IOS203_Ch12

Chapter 12: Basic Networking Commands

Understanding IP Networking ................................................................... 3

Network Configuration Files.................................................................... 14
Network Services .................................................................................... 19

1
IOS203_Ch12

Objectives
Upon completion this chapter, the student will understand and learn:

 Linux’s essential networking commands;

 Linux’s network configuration files;
 How to manage network services.

Keywords
IP, Client/Server, loopback, network interface, ifdown, ifup, ifconfig, route,
NetworkManager, hostname, dhclient, ping, netstat, DNS, hosts, vsftpd.

2
IOS203_Ch12

Nowadays, most computer are connected, somehow, to a network, and sometime they are
connected to the Internet. For this reason, when using Linux OSs it is important to know Linux’s
essential networking commands and network configuration files.

1. Understanding IP Networking

The IP (abbreviation for Internet Protocol) networking represents networks that communicate
through IP addresses, which is used not only in the Internet, but also in most internal networks.
Ethernet, Cable Modems, DSL Modems, dial up modems, wireless networks, and VPN connections
are typical examples of IP networking.

There are few addresses that were defined for specific purposes. For example, the IP address
127.0.0.1, called loopback. Every single device that uses the TCP/IP protocol is automatically
assigned this address, even if it does not have a network device and it has not been assigned any
other IP. By using this loopback address, we can test the TCP/IP protocol locally.

One difference between CentOS7 distro and those prior to it is the naming convention for network
interfaces. The network interfaces were numbered, starting from 0 and the first Ethernet
interface would be named eth0. This is no longer the case in CentOS 7 where the systemd, by
default, name network interfaces using the following different naming schemes [6]:

 Names incorporating Firmware or BIOS provided index numbers for on-board devices
(example: eno1), else falling back to next scheme
 Names incorporating Firmware or BIOS provided PCI Express hotplug slot index numbers
(example: ens1), else falling back to next scheme.
 Names incorporating physical location of the connector of the hardware (example: enp2s0),
else falling back to next scheme.
 The traditional unpredictable kernel-native ethX naming (example: eth0)
 Names incorporating the interface’s MAC address (example: enx78e7d1ea46da), is not
used by default, but is available if the user chooses it.

The names have two-character prefixes based on the type of interface:

Device Type Symbol

en Ethernet
wl Wireless LAN (WLAN)
ww Wireless Wide Area Network (WWAN)

The other characters in the names are described in the following table:

Format Description
o<index> on-board device index number
s<slot>[f<function>][d<dev_id>] hotplug slot index number
x<MAC> MAC address
PCI geographical location, the
[P<domain>] p<bus>s<slot>[f<function>][d<dev_id>]
[P<domain>] number is only

3
IOS203_Ch12

mentioned if the value is not 0. For

example: ID_NET_NAME_PATH=P1enp5s0
[P<domain>]p<bus>s<slot>[f<function>][u<port>][..] USB port number chain
[c<config>][i<interface>]

Static Vs Dynamic IP Configuring

Assigning a static IP address to a given device means that the IP address does not change over
time unless changed manually. But, in case the device connects to the network occasionally, it is
better to use a dynamic IP address which changes over time. In fact, there is no strict rule defining
when to use static or dynamic IP address. It depends on user's needs, preferences and the network
environment. Despite of this fact, static IP addressing is a good choice in the following situations
[6]:
 To ensure network address consistency for servers such as DNS, and authentication
servers;
 To use out-of-band management devices that work independently of other network
infrastructure.

Starting/stopping a network interface

To stop a network interface, use the ifdown command. The syntax of this command is:

# ifdown interface-name

To stop a network interface, use the ifup command whose syntax is the following:

# ifup interface-name

Here are two examples:

ifconfig command vs ip command

Although, the ifconfig command is still used to configure/display/control network interfaces, it

does not support InfiniBand addresses. So, it is replaced by the ip command.

You can configure a network interface using the ip command, but when you reboot, you will lose
any changes. The RedHat package for this command is iproute and the following command line
shows the version of the ip utility:

The following represents a comparison between ifconfig and ip commands:

a. Displaying all network interfaces:

4
IOS203_Ch12

# ifconfig –a

# ip a
Or:
# ip a show

b. Take down/up a network interface:

# ifconfig ens33 {down|up}

5
IOS203_Ch12

# ip link set ens33 {down|up}

c. Set a static IP and a netmask mask

# ifconfig ens33 192.168.10.10 netmask 255.255.255.0

# ip address add 192.168.10.10/255.255.255.0 dev ens33

Or:

# ip addr add 192.168.10.10/24 dev ens33 # 24 = 8 + 8 + 8 + 0

The command line ip a show dev ens333 shows the ip address associated to the network interface
ens33. The command ip a (or ip addr or ip address) without any arguments lists and shows all ip
addresses associated on all network interfaces. It is also possible to specify and list particular
interface TCP/IP details using the following command lines:

### Only show ens33 interface ###

# ip a show ens33
# ip a list ens33
# ip a show dev ens33

### Only show running interfaces ###

# ip link ls up

6
IOS203_Ch12

You can select between IPv4 and IPv6 using the following syntax:

### Showing only IPv4 ##

# ip -4 a

### Showing only IPv6 ###

# ip -6 a

d. Remove static IP address

You can clear the ip address information for an interface using the command lines written below:

# ifconfig ens33 del 192.168.10.10

# ip addr del 192.168.10.20/24 dev ens33

e. Set a MAC address:

You can add mac address to an interface using the command lines written below:

# ifconfig ens33 hw ether aa:bb:cc:dd:ee:ff

# ip link set dev ens33 address aa:bb:cc:dd:ee:ff

f. Set MTU (Maximum Transfer Unit):

# ifconfig ens33 mtu 2000

# ip link set dev ens33 mtu 2000

g. Enable multicast flag:

# ifconfig ens33 multicast

7
IOS203_Ch12

# ip link set dev ens33 multicast on

h. Set the transmit queue length:

# ifconfig ens33 txqueuelen 1500

# ip link set dev ens33 txqueuelen 1500

i. Enable ARP:

The Address Resolution Protocol is a critical function in Internet Protocol computer networks; it
is a communication protocol used for discovering the link layer address associated with a given
IPv4 address. To enable it, you should run the commands:

# ifconfig ens33 arp # To disable this option, just replace arp with -arp

# ip link set dev ens33 arp on # To disable this option, just replace on with off

j. Enable promiscuous mode

Promiscuous mode is a mode makes every transmitted data packet received and read by a
network adapter; this is often used to monitor network activity:

# ifconfig ens33 promisc

# ip link set dev ens33 promisc on

route command vs ip command to show/manipulate the routing table

Some computers have multiple default gateways and static gateways; information about these
gateways are available in the routing table. You can use the “old” route command to show and
manipulate the routing table:

# route

To display the routing table using the ip command, you can choose one of the following command
lines:

# ip route show
# ip route
# ip r show
# ip route list
# ip r list

8
IOS203_Ch12

# ip r

A default route can be set using ip and route commands for destinations without static routes
defined:

# route add default gw 192.168.1.1

# ip route add default via 192.168.1.1

A static route defines a destination to a specific network. To add a new route, you can use one of
the following commands:

# route add -net 192.168.3.30 netmask 255.255.255.0 gw 192.168.3.10

# ip route add 192.168.3.30/24 via 192.168.3.10 dev ens33

In this example, we are specifying that all packets destined for 192.168.3.30/24 network must go
through 192.168.3.10 gateway; ens33 is the network interface.

Similar syntax could be used with the ip command to add a new route:

# ip route add {NETWORK/MASK} via {GATEWAYIP}

# ip route add {NETWORK/MASK} dev {DEVICE}
# ip route add default {NETWORK/MASK} dev {DEVICE}
# ip route add default {NETWORK/MASK} via {GATEWAYIP}

To remove a route from a routing table, you can use one of the following commands:

# route del -net 192.168.3.30

# ip route del 192.168.3.30/24 via ens33

To remove the default gateway from a routing table, you can use one of the following commands:

# route del default gw 192.168.1.1

# ip route del default via 192.168.1.1

host command

During installation of CentOS, you need to give a hostname or an IP address to get various
information about that host when needed. The host command allows you to find the ip address
of a host machine:

9
IOS203_Ch12

You can use the host command with the -t option to find the domain name servers:

hostname command

This command returns the static host name, which can be chosen by the user, and is stored in
the /etc/hostname file:

dhclient command

Home and client Linux desktops often have /usr/sbin/dhclient running. This is a daemon that
enables a network interface to get an IP configuration from a dhcp server. When the dhclient
command is used, the IP address will override the IP address set by the ifconfig (or ip) command.

# dhclient

ping command

ping is a utility for testing if a host is reachable on a network; it could be used to check if a
computer can communicate with another computer (target host). The ping command helps you
to determine whether the target host is reachable or not, to measure the amount of time packets
take to get to the target host and back to your computer (rtt: round-trip time) and to measure
the percentage of lost packets. It works by sending a series of Internet Control Message
Protocol (ICMP) messages to the target host and waiting for an ICMP echo reply.

10
IOS203_Ch12

You can use the IP address of target host, and you can specify the number of sent packets by using
the –c option:

Most servers will respond to a ping query. A lack of response could be due to:
 The target host with that IP address doesn't exist;
 The target host has been configured to not respond to pings;
 A firewall or router along the network path is blocking ICMP traffic;
 You have incorrect routing. Check the routes and subnet masks on both the local and
remote servers and all routers in between.
 The IP address of the target host is incorrect.

Show network statistics

You can use the ip command with the option -s to show the statistics of the various network
interfaces.

# ip -s link

When you need to get information about a particular network interface, add the
option ls followed by the name of the network interface. When you use the option -s more than
once gives you more information about that particular interface. This is useful when
troubleshooting errors in network connectivity.

# ip -s -s link ls ens33

Network Manager

The Network Manager (or NetworkManager) is the default networking service in

CentOS/RedHat7. It is a dynamic network control and configuration daemon to keep network
devices and connections up and active when they are available.

11
IOS203_Ch12

Although, you can use the Network Manager at the graphical interface, the nmcli (Network
Manager at the CLI) option has been chosen because it’s the quicker and arguably the least prone
to errors. You should remember that changes made through the nmcli command are permanent.

You can use the following commands to check if Network Manager is active, enabled, and print
runtime status information of the Network Manager.

# systemctl is-active NetworkManager

# systemctl is-enabled NetworkManager

# systemctl status NetworkManager

To manage the Network Manager, you can use systemctl start|stop|restart NetworkManager.

To show the network configuration, use the following:

# nmcli con show # con is a shortcut for connection, you can even type only c)

Or you can type:

# nmcli dev status

You can remove a connection (here ens33) by using the following command line:

# nmcli con del ens33

You can create a connection with the name ens33, the IPv4 address 192.168.1.10/24 and the
default gateway 192.168.1.1, type:

12
IOS203_Ch12

# nmcli con add con-name net-eth0 ifname ens33 type ethernet ip4 192.168.1.10/24 gw4 192.168.1.1

You can check the connection now:

# nmcli dev show ens33

You can stop a network connection from working (here ethernet-ens33) by using the following
command line:

# nmcli con down ethernet-ens33

You can start a network connection from working (here ethernet-ens33) by using the following
command line:

# nmcli con up ethernet-ens33

You can prevent the connection (here ethernet-ens33) to restart after reboot by using the
following command line:

# nmcli con mod ethernet-ens33 connection.autoconnect no

You can change the IP address and the default gateway of the ethernet-ens33 connection to
respectively 192.168.2.25/24 and 192.168.2.1 by using the following command lines:

# nmcli con mod ethernet-ens33 ipv4.addresses "192.168.57.140/24"

# nmcli con mod ethernet-ens33 ipv4.gateway "192.168.2.1"
# nmcli con mod ethernet-ens33 ipv4.method manual
# nmcli con up ethernet-ens33

13
IOS203_Ch12

netstat command

The netstat command is used to display network information including open ports. It displays
network connections, routing tables, interface statistics, masquerade connections, and multicast
memberships. In CentOS/Rdht7, this command is replaced by other commands; some of them are
shown in the following table:

Command replaced by: Description

netstat ss Network statistics
netstat -r ip route Routing table entry
netstat -i ip –s link Statistics
netstat -g ip maddress Multicasting address

2. Network Configuration Files

If a network lacks a DHCP server, you must provide basic network configuration options manually.
You can set these options using interactive commands, as described shortly in the previous
section; but to set them in the long term, you need to edit the network interfaces files. These files
are usually found in the following location:

/etc/sysconfig/network-scripts/

The content of this folder is shown in the following snapshot:

The following represents the content of the ifcfg-ens33 file; which is a network configuration file:

14
IOS203_Ch12

The following table contains description about most common configuration parameters could be
found in this file:

Setting Description
The type of network interface device, “Ethernet” means
TYPE= device_type
wired connection is to be used
BOOTPROTO=protocol It could be one of the following:
 dhcp: dynamitic host configuration protocol;
 none: no boot-time protocol is used;
 bootp: bootstrap protocol is used.
DEFROUTE  yes: This interface is set as the default route for
| IPV6_DEFROUTE=answer IPv4|IPv6 traffic.
 no: This interface is not set as the default route
IPV6INIT=answer  yes: Enable IPv6 on this interface. The following
parameters could also be set in this file:
o IPV6ADDR=IPv6 address
o IPV6_DEFAULTGW=The default route through
the specified gateway
 no: Disable IPv6 on this interface.
IPV4_FAILURE_FATAL  yes: This interface is disabled if IPv4 or IPv6
| IPV6_FAILURE_FATAL=answer configuration fails.
 no: This interface is not disabled if configuration fails.
PEERROUTES If yes, then it has the opposite meaning as 'ignore-auto-
routes' property
ONBOOT= answer  yes: This interface is activated at boot time.
 no:This interface is not activated at boot time.
DEVICE= answer the name of the physical device, here the answer is ”ens33”
PREFIXN=N Length of the IPv4 netmask value
MACADDR=<MAC-address>= the hardware address of the Ethernet device in the form
HWADDR AA:BB:CC:DD:EE:F

15
IOS203_Ch12

NAME= answer The name of the interface that the configuration file
controls. Here, the answer is ”ens33”.
IPADDR0=address The first IP address to be assigned to the interface.
Additional IP addresses can be added using IPADDR1,
IPADDR2
DNS1= address DNS server to use, it should be placed in /etc/resolv.conf.
Additional DNS servers are added by using DNS2…
GATEWAY0=address The IPv4 gateway address assigned to the interface. Because
an interface can be associated with several combinations of
IP address, network mask prefix length, and gateway
address, these are numbered starting from 0
PEERDNS Determines if the file /etc/resolv. conf file is modified or not.
yes: the parameters DOMAIN, DNS1 and DNS2 will be used
to set search and nameservers entries in the file
/etc/resolv.conf
no: the file /etc/resolv.conf is not modified

Configuring a Static IP

The following steps show you how to set up a static IP address in CentOS7:

 Find the name of the network interface you want to change using the IP command.

# ip –link

 Use the vi text editor to open the configuration file corresponding to the network
interface you have chosen, ens33 for example. Open the file /etc/sysconfig/network-
scripts/ifcfg-ens33 and enter the minimum configuration settings in order to make this
network interface act as a DHCP client:

BOOTPROTO =none
ONBOOT =yes

 then, add the following information about your network under the already existing text:

IPADDR=192.168.1.22
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
DNS2=8.8.8.8
PEERDNS=yes
USERCTL=no

 If you have NetworkManager service running, you will need to instruct the network
service that network manager doesn’t manage this interface (ens33). This is done by
adding the following line to the interface configuration file:

NM_CONTROLLED=no

16
IOS203_Ch12

 Then you can stop NetworkManager service:

# systemctl stop NetworkManager

 Save the file and exit the text editor

 Once you have configured your network interface for using a static IP address, restart
your network. On CentOS/Redhat 7 use the following command line to restart your
network:

# systemctl restart network

Configuring network interface for DHCP

You are going to configure a network interface to receive an IP configuration settings from a DHCP
server.

 Get the name of the network interface you would like to set as DHCP client. To do this
you can run the following command:

# ip addr show

 Use the vi text editor to open the configuration file corresponding to the network
interface you have chosen. For instance, the file /etc/sysconfig/network-scripts/ifcfg-
ens33 and enter the minimum configuration settings in order to make this network
interface act as a DHCP client:

DEVICE=ens33
BOOTPROTO=dhcp
ONBOOT=yes

Some other optional configuration settings for this network interface are:

DEVICE=ens33
NETBOOT=yes
HWADDR=00:0c:29:9a:b6:cc
TYPE=Ethernet
BOOTPROTO=dhcp
NAME=ens33
UUID=fd1a5d65-7fa9-47ee-b33b-155b31af98fe
ONBOOT=yes

 For these changes to take effect, you must restart the network with the command:

# systemctl restart network

To start the dhcp service, use the following command line:

# systemctl start dhcp

17
IOS203_Ch12

To stop it:

# systemctl stop dhcp

DNS settings file

During installation, one step was to provide the name of a DNS server and the search domain. The
/etc/resolv.conf file usually has at least two lines, one line specifies the IP address of a DNS server
(or name server) and the other specifies the search domain. You can modify this information and
add additional DNS servers by editing the DNS configuration file:

The previous snapshot shows one name server 192.168.57.2 and the search domain localdomain.

hostname configuration file

During installation, you have specified the hostname by which the system will be identified on
your network. You can change this name by editing the /etc/hostname file or by using the
hostnamectl command:

# vi /etc/hostname

The previous hostname command with the –s option to show short hostname.

hosts file

The /etc/hosts file is a text file that associates IP addresses with hostnames, one line per IP
address. This file resolves, or looks up, an IP address when the hostname is known. Larger
networks would use DNS to perform this resolution. Even if using DNS, include in this file a line
specifying the IP address of the loopback device (127.0.0.1) as localhost.localdomain. The
following represents the content of this file on a CentOS7 system:

Each line contains an IP address assigned to a canonical hostname and optionally some aliases.
Here is an example of a line you could add:

192.168.100.35 www.example.com myserver myhome

18
IOS203_Ch12

Modifications to this file normally take effect immediately.

Global network settings file

The /etc/sysconfig/network file specifies global network settings. For example, you can specify
the default gateway in this file:

dhcpd.conf file

This file contains configuration information for dhcpd. When dhcpd starts, it reads the dhcod.conf
file. If this file does not exist, you should install the dhcp package:

# yum install dhcp

The example configuration file can be found at:

/usr/share/doc/dhcp-version/dhcpd.conf.example.

You should use this file to help you configure /etc/dhcp/dhcpd.conf.

3. Network Services

In Linux, network services are often designed to work in a client-server manner. A network server
application starts automatically as a system boots and shuts down when the system does; it is
always running to serve other network applications. A network client application is generally
running only when in use, and can access all the resources offered by a server with ease. Most

19
IOS203_Ch12

Linux network servers and clients communicate using the TCP/IP protocol. The protocol address
of both the client process and the server process consists of an IP address and a port number.
Network servers usually use assigned, "well known" ports, as found in the /etc/services file.
Network clients generally use randomly assigned ports. Often, well know ports reside in the range
of privileged ports, below port number 1024. For instance, to communicate with a Web Server it
would use the port 80, to connect to an FTP server we’d have to access to port 21, etc… That is,
for every network service running in the server there would be (at least) one open TCP port.

Starting and Stopping Services

On CentOS 7 and modern OSs, the systemctl command is used for manipulating services. The
following table describes the common useful networking commands where network.service
represents the name of the specified service:

Command Description
# systemctl status network.service Display Current Network Status
# systemctl restart network.service Restart Network Service
# systemctl stop network.service Stop Network Service
# systemctl start network.service Start Network Service

CentOS7 supports many network services including NFS, FTP, SSH, Samba, http and others. As an
example of network services, you will learn how to get ftp service on your CentOS.

Install FTP server using VSFTPD

FTP stands for File Transfer Protocol. It has been a standard method for transferring files between
computers for decades. Although security measures have been added, FTP is by nature an
insecure method for transferring files. However, it can be useful when making files available to
multiple users, or when working in a secure and private network.

You will learn how to configure and install an FTP server by using the VSFTPD (abbreviation for
Very Secure FTP Daemon) which is a relatively easy software utility to use for creating an FTP
server. All the steps listed below are found in [8].

