Configure Networking: Difference between revisions

From Alpine Linux
m (→‎Enabling IPv6 (Optional): Replaced the pre tags with Cmd template tags for the commands)
m (updated links)
 
(52 intermediate revisions by 17 users not shown)
Line 1: Line 1:
This page will assist you in setting up networking on Alpine Linux.
This page will assist you in setting up networking on Alpine Linux.
{{Note|You must be logged in as root in order to perform the actions on this page.}}
{{Note|You must be logged in as root in order to perform the actions on this page.}}


= Setting System Hostname =
== Network setup-scripts ==
To set the system hostname, do something like the following:
 
{{Cmd|echo "hostname.domain.com" > /etc/hostname}}
Among the alpine setup scripts that are installed as part of <code>alpine-conf</code>, the following network related scripts are available.
 
* <code>setup-hostname</code>
* <code>setup-interfaces</code>
* <code>setup-dns</code>
* <code>setup-proxy</code>
* <code>setup-ntp</code>
 
All the above utilities are interactive. When <code>setup-interfaces</code> is invoked as follows,
 
{{Cmd|# setup-interfaces}}
 
it helps to configure wireless and ethernet interfaces in addition to other types. The above scripts will satisfy most trivial configurations. For a versatile networking front end, refer [[NetworkManager]]. If you're needs are more advanced, you've to refer to the following detailed guides..


Then, to activate the change, do the following:
== Setting System Hostname ==
{{Cmd|hostname -F /etc/hostname}}
To set the system hostname:
{{Cmd|# echo "shortname" > /etc/hostname}}


If you're using IPv6, you should also add the following special IPv6 addresses to your <code>/etc/hosts</code> file:
Then, to activate the change:
<pre>::1            localhost ipv6-localhost ipv6-loopback
{{Cmd|# hostname -F /etc/hostname}}
 
If you're using IPv6, you should also add the following special IPv6 addresses to your {{path|/etc/hosts}} file:
{{cat|/etc/hosts|...
::1            localhost ipv6-localhost ipv6-loopback
fe00::0        ipv6-localnet
fe00::0        ipv6-localnet
ff00::0        ipv6-mcastprefix
ff00::0        ipv6-mcastprefix
ff02::1        ipv6-allnodes
ff02::1        ipv6-allnodes
ff02::2        ipv6-allrouters
ff02::2        ipv6-allrouters
ff02::3        ipv6-allhosts</pre>
ff02::3        ipv6-allhosts
}}


{{Tip|If you are going to use automatic IP configuration, such as IPv4 DHCP or IPv6 Stateless Autoconfiguration, you can skip ahead to [[#Configuring_DNS|Configuring DNS]].  Otherwise, if you are going to use a static IPv4 or IPv6 address, continue below.}}
{{Tip|If you're going to use automatic IP configuration, such as IPv4 DHCP or IPv6 Stateless Autoconfiguration, you can skip ahead to [[#Configuring_DNS|Configuring DNS]].  Otherwise, if you're going to use a static IPv4 or IPv6 address, continue below.}}


For a static IP configuration, it's common to also add the machine's hostname you just set (above) to the <code>/etc/hosts</code> file.
For a static IP configuration, it's common to also add the machine's hostname you just set (above) to the {{path|/etc/hosts}} file.


Here's an IPv4 example:
Here's an IPv4 example:
<pre>192.168.1.150  hostname.domain.com</pre>
{{cat|/etc/hosts|...
192.168.1.150  shortname.domain.com
...
}}


And here's an IPv6 example:
And here's an IPv6 example:
<pre>2001:470:ffff:ff::2  hostname.domain.com</pre>
{{cat|/etc/hosts|...
2001:470:ffff:ff::2  shortname.domain.com
...
}}


= Configuring DNS =
== Configuring DNS ==
{{Warning|'''For users of IPv4 DHCP:''' Please note that <code>/etc/resolv.conf</code> will be completely overwritten with any nameservers provided by DHCP. Also, if DHCP does not provide any nameservers, then <code>/etc/resolv.conf</code> will still be overwritten, but will not contain any nameservers! '''''Note to self: This behavior should probably be reported to upstream.'''''}}
{{Tip|'''For users of IPv4 DHCP:''' Please note that {{path|/etc/resolv.conf}} will be completely overwritten with any nameservers provided by DHCP.
{{Note|'''For users of IPv6 Stateless Autoconfiguration:''' The above warning doesn't seem to be an issue here, however, I would advise caution.}}
If DHCP does not provide any nameservers, then {{path|/etc/resolv.conf}} will still be overwritten, but will not contain any nameservers!}}


For using a static IP and static nameservers, use one of the following examples.
For a static IP address and static nameservers, use one of the following examples.


