2.2. Editing Network Configuration Files

2.2.1. Configuring a Network Interface Using ifcfg Files

Interface configuration files control the software interfaces for individual network devices. As the system boots, it uses these files to determine what interfaces to bring up and how to configure them. These files are usually named ifcfg-name, where the suffix name refers to the name of the device that the configuration file controls. By convention, the ifcfg file's suffix is the same as the string given by the DEVICE directive in the configuration file itself.

Static Network Settings

For example, to configure an interface with static network settings using ifcfg files, for an interface with the name eth0, create a file with the name ifcfg-eth0 in the /etc/sysconfig/network-scripts/ directory, that contains:
  • For IPv4 configuration
    DEVICE=eth0
    BOOTPROTO=none
    ONBOOT=yes
    PREFIX=24
    IPADDR=10.0.1.27
    
  • For IPv6 configuration
    DEVICE=eth0
    BOOTPROTO=none
    ONBOOT=yes
    IPV6INIT=yes
    IPV6ADDR=2001:db8::2/48
    
    You do not need to specify the network or broadcast address as this is calculated automatically by ipcalc.
    For more IPv6 ifcfg configuration options, see nm-settings-ifcfg-rh(5) man page.

Important

In Red Hat Enterprise Linux 7, the naming convention for network interfaces has been changed, as explained in Chapter 8, Consistent Network Device Naming. Specifying the hardware or MAC address using HWADDR directive can influence the device naming procedure.

Dynamic Network Settings

For example, to configure an interface with dynamic network settings using ifcfg files, for an interface with the name em1, create a file with the name ifcfg-em1 in the /etc/sysconfig/network-scripts/ directory, that contains:
DEVICE=em1
BOOTPROTO=dhcp
ONBOOT=yes
To configure an interface to send a different host name to the DHCP server, add the following line to the ifcfg file:
DHCP_HOSTNAME=hostname
To configure an interface to send a different fully qualified domain name (FQDN) to the DHCP server, add the following line to the ifcfg file:
DHCP_FQDN=fully.qualified.domain.name

Note

Only one directive, either DHCP_HOSTNAME or DHCP_FQDN, should be used in a given ifcfg file. In case both DHCP_HOSTNAME and DHCP_FQDN are specified, only the latter is used.
To configure an interface to use particular DNS servers, add the following lines to the ifcfg file:
  PEERDNS=no
  DNS1=ip-address
  DNS2=ip-address
where ip-address is the address of a DNS server. This will cause the network service to update /etc/resolv.conf with the specified DNS servers specified. Only one DNS server address is necessary, the other is optional.
By default, NetworkManager calls the DHCP client, dhclient, when a profile has been set to obtain addresses automatically by setting BOOTPROTO to dhcp in an interface configuration file. If DHCP is required, an instance of dhclient is started for every Internet protocol, IPv4 and IPv6, on an interface. If NetworkManager is not running, or is not managing an interface, then the legacy network service will call instances of dhclient as required. For more details, see Section 2.1.2, “When to Use Dynamic Interface Settings”.

Important

In order to apply the configuration, you need to enter the nmcli c reload command.

2.2.2. Configuring the Network Settings from the Kernel Command-line

When connecting to the root file system on an iSCSI target from an interface, the network settings are not configured on the installed system. To work around this problem:
  1. Install the dracut utility. For information on using dracut, see Red Hat Enterprise Linux System Administrator's Guide
  2. Set the configuration using the ip option on the kernel command-line:
    ip<client-IP-number>:[<server-id>]:<gateway-IP-number>:<netmask>:<client-hostname>:<interface>:{dhcp|dhcp6|auto6|on|any|none|off}
    • dhcp - DHCP configuration
    • dhpc6 - DHCP IPv6 configuration
    • auto6 - automatic IPv6 configuration
    • on, any - any protocol available in the kernel (default)
    • none, off - no autoconfiguration, static network configuration
    For example:
    ip=192.168.180.120:192.168.180.100:192.168.180.1:255.255.255.0::eth0:off
  3. Set the name server configuration:
    nameserver=srv1 [nameserver=srv2 [nameserver=srv3 […]]]
The dracut utility sets up a network connection and generates new ifcfg files that can be copied to the /etc/sysconfig/network-scripts/ file.

2.2.3. Configuring a Network Interface Using ip Commands

The ip utility can be used to assign IP addresses to an interface. The command takes the following form:
ip addr [ add | del ] address dev ifname

Assigning a Static Address Using ip Commands

To assign an IP address to an interface, issue a command as root as follows:
~]# ip address add 10.0.0.3/24 dev eth0
The address assignment of a specific device can be viewed as follows:
~]# ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether f0:de:f1:7b:6e:5f brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.3/24 brd 10.0.0.255 scope global global eth0
       valid_lft 58682sec preferred_lft 58682sec
    inet6 fe80::f2de:f1ff:fe7b:6e5f/64 scope link
       valid_lft forever preferred_lft forever
Further examples and command options can be found in the ip-address(8) manual page.

