Network configuration
Related articles
This page explains how to set up a wired connection to a network. If you need to set up wireless networking see the Wireless network configuration page.
Contents
- 1 Check the connection
- 2 Set the hostname
- 3 Device Driver
- 4 Network Interfaces
- 5 Configure the IP address
- 6 Additional settings
- 7 Troubleshooting
Check the connection
Many times, the basic installation procedure has created a working network configuration. To check if this is so, use the following command:
$ ping -c 3 www.google.com
PING www.l.google.com (74.125.224.146) 56(84) bytes of data. 64 bytes from 74.125.224.146: icmp_req=1 ttl=50 time=437 ms 64 bytes from 74.125.224.146: icmp_req=2 ttl=50 time=385 ms 64 bytes from 74.125.224.146: icmp_req=3 ttl=50 time=298 ms --- www.l.google.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 298.107/373.642/437.202/57.415 ms
If it works, then you may only wish to personalize your settings from the options below.
If the previous command complains about unknown hosts, it means that your machine was unable to resolve this domain name. It might be related to your service provider or your router/gateway. You can try pinging a static IP address to prove that your machine has access to the Internet:
$ ping -c 3 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_req=1 ttl=53 time=52.9 ms 64 bytes from 8.8.8.8: icmp_req=2 ttl=53 time=72.5 ms 64 bytes from 8.8.8.8: icmp_req=3 ttl=53 time=70.6 ms --- 8.8.8.8 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 52.975/65.375/72.543/8.803 ms
If you are able to ping 8.8.8.8
but not www.google.com
, check your DNS configuration. See resolv.conf for details.
Set the hostname
A hostname is a unique name created to identify a machine on a network: it is configured in /etc/hostname
. The file can contain the system's domain name, if any. To set the hostname, do:
# hostnamectl set-hostname myhostname
This will put myhostname
into /etc/hostname
. See man 5 hostname
and man 1 hostnamectl
for details.
To temporarily set the hostname (until reboot), use hostname from inetutils:
# hostname myhostname
Device Driver
Check the status
udev should detect your network interface card (see Wikipedia:Network interface controller) and automatically load the necessary module at start up. Check the "Ethernet controller" entry (or similar) from the lspci -v
output. It should tell you which kernel module contains the driver for your network device. For example:
$ lspci -v
02:00.0 Ethernet controller: Attansic Technology Corp. L1 Gigabit Ethernet Adapter (rev b0) ... Kernel driver in use: atl1 Kernel modules: atl1
Next, check that the driver was loaded via dmesg | grep module_name
. For example:
$ dmesg | grep atl1 ... atl1 0000:02:00.0: eth0 link is up 100 Mbps full duplex
Skip the next section if the driver was loaded successfully. Otherwise, you will need to know which module is needed for your particular model.
Load the module
Search in the Internet for the right module/driver for the chipset. Some common modules are 8139too
for cards with a Realtek chipset, or sis900
for cards with a SiS chipset. Once you know which module to use, try to load it manually. If you get an error saying that the module was not found, it's possible that the driver is not included in Arch kernel. You may search the AUR for the module name.
If udev is not detecting and loading the proper module automatically during bootup, see Kernel modules#Loading.
Network Interfaces
Device names
For computers with multiple NICs, it is important to have fixed device names. Many configuration problems are caused by interface name changing.
udev is responsible for which device gets which name. Systemd v197 introduced Predictable Network Interface Names, which automatically assigns static names to network devices. Interfaces are now prefixed with en
(ethernet), wl
(WLAN), or ww
(WWAN) followed by an automatically generated identifier, creating an entry such as enp0s25
. This behavior may be disabled by adding net.ifnames=0
to the kernel parameters.
Get current device names
Current NIC names can be found via sysfs
or ip link
. For example:
$ ls /sys/class/net
lo enp0s3
$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:23:6f:3a brd ff:ff:ff:ff:ff:ff
Change device name
You can change the device name by defining the name manually with an udev-rule. For example:
/etc/udev/rules.d/10-network.rules
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="net1" SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="ff:ee:dd:cc:bb:aa", NAME="net0"
These rules will be applied automatically at boot.
A couple of things to note:
- To get the MAC address of each card, use this command:
cat /sys/class/net/device_name/address
- Make sure to use the lower-case hex values in your udev rules. It doesn't like upper-case.
If the network card has a dynamic MAC, you can use DEVPATH
, for example:
/etc/udev/rules.d/10-network.rules
SUBSYSTEM=="net", DEVPATH=="/devices/platform/wemac.*", NAME="int" SUBSYSTEM=="net", DEVPATH=="/devices/pci*/*1c.0/*/net/*", NAME="en"
The device path should match both the new and old device name, since the rule may be executed more than once on bootup. For example, in the second rule, "/devices/pci*/*1c.0/*/net/enp*"
would be wrong since it will stop matching once the name is changed to en
. Only the system-default rule will fire the second time around, causing the name to be changed back to e.g. enp1s0
.
To test your rules, they can be triggered directly from userspace, e.g. with udevadm --debug test /sys/DEVPATH
. Remember to first take down the interface you are trying to rename (e.g. ip link set down enp1s0
).
Set device MTU and queue length
You can change the device MTU and queue length by defining manually with an udev-rule. For example:
/etc/udev/rules.d/10-network.rules
ACTION=="add", SUBSYSTEM=="net", KERNEL=="wl*", ATTR{mtu}="1480", ATTR{tx_queue_len}="2000"
Enabling and disabling network interfaces
You can activate or deactivate network interfaces using:
# ip link set eth0 up # ip link set eth0 down
To check the result:
$ ip link show dev eth0
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP mode DEFAULT qlen 1000 ...
Configure the IP address
You have two options: a dynamically assigned address using DHCP, or an unchanging "static" address.
Dynamic IP address
systemd-networkd
An easy way to setup DHCP for simple requirements is to use systemd-networkd service provided by systemd. See systemd-networkd#Basic DHCP network.
dhcpcd
dhcpcd is used as default client in Arch Linux to setup DHCP on the installation ISO. It is a more powerful tool and allows to configure more DHCP client options. See dhcpcd#Running on how to activate it for an interface.
Static IP address
There are various reasons why you may wish to assign static IP addresses on your network. For instance, one may gain a certain degree of predictability with unchanging addresses, or you may not have a DHCP server available.
A static address can be configured with most networking tools standard in Arch Linux, for example see netctl, systemd-networkd, dhcpcd.
The following describes how to configure a static IP address manually. You need:
- Static IP address
- Subnet mask in CIDR notation, for example
/24
is the CIDR notation of255.255.255.0
netmask. - Broadcast address
- Gateway's IP address
- Name server (DNS) IP addresses. See also resolv.conf.
If you are running a private network, it is safe to use IP addresses in 192.168.*.*
for your IP addresses, with a subnet mask of 255.255.255.0
and a broadcast address of 192.168.*.255
. The gateway is usually 192.168.*.1
or 192.168.*.254
.
Manual assignment
This method does not persist across reboots. Enable the network interface:
# ip link set interface up
Assign a static IP address in the console:
# ip addr add IP_address/subnet_mask broadcast broadcast_address dev interface
For example:
# ip addr add 192.168.1.2/24 broadcast 192.168.1.255 dev interface
For more options, see man ip
.
Add your gateway IP address like so:
# ip route add default via default_gateway
For example:
# ip route add default via 192.168.1.1
systemd-networkd
See systemd-networkd#Wired adapter using a static IP.
systemd service
First create a configuration file for the systemd service, replace interface
with the proper network interface name:
/etc/conf.d/net-conf-interface
address=192.168.1.2 netmask=24 broadcast=192.168.1.255 gateway=192.168.1.1
Create network start and stop scripts:
/usr/local/bin/net-up
#!/bin/bash ip link set dev "$1" up ip addr add "$address/$netmask" broadcast "$broadcast" dev "$1" [[ -z $gateway ]] || ip route add default via "$gateway"
/usr/local/bin/net-down
#!/bin/bash ip addr flush dev "$1" ip route flush dev "$1" ip link set dev "$1" down
Make both scripts executable:
# chmod +x /usr/local/bin/net-{up,down}
systemd service file:
/etc/systemd/system/network@.service
[Unit] Description=Network connectivity (%i) Wants=network.target Before=network.target BindsTo=sys-subsystem-net-devices-%i.device After=sys-subsystem-net-devices-%i.device [Service] Type=oneshot RemainAfterExit=yes EnvironmentFile=/etc/conf.d/net-conf-%i ExecStart=/usr/local/bin/net-up %i ExecStop=/usr/local/bin/net-down %i [Install] WantedBy=multi-user.target
Enable and start the unit network@interface
, replacing interface
with the name of your interface.
Calculating addresses
You can use ipcalc
provided by the ipcalc package to calculate IP broadcast, network, netmask, and host ranges for more advanced configurations. An example is using Ethernet over Firewire to connect a Windows machine to Linux. To improve security and organization, both machines have their own network with the netmask and broadcast configured accordingly.
Finding out the respective netmask and broadcast addresses is done with ipcalc
, by specifying the IP of the Linux NIC 10.66.66.1
and the number of hosts (here two):
$ ipcalc -nb 10.66.66.1 -s 1
Address: 10.66.66.1 Netmask: 255.255.255.252 = 30 Network: 10.66.66.0/30 HostMin: 10.66.66.1 HostMax: 10.66.66.2 Broadcast: 10.66.66.3 Hosts/Net: 2 Class A, Private Internet
Additional settings
ifplugd for laptops
ifplugd in official repositories is a daemon which will automatically configure your Ethernet device when a cable is plugged in and automatically unconfigure it if the cable is pulled. This is useful on laptops with onboard network adapters, since it will only configure the interface when a cable is really connected. Another use is when you just need to restart the network but do not want to restart the computer or do it from the shell.
By default it is configured to work for the eth0
device. This and other settings like delays can be configured in /etc/ifplugd/ifplugd.conf
.
Bonding or LAG
See netctl#Bonding.
IP address aliasing
IP aliasing is the process of adding more than one IP address to a network interface. With this, one node on a network can have multiple connections to a network, each serving a different purpose. Typical uses are virtual hosting of Web and FTP servers, or reorganizing servers without having to update any other machines (this is especially useful for nameservers).
Example
You will need netctl from the official repositories.
Prepare the configuration:
/etc/netctl/mynetwork
Connection='ethernet' Description='Six different addresses on the same NIC.' Interface='eth0' IP='static' Address=('192.168.1.10/24' '192.168.178.11/24' '192.168.1.12/24' '192.168.1.13/24' '192.168.1.14/24' '192.168.1.15/24') Gateway='192.168.1.1' DNS=('192.168.1.1')
Then simply execute:
$ netctl start mynetwork
To manually set alias for NIC using iproute2 tools execute
$ ip addr add 192.168.1.10/24 dev enp1s0 label enp1s0:1
To remove given alias execute
$ ip addr del 192.168.1.10/24 dev enp1s0:1
Change MAC/hardware address
See MAC address spoofing.
Internet sharing
See Internet sharing.
Router configuration
See Router.
Local network hostname resolution
The pre-requisite is to #Set the hostname after which hostname resolution works on the local system itself:
$ ping myhostname
PING myhostname (192.168.1.2) 56(84) bytes of data. 64 bytes from myhostname (192.168.1.2): icmp_seq=1 ttl=64 time=0.043 ms
To enable other machines to address the host by name, either a manual configuration of the respective /etc/hosts
files or a service to propagate/resolve the name is required. With systemd the latter is done via the myhostname
nss module. However, not all network services (on the same system; examples: [1], [2]) or other clients with different operating systems use the same methods to try resolve the hostname.
A first work-around that can be tried is to add the following line to /etc/hosts
:
127.0.1.1 myhostname.localdomain myhostname
As a result the system resolves to both entries:
$ getent hosts 127.0.0.1 localhost 127.0.1.1 myhostname.localdomain myhostname
For a system with a permanent IP address, that permanent IP address should be used instead of 127.0.1.1
.