For IPv4 nameservers, edit your <code>/etc/resolv.conf</code> file to look like this:<br />
For IPv4 nameservers, edit your {{path|/etc/resolv.conf}} file to look like this:<br />
The following example uses [http://en.wikipedia.org/wiki/Google_Public_DNS Google's Public DNS servers].
The following example uses [https://en.wikipedia.org/wiki/Google_Public_DNS Google's Public DNS servers].
nameserver 8.8.8.8
{{cat|/etc/resolv.conf|nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 8.8.4.4
}}


For IPv6 nameservers, edit your <code>/etc/resolv.conf</code> file to look like this:<br />
For IPv6 nameservers, edit your {{path|/etc/resolv.conf}} file to look like this:<br />
The following example uses [http://www.he.net/ Hurricane Electric's] public DNS server.
The following example uses [https://www.he.net/ Hurricane Electric's] public DNS server.
nameserver 2001:470:20::2
{{cat|/etc/resolv.conf|nameserver 2001:470:20::2}}
You can also use Hurricane Electric's public DNS server via IPv4:
You can also use Hurricane Electric's public IPv4 DNS server:
nameserver 74.82.42.42
{{cat|/etc/resolv.conf|nameserver 74.82.42.42}}


{{Tip|If you decide to use Hurricane Electric's nameserver, be aware that it is 'Google-whitelisted'. What does this mean?  It allows you access to many of Google's services via IPv6. (Just don't add other, non-whitelisted, nameservers to <code>/etc/resolv.conf</code> — ironically, such as Google's Public DNS Servers.) Read [http://www.google.com/intl/en/ipv6/ here] for more information.}}
{{Tip|If you decide to use Hurricane Electric's nameserver, be aware that it is 'Google-whitelisted'. What does this mean?  It allows you access to many of Google's services via IPv6. (Just don't add other, non-whitelisted, nameservers to {{path|/etc/resolv.conf}} — ironically, such as Google's Public DNS Servers.) Read [https://www.google.com/intl/en/ipv6/ here] for more information.}}


= Enabling IPv6 (Optional) =
== Interface Configuration ==


If you use IPv6, do the following to enable IPv6 for now and at each boot:
=== Loopback Configuration (Required) ===
{{Cmd|modprobe ipv6
{{Note|The loopback configuration must appear first in {{path|/etc/network/interfaces}} to prevent networking issues.}}
echo "ipv6" >> /etc/modules}}
To configure loopback, add the following to a new file {{path|/etc/network/interfaces}}:
{{cat|/etc/network/interfaces|...
auto lo
iface lo inet loopback
}}


= Interface Configuration =
The above works to set up the IPv4 loopback address (127.0.0.1), and the IPv6 loopback address (<code>::1</code>) — if you enabled IPv6.


== Loopback Configuration (Required) ==
=== Wireless Configuration ===
To configure loopback, add the following to a new file <code>/etc/network/interfaces</code>:
<pre>auto lo
iface lo inet loopback</pre>


The above works to setup the IPv4 loopback address (127.0.0.1), and the IPv6 loopback address (<code>::1</code>) — if you enabled IPv6.
Alpine Linux supports two wireless daemons i.e [[iwd]] and [[Wi-Fi#wpa_supplicant|wpa_supplicant]]. Using both may lead to conflicts.


== Ethernet Configuration ==
=== Ethernet Configuration ===
For the following Ethernet configuration examples, we will assume that you are using Ethernet device <code>eth0</code>.
For the following Ethernet configuration examples, we will assume that you are using Ethernet device <code>eth0</code>.


=== Initial Configuration ===
==== Initial Configuration ====
Add the following to the file <code>/etc/network/interfaces</code>, above any IP configuration for <code>eth0</code>:
Add the following to the file {{path|/etc/network/interfaces}}, above any IP configuration for <code>eth0</code>:
<pre>auto eth0</pre>
{{cat|/etc/network/interfaces|...
auto eth0
...
}}


=== IPv4 DHCP Configuration ===
==== IPv4 DHCP Configuration ====
Add the following to the file <code>/etc/network/interfaces</code>, below the <code>auto eth0</code> definition:
Add the following to the file {{path|/etc/network/interfaces}}, below the <code>auto eth0</code> definition:
<pre>iface eth0 inet dhcp</pre>
{{cat|/etc/network/interfaces|...
iface eth0 inet dhcp
...
}}
By default, the busybox DHCP client (udhcpc) requests a static set of options from the DHCP server. If you need to extend this set, you can do so by setting some additional command line options for the DHCP client, via the <code>udhcpc_opts</code> in your interface configuration. The following example requests
<code>domain-search</code> option:
{{cat|/etc/network/interfaces|...
iface eth0 inet dhcp
    udhcpc_opts -O search
...
}}
For a complete list of command line options for udhcpc, see [https://busybox.net/downloads/BusyBox.html#udhcpc this document].


=== IPv4 Static Address Configuration ===
==== IPv4 Static Address Configuration ====
Add the following to the file <code>/etc/network/interfaces</code>, below the <code>auto eth0</code> definition:
Add the following to the file {{path|/etc/network/interfaces}}, below the <code>auto eth0</code> definition:
<pre>iface eth0 inet static
 
{{cat|/etc/network/interfaces|...
iface eth0 inet static
         address 192.168.1.150
         address 192.168.1.150
         netmask 255.255.255.0
         netmask 255.255.255.0
         gateway 192.168.1.1</pre>
         gateway 192.168.1.1
...
}}
 
Since Alpine 3.13 (and only if you have <code>ifupdown-ng</code> installed) must be:
 
{{cat|/etc/network/interfaces|...
iface eth0 inet static
        address 192.168.1.150/24
        gateway 192.168.1.1
...
}}
 
 
===== Additional IP addresses =====
 
{{cat|/etc/network/interfaces|...
iface eth0 inet static
        address 192.168.1.150
        netmask 255.255.255.0
 
iface eth0 inet static
        address 192.168.1.151/24
...
}}
 
Since Alpine 3.13 (and only if you have <code>ifupdown-ng</code> installed) must be:
 
{{cat|/etc/network/interfaces|...
iface eth0 inet static
        address 192.168.1.150/24
        gateway 192.168.1.1
 
iface eth0 inet static
        address 192.168.1.151/24
...
}}
 
==== IPv6 DHCP Configuration ====
Alpine's use of ifupdown-ng supports three DHCP clients: udhcpc, dhclient, and dhcpcd. Of these, only dhcpcd can interact with both DHCP and DHCPv6 from the same process, which ifupdown-ng requires. Thus the IPv4 DHCP configuration given above will also result in the use of DHCPv6, but only if you install the dhcpcd package. (The ifupdown-ng scripts prioritize dhclient over udhcpc, and they prioritize dhcpcd over dhclient; see {{path|/usr/libexec/ifupdown-ng/dhcp}}.)


=== IPv6 Stateless Autoconfiguration ===
=== IPv6 Stateless Autoconfiguration ===
Add the following to the file <code>/etc/network/interfaces</code>, below the <code>auto eth0</code> definition:
Add the following to the file {{path|/etc/network/interfaces}}, below the <code>auto eth0</code> definition:
<pre>iface eth0 inet6 manual
{{cat|/etc/network/interfaces|...
        pre-up echo 1 > /proc/sys/net/ipv6/conf/eth0/accept_ra</pre>
iface eth0 inet6 auto
...
}}


{{Note|'''''The inet6 "manual" method is not yet available in busybox.  A patch has been submitted for review.'''''}}
==== IPv6 Static Address Configuration ====
Add the following to the file {{path|/etc/network/interfaces}}, below the <code>auto eth0</code> definition:


=== IPv6 Static Address Configuration ===
{{cat|/etc/network/interfaces|...
Add the following to the file <code>/etc/network/interfaces</code>, below the <code>auto eth0</code> definition:
iface eth0 inet6 static
<pre>iface eth0 inet6 static
         address 2001:470:ffff:ff::2
         address 2001:470:ffff:ff::2
         netmask 64
         netmask 64
         gateway 2001:470:ffff:ff::1
         gateway 2001:470:ffff:ff::1
         pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra</pre>
         pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra
...
}}
 
Since Alpine Linux 3.13 (and only if you have <code>ifupdown-ng</code> installed) must be as:
 
{{cat|/etc/network/interfaces|...
iface eth0 inet6 static
        address 2001:470:ffff:ff::2/64
        gateway 2001:470:ffff:ff::1
        pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra
...
}}
 
=== Example: Dual-Stack Configuration ===


== Example: Dual-Stack Configuration ==
This example shows a dual-stack configuration.
This example shows a dual-stack configuration.
<pre>auto lo
 
{{cat|/etc/network/interfaces|auto lo
iface lo inet loopback
iface lo inet loopback


Line 103: Line 201:
iface eth0 inet static
iface eth0 inet static
         address 192.168.1.150
         address 192.168.1.150
        netmask 255.255.255.0
      netmask 255.255.255.0
         gateway 192.168.1.1
         gateway 192.168.1.1


Line 110: Line 208:
         netmask 64
         netmask 64
         gateway 2001:470:ffff:ff::1
         gateway 2001:470:ffff:ff::1
         pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra</pre>
         pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra
}}
 
Take care since Alpine 3.13 (and only if you have <code>ifupdown-ng</code> installed) must be as:
 
{{cat|/etc/network/interfaces|auto lo
iface lo inet loopback


= Firewalling with iptables and ip6tables =
auto eth0
== Install iptables/ip6tables ==
* To install iptables:
: {{Cmd|apk add iptables}}


* To install ip6tables:
iface eth0 inet static
: {{Cmd|apk add ip6tables}}
        address 192.168.1.150/24
        gateway 192.168.1.1
 
iface eth0 inet6 static
        address 2001:470:ffff:ff::2/64
        gateway 2001:470:ffff:ff::1
        pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra
}}
 
== Firewalling with iptables and ip6tables ==
 
See also: [[Alpine Wall]] - [[How-To Alpine Wall]] - [https://git.alpinelinux.org/awall/about/ Alpine Wall User's Guide].
 
=== Install iptables/ip6tables ===
* To install iptables (includes ip6tables in alpine 3.19 and up):
: {{Cmd|# apk add {{pkg|iptables|arch=}}}}
 
* To install ip6tables (Alpine older than 3.19 only):
: {{Cmd|# apk add {{pkg|ip6tables|branch=v3.18|arch=}}}}


* To install the man pages for iptables and ip6tables:
* To install the man pages for iptables and ip6tables:
: {{Cmd|apk add iptables-doc}}
: {{Cmd|# apk add {{pkg|iptables-doc|arch=}}}}


== Configure iptables/ip6tables ==
=== Configure iptables/ip6tables ===
{{ Tip| Good examples of how to write iptables rules can be found at the Linux Home Networking Wiki http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables }}


== Save Firewall Rules ==
 
=== Save Firewall Rules ===


=== For iptables ===
=== For iptables ===
# Set iptables to start on reboot
# Set iptables to start on reboot
#* {{ Cmd| rc-update add iptables }}
#* {{ Cmd|# rc-update add iptables }}
# Write the firewall rules to disk
# Write the firewall rules to disk
#* {{ Cmd| /etc/init.d/iptables save}}
#* {{ Cmd|# rc-service iptables save}}
# If you use Alpine Local Backup:
# If you use Alpine Local Backup:
<!-- Not needed on Alpine > 2.3
## Add the firewall rules to Alpine Local Backup
## Add the firewall rules to Alpine Local Backup
##* {{ Cmd| lbu add /var/lib/iptables/rules-save }}
##* {{ Cmd|# lbu add /var/lib/iptables/rules-save }}
-->
## Save the configuration
## Save the configuration
##* {{ Cmd| lbu ci }}
##* {{ Cmd|# lbu ci }}


