Linux network settings Advanced Guide

The Advanced Guide to Linux network settings is intended to be overwhelmed by the complicated wired and wireless network architecture of Linux, or to be confused by tutorials on the Internet; or get tired of the endless bugs in graphic interfaces such as NetworkManager (many of them copy files from Windows, but they cannot be reversed... the Advanced Guide to Linux network settings is intended to be overwhelmed by the complicated wired and wireless network architecture of Linux, or to be confused by tutorials on the Internet; or get tired of endless bugs in graphic interfaces such as Network Manager (many of them copy files from Windows, and some concepts are incorrect if they are not anti-cats), or want to know some technical details, like this, I want to be able to gain full control over people, instead of being confused. This article requires a certain degree of computer network and Linux basics, most of which are new, based on the new architecture after the 2.6 kernel. The names and locations of software packages and configuration files for different Linux releases are different. This article is based on the Debian/Ubuntu system. For more information, see chapter 5th of Debian Reference. Of course, this article still has many shortcomings, such as not going deep into the Linux kernel mechanism, which needs to be further improved. Static settings mean that all configurations are written in the configuration file and are automatically set by the operating system. Static settings depend on software packages such as udev, ifupdown, isc-dhcp-client, resolvconf, wireless-tools, and wpasupplicant. First, the normal operation of the network depends on hardware devices. During system boot or hot swapping, the kernel maps network devices to the sysfs virtual file system in the user space through udev. For example: root @ X230:/sys/class/net # total ls-l usage 0 lrwxrwxrwx 1 root 0 July 4 15:01 eth0-> .. /.. /devices/pci0000: 00/0000: 00: 19.0/net/eth0lrwxrwxrwx 1 root 0 July 4 15:00 lo-> .. /.. /devices/virtual/net/lolrwxrwxrwx 1 root 0 July 4 15:01 wlan0-> .. /.. /devices/pci0000: 00/0000: 00: 1c. 1/0000: 03: 00.0/net/wlan0 you can see that the system currently has three network devices: lo is the loopback device, eth0 is the wired network card, and wlan0 is the wireless network card. Following the Unix "everything is a file" idea, other tools modify these virtual files directly or indirectly to achieve the purpose of setting. The/etc/network/interfaces file records all static configuration information. During kernel boot, the system automatically starts the device with the flag "auto", for example, auto loauto eth0auto wlan0. if the device flag is "allow-hotplug ", the kernel will automatically start when detecting hot swapping events. For example: allow-hotplug loallow-hotplug eth0allow-hotplug wlan0 because the loop device should always exist, so the content of the/etc/network/interfaces file is at least: the auto loiface lo inet loopback kernel starts the network device and calls the ifupdown tool. the ifupdown tool also depends on the/etc/network/interfaces configuration file. For Wired (Wired) devices, the physical layer and the data link layer do not require OS intervention. the network adapter can be set based on the CSMA/CD protocol, therefore, the/etc/network/interfaces file only needs to contain configuration information above the network layer, such as IP address, subnet mask, and default gateway. For example, iface eth0 inet static address 192.168.11.100 netmask 255.255.255.0 gateway 192.168.11.1 "default gateway" is actually a concept of routing, which is used as an attribute of the device, I think it is inappropriate to put it together with the IP address subnet mask. it is easy to mislead beginners, especially when multiple NICs have multiple IP addresses. For DNS, you must note that it belongs to the application layer protocol and has no direct connection with network devices and the network layer. In traditional Linux, the DNS configuration file is/etc/resolv. conf, with one server IP address in one line. For example: nameserver 218.2.135.1nameserver 61.147.37.1 if the resolvconf tool is installed, the DNS configuration will be taken over. in this case,/etc/resolv. conf becomes a symbolic link, which is linked to a file that is dynamically maintained during resolvconf running. In this case, the DNS configuration can also be written to the/etc/network/interfaces file, for example: iface eth0 inet static address 192.168.11.100 netmask 255.255.255.0 gateway 192.168.11.1 dns-nameservers 218.2.135.1 61.147.37.1ifupdown tool automatically calls resolvconf to complete DNS settings. I am also confused here, because DNS is an application layer concept as mentioned above, this makes beginners feel like DNS is the property of a network device (traditional Linux has many shortcomings ). If the isc-dhcp-client tool is installed, DHCP can be directly configured in the/etc/network/interfaces file, for example: iface eth0 inet dhcpisc-dhcp-client has its own configuration file to control the information obtained from the DHCP server (such as the DNS server address ). The ifupdown tool automatically calls the isc-dhcp-client to complete DHCP settings. Note that, whether or not resolvconf exists, dhclient directly modifies the/etc/resolv. conf file (whether it is a link or not), but generally there is no problem. For Wireless devices, the working method is very different from that for wired devices (instead of simply using a network cable ). The connection to the data link layer must be completed by the operating system, for example, the SSID to connect, the channel to use, and the authentication method (WEP, WPA ...). These link layer configuration information can also be written to the/etc/network/interfaces file for use by the ifupdown tool. Iface ath0 inet dhcp wpa-ssid homezone wpa-psk password ifupdown tool will automatically call wpasupplicant to complete WPA settings. For example, WEP configuration: iface eth0 inet dhcp wireless-essid Home wireless-key1 0123-4567-89ab-cdef wireless-key2 12345678 wireless-key3 s: password wireless-defaultkey Key 2 wireless-keymode openifupdown tool automatically calls wireless-tools to complete WEP settings. Quasi-static settings are suitable for fixed network environments, such as servers and office computers. If the network environment changes frequently but all changes are known, you can write unfixed network configurations in the/etc/network/interfaces file, these configurations do not correspond to specific hardware device names, for example: iface config1 inet dhcp iface config2 inet static address 192.168.11.100 netmask 255.255.255.0 gateway 192.168.11.1 dns-domain example.com dns-nameservers 192.168.11.1 you can manually run the ifupdown tool to switch configurations. for example, switch eth0 to config1: ifup eth0 = config1 switch eth0 to config2: ifdown eth0 = config1ifup eth0 = config2 dynamic settings if the network environment changes frequently and is unknown, or to use automation tools such as scripts to achieve full If you are able to control the network, static and quasi-static settings will be stretched. Dynamic settings rely on software packages such as iproute, isc-dhcp-client, wireless-tools, and wpasupplicant, and directly use command lines to achieve maximum flexibility. First, the/etc/network/interfaces file only retains the lo configuration information of the loopbackiproute device: auto loiface lo inet loopbackiproute replaces outdated tools such as net-tools (ifconfig ). The "ip link" command can be used to query the status and parameters of all network devices, for example, root @ X230 :~ # Ip link1: lo: Mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 002: eth0: Mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 3c: 97: 0e: 6d: e9: 7c brd ff: ff3: wlan0: Mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 84: 3a: 4b: 5b: 7b: c8 brd ff: ff: ff, we can see that the current eth0 and wlan0 devices are both in the off state (this is obvious because they are no longer configured in the/etc/network/interfaces file ). You can run the "ip link set device name up" command to start the device, and use the "ip link set device name down" command to disable the device. As mentioned above, the link layer can work normally without additional settings. For Wireless devices, use wireless-tools and wpasupplicant to connect the link layer. For example, you can use the wavemon tool or the iwlist scan command to scan for wireless connections. For example, connect to Ad-Hoc. The essid, channel, and cell (that is, the ap in iwconfig) of both parties must be consistent. It does not matter who is the first to create a connection between the two parties. For example, the iwconfig wlan0 mode ad-hoc essid test channel 7 ap 0E: 0E: 0A: 3A: 10: 3B key off command takes effect immediately. For example, to connect to a WEP-certified wireless network: iwconfig wlan0 essid "myhome" key 0123-4567-89 if you want to connect to a WPA-certified wireless network, wireless-tools will be helpless and wpasupplicant must be used. Wpasupplicant does not simply use the command line configuration like wireless-tools. it must first start a service process, then use another command line tool to set the service process, and the service process must always run during WIFI connection. Why not do it with wireless-tools? It's weird. it's disgusting! The service process can be started later or later. Background mode: wpa_supplicant-I wlan0-D nl80211, wext-s-B-P/var/run/wpa_supplicant.wlan0.pid-C/var/run/wpa_supplicant, where-I specifies the device name; -D indicates the authentication protocol;-s-B indicates to run in the background and debug and output to syslog;-C parameter specifies the location of "ctrl_interface". note, wpa_supplicant can have a configuration file, and the static configuration of WIFI can be recorded in the configuration file, similar to the/etc/network/interfaces function, but we cannot use it here, "ctrl_interface" is indispensable without a configuration file, and wpa_cli interacts with it. Foreground mode: wpa_supplicant-I wlan0-D nl80211, wext-dd-P/var/run/wpa_supplicant.wlan0.pid-C/var/run/wpa_supplicant, -dd indicates that more detailed debugging information is output. Then, use wpa_cli to set. Wpa_cli can work in interactive mode or command line mode. For example, in interactive mode, run the following command to add and enable the network:> add_network0> set_network 0 ssid "ChinaUnicom-Me" OK> set_network 0 key_mgmt WPA-PSKOK> set_network 0 psk "password" OK> enable_network 0OK to the above, whether it is wired network or wireless network, the link layer is connected. The following describes how to set the network layer using tools such as iproute. It is easy to configure DHCP. For example: dhclient wlan0-rdhclient wlan0 if you want to manually set the address, for example, ip address add 192.168.1.3/24 dev wlan0ip route add default via 192.168.1.1 dev wlan0 add ip address, the second line sets the default route. Finally, use a text editor or script to modify/etc/resolv. conf DNS settings, such as echo nameserver 221.6.4.66>/etc/resolv. conf. you can use iwconfig and ifconfig to view the current settings. For example, iwconfig wlan0 & ifconfig wlan0 can be easily written now. for example, the following is the setting script for my laptop at home :#! /Bin/sh echo cleaning sudo killall multicast ip link set eth0 downsudo ip link set wlan0 downsudo ip addr flush eth0sudo ip addr flush wlan0 echo enabling wlan0sudo ip link set wlan0 up echo link layer connection sudo wpa_supplicant-I wlan0-D nl80211, wext-s-B-P/var/run/tests-C/var/run/wpa_supplicantsudo wpa_cli add_network # note that the single quotation marks enclose sudo wpa_cli set_network 0 ssid '"ChinaUnicom-Me "' sudo wpa_cli set_network 0 key_mgmt WPA-PSKsudo wpa_cli set_network 0 psk '"........ "'sudo wpa_cli enable_network 0 echo network layer settings: ip address and default route sudo ip addr add 192.168.1.3/24 dev wlan0sudo ip route add default via 192.168.1.1 dev wlan0 echo DNS settings # Here cannot use the> symbol, otherwise, the permission is insufficient. sudo echo nameserver 221.6.4.66 | sudo tee/etc/resolv. conf