Tasks

  • Configure static IP(s)
  • Install diagnostic tools
  • Verify network config

Server IP already assigned

If you have a root server, vServer or for whatever reason you got a static IPv4 address for your server, just use that address and your are done with this chapter.


Configure static IP(s)

Debian / Ubuntu / Rasphian

Static IPv4 address

After installing the operating system it often gets its IPv4 adress via DHCP. To avoid trouble in the future this address should be static in most cases.

[email protected]:~# ip route
default via 192.168.1.1 dev ens3 
192.168.1.0/24 dev ens3 proto kernel scope link src 192.168.1.22 

The default line tells us 192.168.1.1 is the default gateway, ens3 is the network device in our case. We need to remember that.

[email protected]:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:ae:a4:12 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.22/24 brd 192.168.1.255 scope global ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:feae:a412/64 scope link 
       valid_lft forever preferred_lft forever

The interresting part is the inet line in our network device (ens3). It tells us 192.168.1.22 is the current IPv4 address, /24 is the network mask in CIDR notation, which is 255.255.255.0 as subnet mask (see https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) and 192.168.1.255 is the broadcast address.

We need to pick an unused IPv4 address, which is not within the DHCP range. Mostly the DHCP server is in the router. You will find the description there. x.x.x.1 ist the gateway in this case as we have seen. DHCP range starts normaly at x.x.x.20 or above. x.x.x.2 is normally free, but you should be sure about that to prevent annoying network problems. I choose 192.168.1.2 as static IPv4 address.

[email protected]:~# cat /etc/resolv.conf
domain fritz.box
search fritz.box
nameserver 192.168.1.1
[email protected]:~# hostname -f
cloudserver.local

We take the dns-server (= nameserver) from here. In this case the DHCP server put this computer in the domain fritz.box while I put it into the domain local. PROS and CONS regarding this settings are not scope of this how-to. We will leave it as it is for now.

Now it is better to have a backup of the configuration. We can put it in our home directory:

[email protected]:~# cp /etc/network/interfaces ~/

This is the actual network configuration:

[email protected]:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug ens3
iface ens3 inet DHCP
# This is an autoconfigured IPv6 interface
iface ens3 inet6 auto

Change the network configuration to your actual values:

...
# The primary network interface
allow-hotplug ens3
iface ens3 inet static
  address 192.168.1.2
  netmask 255.255.255.0
  gateway 192.168.1.1
  dns-domain local
  dns-nameservers 192.168.1.1
# This is an autoconfigured IPv6 interface
iface ens3 inet6 auto
...

Reboot. Test your network configuration to assure it's working. $ ip addr should show your static IPv4 address, $ ip route still the gateway and so on. If something does not work, you have a file named "interfaces" in the home directory of user root, that is your backup. You can copy it back to /etc/network/interfaces and start all over.

Static IPv6 address

If you don't want to use or cannot use IPv6 you may skip this step and anything related to IPv6 in the following chapters.

[email protected]:~# ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2003:a:452:e300:5054:ff:feae:a412/64 scope global mngtmpaddr dynamic 
       valid_lft 7197sec preferred_lft 3597sec
    inet6 fe80::5054:ff:feae:a412/64 scope link 
       valid_lft forever preferred_lft forever

If you find an inet6 address with scope global and not deprecated and not temporary, it's an IPv6 address you may use to access your server.

Add the IPv6 block to your network configuration

...
# This is an IPv6 interface
iface ens3 inet6 static
  address xxxx
  netmask xxxx
  gateway xxxx
  dns-domain local
  dns-nameservers xxxxx
...

CentOS

Static IPv4 address

Need someone with CentOS to contribute examples. Not time to test currently. To be written...

Static IPv6 address

Need someone with CentOS to contribute examples. Not time to test currently. To be written...


IPv6 only

Having a root server or a vServer without any IPv4 at all is not really within the scope of this manual.


Install diagnostic tools

  • $ curl is a tool to transfer data from or to a server. We will use it to diagnose the web server.
  • $ nmap is a network exploration tool. We will use it as a port scanner to diagnose running services.

Debian / Ubuntu / Rasphian

[email protected]:~# apt-get install curl nmap

CentOS

[email protected]:~# yum install curl nmap

Test network config

You need to have nginx installed for this test to work properly. If you want to run these tests now you can simply install nginx with

Debian / Ubuntu / Rasphian

[email protected]:~# apt-get install nginx

CentOS

[email protected]:~# yum install nginx

IPv4

Testing with curl:

[email protected]:~# curl -I http://[192.168.1.2]
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Wed, 19 Jul 2017 07:31:05 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Mon, 17 Jul 2017 13:41:49 GMT
Connection: keep-alive
ETag: "596cbe9d-264"
Accept-Ranges: bytes

Or test using nmap:

[email protected]:~# nmap -4 192.168.1.2

Starting Nmap 7.40 ( https://nmap.org ) at 2017-07-19 09:33 CEST
Nmap scan report for 192.168.1.2
Host is up (0.000015s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http

Open a web browser: https://192.168.1.2/. If you see the default nginx page, it works.


IPv6

If your server has a global IPv6 address, you can test it with a web browser on a computer in local LAN having IPv6 enabled as well: http://[2003:a:452:e300:5054:ff:feae:a412]. This works because the Nginx 'default' server comes with IPv6 enabled.

You can test with curl as well:

[email protected]:~# curl -I http://[2003:a:452:e300:5054:ff:feae:a412]
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Wed, 19 Jul 2017 07:31:05 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Mon, 17 Jul 2017 13:41:49 GMT
Connection: keep-alive
ETag: "596cbe9d-264"
Accept-Ranges: bytes

Or test using nmap:

[email protected]:~# nmap -6 2003:a:452:e300:5054:ff:feae:a412

Starting Nmap 7.40 ( https://nmap.org ) at 2017-07-19 09:33 CEST
Nmap scan report for 2003:a:452:e300:5054:ff:feae:a412
Host is up (0.000015s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http

Note that port 80 is open because of the default server, port 443 is not (for now)!

Test it using nmap:

[email protected]:~# nmap -6 fe80::5054:ff:feae:a412

Starting Nmap 7.40 ( https://nmap.org ) at 2017-07-19 10:13 CEST
Nmap scan report for fe80::5054:ff:feae:a412
Host is up (0.000015s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https

Open a web browser: http://[2003:a:452:e300:5054:ff:feae:a412]/. If you see the default nginx page, it works.


Literature