Networking 101 from the command line.

dos2unix

dos2unix

Well-Known Member
Joined
May 3, 2019
Messages
2,360
Reaction score
2,047
Credits
18,073
Just about everything I am going to talk about here, could be done from the Xwindows GUI.
If you're a desktop user with a local GUI that's great. But for anyone who works in an enterprise environment, or
with Cloud based VMs you likely will not have a GUI. Just about all your work will be done via SSH and the command line.

This isn't just handy for big data centers with hundreds or thousands of systems, this can even be handy for
3 or 4 local computers at your house. It's not always easy or convenient to get up and walk over to another computer
just so you can use the mouse and Xwindows.

In the "old" days we used something called networkd. Typically we edited ifcfg-eth0 files and used ifup and ifdown
to start up and shutdown interfaces. That's the way it was for a couple of decades.

But now, virtually all modern Linux distro's use something called NetworkManager. It can take a little getting used to.

Just about every command here starts with "nmcli" ( NetworkManger command line interface )

To see what interfaces that NetworkManager knows about, you can type

nmcli connection show
or if you're lazy like me, this can be shorted to... nmcli con sho
You should see an output similar to this....
nmcli connection show
NAME UUID TYPE DEVICE
enp6s0 589c0a0b-4881-4b70-af9f-c372814c939d ethernet enp6s0
enp4s0f0 ae11891b-4f4e-4ef4-ac6b-f6c3a9a51f25 ethernet enp4s0f0
lo 60bd2b8d-5354-4e54-aaee-9c311073949c loopback lo

Now sometimes, some distro's, depending on how they get installed, name the connections something like...
'Wired Connection 1' but at least the 'DEVICE' column will usually show you which device that is.

In my case above, I have two ethernet connections that I'm using. I usually use this command along with the

ip addr ..and.. ip route commands. In my case ip ad gives me this output.

ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 70:85:c2:f4:33:15 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.127/24 brd 10.0.0.255 scope global dynamic noprefixroute enp6s0
valid_lft 148489sec preferred_lft 148489sec
inet6 2601:1c1:4000:5fd0::59ef/128 scope global dynamic noprefixroute
valid_lft 196338sec preferred_lft 196338sec
inet6 2601:1c1:4000:5fd0:85a:de7d:b579:2c9f/64 scope global dynamic noprefixroute
valid_lft 301sec preferred_lft 301sec
inet6 fe80::4215:1bf5:cbc9:8823/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: enp4s0f0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether 00:26:55:ea:b9:aa brd ff:ff:ff:ff:ff:ff
inet 10.10.16.25/24 brd 10.10.16.255 scope global noprefixroute enp4s0f0
valid_lft forever preferred_lft forever
inet6 fe80::f7fa:bdfa:c87c:49f9/64 scope link tentative noprefixroute
valid_lft forever preferred_lft forever
4: enp4s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether 00:26:55:ea:b9:ab brd ff:ff:ff:ff:ff:ff
5: wlp5s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 9a:b1:05:c2:17:c1 brd ff:ff:ff:ff:ff:ff permaddr 50:e0:85:f4:47:d2

I have 5 interfaces here. Everyone will always have a "lo" interface. That's called your loopback interface. It will always have an IP
address on 127.0.0.1, you should NEVER change this, it can break things. Almost every application you have that points to
"localhost" uses that IP address to communicate with your computer. If you were to run this command for example...

ping localhost

You would effectively being the same thing as ...

ping 127.0.0.1

But the main thing I want you to notcei here, is that even though I have five interfaces, only three of them show up
in my nmcli con show command, why is that? It's because I haven't configured those other connections yet.
Normally you will only see the interface that got setup automatically when you installed Linux, and your "lo" interface.

The entire 127.0.0.X subnet is reserved ONLY for loop back, so even if you put another IP address on another interface
in this same subnet. It probably will not work as intended.

While we are on that subject. There are a couple of subnets we should mention here.

192.168.X.X, and 10.X.X.X these subnets are not routeable out to the internet. Virtually all routers, and ISP's
will block any internet traffic outside your house/business from getting out to the internet.

But you might be thinking, I have a 192.168.1.X address on my computer and I get out to the internet no problem.
Well not really, your ISP is using something called NAT. ( Network Address Translation ) and your computers IP address
get "changed" before it goes out to the internet. To test this, you can go here.... https://whatismyipaddress.com/
.. and that will show what the IP address that you use out on the internet really is. However you don't really have any
control over it, your Internet Service Provider controls that. ( Xfinity, Comcast, Spectrum, etc... )

So really most of the time, the best subnets to use inside your house of business, are the 192.168.X.X and 10.X.X.X
subnets.
 


There are really two ways everyone gets an IP address on their computer. Most of us get it from our Wifi router
and ISP router. This is something called DHCP ( dynamic host control protocol ). It's a server on your router
that automatically gives out IP addresses. Again, normally these will be on 192.168.X.X and 10.X.X.X subnets.

There are some exceptions to this, if you have a public facing website or something that is "exposed" to the internet
then it will have a "real" routable IP address. Sometimes this is also NAT'ed under the covers behind the firewall
but the public IP is all you really care about. If you were to ping "google.com". You would be pinging their
public internet address.

DHCP is nice because it automaticaaly takes care of your IP address, your subnet, your default gateway, and your
DNS servers automatically for you. But sometimes, you don't want to use an automatically generated IP address.
Sometimes you might not have a DHCP server available to you ( like in an enterprise data center for example ).

I'm running out of time tonight, but more on that later.
 
So then, how would you add a new network connection?

first do an ip ad, to see what interfaces you have.

3: enp4s0f0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether 00:26:55:ea:b9:aa brd ff:ff:ff:ff:ff:ff

I see interface enp4s0f0 here. There's a reason why it's named this way, but more about that later.
For now all I care about, is the interface name. Your interface will probably be different.

I do need to know what subnet my router is setup for. I can't use a 10.10.10.2 address on a 192.168.2.0 subnet.
Without going into a lot of dept about subnets, for now you can just remember the first three numbers should be
the same. Routers "usually" use the .1 address.

So if your router has an IP address of 192.168.1.1, you can probably use an IP address of 192.168.1.X
where X is some number smaller than 255. You can't use 0 and you can't you 255.

If your router is sending out DHCP addresses to other computers on your network, you should find out what
those addresses are. You can't have two devices on the same subnet with the same IP address.

Let us say no one is using 192.168.1.4 here. How can I add an interface to use that IP address?

nmcli con add con-name enp4s0f0 ifname enp4s0f0 type ethernet ipv4.method manual autoconnect yes ip4 192.168.1.4/24 gw4 192.168.1.1

Lets break this command down piece by piece.

con add = connection add - we are making a new connection here.

con-name is the connection name that shows up when you type nmcli con sho
The con-name doesn't really matter all that much, but it should be something that makes sense.
I usually name it after the interface I am creating it on.

ifname DOES matter, it has to match the interface that was listed in your ip addr command.
type ethernet, this is a mandatory requirement when making this connection, it has to know what kind on interface you want to use.

ipv4.method - this can either be auto or manual. If you're using DHCP set this to auto. If you are creating a static IP
address, you want to set this to manual.

autoconnect - this can be yes or no. If you want the interface to start automatically when you reboot the computer, set this to yes.

ip4 - finally we get to put in the IP address we want to use. Remember this has to be a valid IP address on the subnet of your router. You can't just arbitrarily make up some numbers. When using nmcli it wants you to put the CIDR notation of
the subnet mask. So it looks like this 192.168.1.4/24 The /24 after the IP address is the subnet mask.
Without going into a lot about CIDR notation here, just remember that /24 is the same thing as a 255.255.255.0 subnet mask.
Most home routers are setup to use a class "C" subnet. This is either 255.255.255.0 or /24 they mean the same thing.

gw4 - this is the IP address of your router, how you get out to the internet. Also known as your default gateway.

So now if you do a nmcli con show you should see a new connection. You should be able to ping your router from this interface now.

But what if I only have one interface, and it's already in use?

You can delete it like this... nmcli con del enp4s0f0 ( whatever the connection name is )

nmcli connection delete if your prefer the longhand method. WARNING: Once you delete this interface, you
probably won't have an internet connection. So then copy down this command before you do any of this.

nmcli con add con-name (interface name) ifname (interface name) type ethernet autoconnect yes ipv4.method auto

.. where interface name is the interface that you saw in the ip addr command. This will get your interface working with DHCP again.

Notice I have said nothing about DNS servers here yet. Well of course we want to use DNS. So how do I add that?
The nmcli con-add command does not let you enter DNS server at the same time you create the connection.
So then, what you have to do, is "modify" the connection after it is created.

nmcli con mod enp4s0f0 ipv4.dns '8.8.8.8'
or if you want two DNS servers....

nmcli con mod enp4s0f0 ipv4.dns '8.8.8.8,9.9.9.9'

Just put a comma between the DNS server addresses. You only want to add the DNS server if you are using a static IP address. If you are using DHCP, it will take care of setting up the DNS servers for you automatically.
 
Back when we used networkd, we had files under the /etc/sysconfig/network-scripts directory.
They were usually named something like ifcfg-etho. They always started with ifcfg- and ended with the interface name.
They looked something like this.

----------------------
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
NETMASK=255.255.255.0
IPADDR=10.0.1.27
USERCTL=no
GATEWAY=10.0.1.1
NAMESERVER=8.8.8.8
-------------------------

NetworkManager has something similar. There is a directory at /etc/NetworkManager/system-connections/
It will have files that look like this..

enp4s0f0.nmconnection
enp6s0.nmconnection

If we actually look at one of these files, the contents look like this.

------------------------------
[connection]
id=enp4s0f0
uuid=ae11891b-4f4e-4ef4-ac6b-f6c3a9a51f25
type=ethernet
interface-name=enp4s0f0

[ethernet]

[ipv4]
address1=10.10.16.25/24,10.10.16.1
method=manual

[ipv6]
addr-gen-mode=default
method=auto

[proxy]
----------------------------

The formatting and syntax are a little different, also there is something called a UUID.
Most distro's recommend not editing this by hand. They want you to use the nmcli command line
commands to do this ( or the Xwindows GUI, which really runs nmcli in the background )
 
OK, so far this has mostly been about Ethernet. What about wifi?
Can I use NetworkManager with wifi? Of course, you probably already are.

nmcli dev wifi list
That will show you all of the wifi SSIDs that you can connect to. You should recognize a couple of these as your own.
But how do you connect to one of these if you can't use the Xwindows GUI?

nmcli device wifi connect YourSSID password YourPassword

example:
nmcli dev wifi conn MyWifiHotSpot password 's3cr3tp@$s'

Assuming you have the correct password, you should be connected.
And you can still use...

nmcli con show

... to view this connection.
 
While I'm thinking about it...

the new equivalent to the old ifup and ifdown commands with NetworkManager are...

nmcli con up eno1

and

nmcli con down eno1

Where eno1 is the name of your connection.
 
You must log in or register to reply here.

Members online

Total: 708 (members: 2, guests: 706)

Latest posts

Top