20 quick tips to make

Linux networking easier

Copyright ©2017 CBS Interactive Inc. All rights reserved.

2 20 QUICK TIPS TO MAKE LINUX NETWORKING EASIER

20 quick tips to make Linux

networking easier
Copyright ©2017 by CBS Interactive Inc. All rights reserved.
TechRepublic and its logo are trademarks of CBS Interactive Inc. Credits
All other product names or services identified throughout this
book are trademarks or registered trademarks of their respective Editor In Chief
companies. Reproduction of this publication in any form without Jason Hiner
prior written permission is forbidden.
Managing Editor
Published by TechRepublic Bill Detwiler
May 2017
Feature Editors
Disclaimer
Jody Gilbert
The information contained herein has been obtained from
Mary Weilage
sources believed to be reliable. CBS Interactive Inc. disclaims
all warranties as to the accuracy, completeness, or adequacy of Assistant Editor
such information. CBS Interactive Inc. shall have no liability for Amy Talbott
errors, omissions, or inadequacies in the information contained
herein or for the interpretations thereof. The reader assumes Graphic Designer
sole responsibility for the selection of these materials to achieve Kimberly Kalisik
its intended results. The opinions expressed herein are subject
Author
to change without notice.
Jack Wallen

TechRepublic
Cover image:
9920 Corporate Campus Dr.
iStockphoto/ jacoblund
Suite 1000
Louisville, KY 40223
Online Customer Support:
http://techrepublic.custhelp.com/

Copyright ©2017 CBS Interactive Inc. All rights reserved.

3 20 QUICK TIPS TO MAKE LINUX NETWORKING EASIER

Introduction
Networking is a must-have on all levels of computing. And with some help, the Linux operating system can be
the king of networking, in both ease of use and security. But that doesn’t mean the average (and sometimes
even the above-average) user can’t use some help.

Although Linux has made significant advances over the years, there are still instances where the standard
troubleshooting or optimizations won’t work. Having a few tricks up your sleeve can make your life easier. Here
are 20 tips I wanted to share with you. I hope they’ll help you in configuring, optimizing, and troubleshooting
you Linux network woes.

1: Make use of your /etc/hosts file

The hosts file is used for static host names and offers a quick way to create networking shortcuts. One of the
first things I do on a Linux machine is add various machines to the /etc/hosts file. This saves me from having
to type a lot of IP addresses. The format of an address for this file is:

IP_ADDRESS NICKNAME

For example, if I use one machine for a backup location at IP address 192.168.1.101, I could enter:

192.168.1.101 backups

Now if I have to connect to that machine, say with secure shell, I can just type ssh -v -l username backups to
make the connection.

2: Keep out unwanted users with /etc/hosts.deny

Yet another helpful “hosts” file is hosts.deny. This file allows you to create access control based on client or
server names. This is helpful in many ways. You can block blacklist domains from gaining access to your
network or you can block certain users from gaining access to certain machines. But no matter how you use
it, the format is the same.

Let’s say you want to block the domain bad.domain.name from gaining access to a machine. To do this, open
up the /etc/hosts.deny file (you will need either root or sudo privileges) and add this to the bottom of the file:

ALL: bad.domain.name

Save it and you’re good to go.

Copyright ©2017 CBS Interactive Inc. All rights reserved.

4 20 QUICK TIPS TO MAKE LINUX NETWORKING EASIER

3: Let WICD handle your wireless woes

I can’t tell you how many times I have found myself banging my head against a server rack. For the longest
time Linux and wireless networking were simply not good bedfellows. But that is quickly becoming a thing
of the past. With modern distributions, wireless card detection has become a no-brainer. The issue now is
encryption.

Many of the Linux wireless tools have trouble when any encryption is involved. But the WICD tool takes care of
this. Now, connecting to WPA or WPA2 encrypted wireless networks is simple. Add to that the amazingly easy
GUI employed by WICD and you can check one nasty headache off your list.

4: Download and install a front end for iptables

You can’t assume that just because you are using Linux, you are secure. You still need some security. And the
best security you can have with Linux is iptables. The only problem with iptables is that it can be challenging
(especially for the new user). Fortunately, there are outstanding graphical front ends for iptables. One of the
best is Firestarter. This front end makes employing iptables a simple process, so you won’t keep bypassing
security out of fear of the learning curve.

5: Get to know the command-line tools

Let’s face it: If you’re running Linux, there might be an instance where you will need to restart your network
and you won’t have access to the GUI. In this particular case, knowing that /etc/rc.d/network restart will do
the trick will solve your problem. Of course, that’s not the only networking command-line tool. You’ll also want
to know tools like dhclient, traceroute, samba, ping, and netstat.

6: Hard-code your DNS server addresses

I don’t know how many times I have had networking problems that pointed directly at missing DNS server
addresses. To this end, I have made it a habit to hard-code my DNS servers into the /etc/resolv.conf file. The
format of the entries is:

nameserver IP_ADDRESS

where IP_ADDRESS is the actual address of your name server. You can have as many name servers listed as
you need.

7: Install ClamAV
If you run a mail server, an antivirus is essential. Even though you are running Linux and you know your mail
server is immune to 99.9999999% of the viruses in the wild, that doesn’t mean all those clients that download
mail from your server are immune. With this in mind, you will make your admin life far easier if you install an
antivirus like ClamAV onto your Linux mail server.

Copyright ©2017 CBS Interactive Inc. All rights reserved.

5 20 QUICK TIPS TO MAKE LINUX NETWORKING EASIER

8: Know how to configure an IP address manually

Yes, there are GUI tools for this. And yes, they all work very well. But as you will eventually find if you
administer any operating system long enough, it’s never bad to have backup tools to help you do your job.
And one of the best backup tools for Linux networking is the ifconfig command. Not only will this command
return to you (with no arguments) your network card information, it will also allow you to configure your
network card manually. This is done like so:

/sbin/ifconfig eth0 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255

Of course, you will want to plug in your particular information as it applies to the above.

9: Get to know your /etc/interfaces (Ubuntu) or /etc/

sysconfig/network-scripts (Red Hat/Fedora) file(s)
This file (or files) is where the information for each network interface is stored. The format for this file is:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet dhcp

auto eth2
iface eth2 inet dhcp

auto ath0
iface ath0 inet dhcp

auto wlan0
iface wlan0 inet dhcp

As you can see above, all of my interfaces are set up for dhcp. This is my laptop, which goes with me every-
where, so dhcp is a necessity. But what if I use the wired interface in only one location?

Copyright ©2017 CBS Interactive Inc. All rights reserved.

6 20 QUICK TIPS TO MAKE LINUX NETWORKING EASIER

For that, I can hard-code the information here under the eth0 interface like so (for Ubuntu):

iface eth0 inet static

address 192.168.1.10

netmask 255.255.255.0

broadcast 192.168.1.255

network 192.168.1.104

gateway 192.168.1.1

Or like so (for Red Hat/Fedora):

DEVICE=eth0
BOOTPROTO=static

BROADCAST=192.168.1.255

IPADDR=192.168.1.10

NETMASK=255.255.255.0

NETWORK=192.168.1.104.0

ONBOOT=yes

Again, you would plug in all the information suited to your network and your device.

Copyright ©2017 CBS Interactive Inc. All rights reserved.

7 20 QUICK TIPS TO MAKE LINUX NETWORKING EASIER

10: Don’t forget smbpasswd when setting up Samba

Nearly every time clients come to me with Samba issues, the problem is that they haven’t added the user
and a password with smbpasswd. Without doing this, the user will not be able to authenticate to the Samba
server. And when using smbpasswd to add a new user, you have to add the “-a” switch, like so:

smbpasswd -a USERNAME

After you hit Enter, you will be asked for the user’s password (twice). NOTE: You must have root access (or
sudo) to pull this off.

11: Use static addresses

If this is an option, I highly recommend it. Why? Control. With a static IP address you can configure multiple
DNS addresses (more on this in a bit) and hardware addresses and set the network device to start at boot.
More important, should your particular machine host a service that other computers or devices need to reach
(which is often the case with Linux), you don’t want to have to constantly be instructing those devices to use a
different IP address. Static IP address configuration is set in /etc/network/interfaces.

12: Disable dnsmasq

Once upon a time, you could open up /etc/resolv.conf and add specific DNS addresses and you were done.
Your machine would use those configured DNS addresses for name resolution and everything would work
swimmingly. Unfortunately, that is not always the case now. With Ubuntu (and its derivatives) there’s a tool
called dnsmasq that will overwrite /etc/resolv.conf every time you boot or restart networking. To get around
this, you have to comment out the dns=dnsmasq line in /etc/NetworkManager/NetworkManager.conf. Once
you’ve taken care of that, restart the network manager (with the command sudo /etc/init.d/networking restart)
and you should be all set.

13: Use third-party DNS servers

I know many will throw shade at this tip, but I’ve always been fond of using Google’s DNS servers (especially
over my ISP’s). The two addresses to use are 8.8.8.8 and 8.8.4.4. Once you’ve disabled dnsmasq, enter
those in your /etc/resolv.conf file and DNS will resolve like a champ. There are other third-party DNS servers
that can be used (such as OpenDNS). Which you choose is up to you.

14: Don’t use hosts as a DNS replacement

Open up your /etc/hosts file. Do you have a long list of entries? If so, consider moving those to a separate
DNS zone. This can avoid address resolution errors and make mapping local addresses significantly easier.
Using /etc/hosts as a cheap imitation of DNS can cause issues when you start reusing addresses and forget

Copyright ©2017 CBS Interactive Inc. All rights reserved.

