Net-HOWTO

Da GolemWiki.
Jump to navigation Jump to search

Introduction

This is the first release of the GOLEM Network Howto, this document aims to be a sort of unofficial update of the Linux Networking Howto.

General Information about Networking

Sources of non-linux-specific network information

If you are looking for general TCP/IP networking information, here you can find some resources:

IPv4 Addresses

Ipv4-1.webp

Internet Protocol v4 Addresses are composed of 4 bytes (32 bit), each byte is converted to a decimal number (0-255) and bytes are separated by a . (dot), for this reason IPv4 addresses are limits to near 4 billions (232). Usually every network interface has its own IP address in a format like this: 192.168.0.5

Subnetting

Addresses in a network have some digits in common, that part is called the network portion of the address, the remaining numbers are called the host portion.

For example:

           -----------------  ---------------
           Host Address       192.168.0.23
           Network Portion    192.168.0.
           Host portion                .23
           -----------------  ---------------
           Network Address    192.168.0.0
           Broadcast Address  192.168.0.255
           -----------------  ---------------

Subnetting is a way to subdivide an TCP/IP network. The Classless Inter-Domain Routing (CIDR) is the current method for defining subnet, the IP address is followed by a prefix number between 0 and 32 that shows how many bits represent the network.

192.168.0.23/24 => network 192.168.0.0 - 192.168.0.255
192.168.0.23/16 => network 192.168.0.0 - 192.168.255.255

This method replace the obsolete classful network addressing architecture.

The maximum number of addresses of a network may be calculated as 232 − prefix number

CIDR Classful network mask Number of Hosts Typical use
/8 255.0.0.0 16777214 = 224 - 2 Largest IANA block allocation
/9 255.128.0.0 8388608 = 223
/10 255.192.0.0 4194304 = 222
/11 255.224.0.0 2097152 = 221
/12 255.240.0.0 1048576 = 220
/13 255.248.0.0 524288 = 219
/14 255.252.0.0 262144 = 218
/15 255.254.0.0 131072 = 217
/16 255.255.0.0 65536 = 216
/17 255.255.128.0 32768 = 215 ISP / large business
/18 255.255.192.0 16384 = 214 ISP / large business
/19 255.255.224.0 8192 = 213 ISP / large business
/20 255.255.240.0 4096 = 212 Small ISP / large business
/21 255.255.248.0 2048 = 211 Small ISP / large business
/22 255.255.252.0 1024 = 210
/23 255.255.254.0 512 = 29
/24 255.255.255.0 256 = 28 Large LAN
/25 255.255.255.128 128 = 27 Large LAN
/26 255.255.255.192 64 = 26 Small LAN
/27 255.255.255.224 32 = 25 Small LAN
/28 255.255.255.240 16 = 24 Small LAN
/29 255.255.255.248 8 = 2³ The smallest multi-host network
/30 255.255.255.252 4 = 2² Point-to-point links (glue network)
/31 255.255.255.254 2 = 21 Point-to-point network (RFC 3021)
/32 255.255.255.255 1 = 20 Single host

Traffic between subnets is guaranteed by routers.


IPv6 Addresses

IPv6

Network Configuration

Driver

Modern Linux distributions already include driver for most of LAN and WiFi devices. Otherwise try to upgrade your OS or compile and install a newer kernel.

Network tools

iproute2: IP Routing Utilities

nftables: Linux kernel packet control tool (firewall)

iputils: arping, clockdiff, ping, tracepath

Legacy tools

net-tools: configuration tools for Linux networking (arp, ifconfig, ipmaddr, iptunnel, mii-tool, nameif, netstat, plipconfig, rarp, route, slattach)

iptables: Linux kernel packet control tool (firewall)

Network Application Programs

Basic network applications, derived from the 4.4BSDLite2 distribution, are collected in the inetutils package: dnsdomainname, ftp, ftpd, hostname, ifconfig, ping, rcp, rlogin, rlogind, rsh, rshd, talk, talkd, telnet, telnetd, whois

Setup LAN Interfaces

Predictable Network Interface Names

Starting with v197 systemd assign fixed and predictable network interface names for all local network devices instead of the traditional eth0, eth1, wlan0 which may change after a reboot post kernel update. This feature simplify the system management and fix potential security implications e.g., changing firewall rules.

These names are based on hardware firmware/topology/location information and they stay fixed even if hardware is added or removed.

