Scribd
Upload
25 views62 pages

9.)Lecture-5_Netfjxjjxjdjrworking Commands

The document outlines Linux networking commands and concepts, covering network devices, IP address configuration (both dynamic and static), command-line utilities for networking, important configuration files, and tools for network performance analysis. It also details commands for managing connectivity, ARP, routing, VLAN, and NAT firewall configurations. The course is instructed by Debjani Ghosh and aims to provide a comprehensive understanding of Linux networking.

Uploaded by

czaetvwp
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
25 views62 pages

9.)Lecture-5_Netfjxjjxjdjrworking Commands

The document outlines Linux networking commands and concepts, covering network devices, IP address configuration (both dynamic and static), command-line utilities for networking, important configuration files, and tools for network performance analysis. It also details commands for managing connectivity, ARP, routing, VLAN, and NAT firewall configurations. The course is instructed by Debjani Ghosh and aims to provide a comprehensive understanding of Linux networking.

Uploaded by

czaetvwp
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 62

Linux Networking Commands

Course Instructor: Debjani Ghosh


Outline

• Understanding Network Devices


• Configuring NIC IP address
• Configuring Networking with Command-line Utilities
• Important Files
• Tools and Network Performance Analysis
• Commands for Connectivity, ARP, Routing, Switching, VLAN, NAT
Firewall
Understanding Network Devices
• Network devices in Linux represent the physical or virtual interfaces
that allow the system to connect to networks.
• Some common network interface names include:
o eth0, eth1: Ethernet devices.
o wlan0, wlan1: Wireless devices.
o lo: Loopback device for local communication (localhost or 127.0.0.1).
Viewing
Network
Devices
• To view all network
devices, use:
• eth0 is the Ethernet
interface, and lo is the
loopback interface.
• You can also use
ifconfig, though it’s
deprecated in newer
distributions:
Configuring NIC (Network Interface Card) IP
Address
• Dynamic IP Address (Using DHCP)
• To configure an interface (like eth0) to use DHCP:

• This command sends a DHCP request to the network and automatically


assigns an IP address.
Configuring NIC (Network Interface Card) IP
Address
• Static IP Address Configuration (Temporary)
• To assign a static IP temporarily:

• Set the default gateway:


Configuring NIC
(Network Interface
Card) IP Address

• Static IP Address
(Permanent)
• For Debian-based
systems, you can
configure a static IP
in the
/etc/network/in
terfaces file:
• Restart the
networking service:
Configuring Networking with Command-line
Utilities
• Several utilities can help configure and view network settings:
• ip Command
o View IP addresses

o Add a new IP address


Configuring Networking with Command-line
Utilities
• Several utilities can help configure and view network settings:
• ip Command
o Remove an IP address

o View routing table


Configuring Networking with Command-line
Utilities
• Several utilities can help configure and view network settings:
• ifconfig (Deprecated but still available)
o View IP addresses and interfaces

o Assign an IP
Configuring Networking with Command-line
Utilities
• Several utilities can help configure and view network settings:
• nmcli (NetworkManager Command Line Interface)
o Show connections

o Configure a static IP
nmcli connection modify eth0 ipv4.addresses 192.168.1.100/24 ipv4.gateway 192.168.1.1 ipv4.dns
"8.8.8.8 8.8.4.4" ipv4.method manual

o Restart NetworkManager:
Important Files
• /etc/network/interfaces
o Used in older versions of Debian and Ubuntu for configuring network
interfaces.
• /etc/netplan/
o For newer Ubuntu versions, network configuration is managed using Netplan
YAML files.
• /etc/hosts
o This file maps IP addresses to hostnames locally, useful for resolving custom
hostnames without DNS.
Important Files
• /etc/resolv.conf
o Specifies DNS servers for name resolution. Manually editing this file is
discouraged if using tools like NetworkManager, as it can overwrite your
changes.

• /etc/hostname
o Stores the system’s hostname. You can change the hostname by editing this
file or using:
Tools and Network Performance Analysis
• ping
o Sends ICMP Echo Requests to test connectivity:

• traceroute
o Displays the path packets take to a network destination:
Tools and Network Performance Analysis
• netstat / ss (netstat is deprecated in favor of ss.)
o View open network connections and listening ports:

• tcpdump
• Network packet analyzer:
Tools and Network Performance Analysis
• iperf
o Network bandwidth testing tool between two systems:
1. Start the server

2. Run the client (replace server_ip with the server’s IP)


Tools and Network Performance Analysis
• nmap
o Network scanning tool to discover hosts and services on a network:
Commands for Connectivity, ARP, Routing,
Switching, VLAN, and NAT Firewall
• ARP (Address Resolution Protocol)
o View the ARP table:

o Add a static ARP entry:


Commands for Connectivity, ARP, Routing,
Switching, VLAN, and NAT Firewall
• Routing
o View routing table:

o Add a new route:


Commands for Connectivity, ARP, Routing,
Switching, VLAN, and NAT Firewall
• VLAN (Virtual Local Area Network)
o To configure a VLAN interface:
1. Install vlan package:

2. Create a VLAN interface on eth0

3. Bring the interface up


Commands for Connectivity, ARP, Routing,
Switching, VLAN, and NAT Firewall
• NAT Firewall (Using iptables)
o Configure a basic NAT firewall:

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

o To save the firewall rules:


Commands for Connectivity, ARP, Routing,
Switching, VLAN, and NAT Firewall
• NAT Firewall (Using iptables)
o Configure a basic NAT firewall:

• Explanation:
o -t nat: Use the NAT (Network Address Translation) table to modify packets.
o -A POSTROUTING: Add a rule to the POSTROUTING chain, which processes packets just before they leave
the system.
o -o eth0: Match packets going out through the eth0 interface (usually the wired network).
o -j MASQUERADE: This targets the MASQUERADE action, which rewrites the source IP address of packets to
the IP address of the outgoing interface (i.e., eth0). This is useful when sharing internet access from one
interface to another (like NAT in routers).
• Use case:
o You’re enabling NAT so that devices on your internal network (like wlan0) can access the internet through the
eth0 interface.
Commands for Connectivity, ARP, Routing,
Switching, VLAN, and NAT Firewall
• Command
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT

• Explanation:
o -A FORWARD: Append a rule to the FORWARD chain, which manages packets being routed between different
network interfaces.
o -i eth0: Match packets coming in through eth0.
o -o wlan0: Match packets going out through wlan0 (likely your wireless interface).
o -m state: Use the state module to track the connection state.
o --state RELATED,ESTABLISHED: This allows packets that are part of existing connections or related
connections.
o -j ACCEPT: Accept the packet (allow forwarding).
• Use case:
o This rule ensures that responses to outbound connections (like replies from a web server) can come back
through eth0 and reach the internal network via wlan0.
Commands for Connectivity, ARP, Routing,
Switching, VLAN, and NAT Firewall
• Command
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

• Explanation:
• -A FORWARD: Append a rule to the FORWARD chain to allow packet forwarding.
• -i wlan0: Match packets coming in through the wlan0 interface.
• -o eth0: Match packets going out through the eth0 interface.
• -j ACCEPT: Accept the packet (allow forwarding).
• Use case:
o This rule allows devices on your wireless network (connected to wlan0) to send
packets through the eth0 interface (e.g., to access the internet or other networks
via NAT).
Summary of NAT Commands
• These commands are configuring your system to act as a gateway
between two network interfaces (wlan0 and eth0), enabling internet
sharing and routing. Specifically:
• NAT allows outbound packets to appear as if they are coming from
eth0.
• FORWARD rules allow traffic to flow freely between wlan0 and
eth0.
Summary and More
Concepts
Linux Networking
Understanding Network Devices in Linux

• Linux networking devices


• Not shown in /dev directory
• Do not “exist” on system until appropriate device driver
installed in kernel
• Networking device
• Named channel over which network traffic can pass
• Device drivers for networking are kernel modules

27
Understanding Network Devices in Linux
(continued)
• Kernel modules can be loaded or unloaded while
Linux is running
• /dev/eth0
• First Ethernet card installed on system
• Media Access Control (MAC) address
• Unique address assigned by Ethernet card manufacturer

28
Understanding Network Devices in Linux
(continued)

• To obtain MAC address


• Host (switch) broadcasts message to entire network
segment using Address Resolution Protocol (ARP)
• Host with IP address responds directly to computer that
sent ARP request with MAC address
• Source host stores MAC address and IP address

29
Understanding Network Devices in Linux
(continued)

• arp command
• Display ARP cache
• Mapping of IP addresses to hardware addresses
• Used mainly for troubleshooting network connectivity
• Refreshed frequently

30
Configuration NIC IP address
• NIC: Network Interface Card
• Use “ifconfig” command to determine IP address, interface devices, and
change NIC configuration
• Any device use symbol to determine
• eth0: Ethernet device number 0
• eth1: ethernet device number 1
• lo : local loopback device
• Wlan0 : Wireless lan 0

31
Determining NIC IP Address

[root@tmp]# ifconfig -a

eth0 Link encap:Ethernet HWaddr 00:08:C7:10:74:A8


BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:11 Base address:0x1820

lo Link encap:Local Loopback


inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:787 errors:0 dropped:0 overruns:0 frame:0
TX packets:787 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:82644 (80.7 Kb) TX bytes:82644 (80.7 Kb)
32
Changing IP Address
• We could give this eth0 interface an IP address using the
ifconfig command.

[root@tmp]# ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up

• The "up" at the end of the command activates the


interface.

• To make this permanent at each boot up time, add this


command in /etc/rc.local file which is run at the end of
every reboot.

33
Permanent IP configuration

• Fedora Linux also makes life a little easier with interface


configuration files located in the /etc/sysconfig/network-
scripts directory.
• Interface eth0 has a file called ifcfg-eth0, eth1 uses ifcfg-
eth1, and so on.
• Admin can place your IP address information in these files

34
File formats for network-scripts
root@network-scripts]# less ifcfg-eth0

DEVICE=eth0
IPADDR=192.168.1.100
NETMASK=255.255.255.0

BOOTPROTO=static
ONBOOT=yes
#
# The following settings are optional
#
BROADCAST=192.168.1.255
NETWORK=192.168.1.0
[root@network-scripts]# 35
Getting the IP Address Using DHCP

[root@tmp]# cd /etc/sysconfig/network-scripts

[root@network-scripts]# less ifcfg-eth0

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes

[root@network-scripts]#

36
Activate config change
• After change, the values in the configuration files for the NIC you
must deactivate and activate it for the modifications to take effect.
• The ifdown and ifup commands can be used to do this:

[root@network-scripts]# ifdown eth0


[root@network-scripts]# ifup eth0

37
Multiple IP Addresses on a Single NIC(1)
[root@tmp]# ifconfig –a

wlan0 Link encap:Ethernet HWaddr 00:06:25:09:6A:B5


inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:47379 errors:0 dropped:0 overruns:0 frame:0
TX packets:107900 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:4676853 (4.4 Mb) TX bytes:43209032 (41.2 Mb)
Interrupt:11 Memory:c887a000-c887b000

wlan0:0 Link encap:Ethernet HWaddr 00:06:25:09:6A:B5


inet addr:192.168.1.99 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:11 Memory:c887a000-c887b000
38
Multiple IP Addresses on a Single NIC(2)

• In the previous slide, there were two wireless interfaces: wlan0


and wlan0:0.
• Interface wlan0:0 is a child interface of wlan0, a virtual
subinterface (an IP alias.)
• IP aliasing is one of the most common ways of creating
multiple IP addresses associated with a single NIC.
• Aliases have the name format parent-interface-name:X, where
X is the sub-interface number of your choice.
39
The process for creating an IP alias
• First ensure the parent real interface exists
• Verify that no other IP aliases with the same name exists with
the name you plan to use. In this we want to create interface
wlan0:0.
• Create the virtual interface with the ifconfig command

[ root@tmp]# ifconfig wlan0:0 192.168.1.99 netmask 255.255.255.0 up

• Shutting down the main interface also shuts down all its aliases
too. Aliases can be shutdown independently of other interfaces 40
The process for creating an IP alias
• Admin should also create a /etc/sysconfig/network-
scripts/ifcfg-wlan0:0 file
• so that the aliases will all be managed automatically
with the ifup and ifdown commands
DEVICE=wlan0:0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.99
NETMASK=255.255.255.0