=== For ip6tables ===
=== For ip6tables ===
# Set ip6tables to start on reboot
# Set ip6tables to start on reboot
#* {{ Cmd| rc-update add ip6tables }}
#* {{ Cmd|# rc-update add ip6tables }}
# Write the firewall rules to disk
# Write the firewall rules to disk
#* {{ Cmd| /etc/init.d/ip6tables save}}
#* {{ Cmd|# rc-service ip6tables save}}
# If you use Alpine Local Backup:
# If you use Alpine Local Backup:
<!-- Not needed on Alpine > 2.3
## Add the firewall rules to Alpine Local Backup
## Add the firewall rules to Alpine Local Backup
##* {{ Cmd| lbu add /var/lib/ip6tables/rules-save }}
##* {{ Cmd|# lbu add /var/lib/ip6tables/rules-save }}
-->
## Save the configuration
## Save the configuration
##* {{ Cmd| lbu ci }}
##* {{ Cmd|# lbu ci }}


= Activating Changes and Testing Connectivity =
== Activating Changes and Testing Connectivity ==
Changes made to <code>/etc/network/interfaces</code> can be activated by running:
Changes made to {{path|/etc/network/interfaces}} can be activated by running:
{{Cmd|/etc/init.d/networking restart}}
{{Cmd|# rc-service networking restart}}
If you did not get any errors, you can now test that networking is configured properly by attempting to ping out:
If you did not get any errors, you can now test that networking is configured properly by attempting to ping out:
{{Cmd|ping www.google.com}}
{{Cmd|<nowiki>$ ping www.google.com
<pre>PING www.l.google.com (74.125.47.103) 56(84) bytes of data.
PING www.l.google.com (74.125.47.103) 56(84) bytes of data.
64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=1 ttl=48 time=58.5 ms
64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=1 ttl=48 time=58.5 ms
64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=2 ttl=48 time=56.4 ms
64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=2 ttl=48 time=56.4 ms
Line 163: Line 286:
--- www.l.google.com ping statistics ---
--- www.l.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3007ms
4 packets transmitted, 4 received, 0% packet loss, time 3007ms
rtt min/avg/max/mdev = 56.411/58.069/60.256/1.501 ms</pre>
rtt min/avg/max/mdev = 56.411/58.069/60.256/1.501 ms
 
</nowiki>}}
For an IPv6 traceroute (<code>traceroute6</code>), you will first need to install the <code>iputils</code> package:
{{Cmd|apk add iputils}}


Then run <code>traceroute6</code>:
For an IPv6 traceroute run <code>traceroute6</code>:
{{Cmd|traceroute6 ipv6.google.com}}
{{Cmd|$ traceroute6 ipv6.google.com
<pre>traceroute to ipv6.l.google.com (2001:4860:8009::67) from 2001:470:ffff:ff::2, 30 hops max, 16 byte packets
traceroute to ipv6.l.google.com (2001:4860:8009::67) from 2001:470:ffff:ff::2, 30 hops max, 16 byte packets
  1  2001:470:ffff:ff::1 (2001:470:ffff:ff::1)  3.49 ms  0.62 ms  0.607 ms
  1  2001:470:ffff:ff::1 (2001:470:ffff:ff::1)  3.49 ms  0.62 ms  0.607 ms
  2  *  *  *
  2  *  *  *
Line 179: Line 300:
  7  2001:4860::2:0:a7 (2001:4860::2:0:a7)  101.754 ms  100.475 ms  100.512 ms
  7  2001:4860::2:0:a7 (2001:4860::2:0:a7)  101.754 ms  100.475 ms  100.512 ms
  8  2001:4860:0:1::c3 (2001:4860:0:1::c3)  99.272 ms  111.989 ms  99.835 ms
  8  2001:4860:0:1::c3 (2001:4860:0:1::c3)  99.272 ms  111.989 ms  99.835 ms
  9  yw-in-x67.1e100.net (2001:4860:8009::67)  101.545 ms  109.675 ms  99.431 ms</pre>
  9  yw-in-x67.1e100.net (2001:4860:8009::67)  101.545 ms  109.675 ms  99.431 ms
}}
 
== Additional Utilities ==
 
=== iproute2 ===
 
You may wish to install the 'iproute2' package (note that this will also install iptables if not yet installed)
 
{{Cmd|# apk add iproute2}}
 
This provides the 'ss' command which is IMHO a 'better' version of netstat.
 
Show listening tcp ports:
{{Cmd|$ ss -tl}}
 
Show listening tcp ports and associated processes:
{{Cmd|$ ss -ptl}}
 
Show listening and established tcp connections:
{{Cmd|$ ss -ta}}
 
Show socket usage summary:
{{Cmd|$ ss -s}}
 
Show more options:
{{Cmd|$ ss -h}}
 
=== drill ===
 
You may also wish to install 'drill' (it will also install the 'ldns' package) which is a superior (IMHO) replacement for nslookup and dig etc:
 
{{Cmd|# apk add drill}}
 
Then use it as you would for dig:
 
{{Cmd|$ drill alpinelinux.org @8.8.8.8}}
 
To perform a reverse lookup (get a name from an IP) use the following syntax:
 
{{Cmd|$ drill -x 8.8.8.8 @208.67.222.222}}
 
== Related articles ==
 
You may also wish to review the following network related articles:
* [[VLAN|VLAN setup]]
* [[Bonding|Bonding setup]]
* [[Bridge|Network bridge setup]]
* [[udhcpc|udhcpc configuration]]
* [[NetworkManager]] - Front-end to Networking
* [[Wifi#wpa_supplicant|wpa_supplicant]] - Default wifi daemon
* [[Iwd|iwd]] - An alternate to wpa_supplicant
 
[[Category:Networking]]

Latest revision as of 05:37, 18 October 2024

This page will assist you in setting up networking on Alpine Linux.

Note: You must be logged in as root in order to perform the actions on this page.

Network setup-scripts

Among the alpine setup scripts that are installed as part of alpine-conf, the following network related scripts are available.

  • setup-hostname
  • setup-interfaces
  • setup-dns
  • setup-proxy
  • setup-ntp

All the above utilities are interactive. When setup-interfaces is invoked as follows,

# setup-interfaces

it helps to configure wireless and ethernet interfaces in addition to other types. The above scripts will satisfy most trivial configurations. For a versatile networking front end, refer NetworkManager. If you're needs are more advanced, you've to refer to the following detailed guides..

Setting System Hostname

To set the system hostname:

# echo "shortname" > /etc/hostname

Then, to activate the change:

# hostname -F /etc/hostname

If you're using IPv6, you should also add the following special IPv6 addresses to your /etc/hosts file:

Contents of /etc/hosts

... ::1 localhost ipv6-localhost ipv6-loopback fe00::0 ipv6-localnet ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts
Tip: If you're going to use automatic IP configuration, such as IPv4 DHCP or IPv6 Stateless Autoconfiguration, you can skip ahead to Configuring DNS. Otherwise, if you're going to use a static IPv4 or IPv6 address, continue below.

For a static IP configuration, it's common to also add the machine's hostname you just set (above) to the /etc/hosts file.

Here's an IPv4 example:

Contents of /etc/hosts

... 192.168.1.150 shortname.domain.com ...

And here's an IPv6 example:

Contents of /etc/hosts

... 2001:470:ffff:ff::2 shortname.domain.com ...

Configuring DNS

Tip: For users of IPv4 DHCP: Please note that /etc/resolv.conf will be completely overwritten with any nameservers provided by DHCP. If DHCP does not provide any nameservers, then /etc/resolv.conf will still be overwritten, but will not contain any nameservers!

For a static IP address and static nameservers, use one of the following examples.

For IPv4 nameservers, edit your /etc/resolv.conf file to look like this:
The following example uses Google's Public DNS servers.

Contents of /etc/resolv.conf

nameserver 8.8.8.8 nameserver 8.8.4.4

For IPv6 nameservers, edit your /etc/resolv.conf file to look like this:
The following example uses Hurricane Electric's public DNS server.

