Ubuntu 20.04 Network Management – Answertopia
It is difficult to envisage an Ubuntu system that does not have at least one network connection, and harder still to imagine how such an isolated system could be of much practical use. The simple fact is that Ubuntu is designed to provide enterprise level services over network and internet connections. A key part of learning how to administer an Ubuntu system involves learning how to configure and manage the network interfaces installed on the system.
This chapter is intended to provide an overview of network management on Ubuntu including the NetworkManager service and tools together with some other useful utilities.
Mục Lục
1.1 An Introduction to NetworkManager
NetworkManager is a service and set of tools designed specifically to make it easier to manage the networking configuration on Linux systems and is the default network management service on Ubuntu desktop installations.
In addition to a service that runs in the background, NetworkManager also includes the following tools:
- nmcli – A tool for working with NetworkManager via the command-line. This tool is useful when access to a graphical environment is not available and can also be used within scripts to make network configuration changes.
- nmtui – A basic text-based user interface for managing NetworkManager. This tool can be run within any terminal window and allows changes to be made by making menu selections and entering data. While useful for performing basic tasks, nmtui lacks many of the features provided by the nmcli tool.
- nm-connection-editor – A full graphical management tool providing access to most of the NetworkManager configuration options.
- GNOME Settings – The Network screen of the GNOME desktop Settings application allows basic network management tasks to be performed.
- Cockpit Network Settings – The Network screen of the Cockpit web interface allows a range of network management tasks to be performed.
Although there are a number of different ways to manage the network environment on an Ubuntu system, for the purposes of this chapter we will focus on the nmcli command. While the graphical tools are certainly useful when you have access to a desktop environment or Cockpit has been enabled, understanding the command-line interface is essential for situations where a command prompt is all that is available. Also, the graphical tools (Cockpit included) do not include all of the capabilities of the nmcli tool. Finally, once you have gained some familiarity with NetworkManager and nmcli, those skills will translate easily when using the more intuitive tool options. The same cannot be said of the graphical tool options. It is harder to use nmcli if, for example, you have only ever used nm-connection-editor.
You are reading a sample chapter from Ubuntu 20.04 Essentials. Buy the full book now in eBook ($14.99) or Print ($36.99) format. Includes 37 chapters. Learn more.
Preview Buy eBook Buy Print
1.2 Installing and Enabling NetworkManager
NetworkManager should be installed by default for most Ubuntu installations if the Desktop installation image was used. Use the apt command to find out if it needs to be installed:
# apt -qq list network-manager network-manager/bionic-updates,now 1.22.10-1ubuntu1 amd64 [installed,automatic]
If necessary, install the package as follows:
# apt install network-manager
Once the package is installed, the NetworkManager daemon will need to be enabled so that it starts each time the system boots:
# systemctl status network-manager
Finally, start the service running and check the status to verify that the launch was successful:
# systemctl status network-manager
● NetworkManager.service - Network Manager
Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2020-04-08 14:31:58 EDT; 19h ago
Docs: man:NetworkManager(8)
Main PID: 704 (NetworkManager)
Tasks: 4 (limit: 4915)
CGroup: /system.slice/NetworkManager.service
├─704 /usr/sbin/NetworkManager --no-daemon
.
.
1.3 Basic nmcli Commands
The nmcli tool will have been installed as part of the NetworkManager package and can be executed from the command-line using the following syntax:
You are reading a sample chapter from Ubuntu 20.04 Essentials. Buy the full book now in eBook ($14.99) or Print ($36.99) format. Includes 37 chapters. Learn more.
Preview Buy eBook Buy Print
# nmcli [Options] Object {Command | help}
In the above syntax, Object will be one of general, networking, radio, connection, monitor, device or agent, all of which can be abbreviated to a few letters of the word (for example con, or even just the letter c, for connection). For example, all of the following commands will output help information relating to the device object:
# nmcli device help # nmcli dev help # nmcli d help
To check the overall status of NetworkManager on the system, use the following command:
# nmcli general status STATE CONNECTIVITY WIFI-HW WIFI WWAN-HW WWAN connected full enabled enabled enabled enabled
To check the status of the devices installed on a system, the following command can be used:
# nmcli dev status DEVICE TYPE STATE CONNECTION eno1 ethernet connected Wired connection 1 wlxc83a35cad517 wifi connected zoneone virbr0 bridge connected virbr0 lo loopback unmanaged -- virbr0-nic tun unmanaged --
The output may also be modified by using the -p (pretty) option to make the output more human friendly:
# nmcli -p dev status ===================== Status of devices ===================== DEVICE TYPE STATE CONNECTION ------------------------------------------------------------------------------- eno1 ethernet connected Wired connection 1 wlxc83a35cad517 wifi connected zoneone virbr0 bridge connected virbr0 lo loopback unmanaged -- virbr0-nic tun unmanaged --
Conversely, the -t option may be used to make the output more terse and suitable for automated processing:
You are reading a sample chapter from Ubuntu 20.04 Essentials. Buy the full book now in eBook ($14.99) or Print ($36.99) format. Includes 37 chapters. Learn more.
Preview Buy eBook Buy Print
# nmcli -t dev status eno1:ethernet:connected:Wired connection 1 wlxc83a35cad517:wifi:connected:EmilyZone virbr0:bridge:connected:virbr0 lo:loopback:unmanaged: virbr0-nic:tun:unmanaged:
From the status output, we can see that the system has two physical devices installed, one Ethernet and the other a WiFi device.
The bridge (virbr) entries are virtual devices used to provide networking for virtual machines (the topic of virtualization will be covered starting with the chapter entitled “An Overview of Virtualization Techniques”). The loopback interface is a special virtual device that allows the system to communicate with itself and is typically used to perform network diagnostics.
When working with NetworkManager, it is important to understand the difference between a device and a connection. As described above, a device is either a physical or virtual network device while a connection is a network configuration that the device connects to.
The following command displays information about the connections configured on the system:
# nmcli con show NAME UUID TYPE DEVICE zoneone bbd6e294-5d0c-4eac-b3c2-4dfd44becc9c wifi wlxc83a35cad517 Wired connection 1 56f32c14-a4d2-32c8-9391-f51967efa173 ethernet eno1 virbr0 f2d3494f-6ea4-4c90-936c-5eda9ac96a85 bridge virbr0 zonetwo f2a20df5-aa5e-4576-8379-579d154c3e0d wifi -- zonethree 45beac50-8741-41a6-abff-415640e24071 wifi --
From the above output, we can see that the WiFi device (wlxc83a35cad517) is connected to a wireless network named zoneone while the Ethernet device (eno1) is connected to a connection named Wired connection 1. In addition to zoneone, NetworkManager has also listed two other WiFi connections named zonetwo and zonethree, neither of which currently have a device connected.
You are reading a sample chapter from Ubuntu 20.04 Essentials. Buy the full book now in eBook ($14.99) or Print ($36.99) format. Includes 37 chapters. Learn more.
Preview Buy eBook Buy Print
To find out the IP address allocated to a connection, the ip tool can be used with the address option:
# ip address
This can also be abbreviated:
.
.
3: wlxc83a35cad517: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether c8:3a:35:ca:d5:17 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.121/24 brd 192.168.86.255 scope global dynamic noprefixroute wlxc83a35cad517
valid_lft 86076sec preferred_lft 86076sec
.
.
The ip command will output information for all of the devices detected on the system. The above output shows that the WiFi device has been assigned an IP address of 192.168.1.121.
If we only wanted to list active connections, the nmcli command could have been used with the -a option:
# nmcli con show -a NAME UUID TYPE DEVICE zoneone bbd6e294-5d0c-4eac-b3c2-4dfd44becc9c wifi wlxc83a35cad517 Wired connection 1 56f32c14-a4d2-32c8-9391-f51967efa173 ethernet eno1 virbr0 f2d3494f-6ea4-4c90-936c-5eda9ac96a85 bridge virbr0
To switch the WiFi device connection from zoneone to zonetwo, we can run the following command:
You are reading a sample chapter from Ubuntu 20.04 Essentials. Buy the full book now in eBook ($14.99) or Print ($36.99) format. Includes 37 chapters. Learn more.
Preview Buy eBook Buy Print
# nmcli device wifi connect zonetwo -ask Password:
The -ask flag causes nmcli to prompt the user to enter the password for the WiFi network. To include the WiFi password on the command-line (particularly useful if the command is being executed in a script), use the password option:
# nmcli device wifi connect zonetwo password <password here>
The nmcli tool may also be used to scan for available WiFi networks as follows:
# nmcli device wifi list
IN-USE SSID MODE CHAN RATE SIGNAL BARS SECURITY
zoneone Infra 6 195 Mbit/s 80 WPA2
* zonetwo Infra 11 130 Mbit/s 74 WPA1 WPA2
A currently active connection can be deactivated as follows:
# nmcli con down <connection name>
Similarly, an inactive connection can be brought back up at any time:
# nmcli con up <connection name>
When a connection is brought down, NetworkManager automatically searches for another connection, activates it and assigns it to the device to which the previous connection was established. To prevent a connection from being used in this situation, disable the autoconnect option as follows:
You are reading a sample chapter from Ubuntu 20.04 Essentials. Buy the full book now in eBook ($14.99) or Print ($36.99) format. Includes 37 chapters. Learn more.
Preview Buy eBook Buy Print
# nmcli con mod <connection name> connection.autoconnect no
The following command may be used to obtain additional information about a specific connection. This includes the current values for all the connection properties:
# nmcli con show "Wired connection 1" connection.id: Wired connection 1 connection.uuid: 56f32c14-a4d2-32c8-9391-f51967efa173 connection.stable-id: -- connection.type: 802-3-ethernet connection.interface-name: -- connection.autoconnect: yes connection.autoconnect-priority: -999 connection.autoconnect-retries: -1 (default) connection.auth-retries: -1 connection.timestamp: 1586442354 connection.read-only: no connection.permissions: -- connection.zone: -- connection.master: -- connection.slave-type: -- connection.autoconnect-slaves: -1 (default) . .
All of these properties can be modified using nmcli with the modify option using the following syntax:
# nmcli con mod <connection name> connection.<property name> <setting>
1.4 Working with Connection Profiles
So far we have explored the use of connections without explaining how a connection is configured. The configuration of a connection is referred to as a connection profile and is stored in a file located in the /etc/NetworkManager/system-connections directory, the contents of which might read as follows:
# ls /etc/NetworkManager/system-connections zoneone.nmconnection zonetwo.nmconnection zonethree.nmconnection
Each of the files is an interface configuration file containing the connection profile for the corresponding connection.
Consider, for example, the contents of our hypothetical zoneone connection:
You are reading a sample chapter from Ubuntu 20.04 Essentials. Buy the full book now in eBook ($14.99) or Print ($36.99) format. Includes 37 chapters. Learn more.
Preview Buy eBook Buy Print
[connection] id=zoneone uuid=2842f180-1969-4dda-b473-6c641c25308d type=wifi permissions= [wifi] mac-address=C8:3A:35:CA:D5:17 mac-address-blacklist= mode=infrastructure ssid=zoneone [wifi-security] auth-alg=open key-mgmt=wpa-psk psk=MyPassword [ipv4] dns-search= method=auto [ipv6] addr-gen-mode=stable-privacy dns-search= method=auto
The file contains basic information about the connection, including the type (wifi), and the SSID and WPA password key for the WiFi network. For both IPV4 and IPV6 the method property is set to auto (in other words the IP address for the connection will be obtained dynamically using DHCP). Changes to the connection profile can be implemented by modifying this file and instructing nmcli to reload the connection configuration files:
# nmcli con reload
New connection profiles can also be created manually or generated automatically by nmcli. As an example, assume that a new network device has been installed on the system. When this happens, the NetworkManager service will detect the new hardware and create a device for it. In the example below, the new device has been assigned the name enp0s8:
# nmcli dev status DEVICE TYPE STATE CONNECTION enp0s3 ethernet connected Wired connection 1 enp0s8 ethernet connected Wired connection 2
NetworkManager automatically detected the device, activated it and assigned it to a connection named “Wired connection 2”. This is a default connection over which we have no configuration control because there is no interface configuration file for it in /etc/NetworkManager/systemconnections. The next steps are to delete the “Wired connection 2” connection and use nmcli to create a new connection and assign it to the device. The command to delete a connection is as follows:
# nmcli con delete "Wired connection 2"
Next, nmcli can be used to create a new connection profile configured either with a static IP address, or a dynamic IP address obtained from a DHCP server. To create a dynamic connection profile named dyn_ip, the following command would be used:
# nmcli connection dd type ethernet con-name dyn_ip ifname enp0s8 Connection 'dyn_ip' (160d9e10-bbc8-439a-9c47-a2ec52990472) successfully added.
After the connection has been created, a file named dyn_ip will have been added to the /etc/ NetworkManager/system-connections directory and will read as follows:
You are reading a sample chapter from Ubuntu 20.04 Essentials. Buy the full book now in eBook ($14.99) or Print ($36.99) format. Includes 37 chapters. Learn more.
Preview Buy eBook Buy Print
[connection] id=dyn_ip uuid=3dc0bb6b-33dc-4cf8-b5da-5b9fd560342a type=ethernet interface-name=enp0s8 permissions= [ethernet] mac-address-blacklist= [ipv4] dns-search= method=auto [ipv6] addr-gen-mode=stable-privacy dns-search= method=auto
Checking the device status should now verify that the enp0s8 device is now using the dyn_ip connection profile:
# nmcli dev status DEVICE TYPE STATE CONNECTION enp0s8 ethernet connected dyn_ip enp0s3 ethernet connected Wired connection 1
At this point it is worth noting that the enp0s3 device is also using a default connection profile for which there is no interface file through which to modify the connection settings. The same steps used to create the dyn_ip profile can also be used for the enp0s3 device. For example, to create a connection named static_ip assigned a static IP address (in this case 192.168.1.200) assigned to the enp0s3 device, the following command would be used (keeping in mind that if you are connected remotely to the system via the Wired connection 1 interface you will lose the connection):
# nmcli con delete "Wired connection 1" # nmcli con add type ethernet con-name static_ip ifname enp0s3 ip4 192.168.1.200/24 gw4 192.168.1.1 Connection 'static_ip' (3fccafb3-e761-4271-b310-ad0f28ee8606) successfully added. # nmcli reload
The corresponding static_ip file will read as follows:
[connection] id=static_ip uuid=6e03666b-26a1-476e-b5b2-77c8eac6006c type=ethernet interface-name=enp0s3 permissions= [ethernet] mac-address-blacklist= [ipv4] address1=192.168.1.200/24,192.168.1.1 dns-search= method=manual [ipv6] addr-gen-mode=stable-privacy dns-search= method=auto
The command to add a new connection may be altered slightly to also assign both IPv4 and IPv6 static addresses:
# nmcli con add type ethernet con-name static_ip ifname enp0s3 ip4 192.168.1.200/24 gw4 192.168.1.1 gw4 192.168.1.1 ip6 cabf::4532 gw6 2010:dfa::1
1.5 Interactive Editing
In addition to using nmcli with command-line options, the tool also includes an interactive mode that can be used to create and modify connection profiles. The following transcript, for example, shows interactive mode being used to create a new Ethernet connection named demo_con:
You are reading a sample chapter from Ubuntu 20.04 Essentials. Buy the full book now in eBook ($14.99) or Print ($36.99) format. Includes 37 chapters. Learn more.
Preview Buy eBook Buy Print
# nmcli con edit Valid connection types: 6lowpan, 802-11-olpc-mesh (olpc-mesh), 802-11-wireless (wifi), 802-3-ethernet (ethernet), adsl, bluetooth, bond, bridge, cdma, dummy, generic, gsm, infiniband, ip-tunnel, macsec, macvlan, ovs-bridge, ovs-interface, ovs-port, pppoe, team, tun, vlan, vpn, vxlan, wimax, wpan, bond-slave, bridge-slave, team-slave Enter connection type: ethernet ===| nmcli interactive connection editor |=== Adding a new '802-3-ethernet' connection Type 'help' or '?' for available commands. Type 'print' to show all the connection properties. Type 'describe [<setting>.<prop>]' for detailed property description. You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, dcb, sriov, ethtool, match, ipv4, ipv6, tc, proxy nmcli> set connection.id demo_con nmcli> set connection.interface enp0s8 nmcli> set connection.autoconnect yes nmcli> set ipv4.method auto nmcli> set 802-3-ethernet.mtu auto nmcli> set ipv6.method auto nmcli> save Saving the connection with 'autoconnect=yes'. That might result in an immediate activation of the connection. Do you still want to save? (yes/no) [yes] yes Connection 'demo_con' (cb837408-6c6f-4572-9548-4932f88b9275) successfully saved. nmcli> quit
The following transcript, on the other hand, modifies the previously created static_ip connection profile to use a different static IP address to the one originally specified:
# nmcli con edit static_ip ===| nmcli interactive connection editor |=== Editing existing '802-3-ethernet' connection: 'static_ip' Type 'help' or '?' for available commands. Type 'print' to show all the connection properties. Type 'describe [<setting>.<prop>]' for detailed property description. You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, dcb, sriov, ethtool, match, ipv4, ipv6, tc, proxy nmcli> print ipv4.addresses ipv4.addresses: 192.168.1.200/24 nmcli> set ipv4.addresses 192.168.1.201/24 nmcli> save Connection 'static_ip' (3fccafb3-e761-4271-b310-ad0f28ee8606) successfully updated. nmcli> quit
After modifying an existing connection, remember to instruct NetworkManager to reload the configuration profiles:
# nmcli con reload
When using interactive mode, it is useful to know that there is an extensive built-in help system available to learn how to use the tool. The help topics can be accessed by typing help or ? at the nmcli > prompt:
nmcli> ? ------------------------------------------------------------------------------ ---[ Main menu ]--- goto [<setting> | <prop>] :: go to a setting or property remove <setting>[.<prop>] | <prop> :: remove setting or reset property value set [<setting>.<prop> <value>] :: set property value describe [<setting>.<prop>] :: describe property print [all | <setting>[.<prop>]] :: print the connection verify [all | fix] :: verify the connection save [persistent|temporary] :: save the connection activate [<ifname>] [/<ap>|<nsp>] :: activate the connection back :: go one level up (back) help/? [<command>] :: print this help nmcli <conf-option> <value> :: nmcli configuration quit :: exit nmcli ------------------------------------------------------------------------------
1.6 Configuring NetworkManager Permissions
In addition to making it easier to manage networks on Ubuntu, NetworkManager also allows permissions to be specified for connections. The following command, for example, restricts a connection profile to root and user accounts named john and caitlyn:
# nmcli con mod static_ip connection.permissions user:root,john,caitlyn
Once the connection profiles have been reloaded by NetworkManager, the static_ip connection will only be active and accessible to other users when at least one of the designated users is logged in to an active session on the system. As soon as the last of these users logs out, the connection will go down and remain inactive until one of the users signs back in.
You are reading a sample chapter from Ubuntu 20.04 Essentials. Buy the full book now in eBook ($14.99) or Print ($36.99) format. Includes 37 chapters. Learn more.
Preview Buy eBook Buy Print
In addition, only users with permission are able to make changes to the connection status or configuration.
1.7 Summary
Network management on Ubuntu is handled by the NetworkManager service. NetworkManager views a network as consisting of network interface devices and connections. A network device can be a physical Ethernet or WiFi device or a virtual device used by a virtual machine guest. Connections represent the network to which the devices connect and are configured by connection profiles. A configuration profile will, among other settings, define whether the connection has a static or dynamic IP address, the IP address of any gateway used by the network and whether or not the connection should be established automatically each time the system starts up.
NetworkManager can be administered using a number of different tools including the nmcli and nmtui command-line tools, the nm-connection-editor graphical tool and the network settings section of the Cockpit web interface. In general, the nmcli command-line tool provides the most features and flexibility.
![Toni Kroos là ai? [ sự thật về tiểu sử đầy đủ Toni Kroos ]](https://evbn.org/wp-content/uploads/New-Project-6635-1671934592.jpg)
