How to set Auto eth0 IP address

You could use MAC filtering if the router supports it. However, that is easily circumvented. Generally, the security of a wired LAN is the physical security of the wire.

You could also consider changing the subnet mask to reduce the size of the LAN (the max number of IP addresses that can be used). If the wiring is not secure, that would not prevent access, but you would probably find out about it more quickly if the intruder had to use the same IP address as one of your systems - that generates error messages.

I usually choose an IP outside of the DHCP of the range, and assign it in the network startup configuration; that is, use “ifup” method of assigning IP addresses, configure with Yast, and do not use NetworkManager (in servers).

It keeps honest people out. In a WiFi setup, it will prevent your neighbor from accidently connecting to your network. But it won’t prevent someone from deliberately connecting to your network.

When our children were young, we would spell certain words so that we could communicate without the children knowing what we said. But they soon learned how to spell. MAC filtering is a bit like that.

linuxoidoz wrote:

> Hello,
>
> I want to set my desktop IP address to always be 192.168.1.2. The
> NetworkManager connects to the network automatically and the IP address
> is assigned randomly. I can set up another connection in NetworkManager
> and always change over. But is there any way to make the default eth0
> interface to be permanently set to a certain address (using
> NetworkManager, not ifup)?

I was never able to get PM to do this (althoug I suspect there is a way[1]),
but I came across a workaround:

Assuming:

  • your network device is “eth0”
  • you want the IP address 192.168.1.2
  1. Create a file called ipalias (or whatever) under

/etc/NetworkManager/dispatcher.d/

with the following contents (between the lines)


#!/bin/bash

/sbin/ip addr add 192.168.1.2/24 dev eth0

  1. Make the file executable

  2. There is no step 3

This way, PM will still get a “randomly” assigned address, but you are
creating an additional ip address that you can use instead.

This script gets called everytime any interface changes within PM (vpn,
virtualbox networking, etc…). You therefore may find yourself adding the
fixed address to the interface when it already has it assigned, but this
does no harm.

This script is pretty dumb (obviously) and you could try to make it smarter,
(it is actually called with two parameters - <interface>, <action>) but it
accomplishes essentially what you want. I’ve not noticed any real problems
using it, but as ususal YMMV.

Hope this helps.

[1] PM gets it address using dhclient. You should be able to edit
/etc/dhclient.conf to always request the additional ip address using an
“alias” directive. I got this to work occassionally, but not consistently.
Rather to try to figure out what was happening, I’ve just stuck to the
workaround outlined above.


Don

linuxoidoz wrote:

>
>> The static IP addresses *MUST_*lie *outside_*the range assigned by
>> dhcp.
> This one I didn’t know. Really? I guess this makes sense. But then how
> do I make the IP-MAC filter and only allow those MACs to connect to the
> network if the router DHCP is disabled?

Actually, I think it depends on the router. Here I can get a static ip
address via ifup/down that is within the range assigned by my router. I bet
there would be problems, if another machine got that address first, but as
this is a very small home network there is not much danger of that
happening.

It is a real_good_idea to have it outside of the range of addresses that
the router can assign, but I don’t think it is a strict requirement -
although that may depend entirely on the router.


Don

MAC filtering only works if you have a managed switch that can do that. Your average consumer ethernet switch won’t. If you have wireless, the router can enforce MAC filtering but if somebody can spoof one of your MAC addresses, it can be bypassed.

  1. How to mount a file sever: by server name, dynamic IP and hostname-IP mapping or by server IP and static server IP?

Ideally all your servers have fixed IPs and also domain name mappings, either in /etc/hosts or by DNS.

Thank you very much for your answers. I think I’m starting to understand it.

Yes, I know MACs can be spoofed, but I just wanted to block amatures from using my WiFi. I understand it’s not secure, but will make it a little harder. I don’t really worry about wired LAN (it’s only 2 tiny rooms in the apartment, I’m sure I can spot an intruder… if my heavy metal is not too loud :)), only wireless.

