Network configuration CentOS

Last change on 2021-04-16 • Created on 2020-05-18

Main IP address

IPv4

Dedicated root servers

The main IP address of a dedicated root server usually comes from a /26 or /27 subnet. In order to prevent (accidental) adoption of foreign IP addresses, communication is only possible via the gateway address.

In order to communicate with servers in the same network segment, a point-to-point setup is configured within the default installation, which directs all packets to the gateway.

If you are doing your configuration via DHCP, this particular configuration cannot be transmitted, meaning a normal configuration (without a /32 subnet) is applied. This is not a problem, unless you need to reach IPs from the same subnet. In order to reach any server in the same subnet, you need to use a /32 subnet in the network configuration:

# /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=<MAC Address>
ONBOOT=yes
BOOTPROTO=static
IPADDR=<IP Address>
NETMASK=255.255.255.255
SCOPE="peer <Gateway IP>"
# potential additional IPv6 entries

Create the default route:

##/ etc/sysconfig/network-scripts/route-eth0
ADDRESS0=0.0.0.0
NETMASK0=0.0.0.0
GATEWAY0=<Gateway IP>

Possible sources of errors

If it is not possible to reach the server after configuring the above network settings, you need to check whether the variable "GATEWAYDEV" has been set in the file /etc/sysconfig/network. This may be one reason for non-availability and is indicated by the error message RTNETLINK answers: file exists which appears after you reload the network settings.

Virtual servers

With virtual servers (the older, non-Hetzner Cloud virtual servers), the configuration is done in the standard installation and does not include any special settings. It corresponds to the configuration that you can do using DHCP. You can reach servers on the same subnet without any further adjustments.

IPv6

Dedicated root servers

Each server receives a /64 IPv6 subnet. Unlike the IPv4 configuration, a point-to-point setup is not necessary.

Example:

  • Address block: 2a01:4f8:61:20e1::1 to 2a01:4f8:61:20e1:ffff:ffff:ffff:ffff
  • Of which we use the first IP: 2a01:4f8:61:20e1::2
  • Gateway: fe80::1

To enable IPv6 on your server, add the following lines to the file /etc/sysconfig/network-scripts/ifcfg-eth0:

IPV6INIT=yes
IPV6ADDR=<IPv6 Address>/<Prefix>
IPV6_DEFAULTGW=fe80::1
IPV6_DEFAULTDEV=eth0

Optional: To add additional IPv6 addresses to the interface in the file /etc/sysconfig/network-scripts/ifcfg-eth0, please add the following line:

IPV6ADDR_SECONDARIES=<IPv6 Address>/<Prefix>

You can add as many IPv6 addresses as you want; make sure to separate each one by a space.

Additional IP addresses (host)

Setting up additional single IPv4 addresses

You can make the IP addresses temporarily available in two different ways:

  1. ifconfig eth0:1 192.0.2.10 netmask 255.255.255.255

or

  1. ip addr add 192.0.2.10/32 dev eth0

CentOS

It is only possible to do a permanent configuration by default via alias interfaces (eth0:1, eth0:2 etc.). You need to create a file for each IP address:

/etc/sysconfig/network-scripts/ifcfg-eth0:1
/etc/sysconfig/network-scripts/ifcfg-eth0:2

These files must include the following information:

DEVICE=eth0:1
BOOTPROTO=none
ONBOOT=yes
IPADDR=<IP Address>
NETMASK=255.255.255.255

Finally, you need to initiate a service network restart or you need to restart the server (reboot).

Please note: You need a different configuration so you can use IP addresses in virtual machines!

Fedora

To do a permanent configuration, add the IP addresses in the corresponding configuration file:

# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
...
IPADDR=192.0.2.1
NETMASK=255.255.255.240
IPADDR0=192.0.2.10 # Additional IP
PREFIX0=28
IPADDR1=192.0.2.11
PREFIX1=28
IPADDR2=...

Setting up additional IPv4 subnets

Subnets are routed on the main IP of a server. In general, you cannot use the first (Network IP) and the last (Broadcast IP) ones. This leaves six usable addresses for a /29 subnet.

A /29 subnet consisting of 8 IP addresses will look like this:

aaa.aaa.aaa.aaa (Network IP)
bbb.bbb.bbb.bbb
ccc.ccc.ccc.ccc
ddd.ddd.ddd.ddd
eee.eee.eee.eee
fff.fff.fff.fff
ggg.ggg.ggg.ggg
hhh.hhh.hhh.hhh (Broadcast IP)

You can configure the IPs b to g and use them as single IPs. Or, you can create a file:

/etc/sysconfig/network-scripts/ifcfg-eth0-range0

IPADDR_START=<Your Network Address + 1>
IPADDR_END=<Your Network Address + 6>
BROADCAST=<Your Network Address + 7>
CLONENUM_START=0
NETMASK=255.255.255.248

Restart the service network using service network restart.

Setting up an additional IPv4 subnet for virtualization

You need a different configuration to use the IP addresses in virtual machines. There are many possible configurations. One of the more straightforward ones is to setup a bridge device using one IP address of the subnet which serves as default gateway for all machines connected to the subnet.

As a prerequisite, you need to install the bridge-utils:

yum install bridge-utils

/etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
ONBOOT=yes
TYPE=Bridge
BOOTPROTO=none
IPADDR=bbb.bbb.bbb.bbb
NETMASK=255.255.255.248 # adjust this accordingly. This is for a /29 subnet
STP=off
DELAY=0

Additional IP addresses (virtualization)

With virtualization, the additional IP addresses are used through the guest system. So that these are reachable via the Internet, you need to adjust the configuration in the host system accordingly in order to forward the packets. There are two ways of doing this for additional single IPs: with either a routed or bridged configuration.

Routed (brouter)

In a routed configuration, the packets are routed. In addition to eth0, a bridge needs to be set up with almost the same configuration (without a gateway) as eth0.

Host:

# /etc/sysconfig/network-scripts/ifcfg-eth0 (Hetzner Standard Installation)
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=<Main IP>
IPV6INIT=yes
IPV6ADDR=2a01:4f8:XXX:YYYY::2/128
IPV6_DEFAULTGW=fe80::1
IPV6_DEFAULTDEV=eth0
NETMASK=255.255.255.255
SCOPE="peer <Default Gateway>"
# /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
ONBOOT=yes
TYPE="Bridge"
BOOTPROTO=static
IPADDR=<Main IP>
NETMASK=255.255.255.255
IPV6INIT=yes
IPV6ADDR=2a01:4f8:XXX:YYYY::2/64
STP=off
DELAY=0

The configuration of eth0 for IPv4 remains unchanged if it is a standard installation via installimage/Robot .(Enter the default gateway in the file "route-eth0". See Dedicated Servers). For IPv6, reduce the prefix from /64 to /128. Set the host routes for the additional IPv4 addresses via an additional configuration file:

# /etc/sysconfig/network-scripts/route-br0
ADDRESS0=<Additional IP>
NETMASK0=255.255.255.255

You can add other routes in the same way via ADDRESS1, NETMASK1, ADDRESS2, NETMASK2, etc. For IPv6, no further configuration is required.

Guest:

# /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=<Addon IP>
NETMASK=255.255.255.255
SCOPE="peer <Main IP>"
IPV6INIT=yes
IPV6ADDR=2a01:4f8:XXX:YYYY::4/64
IPV6_DEFAULTGW=2a01:4f8:XXX:YYYY::2

Bridged

In a bridged configuration, packets are sent directly. The guest system behaves as if it is independent. This makes the MAC addresses of the guest system visible from the outside, so you need to request a virtual MAC address for each single IP address. (Make a support request on Robot). Then assign the virutal MAC address to the guest NIC.

# /etc/sysconfig/network-scripts/ifcfg-eth0
# device: eth0
DEVICE=eth0
BOOTPROTO=static
HWADDR=<MAC of the physical NIC>
ONBOOT=yes
BRIDGE=br0
# /etc/sysconfig/network-scripts/ifcfg-br0 (pointopoint, Hetzner Standard)
DEVICE=br0
TYPE="Bridge"
BOOTPROTO=static
IPADDR=<Main IP>
NETMASK=255.255.255.255
SCOPE="peer <Gateway of the main IP>"
ONBOOT=yes
DELAY=0

Set up the default route via the additional route-eth0 configuration file. Simply rename it route-br0.

Please note: In this configuration, the use of IPv6 is limited. You can route the IPv6 subnet via Robot to either the main IP address or ONE of the additional IP addresses, (or more precisely, to the IPv6 link local address that is generated from the MAC address.)

Table of Contents