8.2. Interface Configuration Files

Interface configuration files control the software interfaces for individual network devices. As the system boots, it uses these files to determine what interfaces to bring up and how to configure them. These files are usually named ifcfg-<name>, where <name> refers to the name of the device that the configuration file controls.

8.2.1. Ethernet Interfaces

One of the most common interface files is ifcfg-eth0, which controls the first Ethernet network interface card or NIC in the system. In a system with multiple NICs, there are multiple ifcfg-eth<X> files (where <X> is a unique number corresponding to a specific interface). Because each device has its own configuration file, an administrator can control how each interface functions individually.

The following is a sample ifcfg-eth0 file for a system using a fixed IP address:

DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
NETWORK=10.0.1.0
NETMASK=255.255.255.0
IPADDR=10.0.1.27
USERCTL=no

The values required in an interface configuration file can change based on other values. For example, the ifcfg-eth0 file for an interface using DHCP looks quite a bit different because IP information is provided by the DHCP server:

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes

The Network Administration Tool (system-config-network) is an easy way to make changes to the various network interface configuration files (refer to the chapter titled Network Configuration in the Red Hat Enterprise Linux System Administration Guide for detailed instructions on using this tool).

However, it is also possible to edit the configuration files for a given network interface manually.

Below is a listing of the configurable parameters in an Ethernet interface configuration file:

8.2.2. IPsec Interfaces

With Red Hat Enterprise Linux it is possible to connect to other hosts or networks using a secure IP connection, known as IPsec. For instructions on setting up IPsec using the Network Administration Tool (system-config-network), refer to the chapter titled Network Configuration in the Red Hat Enterprise Linux System Administration Guide. For instructions on setting up IPsec manually, refer to the chapter titled Virtual Private Networks in the Red Hat Enterprise Linux Security Guide.

The following example shows the ifcfg file for a network-to-network IPsec connection for LAN A. The unique name to identify the connection in this example is ipsec1, so the resulting file is named /etc/sysconfig/network-scripts/ifcfg-ipsec1.

TYPE=IPsec
ONBOOT=yes
IKE_METHOD=PSK
SRCNET=192.168.1.0/24
DSTNET=192.168.2.0/24
DST=X.X.X.X

In the example above, X.X.X.X is the publicly routable IP address of the destination IPsec router.

Below is a listing of the configurable parameters for an IPsec interface:

Refer to /usr/share/doc/initscripts-<version-number>/sysconfig.txt (replace <version-number> with the version of the initscripts package installed) for configuration parameters if using manual key encryption with IPsec.

The racoon IKEv1 key management daemon negotiates and configures a set of parameters for IPSec. It can use preshared keys, RSA signatures, or GSS-API. If racoon is used to automatically manage key encryption, the following options are required:

For more information about the encryption algorithms available for IPsec, refer to the setkey man page. For more information about racoon, refer to the racoon and racoon.conf man pages.

8.2.3. Channel Bonding Interfaces

Red Hat Enterprise Linux allows administrators to bind multiple network interfaces together into a single channel using the bonding kernel module and a special network interface called a channel bonding interface. Channel bonding enables two or more network interfaces to act as one, simultaneously increasing the bandwidth and providing redundancy.

To create a channel bonding interface, create a file in the /etc/sysconfig/network-scripts/ directory called ifcfg-bond<N>, replacing <N> with the number for the interface, such as 0.

The contents of the file can be identical to whatever type of interface that is getting bonded, such as an Ethernet interface. The only difference is that the DEVICE= directive must be bond<N>, replacing <N> with the number for the interface.

The following is a sample channel bonding configuration file:

DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
NETWORK=10.0.1.0
NETMASK=255.255.255.0
IPADDR=10.0.1.27
USERCTL=no

After the channel bonding interface is created, the network interfaces to be bound together must be configured by adding the MASTER= and SLAVE= directives to their configuration files. The configuration files for each of the channel bonded interfaces can be nearly identical.

For example, if channel bonding two Ethernet interfaces, both eth0 and eth1 may look like the following example:

DEVICE=eth<N>
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no

In this example, replace <N> with the numerical value for the interface.

For a channel bonding interface to be valid, the kernel module must be loaded. To insure that the module is loaded when the channel bonding interface is brought up, add the following line to /etc/modules.conf:

alias bond<N> bonding

Replace <N> with the number of the interface, such as 0. For each configured channel bonding interface, there must be a corresponding entry in /etc/modules.conf.

Once /etc/modules.conf is configured, and the channel bonding interface and network interfaces are configured, the ifup command can be used to bring up the channel bonding interface.

ImportantImportant
 

Important aspects of the channel bonding interface are controlled through the kernel module. For more information about controlling the bonding modules, refer to Section A.3.2 The Channel Bonding Module.

8.2.4. Alias and Clone Files

Two lesser-used types of interface configuration files are alias and clone files.

Alias interface configuration files, which are used to bind multiple addresses to a single interface, use the ifcfg-<if-name>:<alias-value> naming scheme.

For example, an ifcfg-eth0:0 file could be configured to specify DEVICE=eth0:0 and a static IP address of 10.0.0.2, serving as an alias of an Ethernet interface already configured to receive its IP information via DHCP in ifcfg-eth0. Under this configuration, eth0 is bound to a dynamic IP address, but the same physical network card can receive request via the fixed, 10.0.0.2 IP address.

CautionCaution
 

Alias interfaces do not support DHCP.

A clone interface configuration file should use the following naming convention: ifcfg-<if-name>-<clone-name>. While an alias file allows multiple addresses for an existing interface, a clone file is used to specify additional options for an interface. For example, a standard DHCP Ethernet interface called eth0, may look similar to this:

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp

Since the default value for the USERCTL directive is no if it is not specified, users cannot bring this interface up and down. To give users the ability to control the interface, create a clone by copying ifcfg-eth0 to ifcfg-eth0-user and add the following line to ifcfg-eth0-user:

USERCTL=yes

This way a user can bring up the eth0 interface using the /sbin/ifup eth0-user command because the configuration options from ifcfg-eth0 and ifcfg-eth0-user are combined. While this is a very basic example, this method can be used with a variety of options and interfaces.

The easiest way to create alias and clone interface configuration files is to use the graphical Network Administration Tool. For more on using this tool, refer to the chapter called Network Configuration in the Red Hat Enterprise Linux System Administration Guide.

8.2.5. Dialup Interfaces

If connecting to the Internet via a dialup connection, a configuration file is necessary for the interface.

PPP interface files are named using the following format ifcfg-ppp<X> (where <X> is a unique number corresponding to a specific interface).

The PPP interface configuration file is created automatically when wvdial, the Network Administration Tool or Kppp is used to create a dialup account. It is also possible to create and edit this file manually.

The following is a typical ifcfg-ppp0 file:

DEVICE=ppp0
NAME=test
WVDIALSECT=test
MODEMPORT=/dev/modem
LINESPEED=115200
PAPNAME=test
USERCTL=true
ONBOOT=no
PERSIST=no
DEFROUTE=yes
PEERDNS=yes
DEMAND=no
IDLETIMEOUT=600

Serial Line Internet Protocol (SLIP) is another dialup interface, although it is used less frequently. SLIP files have interface configuration file names such as ifcfg-sl0.

Other options, not already discussed, that may be used in these files include:

8.2.6. Other Interfaces

Other common interface configuration files include the following: