Differences between revisions 1 and 2
Revision 1 as of 2012-10-07 09:35:21
Size: 17527
Editor: tuhaihe
Comment: zh_CN NetworkConfiguration page
Revision 2 as of 2013-05-18 09:22:16
Size: 17527
Comment: minor fix
Deletions are marked like this. Additions are marked like this.
Line 174: Line 174:
        address         address

Translation(s): English - Français - Italiano - 简体中文

温馨提示:要想理解本文,您需要在阅读前对以下概念有所了解:基本 unix 命令行工具,文本编辑器,DNS,TCP/IP,DHCP,网络掩码,网关

Table of Contents


The majority of network setup can be done via the interfaces configuration file at /etc/network/interfaces. Here, you can give your network card an IP address (or use dhcp), set up routing information, configure IP masquerading, set default routes and much more.

Remember to add interfaces that you want brought up at boot time to the 'auto' line.

See man interfaces for more options.

使用 DHCP 自动配置接口

If you're just using DHCP then all you need is something like:

    auto eth0
    allow-hotplug eth0
    iface eth0 inet dhcp


If you're configuring it manually then something like this will set the default gateway (network, broadcast and gateway are optional):

    auto eth0
    iface eth0 inet static

See man interfaces for more options.


On some networks, autonegotiation is not possible. If you must set your interface's speed and duplex by hand, then some trial and error may be required. Here are the basic steps:

  • Install the ethtool and net-tools packages, so that you have the ethtool and mii-tool programs. One or both of these might work for your interface.

  • Make sure you have a way to login to the system in case the network interface becomes nonfunctional. An ?ssh connection could be disrupted, so you should have a fallback strategy.

  • Identify the interface in question (it will often be eth0). Adjust the remainder of these instructions accordingly.
  • Try to determine what its current speed and duplex settings are. This is where it gets fun:
    • As root, try ethtool eth0 first, and see whether the "Speed:" and "Duplex:" lines look valid. If not, the ethtool may not be supported by your device.

    • As root, try mii-tool -v eth0 and see whether its output looks correct. If not, them mii-tool may not be supported by your device.

    • If neither one is supported, you may have to set parameters directly on the kernel driver module. Identify which driver module you're using by reading the output of dmesg and lsmod. You can then try modinfo MODULENAME to see what parameters it accepts, if any. (You can use modinfo even on modules that are not loaded, for comparison.) ToDo: where does one set kernel module parameters?

  • Next, try to change the settings of the interface while it's operating. You'll need to be root, of course. Either:
    • ethtool -s eth0 autoneg off speed 100 duplex full (assuming 100 Mbps and full duplex)

    • mii-tool -F 100baseTx-FD eth0 (same assumption)

    In each case, re-check to see whether the interface settings actually changed, and then try sending some data in and out of the system to see whether the NIC is operating correctly.
  • If one of these commands successfully set your NIC, then you can put it into /etc/network/interfaces so it runs when you bring the interface up (e.g. at boot time). However, before you do that, you should understand that some drivers and devices behave differently than others. When the driver module is loaded, the NIC may begin autonegotiation without any way to stop it (particularly with drivers that do not accept parameters). The settings from interfaces are applied at some point after that, which may be right in the middle of the negotiation. So, some people find it necessary to delay the ethtool or mii-tool command by a few seconds. Thus:

     iface eth0 inet static
            address ...
            netmask ...
            gateway ...
            up sleep 5; ethtool -s eth0 ...

    Or the analogous mii-tool command.

  • Reboot the machine to make sure it comes up correctly, and be prepared to intervene manually (e.g. Ctrl-Alt-Del and then boot into single-user mode from GRUB or LILO) if things don't work.

Bringing up an interface without an IP address

To create a network interface without an IP address at all use the manual method and use pre-up and post-down commands to bring the interface up and down.

   iface eth0 inet manual
      pre-up ifconfig $IFACE up
      post-down ifconfig $IFACE down

Defining the (DNS) Nameservers

Before a computer can connect to an external network resource (say, for example, a web server), it must have a means of converting any alpha-numeric names (e.g. wiki.debian.org) into numeric network addresses (e.g. (The Internet uses these structured numeric IP addresses as network addresses.)

The C library and other resolver libraries look to /etc/resolv.conf for a list of nameservers. In the simplest case, that is the file to edit to set the list of name servers. But note that various other programs for dynamic configuration will be happy to overwrite your settings:

  1. The resolvconf program

  2. The network-manager daemon

  3. DHCP clients

In most situations, the file to edit is the configuration file for such a program.

In the most complex situations, using resolvconf really is the way to go, though in more simple configurations it is probably overkill.

resolv.conf 配置文件

The configuration file resolv.conf at /etc/resolv.conf contains information that allows a computer connected to a network to resolve names into addresses. (Note: Do not confuse this configuration file with the program resolvconf, which unfortunately has a nearly identical name.)

The resolv.conf file typically contains the IP addresses of nameservers (DNS name resolvers) that will attempt to translate names into addresses for any node available on the network. There will be a line or lines that look like this:


In this example, the system is using nameservers at the IP addresses and Simply edit the file and enter the IP addresses of the nameservers you need to use after each nameserver. Add more nameserver lines if you have more nameservers. Don't use this method if you have the resolvconf program installed.

The resolv.conf configuration file has many other options for defining how resolver looks up names. See man resolv.conf for details.

The resolvconf program

The resolvconf program keeps track of system information about the currently available nameservers. It should not be confused with the configuration file resolv.conf, which unfortunately has a nearly identical name. The resolvconf program is optional on a Debian system.

The configuration file resolv.conf contains information about the the nameservers to be used by the system. However, when multiple programs need to dynamically modify the resolv.conf configuration file they can step on each other and the file can become out-of-sync. The resolvconf program addresses this problem. It acts as an intermediary between programs that supply nameserver information (e.g. dhcp clients) and programs that use nameserver information (e.g. resolver).

When resolvconf is properly installed, the resolv.conf configuration file at /etc/resolv.conf is replaced by a symbolic link to /etc/resolvconf/run/resolv.conf and the resolver instead uses the configuration file that is dynamically generated by resolvconf at /etc/resolvconf/run/resolv.conf.

The resolvconf program is generally only necessary when a system has multiple programs that need to dynamically modify the nameserver information. In a simple system where the nameservers do not change often or are only changed by one program, the resolv.conf configuration file is adequate.

If the resolvconf program is installed, you should not edit the resolv.conf configuration file manually as it will be dynamically changed by programs in the system. If you need to manually define the nameservers (as with a static inferface), add a line something like the following to the interfaces configuration file at /etc/network/interfaces:


Place the line indented within an iface stanza, e.g., right after the gateway line. Enter the IP addresses of the nameservers you need to use after dns-nameservers. Put all of them on one line separated by spaces. Don't forget the "s" on the end of dns-nameservers.

The resolvconf program is a fairly new addition to Debian and many older programs need to be updated or reconfigured to work properly with it. If you have problems, see /usr/share/doc/resolvconf/README. It has lots of information on making other programs get along with resolvconf.

网络管理器的 DNS 配置

Warning: This section has not been tested with an actual network-manager setup. Please test it and remove this notice. Note: This section appears to be applicable to Red Hat like systems and not to Debian like systems since RH systems typically use /etc/sysconfig/network-scripts/ but Debian systems typically do not. The reference to /etc/sysconfig/network-scripts/ifcfg-* is probably not appropriate here.

If you are using NetworkManager, put your settings in /etc/sysconfig/network-scripts/ifcfg-*. Example:


Using the GUI, this means:

  1. Systems menu → Preferences → Network Connections.
  2. Choose a connection (from the Wired or Wireless tab) and click Edit.
  3. Change the Method to something other than “Automatic (DHCP)” in the IPv4 Settings tab. For example, “Automatic (DHCP) addresses only” is likely to be appropriate.
  4. Enter the DNS servers in the “DNS servers” field, separated by spaces.
  5. Click “Apply.”

Note that your DHCP client might override these settings; if so, consider whether to report it as a bug, and see below for the DHCP client configuration.

This section is based on http://code.google.com/speed/public-dns/docs/using.html, which see for details.

DHCP 客户端配置

Example: dhclient3 uses /etc/dhcp/dhclient.conf. The setting you want is

supersede domain-name-servers,

or perhaps

prepend domain-name-servers,

See the dhclient.conf(5) manual page for details.

Howto use vlan (dot1q, 802.1q, trunk) (Etch, Lenny)


modprobe 8021q

apt-get install vlan

vconfig add eth0 222    # 222 is vlan number
ifconfig eth0.222 up
ifconfig eth0.222 mtu 1496    #optional if your network card doesn't support MTU 1504B
ifconfig eth0.222 netmask

Caveats when using bridging and vlan

auto eth0 bri0
iface eth0 inet static
iface eth0.110 inet manual
        vlan_raw_device eth0
iface bri0 inet static
        bridge_ports eth0.110
        bridge_stp on
        bridge_maxwait 10

If you are using a brigded VLAN setup, which is probably useful for networking in virtualization environments, take care to only attach either a bridge device or VLAN devices to an underlying physical device - like shown above. Attaching the physical interface (eth0) to a bridge (eg. bri1) while using the same physical interface on apparently different VLANs will result in all packets to remain tagged. (Kernel newer than 2.6.37 and older than 3.2).

网络初始化脚本(init script)配置

Into /etc/modules add line:


In /etc/network/interfaces to section iface add parameter:

        vlan_raw_device eth0

The interface name should be the raw interface name (the same as specified by vlan_raw_device), then a dot, then the VLAN ID, for example eth0.100. It can instead be "vlan" then the VLAN ID, for example vlan100. In either case, the VLAN ID is on the end, and this is the only place that it is configured. Eg:

auto eth0.222
iface eth0.222 inet static
        vlan_raw_device eth0

Howto create fault tolerant bonding with vlan (Etch)



Howto configure one of the above server active backup bonding 3 vlan {vlan10,vlan20,vlan30} Debian networking without SPOF without native vlan.

aptitude install vlan ifenslave-2.6


Cisco switch interface example config

interface GigabitEthernet1/2
 description eth1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10,20,30
 switchport mode trunk
 no ip address
 no cdp enable
 spanning-tree portfast trunk

bonding with active backup

Create a file /etc/modprobe.d/bonding.conf containing:

alias bond0 bonding
options bonding mode=active-backup miimon=100 downdelay=200 updelay=200 primary=eth1


# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto bond0
iface bond0 inet manual
        up ifconfig bond0 up
        slaves eth1 eth0
auto vlan10
iface vlan10 inet static
        vlan-raw-device bond0
        dns-search hup.hu
auto vlan20
iface vlan20 inet static
        vlan-raw-device bond0
auto vlan30
iface vlan30 inet static
        vlan-raw-device bond0

Multiple IP addresses on One Interface

Interface aliasing allows one interface to have multiple IP addresses. This is useful when more than one server is to be visible via the Internet. Note that virtual hosts can support multiple Apache servers with a single IP address. Apache responds to the domain name supplied by the client in the HTTP header. In many other situations, one external IP is needed for each server using a port.

This /etc/network/interfaces text assigns three IP addresses to eth0.

# the loopback interface
auto lo
iface lo inet loopback

auto eth0
allow-hotplug eth0
iface eth0 inet static

auto eth0:0
allow-hotplug eth0:0
iface eth0:0 inet static

auto eth0:1
allow-hotplug eth0:1
iface eth0:1 inet static

An alias interface should not have "gateway" or "dns-nameservers"; dynamic IP assignment is permissible.

The above configuration is the previous traditional method that reflects the traditional use of ifconfig to configure network devices. It was ifconfig that introduced the concept of aliased or virtual interfaces. Those types of virtual interfaces have names of the form interface:integer and ifconfig treats them very similarly to real interfaces.

The ifconfig utility is being phased out and being replaced by the ip utility from the iproute package. The newer ip utility does not use the same concept of aliases or virtual interfaces and instead treats additional addresses as first class objects. The newer way to configure multiple addresses on one interface is to use the up and down mechanism to call ip at the correct times to add and remove these additional IP addresses.

This /etc/network/interfaces example assigns three IP addresses to eth0 and assigns labels to them.

auto eth0
allow-hotplug eth0
iface eth0 inet static
    up   ip addr add dev eth0 label eth0:0
    down ip addr del dev eth0 label eth0:0
    up   ip addr add dev eth0 label eth0:1
    down ip addr del dev eth0 label eth0:1

Additional information can be found on the http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html page.