 Install VSFTPD software with the following command:

# yum install –y vsftpd

20
IOS203_Ch12

 Start the service and set it to launch when the system boots with the following:

# sudo systemctl start vsftpd

# sudo systemctl enable vsftpd

 Create a rule for your firewall to allow FTP traffic on Port 21:

# firewall-cmd --zone=public --permanent --add-port=21/tcp

# firewall-cmd --zone=public --permanent --add-service=ftp

# firewall-cmd –-reload

Now, you should configure the FTP service. The configurations file of this service is
/etc/vsftpd/vsftpd.conf.

 Create a copy of the default configuration file that you can to return to it in case you
change a setting that may cause issues.

# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.default

 Edit the configuration file with the following command:

21
IOS203_Ch12

# vi /etc/vsftpd/vsftpd.conf

 Set your FTP server to disable anonymous users and allow local users. Find the following
entries and change them to match the following:

anonymous_enable=NO

local_enable=YES

Anonymous access is a risky; you should avoid it unless you understand the risks.

 Allow a logged-in user to upload files to your FTP server, find the following entry and
change it to match as follows:

write_enable=YES

 Limit FTP users to their own home directory. Find and change the entry to match the
following:

chroot_local_user=YES
allow_writeable_chroot=YES

For test purposes, the allow_writeable_chroot=YES option should be added if it does not
exist; it will create a functioning FTP server that you can test and use. For more details about
the /etc/vsftpd/vsftpd.conf file, you can go to this URL:
http://vsftpd.beasts.org/vsftpd_conf.html
 To create an approved user list, find the userlist_enable entry and change it as follows:

userlist_enable=YES
userlist_file=/etc/vsftpd/user_list
userlist_deny=NO
You should add the missing entries. You can now edit the /etc/vsftpd/user_list file, and add
your list of users. (List one per line.) The userlist_deny option lets you specify users to be
included; setting it to yes would change the list to users that are blocked.

 Save your changes, then restart the vsftpd service to apply changes:

systemctl restart vsftpd

22
IOS203_Ch12

 To add a new FTP user (i.e., testuser) to the userlist, you should use the following
command:

# echo “testuser” | tee –a /etc/vsftpd/user_list

 Create a directory for the new user, and adjust permissions:

# mkdir –p /home/testuser/ftp/upload

# chmod 550 /home/testuser/ftp

# chmod 750 /home/testuser/ftp/upload

# chown –R testuser: /home/testuser/ftp

 If you want to test locally your ftp server, you should use the localhost name and log in
with the name and password of the user you have created.

 Now, you can remotely log in to your FTP server with the user you have created by using
the server name or its IP address.

23
IOS203_Ch12

Questions
1. What is loopback?
2. Is it true that CentOS7 and prior distros have the same naming convention?
3. What is the difference between static and dynamic IP address?
4. Display your current IP address(es).
5. Which configuration file containing your current IP address.
6. How can you remove a static IP address?
7. Verify whether dhclient is running.
8. How can you change your IP address from dhcp client to static?
9. In the previous question, verify that you have configured correctly the gateway.
10. Could ip command replace route command?
11. Which ports are used by ftp, http, ssh, and nntp?
12. What is rtt?
13. Display the hostname of your computer.
14. What is NetworkManager?
15. How can restart a network service?
16. Display the DNS(s) of your computer.
17. Change the last four digits of your MAC address.
18. What is VSFTPD?
19. Which configuration file containing the dhcpd settings?
20. Which file containing the configuration settings of your Ethernet network interface?

24
IOS203_Ch12

References
1. Red Hat Linux Essentials RH033-RHEL5-en-2-20070306
2. Paul Cobbaut, “Linux Fundamentals”, https://linux-training.be/funhtml/index.html. Updated
on 2015-05-24
3. https://www.linuxnix.com/
4. https://www.unixmen.com/setting-nfs-server-client-centos-7/
5.https://www.serverlab.ca/tutorials/linux/administration-linux/how-to-configure-centos-7-
network-settings/
6. https://access.redhat.com/documentation/en-
us/red_hat_enterprise_linux/7/pdf/networking_guide/Red_Hat_Enterprise_Linux-7-
Networking_Guide-en-US.pdf
7. https://www.thegeekdiary.com/understanding-the-network-interface-configuration-file-etc-
sysconfig-network-scripts-ifcfg-eth/
8. https://phoenixnap.com/kb/how-to-setup-ftp-server-install-vsftpd-centos-7

25