Ifcfg files details
From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
/etc/sysconfig/network-scripts/ifcfg-<interface-name> and
/etc/sysconfig/network-scripts/ifcfg-<interface-name>:<alias-name>:
The first defines an interface, and the second contains
only the parts of the definition that are different in a
"alias" (or alternative) interface. For example, the
network numbers might be different, but everything else
might be the same, so only the network numbers would be
in the alias file, but all the device information would
be in the base ifcfg file.
The items that can be defined in an ifcfg file depend on the
interface type. The really obvious ones I'm not going to
bother to define; you can figure out what "IPADDR" is, I
think... :-)
Base items:
NAME=<friendly name for users to see>
Most important for PPP. Only used in front ends.
DEVICE=<name of physical device (except dynamically-allocated PPP
devices where it is the "logical name")>
IPADDR=
NETMASK=
GATEWAY=
ONBOOT=yes|no
ONHOTPLUG=yes|no
USERCTL=yes|no
BOOTPROTO=none|bootp|dhcp
MTU=
Default MTU for this device
WINDOW=
Default window for routes from this device
PEERDNS=yes|no
modify /etc/resolv.conf if peer uses msdns extension (PPP only) or
DNS{1,2} are set, or if using dhclient. default to "yes".
DNS{1,2}=<ipaddress>
provide DNS addresses that are dropped into the resolv.conf
file if PEERDNS is not set to "no".
SRCADDR=
use the specified source address for outgoing packets
HWADDR=
ethernet hardware address for this device
MACADDR=
Set the hardware address for this device to this.
Use of this in conjunction with HWADDR= may cause
unintended behavior.
NOZZEROCONF=
Set this to not set a route for dyamic link-local addreses
over this device.
PERSISTENT_DHCLIENT=yes|no|1|0
Without this option, or if it is 'no'/'0', and BOOTPROTO=dhcp,
dhclient is run for the interface in "one-shot" mode; if the
dhcp server does not respond for a configurable timeout, then
dhclient exits and the interface is not brought up -
the '-1' option is given to dhclient.
If PERSISTENT_DHCLIENT=yes, then dhclient will keep on trying
to contact the dhcp server when it does not respond - no '-1'
option is given to dhclient.
DHCPRELEASE=yes|no|1|0
With this option set to 'yes' (1), when a dhcp configured
interface is brought down with 'ifdown', the lease will be
released. Otherwise, leases are not released.
DHCLIENT_IGNORE_GATEWAY=yes|no|1|0
If set to 'yes', it will cause dhclient-script to ignore any $GATEWAY
setting that may be in the ifcfg file for this interface.
Otherwise, the dhclient session which obtains an ip-address
on the same subnet as $GATEWAY will set the default route
to be via $GATEWAY, and no other dhclient session will set
the default route.
If BOOTPROTO is not "none", then the only other item that
must be set is the DEVICE item; all the rest will be determined
by the boot protocol. No "dummy" entries need to be created.
Base items being deprecated:
NETWORK=<will be calculated automatically with ifcalc>
BROADCAST=<will be calculated automatically with ifcalc>
Alias specific items:
ONPARENT=yes|no
Whether to bring up the device when the parent device is brought
up.
Default: yes
IPv6-only items for real interfaces:
IPV6INIT=yes|no
Enable or disable IPv6 configuration for this interface
Default: no
IPV6FORWARDING=yes|no
Enable or disable global forwarding of incoming IPv6 packets
Note: Obsolete in interface specification!
Default: no
IPV6ADDR=<IPv6 address>[/<prefix length>]
Specify a primary static IPv6 address here
Optional, if normal host and a router advertisement daemon is on local link
Required, if node is a router and interface should route packets
Note: if prefix length is omitted, 64 is assumed
Example:
IPV6ADDR="3ffe:ffff:0:5::1"
IPV6ADDR="3ffe:ffff:0:1::1/128"
IPV6ADDR_SECONDARIES="<IPv6 address>[/<prefix length>] ..." (optional)
A list of secondary IPv6 addresses (e.g. useful for virtual hosting)
Example:
IPV6ADDR_SECONDARIES="3ffe:ffff:0:1::10 3ffe:ffff:0:2::11/128"
IPV6_MTU=<MTU of link> (optional)
Optional, dedicated MTU of this link
Note: Must be greater or equal to 1280.
Example:
IPV6_MTU="1280"
Special configuration options for multi-homed hosts etc.
