[RHCSA] 07 – Manage basic networking

      Ankush More

      07.1 – Configure IPv4 and IPv6 addresses

      Overview

      Configuring network interfaces with IPv4 and IPv6 addresses is essential for network connectivity. This guide covers how to configure both types of addresses using nmclinmtui, and by editing network configuration files directly.

      Using nmcli to Configure IPv4 and IPv6 Addresses

      Configuring IPv4 Address

      1. Show Available Network Connections:
      nmcli connection show
      1. Add an IPv4 Address to a Connection:
      sudo nmcli connection modify <connection_name> ipv4.addresses <ip_address>/<prefix>

      Example:

      sudo nmcli connection modify eth0 ipv4.addresses 192.168.1.100/24
      1. Set the IPv4 Gateway:
      sudo nmcli connection modify <connection_name> ipv4.gateway <gateway_ip>

      Example:

      sudo nmcli connection modify eth0 ipv4.gateway 192.168.1.1
      1. Set the IPv4 DNS Servers:
      sudo nmcli connection modify <connection_name> ipv4.dns "<dns1> <dns2>"

      Example:

      sudo nmcli connection modify eth0 ipv4.dns "8.8.8.8 8.8.4.4"
      1. Enable IPv4:
      sudo nmcli connection modify <connection_name> ipv4.method manual

      Example:

      sudo nmcli connection modify eth0 ipv4.method manual
      1. Bring the Connection Up:
      sudo nmcli connection up <connection_name>

      Example:

      sudo nmcli connection up eth0

      Configuring IPv6 Address

      1. Add an IPv6 Address to a Connection:
      sudo nmcli connection modify <connection_name> ipv6.addresses <ipv6_address>/<prefix>

      Example:

      sudo nmcli connection modify eth0 ipv6.addresses 2001:db8::100/64
      1. Set the IPv6 Gateway:
      sudo nmcli connection modify <connection_name> ipv6.gateway <gateway_ipv6>

      Example:

      sudo nmcli connection modify eth0 ipv6.gateway 2001:db8::1
      1. Set the IPv6 DNS Servers:
      sudo nmcli connection modify <connection_name> ipv6.dns "<dns1> <dns2>"

      Example:

      sudo nmcli connection modify eth0 ipv6.dns "2001:4860:4860::8888 2001:4860:4860::8844"
      1. Enable IPv6:
      sudo nmcli connection modify <connection_name> ipv6.method manual

      Example:

      sudo nmcli connection modify eth0 ipv6.method manual
      1. Bring the Connection Up:
      sudo nmcli connection up <connection_name>

      Example:

      sudo nmcli connection up eth0

      Using nmtui to Configure IPv4 and IPv6 Addresses

      • Start nmtui:
      sudo nmtui
      1. Edit a Connection:
        • Select “Edit a connection” and press Enter.
        • Choose the connection you want to edit and press Enter.
      2. Configure IPv4 Settings:
        • Navigate to the “IPv4 CONFIGURATION” section.
        • Set the “Method” to “Manual”.
        • Add the desired IPv4 address, prefix, and gateway.
        • Add the DNS servers.
      3. Configure IPv6 Settings:
        • Navigate to the “IPv6 CONFIGURATION” section.
        • Set the “Method” to “Manual”.
        • Add the desired IPv6 address, prefix, and gateway.
        • Add the DNS servers.
      4. Save and Quit:
        • Select “OK” to save the changes.
        • Select “Back” to return to the main menu.
        • Select “Quit” to exit nmtui.
      5. Restart the Network Connection:
      sudo nmcli connection down <connection_name>sudo nmcli connection up <connection_name>

      Example:

      sudo nmcli connection down eth0sudo nmcli connection up eth0

      Editing Network Configuration Files Directly

      Configuring IPv4 Address

      1. Edit the Network Configuration File:
      sudo nano /etc/sysconfig/network-scripts/ifcfg-<interface_name>

      Example:

      sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0

      Add or Modify the Following Lines:

      BOOTPROTO=none
IPADDR=192.168.1.100
PREFIX=24
GATEWAY=192.168.1.1
DNS1=8.8.8.8
DNS2=8.8.4.4
      1. Save and Exit.
      2. Restart the Network Service:
      sudo systemctl restart NetworkManager

      Configuring IPv6 Address

      1. Edit the Network Configuration File:
      sudo nano /etc/sysconfig/network-scripts/ifcfg-<interface_name>

      Example:

      sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0
      1. Add or Modify the Following Lines:
      IPV6INIT=yes
IPV6ADDR=2001:db8::100/64
IPV6_DEFAULTGW=2001:db8::1
DNS1=2001:4860:4860::8888
DNS2=2001:4860:4860::8844
      1. Save and Exit.
      2. Restart the Network Service:
      sudo systemctl restart NetworkManager

      Practical Examples

      Example 1: Configure IPv4 Address Using nmcli

      1. Add an IPv4 Address:
      sudo nmcli connection modify eth0 ipv4.addresses 192.168.1.100/24
      1. Set the IPv4 Gateway:
      sudo nmcli connection modify eth0 ipv4.gateway 192.168.1.1
      1. Set the IPv4 DNS Servers:
      sudo nmcli connection modify eth0 ipv4.dns "8.8.8.8 8.8.4.4"
      1. Enable IPv4:
      sudo nmcli connection modify eth0 ipv4.method manual
      1. Bring the Connection Up:
      sudo nmcli connection up eth0

      Example 2: Configure IPv6 Address Using nmtui

      1. Start nmtui:
      sudo nmtui
      1. Edit the Connection:
        • Select “Edit a connection” and press Enter.
        • Choose the connection eth0 and press Enter.
      2. Configure IPv6 Settings:
        • Navigate to the “IPv6 CONFIGURATION” section.
        • Set the “Method” to “Manual”.
        • Add the IPv6 address 2001:db8::100/64.
        • Set the IPv6 gateway to 2001:db8::1.
        • Add the DNS servers 2001:4860:4860::8888 and 2001:4860:4860::8844.
      3. Save and Quit:
        • Select “OK” to save the changes.
        • Select “Back” to return to the main menu.
        • Select “Quit” to exit nmtui.
      4. Restart the Network Connection:
      sudo nmcli connection down eth0
sudo nmcli connection up eth0

      Example 3: Configure IPv4 and IPv6 Addresses by Editing Configuration Files

      1. Edit the Network Configuration File:
      sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0
      1. Add or Modify the Following Lines for IPv4:
      BOOTPROTO=none
IPADDR=192.168.1.100
PREFIX=24
GATEWAY=192.168.1.1
DNS1=8.8.8.8
DNS2=8.8.4.4
      1. Add or Modify the Following Lines for IPv6:
      IPV6INIT=yes
IPV6ADDR=2001:db8::100/64
IPV6_DEFAULTGW=2001:db8::1
DNS1=2001:4860:4860::8888
DNS2=2001:4860:4860::8844
      1. Save and Exit.
      2. Restart the Network Service:
      sudo systemctl restart NetworkManager

      Additional Tips

      • Check Network Interface Status:Use the nmcli device status command to check the status of network interfaces.
      nmcli device status
      • View Current IP Addresses:Use the ip addr command to view the current IP addresses assigned to network interfaces.
      ip addr
      • Test Network Connectivity:Use the ping command to test network connectivity.
      ping -c 4 8.8.8.8<canvas width="0" height="50"></canvas><canvas width="0" height="50"></canvas>ping6 -c 4 2001:4860:4860::8888
      • Restart NetworkManager:If you encounter issues, try restarting the NetworkManager service.
      sudo systemctl restart NetworkManager

      Conclusion

      Configuring IPv4 and IPv6 addresses is essential for network connectivity and system administration. Mastery of these tasks ensures that systems can communicate effectively on both IPv4 and IPv6 networks, which is crucial for the RHCSA exam.

      These notes should help you understand how to configure IPv4 and IPv6 addresses for the RHCSA exam.

      07.2 – Configure hostname resolution

      Overview

      Hostname resolution is the process of mapping hostnames to IP addresses. This is essential for network communication, as it allows users and applications to refer to systems by name rather than by IP address. This guide covers how to configure hostname resolution using /etc/hosts, DNS, and the nsswitch.conf file.

      Configuring Hostname Resolution with /etc/hosts

      Step 1: Edit the /etc/hosts File

      The /etc/hosts file is used for static hostname resolution. Open this file in a text editor to add or modify entries.

      sudo nano /etc/hosts

      Step 2: Add Hostname Entries

      Add entries in the following format:

      <IP_address> <hostname> [aliases]

      Example Entries

      127.0.0.1   localhost
192.168.1.100   server1.example.com   server1
192.168.1.101   server2.example.com   server2

      Step 3: Save and Exit

      Save the file and exit the text editor.

      Step 4: Verify Hostname Resolution

      Use the ping command to verify that the hostname resolves to the correct IP address.

      ping server1

      Sample Output:

      PING server1.example.com (192.168.1.100) 56(84) bytes of data.
64 bytes from server1.example.com (192.168.1.100): icmp_seq=1 ttl=64 time=0.123 ms

      Configuring Hostname Resolution with DNS

      Step 1: Edit the /etc/resolv.conf File

      The /etc/resolv.conf file is used to configure DNS servers for hostname resolution. Open this file in a text editor to add or modify entries.

      sudo nano /etc/resolv.conf

      Step 2: Add DNS Server Entries

      Add entries in the following format:

      nameserver <DNS_server_IP>

      Example Entries

      nameserver 8.8.8.8
nameserver 8.8.4.4

      Step 3: Save and Exit

      Save the file and exit the text editor.

      Step 4: Verify DNS Resolution

      Use the ping command to verify that the hostname resolves to the correct IP address using DNS.

      ping google.com

      Sample Output:

      PING google.com (142.250.64.78) 56(84) bytes of data.
64 bytes from sea09s17-in-f14.1e100.net (142.250.64.78): icmp_seq=1 ttl=115 time=10.1 ms

      Configuring the Name Service Switch

      Step 1: Edit the /etc/nsswitch.conf File

      The /etc/nsswitch.conf file is used to configure the order of name resolution methods. Open this file in a text editor to add or modify entries.

      sudo nano /etc/nsswitch.conf

      Step 2: Configure the hosts Line

      The hosts line specifies the order of name resolution methods. Common methods include files (for /etc/hosts), dns (for DNS), and myhostname (for the local hostname).

      Example Configuration

      hosts:      files dns myhostname

      Step 3: Save and Exit

      Save the file and exit the text editor.

      Step 4: Verify the Configuration

      Use the getent command to verify the name resolution order.

      getent hosts server1

      Sample Output:

      192.168.1.100   server1.example.com   server1

      Practical Examples

      Example 1: Configure Hostname Resolution with /etc/hosts

      1. Edit the /etc/hosts File:
      sudo nano /etc/hosts
      1. Add Hostname Entries:
      127.0.0.1   localhost
192.168.1.100   server1.example.com   server1
192.168.1.101   server2.example.com   server2
      1. Save and Exit.
      2. Verify Hostname Resolution:
      ping server1

      Example 2: Configure Hostname Resolution with DNS

      1. Edit the /etc/resolv.conf File:
      sudo nano /etc/resolv.conf
      1. Add DNS Server Entries:
      nameserver 8.8.8.8
nameserver 8.8.4.4
      1. Save and Exit.
      2. Verify DNS Resolution:
      ping google.com

      Example 3: Configure the Name Service Switch

      1. Edit the /etc/nsswitch.conf File:
      sudo nano /etc/nsswitch.conf
      1. Configure the hosts Line:
      hosts:      files dns myhostname
      1. Save and Exit.
      2. Verify the Configuration:
      getent hosts server1

      Additional Tips

      • Check Current Hostname:Use the hostname command to check the current hostname.
      hostname
      • Set the Hostname:Use the hostnamectl command to set the hostname.
      sudo hostnamectl set-hostname newhostname
      • Flush DNS Cache:If you encounter issues with DNS resolution, try flushing the DNS cache.
      sudo systemctl restart NetworkManager
      • Test Name Resolution:Use the dig or nslookup command to test DNS name resolution.
      dig example.com
nslookup example.com

      Conclusion

      Configuring hostname resolution is essential for network communication and system administration. Mastery of these tasks ensures that systems can resolve hostnames to IP addresses correctly, which is crucial for the RHCSA exam.

      These notes should help you understand how to configure hostname resolution for the RHCSA exam.

      07.3 – Configure network services to start automatically at boot

      Overview

      Ensuring that network services start automatically at boot is essential for maintaining network connectivity and service availability. In RHEL, systemd is used to manage services. This guide covers how to enable network services to start automatically at boot using systemctl.

      Using systemctl to Manage Services

      Enabling a Service to Start at Boot

      Use the systemctl enable command to configure a service to start automatically at boot.

      Syntax

      sudo systemctl enable <service_name>

      Example

      Enable the SSH service to start at boot:

      sudo systemctl enable sshd

      Disabling a Service from Starting at Boot

      Use the systemctl disable command to prevent a service from starting automatically at boot.

      Syntax

      sudo systemctl disable <service_name>

      Example

      Disable the SSH service from starting at boot:

      sudo systemctl disable sshd

      Checking if a Service is Enabled

      Use the systemctl is-enabled command to check if a service is enabled to start at boot.

      Syntax

      systemctl is-enabled <service_name>

      Example

      Check if the SSH service is enabled:

      systemctl is-enabled sshd

      Sample Output:

      enabled
```

### Starting and Stopping Services

Use the `systemctl start` and `systemctl stop` commands to start and stop services, respectively.

#### Start a Service

```bash
sudo systemctl start <service_name>

      Stop a Service

      sudo systemctl stop <service_name>

      Example

      Start the SSH service:

      sudo systemctl start sshd

      Stop the SSH service:

      sudo systemctl stop sshd

      Checking the Status of a Service

      Use the systemctl status command to check the status of a service.

      Syntax

      systemctl status <service_name>

      Example

      Check the status of the SSH service:

      systemctl status sshd

      Sample Output:

       sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2023-10-01 12:00:00 UTC; 1h 30min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 1234 (sshd)
    Tasks: 1
   Memory: 5.0M
   CGroup: /system.slice/sshd.service
           └─1234 /usr/sbin/sshd -D

      Practical Examples

      Example 1: Enable and Start the NetworkManager Service

      • Enable the NetworkManager Service to Start at Boot:
      sudo systemctl enable NetworkManager
      • Check if the NetworkManager Service is Enabled:
      systemctl is-enabled NetworkManager
      • Start the NetworkManager Service:
      sudo systemctl start NetworkManager
      • Check the Status of the NetworkManager Service:
      systemctl status NetworkManager

      Example 2: Enable and Start the Firewalld Service

      1. Enable the Firewalld Service to Start at Boot:
      sudo systemctl enable firewalld
      1. Check if the Firewalld Service is Enabled:
      systemctl is-enabled firewalld
      1. Start the Firewalld Service:
      sudo systemctl start firewalld
      1. Check the Status of the Firewalld Service:
      systemctl status firewalld

      Example 3: Enable and Start the HTTPD Service

      1. Enable the HTTPD Service to Start at Boot:
      sudo systemctl enable httpd
      1. Check if the HTTPD Service is Enabled:
      systemctl is-enabled httpd
      1. Start the HTTPD Service:
      sudo systemctl start httpd
      1. Check the Status of the HTTPD Service:
      systemctl status httpd

      Additional Tips

      • List All Services:Use the systemctl list-units command to list all services.
      systemctl list-units --type=service
      • List All Enabled Services:Use the systemctl list-unit-files command to list all enabled services.
      systemctl list-unit-files --type=service | grep enabled
      • Mask a Service:Use the systemctl mask command to prevent a service from being started manually or automatically.
      sudo systemctl mask <service_name>
      • Unmask a Service:Use the systemctl unmask command to remove the mask from a service.
      sudo systemctl unmask <service_name>
      • Reload Systemd Configuration:Use the systemctl daemon-reload command to reload the systemd manager configuration.
      sudo systemctl daemon-reload

      Conclusion

      Configuring network services to start automatically at boot ensures that essential services are available immediately after the system starts. Mastery of these tasks is crucial for maintaining network connectivity and service availability, which is essential for the RHCSA exam.

      These notes should help you understand how to configure network services to start automatically at boot for the RHCSA exam.—

      Practical Examples

      Example 1: Enable and Start the NetworkManager Service

      1. Enable the NetworkManager Service to Start at Boot:
      sudo systemctl enable NetworkManager
      1. Check if the NetworkManager Service is Enabled:
      systemctl is-enabled NetworkManager
      1. Start the NetworkManager Service:
      sudo systemctl start NetworkManager
      1. Check the Status of the NetworkManager Service:
      systemctl status NetworkManager

      Example 2: Enable and Start the Firewalld Service

      1. Enable the Firewalld Service to Start at Boot:
      sudo systemctl enable firewalld
      1. Check if the Firewalld Service is Enabled:
      systemctl is-enabled firewalld
      1. Start the Firewalld Service:
      sudo systemctl start firewalld
      1. Check the Status of the Firewalld Service:
      systemctl status firewalld

      Example 3: Enable and Start the HTTPD Service

      1. Enable the HTTPD Service to Start at Boot:
      sudo systemctl enable httpd
      1. Check if the HTTPD Service is Enabled:
      systemctl is-enabled httpd
      1. Start the HTTPD Service:
      sudo systemctl start httpd
      1. Check the Status of the HTTPD Service:
      systemctl status httpd

      Additional Tips

      • List All Services:Use the systemctl list-units command to list all services.
      systemctl list-units --type=service
      • List All Enabled Services:Use the systemctl list-unit-files command to list all enabled services.
      Systemctl list-unit-files --type=service | grep enabled
      • Mask a Service:Use the systemctl mask command to prevent a service from being started manually or automatically.
      sudo systemctl mask <service_name>
      • Unmask a Service:Use the systemctl unmask command to remove the mask from a service.
      sudo systemctl unmask <service_name>
      • Reload Systemd Configuration:Use the systemctl daemon-reload command to reload the systemd manager configuration.
      sudo systemctl daemon-reload

      Conclusion

      Configuring network services to start automatically at boot ensures that essential services are available immediately after the system starts. Mastery of these tasks is crucial for maintaining network connectivity and service availability, which is essential for the RHCSA exam.

      These notes should help you understand how to configure network services to start automatically at boot for the RHCSA exam.

      07.4 – Restrict network access using firewall-cmd/firewall

      Overview

      firewalld is a dynamic firewall management tool in RHEL that provides a way to manage firewall rules. The firewall-cmd command-line utility is used to interact with firewalld. This guide covers how to use firewall-cmd to restrict network access.

      Installing and Enabling Firewalld

      Step 1: Install Firewalld

      Ensure the firewalld package is installed on your system.

      sudo yum install firewalld

      Step 2: Start and Enable Firewalld

      Start the firewalld service and enable it to start at boot.

      sudo systemctl start firewalld
sudo systemctl enable firewalld

      Step 3: Verify Firewalld Status

      Check the status of the firewalld service to ensure it is running.

      sudo systemctl status firewalld

      Sample Output:

       firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2023-10-01 12:00:00 UTC; 1h 30min ago
     Docs: man:firewalld(1)
 Main PID: 1234 (firewalld)
    Tasks: 2
   Memory: 5.0M
   CGroup: /system.slice/firewalld.service
           └─1234 /usr/sbin/firewalld --nofork --nopid

      Basic Firewall-Cmd Commands

      Listing Firewall Rules

      1. List All Zones:
      sudo firewall-cmd --get-zones
      1. List Active Zones:
      sudo firewall-cmd --get-active-zones
      1. List Services and Ports in a Zone:
      sudo firewall-cmd --zone=<zone> --list-all

      Example:

      sudo firewall-cmd --zone=public --list-all

      Adding and Removing Services

      1. Add a Service to a Zone:
      sudo firewall-cmd --zone=<zone> --add-service=<service> --permanent

      Example:

      sudo firewall-cmd --zone=public --add-service=http --permanent
      1. Remove a Service from a Zone:
      sudo firewall-cmd --zone=<zone> --remove-service=<service> --permanent

