Network configuration (正體中文)

From ArchWiki
Jump to: navigation, search
翻譯狀態: 本文章是 Network_Configuration 的翻譯版本。最近一次的翻譯時間:2014-05-02。點擊本連結查看英文頁面之後的變更。

本頁將介紹如何設定有線網路連線。若您需要設定無線網路,請參考無線網路設定

檢查連線

註記: 若您在執行 ping 時收到了類似 ping: icmp open socket: Operation not permitted 這樣的錯誤訊息,請嘗試重新安裝 iputils 軟體包。

一般來說,基本的安裝過程都已經建立了可運作的網路設定。請執行下列指令以進行檢查:

註記: -c 3 選項表示將會呼叫三次。詳細請參閱 man ping
提示: 您也可以嘗試使用其他的 Domain ,如 www.hinet.net 。
$ ping -c 3 www.google.com
PING www.l.google.com (74.125.224.146) 56(84) bytes of data.
64 bytes from 74.125.224.146: icmp_req=1 ttl=50 time=437 ms
64 bytes from 74.125.224.146: icmp_req=2 ttl=50 time=385 ms
64 bytes from 74.125.224.146: icmp_req=3 ttl=50 time=298 ms

--- www.l.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 298.107/373.642/437.202/57.415 ms

如果沒問題的話,您可能只是想以本文的下列部分來自定您的設定。

若剛才的指令出現了 unknown hosts 之類的訊息,代表您的機器無法解析網域。這可能是因為您的網路服務提供商/閘道造成的。您可以嘗試 ping 一個靜態 IP 以實驗您的機器能否存取網際網路。

提示: 您也可以嘗試使用其他的 IP ,如 168.95.1.1 。
$ ping -c 3 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_req=1 ttl=53 time=52.9 ms
64 bytes from 8.8.8.8: icmp_req=2 ttl=53 time=72.5 ms
64 bytes from 8.8.8.8: icmp_req=3 ttl=53 time=70.6 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 52.975/65.375/72.543/8.803 ms
註記: 8.8.8.8 為一個好記的靜態 IP 位置。這是 Google 的主要 DNS 伺服器,這表示其有一定的可信度,並且通常不會被系統或代理伺服器擋下。

若您可以 Ping 通 8.8.8.8 ,但 www.google.com 不能,請檢查您的 DNS 組態設定檔。詳情請參考 resolv.conf

設定主機名稱

主機名稱為網路中用於識別機器的唯一識別名稱:主機名稱可以通過 /etc/hostname 檔案來進行設定。一般來說該檔案包含了系統的網域名稱。下面為設定主機名稱的方法:

# hostnamectl set-hostname myhostname

這樣會將 myhostname 寫入 /etc/hostname 檔案中。

詳細請參閱 man 5 hostnameman 1 hostnamectl

/etc/hosts 中加入相同的主機名稱:

/etc/hosts

#<ip-address> <hostname.domain.org> <hostname>
127.0.0.1 localhost.localdomain localhost myhostname
::1 localhost.localdomain localhost

使用來自 inetutilshostname 以設定臨時主機名稱(直到重新啟動):

# hostname myhostname

裝置驅動程式

檢查驅動程式狀態

udev 應該會檢測您的網路介面卡(NIC)並自動於啟動時載入必要的模組。檢查 lspci -v 輸出內容中的「Ethernet controller」 項目(或類似的)。這應該會告訴您哪些核心模組包含了網路設備的驅動程式。舉例來說:

$ lspci -v
02:00.0 Ethernet controller: Attansic Technology Corp. L1 Gigabit Ethernet Adapter (rev b0)
 	...
 	Kernel driver in use: atl1
 	Kernel modules: atl1

接下來,確認該驅動程式已經通過 dmesg | grep module_name 載入了。舉例來說:

$ dmesg | grep atl1
    ...
    atl1 0000:02:00.0: eth0 link is up 100 Mbps full duplex

