Linux Networking Guide IP Routing VLANs

This tutorial is about Linux networking guide configuring IP Addresses, Routing, VLANs, and More.

You will learn the basics and advanced steps for configuring network settings on Linux systems, including how to set static IP addresses and configure routing.

Prerequisites

• A Linux distribution dedicated server or KVM VPS or Desktop (e.g., Ubuntu, AlmaLinux, Debian, CentOS).
• Access to the terminal with root or sudo privileges.

Linux Networking Guide IP Routing VLANs

1. Introduction to Linux Networking

Linux systems handle networking through a combination of configuration files and utilities. The two fundamental aspects of network configuration are:

• IP Address Assignment: Defining how your machine communicates within a network.
• Routing: Setting up how packets should traverse between different networks.

Let's start with understanding and configuring IP addresses.

2. Checking Current Network Settings

Before making any changes, you can check the current network settings using the ip or ifconfig command.

Using ip Command

ip addr show

This will display a list of network interfaces and their assigned IP addresses.

Using ifconfig Command

ifconfig

This command shows detailed information about each network interface.

3. Configuring IP Addresses

There are two types of IP addresses you can configure on Linux:

• Dynamic IP: Automatically assigned using DHCP.
• Static IP: Manually configured, suitable for servers or machines that need a consistent IP.

3.1 Setting a Static IP Address

To set a static IP, we will modify the network interface configuration files.

3.1.1 On Ubuntu (Netplan)

Open the Netplan configuration file.

sudo nano /etc/netplan/00-installer-config.yaml

Modify the configuration to look like this (replace eth0 with your interface name, and the IP address with your desired values):

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
      addresses:
        - 192.168.1.100/24
      gateway4: 192.168.1.1
      nameservers:
        addresses:
          - 8.8.8.8
          - 8.8.4.4

Apply the configuration:

sudo netplan apply

3.1.2 On CentOS/AlmaLinux (NetworkManager)

Open the interface configuration file:

sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0

Modify the file to include the static IP settings:

DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=8.8.8.8
DNS2=8.8.4.4

Restart the network service:

sudo systemctl restart NetworkManager

4. Routing Basics

Routing allows you to direct traffic between different networks. Each Linux system has a routing table that dictates how packets should be forwarded.

4.1 Checking the Routing Table

To view the current routing table, use the following command:

ip route show

The output will display the default route (default via), which is used to send packets outside the local network.

5. Adding Routes

You can manually add routes if needed, for example, to direct traffic to a specific network.

5.1 Adding a Default Gateway

If your machine doesn’t have a default gateway or you want to change it, you can add a new one using the following command:

sudo ip route add default via 192.168.1.1 dev eth0

This command adds a route where traffic destined for any IP (default) will be sent to the gateway 192.168.1.1 via interface eth0.

5.2 Adding a Route to a Specific Network

If you need to add a route to a specific network (for example, 10.0.0.0/24), use:

sudo ip route add 10.0.0.0/24 via 192.168.1.1 dev eth0

This will send traffic destined for the 10.0.0.0/24 network via the gateway 192.168.1.1.

6. Advanced Routing with ip

For more complex routing setups, Linux allows multiple routing tables and policies based on various conditions such as source address, protocol, or interface.

6.1 Using Policy Routing

Create a new routing table by adding an entry to the /etc/iproute2/rt_tables file:

echo "1 custom" | sudo tee -a /etc/iproute2/rt_tables

Add a route to the new table:

sudo ip route add 192.168.1.0/24 dev eth0 table custom

Use a rule to select the new table based on the source IP address:

sudo ip rule add from 192.168.1.100/32 table custom

Verify the rule:

ip rule show

7. Persisting Route Changes

The above routing commands are temporary and will be lost after a reboot. To make them persistent:

• Ubuntu: Add routes to the Netplan configuration file, under the appropriate interface.
• CentOS/AlmaLinux: Add static routes in the /etc/sysconfig/network-scripts/route-<interface> file.

For example, to persist a route in CentOS:

sudo nano /etc/sysconfig/network-scripts/route-eth0

Add the following:

192.168.1.0/24 via 192.168.1.1

8. Troubleshooting Network Issues

8.1 Ping

Use ping to test connectivity to another host:

ping 8.8.8.8

8.2 Traceroute

Use traceroute to track the path packets take to a destination:

traceroute hostperl.com

8.3 Network Logs

Check logs for issues related to networking:

journalctl -xe | grep network

9. Network Interface Bonding/Link Aggregation

Network interface bonding allows you to combine multiple network interfaces into a single virtual interface for increased bandwidth and redundancy.

9.1 Configuring Bonding

Install the bonding module if not already installed:

sudo modprobe bonding

Create a configuration file for bonding: On CentOS/AlmaLinux, create or edit a file for the bonded interface:

sudo nano /etc/sysconfig/network-scripts/ifcfg-bond0

Add the following configuration for bonding (mode 1 for active-backup, mode 4 for LACP):

DEVICE=bond0
NAME=bond0
BONDING_OPTS="mode=1 miimon=100"
ONBOOT=yes
IPADDR=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1

Now edit the slave interfaces:

sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0
sudo nano /etc/sysconfig/network-scripts/ifcfg-eth1

Configure the interfaces to bond with bond0:

DEVICE=eth0
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none

Restart networking:

sudo systemctl restart NetworkManager

Verify bonding using:

cat /proc/net/bonding/bond0

10. VLAN (Virtual Local Area Network) Configuration

VLANs allow you to segment a physical network into multiple logical networks.

