This is part of the independent and unofficial RHCSA Exam Study Guide series providing free π€ resources to prepare for the exam.
This post covers the objectives under the section:
βMANAGE BASIC NETWORKINGβ
It contains two main parts:
- Resources: with links to learn and practice for each objective.
- Cheatsheet: containing some examples of commands and actions performed in each objective (when applied).
π Resources:
π Introduction to Networking | Network Fundamentals Part 1
π Networking basics (2020) | What is a switch, router, gateway, subnet, gateway, firewall & DMZ
CONFIGURE IPV4 AND IPV6 ADDRESSES
π How to configure a static IP address on RHEL 8 / CentOS 8 Linux
π Configuring an IPv6 address in Red Hat Enterprise Linux 7 and 8
π Chapter 4. Using nmtui to manage network connections using a text-based interface
π Chapter 33. Using NetworkManager to disable IPv6 for a specific connection
CONFIGURE HOSTNAME RESOLUTION
CONFIGURE NETWORK SERVICES TO START AUTOMATICALLY AT BOOT
π Chapter 8. Configuring an Ethernet connection (Skip items that uses βRHEL System Rolesβ.)
π Chapter 26. Manually creating NetworkManager profiles in key file format
RESTRICT NETWORK ACCESS USING FIREWALL-CMD/FIREWALL
π Using firewalld
π Cheatsheet:
CONFIGURE IPV4 AND IPV6 ADDRESSES
Change IPv4 address manually editing the network script file:
ifconfigorip aβ‘ display information of all network devices./etc/sysconfig/network-scripts/enp7s0β‘ edit this file to update the connections settings.BOOTPROTO=static IPADDR=192.168.1.5 NETMASK=255.255.255.0 GATEWAY=192.168.1.1nmcli connection down enp7s0 && nmcli connection up enp7s0β‘ restart the connection.
Change IPv4 address using
nmclitool:nmcli connection modify enp7s0 IPv4.address 192.168.1.5/24β‘ change IP address.nmcli connection modify enp7s0 IPv4.gateway 192.168.1.1β‘ change gateway address.nmcli connection modify enp7s0 IPv4.method manualβ‘ setsBOOTPROTOoption to none.
nmcli connection modify enp7s0 ipv6.method "disabled"β‘ Disable ipv6 usingnmclitool.ping -c2 alldrops.infoβ‘ test IPv4 connection issuing two ping packets toalldrops.info.ping6 -c2 alldrops.infoβ‘ test IPv6 connection issuing two ping packets toalldrops.info.nmtuiβ‘ command line tool with graphical interface to manage network connections.
CONFIGURE HOSTNAME RESOLUTION
cat /etc/resolv.confβ‘ check DNS lookup definitions.192.168.0.120 server20.example.com server20on/etc/hostsfile β‘ map hostnameserver20to the ip provided.ping -c2 server20β‘ test hostname resolution issuing two ping packets toserver20.dig,host,nslookup,getentβ‘ tools to query DNS.
CONFIGURE NETWORK SERVICES TO START AUTOMATICALLY AT BOOT
Configure a Network Connection manually at
network-scriptsdir:ip addressorip aβ‘ verify info for network interfaces./etc/sysconfig/network-scripts/ifcfg-enp7s0β‘ create this file to add a new profile for the network interface (use antoher file in the folder as a starting point).ifdown enp7s0,ifup enp7s0β‘ reactivate interface.
Configure a Network Connection using
nmcli(preferred way):(Requires
NetworkManagerservice)systemctl status NetworkManagerβ‘ check if enabled and active.nmcli d s,nmcli device showβ‘ check presence of a new interface.nmcli con add type Ethernet ifname enp7s0 con-name enp7s0 ip4 172.10.10.120/24 gw4 172.10.10.1nmcli c s,nmcli connection showβ‘ confirm new connection status.cat /etc/sysconfig/network-scripts/ifcfg-enp7s0ip aβ‘ confirm ip assignments for the new connection.nmcli c down enp7s0β‘ deactivate connection.nmcli c up enp7s0β‘ deactivate connection.
RESTRICT NETWORK ACCESS USING FIREWALL-CMD/FIREWALL
firewall-cmd --state,systemctl status firewalldβ‘ check if the service is enabled and active.firewall-cmd --get-default-zoneβ‘ display default zone name.firewall-cmd --get-active-zonesβ‘ display active zones.firewall-cmd --get-zonesβ‘ display all available zones.firewall-cmd --set-default-zone=homeβ‘ set default zone tohome.firewall-cmd --list-allβ‘ display information about the defualt zone.firewall-cmd --list-all --zone=homeβ‘ display information abouthomezone.firewall-cmd --list-all-zonesβ‘ list all zones.firewall-cmd --list-servicesβ‘ list allowed services in the current zone.firewall-cmd --list-portsβ‘ list allowed ports in the current zone.firewall-cmd --zone=public --list-servicesβ‘ list allowed services for the specific zone.Permanently add a Port to a zone:
firewall-cmd --add-port 443/tcp --zone=public --permanentβ‘ add port topubliczone.firewall-cmd --reloadβ‘ reload to apply the changes.
Permanently add a Service to a zone:
firewall-cmd --add-service=httpd --zone=publicβ‘ add port topubliczone.firewall-cmd --runtime-to-permanentβ‘ make changes persist.
firewall-cmd --change-interface=enp7s0 --zone=home --permanentβ‘ change specified interface to specified zone.
Next:
(RHCSA) Manage Users and Groups
β¦or back to Red Hat Certified System Administrator (RHCSA) Exam Study Guide
Useful links & references:
Enable Sysadmin (a blog from Red Hat)
Footnotes:
- Follow me on Twitter to get more posts like this and other quick tips in your feed.
- If you have any doubts or tips about this article, Iβd appreciate knowing and discussing it via email.
- Do you have any other Linux tips? Would you like to publish that in this blog? Please send an email to all drops.
- As English is not my native language, I apologize for the errors. Corrections are welcome.
- Contact: contact [@] alldrops [.] info.