      Example:

      sudo firewall-cmd --zone=public --remove-service=http --permanent

      Adding and Removing Ports

      1. Add a Port to a Zone:
      sudo firewall-cmd --zone=<zone> --add-port=<port>/<protocol> --permanent

      Example:

      sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
      1. Remove a Port from a Zone:
      sudo firewall-cmd --zone=<zone> --remove-port=<port>/<protocol> --permanent

      Example:

      sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent

      Reloading the Firewall

      After making changes, reload the firewall to apply the new rules.

      sudo firewall-cmd --reload

      Practical Examples

      Example 1: Restrict Access to HTTP Service

      1. Add the HTTP Service to the Public Zone:
      sudo firewall-cmd --zone=public --add-service=http --permanent
      1. Reload the Firewall:
      sudo firewall-cmd --reload
      1. Verify the HTTP Service is Allowed:
      sudo firewall-cmd --zone=public --list-services
      1. Remove the HTTP Service from the Public Zone:
      sudo firewall-cmd --zone=public --remove-service=http --permanent
      1. Reload the Firewall:
      sudo firewall-cmd --reload
      1. Verify the HTTP Service is Removed:
      sudo firewall-cmd --zone=public --list-services

      Example 2: Restrict Access to a Custom Port

      1. Add Port 8080/TCP to the Public Zone:
      sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
      1. Reload the Firewall:
      sudo firewall-cmd --reload
      1. Verify Port 8080/TCP is Allowed:
      sudo firewall-cmd --zone=public --list-ports
      1. Remove Port 8080/TCP from the Public Zone:
      sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent
      1. Reload the Firewall:
      sudo firewall-cmd --reload
      1. Verify Port 8080/TCP is Removed:
      sudo firewall-cmd --zone=public --list-ports

      Example 3: Allow SSH Access Only from a Specific IP Address

      1. Create a New Zone:
      sudo firewall-cmd --permanent --new-zone=restricted
      1. Add the SSH Service to the New Zone:
      sudo firewall-cmd --zone=restricted --add-service=ssh --permanent
      1. Allow Access to the New Zone from a Specific IP Address:
      sudo firewall-cmd --zone=restricted --add-source=<ip_address> --permanent

      Example:

      sudo firewall-cmd --zone=restricted --add-source=192.168.1.50 --permanent
      1. Reload the Firewall:
      sudo firewall-cmd --reload
      1. Verify the New Zone Configuration:
      sudo firewall-cmd --zone=restricted --list-all

      Additional Tips

      • Check Firewall Status:Use the firewall-cmd --state command to check if firewalld is running.
      sudo firewall-cmd --state
      • Get Default Zone:Use the firewall-cmd --get-default-zone command to get the default zone.
      sudo firewall-cmd --get-default-zone
      • Change Default Zone:Use the firewall-cmd --set-default-zone=<zone> command to change the default zone.
      sudo firewall-cmd --set-default-zone=public
      • Rich Rules:Use rich rules for more complex firewall rules.Example: Allow SSH from a specific IP address.
      sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.50" service name="ssh" accept'
      • Remove Rich Rules:Example: Remove the rich rule for SSH.
      sudo firewall-cmd --permanent --zone=public --remove-rich-rule='rule family="ipv4" source address="192.168.1.50" service name="ssh" accept'
      • Reload Firewalld Configuration:Use the firewall-cmd --reload command to reload the firewalld configuration after making changes.
      sudo firewall-cmd --reload

      Conclusion

      Restricting network access using firewall-cmd and firewalld is essential for securing your system and controlling network traffic. Mastery of these tasks ensures that you can effectively manage firewall rules and maintain network security, which is crucial for the RHCSA exam.

      These notes should help you understand how to restrict network access using firewall-cmd and firewalld for the RHCSA exam.

      Discover more from Altgr Blog

      Subscribe to get the latest posts sent to your email.

      Related Posts

      Leave a Reply

      Your email address will not be published. Required fields are marked *