Can't set static IP in RHEL 7 Desktop
I am using RHEL Desktop. I want to configure RHEL 7 with VLAN tagged connections (I have 8 Ethernet Ports).
After configuration the ports come UP (in fact ALL ports display UP) but without an IP address. My configurations are:
VLAN=yes
DEVICE=eno1.200
BOOTPROTO=static
ONBOOT=yes
IPADDRESS=10.67.152.177
NETMASK=255.255.255.192
VLAN=yes
DEVICE=eno2.101
BOOTPROTO=static
ONBOOT=yes
IPADDRESS=192.168.20.177
NETMASK=255.255.255.0
When I run the ifconfig command I see the following:
enO1.200: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::a2d3:c1ff:fefa:6bfc prefixlen 64 scopeid 0x20
ether a0:d3:c1:fa:6b:fc txqueuelen 1000 (Ethernet)
RX packets 5 bytes 340 (340.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7 bytes 870 (870.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 32
NOTE: There is NO up address assigned.
Nothing changes when I execute service network restart.
When I try the ifup-eth eno1.200 I get the following error:
[root@localhost network-scripts]# ./ifup-eth ifcfg-eno1.200
Could not load file '/etc/sysconfig/network-scripts/ifcfg-eno1.200'
RTNETLINK answers: File exists
Could not load file '/etc/sysconfig/network-scripts/ifcfg-eno1.200'
Could not load file '/etc/sysconfig/network-scripts/ifcfg-eno1.200'
[root@localhost network-scripts]#
So, what am I doing wrong?
Oh yes, one more thing. The port is plugged in and there is link.
Responses
Hey Dale - One item grabbed my attention...
When I run the ifconfig command I see the following:
enO1.200: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::a2d3:c1ff:fefa:6bfc prefixlen 64 scopeid 0x20
That does not look like a en0 zero.. but instead enO letter O
Can you run:
cd /etc/sysconfig/network-scripts
grep ^DEVICE ifcfg-*
I looked up that interface and it actually is eno (with the letter o - or O in this case).
I don't have much experience with RHEL 7 at this point and I know people have struggled a bit with Network Manager (and the consensus is that NM is definitely better and should be considered again).
CLI
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/sec-Configure_802_1Q_VLAN_Tagging_Using_the_Command_Line.html#sec-Setting_Up_802.1Q_VLAN_Tagging_Using_ifcfg_Files
Network Manager
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/sec-Configure_802_1Q_VLAN_Tagging_Using_the_Command_Line_Tool_nmcli.html
EDIT: I just thought of something - did you create the ifcfg-en01.200 file from scratch? If so, I wonder if SElinux is blocking access?
# ls -lZ ifcfg-*
-rw-r--r--. root root system_u:object_r:net_conf_t:s0 ifcfg-em1
-rw-r--r--. root root system_u:object_r:net_conf_t:s0 ifcfg-lo
# restorecon -Fvv ifcfg-*
SE is your friend - Even when you think it's not ;-) I recommend that you change it to permissive (rather than disable) if you need to go that route.
It is still quite helpful, especially on the desktop due to all of the framework for SELinux alerts and the GUI apps, to have it monitoring but not taking action. The SELinux Alert Browser is pretty cool and provides examples of what policies have been initiated and then how you can build a new policy to allow that action, etc...
Hello
I have configured quite a few ifcfg files manually on RHEL7 and not encountered an SELinux problem. Testing now, adding ens9 and two VLANs as "su -":
-rw-r--r--. root root system_u:object_r:net_conf_t:s0 ifcfg-ens3
-rw-r--r--. root root unconfined_u:object_r:net_conf_t:s0 ifcfg-ens3.200
-rw-r--r--. root root unconfined_u:object_r:net_conf_t:s0 ifcfg-ens9
-rw-r--r--. root root unconfined_u:object_r:net_conf_t:s0 ifcfg-ens9.101
After running:
network-scripts]# restorecon -Fvv ifcfg-*
I see:
network-scripts]# ls -lZ ifcfg-*
-rw-r--r--. root root system_u:object_r:net_conf_t:s0 ifcfg-ens3
-rw-r--r--. root root system_u:object_r:net_conf_t:s0 ifcfg-ens3.200
-rw-r--r--. root root system_u:object_r:net_conf_t:s0 ifcfg-ens9
-rw-r--r--. root root system_u:object_r:net_conf_t:s0 ifcfg-ens9.101
Time to brush off my SElinux guide from Summit ;-)
I guess it makes sense that there is a wildcard for the "network-scripts" directory. Hard to know how folks are creating the files though.
[root@seraph targeted]# semanage fcontext --list | egrep 'ifcfg|network'
/dev/network_latency character device system_u:object_r:netcontrol_device_t:s0
/dev/network_throughput character device system_u:object_r:netcontrol_device_t:s0
/etc/network/ifstate regular file system_u:object_r:etc_runtime_t:s0
/etc/sysconfig/network-scripts(/.*)? all files system_u:object_r:net_conf_t:s0
/etc/sysconfig/network-scripts/.*resolv\.conf regular file system_u:object_r:net_conf_t:s0
/etc/sysconfig/network-scripts/ifdown.* all files system_u:object_r:bin_t:s0
/etc/sysconfig/network-scripts/ifup-ipsec regular file system_u:object_r:initrc_exec_t:s0
/etc/sysconfig/network-scripts/ifup.* all files system_u:object_r:bin_t:s0
/etc/sysconfig/network-scripts/init.* all files system_u:object_r:bin_t:s0
/etc/sysconfig/network-scripts/net.* all files system_u:object_r:bin_t:s0
/etc/sysconfig/networking(/.*)? all files system_u:object_r:net_conf_t:s0
I forgot to add link to SELinux Guide :
Unconfined Processes
A new nmcli command that will show you your interfaces governed by NM:
[root@seven7 ~]# nmcli c s
<output follows below in next block>
- You can use the above example. The above example is an abbreviated example for what is below...
[root@seven7 ~]# nmcli con sho
NAME UUID TYPE DEVICE
enp0s5 42f72d00-5695-45d1-bbf5-cb74e56fb020 802-3-ethernet --
eth0 5fb26bd0-0bb0-4ffb-45f1-d6edd75f3e83 802-3-ethernet eth0
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
