22.6 Configuring a Network Connection Manually

Manual configuration of the network software should always be the last alternative. Using YaST is recommended. However, this background information about the network configuration can also assist your work with YaST.

When the Kernel detects a network card and creates a corresponding network interface, it assigns the device a name depending on the order of device discovery, or order of the loading of the Kernel modules. The default Kernel device names are only predictable in very simple or tightly controlled hardware environments. Systems which allow adding or removing hardware during runtime or support automatic configuration of devices cannot expect stable network device names assigned by the Kernel across reboots.

However, all system configuration tools rely on persistent interface names. This problem is solved by udev. The udev persistent net generator (/lib/udev/rules.d/75-persistent-net-generator.rules) generates a rule matching the hardware (using its hardware address by default) and assigns a persistently unique interface for the hardware. The udev database of network interfaces is stored in the file /etc/udev/rules.d/70-persistent-net.rules. Every line in the file describes one network interface and specifies its persistent name. System administrators can change the assigned names by editing the NAME="" entries. The persistent rules can also be modified using YaST.

Table 22-5 summarizes the most important scripts involved in the network configuration.

Table 22-5 Manual Network Configuration Scripts



ifup, ifdown, ifstatus

The if scripts start or stop network interfaces, or return the status of the specified interface. For more information, see the ifup manual page.


The rcnetwork script can be used to start, stop or restart all network interfaces (or just a specified one). Use rcnetwork stop to stop, rcnetwork start to start and rcnetwork restart to restart network interfaces. If you want to stop, start or restart just one interface, use the command followed by the interface name, for example rcnetwork restart eth0. The rcnetwork status command displays the state of the interfaces, their IP addresses and whether a DHCP client is running. With rcnetwork stop-all-dhcp-clients and rcnetwork restart-all-dhcp-clients you can stop or restart DHCP clients running on network interfaces.

For more information about udev and persistent device names, see Section 15.0, Dynamic Kernel Device Management with udev.

22.6.1 Configuration Files

This section provides an overview of the network configuration files and explains their purpose and the format used.


These files contain the configurations for network interfaces. They include information such as the start mode and the IP address. Possible parameters are described in the manual page of ifup. Additionally, most variables from the dhcp file can be used in the ifcfg-* files if a general setting should be used for only one interface. However, most of the /etc/sysconfig/network/config variables are global and cannot be overridden in ifcfg-files. For example NETWORKMANAGER or NETCONFIG_* variables are global.

For ifcfg.template, see /etc/sysconfig/network/config and /etc/sysconfig/network/dhcp.

/etc/sysconfig/network/config and /etc/sysconfig/network/dhcp

The file config contains general settings for the behavior of ifup, ifdown and ifstatus. dhcp contains settings for DHCP. The variables in both configuration files are commented. Some of the variables from /etc/sysconfig/network/config can also be used in ifcfg-* files, where they are given a higher priority. The /etc/sysconfig/network/ifcfg.template file lists variables that can be specified in a per interface scope. However, most of the /etc/sysconfig/network/config variables are global and cannot be overridden in ifcfg-files. For example, NETWORKMANAGER or NETCONFIG_* variables are global.

/etc/sysconfig/network/routes and /etc/sysconfig/network/ifroute-*

The static routing of TCP/IP packets is determined here. All the static routes required by the various system tasks can be entered in the /etc/sysconfig/network/routes file: routes to a host, routes to a host via a gateway and routes to a network. For each interface that needs individual routing, define an additional configuration file: /etc/sysconfig/network/ifroute-*. Replace * with the name of the interface. The entries in the routing configuration files look like this:

# Destination     Dummy/Gateway     Netmask            Device
#       lo       eth0
default             eth0    eth1        eth1

The route's destination is in the first column. This column may contain the IP address of a network or host or, in the case of reachable name servers, the fully qualified network or hostname.

The second column contains the default gateway or a gateway through which a host or network can be accessed. The third column contains the netmask for networks or hosts behind a gateway. For example, the mask is for a host behind a gateway.

The fourth column is only relevant for networks connected to the local host such as loopback, Ethernet, ISDN, PPP and dummy device. The device name must be entered here.

An (optional) fifth column can be used to specify the type of a route. Columns that are not needed should contain a minus sign - to ensure that the parser correctly interprets the command. For details, refer to the routes(5) man page.