Another possibility is to set up a full DNS server such as BIND or Unbound, but that is overkill and too complex for most systems. For small networks and dynamic flexibility with hosts joining and leaving the network zero-configuration networking services may be more applicable. There are two options available:
-
Samba provides hostname resolution via Microsoft's NetBIOS. It only requires installation of samba and enabling of the
nmbd.service
service. Computers running Windows, OS X, or Linux withnmbd
running, will be able to find your machine.
- Avahi provides hostname resolution via zeroconf, also known as Avahi or Bonjour. It requires slightly more complex configuration than Samba: see Avahi#Hostname resolution for details. Computers running OS X, or Linux with an Avahi daemon running, will be able to find your machine. Windows does not have an built-in Avahi client or daemon.
Promiscuous mode
Toggling promiscuous mode will make a (wireless) NIC forward all traffic it receives to the OS for further processing. This is opposite to "normal mode" where a NIC will drop frames it is not intended to receive. It is most often used for advanced network troubleshooting and packet sniffing.
/etc/systemd/system/promiscuous@.service
[Unit] Description=Set %i interface in promiscuous mode After=network.target [Service] Type=oneshot ExecStart=/usr/bin/ip link set dev %i promisc on RemainAfterExit=yes [Install] WantedBy=multi-user.target
If you want to enable promiscuous mode on interface eth0
run enable promiscuous@eth0.service
.
Troubleshooting
Swapping computers on the cable modem
Some cable ISPs (videotron for example) have the cable modem configured to recognize only one client PC, by the MAC address of its network interface. Once the cable modem has learned the MAC address of the first PC or equipment that talks to it, it will not respond to another MAC address in any way. Thus if you swap one PC for another (or for a router), the new PC (or router) will not work with the cable modem, because the new PC (or router) has a MAC address different from the old one. To reset the cable modem so that it will recognise the new PC, you must power the cable modem off and on again. Once the cable modem has rebooted and gone fully online again (indicator lights settled down), reboot the newly connected PC so that it makes a DHCP request, or manually make it request a new DHCP lease.
If this method does not work, you will need to clone the MAC address of the original machine. See also #Change MAC/hardware address.
The TCP window scaling problem
TCP packets contain a "window" value in their headers indicating how much data the other host may send in return. This value is represented with only 16 bits, hence the window size is at most 64Kb. TCP packets are cached for a while (they have to be reordered), and as memory is (or used to be) limited, one host could easily run out of it.
Back in 1992, as more and more memory became available, RFC 1323 was written to improve the situation: Window Scaling. The "window" value, provided in all packets, will be modified by a Scale Factor defined once, at the very beginning of the connection. That 8-bit Scale Factor allows the Window to be up to 32 times higher than the initial 64Kb.
It appears that some broken routers and firewalls on the Internet are rewriting the Scale Factor to 0 which causes misunderstandings between hosts. The Linux kernel 2.6.17 introduced a new calculation scheme generating higher Scale Factors, virtually making the aftermaths of the broken routers and firewalls more visible.
The resulting connection is at best very slow or broken.
How to diagnose the problem
First of all, let's make it clear: this problem is odd. In some cases, you will not be able to use TCP connections (HTTP, FTP, ...) at all and in others, you will be able to communicate with some hosts (very few).
When you have this problem, the dmesg
's output is OK, logs are clean and ip addr
will report normal status... and actually everything appears normal.
If you cannot browse any website, but you can ping some random hosts, chances are great that you're experiencing this problem: ping uses ICMP and is not affected by TCP problems.
You can try to use Wireshark. You might see successful UDP and ICMP communications but unsuccessful TCP communications (only to foreign hosts).
Ways of fixing it
Bad
To fix it the bad way, you can change the tcp_rmem
value, on which Scale Factor calculation is based. Although it should work for most hosts, it is not guaranteed, especially for very distant ones.
# echo "4096 87380 174760" > /proc/sys/net/ipv4/tcp_rmem
Good
Simply disable Window Scaling. Since Window Scaling is a nice TCP feature, it may be uncomfortable to disable it, especially if you cannot fix the broken router. There are several ways to disable Window Scaling, and it seems that the most bulletproof way (which will work with most kernels) is to add the following line to /etc/sysctl.d/99-disable_window_scaling.conf
(see also sysctl):
net.ipv4.tcp_window_scaling = 0
Best
This problem is caused by broken routers/firewalls, so let's change them. Some users have reported that the broken router was their very own DSL router.
