10.4. Network configuration

Apart from special setups where you need to fine-tune various performance parameters, the network configuration is a relatively simple task under PNS. You have to provide basic IP parameters, such as IP addresses, subnet masks, default gateway. The most important configuration file for networking is /etc/network/interfaces. This file contains separate sections for all network interfaces available in the given system. The official installation procedure of PNS involves steps to configure these basic IP parameters, so in a properly installed system this file is not empty.

Note

In all files editable under MC, after you first upload a configuration file edited in MC, a 3-line comment is added at the beginning of the file.

#
# This file is generated by Management Server. Do not edit!
#

This text warns you about that even if you edit the file manually, it is overwritten next time you upload a change in MC. Of course, if you do not plan to work with this file from MC in the future, you can safely ignore this warning.

A typical interface configuration section in /etc/network/interfaces is the following.

auto eth0
iface eth0 inet static
	address 192.168.1.253
	netmask 255.255.255.0
	broadcast 192.168.1.255
	network 192.168.1.0
	gateway 192.168.1.254

After editing this file and saving it, to activate your changes run the script: /etc/init.d/networking with the restart argument. This applies to all other network configuration files, too.

Another, less frequently modified file of network configuration is /etc/hostname. It contains the hostname parameter of the system. It is important for the name resolution processes initiated by various system components. Whenever a process needs name resolution, that is, to map a name to an IP address, the first thing the system does is it checks this file to see whether its own hostname has been queried. The Linux command hostname queries this file as well.

The file / etc/mailname is important for the proper operation of the Postfix native service. It must not be empty and it gets filled automatically. You can alter the value stored here, if needed.

Another network configuration file, /etc/hosts may be used for static name resolution: it stores name to IP address mappings for network hosts. Before DNS, this file was the only means to map hostnames to IP addresses. Today, most of its functionality has been taken over by DNS, but it is still useful in some scenarios. When a hostname needs be looked up, /etc/hosts is the third place the system looks for a match – the first is /etc/hostname while the second is the in-memory DNS cache. So, if you have a limited number of hosts the firewall visits often, for example, a proxy server, you are recommended to list these hosts in /etc/hosts:

#
# This file is generated by Management Server. Do not edit!
#
127.0.0.1 localhost
192.168.1.253 proxy
192.168.1.100 mail

By default, there is only one entry in this file for the hostname localhost with the IP address 127.0.0.1. This entry is needed for system boot processes, so do not delete it.

Just as with hostnames, you can name networks with symbolic names. The file /etc/networks stores these mappings. By default, this file is empty on the firewall and PNS generally does not use it.

The /etc/resolv.conf file is used by the resolver library to look up what DNS servers to query when a process needs to look up an IP address for a given hostname, or vice versa. In other words, this file lists the known nameservers for the firewall. Additionally, it contains an entry for the domain name of the firewall. This entry is also important for name resolution purposes: if, instead of a fully qualified domain name (FQDN) only a hostname is queried, the resolver automatically appends this domain name to the hostname and tries to look up the FQDN created this way.

#
# This file is generated by Management Server. Do not edit!
#
domain example.org
nameserver 192.168.1.200

This section introduces only briefly the network configuration files. For more detailed information and instructions on network configuration, see Chapter 5, Networking, routing, and name resolution, the references listed on networking in Appendix C, Further readings, and the manual pages for the mentioned files (man filename – without full path, for example: man interfaces).