Linux/Netzwerk/Konfiguration: Unterschied zwischen den Versionen

Aus Foxwiki
Keine Bearbeitungszusammenfassung
 
(17 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 2: Zeile 2:


== Beschreibung ==
== Beschreibung ==
; Tipp
; 3 ways to configure the network
# The interfaces configuration file at /etc/network/interfaces (this page): for basic or simple configurations (e.g. workstation)
# [https://wiki.debian.org/NetworkManager NetworkManager]: This is the default for Laptop configuration
# Systemd: [https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_modern_network_configuration_without_gui Debian reference Doc Chapter 5]
 
: Bezüglich einer aktuellen Anleitung für Debian zum Thema Netzwerk lesen Sie [https://www.debian.org/doc/manuals/debian-handbook/sect.network-config Debian Administratorhandbuch — Konfigurieren des Netzwerks]
: Bezüglich einer aktuellen Anleitung für Debian zum Thema Netzwerk lesen Sie [https://www.debian.org/doc/manuals/debian-handbook/sect.network-config Debian Administratorhandbuch — Konfigurieren des Netzwerks]


Zeile 9: Zeile 13:
:* siehe <tt>[[systemd-networkd]](8)</tt>
:* siehe <tt>[[systemd-networkd]](8)</tt>


== /etc/network/interfaces ==
<noinclude>
The file''' /etc/network/interfaces '''available in Debian and its derived distributions allows to define static and dynamic IP addresses for the interfaces, setup routing information and default gateways, masquerading network bonding and more.
 
The default '''''interfaces''''' file looks like the following:
 
[[Image:Bild12.png|top]]Where '''auto '''starts the interface at boot and '''iface''' calls the network interface (in this case lo, loopback). All lines beginning with&nbsp;“'''auto'''” specify the interfaces which will be enabled when running “'''''ifup -a'''''”, a command executed at boot.
 
Lines beginning with “iface” have the following syntax
iface&nbsp;<interface>&nbsp;<address_family>&nbsp;<method>
 
For example
iface enp2s0 inet dhcp
 
The following example shows how to setup a network card using DHCP:
 
==== Setting up an interface with DHCP by editing the /etc/network/interfaces: ====
To add a new interface using DHCP, add the following lines:
auto <Interface>allow-hotplug <Interface>iface <Interface> inet dhcp
 
[[Image:Bild13.png|top]]Where '''allow-hotplug''' will start the interface upon event detection.
 
; Note:''' for IPv6 add “'''inet6'''”: '''''iface <interface> inet6 dhcp''
 
Where '''<interface>''' you should set your device name, '''eth0''', '''enp2s0''', '''wlp3s0''', etc.
 
==== Setting up an interface with static address by editing the /etc/network/interfaces: ====
If instead of configuring the interface with DHCP you want to set a static IP address and gateway replace the previous instructions with the following (replace '''192.168.0.8/24''' and '''192.168.0.1 '''with your correct IP addresses):auto <Interface>iface <Interface> inet staticaddress 192.168.0.1netmask 255.255.255.0gateway 192.168.0.1dns-nameservers 8.8.8.8
 
[[Image:Bild14.png|top]]Defining gateway and broadcast is optional.The following example shows a different configuration which runs after the network interface is enabled (up) or disabled (down). The “'''''up'''''” lines are executed when the device is enabled while the “'''''down”''''' lines when it is disabled:
 
auto eth0iface eth0 inet staticaddress 192.168.0.5network 192.168.0.0netmask 255.255.255.128broadcast 192.168.0.0up route add -net 192.168.0.128 netmask 255.255.255.0 gw 192.168.0.1up route add default gw 192.168.0.200down route del default gw 192.168.0.200down route del -net 192.168.0.128 netmask 255.255.255.128 gw 192.168.0.1
 
[[Image:Bild15.png|top]]
 
==== Setting up a network card with 2 interfaces: ====
The following example below shows a static configuration for a network card with two interfaces:
 
auto eth0 eth0:1iface eth0 inet staticaddress 192.168.0.5network 192.168.0.0netmask 255.255.255.0broadcast 192.168.0.255gateway 192.168.0.1iface eth0:1 inet staticaddress 192.168.0.10network 192.168.0.0netmask 255.255.255.0
 
[[Image:Bild16.png|top]]As you can see in this way you can assign multiple IP addresses to a single network interface.
 
==== Configure network bonding by editing the /etc/network/interfaces: ====
The following example shows my previous bonding mode 1 configuration within the /etc/network/interfaces file, I will leave interfaces with their names for easier understanding:
 
auto enp2s0iface enp2s0 inet manualbond-master bond0bond-primary enp2s0 wlp3s0&nbsp;auto wlp3s0iface wlp3s0 inet manualbond-master bond0bond-primary enp2s0 wlp3s0wpa-ssid 'LinuxHint'wpa-bssid '14:CF:E2:2A:EF:00'wpa-psk&nbsp;'972537288765'auto bond0iface bond0 inet dhcpbond-slaves nonebond-mode active-backupbond-miimon 100bond-downdelay 200bond-updelay 200
 
[[Image:Bild17.png|top]]A network bonding configuration with static IP instead of DHCP would have the last block like:
 
iface bond0 inet staticaddress 192.168.0.54netmask 255.255.255.0network 192.168.0.0gateway 192.168.0.1
 
[[Image:Bild18.png|top]]You can run the following command to make sure bonding is working properly:# cat /proc/net/bonding/bond0
 
[[Image:Bild19.png|top]]
 
Source of examples: [https://linuxhint.com/linux_network_bonding/ How to do Linux Network Bonding]
 
==== Enable logging for the file /etc/network/interfaces: ====
There are 3 options related to the logging:
 
; VERBOSE: '''instructs log files to have detailed information.'''DEBUG: '''enable debugging when logging.'''SYSLOG: save logs within /var/log/syslog.
 
[[Image:Bild20.png|top]]'''Pre-up commands for /etc/network/interfaces:''' Pre-up commands are executed before enabling the network device. If the pre-up command fails the network card activation wont take place.
 
; Post-up instructions for /etc/network/interfaces: Post-up instructions are executed after the network interface is enabled.
 
; Pre-down instructions for /etc/network/interfaces:''' Pre-down instructions are executed before disabling the network device.'''Post-down instructions for /etc/network/interfaces: Post-down instructions are executed after the network interface is disabled.
 
Pre-up, pre-down, post-up and post-down flags are conditional, if they ail the network device won’t get enabled or won’t be properly marked as disabled.
 
For example, the instruction:
 
pre-up /usr/local/sbin/iptables
 
Will run the firewall before the network interface gets enabled, if iptables fails to start the network interface wont turn on.
 
Quelle: https://linuxhint.com/debian_etc_network_interfaces/
 
== 3 ways to configure the network ==
* The interfaces configuration file at /etc/network/interfaces (this page): for basic or simple configurations (e.g. workstation)
* [https://wiki.debian.org/NetworkManager NetworkManager]: This is the default for Laptop configuration
* Systemd: [https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_modern_network_configuration_without_gui Debian reference Doc Chapter 5]
 
 
== Setting up an Ethernet Interface ==
The majority of network setup can be done via the <tt>'''interfaces'''</tt> configuration file at <tt>'''/etc/network/interfaces'''</tt>. Here, you can give your network card an IP address (or use dhcp), set up routing information, configure IP masquerading, set default routes and much more.
 
Remember to add interfaces that you want brought up at boot time to the 'auto' line.
 
See <tt>'''man&nbsp;interfaces'''</tt> for more options.
 
 
=== Starting and Stopping Interfaces ===
Interfaces configured with <tt>/etc/network/interfaces</tt> can be brought up and down with the [https://manpages.debian.org/man/ifup ifup] and [https://manpages.debian.org/man/ifdown ifdown] commands.
 
Some outdated guides instruct to restart the networking service to apply changes to <tt>/etc/network/interfaces</tt>, however this was deprecated because it is possible that not all interfaces will be restarted. Instead use <tt>ifup</tt> and <tt>ifdown</tt> to apply changes to each interface, for example with an interface named enp7s0:
 
# ifdown enp7s0
# ifup enp7s0
 
 
=== Reinitialize new network setup ===
If you make more fundamental network changes e.g. adding new virtual interfaces (e.g. bridge) in <tt>/etc/network/interfaces</tt> you can reinitialize the network-configuration be restarting the <tt>networking</tt> daemon:
 
# systemctl status networking
# systemctl restart networking
 
 
=== Benennung von Netzwerkschnittstellen ===
Siehe [https://wiki.debian.org/NetworkInterfaceNames NetworkInterfaceNames]. Seit Stretch verwenden neue Systeme standardmäßig keine Schnittstellennamen im alten Stil wie eth0, eth1, wlan0, wlan1 mehr. Das neue System verwendet Namen, die auf dem Hardware-Standort basieren, wie eno0, enp0s31f6, wlp1s7 (oder im Fall von USB-Dongles die MAC-Adresse: enx2c56ac39ec0d).
 
Sie können Schnittstellen auflisten mit:
ls /sys/class/net
 
In den folgenden Beispielen wird weiterhin „eth0“ als Standard-Schnittstellenname verwendet, obwohl dieser auf einem modernen System wahrscheinlich nicht existiert.
 
==== Upgrade und Netzwerkschnittstellennamen ====
Stretch und Buster unterstützen weiterhin das alte Benennungssystem, solange die Datei <tt>/etc/udev/rules.d/70-local-persistent-net.rules</tt> noch vorhanden ist. Benutzern wird jedoch empfohlen, vor dem Upgrade auf Bullseye umzustellen.
 
=== Using DHCP to automatically configure the interface ===
If you're just using DHCP then all you need is something like:
 
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp
 
For DHCPv6 (used for IPv6), '''append''' also the following <tt>iface</tt> stanza
 
iface eth0 inet6 dhcp
 
Alternatively, IPv6 can be autoconfigured using ''stateless address autoconfiguration,'' or SLAAC, which is specified using <tt>auto</tt> instead of <tt>dhcp</tt> in the <tt>inet6</tt> stanza:
 
iface eth0 inet6 auto
 
Also see [https://wiki.debian.org/IPv6PrefixDelegation IPv6PrefixDelegation].
 
 
=== Configuring the interface manually ===
If you're configuring it manually then something like this will set the default gateway (network, broadcast and gateway are optional):
 
auto eth0
iface eth0 inet static
address 192.0.2.7/24
gateway 192.0.2.254
 
If you want to add an IPv6 address, too, '''append''' something like:
 
iface eth0 inet6 static
address 2001:db8::c0ca:1eaf/64
gateway 2001:db8::1ead:ed:beef
 
See <tt>'''man&nbsp;interfaces'''</tt> for more options.
 
Make sure to disable all DHCP services, e.g. <tt>dhcpcd</tt>.
 
Mixing manual and automatic configuration is also possible, e.g. to use IPv6 SLAAC for internet connectivity and static addresses within the network:
 
# manual unique local address
iface eth0 inet6 static
  address fdc3:cafe::3/64
  # use SLAAC to get global IPv6 address from the router
  # we may not enable ipv6 forwarding, otherwise SLAAC gets disabled
  autoconf 1
  accept_ra 2
 
 
=== Setting the speed and duplex ===
Autonegotiation repeatedly failing is often a symptom of faulty cabling, so investigate physical matters before assuming that the interfaces' autonegotiation algorithms are incompatible. If you turn off autonegotiation and set speed and duplex manually then the partner interface at the other end of the cable will assume that the absence of autonegotiation indicates a speed of 10Mbps and a duplex of half. For error-free operation if you set speed and duplex manually you must ensure that exactly the same speed and duplex are configured on the partner interface.
 
If you set your interface's speed and duplex by hand, then some trial and error may be required. Here are the basic steps: * Install the [https://packages.debian.org/ethtool ethtool] and [https://packages.debian.org/net-tools net-tools] packages, so that you have the <tt>ethtool</tt> and <tt>mii-tool</tt> programs. One or both of these might work for your interface.
* Make sure you have a way to login to the system in case the network interface becomes nonfunctional. An [https://wiki.debian.org/SSH SSH] connection could be disrupted, so you should have a fallback strategy.
* Identify the interface in question (it will often be eth0). Adjust the remainder of these instructions accordingly.
* Try to determine what its current speed and duplex settings are. This is where it gets fun:
** As root, try <tt>ethtool&nbsp;eth0</tt> first, and see whether the "Speed:" and "Duplex:" lines look valid. If not, the <tt>ethtool</tt> may not be supported by your device.
** As root, try <tt>mii-tool&nbsp;-v&nbsp;eth0</tt> and see whether its output looks correct. If not, them <tt>mii-tool</tt> may not be supported by your device.
** If neither one is supported, you may have to set parameters directly on the kernel driver module. Identify which driver module you're using by reading the output of <tt>dmesg</tt> and <tt>lsmod</tt>. You can then try <tt>modinfo&nbsp;MODULENAME</tt> to see what parameters it accepts, if any. (You can use <tt>modinfo</tt> even on modules that are not loaded, for comparison.) [https://wiki.debian.org/ToDo ToDo]: where does one set kernel module parameters?''
* Next, try to change the settings of the interface while it's operating. You'll need to be root, of course. Either:
** <tt>ethtool&nbsp;-s&nbsp;eth0&nbsp;speed&nbsp;100&nbsp;duplex&nbsp;full&nbsp;autoneg&nbsp;off</tt> (assuming 100 Mbps and full duplex)
** <tt>mii-tool&nbsp;-F&nbsp;100baseTx-FD&nbsp;eth0</tt> (same assumption)
 
