. It is a ASCII file, contains maps from hostnames (and host alias) to IPs.
In the condition that no domain name server is present, all network program use this file for resolving IP addresses of hostnames; otherwise, DNS service is used. Users can add frequently used domains and their IPs to /etc/hosts to reduce the time of name resolving.
For example, there is a record in /etc/hosts:
192.168.1.100 linumu100 test100
Supposing "192.168.1.100" is backed by a web server. Visiting http://linumu100 in the browser will give us the web page at 192.168.1.100.
Generally, the first line in the file is the local IP and the local hostname:
127.0.0.1 localhost.localdomain localhost
followed by IPs and hostnames of other machines:
192.168.1.1 debian debian 192.168.0.2 t02 t02.tiger 192.168.0.4 t04 t04.tiger
where the three fields of each line correspond to the IP address, the hostname and the host alias, respectively. Lines beginning with "#" are seen as comments.
There are some different between the hostname and the domain. The former are often used in LANs, and are resolved to IPs by checking in /etc/hosts. The later are used on the Internet, and are resolved through DNS service. If we do not want to use DNS service on the Internet, we can change the hosts file and add a hostname to the target IP, so it can be visited by our customized hostname.
Tools for modifying hostname
Apart from modifying /etc/hostname, you can also use command "hostname" to change the hostname. For example, to show the current hostname:
$ hostname linmu100
Set a temporary hostname:
# hostname test100 test100
This hostname will expire after the user logs out. To make it a permanent one, you must modify the file /etc/hostname.
To show the IP address of the host:
$ hostname -i 192.168.1.100
Note that the IP is read from file /etc/hosts.
Slow connection to remote Linux hosts
When a client wants to log in to a Linux host via SSH, it has to wait for a moment before it can enter the shell. This is because that Linux resolves the IP of the client. If we add the hostname and the IP of that client to /etc/hosts on the Linux host, it would take less time during login.
Other types of logins, like remote login of MySQL or querying of shared files, can be tuned in the same way.
Make a connection between two computers
When two computers are connected directly, both need to set their own IPs, and both need to have the IP and the hostname of the other computer.
It records the names of all network services, the ports and the protocols they use. It looks like:
# Each line describes one service, and is of the form:# # service-name port/protocol [aliases ...] [# comment] tcpmux 1/tcp #TCP port service multiplexer tcpmux 1/udp # TCP port service multiplexer rje 5/tcp # Remote Job Entry rje 5/udp # Remote Job Entry echo 7/tcp echo 7/udp .....
The port number used in Linux ranges from 0 to 65,535, with different subranges assigned for different usage.
0 Not used 1 - 1023 Reserverd for system and available only to root 1024 - 4999 Assigned by client programs 5000 - 65535 Assigned by other programs
/etc/hosts.allow and /etc/hosts.deny
These are configuration files of TCPd server who controls the access of external IP to local host. The format of each record in these files are:
# Name of service process : Host list : Actions to do when rules matched server_name:hosts-list[:command]
/etc/hosts.allow holds the IP addresses that are allowed to access the host, while /etc/hosts.deny holds the IP addresses that are forbidden. If there is any conflict, Linux will adopt the later.
Here is an example of /etc/hosts.allow:
ALL:127.0.0.1 ## Allow access to all services from this machine smbd:192.168.0.0/255.255.255.0 ## Allow access to smbd service of clients from network segment of 192.168.0
The keyword "All" matches all cases, "EXCEPT" excludes some cases, and "PARANOID" matches the cases where an IP address is not mapped to the presumed domain.
File /etc/network/interfaces sets details for each network device. It look like:
# Automatically obtaining IP auto eth0 iface eth0 inet dhcp # Using static IP auto lo # Enable "lo" during startup iface eth0 inet static # "eth0" will use a static IP address 192.168.1.2 # The IP address assgined to "eth0" netmask 255.255.255.0 # Subnetwork mask for "eth0" gateway 192.168.1.1 # IP address of the gateway
To manually assign a MAC addresss to a device, append one line after the "iface" line:
pre-up ifconfig eth0 hw ether xx:xx:xx:xx:xx:xx
where "xx:xx:xx:xx:xx:xx" is the "cloned" MAC address.
All changes will take effect only when the device has been restarted:
sudo /etc/init.d/networking restart
or sudo systemctl restart networking.service
When both DNS service and /etc/hosts are present in system, the order of name resolving is determined by file /etc/host.conf. It look like:
order hosts,bind # Order of services to use for resolving multi on # Allow the host to have multiple IPs nospoof on # Forbid IP address spoofing
The keyword "order" defines the order of name resolving: first using the hosts file, then using the bind (DNS) server.