10.1 Configuring a VLAN

Install the VLAN package (if not installed):

sudo apt install vlan   # For Debian/Ubuntu
sudo yum install vconfig # For CentOS/AlmaLinux

Create a VLAN interface:

sudo ip link add link eth0 name eth0.100 type vlan id 100

Bring up the VLAN interface:

sudo ip link set dev eth0.100 up

Assign an IP address to the VLAN interface:

sudo ip addr add 192.168.100.1/24 dev eth0.100

To make this configuration persistent, add it to the appropriate network configuration files depending on your Linux distribution.

11. Network Address Translation (NAT) and Port Forwarding

NAT is used to translate private IP addresses to a public IP address. Port forwarding is used to forward external traffic to an internal server.

11.1 Configuring NAT

Enable IP forwarding:

sudo sysctl -w net.ipv4.ip_forward=1

Configure iptables to enable NAT (assuming eth0 is the public interface):

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

To forward a specific port (e.g., forwarding external port 8080 to internal port 80 on a web server):

sudo iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination 192.168.1.100:80

Save the iptables rules to persist across reboots:

sudo iptables-save > /etc/iptables/rules.v4

12. Using FirewallD for Advanced Network Security

FirewallD is a dynamic firewall manager that provides advanced network security on modern Linux distributions.

12.1 Installing FirewallD

Install the firewalld package:

sudo apt install firewalld    # On Ubuntu
sudo yum install firewalld    # On CentOS/AlmaLinux

12.2 Basic FirewallD Usage

Start and enable firewalld:

sudo systemctl start firewalld
sudo systemctl enable firewalld

Allow a service (e.g., HTTP):

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --reload

Allow a custom port:

sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

View the current firewall rules:

sudo firewall-cmd --list-all

13. Network Performance and Monitoring Tools

Monitoring network performance is crucial for diagnosing issues and ensuring optimal configurations.

13.1 Using iftop to Monitor Bandwidth Usage

Install iftop to monitor bandwidth in real-time:

sudo apt install iftop   # Ubuntu/Debian
sudo yum install iftop   # CentOS/AlmaLinux

Run the tool:

sudo iftop

13.2 Using nload to Monitor Incoming/Outgoing Traffic

Install nload to visualize incoming and outgoing traffic:

sudo apt install nload   # Ubuntu/Debian
sudo yum install nload   # CentOS/AlmaLinux

Run the tool:

sudo nload

13.3 Using iperf to Test Network Speed

iPerf is a tool for measuring network performance, especially bandwidth and latency.

Install iPerf:

sudo apt install iperf   # Ubuntu/Debian
sudo yum install iperf   # CentOS/AlmaLinux

Start the server on one machine:

iperf -s

On the client machine, run:

iperf -c <server-ip>

This will output the available bandwidth between the two systems.

14. Network Namespaces and Virtual Networking

Network namespaces are a powerful feature in Linux for creating isolated network environments.

14.1 Creating a Network Namespace

Create a new namespace:

sudo ip netns add test_ns

Verify that the namespace was created:

ip netns list

Assign an interface to the namespace (e.g., veth interface):

sudo ip link add veth0 type veth peer name veth1
sudo ip link set veth1 netns test_ns

Set an IP address within the namespace:

sudo ip netns exec test_ns ip addr add 192.168.10.1/24 dev veth1
sudo ip netns exec test_ns ip link set veth1 up

Enable the interface in the default namespace:

sudo ip link set veth0 up

14.2 Using Network Namespaces for Container-Like Networking

Network namespaces are often used to emulate container networking. They allow you to create isolated environments that can be linked to virtual network devices or bridges, which is how tools like Docker manage container networking.

15. Monitoring Network Activity with tcpdump

tcpdump is a packet analysis tool that allows you to capture and inspect packets on a network interface.

15.1 Basic tcpdump Usage

Capture traffic on a specific interface (e.g., eth0):

sudo tcpdump -i eth0

To save the output to a file:

sudo tcpdump -i eth0 -w capture.pcap

You can analyze this file using tools like Wireshark.

16. Configuring DNS (Domain Name System)

DNS is used to resolve domain names to IP addresses. Configuring DNS properly ensures that your system can resolve and be resolved by other systems on the network.

16.1 Changing DNS Settings

Edit the /etc/resolv.conf file to change DNS servers:

sudo nano /etc/resolv.conf

Add or modify the DNS nameservers:

nameserver 8.8.8.8
nameserver 8.8.4.4

To make the DNS changes persistent across reboots, it is recommended to configure DNS within your network manager (Netplan, NetworkManager, or other).

Conclusion

In this tutorial, you learned how to configure static IP addresses and routes on Linux, including basic and advanced routing concepts. Networking is crucial for managing any Linux server, and mastering these techniques will help ensure that your systems are properly connected and accessible.

This extended tutorial has covered various topics related to Linux networking, from basics such as configuring IP addresses and routing to more advanced concepts like network bonding, VLANs, NAT, network performance monitoring, and DNS configuration. These tools and techniques are essential for managing network setups, diagnosing issues, and optimizing your system's network performance.