The unified format for IPv4 and IPv6 now looks as follows:

prefix/lengthgateway -            [interface]

And the so-called compatibility format looks accordingly:

prefixgatewaylength       [interface]

For IPv4 you still can use the old format with netmask:

ipv4-networkgatewayipv4-netmask [interface]

The following examples are equivalent:

2001:db8:abba:cafe::/64 2001:db8:abba:cafe::dead  -            eth0            -            eth0

2001:db8:abba:cafe::    2001:db8:abba:cafe::dead 64            eth0             24            eth0    eth0


The domain to which the host belongs is specified in this file (keyword search). Also listed is the status of the name server address to access (keyword nameserver). Multiple domain names can be specified in the file. When resolving a name that is not fully qualified, an attempt is made to generate one by attaching the individual search entries. Multiple name servers can be specified in multiple lines, each beginning with nameserver. Comments are preceded by # signs. Example 22-5 shows what /etc/resolv.conf could look like.

However, the /etc/resolv.conf should not be edited by hand. Instead, it is generated by the netconfig script. To define static DNS configuration without using YaST, edit the appropriate variables manually in the /etc/sysconfig/network/config file:


list of DNS domain names used for hostname lookup


list of name server IP addresses to use for hostname lookup


defines the name of the DNS forwarder that has to be configured

To disable DNS configuration using netconfig, set NETCONFIG_DNS_POLICY=''. For more information about netconfig, see man 8 netconfig.

Example 22-5 /etc/resolv.conf

# Our domain
search example.com
# We use dns.example.com ( as name server


netconfig is a modular tool to manage additional network configuration settings. It merges statically defined settings with settings provided by autoconfiguration mechanisms as DHCP or PPP according to a predefined policy. The required changes are applied to the system by calling the netconfig modules that are responsible for modifying a configuration file and restarting a service or a similar action.

netconfig recognizes three main actions. The netconfig modify and netconfig remove commands are used by daemons such as DHCP or PPP to provide or remove settings to netconfig. Only the netconfig update command is available for the user:


The netconfig modify command modifies the current interface and service specific dynamic settings and updates the network configuration. Netconfig reads settings from standard input or from a file specified with the --lease-file filename option and internally stores them until a system reboot (or the next modify or remove action). Already existing settings for the same interface and service combination are overwritten. The interface is specified by the -i interface_name parameter. The service is specified by the -s service_name parameter.


The netconfig remove command removes the dynamic settings provided by a modificatory action for the specified interface and service combination and updates the network configuration. The interface is specified by the -i interface_name parameter. The service is specified by the -s service_name parameter.


The netconfig update command updates the network configuration using current settings. This is useful when the policy or the static configuration has changed. Use the -m module_type parameter, if you want to update a specified service only (dns, nis, or ntp).

The netconfig policy and the static configuration settings are defined either manually or using YaST in the /etc/sysconfig/network/config file. The dynamic configuration settings provided by autoconfiguration tools as DHCP or PPP are delivered directly by these tools with the netconfig modify and netconfig remove actions. NetworkManager also uses netconfig modify and netconfig remove actions. When NetworkManager is enabled, netconfig (in policy mode auto) uses only NetworkManager settings, ignoring settings from any other interfaces configured using the traditional ifup method. If NetworkManager does not provide any setting, static settings are used as a fallback. A mixed usage of NetworkManager and the traditional ifup method is not supported.

For more information about netconfig, see man 8 netconfig.


In this file, shown in Example 22-6, IP addresses are assigned to hostnames. If no name server is implemented, all hosts to which an IP connection will be set up must be listed here. For each host, enter a line consisting of the IP address, the fully qualified hostname, and the hostname into the file. The IP address must be at the beginning of the line and the entries separated by blanks and tabs. Comments are always preceded by the # sign.

Example 22-6 /etc/hosts localhost jupiter.example.com jupiter venus.example.com venus


Here, network names are converted to network addresses. The format is similar to that of the hosts file, except the network names precede the addresses. See Example 22-7.

Example 22-7 /etc/networks



Name resolution—the translation of host and network names via the resolver library—is controlled by this file. This file is only used for programs linked to libc4 or libc5. For current glibc programs, refer to the settings in /etc/nsswitch.conf. A parameter must always stand alone in its own line. Comments are preceded by a # sign. Table 22-6 shows the parameters available. A sample /etc/host.conf is shown in Example 22-8.

Table 22-6 Parameters for /etc/host.conf

order hosts, bind

Specifies in which order the services are accessed for the name resolution. Available arguments are (separated by blank spaces or commas):

hosts: searches the /etc/hosts file

bind: accesses a name server

nis: uses NIS

multi on/off

Defines if a host entered in /etc/hosts can have multiple IP addresses.

nospoof on spoofalert on/off

These parameters influence the name server spoofing but do not exert any influence on the network configuration.

trim domainname

The specified domain name is separated from the hostname after hostname resolution (as long as the hostname includes the domain name). This option is useful only if names from the local domain are in the /etc/hosts file, but should still be recognized with the attached domain names.

Example 22-8 /etc/host.conf

# We have named running
order hosts bind
# Allow multiple address
multi on


The introduction of the GNU C Library 2.0 was accompanied by the introduction of the Name Service Switch (NSS). Refer to the nsswitch.conf(5) man page and The GNU C Library Reference Manual for details.