This file determine the priority of all DNS servers. Each line is beginned with a keyword, followed by a parameter indicating the server IP or host name. There are four kinds of keyword:
nameserver: IP address of a DNS server
domain: A local domain
search: A list for domain searching
- sortlist: A list for sorting obtained domains
The keyword "nameserver" is mandatary, as no DNS server can be found without it. Other keywords are optional.
Here is an example of /etc/resolv.conf:
nameserver 127.0.1.1 domain corp.linuxdeepin.com search corp.linuxdeepin.com nameserver 10.0.0.1
This file defines the parameters for a specific network interface. It does not belong to deepin, but is quite common in Red Hat Linux and its derivatives.
Here is an example of this file:
DEVICE=ethX BOOTPROTO=none BROADCAST=x.x.x.x HWADDR=00:50:BA:88:72:D4 IPADDR=x.x.x.x NETMASK=255.255.255.0 NETWORK=x.x.x.x ONBOOT=yes TYPE=Ethernet GATEWAY=x.x.x.x
Commands for network management
"ifconfig" is used to view and change the address of a network interface, as well as its subnet mask and broadcast address. Only super users can change parameters.
ifconfig interface [options] address
interface The interface specified address Assign the given address to the interface up Activate the interface down Disactive the interface -broadcast address Set the broadcast address -pointopoint address Set the P2P address -netmask address Set the subnet mask
To configure and activate device "eth0":
ifconfig eth0 192.168.4.1 netmask 255.255.255.0 up
To configure the IP for device "eth0:1" which is a alias of "eth0", then add a router for it:
ifconfig eth0:1 192.168.4.2 route add –host 192.168.4.2 dev eth0:1
Active or disactive "eth0:1":
ifconfig eth0:1 up ifconfig eth0:1 down
See configurations of the specified (or all) device:
ifconfig eth0 ifconfig
ip is a powerful tool for network configuration provided by package "iproute2". It replaces tranditional tools like ifconfig and route, and most of the Linux distributions support it. Only super users can use it to change configurations.
ip [Options] OBJECT [Command [Arguments]]
-s, -stats, -statistics Print more details when executed -f, -family Specify the protocol family type, such ash inet, inet6 or link. inet is implied if not type is specified -4 Using inet family -6 Using inet6 family -0 Using link family -o, -oneline Ouput in a single line for each record. Useful when output need to be parsed by programs like wc or grep -r, -resolve Query the DNS service, and use the hostname obtained for the IP given
Commands defines the action to be done, depending the type of the object. Commonly used commands are: add, delete, show and list. The default command is "list", or "help" if the object specified cannot be listed. Users can use
to get a list of all suppported commands.
Arguments are passed to the command. There are two kinds of arguments: the flag and the parameter. flag consists of a keyword, while the parameter consists of a keyword and a value. Each command has its own default argument, for example
ip link ls eth0
ip link ls dev eth0
To assign the address 192.168.2.2/24 to interface eth0:
ip addr add 192.168.1.1/24 dev eth0
To discard all datagram whose sources address is 192.168.2.0/24:
ip rule add from 192.168.2.0/24 prio 32777 reject
"ping" is used to check the status of network interfaces. All users can perform the check.
ping [-dfnqrRv][-c][-i][-I][-l][-p][-s][-t] Address
-d Set the SO_DEBUG option on the socket being used. -c Set the total count of response -f Flood ping with very short interval -i Wait interval seconds between sending each packet. -I Specify the network interface to use -l Sends preload packets of the specified number while not waiting for reply -n Numeric output only. -p Specify the pattern to fill out the packet -q Nothing is displayed except the summary lines at startup time and when finished. -r Bypass the normal routing tables and send directly to a host on an attached interface. -R Record the routing process in the packet. -s Specifies the number of data bytes to be sent. -t Set the IP Time to Live. -v Verbose output.
ping is the mostly used network command. It checks the connectivity of networks using UDP or ICMP. Sometimes we may find that a website can be visited through a browser, but cannot be reached by ping command. This is due to the firewall installed for the security concerns. We may also do a test on our own PCs:
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all ping 127.0.0.1
ping the public website on the Internet:
ping -c 5 www.google.com.hk/
ping the gateway:
ping -b 192.168.120.1
ping for a certain number of times:
ping -c 10 192.168.120.206
ping for a certain number of times with given intervals:
ping -c 10 -i 0.5 192.168.120.206
Use "netstat" to check the status of Linux networks.
