Linux/Netzwerk/Konfiguration: Unterschied zwischen den Versionen
Zeile 132: | Zeile 132: | ||
Note: If you create the VLAN interface only to put it into a bridge, there is no need to define the VLAN interface manually. Just configure the bridge, and the VLAN interface will be created automatically when creating the bridge (see below). | Note: If you create the VLAN interface only to put it into a bridge, there is no need to define the VLAN interface manually. Just configure the bridge, and the VLAN interface will be created automatically when creating the bridge (see below). | ||
Version vom 16. Dezember 2024, 13:07 Uhr
Linux/Netzwerk/Konfiguration
Beschreibung
- Tipp
- Bezüglich einer aktuellen Anleitung für Debian zum Thema Netzwerk lesen Sie Debian Administratorhandbuch — Konfigurieren des Netzwerks
- Tipp
- Unter systemd kann networkd für die Netzwerkverwaltung genutzt werden
- siehe systemd-networkd(8)
/etc/network/interfaces
siehe /etc/network/interfaces
3 ways to configure the network
- The interfaces configuration file at /etc/network/interfaces (this page): for basic or simple configurations (e.g. workstation)
- NetworkManager: This is the default for Laptop configuration
- Systemd: Debian reference Doc Chapter 5
Setting up an Ethernet Interface
The majority of network setup can be done via the interfaces configuration file at /etc/network/interfaces. Here, you can give your network card an IP address (or use dhcp), set up routing information, configure IP masquerading, set default routes and much more.
Remember to add interfaces that you want brought up at boot time to the 'auto' line.
See man interfaces for more options.
Starting and Stopping Interfaces
Interfaces configured with /etc/network/interfaces can be brought up and down with the ifup and ifdown commands.
Some outdated guides instruct to restart the networking service to apply changes to /etc/network/interfaces, however this was deprecated because it is possible that not all interfaces will be restarted. Instead use ifup and ifdown to apply changes to each interface, for example with an interface named enp7s0:
# ifdown enp7s0 # ifup enp7s0
Reinitialize new network setup
If you make more fundamental network changes e.g. adding new virtual interfaces (e.g. bridge) in /etc/network/interfaces you can reinitialize the network-configuration be restarting the networking daemon:
# systemctl status networking # systemctl restart networking
Benennung von Netzwerkschnittstellen
Siehe NetworkInterfaceNames. Seit Stretch verwenden neue Systeme standardmäßig keine Schnittstellennamen im alten Stil wie eth0, eth1, wlan0, wlan1 mehr. Das neue System verwendet Namen, die auf dem Hardware-Standort basieren, wie eno0, enp0s31f6, wlp1s7 (oder im Fall von USB-Dongles die MAC-Adresse: enx2c56ac39ec0d).
Sie können Schnittstellen auflisten mit:
ls /sys/class/net
In den folgenden Beispielen wird weiterhin „eth0“ als Standard-Schnittstellenname verwendet, obwohl dieser auf einem modernen System wahrscheinlich nicht existiert.
Upgrade und Netzwerkschnittstellennamen
Stretch und Buster unterstützen weiterhin das alte Benennungssystem, solange die Datei /etc/udev/rules.d/70-local-persistent-net.rules noch vorhanden ist. Benutzern wird jedoch empfohlen, vor dem Upgrade auf Bullseye umzustellen.
Using DHCP to automatically configure the interface
If you're just using DHCP then all you need is something like:
auto eth0 allow-hotplug eth0 iface eth0 inet dhcp
For DHCPv6 (used for IPv6), append also the following iface stanza
iface eth0 inet6 dhcp
Alternatively, IPv6 can be autoconfigured using stateless address autoconfiguration, or SLAAC, which is specified using auto instead of dhcp in the inet6 stanza:
iface eth0 inet6 auto
Also see IPv6PrefixDelegation.
Configuring the interface manually
If you're configuring it manually then something like this will set the default gateway (network, broadcast and gateway are optional):
auto eth0 iface eth0 inet static address 192.0.2.7/24 gateway 192.0.2.254
If you want to add an IPv6 address, too, append something like:
iface eth0 inet6 static address 2001:db8::c0ca:1eaf/64 gateway 2001:db8::1ead:ed:beef
See man interfaces for more options.
Make sure to disable all DHCP services, e.g. dhcpcd.
Mixing manual and automatic configuration is also possible, e.g. to use IPv6 SLAAC for internet connectivity and static addresses within the network:
- manual unique local address
iface eth0 inet6 static address fdc3:cafe::3/64 # use SLAAC to get global IPv6 address from the router # we may not enable ipv6 forwarding, otherwise SLAAC gets disabled autoconf 1 accept_ra 2
Setting the speed and duplex
Autonegotiation repeatedly failing is often a symptom of faulty cabling, so investigate physical matters before assuming that the interfaces' autonegotiation algorithms are incompatible. If you turn off autonegotiation and set speed and duplex manually then the partner interface at the other end of the cable will assume that the absence of autonegotiation indicates a speed of 10Mbps and a duplex of half. For error-free operation if you set speed and duplex manually you must ensure that exactly the same speed and duplex are configured on the partner interface.
If you set your interface's speed and duplex by hand, then some trial and error may be required. Here are the basic steps: * Install the ethtool and net-tools packages, so that you have the ethtool and mii-tool programs. One or both of these might work for your interface.
- Make sure you have a way to login to the system in case the network interface becomes nonfunctional. An SSH connection could be disrupted, so you should have a fallback strategy.
- Identify the interface in question (it will often be eth0). Adjust the remainder of these instructions accordingly.
- Try to determine what its current speed and duplex settings are. This is where it gets fun:
- As root, try ethtool eth0 first, and see whether the "Speed:" and "Duplex:" lines look valid. If not, the ethtool may not be supported by your device.
- As root, try mii-tool -v eth0 and see whether its output looks correct. If not, them mii-tool may not be supported by your device.
- If neither one is supported, you may have to set parameters directly on the kernel driver module. Identify which driver module you're using by reading the output of dmesg and lsmod. You can then try modinfo MODULENAME to see what parameters it accepts, if any. (You can use modinfo even on modules that are not loaded, for comparison.) ToDo: where does one set kernel module parameters?
- Next, try to change the settings of the interface while it's operating. You'll need to be root, of course. Either:
- ethtool -s eth0 speed 100 duplex full autoneg off (assuming 100 Mbps and full duplex)
- mii-tool -F 100baseTx-FD eth0 (same assumption)
In each case, re-check to see whether the interface settings actually changed, and then try sending some data in and out of the system to see whether the NIC is operating correctly.
- If one of these commands successfully set your NIC, then you can put it into /etc/network/interfaces so it runs when you bring the interface up (e.g. at boot time). However, before you do that, you should understand that some drivers and devices behave differently than others. When the driver module is loaded, the NIC may begin autonegotiation without any way to stop it (particularly with drivers that do not accept parameters). The settings from interfaces are applied at some point after that, which may be right in the middle of the negotiation. So, some people find it necessary to delay the ethtool or mii-tool command by a few seconds. Thus:
iface eth0 inet static
address .../...
gateway ...
up sleep 5; ethtool -s eth0 ...
Or the analogous mii-tool command. - Reboot the machine to make sure it comes up correctly, and be prepared to intervene manually (e.g. Ctrl-Alt-Del and then boot into single-user mode from GRUB or LILO) if things don't work.
Bringing up an interface without an IP address
To create a network interface without an IP address at all use the manual method and use pre-up and post-down commands to bring the interface up and down.
iface eth0 inet manual pre-up ifconfig $IFACE up post-down ifconfig $IFACE down
If the interface is a VLAN interface, the up/down commands must be executed after/before the vlan hooks. (You also have to install the vlan package.)
iface eth0.99 inet manual post-up ifconfig $IFACE up pre-down ifconfig $IFACE down
Note: If you create the VLAN interface only to put it into a bridge, there is no need to define the VLAN interface manually. Just configure the bridge, and the VLAN interface will be created automatically when creating the bridge (see below).
Howto use vlan (dot1q, 802.1q, trunk) (Etch, Lenny)
Manual config
modprobe 8021q apt install vlan vconfig add eth0 222 # 222 is vlan number ifconfig eth0.222 up ifconfig eth0.222 mtu 1496 #optional if your network card doesn't support MTU 1504B ifconfig eth0.222 10.10.10.1 netmask 255.255.255.0
Network init script config
Into /etc/modules add line:
8021q
In /etc/network/interfaces to section iface add parameter:
vlan-raw-device eth0
The interface name should be the raw interface name (the same as specified by vlan-raw-device), then a dot, then the VLAN ID, for example eth0.100. It can instead be "vlan" then the VLAN ID, for example vlan100. In either case, the VLAN ID is on the end, and this is the only place that it is configured.
Note: If you name your VLAN interfaces ethX.YYY, then there is no need to specify the vlan-raw-device, as the raw device can be retrieved from the interface name.
Eg:
auto eth0.222 iface eth0.222 inet static address 10.10.10.1/24 vlan-raw-device eth0
Bridges and VLANs
If you create VLAN interfaces only to put them into a bridge, there is no need to define the VLAN interfaces manually. Just config the bridge, and the VLAN interface will be created automatically when creating the bridge, e.g:
auto br1 iface br1 inet manual bridge_ports eth0.99 eth1.99 up /usr/sbin/brctl stp br1 on
Caveats when using bridging and vlan
#/etc/network/interfaces auto eth0 bri0 iface eth0 inet static address 192.168.1.1/24 iface eth0.110 inet manual vlan-raw-device eth0 iface bri0 inet static address 192.168.110.1/24 bridge_ports eth0.110 bridge_stp on bridge_maxwait 10
If you are using a brigded VLAN setup, which is probably useful for networking in virtualization environments, take care to only attach either a bridge device or VLAN devices to an underlying physical device - like shown above. Attaching the physical interface (eth0) to a bridge (eg. bri1) while using the same physical interface on apparently different VLANs will result in all packets to remain tagged. (Kernel newer than 2.6.37 and older than 3.2).
Howto create fault tolerant bonding with vlan (Etch - Stretch)
How to configure one of the above server active backup bonding 3 vlan {vlan10,vlan20,vlan30} Debian networking without SPOF without native vlan.
aptitude install vlan ifenslave-2.6
Network config
Cisco switch interface example config
interface GigabitEthernet1/2 description eth1 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 10,20,30 switchport mode trunk no ip address no cdp enable spanning-tree portfast trunk
bonding with active backup
Create a file /etc/modprobe.d/bonding.conf containing:
alias bond0 bonding options bonding mode=active-backup miimon=100 downdelay=200 updelay=200 primary=eth1
/etc/network/interfaces
# The loopback network interface auto lo iface lo inet loopback # The primary network interface auto bond0 iface bond0 inet manual up ifconfig bond0 0.0.0.0 up slaves eth1 eth0 auto vlan10 iface vlan10 inet static address 10.10.10.12/24 vlan-raw-device bond0 gateway 10.10.0.1 dns-search hup.hu dns-nameservers 10.10.0.2 auto vlan20 iface vlan20 inet static address 10.20.10.12/24 vlan-raw-device bond0 auto vlan30 iface vlan30 inet static address 10.30.10.12/24 vlan-raw-device bond0
- In Debian Buster, you must use interface names for VLANs in the form of: bond0.10, bond0.20, and bond0.30 instead of vlan10, vlan20, vlan30
- https://www.kernel.org/doc/Documentation/networking/bonding.txt - Linux kernel documentation on bonding
- https://www.dm.unibo.it/~donatini/admin/rete/bonding.html - Bonding on Linux 2.6
How to set the MTU (Max transfer unit / packet size) with VLANS over a bonded interface
MTU needs to be configured on the bonding interface and slave interfaces after the reset of the configuration has been applied to the bonding interfaces. This is done using a post-up line in the bonding interface configuration.
auto bond0 iface bond0 inet manual up ifconfig lacptrunk0 0.0.0.0 up slaves eth0 eth1 # bond-mode 4 = 802.3ad bond-mode 4 bond-miimon 100 bond-downdelay 200 bond-updelay 200 bond-lacp-rate 1 bond-xmit-hash-policy layer2+3 post-up ifconfig eth0 mtu 9000 && ifconfig eth1 mtu 9000 && ifconfig bond0 mtu 9000 #vlan devices will use the MTU set on bond0 device auto vlan101 iface vlan101 inet static address 10.101.60.123/24 gateway 10.155.60.1 vlan-raw-device bond0 auto vlan151 iface vlan151 inet static address 192.168.1.1/24 vlan-raw-device bond0
Multiple IP addresses on one Interface
Interface aliasing allows one interface to have multiple IP addresses. This is useful when more than one server is to be visible via the Internet. Note that virtual hosts can support multiple Apache servers with a single IP address. Apache responds to the domain name supplied by the client in the HTTP header. In many other situations, one external IP is needed for each server using a port.
Legacy method
This /etc/network/interfaces text assigns three IP addresses to eth0.
auto eth0 allow-hotplug eth0 iface eth0 inet static address 192.168.1.42/24 gateway 192.168.1.1 auto eth0:0 allow-hotplug eth0:0 iface eth0:0 inet static address 192.168.1.43/24 auto eth0:1 allow-hotplug eth0:1 iface eth0:1 inet static address 192.168.1.44/24
An alias interface should not have "gateway" or "dns-nameservers"; dynamic IP assignment is permissible.
The above configuration is the previous traditional method that reflects the traditional use of ifconfig to configure network devices. ifconfig has introduced the concept of aliased or virtual interfaces. Those types of virtual interfaces have names of the form interface:integer and ifconfig treats them very similarly to real interfaces.
Nowadays ifupdown uses the ip utility from the iproute2 package instead of ifconfig. The newer ip utility does not use the same concept of aliases or virtual interfaces. However, it supports assigning arbitrary names to the interfaces (they're called labels). ifupdown uses this feature to support aliased interfaces while using ip.
iproute2 method
Also, ifupdown supports specifying multiple interfaces by repeating iface sections with the same interface name. The key difference from the method described above is that all such sections are treated by ifupdown as just one interface, so user can't add or remove them individually. However, up/down commands, as well as scripts, are called for every section as it used to be.
Note however that this method is dangerous! Certain driver/hardware combinations may sometimes fail to bring the link up if no labels are assigned to the alias interfaces. (Seen this on Debian Wheezy and Jessie with RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 01) auto-negotiating to 10/full. A similar warning from another person exists in the history of this page.)
This /etc/network/interfaces text assigns three IP addresses to eth0.
auto eth0 allow-hotplug eth0 iface eth0 inet static address 192.168.1.42/24 gateway 192.168.1.1
iface eth0 inet static address 192.168.1.43/24
iface eth0 inet static address 192.168.1.44/24
# adding IP addresses from different subnets is also possible iface eth0 inet static address 10.10.10.14/24
Manual approach:
auto eth0 allow-hotplug eth0 iface eth0 inet static address 192.168.1.42/24 gateway 192.168.1.1 up ip addr add 192.168.1.43/24 dev $IFACE label $IFACE:0 down ip addr del 192.168.1.43/24 dev $IFACE label $IFACE:0 up ip addr add 192.168.1.44/24 dev $IFACE label $IFACE:1 down ip addr del 192.168.1.44/24 dev $IFACE label $IFACE:1 up ip addr add 10.10.10.14/24 dev $IFACE label $IFACE:2 down ip addr del 10.10.10.14/24 dev $IFACE label $IFACE:2