Configure Networking

From Alpine Linux
Revision as of 04:46, 22 March 2012 by Dubiousjim (talk | contribs) (Category:Networking)

This page will assist you in setting up networking on Alpine Linux.

Note: You must be logged in as root in order to perform the actions on this page.

Setting System Hostname

To set the system hostname, do something like the following:

echo "hostname.domain.com" > /etc/hostname

Then, to activate the change, do the following:

hostname -F /etc/hostname

If you're using IPv6, you should also add the following special IPv6 addresses to your /etc/hosts file:

::1             localhost ipv6-localhost ipv6-loopback
fe00::0         ipv6-localnet
ff00::0         ipv6-mcastprefix
ff02::1         ipv6-allnodes
ff02::2         ipv6-allrouters
ff02::3         ipv6-allhosts
Tip: If you are going to use automatic IP configuration, such as IPv4 DHCP or IPv6 Stateless Autoconfiguration, you can skip ahead to Configuring DNS. Otherwise, if you are going to use a static IPv4 or IPv6 address, continue below.

For a static IP configuration, it's common to also add the machine's hostname you just set (above) to the /etc/hosts file.

Here's an IPv4 example:

192.168.1.150   hostname.domain.com

And here's an IPv6 example:

2001:470:ffff:ff::2   hostname.domain.com

Configuring DNS

Tip: For users of IPv4 DHCP: Please note that /etc/resolv.conf will be completely overwritten with any nameservers provided by DHCP. Also, if DHCP does not provide any nameservers, then /etc/resolv.conf will still be overwritten, but will not contain any nameservers!

For using a static IP and static nameservers, use one of the following examples.

For IPv4 nameservers, edit your /etc/resolv.conf file to look like this:
The following example uses Google's Public DNS servers.

nameserver 8.8.8.8
nameserver 8.8.4.4

For IPv6 nameservers, edit your /etc/resolv.conf file to look like this:
The following example uses Hurricane Electric's public DNS server.

nameserver 2001:470:20::2

You can also use Hurricane Electric's public DNS server via IPv4:

nameserver 74.82.42.42
Tip: If you decide to use Hurricane Electric's nameserver, be aware that it is 'Google-whitelisted'. What does this mean? It allows you access to many of Google's services via IPv6. (Just don't add other, non-whitelisted, nameservers to /etc/resolv.conf — ironically, such as Google's Public DNS Servers.) Read here for more information.

Enabling IPv6 (Optional)

If you use IPv6, do the following to enable IPv6 for now and at each boot:

modprobe ipv6 echo "ipv6" >> /etc/modules

Interface Configuration

Loopback Configuration (Required)

Note: The loopback configuration must appear first in /etc/network/interfaces to prevent networking issues.

To configure loopback, add the following to a new file /etc/network/interfaces:

auto lo
iface lo inet loopback

The above works to setup the IPv4 loopback address (127.0.0.1), and the IPv6 loopback address (::1) — if you enabled IPv6.

Ethernet Configuration

For the following Ethernet configuration examples, we will assume that you are using Ethernet device eth0.

Initial Configuration

Add the following to the file /etc/network/interfaces, above any IP configuration for eth0:

auto eth0

IPv4 DHCP Configuration

Add the following to the file /etc/network/interfaces, below the auto eth0 definition:

iface eth0 inet dhcp

IPv4 Static Address Configuration

Add the following to the file /etc/network/interfaces, below the auto eth0 definition:

iface eth0 inet static
        address 192.168.1.150
        netmask 255.255.255.0
        gateway 192.168.1.1

IPv6 Stateless Autoconfiguration

Add the following to the file /etc/network/interfaces, below the auto eth0 definition:

iface eth0 inet6 manual
        pre-up echo 1 > /proc/sys/net/ipv6/conf/eth0/accept_ra
Tip: The "inet6 manual" method is available in busybox 1.17.3-r3 and later.

IPv6 Static Address Configuration

Add the following to the file /etc/network/interfaces, below the auto eth0 definition:

iface eth0 inet6 static
        address 2001:470:ffff:ff::2
        netmask 64
        gateway 2001:470:ffff:ff::1
        pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra

Example: Dual-Stack Configuration

This example shows a dual-stack configuration.

auto lo
iface lo inet loopback

auto eth0

iface eth0 inet static
        address 192.168.1.150
        netmask 255.255.255.0
        gateway 192.168.1.1

iface eth0 inet6 static
        address 2001:470:ffff:ff::2
        netmask 64
        gateway 2001:470:ffff:ff::1
        pre-up echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra

Firewalling with iptables and ip6tables

Install iptables/ip6tables

  • To install iptables:

apk add iptables

  • To install ip6tables:

apk add ip6tables

  • To install the man pages for iptables and ip6tables:

apk add iptables-doc

Configure iptables/ip6tables

Tip: Good examples of how to write iptables rules can be found at the Linux Home Networking Wiki http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables

Save Firewall Rules

For iptables

  1. Set iptables to start on reboot
    • rc-update add iptables

  2. Write the firewall rules to disk
    • /etc/init.d/iptables save

  3. If you use Alpine Local Backup:
    1. Save the configuration
      • lbu ci

For ip6tables

  1. Set ip6tables to start on reboot
    • rc-update add ip6tables

  2. Write the firewall rules to disk
    • /etc/init.d/ip6tables save

  3. If you use Alpine Local Backup:
    1. Save the configuration
      • lbu ci

Activating Changes and Testing Connectivity

Changes made to /etc/network/interfaces can be activated by running:

/etc/init.d/networking restart

If you did not get any errors, you can now test that networking is configured properly by attempting to ping out:

ping www.google.com

PING www.l.google.com (74.125.47.103) 56(84) bytes of data.
64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=1 ttl=48 time=58.5 ms
64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=2 ttl=48 time=56.4 ms
64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=3 ttl=48 time=57.0 ms
64 bytes from yw-in-f103.1e100.net (74.125.47.103): icmp_seq=4 ttl=48 time=60.2 ms
^C
--- www.l.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3007ms
rtt min/avg/max/mdev = 56.411/58.069/60.256/1.501 ms

For an IPv6 traceroute (traceroute6), you will first need to install the iputils package:

apk add iputils

Then run traceroute6:

traceroute6 ipv6.google.com

traceroute to ipv6.l.google.com (2001:4860:8009::67) from 2001:470:ffff:ff::2, 30 hops max, 16 byte packets
 1  2001:470:ffff:ff::1 (2001:470:ffff:ff::1)  3.49 ms  0.62 ms  0.607 ms
 2  *  *  *
 3  *  *  *
 4  pr61.iad07.net.google.com (2001:504:0:2:0:1:5169:1)  134.313 ms  95.342 ms  88.425 ms
 5  2001:4860::1:0:9ff (2001:4860::1:0:9ff)  100.759 ms  100.537 ms  89.907 ms
 6  2001:4860::1:0:5db (2001:4860::1:0:5db)  115.563 ms  102.946 ms  106.191 ms
 7  2001:4860::2:0:a7 (2001:4860::2:0:a7)  101.754 ms  100.475 ms  100.512 ms
 8  2001:4860:0:1::c3 (2001:4860:0:1::c3)  99.272 ms  111.989 ms  99.835 ms
 9  yw-in-x67.1e100.net (2001:4860:8009::67)  101.545 ms  109.675 ms  99.431 ms