10.6.1 High level network configuration using ifupdown
In order to make network configuration easier Debian provides a standard high
level network configuration tool consisting of the ifup and
ifdown programs and the /etc/network/interfaces file.
[
56] If you choose to use
ifupdown to do your network configuration then normally you should
not use low-level commands too. This means also that you
should not use other high level configuration tools such as
whereami, divine, intuitively, etc.,
that call low level configuration tools. The ifupdown program was
written with the intent that it alone be used to configure and deconfigure
network interfaces.
To update interface configuration do this:
# ifdown eth0
# editor /etc/network/interfaces # tweak as you wish
# ifup eth0
For more information see interfaces(5), /usr/share/doc/ifupdown/examples/network-interfaces.gz,
and ifup(8).
10.6.1.1 Configuring an interface with a static IP address
Suppose you want to configure an Ethernet interface such that it has a fixed IP
address of 192.168.0.111. This address begins with
192.168.0 so it must be on a LAN. Suppose further that
192.168.0.1 is the address of the LAN's gateway to the Internet.
Edit /etc/network/interfaces so that it includes a stanza like
this:
iface eth0 inet static
address 192.168.0.111
netmask 255.255.255.0
gateway 192.168.0.1
You can configure other aspects of the interface or perform other actions after
the interface is brought up or before it is brought down by specifying
appropriate commands on "up" and "down" lines.
iface eth0 inet static
address 192.168.0.111
netmask 255.255.255.0
gateway 192.168.0.1
up route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.0.2 dev $IFACE
down route del -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.0.2 dev $IFACE
up echo Interface $IFACE going up | /usr/bin/logger -t ifup
down echo Interface $IFACE Going down | /usr/bin/logger -t ifdown
Alternatively, commands can be inserted into scripts in the
/etc/network/if-up.d and /etc/network/if-down.d
directories. Such scripts can also implement extended options. See
interfaces(5) for details. For example, the
resolvconf package includes scripts that allow you to add options
specifying DNS information to be included in /etc/resolv.conf
while the interface is up:
iface eth0 inet static
address 192.168.0.111
netmask 255.255.255.0
gateway 192.168.0.1
dns-search somedomain.org
dns-nameservers 195.238.2.21 195.238.2.22
The argument somedomain.org of the dns-search option
corresponds to the argument of a search option in
resolv.conf(5). The arguments 195.238.2.21 and
195.238.2.22 of the dns-nameservers option correspond
to the arguments of nameserver options. Other recognized options
are dns-domain and dns-sortlist. See Managing nameserver information –
resolvconf, Section 10.4.2.
10.6.1.2 Configuring an interface using DHCP
To configure an interface using DHCP edit /etc/network/interfaces
so that it includes a stanza like this:
iface eth0 inet dhcp
In order for this to work you must have installed one of the DHCP clients
mentioned in
Configuring network interfaces using DHCP,
Section 10.5.
10.6.1.3 Configuring a Wi-Fi interface
The wireless-tools package includes a hook script
/etc/network/if-pre-up.d/wireless-tools which makes it possible to
configure Wi-Fi (802.11a/b/g) hardware before the interface is brought up.
Configuration is done using the iwconfig program; see
iwconfig(8). For each possible command parameter of
iwconfig you can include an option in
/etc/network/interfaces named like that parameter with a
"wireless-" prefix. For example, to set the ESSID of
eth0 to myessid and the encryption key to
123456789e prior to bringing eth0 up using DHCP, edit
/etc/network/interfaces so that it includes a stanza like this:
iface eth0 inet dhcp
wireless-essid myessid
wireless-key 123456789e
Note that you should not use this method of setting the ESSID and key if you
are running waproamd for this interface. By the time
ifup is run waproamd has already set the ESSID and
key. See
Triggering network configuration
– waproamd, Section 10.8.4.
10.6.1.4 Configuring a PPP interface
The ifup and ifdown programs use pon and
poff to add and remove PPP interfaces so first read Configuring a PPP interface, Section 10.2.4.
Suppose you have set up PPP to work with peer myisp. Edit
/etc/network/interfaces so that it includes a stanza like this:
iface ppp0 inet ppp
provider myisp
With this stanza in place, ifup ppp0 does
pon myisp
Unfortunately it is currently not possible to provide additional
pppd options in a ppp stanza in
/etc/network/interfaces. [
57]
It is currently not possible to use ifupdown to perform auxiliary
configuration of PPP interfaces. Because pon exits before
pppd has finished making the connection, ifup runs
up scripts before the PPP interface is ready for use. Until this
bug [
58] is fixed it remains
necessary to do auxiliary configuration in /etc/ppp/ip-up or
/etc/ppp/ip-up.d/.
10.6.1.5 Configuring a PPPoE interface
Many broadband Internet Service Providers (ISPs) use PPP to negotiate
connections even though customer machines are connected to them through
Ethernet and/or ATM networks. This is accomplished by means of PPP over
Ethernet (PPPoE) which is a technique for the encapsulation of PPP streams
inside of Ethernet frames. Suppose your ISP is called
myisp. First configure PPP and PPPoE for peer
myisp. The easiest way to do this is to install the
pppoeconf package and to run pppoeconf from the
console. Then edit /etc/network/interfaces so that it includes a
stanza like this:
iface eth0 inet ppp
provider myisp
There are sometimes Maximum Transmit Unit (MTU) issues with PPPoE over Digital
Subscriber Line (DSL). See DSL-HOWTO for details.
Note that if your broadband modem contains a router then the modem/router
handles the PPPoE connection itself and appears on the LAN side as a simple
Ethernet gateway to the Internet.
10.6.1.6 Configuring multiple Ethernet interfaces for a gateway
Suppose eth0 is connected to the Internet with a DHCP-configured
IP address and eth1 is connected to the LAN with static IP address
192.168.1.1. Edit /etc/network/interfaces so that it
includes stanzas like these:
iface eth0 inet dhcp
iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
If you activate NAT on this host as described in Building a gateway router, Section 10.12 then you can
share the Internet connection with all the hosts on the LAN.
10.6.1.7 Configuring virtual interfaces
Using virtual interfaces you can configure a single Ethernet card to be an
interface to several IP subnetworks. For example, suppose your host is on LAN
network 192.168.0.x/24. You want to connect the host to the Internet using a
public IP address provided via DHCP using your existing Ethernet card. Edit
/etc/network/interfaces so that it includes stanzas like these:
iface eth0 inet static
address 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
iface eth0:0 inet dhcp
The interface eth0:0 is a virtual interface. When it is brought
up, so will its parent eth0.
