Configure Networking: Difference between revisions
m (→Enabling IPv6 (Optional): Replaced the pre tags with Cmd template tags for the commands) |
Prabuanand (talk | contribs) m (updated links) |
||
(52 intermediate revisions by 17 users not shown) | |||
Line 1: | Line 1: | ||
This page will assist you in setting up networking on Alpine Linux. | This page will assist you in setting up networking on Alpine Linux. | ||
{{Note|You must be logged in as root in order to perform the actions on this page.}} | {{Note|You must be logged in as root in order to perform the actions on this page.}} | ||
= | == Network setup-scripts == | ||
{{Cmd| | Among the alpine setup scripts that are installed as part of <code>alpine-conf</code>, the following network related scripts are available. | ||
* <code>setup-hostname</code> | |||
* <code>setup-interfaces</code> | |||
* <code>setup-dns</code> | |||
* <code>setup-proxy</code> | |||
* <code>setup-ntp</code> | |||
All the above utilities are interactive. When <code>setup-interfaces</code> is invoked as follows, | |||
{{Cmd|# setup-interfaces}} | |||
it helps to configure wireless and ethernet interfaces in addition to other types. The above scripts will satisfy most trivial configurations. For a versatile networking front end, refer [[NetworkManager]]. If you're needs are more advanced, you've to refer to the following detailed guides.. | |||
== Setting System Hostname == | |||
{{Cmd| | To set the system hostname: | ||
{{Cmd|# echo "shortname" > /etc/hostname}} | |||
If you're using IPv6, you should also add the following special IPv6 addresses to your | Then, to activate the change: | ||
{{Cmd|# hostname -F /etc/hostname}} | |||
If you're using IPv6, you should also add the following special IPv6 addresses to your {{path|/etc/hosts}} file: | |||
{{cat|/etc/hosts|... | |||
::1 localhost ipv6-localhost ipv6-loopback | |||
fe00::0 ipv6-localnet | fe00::0 ipv6-localnet | ||
ff00::0 ipv6-mcastprefix | ff00::0 ipv6-mcastprefix | ||
ff02::1 ipv6-allnodes | ff02::1 ipv6-allnodes | ||
ff02::2 ipv6-allrouters | ff02::2 ipv6-allrouters | ||
ff02::3 ipv6-allhosts | ff02::3 ipv6-allhosts | ||
}} | |||
{{Tip|If you | {{Tip|If you're going to use automatic IP configuration, such as IPv4 DHCP or IPv6 Stateless Autoconfiguration, you can skip ahead to [[#Configuring_DNS|Configuring DNS]]. Otherwise, if you're going to use a static IPv4 or IPv6 address, continue below.}} | ||
For a static IP configuration, it's common to also add the machine's hostname you just set (above) to the | For a static IP configuration, it's common to also add the machine's hostname you just set (above) to the {{path|/etc/hosts}} file. | ||
Here's an IPv4 example: | Here's an IPv4 example: | ||
{{cat|/etc/hosts|... | |||
192.168.1.150 shortname.domain.com | |||
... | |||
}} | |||
And here's an IPv6 example: | And here's an IPv6 example: | ||
{{cat|/etc/hosts|... | |||
2001:470:ffff:ff::2 shortname.domain.com | |||
... | |||
}} | |||
= Configuring DNS = | == Configuring DNS == | ||
{{ | {{Tip|'''For users of IPv4 DHCP:''' Please note that {{path|/etc/resolv.conf}} will be completely overwritten with any nameservers provided by DHCP. | ||
If DHCP does not provide any nameservers, then {{path|/etc/resolv.conf}} will still be overwritten, but will not contain any nameservers!}} | |||
For | For a static IP address and static nameservers, use one of the following examples. | ||
For IPv4 nameservers, edit your | For IPv4 nameservers, edit your {{path|/etc/resolv.conf}} file to look like this:<br /> | ||
The following example uses [ | The following example uses [https://en.wikipedia.org/wiki/Google_Public_DNS Google's Public DNS servers]. | ||
{{cat|/etc/resolv.conf|nameserver 8.8.8.8 | |||
nameserver 8.8.4.4 | |||
}} | |||
For IPv6 nameservers, edit your | For IPv6 nameservers, edit your {{path|/etc/resolv.conf}} file to look like this:<br /> | ||
The following example uses [ | The following example uses [https://www.he.net/ Hurricane Electric's] public DNS server. | ||
{{cat|/etc/resolv.conf|nameserver 2001:470:20::2}} | |||
You can also use Hurricane Electric's public DNS server | You can also use Hurricane Electric's public IPv4 DNS server: | ||
{{cat|/etc/resolv.conf|nameserver 74.82.42.42}} | |||
{{Tip|If you decide to use Hurricane Electric's nameserver, be aware that it is 'Google-whitelisted'. What does this mean? It allows you access to many of Google's services via IPv6. (Just don't add other, non-whitelisted, nameservers to | {{Tip|If you decide to use Hurricane Electric's nameserver, be aware that it is 'Google-whitelisted'. What does this mean? It allows you access to many of Google's services via IPv6. (Just don't add other, non-whitelisted, nameservers to {{path|/etc/resolv.conf}} — ironically, such as Google's Public DNS Servers.) Read [https://www.google.com/intl/en/ipv6/ here] for more information.}} | ||
= | == Interface Configuration == | ||
=== Loopback Configuration (Required) === | |||
{{ | {{Note|The loopback configuration must appear first in {{path|/etc/network/interfaces}} to prevent networking issues.}} | ||
To configure loopback, add the following to a new file {{path|/etc/network/interfaces}}: | |||
{{cat|/etc/network/interfaces|... | |||
auto lo | |||
iface lo inet loopback | |||
}} | |||
The above works to set up the IPv4 loopback address (127.0.0.1), and the IPv6 loopback address (<code>::1</code>) — if you enabled IPv6. | |||
== | === Wireless Configuration === | ||
Alpine Linux supports two wireless daemons i.e [[iwd]] and [[Wi-Fi#wpa_supplicant|wpa_supplicant]]. Using both may lead to conflicts. | |||
== Ethernet Configuration == | === Ethernet Configuration === | ||
For the following Ethernet configuration examples, we will assume that you are using Ethernet device <code>eth0</code>. | For the following Ethernet configuration examples, we will assume that you are using Ethernet device <code>eth0</code>. | ||
=== Initial Configuration === | ==== Initial Configuration ==== | ||
Add the following to the file | Add the following to the file {{path|/etc/network/interfaces}}, above any IP configuration for <code>eth0</code>: | ||
{{cat|/etc/network/interfaces|... | |||
auto eth0 | |||
... | |||
}} | |||
=== IPv4 DHCP Configuration === | ==== IPv4 DHCP Configuration ==== | ||
Add the following to the file | Add the following to the file {{path|/etc/network/interfaces}}, below the <code>auto eth0</code> definition: | ||
< | {{cat|/etc/network/interfaces|... | ||
iface eth0 inet dhcp | |||
... | |||
}} | |||
By default, the busybox DHCP client (udhcpc) requests a static set of options from the DHCP server. If you need to extend this set, you can do so by setting some additional command line options for the DHCP client, via the <code>udhcpc_opts</code> in your interface configuration. The following example requests | |||
<code>domain-search</code> option: | |||
{{cat|/etc/network/interfaces|... | |||
iface eth0 inet dhcp | |||
udhcpc_opts -O search | |||
... | |||
}} | |||
For a complete list of command line options for udhcpc, see [https://busybox.net/downloads/BusyBox.html#udhcpc this document]. | |||
=== IPv4 Static Address Configuration === | ==== IPv4 Static Address Configuration ==== | ||
Add the following to the file | Add the following to the file {{path|/etc/network/interfaces}}, below the <code>auto eth0</code> definition: | ||
{{cat|/etc/network/interfaces|... | |||
iface eth0 inet static | |||
address 192.168.1.150 | address 192.168.1.150 | ||
netmask 255.255.255.0 | netmask 255.255.255.0 | ||
gateway 192.168.1.1</ | gateway 192.168.1.1 | ||
... | |||
}} | |||
Since Alpine 3.13 (and only if you have <code>ifupdown-ng</code> installed) must be: | |||
{{cat|/etc/network/interfaces|... | |||
iface eth0 inet static | |||
address 192.168.1.150/24 | |||
gateway 192.168.1.1 | |||
... | |||
}} | |||
===== Additional IP addresses ===== | |||
{{cat|/etc/network/interfaces|... | |||
iface eth0 inet static | |||
address 192.168.1.150 | |||
netmask 255.255.255.0 | |||
iface eth0 inet static | |||
address 192.168.1.151/24 | |||
... | |||
}} | |||
Since Alpine 3.13 (and only if you have <code>ifupdown-ng</code> installed) must be: | |||
{{cat|/etc/network/interfaces|... | |||
iface eth0 inet static | |||
address 192.168.1.150/24 | |||
gateway 192.168.1.1 | |||
iface eth0 inet static | |||
address 192.168.1.151/24 | |||
... | |||
}} | |||
==== IPv6 DHCP Configuration ==== | |||
Alpine's use of ifupdown-ng supports three DHCP clients: udhcpc, dhclient, and dhcpcd. Of these, only dhcpcd can interact with both DHCP and DHCPv6 from the same process, which ifupdown-ng requires. Thus the IPv4 DHCP configuration given above will also result in the use of DHCPv6, but only if you install the dhcpcd package. (The ifupdown-ng scripts prioritize dhclient over udhcpc, and they prioritize dhcpcd over dhclient; see {{path|/usr/libexec/ifupdown-ng/dhcp}}.) | |||
=== IPv6 Stateless Autoconfiguration === | === IPv6 Stateless Autoconfiguration === | ||
Add the following to the file | Add the following to the file {{path|/etc/network/interfaces}}, below the <code>auto eth0</code> definition: | ||
{{cat|/etc/network/interfaces|... | |||
iface eth0 inet6 auto | |||
... | |||
}} | |||
{{ | ==== IPv6 Static Address Configuration ==== | ||
Add the following to the file {{path|/etc/network/interfaces}}, below the <code>auto eth0</code> definition: | |||
{{cat|/etc/network/interfaces|... | |||
iface eth0 inet6 static | |||
address 2001:470:ffff:ff::2 | address 2001:470:ffff:ff::2 | ||
netmask 64 | netmask 64 | ||
gateway 2001:470:ffff:ff::1 | gateway 2001:470:ffff:ff::1 | ||
pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra</pre> | pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra | ||
... | |||
}} | |||
Since Alpine Linux 3.13 (and only if you have <code>ifupdown-ng</code> installed) must be as: | |||
{{cat|/etc/network/interfaces|... | |||
iface eth0 inet6 static | |||
address 2001:470:ffff:ff::2/64 | |||
gateway 2001:470:ffff:ff::1 | |||
pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra | |||
... | |||
}} | |||
=== Example: Dual-Stack Configuration === | |||
This example shows a dual-stack configuration. | This example shows a dual-stack configuration. | ||
{{cat|/etc/network/interfaces|auto lo | |||
iface lo inet loopback | iface lo inet loopback | ||
Line 103: | Line 201: | ||
iface eth0 inet static | iface eth0 inet static | ||
address 192.168.1.150 | address 192.168.1.150 | ||
netmask 255.255.255.0 | |||
gateway 192.168.1.1 | gateway 192.168.1.1 | ||
Line 110: | Line 208: | ||
netmask 64 | netmask 64 | ||
gateway 2001:470:ffff:ff::1 | gateway 2001:470:ffff:ff::1 | ||
pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra</ | pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra | ||
}} | |||
Take care since Alpine 3.13 (and only if you have <code>ifupdown-ng</code> installed) must be as: | |||
{{cat|/etc/network/interfaces|auto lo | |||
iface lo inet loopback | |||
auto eth0 | |||
* To install ip6tables: | iface eth0 inet static | ||
: {{Cmd|apk add ip6tables}} | address 192.168.1.150/24 | ||
gateway 192.168.1.1 | |||
iface eth0 inet6 static | |||
address 2001:470:ffff:ff::2/64 | |||
gateway 2001:470:ffff:ff::1 | |||
pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra | |||
}} | |||
== Firewalling with iptables and ip6tables == | |||
See also: [[Alpine Wall]] - [[How-To Alpine Wall]] - [https://git.alpinelinux.org/awall/about/ Alpine Wall User's Guide]. | |||
=== Install iptables/ip6tables === | |||
* To install iptables (includes ip6tables in alpine 3.19 and up): | |||
: {{Cmd|# apk add {{pkg|iptables|arch=}}}} | |||
* To install ip6tables (Alpine older than 3.19 only): | |||
: {{Cmd|# apk add {{pkg|ip6tables|branch=v3.18|arch=}}}} | |||
* To install the man pages for iptables and ip6tables: | * To install the man pages for iptables and ip6tables: | ||
: {{Cmd|apk add iptables-doc}} | : {{Cmd|# apk add {{pkg|iptables-doc|arch=}}}} | ||
== Configure iptables/ip6tables == | === Configure iptables/ip6tables === | ||
== Save Firewall Rules == | |||
=== Save Firewall Rules === | |||
=== For iptables === | === For iptables === | ||
# Set iptables to start on reboot | # Set iptables to start on reboot | ||
#* {{ Cmd| rc-update add iptables }} | #* {{ Cmd|# rc-update add iptables }} | ||
# Write the firewall rules to disk | # Write the firewall rules to disk | ||
#* {{ Cmd| | #* {{ Cmd|# rc-service iptables save}} | ||
# If you use Alpine Local Backup: | # If you use Alpine Local Backup: | ||
<!-- Not needed on Alpine > 2.3 | |||
## Add the firewall rules to Alpine Local Backup | ## Add the firewall rules to Alpine Local Backup | ||
##* {{ Cmd| lbu add /var/lib/iptables/rules-save }} | ##* {{ Cmd|# lbu add /var/lib/iptables/rules-save }} | ||
--> | |||
## Save the configuration | ## Save the configuration | ||
##* {{ Cmd| lbu ci }} | ##* {{ Cmd|# lbu ci }} | ||
=== For ip6tables === | === For ip6tables === | ||
# Set ip6tables to start on reboot | # Set ip6tables to start on reboot | ||
#* {{ Cmd| rc-update add ip6tables }} | #* {{ Cmd|# rc-update add ip6tables }} | ||
# Write the firewall rules to disk | # Write the firewall rules to disk | ||
#* {{ Cmd| | #* {{ Cmd|# rc-service ip6tables save}} | ||
# If you use Alpine Local Backup: | # If you use Alpine Local Backup: | ||
<!-- Not needed on Alpine > 2.3 | |||
## Add the firewall rules to Alpine Local Backup | ## Add the firewall rules to Alpine Local Backup | ||
##* {{ Cmd| lbu add /var/lib/ip6tables/rules-save }} | ##* {{ Cmd|# lbu add /var/lib/ip6tables/rules-save }} | ||
--> | |||
## Save the configuration | ## Save the configuration | ||
##* {{ Cmd| lbu ci }} | ##* {{ Cmd|# lbu ci }} | ||
= Activating Changes and Testing Connectivity = | == Activating Changes and Testing Connectivity == | ||
Changes made to | Changes made to {{path|/etc/network/interfaces}} can be activated by running: | ||
{{Cmd| | {{Cmd|# rc-service networking restart}} | ||
If you did not get any errors, you can now test that networking is configured properly by attempting to ping out: | If you did not get any errors, you can now test that networking is configured properly by attempting to ping out: | ||
{{Cmd|ping www.google.com | {{Cmd|<nowiki>$ ping www.google.com | ||
PING www.l.google.com (74.125.47.103) 56(84) bytes of data. | |||
64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=1 ttl=48 time=58.5 ms | 64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=1 ttl=48 time=58.5 ms | ||
64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=2 ttl=48 time=56.4 ms | 64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=2 ttl=48 time=56.4 ms | ||
Line 163: | Line 286: | ||
--- www.l.google.com ping statistics --- | --- www.l.google.com ping statistics --- | ||
4 packets transmitted, 4 received, 0% packet loss, time 3007ms | 4 packets transmitted, 4 received, 0% packet loss, time 3007ms | ||
rtt min/avg/max/mdev = 56.411/58.069/60.256/1.501 ms | rtt min/avg/max/mdev = 56.411/58.069/60.256/1.501 ms | ||
</nowiki>}} | |||
For an IPv6 traceroute run <code>traceroute6</code>: | |||
{{Cmd|traceroute6 ipv6.google.com | {{Cmd|$ traceroute6 ipv6.google.com | ||
traceroute to ipv6.l.google.com (2001:4860:8009::67) from 2001:470:ffff:ff::2, 30 hops max, 16 byte packets | |||
1 2001:470:ffff:ff::1 (2001:470:ffff:ff::1) 3.49 ms 0.62 ms 0.607 ms | 1 2001:470:ffff:ff::1 (2001:470:ffff:ff::1) 3.49 ms 0.62 ms 0.607 ms | ||
2 * * * | 2 * * * | ||
Line 179: | Line 300: | ||
7 2001:4860::2:0:a7 (2001:4860::2:0:a7) 101.754 ms 100.475 ms 100.512 ms | 7 2001:4860::2:0:a7 (2001:4860::2:0:a7) 101.754 ms 100.475 ms 100.512 ms | ||
8 2001:4860:0:1::c3 (2001:4860:0:1::c3) 99.272 ms 111.989 ms 99.835 ms | 8 2001:4860:0:1::c3 (2001:4860:0:1::c3) 99.272 ms 111.989 ms 99.835 ms | ||
9 yw-in-x67.1e100.net (2001:4860:8009::67) 101.545 ms 109.675 ms 99.431 ms | 9 yw-in-x67.1e100.net (2001:4860:8009::67) 101.545 ms 109.675 ms 99.431 ms | ||
}} | |||
== Additional Utilities == | |||
=== iproute2 === | |||
You may wish to install the 'iproute2' package (note that this will also install iptables if not yet installed) | |||
{{Cmd|# apk add iproute2}} | |||
This provides the 'ss' command which is IMHO a 'better' version of netstat. | |||
Show listening tcp ports: | |||
{{Cmd|$ ss -tl}} | |||
Show listening tcp ports and associated processes: | |||
{{Cmd|$ ss -ptl}} | |||
Show listening and established tcp connections: | |||
{{Cmd|$ ss -ta}} | |||
Show socket usage summary: | |||
{{Cmd|$ ss -s}} | |||
Show more options: | |||
{{Cmd|$ ss -h}} | |||
=== drill === | |||
You may also wish to install 'drill' (it will also install the 'ldns' package) which is a superior (IMHO) replacement for nslookup and dig etc: | |||
{{Cmd|# apk add drill}} | |||
Then use it as you would for dig: | |||
{{Cmd|$ drill alpinelinux.org @8.8.8.8}} | |||
To perform a reverse lookup (get a name from an IP) use the following syntax: | |||
{{Cmd|$ drill -x 8.8.8.8 @208.67.222.222}} | |||
== Related articles == | |||
You may also wish to review the following network related articles: | |||
* [[VLAN|VLAN setup]] | |||
* [[Bonding|Bonding setup]] | |||
* [[Bridge|Network bridge setup]] | |||
* [[udhcpc|udhcpc configuration]] | |||
* [[NetworkManager]] - Front-end to Networking | |||
* [[Wifi#wpa_supplicant|wpa_supplicant]] - Default wifi daemon | |||
* [[Iwd|iwd]] - An alternate to wpa_supplicant | |||
[[Category:Networking]] |
Latest revision as of 05:37, 18 October 2024
This page will assist you in setting up networking on Alpine Linux.
