From LQWiki

Contents 1 About Networking 2 Basic Network setup 2.1 Testing your current Network 2.2 Configuring Network 2.3 Testing your configuration 2.4 Routing configuration 2.5 DNS configuration 3 Related information 3.1 Firewalls 4 Networking concepts crash course

About Networking

There are many different ways to set up networking in Linux, which differ depending on your distribution. It is possible to configure your network entirely from a terminal, and the tools which work there are standard across all the distributions, so in guides like this, you tend to see the command-line used rather than graphical tools. In the long run, you can find the cause of your problem much faster by using a command-line tool. Taking the time to learn them will also be a transferable skill to other operating systems, including BSD and Windows which have some similar programs.

The easiest configuration to get internet access, is where you have a broadband or ISDN router connected to your computer by a piece of ethernet cable to a network card.

Most modern distributions will automatically configure this for you. If you don't get internet access first of all, here is a logical top down approach you can follow to find where the problem lies.

Basic Network setup

Testing your current Network

Test in your web browser

Try opening www.google.com and doing a search for something you haven't searched for before (just pick two random words, like 'house' 'icecream'). This search makes sure that you aren't seeing a cached copy of the Google start page, which can sometimes make it seem like you have a connection working, when you don't.

If you can do a search, well done! You have an internet connection. Otherwise carry on. the following step also help you to test you current network first,ping 66.102.11.99 if its prompt looks like the following,your current network is well

64 bytes from 66.102.11.99: icmp_seq=1 ttl=244 time=28.6 ms
64 bytes from 66.102.11.99: icmp_seq=2 ttl=244 time=27.8 ms
64 bytes from 66.102.11.99: icmp_seq=3 ttl=244 time=26.6 ms

If the response is request timed out or destination host unreachable, you do not have a direct connection to the internet. Reasons include:

• you are behind a corporate firewall

in this case you may have to use a proxy and may not be able to ping.

• your route is not set correctly

See route how to correct this.

Configuring Network

Open a terminal

First of all, let's see if you have a network card installed, that your computer knows about. Use ifconfig to retrieve network configuration.

   ifconfig -a

you should see, at the very least something that looks like this:

lo       Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:594 errors:0 dropped:0 overruns:0 frame:0
         TX packets:594 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:39388 (38.4 Kb)  TX bytes:39388 (38.4 Kb)

If you get a 'command not found' error here, make sure that you are logged onto the terminal as root. On some distributions you will need to type the path to the full command. Generally this is /sbin/ifconfig. If it's not there use the command: whereis ifconfig to find the path.

The block of text starting 'lo' is about a virtual network card that programs in your computer can use to talk to each other. This uses the same IP address in all computers, because it is specially reserved. Here the IP address is 127.0.0.1. It is called the Loopback address, and you can refer to it in your programs by the name 'localhost'

If all you can see is lo, then linux doesn't know all it needs about your network card. Check your distribution for details on how it finds hardware, and if your network card is supported. Quite a few use kudzu, so that is worth checking out.
Check the installation instructions for a typical network card.

If your card is recognised, you should see an entry called 'eth0'. Network cards are counted from 0, and the eth part means that it is using the ethernet protocol to communicate to your router. It is possible that it is perfectly configured, but not actually active. Try typing

ifconfig eth0 up

and then

ifconfig

again. You should see something like:

eth0     Link encap:Ethernet  HWaddr 00:90:F5:03:4B:69
         inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
         inet6 addr: fe80::290:f5ff:fe03:4b69/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:911573 errors:0 dropped:0 overruns:0 frame:0
         TX packets:656393 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:604721438 (576.7 Mb)  TX bytes:58964684 (56.2 Mb)
         Interrupt:10 Base address:0xf000

Whew, worked. If it didnt, try to run dmesg and ifconfig again to see what could cause the problem and ensure the module was loaded. (For me it first failed, then suddenly worked after two minutes trying it again) Notice how the Scope changed (Scope="Gültigkeitsbereich")

The _IP address_ shown here is 192.168.0.2 . This is another special IP address called a Class C Private Address, which means it can talk to your router without the whole world seeing it. (You could make a local network by assigned your PCs IP Addresses like 192.168.0.1, 192.168.0.3, 192.168.0.4 and so forth.)

Your router should have it's own address that the internet can talk to. If you have an address that looks like this, skip to test 3.

Sometimes you will see the following

inet addr: 0.0.0.0

This means that your router hasn't told you what IP address to have, or you haven't asked it yet. Routers use DHCP to negotiate a private ip address with your computer. Try running one from dhclient eth0 or dhcpcd eth0 or pump eth0, which will ask your router for a new address. If nothing happens, check the cable is firmly plugged in, between your computer and the router, and that the router is turned on. Finally, read the documentation for your router to see if it uses dhcp, or if you need to set a particular address on your computer.

If dhcp is successful, you have an ip address! Usually, the dhcp client is activated from the ifconfig command.
If dhcp isn´t an option, you will need to create a manual file for ifconfig to read. RPM based systems will have a directory similar to /etc/sysconfig/network-scripts to hold the config files, eg

cat /etc/sysconfig/network-scripts/ifcfg-eth0 in RH gives..

MTU=""
NETMASK=255.255.255.0
BROADCAST=""
BOOTPROTO=none
IPADDR=192.168.1.1
NETWORK=192.168.1.0
ONBOOT=yes
DEVICE=eth0

If BOOTPROTO=dhcp, the ip, netmask & broadcast settings are ignored, in favour of the settings from the dhcp server.
Debian uses the file /etc/network/interfaces (see man interfaces) and Gentoo uses the file /etc/conf.d/net.

Testing your configuration

Once you have a valid IP address, lets see if you can connect to the internet.

A program exists for this very purpose, called 'ping'. It sends messages to another computer or router on a network, and if they are received, will send a reply back (sometimes called a 'pong').

try 'pinging' Google.

ping www.google.com

you should get the following.

PING www.google.akadns.net (66.102.11.99) 56(84) bytes of data.
64 bytes from 66.102.11.99: icmp_seq=1 ttl=244 time=28.6 ms
64 bytes from 66.102.11.99: icmp_seq=2 ttl=244 time=27.8 ms
64 bytes from 66.102.11.99: icmp_seq=3 ttl=244 time=26.6 ms
64 bytes from 66.102.11.99: icmp_seq=4 ttl=244 time=27.9 ms
64 bytes from 66.102.11.99: icmp_seq=5 ttl=244 time=27.7 ms
64 bytes from 66.102.11.99: icmp_seq=6 ttl=244 time=26.6 ms
64 bytes from 66.102.11.99: icmp_seq=7 ttl=244 time=26.9 ms

and so on. To stop it, press ctrl+c.

If this works for you, try the test in step 1 again. This will separate a browser configuration problem from a real network issue.

It maybe that you get a message that says 'no route to host' This means that your computer can't find a way to connect to the internet. Let's see if you can talk to your router.

Routing configuration

To know how to get to google, linux first has to know how to get to your router. The command that controls this is called 'route'

Try

route -n

you might see something like this:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         192.168.0.1     0.0.0.0         UG    0      0        0 eth0

This means that by default, your computer will send any data it wants to or from the internet (represented by 0.0.0.0 -- which almost means 'anywhere') to your router on 192.168.0.1. It is your routers job to then send it on to the internet.

Normally your router will be at the first address in your subnet, especially if it´s a dhcp server as well. If you're on 192.168.123.251 or 10.99.150.24, that normally means your router will be at 192.168.123.1 or 10.99.150.1 respectively. Work out what your router would be, from your 'inet addr' line from the block of text about 'eth0' from test 2.

Try to ping your router, for example

ping 192.168.123.1

for the first example above. Change the numbers to fit your network.

Some routers are awkward, and arrive in other places (like x.x.x.254). Check your router's documentation to see what yours does if the command above isn't successful.

If you don't see the line starting 'default' but you can ping your router, then all you need to do is tell your computer about your router. If your router's IP address is 192.168.0.1 then you would type:

route add default gw 192.168.0.1

then

route -n

again and if you have a line starting 'default' above then try pinging google again.

DNS configuration

If you can ping your router, but not google, try pinging google's IP address

ping 66.102.11.99. 

If that works, then you have a problem with DNS.

DNS is used to turn names (like www.google.com) into numbers (like 66.102.11.99) This is called resolving.

Your ISP, that is the company that you are paying for internet access, should have a DNS server that can resolve names for you. Find out the IP address of their DNS server, and add it to your /etc/resolv.conf file.

If their DNS server is 212.159.11.150 for example, one way to do this is to go

echo ¨nameserver 212.159.11.150¨ >> /etc/resolv.conf

try pinging google again.

Usually the fastest DNS servers have numbers very close to your router´s Internet ip number. It is best to have two or more numbers in case of congestion. If you find other numbers in /etc/resolv.conf place them at the end of the list to avoid trying dead numbers first. To test their speed, do dig www.different.names.each.time.com @212.159.11.150 and compare the reply times. Put the fastest ones first in the list.

Related information

Firewalls

• Firewall
• Firewall Primer
• A basic firewall configuration suitable for a workstation
• A basic firewall configuration suitable for a gateway/nat
• Manual configuration of an iptables firewall
• Graphical and interactive firewall configuration

Networking concepts crash course

Layer 3 switch = router

A VLAN is a software way of setting up a seperate network. It's the same as having a totally seperate switch for each new Local Area Network (aka LAN) or what we call a Virtual LAN...voila! VLAN. Try to think of it as each VLAN being a seperate switch, except the part where you have to actually seperate the switches and move cables to change the network that a host is in. Rather than moving network cables in the wiring closet in the back room, you can change VLAN settings remotly from your laptop in Tahiti.

A switch, or layer 2 (OSI layer 2) device can isolate VLANs, or networks, but can't get them to talk to each other. The exception is plugging VLANs into each other, which defeats the purpose of having two VLANs. You set up a VLAN to isolate a network segment at OSI layer 2.

A router, or a 'layer 3 switch', connects IP subnets (OK it connects other network protocols, but this is 2005 so it's either TCP/IP or 'some other protocol'.) You seperate a network at the IP level by changing IP addresses and you can divide the pre-defined class A, B and C networks into smaller ones by also changing the subnet mask.

An IP subnet is usually put on a network with no other IP subnets on it. This can be done by putting all the hosts on one switch and plugging a router into one of that switch's ports. It can also be done by configuring a VLAN and setting your layer 3 switch to route packets out of that VLAN. When you have a seperate IP network segment, it's called a broadcast domain. Each broadcast domain sees all the layer 3 and layer 2 broadcasts from any host in the same broadcast domain.

At OSI layer 1, the physical layer, all the voltage signals sent over the wire are defined. A hub doesn't have to know about MAC addresses (layer 2) or IP addresses (layer 3) it just has to re-transmit the right voltage signal to other ports. This is also called a collision domain because one host's output goes to all other host's input so the hosts have to share the bandwidth and their data can collide and then need to be sent again.