Never Ending Security

It starts all here

IP Commands Cheatsheet

IP Command Examples

The ip command is used to assign an address to a network interface and/or configure network interface parameters on Linux operating systems. This command replaces old good and now deprecated ifconfig command on modern Linux distributions.

It is used for the following purposes:

  1. Find out which interfaces are configured on the system.
  2. Query the status of a IP interface.
  3. Configure the local loop-back, Ethernet and other IP interfaces.
  4. Mark the interface as up or down.
  5. Configure and modify default and static routing.
  6. Configure tunnel over IP.
  7. Configure ARP or NDISC cache entry.
  8. Assign IP address, routes, subnet and other IP information to IP interfaces.

Syntax

ip OBJECT COMMAND
ip [options] OBJECT COMMAND
ip OBJECT help

How do I Configure Static IP Address

To configure static IP Address, you need to update or edit network configuration file to assign an Static IP Address to a system.

Assign Static IP Address to eth0 interface editing configuration file /etc/network/interfaces to make permanent changes as shown below.

auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.1

Next, restart network services.

# /etc/init.d/networking restart
$ sudo /etc/init.d/networking restart

How to Assign a IP Address to Specific Interface

The following command used to assign IP Address to a specific interface (eth1).

# ip addr add 192.168.1.5 dev eth1
$ sudo ip addr add 192.168.1.5 dev eth1
Note: These settings will be lost after a system restart.

How to Check an IP Address

To get the information about your network interfaces like IP Address, MAC Address information, use the following command as shown below.

# ip addr show
$ sudo ip addr show
OUTPUT
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:0c:29:28:fd:4c brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0
    inet6 fe80::20c:29ff:fe28:fd4c/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:0c:29:28:fd:56 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.5/24 scope global eth1
    inet6 fe80::20c:29ff:fe28:fd56/64 scope link
       valid_lft forever preferred_lft forever

How to Remove an IP Address

The following command will remove an assigned IP address from the given interface (eth1).

# ip addr del 192.168.1.5/24 dev eth1
$ sudo ip addr del 192.168.1.5/24 dev eth1

How to Enable Network Interface

The “up” flag with interface name (eth1) enables a network interface.

# ip link set eth1 up
$ sudo ip link set eth1 up

How to Disable Network Interface

The “down” flag with interface name (eth1) disables a network interface.

# ip link set eth1 down
$ sudo ip link set eth1 down

How do I Check Route Table?

Type the following command to check the routing table information of system.

# ip route show
$ sudo ip route show
OUTPUT
10.10.20.0/24 via 192.168.1.100 dev eth0
192.168.160.0/24 dev eth1  proto kernel  scope link  src 192.168.160.130  metric 1
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.2
169.254.0.0/16 dev eth0  scope link  metric 1002
default via 192.168.1.1 dev eth0  proto static

How do I Add Static Route

Why you need to add Static routes or Manual routes?  Because that the traffic must not pass through the default gateway. We need to add Static routes to pass traffic from best way to reach the destination.

# ip route add 10.10.20.0/24 via 192.168.1.100 dev eth0
$ sudo ip route add 10.10.20.0/24 via 192.168.1.100 dev eth0

How to Remove Static Route

To remove assigned static route, simply type the following command.

# ip route del 10.10.20.0/24
$ sudo ip route del 10.10.20.0/24

How do I Add Persistence Static Routes

All the above routes will be lost after a system restart. To add permanent Static route, edit file /etc/sysconfig/network-scripts/route-eth0 (We are storing static route for (eth0) and add the following lines and save and exist. By default route-eth0 file will not be there, need to be created.

Open the file /etc/network/interfaces and at the end add the persistence Static routes. IP Addresses may differ in your environment.

$ sudo vi /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.100
#########{Static Route}###########
up ip route add 10.10.20.0/24 via 192.168.1.100 dev eth0

Next, restart network services after entering all the details using the following command.

# /etc/init.d/network restart
$ sudo /etc/init.d/network restart

How do I Add Default Gateway

Default gateway can be specified globally or for in interface-specific config file. Advantage of default gateway is If we have more than one NIC is present in the system. You can add default gateway on the fly as shown below command.

# ip route add default via 192.168.1.100
$ sudo ip route add default via 192.168.1.100

How to Add Multiple Routes

Apart from the default route, you can also configure additional routes. For example, your server you might have 2 interfaces (eth0 and eth1). By default, all the traffic is routed through interface eth0 irrespective of what IP address you have configured on eth1.

To route the incoming and outgoing traffic through eth1, other than the default route (eth0), you also need to add additional routes for eth1 .

Example:

  • eth0 has been configured with IP address 19.86.101.54 with netmask 255.255.255.0 and default gateway of 19.86.101.1
  • eth1 has been configured with IP address 19.86.100.176 with netmask 255.255.255.0 and it’s gateway IP address is 19.86.100.1

You can view your current ip-address of your interface cards using ifconfig command as shown below.

# ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:50:56:8E:0B:EC
          inet addr:19.86.101.54  Bcast:19.86.101.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3735 errors:0 dropped:0 overruns:0 frame:0
          TX packets:336 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:295679 (288.7 Kb)  TX bytes:50312 (49.1 Kb)

eth1      Link encap:Ethernet  HWaddr 00:50:56:8E:27:0D
          inet addr:19.86.100.176  Bcast:19.86.100.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:840 (840.0 b)  TX bytes:0 (0.0 b)

Also, the netstat command output indicates that the default gateway is pointing to eth0,

# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         19.86.101.1     0.0.0.0         UG        0 0          0 eth0
19.86.100.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
19.86.101.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0

With the above settings, you may be able to ping both the gateways and communicate with other devices without any issues. But, remember that all the traffic is routed through eth0 by default.

When you ping the IP address 19.86.100.176 from outside your network you may notice that it will not be pingable.

In order to implement this, you need a create a new policy in the routing table. The routing table is located at /etc/iproute2/rt_tables. The initial rule file before configuration may look like the one shown below.

# cat /etc/iproute2/rt_tables
#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
#1      inr.ruhep
#

To view all the current rules, use the ip command as shown below:

# ip rule show
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

First, take a backup of the rt_Tables before making any changes.

cd /etc/iproute2
cp rt_tables rt_tables.orig

Next, create a new policy routing table entry in /etc/iproute2/rt_tables file:

echo "1 admin" >> /etc/iproute2/rt_tables

Now add the routing entries in the admin table.

ip route add 19.86.100.0/24 dev eth1 src 19.86.100.176 table admin
ip route add default via 19.86.100.1 dev eth1 table admin

In the above example:

  • In the first ip command, we are adding subnet 19.86.100.0 with a netmask 255.255.255.0 with the source IP address 19.86.100.176 & device eth1 to the admin table.
  • In the second ip command, we are adding the route 19.86.100.1 to the admin table. This way all the rules defined in admin table routes traffic through device eth1.

Once the above commands are executed successfully, you need to instruct the OS how to use this table.

In the “ip rule show” you may noticed the line “32766: from all lookup main”. This is the line that instructs the OS to route all the traffic defined in “main” table which is the default gateway.

All the rules are executed in the ascending order. So, we will add rule entries above the “main” table.

ip rule add from 19.86.100.176/24 table admin
ip rule add to 19.86.100.176/24 table admin
ip route flush cache

In the above example:

  • The first command adds the rule that all the traffic going to eth1′s IP needs to use the “admin” routing table instead of “main” one.
  • The second command adds the rule that all the outgoing traffic from eth1′s IP needs to use the “admin” routing table instead of “main” one.
  • The third command is used to commit all these changes in the previous commands

Finally, verify that your changes are made appropriately using the following command:

# ip rule show
0:      from all lookup local
32764:  from all to 19.86.100.176/24 lookup admin
32765:  from 19.86.100.176/24 lookup admin
32766:  from all lookup main
32767:  from all lookup default

At this point, you should be able to ping the IP address 19.86.100.176 from the outside network and view all the traffic that is supposed to be using eth1 is working as expected.

To make these changes persistent across reboot, you can add these commands to /etc/init.d/boot.local (for SUSE Linux), or /etc/rc.d/rc.local (for Redhat, CentOS).

If you want to configure one more IP address on a different subnet, repeat all of the above steps, but use a different table name. Instead of “admin” table, use “admin-new” table.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s