Correct setup of IPv4 addresses under CentOS/Fedora/RHEL

A KiosDomain server (Europe Server) can only reach its gateway (and its locally configured) IP addresses directly. All other packets need to be routed via the default gateway. Consequently, a /32 network needs to be set up (for reasons of network security).

A wrong configuration (no /32 network) often goes undetected, because one rarely needs to be in direct contact with IPs in the same subnet. Without the configuration below, however, several hosts cannot be reached!

Important: Configuration via DHCP is also “wrong” or misleading in this respect, as only a “normal” and no point-to-point setup is possible (a 255.255.255.255 network mask does not work and no routes are set up, which makes it impossible to connect to the network).

Configuring a point-to-point connection

/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
HWADDR=<MAC address>
ONBOOT=yes
BOOTPROTO=static
IPADDR=<IP address>
NETMASK=255.255.255.255
# potential additional IPv6 entries are harmless

Configuring routes

Set up /etc/sysconfig/network-scripts/route-eth0

ADDRESS0=0.0.0.0
NETMASK0=0.0.0.0
GATEWAY0=<Gateway IP>

After a network restart (eg. “/sbin/service network restart”) all routes should be correctly set up.

Possible sources of error

If it is not possible to reach the server after configuring the abovementioned network settings, it is necessary to check whether the variable “GATEWAYDEV” has been set in /etc/sysconfig/network. This may be one reason for non-availability and is indicated by the error message “RTNETLINK answers: file exists” which appears after reloading the network settings.

Additional IP addresses (Host)

Setting up additional single IPv4 addresses

It is currently possible to obtain up to 3 additional single IPv4 addresses. Should further addresses be required, you may apply for a subnet.

The IP addresses can be temporarily used in two different ways:

  1. ifconfig eth0:1 10.4.2.1 netmask 255.255.255.255
  2. or
  3. ip addr add 10.4.2.1/32 dev eth0

CentOS

A permanent configuration is only possible by default via alias interfaces (eth0:1, eth0:2 etc.). A file needs to be created for each IP address:

/etc/sysconfig/network-scripts/ifcfg-eth0:1
/etc/sysconfig/network-scripts/ifcfg-eth0:2

These files must include the following information:

DEVICE=eth0:1
BOOTPROTO=none
ONBOOT=yes
IPADDR=<IP Address>
NETMASK=255.255.255.255

Finally, a “service network restart” needs to be initiated or the server needs to be restarted (“reboot”).

Please note: A different configuration is needed for the use of IP addresses in virtual machines!

Fedora

For a permanent configuration the IP addresses can be added to the configuration file:

 # cat /etc/sysconfig/network-scripts/ifcfg-eth0
 DEVICE="eth0"
 ...
 IPADDR=192.0.2.1
 NETMASK=255.255.255.240
 IPADDR0=192.0.2.10 # Additional IP
 PREFIX0=28
 IPADDR1=192.0.2.11
 PREFIX1=28
 IPADDR2=...

Setting up additional IP subnets

Subnets are routed on a server’s main IP. In general the first (Network IP) and the last (Broadcast IP) cannot be used. This leaves six usable addresses for a /29 subnet.

A /29 subnet consisting of 8 IP addresses will look like this:

aaa.aaa.aaa.aaa (Network IP)
bbb.bbb.bbb.bbb
ccc.ccc.ccc.ccc
ddd.ddd.ddd.ddd
eee.eee.eee.eee
fff.fff.fff.fff
ggg.ggg.ggg.ggg
hhh.hhh.hhh.hhh (Broadcast IP)

The IPs “b” to “g” can be used as single IPs. Alternatively, a file can be set up:

/etc/sysconfig/network-scripts/ifcfg-eth0-range0

IPADDR_START=<your first usable subnet IP>
IPADDR_END=<your last usable subnet IP>
BROADCAST=<broadcast address of your subnet>
CLONENUM_START=0
NETMASK=255.255.255.248 # the netmask for larger subnets is different

Restart the service network using “service network restart”.

Setting up an additional IP subnet for virtualization

A different configuration is needed for the use of IP addresses in virtual machines. There are many possible configurations. One of the more straightforward ones is to setup a bridge device using one IP address of the subnet which serves as default gateway for all machines connected to the subnet.

Install bridge-utils

yum install bridge-utils

/etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
ONBOOT=yes
TYPE=Bridge
BOOTPROTO=none
IPADDR=bbb.bbb.bbb.bbb
NETMASK=255.255.255.248 # adjust this accordingly. This is for a /29 subnet
STP=off
DELAY=0

Setting up an IPv6 subnet

To add an IPv6 address to your interface, append the following lines to the /etc/sysconfig/network-scripts/ifcfg-eth0 file:

IPV6INIT=yes
IPV6ADDR=<your IPv6 address>/<prefix>
IPV6_DEFAULTGW=fe80::1
IPV6_DEFAULTDEV=eth0

The prefix assigned by KiosDomain is normally /64.

Optional: To add further IPv6 addresses to the interface, please append the file /etc/sysconfig/network-scripts/ifcfg-eth0 with the following line:

IPV6ADDR_SECONDARIES=<your additional IPv6 address>/<prefix>

Please note that it is possible for you to enter as many IPv6 addresses, separated by a space, as you wish.

Additional IP addresses (virtualization)

With virtualization the additional IP addresses are used through the guest system. So that these can be reached via the Internet, configuration in the host system needs to be adjusted accordingly in order to forward the packets. There are two ways of doing this for additional single IPs: Routed and Bridged.

Routed (brouter)

In a routed configuration the packets are routed. In addition to eth0 a bridge needs to be set up with almost the same configuration (without gateway) as eth0.

Host:

# /etc/sysconfig/network-scripts/ifcfg-eth0 (KiosDomain Standard Installation)
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=<Main IP>
IPV6INIT=yes
IPV6ADDR=2a01:4f8:XXX:YYYY::2/128
IPV6_DEFAULTGW=fe80::1
IPV6_DEFAULTDEV=eth0
NETMASK=255.255.255.255
SCOPE="peer <Default GW>"
# /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
ONBOOT=yes
TYPE="Bridge"
BOOTPROTO=static
IPADDR=<Main IP>
NETMASK=255.255.255.255
IPV6INIT=yes
IPV6ADDR=2a01:4f8:XXX:YYYY::2/64
STP=off
DELAY=0

The configuration of eth0 for IPv4 remains unchanged if it is a standard installation via installimage/Robot (the default gateway is entered in the file “route-eth0”). For IPv6 the prefix is reduced from /64 to /128. The setting of the host routes for the additional IPv4 addresses is done via an additional configuration file:

# /etc/sysconfig/network-scripts/route-br0
ADDRESS0=<Additional IP>
NETMASK0=255.255.255.255

Further routes can be added in the same way via ADDRESS1, NETMASK1, ADDRESS2, NETMASK2, etc. For IPv6 no further configuration is required.

Guest:

# /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=<Addon IP>
NETMASK=255.255.255.255
SCOPE="peer <Main IP>"
IPV6INIT=yes
IPV6ADDR=2a01:4f8:XXX:YYYY::4/64
IPV6_DEFAULTGW=2a01:4f8:XXX:YYYY::2

Bridged

In a bridged configuration, packets are sent directly. The guest system behaves as if independent. As this makes the MAC addresses of the guest system visible from the outside, a virtual MAC address needs to be requested for each single IP address via the KiosDomain Ticket and assigned to the guest NIC.

# /etc/sysconfig/network-scripts/ifcfg-eth0
# device: eth0
DEVICE=eth0
BOOTPROTO=static
HWADDR=<MAC of the physical NIC>
ONBOOT=yes
BRIDGE=br0
# /etc/sysconfig/network-scripts/ifcfg-br0 (pointopoint, KiosDomain Standard)
DEVICE=br0
TYPE="Bridge"
BOOTPROTO=static
IPADDR=<Main IP>
NETMASK=255.255.255.255
SCOPE="peer <Gateway of the main IP>"
ONBOOT=yes
DELAY=0

The default route is set up via the additional route-eth0 configuration file. Simply rename it route-br0.

NOTICE: In this configuration the use of IPv6 is limited. The IPv6 subnet can be routed to either the main IP address or ONE of the additional IP addresses. (or more precisely: to the IPv6 link local address, that is generated from the MAC address)

Comments are closed.