Linux Networking Tips


How to grant privileged access to specific users?
You can grant specific users full access to all privileged commands, with this sudoers entry. (add it to the file: /etc/sudoers).
kranti  ALL=(ALL) ALL
It is not recommend because this allows user kranti to use the su command to get permanent root privileges thereby bypassing the command logging features of sudo.

How to disable/enable firewall in Linux (Fedora)?
Disable -
    # service iptables stop
Enable -
    # service iptables start
Disable at boot time
     # chkconfig iptables off
Enable at boot time
     # chkconfig iptables on

Configuring Static IP address on Linux from the Command Line (Fedora)
1. Assign static IP Address
vi /etc/sysconfig/network-scripts/ifcfg-em1
DEVICE="em1"
ONBOOT=yes
NM_CONTROLLED="yes"
TYPE=Ethernet
BOOTPROTO=none
IPADDR0=172.19.3.1
PREFIX0=24
GATEWAY0=172.19.3.254
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System em1"
UUID=1dad842d-1912-ef5a-a43a-bc238fb267e7
HWADDR=00:C0:9F:BA:C5:32

2. Restart the NIC
service network restart

3. Add the Default Route:
Default Route:
route add default gw ip_address_of_your_default_gateway em1
route add default gw 172.16.3.1 em1

To make gw/route permanent:
vi /etc/sysconfig/network

change to look like this:
NETWORKING=yes
HOSTNAME= localhost.localdomain
GATEWAY=172.19.3.254

Add default route through an interface (Fedora)
-> route add -net 172.0.0.0 netmask 255.0.0.0 dev em1
-> route -n
Kernel IP routing table
Destination     Gateway      Genmask      Flags Metric Ref   Use  Iface
172.0.0.0          0.0.0.0         255.0.0.0       U       0          0       0     em1

4. Add Permanent Route

Set up static routes for certain network interface (for example eth1) by editing file /etc/sysconfig/network-scripts/route-eth1.

For example, if you have to save static route added by the following command:
route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.100.1 dev eth1

To do it, just add the following line to /etc/sysconfig/network-scripts/route-eth1:
ADDRESS0=192.168.0.0
NETMASK0=255.255.255.0
GATE
WAY0=192.168.100.1


Configure DHCP Server

To start, stop, restart and check status of dhcpd:
- service dhcpd start
- service dhcpd stop
- service dhcpd restart
- service dhcpd status

To ensure dhcpd starts automatically on your next reboot:
- chkconfig dhcpd on

DHCP server config file:
- Find sample config file @ /usr/share/doc/dhcp*/dhcpd.conf.sample
- The actual config file @ /etc/dhcp/dhcpd.conf

Test config file for errors:
- /usr/sbin/dhcpd –f

To check log messages:
- cat /var/log/messages

To check the assigned leases:
- cat /var/lib/dhcpd/dhcpd.leases

To configure to listen on an interface:
- vi /etc/sysconfig/dhcpd
        DHCPDARGS="em1"
- If not configured the following error will be thrown in the error log
        Not configured to listen on any interfaces!

Other errors:
1. No subnet declaration for em1 (172.19.3.1).
** Ignoring requests on em1.  If this is not what you want, please write a subnet declaration in your dhcpd.conf file for the network segment to which interface em1 is attached. **
- Add subnet declaration for 172.19.3.0 in /etc/dhcp/dhcpd.conf file

2. "DHCPDISCOVER from 00:00:aa:aa:aa:aa via 172.19.5.1: unknown network segment"
- Mostly because the subnet definition is missing for the particular subnet that the DHCP request is coming from (Most of the time because of DHCP helpers on switches). Add  subnet declaration to your dhcpd.conf file for this subnet

To Change the MTU of an interface on Linux:

 - sudo ifconfig eth0 mtu 2000

No comments: