Correct setup of IPv4 addresses under CentOS/Fedora/RHEL
A KiosDomain server (Europe Server) can only reach its gateway (and its locally configured) IP addresses directly. All other packets need to be routed via the default gateway. Consequently, a /32 network needs to be set up (for reasons of network security).
A wrong configuration (no /32 network) often goes undetected, because one rarely needs to be in direct contact with IPs in the same subnet. Without the configuration below, however, several hosts cannot be reached!
Important: Configuration via DHCP is also “wrong” or misleading in this respect, as only a “normal” and no point-to-point setup is possible (a 255.255.255.255 network mask does not work and no routes are set up, which makes it impossible to connect to the network).
Configuring a point-to-point connection
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0 HWADDR=<MAC address> ONBOOT=yes BOOTPROTO=static IPADDR=<IP address> NETMASK=255.255.255.255 # potential additional IPv6 entries are harmless
Configuring routes
Set up /etc/sysconfig/network-scripts/route-eth0
ADDRESS0=0.0.0.0 NETMASK0=0.0.0.0 GATEWAY0=<Gateway IP>
After a network restart (eg. “/sbin/service network restart”) all routes should be correctly set up.
Possible sources of error
If it is not possible to reach the server after configuring the abovementioned network settings, it is necessary to check whether the variable “GATEWAYDEV” has been set in /etc/sysconfig/network. This may be one reason for non-availability and is indicated by the error message “RTNETLINK answers: file exists” which appears after reloading the network settings.
Additional IP addresses (Host)
Setting up additional single IPv4 addresses
It is currently possible to obtain up to 3 additional single IPv4 addresses. Should further addresses be required, you may apply for a subnet.
The IP addresses can be temporarily used in two different ways:
- ifconfig eth0:1 10.4.2.1 netmask 255.255.255.255
- or
- ip addr add 10.4.2.1/32 dev eth0
CentOS
A permanent configuration is only possible by default via alias interfaces (eth0:1, eth0:2 etc.). A file needs to be created for each IP address:
/etc/sysconfig/network-scripts/ifcfg-eth0:1 /etc/sysconfig/network-scripts/ifcfg-eth0:2
These files must include the following information:
DEVICE=eth0:1 BOOTPROTO=none ONBOOT=yes IPADDR=<IP Address> NETMASK=255.255.255.255
Finally, a “service network restart” needs to be initiated or the server needs to be restarted (“reboot”).
Please note: A different configuration is needed for the use of IP addresses in virtual machines!
Fedora
For a permanent configuration the IP addresses can be added to the configuration file:
# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE="eth0" ... IPADDR=192.0.2.1 NETMASK=255.255.255.240 IPADDR0=192.0.2.10 # Additional IP PREFIX0=28 IPADDR1=192.0.2.11 PREFIX1=28 IPADDR2=...
Setting up additional IP subnets
Subnets are routed on a server’s main IP. In general the first (Network IP) and the last (Broadcast IP) cannot be used. This leaves six usable addresses for a /29 subnet.
A /29 subnet consisting of 8 IP addresses will look like this:
aaa.aaa.aaa.aaa (Network IP) bbb.bbb.bbb.bbb ccc.ccc.ccc.ccc ddd.ddd.ddd.ddd eee.eee.eee.eee fff.fff.fff.fff ggg.ggg.ggg.ggg hhh.hhh.hhh.hhh (Broadcast IP)
The IPs “b” to “g” can be used as single IPs. Alternatively, a file can be set up:
/etc/sysconfig/network-scripts/ifcfg-eth0-range0
IPADDR_START=<your first usable subnet IP> IPADDR_END=<your last usable subnet IP> BROADCAST=<broadcast address of your subnet> CLONENUM_START=0 NETMASK=255.255.255.248 # the netmask for larger subnets is different
Restart the service network using “service network restart”.
Setting up an additional IP subnet for virtualization
A different configuration is needed for the use of IP addresses in virtual machines. There are many possible configurations. One of the more straightforward ones is to setup a bridge device using one IP address of the subnet which serves as default gateway for all machines connected to the subnet.
Install bridge-utils
yum install bridge-utils
/etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0 ONBOOT=yes TYPE=Bridge BOOTPROTO=none IPADDR=bbb.bbb.bbb.bbb NETMASK=255.255.255.248 # adjust this accordingly. This is for a /29 subnet STP=off DELAY=0
Setting up an IPv6 subnet
To add an IPv6 address to your interface, append the following lines to the /etc/sysconfig/network-scripts/ifcfg-eth0 file:
IPV6INIT=yes IPV6ADDR=<your IPv6 address>/<prefix> IPV6_DEFAULTGW=fe80::1 IPV6_DEFAULTDEV=eth0
The prefix assigned by KiosDomain is normally /64.
Optional: To add further IPv6 addresses to the interface, please append the file /etc/sysconfig/network-scripts/ifcfg-eth0 with the following line:
IPV6ADDR_SECONDARIES=<your additional IPv6 address>/<prefix>
Please note that it is possible for you to enter as many IPv6 addresses, separated by a space, as you wish.
Additional IP addresses (virtualization)
With virtualization the additional IP addresses are used through the guest system. So that these can be reached via the Internet, configuration in the host system needs to be adjusted accordingly in order to forward the packets. There are two ways of doing this for additional single IPs: Routed and Bridged.
Routed (brouter)
In a routed configuration the packets are routed. In addition to eth0 a bridge needs to be set up with almost the same configuration (without gateway) as eth0.
Host:
# /etc/sysconfig/network-scripts/ifcfg-eth0 (KiosDomain Standard Installation) DEVICE=eth0 ONBOOT=yes BOOTPROTO=none IPADDR=<Main IP> IPV6INIT=yes IPV6ADDR=2a01:4f8:XXX:YYYY::2/128 IPV6_DEFAULTGW=fe80::1 IPV6_DEFAULTDEV=eth0 NETMASK=255.255.255.255 SCOPE="peer <Default GW>"
# /etc/sysconfig/network-scripts/ifcfg-br0 DEVICE=br0 ONBOOT=yes TYPE="Bridge" BOOTPROTO=static IPADDR=<Main IP> NETMASK=255.255.255.255 IPV6INIT=yes IPV6ADDR=2a01:4f8:XXX:YYYY::2/64 STP=off DELAY=0
The configuration of eth0 for IPv4 remains unchanged if it is a standard installation via installimage/Robot (the default gateway is entered in the file “route-eth0”). For IPv6 the prefix is reduced from /64 to /128. The setting of the host routes for the additional IPv4 addresses is done via an additional configuration file:
# /etc/sysconfig/network-scripts/route-br0 ADDRESS0=<Additional IP> NETMASK0=255.255.255.255
Further routes can be added in the same way via ADDRESS1, NETMASK1, ADDRESS2, NETMASK2, etc. For IPv6 no further configuration is required.
Guest:
# /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=none IPADDR=<Addon IP> NETMASK=255.255.255.255 SCOPE="peer <Main IP>" IPV6INIT=yes IPV6ADDR=2a01:4f8:XXX:YYYY::4/64 IPV6_DEFAULTGW=2a01:4f8:XXX:YYYY::2
Bridged
In a bridged configuration, packets are sent directly. The guest system behaves as if independent. As this makes the MAC addresses of the guest system visible from the outside, a virtual MAC address needs to be requested for each single IP address via the KiosDomain Ticket and assigned to the guest NIC.
# /etc/sysconfig/network-scripts/ifcfg-eth0 # device: eth0 DEVICE=eth0 BOOTPROTO=static HWADDR=<MAC of the physical NIC> ONBOOT=yes BRIDGE=br0
# /etc/sysconfig/network-scripts/ifcfg-br0 (pointopoint, KiosDomain Standard) DEVICE=br0 TYPE="Bridge" BOOTPROTO=static IPADDR=<Main IP> NETMASK=255.255.255.255 SCOPE="peer <Gateway of the main IP>" ONBOOT=yes DELAY=0
The default route is set up via the additional route-eth0 configuration file. Simply rename it route-br0.
NOTICE: In this configuration the use of IPv6 is limited. The IPv6 subnet can be routed to either the main IP address or ONE of the additional IP addresses. (or more precisely: to the IPv6 link local address, that is generated from the MAC address)