IPV6_ROUTER=yes|no: Controls IPv6 autoconfiguration
IPV6_AUTOCONF=yes|no: Controls IPv6 autoconfiguration
Defaults:
Global IPV6FORWARDING=yes: IPV6_AUTOCONF=no, IPV6_ROUTER=yes
Global IPV6FORWARDING=no: IPV6_AUTOCONF=yes
Optional settings for a 6to4 tunnel
IPV6TO4INIT=yes|no
Enable or disable 6to4 tunneling setup
Default: no
IPV6TO4_RELAY=<IPv4 address> (optional)
IPv4 address of the remote 6to4 relay
Note: if this is omitted, ::192.88.99.1 (the anycast relay address) is chosen
IPV6TO4_IPV4ADDR=<IPv6 address>[/<prefix length>] (optional)
Overwrite local IPv4 address which is accessable from the Internet
(optional, in case of static IPv4-NAT behind a router or other special scenarios)
IPV6TO4_MTU=<MTU for IPv6> (optional)
Controls IPv6 MTU for the 6to4 tunnel
Note: Must be greater or equal to 1280
Example:
IPV6TO4_MTU="1280"
Default: MTU of master device - 20
IPV6TO4_ROUTING="<device>-<suffix>/<prefix length> ..." (optional)
A list of routing tokens to setup proper IPv6 routes on the LAN
Example:
IPV6TO4_ROUTING="eth0-:0004::0/64 eth1-:0005::0/64"
Will create one route per eth0 and eth1, taking given SLA
Optional settings for a 6to4 tunnel or a ppp link
IPV6_CONTROL_RADVD=yes|no (optional)
Enable signalling radvd that the 6to4 prefix has been changed or a
preconfigured dynamic device is up or down
Default: no
IPv6-only items for static tunnel interface:
Interface name: sitX (X => 1)
IPV6INIT=yes|no
Enable or disable IPv6 configuration for this interface
Default: no
IPV6TUNNELIPV4=<IPv4 address>
Specify IPv4 address of a foreign IPv6-in-IPv4 tunnel endpoint
Example:
IPV6TUNNELIPV4="1.2.3.4"
IPV6TUNNELIPV4LOCAL=<IPv4 address>
Specify local IPv4 address of tunnel, useful on interfaces with multiple IPv4 addresses
IPV6ADDR=<IPv6 address>[/<prefix length>] (optional)
local IPv6 address of a numbered tunnel
IPV6ADDR_SECONDARIES="<IPv6 address>[/<prefix length>] ..." (optional)
A list of secondary IPv6 addresses (example see above)
IPV6_MTU=<MTU of tunnel> (optional)
Optional, dedicated MTU of this tunnel
Note: Must be greater or equal to 1280
Example:
IPV6_MTU="1280"
IPv6-only option to enable DHCPv6 client:
DHCPV6C=yes|no
This will enable the DHCPv6 client, dhcp6c, to be run for the interface.
See man dhcp6c(8) and dhcp6c.conf(5).
Ethernet-only items:
{IPXNETNUM,IPXPRIMARY,IPXACTIVE}_{802_2,802_3,ETHERII,SNAP}
configuration matrix for IPX. Only used if IPX is active.
Managed from /etc/sysconfig/network-scripts/ifup-ipx
ARP=yes|no (adds 'arp' flag to ifconfig, for use with the
ethertap device)
ETHTOOL_OPTS=...
Any device-specific options supported by ethtool. For example,
if you wanted to force 100Mb full duplex:
ETHTOOL_OPTS="speed 100 duplex full autoneg off"
Note that changing speed or duplex settings almost always
requires disabling autonegotiation with 'autoneg off'.
No longer supported:
PROMISC=yes|no (enable or disable promiscuous mode)
ALLMULTI=yes|no (enable or disable all-multicast mode)
To properly set these, use the packet socket interface.
Ethernet 802.1q VLAN items:
DEVICE=eth0.42
Initscripts use DEV_PLUS_VID_NO_PAD naming mode for VLAN
devices.
Example: eth0.42 for vlan 42 on device eth0.
Valid VLAN ID range is 0-4095. Most ethernet switches reserve
VLAN ID 1 to be used as management VLAN; starting from VLAN
ID 2 is recommended.
REORDER_HDR=yes|no
When enabled the VLAN device will move the ethernet header
around to make it look exactly like a real ethernet device.
This may help programs such as ISC dhcpd which read the raw
ethernet packet and make assumptions about the location of
bytes. If you don't need it turn it off because there
is a small performance penalty. Default is on.
PPP/SLIP items:
PERSIST=yes|no
MODEMPORT=<device, say /dev/modem>
LINESPEED=<speed, say 115200>
DEFABORT=yes|no (tells netcfg whether or not to put default
abort strings in when creating/editing the chat script and/or
dip script for this interface)
(meaningless with WVDIALSECT)
PPP-specific items
WVDIALSECT=<list of sections from wvdial.conf to use>
If this variable is set, then the chat script (if it
exists) is ignored, and wvdial is used to open the
PPP connection.
