|
|||||||
Debian - NetworkConfiguration
Время создания: 28.02.2017 16:59
Текстовые метки: linux network debian config
Раздел: Linux
Запись: Velonski/mytetra-database/master/base/1488283177mlj92cxk2u/text.html на raw.githubusercontent.com
|
|||||||
|
|||||||
Setting up an Ethernet Interface The majority of network setup can be done via the interfaces configuration file at /etc/network/interfaces. Here, you can give your network card an IP address (or use dhcp), set up routing information, configure IP masquerading, set default routes and much more. Remember to add interfaces that you want brought up at boot time to the 'auto' line. See man interfaces for more options. Using DHCP to automatically configure the interface If you're just using DHCP then all you need is something like: For DHCPv6 (used for IPv6), append also the following iface stanza Alternatively, IPv6 can be autoconfigured using stateless address autoconfiguration, or SLAAC, which is specified using auto instead of dhcp in the inet6 stanza: Configuring the interface manually If you're configuring it manually then something like this will set the default gateway (network, broadcast and gateway are optional): If you want to add an IPv6 address, too, append something like: gateway 2001:db8::1ead:ed:beef See man interfaces for more options. Autonegotiation repeatedly failing is often a symptom of faulty cabling, so investigate physical matters before assuming that the interfaces' autonegotiation algorithms are incompatible. If you turn off autonegotiation and set speed and duplex manually then the partner interface at the other end of the cable will assume that the absence of autonegotiation indicates a speed of 10Mbps and a duplex of half. For error-free operation if you set speed and duplex manually you must ensure that exactly the same speed and duplex are configured on the partner interface. If you set your interface's speed and duplex by hand, then some trial and error may be required. Here are the basic steps:
In each case, re-check to see whether the interface settings actually changed, and then try sending some data in and out of the system to see whether the NIC is operating correctly. up sleep 5; ethtool -s eth0 ... Or the analogous mii-tool command. Bringing up an interface without an IP address To create a network interface without an IP address at all use the manual method and use pre-up and post-down commands to bring the interface up and down. post-down ifconfig $IFACE down If the interface is a VLAN interface, the up/down commands must be executed after/before the vlan hooks. (You also have to install the vlan package.) Note: If you create the VLAN interface only to put it into a bridge, there is no need to define the VLAN interface manually. Just configure the bridge, and the VLAN interface will be created automatically when creating the bridge (see below). Defining the (DNS) Nameservers Before a computer can connect to an external network resource (say, for example, a web server), it must have a means of converting any alpha-numeric names (e.g. wiki.debian.org) into numeric network addresses (e.g. 140.211.166.4). (The Internet uses these structured numeric IP addresses as network addresses.) The C library and other resolver libraries look to /etc/resolv.conf for a list of nameservers. In the simplest case, that is the file to edit to set the list of name servers. But note that various other programs for dynamic configuration will be happy to overwrite your settings:
In most situations, the file to edit is the configuration file for such a program. In the most complex situations, using resolvconf really is the way to go, though in more simple configurations it is probably overkill. The resolv.conf configuration file The configuration file resolv.conf at /etc/resolv.conf contains information that allows a computer connected to a network to resolve names into addresses. (Note: Do not confuse this configuration file with the program resolvconf, which unfortunately has a nearly identical name.) The resolv.conf file typically contains the IP addresses of nameservers (DNS name resolvers) that will attempt to translate names into addresses for any node available on the network. There will be a line or lines that look like this: In this example, the system is using nameservers at the IP addresses 12.34.56.78 and 12.34.56.79. Simply edit the file and enter the IP addresses of the nameservers you need to use after each nameserver. Add more nameserver lines if you have more nameservers. Don't use this method if you have the resolvconf program installed. The resolv.conf configuration file has many other options for defining how resolver looks up names. See man resolv.conf for details. The resolvconf program keeps track of system information about the currently available nameservers. It should not be confused with the configuration file resolv.conf, which unfortunately has a nearly identical name. The resolvconf program is optional on a Debian system. The configuration file resolv.conf contains information about the nameservers to be used by the system. However, when multiple programs need to