Net-HOWTO
Introduction
This is the first release of the GOLEM Network Howto, this document aims to be a sort of unofficial update of the Linux Networking Howto.
General Information about Networking
Sources of non-linux-specific network information
If you are looking for general TCP/IP networking information, here you can find some resources:
IPv4 Addresses
Internet Protocol v4 Addresses are composed of 4 bytes (32 bit), each byte is converted to a decimal number (0-255) and bytes are separated by a . (dot), for this reason IPv4 addresses are limits to near 4 billions (232). Usually every network interface has its own IP address in a format like this: 192.168.0.5
Subnetting
Addresses in a network have some digits in common, that part is called the network portion of the address, the remaining numbers are called the host portion.
For example:
----------------- --------------- Host Address 192.168.0.23 Network Portion 192.168.0. Host portion .23 ----------------- --------------- Network Address 192.168.0.0 Broadcast Address 192.168.0.255 ----------------- ---------------
Subnetting is a way to subdivide an TCP/IP network. The Classless Inter-Domain Routing (CIDR) is the current method for defining subnet, the IP address is followed by a prefix number between 0 and 32 that shows how many bits represent the network.
192.168.0.23/24 => network 192.168.0.0 - 192.168.0.255 192.168.0.23/16 => network 192.168.0.0 - 192.168.255.255
This method replace the obsolete classful network addressing architecture.
The maximum number of addresses of a network may be calculated as 232 − prefix number
CIDR | Classful network mask | Number of Hosts | Typical use |
---|---|---|---|
/8 | 255.0.0.0 | 16777214 = 224 - 2 | Largest IANA block allocation |
/9 | 255.128.0.0 | 8388608 = 223 | |
/10 | 255.192.0.0 | 4194304 = 222 | |
/11 | 255.224.0.0 | 2097152 = 221 | |
/12 | 255.240.0.0 | 1048576 = 220 | |
/13 | 255.248.0.0 | 524288 = 219 | |
/14 | 255.252.0.0 | 262144 = 218 | |
/15 | 255.254.0.0 | 131072 = 217 | |
/16 | 255.255.0.0 | 65536 = 216 | |
/17 | 255.255.128.0 | 32768 = 215 | ISP / large business |
/18 | 255.255.192.0 | 16384 = 214 | ISP / large business |
/19 | 255.255.224.0 | 8192 = 213 | ISP / large business |
/20 | 255.255.240.0 | 4096 = 212 | Small ISP / large business |
/21 | 255.255.248.0 | 2048 = 211 | Small ISP / large business |
/22 | 255.255.252.0 | 1024 = 210 | |
/23 | 255.255.254.0 | 512 = 29 | |
/24 | 255.255.255.0 | 256 = 28 | Large LAN |
/25 | 255.255.255.128 | 128 = 27 | Large LAN |
/26 | 255.255.255.192 | 64 = 26 | Small LAN |
/27 | 255.255.255.224 | 32 = 25 | Small LAN |
/28 | 255.255.255.240 | 16 = 24 | Small LAN |
/29 | 255.255.255.248 | 8 = 2³ | The smallest multi-host network |
/30 | 255.255.255.252 | 4 = 2² | Point-to-point links (glue network) |
/31 | 255.255.255.254 | 2 = 21 | Point-to-point network (RFC 3021) |
/32 | 255.255.255.255 | 1 = 20 | Single host |
Traffic between subnets is guaranteed by routers.
IPv6 Addresses
Network Configuration
Driver
Modern Linux distributions already include driver for most of LAN and WiFi devices. Otherwise try to upgrade your OS or compile and install a newer kernel.
Network tools
iproute2: IP Routing Utilities
nftables: Linux kernel packet control tool (firewall)
iputils: arping, clockdiff, ping, tracepath
Legacy tools
net-tools: configuration tools for Linux networking (arp, ifconfig, ipmaddr, iptunnel, mii-tool, nameif, netstat, plipconfig, rarp, route, slattach)
iptables: Linux kernel packet control tool (firewall)
Network Application Programs
Basic network applications, derived from the 4.4BSDLite2 distribution, are collected in the inetutils package: dnsdomainname, ftp, ftpd, hostname, ifconfig, ping, rcp, rlogin, rlogind, rsh, rshd, talk, talkd, telnet, telnetd, whois
Setup LAN Interfaces
Predictable Network Interface Names
Starting with v197 systemd assign fixed and predictable network interface names for all local network devices instead of the traditional eth0, eth1, wlan0 which may change after a reboot post kernel update. This feature simplify the system management and fix potential security implications e.g., changing firewall rules.
These names are based on hardware firmware/topology/location information and they stay fixed even if hardware is added or removed.
Prefix Description en Ethernet ib InfiniBand sl Serial line IP (slip) wl Wireless local area network (WLAN) ww Wireless wide area network (WWAN)
eth0 could be renamed enp6s0: en (ethernet) + p6 (bus 6) + s0 (slot 0)
Manual managing
The following commands activates the enp6s0 interface with the IP 192.168.0.2, for the subnet 192.168.0.1-255, using the router-gateway 192.168.0.1
# ip addr add 192.168.0.2/24 dev enp6s0 # ip route add default via 192.168.0.1
Edit the /etc/resolv.conf file adding a list of DNS IP addresses for enabling the address resolution
nameserver 8.8.8.8 nameserver 1.1.1.1
For a non fixed IP address in a LAN with a DHCP server just run
# dhcpcd enp6s0
Useful commands
Show devices IP addresses
# ip addr
Show information of a specific interface
# ip addr show enp6s0
Add IP addresses on a device
# ip addr add 192.0.2.10/24 dev enp6s0
Delete a device IP
# ip addr delete 192.0.2.10/24 dev enp6s0
Enabling the interface enp6s0 without specifying an IP
# ip link set dev enp6s0 up
Disabling the interface enp6s0
# ip link set dev enp6s0 down
Set 192.168.0.2 as default gateway for the host
# ip route add default via 192.0.2.1
Add the gateway 192.168.0.1 route for the interfaces enp2s0 10.0.2.0
# ip route add 10.0.2.1/24 via 192.168.0.1 dev enp2s0
Remove the gateway 192.168.0.1 route for the interfaces enp2s0 10.0.2.0
# ip route del 10.0.2.0/24 via 192.168.0.1 dev enp2s0
Show the routing table
# ip route show
Configuration Files
systemd-networkd is a system service, part of systemd, for the network configuration management.
Enable the systemd-networkd daemon
# systemctl enable --now systemd-networkd.service
Enable and set the DNS
# systemctl enable --now systemd-resolved.service # ln -rsf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
DHCP
/etc/systemd/network/20-wired.network
[Match] Name=enp1s0 [Network] DHCP=yes
IP statico
/etc/systemd/network/20-wired.network
[Match] Name=enp1s0 [Network] Address=10.1.10.9/24 Gateway=10.1.10.1 DNS=10.1.10.1
Setup WLAN Interfaces
Rename a network interface
Create and edit a .link file
/etc/systemd/network/10-ethusb0.link
[Match] MACAddress=12:34:56:78:90:ab [Link] Description=USB to Ethernet Adapter Name=ethusb0
Sharing Internet connection
Abilitazione del forwarding dei pacchetti
$ sudo echo 1 > /proc/sys/net/ipv4/ip_forward
Per rendere il forwarding definitivo editare il file /etc/sysctl.conf modificando come segue il parametro net.ipv4.ip_forward:
net.ipv4.ip_forward = 1
Mascheramento dei pacchetti
$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
eth0 non è un parametro fisso, identifica l'interfaccia con la quale il PC si connette ad Internet
Per applicare automaticamente tale regola ad ogni riavvio
# iptables-save > /etc/iptables.ipv4.nat # iptables-restore < /etc/iptables.ipv4.nat
Assicurarsi che siano caricati i seguenti moduli del kernel:
# modprobe ip_tables # modprobe ip_conntrack # modprobe iptable_nat # modprobe ipt_MASQUERADE
Condivisione tramite rete ethernet
Assegnare un IP statico alla scheda ethernet con la quale si vuol condividere la connessione.
# ifconfig eth1 192.168.5.1 netmask 255.255.255.0 up
Per rendere tale configurazione permanente sarà necessario editare il file /etc/network/interfaces ed aggiungere la seguente configurazione
auto eth1 iface eth1 inet static address 192.168.5.1 netmask 255.255.255.0
Condivisione tramite rete WI-FI
Configurazione scheda wireless
Se non si desidera cifrare la rete e proteggerla con una password sarà sufficiente eseguire questi comandi.
# iwconfig wlan0 mode Master # iwconfig wlan0 ESSID ReteGOLEM # iwconfig wlan0 enc off # ifconfig wlan0 192.168.5.1 netmask 255.255.255.0 up
Proteggere la connessione WI-FI
Installare il programma hostapd
Configurare hostapd modificando /etc/hostapd/hostapd.conf
# Interfaccia di rete interface=wlan0 # Driver della scheda wifi usata (non tutte le schede sono supportate) driver=nl80211 # Nome della rete (SSID) ssid=ReteGOLEM hw_mode=g # Canale di trasmissione channel=6 macaddr_acl=0 # Righe per la protezione auth_algs=1 ignore_broadcast_ssid=0 wpa=2 # Password del wifi wpa_passphrase=password wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
Editare il file /etc/default/hostapd per impostare hostapd.conf come file di configurazione predefinito, modificando la riga DAEMON_CONF="":
DAEMON_CONF="/etc/hostapd/hostapd.conf"
Assegnazione automatica degli IP ai client
Install dhcp
Editare /etc/dhcpd.conf aggiungendo la configurazione per la rete interna (es.: eth1 o wlan0):
subnet 192.168.5.0 netmask 255.255.255.0 { range 192.168.5.100 192.168.5.200; option domain-name-servers 8.8.8.8; }
Riavviare il servizio
# systemctl restart dhcpd
https://wiki.golem.linux.it/Appunti_Arch_Linux#Networking
Firewall
Block ports, transparent proxy...