若驅動程式已成功加載可以跳過接下來這段。否則,您會需要知道哪些模組時您的特定型號的裝置需要哪個模組。

載入裝置模組

以 Google 搜尋正確的晶片組模組/驅動程式。常見的驅動模組有 Realtek 晶片組網卡的 8139too ,或是 SiS 晶片組網卡的 sis900。當您知道要使用何種模組了之後,試著手動將其載入。若您得到了錯誤訊息告訴您找不到該模組,則該驅動可能未包含於 Arch 核心中。您可以在 AUR 中搜尋該模組名稱。

若 udev 未在開機期間檢測與載入正確的模組,請參閱 Kernel modules#Loading[broken link: invalid section]

網路介面

裝置名稱

對於多網路卡的電腦,固定裝置名稱非常重要。許多設定問題都是因為介面卡名稱的改動造成的。

udev 負責命名裝置。Systemd v197 則有可預測之網路介面名稱並可自動支配靜態名稱給網路裝置。介面名稱以 en (乙太網路)、 wl (無線網路) 或是 ww (WWAN)作為前置字串並附上一個自動產生的識別名稱,進而產生了類似 enp0s25 這樣的名稱。

要禁用這種行為,可以將 net.ifnames=0 到您的核心指令列。

提示: 您可以執行 ip link 或是 ls /sys/class/net 以列出所有可用的介面。
註記: 當您更改了介面名稱規則後,別忘了更新所有跟網路有關的組態檔案與自定的 systemd unit 檔案以因應該更改。特別是當您啟用了 netctl 靜態設定檔 ,請執行 netctl reenable profile 以更新所有產生的服務檔案。

更改裝置名稱

您可以使用 udev-rule 來手動定義裝置名稱。舉例來說:

/etc/udev/rules.d/10-network.rules
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="net1"
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="ff:ee:dd:cc:bb:aa", NAME="net0"

請注意這兩點:

  • 使用這個指令以取得 MAC 位置:cat /sys/class/net/設備名稱/address
  • 請確定 udev 規則中使用的是小寫的十六進位數值而不是大寫。

若該網路卡為動態 MAC ,您可以使用 DEVPATH ,例如:

/etc/udev/rules.d/10-network.rules
SUBSYSTEM=="net", DEVPATH=="/devices/platform/wemac.*", NAME="int"
註記: 當使用了靜態的名稱時,應該要避免使用類似 "ethX" 與 "wlanX" 這樣的名稱,因為這可能會導致核心與 udev 在開機時發生衝突。而剛好相反地,最好使用核心預設不會使用的介面名稱,如 net0net1wifi0wifi1 。詳細說明請參閱 systemd 文件。

設定裝置的 MTU 與佇列長度

您可以手動定義 udev 規則來更改裝置的 MTU 與佇列長度。舉例來說:

/etc/udev/rules.d/10-network.rules
ACTION=="add", SUBSYSTEM=="net", KERNEL=="wl*", ATTR{mtu}="1480", ATTR{tx_queue_len}="2000"

取得目前的裝置名稱

目前的 NIC 名稱可以通過 sysfs 找到

$ ls /sys/class/net
lo eth0 eth1 firewire0

啟用與禁用網路介面

您可以使用下列指令來啟用或禁用網路介面:

# ip link set eth0 up
# ip link set eth0 down

要確認結果,請執行:

$ ip link show dev eth0
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP mode DEFAULT qlen 1000
...

組態設定 IP 位址

您有兩個選擇:使用 DHCP 指派動態位址,或是使用「靜態」的位址。

動態 IP 位址

dhcpcd

最簡單的方式就是使用 dhcpcd,它包含在 base 群組中。無論是使用提供服務檔案 dhcpcd@.service ,以參數方式傳入介面卡名稱,或是手動通過 dhcpcd interface 將其執行。

靜態 IP 位址

您可能因為各種原因而希望在您的網路中指派靜態 IP 位址,例如靜態的位址可以獲得一定程度的可預測性,或是您沒有可用的 DHCP 伺服器。

註記: 若您通過 Windows 機器來共享您的網路而不是使用路由器,請確保兩台電腦皆使用了靜態 IP 位址以避免區域網路問題。

您需要:

若您處在內部網路中,使用 192.168.*.* 這樣的 IP 位址較為安全,搭配其的子網路遮罩 255.255.255.0 ,廣播位址為 192.168.*.255 。而閘道通常是 192.168.*.1 或是 192.168.*.254 。

Tip: You may need to manually set the DNS servers, see resolv.conf for details.

手動指派

您可於控制台中指派一靜態 IP 位址:

# ip addr add IP位址/子網路遮罩 broadcast 廣播 dev 介面

舉例來說:

# ip addr add 192.168.1.2/24 broadcast 192.168.1.255 dev eth0
註記: 子網路遮罩使用了 CIDR 表示法(CIDR,Classless Inter-Domain Routing,無類別網路間路由)。

詳情請參閱 man ip

以類似下列的方法加上您的 IP 位址:

# ip route add default via 預設閘道IP位址

舉例來說:

# ip route add default via 192.168.1.1

若您得到了 "No such process" 這樣的錯誤訊息,這代表您必須以 root 執行 ip link set dev eth0 up

永久於啟動時通過 systemd 進行組態設定與 udev 規則

首先先為 systemd 服務建立一個組態設定檔,請以網路介面卡名稱取代下列的 interface

/etc/conf.d/network@interface
address=192.168.0.15
netmask=24
broadcast=192.168.0.255
gateway=192.168.0.1

建立 systemd unit 檔案:

/etc/systemd/system/network@.service
[Unit]
Description=Network connectivity (%i)
Wants=network.target
Before=network.target
BindsTo=sys-subsystem-net-devices-%i.device
After=sys-subsystem-net-devices-%i.device

[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/conf.d/network@%i

ExecStart=/usr/bin/ip link set dev %i up
ExecStart=/usr/bin/ip addr add ${address}/${netmask} broadcast ${broadcast} dev %i
ExecStart=/usr/bin/sh -c 'test -n ${gateway} && /usr/bin/ip route add default via ${gateway}'

ExecStop=/usr/bin/ip addr flush dev %i
ExecStop=/usr/bin/ip link set dev %i down

[Install]
WantedBy=multi-user.target

啟用該 unit 並將其啟動,傳入介面名稱:

# systemctl enable network@介面名稱.service
# systemctl start network@介面名稱.service

計算位址

您可以使用 ipcalc 提供的 ipcalc 來計算 IP 廣播、網域、子網路遮罩與主機範圍等進階設定舉例來說,我使用了位於防火牆後的乙太網路來連線 Windows 機器至 Arch。為了安全性與網路組織,我將他們放置於各自獨立的網路,接著組態設定子網路遮罩與廣播位址,如此一來網路中就只有兩台機器。為了找出子網路遮罩跟廣播位址,我使用了 ipcalc ,提供其 Arch firewire nic 的 IP 位址 10.66.66.1 ,並指定 ipcalc 要建立一個只有兩台主機的網路。

$ ipcalc -nb 10.66.66.1 -s 1
Address:   10.66.66.1

Netmask:   255.255.255.252 = 30
Network:   10.66.66.0/30
HostMin:   10.66.66.1
HostMax:   10.66.66.2
Broadcast: 10.66.66.3
Hosts/Net: 2                     Class A, Private Internet

systemd-networkd

systemd 的版本為 209 以上(含),則可使用 systemd-networkd 來管理網路,可輕鬆地代替在 Containers 與虛擬機中設定網路。並可同時管理動態與靜態 IP 位址。