dynamically modify the resolv.conf configuration file they can step on each other and the file can become out-of-sync. The resolvconf program addresses this problem. It acts as an intermediary between programs that supply nameserver information (e.g. dhcp clients) and programs that use nameserver information (e.g. resolver). When resolvconf is properly installed, the resolv.conf configuration file at /etc/resolv.conf is replaced by a symbolic link to /etc/resolvconf/run/resolv.conf and the resolver instead uses the configuration file that is dynamically generated by resolvconf at /etc/resolvconf/run/resolv.conf. The resolvconf program is generally only necessary when a system has multiple programs that need to dynamically modify the nameserver information. In a simple system where the nameservers do not change often or are only changed by one program, the resolv.conf configuration file is adequate. If the resolvconf program is installed, you should not edit the resolv.conf configuration file manually as it will be dynamically changed by programs in the system. If you need to manually define the nameservers (as with a static interface), add a line something like the following to the interfaces configuration file at /etc/network/interfaces: dns-nameservers 12.34.56.78 12.34.56.79 Place the line indented within an iface stanza, e.g., right after the gateway line. Enter the IP addresses of the nameservers you need to use after dns-nameservers. Put all of them on one line separated by spaces. Don't forget the "s" on the end of dns-nameservers. The resolvconf program is a fairly new addition to Debian and many older programs need to be updated or reconfigured to work properly with it. If you have problems, see /usr/share/doc/resolvconf/README. It has lots of information on making other programs get along with resolvconf. DNS configuration for NetworkManager NetworkManager will override dhcp settings, overwriting resolv.conf even if you've configured DNS in /etc/dhcp/dhclient.conf, e.g. causing DNS to first search the local domain, which may have to time out before DNS resolution continues causing lengthy DNS resolution times. You can get an idea of what NetworkManager thinks the settings should be by executing nm-tool at the command line. You may configure these settings using a GUI by launching nm-connection-editor which currently (13.11.23) isn't to be found in System Tools → Administration menu, rather it must be launched by hand from the command line. After launching:
NetworkManager saves these settings in /etc/NetworkManager/system-connections/name-of-connection. Example /etc/NetworkManager/system-connections/Wired connection 1 : uuid=xxx-xxxxxx-xxxxxx-xxxxxx-xxx Running nm-tool again should show that NetworkManager now has the right idea of how your DNS should be resolved. Example: dhclient3 uses /etc/dhcp/dhclient.conf. The setting you want is supersede domain-name-servers 12.34.56.78, 12.34.56.79; or perhaps prepend domain-name-servers 12.34.56.78, 12.34.56.79; See the dhclient.conf(5) manual page for details. Bridging puts multiple interfaces into the same network segment. This is very popular when connecting a server to multiple switches for high availability or with virtualization. In the latter case it is usually used to create a bridge in the host (eg. dom0) and put the virtual interfaces of the guests (domU) into the bridge. Example: Connect a server to 2 switches (via eth0 and eth1) by defining bridge 0 and give the server an IP address in this subnet: If a server is connected to multiple switches then you usually need to run the spanning tree protocol to avoid loops. Therefore STP must be turned on via an "up" command as shown above. Example: Bridge setup without IP address configuration (use "manual" instead of "static") to "forward" an interface to a guest VM. (The static bridge config contains only 1 physical interface. The virtual interface will be added to the bridge when the VM is started.) up /usr/sbin/brctl setageing br1 0 up /usr/sbin/brctl stp br0 off Note: The Linux bridge supports only STP, no RSTP (Rapid Spanning Tree). Therefore it supports only the old STP Costs, not the new RSTP Costs (see Spanning_Tree_Protocol ). This is usually fine with Cisco Switches, but eg. Juniper switches use the RSTP costs and therefore this may lead to different spanning tree calculations and loop problems. This can be fixed by settings the costs manually, either on the switch or on the server. Setting the cost on the switch is preferred as Linux switches back to the default costs whenever an interface does down/up. By default the Linux bridge acts like a switch. This means, it remembers the MAC addresses behind a switch port and if the destination MAC address is known, data packets or only forward to the respective port - otherwise packets will be broadcasted. In some setups this is bad. For example if the bridge connects 2 trunk interfaces and the same MAC addresses may be seen from both interfaces, depending on the VLAN. As the Linux bridge does not support VLANs (dedicated MAC address tables per each VLAN), in such setups you have to disable the MAC address