The order for queries is defined in the file /etc/nsswitch.conf. A sample nsswitch.conf is shown in Example 22-9. Comments are preceded by # signs. In this example, the entry under the hosts database means that a request is sent to /etc/hosts (files) via DNS (see Section 25.0, The Domain Name System).

Example 22-9 /etc/nsswitch.conf

passwd:     compat
group:      compat

hosts:      files dns
networks:   files dns

services:   db files
protocols:  db files
rpc:        files
ethers:     files
netmasks:   files
netgroup:   files nis
publickey:  files

bootparams: files
automount:  files nis
aliases:    files nis
shadow:     compat

The databases available over NSS are listed in Table 22-7. The configuration options for NSS databases are listed in Table 22-8.

Table 22-7 Databases Available via /etc/nsswitch.conf


Mail aliases implemented by sendmail; see man 5 aliases.


Ethernet addresses.


List of network and their subnet masks. Only needed, if you use subnetting.


For user groups used by getgrent. See also the man page for group.


For hostnames and IP addresses, used by gethostbyname and similar functions.


Valid host and user lists in the network for the purpose of controlling access permissions; see the netgroup(5) man page.


Network names and addresses, used by getnetent.


Public and secret keys for Secure_RPC used by NFS and NIS+.


User passwords, used by getpwent; see the passwd(5) man page.


Network protocols, used by getprotoent; see the protocols(5) man page.


Remote procedure call names and addresses, used by getrpcbyname and similar functions.


Network services, used by getservent.


Shadow passwords of users, used by getspnam; see the shadow(5) man page.

Table 22-8 Configuration Options for NSS Databases


directly access files, for example, /etc/aliases


access via a database

nis, nisplus

NIS, see also Section 3.0, Using NIS, (↑Security Guide)


can only be used as an extension for hosts and networks


can only be used as an extension for passwd, shadow and group


This file is used to configure nscd (name service cache daemon). See the nscd(8) and nscd.conf(5) man pages. By default, the system entries of passwd and groups are cached by nscd. This is important for the performance of directory services, like NIS and LDAP, because otherwise the network connection needs to be used for every access to names or groups. hosts is not cached by default, because the mechanism in nscd to cache hosts makes the local system unable to trust forward and reverse lookup checks. Instead of asking nscd to cache names, set up a caching DNS server.

If the caching for passwd is activated, it usually takes about fifteen seconds until a newly added local user is recognized. Reduce this waiting time by restarting nscd with the command rcnscd restart.


This contains the fully qualified hostname with the domain name attached. This file is read by several scripts while the machine is booting. It must contain only one line (in which the hostname is set).

22.6.2 Testing the Configuration

Before you write your configuration to the configuration files, you can test it. To set up a test configuration, use the ip command. To test the connection, use the ping command. Older configuration tools, ifconfig and route, are also available.

The commands ip, ifconfig and route change the network configuration directly without saving it in the configuration file. Unless you enter your configuration in the correct configuration files, the changed network configuration is lost on reboot.

Configuring a Network Interface with ip

ip is a tool to show and configure network devices, routing, policy routing, and tunnels.

ip is a very complex tool. Its common syntax is ip options object command. You can work with the following objects:


This object represents a network device.


This object represents the IP address of device.


This object represents a ARP or NDISC cache entry.


This object represents the routing table entry.


This object represents a rule in the routing policy database.


This object represents a multicast address.


This object represents a multicast routing cache entry.


This object represents a tunnel over IP.

If no command is given, the default command is used (usually list).

Change the state of a device with the command ip link set device_name command. For example, to deactivate device eth0, enter ip link set eth0 down. To activate it again, use ip link set eth0 up.

After activating a device, you can configure it. To set the IP address, use ip addr add ip_address + dev device_name. For example, to set the address of the interface eth0 to with standard broadcast (option brd), enter ip addr add brd + dev eth0.

To have a working connection, you must also configure the default gateway. To set a gateway for your system, enter ip route add gateway_ip_address. To translate one IP address to another, use nat: ip route add nat ip_address via other_ip_address.

To display all devices, use ip link ls. To display the running interfaces only, use ip link ls up. To print interface statistics for a device, enter ip -s link ls device_name. To view addresses of your devices, enter ip addr. In the output of the ip addr, also find information about MAC addresses of your devices. To show all routes, use ip route show.

For more information about using ip, enter ip help or see the ip(8) man page. The help option is also available for all ip subcommands. If, for example, you need help for ip addr, enter ip addr help. Find the ip manual in /usr/share/doc/packages/iproute2/ip-cref.pdf.