• The commands to activate and deactivate the alias


interface would therefore be: [root@tmp]# ifup wlan0:0
[root@tmp]# ifdown wlan0:0 41
How to View Current Routing Table

• The netstat -nr command will provide the contents of the


touting table.
• Networks with a gateway of 0.0.0.0 are usually directly
connected to the interface.
• No gateway is needed to reach your own directly
connected interface, so a gateway address of 0.0.0.0
seems appropriate.
• The route with a destination address of 0.0.0.0 is your
default gateway
42
#natstat –nr command
[root@tmp]# netstat -nr

Kernel IP routing table


Destination Gateway Genmask Flags MSS Window irtt Iface
172.16.68.64 172.16.69.193 255.255.255.224 UG 40 0 0 eth1
172.16.11.96 172.16.69.193 255.255.255.224 UG 40 0 0 eth1
172.16.68.32 172.16.69.193 255.255.255.224 UG 40 0 0 eth1
172.16.67.0 172.16.67.135 255.255.255.224 UG 40 0 0 eth0
172.16.69.192 0.0.0.0 255.255.255.192 U 40 0 0 eth1
172.16.67.128 0.0.0.0 255.255.255.128 U 40 0 0 eth0
172.160.0 172.16.67.135 255.255.0.0 UG 40 0 0 eth0
172.16.0.0 172.16.67.131 255.240.0.0 UG 40 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
0.0.0.0 172.16.69.193 0.0.0.0 UG 40 0 0 eth1
[root@tmp]#

43
How to Change Default Gateway
[root@tmp]# route add default gw 192.168.1.1 wlan0

• In this case, make sure that the router/firewall with IP address


192.168.1.1 is connected to the same network as interface
wlan0
• Once done, we'll need to update “/etc/sysconfig/network” file
to reflect the change. This file is used to configure your default
gateway each time Linux boots.

NETWORKING=yes
HOSTNAME=bigboy
GATEWAY=192.168.1.1 44
How to Delete a Route

[root@tmp]# route del -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254 wlan0

45
Linux router

• Router/firewall appliances that provide basic Internet connectivity


for a small office or home network are becoming more affordable
every day
• when budgets are tight you might want to consider modifying an
existing Linux server to be a router

46
Configuring IP Forwarding
• For your Linux server to become a router, you have
to enable packet forwarding.
• In simple terms packet forwarding enables packets
to flow through the Linux server from one network
to another.
• The Linux kernel configuration parameter to activate
this is named net.ipv4.ip_forward and can be found
in the file /etc/sysctl.conf.
• Remove the "#" from the line related to packet
forwarding.
47
/etc/sysctl.conf changing
Before: # Disables packet forwarding

net.ipv4.ip_forward=0

After: # Enables packet forwarding

net.ipv4.ip_forward=1

• To activate the feature immediately you


must force Linux to read the [root@tmp]# sysctl -p
/etc/sysctl.conf file with the sysctl
command using the -p switch
48
Configuring /etc/hosts File
• The /etc/hosts file is just a list of IP addresses and their corresponding
server names.
• Your server will typically check this file before referencing DNS. If the
name is found with a corresponding IP address, then DNS won't be
queried at all.
• Unfortunately, if the IP address for that host changes, you also must also
update the file. This may not be much of a concern for a single server
but can become laborious if it must be done companywide.
• Use a centralized DNS server to handle most of the rest.
• Sometimes we might not be the one managing the DNS server, and in
such cases, it may be easier to add a quick /etc/hosts file entry till the
centralized change can be made.
49
/etc/hosts

192.168.1.101 smallfry
• You can also add aliases to the end of the line which enable
you to refer to the server using other names.
• Here we have set it up so that smallfry can also be accessed
using the names tiny and littleguy.

192.168.1.101 smallfry tiny littleguy


50
/etc/hosts

• You should never have an IP address more than once


in this file because Linux will use only the values in the
first entry it finds.

