Network Interfaces Configuration

Applies to:

• NethServer 6.7
  
• NethServer 6.8

On the network configuration panel (Configuration → Network) you can find a list of physical (eth…) and logical (bond, bridge, vlan, alias) network interfaces present on the system, and details of them.

From this panel you can configure the parameters of each network managed by NethServer and how they are interconnected (zoned).

At least one network interface with a GREEN role is required. This role is assigned to local networks, and it is already configured upon installing NethServer.

The Gateway Mode also requires one RED interface, at least. The RED role is assigned to public networks like the Internet.
NethServer comes with a firewall installed by default. To get most of it when operating in gateway mode you should install the basic firewall module.

Optional roles, like BLUE (guests) and ORANGE (DMZ), can be assigned as well.

Network interfaces without an assigned role wont be used.

If the server is installed on a public VPS (Virtual Private Server), it should must be configured with a GREEN interface. All critical services should be closed using the Network services panel.

Different actions (edit, release role, create IP alias, delete…) can be applied to a network interface.

Editing the settings of an interface:

1. Click on the [Edit] button of the desired network interface
2. Assign it a role
3. Set its network parameters (IP address, netmask…)
4. Click on the [SUBMIT] button.

On GREEN and RED interfaces the gateway address can be set.

When using NethServer in gateway mode the gateway parameter on the GREEN interface can be omitted, as this will be handled by the RED interface.

RED interfaces can be configured either manually or in DHCP mode.

The role assigned to an interface can be released (Actions (column) → Release role). Note releasing a role will disable the interface.

• If the RED role is released there will be no Internet connection. If the administration panel was accessed from a remote location you will lose access to it.
  
• If the GREEN role is released all LAN clients will lose access to the server.

Use alias IP to assign more IP addresses to the same interface.

The most common use is with a RED interface: when the ISP provides a pool of public IP addresses (within the same subnet) you can add some (or all) of them to the same RED interface and manage them individually (e.g. in the port forward configuration).

Alias IP section can be found in the dropdown menu of the related network interface (Actions (column) → Create IP alias).

You will have to provide the alias IP address and its Netmask.

IP aliases will be listed on the same network panel (in the form eth0:0, eth0:1, etc.) and labeled with the Alias role.

Logical interfaces can be deleted using the delete action (Actions (column) → Delete).

When deleting a logical bond or bridge interface, its role and IP settings can be inherited by selecting another interface as its successor.

This action is specific to logical PPPoE interfaces.
It allows to set the physical ethernet interface connected to the DSL modem and the DSL connection parameters:

• Provider name
  
• User name
  
• Password
  
• Authentication type (Automatic, PAP, CHAP)
  
  • PAP: Password Authentication Protocol.
    
  • CHAP: Challenge Handshake Authentication Protocol. More secure than PAP.

Logical interfaces can be created by using the [NEW INTERFACE] button present on the Network panel.

The supported logical interfaces are:

• Bond: arrange two or more network interfaces, provides load balancing and fault tolerance.
  
• Bridge: connect two different networks, it is often used for bridged VPN and virtual machine.
  
• VLAN (Virtual Local Area Network): create two or more logically separated networks using a single interface.
  
• PPPoE (Point-to-Point Protocol over Ethernet): connect to Internet through a DSL modem.

Bonds allow you to aggregate bandwidth or tolerate link faults.
Bonds can be configured in multiple modes.

Modes providing load balancing and fault tolerance:

• Balance Round Robin (recommended): the network packets are transmitted sequentially on each bonded slave interface in a circular order.
  
• Balance XOR: in XOR (exclusive-or) mode the traffic to a specific peer is always sent over the same bonded slave. This method works best for traffic to peers on the same link or local network.
  
• 802.3ad (LACP): aggregates multiple interfaces that share the same speed and duplex settings into groups (LAG - Link Aggregation Groups), acting as a single interface. Transmits and receives on all slaves in the active aggregator. Provides redundancy and increased throughput. It requires support at driver level and a switch with IEEE 802.3ad Dynamic link aggregation mode enabled.
  
• Balance TLB: Transmit Load Balancing. The outgoing traffic is distributed according to the current load on each slave interface. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed slave. It requires support at driver level, but does not require any special network switch support.
  
• Balance ALB: Adaptive Load Balancing. Includes transmit (TLB) and receive load balancing (RLB) for IPv4 traffic. Receive load balancing is achieved through ARP negotiation. It does not require any special network switch support.

Modes providing fault tolerance only:

• Active backup (recommended): only one of the bonded interfaces is active. Another slave will only be used if the active interface fails. It does not require any special network switch support.
  
• Broadcast policy: all transmissions are sent on all slave interfaces.

Creating a new Bond interface

1. Select the role to be assigned to the interface
2. Choose Bond as type of interface
3. Tick the checkboxes of the interfaces to be bonded
4. Select the bonding mode.
5. Click [NEXT]
6. Configure IP assignment (IP address, netmask, gateway)
7. Click [NEXT]
8. Review which changes will be applied, then click on the [NEW INTERFACE] button.

A new logical interface (e.g. bond0) will be listed on the network panel, and the bonded interfaces will appear as slaves (e.g. Slave (bond0)).

A bridge has the function to connect different network segments, for example by allowing virtual machines, or client connected using a VPN, to access to the local network (GREEN).

Creating a new Bridge interface

1. Select the role to be assigned to the interface
2. Choose Bridge as type of interface
3. Tick the checkboxes of the interfaces to be bridged
4. Click [NEXT]
5. Configure IP assignment (IP address, netmask, gateway)
6. Click [NEXT]
7. Review which changes will be applied, then click on the [NEW INTERFACE] button

A new logical interface (e.g. br0) will be listed on the network panel, and the bridged interfaces will be labeled accordingly (e.g. Bridged (br0)).

When it is not possible to physically separate two different networks, you can use a tagged VLAN. The traffic of the two networks can be transmitted on the same cable, but it will be handled as if it were sent and received on separate network cards. The use of VLAN requires properly configured switches.

Creating a new VLAN interface

1. Select the role to be assigned to the interface
2. Choose VLAN as type of interface
3. Tag the interface with an integer number between 0 and 4094. The tag will be appended to the interface name, separated by a period . character
4. Select the interface holding the network to be segmented
5. Click [NEXT]
6. Configure IP assignment (IP address, netmask, gateway)
7. Click [NEXT]
8. Review which changes will be applied, then click on the [NEW INTERFACE] button.

A new logical interface (e.g. eth1.0) will be listed on the network panel.
Its DHCP settings can be set from the DHCP panel.

The PPPoE logical interface is used to connect to Internet through a DSL modem. Therefore the RED role must be assigned to it, thus the gateway functionality is required.

This setup requires an unassigned physical interface connected to the DSL modem.
(VLAN-Tagged PPPoE feature might be implemented in the future, in the meantime it can be configured from the command-line).

Creating a new PPPoE interface

1. Select the RED role
2. Choose PPPoE as type of interface
3. Click [NEXT]
4. Select the interface connected to the DSL modem
5. Configure the PPPoE parameters provided by your ISP (provider name, user name, password, authentication type)
6. Click [SUBMIT]

A new logical interface (e.g. ppp0) will be listed on the network panel, and the associated physical interface will be labeled accordingly (e.g. PPPoE (red)).

• NethServer's Administration Manual
• NethServer's Developer Manual
• PPPoE on TekSavvy (with optional /30 subnet)
• VLAN-Tagged PPPoE
• RHEL6 - Deployment Guide
• Link aggregation (wikipedia)