DEFROUTE=yes|no (set this interface as default route? yes is default)
DEBUG=yes|no (defaults to yes)
turns on/off pppd and chat (if used) debugging.
ESCAPECHARS=yes|no (simplified interface here doesn't let people
specify which characters to escape; almost everyone can use
asyncmap 00000000 anyway, and they can set PPPOPTIONS to
asyncmap foobar if they want to set options perfectly)
HARDFLOWCTL=yes|no (yes imples "modem crtscts" options)
PPPOPTIONS=<arbitrary option string; is placed last on the
command line, so it can override other options like asyncmap
that were specified differently>
PAPNAME=<"name $PAPNAME" on pppd command line> (note that
the "remotename" option is always specified as the logical
ppp device name, like "ppp0" (which might perhaps be the
physical device ppp1 if some other ppp device was brought
up earlier...), which makes it easy to manage pap/chap
files -- name/password pairs are associated with the
logical ppp device name so that they can be managed
together.
REMIP=<remote ip address, normally unspecified>
MTU=
MRU=
DISCONNECTTIMEOUT=<number of seconds, default currently 5>
(time to wait before re-establishing the connection after
a successfully-connected session terminates before attempting
to establish a new connection.)
RETRYTIMEOUT=<number of seconds, default currently 60>
(time to wait before re-attempting to establish a connection
after a previous attempt fails.)
RETRYCONNECT=yes|no (defaults to yes)
If this is yes, then we will re-run pppd if it exits with a
"connect script failed" status. Otherwise, only one attempt
is made to bring up the connection. Note that some connect
scripts (for example, wvdial) might do their own retries (such
as BUSY or NO DIALTONE conditions).
MAXFAIL=<number>
If this is set, this will cause ppp-watch to exit after
the specified number of attempts.
DEMAND=yes|no
Switches on demand-dialing mode using pppd's "demand" option.
IDLETIMEOUT=600
The amount of time the link needs to be inactive before pppd will
bring it down automatically.
BOOTTIMEOUT=30
The amount of time to wait at boot before giving up on the
connection.
IPPP-specific items (ISDN)
PROVIDER=<ProviderName>
USER=<Login>
PASSWORD=<Password>
ENCAP=[syncppp|]
DIALMODE=[manual|auto]
SECURE=off|on
MSN=<>
PHONE_IN=<Callback.Number>
AREACODE=<>
REGIONCODE=<>
PHONE_OUT=<PhoneNumber>
BUNDLING=off|on
HUPTIMEOUT=<number>
DNS1=<PrimaryDNS>
DNS2=<SecondaryDNS>
DOMAIN=""
LAYER=[HDLC|]
CALLBACK=off|on
CHARGEHUP=<number>
CHARGEINT=<number>
CBHUP=<number>
CBDELAY=<number>
DIALMAX=<number>
AUTH=[+pap] [-chap]
IHUP=<>
DELDEFAULTROUTE=[enabled|disabled]
CBCP=off|on
VJ=off|on
VJCCOMP=off|on
AC=off|on
PC=off|on
BSDCOMP=off|on
CCP=off|on
SLAVE_DEVICE=ippp[0-9]
ippp0 items being deprecated:
BOOT=[on|off] will be converted to ONBOOT=[yes|no] by netconf
LOCAL_IP= will be converted to IPADDR by netconf
REMOTE_IP= will be converted to GATEWAY by netconf
IPSEC specific items
SRC=source address. Not required.
DST=destination address
TYPE=IPSEC
SRCNET=source net (for tunneling)
DSTNET=destination network (for tunneling)
Manual keying:
AH_PROTO{_IN,_OUT}=protocol to use for AH (defaults to HMAC-SHA1)
ESP_PROTO{_IN,_OUT}=protocol to use for ESP (defaults to 3DES)
KEY_AH{_IN,_OUT}=AH key
KEY_ESP{_IN,_OUT}=ESP key
SPI_{ESP,AH_{IN,OUT}}=SPIs to use
_IN and _OUT specifiers are for using different keys or protocols for inccoming
and outgoing packets. If neither _IN or _OUT variants are set for protocols or
keys, the same will be used for both.
Automatic keying:
IKE_METHOD=PSK|X509|GSSAPI
PSK=preshared keys (shared secret)
X509=X.509 certificates
GSSAPI=GSSAPI authentication
IKE_PSK=preshared key for this connection
IKE_CERTFILE=our certificate file name for X509 IKE
IKE_PEER_CERTFILE=peer public cert filename for X509 IKE
IKE_DNSSEC=retrieve peer public certs from DNS
(otherwise uses certificate information sent over IKE)
Bonding-specific items
SLAVE=yes
Specifies device as a slave
MASTER=bondXX
Specifies master device to bind to