Network setup-scripts
Among the alpine setup scripts that are installed as part of alpine-conf
, the following network related scripts are available.
setup-hostname
setup-interfaces
setup-dns
setup-proxy
setup-ntp
All the above utilities are interactive. When setup-interfaces
is invoked as follows,
# setup-interfaces
it helps to configure wireless and ethernet interfaces in addition to other types. The above scripts will satisfy most trivial configurations. For a versatile networking front end, refer NetworkManager. If you're needs are more advanced, you've to refer to the following detailed guides..
Setting System Hostname
To set the system hostname:
# echo "shortname" > /etc/hostname
Then, to activate the change:
# hostname -F /etc/hostname
If you're using IPv6, you should also add the following special IPv6 addresses to your /etc/hosts file:
Contents of /etc/hosts
For a static IP configuration, it's common to also add the machine's hostname you just set (above) to the /etc/hosts file.
Here's an IPv4 example:
Contents of /etc/hosts
And here's an IPv6 example:
Contents of /etc/hosts
Configuring DNS
For a static IP address and static nameservers, use one of the following examples.
For IPv4 nameservers, edit your /etc/resolv.conf file to look like this:
The following example uses Google's Public DNS servers.
Contents of /etc/resolv.conf
For IPv6 nameservers, edit your /etc/resolv.conf file to look like this:
The following example uses Hurricane Electric's public DNS server.
Contents of /etc/resolv.conf
You can also use Hurricane Electric's public IPv4 DNS server:
Contents of /etc/resolv.conf
Interface Configuration
Loopback Configuration (Required)
To configure loopback, add the following to a new file /etc/network/interfaces:
Contents of /etc/network/interfaces
The above works to set up the IPv4 loopback address (127.0.0.1), and the IPv6 loopback address (::1
) — if you enabled IPv6.
Wireless Configuration
Alpine Linux supports two wireless daemons i.e iwd and wpa_supplicant. Using both may lead to conflicts.
Ethernet Configuration
For the following Ethernet configuration examples, we will assume that you are using Ethernet device eth0
.
Initial Configuration
Add the following to the file /etc/network/interfaces, above any IP configuration for eth0
:
Contents of /etc/network/interfaces
IPv4 DHCP Configuration
Add the following to the file /etc/network/interfaces, below the auto eth0
definition:
Contents of /etc/network/interfaces
By default, the busybox DHCP client (udhcpc) requests a static set of options from the DHCP server. If you need to extend this set, you can do so by setting some additional command line options for the DHCP client, via the udhcpc_opts
in your interface configuration. The following example requests
domain-search
option:
Contents of /etc/network/interfaces
For a complete list of command line options for udhcpc, see this document.
IPv4 Static Address Configuration
Add the following to the file /etc/network/interfaces, below the auto eth0
definition:
Contents of /etc/network/interfaces
Since Alpine 3.13 (and only if you have ifupdown-ng
installed) must be:
Contents of /etc/network/interfaces
Additional IP addresses
Contents of /etc/network/interfaces
Since Alpine 3.13 (and only if you have ifupdown-ng
installed) must be:
Contents of /etc/network/interfaces
IPv6 DHCP Configuration
Alpine's use of ifupdown-ng supports three DHCP clients: udhcpc, dhclient, and dhcpcd. Of these, only dhcpcd can interact with both DHCP and DHCPv6 from the same process, which ifupdown-ng requires. Thus the IPv4 DHCP configuration given above will also result in the use of DHCPv6, but only if you install the dhcpcd package. (The ifupdown-ng scripts prioritize dhclient over udhcpc, and they prioritize dhcpcd over dhclient; see /usr/libexec/ifupdown-ng/dhcp.)
IPv6 Stateless Autoconfiguration
Add the following to the file /etc/network/interfaces, below the auto eth0
definition:
Contents of /etc/network/interfaces
IPv6 Static Address Configuration
Add the following to the file /etc/network/interfaces, below the auto eth0
definition:
Contents of /etc/network/interfaces
Since Alpine Linux 3.13 (and only if you have ifupdown-ng
installed) must be as:
Contents of /etc/network/interfaces
Example: Dual-Stack Configuration
This example shows a dual-stack configuration.