-a, --all Show both listening and non-listening sockets -A Specifies the address families -c, --continuous print the selected information every second continuously -C, --cache Print routing information from the route cache. -e, --extend Display additional information. -F, --fib Print routing information from the FIB. -g, --groups Display multicast group membership information for IPv4 and IPv6. -h, --help Show help. -i, --interfaces Display a table of all network interfaces, or the specified iface. -l, --listening Show only listening sockets. -M, --masquerade Display a list of masqueraded connections. -n, --numeric Show numerical addresses instead of trying to determine symbolic host, port or user names. -N, --netlink--symbolic Show symbolic names of peripheral network devices. -o, --timers Include information related to networking timers. -p, --programs Show the PID and name of the program to which each socket belongs. -r, --route Display the kernel routing tables. -s, --statistice Display summary statistics for each protocol. -t, --tcp Show status of TCP connections. -u, --udp Show status of UDP connections. -v, --verbose Tell the user what is going on by being verbose. -w, --raw Show status of RAW connections. -x, --unix Similar to "-A unix". --ip, --inet Similar to "-A inet"
netstat can be used to view local network status, including opening ports, active users and service status. Besides, it provides the information about system route tables and interfaces status. By default, netstat show only the ports with established connections. To show all listened port, use "-a" option:
# netstat -a Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:32768 *:* LISTEN tcp 0 0 *:32769 *:* LISTEN tcp 0 0 *:nfs *:* LISTEN tcp 0 0 *:32770 *:* LISTEN tcp 0 0 *:868 *:* LISTEN tcp 0 0 *:617 *:* LISTEN tcp 0 0 *:mysql *:* LISTEN tcp 0 0 *:netbios-ssn *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:10000 *:* LISTEN tcp 0 0 *:http *:* LISTEN ......
The output above indicates that the host provides services like HTTP, FTP, NFS and MySQL
"telnet" is used to provide a terminal on the connection with a remote host. It also refers to the protocol used in remote login.
telnet [-8acdEfFKLrx][-b][-e][-k][-l][-n][-S][-X][Hostname or IP <Port>]
-8 Specify an 8-bit data path and try to negotiate the TELNET BINARY option on both input and output. -a Attempt automatic login. -b Specify the alias for the remote host. -c Disable the reading of the user's .telnetrc file. -d Start in debug mode. -e Set escape characters for telnet connections. -E Stop any character from being recognized as an escape character. -f Same as "-F" -F Forward a copy of the local credentials to the remote system when using Kerberos V5 authentication -k When using Kerberos V5 authentication, force telnet to obtain tickets for the remote host in the specified realm, instead of the remote host's realm -K Specify no automatic login to the remote system. -l Specify the user name for login. -L Specify an 8-bit data path on output. -n Open tracefile for recording trace information. -r Specify a user interface similar to rlogin. -S Set the IP type-of-service (TOS) option for the telnet connection to the specified value -x Turn on encryption of the data stream if supported. -X Disable the atype type of authentication.
Users can login to a remote host and communicate with them through telnet. The login process is just like that on the local machine. To "telnet" to a remote host, users must know the legal user name and password. Although some system may provide remote login for guests, the permission of guests is stricted for security concerns, thus with few functions allowed to use.
telnet simulates the traditional terminal, rather graphical environments like X-Window. When a remote user has logged in, the system will put him / her in a restricted shell, so that no damage can be caused intendedly or unintendedly. Users can also "telnet" from remote hosts to their own computers, then check emails, edit text and run programs, just like the local login.
"ftp" is a program used for remote file transfer. FTP is also the standard protocol for file transfer for ARPANet, the predecessor of the Internet.
ftp [-dignv][Hostname or IP]
-d Enables debugging. -i Turns off interactive prompting during multiple file transfers. -g Disables file name globbing. -n Disable auto-login. -v Forces ftp to show all responses from the remote server, as well as report on data transfer statistics.
ftp command is the standard inteface of file transfer protocol. It allows easy transfer of ASCII files and binary files between computers on a TCP/IP network. Users need to know a legal user name and a password for login to remote hosts before they can use ftp to exchange files. The user name / password pair is then used to verify the session and determine the access permission.
Users can use a ftp client to connect to a ftp server, where they can list directories, download and upload files. There are 72 internal ftp commands, and some commonly used commands are listed below:
ls List the content of the curreent directory cd Change the working directory on the remote host lcd Change the working directory on the local machine close Close current FTP session hash Show a hashtag every time the data buffer is cleared get(mget) Download files to the local machine put(mput) Upload files to the remote host quit Disconnect from the remote host and quit ftp program
"route" is used to generate, manipulate and view route tables.
route [-add][-net|-host] TargetAddress [netmask Mask] [[Device]Interface] route [-delete][-net|-host] TargetAddress [gw Gateway] [netmask Mask] [[Device]Interface]
-add Add a router -delete Delete a router -net Specify a network (instead of a host) as the target of a router -host Specify a host as the target of a router netmask Mask Specify the subnet mask for a router gw Gateway Specify the gateway for a router [[Device]Interface] Specify the inteface for a router
Users can use route command to set proper routers for Linux so that the system can communicate with other devices in the network. In order to establish a connection between devices in different subnets, either a router connecting two subnets or a gateway within two subnets is required.