OK then, looks like I just need to

  1. set MAC filtering for wireless only (deny all except for just my laptop MACs) rather than MAC-IP mapping
  2. set dynamic IP range in the router, don’t bother with MAC-IP mapping
  3. set all non-server devices for dynamic DHCP
  4. set my server desktop with ifup and static IP
  5. set my NAS with static IP

Does this now sound right? My only question is what should I do to be able to mount servers by name rather than IP address?

Thank you very much again.

On Wed April 13 2011 10:36 pm, linuxoidoz wrote:

>
>> The static IP addresses *MUST_*lie *outside_*the range assigned by
>> dhcp.
> This one I didn’t know. Really? I guess this makes sense. But then how
> do I make the IP-MAC filter and only allow those MACs to connect to the
> network if the router DHCP is disabled?
>
>
linuxoidoz;

Using MAC for IP assignment by dhcp does not prevent an intruder to connect
using a static address. Your best defense is a strong password on the
wireless. If anyone has physical access to the router it can not be secured.

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

Agreed
Strong password and WPA2
Also change your router default login

I have a neighbour with a netgear, no security. I can use their wireless and login to their router.
Lucky for them I’m not evil.

Yes, already done that as soon as I bought them: WPA2-PSK, 20 letter passwords for wireless, router and NAS admin which I myself can barely type

DNS service (named) on an always on server, or edit /etc/hosts on all machines.

DNS service (named) on an always on server

Sorry, what does this mean? I need to run my own DNS server?

or edit /etc/hosts on all machines.

you mean to map device names (hosts) to their IPs in YAST-Hostnames?

Yes, run you own DNS server, also as a DNS cache for external lookups.

Don’t call hosts devices. Devices mean things like /dev/sda etc. You’ll confuse people reading your questions.

And, in an all Linux (home) environment, what type of file server would you use: CIFS or NFS for speed and security? (provided I can’t use NFSv4 as the NAS doesn’t support it)

If it is all linux, I would stick with NFS. The security model of CIFS is wrong for linux.

On Wed April 13 2011 10:36 pm, caf4926 wrote:

>
> Umm…
> That’s not the behaviour I experience. Address reservation is in my
> experience, that a LAN IP address can be reserved for a specific device
> (MAC)
> I have DHCP range 100>200 and just one reserved by MAC reservation. It
> works.
>
>

I think there is confusion here over static IPs assigned by the dhcp server
and static addresses assigned directly to the network interface. If I
configure a static IP by YaST, the dhcp server has no knowledge of this and
could assign the same IP to another machine.

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

I think there is confusion here over static IPs assigned by the dhcp server
and static addresses assigned directly to the network interface. If I
configure a static IP by YaST, the dhcp server has no knowledge of this and
could assign the same IP to another machine.

This is exactly what I was confused about. But as it was pointed out, if I set a static IP in YAST outside of the router’s DHCP range, than it can’t assign the same IP to my comp. Right?

On Thu April 14 2011 01:06 am, linuxoidoz wrote:

>
>> I think there is confusion here over static IPs assigned by the dhcp
>> server
>> and static addresses assigned directly to the network interface. If I
>> configure a static IP by YaST, the dhcp server has no knowledge of this
>> and
>> could assign the same IP to another machine.
> This is exactly what I was confused about. But as it was pointed out,
> if I set a static IP in YAST outside of the router’s DHCP range, than it
> can’t assign the same IP to my comp. Right?
linuxoidoz

“then it can’t”. By “it” do you mean your dhcp server? When you set the
dhcp range, the server will only assign those IPs in that range. You can
then use those IPs outside of this range to assign static IPs to your network
devices. When you assign a static IP to a network device it no longer uses
dhcp for network configuration. This means you also need to set the: mask,
gateway and DNS servers. dhcp not only assigns IPs but other network
configurations as well.

There is no problem mixing dhcp and static addresses as long as they cannot
overlap.


P. V.
“We’re all in this together, I’m pulling for you.” Red Green

By “it” do you mean your dhcp server?

yes, the router’s DHCP.

This means you also need to set the: mask, gateway and DNS servers. dhcp not only assigns IPs but other network configurations as well.

cr***p! I’m back to square one.

Please tell me how to set up my network properly.

For example, I want

  1. router IP 192.168.1.1
  2. router DHCP IP range 192.168.1.100 to 192.168.1.110
  3. NAS static IP 192.168.1.2
  4. Desktop server static IP 192.168.1.3
  5. all other hosts IP to be dynamic served by the router DHCP from that range

what mask, gateway and DNS should I set up for each? Or they can all be the same for the above IPs? e.g. mask 255.255.255.0, both gateway and DNS 192.168.1.1?

Geez, it’s getting more complicated by the minute :slight_smile:

Thank you for your help.

OK, I’m half way there! Here’s my new setup:

  1. My router IP 192.168.1.1
  2. I’ve set static IPs for NAS and desktop server: 192.168.1.2, 192.168.1.3, mask 255.255.255.0, gateway and DNS same as router 192.168.1.1
  3. Desktop server uses ifup
  4. Available IP range in router set to 192.168.1.100 to 110
  5. All other computers are set to dynamic DHCP
  6. I added host mapping in YAST-Hostnames:
    192.168.1.2 dataserver (NAS name)
    192.168.1.3 desktop (desktop server name)
  7. autofs automounts NAS as ‘NAS -fstype=nfs,rw,soft,intr,nosuid,nodev,tcp,retry=10,rsize=32768,wsize=32768 dataserver:/Data’

I restarted autofs and it started working on my desktop! - half mark.

Now, the other half of the problem - I’ve done exactly the same things on other computers but they don’t mount anything.

Any ideas why not? Anything to do with dynamic IP? But I’d guess it shouldn’t matter because what matters is that the NAS hostname and its IP are linked. And I can get to NAS admin panel by NAS name ‘dataserver’ via Firefox (just to say the hostname mapping works), not autofs… yet.

Make sure NFS Client is running on clients.

On Thu April 14 2011 05:36 am, linuxoidoz wrote:

>
> OK, I’m half way there! Here’s my new setup:
>
> 1. My router IP 192.168.1.1
> 2. I’ve set static IPs for NAS and desktop server: 192.168.1.2,
> 192.168.1.3, mask 255.255.255.0, gateway and DNS same as router
> 192.168.1.1
> 3. Desktop server uses ifup
> 4. Available IP range in router set to 192.168.1.100 to 110
> 5. All other computers are set to dynamic DHCP
> 6. I added host mapping in YAST-Hostnames:
> 192.168.1.2 dataserver (NAS name)
> 192.168.1.3 desktop (desktop server name)
> 7. autofs automounts NAS as ‘NAS
> -fstype=nfs,rw,soft,intr,nosuid,nodev,tcp,retry=10,rsize=32768,wsize=32768
> dataserver:/Data’
>
> I restarted autofs and it started working on my desktop! - half mark.
>
> Now, the other half of the problem - I’ve done exactly the same things
> on other computers but they don’t mount anything.
>
> Any ideas why not? Anything to do with dynamic IP? But I’d guess it
> shouldn’t matter because what matters is that the NAS hostname and its
> IP are linked. And I can get to NAS admin panel by NAS name ‘dataserver’
> via Firefox (just to say the hostname mapping works), not autofs… yet.
>

linuxoidoz;

I think you have this fairly well sorted out for configuration, just to be
sure:

For your network set the mask as 255.255.255.0; for the gateway use the IP of
the router (192.168.1.1); DNS may work pointing to the router, but it would
be better to use your ISP’s DNS servers (their IPs should be provided by your
ISP on their web site) or use the google public DNS servers 8.8.8.8 and
8.8.4.4.

For a client that does not work please give more information:

  1. What operating system?
  2. For Linux clients the results of:

/sbin/ifconfig -a
cat /etc/hosts


P. V.
“We’re all in this together, I’m pulling for you.” Red Green