Configure Networking: Difference between revisions
mNo edit summary |
(Updated information on iptables/ip6tables) |
||
| Line 111: | Line 111: | ||
= Firewalling with iptables and ip6tables = | = Firewalling with iptables and ip6tables = | ||
== Install iptables == | == Install iptables/ip6tables == | ||
{{ Cmd|apk add iptables }} | * To install iptables: | ||
: {{Cmd|apk add iptables}} | |||
* To install ip6tables: | |||
: {{Cmd|apk add ip6tables}} | |||
* To install the man pages for iptables and ip6tables: | |||
: {{Cmd|apk add iptables-doc}} | |||
== Configure iptables/ip6tables == | == Configure iptables/ip6tables == | ||
| Line 118: | Line 125: | ||
== Save Firewall Rules == | == Save Firewall Rules == | ||
=== For iptables === | |||
# Set iptables to start on reboot | # Set iptables to start on reboot | ||
#* {{ Cmd| rc-update add iptables }} | #* {{ Cmd| rc-update add iptables }} | ||
#Write the firewall rules to disk | # Write the firewall rules to disk | ||
#* {{ Cmd| /etc/init.d/iptables save}} | #* {{ Cmd| /etc/init.d/iptables save}} | ||
# Add the firewall rules to Alpine | # If you use Alpine Local Backup: | ||
#*{{ Cmd| lbu add /var/lib/iptables/rules-save }} | ## Add the firewall rules to Alpine Local Backup | ||
# Save the configuration | ##* {{ Cmd| lbu add /var/lib/iptables/rules-save }} | ||
#*{{ Cmd| lbu ci }} | ## Save the configuration | ||
##* {{ Cmd| lbu ci }} | |||
=== For ip6tables === | |||
# Set ip6tables to start on reboot | |||
#* {{ Cmd| rc-update add ip6tables }} | |||
# Write the firewall rules to disk | |||
#* {{ Cmd| /etc/init.d/ip6tables save}} | |||
# If you use Alpine Local Backup: | |||
## Add the firewall rules to Alpine Local Backup | |||
##* {{ Cmd| lbu add /var/lib/ip6tables/rules-save }} | |||
## Save the configuration | |||
##* {{ Cmd| lbu ci }} | |||
= Activating Changes and Testing Connectivity = | = Activating Changes and Testing Connectivity = | ||
Revision as of 21:04, 30 October 2010
This page will assist you in setting up networking on Alpine Linux.
Setting System Hostname
To set the system hostname, do something like the following:
echo "hostname.domain.com" > /etc/hostname
Then, to activate the change, do the following:
hostname -F /etc/hostname
If you're using IPv6, you should also add the following special IPv6 addresses to your /etc/hosts file:
::1 localhost ipv6-localhost ipv6-loopback fe00::0 ipv6-localnet ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts
For a static IP configuration, it's common to also add the machine's hostname you just set (above) to the /etc/hosts file.
Here's an IPv4 example:
192.168.1.150 hostname.domain.com
And here's an IPv6 example:
2001:470:ffff:ff::2 hostname.domain.com
Configuring DNS
/etc/resolv.conf will be completely overwritten with any nameservers provided by DHCP. Also, if DHCP does not provide any nameservers, then /etc/resolv.conf will still be overwritten, but will not contain any nameservers! Note to self: This behavior should probably be reported to upstream.
For using a static IP and static nameservers, use one of the following examples.
For IPv4 nameservers, edit your /etc/resolv.conf file to look like this:
This example uses Google's Public DNS servers.
nameserver 8.8.8.8 nameserver 8.8.4.4
For IPv6 nameservers, edit your /etc/resolv.conf file to look like this:
This example uses Hurricane Electric's public DNS server.
nameserver 2001:470:20::2
/etc/resolv.conf — ironically, such as Google's Public IPv4 DNS Servers in the first example.) Read here for more information.Enabling IPv6 (Optional)
If you use IPv6, do the following to enable IPv6 for now and at each boot:
modprobe ipv6 echo "ipv6" >> /etc/modules
Interface Configuration
Loopback Configuration (Required)
To configure loopback, add the following to a new file /etc/network/interfaces:
auto lo iface lo inet loopback
The above works to setup the IPv4 loopback address (127.0.0.1), and the IPv6 loopback address (::1) — if you enabled IPv6.
