Networking / Beginners

Configuring Network Interface Cards on Fedora

You have installed Fedora Linux on your firewall box, and now you're ready to give your network interface cards their final, working configurations.

Fedora gives each network interface a separate configuration file. You'll be editing /etc/ sysconfig/network-scripts/ifcfg-eth0 and /etc/sysconfig/network-scripts/ifcfg-eth1.

First, configure the LAN interface with a static IP address appropriate for your private addressing scheme. Don't use DHCP to assign the LAN address.

Configure the WAN interface with the account information given to you by your ISP. These examples show how to set a static local IP address and a dynamic external IP address.

Do not connect the WAN interface yet.

In this example, eth0 is the LAN interface and eth1 is the WAN interface:

##/etc/sysconfig/network-scripts/ifcfg-eth0
#use your own MAC address and LAN addresses
DEVICE=eth0
HWADDR=11:22:33:44:55:66
BOOTPROTO=none
ONBOOT=yes
NETMASK=255.255.255.0
IPADDR=192.168.1.23
NETWORK=192.168.1.0
USERCTL=no

##/etc/sysconfig/network-scripts/ifcfg-eth1
#use your real MAC address
DEVICE=eth1
HWADDR=AA:BB:CC:DD:EE:FF
BOOTPROTO=dhcp
USERCTL=no

How do you get the MAC addresses and interface names? Run ifconfig -a:

$ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:0B:6A:EF:7E:8D
[...]

And that's all you need to do, because you'll get all your WAN configurations from your ISP's DHCP server.

If your WAN address is a static IP address, configure the WAN NIC the same way as the LAN address using the information supplied by your ISP. This should include your ISP's gateway address, and your static IP address and netmask. Then, add your ISP's DNS servers to /etc/resolv.conf:

##/etc/resolv.conf
nameserver 11.22.33.44
nameserver 11.22.33.45

Restart networking or reboot, and you're ready for the next steps.

The LAN IP address of your firewall is the gateway address you'll be setting on all of your LAN PCs, so don't complicate your life by using a dynamically assigned address.

Routers typically run headless, without a keyboard or monitor. If your Ethernetworking gets all goofed up, the serial console will save the day.

Every Linux distribution comes with a number of graphical network configuration tools. Feel free to use these, though it's always good to understand the underlying text configuration files and scripts.

When you have two NICs on a Linux box, they are usually brought up in the same order on boot, and given the same names (e.g., eth0, eth1, etc.). But sometimes, the order is reversed, which will render your nice firewall box useless, so binding the device names to their MAC addresses ensures that the configurations always stay put. That's what the DEVICE directive is for.

You can even give your interfaces names of your own choosing, like "lan" and "wan." You may also rename the configuration file to help you remember, like /etc/sysconfig/ network-scripts/ifcfg-lan. You must use "ifcfg" in the filename, or it won't work.

This is what the configuration options mean:

DEVICE
Name of the physical device.
HWADDR
The real MAC address of the NIC. Don't confuse this with MACADDR, because MACADDR assigns a new MAC address, overriding the existing one. Why would you want to change a MAC address? There aren't many legitimate reasons, though it is a good reminder to see how easy it is to spoof a MAC address, and why you should not rely on MAC addresses as secure identifiers.
BOOTPROTO
Boot protocol, which is none, dhcp, or bootp.
ONBOOT
Bring the NIC up at boot, yes or no.
NETMASK
Address mask for your network. Unfortunately, CIDR addressing is not yet supported.
IPADDR
The IP address that you choose for the NIC.
USERCTL
Allow unprivileged users to control the NIC, yes or no.

Broadcast addresses are automatically calculated with ifcalc, so it's not necessary to specify them.

[Previous] [Contents] [Next]