Network_config

Chapter 22: Network Configuration - Deep Dive

Mastering Linux Network Configuration for Production Systems

22.1 The ip Command Suite

Understanding ip command

The ip command is the modern replacement for older commands like ifconfig, route, and netstat. It’s part of the iproute2 package and provides more functionality.

                     Network Configuration Tools
+------------------------------------------------------------------+
|                                                                   |
|    Legacy Tools (Deprecated)           Modern Tools (iproute2)      |
|    +---------------------------+  +---------------------------+    |
|    | ifconfig                 |  | ip addr                  |    |
|    | route                    |  | ip route                 |    |
|    | netstat                 |  | ip link, ip neigh       |    |
|    | arp                     |  | ip addr                 |    |
|    | iwconfig               |  | iw, iwlist             |    |
|    +---------------------------+  +---------------------------+    |
|                                                                   |
|    Why use ip:                                                  |
|    +----------------------------------------------------------+   |
|    |  - More features and flexibility                      |   |
|    |  - Supports IPv6 natively                             |   |
|    |  - Better network namespace support                  |   |
|    |  - Active development                                |   |
|    +----------------------------------------------------------+   |
|                                                                   |
+------------------------------------------------------------------+

Interface Management

# =============================================================================
# SHOW INTERFACES
# =============================================================================

# Show all interfaces with details
ip addr show
ip a

# Show specific interface
ip addr show eth0

# Brief output
ip -brief addr show
ip -brief link show

# Show interface statistics
ip -s link show eth0

# Show interface properties
ip link show

# =============================================================================
# INTERFACE UP/DOWN
# =============================================================================

# Bring interface up
sudo ip link set eth0 up

# Bring interface down
sudo ip link set eth0 down

# Bring up with description
sudo ip link set eth0 up description "WAN Interface"

# =============================================================================
# MTU CONFIGURATION
# =============================================================================

# Set MTU
sudo ip link set eth0 mtu 9000

# Set MTU for jumbo frames
sudo ip link set eth0 mtu 9000

# Check MTU
ip link show eth0 | grep mtu

IP Address Management

# =============================================================================
# ADD IP ADDRESS
# =============================================================================

# Add IPv4 address
sudo ip addr add 192.168.1.100/24 dev eth0

# Add IPv6 address
sudo ip addr add fd00::1/64 dev eth0

# Add with label
sudo ip addr add 192.168.1.100/24 dev eth0 label eth0:1

# Add broadcast address
sudo ip addr add 192.168.1.100/24 broadcast 192.168.1.255 dev eth0

# =============================================================================
# REMOVE IP ADDRESS
# =============================================================================

# Remove specific address
sudo ip addr del 192.168.1.100/24 dev eth0

# Flush all addresses (IPv4)
sudo ip -4 addr flush dev eth0

# Flush all addresses (IPv6)
sudo ip -6 addr flush dev eth0

# Flush all addresses
sudo ip addr flush dev eth0

# =============================================================================
# SHOW ADDRESSES
# =============================================================================

# Show IPv4 addresses only
ip -4 addr show

# Show IPv6 addresses only
ip -6 addr show

# Show addresses with color
ip addr show | grep -w inet

22.2 Routing

Route Management

# =============================================================================
# VIEW ROUTES
# =============================================================================

# Show all routes
ip route show
ip route

# Show routes for specific interface
ip route show dev eth0

# Show routes in table
ip route show table all

# Show main table
ip route show table main

# Show local table
ip route show table local

# Verbose output
ip -r route show

# =============================================================================
# ADD ROUTES
# =============================================================================

# Add default gateway
sudo ip route add default via 192.168.1.1 dev eth0

# Short form for default
sudo ip route add via 192.168.1.1 dev eth0

# Add specific route
sudo ip route add 192.168.2.0/24 via 192.168.1.1

# Add route with metric
sudo ip route add 192.168.2.0/24 via 192.168.1.1 metric 100

# Add route to specific interface
sudo ip route add 192.168.2.0/24 dev eth1

# Add blackhole route (drops traffic)
sudo ip route add blackhole 10.0.0.0/8

# Add unreachable route
sudo ip route add unreachable 10.0.0.0/8

# =============================================================================
# REMOVE ROUTES
# =============================================================================

# Remove specific route
sudo ip route del 192.168.2.0/24

# Remove default gateway
sudo ip route del default

# Flush all routes
sudo ip route flush

# Flush cache
sudo ip route flush cache

Advanced Routing

# =============================================================================
# ROUTE TABLES
# =============================================================================

# List all tables
ip route show table all

# Custom table in /etc/iproute2/rt_tables
# Add to file: 100 mytable

# Add route to custom table
sudo ip route add 192.168.100.0/24 via 192.168.1.1 table mytable

# Add default via custom table
sudo ip route add default via 192.168.1.1 table mytable

# Rules for routing
ip rule show
sudo ip rule add from 192.168.1.0/24 table mytable
sudo ip rule del from 192.168.1.0/24 table mytable

# =============================================================================
# POLICY ROUTING
# =============================================================================

# View rules
ip rule show

# Add rule (from specific source)
sudo ip rule add from 10.0.0.0/8 table internal

# Add rule (to specific destination)
sudo ip rule add to 192.168.0.0/16 table dmz

# Add rule with priority
sudo ip rule add pref 100 from 192.168.1.0/24 table admin

# Delete rule
sudo ip rule del from 10.0.0.0/8

22.3 NetworkManager

nmcli Commands

# =============================================================================
# DEVICE MANAGEMENT
# =============================================================================

# List devices
nmcli device
nmcli device status

# Show device details
nmcli device show eth0

# Connect/disconnect
nmcli device connect eth0
nmcli device disconnect eth0

# =============================================================================
# CONNECTION MANAGEMENT
# =============================================================================

# List connections
nmcli connection show
nmcli connection show --active

# Show connection details
nmcli connection show "Wired connection 1"

# Activate connection
nmcli connection up "Wired connection 1"

# Deactivate connection
nmcli connection down "Wired connection 1"

# =============================================================================
# CREATE CONNECTION
# =============================================================================

# Static IP
nmcli connection add type ethernet con-name "static-eth0" \
    ifname eth0 \
    ipv4.addresses 192.168.1.100/24 \
    ipv4.gateway 192.168.1.1 \
    ipv4.dns "8.8.8.8,8.8.4.4" \
    ipv4.method manual

# DHCP
nmcli connection add type ethernet con-name "dhcp-eth0" \
    ifname eth0 \
    ipv4.method auto

# =============================================================================
# MODIFY CONNECTION
# =============================================================================

# Change IP address
nmcli connection modify "static-eth0" \
    ipv4.addresses 192.168.1.200/24

# Change gateway
nmcli connection modify "static-eth0" \
    ipv4.gateway 192.168.1.254

# Add DNS
nmcli connection modify "static-eth0" \
    +ipv4.dns "8.8.8.8"

# Remove DNS
nmcli connection modify "static-eth0" \
    -ipv4.dns "8.8.8.8"

# Enable/disable IPv6
nmcli connection modify "static-eth0" ipv6.method disabled

22.4 DNS Configuration

/etc/resolv.conf

# DNS configuration file
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 1.1.1.1

# Search domains
search example.com corp.example.com

# Options
options timeout:2
options attempts:3
options rotate
options edns0

systemd-resolved

# =============================================================================
# SYSTEMD-RESOLVED
# =============================================================================

# Status
resolvectl status
systemd-resolve --status

# Query DNS
resolvectl query google.com

# Set DNS server
sudo resolvectl dns eth0 8.8.8.8

# Add DNS server
sudo resolvectl --interface eth0 dns 8.8.8.8

# Flush cache
sudo resolvectl flush-caches

# =============================================================================
# STATIC DNS
# =============================================================================

# /etc/systemd/resolved.conf
[Resolve]
DNS=8.8.8.8 8.8.4.4
Domains=example.com
DNSSEC=no
Cache=yes

22.5 Troubleshooting

Network Diagnostics

# =============================================================================
# BASIC TESTS
# =============================================================================

# Check interface status
ip link show
ip addr show

# Test connectivity
ping -c 4 8.8.8.8

# Trace route
traceroute 8.8.8.8
mtr 8.8.8.8

# DNS lookup
nslookup google.com
dig google.com
host google.com

# =============================================================================
# PORT SCANNING
# =============================================================================

# Check open ports
ss -tuln
netstat -tuln

# Check specific port
ss -tuln | grep :80

# Test port connectivity
nc -zv 192.168.1.1 80
telnet 192.168.1.1 80

# =============================================================================
# DETAILED DIAGNOSTICS
# =============================================================================

# Interface statistics
ip -s link show eth0

# ARP table
ip neigh show
arp -a

# Routing table cache
ip route get 8.8.8.8

# Kernel parameters
sysctl net.ipv4.ip_forward
sysctl net.ipv4.conf.all.rp_filter

22.6 Exam Tips

ip addr: Primary command for IP management
ip route: For routing table management
NetworkManager: For persistent configurations
DNS: /etc/resolv.conf or systemd-resolved
Troubleshoot: Use ss, ping, traceroute
Interfaces: Know eth0, ens*,eno* naming
MTU: 1500 default, 9000 for jumbo frames
Gateway: Default route via ip route add default

Summary

In this chapter, you learned:

✅ ip command fundamentals
✅ Interface management (ip link)
✅ IP address management (ip addr)
✅ Routing (ip route)
✅ NetworkManager (nmcli)
✅ DNS configuration
✅ Network troubleshooting

Next Chapter

Chapter 23: Firewalls - iptables, nftables, firewalld

Last Updated: February 2026