| title |
|---|
The Internet Layer |
The Internet layer is responsible for routing of network traffic between any hosts on the network. In order to be able to communicate, each host should have three settings configured correctly:
- The network interface should have an IP address assigned
- A default gateway should be set
- A DNS server should be set
Before "reaching out" to other hosts, first check local settings.
The IP address may have been set automatically (DHCP), or manually. Check this in /etc/sysconfig/network-scripts/ifcfg-IFACE, with IFACE the name of the network interface.
This is an exerpt from a network interface configuration file configured to use DHCP:
DEVICE="enp0s3"
ONBOOT="yes"
BOOTPROTO="dhcp"
Things to check:
DEVICEshould be the interface nameONBOOTshould beyes, or the interface will not attempt to activate the interface on boot, or when restarting the network interfaces (systemctl restart network)BOOTPROTOshould be set todhcp
If a fixed IP address is set, the configuration should look like this:
DEVICE=enp0s8
ONBOOT=yes
BOOTPROTO=none
IPADDR=192.168.56.24
NETMASK=255.255.255.0
DEVICEandONBOOTlike in the previous exampleBOOTPROTOshould benoneIPADDRandNETMASKmust be specified
Use the command ip address (or shortcut ip a) to list the IP addresses for each interface.
You should know the expected value: if not the exact IP, at least the network range or network IP and network mask.
- Many home routers have an IP range of 192.168.0.0/24, 192.168.1.0/24
- On a VirtualBox NAT interface, the IP address of the VM should be 10.0.2.15/24
- On a VirtualBox host-only interface, the IP address of the VM depends on how you configured this network. The default host only network has IP range 192.168.56.0/24, with a DHCP server handing out addresses starting at 192.168.56.101.
Possible problems and causes (automatic IP assignment with DHCP):
- No IP
- The DHCP server is unreachable
- The DHCP server won't give an IP to this host
- IP looking like 169.254.x.x
- No DHCP server could be reached, and a "link-local" address was assigned
- IP not in the expected range
- You may have accidentally set a fixed IP previously, and forgot to set it to DHCP again...
Possible problems and causes (manual IP setting):
- IP not in the expected range
- Mistake in IP address assignment, check the configuration file
- Correct IP, but "network unreachable"
- Check the network mask, this should be identical for all hosts on the LAN
Usually, a host is connected to a LAN through a switch. Network traffic to the outside world goes through a router, connected to the same LAN. Every host on the LAN should know this router, the "default gateway".
Use the command ip route (or shortcut ip r). There should be a line starting with default via x.y.z.w.
Possible problems and causes (automatic IP assignment with DHCP):
- No default gateway set
- there is most probably also a problem with the IP address of this host, fix this first
- If you manage the DHCP server, maybe it's configured badly?
- Unexpected default gateway address
- You may have accidentally set the default gateway manually previously and forgot to set it to DHCP again
- If you manage the DHCP server, maybe it's configured badly?
In order to be able to resolve host names to IP addresses, every host should be able to contact a DNS server. View the file /etc/resolv.conf. It usually has a header that mentions it was generated automatically, and should have one or more lines starting with nameserver.
$ cat /etc/resolv.conf
# Generated by NetworkManager
search hogent.be
nameserver 193.190.173.1
nameserver 193.190.173.2Possible problems and causes are equivalent to those with the default gateway setting.
If the previous settings are correct, you can check whether other hosts on the LAN can be reached.
- Ping the default gateway:
ping a.b.c.d - Ping another known host on the LAN
A command like ping www.google.com (for some the first command they try in case of network connection problems) is not very suitable, in that it depends on too many things to work at once:
- the host's network settings should be correct
- routing should work
- DNS should be available
- no router between this host and the target should block ICMP
- ...
Be aware that ping (and other network troubleshooting tools like the traceroute family) may not always work. Some system administrators will block ICMP traffic on routers, rendering the results useless.
A Windows sytem may also block ICMP traffic (including ping). Be sure to check the firewall settings and if necessary, allow this type of network traffic. The following PowerShell one-liner does exactly that:
Get-NetFirewallRule -DisplayName "*Echo Request*" | Set-NetFirewallRule -enabled trueHaving a DNS server configured in /etc/resolv.conf does not necessarily mean that the service is actually available. Check this with e.g. the commands nslookup or dig (in the package bind-utils).
$ dig www.google.com +short
216.58.213.196
$ nslookup www.google.com
Server: 193.190.173.1
Address: 193.190.173.1#53
Non-authoritative answer:
Name: www.google.com
Address: 216.58.213.228
Name: www.google.com
Address: 2a00:1450:4013:c04::67You can query a specific DNS server (instead of the default one specified in /etc/resolv.conf) by passing it as an argument:
$ dig www.google.com @8.8.8.8 +short
216.58.211.100
$ nslookup www.google.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: www.google.com
Address: 172.217.19.196
Name: www.google.com
Address: 2a00:1450:400e:809::2004If nslookup or dig are not available, and installing bind-utils is not an option, use getent ahosts:
$ getent ahosts www.google.com
216.58.213.196 STREAM www.google.com
216.58.213.196 DGRAM
216.58.213.196 RAW
2a00:1450:4013:c04::67 STREAM
2a00:1450:4013:c04::67 DGRAM
2a00:1450:4013:c04::67 RAW