Contents of /etc/network/interfaces
Take care since Alpine 3.13 (and only if you have ifupdown-ng
installed) must be as:
Contents of /etc/network/interfaces
Firewalling with iptables and ip6tables
See also: Alpine Wall - How-To Alpine Wall - Alpine Wall User's Guide.
Install iptables/ip6tables
- To install iptables (includes ip6tables in alpine 3.19 and up):
# apk add iptables
- To install ip6tables (Alpine older than 3.19 only):
# apk add ip6tables
- To install the man pages for iptables and ip6tables:
# apk add iptables-doc
Configure iptables/ip6tables
Save Firewall Rules
For iptables
- Set iptables to start on reboot
# rc-update add iptables
- Write the firewall rules to disk
# rc-service iptables save
- If you use Alpine Local Backup:
- Save the configuration
# lbu ci
- Save the configuration
For ip6tables
- Set ip6tables to start on reboot
# rc-update add ip6tables
- Write the firewall rules to disk
# rc-service ip6tables save
- If you use Alpine Local Backup:
- Save the configuration
# lbu ci
- Save the configuration
Activating Changes and Testing Connectivity
Changes made to /etc/network/interfaces can be activated by running:
# rc-service networking restart
If you did not get any errors, you can now test that networking is configured properly by attempting to ping out:
$ ping www.google.com PING www.l.google.com (74.125.47.103) 56(84) bytes of data. 64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=1 ttl=48 time=58.5 ms 64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=2 ttl=48 time=56.4 ms 64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=3 ttl=48 time=57.0 ms 64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=4 ttl=48 time=60.2 ms ^C --- www.l.google.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3007ms rtt min/avg/max/mdev = 56.411/58.069/60.256/1.501 ms
For an IPv6 traceroute run traceroute6
:
$ traceroute6 ipv6.google.com traceroute to ipv6.l.google.com (2001:4860:8009::67) from 2001:470:ffff:ff::2, 30 hops max, 16 byte packets 1 2001:470:ffff:ff::1 (2001:470:ffff:ff::1) 3.49 ms 0.62 ms 0.607 ms 2 * * * 3 * * * 4 pr61.iad07.net.google.com (2001:504:0:2:0:1:5169:1) 134.313 ms 95.342 ms 88.425 ms 5 2001:4860::1:0:9ff (2001:4860::1:0:9ff) 100.759 ms 100.537 ms 89.907 ms 6 2001:4860::1:0:5db (2001:4860::1:0:5db) 115.563 ms 102.946 ms 106.191 ms 7 2001:4860::2:0:a7 (2001:4860::2:0:a7) 101.754 ms 100.475 ms 100.512 ms 8 2001:4860:0:1::c3 (2001:4860:0:1::c3) 99.272 ms 111.989 ms 99.835 ms 9 yw-in-x67.1e100.net (2001:4860:8009::67) 101.545 ms 109.675 ms 99.431 ms
Additional Utilities
iproute2
You may wish to install the 'iproute2' package (note that this will also install iptables if not yet installed)
# apk add iproute2
This provides the 'ss' command which is IMHO a 'better' version of netstat.
Show listening tcp ports:
$ ss -tl
Show listening tcp ports and associated processes:
$ ss -ptl
Show listening and established tcp connections:
$ ss -ta
Show socket usage summary:
$ ss -s
Show more options:
$ ss -h
drill
You may also wish to install 'drill' (it will also install the 'ldns' package) which is a superior (IMHO) replacement for nslookup and dig etc:
# apk add drill
Then use it as you would for dig:
$ drill alpinelinux.org @8.8.8.8
To perform a reverse lookup (get a name from an IP) use the following syntax:
$ drill -x 8.8.8.8 @208.67.222.222
Related articles
You may also wish to review the following network related articles:
- VLAN setup
- Bonding setup
- Network bridge setup
- udhcpc configuration
- NetworkManager - Front-end to Networking
- wpa_supplicant - Default wifi daemon
- iwd - An alternate to wpa_supplicant