Networking Overview
Configuration files are located in /etc/network/interfaces. To test networking, use nmcli.
Dynamic IP vs Static IP
- Dynamic IP: Assigned by a DHCP server.
- Static IP: Manually set by the administrator.
Managing Network Services
systemctl status servicename
systemctl start | stop servicename
Finding Network Connection Information
- List all adapters:
ip a - Predictable interface names:
- Onboard: eno1, eno2
- PCI hotplug: ens1, ens2
- PCI card: enp0s3, enpp1s2
- WLAN/WiFi: wlp1s3
- MAC address-based: enx1a2b3c4d5e6f
Configuring Dynamic Address with Network Manager
- Check network manager status:
nmcli -d - Delete a connection:
nmcli c del "Connection name" - Edit or create a connection:
nmcli c e [connection name]
nmcli UI Commands
help- Show properties:
print ipv4 - Show property details:
describe method - Set automatic IP:
set ipv4.method auto - Set DNS server:
set ipv4.dns 8.8.8.8 - Save changes:
save - List all current connections:
print connection - Assign connection to adapter:
set connection.interface-name enp0s3 - Exit UI:
quit
Configuring Static IP Address
- Manually create a connection:
nmcli c e
nmcli UI Commands
set ipv4.method manual
set ipv4.addresses 10.0.2.10/24
set ipv4.gateway 10.0.0.1
- Edit
/etc/network/interfacesfor static IP:
auto enp0s3
iface enp0s3 inet static
address 10.0.2.20/24
gateway 10.0.2.1
dns-nameservers 8.8.8.8
- Restart the network service:
systemctl restart NetworkManager
systemctl restart networking
Configuring a Firewall
- Enable firewall:
sudo ufw enable - Check firewall status:
sudo ufw status verbose - Reject traffic on port 3000:
sudo ufw reject 3000 - Allow traffic on port 3000:
sudo ufw allow 3000 - Delete a rule:
sudo ufw delete allow 3000 - Allow traffic from a specific machine:
ufw allow proto tcp from 10.0.2.6 to 10.0.2.20 port 3000
Firewall rules are stored in /etc/ufw/.
Configuring IP Forwarding
cat /proc/sys/net/ipv4/ip_forward
sudo sysctl -w net.ipv4.ip_forward=1
- Permanently enable IP forwarding in
/etc/sysctl.conf
Network Address Translation (NAT)
- Reserved private networks:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
Configuring NAT in the Firewall
- Modify
/etc/default/ufw: ChangeDEFAULT_FORWARD_POLICY="DROP"to"ACCEPT". - Edit
/etc/ufw/before.rules:
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.0.2.0/24 -o enp0s8 -j MASQUERADE
COMMIT
- Restart the firewall:
sudo ufw disable
sudo ufw enable
Routing Traffic
- Check system routes:
ip route - Create a temporary route:
ip route add 10.0.3.0/24 via 10.0.2.6 - Permanent route in
/etc/network/interfaces:
up route add 10.0.3.0/24 via 10.0.2.6
- Permanent route using NetworkManager:
nmcli connection modify ConnectionName ipv4.routes "10.0.3.0/24 10.0.2.6"
Configuring Network Tunneling
- GRE Tunnel Example:
Router 1:
ip tunnel add mytunnel0 mode gre remote 87.65.43.21 local 12.34.56.78 ttl 255
ip link set mytunnel0 up
ip address add 10.1.0.1/24 dev mytunnel0
Router 2:
ip tunnel add mytunnel0 mode gre remote 12.34.56.78 local 87.65.43.21 ttl 255
ip link set mytunnel0 up
Time Synchronization
- Check NTP status:
chronyc sources - Check system time:
timedatectl - Modify
/etc/chrony/chrony.confto allow other servers - Restart chrony service:
sudo systemctl restart chrony - Open NTP port in firewall:
sudo ufw allow 123
Network Monitoring Tools
iftop- Monitor traffic per hostnethogs- Monitor traffic per processss- Show open ports and connections
ss Utility Examples
ss -u # Show active connections
ss -tl # Show listening TCP connections
ss -ul # Show listening UDP connections
ss -ulnp # Show which process is responsible for the connection
Conclusion
This guide covers essential Linux network administration, including IP configuration, firewall management, NAT, routing, tunneling, and network monitoring. Mastering these concepts ensures efficient and secure network management on Linux systems.