how to assign a ip address in linux

PRO Courses Guides New Tech Help Pro Expert Videos About wikiHow Pro Upgrade Sign In
EDIT Edit this Article
EXPLORE Tech Help Pro About Us Random Article Quizzes Request a New Article Community Dashboard This Or That Game Popular Categories Arts and Entertainment Artwork Books Movies Computers and Electronics Computers Phone Skills Technology Hacks Health Men's Health Mental Health Women's Health Relationships Dating Love Relationship Issues Hobbies and Crafts Crafts Drawing Games Education & Communication Communication Skills Personal Development Studying Personal Care and Style Fashion Hair Care Personal Hygiene Youth Personal Care School Stuff Dating All Categories Arts and Entertainment Finance and Business Home and Garden Relationship Quizzes Cars & Other Vehicles Food and Entertaining Personal Care and Style Sports and Fitness Computers and Electronics Health Pets and Animals Travel Education & Communication Hobbies and Crafts Philosophy and Religion Work World Family Life Holidays and Traditions Relationships Youth
Browse Articles
Learn Something New
Quizzes Hot
This Or That Game
Train Your Brain
Explore More
Support wikiHow
About wikiHow
Log in / Sign up
Computers and Electronics
Operating Systems

How to Assign an IP Address on a Linux Computer

Last Updated: April 11, 2024 Tested

Debian, Ubuntu, & Linux Mint

Red hat, centos, & fedora.

This article was co-authored by wikiHow staff writer, Jack Lloyd . Jack Lloyd is a Technology Writer and Editor for wikiHow. He has over two years of experience writing and editing technology-related articles. He is technology enthusiast and an English teacher. The wikiHow Tech Team also followed the article's instructions and verified that they work. This article has been viewed 730,574 times. Learn more...

This wikiHow teaches you how to assign a new IP address to your computer when using Linux. Doing so can prevent connection issues for the item in question.

Assign an IP Address to a Debian, Ubuntu, or Linux Mint Computer

No matter what version of Linux you're running, you'll need to open the Terminal and switch to root. In Debian, Ubuntu, and Linux Mint, use the "ipconfig" command to view your Internet items. Find the item you want to assign an IP address to, then type "sudo ipconfig [name] [ipaddress] netmask 255.255.255.0 up".

Press Ctrl + Alt + T or Ctrl + Alt + F1 (if you're on a Mac, substitute the ⌘ Command key for Ctrl .
Click the text box at the top or bottom of the screen if possible.
Open the Menu window and find the "Terminal" application, then click on it.

A "root" account is the Linux equivalent of an Administrator account on a Windows or Mac computer.

Step 4 Bring up a list of your current Internet items.

The top item should be your current router or Ethernet connection. This item's name is "eth0" (Ethernet) or "wifi0" (Wi-Fi) in Linux.

Step 5 Find the item to which you want to assign an IP address.

In most cases, this is the "eth0" or "wifi0" item.

To assign an IP of "192.168.2.100" to your ethernet connection ("eth0"), for example, you'd enter sudo ifconfig eth0 192.168.0.100 netmask 255.255.255.0 here.

If you have a different DNS server address that you would rather use, enter that in the place of 8.8.8.8 .

Step 9 Check your item's new IP address.

5 Find the network connection that you want to change. This will normally be the Ethernet or Wi-Fi connection, which has an IP address currently listed on the right side of the window.

Step 6 Switch to the network scripts directory.

For a network named "eno12345678", for example, you'd enter vi ifcfg-eno12345678 here.

BOOTPROTO - Change dhcp to none
Any IPV6 entry - Delete any IPV6 entries entirely by moving the cursor to the I on the left and pressing Del .
ONBOOT - Change no to yes

For example: to use "192.168.2.23" as your IP address, you'd type in IPADDR=192.168.2.23 and press ↵ Enter .
Type in PREFIX=24 and press ↵ Enter . You can also enter NETMASK=255.255.255.0 here.
Type in GATEWAY=192.168.2.1 and press ↵ Enter . Substitute your preferred gateway address if different.