載入組態設定

要測試您的設定,您可以重新啟動電腦或是重新載入相關的 systemd 服務。然後嘗試 Ping 您的閘道器、DNS 伺服器、ISP 業者與其他的網際網路站台,用這樣的方式便能檢測哪裡出了問題,舉例來說:

$ ping -c 3 www.google.com

附加設定

筆記型電腦之 ifplugd

提示: dhcpcd 提供了開箱即用的相同功能。

官方軟體套件庫中的 ifplugd 為一個當網路線插入後自動組態乙太設備;網路線拔除後自動取消組態的 Daemon 。 這對於搭載內建網路介面卡的筆記型電腦特別有用,因為其只會在網路線真正連上後才會對介面進行組態。另一個會用到的情況為,當您需要重新啟動網路,但您並不想重開及或在 Shell 中進行設定。

預設情況下,其會對 eth0 裝置進行設定使其運作。這與其他設定類似延遲之類的設定能在 /etc/ifplugd/ifplugd.conf 中進行設定。


註記: Netctl 軟體包包含了 netctl-ifplugd@.service,否則您可以使用來自 ifplugd 軟體包的 ifplugd@.service 。例如這樣使用:systemctl enable ifplugd@eth0.service

Bonding 或 LAG

請參閱 netctl#Bonding

IP 別名

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: Manual method using ip should be added; then move current example using netctl into netctl. (Discuss in Talk:Network configuration (正體中文)#)

IP 別名為讓同一個網路介面有多個 IP 位址。如此一來,單個節點的網路就能有多個網路連線,進而實現不同的作用。經典的使用方法為網頁與 FTP 伺服器的虛擬主機,或是重組伺服器而無需更新任何其他的機器(對於名稱伺服器來說特別有用)。

範例

您將需要來自官方軟體套件庫netctl

準備組態設定檔:

/etc/netctl/mynetwork
Connection='ethernet'
Description='Five different addresses on the same NIC.'
Interface='eth0'
IP='static'
Address=('192.168.1.10' '192.168.178.11' '192.168.1.12' '192.168.1.13' '192.168.1.14' '192.168.1.15')
Gateway='192.168.1.1'
DNS=('192.168.1.1')

接著只需要將其執行即可:

$ netctl start mynetwork

更改 MAC/硬體 位址

請參閱 MAC address spoofing

網路共享

請參閱 Internet sharing

路由組態設定

請參閱 Router

區域網路主機名稱解析

先決條件為設定主機名稱之後,主機名稱可在本機系統上解析:

$ ping hostname
PING hostname (192.168.1.2) 56(84) bytes of data.
64 bytes from hostname (192.168.1.2): icmp_seq=1 ttl=64 time=0.043 ms

要以其他機器的名稱來解析主機,需要手動設定各自的 /etc/hosts 檔案或是廣播/解析名稱的服務。

過度設定 DNS 伺服器,如 BINDUnbound ,手動編輯 /etc/hosts 過於繁瑣,或是您希望對於動態地將主機離開、加入網路有更大的靈活性,您可以在您的區域網路中使用 Zero-configuration networking 來進行主機名稱解析。這裡有兩個可用選擇:

  • Samba 提供了通過微軟 NetBIOS 的主機名稱解析。其只需要安裝 samba 並啟用 nmbd.service 服務。執行 Windows 、OS X 或執行了 nmbd 的 Linux ,將能夠找到您的機器。
  • Avahi 提供通過 zeroconf 的主機名稱解析,也稱作 Avahi 或 Boujour 。它比 Samba 還需要稍微複雜一點的設定:詳情請參考 Avahi#Hostname resolution。執行 OS X 或執行了 Avahi daemon 的 Linux ,將能夠找到您的機器。Windows 並無內建 Avahi 用戶端或 Daemon 。

雜亂模式

Toggling promiscuous mode will make a (wireless) NIC forward all traffic it receives to the OS for further processing. This is opposite to "normal mode" where a NIC will drop frames it is not intended to receive. It is most often used for advanced network troubleshooting and packet sniffing.

/etc/systemd/system/promiscuous@.service
[Unit]
Description=Set %i interface in promiscuous mode
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/bin/ip link set dev %i promisc on
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

若您想在介面卡 eth0 中啟用雜亂模式,請執行:

# systemctl enable promiscuous@eth0.service

診斷

Swapping computers on the cable modem

Some cable ISPs (videotron for example) have the cable modem configured to recognize only one client PC, by the MAC address of its network interface. Once the cable modem has learned the MAC address of the first PC or equipment that talks to it, it will not respond to another MAC address in any way. Thus if you swap one PC for another (or for a router), the new PC (or router) will not work with the cable modem, because the new PC (or router) has a MAC address different from the old one. To reset the cable modem so that it will recognise the new PC, you must power the cable modem off and on again. Once the cable modem has rebooted and gone fully online again (indicator lights settled down), reboot the newly connected PC so that it makes a DHCP request, or manually make it request a new DHCP lease.

If this method does not work, you will need to clone the MAC address of the original machine. See also Change MAC/hardware address.

The TCP window scaling problem

TCP packets contain a "window" value in their headers indicating how much data the other host may send in return. This value is represented with only 16 bits, hence the window size is at most 64Kb. TCP packets are cached for a while (they have to be reordered), and as memory is (or used to be) limited, one host could easily run out of it.

Back in 1992, as more and more memory became available, RFC 1323 was written to improve the situation: Window Scaling. The "window" value, provided in all packets, will be modified by a Scale Factor defined once, at the very beginning of the connection.

That 8-bit Scale Factor allows the Window to be up to 32 times higher than the initial 64Kb.

It appears that some broken routers and firewalls on the Internet are rewriting the Scale Factor to 0 which causes misunderstandings between hosts.

The Linux kernel 2.6.17 introduced a new calculation scheme generating higher Scale Factors, virtually making the aftermaths of the broken routers and firewalls more visible.

The resulting connection is at best very slow or broken.

How to diagnose the problem

First of all, let's make it clear: this problem is odd. In some cases, you will not be able to use TCP connections (HTTP, FTP, ...) at all and in others, you will be able to communicate with some hosts (very few).

When you have this problem, the dmesg's output is OK, logs are clean and ip addr will report normal status... and actually everything appears normal.

If you cannot browse any website, but you can ping some random hosts, chances are great that you're experiencing this problem: ping uses ICMP and is not affected by TCP problems.

You can try to use Wireshark. You might see successful UDP and ICMP communications but unsuccessful TCP communications (only to foreign hosts).

How to fix it (The bad way)

To fix it the bad way, you can change the tcp_rmem value, on which Scale Factor calculation is based. Although it should work for most hosts, it is not guaranteed, especially for very distant ones.

# echo "4096 87380 174760" > /proc/sys/net/ipv4/tcp_rmem

How to fix it (The good way)

Simply disable Window Scaling. Since Window Scaling is a nice TCP feature, it may be uncomfortable to disable it, especially if you cannot fix the broken router. There are several ways to disable Window Scaling, and it seems that the most bulletproof way (which will work with most kernels) is to add the following line to /etc/sysctl.d/99-disable_window_scaling.conf (see also sysctl)

net.ipv4.tcp_window_scaling = 0

How to fix it (The best way)

This problem is caused by broken routers/firewalls, so let's change them. Some users have reported that the broken router was their very own DSL router.

More about it

This section is based on the LWN article TCP window scaling and broken routers and a Kernel Trap article: Window Scaling on the Internet.

There are also several relevant threads on the LKML.

