Network Configuration Tweaks

Connection Tweaks

You can adjust some settings for network interfaces as an ordinary user (i.e. not root) via GUI nm-connection-editor (Settings → Network Connections). This section lists some tweaks. For each, run nm-connection-editor to open window Network Connections, select the network interface (e.g., p2p1), and click its Edit button. A tabbed window opens and shows the settings available for adjustment.

To disable IPv6 (if, for example, your LAN's gateway does not support it), open tab IPv6 Settings and change the Method to Ignore.

To specify static DNS servers in lieu of those remitted by your LAN's router, open the tab for IPv4 Settings or IPv6 Settings. For Method, choose Automatic (DHCP) addresses only. Then enter the IP addresses in the DNS servers box. You can use dig to verify your selections; for example:

-> dig rays-notebook.info

;; SERVER: 208.67.220.222#53(208.67.220.222)

There are choices for DNS servers beyond your ISP's offerings, like OpenDNS (Wikipedia) and Google public DNS (Wikipedia). NameBench purports to identify an optimal DNS server for your network location (no Fedora package). Some DNS providers offer address filtering and parental controls to block undesirable web sites.

NetworkManager

The service itself is NetworkManager.

-> systemctl --full status NetworkManager
NetworkManager.service - Network Manager
   Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled)
   Active: active (running) since Thu 2014-08-21 08:48:01 EDT; 2h 48min ago
 Main PID: 719 (NetworkManager)
   CGroup: /system.slice/NetworkManager.service
           ├─ 719 /usr/sbin/NetworkManager --no-daemon
           └─3056 /sbin/dhclient -d -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-p2p1.pid -lf /var/lib/NetworkManager/dhclient-d8280bc5-87e4-488e-9c74-a0359972f7e4-p2p1.lease -cf /var/lib/NetworkManager/dhclient-p2p1.conf p2p1

Aug 21 10:18:49 desktop.home NetworkManager[719]: <info> Activation (p2p1) successful, device activated.

The main Fedora desktop tools are the applet nm-applet and the GUI nm-connection-editor (package NetworkManager-gnome). Typically, the session manager starts nm-applet automatically, and nm-applet calls nm-connection-editor when the user wishes to view or modify network connections. The Settings menu Network Connections opens nm-connection-editor as well. nm-applet uses gconf (/apps/nm-applet) for some settings. CLI tools include nmcli, nm-online, and nm-tool (package NetworkManager).

nm-connection-editor modifies settings in a device-specific file under directory /etc/sysconfig/network-scripts. The file name corresponding to interface p2p1, for example, is ifcfg-p2p1.

NetworkManger delegates dhclient to handle DHCP negotiations:

-> pstree
systemd─┬─…
        ├─NetworkManager─┬─dhclient
        │                └─3*[{NetworkManager}]

Here are the details (with some formatting):

-> ps -e --format cmd | grep dhclient
/sbin/dhclient -d \
   -sf /usr/libexec/nm-dhcp-helper \
   -pf /var/run/dhclient-p2p1.pid \
   -lf /var/lib/NetworkManager/dhclient-<UUID>-p2p1.lease \
   -cf /var/lib/NetworkManager/dhclient-p2p1.conf \
   p2p1

The options direct dhclient to run in foreground and specify the script file, PID file, lease file, and configuration file. The final argument selects the network interface to use.

Name Service Switch

By default, the Network Service Switch (NSS) cannot resolve names in Zeroconf's local namespace.

-> rpm -q nss-mdns
package nss-mdns is not installed
-> getent hosts desktop.home
192.168.1.2     desktop.home
-> getent hosts desktop.local
[no output]

To add Zeroconf support for NSS, install package nss-mdns:

-> yum install --assumeyes --quiet nss-mdns
-> rpm -q nss-mdns
nss-mdns-0.10-13.fc20.x86_64
-> getent hosts desktop.local
192.168.1.4     desktop.local

(Avahi or some other mDNS responder must be running.) Installation via Yum modifies /etc/nsswitch.conf to inform NSS of its handy new plugin.

Network tools that do not consult NSS will continue to overlook the local domain. In particular, the BIND utilities dig, host, and nslookup (package bind-utils) bypass NSS. For example:

-> host desktop.home
desktop.home has address 192.168.1.2
-> host desktop.local
Host desktop.local not found: 3(NXDOMAIN)

Ping

To see the system's attitude towards incoming pings (IPv4):

-> sysctl net.ipv4.icmp_echo_ignore_all net.ipv4.icmp_echo_ignore_broadcasts
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 0

Or:

-> sysctl --all | grep echo
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 0
net.ipv6.anycast_src_echo_reply = 0

This host responds to both unicast and broadcast IPv4 pings.

To configure a host to respond to unicast pings:

-> sysctl --quiet net.ipv4.icmp_echo_ignore_all=0

To configure a host to respond to unicast and broadcast pings:

-> sysctl --quiet net.ipv4.icmp_echo_ignore_all=0 net.ipv4.icmp_echo_ignore_broadcasts=0

To configure a host to ignore broadcast pings:

-> sysctl --quiet net.ipv4.icmp_echo_ignore_broadcasts=1

To configure a host to ignore all pings:

-> sysctl --quiet net.ipv4.icmp_echo_ignore_all=1

To make these settings persist, add them to /etc/sysctl.conf.