Build a Cheap Linux Server Part II – Link to part 1
Configuring TCP/IP Settings
At the end of the last article we left off with standing up your server on the internet using Dynamic DNS. The next major item to address would be “port forwarding” or NAT (Network Address Translation); however if occurred to me that I can’t make any assumptions. If you’re a Linux or Server wiz and have done all this before, then you’ve likely stopped reading and know ways to do things better than this. So it’s realistic to assume that my audience might be folks who are actually trying to learn this for the first time. Port-forwarding/NAT is the final step that allows that communication from external public IP (dictated using your Dynamic DNS) and forwards the traffic to your internal server on a private IP. Unless you’ve got an extra $100+ to spend on your internet bill each month you’re likely stuck with a dynamic public IP like many of us. As you’ll remember we tackled Dynamic DNS in PART I.
You may not have the cash to maintain a static public IP, but you do have the power to control your private IP. Most of the time we’re quite happy letting a pre-configured consumer grade router handle our IP needs, but in the case of a server I can’t think of a scenario where you would want a constantly changing IP, so this means that you need to set up a static IP. If you’re accustomed to using Windows then this is a pretty simple task and could hardly warrant an article. Even if you’re making the change on a Linux box using the GUI this should be a fairly quick process; but you’re looking to manage a stable and secure Linux Server. Even if you haven’t cut the cord yet and left the GUI behind, you should be taking every opportunity to configure every aspect of your box at the CLI. The gap in complexity between GUI and CLI is a decent size. So why bother with the difficult CLI? If you’ve chosen to run a Linux server than I’m sure you know the answer to this question. Running a GUI on a basic Linux server is a waste of resources and when you’re building a server on a budget every Megabyte counts so make efficient use of your hardware. I have always had to learn Linux by trial and error until recently there has been a major increase in Linux support and Forums. My purpose is to patch together all of knowledge I have obtained from forum posts and small articles into one multi-part series of articles. You might notice that my CLI may change from screenshot to screenshot. I am running two servers, but can only run certain commands on my primary as I have servies that I do not wish to take down. This primary (blue text) also has additional configuration that the secondary (green text) does not, so it only made sense to use both. Let’s get started.
If your home network is like most, you will have a device (likely a ‘router’ or wireless ‘router’ – I use the term ‘router’ carefully because the standard consumer-grade devices are actually combination network devices which include a switch, a router, a wireless access point and possibly others. In the enterprise world these devices are generally separated) handing out DHCP leases to any new client. This isn’t what you want for a server – you want a static IP. If you’re running a GUI, you can simply access the network connection settings from the panel menu, however if you’re going to be a serious Linux server admin it’s best to learn everything on the CLI. For a Debian/Ubuntu distribution you want to use an editor to open /etc/network/interfaces. Before doing this I would like to suggest that you make a backup of the default config: sudo cp /etc/network/interfaces /etc/network/interfaces.backup. Unless you are logged in as root or have used ‘su’ to gain superuser permissions, your commands will need to be preceded by ‘sudo’ – this is true for most of the Linux CLI tasks we will cover in this article series. Access the network configuration file, which houses the configuration for any and all network interfaces on the box: sudo nano /etc/network/interfaces. Figure I provides a look at the default configuration using DHCP settings and Figure II shows an example configuration for a static IP:
Figure II is a fairly standard static IP NIC configuration on a Linux box. You need to be sure to indicate your IP address, mask, gateway, network address and broadcast address. It’s also a good idea to configure two DNS servers as well – I like to configure one local and one external, but you can vary your configuration. If your subnetting is not strong, then you’re best to sticking with /24 subnets and duplicating similar settings to IB. When you start to work with larger or smaller subnets your mask, gateway, network address and broadcast address can all change. Once your configuration is complete, save the file.
Before your new settings will work you will need to restart the NIC services. You can restart all network services on the box with the command service networking restart, however this will restart more than just your NIC so let’s using something a bit more granular. In the first line of both Figures I II you will notice the terms ‘ifup’ and ‘ifdown’. These are the exact commands you want to take down your NIC, then bring it back up. It’s probably wise to issue the ‘ifdown’ command before editing your interfaces file, then issuing the ‘ifup’ command following. Most times I have done both after the change with mixed results. Sometimes it works, other times I have to restart all network services using the command above; and then every so often I have had to reboot the box completely for the new network settings to take effect. I’m sure any Linux wizards out there reading this can correct me and indicate the correct way, but as mentioned in Article I: I am strictly a network guy learning this upper Layer server stuff as I go along. If you’re accustomed to remotely managing your server with SSH, just be sure you complete this work locally on the box. I know this seems like common sense, but sometimes we get so used to managing with SSH we forget that we’re actually using a remote session. It’s time to take your network interface down:
Figure III sudo ifdown eth0
And then back up:
Figure IV sudo ifup eth0
You will notice in Figure III that I no longer have an inet address after bringing down the interface; then alternatively my inet address returns after bringing the interface back online. Again, check the active network configuration on your box with ‘ifconfig’:
Once you confirm your active IP information you can test your network configuration by performing ping connectivity tests working your way out (using IP info from screenshots III – IV):
- Ping your loopback ping 127.0.0.1
- Ping yourself ping 192.168.1.13
- Ping your Gateway ping 192.168.1.1
- Ping your external DNS ping 18.104.22.168
If you can’t make it past step 1 or 2 then you have some very serious problems with your network interface. If step 1 fails this means you are unable to ping your network stack and probably have a hardware issue. If you fail at step 2, then you’ve likely got a configuration issue (possibly fat-fingered the last octet. If you fail at step 3 then you’ve either configured your gateway or mask wrong or else you have a connectivity problem between your box and its router (default gateway). If Step 3 is successful then you have a successful internal network connection. If you can make it to Step 4 then you’ve also got internet connectivity; however if this fails then your problem is likely with your router or modem. Remember that I mentioned I have to reboot my system sometimes for these changes to take effect? Follow these steps to ensure that the config applies:
- Flap the interface ifdown eth0 à ifup eth0
- Restart network services service networking restart
- Lastly reboot the box shutdown –r now
Although assigning a static IP is generally a straightforward exercise, like everything else at the Linux CLI, it requires a bit more know-how. If you’re running the box in a typical home setup with a flat network (this means that you are not using VLANs), then it should work out fine. On the other hand if you are doing this on a managed network, which divides segments, departments, etc. by VLANs, then you may have some trouble. VLANs are a large topic that we cannot go into in this article, however you can keep in mind that a specific VLAN is usually tied to a specific network; Eg. 192.168.0.0/24 is on VLAN 10, where 192.168.1.0/24 is on VLAN 20. Beyond ping, there are various other network troubleshooting tools often built right into CLIs. Feel free to look these up and explore them – they just might help you figure out a problem. In the meantime I will be hard at work on Part III of the series, which will finally go into port forwarding and NAT (Network Address Translation. Space permitting we can also have a look add adding your server to you local Workgroup or Domain. I leave you with these wonderful network CLI tools to explore (last page), so until next time!
Network CLI Commands
Here are just a few of MANY network CLI commands. Some of these commands can be found in Linux, some in Windows and many in both. Depending on your distro, it may come with many of these pre-installed, but if not just use your CLI’s package manager to install them (yum, apt-get, etc.)
- Sends a determined amount of echos to a network host to determine if it is reachable
- Similar to ping except this command examines and displays each routing hop to the destination
- A combination of ping and traceroute
- Similar to pathping, except this runs a real-time table which continuously refreshes
- Checks the DNS name for a given IP or hostname
- Checks an online database for IP, owner information, etc. of a given IP or FQDN
- Examines TCP wrapper information and provides any issues
- This will list a real-time refreshing table of any inbound/outbound connections on a host