Testing a Connection with ping

The ping command is the standard tool for testing whether a TCP/IP connection works. It uses the ICMP protocol to send a small data packet, ECHO_REQUEST datagram, to the destination host, requesting an immediate reply. If this works, ping displays a message to that effect, which indicates that the network link is basically functioning.

ping does more than only test the function of the connection between two computers: it also provides some basic information about the quality of the connection. In Example 22-10, you can see an example of the ping output. The second-to-last line contains information about the number of transmitted packets, packet loss, and total time of ping running.

As the destination, you can use a hostname or IP address, for example, ping example.com or ping The program sends packets until you press Ctrl+C.

If you only need to check the functionality of the connection, you can limit the number of the packets with the -c option. For example to limit ping to three packets, enter ping -c 3 example.com.

Example 22-10 Output of the Command ping

ping -c 3 example.com
PING example.com ( 56(84) bytes of data.
64 bytes from example.com ( icmp_seq=1 ttl=49 time=188 ms
64 bytes from example.com ( icmp_seq=2 ttl=49 time=184 ms
64 bytes from example.com ( icmp_seq=3 ttl=49 time=183 ms
--- example.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2007ms
rtt min/avg/max/mdev = 183.417/185.447/188.259/2.052 ms

The default interval between two packets is one second. To change the interval, ping provides the option -i. For example, to increase the ping interval to ten seconds, enter ping -i 10 example.com.

In a system with multiple network devices, it is sometimes useful to send the ping through a specific interface address. To do so, use the -I option with the name of the selected device, for example, ping -I wlan1 example.com.

For more options and information about using ping, enter ping -h or see the ping (8) man page.

HINT: Pinging IPv6 Addresses

For IPv6 addresses use the ping6 command. Note, to ping link-local addresses, you must specify the interface with -I. The following command works, if the address is reachable via eth1:

ping6 -I eth1 fe80::117:21ff:feda:a425

Configuring the Network with ifconfig

ifconfig is a network configuration tool.

NOTE: ifconfig and ip

The ifconfig tool is obsolete. Use ip instead. In contrast to ip, you can use ifconfig only for interface configuration. It limits interface names to 9 characters.

Without arguments, ifconfig displays the status of the currently active interfaces. As you can see in Example 22-11, ifconfig has very well-arranged and detailed output. The output also contains information about the MAC address of your device (the value of HWaddr) in the first line.

Example 22-11 Output of the ifconfig Command

eth0      Link encap:Ethernet  HWaddr 00:08:74:98:ED:51
          inet6 addr: fe80::208:74ff:fe98:ed51/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:634735 errors:0 dropped:0 overruns:4 frame:0
          TX packets:154779 errors:0 dropped:0 overruns:0 carrier:1
          collisions:0 txqueuelen:1000
          RX bytes:162531992 (155.0 Mb)  TX bytes:49575995 (47.2 Mb)
          Interrupt:11 Base address:0xec80

lo        Link encap:Local Loopback
          inet addr:  Mask:
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8559 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8559 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:533234 (520.7 Kb)  TX bytes:533234 (520.7 Kb)    

wlan1     Link encap:Ethernet  HWaddr 00:0E:2E:52:3B:1D
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::20e:2eff:fe52:3b1d/64 Scope:Link
          RX packets:50828 errors:0 dropped:0 overruns:0 frame:0
          TX packets:43770 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:45978185 (43.8 Mb)  TX bytes:7526693 (7.1 MB)

For more options and information about using ifconfig, enter ifconfig -h or see the ifconfig (8) man page.

Configuring Routing with route

route is a program for manipulating the IP routing table. You can use it to view your routing configuration and to add or remove routes.

NOTE: route and ip

The program route is obsolete. Use ip instead.

route is especially useful if you need quick and comprehensible information about your routing configuration to determine problems with routing. To view your current routing configuration, enter route -n as root.

Example 22-12 Output of the route -n Command

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface       *        U         0 0          0 eth0
link-local      *          U         0 0          0 eth0
loopback        *            U         0 0          0 lo
default         styx.exam.com         UG        0 0          0 eth0

For more options and information about using route, enter route -h or see the route (8) man page.

22.6.3 Start-Up Scripts

Apart from the configuration files described above, there are also various scripts that load the network programs while the machine is booting. These are started as soon as the system is switched to one of the multiuser runlevels. Some of these scripts are described in Table 22-9.

Table 22-9 Some Start-Up Scripts for Network Programs


This script handles the configuration of the network interfaces. If the network service was not started, no network interfaces are implemented.


Starts xinetd. xinetd can be used to make server services available on the system. For example, it can start vsftpd whenever an FTP connection is initiated.


Starts the rpcbind utility that converts RPC program numbers to universal addresses. It is needed for RPC services, such as an NFS server.


Starts the NFS server.


Controls the postfix process.


Starts the NIS server.


Starts the NIS client.