Ethernet Configuration
For the following Ethernet configuration examples, we will assume that you are using Ethernet device eth0.
Initial Configuration
Add the following to the file /etc/network/interfaces, above any IP configuration for eth0:
auto eth0
IPv4 DHCP Configuration
Add the following to the file /etc/network/interfaces, below the auto eth0 definition:
iface eth0 inet dhcp
IPv4 Static Address Configuration
Add the following to the file /etc/network/interfaces, below the auto eth0 definition:
iface eth0 inet static
address 192.168.1.150
netmask 255.255.255.0
gateway 192.168.1.1
IPv6 Stateless Autoconfiguration
Add the following to the file /etc/network/interfaces, below the auto eth0 definition:
iface eth0 inet6 manual
pre-up echo 1 > /proc/sys/net/ipv6/conf/eth0/accept_ra
IPv6 Static Address Configuration
Add the following to the file /etc/network/interfaces, below the auto eth0 definition:
iface eth0 inet6 static
address 2001:470:ffff:ff::2
netmask 64
gateway 2001:470:ffff:ff::1
pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra
Example: Dual-Stack Configuration
This example shows a dual-stack configuration.
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.150
netmask 255.255.255.0
gateway 192.168.1.1
iface eth0 inet6 static
address 2001:470:ffff:ff::2
netmask 64
gateway 2001:470:ffff:ff::1
pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra
Firewalling with iptables and ip6tables
Install iptables/ip6tables
- To install iptables:
apk add iptables
- To install ip6tables:
apk add ip6tables
- To install the man pages for iptables and ip6tables:
apk add iptables-doc
Configure iptables/ip6tables
Save Firewall Rules
For iptables
- Set iptables to start on reboot
rc-update add iptables
- Write the firewall rules to disk
/etc/init.d/iptables save
- If you use Alpine Local Backup:
- Add the firewall rules to Alpine Local Backup
lbu add /var/lib/iptables/rules-save
- Save the configuration
lbu ci
- Add the firewall rules to Alpine Local Backup
For ip6tables
- Set ip6tables to start on reboot
rc-update add ip6tables
- Write the firewall rules to disk
/etc/init.d/ip6tables save
- If you use Alpine Local Backup:
- Add the firewall rules to Alpine Local Backup
lbu add /var/lib/ip6tables/rules-save
- Save the configuration
lbu ci
- Add the firewall rules to Alpine Local Backup
Activating Changes and Testing Connectivity
Changes made to /etc/network/interfaces can be activated by running:
/etc/init.d/networking restart
If you did not get any errors, you can now test that networking is configured properly by attempting to ping out:
ping www.google.com
PING www.l.google.com (74.125.47.103) 56(84) bytes of data. 64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=1 ttl=48 time=58.5 ms 64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=2 ttl=48 time=56.4 ms 64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=3 ttl=48 time=57.0 ms 64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=4 ttl=48 time=60.2 ms ^C --- www.l.google.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3007ms rtt min/avg/max/mdev = 56.411/58.069/60.256/1.501 ms
For an IPv6 traceroute (traceroute6), you will first need to install the iputils package:
apk add iputils
Then run traceroute6:
traceroute6 ipv6.google.com
traceroute to ipv6.l.google.com (2001:4860:8009::67) from 2001:470:ffff:ff::2, 30 hops max, 16 byte packets 1 2001:470:ffff:ff::1 (2001:470:ffff:ff::1) 3.49 ms 0.62 ms 0.607 ms 2 * * * 3 * * * 4 pr61.iad07.net.google.com (2001:504:0:2:0:1:5169:1) 134.313 ms 95.342 ms 88.425 ms 5 2001:4860::1:0:9ff (2001:4860::1:0:9ff) 100.759 ms 100.537 ms 89.907 ms 6 2001:4860::1:0:5db (2001:4860::1:0:5db) 115.563 ms 102.946 ms 106.191 ms 7 2001:4860::2:0:a7 (2001:4860::2:0:a7) 101.754 ms 100.475 ms 100.512 ms 8 2001:4860:0:1::c3 (2001:4860:0:1::c3) 99.272 ms 111.989 ms 99.835 ms 9 yw-in-x67.1e100.net (2001:4860:8009::67) 101.545 ms 109.675 ms 99.431 ms