In each case, re-check to see whether the interface settings actually changed, and then try sending some data in and out of the system to see whether the NIC is operating correctly.
* If one of these commands successfully set your NIC, then you can put it into <tt>/etc/network/interfaces</tt> so it runs when you bring the interface up (e.g. at boot time). However, before you do that, you should understand that some drivers and devices behave differently than others. When the driver module is loaded, the NIC may begin autonegotiation without any way to stop it (particularly with drivers that do not accept parameters). The settings from <tt>interfaces</tt> are applied at some point after that, which may be right in the middle of the negotiation. So, some people find it necessary to delay the <tt>ethtool</tt> or <tt>mii-tool</tt> command by a few seconds. Thus: <br/> iface eth0 inet static<br/> address .../...<br/> gateway ...<br/> up sleep 5; ethtool -s eth0 ...<br/>Or the analogous <tt>mii-tool</tt> command.
* Reboot the machine to make sure it comes up correctly, and be prepared to intervene manually (e.g. Ctrl-Alt-Del and then boot into single-user mode from GRUB or LILO) if things don't work.
 
 
=== Bringing up an interface without an IP address ===
To create a network interface without an IP address at all use the manual method and use pre-up and post-down commands to bring the interface up and down.
 
iface eth0 inet manual
pre-up ifconfig $IFACE up
post-down ifconfig $IFACE down
 
If the interface is a VLAN interface, the up/down commands must be executed after/before the vlan hooks. (You also have to install the [https://packages.debian.org/vlan vlan] package.)
 
iface eth0.99 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
 
Note: If you create the VLAN interface only to put it into a bridge, there is no need to define the VLAN interface manually. Just configure the bridge, and the VLAN interface will be created automatically when creating the bridge (see below).
 
 
== Defining the (DNS) Nameservers ==
Before a computer can connect to an external network resource (say, for example, a web server), it must have a means of converting any alpha-numeric names (e.g. wiki.debian.org) into numeric network addresses (e.g. 140.211.166.4). (The Internet uses these structured numeric IP addresses as network addresses.)
 
The C library and other resolver libraries look to <tt>/etc/resolv.conf</tt> for a list of nameservers. In the simplest case, that is the file to edit to set the list of name servers. But note that various other programs for dynamic configuration will be happy to overwrite your settings: # The <tt>'''resolvconf'''</tt> program
# The <tt>'''network-manager'''</tt> daemon
# DHCP clients
 
In most situations, the file to edit is the configuration file for such a program.
 
In the most complex situations, using <tt>'''resolvconf'''</tt> really is the way to go, though in more simple configurations it is probably overkill.
 
 
=== The resolv.conf configuration file ===
The configuration file <tt>'''resolv.conf'''</tt> at <tt>/etc/resolv.conf</tt> contains information that allows a computer connected to a network to resolve names into addresses. (Note: Do not confuse this ''configuration file'' with the ''program'' <tt>'''resolvconf'''</tt>, which unfortunately has a nearly identical name.)
 
The <tt>'''resolv.conf'''</tt> file typically contains the IP addresses of nameservers (DNS name resolvers) that will attempt to translate names into addresses for any node available on the network. There will be a line or lines that look like this:
 
nameserver 12.34.56.78
nameserver 12.34.56.79
 
In this example, the system is using nameservers at the IP addresses <tt>12.34.56.78</tt> and <tt>12.34.56.79</tt>. Simply edit the file and enter the IP addresses of the nameservers you need to use after each <tt>nameserver</tt>. Add more <tt>nameserver</tt> lines if you have more nameservers. '''Don't use this method if you have the '''<tt>resolvconf</tt>''' program installed.'''
 
The <tt>'''resolv.conf'''</tt> configuration file has many other options for defining how resolver looks up names. See <tt>'''man&nbsp;resolv.conf'''</tt> for details.
 
 
=== The resolvconf program ===
The <tt>'''resolvconf'''</tt> program keeps track of system information about the currently available nameservers. It should not be confused with the ''configuration file'' <tt>'''resolv.conf'''</tt>, which unfortunately has a nearly identical name. The <tt>'''resolvconf'''</tt> program is optional on a Debian system.
 
The configuration file <tt>'''resolv.conf'''</tt> contains information about the nameservers to be used by the system. However, when multiple programs need to dynamically modify the <tt>'''resolv.conf'''</tt> configuration file they can step on each other and the file can become out-of-sync. The <tt>'''resolvconf'''</tt> program addresses this problem. It acts as an intermediary between programs that supply nameserver information (e.g. dhcp clients) and programs that use nameserver information (e.g. resolver).
 
When <tt>'''resolvconf'''</tt> is properly installed, the <tt>'''resolv.conf'''</tt> configuration file at <tt>/etc/resolv.conf</tt> is replaced by a symbolic link to <tt>/etc/resolvconf/run/resolv.conf</tt> and the resolver instead uses the configuration file that is dynamically generated by <tt>'''resolvconf'''</tt> at <tt>/etc/resolvconf/run/resolv.conf</tt>.
 
The <tt>'''resolvconf'''</tt> program is generally only necessary when a system has multiple programs that need to dynamically modify the nameserver information. In a simple system where the nameservers do not change often or are only changed by one program, the <tt>'''resolv.conf'''</tt> configuration file is adequate.
 
If the <tt>'''resolvconf'''</tt> program is installed, you should not edit the <tt>'''resolv.conf'''</tt> configuration file manually as it will be dynamically changed by programs in the system. If you need to manually define the nameservers (as with a static interface), add a line something like the following to the <tt>'''interfaces'''</tt> configuration file at <tt>/etc/network/interfaces</tt>:
 
dns-nameservers 12.34.56.78 12.34.56.79
 
Place the line indented within an <tt>iface</tt> stanza, e.g., right after the <tt>gateway</tt> line. Enter the IP addresses of the nameservers you need to use after <tt>dns-nameservers</tt>. Put all of them on one line separated by spaces. Don't forget the "<tt>s</tt>" on the end of <tt>dns-nameservers</tt>.
 
The <tt>'''resolvconf'''</tt> program is a fairly new addition to Debian and many older programs need to be updated or reconfigured to work properly with it. If you have problems, see <tt>/usr/share/doc/resolvconf/README</tt>. It has lots of information on making other programs get along with <tt>'''resolvconf'''</tt>.
 
 
=== DNS configuration for NetworkManager ===
[https://wiki.debian.org/NetworkManager NetworkManager] will override dhcp settings, overwriting resolv.conf even if you've configured DNS in /etc/dhcp/dhclient.conf, e.g. causing DNS to first search the local domain, which may have to time out before DNS resolution continues causing lengthy DNS resolution times. You can get an idea of what [https://wiki.debian.org/NetworkManager NetworkManager] thinks the settings should be by executing nm-tool at the command line.
 
You may configure these settings using a GUI by launching nm-connection-editor which currently (13.11.23) isn't to be found in System Tools → Administration menu, rather it must be launched by hand from the command line. After launching: # Choose a connection (from the Wired or Wireless tab) and click Edit.
# Click on the IPv4 Settings tab
# Choose 'Automatic (DHCP) addresses only' instead of just 'Automatic (DHCP)'.
# Enter the DNS servers in the “DNS servers” field, separated by spaces (e.g. 208.67.222.222 for OpenDNS).
# Click “Apply.”
 
[https://wiki.debian.org/NetworkManager NetworkManager] saves these settings in <tt>/etc/NetworkManager/system-connections/name-of-connection</tt>. Example <tt>/etc/NetworkManager/system-connections/Wired&nbsp;connection&nbsp;1</tt> :
 
[802-3-ethernet]
duplex=full
mac-address=XX:XX:XX:XX:XX:XX
[connection]
id=Wired connection 1
uuid=xxx-xxxxxx-xxxxxx-xxxxxx-xxx
type=802-3-ethernet
timestamp=1385213042
[ipv6]
method=auto
[ipv4]
method=auto
dns=208.67.222.222;
ignore-auto-dns=true
 
Running nm-tool again should show that [https://wiki.debian.org/NetworkManager NetworkManager] now has the right idea of how your DNS should be resolved.
 
 
=== DHCP Client Configuration ===
 
==== Setting additional DNS Servers ====
Example: dhclient3 uses <tt>/etc/dhcp/dhclient.conf</tt>. The setting you want is
 
supersede domain-name-servers 12.34.56.78, 12.34.56.79;
 
or perhaps
 
prepend domain-name-servers 12.34.56.78, 12.34.56.79;
 
 
==== Setting additional search domains ====
adding search domains for VPNs or local virtual networks:
 
append domain-name " virt vpn";
 
Note the leading space since the string is literally appended to the search domain provided by other configurations.
 
See the dhclient.conf(5) manual page for details.
 
 
== Bridging ==
Bridging puts multiple interfaces into the same network segment. This is very popular when connecting a server to multiple switches for high availability or with virtualization. In the latter case it is usually used to create a bridge in the host (eg. dom0) and put the virtual interfaces of the guests (domU) into the bridge. * The [https://packages.debian.org/bridge-utils bridge-utils] package is required to create bridged interfaces.
 
Example: Connect a server to 2 switches (via eth0 and eth1) by defining bridge 0 and give the server an IP address in this subnet:
 
auto br0
iface br0 inet static
  address 10.10.0.15/24
  gateway 10.10.0.1
  bridge_ports eth0 eth1
  up /usr/sbin/brctl stp br0 on
 
If a server is connected to multiple switches then you usually need to run the spanning tree protocol to avoid loops. Therefore STP must be turned on via an "up" command as shown above.
 
Example: Bridge setup without IP address configuration (use "manual" instead of "static") to "forward" an interface to a guest VM. (The static bridge config contains only 1 physical interface. The virtual interface will be added to the bridge when the VM is started.)
 
auto br1
iface br1 inet manual
  bridge_ports eth4
  up /usr/sbin/brctl setageing br1 0
  up /usr/sbin/brctl stp br1 off
 
Note: The Linux bridge supports only STP, no RSTP (Rapid Spanning Tree). Therefore it supports only the old STP Costs, not the new RSTP Costs (see [https://en.wikipedia.org/wiki/Spanning_Tree_Protocol#Data_rate_and_STP_path_cost Spanning_Tree_Protocol]). This is usually fine with Cisco Switches, but eg. Juniper switches use the RSTP costs and therefore this may lead to different spanning tree calculations and loop problems. This can be fixed by settings the costs manually, either on the switch or on the server. Setting the cost on the switch is preferred as Linux switches back to the default costs whenever an interface does down/up.
 
 
=== Bridging without Switching ===
By default the Linux bridge acts like a switch. This means, it remembers the MAC addresses behind a switch port and if the destination MAC address is known, data packets or only forward to the respective port - otherwise packets will be broadcasted.
 
In some setups this is bad. For example if the bridge connects 2 trunk interfaces and the same MAC addresses may be seen from both interfaces, depending on the VLAN. As the Linux bridge does not support VLANs (dedicated MAC address tables per each VLAN), in such setups you have to disable the MAC address learning and put the bridge into a real "bridge" mode with:
 
up /sbin/brctl setageing br0 0
up /sbin/brctl stp br0 off
 
 
== Howto use vlan (dot1q, 802.1q, trunk) (Etch, Lenny) ==
 
=== Manual config ===
modprobe 8021q
apt install vlan
vconfig add eth0 222 # 222 is vlan number
ifconfig eth0.222 up
ifconfig eth0.222 mtu 1496 #optional if your network card doesn't support MTU 1504B
ifconfig eth0.222 10.10.10.1 netmask 255.255.255.0
 
 
=== Network init script config ===
Into /etc/modules add line:
 
8021q
 
In /etc/network/interfaces to section iface add parameter:
 
vlan-raw-device eth0
 
The interface name should be the raw interface name (the same as specified by vlan-raw-device), then a dot, then the VLAN ID, for example eth0.100. It can instead be "vlan" then the VLAN ID, for example vlan100. In either case, the VLAN ID is on the end, and this is the only place that it is configured.
 
Note: If you name your VLAN interfaces ethX.YYY, then there is no need to specify the vlan-raw-device, as the raw device can be retrieved from the interface name.
 