Prefix	Description
en	Ethernet
ib	InfiniBand
sl	Serial line IP (slip)
wl	Wireless local area network (WLAN)
ww	Wireless wide area network (WWAN)

eth0 could be renamed enp6s0: en (ethernet) + p6 (bus 6) + s0 (slot 0)

Manual managing

The following commands activates the enp6s0 interface with the IP 192.168.0.2, for the subnet 192.168.0.1-255, using the router-gateway 192.168.0.1

# ip addr add 192.168.0.2/24 dev enp6s0
# ip route add default via 192.168.0.1

Edit the /etc/resolv.conf file adding a list of DNS IP addresses for enabling the address resolution

nameserver 8.8.8.8
nameserver 1.1.1.1

For a non fixed IP address in a LAN with a DHCP server just run

# dhcpcd enp6s0

Useful commands

Show devices IP addresses

# ip addr

Show information of a specific interface

# ip addr show enp6s0

Add IP addresses on a device

# ip addr add 192.0.2.10/24 dev enp6s0

Delete a device IP

# ip addr delete 192.0.2.10/24 dev enp6s0

Enabling the interface enp6s0 without specifying an IP

# ip link set dev enp6s0 up

Disabling the interface enp6s0

# ip link set dev enp6s0 down

Set 192.168.0.2 as default gateway for the host

# ip route add default via 192.0.2.1

Add the gateway 192.168.0.1 route for the interfaces enp2s0 10.0.2.0

# ip route add 10.0.2.1/24 via 192.168.0.1 dev enp2s0

Remove the gateway 192.168.0.1 route for the interfaces enp2s0 10.0.2.0

# ip route del 10.0.2.0/24 via 192.168.0.1 dev enp2s0 

Show the routing table

# ip route show

Configuration Files

systemd-networkd is a system service, part of systemd, for the network configuration management.

Enable the systemd-networkd daemon

# systemctl enable --now systemd-networkd.service

Enable and set the DNS

# systemctl enable --now systemd-resolved.service
# ln -rsf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

DHCP

/etc/systemd/network/20-wired.network

[Match]
Name=enp1s0
[Network]
DHCP=yes

IP statico

/etc/systemd/network/20-wired.network

[Match]
Name=enp1s0
[Network]
Address=10.1.10.9/24
Gateway=10.1.10.1
DNS=10.1.10.1


Setup WLAN Interfaces

Rename a network interface

Create and edit a .link file

/etc/systemd/network/10-ethusb0.link

[Match]
MACAddress=12:34:56:78:90:ab
[Link]
Description=USB to Ethernet Adapter
Name=ethusb0

Sharing Internet connection

Abilitazione del forwarding dei pacchetti

$ sudo echo 1 > /proc/sys/net/ipv4/ip_forward

Per rendere il forwarding definitivo editare il file /etc/sysctl.conf modificando come segue il parametro net.ipv4.ip_forward:

net.ipv4.ip_forward = 1

Mascheramento dei pacchetti

$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

eth0 non è un parametro fisso, identifica l'interfaccia con la quale il PC si connette ad Internet

Per applicare automaticamente tale regola ad ogni riavvio

# iptables-save > /etc/iptables.ipv4.nat
# iptables-restore < /etc/iptables.ipv4.nat

Assicurarsi che siano caricati i seguenti moduli del kernel:

# modprobe ip_tables
# modprobe ip_conntrack
# modprobe iptable_nat
# modprobe ipt_MASQUERADE

Condivisione tramite rete ethernet

Assegnare un IP statico alla scheda ethernet con la quale si vuol condividere la connessione.

# ifconfig eth1 192.168.5.1 netmask 255.255.255.0 up

Per rendere tale configurazione permanente sarà necessario editare il file /etc/network/interfaces ed aggiungere la seguente configurazione

auto eth1
iface eth1 inet static
address 192.168.5.1
netmask 255.255.255.0

Condivisione tramite rete WI-FI

Configurazione scheda wireless

Se non si desidera cifrare la rete e proteggerla con una password sarà sufficiente eseguire questi comandi.

# iwconfig wlan0 mode Master
# iwconfig wlan0 ESSID ReteGOLEM
# iwconfig wlan0 enc off
# ifconfig wlan0 192.168.5.1 netmask 255.255.255.0 up

Proteggere la connessione WI-FI

Installare il programma hostapd

Configurare hostapd modificando /etc/hostapd/hostapd.conf

# Interfaccia di rete
interface=wlan0
# Driver della scheda wifi usata (non tutte le schede sono supportate)
driver=nl80211
# Nome della rete (SSID)
ssid=ReteGOLEM
hw_mode=g
# Canale di trasmissione
channel=6
macaddr_acl=0
# Righe per la protezione
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
# Password del wifi
wpa_passphrase=password
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

Editare il file /etc/default/hostapd per impostare hostapd.conf come file di configurazione predefinito, modificando la riga DAEMON_CONF="":

DAEMON_CONF="/etc/hostapd/hostapd.conf"

Assegnazione automatica degli IP ai client

Install dhcp

Editare /etc/dhcpd.conf aggiungendo la configurazione per la rete interna (es.: eth1 o wlan0):

subnet 192.168.5.0 netmask 255.255.255.0 {
range 192.168.5.100  192.168.5.200;
option domain-name-servers 8.8.8.8;
}

Riavviare il servizio

# systemctl restart dhcpd


https://wiki.golem.linux.it/Appunti_Arch_Linux#Networking

Firewall

Block ports, transparent proxy...

Routing Protocol

Bird Internet Routing Daemon

Bibliography

Linux Networking HOWTO