In some cases, users need to manually set routers for Linux, so that: a machine in a local area network where a gateway accessible to the Internet is present can access the Internet through this gateway. The gateway here serves as a router for the machine in the LAN.
Use the following command to create a default router:
route add 0.0.0.0 192.168.1.1
"rlogin" is another program for remote login.
rlogin [ -8EKLdx ] [ -e Char ] [-k Realm ] [ - l Username ] Host
-8 allows an eight-bit input data path at all times; otherwise parity bits are stripped except when the remote side's stop and start characters are other than ^S/^Q. -E Stop escaping any character. When used with "-8", rlogin provides a totally explict connection -K Close all authentication. Only useful when connected to hosts that use Kerberos authentication -L Allows the rlogin session to be run in litout mode. -d Turn on socket debugging on the TCP sockets used for communication with the remote host. -e Specify the escape character. There is no space separating this option flag and the new escape character. -k Request rlogin to obtain tickets for the remote host in the specified realm instead of the remote host's realm as determined by krb_realmofhost. -x Turn on DES encryption for data passed via the rlogin session. This significantly reduces response time and significantly increases CPU utilization.
If a user has several accounts in different systems, then he / she need first register in these systems, and remote logins to the accouints. rlogin provides exactly this function for remote logins.
"rcp" is used for remote copy of files. All users can use it.
rcp [-px] [-k Realm] File1 File2 rcp [-px] [-r] [-k Realm] File
Options: -r Copy recursively all files in source directories to the target directory -p Attempt to preserve the modification times and modes of the source files in the copies, ignoring the umask. -k Obtain tickets for the remote host in specified realm instead of the remote host's realm as determined by krb_realmofhost -x Encrypt all information transferring between hosts.
"finger" is used to query the account information in a host, including the user name, the home direcotry, the stay time, the login time and the login shell. All user can use it.
finger [Options] [User] finger [Options] [User@Host]
-s Show information including login name, real name, terminal name, writing status, stay time and login time. -l Show extra information like home directory, login shell, mail status and the file content of .plan, .project , and .forward in the user's home directory -p Similar to "-l", except that the content of .plan and .project is not shown
To view the information of all logged in account:
$ finger Login Name Tty Idle Login Time Office Office Phone root root tty1 2 Dec 15 11 root root pts/0 1 Dec 15 11 root root *pts/1 Dec 15 11
mail is used to send emails for all users. Mail is also a mail program.
mail [-s Subject] [-c Address] [-b Address] mail -f [Mailbox] Mail [-u User]
-b Address List of addresses to send blind carbon copies to. -c Address List of addresses to send carbon copies to. -f [Mailbox] Read in the contents of the user's mailbox (or the specified file) for processing. -s Subject Specify the subject for the mail. -u User Reads the mailbox of the given user name.
"nslookup" is used to query the IP of a machine by its domain. All user can use it. Generally, it requires a domain name server to provide DNS service.
nslookup [IP or Domain]
To run nslookup in the interactive mode:
$ nslookup Default Server: name.cao.com.cn Address: 192.168.1.9 >
You can type the IP address or the domain to query, then press Enter. To quit the program, type "exit" and then press Enter.
You may also use this command to check if named service is running normally.
Common network management operations
Modify the host name
First modify the file /etc/hostname. Execute in terminal:
sudo gedit /etc/hostname
Delete the existing content and type the host name you preferred, save your changes and exit.
Then modify /etc/hosts.
sudo gedit /etc/hosts
Replace the host name after the IP "127.0.0.1" with the host name that you choose in the previous step, save your changes and exit.
Now reboot your computer for changes to take effect.
The Internet Protocol version 6 (IPv6) is the next generation protocol replacing IPv4. See wikipedia for more details about IPv6.
Test for IPV6
Two ways to test for the support of IPv6 of the current network environment:
Execute in terminal:
ifconfig, and see if any inet6 address is present
- Visit www.kame.net in a browser. If you see a walking turtle, then the local network has already supported the IPv6; otherwise, you will need to configure manually.
Configure the IPv6 network
Currently, most of the higher education institutions have network connections with IPv6 support. If you find the IPv6 netework is not working, try the following method.
sudo apt-get install miredo
and modify the hosts file:
sudo gedit /etc/hosts
Now reboot the networking service:
sudo /etc/init.d/networking restart
Some IPv6 sites that are commonly used:
IPv6 China: http://www.ipv6.net.cn/
IPv6 Google: http://ipv6.google.com/
Accelerate DNS resolving
dnsmasq provides DNS cache and DHCP services.
Frequently asked questions
Gibberish of Chinese characters in mud over Telnet
For example, when login to mud server through telnet
telnet 184.108.40.206 5555
There may be gibberish for Chinese characters. Use this
luit -encoding gbk telnet 220.127.116.11 5555
to login instead.
luit is a tool for conversion between different encodings. Usage:
luit -encoding SourceEncoding Command