More about it
This section is based on the LWN article TCP window scaling and broken routers and a Kernel Trap article: Window Scaling on the Internet.
There are also several relevant threads on the LKML.
Realtek no link / WOL problem
Users with Realtek 8168 8169 8101 8111(C) based NICs (cards / and on-board) may notice a problem where the NIC seems to be disabled on boot and has no Link light. This can usually be found on a dual boot system where Windows is also installed. It seems that using the offical Realtek drivers (dated anything after May 2007) under Windows is the cause. These newer drivers disable the Wake-On-LAN feature by disabling the NIC at Windows shutdown time, where it will remain disabled until the next time Windows boots. You will be able to notice if this problem is affecting you if the Link light remains off until Windows boots up; during Windows shutdown the Link light will switch off. Normal operation should be that the link light is always on as long as the system is on, even during POST. This problem will also affect other operating systems without newer drivers (eg. Live CDs). Here are a few fixes for this problem.
Method 1: enable the NIC directly in Linux
Get the ethernet NIC name from the output of:
$ ip a
Bring up the device as root using the NIC name:
# ip link set dev NIC_name up
For ex, if NIC_name is enp7s0:
# ip link set dev enp7s0 up
If it worked and the card is powered on, you should see state UP
for the given interface in the output of ip link
.
Method 2: rollback/change Windows driver
You can roll back your Windows NIC driver to the Microsoft provided one (if available), or roll back/install an official Realtek driver pre-dating May 2007 (may be on the CD that came with your hardware).
Method 3: enable WOL in Windows driver
Probably the best and the fastest fix is to change this setting in the Windows driver. This way it should be fixed system-wide and not only under Arch (eg. live CDs, other operating systems). In Windows, under Device Manager, find your Realtek network adapter and double-click it. Under the "Advanced" tab, change "Wake-on-LAN after shutdown" to "Enable".
In Windows XP (example):
Right click my computer and choose "Properties" --> "Hardware" tab --> Device Manager --> Network Adapters --> "double click" Realtek ... --> Advanced tab --> Wake-On-Lan After Shutdown --> Enable
Method 4: newer Realtek Linux driver
Any newer driver for these Realtek cards can be found for Linux on the realtek site (untested but believed to also solve the problem).
Method 5: enable LAN Boot ROM in BIOS/CMOS
It appears that setting Integrated Peripherals --> Onboard LAN Boot ROM --> Enabled in BIOS/CMOS reactivates the Realtek LAN chip on system boot-up, despite the Windows driver disabling it on OS shutdown.
No interface with Atheros chipsets
Users of some Atheros ethernet chips are reporting it does not work out-of-the-box (with installation media of February 2014). The working solution for this is to install the package backports-patchedAUR from AUR.
Broadcom BCM57780
This Broadcom chipset sometimes does not behave well unless you specify the order of the modules to be loaded. The modules are broadcom
and tg3
, the former needing to be loaded first.
These steps should help if your computer has this chipset:
- Find your NIC in lspci output:
$ lspci | grep Ethernet 02:00.0 Ethernet controller: Broadcom Corporation NetLink BCM57780 Gigabit Ethernet PCIe (rev 01)
- If your wired networking is not functioning in some way or another, try unplugging your cable then doing the following:
# modprobe -r tg3 # modprobe broadcom # modprobe tg3
- Plug you network cable in. If this solves your problems you can make this permanent by adding
broadcom
andtg3
(in this order) to theMODULES
array in/etc/mkinitcpio.conf
:
MODULES=".. broadcom tg3 .."
- Rebuild the initramfs:
# mkinitcpio -p linux
- Alternatively, you can create an
/etc/modprobe.d/broadcom.conf
:
softdep tg3 pre: broadcom
Realtek RTL8111/8168B
# lspci | grep Ethernet
03:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 02)
The adapter should be recognized by the r8169
module. However, with some chip revisions the connection may go off and on all the time. The alternative r8168 can be found in the official repositories and should be used for a reliable connection in this case. Blacklist r8169
, if r8168 is not automatically loaded by udev add it to your list of user specified modules.