Tech  

Configure Linux Server with IP Commands from iproute2 Instead of ifconfig

When we need to configure the network of a Linux-based server, years ago the command “ifconfig” was used, in fact, you can continue to use it, but you will have to install an additional package in your operating system, because the suite is now used by default iproute2, and the popular “ip” command . All Linux users have always used ifconfig, but the new ip command is much more intuitive and easy to use, in addition, we can also configure static routes in the operating system without having to use another additional program (route). Do you want to know everything about the ip command of the iproute2 suite to configure your Linux server at the network level?

Main features of IProute2 on Linux

Iproute2 is a network utility package found by default in most Linux-based operating systems today, such as Debian, Ubuntu, RedHat, and many other desktop and server-oriented distributions. This package includes a very complete set of tools that will allow us to configure and manage network interfaces in detail. This package completely replaces the ifconfig, route and arp functionalities, all under the same “ip” command to make it easier for users to use this powerful tool. Of course, not only do we have the same features as always, but in iproute2 they have added very important functionalities.

Configure Linux Server with IP Commands

IProute2 is a much more complete and modern tool than ifconfig, so its use is recommended when managing different aspects of our network. With IP we can carry out the same actions that we can do with ifconfig and, being a much more complete suite, we can configure more parameters that ifconfig would not allow us.

QoS (Quality of Service)

iproute2 provides us with QoS, it is capable of prioritizing different types of traffic efficiently, traffic control is made up of several operations that are performed internally by the tool, such as the packet classification mechanism, placement in different classes or flows, and even limitation of the number of packets or bytes that can be used in a data stream.

Load balancing and IP tunnels

This tool allows assigning weights to each of the network interfaces that we have on the server, therefore, we can do a load balancing based on different algorithms, ideal for balancing the traffic between several interfaces and not collapsing one of them. iproute2 also allows us to create tunnels that encapsulate packets in IPv4 format and are sent through the IP infrastructure.

Multiple routing tables

iproute2 will allow us to create several routing tables in the operating system, we can configure a main routing table, and later create different routing tables to efficiently route all traffic. Of course, in each routing table we can define a different default gateway (gateway). This is ideal if we have several network interfaces on the server, and we want the traffic that comes through one interface to go out through that same interface, although it could also go out through another interface, it all depends on how you have routing configured on your server . Without a doubt, this functionality is one of the most important that iproute2 integrates as it will allow us great flexibility.

Also Read:  VLC 3.0.12 – Solution to Vulnerabilities to Run Malware

Operation of the ip command

The main tool of iproute2 is the “ip” command, with which we can view and configure IP addresses, view and configure routing tables, view and configure IP tunnels, and also view and configure the physical interface. The syntax that we must use with this command is the following:

  • ip [OPTIONS] OBJECT [COMMAND]

The “OBJECTS” that we have in ip are the following, and they are the ones that we can see and configure the physical links, ip addresses, routes and more. It is very important that all orders are as we put them, all in lowercase, otherwise, it will return an error. Here are the main ones:

  • link : it is used to configure the physical or logical network interfaces, for example, to see the status of all network interfaces.
  • address : allows you to view and configure the IPv4 and IPv6 addresses associated with the different network interfaces. Each interface must have at least one IP address configured.
  • addrlabel : add a label
  • neighbor : allows you to see the neighborhood links, that is, you can see the ARP table of the operating system.
  • rule : allows you to view and configure routing policies and change them, this is used especially when you are going to configure several routing tables.
  • route : allows you to view and configure the routing tables, both for the main routing table, and for the “secondary” ones you configure.
  • tunnel : allows you to see the IP tunnels and also configure them.
  • maddr – View and configure multilink addresses.
  • mroute – View and configure the multicast routing table.
  • mrule – View and configure multicast address routing policies.
  • monitor : allows you to monitor the status of the network cards continuously, also IP addresses and routes.
  • ntable: manages the neighbor cache (ARP)
  • tuntap : manages TUN / TAP interfaces, oriented towards VPNs such as OpenVPN or WireGuard.
  • maddress : configuration of multicast addresses
  • xfrm : manages IPsec policies.
  • netns : manage network namespaces
  • l2tp : L2TP configuration
  • tcp_metrics : manages TCP metrics.
  • token: manages the tokenized identifiers of the interfaces.

