Linux Advanced

Complete Linux Network Configuration Guide

By VCCLHOSTING Team
21,456 views
35 min read
4.9

Linux Network Configuration

This guide covers complete network configuration for Linux systems including interface management, routing, DNS, and firewall setup.

Network Interface Configuration

View Network Interfaces

# Modern ip command
ip addr show
ip link show
ip -s link                # Show statistics

# Legacy ifconfig
ifconfig
ifconfig -a               # Show all interfaces

Configure Static IP (Ubuntu/Debian with Netplan)

# Edit netplan configuration
sudo nano /etc/netplan/01-netcfg.yaml

# Configuration example
network:
  version: 2
  ethernets:
    eth0:
      addresses:
        - 192.168.1.100/24
      gateway4: 192.168.1.1
      nameservers:
        addresses:
          - 8.8.8.8
          - 8.8.4.4

# Apply configuration
sudo netplan apply
sudo netplan --debug apply

Configure Static IP (CentOS/RHEL)

# Edit interface configuration
sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0

# Configuration example
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=8.8.8.8
DNS2=8.8.4.4

# Restart network
sudo systemctl restart NetworkManager
sudo nmcli connection reload
sudo nmcli connection up eth0

Temporary IP Configuration

# Add IP address
sudo ip addr add 192.168.1.100/24 dev eth0

# Remove IP address
sudo ip addr del 192.168.1.100/24 dev eth0

# Bring interface up/down
sudo ip link set eth0 up
sudo ip link set eth0 down

# Change MAC address
sudo ip link set dev eth0 address aa:bb:cc:dd:ee:ff

Routing Configuration

View and Manage Routes

# Display routing table
ip route show
ip route list
route -n
netstat -rn

# Add default gateway
sudo ip route add default via 192.168.1.1

# Add specific route
sudo ip route add 10.0.0.0/8 via 192.168.1.254

# Delete route
sudo ip route del 10.0.0.0/8

# Add route through specific interface
sudo ip route add 172.16.0.0/16 dev eth1

Persistent Routes

# Ubuntu/Debian (Netplan)
network:
  version: 2
  ethernets:
    eth0:
      routes:
        - to: 10.0.0.0/8
          via: 192.168.1.254

# CentOS/RHEL
# Create route file
sudo nano /etc/sysconfig/network-scripts/route-eth0

# Add routes
10.0.0.0/8 via 192.168.1.254
172.16.0.0/16 via 192.168.1.253

DNS Configuration

Configure DNS Servers

# Edit resolv.conf (temporary)
sudo nano /etc/resolv.conf

nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 1.1.1.1
search example.com

# Permanent DNS (Ubuntu/Debian with systemd-resolved)
sudo nano /etc/systemd/resolved.conf

[Resolve]
DNS=8.8.8.8 8.8.4.4
FallbackDNS=1.1.1.1
Domains=example.com

# Restart resolver
sudo systemctl restart systemd-resolved

# Check DNS status
resolvectl status
systemd-resolve --status

DNS Lookup Commands

# nslookup
nslookup example.com
nslookup example.com 8.8.8.8

# dig
dig example.com
dig example.com +short
dig example.com MX
dig example.com NS
dig @8.8.8.8 example.com
dig example.com +trace

# host
host example.com
host -t MX example.com
host -t NS example.com

Firewall Configuration

UFW (Ubuntu/Debian)

# Enable/disable firewall
sudo ufw enable
sudo ufw disable
sudo ufw status
sudo ufw status verbose
sudo ufw status numbered

# Allow/deny ports
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 3306/tcp comment "MySQL"
sudo ufw deny 23/tcp

# Allow from specific IP
sudo ufw allow from 192.168.1.100
sudo ufw allow from 192.168.1.0/24
sudo ufw allow from 192.168.1.100 to any port 22

# Delete rules
sudo ufw delete allow 80/tcp
sudo ufw delete 5  # Delete by rule number

# Reset firewall
sudo ufw reset

# Application profiles
sudo ufw app list
sudo ufw allow "Apache Full"
sudo ufw allow "OpenSSH"

firewalld (CentOS/RHEL)

# Start/stop firewall
sudo systemctl start firewalld
sudo systemctl stop firewalld
sudo systemctl enable firewalld
sudo firewall-cmd --state

# Zones
sudo firewall-cmd --get-default-zone
sudo firewall-cmd --set-default-zone=public
sudo firewall-cmd --get-active-zones
sudo firewall-cmd --list-all

# Add/remove services
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --add-service=https --permanent
sudo firewall-cmd --add-service=mysql --permanent
sudo firewall-cmd --remove-service=http --permanent

# Add/remove ports
sudo firewall-cmd --add-port=8080/tcp --permanent
sudo firewall-cmd --add-port=10000-10100/tcp --permanent
sudo firewall-cmd --remove-port=8080/tcp --permanent

# Source-based rules
sudo firewall-cmd --add-source=192.168.1.0/24 --permanent
sudo firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.100" accept' --permanent

# Reload firewall
sudo firewall-cmd --reload

# List all
sudo firewall-cmd --list-all
sudo firewall-cmd --list-services
sudo firewall-cmd --list-ports

iptables (Advanced)

# List rules
sudo iptables -L
sudo iptables -L -n -v
sudo iptables -t nat -L

# Allow incoming traffic
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Allow from specific IP
sudo iptables -A INPUT -s 192.168.1.100 -j ACCEPT

# Block IP
sudo iptables -A INPUT -s 192.168.1.200 -j DROP

# Allow established connections
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow loopback
sudo iptables -A INPUT -i lo -j ACCEPT

# Default policies
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT

# Save rules (Ubuntu/Debian)
sudo iptables-save > /etc/iptables/rules.v4

# Save rules (CentOS/RHEL)
sudo service iptables save

# NAT/Masquerading
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

# Port forwarding
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

Network Troubleshooting

Connectivity Testing

# Ping test
ping -c 4 google.com
ping -c 10 -i 0.5 8.8.8.8
ping -s 1500 google.com  # Large packet test

# Traceroute
traceroute google.com
traceroute -n google.com  # No DNS resolution
mtr google.com            # Combined ping/traceroute

# TCP connection test
telnet example.com 80
nc -zv example.com 80
nc -zv 192.168.1.1 1-1000  # Port scan

Network Statistics

# Active connections
netstat -tulpn
netstat -anp | grep ESTABLISHED
ss -tulpn
ss -s  # Statistics summary

# Network interface statistics
ip -s link
ifconfig eth0
cat /proc/net/dev

# Bandwidth monitoring
iftop
iftop -i eth0
nethogs
vnstat
vnstat -l        # Live traffic

Packet Capture

# tcpdump
sudo tcpdump -i eth0
sudo tcpdump -i any
sudo tcpdump -i eth0 port 80
sudo tcpdump -i eth0 host 192.168.1.100
sudo tcpdump -i eth0 -w capture.pcap
sudo tcpdump -r capture.pcap

# Wireshark (GUI)
sudo wireshark

# tshark (CLI Wireshark)
sudo tshark -i eth0
sudo tshark -i eth0 -f "port 80"

ARP and Neighbor Discovery

# ARP cache
ip neigh show
arp -a
arp -n

# Add static ARP entry
sudo ip neigh add 192.168.1.100 lladdr aa:bb:cc:dd:ee:ff dev eth0

# Delete ARP entry
sudo ip neigh del 192.168.1.100 dev eth0

# Clear ARP cache
sudo ip -s -s neigh flush all

Bond/Team Interfaces

Network Bonding (Ubuntu/Debian)

# Install bonding module
sudo modprobe bonding

# Netplan configuration
network:
  version: 2
  ethernets:
    eth0:
      dhcp4: no
    eth1:
      dhcp4: no
  bonds:
    bond0:
      interfaces:
        - eth0
        - eth1
      addresses:
        - 192.168.1.100/24
      gateway4: 192.168.1.1
      parameters:
        mode: active-backup
        mii-monitor-interval: 100

# Apply
sudo netplan apply

Network Teaming (CentOS/RHEL)

# Create team
sudo nmcli connection add type team con-name team0 ifname team0 config '{"runner": {"name": "activebackup"}}'

# Add slaves
sudo nmcli connection add type team-slave con-name team0-eth0 ifname eth0 master team0
sudo nmcli connection add type team-slave con-name team0-eth1 ifname eth1 master team0

# Configure IP
sudo nmcli connection modify team0 ipv4.addresses 192.168.1.100/24
sudo nmcli connection modify team0 ipv4.gateway 192.168.1.1
sudo nmcli connection modify team0 ipv4.method manual

# Activate
sudo nmcli connection up team0

VLANs

VLAN Configuration

# Load 8021q module
sudo modprobe 8021q
sudo echo "8021q" >> /etc/modules

# Create VLAN interface
sudo ip link add link eth0 name eth0.10 type vlan id 10
sudo ip addr add 192.168.10.1/24 dev eth0.10
sudo ip link set eth0.10 up

# Netplan VLAN configuration
network:
  version: 2
  ethernets:
    eth0:
      dhcp4: no
  vlans:
    vlan10:
      id: 10
      link: eth0
      addresses:
        - 192.168.10.1/24

Network Bridge

Bridge Configuration

# Install bridge utilities
sudo apt install bridge-utils

# Create bridge
sudo ip link add name br0 type bridge
sudo ip link set br0 up

# Add interfaces to bridge
sudo ip link set eth0 master br0
sudo ip link set eth1 master br0

# Assign IP to bridge
sudo ip addr add 192.168.1.100/24 dev br0

# Show bridge
sudo bridge link show
sudo brctl show

Conclusion

This comprehensive guide covers Linux network configuration and troubleshooting. VCCLHOSTING provides fully configured network infrastructure on all servers with 10Gbps connectivity.

Tags

#Linux #networking #configuration #troubleshooting #firewall

Need Professional Hosting?

VCCLHOSTING provides enterprise-grade hosting solutions with 24/7 support, 99.9% uptime SLA, and ISO 27001 certification. Get started today!

View Hosting Plans Contact Sales

Related Articles

Essential Linux Commands Every Administrator Should Know
25 min
Complete Linux OS Installation Guide for All Major Distributions
30 min
Linux Troubleshooting Commands: Complete Diagnostic Guide
40 min
Ubuntu Server for Linux - Part 1
22 min
CentOS for Linux - Part 2
18 min
View All in Category →

Need Help?

Our expert support team is available 24/7 to assist you.

Contact Support