Configuring Multiple Addresses Using ip Commands

As the ip utility supports assigning multiple addresses to the same interface it is no longer necessary to use the alias interface method of binding multiple addresses to the same interface. The ip command to assign an address can be repeated multiple times in order to assign multiple address. For example:
~]# ip address add 192.168.2.223/24 dev eth1
~]# ip address add 192.168.4.223/24 dev eth1
~]# ip addr
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:fb:77:9e brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.223/24 scope global eth1
    inet 192.168.4.223/24 scope global eth1
The commands for the ip utility are documented in the ip(8) manual page.

Note

ip commands given on the command line will not persist after a system restart.

2.2.4. Static Routes and the Default Gateway

Static routes are for traffic that must not, or should not, go through the default gateway. Routing is often handled by devices on the network dedicated to routing (although any device can be configured to perform routing). Therefore, it is often not necessary to configure static routes on Red Hat Enterprise Linux servers or clients. Exceptions include traffic that must pass through an encrypted VPN tunnel or traffic that should take a specific route for reasons of cost or security. The default gateway is for any and all traffic which is not destined for the local network and for which no preferred route is specified in the routing table. The default gateway is traditionally a dedicated network router.

Note

To expand your expertise, you might also be interested in the Red Hat System Administration I (RH124) training course.

If static routes are required, they can be added to the routing table by means of the ip route add command and removed using the ip route del command. The more frequently used ip route commands take the following form:
ip route [ add | del | change | append | replace ] destination-address
See the ip-route(8) man page for more details on the options and formats.
Use the ip route command without options to display the IP routing table. For example:
~]$ ip route
default via 192.168.122.1 dev ens9  proto static  metric 1024
192.168.122.0/24 dev ens9  proto kernel  scope link  src 192.168.122.107
192.168.122.0/24 dev eth0  proto kernel  scope link  src 192.168.122.126
To add a static route to a host address, in other words to a single IP address, issue a command as root:
ip route add 192.0.2.1 via 10.0.0.1 [dev ifname]
Where 192.0.2.1 is the IP address of the host in dotted decimal notation, 10.0.0.1 is the next hop address and ifname is the exit interface leading to the next hop.
To add a static route to a network, in other words to an IP address representing a range of IP addresses, issue the following command as root:
ip route add 192.0.2.0/24 through 10.0.0.1 [dev ifname]
where 192.0.2.0 is the IP address of the destination network in dotted decimal notation and /24 is the network prefix. The network prefix is the number of enabled bits in the subnet mask. This format of network address slash network prefix length is sometimes referred to as classless inter-domain routing (CIDR) notation.
Static route configuration can be stored per-interface in a /etc/sysconfig/network-scripts/route-interface file. For example, static routes for the eth0 interface would be stored in the /etc/sysconfig/network-scripts/route-eth0 file. The route-interface file has two formats: ip command arguments and network/netmask directives. These are described below.
See the ip-route(8) man page for more information on the ip route command.

Configuring The Default Gateway

The default gateway is determined by the network scripts which parse the /etc/sysconfig/network file first and then the network interface ifcfg files for interfaces that are up. The ifcfg files are parsed in numerically ascending order, and the last GATEWAY directive to be read is used to compose a default route in the routing table.
The default route can thus be indicated by means of the GATEWAY directive, either globally or in interface-specific configuration files. However, in Red Hat Enterprise Linux the use of the global /etc/sysconfig/network file is deprecated, and specifying the gateway should now only be done in per-interface configuration files.
In dynamic network environments, where mobile hosts are managed by NetworkManager, gateway information is likely to be interface specific and is best left to be assigned by DHCP. In special cases where it is necessary to influence NetworkManager's selection of the exit interface to be used to reach a gateway, make use of the DEFROUTE=no command in the ifcfg files for those interfaces which do not lead to the default gateway.

2.2.5. Configuring Static Routes in ifcfg files

Static routes set using ip commands at the command prompt will be lost if the system is shutdown or restarted. To configure static routes to be persistent after a system restart, they must be placed in per-interface configuration files in the /etc/sysconfig/network-scripts/ directory. The file name should be of the format route-ifname. There are two types of commands to use in the configuration files; ip commands as explained in Section 2.2.5.1, “Static Routes Using the IP Command Arguments Format” and the Network/Netmask format as explained in Section 2.2.5.2, “Network/Netmask Directives Format”.

2.2.5.1. Static Routes Using the IP Command Arguments Format

If required in a per-interface configuration file, for example /etc/sysconfig/network-scripts/route-eth0, define a route to a default gateway on the first line. This is only required if the gateway is not set through DHCP and is not set globally in the /etc/sysconfig/network file:
default via 192.168.1.1 dev interface
where 192.168.1.1 is the IP address of the default gateway. The interface is the interface that is connected to, or can reach, the default gateway. The dev option can be omitted, it is optional. Note that this setting takes precedence over a setting in the /etc/sysconfig/network file.
If a route to a remote network is required, a static route can be specified as follows. Each line is parsed as an individual route:
10.10.10.0/24 via 192.168.1.1 [dev interface]
where 10.10.10.0/24 is the network address and prefix length of the remote or destination network. The address 192.168.1.1 is the IP address leading to the remote network. It is preferably the next hop address but the address of the exit interface will work. The next hop means the remote end of a link, for example a gateway or router. The dev option can be used to specify the exit interface interface but it is not required. Add as many static routes as required.
The following is an example of a route-interface file using the ip command arguments format. The default gateway is 192.168.0.1, interface eth0 and a leased line or WAN connection is available at 192.168.0.10. The two static routes are for reaching the 10.10.10.0/24 network and the 172.16.1.10/32 host:
default via 192.168.0.1 dev eth0
10.10.10.0/24 via 192.168.0.10 dev eth0
172.16.1.10/32 via 192.168.0.10 dev eth0
In the above example, packets going to the local 192.168.0.0/24 network will be directed out the interface attached to that network. Packets going to the 10.10.10.0/24 network and 172.16.1.10/32 host will be directed to 192.168.0.10. Packets to unknown, remote, networks will use the default gateway therefore static routes should only be configured for remote networks or hosts if the default route is not suitable. Remote in this context means any networks or hosts that are not directly attached to the system.
For IPv6 configuration, an example of a route6-interface file in ip route format:
2001:db8:1::/48 via 2001:db8::1 metric 2048
2001:db8:2::/48
Specifying an exit interface is optional. It can be useful if you want to force traffic out of a specific interface. For example, in the case of a VPN, you can force traffic to a remote network to pass through a tun0 interface even when the interface is in a different subnet to the destination network.
The ip route format can be used to specify a source address. For example:
10.10.10.0/24 via 192.168.0.10 src 192.168.0.2
or to define an existing policy-based routing configuration, which specifies multiple routing tables. For example:
10.10.10.0/24 via 192.168.0.10 table 1
10.10.10.0/24 via 192.168.0.10 table 2

Important

If the default gateway is already assigned by DHCP and if the same gateway with the same metric is specified in a configuration file, an error during start-up, or when bringing up an interface, will occur. The follow error message may be shown: "RTNETLINK answers: File exists". This error may be ignored.

2.2.5.2. Network/Netmask Directives Format

You can also use the network/netmask directives format for route-interface files. The following is a template for the network/netmask format, with instructions following afterwards:
ADDRESS0=10.10.10.0
NETMASK0=255.255.255.0
GATEWAY0=192.168.1.1
  • ADDRESS0=10.10.10.0 is the network address of the remote network or host to be reached.
  • NETMASK0=255.255.255.0 is the netmask for the network address defined with ADDRESS0=10.10.10.0.
  • GATEWAY0=192.168.1.1 is the default gateway, or an IP address that can be used to reach ADDRESS0=10.10.10.0
The following is an example of a route-interface file using the network/netmask directives format. The default gateway is 192.168.0.1 but a leased line or WAN connection is available at 192.168.0.10. The two static routes are for reaching the 10.10.10.0/24 and 172.16.1.0/24 networks:
ADDRESS0=10.10.10.0
NETMASK0=255.255.255.0
GATEWAY0=192.168.0.10
ADDRESS1=172.16.1.10
NETMASK1=255.255.255.0
GATEWAY1=192.168.0.10
Subsequent static routes must be numbered sequentially, and must not skip any values. For example, ADDRESS0, ADDRESS1, ADDRESS2, and so on.
By default, forwarding packets from one interface to another, or out of the same interface, is disabled for security reasons. This prevents the system acting as a router for external traffic. If you need the system to route external traffic, such as when sharing a connection or configuring a VPN server, you will need to enable IP forwarding. See the Red Hat Enterprise Linux 7 Security Guide for more details.

2.2.6. Configuring a VPN

IPsec, provided by Libreswan, is the preferred method for creating a VPN in Red Hat Enterprise Linux 7. Libreswan is an open-source, user-space IPsec implementation for VPN. Configuring an IPsec VPN using the command line is documented in the Red Hat Enterprise Linux 7 Security Guide.