Eg:
 
auto eth0.222
iface eth0.222 inet static
  address 10.10.10.1/24
  vlan-raw-device eth0
 
 
=== Bridges and VLANs ===
If you create VLAN interfaces only to put them into a bridge, there is no need to define the VLAN interfaces manually. Just config the bridge, and the VLAN interface will be created automatically when creating the bridge, e.g:
 
auto br1
iface br1 inet manual
  bridge_ports eth0.99 eth1.99
  up /usr/sbin/brctl stp br1 on
 
 
=== Caveats when using bridging and vlan ===
#/etc/network/interfaces
auto eth0 bri0
iface eth0 inet static
  address 192.168.1.1/24
iface eth0.110 inet manual
  vlan-raw-device eth0
iface bri0 inet static
  address 192.168.110.1/24
  bridge_ports eth0.110
  bridge_stp on
  bridge_maxwait 10
 
If you are using a brigded VLAN setup, which is probably useful for networking in virtualization environments, take care to only attach either a bridge device or VLAN devices to an underlying physical device - like shown above. Attaching the physical interface (eth0) to a bridge (eg. bri1) while using the same physical interface on apparently different VLANs will result in all packets to remain tagged. (Kernel newer than 2.6.37 and older than 3.2).
 
 
== Howto create fault tolerant bonding with vlan (Etch - Stretch) ==
[[Image:Bild21.png|top|alt="debian_bonding.png"]]
 
[https://wiki.debian.org/NetworkConfiguration?action=AttachFile&do=view&target=debian_bonding.dia debian_bonding.dia]
 
How to configure one of the above server active backup bonding 3 vlan {vlan10,vlan20,vlan30} Debian networking without SPOF without native vlan.
 
aptitude install vlan ifenslave-2.6
 
 
=== Network config ===
Cisco switch interface example config
 
interface GigabitEthernet1/2
  description eth1
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,30
  switchport mode trunk
  no ip address
  no cdp enable
  spanning-tree portfast trunk
 
 
=== bonding with active backup ===
Create a file <tt>/etc/modprobe.d/bonding.conf</tt> containing:
 
alias bond0 bonding
options bonding mode=active-backup miimon=100 downdelay=200 updelay=200 primary=eth1
 
 
=== /etc/network/interfaces ===
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto bond0
iface bond0 inet manual
  up ifconfig bond0 0.0.0.0 up
  slaves eth1 eth0
auto vlan10
iface vlan10 inet static
  address 10.10.10.12/24
  vlan-raw-device bond0
  gateway 10.10.0.1
  dns-search hup.hu
  dns-nameservers 10.10.0.2
auto vlan20
iface vlan20 inet static
  address 10.20.10.12/24
  vlan-raw-device bond0
auto vlan30
iface vlan30 inet static
  address 10.30.10.12/24
  vlan-raw-device bond0
* In Debian Buster, you must use interface names for VLANs in the form of: <tt>bond0.10</tt>, <tt>bond0.20</tt>, and <tt>bond0.30</tt> instead of <tt>vlan10</tt>, <tt>vlan20</tt>, <tt>vlan30</tt>
* [https://www.kernel.org/doc/Documentation/networking/bonding.txt https://www.kernel.org/doc/Documentation/networking/bonding.txt] - Linux kernel documentation on bonding
* [https://www.dm.unibo.it/~donatini/admin/rete/bonding.html https://www.dm.unibo.it/~donatini/admin/rete/bonding.html] - Bonding on Linux 2.6
 
 
=== How to set the MTU (Max transfer unit / packet size) with VLANS over a bonded interface ===
MTU needs to be configured on the bonding interface and slave interfaces after the reset of the configuration has been applied to the bonding interfaces. This is done using a post-up line in the bonding interface configuration.
 
auto bond0
iface bond0 inet manual
  up ifconfig lacptrunk0 0.0.0.0 up
  slaves eth0 eth1
# bond-mode 4 = 802.3ad
  bond-mode 4
  bond-miimon 100
  bond-downdelay 200
  bond-updelay 200
  bond-lacp-rate 1
  bond-xmit-hash-policy layer2+3
  post-up ifconfig eth0 mtu 9000 && ifconfig eth1 mtu 9000 && ifconfig bond0 mtu 9000
#vlan devices will use the MTU set on bond0 device
auto vlan101
iface vlan101 inet static
address 10.101.60.123/24
gateway 10.155.60.1
vlan-raw-device bond0
auto vlan151
iface vlan151 inet static
address 192.168.1.1/24
vlan-raw-device bond0
 
 
== Multiple IP addresses on one Interface ==
Interface aliasing allows one interface to have multiple IP addresses. This is useful when more than one server is to be visible ''via'' the Internet. Note that virtual hosts can support multiple Apache servers with a single IP address. Apache responds to the domain name supplied by the client in the HTTP header. In many other situations, one external IP is needed for each server using a port.
 
 
=== Legacy method ===
This /etc/network/interfaces text assigns three IP addresses to eth0.
 
auto eth0
allow-hotplug eth0
iface eth0 inet static
  address 192.168.1.42/24
  gateway 192.168.1.1
auto eth0:0
allow-hotplug eth0:0
iface eth0:0 inet static
  address 192.168.1.43/24
auto eth0:1
allow-hotplug eth0:1
iface eth0:1 inet static
  address 192.168.1.44/24
 
An alias interface should not have "gateway" or "dns-nameservers"; dynamic IP assignment is permissible.
 
The above configuration is the previous traditional method that reflects the traditional use of ''ifconfig'' to configure network devices. ''ifconfig'' has introduced the concept of ''aliased'' or ''virtual'' interfaces. Those types of virtual interfaces have names of the form ''interface:integer'' and ifconfig treats them very similarly to real interfaces.
 
Nowadays ''ifupdown'' uses the ''ip'' utility from the ''iproute2'' package instead of ''ifconfig''. The newer ''ip'' utility does not use the same concept of aliases or virtual interfaces. However, it supports assigning arbitrary names to the interfaces (they're called labels). ''ifupdown'' uses this feature to support aliased interfaces while using ''ip''.
 
 
=== iproute2 method ===
Also, ''ifupdown'' supports specifying multiple interfaces by repeating ''iface'' sections with the same interface name. The key difference from the method described above is that all such sections are treated by ''ifupdown'' as just one interface, so user can't add or remove them individually. However, ''up''/''down'' commands, as well as scripts, are called for every section as it used to be.
 
Note however that this method is '''dangerous'''! Certain driver/hardware combinations may sometimes fail to bring the link up if no labels are assigned to the alias interfaces. (Seen this on Debian Wheezy and Jessie with RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 01) auto-negotiating to 10/full. A similar warning from another person exists in the history of this page.)
 
This /etc/network/interfaces text assigns three IP addresses to eth0.
 
auto eth0
allow-hotplug eth0
iface eth0 inet static
  address 192.168.1.42/24
  gateway 192.168.1.1
 
iface eth0 inet static
  address 192.168.1.43/24
 
iface eth0 inet static
  address 192.168.1.44/24
 
# adding IP addresses from different subnets is also possible
iface eth0 inet static
  address 10.10.10.14/24
 
Manual approach:


auto eth0
== Anhang ==
allow-hotplug eth0
=== Siehe auch ===
iface eth0 inet static
* [[/etc/network/interfaces]]
  address 192.168.1.42/24
{{Special:PrefixIndex/{{BASEPAGENAME}}}}
  gateway 192.168.1.1
  up ip addr add 192.168.1.43/24 dev $IFACE label $IFACE:0
  down ip addr del 192.168.1.43/24 dev $IFACE label $IFACE:0
  up ip addr add 192.168.1.44/24 dev $IFACE label $IFACE:1
  down ip addr del 192.168.1.44/24 dev $IFACE label $IFACE:1
  up ip addr add 10.10.10.14/24 dev $IFACE label $IFACE:2
  down ip addr del 10.10.10.14/24 dev $IFACE label $IFACE:2


Quelle: [https://wiki.debian.org/NetworkConfiguration https://wiki.debian.org/NetworkConfiguration]
==== Links ====
===== Weblinks =====
# [https://wiki.debian.org/NetworkConfiguration https://wiki.debian.org/NetworkConfiguration]


[[Kategorie:Linux/Netzwerk/Konfiguration]]


[[Kategorie:Linux/Netzwerk]]
</noinclude>

Aktuelle Version vom 16. Dezember 2024, 13:43 Uhr

Linux/Netzwerk/Konfiguration

Beschreibung

3 ways to configure the network
  1. The interfaces configuration file at /etc/network/interfaces (this page): for basic or simple configurations (e.g. workstation)
  2. NetworkManager: This is the default for Laptop configuration
  3. Systemd: Debian reference Doc Chapter 5
Bezüglich einer aktuellen Anleitung für Debian zum Thema Netzwerk lesen Sie Debian Administratorhandbuch — Konfigurieren des Netzwerks
Tipp
Unter systemd kann networkd für die Netzwerkverwaltung genutzt werden


Anhang

Siehe auch

Links

Weblinks
  1. https://wiki.debian.org/NetworkConfiguration