8 20 QUICK TIPS TO MAKE LINUX NETWORKING EASIER

to clean up that hosts file. If you do use /etc/hosts as a quick fix (or for testing purposes), be sure to remove
those entries as soon as you’re done. If you do have to retain a few entries in the hosts file, keep it to a
minimum.

15: Get to know UFW

Iptables is an incredibly complex system for the configuration of the tables provided by the Linux kernel
firewall. For the average user (or even the average admin), iptables can be a bit overwhelming. Luckily, there is
Uncomplicated Firewall (UFW). UFW is a front end for iptables that strips away the complexity so that anyone
can configure the security of their system. Even better, there are a number of GUI tools that can assist you in
working with UFW (such as Gufw and gui-ufw). The combination of UFW and a good GUI will have you secur-
ing your system(s) with ease.

16: Learn the ip command

Although ifconfig has been deprecated, I still automatically turn to it when I need things like the IP address of a
server. This is a habit I need to break. In place of ifconfig is the ip command and you would be well served to
get to know its ins and outs. The ip command can be used to view information about an interface or configure
an interface. It’s pretty flexible and is only slightly more complicated than the command it replaced. For more
information about ip issue the command man ip and read all about it.

17: Enable your disabled wireless

I have run into this on a few occasions. Out of nowhere, wireless networking ceases to function. Turns out, for
whatever reason, the wireless adapter has been disabled. The solution for this is found in the rfkill command.
Issue the command sudo rfkill list all; if your wireless adapter shows up as either soft or hard blocked, issue
the command sudo rfkill unblock all and then issue the command sudo /etc/init.d/networking restart to bring
the connection back up.

18: Skip NFS and use Samba

You might be inclined to set up NFS to local file sharing. Don’t. The NFS system requires you to have far too
many ports open on your desktop or server. Instead, go with the considerably more powerful Samba. With
Samba, you are required to have only a bare minimum of ports open, so security isn’t nearly as big an issue.
In fact, Samba runs on TCP ports 139 and 445 and UDP ports 137 and 138. For NFS you’ll need UDP ports
111, 1039, 1047, 1048, and 2049 and TCP ports 111, 1039, 1047, 1048, and 2049. There’s no reason to
open up the security holes when Samba does an exponentially better job of sharing files across a network—
plus it works great with other platforms and can connect to Active Directory.

Copyright ©2017 CBS Interactive Inc. All rights reserved.

9 20 QUICK TIPS TO MAKE LINUX NETWORKING EASIER

19: Get to know sshfs

Speaking of remote folder sharing, there’s a tool that should be considered a must-know for Linux
administrators. That tool is sshfs, which stands for Secure Shell File System. With this command you can
mount remote filesystems and interact with the directories and files found on that remote system as if they
were on a local machine. By default, sshfs isn’t installed on most systems, but can be added with a command
like sudo apt-get install sshfs. You first must create a mount directory on the local system and then connect to
the remote filesystem (with a command like sshfs USER@IPADDRESS:/REMOTE/PATH/ /LOCAL/PATH). Once
the remote filesystem is mounted, you can work with the remote path as if it were local.

20: Make use of encryption

We live in a world where security is not something to be taken lightly. If you share sensitive information via
email, find out what encryption options are available for your particular email client. For example, if you use
Mozilla Thunderbird, install and learn Enigmail. If you use Evolution, take advantage of the built-in support for
OpenPGP. Beyond email, you can also encrypt files and directories using a number of command-line or GUI
tools. Check out Protect your data with these five Linux encryption tools for more information.

Your network, your tools

Getting the most out of your network on a Linux machine doesn’t require a degree in computer science or
any given certification. With these tips, you should be able to knock out your Linux networking tasks with a
minimum of effort.

Copyright ©2017 CBS Interactive Inc. All rights reserved.

10 20 QUICK TIPS TO MAKE LINUX NETWORKING EASIER

About TechRepublic
TechRepublic is a digital publication and online community that empowers the people of business and
technology. It provides analysis, tips, best practices, and case studies aimed at helping leaders make better
decisions about technology.

Resources
Subscribe to our free newsletters: Stay on top of business technology trends, learn about innovative new
products, and hone your skills with our how-to’s and tutorials.

Check out the TechRepublic discussion forums: Touch base with your peers and share tips, advice,
solutions, and opinions.

Catch the latest videos and photo galleries: Our video library offers interviews with entrepreneurs, IT pros,
and CXOs; short clips on the latest tech news; and overviews of emerging technologies. Our galleries offer a
look at everything from the hottest mobile devices to autonomous cars to the gadgets, tools, and accessories
that are headed your way.

Copyright ©2017 CBS Interactive Inc. All rights reserved.