Realtek no link / WOL problem

Users with Realtek 8168 8169 8101 8111(C) based NICs (cards / and on-board) may notice a problem where the NIC seems to be disabled on boot and has no Link light. This can usually be found on a dual boot system where Windows is also installed. It seems that using the offical Realtek drivers (dated anything after May 2007) under Windows is the cause. These newer drivers disable the Wake-On-LAN feature by disabling the NIC at Windows shutdown time, where it will remain disabled until the next time Windows boots. You will be able to notice if this problem is affecting you if the Link light remains off until Windows boots up; during Windows shutdown the Link light will switch off. Normal operation should be that the link light is always on as long as the system is on, even during POST. This problem will also affect other operative systems without newer drivers (eg. Live CDs). Here are a few fixes for this problem:

Method 1 - Enable the NIC directly in Linux

Get the ethernet NIC name from the output of

$ ip a

Bring up the device as root using the NIC name:

# ip link set dev <NIC_name> up

For ex, if <NIC_name> is enp7s0

# ip link set dev enp7s0 up

If it worked and the card is powered on, you should see state UP for the given interface in the output of ip link.

Method 2 - Rollback/change Windows driver

You can roll back your Windows NIC driver to the Microsoft provided one (if available), or roll back/install an official Realtek driver pre-dating May 2007 (may be on the CD that came with your hardware).

Method 3 - Enable WOL in Windows driver

Probably the best and the fastest fix is to change this setting in the Windows driver. This way it should be fixed system-wide and not only under Arch (eg. live CDs, other operative systems). In Windows, under Device Manager, find your Realtek network adapter and double-click it. Under the Advanced tab, change "Wake-on-LAN after shutdown" to Enable.

In Windows XP (example)
Right click my computer
--> Hardware tab
  --> Device Manager
    --> Network Adapters
      --> "double click" Realtek ...
        --> Advanced tab
          --> Wake-On-Lan After Shutdown
            --> Enable
Note: Newer Realtek Windows drivers (tested with Realtek 8111/8169 LAN Driver v5.708.1030.2008, dated 2009/01/22, available from GIGABYTE) may refer to this option slightly differently, like Shutdown Wake-On-LAN --> Enable. It seems that switching it to Disable has no effect (you will notice the Link light still turns off upon Windows shutdown). One rather dirty workaround is to boot to Windows and just reset the system (perform an ungraceful restart/shutdown) thus not giving the Windows driver a chance to disable LAN. The Link light will remain on and the LAN adapter will remain accessible after POST - that is until you boot back to Windows and shut it down properly again.

Method 4 - Newer Realtek Linux driver

Any newer driver for these Realtek cards can be found for Linux on the realtek site. (untested but believed to also solve the problem).

Method 5 - Enable LAN Boot ROM in BIOS/CMOS

It appears that setting Integrated Peripherals --> Onboard LAN Boot ROM --> Enabled in BIOS/CMOS reactivates the Realtek LAN chip on system boot-up, despite the Windows driver disabling it on OS shutdown.

Note: This was tested successfully multiple times with GIGABYTE system board GA-G31M-ES2L with BIOS version F8 released on 2009/02/05. YMMV.

No interface with Atheros chipsets

Users of some Atheros ethernet chips are reporting it does not work out-of-the-box (with installation media of February 2014). The working solution for this is to install the package backports-patchedAUR from AUR.

Broadcom BCM57780

This Broadcom chipset sometimes does not behave well unless you specify the order of the modules to be loaded. The modules are broadcom and tg3, the former needing to be loaded first.

These steps should help if your computer has this chipset:

$ lspci | grep Ethernet
02:00.0 Ethernet controller: Broadcom Corporation NetLink BCM57780 Gigabit Ethernet PCIe (rev 01)

If your wired networking is not functioning in some way or another, try unplugging your cable then doing the following (as root):

# modprobe -r tg3
# modprobe broadcom
# modprobe tg3

Now plug you network cable in. If this solves your problems you can make this permanent by adding broadcom and tg3 (in this order) to the MODULES array in /etc/mkinitcpio.conf:

MODULES=".. broadcom tg3 .."

Then rebuild the initramfs:

# mkinitcpio -p linux
Note: These methods may work for other chipsets, such as BCM57760.