2.2. Editing Network Configuration Files

2.2.1. Configuring a Network Interface Using ifcfg Files

Interface configuration files control the software interfaces for individual network devices. As the system boots, it uses these files to determine what interfaces to bring up and how to configure them. These files are usually named ifcfg-name, where the suffix name refers to the name of the device that the configuration file controls. By convention, the ifcfg file's suffix is the same as the string given by the DEVICE directive in the configuration file itself.

Static Network Settings

For example, to configure an interface with static network settings using ifcfg files, for an interface with the name eth0, create a file with the name ifcfg-eth0 in the /etc/sysconfig/network-scripts/ directory, that contains:
You do not need to specify the network or broadcast address as this is calculated automatically by ipcalc.


In Red Hat Enterprise Linux 7, the naming convention for network interfaces has been changed, as explained in Chapter 8, Consistent Network Device Naming. Specifying the hardware or MAC address using HWADDR directive can influence the device naming procedure.

Dynamic Network Settings

For example, to configure an interface with dynamic network settings using ifcfg files, for an interface with the name em1, create a file with the name ifcfg-em1 in the /etc/sysconfig/network-scripts/ directory, that contains:
To configure an interface to send a different host name to the DHCP server, add the following line to the ifcfg file:
To configure an interface to send a different fully qualified domain name (FQDN) to the DHCP server, add the following line to the ifcfg file:


Only one directive, either DHCP_HOSTNAME or DHCP_FQDN, should be used in a given ifcfg file. In case both DHCP_HOSTNAME and DHCP_FQDN are specified, only the latter is used.
To configure an interface to use particular DNS servers, add the following lines to the ifcfg file:
where ip-address is the address of a DNS server. This will cause the network service to update /etc/resolv.conf with the specified DNS servers specified. Only one DNS server address is necessary, the other is optional.
By default, NetworkManager calls the DHCP client, dhclient, when a profile has been set to obtain addresses automatically by setting BOOTPROTO to dhcp in an interface configuration file. If DHCP is required, an instance of dhclient is started for every Internet protocol, IPv4 and IPv6, on an interface. If NetworkManager is not running, or is not managing an interface, then the legacy network service will call instances of dhclient as required. For more details, see Section 2.1.2, “When to Use Dynamic Interface Settings”.


In order to apply the configuration, you need to enter the nmcli c reload command.

2.2.2. Configuring the Network Settings from the Kernel Command-line

When connecting to the root file system on an iSCSI target from an interface, the network settings are not configured on the installed system. To work around this problem:
  1. Install the dracut utility. For information on using dracut, see Red Hat Enterprise Linux 7 System Administrator's Guide
  2. Set the configuration using the ip option on the kernel command-line:
    • dhcp - DHCP configuration
    • dhpc6 - DHCP IPv6 configuration
    • auto6 - automatic IPv6 configuration
    • on, any - any protocol available in the kernel (default)
    • none, off - no autoconfiguration, static network configuration
    For example:
  3. Set the name server configuration:
    nameserver=srv1 [nameserver=srv2 [nameserver=srv3 […]]]
The dracut utility sets up a network connection and generates new ifcfg files that can be copied to the /etc/sysconfig/network-scripts/ file.

2.2.3. Configuring a Network Interface Using ip Commands

The ip utility can be used to assign IP addresses to an interface. The command takes the following form:
ip addr [ add | del ] address dev ifname

Assigning a Static Address Using ip Commands

To assign an IP address to an interface, issue a command as root as follows:
~]# ip address add dev eth0
The address assignment of a specific device can be viewed as follows:
~]# ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether f0:de:f1:7b:6e:5f brd ff:ff:ff:ff:ff:ff
    inet brd scope global global eth0
       valid_lft 58682sec preferred_lft 58682sec
    inet6 fe80::f2de:f1ff:fe7b:6e5f/64 scope link
       valid_lft forever preferred_lft forever
Further examples and command options can be found in the ip-address(8) manual page.

Configuring Multiple Addresses Using ip Commands

As the ip utility supports assigning multiple addresses to the same interface it is no longer necessary to use the alias interface method of binding multiple addresses to the same interface. The ip command to assign an address can be repeated multiple times in order to assign multiple address. For example:
~]# ip address add dev eth1
~]# ip address add dev eth1
~]# ip addr
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:fb:77:9e brd ff:ff:ff:ff:ff:ff
    inet scope global eth1
    inet scope global eth1
The commands for the ip utility are documented in the ip(8) manual page.


ip commands given on the command line will not persist after a system restart.

2.2.4. Static Routes and the Default Gateway

Static routes are for traffic that must not, or should not, go through the default gateway. Routing is often handled by devices on the network dedicated to routing (although any device can be configured to perform routing). Therefore, it is often not necessary to configure static routes on Red Hat Enterprise Linux servers or clients. Exceptions include traffic that must pass through an encrypted VPN tunnel or traffic that should take a specific route for reasons of cost or security. The default gateway is for any and all traffic which is not destined for the local network and for which no preferred route is specified in the routing table. The default gateway is traditionally a dedicated network router.


To expand your expertise, you might also be interested in the Red Hat System Administration I (RH124) training course.

If static routes are required, they can be added to the routing table by means of the ip route add command and removed using the ip route del command. The more frequently used ip route commands take the following form:
ip route [ add | del | change | append | replace ] destination-address
See the ip-route(8) man page for more details on the options and formats.
Use the ip route command without options to display the IP routing table. For example:
~]$ ip route
default via dev ens9  proto static  metric 1024 dev ens9  proto kernel  scope link  src dev eth0  proto kernel  scope link  src
To add a static route to a host address, in other words to a single IP address, issue a command as root:
ip route add via [dev ifname]
Where is the IP address of the host in dotted decimal notation, is the next hop address and ifname is the exit interface leading to the next hop.
To add a static route to a network, in other words to an IP address representing a range of IP addresses, issue the following command as root:
ip route add via [dev ifname]
where is the IP address of the destination network in dotted decimal notation and /24 is the network prefix. The network prefix is the number of enabled bits in the subnet mask. This format of network address slash network prefix length is sometimes referred to as classless inter-domain routing (CIDR) notation.
Static route configuration can be stored per-interface in a /etc/sysconfig/network-scripts/route-interface file. For example, static routes for the eth0 interface would be stored in the /etc/sysconfig/network-scripts/route-eth0 file. The route-interface file has two formats: ip command arguments and network/netmask directives. These are described below.
See the ip-route(8) man page for more information on the ip route command.

Configuring The Default Gateway

The default gateway is determined by the network scripts which parse the /etc/sysconfig/network file first and then the network interface ifcfg files for interfaces that are up. The ifcfg files are parsed in numerically ascending order, and the last GATEWAY directive to be read is used to compose a default route in the routing table.
The default route can thus be indicated by means of the GATEWAY directive, either globally or in interface-specific configuration files. However, in Red Hat Enterprise Linux the use of the global /etc/sysconfig/network file is deprecated, and specifying the gateway should now only be done in per-interface configuration files.
In dynamic network environments, where mobile hosts are managed by NetworkManager, gateway information is likely to be interface specific and is best left to be assigned by DHCP. In special cases where it is necessary to influence NetworkManager's selection of the exit interface to be used to reach a gateway, make use of the DEFROUTE=no command in the ifcfg files for those interfaces which do not lead to the default gateway.

2.2.5. Configuring Static Routes in ifcfg files

Static routes set using ip commands at the command prompt will be lost if the system is shutdown or restarted. To configure static routes to be persistent after a system restart, they must be placed in per-interface configuration files in the /etc/sysconfig/network-scripts/ directory. The file name should be of the format route-ifname. There are two types of commands to use in the configuration files; ip commands as explained in Section, “Static Routes Using the IP Command Arguments Format” and the Network/Netmask format as explained in Section, “Network/Netmask Directives Format”. Static Routes Using the IP Command Arguments Format

If required in a per-interface configuration file, for example /etc/sysconfig/network-scripts/route-eth0, define a route to a default gateway on the first line. This is only required if the gateway is not set via DHCP and is not set globally in the /etc/sysconfig/network file:
default via dev interface
where is the IP address of the default gateway. The interface is the interface that is connected to, or can reach, the default gateway. The dev option can be omitted, it is optional. Note that this setting takes precedence over a setting in the /etc/sysconfig/network file.
If a route to a remote network is required, a static route can be specified as follows. Each line is parsed as an individual route: via [dev interface]
where is the network address and prefix length of the remote or destination network. The address is the IP address leading to the remote network. It is preferably the next hop address but the address of the exit interface will work. The next hop means the remote end of a link, for example a gateway or router. The dev option can be used to specify the exit interface interface but it is not required. Add as many static routes as required.
The following is an example of a route-interface file using the ip command arguments format. The default gateway is, interface eth0 and a leased line or WAN connection is available at The two static routes are for reaching the network and the host:
default via dev eth0 via dev eth0 via dev eth0
In the above example, packets going to the local network will be directed out the interface attached to that network. Packets going to the network and host will be directed to Packets to unknown, remote, networks will use the default gateway therefore static routes should only be configured for remote networks or hosts if the default route is not suitable. Remote in this context means any networks or hosts that are not directly attached to the system.
Specifying an exit interface is optional. It can be useful if you want to force traffic out of a specific interface. For example, in the case of a VPN, you can force traffic to a remote network to pass through a tun0 interface even when the interface is in a different subnet to the destination network.
The ip route format can be used to specify a source address. For example: via src
or to define an existing policy-based routing configuration, which specifies multiple routing tables. For example: via table 1 via table 2


If the default gateway is already assigned by DHCP and if the same gateway with the same metric is specified in a configuration file, an error during start-up, or when bringing up an interface, will occur. The follow error message may be shown: "RTNETLINK answers: File exists". This error may be ignored. Network/Netmask Directives Format

You can also use the network/netmask directives format for route-interface files. The following is a template for the network/netmask format, with instructions following afterwards:
  • ADDRESS0= is the network address of the remote network or host to be reached.
  • NETMASK0= is the netmask for the network address defined with ADDRESS0=
  • GATEWAY0= is the default gateway, or an IP address that can be used to reach ADDRESS0=
The following is an example of a route-interface file using the network/netmask directives format. The default gateway is but a leased line or WAN connection is available at The two static routes are for reaching the and networks:
Subsequent static routes must be numbered sequentially, and must not skip any values. For example, ADDRESS0, ADDRESS1, ADDRESS2, and so on.
By default, forwarding packets from one interface to another, or out of the same interface, is disabled for security reasons. This prevents the system acting as a router for external traffic. If you need the system to route external traffic, such as when sharing a connection or configuring a VPN server, you will need to enable IP forwarding. See the Red Hat Enterprise Linux 7 Security Guide for more details.

2.2.6. Configuring a VPN

IPsec, provided by Libreswan, is the preferred method for creating a VPN in Red Hat Enterprise Linux 7. Configuring an IPsec VPN using the command line is documented in the Red Hat Enterprise Linux 7 Security Guide.