How the ip route command works

Although “ip route” is built into iproute2, it has additional specific settings. “Ip route” allows us to see and configure the operating system’s routing table, but it will also allow us to see and configure all the routing tables that we create in the operating system itself. We must bear in mind that for each entry in the routing table, we must have the network address, mask and gateway, in addition, we could also configure the ToS (type of service). The Linux operating system will allow us to create a total of 253 routing tables, by default, the operating system enters the routes in the main routing table that has ID 254, and the kernel only uses this table to calculate the paths. The routing table with ID 255 is the local and broadcast address table, this table is maintained by the kernel and should not be touched by network administrators.

If we want to add or remove routing tables, we must edit the file «/ etc / iproute2 / rt_tables», in this article we will show you later how to create a second routing table and configure it, since we will have to make use of «ip rule» and also “ip route”.

“Ip” Commands to Configure IP Addressing

In this article we are going to indicate the main commands that we can use when viewing and configuring the IP addressing, we should never use the “ifconfig” command, but we are going to indicate the “translation” so that you can compare both commands.

Show network devices and their settings

With the command “ifconfig” we could see all the interfaces and the IP addressing configuration in detail.

ifconfig

With the ip command, we have two similar commands, one of them will show us all the information at the IP addressing level (ip addr show), and the other will show us the status of the physical interface (ip link show):

Also Read:  How Hackers Could Steal Passwords without Using Any Malware

ip addr show ip link show

Activate a network interface

In this case, the commands are very similar.

ifconfig ens33 up ip link set ens33 up

Disable a network interface

As you can see, the commands are almost the same, but it is necessary to use the “ip link” since we are referring to the network card.

ifconfig ens33 down ip link set ens33 down

To run the “ip link” help and see all the commands that we can execute, simply put:

ip link help

Configure an IP address on an interface

ifconfig ens33 192.168.1.1/24 ip addr add 192.168.1.1/24 dev ens33

Remove an IP address from an interface.

Ifconfig does not allow this directly, but the IP address 0.0.0.0 must be configured

ifconfig ens33 0.0.0.0

In the case of ip, it is as easy as replacing the “add” to configure an IP, with “del” to eliminate it (delete).

ip addr del 192.168.1.1 dev ens33

Add a virtual interface (alias)

In the case of ifconfig, it could be done like this:

ifconfig ens33:1 10.0.0.1/8

In the case of ip, we simply have to put the usual IP, but with “label ens33: 1” or whatever alias we want.

ip addr add 10.0.0.1/8 dev ens33 label ens33:redeszone

To run the “ip addr” help and see all the commands that we can execute, simply put:

ip addr help

View the entries in the ARP table

arp -n ip neigh show

Add an entry in the ARP table

In the case of “ifconfig”, it is not done with this command, but with the command “arp” which has now disappeared:

arp -i eth0 -s 192.168.0.1 00: 11: 22: 33: 44: 55

In the case of iproute2, we have to use the “neigh” object, as you can see:

ip neigh add 192.168.0.1 lladdr 00: 11: 22: 33: 44: 55 nud permanent dev ens33

Remove an ARP entry

ifconfig -arp ens33 ip neigh del 192.168.0.1 lladdr 00: 11: 22: 33: 44: 55 nud permanent dev ens33

To run the “ip neigh” help and see all the commands that we can execute, simply put:

ip neigh help

As you have seen, the possibilities of iproute2 with ip link, ip addr and ip neigh are almost infinite, in addition, the syntax is very intuitive, looking very similar to the Cisco routers that are so well known in the world of networks.

Commands “ip route” to configure routes

The command “ip route” will allow us to configure the main routing table of the operating system, and also the additional routing tables that we configure in the operating system. Next, you have some examples of use with only the ip route command, without using the old “route” that we had with the “ifconfig” suite.

Add a route in the routing table

ip route add 10.8.0.0/24 via 192.168.1.2

Delete a route in the routing table

ip route del 10.8.0.0/24 via 192.168.1.2

Change a route in the routing table

ip route chg 10.8.0.0/24 via 192.168.1.3

Add the default gateway (gateway)

ip route add default via 192.168.1.1

Delete the default gateway (gateway)

ip route del default via 192.168.1.254

View the status of the main routing table

ip route show ip route list

As you can see, adding, deleting and changing static routes is really easy, just like defining a default gateway in our operating system.

How to configure multiple routing tables in Linux

One of the main characteristics of iproute2 is that it allows us to create multiple routing tables, with the aim of being able to have several gateways. The first thing we have to do is edit the file that is in “/ etc / iproute2 / rt_tables”, whose content is the following

#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep

As you can see, we have three tables, local, main and default. All we have to do is add the name of the new routing table, for example “redeszone” with a preference identifier 66.

Also Read:  MX Linux: New Distro to Install on the Raspberry Pi

#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep

66 redeszone

Once we have added it, we save the file, and we start adding routes in the usual way.

We on our computer have a private IP address 10.10.2.2, we want to set the gateway to 10.10.2.1, and add a route to 10.8.0.0/24 on the ens37 interface.

ip route add 10.8.0.0/24 dev ens37 src 10.10.2.2 table redeszone

We must put the command “src” followed by the IP address of the real physical interface, and then with “table” choose the name of the table. If we want to delete this route that we have created in the routing table «redeszone», we have to put:

ip route del 10.8.0.0/24 dev ens37 src 10.10.2.2 table redeszone

If we want to add the gateway to this new routing table, we must put the following:

ip route add default via 10.10.2.1 dev ens37 table redeszone

In order for the operating system to know when to use this new routing table that we just created, two rules must be configured, one with incoming traffic and the other with outgoing traffic reaching a specific interface.

ip rule add from 10.10.2.2/32 table redeszone

ip rule add to 10.10.2.2/32 table redeszone

These two rules indicate that traffic from IP address 10.10.2.2 uses the routing table “redeszone”, and traffic to IP 10.10.2.2 also uses it.

To see the status of the routing table we just created, we run:

ip route list table redeszone

If we want to see all the added rules, we put:

ip rule show

Make all changes to IPs and routes persistent

If we restart the server, all the changes that we have made in the operating system with the “ip” command will not be saved when we restart the server, therefore, we must make these changes persistent. Depending on the operating system, it is done in one way or another, in this article we have used the latest Debian version to do this. The first thing we must do is edit the configuration file located in “/ etc / network / interfaces”, this is where we can put all the IP addresses and the routes and rules that we want.

An example configuration file would be the following, where we have a total of three physical interfaces, several secondary IP addresses with aliases, and also a total of three routing tables. For each routing table, we need a gateway and the corresponding rules with “ip rule”:

auto eth0
allow-hotplug eth0
iface eth0 inet static
address 192.168.1.154
netmask 255.255.255.0
gateway 192.168.1.153

iface eth0 inet static
address 192.168.1.155
netmask 255.255.255.0

auto eth1
allow-hotplug eth1
iface eth1 inet static
address 10.10.1.114
netmask 255.255.255.248
post-up ip route add 10.10.1.112/29 dev eth1 src 10.10.1.114 table table2
post-up ip route add default via 10.10.1.113 dev eth1 table table2
post-up ip rule add from 10.10.1.114/32 table table2
post-up ip rule add to 10.10.1.114/32 table table2

iface eth1 inet static
address 10.10.1.115
netmask 255.255.255.248
post-up ip route add 10.10.1.112/29 dev eth1 src 10.10.1.115 table table2
post-up ip rule add from 10.10.1.115/32 table table2
post-up ip rule add to 10.10.1.115/32 table table2

auto eth2
allow-hotplug eth2
iface eth2 inet static
address 10.20.200.114
netmask 255.255.255.248
post-up ip route add 10.20.200.112/29 dev eth2 src 10.20.200.114 table table3
post-up ip route add default via 10.20.200.113 dev eth2 table table3
post-up ip rule add from 10.20.200.114/32 table table3
post-up ip rule add to 10.20.200.114/32 table table3

iface eth2 inet static
address 10.20.200.115
netmask 255.255.255.248
post-up ip route add 10.20.200.112/29 dev eth2 src 10.20.200.115 table table3
post-up ip rule add from 10.20.200.115/32 table table3
post-up ip rule add to 10.20.200.115/32 table table3

Thanks to iproute2 we can make really interesting advanced configurations, if you have any questions you can leave us a comment and we will help you with your configuration.