
2/12

To assignan IP address to aparticularinterface,say eth0 :

$ ifconfig eth0 192.168.0.10

To activatethe interface,afterthe IP address has been assigned:

$ ifconfig eth0 up

To deactivatethe interface:

$ ifconfig eth0 down

ifconfig with options a, -s :


3/12

A


4/12

Step 2 Set up a default gateway, using route:

Once a static IP address has been assignedto the interfaceunder

consideration, ROUTE system call is used to set up staticroutes to specifichosts or

networks via the interface.

OPTION PURPOSE

-v Selectverbose operation.

-n Show numerical address instead of trying to

determine.

-e Displays routingtablein netstat format.

Del Deletea route.

Add Add a new route.

target The destinationnetwork/host.

Gw Route packets via a GATEWAY (staticroute to

the gateway must be setbeforehand)

netmask When addinga network route, a network is to

be used.


5/12

Usage:

To add defaultgateway to the network interfacecurrentlyconfigured,use the

addoption of route:

$ route add default192.168.0.0

NOTE: The gateway is identifiedas defaultand must fall under the networkof

the interfaceconfigured,in order to be routed correctly.

To specifythe network address to route to a gateway (a more general usage)

$ route add net 292.168.0.0 netmask 255.255.0.0

route with options v, -n, -e, -net (adding a network), -host (adding a

host) :


6/12


7/12


8/12

Step 3 Setting up a nameserver(DNS):

When configuring the resolverlibrary to use the bindname service for lookups,

the name servers to be used are to be specified.

The details of such name servers are stored in a file resolv.conf in the etc

directory.

The most importantoptionis the name server, which givesthe IP address of

the server to be used.

For eg.

# /etc/resolv.conf

#domain

domainmydomian.com

#nameserver

nameserver 192.168.0.210

This settingcan be verified by usingthe PINGtool.

$ pingfacebook.com

Ifthe output command is:

unknown host facebook.com,

then the DNS server is eitherdown or not configuredproperly.

Manual And Dynamic Settings :


9/12

Step 4 Setting up network firewall using iptables:

Once nameservers have been successfullyconfigured,Firewall/NATpackages are

installedusingIPTABLES. Iptablesis an administrationtool forpacket filtering and

NAT.

Several tablesmay be defined.Each tableconsists of a numberofbuilt-in

chainsand user-definedchains.

A firewall rulespecifiesa criterion for a packet and a target. Ifpacket is

matched, the correspondingnext ruleis specifiedby value of the target, which

can be the name of the user-definedchains or one of the special values:

ACCEPT, DROP, QUEUE or RETURN.

ACCEPT:L

etpacket through.

DROP: Droppacket.

QUEUE: Pass packet to userspace.

RETURN: Stop traversingthe chainand return the next rulein calling

(previous)chain.

Chainscan be added to the following 4 tables:

OPTION PURPOSE

Filter Defaulttable

3 chains:

o INPUT: forpackets designedlocal sockets

o OUTPUT: for locally generated sockets

o FORWARD: forpacketsbeingrouted through the

box

nat Constructed,when a packet that creates a new

connectionis encountered.


10/12

3 built-in chains:

o PRE-ROUTING: alteringpackets as soon as they

come in

o OUTPUT: alteringlocally generatedpackets

before routing

o POST-ROUTING: alteringpackets as they are

about to go out

Manage Used for specializedpacket alteration.

Raw Configuring exceptionsfrom connectiontracking.

Usage:

To add a ruleto the inputchainto drop all the packets incomingthrough port

80:

$ iptablesA INPUT p tcp dport 80 j DROP

The above ruleonce added drops all packets coming intothe system through

port 80, usingtcp.

To add a ruleto the output chain:

$ iptablesA output p tcp --dport 80

This ruledrops all packets sent by the host through port 80, usingtcp.

To deletea rulefrom the inputchain,providethe chainname and no. of rulesto

delete:

$ iptablesD input2

The list of services, protocolsused and port numbers can be found in the file

etc/services.


11/12

Adding a rule to the INPUTchain


12/12

CONCLUSION : Thus the complete network interface using ifconfig commands like

setting gateway, DNS, IP tables,firewall have been performed successfully.

network config

Documents