learning and put the bridge into a real "bridge" mode with: up /sbin/brctl setageing br0 0 Howto use vlan (dot1q, 802.1q, trunk) (Etch, Lenny) vconfig add eth0 222 # 222 is vlan number ifconfig eth0.222 mtu 1496 #optional if your network card doesn't support MTU 1504B ifconfig eth0.222 10.10.10.1 netmask 255.255.255.0 Into /etc/modules add line: In /etc/network/interfaces to section iface add parameter: The interface name should be the raw interface name (the same as specified by vlan-raw-device), then a dot, then the VLAN ID, for example eth0.100. It can instead be "vlan" then the VLAN ID, for example vlan100. In either case, the VLAN ID is on the end, and this is the only place that it is configured. Note: If you name your VLAN interfaces ethX.YYY, then there is no need to specify the vlan-raw-device, as the raw device can be retrieved from the interface name. Eg: If you create VLAN interfaces only to put them into a bridge, there is no need to define the VLAN interfaces manually. Just config the bridge, and the VLAN interface will be created automatically when creating the bridge, e.g: Caveats when using bridging and vlan If you are using a brigded VLAN setup, which is probably useful for networking in virtualization environments, take care to only attach either a bridge device or VLAN devices to an underlying physical device - like shown above. Attaching the physical interface (eth0) to a bridge (eg. bri1) while using the same physical interface on apparently different VLANs will result in all packets to remain tagged. (Kernel newer than 2.6.37 and older than 3.2). Howto create fault tolerant bonding with vlan (Etch)
debian_bonding.dia How to configure one of the above server active backup bonding 3 vlan {vlan10,vlan20,vlan30} Debian networking without SPOF without native vlan. aptitude install vlan ifenslave-2.6 Cisco switch interface example config switchport trunk encapsulation dot1q switchport trunk allowed vlan 10,20,30 Create a file /etc/modprobe.d/bonding.conf containing: options bonding mode=active-backup miimon=100 downdelay=200 updelay=200 primary=eth1 # The loopback network interface # The primary network interface How to set the MTU (Max transfer unit / packet size) with VLANS over a bonded interface MTU needs to be configured on the bonding interface and slave interfaces after the reset of the configuration has been applied to the bonding interfaces. This is done using a post-up line in the bonding interface configuration. up ifconfig lacptrunk0 0.0.0.0 up bond-xmit-hash-policy layer2+3 post-up ifconfig eth0 mtu 9000 && ifconfig eth1 mtu 9000 && ifconfig bond0 mtu 9000 #vlan devices will use the MTU set on bond0 device Multiple IP addresses on one Interface Interface aliasing allows one interface to have multiple IP addresses. This is useful when more than one server is to be visible via the Internet. Note that virtual hosts can support multiple Apache servers with a single IP address. Apache responds to the domain name supplied by the client in the HTTP header. In many other situations, one external IP is needed for each server using a port. This /etc/network/interfaces text assigns three IP addresses to eth0. An alias interface should not have "gateway" or "dns-nameservers"; dynamic IP assignment is permissible. The above configuration is the previous traditional method that reflects the traditional use of ifconfig to configure network devices. ifconfig has introduced the concept of aliased or virtual interfaces. Those types of virtual interfaces have names of the form interface:integer and ifconfig treats them very similarly to real interfaces. Nowadays ifupdown uses the ip utility from the iproute2 package instead of ifconfig. The newer ip utility does not use the same concept of aliases or virtual interfaces. However, it supports assigning arbitrary names to the interfaces (they're called labels). ifupdown uses this feature to support aliased interfaces while using ip. Also, ifupdown supports specifying multiple interfaces by repeating iface sections with the same interface name. The key difference from the method described above is that all such sections are treated by ifupdown as just one interface, so user can't add or remove them individually. However, up/down commands, as well as scripts, are called for every section as it used to be. Note however that this method is dangerous! Certain driver/hardware combinations may sometimes fail to bring the link up if no labels are assigned to the alias interfaces. (Seen this on Debian Wheezy and Jessie with RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 01) auto-negotiating to 10/full. A similar warning from another person exists in the history of this page.) This /etc/network/interfaces text assigns three IP addresses to eth0. # adding IP addresses from different subnets is also possible Manual approach: up ip addr add 192.168.1.43/24 dev $IFACE label $IFACE:0 down ip addr del 192.168.1.43/24 dev $IFACE label $IFACE:0 up ip addr add 192.168.1.44/24 dev $IFACE label $IFACE:1 down ip addr del 192.168.1.44/24 dev $IFACE label $IFACE:1 |
|||||||
Так же в этом разделе:
|
|||||||
|
|||||||
|