192.168.1.101 smallfry # (Wrong)


192.168.1.101 tiny # (Wrong)
192.168.1.101 littleguy # (Wrong)

51
Using ping to Test Network Connectivity
• The Linux ping command will send continuous pings, once a second, until
stopped with a Ctrl-C.
• Here is an example of a successful ping to the server bigboy at 192.168.1.100
[root@smallfry tmp]# ping 192.168.1.101
PING 192.168.1.101 (192.168.1.101) from 192.168.1.100 : 56(84) bytes of data.
64 bytes from 192.168.1.101: icmp_seq=1 ttl=128 time=3.95 ms
64 bytes from 192.168.1.101: icmp_seq=2 ttl=128 time=7.07 ms
64 bytes from 192.168.1.101: icmp_seq=3 ttl=128 time=4.46 ms
64 bytes from 192.168.1.101: icmp_seq=4 ttl=128 time=4.31 ms

--- 192.168.1.101 ping statistics ---


4 packets transmitted, 4 received, 0% loss, time 3026ms
rtt min/avg/max/mdev = 3.950/4.948/7.072/1.242 ms

[root@smallfry tmp]# 52
Using ping to Test Network Connectivity
•Most servers will respond to a ping query it
becomes a very handy tool.
•A lack of response could be due to:
• A server with that IP address doesn't exist
• The server has been configured not to respond to pings
• A firewall or router along the network path is blocking ICMP
traffic
• You have incorrect routing. Check the routes and subnet masks
on both the local and remote servers and all routers in
between.
• Either the source or destination device having an incorrect IP
address or subnet mask.
53
Configuring Networking with Command-line
Utilities
• ifconfig command
• Set up network configuration in Linux kernel
• Parameters include:
• Network interface
• IP address assigned to interface
• Network mask
• Syntax
• ifconfig device ip_address netmask address broadcast address
• $ ifconfig eth0
54
Configuring Networking with Command-line
Utilities (continued)

• Packet: Unit of data that network card transmits


• Broadcast address sends packet to all computers on
same part of network
• Maximum transmission unit (MTU)
• Maximum size of packet interface supports

55
Configuring Networking with Command-line
Utilities (continued)
• View status of interface: ifconfig eth0
• Stop Ethernet interface: ifconfig eth0 down
• Start Ethernet interface: ifconfig eth0 up
• Routing table tells networking software where to send packets that are not
part of local network
• A real example of configuring an Ethernet card at the command line might
look like this:
• # ifconfig eth0 192.168 . 100.1 netmask 255.255.255.0 broadcast 192. 168.100.255

56
Configuring Networking with Command-line
Utilities (continued)
• route command
• View or configure routing table within kernel
• Executed at boot time when networking initialized
• Output information for addresses
• 192.168.100.0 (eth0 IP address)
• 127.0.0.0
• Other

57
Configuring Networking with Command-line
Utilities (continued)
• Route command output
• Destination – Ref
• Gateway – Use
• Genmask – Iface
• Flags
• Add route example:
• route add -net 192.168.100.0 netmask 255.255.255.0 dev eth0
• This command adds a default gateway route,
• # route add default gw 192.168.100.5

58
Configuring Networking with Command-line
Utilities (continued)
• service command
• Start or stop networking
• Relies on script /etc/rc.d/init.d/network
• /etc/sysconfig/networking/devices configuration directory
• Contains file for each network device
• ifcfg-eth0 file
• Used by /etc/rc.d/init.d/network script
• As it executes ifconfig and route commands

59
Changing IP Address/Other Parameters

• Change the information in /etc/sysconfig/network-


scripts/ifcfg-eth0
• Execute this command:
• # service network restart

60
Configuring Networking with Command-line
Utilities (continued)

• ifup and ifdown scripts manage single interface, rather than all network
interfaces
• Example:
• # ./ifup eth0
• # ./ifdown eth0
• Some systems have two or more physical network devices

61
Configuring Networking with Command-line
Utilities (continued)

• IP forwarding
• Allows packets to be passed between network interfaces
• Required for any router
• To enable:
• # echo 1 > /proc/sys/net/ipv4/ip_forward

62

You might also like