Contents of /etc/resolv.conf

nameserver 2001:470:20::2

You can also use Hurricane Electric's public IPv4 DNS server:

Contents of /etc/resolv.conf

nameserver 74.82.42.42
Tip: If you decide to use Hurricane Electric's nameserver, be aware that it is 'Google-whitelisted'. What does this mean? It allows you access to many of Google's services via IPv6. (Just don't add other, non-whitelisted, nameservers to /etc/resolv.conf — ironically, such as Google's Public DNS Servers.) Read here for more information.

Interface Configuration

Loopback Configuration (Required)

Note: The loopback configuration must appear first in /etc/network/interfaces to prevent networking issues.

To configure loopback, add the following to a new file /etc/network/interfaces:

Contents of /etc/network/interfaces

... auto lo iface lo inet loopback

The above works to set up the IPv4 loopback address (127.0.0.1), and the IPv6 loopback address (::1) — if you enabled IPv6.

Wireless Configuration

Alpine Linux supports two wireless daemons i.e iwd and wpa_supplicant. Using both may lead to conflicts.

Ethernet Configuration

For the following Ethernet configuration examples, we will assume that you are using Ethernet device eth0.

Initial Configuration

Add the following to the file /etc/network/interfaces, above any IP configuration for eth0:

Contents of /etc/network/interfaces

... auto eth0 ...

IPv4 DHCP Configuration

Add the following to the file /etc/network/interfaces, below the auto eth0 definition:

Contents of /etc/network/interfaces

... iface eth0 inet dhcp ...

By default, the busybox DHCP client (udhcpc) requests a static set of options from the DHCP server. If you need to extend this set, you can do so by setting some additional command line options for the DHCP client, via the udhcpc_opts in your interface configuration. The following example requests domain-search option:

Contents of /etc/network/interfaces

... iface eth0 inet dhcp udhcpc_opts -O search ...

For a complete list of command line options for udhcpc, see this document.

IPv4 Static Address Configuration

Add the following to the file /etc/network/interfaces, below the auto eth0 definition:

Contents of /etc/network/interfaces

... iface eth0 inet static address 192.168.1.150 netmask 255.255.255.0 gateway 192.168.1.1 ...

Since Alpine 3.13 (and only if you have ifupdown-ng installed) must be:

Contents of /etc/network/interfaces

... iface eth0 inet static address 192.168.1.150/24 gateway 192.168.1.1 ...


Additional IP addresses

Contents of /etc/network/interfaces

... iface eth0 inet static address 192.168.1.150 netmask 255.255.255.0 iface eth0 inet static address 192.168.1.151/24 ...

Since Alpine 3.13 (and only if you have ifupdown-ng installed) must be:

Contents of /etc/network/interfaces

... iface eth0 inet static address 192.168.1.150/24 gateway 192.168.1.1 iface eth0 inet static address 192.168.1.151/24 ...

IPv6 DHCP Configuration

Alpine's use of ifupdown-ng supports three DHCP clients: udhcpc, dhclient, and dhcpcd. Of these, only dhcpcd can interact with both DHCP and DHCPv6 from the same process, which ifupdown-ng requires. Thus the IPv4 DHCP configuration given above will also result in the use of DHCPv6, but only if you install the dhcpcd package. (The ifupdown-ng scripts prioritize dhclient over udhcpc, and they prioritize dhcpcd over dhclient; see /usr/libexec/ifupdown-ng/dhcp.)

IPv6 Stateless Autoconfiguration

Add the following to the file /etc/network/interfaces, below the auto eth0 definition:

Contents of /etc/network/interfaces

... iface eth0 inet6 auto ...

IPv6 Static Address Configuration

Add the following to the file /etc/network/interfaces, below the auto eth0 definition:

Contents of /etc/network/interfaces

... iface eth0 inet6 static address 2001:470:ffff:ff::2 netmask 64 gateway 2001:470:ffff:ff::1 pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra ...

Since Alpine Linux 3.13 (and only if you have ifupdown-ng installed) must be as:

Contents of /etc/network/interfaces

... iface eth0 inet6 static address 2001:470:ffff:ff::2/64 gateway 2001:470:ffff:ff::1 pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra ...

Example: Dual-Stack Configuration

This example shows a dual-stack configuration.

Contents of /etc/network/interfaces

auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.1.150 netmask 255.255.255.0 gateway 192.168.1.1 iface eth0 inet6 static address 2001:470:ffff:ff::2 netmask 64 gateway 2001:470:ffff:ff::1 pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra

Take care since Alpine 3.13 (and only if you have ifupdown-ng installed) must be as:

Contents of /etc/network/interfaces

auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.1.150/24 gateway 192.168.1.1 iface eth0 inet6 static address 2001:470:ffff:ff::2/64 gateway 2001:470:ffff:ff::1 pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra

Firewalling with iptables and ip6tables

See also: Alpine Wall - How-To Alpine Wall - Alpine Wall User's Guide.

Install iptables/ip6tables

  • To install iptables (includes ip6tables in alpine 3.19 and up):

# apk add iptables

  • To install ip6tables (Alpine older than 3.19 only):

# apk add ip6tables

  • To install the man pages for iptables and ip6tables:

# apk add iptables-doc

Configure iptables/ip6tables

Save Firewall Rules

For iptables

  1. Set iptables to start on reboot
    • # rc-update add iptables

  2. Write the firewall rules to disk
    • # rc-service iptables save

  3. If you use Alpine Local Backup:
    1. Save the configuration
      • # lbu ci

For ip6tables

  1. Set ip6tables to start on reboot
    • # rc-update add ip6tables

  2. Write the firewall rules to disk
    • # rc-service ip6tables save

  3. If you use Alpine Local Backup:
    1. Save the configuration
      • # lbu ci

Activating Changes and Testing Connectivity

Changes made to /etc/network/interfaces can be activated by running:

# rc-service networking restart

If you did not get any errors, you can now test that networking is configured properly by attempting to ping out:

$ ping www.google.com PING www.l.google.com (74.125.47.103) 56(84) bytes of data. 64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=1 ttl=48 time=58.5 ms 64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=2 ttl=48 time=56.4 ms 64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=3 ttl=48 time=57.0 ms 64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=4 ttl=48 time=60.2 ms ^C --- www.l.google.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3007ms rtt min/avg/max/mdev = 56.411/58.069/60.256/1.501 ms

For an IPv6 traceroute run traceroute6:

$ traceroute6 ipv6.google.com traceroute to ipv6.l.google.com (2001:4860:8009::67) from 2001:470:ffff:ff::2, 30 hops max, 16 byte packets 1 2001:470:ffff:ff::1 (2001:470:ffff:ff::1) 3.49 ms 0.62 ms 0.607 ms 2 * * * 3 * * * 4 pr61.iad07.net.google.com (2001:504:0:2:0:1:5169:1) 134.313 ms 95.342 ms 88.425 ms 5 2001:4860::1:0:9ff (2001:4860::1:0:9ff) 100.759 ms 100.537 ms 89.907 ms 6 2001:4860::1:0:5db (2001:4860::1:0:5db) 115.563 ms 102.946 ms 106.191 ms 7 2001:4860::2:0:a7 (2001:4860::2:0:a7) 101.754 ms 100.475 ms 100.512 ms 8 2001:4860:0:1::c3 (2001:4860:0:1::c3) 99.272 ms 111.989 ms 99.835 ms 9 yw-in-x67.1e100.net (2001:4860:8009::67) 101.545 ms 109.675 ms 99.431 ms

Additional Utilities

iproute2

You may wish to install the 'iproute2' package (note that this will also install iptables if not yet installed)

# apk add iproute2

This provides the 'ss' command which is IMHO a 'better' version of netstat.

Show listening tcp ports:

$ ss -tl

Show listening tcp ports and associated processes:

$ ss -ptl

Show listening and established tcp connections:

$ ss -ta

Show socket usage summary:

$ ss -s

Show more options:

$ ss -h

drill

You may also wish to install 'drill' (it will also install the 'ldns' package) which is a superior (IMHO) replacement for nslookup and dig etc:

# apk add drill

Then use it as you would for dig:

$ drill alpinelinux.org @8.8.8.8

To perform a reverse lookup (get a name from an IP) use the following syntax:

$ drill -x 8.8.8.8 @208.67.222.222

Related articles

You may also wish to review the following network related articles: