Linux/Netzwerkkonfiguration: Unterschied zwischen den Versionen

Aus Foxwiki
Die Seite wurde neu angelegt: „= Netzwerkkonfiguration = {| style="border-spacing:0;width:14.46cm;" |- | style="border:none;padding:0.049cm;" | top|alt="[Tipp]" | align=center style="border:none;padding:0.049cm;" | '''Tipp''' |- style="border:none;padding:0.049cm;" || Bezüglich einer aktuellen Anleitung für Debian zum Thema Netzwerk lesen Sie [https://www.debian.org/doc/manuals/debian-handbook/sect.network-config Debian Administratorhandbuch — Konfigurieren de…“
 
Keine Bearbeitungszusammenfassung
Zeile 1: Zeile 1:
= Netzwerkkonfiguration =
= Netzwerkkonfiguration =
 
{| class="wikitable sortable options"
 
|-
{| style="border-spacing:0;width:14.46cm;"
| | [[Image:Bild1.png|top|alt="[Tipp]"]]
| | '''Tipp'''
|-
|-
| style="border:none;padding:0.049cm;" | [[Image:Bild1.png|top|alt="[Tipp]"]]
| align=center style="border:none;padding:0.049cm;" | '''Tipp'''
|- style="border:none;padding:0.049cm;"
|| Bezüglich einer aktuellen Anleitung für Debian zum Thema Netzwerk lesen Sie [https://www.debian.org/doc/manuals/debian-handbook/sect.network-config Debian Administratorhandbuch — Konfigurieren des Netzwerks].
|| Bezüglich einer aktuellen Anleitung für Debian zum Thema Netzwerk lesen Sie [https://www.debian.org/doc/manuals/debian-handbook/sect.network-config Debian Administratorhandbuch — Konfigurieren des Netzwerks].


|-
|-
|}
|}


{| style="border-spacing:0;width:14.46cm;"
{| class="wikitable sortable options"
|-
| | [[Image:Bild2.png|top|alt="[Tipp]"]]
| | '''Tipp'''
|-
|-
| style="border:none;padding:0.049cm;" | [[Image:Bild2.png|top|alt="[Tipp]"]]
| align=center style="border:none;padding:0.049cm;" | '''Tipp'''
|- style="border:none;padding:0.049cm;"
|| Unter [https://de.wikipedia.org/wiki/Systemd systemd] kann [https://en.wikipedia.org/wiki/Systemd#networkd networkd] für die Netzwerkverwaltung genutzt werden; lesen Sie dazu <tt>systemd-networkd</tt>(8).
|| Unter [https://de.wikipedia.org/wiki/Systemd systemd] kann [https://en.wikipedia.org/wiki/Systemd#networkd networkd] für die Netzwerkverwaltung genutzt werden; lesen Sie dazu <tt>systemd-networkd</tt>(8).


|-
|-
|}
|}
== 5.1. Die elementare Netzwerkinfrastruktur ==
== 5.1. Die elementare Netzwerkinfrastruktur ==
Lassen Sie uns einen Blick auf die elementare Netzwerkinfrastruktur eines modernen Debian-Systems werfen:
Lassen Sie uns einen Blick auf die elementare Netzwerkinfrastruktur eines modernen Debian-Systems werfen:


'''Tabelle 5.1. Liste von Werkzeugen zur Netzwerkkonfiguration'''
{| class="wikitable sortable options"
 
 
{| style="border-spacing:0;width:17cm;"
|-
|-
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Pakete  
! | Pakete
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Popcon  
! | Popcon
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Größe  
! | Größe
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Art  
! | Art
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Beschreibung  
! | Beschreibung
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/network-manager network-manager ]
| | [http://packages.debian.org/sid/network-manager network-manager ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=network-manager V:369, I:440]  
| | [http://qa.debian.org/popcon-graph.php?packages=network-manager V:369, I:440]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/n/network-manager.html 14500]  
| | [http://packages.qa.debian.org/n/network-manager.html 14500]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | config::NM  
| | config::NM
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [https://de.wikipedia.org/wiki/NetworkManager NetworkManager] (Daemon): das Netzwerk automatisch verwalten  
| | [https://de.wikipedia.org/wiki/NetworkManager NetworkManager] (Daemon): das Netzwerk automatisch verwalten
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/network-manager-gnome network-manager-gnome ]
| | [http://packages.debian.org/sid/network-manager-gnome network-manager-gnome ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=network-manager-gnome V:126, I:371]  
| | [http://qa.debian.org/popcon-graph.php?packages=network-manager-gnome V:126, I:371]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/n/network-manager-gnome.html 5350]  
| | [http://packages.qa.debian.org/n/network-manager-gnome.html 5350]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | config::NM  
| | config::NM
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [https://de.wikipedia.org/wiki/NetworkManager NetworkManager] (GNOME-Frontend)  
| | [https://de.wikipedia.org/wiki/NetworkManager NetworkManager] (GNOME-Frontend)
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/ifupdown ifupdown ]
| | [http://packages.debian.org/sid/ifupdown ifupdown ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=ifupdown V:584, I:987]  
| | [http://qa.debian.org/popcon-graph.php?packages=ifupdown V:584, I:987]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/i/ifupdown.html 217]  
| | [http://packages.qa.debian.org/i/ifupdown.html 217]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | config::ifupdown  
| | config::ifupdown
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | standardisiertes Werkzeug zum Aktivieren und Deaktivieren des Netzwerks (Debian-spezifisch)  
| | standardisiertes Werkzeug zum Aktivieren und Deaktivieren des Netzwerks (Debian-spezifisch)
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/isc-dhcp-client isc-dhcp-client ]
| | [http://packages.debian.org/sid/isc-dhcp-client isc-dhcp-client ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=isc-dhcp-client V:219, I:982]  
| | [http://qa.debian.org/popcon-graph.php?packages=isc-dhcp-client V:219, I:982]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/i/isc-dhcp-client.html 689]  
| | [http://packages.qa.debian.org/i/isc-dhcp-client.html 689]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | config::low-level  
| | config::low-level
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | DHCP-Client  
| | DHCP-Client
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/pppoeconf pppoeconf ]
| | [http://packages.debian.org/sid/pppoeconf pppoeconf ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=pppoeconf V:0, I:7]  
| | [http://qa.debian.org/popcon-graph.php?packages=pppoeconf V:0, I:7]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/p/pppoeconf.html 192]  
| | [http://packages.qa.debian.org/p/pppoeconf.html 192]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | config::helper  
| | config::helper
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Konfigurations-Hilfswerkzeug für PPPoE-Verbindungen  
| | Konfigurations-Hilfswerkzeug für PPPoE-Verbindungen
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/wpasupplicant wpasupplicant ]
| | [http://packages.debian.org/sid/wpasupplicant wpasupplicant ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=wpasupplicant V:341, I:503]  
| | [http://qa.debian.org/popcon-graph.php?packages=wpasupplicant V:341, I:503]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/w/wpasupplicant.html 3817]  
| | [http://packages.qa.debian.org/w/wpasupplicant.html 3817]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | "  
| | "
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | clientseitige Unterstützung für WPA und WPA2 (IEEE 802.11i)  
| | clientseitige Unterstützung für WPA und WPA2 (IEEE 802.11i)
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/wpagui wpagui ]
| | [http://packages.debian.org/sid/wpagui wpagui ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=wpagui V:0, I:2]  
| | [http://qa.debian.org/popcon-graph.php?packages=wpagui V:0, I:2]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/w/wpagui.html 800]  
| | [http://packages.qa.debian.org/w/wpagui.html 800]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | "  
| | "
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Qt-GUI-Programm für wpa_supplicant  
| | Qt-GUI-Programm für wpa_supplicant
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/wireless-tools wireless-tools ]
| | [http://packages.debian.org/sid/wireless-tools wireless-tools ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=wireless-tools V:176, I:239]  
| | [http://qa.debian.org/popcon-graph.php?packages=wireless-tools V:176, I:239]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/w/wireless-tools.html 297]  
| | [http://packages.qa.debian.org/w/wireless-tools.html 297]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | "  
| | "
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Werkzeuge zum Bearbeiten der Linux Wireless Extensions  
| | Werkzeuge zum Bearbeiten der Linux Wireless Extensions
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/iw iw ]
| | [http://packages.debian.org/sid/iw iw ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=iw V:223, I:477]  
| | [http://qa.debian.org/popcon-graph.php?packages=iw V:223, I:477]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/i/iw.html 294]  
| | [http://packages.qa.debian.org/i/iw.html 294]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | "  
| | "
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Werkzeug zum Konfigurieren von Drahtlos-Netzwerkgeräten unter Linux  
| | Werkzeug zum Konfigurieren von Drahtlos-Netzwerkgeräten unter Linux
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/iproute2 iproute2 ]
| | [http://packages.debian.org/sid/iproute2 iproute2 ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=iproute2 V:701, I:949]  
| | [http://qa.debian.org/popcon-graph.php?packages=iproute2 V:701, I:949]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/i/iproute2.html 3294]  
| | [http://packages.qa.debian.org/i/iproute2.html 3294]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | config::iproute2  
| | config::iproute2
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 iproute2], IPv6 und andere erweiterte Netzwerkkonfiguration: <tt>ip</tt>(8), <tt>tc</tt>(8) usw.  
| | [http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 iproute2], IPv6 und andere erweiterte Netzwerkkonfiguration: <tt>ip</tt>(8), <tt>tc</tt>(8) usw.
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/iptables iptables ]
| | [http://packages.debian.org/sid/iptables iptables ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=iptables V:306, I:942]  
| | [http://qa.debian.org/popcon-graph.php?packages=iptables V:306, I:942]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/i/iptables.html 2521]  
| | [http://packages.qa.debian.org/i/iptables.html 2521]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | config::Netfilter  
| | config::Netfilter
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Administrationswerkzeuge für Paketfilterung und NAT ([https://de.wikipedia.org/wiki/Netfilter Netfilter])  
| | Administrationswerkzeuge für Paketfilterung und NAT ([https://de.wikipedia.org/wiki/Netfilter Netfilter])
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/iputils-ping iputils-ping ]
| | [http://packages.debian.org/sid/iputils-ping iputils-ping ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=iputils-ping V:206, I:997]  
| | [http://qa.debian.org/popcon-graph.php?packages=iputils-ping V:206, I:997]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/i/iputils-ping.html 118]  
| | [http://packages.qa.debian.org/i/iputils-ping.html 118]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Test  
| | Test
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Erreichbarkeit eines fernen Rechners über das Netzwerk testen, entweder mittels [https://de.wikipedia.org/wiki/Hostname Rechnername] oder [https://de.wikipedia.org/wiki/IP-Adresse IP-Addresse] ([http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 iproute2])  
| | Erreichbarkeit eines fernen Rechners über das Netzwerk testen, entweder mittels [https://de.wikipedia.org/wiki/Hostname Rechnername] oder [https://de.wikipedia.org/wiki/IP-Adresse IP-Addresse] ([http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 iproute2])
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/iputils-arping iputils-arping ]
| | [http://packages.debian.org/sid/iputils-arping iputils-arping ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=iputils-arping V:5, I:78]  
| | [http://qa.debian.org/popcon-graph.php?packages=iputils-arping V:5, I:78]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/i/iputils-arping.html 60]  
| | [http://packages.qa.debian.org/i/iputils-arping.html 60]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Test  
| | Test
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Erreichbarkeit eines fernen Rechners über das Netzwerk mittels seiner [https://de.wikipedia.org/wiki/Address_Resolution_Protocol ARP]-Addresse testen  
| | Erreichbarkeit eines fernen Rechners über das Netzwerk mittels seiner [https://de.wikipedia.org/wiki/Address_Resolution_Protocol ARP]-Addresse testen
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/iputils-tracepath iputils-tracepath ]
| | [http://packages.debian.org/sid/iputils-tracepath iputils-tracepath ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=iputils-tracepath V:4, I:46]  
| | [http://qa.debian.org/popcon-graph.php?packages=iputils-tracepath V:4, I:46]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/i/iputils-tracepath.html 52]  
| | [http://packages.qa.debian.org/i/iputils-tracepath.html 52]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Test  
| | Test
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Netzwerkpfad zu einem fernen Rechner verfolgen  
| | Netzwerkpfad zu einem fernen Rechner verfolgen
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/ethtool ethtool ]
| | [http://packages.debian.org/sid/ethtool ethtool ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=ethtool V:96, I:267]  
| | [http://qa.debian.org/popcon-graph.php?packages=ethtool V:96, I:267]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/e/ethtool.html 631]  
| | [http://packages.qa.debian.org/e/ethtool.html 631]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Test  
| | Test
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Eigenschaften von Ethernet-Geräten anzeigen oder ändern  
| | Eigenschaften von Ethernet-Geräten anzeigen oder ändern
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/mtr-tiny mtr-tiny ]
| | [http://packages.debian.org/sid/mtr-tiny mtr-tiny ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=mtr-tiny V:6, I:52]  
| | [http://qa.debian.org/popcon-graph.php?packages=mtr-tiny V:6, I:52]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/m/mtr-tiny.html 161]  
| | [http://packages.qa.debian.org/m/mtr-tiny.html 161]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | test::low-level  
| | test::low-level
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Netzwerkpfad zu einem fernen Rechner verfolgen (Curses-basiert)  
| | Netzwerkpfad zu einem fernen Rechner verfolgen (Curses-basiert)
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/mtr mtr ]
| | [http://packages.debian.org/sid/mtr mtr ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=mtr V:4, I:44]  
| | [http://qa.debian.org/popcon-graph.php?packages=mtr V:4, I:44]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/m/mtr.html 214]  
| | [http://packages.qa.debian.org/m/mtr.html 214]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | "  
| | "
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Netzwerkpfad zu einem fernen Rechner verfolgen (Curses- und GTK-basiert)  
| | Netzwerkpfad zu einem fernen Rechner verfolgen (Curses- und GTK-basiert)
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/gnome-nettool gnome-nettool ]
| | [http://packages.debian.org/sid/gnome-nettool gnome-nettool ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=gnome-nettool V:1, I:31]  
| | [http://qa.debian.org/popcon-graph.php?packages=gnome-nettool V:1, I:31]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/g/gnome-nettool.html 2110]  
| | [http://packages.qa.debian.org/g/gnome-nettool.html 2110]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | "  
| | "
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Werkzeuge für allgemeine Netzwerkinformations-Operationen (GNOME)  
| | Werkzeuge für allgemeine Netzwerkinformations-Operationen (GNOME)
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/nmap nmap ]
| | [http://packages.debian.org/sid/nmap nmap ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=nmap V:28, I:231]  
| | [http://qa.debian.org/popcon-graph.php?packages=nmap V:28, I:231]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/n/nmap.html 4452]  
| | [http://packages.qa.debian.org/n/nmap.html 4452]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | "  
| | "
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Netzwerk-Mapper/Port-Scanner ([https://de.wikipedia.org/wiki/Nmap Nmap], konsolen-basiert)  
| | Netzwerk-Mapper/Port-Scanner ([https://de.wikipedia.org/wiki/Nmap Nmap], konsolen-basiert)
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/zenmap zenmap ]
| | [http://packages.debian.org/sid/zenmap zenmap ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=zenmap V:0, I:4]  
| | [http://qa.debian.org/popcon-graph.php?packages=zenmap V:0, I:4]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/z/zenmap.html 2939]  
| | [http://packages.qa.debian.org/z/zenmap.html 2939]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | "  
| | "
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Netzwerk-Mapper/Port-Scanner (GTK-basiert)  
| | Netzwerk-Mapper/Port-Scanner (GTK-basiert)
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/tcpdump tcpdump ]
| | [http://packages.debian.org/sid/tcpdump tcpdump ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=tcpdump V:18, I:196]  
| | [http://qa.debian.org/popcon-graph.php?packages=tcpdump V:18, I:196]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/t/tcpdump.html 1330]  
| | [http://packages.qa.debian.org/t/tcpdump.html 1330]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | "  
| | "
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Netzwerkverkehr-Analysator ([https://de.wikipedia.org/wiki/Tcpdump Tcpdump], konsolen-basiert)  
| | Netzwerkverkehr-Analysator ([https://de.wikipedia.org/wiki/Tcpdump Tcpdump], konsolen-basiert)
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/wireshark wireshark ]
| | [http://packages.debian.org/sid/wireshark wireshark ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=wireshark I:52]  
| | [http://qa.debian.org/popcon-graph.php?packages=wireshark I:52]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/w/wireshark.html 72]  
| | [http://packages.qa.debian.org/w/wireshark.html 72]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | "  
| | "
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Netzwerkverkehr-Analysator ([https://de.wikipedia.org/wiki/Wireshark Wireshark], GTK-basiert)  
| | Netzwerkverkehr-Analysator ([https://de.wikipedia.org/wiki/Wireshark Wireshark], GTK-basiert)
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/tshark tshark ]
| | [http://packages.debian.org/sid/tshark tshark ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=tshark V:2, I:30]  
| | [http://qa.debian.org/popcon-graph.php?packages=tshark V:2, I:30]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/t/tshark.html 427]  
| | [http://packages.qa.debian.org/t/tshark.html 427]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | "  
| | "
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Netzwerkverkehr-Analysator (konsolen-basiert)  
| | Netzwerkverkehr-Analysator (konsolen-basiert)
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/tcptrace tcptrace ]
| | [http://packages.debian.org/sid/tcptrace tcptrace ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=tcptrace V:0, I:2]  
| | [http://qa.debian.org/popcon-graph.php?packages=tcptrace V:0, I:2]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/t/tcptrace.html 401]  
| | [http://packages.qa.debian.org/t/tcptrace.html 401]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | "  
| | "
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | eine Zusammenfassung von Verbindungen auf Basis der <tt>tcpdump</tt>-Ausgabe erstellen  
| | eine Zusammenfassung von Verbindungen auf Basis der <tt>tcpdump</tt>-Ausgabe erstellen
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/snort snort ]
| | [http://packages.debian.org/sid/snort snort ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=snort V:0, I:1]  
| | [http://qa.debian.org/popcon-graph.php?packages=snort V:0, I:1]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/s/snort.html 2206]  
| | [http://packages.qa.debian.org/s/snort.html 2206]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | "  
| | "
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | flexibles Einbruchmeldesystem für das Netzwerk ([https://de.wikipedia.org/wiki/Snort Snort])  
| | flexibles Einbruchmeldesystem für das Netzwerk ([https://de.wikipedia.org/wiki/Snort Snort])
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/ntopng ntopng ]
| | [http://packages.debian.org/sid/ntopng ntopng ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=ntopng V:1, I:1]  
| | [http://qa.debian.org/popcon-graph.php?packages=ntopng V:1, I:1]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/n/ntopng.html 969]  
| | [http://packages.qa.debian.org/n/ntopng.html 969]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | "  
| | "
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Daten über die Netzwerknutzung im Webbrowser anzeigen  
| | Daten über die Netzwerknutzung im Webbrowser anzeigen
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/dnsutils dnsutils ]
| | [http://packages.debian.org/sid/dnsutils dnsutils ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=dnsutils V:39, I:423]  
| | [http://qa.debian.org/popcon-graph.php?packages=dnsutils V:39, I:423]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/d/dnsutils.html 275]  
| | [http://packages.qa.debian.org/d/dnsutils.html 275]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | "  
| | "
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Netzwerk-Clients, die mit [https://de.wikipedia.org/wiki/BIND BIND] bereitgestellt werden: <tt>nslookup</tt>(8), <tt>nsupdate</tt>(8), <tt>dig</tt>(8)  
| | Netzwerk-Clients, die mit [https://de.wikipedia.org/wiki/BIND BIND] bereitgestellt werden: <tt>nslookup</tt>(8), <tt>nsupdate</tt>(8), <tt>dig</tt>(8)
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/dlint dlint ]
| | [http://packages.debian.org/sid/dlint dlint ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=dlint V:0, I:5]  
| | [http://qa.debian.org/popcon-graph.php?packages=dlint V:0, I:5]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/d/dlint.html 53]  
| | [http://packages.qa.debian.org/d/dlint.html 53]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | "  
| | "
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [https://de.wikipedia.org/wiki/Domain_Name_System DNS]-Zoneninformationen mittels Nameserver-Abfragen überprüfen  
| | [https://de.wikipedia.org/wiki/Domain_Name_System DNS]-Zoneninformationen mittels Nameserver-Abfragen überprüfen
|-
|-
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/dnstracer dnstracer ]
| | [http://packages.debian.org/sid/dnstracer dnstracer ]
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=dnstracer V:0, I:1]  
| | [http://qa.debian.org/popcon-graph.php?packages=dnstracer V:0, I:1]
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/d/dnstracer.html 60]  
| | [http://packages.qa.debian.org/d/dnstracer.html 60]
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | "  
| | "
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | eine Verkettung von [https://de.wikipedia.org/wiki/Domain_Name_System DNS]-Servern zu ihrer Quelle verfolgen  
| | eine Verkettung von [https://de.wikipedia.org/wiki/Domain_Name_System DNS]-Servern zu ihrer Quelle verfolgen
|-
|-
|}
|}
Zeile 216: Zeile 210:


=== 5.1.1. Die Auflösung des Rechnernamens ===
=== 5.1.1. Die Auflösung des Rechnernamens ===
 
Die Auflösung des Rechnernamens (hostname) wird derzeit auch durch den [https://de.wikipedia.org/wiki/Name_Service_Switch NSS-(Name-Service-Switch-)]Mechanismus unterstützt. Die Auflösung läuft wie folgt ab:# Die "<tt>/etc/nsswitch.conf</tt>"-Datei mit Einträgen wie "<tt>hosts: files dns</tt>" bestimmt die Reihenfolge der Rechnernamenauflösung. (Dies ersetzt die alte Funktionalität der "<tt>order</tt>"-Einträge in "<tt>/etc/host.conf</tt>".)
Die Auflösung des Rechnernamens (hostname) wird derzeit auch durch den [https://de.wikipedia.org/wiki/Name_Service_Switch NSS-(Name-Service-Switch-)]Mechanismus unterstützt. Die Auflösung läuft wie folgt ab:# Die "<tt>/etc/nsswitch.conf</tt>"-Datei mit Einträgen wie "<tt>hosts: files dns</tt>" bestimmt die Reihenfolge der Rechnernamenauflösung. (Dies ersetzt die alte Funktionalität der "<tt>order</tt>"-Einträge in "<tt>/etc/host.conf</tt>".)  
# Als erstes wird in diesem Beispiel die <tt>files</tt>-Methode aufgerufen. Wenn der Rechnername in der "<tt>/etc/hosts</tt>"-Datei gefunden wird, werden alle gültigen Adressen für den Rechner ausgegeben und die Abfrage wird beendet. (Die "<tt>/etc/host.conf</tt>"-Datei enthält "<tt>multi on</tt>".)
# Als erstes wird in diesem Beispiel die <tt>files</tt>-Methode aufgerufen. Wenn der Rechnername in der "<tt>/etc/hosts</tt>"-Datei gefunden wird, werden alle gültigen Adressen für den Rechner ausgegeben und die Abfrage wird beendet. (Die "<tt>/etc/host.conf</tt>"-Datei enthält "<tt>multi on</tt>".)  
# Dann wird die <tt>dns</tt>-Methode wird aufgerufen. Wenn der Rechnername über das [https://de.wikipedia.org/wiki/Domain_Name_System Internet Domain Name System (DNS)] (definiert über die Datei "<tt>/etc/resolv.conf</tt>") gefunden wird, werden alle dafür gültigen Adressen ausgegeben und die Abfrage wird beendet.
# Dann wird die <tt>dns</tt>-Methode wird aufgerufen. Wenn der Rechnername über das [https://de.wikipedia.org/wiki/Domain_Name_System Internet Domain Name System (DNS)] (definiert über die Datei "<tt>/etc/resolv.conf</tt>") gefunden wird, werden alle dafür gültigen Adressen ausgegeben und die Abfrage wird beendet.  
 
 


Die "<tt>/etc/hosts</tt>"-Datei sieht zum Beispiel so aus:
Die "<tt>/etc/hosts</tt>"-Datei sieht zum Beispiel so aus:
Zeile 229: Zeile 220:


<nowiki># The following lines are desirable for IPv6 capable hosts</nowiki>
<nowiki># The following lines are desirable for IPv6 capable hosts</nowiki>
::1     localhost ip6-localhost ip6-loopback
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::2 ip6-allrouters
Zeile 249: Zeile 240:
Das <tt>resolvconf</tt>-Paket macht "<tt>/etc/resolv.conf</tt>" zu einem symbolischen Link und verwaltet ihren Inhalt automatisch über die Hook-Skripte.
Das <tt>resolvconf</tt>-Paket macht "<tt>/etc/resolv.conf</tt>" zu einem symbolischen Link und verwaltet ihren Inhalt automatisch über die Hook-Skripte.


Bei PC-Arbeitsplatzrechnern in einer typischen LAN-Umgebung kann der Rechnername zusätzlich zu den grundlegenden <tt>files</tt>- und <tt>dns</tt>-Methoden auch über Multicast DNS (mDNS, [https://de.wikipedia.org/wiki/Zeroconf Zeroconf]) aufgelöst werden:* [https://de.wikipedia.org/wiki/Avahi_(Software) Avahi] stellt ein Rahmenwerk für Multicast-DNS-Diensteabfragen auf Debian-Systemen bereit.  
Bei PC-Arbeitsplatzrechnern in einer typischen LAN-Umgebung kann der Rechnername zusätzlich zu den grundlegenden <tt>files</tt>- und <tt>dns</tt>-Methoden auch über Multicast DNS (mDNS, [https://de.wikipedia.org/wiki/Zeroconf Zeroconf]) aufgelöst werden:* [https://de.wikipedia.org/wiki/Avahi_(Software) Avahi] stellt ein Rahmenwerk für Multicast-DNS-Diensteabfragen auf Debian-Systemen bereit.
* Es ist ein Äquivalent zu [https://de.wikipedia.org/wiki/Bonjour_(Apple) Apple Bonjour / Apple Rendezvous].  
* Es ist ein Äquivalent zu [https://de.wikipedia.org/wiki/Bonjour_(Apple) Apple Bonjour / Apple Rendezvous].
* Das <tt>libnss-mdns</tt>-Plugin-Paket bietet Rechnernamensauflösung via mDNS für die GNU Name-Service-Switch-(NSS-)Funktionalität der GNU C-Bibliothek (glibc).  
* Das <tt>libnss-mdns</tt>-Plugin-Paket bietet Rechnernamensauflösung via mDNS für die GNU Name-Service-Switch-(NSS-)Funktionalität der GNU C-Bibliothek (glibc).
* Die Datei "<tt>/etc/nsswitch.conf</tt>" sollte Einträge wie "<tt>hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4</tt>" enthalten.  
* Die Datei "<tt>/etc/nsswitch.conf</tt>" sollte Einträge wie "<tt>hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4</tt>" enthalten.
* Rechnernamen, die mit der [https://en.wikipedia.org/wiki/Pseudo-top-level_domain Pseudo-Top-Level Domain (TLD)] [https://en.wikipedia.org/wiki/.local ".local"] enden, werden aufgelöst.  
* Rechnernamen, die mit der [https://en.wikipedia.org/wiki/Pseudo-top-level_domain Pseudo-Top-Level Domain (TLD)] [https://en.wikipedia.org/wiki/.local ".local"] enden, werden aufgelöst.
* Die mDNS IPv4 link-lokale Multicast-Adresse "<tt>224.0.0.251</tt>" oder ihr IPv6-Äquivalent "<tt>FF02::FB</tt>" wird verwendet, um DNS-Abfragen für einen auf "<tt>.local</tt>" endenden Namen durchzuführen.  
* Die mDNS IPv4 link-lokale Multicast-Adresse "<tt>224.0.0.251</tt>" oder ihr IPv6-Äquivalent "<tt>FF02::FB</tt>" wird verwendet, um DNS-Abfragen für einen auf "<tt>.local</tt>" endenden Namen durchzuführen.
 
 


Rechnernamensauflösung über das veraltete [https://de.wikipedia.org/wiki/NetBIOS_over_TCP/IP NETBios over TCP/IP], das von älteren Windows-Systemen verwendet wurde, kann über die Installation des Pakets <tt>winbind</tt> realisiert werden. Die "<tt>/etc/nsswitch.conf</tt>"-Datei sollte Einträge wie "<tt>hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 wins</tt>" enthalten, um diese Funktionalität zu aktivieren. (Moderne Windows-Systeme verwenden normalerweise die <tt>dns</tt>-Methode zur Rechnernamensauflösung.)
Rechnernamensauflösung über das veraltete [https://de.wikipedia.org/wiki/NetBIOS_over_TCP/IP NETBios over TCP/IP], das von älteren Windows-Systemen verwendet wurde, kann über die Installation des Pakets <tt>winbind</tt> realisiert werden. Die "<tt>/etc/nsswitch.conf</tt>"-Datei sollte Einträge wie "<tt>hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 wins</tt>" enthalten, um diese Funktionalität zu aktivieren. (Moderne Windows-Systeme verwenden normalerweise die <tt>dns</tt>-Methode zur Rechnernamensauflösung.)


 
{| class="wikitable sortable options"
{| style="border-spacing:0;width:14.46cm;"
|-
| | [[Image:Bild3.png|top|alt="[Anmerkung]"]]
| | '''Anmerkung'''
|-
|-
| style="border:none;padding:0.049cm;" | [[Image:Bild3.png|top|alt="[Anmerkung]"]]
| align=center style="border:none;padding:0.049cm;" | '''Anmerkung'''
|- style="border:none;padding:0.049cm;"
|| Die [http://newgtlds.icann.org/en/program-status/delegated-strings Ausweitung generischer Top-Level-Domains (gTLD)] im [https://de.wikipedia.org/wiki/Domain_Name_System Domain-Name-System] ist in Arbeit. Achten Sie bei Auswahl von Domain-Namen, die nur im lokalen Netzwerk verwendet werden sollen, auf [http://icannwiki.com/Name_Collision Namenskollisionen].
|| Die [http://newgtlds.icann.org/en/program-status/delegated-strings Ausweitung generischer Top-Level-Domains (gTLD)] im [https://de.wikipedia.org/wiki/Domain_Name_System Domain-Name-System] ist in Arbeit. Achten Sie bei Auswahl von Domain-Namen, die nur im lokalen Netzwerk verwendet werden sollen, auf [http://icannwiki.com/Name_Collision Namenskollisionen].


|-
|-
|}
|}
=== 5.1.2. Der Netzwerkschnittstellenname ===
=== 5.1.2. Der Netzwerkschnittstellenname ===
[https://de.wikipedia.org/wiki/Systemd Systemd] verwendet "[https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ verlässlich vorhersagbare Namen (Predictable Network Interface Names)]" wie "<tt>enp0s25</tt>".


[https://de.wikipedia.org/wiki/Systemd Systemd] verwendet "[https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ verlässlich vorhersagbare Namen (Predictable Network Interface Names)]" wie "<tt>enp0s25</tt>".


=== 5.1.3. Der Netzwerkadressbereich für das LAN ===
=== 5.1.3. Der Netzwerkadressbereich für das LAN ===
Wir wollen uns an die IPv4 32-Bit-Adressbereiche erinnern, die durch die [http://tools.ietf.org/html/rfc1918 rfc1918] für jede Klasse zur Verwendung in [https://de.wikipedia.org/wiki/Local_Area_Network Local Area Networks (LANs)] reserviert sind. Diese Adressen werden bestimmt nicht mit irgendwelchen Adressen im Internet kollidieren.
Wir wollen uns an die IPv4 32-Bit-Adressbereiche erinnern, die durch die [http://tools.ietf.org/html/rfc1918 rfc1918] für jede Klasse zur Verwendung in [https://de.wikipedia.org/wiki/Local_Area_Network Local Area Networks (LANs)] reserviert sind. Diese Adressen werden bestimmt nicht mit irgendwelchen Adressen im Internet kollidieren.


 
{| class="wikitable sortable options"
{| style="border-spacing:0;width:14.46cm;"
|-
| | [[Image:Bild4.png|top|alt="[Anmerkung]"]]
| | '''Anmerkung'''
|-
|-
| style="border:none;padding:0.049cm;" | [[Image:Bild4.png|top|alt="[Anmerkung]"]]
|| IP-Adressen mit Doppelpunkten sind [https://de.wikipedia.org/wiki/IPv6#Adressnotation IPv6-Adressen], z.B. "<tt>::1</tt>" für <tt>localhost</tt>.
| align=center style="border:none;padding:0.049cm;" | '''Anmerkung'''
|- style="border:none;padding:0.049cm;"
|| IP-Adressen mit Doppelpunkten sind [https://de.wikipedia.org/wiki/IPv6#Adressnotation IPv6-Adressen], z.B. "<tt>::1</tt>" für <tt>localhost</tt>.  
|-
|-
|}
|}
'''Tabelle 5.2. Liste der Netzwerkadressbereiche'''  
'''Tabelle 5.2. Liste der Netzwerkadressbereiche'''


 
{| class="wikitable sortable options"
{| style="border-spacing:0;width:16.656cm;"
|-
|-
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Klasse  
! | Klasse
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Netzwerkadressen  
! | Netzwerkadressen
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Netzmaske  
! | Netzmaske
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Netzmaske /Bits  
! | Netzmaske /Bits
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | von Subnetzwerken  
! | von Subnetzwerken
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | A  
| | A
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | 10.x.x.x  
| | 10.x.x.x
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | 255.0.0.0  
| | 255.0.0.0
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | /8  
| | /8
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | 1  
| | 1
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | B  
| | B
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | 172.16.x.x — 172.31.x.x  
| | 172.16.x.x — 172.31.x.x
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | 255.255.0.0  
| | 255.255.0.0
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | /16  
| | /16
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | 16  
| | 16
|-
|-
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | C  
| | C
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | 192.168.0.x — 192.168.255.x  
| | 192.168.0.x — 192.168.255.x
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | 255.255.255.0  
| | 255.255.255.0
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | /24  
| | /24
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | 256  
| | 256
|-
|-
|}
|}


 
{| class="wikitable sortable options"
 
|-
{| style="border-spacing:0;width:14.46cm;"
| | [[Image:Bild5.png|top|alt="[Anmerkung]"]]
| | '''Anmerkung'''
|-
|-
| style="border:none;padding:0.049cm;" | [[Image:Bild5.png|top|alt="[Anmerkung]"]]
| align=center style="border:none;padding:0.049cm;" | '''Anmerkung'''
|- style="border:none;padding:0.049cm;"
|| Wenn eine dieser Adressen einem Rechner zugewiesen ist, kann dieser Rechner das Internet nicht direkt erreichen, sondern muss ein Gateway verwenden, der als Proxy für verschiedene Dienste dient, oder er nutzt [https://de.wikipedia.org/wiki/Network_Address_Translation Network Address Translation (NAT)]. Ein Breitband-Router nutzt üblicherweise NAT für das Anwender-Netzwerk.
|| Wenn eine dieser Adressen einem Rechner zugewiesen ist, kann dieser Rechner das Internet nicht direkt erreichen, sondern muss ein Gateway verwenden, der als Proxy für verschiedene Dienste dient, oder er nutzt [https://de.wikipedia.org/wiki/Network_Address_Translation Network Address Translation (NAT)]. Ein Breitband-Router nutzt üblicherweise NAT für das Anwender-Netzwerk.


|-
|-
|}
|}
=== 5.1.4. Unterstützung für Netzwerkgeräte ===
=== 5.1.4. Unterstützung für Netzwerkgeräte ===
Der größte Teil verfügbarer Netzwerk-Hardware wird durch das Debian-System unterstützt; es gibt einige Geräte, die laut [https://www.debian.org/social_contract#guidelines DFSG] nicht-freie Firmware für den Betrieb erfordern. Lesen Sie dazu [https://www.debian.org/doc/manuals/debian-reference/ch09.de.html#_hardware_drivers_and_firmware Abschnitt 9.10.5, „Hardware-Treiber und Firmware“].


Der größte Teil verfügbarer Netzwerk-Hardware wird durch das Debian-System unterstützt; es gibt einige Geräte, die laut [https://www.debian.org/social_contract#guidelines DFSG] nicht-freie Firmware für den Betrieb erfordern. Lesen Sie dazu [https://www.debian.org/doc/manuals/debian-reference/ch09.de.html#_hardware_drivers_and_firmware Abschnitt 9.10.5, „Hardware-Treiber und Firmware“].


== 5.2. Moderne Netzwerkkonfiguration für Arbeitsplatzsysteme ==
== 5.2. Moderne Netzwerkkonfiguration für Arbeitsplatzsysteme ==
Auf modernen Debian-Desktop-Systemen mit <tt>systemd</tt> erfolgt die Initialisierung von Netzwerkschnittstellen für die Loopback-Schnittstelle <tt>lo</tt> typischerweise durch "<tt>networking.service</tt>" und für andere Schnittstellen durch "<tt>NetworkManager.service</tt>".
Auf modernen Debian-Desktop-Systemen mit <tt>systemd</tt> erfolgt die Initialisierung von Netzwerkschnittstellen für die Loopback-Schnittstelle <tt>lo</tt> typischerweise durch "<tt>networking.service</tt>" und für andere Schnittstellen durch "<tt>NetworkManager.service</tt>".


Debian-Systeme können Netzwerkverbindungen über Software-[https://de.wikipedia.org/wiki/Daemon Daemons] wie [https://de.wikipedia.org/wiki/NetworkManager NetworkManager (NM)] (network-manager und zugehörige Pakete) verwalten.* Sie haben ihre eigenen grafischen [https://de.wikipedia.org/wiki/Grafische_Benutzeroberfläche GUI]- und Befehlszeilen-Programme als Bedienoberfläche.  
Debian-Systeme können Netzwerkverbindungen über Software-[https://de.wikipedia.org/wiki/Daemon Daemons] wie [https://de.wikipedia.org/wiki/NetworkManager NetworkManager (NM)] (network-manager und zugehörige Pakete) verwalten.* Sie haben ihre eigenen grafischen [https://de.wikipedia.org/wiki/Grafische_Benutzeroberfläche GUI]- und Befehlszeilen-Programme als Bedienoberfläche.
* Sie haben ihre eigenen [https://de.wikipedia.org/wiki/Daemon Daemons] als Unterbau.  
* Sie haben ihre eigenen [https://de.wikipedia.org/wiki/Daemon Daemons] als Unterbau.
* Sie erlauben eine einfache Verbindung Ihres Systems mit dem Internet.  
* Sie erlauben eine einfache Verbindung Ihres Systems mit dem Internet.
* Sie ermöglichen eine problemlose Verwaltung von kabelgebundenen und kabellosen Netzwerkkonfigurationen.  
* Sie ermöglichen eine problemlose Verwaltung von kabelgebundenen und kabellosen Netzwerkkonfigurationen.
* Sie erlauben uns, das Netzwerk unabhängig vom althergebrachten <tt>ifupdown</tt> zu konfigurieren.  
* Sie erlauben uns, das Netzwerk unabhängig vom althergebrachten <tt>ifupdown</tt> zu konfigurieren.


 
{| class="wikitable sortable options"
 
|-
 
| | [[Image:Bild6.png|top|alt="[Anmerkung]"]]
{| style="border-spacing:0;width:14.46cm;"
| | '''Anmerkung'''
|-
|-
| style="border:none;padding:0.049cm;" | [[Image:Bild6.png|top|alt="[Anmerkung]"]]
| align=center style="border:none;padding:0.049cm;" | '''Anmerkung'''
|- style="border:none;padding:0.049cm;"
|| Verwenden Sie diese automatischen Netzwerkkonfigurations-Werkzeuge nicht für Server. Sie sind primär für die Nutzung auf Arbeitsplatzrechnern oder Laptops gedacht.
|| Verwenden Sie diese automatischen Netzwerkkonfigurations-Werkzeuge nicht für Server. Sie sind primär für die Nutzung auf Arbeitsplatzrechnern oder Laptops gedacht.
|-
|-
|}
|}
Diese modernen Werkzeuge müssen korrekt konfiguriert werden, um Konflikte mit dem <tt>ifupdown</tt>-Paket und seiner Konfigurationsdatei "<tt>/etc/network/interfaces</tt>" zu vermeiden.
Diese modernen Werkzeuge müssen korrekt konfiguriert werden, um Konflikte mit dem <tt>ifupdown</tt>-Paket und seiner Konfigurationsdatei "<tt>/etc/network/interfaces</tt>" zu vermeiden.


=== 5.2.1. Grafische Netzwerkkonfigurations-Werkzeuge ===
=== 5.2.1. Grafische Netzwerkkonfigurations-Werkzeuge ===
Offizielle Dokumentation für NM unter Debian ist in "<tt>/usr/share/doc/network-manager/README.Debian</tt>" verfügbar.
Offizielle Dokumentation für NM unter Debian ist in "<tt>/usr/share/doc/network-manager/README.Debian</tt>" verfügbar.


Zeile 365: Zeile 344:
# Halten Sie die Konfiguration in "<tt>/etc/network/interfaces</tt>" so einfach wie hier: <br/>auto lo<br/>iface lo inet loopback
# Halten Sie die Konfiguration in "<tt>/etc/network/interfaces</tt>" so einfach wie hier: <br/>auto lo<br/>iface lo inet loopback
# Starten Sie NM mit folgendem Befehl neu: <br/>$ sudo systemctl restart network-manager
# Starten Sie NM mit folgendem Befehl neu: <br/>$ sudo systemctl restart network-manager
# Konfigurieren Sie Ihr Netzwerk über die grafische GUI-Oberfläche.  
# Konfigurieren Sie Ihr Netzwerk über die grafische GUI-Oberfläche.


 
{| class="wikitable sortable options"
 
|-
 
| | [[Image:Bild7.png|top|alt="[Anmerkung]"]]
{| style="border-spacing:0;width:14.46cm;"
| | '''Anmerkung'''
|-
|-
| style="border:none;padding:0.049cm;" | [[Image:Bild7.png|top|alt="[Anmerkung]"]]
| align=center style="border:none;padding:0.049cm;" | '''Anmerkung'''
|- style="border:none;padding:0.049cm;"
|| Um Konflikte mit <tt>ifupdown</tt> zu vermeiden, werden nur Schnittstellen, die '''nicht''' in "<tt>/etc/network/interfaces</tt>" aufgelistet sind, von NM verwaltet.
|| Um Konflikte mit <tt>ifupdown</tt> zu vermeiden, werden nur Schnittstellen, die '''nicht''' in "<tt>/etc/network/interfaces</tt>" aufgelistet sind, von NM verwaltet.


|-
|-
|}
|}


{| style="border-spacing:0;width:14.46cm;"
{| class="wikitable sortable options"
|-
| | [[Image:Bild8.png|top|alt="[Tipp]"]]
| | '''Tipp'''
|-
|-
| style="border:none;padding:0.049cm;" | [[Image:Bild8.png|top|alt="[Tipp]"]]
| align=center style="border:none;padding:0.049cm;" | '''Tipp'''
|- style="border:none;padding:0.049cm;"
|| Wenn Sie die Fähigkeiten von NM erweitern möchten, suchen Sie nach entsprechenden Plugin-Modulen und zusätzlichen Paketen wie <tt>network-manager-openconnect</tt>, <tt>network-manager-openvpn-gnome</tt>, <tt>network-manager-pptp-gnome</tt>, <tt>mobile-broadband-provider-info</tt>, <tt>gnome-bluetooth</tt> usw.
|| Wenn Sie die Fähigkeiten von NM erweitern möchten, suchen Sie nach entsprechenden Plugin-Modulen und zusätzlichen Paketen wie <tt>network-manager-openconnect</tt>, <tt>network-manager-openvpn-gnome</tt>, <tt>network-manager-pptp-gnome</tt>, <tt>mobile-broadband-provider-info</tt>, <tt>gnome-bluetooth</tt> usw.


|-
|-
|}
|}
== 5.3. Moderne Netzwerkkonfiguration ohne grafische Oberfläche ==
== 5.3. Moderne Netzwerkkonfiguration ohne grafische Oberfläche ==
Unter [https://de.wikipedia.org/wiki/Systemd systemd] kann das Netzwerk stattdessen in <tt>/etc/systemd/network/</tt> konfiguriert werden. Lesen Sie dazu <tt>systemd-resolved</tt>(8), <tt>resolved.conf</tt>(5) und <tt>systemd-networkd</tt>(8).
Unter [https://de.wikipedia.org/wiki/Systemd systemd] kann das Netzwerk stattdessen in <tt>/etc/systemd/network/</tt> konfiguriert werden. Lesen Sie dazu <tt>systemd-resolved</tt>(8), <tt>resolved.conf</tt>(5) und <tt>systemd-networkd</tt>(8).


Zeile 413: Zeile 387:
Address=192.168.0.15/24
Address=192.168.0.15/24
Gateway=192.168.0.1
Gateway=192.168.0.1


== 5.4. Netzwerkkonfiguration auf unterster Ebene ==
== 5.4. Netzwerkkonfiguration auf unterster Ebene ==
Für Netzwerkkonfiguration über die Konsole können Sie unter Linux die [http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 iproute2]-Programme (<tt>ip</tt>(8), …) verwenden.


Für Netzwerkkonfiguration über die Konsole können Sie unter Linux die [http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 iproute2]-Programme (<tt>ip</tt>(8), …) verwenden.


=== 5.4.1. iproute2-Befehle ===
=== 5.4.1. iproute2-Befehle ===
Die [http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 iproute2]-Befehle bieten vollwertige Funktionalität auf der untersten Ebene der Netzwerkkonfiguration. Hier eine Tabelle zur Gegenüberstellung von veralteten [http://www.linuxfoundation.org/collaborate/workgroups/networking/net-tools net-tools]-Befehlen und neuen [http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 iproute2]- und anderen Befehlen.
Die [http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 iproute2]-Befehle bieten vollwertige Funktionalität auf der untersten Ebene der Netzwerkkonfiguration. Hier eine Tabelle zur Gegenüberstellung von veralteten [http://www.linuxfoundation.org/collaborate/workgroups/networking/net-tools net-tools]-Befehlen und neuen [http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 iproute2]- und anderen Befehlen.


'''Tabelle 5.3. Gegenüberstellung von <tt>net-tools</tt>- und <tt>iproute2</tt>-Befehlen'''  
'''Tabelle 5.3. Gegenüberstellung von <tt>net-tools</tt>- und <tt>iproute2</tt>-Befehlen'''


 
{| class="wikitable sortable options"
{| style="border-spacing:0;width:17cm;"
|-
|-
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | net-tools (veraltet)  
! | net-tools (veraltet)
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | iproute2 usw. (neu)  
! | iproute2 usw. (neu)
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Beeinflussung  
! | Beeinflussung
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>ifconfig</tt>(8)  
| | <tt>ifconfig</tt>(8)
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>ip addr</tt>  
| | <tt>ip addr</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Protokoll-Adresse (IP oder IPv6) eines Gerätes  
| | Protokoll-Adresse (IP oder IPv6) eines Gerätes
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>route</tt>(8)  
| | <tt>route</tt>(8)
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>ip route</tt>  
| | <tt>ip route</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Eintrag in der Routing-Tabelle  
| | Eintrag in der Routing-Tabelle
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>arp</tt>(8)  
| | <tt>arp</tt>(8)
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>ip neigh</tt>  
| | <tt>ip neigh</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | ARP- oder NDISC-Cache-Eintrag  
| | ARP- oder NDISC-Cache-Eintrag
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>ipmaddr</tt>  
| | <tt>ipmaddr</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>ip maddr</tt>  
| | <tt>ip maddr</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Multicast-Adresse  
| | Multicast-Adresse
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>iptunnel</tt>  
| | <tt>iptunnel</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>ip tunnel</tt>  
| | <tt>ip tunnel</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Tunnel über IP  
| | Tunnel über IP
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>nameif</tt>(8)  
| | <tt>nameif</tt>(8)
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>ifrename</tt>(8)  
| | <tt>ifrename</tt>(8)
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Netzwerkschnittstellen basierend auf MAC-Adressen benennen  
| | Netzwerkschnittstellen basierend auf MAC-Adressen benennen
|-
|-
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>mii-tool</tt>(8)  
| | <tt>mii-tool</tt>(8)
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>ethtool</tt>(8)  
| | <tt>ethtool</tt>(8)
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Einstellungen von Ethernet-Geräten  
| | Einstellungen von Ethernet-Geräten
|-
|-
|}
|}


Lesen Sie <tt>ip</tt>(8) und das [http://www.policyrouting.org/iproute2.doc.html IPROUTE2 Utility Suite Howto].


Lesen Sie <tt>ip</tt>(8) und das [http://www.policyrouting.org/iproute2.doc.html IPROUTE2 Utility Suite Howto].


=== 5.4.2. Sichere Basis-Netzwerkoperationen ===
=== 5.4.2. Sichere Basis-Netzwerkoperationen ===
Sie können die folgenden Netzwerkbefehle der untersten Ebene problemlos verwenden, da sie die Netzwerkkonfiguration nicht verändern:
Sie können die folgenden Netzwerkbefehle der untersten Ebene problemlos verwenden, da sie die Netzwerkkonfiguration nicht verändern:


'''Tabelle 5.4. Liste von Basis-Netzwerkbefehlen'''  
'''Tabelle 5.4. Liste von Basis-Netzwerkbefehlen'''
 


{| style="border-spacing:0;width:17cm;"
{| class="wikitable sortable options"
|-
|-
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Befehl  
! | Befehl
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Beschreibung  
! | Beschreibung
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>ip addr show</tt>  
| | <tt>ip addr show</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Verbindungs- und Adressstatus von aktiven Schnittstellen anzeigen  
| | Verbindungs- und Adressstatus von aktiven Schnittstellen anzeigen
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>route -n</tt>  
| | <tt>route -n</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Vollständige Routing-Tabelle mit numerischen Adressen anzeigen  
| | Vollständige Routing-Tabelle mit numerischen Adressen anzeigen
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>ip route show</tt>  
| | <tt>ip route show</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Vollständige Routing-Tabelle mit numerischen Adressen anzeigen  
| | Vollständige Routing-Tabelle mit numerischen Adressen anzeigen
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>arp</tt>  
| | <tt>arp</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Aktuellen Inhalt der [https://de.wikipedia.org/wiki/Address_Resolution_Protocol ARP]-Cache-Tabellen anzeigen  
| | Aktuellen Inhalt der [https://de.wikipedia.org/wiki/Address_Resolution_Protocol ARP]-Cache-Tabellen anzeigen
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>ip neigh</tt>  
| | <tt>ip neigh</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Aktuellen Inhalt der [https://de.wikipedia.org/wiki/Address_Resolution_Protocol ARP]-Cache-Tabellen anzeigen  
| | Aktuellen Inhalt der [https://de.wikipedia.org/wiki/Address_Resolution_Protocol ARP]-Cache-Tabellen anzeigen
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>plog</tt>  
| | <tt>plog</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Logdaten des PPP-Daemons anzeigen  
| | Logdaten des PPP-Daemons anzeigen
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>ping yahoo.com</tt>  
| | <tt>ping yahoo.com</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Internet-Verbindung zu "<tt>yahoo.com</tt>" überprüfen  
| | Internet-Verbindung zu "<tt>yahoo.com</tt>" überprüfen
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>whois yahoo.com</tt>  
| | <tt>whois yahoo.com</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Überprüfen, wer "<tt>yahoo.com</tt>" in der Domain-Datenbank registriert hat  
| | Überprüfen, wer "<tt>yahoo.com</tt>" in der Domain-Datenbank registriert hat
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>traceroute yahoo.com</tt>  
| | <tt>traceroute yahoo.com</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Verbindung zu "<tt>yahoo.com</tt>" durch das Internet verfolgen  
| | Verbindung zu "<tt>yahoo.com</tt>" durch das Internet verfolgen
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>tracepath yahoo.com</tt>  
| | <tt>tracepath yahoo.com</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Verbindung zu "<tt>yahoo.com</tt>" durch das Internet verfolgen  
| | Verbindung zu "<tt>yahoo.com</tt>" durch das Internet verfolgen
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>mtr yahoo.com</tt>  
| | <tt>mtr yahoo.com</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Verbindung zu "<tt>yahoo.com</tt>" durch das Internet verfolgen (wiederholt)  
| | Verbindung zu "<tt>yahoo.com</tt>" durch das Internet verfolgen (wiederholt)
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>dig [@dns-server.com] example.com [{a|mx|any}]</tt>  
| | <tt>dig [@dns-server.com] example.com [{a|mx|any}]</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [https://de.wikipedia.org/wiki/Domain_Name_System DNS]-Einträge von "<tt>example.com</tt>" laut den Daten von "<tt>dns-server.com</tt>" auf einen "<tt>a</tt>"-, "<tt>mx</tt>"- oder "<tt>any</tt>"-Eintrag überprüfen  
| | [https://de.wikipedia.org/wiki/Domain_Name_System DNS]-Einträge von "<tt>example.com</tt>" laut den Daten von "<tt>dns-server.com</tt>" auf einen "<tt>a</tt>"-, "<tt>mx</tt>"- oder "<tt>any</tt>"-Eintrag überprüfen
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>iptables -L -n</tt>  
| | <tt>iptables -L -n</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Paketfilter überprüfen  
| | Paketfilter überprüfen
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>netstat -a</tt>  
| | <tt>netstat -a</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Alle offenen Ports finden  
| | Alle offenen Ports finden
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>netstat -l --inet</tt>  
| | <tt>netstat -l --inet</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Ports finden, die auf eine Verbindung warten  
| | Ports finden, die auf eine Verbindung warten
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>netstat -ln --tcp</tt>  
| | <tt>netstat -ln --tcp</tt>
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | TCP-Ports finden, die auf eine Verbindung warten (numerisch)  
| | TCP-Ports finden, die auf eine Verbindung warten (numerisch)
|-
|-
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | <tt>dlint example.com</tt>  
| | <tt>dlint example.com</tt>
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | DNS-Zonen-Informationen von "<tt>example.com</tt>" überprüfen  
| | DNS-Zonen-Informationen von "<tt>example.com</tt>" überprüfen
|-
|-
|}
|}


 
{| class="wikitable sortable options"
 
|-
{| style="border-spacing:0;width:14.46cm;"
| | [[Image:Bild9.png|top|alt="[Tipp]"]]
| | '''Tipp'''
|-
|-
| style="border:none;padding:0.049cm;" | [[Image:Bild9.png|top|alt="[Tipp]"]]
| align=center style="border:none;padding:0.049cm;" | '''Tipp'''
|- style="border:none;padding:0.049cm;"
|| Einige dieser Basisbefehle zur Netzwerkkonfiguration sind in "<tt>/sbin/</tt>" abgelegt. Sie müssen unter Umständen den vollständigen Pfad, wie z.B. "<tt>/sbin/ifconfig</tt>" angeben oder "<tt>/sbin</tt>" zur Variable "<tt>$PATH</tt>" in Ihrer "<tt>~/.bashrc</tt>"-Datei hinzufügen.
|| Einige dieser Basisbefehle zur Netzwerkkonfiguration sind in "<tt>/sbin/</tt>" abgelegt. Sie müssen unter Umständen den vollständigen Pfad, wie z.B. "<tt>/sbin/ifconfig</tt>" angeben oder "<tt>/sbin</tt>" zur Variable "<tt>$PATH</tt>" in Ihrer "<tt>~/.bashrc</tt>"-Datei hinzufügen.


|-
|-
|}
|}
== 5.5. Netzwerkoptimierung ==
== 5.5. Netzwerkoptimierung ==
Die grundsätzliche Netzwerkoptimierung liegt außerhalb des Rahmens dieser Dokumentation. Ich erwähne hier nur Dinge, die für Anwender-typische Verbindungen passend sind.
Die grundsätzliche Netzwerkoptimierung liegt außerhalb des Rahmens dieser Dokumentation. Ich erwähne hier nur Dinge, die für Anwender-typische Verbindungen passend sind.


'''Tabelle 5.5. Liste von Werkzeugen zur Netzwerkoptimierung'''  
'''Tabelle 5.5. Liste von Werkzeugen zur Netzwerkoptimierung'''


 
{| class="wikitable sortable options"
{| style="border-spacing:0;width:17cm;"
|-
|-
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Pakete  
! | Pakete
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Popcon  
! | Popcon
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Größe  
! | Größe
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Beschreibung  
! | Beschreibung
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/iftop iftop ]
| | [http://packages.debian.org/sid/iftop iftop ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=iftop V:7, I:112]  
| | [http://qa.debian.org/popcon-graph.php?packages=iftop V:7, I:112]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/i/iftop.html 97]  
| | [http://packages.qa.debian.org/i/iftop.html 97]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Informationen zur Bandbreitennutzung einer Netzwerkschnittstelle anzeigen  
| | Informationen zur Bandbreitennutzung einer Netzwerkschnittstelle anzeigen
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/iperf iperf ]
| | [http://packages.debian.org/sid/iperf iperf ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=iperf V:3, I:52]  
| | [http://qa.debian.org/popcon-graph.php?packages=iperf V:3, I:52]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/i/iperf.html 322]  
| | [http://packages.qa.debian.org/i/iperf.html 322]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Werkzeug zur IP-Bandbreiten-Messung  
| | Werkzeug zur IP-Bandbreiten-Messung
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/ifstat ifstat ]
| | [http://packages.debian.org/sid/ifstat ifstat ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=ifstat V:0, I:8]  
| | [http://qa.debian.org/popcon-graph.php?packages=ifstat V:0, I:8]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/i/ifstat.html 59]  
| | [http://packages.qa.debian.org/i/ifstat.html 59]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | InterFace STATistics Monitoring (Netzwerkschnittstellen-Statistik/-Überwachung)  
| | InterFace STATistics Monitoring (Netzwerkschnittstellen-Statistik/-Überwachung)
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/bmon bmon ]
| | [http://packages.debian.org/sid/bmon bmon ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=bmon V:1, I:17]  
| | [http://qa.debian.org/popcon-graph.php?packages=bmon V:1, I:17]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/b/bmon.html 146]  
| | [http://packages.qa.debian.org/b/bmon.html 146]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Portierbarer Bandbreitenmonitor und Geschwindigkeitsrechner  
| | Portierbarer Bandbreitenmonitor und Geschwindigkeitsrechner
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/ethstatus ethstatus ]
| | [http://packages.debian.org/sid/ethstatus ethstatus ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=ethstatus V:0, I:4]  
| | [http://qa.debian.org/popcon-graph.php?packages=ethstatus V:0, I:4]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/e/ethstatus.html 40]  
| | [http://packages.qa.debian.org/e/ethstatus.html 40]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Skript, das schnell den Durchsatz eines Netzwerkgerätes messen kann  
| | Skript, das schnell den Durchsatz eines Netzwerkgerätes messen kann
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/bing bing ]
| | [http://packages.debian.org/sid/bing bing ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=bing V:0, I:1]  
| | [http://qa.debian.org/popcon-graph.php?packages=bing V:0, I:1]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/b/bing.html 80]  
| | [http://packages.qa.debian.org/b/bing.html 80]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Empirisch stochastischer Bandbreitentester  
| | Empirisch stochastischer Bandbreitentester
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/bwm-ng bwm-ng ]
| | [http://packages.debian.org/sid/bwm-ng bwm-ng ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=bwm-ng V:1, I:17]  
| | [http://qa.debian.org/popcon-graph.php?packages=bwm-ng V:1, I:17]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/b/bwm-ng.html 90]  
| | [http://packages.qa.debian.org/b/bwm-ng.html 90]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Kleiner und einfacher konsolenbasierter Bandbreitenmonitor  
| | Kleiner und einfacher konsolenbasierter Bandbreitenmonitor
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/ethstats ethstats ]
| | [http://packages.debian.org/sid/ethstats ethstats ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=ethstats V:0, I:0]  
| | [http://qa.debian.org/popcon-graph.php?packages=ethstats V:0, I:0]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/e/ethstats.html 23]  
| | [http://packages.qa.debian.org/e/ethstats.html 23]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Konsolenbasierter Ethernet-Statistikmonitor  
| | Konsolenbasierter Ethernet-Statistikmonitor
|-
|-
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/ipfm ipfm ]
| | [http://packages.debian.org/sid/ipfm ipfm ]
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=ipfm V:0, I:0]  
| | [http://qa.debian.org/popcon-graph.php?packages=ipfm V:0, I:0]
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/i/ipfm.html 78]  
| | [http://packages.qa.debian.org/i/ipfm.html 78]
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Bandbreitenanalyse-Werkzeug  
| | Bandbreitenanalyse-Werkzeug
|-
|-
|}
|}
Zeile 604: Zeile 571:


=== 5.5.1. Die optimale MTU finden ===
=== 5.5.1. Die optimale MTU finden ===
NM setzt den optimalen Wert für die [https://de.wikipedia.org/wiki/Maximum_Transmission_Unit Maximum Transmission Unit (MTU)] normalerweise automatisch.
NM setzt den optimalen Wert für die [https://de.wikipedia.org/wiki/Maximum_Transmission_Unit Maximum Transmission Unit (MTU)] normalerweise automatisch.


Zeile 610: Zeile 576:


$ ping -4 -c 1 -s $((1500-28)) -M do www.debian.org
$ ping -4 -c 1 -s $((1500-28)) -M do www.debian.org
PING (149.20.4.15) 1472(1500) bytes of data.
PING (149.20.4.15) 1472(1500) bytes of data.
ping: local error: message too long, mtu=1460
ping: local error: message too long, mtu=1460


--- ping statistics ---
--- ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms


$ ping -4 -c 1 -s $((1460-28)) -M do www.debian.org
$ ping -4 -c 1 -s $((1460-28)) -M do www.debian.org
PING (130.89.148.77) 1432(1460) bytes of data.
PING (130.89.148.77) 1432(1460) bytes of data.
1440 bytes from klecker-misc.debian.org (130.89.148.77): icmp_seq=1 ttl=50 time=325 ms
1440 bytes from klecker-misc.debian.org (130.89.148.77): icmp_seq=1 ttl=50 time=325 ms


--- ping statistics ---
--- ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 325.318/325.318/325.318/0.000 ms
rtt min/avg/max/mdev = 325.318/325.318/325.318/0.000 ms
Zeile 633: Zeile 599:
Dies ist das [https://de.wikipedia.org/wiki/Path_MTU_Discovery Path MTU (PMTU) Discovery]-Verfahren ([http://tools.ietf.org/html/rfc1191 RFC1191]) und der Befehl <tt>tracepath</tt>(8) kann dies automatisieren.
Dies ist das [https://de.wikipedia.org/wiki/Path_MTU_Discovery Path MTU (PMTU) Discovery]-Verfahren ([http://tools.ietf.org/html/rfc1191 RFC1191]) und der Befehl <tt>tracepath</tt>(8) kann dies automatisieren.


'''Tabelle 5.6. Wesentliche Grundregeln für den optimalen MTU-Wert'''  
'''Tabelle 5.6. Wesentliche Grundregeln für den optimalen MTU-Wert'''


 
{| class="wikitable sortable options"
{| style="border-spacing:0;width:13.483cm;"
|-
|-
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Netzwerkumgebung  
! | Netzwerkumgebung
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | MTU  
! | MTU
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Argumentation  
! | Argumentation
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Einwahlverbindung (IP: PPP)  
| | Einwahlverbindung (IP: PPP)
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | 576  
| | 576
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Standard  
| | Standard
|-
|-
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Ethernet-Verbindung (IP: DHCP oder fest)  
| | Ethernet-Verbindung (IP: DHCP oder fest)
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | 1500  
| | 1500
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Standard und vorgegeben  
| | Standard und vorgegeben
|-
|-
|}
|}


Zusätzlich zu diesen Grundregeln sollten Sie folgendes wissen:* Jegliche Nutzung von Tunneling-Methoden ([https://de.wikipedia.org/wiki/Virtual_Private_Network VPN] usw.) kann aufgrund des Overheads den optimalen MTU-Wert reduzieren.
* Der MTU-Wert sollte den über die experimentelle Methode ermittelten PMTU-Wert nicht überschreiten.
* Ein größerer MTU-Wert ist grundsätzlich besser, wenn andere Einschränkungen greifen.


Zusätzlich zu diesen Grundregeln sollten Sie folgendes wissen:* Jegliche Nutzung von Tunneling-Methoden ([https://de.wikipedia.org/wiki/Virtual_Private_Network VPN] usw.) kann aufgrund des Overheads den optimalen MTU-Wert reduzieren.
Die [https://de.wikipedia.org/wiki/Maximum_Segment_Size Maximum Segment Size] (MSS) wird als alternative Messmethode für die Paketgröße verwendet. Der Zusammenhang zwischen MSS und MTU ist wie folgt:* MSS = "MTU - 40" bei IPv4
* Der MTU-Wert sollte den über die experimentelle Methode ermittelten PMTU-Wert nicht überschreiten.
* MSS = "MTU - 60" bei IPv6
* Ein größerer MTU-Wert ist grundsätzlich besser, wenn andere Einschränkungen greifen.


 
{| class="wikitable sortable options"
 
|-
Die [https://de.wikipedia.org/wiki/Maximum_Segment_Size Maximum Segment Size] (MSS) wird als alternative Messmethode für die Paketgröße verwendet. Der Zusammenhang zwischen MSS und MTU ist wie folgt:* MSS = "MTU - 40" bei IPv4
| | [[Image:Bild10.png|top|alt="[Anmerkung]"]]
* MSS = "MTU - 60" bei IPv6
| | '''Anmerkung'''
 
 
 
 
{| style="border-spacing:0;width:14.46cm;"
|-
|-
| style="border:none;padding:0.049cm;" | [[Image:Bild10.png|top|alt="[Anmerkung]"]]
| align=center style="border:none;padding:0.049cm;" | '''Anmerkung'''
|- style="border:none;padding:0.049cm;"
|| Bei Netzwerkoptimierung mittels <tt>iptables</tt>(8) (lesen Sie dazu auch [https://www.debian.org/doc/manuals/debian-reference/ch05.de.html#_netfilter_infrastructure Abschnitt 5.6, „Die Netfilter-Infrastruktur“]) kann die Paketgröße über die MSS begrenzt werden; dies ist für einen Router nützlich. Lesen Sie den Abschnitt bezüglich "TCPMSS" in <tt>iptables</tt>(8).
|| Bei Netzwerkoptimierung mittels <tt>iptables</tt>(8) (lesen Sie dazu auch [https://www.debian.org/doc/manuals/debian-reference/ch05.de.html#_netfilter_infrastructure Abschnitt 5.6, „Die Netfilter-Infrastruktur“]) kann die Paketgröße über die MSS begrenzt werden; dies ist für einen Router nützlich. Lesen Sie den Abschnitt bezüglich "TCPMSS" in <tt>iptables</tt>(8).


|-
|-
|}
|}
=== 5.5.2. WAN-TCP-Optimierung ===
=== 5.5.2. WAN-TCP-Optimierung ===
Der TCP-Durchsatz kann über die Anpassung von Parametern zur TCP-Puffergröße maximiert werden, wie es die Anleitungen "[http://dsd.lbl.gov/TCP-tuning/ TCP Tuning Guide]" und "[https://en.wikipedia.org/wiki/TCP_tuning TCP Tuning]" für modernes WAN mit hoher Bandbreite und hoher Latenz beschreiben. Das soll hierzu genügen; die aktuellen Debian-Standardeinstellungen funktionieren für mein LAN mit seiner Verbindung zum sehr schnellen 1G bps FFTP-Dienst sehr gut.


Der TCP-Durchsatz kann über die Anpassung von Parametern zur TCP-Puffergröße maximiert werden, wie es die Anleitungen "[http://dsd.lbl.gov/TCP-tuning/ TCP Tuning Guide]" und "[https://en.wikipedia.org/wiki/TCP_tuning TCP Tuning]" für modernes WAN mit hoher Bandbreite und hoher Latenz beschreiben. Das soll hierzu genügen; die aktuellen Debian-Standardeinstellungen funktionieren für mein LAN mit seiner Verbindung zum sehr schnellen 1G bps FFTP-Dienst sehr gut.


== 5.6. Die Netfilter-Infrastruktur ==
== 5.6. Die Netfilter-Infrastruktur ==
[https://de.wikipedia.org/wiki/Netfilter Netfilter] stellt eine Infrastruktur für [https://de.wikipedia.org/wiki/Stateful_Packet_Inspection Stateful Packet Inspection (SPI, zustandsorientierte Paketüberprüfung)] und [https://de.wikipedia.org/wiki/Network_Address_Translation Network Address Translation (NAT)] über Module des [https://de.wikipedia.org/wiki/Linux_(Kernel) Linux-Kernels] (lesen Sie hierzu [https://www.debian.org/doc/manuals/debian-reference/ch03.de.html#_the_kernel_module_initialization Abschnitt 3.8.1, „Die Kernel-Modul-Initialisierung“]) zur Verfügung.
[https://de.wikipedia.org/wiki/Netfilter Netfilter] stellt eine Infrastruktur für [https://de.wikipedia.org/wiki/Stateful_Packet_Inspection Stateful Packet Inspection (SPI, zustandsorientierte Paketüberprüfung)] und [https://de.wikipedia.org/wiki/Network_Address_Translation Network Address Translation (NAT)] über Module des [https://de.wikipedia.org/wiki/Linux_(Kernel) Linux-Kernels] (lesen Sie hierzu [https://www.debian.org/doc/manuals/debian-reference/ch03.de.html#_the_kernel_module_initialization Abschnitt 3.8.1, „Die Kernel-Modul-Initialisierung“]) zur Verfügung.


