Configure Networking: Difference between revisions

From Alpine Linux
mNo edit summary
Line 112: Line 112:
= Firewalling with iptables and ip6tables =
= Firewalling with iptables and ip6tables =
== Install iptables ==
== Install iptables ==
{{ Cmd|apk add iptables }}
== Configure iptables/ip6tables ==
== Configure iptables/ip6tables ==
== Save Firewall Rules ==
== Save Firewall Rules ==

Revision as of 15:13, 25 October 2010

This page will assist you in setting up networking on Alpine Linux.

Note: You must be logged in as root in order to perform the actions on this page.

Setting System Hostname

To set the system hostname, do something like the following:

echo "hostname.domain.com" > /etc/hostname

Then, to activate the change, do the following:

hostname -F /etc/hostname

If you're using IPv6, you should also add the following special IPv6 addresses to your /etc/hosts file:

::1             localhost ipv6-localhost ipv6-loopback
fe00::0         ipv6-localnet
ff00::0         ipv6-mcastprefix
ff02::1         ipv6-allnodes
ff02::2         ipv6-allrouters
ff02::3         ipv6-allhosts
Tip: If you are going to use automatic IP configuration, such as IPv4 DHCP or IPv6 Stateless Autoconfiguration, you can skip ahead to Configuring DNS. Otherwise, if you are going to use a static IPv4 or IPv6 address, continue below.

For a static IP configuration, it's common to also add the machine's hostname you just set (above) to the /etc/hosts file.

Here's an IPv4 example:

192.168.1.150   hostname.domain.com

And here's an IPv6 example:

2001:470:ffff:ff::2   hostname.domain.com

Configuring DNS

Warning: For users of IPv4 DHCP: Please note that /etc/resolv.conf will be completely overwritten with any nameservers provided by DHCP. Also, if DHCP does not provide any nameservers, then /etc/resolv.conf will still be overwritten, but will not contain any nameservers! Note to self: This behavior should probably be reported to upstream.


Note: For users of IPv6 Stateless Autoconfiguration: The above warning doesn't seem to be an issue here, however, I would advise caution.

For using a static IP and static nameservers, use one of the following examples.

For IPv4 nameservers, edit your /etc/resolv.conf file to look like this:
This example uses Google's Public DNS servers.

nameserver 8.8.8.8 nameserver 8.8.4.4

For IPv6 nameservers, edit your /etc/resolv.conf file to look like this:
This example uses Hurricane Electric's public DNS server.

nameserver 2001:470:20::2

Tip: If you decide to use Hurricane Electric's nameserver, be aware that it is 'Google-whitelisted'. What does this mean? It allows you access to many of Google's services via IPv6. (Just don't add other, non-whitelisted, nameservers to /etc/resolv.conf — ironically, such as Google's Public IPv4 DNS Servers in the first example.) Read here for more information.

Enabling IPv6 (Optional)

If you use IPv6, do the following to enable IPv6 for now and at each boot:

modprobe ipv6
echo "ipv6" >> /etc/modules

Interface Configuration

Loopback Configuration (Required)

To configure loopback, add the following to a new file /etc/network/interfaces:

auto lo
iface lo inet loopback

The above works to setup the IPv4 loopback address (127.0.0.1), and the IPv6 loopback address (::1) — if you enabled IPv6.

Ethernet Configuration

For the following Ethernet configuration examples, we will assume that you are using Ethernet device eth0.

Initial Configuration

Add the following to the file /etc/network/interfaces, above any IP configuration for eth0:

auto eth0

IPv4 DHCP Configuration

Add the following to the file /etc/network/interfaces, below the auto eth0 definition:

iface eth0 inet dhcp

IPv4 Static Address Configuration

Add the following to the file /etc/network/interfaces, below the auto eth0 definition:

iface eth0 inet static
        address 192.168.1.150
        netmask 255.255.255.0
        gateway 192.168.1.1

IPv6 Stateless Autoconfiguration

Add the following to the file /etc/network/interfaces, below the auto eth0 definition:

iface eth0 inet6 manual
        pre-up echo 1 > /proc/sys/net/ipv6/conf/eth0/accept_ra
Note: The inet6 "manual" method is not yet available in busybox. A patch has been submitted for review.

IPv6 Static Address Configuration

Add the following to the file /etc/network/interfaces, below the auto eth0 definition:

iface eth0 inet6 static
        address 2001:470:ffff:ff::2
        netmask 64
        gateway 2001:470:ffff:ff::1
        pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra

Example: Dual-Stack Configuration

This example shows a dual-stack configuration.

auto lo
iface lo inet loopback

auto eth0

iface eth0 inet static
        address 192.168.1.150
        netmask 255.255.255.0
        gateway 192.168.1.1

iface eth0 inet6 static
        address 2001:470:ffff:ff::2
        netmask 64
        gateway 2001:470:ffff:ff::1
        pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra

Firewalling with iptables and ip6tables

Install iptables

apk add iptables

Configure iptables/ip6tables

Save Firewall Rules

Activating Changes and Testing Connectivity

Changes made to /etc/network/interfaces can be activated by running:

/etc/init.d/networking restart

If you did not get any errors, you can now test that networking is configured properly by attempting to ping out:

ping www.google.com

PING www.l.google.com (74.125.47.103) 56(84) bytes of data.
64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=1 ttl=48 time=58.5 ms
64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=2 ttl=48 time=56.4 ms
64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=3 ttl=48 time=57.0 ms
64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=4 ttl=48 time=60.2 ms
^C
--- www.l.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3007ms
rtt min/avg/max/mdev = 56.411/58.069/60.256/1.501 ms

For an IPv6 traceroute (traceroute6), you will first need to install the iputils package:

apk add iputils

Then run traceroute6:

traceroute6 ipv6.google.com

traceroute to ipv6.l.google.com (2001:4860:8009::67) from 2001:470:ffff:ff::2, 30 hops max, 16 byte packets
 1  2001:470:ffff:ff::1 (2001:470:ffff:ff::1)  3.49 ms  0.62 ms  0.607 ms
 2  *  *  *
 3  *  *  *
 4  pr61.iad07.net.google.com (2001:504:0:2:0:1:5169:1)  134.313 ms  95.342 ms  88.425 ms
 5  2001:4860::1:0:9ff (2001:4860::1:0:9ff)  100.759 ms  100.537 ms  89.907 ms
 6  2001:4860::1:0:5db (2001:4860::1:0:5db)  115.563 ms  102.946 ms  106.191 ms
 7  2001:4860::2:0:a7 (2001:4860::2:0:a7)  101.754 ms  100.475 ms  100.512 ms
 8  2001:4860:0:1::c3 (2001:4860:0:1::c3)  99.272 ms  111.989 ms  99.835 ms
 9  yw-in-x67.1e100.net (2001:4860:8009::67)  101.545 ms  109.675 ms  99.431 ms