'''Tabelle 5.7. Liste von Firewall-Werkzeugen'''  
'''Tabelle 5.7. Liste von Firewall-Werkzeugen'''


 
{| class="wikitable sortable options"
{| style="border-spacing:0;width:17cm;"
|-
|-
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Pakete  
! | Pakete
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Popcon  
! | Popcon
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Größe  
! | Größe
! align=center style="border-top:0.6pt double #808080;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Beschreibung  
! | Beschreibung
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/iptables iptables ]
| | [http://packages.debian.org/sid/iptables iptables ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=iptables V:306, I:942]  
| | [http://qa.debian.org/popcon-graph.php?packages=iptables V:306, I:942]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/i/iptables.html 2521]  
| | [http://packages.qa.debian.org/i/iptables.html 2521]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Administrationswerkzeuge für [https://de.wikipedia.org/wiki/Netfilter netfilter] (<tt>iptables</tt>(8) für IPv4, <tt>ip6tables</tt>(8) für IPv6)  
| | Administrationswerkzeuge für [https://de.wikipedia.org/wiki/Netfilter netfilter] (<tt>iptables</tt>(8) für IPv4, <tt>ip6tables</tt>(8) für IPv6)
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/arptables arptables ]
| | [http://packages.debian.org/sid/arptables arptables ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=arptables V:0, I:2]  
| | [http://qa.debian.org/popcon-graph.php?packages=arptables V:0, I:2]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/a/arptables.html 96]  
| | [http://packages.qa.debian.org/a/arptables.html 96]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Administrationswerkzeuge für [https://de.wikipedia.org/wiki/Netfilter netfilter] (<tt>arptables</tt>(8) für ARP)  
| | Administrationswerkzeuge für [https://de.wikipedia.org/wiki/Netfilter netfilter] (<tt>arptables</tt>(8) für ARP)
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/ebtables ebtables ]
| | [http://packages.debian.org/sid/ebtables ebtables ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=ebtables V:14, I:33]  
| | [http://qa.debian.org/popcon-graph.php?packages=ebtables V:14, I:33]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/e/ebtables.html 265]  
| | [http://packages.qa.debian.org/e/ebtables.html 265]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Administrationswerkzeuge für [https://de.wikipedia.org/wiki/Netfilter netfilter] (<tt>ebtables</tt>(8) für Ethernet-Bridging-Betrieb)  
| | Administrationswerkzeuge für [https://de.wikipedia.org/wiki/Netfilter netfilter] (<tt>ebtables</tt>(8) für Ethernet-Bridging-Betrieb)
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/iptstate iptstate ]
| | [http://packages.debian.org/sid/iptstate iptstate ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=iptstate V:0, I:3]  
| | [http://qa.debian.org/popcon-graph.php?packages=iptstate V:0, I:3]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/i/iptstate.html 116]  
| | [http://packages.qa.debian.org/i/iptstate.html 116]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Fortlaufende Überwachung des [https://de.wikipedia.org/wiki/Netfilter netfilter]-Status (ähnlich zu <tt>top</tt>(1))  
| | Fortlaufende Überwachung des [https://de.wikipedia.org/wiki/Netfilter netfilter]-Status (ähnlich zu <tt>top</tt>(1))
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/shorewall-init shorewall-init ]
| | [http://packages.debian.org/sid/shorewall-init shorewall-init ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=shorewall-init V:0, I:0]  
| | [http://qa.debian.org/popcon-graph.php?packages=shorewall-init V:0, I:0]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/s/shorewall-init.html 68]  
| | [http://packages.qa.debian.org/s/shorewall-init.html 68]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Initialisierung der [https://de.wikipedia.org/wiki/Shorewall Shoreline Firewall]  
| | Initialisierung der [https://de.wikipedia.org/wiki/Shorewall Shoreline Firewall]
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/shorewall shorewall ]
| | [http://packages.debian.org/sid/shorewall shorewall ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=shorewall V:5, I:11]  
| | [http://qa.debian.org/popcon-graph.php?packages=shorewall V:5, I:11]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/s/shorewall.html 2458]  
| | [http://packages.qa.debian.org/s/shorewall.html 2458]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Erzeugung von [https://de.wikipedia.org/wiki/Netfilter netfilter]-Konfigurationsdateien für [https://de.wikipedia.org/wiki/Shorewall Shoreline Firewall]  
| | Erzeugung von [https://de.wikipedia.org/wiki/Netfilter netfilter]-Konfigurationsdateien für [https://de.wikipedia.org/wiki/Shorewall Shoreline Firewall]
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/shorewall-lite shorewall-lite ]
| | [http://packages.debian.org/sid/shorewall-lite shorewall-lite ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=shorewall-lite V:0, I:0]  
| | [http://qa.debian.org/popcon-graph.php?packages=shorewall-lite V:0, I:0]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/s/shorewall-lite.html 65]  
| | [http://packages.qa.debian.org/s/shorewall-lite.html 65]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Erzeugung von [https://de.wikipedia.org/wiki/Netfilter netfilter]-Konfigurationsdateien für [https://de.wikipedia.org/wiki/Shorewall Shoreline Firewall] (abgespeckte Version)  
| | Erzeugung von [https://de.wikipedia.org/wiki/Netfilter netfilter]-Konfigurationsdateien für [https://de.wikipedia.org/wiki/Shorewall Shoreline Firewall] (abgespeckte Version)
|-
|-
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/shorewall6 shorewall6 ]
| | [http://packages.debian.org/sid/shorewall6 shorewall6 ]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=shorewall6 V:1, I:2]  
| | [http://qa.debian.org/popcon-graph.php?packages=shorewall6 V:1, I:2]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/s/shorewall6.html 779]  
| | [http://packages.qa.debian.org/s/shorewall6.html 779]
| style="border-top:none;border-bottom:0.2pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Erzeugung von [https://de.wikipedia.org/wiki/Netfilter netfilter]-Konfigurationsdateien für [https://de.wikipedia.org/wiki/Shorewall Shoreline Firewall] (IPv6-Version)  
| | Erzeugung von [https://de.wikipedia.org/wiki/Netfilter netfilter]-Konfigurationsdateien für [https://de.wikipedia.org/wiki/Shorewall Shoreline Firewall] (IPv6-Version)
|-
|-
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.6pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.debian.org/sid/shorewall6-lite shorewall6-lite ]
| | [http://packages.debian.org/sid/shorewall6-lite shorewall6-lite ]
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://qa.debian.org/popcon-graph.php?packages=shorewall6-lite V:0, I:0]  
| | [http://qa.debian.org/popcon-graph.php?packages=shorewall6-lite V:0, I:0]
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | [http://packages.qa.debian.org/s/shorewall6-lite.html 64]  
| | [http://packages.qa.debian.org/s/shorewall6-lite.html 64]
| style="border-top:none;border-bottom:0.6pt double #808080;border-left:0.2pt double #808080;border-right:0.6pt double #808080;padding:0.049cm;" | Erzeugung von [https://de.wikipedia.org/wiki/Netfilter netfilter]-Konfigurationsdateien für [https://de.wikipedia.org/wiki/Shorewall Shoreline Firewall] (abgespeckte IPv6-Version)  
| | Erzeugung von [https://de.wikipedia.org/wiki/Netfilter netfilter]-Konfigurationsdateien für [https://de.wikipedia.org/wiki/Shorewall Shoreline Firewall] (abgespeckte IPv6-Version)
|-
|-
|}
|}


Das vorherrschende Nutzerprogramm für [https://de.wikipedia.org/wiki/Netfilter netfilter] ist <tt>iptables</tt>(8). Sie können [https://de.wikipedia.org/wiki/Netfilter netfilter] von Hand interaktiv über die Shell konfigurieren, seinen Status mit <tt>iptables-save</tt>(8) sichern und beim Systemstart über ein Init-Skript mittels <tt>iptables-restore</tt>(8) wiederherstellen.
Das vorherrschende Nutzerprogramm für [https://de.wikipedia.org/wiki/Netfilter netfilter] ist <tt>iptables</tt>(8). Sie können [https://de.wikipedia.org/wiki/Netfilter netfilter] von Hand interaktiv über die Shell konfigurieren, seinen Status mit <tt>iptables-save</tt>(8) sichern und beim Systemstart über ein Init-Skript mittels <tt>iptables-restore</tt>(8) wiederherstellen.
Zeile 745: Zeile 701:
Konfigurations-Hilfsskripte wie [https://de.wikipedia.org/wiki/Shorewall shorewall] vereinfachen diesen Prozess.
Konfigurations-Hilfsskripte wie [https://de.wikipedia.org/wiki/Shorewall shorewall] vereinfachen diesen Prozess.


Sie finden Dokumentation unter [http://www.netfilter.org/documentation/ http://www.netfilter.org/documentation/] oder in "<tt>/usr/share/doc/iptables/html/</tt>":* [http://www.netfilter.org/documentation/HOWTO/networking-concepts-HOWTO.html Linux Networking-Concepts HOWTO]  
Sie finden Dokumentation unter [http://www.netfilter.org/documentation/ http://www.netfilter.org/documentation/] oder in "<tt>/usr/share/doc/iptables/html/</tt>":* [http://www.netfilter.org/documentation/HOWTO/networking-concepts-HOWTO.html Linux Networking-Concepts HOWTO]
* [http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html Linux 2.4 Packet Filtering HOWTO]  
* [http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html Linux 2.4 Packet Filtering HOWTO]
* [http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO.html Linux 2.4 NAT HOWTO]  
* [http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO.html Linux 2.4 NAT HOWTO]


 
{| class="wikitable sortable options"
 
|-
 
| | [[Image:Bild11.png|top|alt="[Tipp]"]]
{| style="border-spacing:0;width:14.46cm;"
| | '''Tipp'''
|-
|-
| style="border:none;padding:0.049cm;" | [[Image:Bild11.png|top|alt="[Tipp]"]]
| align=center style="border:none;padding:0.049cm;" | '''Tipp'''
|- style="border:none;padding:0.049cm;"
|| Obwohl für Linux '''2.4''' geschrieben, sind sowohl der <tt>iptables</tt>(8)-Befehl wie auch die Netfilter-Kernel-Funktionalität für die Linux-Kernel-Serien '''2.6''' und '''3.x''' passend.
|| Obwohl für Linux '''2.4''' geschrieben, sind sowohl der <tt>iptables</tt>(8)-Befehl wie auch die Netfilter-Kernel-Funktionalität für die Linux-Kernel-Serien '''2.6''' und '''3.x''' passend.
|-
|-
|}
|}


Quelle: [https://www.debian.org/doc/manuals/debian-reference/ch05.de.html https://www.debian.org/doc/manuals/debian-reference/ch05.de.html]
Quelle: [https://www.debian.org/doc/manuals/debian-reference/ch05.de.html https://www.debian.org/doc/manuals/debian-reference/ch05.de.html]




= All About Debian /etc/network/interfaces File =
= All About Debian /etc/network/interfaces File =
3 years ago
3 years ago


Zeile 786: Zeile 735:


The following example shows how to setup a network card using DHCP:
The following example shows how to setup a network card using DHCP:


=== Setting up an interface with DHCP by editing the /etc/network/interfaces: ===
=== Setting up an interface with DHCP by editing the /etc/network/interfaces: ===
To add a new interface using DHCP, add the following lines:
To add a new interface using DHCP, add the following lines:


Zeile 798: Zeile 747:


Where '''<interface>''' you should set your device name, '''eth0''', '''enp2s0''', '''wlp3s0''', etc.
Where '''<interface>''' you should set your device name, '''eth0''', '''enp2s0''', '''wlp3s0''', etc.


=== Setting up an interface with static address by editing the /etc/network/interfaces: ===
=== Setting up an interface with static address by editing the /etc/network/interfaces: ===
If instead of configuring the interface with DHCP you want to set a static IP address and gateway replace the previous instructions with the following (replace '''192.168.0.8/24''' and '''192.168.0.1 '''with your correct IP addresses):auto <Interface>iface <Interface> inet staticaddress 192.168.0.1netmask 255.255.255.0gateway 192.168.0.1dns-nameservers 8.8.8.8
If instead of configuring the interface with DHCP you want to set a static IP address and gateway replace the previous instructions with the following (replace '''192.168.0.8/24''' and '''192.168.0.1 '''with your correct IP addresses):auto <Interface>iface <Interface> inet staticaddress 192.168.0.1netmask 255.255.255.0gateway 192.168.0.1dns-nameservers 8.8.8.8


Zeile 808: Zeile 757:


[[Image:Bild15.png|top]]
[[Image:Bild15.png|top]]


=== Setting up a network card with 2 interfaces: ===
=== Setting up a network card with 2 interfaces: ===
The following example below shows a static configuration for a network card with two interfaces:
The following example below shows a static configuration for a network card with two interfaces:


Zeile 816: Zeile 765:


[[Image:Bild16.png|top]]As you can see in this way you can assign multiple IP addresses to a single network interface.
[[Image:Bild16.png|top]]As you can see in this way you can assign multiple IP addresses to a single network interface.


=== Configure network bonding by editing the /etc/network/interfaces: ===
=== Configure network bonding by editing the /etc/network/interfaces: ===
The following example shows my previous bonding mode 1 configuration within the /etc/network/interfaces file, I will leave interfaces with their names for easier understanding:
The following example shows my previous bonding mode 1 configuration within the /etc/network/interfaces file, I will leave interfaces with their names for easier understanding:


Zeile 832: Zeile 781:


Source of examples: [https://linuxhint.com/linux_network_bonding/ How to do Linux Network Bonding]
Source of examples: [https://linuxhint.com/linux_network_bonding/ How to do Linux Network Bonding]


=== Enable logging for the file /etc/network/interfaces: ===
=== Enable logging for the file /etc/network/interfaces: ===
There are 3 options related to the logging:
There are 3 options related to the logging:


Zeile 853: Zeile 802:
Will run the firewall before the network interface gets enabled, if iptables fails to start the network interface wont turn on.
Will run the firewall before the network interface gets enabled, if iptables fails to start the network interface wont turn on.


Quelle: https://linuxhint.com/debian_etc_network_interfaces/


Quelle: https://linuxhint.com/debian_etc_network_interfaces/


= 3 ways to configure the network =
= 3 ways to configure the network =
 
* The interfaces configuration file at /etc/network/interfaces (this page): for basic or simple configurations (e.g. workstation)
* The interfaces configuration file at /etc/network/interfaces (this page): for basic or simple configurations (e.g. workstation)  
* [https://wiki.debian.org/NetworkManager NetworkManager]: This is the default for Laptop configuration
* [https://wiki.debian.org/NetworkManager NetworkManager]: This is the default for Laptop configuration  
* Systemd: [https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_modern_network_configuration_without_gui Debian reference Doc Chapter 5]
* Systemd: [https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_modern_network_configuration_without_gui Debian reference Doc Chapter 5]  
 




= Setting up an Ethernet Interface =
= Setting up an Ethernet Interface =
The majority of network setup can be done via the <tt>'''interfaces'''</tt> configuration file at <tt>'''/etc/network/interfaces'''</tt>. Here, you can give your network card an IP address (or use dhcp), set up routing information, configure IP masquerading, set default routes and much more.


The majority of network setup can be done via the <tt>'''interfaces'''</tt> configuration file at <tt>'''/etc/network/interfaces'''</tt>. Here, you can give your network card an IP address (or use dhcp), set up routing information, configure IP masquerading, set default routes and much more.  
Remember to add interfaces that you want brought up at boot time to the 'auto' line.


Remember to add interfaces that you want brought up at boot time to the 'auto' line.  
See <tt>'''man&nbsp;interfaces'''</tt> for more options.


See <tt>'''man&nbsp;interfaces'''</tt> for more options.


== Starting and Stopping Interfaces ==
== Starting and Stopping Interfaces ==
Interfaces configured with <tt>/etc/network/interfaces</tt> can be brought up and down with the [https://manpages.debian.org/man/ifup ifup] and [https://manpages.debian.org/man/ifdown ifdown] commands.


Interfaces configured with <tt>/etc/network/interfaces</tt> can be brought up and down with the [https://manpages.debian.org/man/ifup ifup] and [https://manpages.debian.org/man/ifdown ifdown] commands.
Some outdated guides instruct to restart the networking service to apply changes to <tt>/etc/network/interfaces</tt>, however this was deprecated because it is possible that not all interfaces will be restarted. Instead use <tt>ifup</tt> and <tt>ifdown</tt> to apply changes to each interface, for example with an interface named enp7s0:
 
Some outdated guides instruct to restart the networking service to apply changes to <tt>/etc/network/interfaces</tt>, however this was deprecated because it is possible that not all interfaces will be restarted. Instead use <tt>ifup</tt> and <tt>ifdown</tt> to apply changes to each interface, for example with an interface named enp7s0:  


<nowiki># ifdown enp7s0</nowiki>
<nowiki># ifdown enp7s0</nowiki>
<nowiki># ifup enp7s0</nowiki>
<nowiki># ifup enp7s0</nowiki>


== Reinitialize new network setup ==
== Reinitialize new network setup ==
 
If you make more fundamental network changes e.g. adding new virtual interfaces (e.g. bridge) in <tt>/etc/network/interfaces</tt> you can reinitialize the network-configuration be restarting the <tt>networking</tt> daemon:
If you make more fundamental network changes e.g. adding new virtual interfaces (e.g. bridge) in <tt>/etc/network/interfaces</tt> you can reinitialize the network-configuration be restarting the <tt>networking</tt> daemon:  


<nowiki># systemctl status networking</nowiki>
<nowiki># systemctl status networking</nowiki>
<nowiki># systemctl restart networking</nowiki>
<nowiki># systemctl restart networking</nowiki>


== Network Interface Names ==
== Network Interface Names ==
See [https://wiki.debian.org/NetworkInterfaceNames NetworkInterfaceNames]. Since Stretch, new systems by default no longer use old-style interface names such as eth0, eth1, wlan0, wlan1. The new system uses names based on hardware location, like eno0, enp0s31f6, wlp1s7 (or in the case of USB dongles, MAC address: enx2c56ac39ec0d).


See [https://wiki.debian.org/NetworkInterfaceNames NetworkInterfaceNames]. Since Stretch, new systems by default no longer use old-style interface names such as eth0, eth1, wlan0, wlan1. The new system uses names based on hardware location, like eno0, enp0s31f6, wlp1s7 (or in the case of USB dongles, MAC address: enx2c56ac39ec0d).
You can list interfaces with: <tt>ls&nbsp;/sys/class/net</tt>


You can list interfaces with: <tt>ls&nbsp;/sys/class/net</tt>
Various examples below continue to use "eth0" as a default interface name, even though it is unlikely to exist on a modern system.


Various examples below continue to use "eth0" as a default interface name, even though it is unlikely to exist on a modern system.


=== Upgrading and Network Interface Names ===
=== Upgrading and Network Interface Names ===
Stretch and Buster still retain support for the old naming system as long as the file <tt>/etc/udev/rules.d/70-local-persistent-net.rules</tt> is still in place, but users are advised to switch ahead of the upgrade to Bullseye.


Stretch and Buster still retain support for the old naming system as long as the file <tt>/etc/udev/rules.d/70-local-persistent-net.rules</tt> is still in place, but users are advised to switch ahead of the upgrade to Bullseye.


== Using DHCP to automatically configure the interface ==
== Using DHCP to automatically configure the interface ==
If you're just using DHCP then all you need is something like:


If you're just using DHCP then all you need is something like:
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp


    auto eth0
For DHCPv6 (used for IPv6), '''append''' also the following <tt>iface</tt> stanza
    allow-hotplug eth0
    iface eth0 inet dhcp


For DHCPv6 (used for IPv6), '''append''' also the following <tt>iface</tt> stanza
iface eth0 inet6 dhcp


    iface eth0 inet6 dhcp
Alternatively, IPv6 can be autoconfigured using ''stateless address autoconfiguration,'' or SLAAC, which is specified using <tt>auto</tt> instead of <tt>dhcp</tt> in the <tt>inet6</tt> stanza:


Alternatively, IPv6 can be autoconfigured using ''stateless address autoconfiguration,'' or SLAAC, which is specified using <tt>auto</tt> instead of <tt>dhcp</tt> in the <tt>inet6</tt> stanza:
iface eth0 inet6 auto


    iface eth0 inet6 auto
Also see [https://wiki.debian.org/IPv6PrefixDelegation IPv6PrefixDelegation].


Also see [https://wiki.debian.org/IPv6PrefixDelegation IPv6PrefixDelegation].


== Configuring the interface manually ==
== Configuring the interface manually ==
If you're configuring it manually then something like this will set the default gateway (network, broadcast and gateway are optional):


If you're configuring it manually then something like this will set the default gateway (network, broadcast and gateway are optional):
auto eth0
iface eth0 inet static
address 192.0.2.7/24
gateway 192.0.2.254


    auto eth0
If you want to add an IPv6 address, too, '''append''' something like:
    iface eth0 inet static
        address 192.0.2.7/24
        gateway 192.0.2.254


If you want to add an IPv6 address, too, '''append''' something like:  
iface eth0 inet6 static
address 2001:db8::c0ca:1eaf/64
gateway 2001:db8::1ead:ed:beef


    iface eth0 inet6 static
See <tt>'''man&nbsp;interfaces'''</tt> for more options.
        address 2001:db8::c0ca:1eaf/64
        gateway 2001:db8::1ead:ed:beef


See <tt>'''man&nbsp;interfaces'''</tt> for more options.  
Make sure to disable all DHCP services, e.g. <tt>dhcpcd</tt>.


Make sure to disable all DHCP services, e.g. <tt>dhcpcd</tt>.
Mixing manual and automatic configuration is also possible, e.g. to use IPv6 SLAAC for internet connectivity and static addresses within the network:
 
Mixing manual and automatic configuration is also possible, e.g. to use IPv6 SLAAC for internet connectivity and static addresses within the network:  


<nowiki># manual unique local address</nowiki>
<nowiki># manual unique local address</nowiki>
iface eth0 inet6 static
iface eth0 inet6 static
        address fdc3:cafe::3/64
address fdc3:cafe::3/64
        <nowiki># use SLAAC to get global IPv6 address from the router</nowiki>
<nowiki># use SLAAC to get global IPv6 address from the router</nowiki>
        <nowiki># we may not enable ipv6 forwarding, otherwise SLAAC gets disabled</nowiki>
<nowiki># we may not enable ipv6 forwarding, otherwise SLAAC gets disabled</nowiki>
        autoconf 1
autoconf 1
        accept_ra 2
accept_ra 2
 


== Setting the speed and duplex ==
== Setting the speed and duplex ==
Autonegotiation repeatedly failing is often a symptom of faulty cabling, so investigate physical matters before assuming that the interfaces' autonegotiation algorithms are incompatible. If you turn off autonegotiation and set speed and duplex manually then the partner interface at the other end of the cable will assume that the absence of autonegotiation indicates a speed of 10Mbps and a duplex of half. For error-free operation if you set speed and duplex manually you must ensure that exactly the same speed and duplex are configured on the partner interface.


Autonegotiation repeatedly failing is often a symptom of faulty cabling, so investigate physical matters before assuming that the interfaces' autonegotiation algorithms are incompatible. If you turn off autonegotiation and set speed and duplex manually then the partner interface at the other end of the cable will assume that the absence of autonegotiation indicates a speed of 10Mbps and a duplex of half. For error-free operation if you set speed and duplex manually you must ensure that exactly the same speed and duplex are configured on the partner interface.
If you set your interface's speed and duplex by hand, then some trial and error may be required. Here are the basic steps: * Install the [https://packages.debian.org/ethtool ethtool] and [https://packages.debian.org/net-tools net-tools] packages, so that you have the <tt>ethtool</tt> and <tt>mii-tool</tt> programs. One or both of these might work for your interface.
 
* Make sure you have a way to login to the system in case the network interface becomes nonfunctional. An [https://wiki.debian.org/SSH SSH] connection could be disrupted, so you should have a fallback strategy.
If you set your interface's speed and duplex by hand, then some trial and error may be required. Here are the basic steps: * Install the [https://packages.debian.org/ethtool ethtool] and [https://packages.debian.org/net-tools net-tools] packages, so that you have the <tt>ethtool</tt> and <tt>mii-tool</tt> programs. One or both of these might work for your interface.  
* Identify the interface in question (it will often be eth0). Adjust the remainder of these instructions accordingly.
* Make sure you have a way to login to the system in case the network interface becomes nonfunctional. An [https://wiki.debian.org/SSH SSH] connection could be disrupted, so you should have a fallback strategy.  
* Try to determine what its current speed and duplex settings are. This is where it gets fun:
* Identify the interface in question (it will often be eth0). Adjust the remainder of these instructions accordingly.  
** As root, try <tt>ethtool&nbsp;eth0</tt> first, and see whether the "Speed:" and "Duplex:" lines look valid. If not, the <tt>ethtool</tt> may not be supported by your device.
* Try to determine what its current speed and duplex settings are. This is where it gets fun:  
** As root, try <tt>mii-tool&nbsp;-v&nbsp;eth0</tt> and see whether its output looks correct. If not, them <tt>mii-tool</tt> may not be supported by your device.
** As root, try <tt>ethtool&nbsp;eth0</tt> first, and see whether the "Speed:" and "Duplex:" lines look valid. If not, the <tt>ethtool</tt> may not be supported by your device.  
** If neither one is supported, you may have to set parameters directly on the kernel driver module. Identify which driver module you're using by reading the output of <tt>dmesg</tt> and <tt>lsmod</tt>. You can then try <tt>modinfo&nbsp;MODULENAME</tt> to see what parameters it accepts, if any. (You can use <tt>modinfo</tt> even on modules that are not loaded, for comparison.) [https://wiki.debian.org/ToDo ToDo]: where does one set kernel module parameters?''
** As root, try <tt>mii-tool&nbsp;-v&nbsp;eth0</tt> and see whether its output looks correct. If not, them <tt>mii-tool</tt> may not be supported by your device.  
* Next, try to change the settings of the interface while it's operating. You'll need to be root, of course. Either:
** If neither one is supported, you may have to set parameters directly on the kernel driver module. Identify which driver module you're using by reading the output of <tt>dmesg</tt> and <tt>lsmod</tt>. You can then try <tt>modinfo&nbsp;MODULENAME</tt> to see what parameters it accepts, if any. (You can use <tt>modinfo</tt> even on modules that are not loaded, for comparison.) [https://wiki.debian.org/ToDo ToDo]: where does one set kernel module parameters?''  
** <tt>ethtool&nbsp;-s&nbsp;eth0&nbsp;speed&nbsp;100&nbsp;duplex&nbsp;full&nbsp;autoneg&nbsp;off</tt> (assuming 100 Mbps and full duplex)
* Next, try to change the settings of the interface while it's operating. You'll need to be root, of course. Either:  
** <tt>mii-tool&nbsp;-F&nbsp;100baseTx-FD&nbsp;eth0</tt> (same assumption)
** <tt>ethtool&nbsp;-s&nbsp;eth0&nbsp;speed&nbsp;100&nbsp;duplex&nbsp;full&nbsp;autoneg&nbsp;off</tt> (assuming 100 Mbps and full duplex)  
** <tt>mii-tool&nbsp;-F&nbsp;100baseTx-FD&nbsp;eth0</tt> (same assumption)  
 
In each case, re-check to see whether the interface settings actually changed, and then try sending some data in and out of the system to see whether the NIC is operating correctly.
* If one of these commands successfully set your NIC, then you can put it into <tt>/etc/network/interfaces</tt> so it runs when you bring the interface up (e.g. at boot time). However, before you do that, you should understand that some drivers and devices behave differently than others. When the driver module is loaded, the NIC may begin autonegotiation without any way to stop it (particularly with drivers that do not accept parameters). The settings from <tt>interfaces</tt> are applied at some point after that, which may be right in the middle of the negotiation. So, some people find it necessary to delay the <tt>ethtool</tt> or <tt>mii-tool</tt> command by a few seconds. Thus: <br/> iface eth0 inet static<br/>        address .../...<br/>        gateway ...<br/>        up sleep 5; ethtool -s eth0 ...<br/>Or the analogous <tt>mii-tool</tt> command.
* Reboot the machine to make sure it comes up correctly, and be prepared to intervene manually (e.g. Ctrl-Alt-Del and then boot into single-user mode from GRUB or LILO) if things don't work.
 
 


In each case, re-check to see whether the interface settings actually changed, and then try sending some data in and out of the system to see whether the NIC is operating correctly.
* If one of these commands successfully set your NIC, then you can put it into <tt>/etc/network/interfaces</tt> so it runs when you bring the interface up (e.g. at boot time). However, before you do that, you should understand that some drivers and devices behave differently than others. When the driver module is loaded, the NIC may begin autonegotiation without any way to stop it (particularly with drivers that do not accept parameters). The settings from <tt>interfaces</tt> are applied at some point after that, which may be right in the middle of the negotiation. So, some people find it necessary to delay the <tt>ethtool</tt> or <tt>mii-tool</tt> command by a few seconds. Thus: <br/> iface eth0 inet static<br/> address .../...<br/> gateway ...<br/> up sleep 5; ethtool -s eth0 ...<br/>Or the analogous <tt>mii-tool</tt> command.
* Reboot the machine to make sure it comes up correctly, and be prepared to intervene manually (e.g. Ctrl-Alt-Del and then boot into single-user mode from GRUB or LILO) if things don't work.




== Bringing up an interface without an IP address ==
== Bringing up an interface without an IP address ==
To create a network interface without an IP address at all use the manual method and use pre-up and post-down commands to bring the interface up and down.


To create a network interface without an IP address at all use the manual method and use pre-up and post-down commands to bring the interface up and down.
iface eth0 inet manual
pre-up ifconfig $IFACE up
post-down ifconfig $IFACE down


  iface eth0 inet manual
If the interface is a VLAN interface, the up/down commands must be executed after/before the vlan hooks. (You also have to install the [https://packages.debian.org/vlan vlan] package.)
      pre-up ifconfig $IFACE up
      post-down ifconfig $IFACE down


If the interface is a VLAN interface, the up/down commands must be executed after/before the vlan hooks. (You also have to install the [https://packages.debian.org/vlan vlan] package.)
iface eth0.99 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down


  iface eth0.99 inet manual
Note: If you create the VLAN interface only to put it into a bridge, there is no need to define the VLAN interface manually. Just configure the bridge, and the VLAN interface will be created automatically when creating the bridge (see below).
      post-up ifconfig $IFACE up
      pre-down ifconfig $IFACE down


Note: If you create the VLAN interface only to put it into a bridge, there is no need to define the VLAN interface manually. Just configure the bridge, and the VLAN interface will be created automatically when creating the bridge (see below).


= Defining the (DNS) Nameservers =
= Defining the (DNS) Nameservers =
Before a computer can connect to an external network resource (say, for example, a web server), it must have a means of converting any alpha-numeric names (e.g. wiki.debian.org) into numeric network addresses (e.g. 140.211.166.4). (The Internet uses these structured numeric IP addresses as network addresses.)


Before a computer can connect to an external network resource (say, for example, a web server), it must have a means of converting any alpha-numeric names (e.g. wiki.debian.org) into numeric network addresses (e.g. 140.211.166.4). (The Internet uses these structured numeric IP addresses as network addresses.)
The C library and other resolver libraries look to <tt>/etc/resolv.conf</tt> for a list of nameservers. In the simplest case, that is the file to edit to set the list of name servers. But note that various other programs for dynamic configuration will be happy to overwrite your settings: # The <tt>'''resolvconf'''</tt> program
 
# The <tt>'''network-manager'''</tt> daemon
The C library and other resolver libraries look to <tt>/etc/resolv.conf</tt> for a list of nameservers. In the simplest case, that is the file to edit to set the list of name servers. But note that various other programs for dynamic configuration will be happy to overwrite your settings: # The <tt>'''resolvconf'''</tt> program  
# DHCP clients
# The <tt>'''network-manager'''</tt> daemon  
# DHCP clients  
 


In most situations, the file to edit is the configuration file for such a program.


In most situations, the file to edit is the configuration file for such a program.  
In the most complex situations, using <tt>'''resolvconf'''</tt> really is the way to go, though in more simple configurations it is probably overkill.


In the most complex situations, using <tt>'''resolvconf'''</tt> really is the way to go, though in more simple configurations it is probably overkill.


== The resolv.conf configuration file ==
== The resolv.conf configuration file ==
The configuration file <tt>'''resolv.conf'''</tt> at <tt>/etc/resolv.conf</tt> contains information that allows a computer connected to a network to resolve names into addresses. (Note: Do not confuse this ''configuration file'' with the ''program'' <tt>'''resolvconf'''</tt>, which unfortunately has a nearly identical name.)


The configuration file <tt>'''resolv.conf'''</tt> at <tt>/etc/resolv.conf</tt> contains information that allows a computer connected to a network to resolve names into addresses. (Note: Do not confuse this ''configuration file'' with the ''program'' <tt>'''resolvconf'''</tt>, which unfortunately has a nearly identical name.)
The <tt>'''resolv.conf'''</tt> file typically contains the IP addresses of nameservers (DNS name resolvers) that will attempt to translate names into addresses for any node available on the network. There will be a line or lines that look like this:
 
The <tt>'''resolv.conf'''</tt> file typically contains the IP addresses of nameservers (DNS name resolvers) that will attempt to translate names into addresses for any node available on the network. There will be a line or lines that look like this:  


nameserver 12.34.56.78
nameserver 12.34.56.78
nameserver 12.34.56.79
nameserver 12.34.56.79


In this example, the system is using nameservers at the IP addresses <tt>12.34.56.78</tt> and <tt>12.34.56.79</tt>. Simply edit the file and enter the IP addresses of the nameservers you need to use after each <tt>nameserver</tt>. Add more <tt>nameserver</tt> lines if you have more nameservers. '''Don't use this method if you have the '''<tt>resolvconf</tt>''' program installed.'''  
In this example, the system is using nameservers at the IP addresses <tt>12.34.56.78</tt> and <tt>12.34.56.79</tt>. Simply edit the file and enter the IP addresses of the nameservers you need to use after each <tt>nameserver</tt>. Add more <tt>nameserver</tt> lines if you have more nameservers. '''Don't use this method if you have the '''<tt>resolvconf</tt>''' program installed.'''
 
The <tt>'''resolv.conf'''</tt> configuration file has many other options for defining how resolver looks up names. See <tt>'''man&nbsp;resolv.conf'''</tt> for details.


The <tt>'''resolv.conf'''</tt> configuration file has many other options for defining how resolver looks up names. See <tt>'''man&nbsp;resolv.conf'''</tt> for details.


== The resolvconf program ==
== The resolvconf program ==
The <tt>'''resolvconf'''</tt> program keeps track of system information about the currently available nameservers. It should not be confused with the ''configuration file'' <tt>'''resolv.conf'''</tt>, which unfortunately has a nearly identical name. The <tt>'''resolvconf'''</tt> program is optional on a Debian system.


The <tt>'''resolvconf'''</tt> program keeps track of system information about the currently available nameservers. It should not be confused with the ''configuration file'' <tt>'''resolv.conf'''</tt>, which unfortunately has a nearly identical name. The <tt>'''resolvconf'''</tt> program is optional on a Debian system.  
The configuration file <tt>'''resolv.conf'''</tt> contains information about the nameservers to be used by the system. However, when multiple programs need to dynamically modify the <tt>'''resolv.conf'''</tt> configuration file they can step on each other and the file can become out-of-sync. The <tt>'''resolvconf'''</tt> program addresses this problem. It acts as an intermediary between programs that supply nameserver information (e.g. dhcp clients) and programs that use nameserver information (e.g. resolver).


The configuration file <tt>'''resolv.conf'''</tt> contains information about the nameservers to be used by the system. However, when multiple programs need to dynamically modify the <tt>'''resolv.conf'''</tt> configuration file they can step on each other and the file can become out-of-sync. The <tt>'''resolvconf'''</tt> program addresses this problem. It acts as an intermediary between programs that supply nameserver information (e.g. dhcp clients) and programs that use nameserver information (e.g. resolver).  
When <tt>'''resolvconf'''</tt> is properly installed, the <tt>'''resolv.conf'''</tt> configuration file at <tt>/etc/resolv.conf</tt> is replaced by a symbolic link to <tt>/etc/resolvconf/run/resolv.conf</tt> and the resolver instead uses the configuration file that is dynamically generated by <tt>'''resolvconf'''</tt> at <tt>/etc/resolvconf/run/resolv.conf</tt>.


When <tt>'''resolvconf'''</tt> is properly installed, the <tt>'''resolv.conf'''</tt> configuration file at <tt>/etc/resolv.conf</tt> is replaced by a symbolic link to <tt>/etc/resolvconf/run/resolv.conf</tt> and the resolver instead uses the configuration file that is dynamically generated by <tt>'''resolvconf'''</tt> at <tt>/etc/resolvconf/run/resolv.conf</tt>.  
The <tt>'''resolvconf'''</tt> program is generally only necessary when a system has multiple programs that need to dynamically modify the nameserver information. In a simple system where the nameservers do not change often or are only changed by one program, the <tt>'''resolv.conf'''</tt> configuration file is adequate.


The <tt>'''resolvconf'''</tt> program is generally only necessary when a system has multiple programs that need to dynamically modify the nameserver information. In a simple system where the nameservers do not change often or are only changed by one program, the <tt>'''resolv.conf'''</tt> configuration file is adequate.
If the <tt>'''resolvconf'''</tt> program is installed, you should not edit the <tt>'''resolv.conf'''</tt> configuration file manually as it will be dynamically changed by programs in the system. If you need to manually define the nameservers (as with a static interface), add a line something like the following to the <tt>'''interfaces'''</tt> configuration file at <tt>/etc/network/interfaces</tt>:


If the <tt>'''resolvconf'''</tt> program is installed, you should not edit the <tt>'''resolv.conf'''</tt> configuration file manually as it will be dynamically changed by programs in the system. If you need to manually define the nameservers (as with a static interface), add a line something like the following to the <tt>'''interfaces'''</tt> configuration file at <tt>/etc/network/interfaces</tt>:
dns-nameservers 12.34.56.78 12.34.56.79


dns-nameservers 12.34.56.78 12.34.56.79
Place the line indented within an <tt>iface</tt> stanza, e.g., right after the <tt>gateway</tt> line. Enter the IP addresses of the nameservers you need to use after <tt>dns-nameservers</tt>. Put all of them on one line separated by spaces. Don't forget the "<tt>s</tt>" on the end of <tt>dns-nameservers</tt>.


Place the line indented within an <tt>iface</tt> stanza, e.g., right after the <tt>gateway</tt> line. Enter the IP addresses of the nameservers you need to use after <tt>dns-nameservers</tt>. Put all of them on one line separated by spaces. Don't forget the "<tt>s</tt>" on the end of <tt>dns-nameservers</tt>.  
The <tt>'''resolvconf'''</tt> program is a fairly new addition to Debian and many older programs need to be updated or reconfigured to work properly with it. If you have problems, see <tt>/usr/share/doc/resolvconf/README</tt>. It has lots of information on making other programs get along with <tt>'''resolvconf'''</tt>.


The <tt>'''resolvconf'''</tt> program is a fairly new addition to Debian and many older programs need to be updated or reconfigured to work properly with it. If you have problems, see <tt>/usr/share/doc/resolvconf/README</tt>. It has lots of information on making other programs get along with <tt>'''resolvconf'''</tt>.


== DNS configuration for NetworkManager ==
== DNS configuration for NetworkManager ==
[https://wiki.debian.org/NetworkManager NetworkManager] will override dhcp settings, overwriting resolv.conf even if you've configured DNS in /etc/dhcp/dhclient.conf, e.g. causing DNS to first search the local domain, which may have to time out before DNS resolution continues causing lengthy DNS resolution times. You can get an idea of what [https://wiki.debian.org/NetworkManager NetworkManager] thinks the settings should be by executing nm-tool at the command line.


[https://wiki.debian.org/NetworkManager NetworkManager] will override dhcp settings, overwriting resolv.conf even if you've configured DNS in /etc/dhcp/dhclient.conf, e.g. causing DNS to first search the local domain, which may have to time out before DNS resolution continues causing lengthy DNS resolution times. You can get an idea of what [https://wiki.debian.org/NetworkManager NetworkManager] thinks the settings should be by executing nm-tool at the command line.
You may configure these settings using a GUI by launching nm-connection-editor which currently (13.11.23) isn't to be found in System Tools → Administration menu, rather it must be launched by hand from the command line. After launching: # Choose a connection (from the Wired or Wireless tab) and click Edit.
 
# Click on the IPv4 Settings tab
You may configure these settings using a GUI by launching nm-connection-editor which currently (13.11.23) isn't to be found in System Tools → Administration menu, rather it must be launched by hand from the command line. After launching: # Choose a connection (from the Wired or Wireless tab) and click Edit.  
# Choose 'Automatic (DHCP) addresses only' instead of just 'Automatic (DHCP)'.
# Click on the IPv4 Settings tab  
# Enter the DNS servers in the “DNS servers” field, separated by spaces (e.g. 208.67.222.222 for OpenDNS).
# Choose 'Automatic (DHCP) addresses only' instead of just 'Automatic (DHCP)'.  
# Click “Apply.”
# Enter the DNS servers in the “DNS servers” field, separated by spaces (e.g. 208.67.222.222 for OpenDNS).  
# Click “Apply.”  


 
[https://wiki.debian.org/NetworkManager NetworkManager] saves these settings in <tt>/etc/NetworkManager/system-connections/name-of-connection</tt>. Example <tt>/etc/NetworkManager/system-connections/Wired&nbsp;connection&nbsp;1</tt> :
 
[https://wiki.debian.org/NetworkManager NetworkManager] saves these settings in <tt>/etc/NetworkManager/system-connections/name-of-connection</tt>. Example <tt>/etc/NetworkManager/system-connections/Wired&nbsp;connection&nbsp;1</tt> :  


[802-3-ethernet]
[802-3-ethernet]
Zeile 1.063: Zeile 1.001:
ignore-auto-dns=true
ignore-auto-dns=true


Running nm-tool again should show that [https://wiki.debian.org/NetworkManager NetworkManager] now has the right idea of how your DNS should be resolved.  
Running nm-tool again should show that [https://wiki.debian.org/NetworkManager NetworkManager] now has the right idea of how your DNS should be resolved.
 


== DHCP Client Configuration ==
== DHCP Client Configuration ==


=== Setting additional DNS Servers ===
=== Setting additional DNS Servers ===
 
Example: dhclient3 uses <tt>/etc/dhcp/dhclient.conf</tt>. The setting you want is
Example: dhclient3 uses <tt>/etc/dhcp/dhclient.conf</tt>. The setting you want is  


supersede domain-name-servers 12.34.56.78, 12.34.56.79;
supersede domain-name-servers 12.34.56.78, 12.34.56.79;


or perhaps  
or perhaps


prepend domain-name-servers 12.34.56.78, 12.34.56.79;
prepend domain-name-servers 12.34.56.78, 12.34.56.79;


=== Setting additional search domains ===
=== Setting additional search domains ===
adding search domains for VPNs or local virtual networks:


adding search domains for VPNs or local virtual networks:
append domain-name " virt vpn";


append domain-name " virt vpn";
Note the leading space since the string is literally appended to the search domain provided by other configurations.


Note the leading space since the string is literally appended to the search domain provided by other configurations.  
See the dhclient.conf(5) manual page for details.


See the dhclient.conf(5) manual page for details.


= Bridging =
= Bridging =
Bridging puts multiple interfaces into the same network segment. This is very popular when connecting a server to multiple switches for high availability or with virtualization. In the latter case it is usually used to create a bridge in the host (eg. dom0) and put the virtual interfaces of the guests (domU) into the bridge. * The [https://packages.debian.org/bridge-utils bridge-utils] package is required to create bridged interfaces.


Bridging puts multiple interfaces into the same network segment. This is very popular when connecting a server to multiple switches for high availability or with virtualization. In the latter case it is usually used to create a bridge in the host (eg. dom0) and put the virtual interfaces of the guests (domU) into the bridge. * The [https://packages.debian.org/bridge-utils bridge-utils] package is required to create bridged interfaces.
Example: Connect a server to 2 switches (via eth0 and eth1) by defining bridge 0 and give the server an IP address in this subnet:
 
 
 
Example: Connect a server to 2 switches (via eth0 and eth1) by defining bridge 0 and give the server an IP address in this subnet:  


auto br0
auto br0
iface br0 inet static
iface br0 inet static
        address 10.10.0.15/24
address 10.10.0.15/24
        gateway 10.10.0.1
gateway 10.10.0.1
        bridge_ports eth0 eth1
bridge_ports eth0 eth1
        up /usr/sbin/brctl stp br0 on
up /usr/sbin/brctl stp br0 on


If a server is connected to multiple switches then you usually need to run the spanning tree protocol to avoid loops. Therefore STP must be turned on via an "up" command as shown above.  
If a server is connected to multiple switches then you usually need to run the spanning tree protocol to avoid loops. Therefore STP must be turned on via an "up" command as shown above.


Example: Bridge setup without IP address configuration (use "manual" instead of "static") to "forward" an interface to a guest VM. (The static bridge config contains only 1 physical interface. The virtual interface will be added to the bridge when the VM is started.)  
Example: Bridge setup without IP address configuration (use "manual" instead of "static") to "forward" an interface to a guest VM. (The static bridge config contains only 1 physical interface. The virtual interface will be added to the bridge when the VM is started.)


auto br1
auto br1
iface br1 inet manual
iface br1 inet manual
        bridge_ports eth4
bridge_ports eth4
        up /usr/sbin/brctl setageing br1 0
up /usr/sbin/brctl setageing br1 0
        up /usr/sbin/brctl stp br1 off
up /usr/sbin/brctl stp br1 off
 
Note: The Linux bridge supports only STP, no RSTP (Rapid Spanning Tree). Therefore it supports only the old STP Costs, not the new RSTP Costs (see [https://en.wikipedia.org/wiki/Spanning_Tree_Protocol#Data_rate_and_STP_path_cost Spanning_Tree_Protocol]). This is usually fine with Cisco Switches, but eg. Juniper switches use the RSTP costs and therefore this may lead to different spanning tree calculations and loop problems. This can be fixed by settings the costs manually, either on the switch or on the server. Setting the cost on the switch is preferred as Linux switches back to the default costs whenever an interface does down/up.


Note: The Linux bridge supports only STP, no RSTP (Rapid Spanning Tree). Therefore it supports only the old STP Costs, not the new RSTP Costs (see [https://en.wikipedia.org/wiki/Spanning_Tree_Protocol#Data_rate_and_STP_path_cost Spanning_Tree_Protocol]). This is usually fine with Cisco Switches, but eg. Juniper switches use the RSTP costs and therefore this may lead to different spanning tree calculations and loop problems. This can be fixed by settings the costs manually, either on the switch or on the server. Setting the cost on the switch is preferred as Linux switches back to the default costs whenever an interface does down/up.


== Bridging without Switching ==
== Bridging without Switching ==
By default the Linux bridge acts like a switch. This means, it remembers the MAC addresses behind a switch port and if the destination MAC address is known, data packets or only forward to the respective port - otherwise packets will be broadcasted.


By default the Linux bridge acts like a switch. This means, it remembers the MAC addresses behind a switch port and if the destination MAC address is known, data packets or only forward to the respective port - otherwise packets will be broadcasted.
In some setups this is bad. For example if the bridge connects 2 trunk interfaces and the same MAC addresses may be seen from both interfaces, depending on the VLAN. As the Linux bridge does not support VLANs (dedicated MAC address tables per each VLAN), in such setups you have to disable the MAC address learning and put the bridge into a real "bridge" mode with:


In some setups this is bad. For example if the bridge connects 2 trunk interfaces and the same MAC addresses may be seen from both interfaces, depending on the VLAN. As the Linux bridge does not support VLANs (dedicated MAC address tables per each VLAN), in such setups you have to disable the MAC address learning and put the bridge into a real "bridge" mode with:
up /sbin/brctl setageing br0 0
up /sbin/brctl stp br0 off


        up /sbin/brctl setageing br0 0
        up /sbin/brctl stp br0 off


= Howto use vlan (dot1q, 802.1q, trunk) (Etch, Lenny) =
= Howto use vlan (dot1q, 802.1q, trunk) (Etch, Lenny) =


== Manual config ==
== Manual config ==
modprobe 8021q
modprobe 8021q


apt install vlan
apt install vlan


vconfig add eth0 222   <nowiki># 222 is vlan number</nowiki>
vconfig add eth0 222 <nowiki># 222 is vlan number</nowiki>
ifconfig eth0.222 up
ifconfig eth0.222 up
ifconfig eth0.222 mtu 1496   <nowiki>#optional if your network card doesn't support MTU 1504B</nowiki>
ifconfig eth0.222 mtu 1496 <nowiki>#optional if your network card doesn't support MTU 1504B</nowiki>
ifconfig eth0.222 10.10.10.1 netmask 255.255.255.0
ifconfig eth0.222 10.10.10.1 netmask 255.255.255.0


== Network init script config ==
== Network init script config ==
 
Into /etc/modules add line:
Into /etc/modules add line:  


8021q
8021q


In /etc/network/interfaces to section iface add parameter:  
In /etc/network/interfaces to section iface add parameter:


        vlan-raw-device eth0
vlan-raw-device eth0


The interface name should be the raw interface name (the same as specified by vlan-raw-device), then a dot, then the VLAN ID, for example eth0.100. It can instead be "vlan" then the VLAN ID, for example vlan100. In either case, the VLAN ID is on the end, and this is the only place that it is configured.  
The interface name should be the raw interface name (the same as specified by vlan-raw-device), then a dot, then the VLAN ID, for example eth0.100. It can instead be "vlan" then the VLAN ID, for example vlan100. In either case, the VLAN ID is on the end, and this is the only place that it is configured.


Note: If you name your VLAN interfaces ethX.YYY, then there is no need to specify the vlan-raw-device, as the raw device can be retrieved from the interface name.  
Note: If you name your VLAN interfaces ethX.YYY, then there is no need to specify the vlan-raw-device, as the raw device can be retrieved from the interface name.


Eg:  
Eg:


auto eth0.222
auto eth0.222
iface eth0.222 inet static
iface eth0.222 inet static
        address 10.10.10.1/24
address 10.10.10.1/24
        vlan-raw-device eth0
vlan-raw-device eth0
 


== Bridges and VLANs ==
== Bridges and VLANs ==
 
If you create VLAN interfaces only to put them into a bridge, there is no need to define the VLAN interfaces manually. Just config the bridge, and the VLAN interface will be created automatically when creating the bridge, e.g:
If you create VLAN interfaces only to put them into a bridge, there is no need to define the VLAN interfaces manually. Just config the bridge, and the VLAN interface will be created automatically when creating the bridge, e.g:  


auto br1
auto br1
iface br1 inet manual
iface br1 inet manual
        bridge_ports eth0.99 eth1.99
bridge_ports eth0.99 eth1.99
        up /usr/sbin/brctl stp br1 on
up /usr/sbin/brctl stp br1 on
 


== Caveats when using bridging and vlan ==
== Caveats when using bridging and vlan ==
<nowiki>#/etc/network/interfaces</nowiki>
<nowiki>#/etc/network/interfaces</nowiki>
auto eth0 bri0
auto eth0 bri0
iface eth0 inet static
iface eth0 inet static
        address 192.168.1.1/24
address 192.168.1.1/24
iface eth0.110 inet manual
iface eth0.110 inet manual
        vlan-raw-device eth0
vlan-raw-device eth0
iface bri0 inet static
iface bri0 inet static
        address 192.168.110.1/24
address 192.168.110.1/24
        bridge_ports eth0.110
bridge_ports eth0.110
        bridge_stp on
bridge_stp on
        bridge_maxwait 10
bridge_maxwait 10
 
If you are using a brigded VLAN setup, which is probably useful for networking in virtualization environments, take care to only attach either a bridge device or VLAN devices to an underlying physical device - like shown above. Attaching the physical interface (eth0) to a bridge (eg. bri1) while using the same physical interface on apparently different VLANs will result in all packets to remain tagged. (Kernel newer than 2.6.37 and older than 3.2).


If you are using a brigded VLAN setup, which is probably useful for networking in virtualization environments, take care to only attach either a bridge device or VLAN devices to an underlying physical device - like shown above. Attaching the physical interface (eth0) to a bridge (eg. bri1) while using the same physical interface on apparently different VLANs will result in all packets to remain tagged. (Kernel newer than 2.6.37 and older than 3.2).


= Howto create fault tolerant bonding with vlan (Etch - Stretch) =
= Howto create fault tolerant bonding with vlan (Etch - Stretch) =
[[Image:Bild21.png|top|alt="debian_bonding.png"]]
[[Image:Bild21.png|top|alt="debian_bonding.png"]]


[https://wiki.debian.org/NetworkConfiguration?action=AttachFile&do=view&target=debian_bonding.dia debian_bonding.dia]  
[https://wiki.debian.org/NetworkConfiguration?action=AttachFile&do=view&target=debian_bonding.dia debian_bonding.dia]


How to configure one of the above server active backup bonding 3 vlan {vlan10,vlan20,vlan30} Debian networking without SPOF without native vlan.  
How to configure one of the above server active backup bonding 3 vlan {vlan10,vlan20,vlan30} Debian networking without SPOF without native vlan.


aptitude install vlan ifenslave-2.6
aptitude install vlan ifenslave-2.6


== Network config ==
== Network config ==
 
Cisco switch interface example config
Cisco switch interface example config  


interface GigabitEthernet1/2
interface GigabitEthernet1/2
Zeile 1.205: Zeile 1.141:
  no cdp enable
  no cdp enable
  spanning-tree portfast trunk
  spanning-tree portfast trunk


== bonding with active backup ==
== bonding with active backup ==
 
Create a file <tt>/etc/modprobe.d/bonding.conf</tt> containing:
Create a file <tt>/etc/modprobe.d/bonding.conf</tt> containing:  


alias bond0 bonding
alias bond0 bonding
options bonding mode=active-backup miimon=100 downdelay=200 updelay=200 primary=eth1
options bonding mode=active-backup miimon=100 downdelay=200 updelay=200 primary=eth1


== /etc/network/interfaces ==
== /etc/network/interfaces ==
<nowiki># The loopback network interface</nowiki>
<nowiki># The loopback network interface</nowiki>
auto lo
auto lo
Zeile 1.221: Zeile 1.157:
auto bond0
auto bond0
iface bond0 inet manual
iface bond0 inet manual
        up ifconfig bond0 0.0.0.0 up
up ifconfig bond0 0.0.0.0 up
        slaves eth1 eth0
slaves eth1 eth0
auto vlan10
auto vlan10
iface vlan10 inet static
iface vlan10 inet static
        address 10.10.10.12/24
address 10.10.10.12/24
        vlan-raw-device bond0
vlan-raw-device bond0
        gateway 10.10.0.1
gateway 10.10.0.1
        dns-search hup.hu
dns-search hup.hu
        dns-nameservers 10.10.0.2
dns-nameservers 10.10.0.2
auto vlan20
auto vlan20
iface vlan20 inet static
iface vlan20 inet static
        address 10.20.10.12/24
address 10.20.10.12/24
        vlan-raw-device bond0
vlan-raw-device bond0
auto vlan30
auto vlan30
iface vlan30 inet static
iface vlan30 inet static
        address 10.30.10.12/24
address 10.30.10.12/24
        vlan-raw-device bond0* In Debian Buster, you must use interface names for VLANs in the form of: <tt>bond0.10</tt>, <tt>bond0.20</tt>, and <tt>bond0.30</tt> instead of <tt>vlan10</tt>, <tt>vlan20</tt>, <tt>vlan30</tt>  
vlan-raw-device bond0* In Debian Buster, you must use interface names for VLANs in the form of: <tt>bond0.10</tt>, <tt>bond0.20</tt>, and <tt>bond0.30</tt> instead of <tt>vlan10</tt>, <tt>vlan20</tt>, <tt>vlan30</tt>
* [https://www.kernel.org/doc/Documentation/networking/bonding.txt https://www.kernel.org/doc/Documentation/networking/bonding.txt] - Linux kernel documentation on bonding  
* [https://www.kernel.org/doc/Documentation/networking/bonding.txt https://www.kernel.org/doc/Documentation/networking/bonding.txt] - Linux kernel documentation on bonding
* [https://www.dm.unibo.it/~donatini/admin/rete/bonding.html https://www.dm.unibo.it/~donatini/admin/rete/bonding.html] - Bonding on Linux 2.6  
* [https://www.dm.unibo.it/~donatini/admin/rete/bonding.html https://www.dm.unibo.it/~donatini/admin/rete/bonding.html] - Bonding on Linux 2.6
 




== How to set the MTU (Max transfer unit / packet size) with VLANS over a bonded interface ==
== How to set the MTU (Max transfer unit / packet size) with VLANS over a bonded interface ==
 
MTU needs to be configured on the bonding interface and slave interfaces after the reset of the configuration has been applied to the bonding interfaces. This is done using a post-up line in the bonding interface configuration.
MTU needs to be configured on the bonding interface and slave interfaces after the reset of the configuration has been applied to the bonding interfaces. This is done using a post-up line in the bonding interface configuration.  


auto bond0
auto bond0
iface bond0 inet manual
iface bond0 inet manual
        up ifconfig lacptrunk0 0.0.0.0 up
up ifconfig lacptrunk0 0.0.0.0 up
        slaves eth0 eth1
slaves eth0 eth1
<nowiki># bond-mode 4 = 802.3ad</nowiki>
<nowiki># bond-mode 4 = 802.3ad</nowiki>
        bond-mode 4
bond-mode 4
        bond-miimon 100
bond-miimon 100
        bond-downdelay 200
bond-downdelay 200
        bond-updelay 200
bond-updelay 200
        bond-lacp-rate 1
bond-lacp-rate 1
        bond-xmit-hash-policy layer2+3
bond-xmit-hash-policy layer2+3
        post-up ifconfig eth0 mtu 9000 && ifconfig eth1 mtu 9000 && ifconfig bond0 mtu 9000
post-up ifconfig eth0 mtu 9000 && ifconfig eth1 mtu 9000 && ifconfig bond0 mtu 9000


<nowiki>#vlan devices will use the MTU set on bond0 device</nowiki>
<nowiki>#vlan devices will use the MTU set on bond0 device</nowiki>
Zeile 1.264: Zeile 1.198:
iface vlan101 inet static
iface vlan101 inet static


        address 10.101.60.123/24
address 10.101.60.123/24
        gateway 10.155.60.1
gateway 10.155.60.1
        vlan-raw-device bond0
vlan-raw-device bond0


auto vlan151
auto vlan151
iface vlan151 inet static
iface vlan151 inet static


        address 192.168.1.1/24
address 192.168.1.1/24
        vlan-raw-device bond0
vlan-raw-device bond0
 


= Multiple IP addresses on one Interface =
= Multiple IP addresses on one Interface =
Interface aliasing allows one interface to have multiple IP addresses. This is useful when more than one server is to be visible ''via'' the Internet. Note that virtual hosts can support multiple Apache servers with a single IP address. Apache responds to the domain name supplied by the client in the HTTP header. In many other situations, one external IP is needed for each server using a port.


Interface aliasing allows one interface to have multiple IP addresses. This is useful when more than one server is to be visible ''via'' the Internet. Note that virtual hosts can support multiple Apache servers with a single IP address. Apache responds to the domain name supplied by the client in the HTTP header. In many other situations, one external IP is needed for each server using a port.


== Legacy method ==
== Legacy method ==
 
This /etc/network/interfaces text assigns three IP addresses to eth0.
This /etc/network/interfaces text assigns three IP addresses to eth0.  


auto eth0
auto eth0
allow-hotplug eth0
allow-hotplug eth0
iface eth0 inet static
iface eth0 inet static
    address 192.168.1.42/24
address 192.168.1.42/24
    gateway 192.168.1.1
gateway 192.168.1.1


auto eth0:0
auto eth0:0
allow-hotplug eth0:0
allow-hotplug eth0:0
iface eth0:0 inet static
iface eth0:0 inet static
    address 192.168.1.43/24
address 192.168.1.43/24


auto eth0:1
auto eth0:1
allow-hotplug eth0:1
allow-hotplug eth0:1
iface eth0:1 inet static
iface eth0:1 inet static
    address 192.168.1.44/24
address 192.168.1.44/24
 
An alias interface should not have "gateway" or "dns-nameservers"; dynamic IP assignment is permissible.


An alias interface should not have "gateway" or "dns-nameservers"; dynamic IP assignment is permissible.  
The above configuration is the previous traditional method that reflects the traditional use of ''ifconfig'' to configure network devices. ''ifconfig'' has introduced the concept of ''aliased'' or ''virtual'' interfaces. Those types of virtual interfaces have names of the form ''interface:integer'' and ifconfig treats them very similarly to real interfaces.


The above configuration is the previous traditional method that reflects the traditional use of ''ifconfig'' to configure network devices. ''ifconfig'' has introduced the concept of ''aliased'' or ''virtual'' interfaces. Those types of virtual interfaces have names of the form ''interface:integer'' and ifconfig treats them very similarly to real interfaces.  
Nowadays ''ifupdown'' uses the ''ip'' utility from the ''iproute2'' package instead of ''ifconfig''. The newer ''ip'' utility does not use the same concept of aliases or virtual interfaces. However, it supports assigning arbitrary names to the interfaces (they're called labels). ''ifupdown'' uses this feature to support aliased interfaces while using ''ip''.


Nowadays ''ifupdown'' uses the ''ip'' utility from the ''iproute2'' package instead of ''ifconfig''. The newer ''ip'' utility does not use the same concept of aliases or virtual interfaces. However, it supports assigning arbitrary names to the interfaces (they're called labels). ''ifupdown'' uses this feature to support aliased interfaces while using ''ip''.


== iproute2 method ==
== iproute2 method ==
Also, ''ifupdown'' supports specifying multiple interfaces by repeating ''iface'' sections with the same interface name. The key difference from the method described above is that all such sections are treated by ''ifupdown'' as just one interface, so user can't add or remove them individually. However, ''up''/''down'' commands, as well as scripts, are called for every section as it used to be.


Also, ''ifupdown'' supports specifying multiple interfaces by repeating ''iface'' sections with the same interface name. The key difference from the method described above is that all such sections are treated by ''ifupdown'' as just one interface, so user can't add or remove them individually. However, ''up''/''down'' commands, as well as scripts, are called for every section as it used to be.
Note however that this method is '''dangerous'''! Certain driver/hardware combinations may sometimes fail to bring the link up if no labels are assigned to the alias interfaces. (Seen this on Debian Wheezy and Jessie with RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 01) auto-negotiating to 10/full. A similar warning from another person exists in the history of this page.)
 
Note however that this method is '''dangerous'''! Certain driver/hardware combinations may sometimes fail to bring the link up if no labels are assigned to the alias interfaces. (Seen this on Debian Wheezy and Jessie with RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 01) auto-negotiating to 10/full. A similar warning from another person exists in the history of this page.)  


This /etc/network/interfaces text assigns three IP addresses to eth0.  
This /etc/network/interfaces text assigns three IP addresses to eth0.


auto eth0
auto eth0
allow-hotplug eth0
allow-hotplug eth0
iface eth0 inet static
iface eth0 inet static
    address 192.168.1.42/24
address 192.168.1.42/24
    gateway 192.168.1.1
gateway 192.168.1.1


iface eth0 inet static
iface eth0 inet static
    address 192.168.1.43/24
address 192.168.1.43/24


iface eth0 inet static
iface eth0 inet static
    address 192.168.1.44/24
address 192.168.1.44/24


<nowiki># adding IP addresses from different subnets is also possible</nowiki>
<nowiki># adding IP addresses from different subnets is also possible</nowiki>
iface eth0 inet static
iface eth0 inet static
    address 10.10.10.14/24
address 10.10.10.14/24


Manual approach:  
Manual approach:


auto eth0
auto eth0
allow-hotplug eth0
allow-hotplug eth0
iface eth0 inet static
iface eth0 inet static
    address 192.168.1.42/24
address 192.168.1.42/24
    gateway 192.168.1.1
gateway 192.168.1.1
    up   ip addr add 192.168.1.43/24 dev $IFACE label $IFACE:0
up ip addr add 192.168.1.43/24 dev $IFACE label $IFACE:0
    down ip addr del 192.168.1.43/24 dev $IFACE label $IFACE:0
down ip addr del 192.168.1.43/24 dev $IFACE label $IFACE:0
    up   ip addr add 192.168.1.44/24 dev $IFACE label $IFACE:1
up ip addr add 192.168.1.44/24 dev $IFACE label $IFACE:1
    down ip addr del 192.168.1.44/24 dev $IFACE label $IFACE:1
down ip addr del 192.168.1.44/24 dev $IFACE label $IFACE:1
    up   ip addr add 10.10.10.14/24 dev $IFACE label $IFACE:2
up ip addr add 10.10.10.14/24 dev $IFACE label $IFACE:2
    down ip addr del 10.10.10.14/24 dev $IFACE label $IFACE:2
down ip addr del 10.10.10.14/24 dev $IFACE label $IFACE:2


Quelle: [https://wiki.debian.org/NetworkConfiguration https://wiki.debian.org/NetworkConfiguration]
Quelle: [https://wiki.debian.org/NetworkConfiguration https://wiki.debian.org/NetworkConfiguration]

Version vom 23. Januar 2023, 09:04 Uhr

Netzwerkkonfiguration

"[Tipp]" Tipp
Bezüglich einer aktuellen Anleitung für Debian zum Thema Netzwerk lesen Sie Debian Administratorhandbuch — Konfigurieren des Netzwerks.
"[Tipp]" Tipp
Unter systemd kann networkd für die Netzwerkverwaltung genutzt werden; lesen Sie dazu systemd-networkd(8).

5.1. Die elementare Netzwerkinfrastruktur

Lassen Sie uns einen Blick auf die elementare Netzwerkinfrastruktur eines modernen Debian-Systems werfen:

Pakete Popcon Größe Art Beschreibung
network-manager V:369, I:440 14500 config::NM NetworkManager (Daemon): das Netzwerk automatisch verwalten
network-manager-gnome V:126, I:371 5350 config::NM NetworkManager (GNOME-Frontend)
ifupdown V:584, I:987 217 config::ifupdown standardisiertes Werkzeug zum Aktivieren und Deaktivieren des Netzwerks (Debian-spezifisch)
isc-dhcp-client V:219, I:982 689 config::low-level DHCP-Client
pppoeconf V:0, I:7 192 config::helper Konfigurations-Hilfswerkzeug für PPPoE-Verbindungen
wpasupplicant V:341, I:503 3817 " clientseitige Unterstützung für WPA und WPA2 (IEEE 802.11i)
wpagui V:0, I:2 800 " Qt-GUI-Programm für wpa_supplicant
wireless-tools V:176, I:239 297 " Werkzeuge zum Bearbeiten der Linux Wireless Extensions
iw V:223, I:477 294 " Werkzeug zum Konfigurieren von Drahtlos-Netzwerkgeräten unter Linux
iproute2 V:701, I:949 3294 config::iproute2 iproute2, IPv6 und andere erweiterte Netzwerkkonfiguration: ip(8), tc(8) usw.
iptables V:306, I:942 2521 config::Netfilter Administrationswerkzeuge für Paketfilterung und NAT (Netfilter)
iputils-ping V:206, I:997 118 Test Erreichbarkeit eines fernen Rechners über das Netzwerk testen, entweder mittels Rechnername oder IP-Addresse (iproute2)
iputils-arping V:5, I:78 60 Test Erreichbarkeit eines fernen Rechners über das Netzwerk mittels seiner ARP-Addresse testen
iputils-tracepath V:4, I:46 52 Test Netzwerkpfad zu einem fernen Rechner verfolgen
ethtool V:96, I:267 631 Test Eigenschaften von Ethernet-Geräten anzeigen oder ändern
mtr-tiny V:6, I:52 161 test::low-level Netzwerkpfad zu einem fernen Rechner verfolgen (Curses-basiert)
mtr V:4, I:44 214 " Netzwerkpfad zu einem fernen Rechner verfolgen (Curses- und GTK-basiert)
gnome-nettool V:1, I:31 2110 " Werkzeuge für allgemeine Netzwerkinformations-Operationen (GNOME)
nmap V:28, I:231 4452 " Netzwerk-Mapper/Port-Scanner (Nmap, konsolen-basiert)
zenmap V:0, I:4 2939 " Netzwerk-Mapper/Port-Scanner (GTK-basiert)
tcpdump V:18, I:196 1330 " Netzwerkverkehr-Analysator (Tcpdump, konsolen-basiert)
wireshark I:52 72 " Netzwerkverkehr-Analysator (Wireshark, GTK-basiert)
tshark V:2, I:30 427 " Netzwerkverkehr-Analysator (konsolen-basiert)
tcptrace V:0, I:2 401 " eine Zusammenfassung von Verbindungen auf Basis der tcpdump-Ausgabe erstellen
snort V:0, I:1 2206 " flexibles Einbruchmeldesystem für das Netzwerk (Snort)
ntopng V:1, I:1 969 " Daten über die Netzwerknutzung im Webbrowser anzeigen
dnsutils V:39, I:423 275 " Netzwerk-Clients, die mit BIND bereitgestellt werden: nslookup(8), nsupdate(8), dig(8)
dlint V:0, I:5 53 " DNS-Zoneninformationen mittels Nameserver-Abfragen überprüfen
dnstracer V:0, I:1 60 " eine Verkettung von DNS-Servern zu ihrer Quelle verfolgen


5.1.1. Die Auflösung des Rechnernamens

Die Auflösung des Rechnernamens (hostname) wird derzeit auch durch den NSS-(Name-Service-Switch-)Mechanismus unterstützt. Die Auflösung läuft wie folgt ab:# Die "/etc/nsswitch.conf"-Datei mit Einträgen wie "hosts: files dns" bestimmt die Reihenfolge der Rechnernamenauflösung. (Dies ersetzt die alte Funktionalität der "order"-Einträge in "/etc/host.conf".)

  1. Als erstes wird in diesem Beispiel die files-Methode aufgerufen. Wenn der Rechnername in der "/etc/hosts"-Datei gefunden wird, werden alle gültigen Adressen für den Rechner ausgegeben und die Abfrage wird beendet. (Die "/etc/host.conf"-Datei enthält "multi on".)
  2. Dann wird die dns-Methode wird aufgerufen. Wenn der Rechnername über das Internet Domain Name System (DNS) (definiert über die Datei "/etc/resolv.conf") gefunden wird, werden alle dafür gültigen Adressen ausgegeben und die Abfrage wird beendet.

Die "/etc/hosts"-Datei sieht zum Beispiel so aus:

127.0.0.1 localhost 127.0.1.1 host_name

# The following lines are desirable for IPv6 capable hosts

1 localhost ip6-localhost ip6-loopback

ff02::1 ip6-allnodes ff02::2 ip6-allrouters

Jede Zeile beginnt mit einer IP-Addresse und dahinter steht jeweils der zugeordnete Rechnername.

Die IP-Adresse 127.0.1.1 in der zweiten Zeile dieses Beispiels ist auf einigen anderen Unix-ähnlichen Systemen möglicherweise nicht vorhanden. Der Debian Installer erstellt diesen Eintrag für Systeme ohne feste IP-Adresse als provisorische Lösung für einige Software-Produkte (z.B. GNOME), wie in Fehler #719621 dokumentiert.

Der Eintrag rechnername entspricht dem in"/etc/hostname" festgelegten Rechnernamen.

Auf Systemen mit einer festen IP-Adresse sollte allerdings diese feste IP-Adresse statt der 127.0.1.1 verwendet werden.

Bei Systemen mit einer festen IP-Adresse und einem voll qualifizierten Domain-Namen (FQDN), bereitgestellt durch das Domain Name System (DNS), sollte rechnername.domain-name verwendet werden statt nur rechnername.

Die Datei "/etc/resolv.conf" ist eine statische Datei, falls das Paket resolvconf nicht installiert ist. Falls das Paket installiert ist, ist dies ein symbolischer Link. In beiden Fällen enthält es Informationen zur Initialisierung der Namensauflösungs-Routinen. Wenn das DNS zum Beispiel über die IP "192.168.11.1" erreichbar ist, enthält sie Folgendes:

nameserver 192.168.11.1

Das resolvconf-Paket macht "/etc/resolv.conf" zu einem symbolischen Link und verwaltet ihren Inhalt automatisch über die Hook-Skripte.

Bei PC-Arbeitsplatzrechnern in einer typischen LAN-Umgebung kann der Rechnername zusätzlich zu den grundlegenden files- und dns-Methoden auch über Multicast DNS (mDNS, Zeroconf) aufgelöst werden:* Avahi stellt ein Rahmenwerk für Multicast-DNS-Diensteabfragen auf Debian-Systemen bereit.

  • Es ist ein Äquivalent zu Apple Bonjour / Apple Rendezvous.
  • Das libnss-mdns-Plugin-Paket bietet Rechnernamensauflösung via mDNS für die GNU Name-Service-Switch-(NSS-)Funktionalität der GNU C-Bibliothek (glibc).
  • Die Datei "/etc/nsswitch.conf" sollte Einträge wie "hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4" enthalten.
  • Rechnernamen, die mit der Pseudo-Top-Level Domain (TLD) ".local" enden, werden aufgelöst.
  • Die mDNS IPv4 link-lokale Multicast-Adresse "224.0.0.251" oder ihr IPv6-Äquivalent "FF02::FB" wird verwendet, um DNS-Abfragen für einen auf ".local" endenden Namen durchzuführen.

Rechnernamensauflösung über das veraltete NETBios over TCP/IP, das von älteren Windows-Systemen verwendet wurde, kann über die Installation des Pakets winbind realisiert werden. Die "/etc/nsswitch.conf"-Datei sollte Einträge wie "hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 wins" enthalten, um diese Funktionalität zu aktivieren. (Moderne Windows-Systeme verwenden normalerweise die dns-Methode zur Rechnernamensauflösung.)

"[Anmerkung]" Anmerkung
Die Ausweitung generischer Top-Level-Domains (gTLD) im Domain-Name-System ist in Arbeit. Achten Sie bei Auswahl von Domain-Namen, die nur im lokalen Netzwerk verwendet werden sollen, auf Namenskollisionen.

5.1.2. Der Netzwerkschnittstellenname

Systemd verwendet "verlässlich vorhersagbare Namen (Predictable Network Interface Names)" wie "enp0s25".


5.1.3. Der Netzwerkadressbereich für das LAN

Wir wollen uns an die IPv4 32-Bit-Adressbereiche erinnern, die durch die rfc1918 für jede Klasse zur Verwendung in Local Area Networks (LANs) reserviert sind. Diese Adressen werden bestimmt nicht mit irgendwelchen Adressen im Internet kollidieren.

"[Anmerkung]" Anmerkung
IP-Adressen mit Doppelpunkten sind IPv6-Adressen, z.B. "::1" für localhost.

Tabelle 5.2. Liste der Netzwerkadressbereiche

Klasse Netzwerkadressen Netzmaske Netzmaske /Bits von Subnetzwerken
A 10.x.x.x 255.0.0.0 /8 1
B 172.16.x.x — 172.31.x.x 255.255.0.0 /16 16
C 192.168.0.x — 192.168.255.x 255.255.255.0 /24 256
"[Anmerkung]" Anmerkung
Wenn eine dieser Adressen einem Rechner zugewiesen ist, kann dieser Rechner das Internet nicht direkt erreichen, sondern muss ein Gateway verwenden, der als Proxy für verschiedene Dienste dient, oder er nutzt Network Address Translation (NAT). Ein Breitband-Router nutzt üblicherweise NAT für das Anwender-Netzwerk.

5.1.4. Unterstützung für Netzwerkgeräte

Der größte Teil verfügbarer Netzwerk-Hardware wird durch das Debian-System unterstützt; es gibt einige Geräte, die laut DFSG nicht-freie Firmware für den Betrieb erfordern. Lesen Sie dazu Abschnitt 9.10.5, „Hardware-Treiber und Firmware“.


5.2. Moderne Netzwerkkonfiguration für Arbeitsplatzsysteme

Auf modernen Debian-Desktop-Systemen mit systemd erfolgt die Initialisierung von Netzwerkschnittstellen für die Loopback-Schnittstelle lo typischerweise durch "networking.service" und für andere Schnittstellen durch "NetworkManager.service".

Debian-Systeme können Netzwerkverbindungen über Software-Daemons wie NetworkManager (NM) (network-manager und zugehörige Pakete) verwalten.* Sie haben ihre eigenen grafischen GUI- und Befehlszeilen-Programme als Bedienoberfläche.

  • Sie haben ihre eigenen Daemons als Unterbau.
  • Sie erlauben eine einfache Verbindung Ihres Systems mit dem Internet.
  • Sie ermöglichen eine problemlose Verwaltung von kabelgebundenen und kabellosen Netzwerkkonfigurationen.
  • Sie erlauben uns, das Netzwerk unabhängig vom althergebrachten ifupdown zu konfigurieren.
"[Anmerkung]" Anmerkung
Verwenden Sie diese automatischen Netzwerkkonfigurations-Werkzeuge nicht für Server. Sie sind primär für die Nutzung auf Arbeitsplatzrechnern oder Laptops gedacht.

Diese modernen Werkzeuge müssen korrekt konfiguriert werden, um Konflikte mit dem ifupdown-Paket und seiner Konfigurationsdatei "/etc/network/interfaces" zu vermeiden.


5.2.1. Grafische Netzwerkkonfigurations-Werkzeuge

Offizielle Dokumentation für NM unter Debian ist in "/usr/share/doc/network-manager/README.Debian" verfügbar.

Grundsätzlich läuft die Netzwerkkonfiguration für Arbeitsplatzsysteme wie folgt ab:# Fügen Sie den Benutzer, der sich am Arbeitsplatz anmeldet, z.B. foo, mit folgendem Befehl zur Gruppe "netdev" hinzu (alternativ kann dies in modernen Arbeitsplatzumgebungen wie GNOME oder KDE auch automatisch über D-bus erledigt werden):
$ sudo adduser foo netdev

  1. Halten Sie die Konfiguration in "/etc/network/interfaces" so einfach wie hier:
    auto lo
    iface lo inet loopback
  2. Starten Sie NM mit folgendem Befehl neu:
    $ sudo systemctl restart network-manager
  3. Konfigurieren Sie Ihr Netzwerk über die grafische GUI-Oberfläche.
"[Anmerkung]" Anmerkung
Um Konflikte mit ifupdown zu vermeiden, werden nur Schnittstellen, die nicht in "/etc/network/interfaces" aufgelistet sind, von NM verwaltet.
"[Tipp]" Tipp
Wenn Sie die Fähigkeiten von NM erweitern möchten, suchen Sie nach entsprechenden Plugin-Modulen und zusätzlichen Paketen wie network-manager-openconnect, network-manager-openvpn-gnome, network-manager-pptp-gnome, mobile-broadband-provider-info, gnome-bluetooth usw.

5.3. Moderne Netzwerkkonfiguration ohne grafische Oberfläche

Unter systemd kann das Netzwerk stattdessen in /etc/systemd/network/ konfiguriert werden. Lesen Sie dazu systemd-resolved(8), resolved.conf(5) und systemd-networkd(8).

Dies ermöglicht eine moderne Netzwerkkonfiguration auch ohne grafische Oberfläche.

Eine DHCP-Client-Konfiguration kann durch Erzeugen von "/etc/systemd/network/dhcp.network" eingerichtet werden, z.B. mit:

[Match] Name=en*

[Network] DHCP=yes

Eine statische Netzwerkkonfiguration richten Sie über "/etc/systemd/network/static.network" ein, wie hier:

[Match] Name=en*

[Network] Address=192.168.0.15/24 Gateway=192.168.0.1


5.4. Netzwerkkonfiguration auf unterster Ebene

Für Netzwerkkonfiguration über die Konsole können Sie unter Linux die iproute2-Programme (ip(8), …) verwenden.


5.4.1. iproute2-Befehle

Die iproute2-Befehle bieten vollwertige Funktionalität auf der untersten Ebene der Netzwerkkonfiguration. Hier eine Tabelle zur Gegenüberstellung von veralteten net-tools-Befehlen und neuen iproute2- und anderen Befehlen.

Tabelle 5.3. Gegenüberstellung von net-tools- und iproute2-Befehlen

net-tools (veraltet) iproute2 usw. (neu) Beeinflussung
ifconfig(8) ip addr Protokoll-Adresse (IP oder IPv6) eines Gerätes
route(8) ip route Eintrag in der Routing-Tabelle
arp(8) ip neigh ARP- oder NDISC-Cache-Eintrag
ipmaddr ip maddr Multicast-Adresse
iptunnel ip tunnel Tunnel über IP
nameif(8) ifrename(8) Netzwerkschnittstellen basierend auf MAC-Adressen benennen
mii-tool(8) ethtool(8) Einstellungen von Ethernet-Geräten

Lesen Sie ip(8) und das IPROUTE2 Utility Suite Howto.


5.4.2. Sichere Basis-Netzwerkoperationen

Sie können die folgenden Netzwerkbefehle der untersten Ebene problemlos verwenden, da sie die Netzwerkkonfiguration nicht verändern:

Tabelle 5.4. Liste von Basis-Netzwerkbefehlen

Befehl Beschreibung
ip addr show Verbindungs- und Adressstatus von aktiven Schnittstellen anzeigen
route -n Vollständige Routing-Tabelle mit numerischen Adressen anzeigen
ip route show Vollständige Routing-Tabelle mit numerischen Adressen anzeigen
arp Aktuellen Inhalt der ARP-Cache-Tabellen anzeigen
ip neigh Aktuellen Inhalt der ARP-Cache-Tabellen anzeigen
plog Logdaten des PPP-Daemons anzeigen
ping yahoo.com Internet-Verbindung zu "yahoo.com" überprüfen
whois yahoo.com Überprüfen, wer "yahoo.com" in der Domain-Datenbank registriert hat
traceroute yahoo.com Verbindung zu "yahoo.com" durch das Internet verfolgen
tracepath yahoo.com Verbindung zu "yahoo.com" durch das Internet verfolgen
mtr yahoo.com Verbindung zu "yahoo.com" durch das Internet verfolgen (wiederholt)
dig [@dns-server.com] example.com [{a|mx|any}] DNS-Einträge von "example.com" laut den Daten von "dns-server.com" auf einen "a"-, "mx"- oder "any"-Eintrag überprüfen
iptables -L -n Paketfilter überprüfen
netstat -a Alle offenen Ports finden
netstat -l --inet Ports finden, die auf eine Verbindung warten
netstat -ln --tcp TCP-Ports finden, die auf eine Verbindung warten (numerisch)
dlint example.com DNS-Zonen-Informationen von "example.com" überprüfen
"[Tipp]" Tipp
Einige dieser Basisbefehle zur Netzwerkkonfiguration sind in "/sbin/" abgelegt. Sie müssen unter Umständen den vollständigen Pfad, wie z.B. "/sbin/ifconfig" angeben oder "/sbin" zur Variable "$PATH" in Ihrer "~/.bashrc"-Datei hinzufügen.

5.5. Netzwerkoptimierung

Die grundsätzliche Netzwerkoptimierung liegt außerhalb des Rahmens dieser Dokumentation. Ich erwähne hier nur Dinge, die für Anwender-typische Verbindungen passend sind.

Tabelle 5.5. Liste von Werkzeugen zur Netzwerkoptimierung

Pakete Popcon Größe Beschreibung
iftop V:7, I:112 97 Informationen zur Bandbreitennutzung einer Netzwerkschnittstelle anzeigen
iperf V:3, I:52 322 Werkzeug zur IP-Bandbreiten-Messung
ifstat V:0, I:8 59 InterFace STATistics Monitoring (Netzwerkschnittstellen-Statistik/-Überwachung)
bmon V:1, I:17 146 Portierbarer Bandbreitenmonitor und Geschwindigkeitsrechner
ethstatus V:0, I:4 40 Skript, das schnell den Durchsatz eines Netzwerkgerätes messen kann
bing V:0, I:1 80 Empirisch stochastischer Bandbreitentester
bwm-ng V:1, I:17 90 Kleiner und einfacher konsolenbasierter Bandbreitenmonitor
ethstats V:0, I:0 23 Konsolenbasierter Ethernet-Statistikmonitor
ipfm V:0, I:0 78 Bandbreitenanalyse-Werkzeug


5.5.1. Die optimale MTU finden

NM setzt den optimalen Wert für die Maximum Transmission Unit (MTU) normalerweise automatisch.

In speziellen Fällen möchten Sie die MTU jedoch vielleicht händisch setzen, nachdem Sie mit ping(8) und seiner Option "-M do" experimentiert haben; Sie haben damit die Möglichkeit, ein ICMP-Paket mit verschiedenen Paketgrößen zu verschicken. MTU ist die größte Paketgröße, bei der das Paket noch erfolgreich ohne Fragmentierung verschickt werden kann plus 28 Byte für die IPv4- bzw. 48 Byte für die IPv6-Adresse. In folgendem Beispiel wurde für eine IPv4-Verbindung eine MTU von 1460 ermittelt und für IPv6 eine MTU von 1500:

$ ping -4 -c 1 -s $((1500-28)) -M do www.debian.org PING (149.20.4.15) 1472(1500) bytes of data. ping: local error: message too long, mtu=1460

--- ping statistics --- 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

$ ping -4 -c 1 -s $((1460-28)) -M do www.debian.org PING (130.89.148.77) 1432(1460) bytes of data. 1440 bytes from klecker-misc.debian.org (130.89.148.77): icmp_seq=1 ttl=50 time=325 ms

--- ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 325.318/325.318/325.318/0.000 ms $ ping -6 -c 1 -s $((1500-48)) -M do www.debian.org PING www.debian.org(mirror-csail.debian.org (2603:400a:ffff:bb8::801f:3e)) 1452 data bytes 1460 bytes from mirror-csail.debian.org (2603:400a:ffff:bb8::801f:3e): icmp_seq=1 ttl=47 time=191 ms

--- www.debian.org ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 191.332/191.332/191.332/0.000 ms

Dies ist das Path MTU (PMTU) Discovery-Verfahren (RFC1191) und der Befehl tracepath(8) kann dies automatisieren.

Tabelle 5.6. Wesentliche Grundregeln für den optimalen MTU-Wert

Netzwerkumgebung MTU Argumentation
Einwahlverbindung (IP: PPP) 576 Standard
Ethernet-Verbindung (IP: DHCP oder fest) 1500 Standard und vorgegeben

Zusätzlich zu diesen Grundregeln sollten Sie folgendes wissen:* Jegliche Nutzung von Tunneling-Methoden (VPN usw.) kann aufgrund des Overheads den optimalen MTU-Wert reduzieren.

  • Der MTU-Wert sollte den über die experimentelle Methode ermittelten PMTU-Wert nicht überschreiten.
  • Ein größerer MTU-Wert ist grundsätzlich besser, wenn andere Einschränkungen greifen.

Die Maximum Segment Size (MSS) wird als alternative Messmethode für die Paketgröße verwendet. Der Zusammenhang zwischen MSS und MTU ist wie folgt:* MSS = "MTU - 40" bei IPv4

  • MSS = "MTU - 60" bei IPv6
"[Anmerkung]" Anmerkung
Bei Netzwerkoptimierung mittels iptables(8) (lesen Sie dazu auch Abschnitt 5.6, „Die Netfilter-Infrastruktur“) kann die Paketgröße über die MSS begrenzt werden; dies ist für einen Router nützlich. Lesen Sie den Abschnitt bezüglich "TCPMSS" in iptables(8).

5.5.2. WAN-TCP-Optimierung

Der TCP-Durchsatz kann über die Anpassung von Parametern zur TCP-Puffergröße maximiert werden, wie es die Anleitungen "TCP Tuning Guide" und "TCP Tuning" für modernes WAN mit hoher Bandbreite und hoher Latenz beschreiben. Das soll hierzu genügen; die aktuellen Debian-Standardeinstellungen funktionieren für mein LAN mit seiner Verbindung zum sehr schnellen 1G bps FFTP-Dienst sehr gut.


5.6. Die Netfilter-Infrastruktur

Netfilter stellt eine Infrastruktur für Stateful Packet Inspection (SPI, zustandsorientierte Paketüberprüfung) und Network Address Translation (NAT) über Module des Linux-Kernels (lesen Sie hierzu Abschnitt 3.8.1, „Die Kernel-Modul-Initialisierung“) zur Verfügung.

Tabelle 5.7. Liste von Firewall-Werkzeugen

Pakete Popcon Größe Beschreibung
iptables V:306, I:942 2521 Administrationswerkzeuge für netfilter (iptables(8) für IPv4, ip6tables(8) für IPv6)
arptables V:0, I:2 96 Administrationswerkzeuge für netfilter (arptables(8) für ARP)
ebtables V:14, I:33 265 Administrationswerkzeuge für netfilter (ebtables(8) für Ethernet-Bridging-Betrieb)
iptstate V:0, I:3 116 Fortlaufende Überwachung des netfilter-Status (ähnlich zu top(1))
shorewall-init V:0, I:0 68 Initialisierung der Shoreline Firewall
shorewall V:5, I:11 2458 Erzeugung von netfilter-Konfigurationsdateien für Shoreline Firewall
shorewall-lite V:0, I:0 65 Erzeugung von netfilter-Konfigurationsdateien für Shoreline Firewall (abgespeckte Version)
shorewall6 V:1, I:2 779 Erzeugung von netfilter-Konfigurationsdateien für Shoreline Firewall (IPv6-Version)
shorewall6-lite V:0, I:0 64 Erzeugung von netfilter-Konfigurationsdateien für Shoreline Firewall (abgespeckte IPv6-Version)

Das vorherrschende Nutzerprogramm für netfilter ist iptables(8). Sie können netfilter von Hand interaktiv über die Shell konfigurieren, seinen Status mit iptables-save(8) sichern und beim Systemstart über ein Init-Skript mittels iptables-restore(8) wiederherstellen.

Konfigurations-Hilfsskripte wie shorewall vereinfachen diesen Prozess.

Sie finden Dokumentation unter http://www.netfilter.org/documentation/ oder in "/usr/share/doc/iptables/html/":* Linux Networking-Concepts HOWTO

"[Tipp]" Tipp
Obwohl für Linux 2.4 geschrieben, sind sowohl der iptables(8)-Befehl wie auch die Netfilter-Kernel-Funktionalität für die Linux-Kernel-Serien 2.6 und 3.x passend.

Quelle: https://www.debian.org/doc/manuals/debian-reference/ch05.de.html


All About Debian /etc/network/interfaces File

3 years ago

by David AdamsThe file /etc/network/interfaces available in Debian and its derived distributions allows to define static and dynamic IP addresses for the interfaces, setup routing information and default gateways, masquerading network bonding and more.

The default interfaces file looks like the following:

Datei:Bild12.pngWhere auto starts the interface at boot and iface calls the network interface (in this case lo, loopback). All lines beginning with  “auto” specify the interfaces which will be enabled when running “ifup -a”, a command executed at boot.

Lines beginning with “iface” have the following syntax:

iface  <interface>  <address_family>  <method>

For example:

iface enp2s0 inet dhcp

The following example shows how to setup a network card using DHCP:


Setting up an interface with DHCP by editing the /etc/network/interfaces:

To add a new interface using DHCP, add the following lines:

auto <Interface>allow-hotplug <Interface>iface <Interface> inet dhcp

Datei:Bild13.pngWhere allow-hotplug will start the interface upon event detection.

Note: for IPv6 add “inet6”: iface <interface> inet6 dhcp

Where <interface> you should set your device name, eth0, enp2s0, wlp3s0, etc.


Setting up an interface with static address by editing the /etc/network/interfaces:

If instead of configuring the interface with DHCP you want to set a static IP address and gateway replace the previous instructions with the following (replace 192.168.0.8/24 and 192.168.0.1 with your correct IP addresses):auto <Interface>iface <Interface> inet staticaddress 192.168.0.1netmask 255.255.255.0gateway 192.168.0.1dns-nameservers 8.8.8.8

Datei:Bild14.pngDefining gateway and broadcast is optional.The following example shows a different configuration which runs after the network interface is enabled (up) or disabled (down). The “up” lines are executed when the device is enabled while the “down” lines when it is disabled:

auto eth0iface eth0 inet staticaddress 192.168.0.5network 192.168.0.0netmask 255.255.255.128broadcast 192.168.0.0up route add -net 192.168.0.128 netmask 255.255.255.0 gw 192.168.0.1up route add default gw 192.168.0.200down route del default gw 192.168.0.200down route del -net 192.168.0.128 netmask 255.255.255.128 gw 192.168.0.1

Datei:Bild15.png


Setting up a network card with 2 interfaces:

The following example below shows a static configuration for a network card with two interfaces:

auto eth0 eth0:1iface eth0 inet staticaddress 192.168.0.5network 192.168.0.0netmask 255.255.255.0broadcast 192.168.0.255gateway 192.168.0.1iface eth0:1 inet staticaddress 192.168.0.10network 192.168.0.0netmask 255.255.255.0

Datei:Bild16.pngAs you can see in this way you can assign multiple IP addresses to a single network interface.


Configure network bonding by editing the /etc/network/interfaces:

The following example shows my previous bonding mode 1 configuration within the /etc/network/interfaces file, I will leave interfaces with their names for easier understanding:

auto enp2s0iface enp2s0 inet manualbond-master bond0bond-primary enp2s0 wlp3s0 auto wlp3s0iface wlp3s0 inet manualbond-master bond0bond-primary enp2s0 wlp3s0wpa-ssid 'LinuxHint'wpa-bssid '14:CF:E2:2A:EF:00'wpa-psk  '972537288765'auto bond0iface bond0 inet dhcpbond-slaves nonebond-mode active-backupbond-miimon 100bond-downdelay 200bond-updelay 200

Datei:Bild17.pngA network bonding configuration with static IP instead of DHCP would have the last block like:

iface bond0 inet staticaddress 192.168.0.54netmask 255.255.255.0network 192.168.0.0gateway 192.168.0.1

Datei:Bild18.pngYou can run the following command to make sure bonding is working properly:# cat /proc/net/bonding/bond0

Datei:Bild19.png

Source of examples: How to do Linux Network Bonding


Enable logging for the file /etc/network/interfaces:

There are 3 options related to the logging:

VERBOSE: instructs log files to have detailed information.DEBUG: enable debugging when logging.SYSLOG: save logs within /var/log/syslog.

Datei:Bild20.pngPre-up commands for /etc/network/interfaces: Pre-up commands are executed before enabling the network device. If the pre-up command fails the network card activation wont take place.

Post-up instructions for /etc/network/interfaces: Post-up instructions are executed after the network interface is enabled.

Pre-down instructions for /etc/network/interfaces: Pre-down instructions are executed before disabling the network device.Post-down instructions for /etc/network/interfaces: Post-down instructions are executed after the network interface is disabled.

Pre-up, pre-down, post-up and post-down flags are conditional, if they ail the network device won’t get enabled or won’t be properly marked as disabled.

For example, the instruction:

pre-up /usr/local/sbin/iptables

Will run the firewall before the network interface gets enabled, if iptables fails to start the network interface wont turn on.

Quelle: https://linuxhint.com/debian_etc_network_interfaces/


3 ways to configure the network

  • The interfaces configuration file at /etc/network/interfaces (this page): for basic or simple configurations (e.g. workstation)
  • NetworkManager: This is the default for Laptop configuration
  • Systemd: Debian reference Doc Chapter 5


Setting up an Ethernet Interface

The majority of network setup can be done via the interfaces configuration file at /etc/network/interfaces. Here, you can give your network card an IP address (or use dhcp), set up routing information, configure IP masquerading, set default routes and much more.

Remember to add interfaces that you want brought up at boot time to the 'auto' line.

See man interfaces for more options.


Starting and Stopping Interfaces

Interfaces configured with /etc/network/interfaces can be brought up and down with the ifup and ifdown commands.

Some outdated guides instruct to restart the networking service to apply changes to /etc/network/interfaces, however this was deprecated because it is possible that not all interfaces will be restarted. Instead use ifup and ifdown to apply changes to each interface, for example with an interface named enp7s0:

# ifdown enp7s0 # ifup enp7s0


Reinitialize new network setup

If you make more fundamental network changes e.g. adding new virtual interfaces (e.g. bridge) in /etc/network/interfaces you can reinitialize the network-configuration be restarting the networking daemon:

# systemctl status networking # systemctl restart networking


Network Interface Names

See NetworkInterfaceNames. Since Stretch, new systems by default no longer use old-style interface names such as eth0, eth1, wlan0, wlan1. The new system uses names based on hardware location, like eno0, enp0s31f6, wlp1s7 (or in the case of USB dongles, MAC address: enx2c56ac39ec0d).

You can list interfaces with: ls /sys/class/net

Various examples below continue to use "eth0" as a default interface name, even though it is unlikely to exist on a modern system.


Upgrading and Network Interface Names

Stretch and Buster still retain support for the old naming system as long as the file /etc/udev/rules.d/70-local-persistent-net.rules is still in place, but users are advised to switch ahead of the upgrade to Bullseye.


Using DHCP to automatically configure the interface

If you're just using DHCP then all you need is something like:

auto eth0
allow-hotplug eth0
iface eth0 inet dhcp

For DHCPv6 (used for IPv6), append also the following iface stanza

iface eth0 inet6 dhcp

Alternatively, IPv6 can be autoconfigured using stateless address autoconfiguration, or SLAAC, which is specified using auto instead of dhcp in the inet6 stanza:

iface eth0 inet6 auto

Also see IPv6PrefixDelegation.


Configuring the interface manually

If you're configuring it manually then something like this will set the default gateway (network, broadcast and gateway are optional):

auto eth0
iface eth0 inet static
address 192.0.2.7/24
gateway 192.0.2.254

If you want to add an IPv6 address, too, append something like:

iface eth0 inet6 static
address 2001:db8::c0ca:1eaf/64
gateway 2001:db8::1ead:ed:beef

See man interfaces for more options.

Make sure to disable all DHCP services, e.g. dhcpcd.

Mixing manual and automatic configuration is also possible, e.g. to use IPv6 SLAAC for internet connectivity and static addresses within the network:

# manual unique local address iface eth0 inet6 static

address fdc3:cafe::3/64
# use SLAAC to get global IPv6 address from the router
# we may not enable ipv6 forwarding, otherwise SLAAC gets disabled
autoconf 1
accept_ra 2


Setting the speed and duplex

Autonegotiation repeatedly failing is often a symptom of faulty cabling, so investigate physical matters before assuming that the interfaces' autonegotiation algorithms are incompatible. If you turn off autonegotiation and set speed and duplex manually then the partner interface at the other end of the cable will assume that the absence of autonegotiation indicates a speed of 10Mbps and a duplex of half. For error-free operation if you set speed and duplex manually you must ensure that exactly the same speed and duplex are configured on the partner interface.

If you set your interface's speed and duplex by hand, then some trial and error may be required. Here are the basic steps: * Install the ethtool and net-tools packages, so that you have the ethtool and mii-tool programs. One or both of these might work for your interface.

  • Make sure you have a way to login to the system in case the network interface becomes nonfunctional. An SSH connection could be disrupted, so you should have a fallback strategy.
  • Identify the interface in question (it will often be eth0). Adjust the remainder of these instructions accordingly.
  • Try to determine what its current speed and duplex settings are. This is where it gets fun:
    • As root, try ethtool eth0 first, and see whether the "Speed:" and "Duplex:" lines look valid. If not, the ethtool may not be supported by your device.
    • As root, try mii-tool -v eth0 and see whether its output looks correct. If not, them mii-tool may not be supported by your device.
    • If neither one is supported, you may have to set parameters directly on the kernel driver module. Identify which driver module you're using by reading the output of dmesg and lsmod. You can then try modinfo MODULENAME to see what parameters it accepts, if any. (You can use modinfo even on modules that are not loaded, for comparison.) ToDo: where does one set kernel module parameters?
  • Next, try to change the settings of the interface while it's operating. You'll need to be root, of course. Either:
    • ethtool -s eth0 speed 100 duplex full autoneg off (assuming 100 Mbps and full duplex)
    • mii-tool -F 100baseTx-FD eth0 (same assumption)

In each case, re-check to see whether the interface settings actually changed, and then try sending some data in and out of the system to see whether the NIC is operating correctly.

  • If one of these commands successfully set your NIC, then you can put it into /etc/network/interfaces so it runs when you bring the interface up (e.g. at boot time). However, before you do that, you should understand that some drivers and devices behave differently than others. When the driver module is loaded, the NIC may begin autonegotiation without any way to stop it (particularly with drivers that do not accept parameters). The settings from interfaces are applied at some point after that, which may be right in the middle of the negotiation. So, some people find it necessary to delay the ethtool or mii-tool command by a few seconds. Thus:
    iface eth0 inet static
    address .../...
    gateway ...
    up sleep 5; ethtool -s eth0 ...
    Or the analogous mii-tool command.
  • Reboot the machine to make sure it comes up correctly, and be prepared to intervene manually (e.g. Ctrl-Alt-Del and then boot into single-user mode from GRUB or LILO) if things don't work.


Bringing up an interface without an IP address

To create a network interface without an IP address at all use the manual method and use pre-up and post-down commands to bring the interface up and down.

iface eth0 inet manual
pre-up ifconfig $IFACE up
post-down ifconfig $IFACE down

If the interface is a VLAN interface, the up/down commands must be executed after/before the vlan hooks. (You also have to install the vlan package.)

iface eth0.99 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down

Note: If you create the VLAN interface only to put it into a bridge, there is no need to define the VLAN interface manually. Just configure the bridge, and the VLAN interface will be created automatically when creating the bridge (see below).


Defining the (DNS) Nameservers

Before a computer can connect to an external network resource (say, for example, a web server), it must have a means of converting any alpha-numeric names (e.g. wiki.debian.org) into numeric network addresses (e.g. 140.211.166.4). (The Internet uses these structured numeric IP addresses as network addresses.)

The C library and other resolver libraries look to /etc/resolv.conf for a list of nameservers. In the simplest case, that is the file to edit to set the list of name servers. But note that various other programs for dynamic configuration will be happy to overwrite your settings: # The resolvconf program

  1. The network-manager daemon
  2. DHCP clients

In most situations, the file to edit is the configuration file for such a program.

In the most complex situations, using resolvconf really is the way to go, though in more simple configurations it is probably overkill.


The resolv.conf configuration file

The configuration file resolv.conf at /etc/resolv.conf contains information that allows a computer connected to a network to resolve names into addresses. (Note: Do not confuse this configuration file with the program resolvconf, which unfortunately has a nearly identical name.)

The resolv.conf file typically contains the IP addresses of nameservers (DNS name resolvers) that will attempt to translate names into addresses for any node available on the network. There will be a line or lines that look like this:

nameserver 12.34.56.78 nameserver 12.34.56.79

In this example, the system is using nameservers at the IP addresses 12.34.56.78 and 12.34.56.79. Simply edit the file and enter the IP addresses of the nameservers you need to use after each nameserver. Add more nameserver lines if you have more nameservers. Don't use this method if you have the resolvconf program installed.

The resolv.conf configuration file has many other options for defining how resolver looks up names. See man resolv.conf for details.


The resolvconf program

The resolvconf program keeps track of system information about the currently available nameservers. It should not be confused with the configuration file resolv.conf, which unfortunately has a nearly identical name. The resolvconf program is optional on a Debian system.

The configuration file resolv.conf contains information about the nameservers to be used by the system. However, when multiple programs need to dynamically modify the resolv.conf configuration file they can step on each other and the file can become out-of-sync. The resolvconf program addresses this problem. It acts as an intermediary between programs that supply nameserver information (e.g. dhcp clients) and programs that use nameserver information (e.g. resolver).

When resolvconf is properly installed, the resolv.conf configuration file at /etc/resolv.conf is replaced by a symbolic link to /etc/resolvconf/run/resolv.conf and the resolver instead uses the configuration file that is dynamically generated by resolvconf at /etc/resolvconf/run/resolv.conf.

The resolvconf program is generally only necessary when a system has multiple programs that need to dynamically modify the nameserver information. In a simple system where the nameservers do not change often or are only changed by one program, the resolv.conf configuration file is adequate.

If the resolvconf program is installed, you should not edit the resolv.conf configuration file manually as it will be dynamically changed by programs in the system. If you need to manually define the nameservers (as with a static interface), add a line something like the following to the interfaces configuration file at /etc/network/interfaces:

dns-nameservers 12.34.56.78 12.34.56.79

Place the line indented within an iface stanza, e.g., right after the gateway line. Enter the IP addresses of the nameservers you need to use after dns-nameservers. Put all of them on one line separated by spaces. Don't forget the "s" on the end of dns-nameservers.

The resolvconf program is a fairly new addition to Debian and many older programs need to be updated or reconfigured to work properly with it. If you have problems, see /usr/share/doc/resolvconf/README. It has lots of information on making other programs get along with resolvconf.


DNS configuration for NetworkManager

NetworkManager will override dhcp settings, overwriting resolv.conf even if you've configured DNS in /etc/dhcp/dhclient.conf, e.g. causing DNS to first search the local domain, which may have to time out before DNS resolution continues causing lengthy DNS resolution times. You can get an idea of what NetworkManager thinks the settings should be by executing nm-tool at the command line.

You may configure these settings using a GUI by launching nm-connection-editor which currently (13.11.23) isn't to be found in System Tools → Administration menu, rather it must be launched by hand from the command line. After launching: # Choose a connection (from the Wired or Wireless tab) and click Edit.

  1. Click on the IPv4 Settings tab
  2. Choose 'Automatic (DHCP) addresses only' instead of just 'Automatic (DHCP)'.
  3. Enter the DNS servers in the “DNS servers” field, separated by spaces (e.g. 208.67.222.222 for OpenDNS).
  4. Click “Apply.”

NetworkManager saves these settings in /etc/NetworkManager/system-connections/name-of-connection. Example /etc/NetworkManager/system-connections/Wired connection 1 :

[802-3-ethernet] duplex=full mac-address=XX:XX:XX:XX:XX:XX

[connection] id=Wired connection 1 uuid=xxx-xxxxxx-xxxxxx-xxxxxx-xxx type=802-3-ethernet timestamp=1385213042

[ipv6] method=auto

[ipv4] method=auto dns=208.67.222.222; ignore-auto-dns=true

Running nm-tool again should show that NetworkManager now has the right idea of how your DNS should be resolved.


DHCP Client Configuration

Setting additional DNS Servers

Example: dhclient3 uses /etc/dhcp/dhclient.conf. The setting you want is

supersede domain-name-servers 12.34.56.78, 12.34.56.79;

or perhaps

prepend domain-name-servers 12.34.56.78, 12.34.56.79;


Setting additional search domains

adding search domains for VPNs or local virtual networks:

append domain-name " virt vpn";

Note the leading space since the string is literally appended to the search domain provided by other configurations.

See the dhclient.conf(5) manual page for details.


Bridging

Bridging puts multiple interfaces into the same network segment. This is very popular when connecting a server to multiple switches for high availability or with virtualization. In the latter case it is usually used to create a bridge in the host (eg. dom0) and put the virtual interfaces of the guests (domU) into the bridge. * The bridge-utils package is required to create bridged interfaces.

Example: Connect a server to 2 switches (via eth0 and eth1) by defining bridge 0 and give the server an IP address in this subnet:

auto br0 iface br0 inet static

address 10.10.0.15/24
gateway 10.10.0.1
bridge_ports eth0 eth1
up /usr/sbin/brctl stp br0 on

If a server is connected to multiple switches then you usually need to run the spanning tree protocol to avoid loops. Therefore STP must be turned on via an "up" command as shown above.

Example: Bridge setup without IP address configuration (use "manual" instead of "static") to "forward" an interface to a guest VM. (The static bridge config contains only 1 physical interface. The virtual interface will be added to the bridge when the VM is started.)

auto br1 iface br1 inet manual

bridge_ports eth4
up /usr/sbin/brctl setageing br1 0
up /usr/sbin/brctl stp br1 off

Note: The Linux bridge supports only STP, no RSTP (Rapid Spanning Tree). Therefore it supports only the old STP Costs, not the new RSTP Costs (see Spanning_Tree_Protocol). This is usually fine with Cisco Switches, but eg. Juniper switches use the RSTP costs and therefore this may lead to different spanning tree calculations and loop problems. This can be fixed by settings the costs manually, either on the switch or on the server. Setting the cost on the switch is preferred as Linux switches back to the default costs whenever an interface does down/up.


Bridging without Switching

By default the Linux bridge acts like a switch. This means, it remembers the MAC addresses behind a switch port and if the destination MAC address is known, data packets or only forward to the respective port - otherwise packets will be broadcasted.

In some setups this is bad. For example if the bridge connects 2 trunk interfaces and the same MAC addresses may be seen from both interfaces, depending on the VLAN. As the Linux bridge does not support VLANs (dedicated MAC address tables per each VLAN), in such setups you have to disable the MAC address learning and put the bridge into a real "bridge" mode with:

up /sbin/brctl setageing br0 0
up /sbin/brctl stp br0 off


Howto use vlan (dot1q, 802.1q, trunk) (Etch, Lenny)

Manual config

modprobe 8021q

apt install vlan

vconfig add eth0 222 # 222 is vlan number ifconfig eth0.222 up ifconfig eth0.222 mtu 1496 #optional if your network card doesn't support MTU 1504B ifconfig eth0.222 10.10.10.1 netmask 255.255.255.0


Network init script config

Into /etc/modules add line:

8021q

In /etc/network/interfaces to section iface add parameter:

vlan-raw-device eth0

The interface name should be the raw interface name (the same as specified by vlan-raw-device), then a dot, then the VLAN ID, for example eth0.100. It can instead be "vlan" then the VLAN ID, for example vlan100. In either case, the VLAN ID is on the end, and this is the only place that it is configured.

Note: If you name your VLAN interfaces ethX.YYY, then there is no need to specify the vlan-raw-device, as the raw device can be retrieved from the interface name.

Eg:

auto eth0.222 iface eth0.222 inet static

address 10.10.10.1/24
vlan-raw-device eth0


Bridges and VLANs

If you create VLAN interfaces only to put them into a bridge, there is no need to define the VLAN interfaces manually. Just config the bridge, and the VLAN interface will be created automatically when creating the bridge, e.g:

auto br1 iface br1 inet manual

bridge_ports eth0.99 eth1.99
up /usr/sbin/brctl stp br1 on


Caveats when using bridging and vlan

#/etc/network/interfaces auto eth0 bri0 iface eth0 inet static

address 192.168.1.1/24

iface eth0.110 inet manual

vlan-raw-device eth0

iface bri0 inet static

address 192.168.110.1/24
bridge_ports eth0.110
bridge_stp on
bridge_maxwait 10

If you are using a brigded VLAN setup, which is probably useful for networking in virtualization environments, take care to only attach either a bridge device or VLAN devices to an underlying physical device - like shown above. Attaching the physical interface (eth0) to a bridge (eg. bri1) while using the same physical interface on apparently different VLANs will result in all packets to remain tagged. (Kernel newer than 2.6.37 and older than 3.2).


Howto create fault tolerant bonding with vlan (Etch - Stretch)

"debian_bonding.png"

debian_bonding.dia

How to configure one of the above server active backup bonding 3 vlan {vlan10,vlan20,vlan30} Debian networking without SPOF without native vlan.

aptitude install vlan ifenslave-2.6


Network config

Cisco switch interface example config

interface GigabitEthernet1/2

description eth1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,30
switchport mode trunk
no ip address
no cdp enable
spanning-tree portfast trunk


bonding with active backup

Create a file /etc/modprobe.d/bonding.conf containing:

alias bond0 bonding options bonding mode=active-backup miimon=100 downdelay=200 updelay=200 primary=eth1


/etc/network/interfaces

# The loopback network interface auto lo iface lo inet loopback # The primary network interface auto bond0 iface bond0 inet manual

up ifconfig bond0 0.0.0.0 up
slaves eth1 eth0

auto vlan10 iface vlan10 inet static

address 10.10.10.12/24
vlan-raw-device bond0
gateway 10.10.0.1
dns-search hup.hu
dns-nameservers 10.10.0.2

auto vlan20 iface vlan20 inet static

address 10.20.10.12/24
vlan-raw-device bond0

auto vlan30 iface vlan30 inet static

address 10.30.10.12/24
vlan-raw-device bond0* In Debian Buster, you must use interface names for VLANs in the form of: bond0.10, bond0.20, and bond0.30 instead of vlan10, vlan20, vlan30


How to set the MTU (Max transfer unit / packet size) with VLANS over a bonded interface

MTU needs to be configured on the bonding interface and slave interfaces after the reset of the configuration has been applied to the bonding interfaces. This is done using a post-up line in the bonding interface configuration.

auto bond0 iface bond0 inet manual

up ifconfig lacptrunk0 0.0.0.0 up
slaves eth0 eth1

# bond-mode 4 = 802.3ad

bond-mode 4
bond-miimon 100
bond-downdelay 200
bond-updelay 200
bond-lacp-rate 1
bond-xmit-hash-policy layer2+3
post-up ifconfig eth0 mtu 9000 && ifconfig eth1 mtu 9000 && ifconfig bond0 mtu 9000

#vlan devices will use the MTU set on bond0 device auto vlan101 iface vlan101 inet static

address 10.101.60.123/24
gateway 10.155.60.1
vlan-raw-device bond0

auto vlan151 iface vlan151 inet static

address 192.168.1.1/24
vlan-raw-device bond0


Multiple IP addresses on one Interface

Interface aliasing allows one interface to have multiple IP addresses. This is useful when more than one server is to be visible via the Internet. Note that virtual hosts can support multiple Apache servers with a single IP address. Apache responds to the domain name supplied by the client in the HTTP header. In many other situations, one external IP is needed for each server using a port.


Legacy method

This /etc/network/interfaces text assigns three IP addresses to eth0.

auto eth0 allow-hotplug eth0 iface eth0 inet static

address 192.168.1.42/24
gateway 192.168.1.1

auto eth0:0 allow-hotplug eth0:0 iface eth0:0 inet static

address 192.168.1.43/24

auto eth0:1 allow-hotplug eth0:1 iface eth0:1 inet static

address 192.168.1.44/24

An alias interface should not have "gateway" or "dns-nameservers"; dynamic IP assignment is permissible.

The above configuration is the previous traditional method that reflects the traditional use of ifconfig to configure network devices. ifconfig has introduced the concept of aliased or virtual interfaces. Those types of virtual interfaces have names of the form interface:integer and ifconfig treats them very similarly to real interfaces.

Nowadays ifupdown uses the ip utility from the iproute2 package instead of ifconfig. The newer ip utility does not use the same concept of aliases or virtual interfaces. However, it supports assigning arbitrary names to the interfaces (they're called labels). ifupdown uses this feature to support aliased interfaces while using ip.


iproute2 method

Also, ifupdown supports specifying multiple interfaces by repeating iface sections with the same interface name. The key difference from the method described above is that all such sections are treated by ifupdown as just one interface, so user can't add or remove them individually. However, up/down commands, as well as scripts, are called for every section as it used to be.

Note however that this method is dangerous! Certain driver/hardware combinations may sometimes fail to bring the link up if no labels are assigned to the alias interfaces. (Seen this on Debian Wheezy and Jessie with RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 01) auto-negotiating to 10/full. A similar warning from another person exists in the history of this page.)

This /etc/network/interfaces text assigns three IP addresses to eth0.

auto eth0 allow-hotplug eth0 iface eth0 inet static

address 192.168.1.42/24
gateway 192.168.1.1

iface eth0 inet static

address 192.168.1.43/24

iface eth0 inet static

address 192.168.1.44/24

# adding IP addresses from different subnets is also possible iface eth0 inet static

address 10.10.10.14/24

Manual approach:

auto eth0 allow-hotplug eth0 iface eth0 inet static

address 192.168.1.42/24
gateway 192.168.1.1
up ip addr add 192.168.1.43/24 dev $IFACE label $IFACE:0
down ip addr del 192.168.1.43/24 dev $IFACE label $IFACE:0
up ip addr add 192.168.1.44/24 dev $IFACE label $IFACE:1
down ip addr del 192.168.1.44/24 dev $IFACE label $IFACE:1
up ip addr add 10.10.10.14/24 dev $IFACE label $IFACE:2
down ip addr del 10.10.10.14/24 dev $IFACE label $IFACE:2

Quelle: https://wiki.debian.org/NetworkConfiguration