Expert Q&A

Some very specific Linux distributions will require you to go through a different process to assign an IP address. To see your specific distribution's specifications, check online. Thanks Helpful 0 Not Helpful 0

Don't forget to switch back to the regular (non-root) user account when you're done. Thanks Helpful 1 Not Helpful 1

↑ https://danielmiessler.com/study/set_ip/
↑ https://www.youtube.com/watch?v=oQd5eG9BZXE&t=

About This Article

Send fan mail to authors

Reader Success Stories

Buddy HaDagi

Jan 27, 2017

Is this article up to date?

Dmitry Ugay

Oct 10, 2017

Featured Articles

Watch Articles

Terms of Use
Privacy Policy
Do Not Sell or Share My Info
Not Selling Info

wikiHow Tech Help Pro:

Level up your tech skills and stay ahead of the curve

How to Assign Static IP Address on Ubuntu Linux

Brief: In this tutorial, you’ll learn how to assign static IP address on Ubuntu and other Linux distributions. Both command line and GUI methods have been discussed.

IP addresses on Linux Systems in most cases are assigned by Dynamic Host Configuration Protocol (DHCP) servers. IP addresses assigned this way are dynamic which means that the IP address might change when you restart your Ubuntu system . It’s not necessary but it may happen.

Dynamic IP is not an issue for normal desktop Linux users in most cases . It could become an issue if you have employed some special kind of networking between your computers.

For example, you can share your keyboard and mouse between Ubuntu and Raspberry Pi . The configuration uses IP addresses of both system. If the IP address changes dynamically, then your setup won’t work.

Another use case is with servers or remotely administered desktops. It is easier to set static addresses on those systems for connection stability and consistency between the users and applications.

In this tutorial, I’ll show you how to set up static IP address on Ubuntu based Linux distributions. Let me show you the command line way first and then I’ll show the graphical way of doing it on desktop.

Method 1: Assign static IP in Ubuntu using command line

Note for desktop users : Use static IP only when you need it. Automatic IP saves you a lot of headache in handling network configuration.

Step 1: Get the name of network interface and the default gateway

The first thing you need to know is the name of the network interface for which you have to set up the static IP.

You can either use ip command or the network manager CLI like this:

In my case, it shows my Ethernet (wired) network is called enp0s25:

Next, you should note the default gateway IP using the Linux command ip route :

As you can guess, the default gateway is 192.168.31.1 for me.

Step 2: Locate Netplan configuration

Ubuntu 18.04 LTS and later versions use Netplan for managing the network configuration. Netplan configuration are driven by .yaml files located in /etc/netplan directory.

By default, you should see a .yaml file named something like 01-network-manager-all.yaml, 50-cloud-init.yaml, 01-netcfg.yaml.

Whatever maybe the name, its content should look like this:

You need to edit this file for using static IP.

Step 3: Edit Netplan configuration for assigning static IP

Just for the sake of it, make a backup of your yaml file.

Please make sure to use the correct yaml file name in the commands from here onward.

Use nano editor with sudo to open the yaml file like this:

Please note that yaml files use spaces for indentation . If you use tab or incorrect indention, your changes won’t be saved.

You should edit the file and make it look like this by providing the actual details of your IP address, gateway, interface name etc.

In the above file, I have set the static IP to 192.168.31.16.

Save the file and apply the changes with this command:

You can verify it by displaying your ip address in the terminal with ‘ip a’ command.

If you don’t want to use the static IP address anymore, you can revert easily.

If you have backed up the original yaml file, you can delete the new one and use the backup one.

Otherwise, you can change the yaml file again and make it look like this:

Method 2: Switch to static IP address in Ubuntu graphically

If you are on desktop, using the graphical method is easier and faster.

Go to the settings and look for network settings. Click the gear symbol adjacent to your network connection.

Assign Static IP address in Ubuntu Linux

Next, you should go to the IPv4 tab. Under the IPv4 Method section, click on Manual.

In the Addresses section, enter the IP static IP address you want, netmask is usually 24 and you already know your gateway IP with the ip route command.

You may also change the DNS server if you want. You can keep Routes section to Automatic.

Once everything is done, click on Apply button. See, how easy it is to set a static IP address graphically.

If you haven’t read my previous article on how to change MAC Address , you may want to read in conjunction with this one.

More networking related articles will be rolling out, let me know your thoughts at the comments below and stay connected to our social media.

Dimitrios is an MSc Mechanical Engineer but a Linux enthusiast in heart. His machines are powered by Arch Linux but curiosity drives him to constantly test other distros. Challenge is part of his per

Meet DebianDog - Puppy sized Debian Linux

Reduce computer eye strain with this nifty tool in linux, install open source dj software mixxx version 2.0 in ubuntu, install adobe lightroom alternative rawtherapee in ubuntu linux, complete guide to installing linux on chromebook, become a better linux user.

With the FOSS Weekly Newsletter, you learn useful Linux tips, discover applications, explore new distros and stay updated with the latest from Linux world

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to It's FOSS.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.

How-To Geek

How to set a static ip address in ubuntu.

When static is the way forward.

Quick Links

What is a static ip address, setting a static ip in ubuntu, set a static ip in ubuntu with the gui, connection convenience, key takeaways.

After gathering your connection name, subnet mask, and default gateway, you can set a static IP address in the terminal using the nmcli command. Or, in the GNOME desktop, open your connection settings and click the + icon, then enter the info for your static IP address there.

Your home network relies on IP addresses to route data between devices, and sometimes on reconnecting to the network a device's address can change. Here's how to give an Ubuntu Linux computer a permanent IP address that survives reboots.

Everything on your network home network, whether it's using a wired connection or Wi-Fi, has an IP address . IP stands for Internet Protocol. An IP address is a sequence of four numbers separated by three dots. Each IP address that is unique within that network.

IP addresses act as numeric labels. Your router uses these labels to send data between the correct devices. Usually, your router assigns IP addresses. It knows which IP addresses are in use and which are free. When a new device connects to the network, it requests an IP address and the router allocates one of the unused IP addresses. This is called DHCP, or dynamic host configuration protocol .

When a device is restarted or powered off and on, it may receive its old IP address once more, or it might be allocated a new IP address. This is normal for DHCP and it doesn't affect the normal running of your network. But if you have a server or some other computer that you need to be able to reach by its IP address, you'll run into problems if its IP address doesn't survive power downs or reboots.

Pinning a specific IP address to a computer is called allocating a static IP address . A static IP address, as its name suggests, isn't dynamic and it doesn't change even if the computer is power-cycled .

Nmcli is the command-line network manager tool , and can be used to change your IP address, configure network devices, and --- relevant to our purposes --- set up a static IP in Ubuntu.

We're demonstrating this technique on Ubuntu 22.04 LTS, but it ought to work on any Linux distribution, including Ubuntu 23.04. The nmcli tool was released in 2004, so it should be present on just about any standard distribution.

Let's take a look at the network connections that already exist on the computer. We're using the connection command with the show argument.

nmcli connection show

This displays some information about each connection. We only have a single connection configured.

The output is wider than the terminal window. This is the information that we're shown.

Name : Our network connection is called "netplan-enp0s3."
UUID : The universally unique identifier Linux uses to reference this connection internally.
Type : This is an ethernet connection.
Device : This connection is using the "enp0s3" network interface. It's the only network card in this computer.

We can use the ip command to discover the IP address this computer is using.

In the output we can see the "enp0s3" entry, and its current IP address, 192.168.86.117. The "/24" is a shorthand way of saying that this network uses a 255.255.255.0 subnet mask . Take a note of this number, we'll need to use it later.

We need to choose the IP address we're going to set as our static IP address. Obviously, you can't use an IP address that is already in use by another device. One safe way to proceed is to use the current IP address assigned to the Ubuntu system. We know for certain that nothing else is using that IP address.

If we want to use a different IP address, try pinging it. We're going to test whether IP address 192.168.86.128 is in use. If everything else on your network uses DHCP and you get no response to the ping command, it should be safe to use.

ping 192.168.86.128

Even if another device had previously used that IP address, it'll be given a new IP address when it next boots up. Nothing responds to the ping requests, so we're clear to go ahead and configure 192.168.86.128 as our new static IP.

We also need to know the IP address of your default gateway , which will usually be your broadband router. We can find this using the ip command and the route option, which we can abbreviate to "r."

The entry that starts with "default" is the route to the default gateway. Its IP address is 192.168.86.1. Now we can start to issue commands to set up our static IP address.

The first command is a long one.

sudo nmcli con add con-name "static-ip" ifname enp0s3 type ethernet ip4 192.168.86.128/24 gw4 192.168.86.1

Taken in small chunks, it's not as bad as it looks. We're using sudo . The nmcli arguments are:

con : Short for "connection."
add : We're going to add a connection.
con-name "static-ip" : The name of our new connection will be "static-ip."
ifname enp0s3 : The connection will use network interface "enp0s3."
type ethernet : We're creating an ethernet connection.
ip4 192.168.86.128/24 : The IP address and subnet mask in classless inter-domain routing notation . This is where you need to use the number you took note of earlier.
gw4 192.168.86.1 : The IP address of the gateway we want this connection to use.

To make our connection a functioning connection, we need to provide a few more details. Our connection exists now, so we're not adding anything, we're modifying settings, so we use the mod argument. The setting we're changing is the IPv4 DNS settings. 8.8.8.8 is the IP address of Google's primary public DNS server , and 8.8.4.4 is Google's fallback DNS server.

Note that there is a "v" in "ipv4." In the previous command the syntax was "ip4" without a "v." The "v" needs to be used when you're modifying settings, but not when adding connections.

nmcli con mod "static-ip" ipv4.dns "8.8.8.8,8.8.4.4"

To make our IP address static, we need to change the method which the IP address obtains its value. The default is "auto" which is the setting for DHCP. We need to set it to "manual."

nmcli con mod "static-ip" ipv4.method manual

And now we can start or "bring up" our new connection.

nmcli con up "static-ip" ifname enp0s3

We didn't get any error messages which is great. Lets use nmcli to look at our connections once more.

nmcli con show

Here's the output:

Our static-ip connection is active and using device "enp0s3." The existing connection "netplan-enp0s3" is no longer associated with a physical network interface because we've pinched "enp0s3" from it.

Click the icons at the far-right end of the system bar to show the system menu, then click on the "Wired Connected" menu option. If you're using a wireless connection, instead click the name of your Wi-Fi network.

The available connections are displayed. A dot indicates which is in use. Click the "Wired Settings" or "Wi-Fi Settings" menu option. The details of the active connection are displayed.

If you followed our previous instructions the new connection will be the active connection. We can see our new "static-ip" connection has the IP address, default gateway, and DNS servers that we set for it.

To create a new connection using the "Settings" application, click the " + " icon on the "Networks" page, above the list of wired connections.

A dialog appears. We need to provide a name for our new static IP connection.

We're calling our new connection "static-2." Click the "IPv4" tab.

Select the "Manual" radio button, and complete the "Address", "Netmask", and "Gateway" fields. Also complete the DNS field, and then click the green "Apply" button. Note the comma between the DNS entries.

Our new connection is listed in the "Wired" connections pane.

You can swap between the available connections by clicking directly on their names.

If you want to modify a connection after you create it, click the cog icon. In this case, we'll enter the settings for the "static-ip" connection.

A dialog box opens. Click on the "IPv4" tab.

Because we set our new IP address to be static, the "Manual" radio button is selected. You could change this back to DHCP by selecting the "Automatic (DHCP)" radio button, and clicking the green "Apply" button.

Using the nmcli command or the GNOME desktop and apps, you can hop between network connections very easily and very quickly.

It's more convenient to have a selection of connection profiles and move between them as you need to, rather than to have one that you keep editing. If something goes horribly wrong with the connection you're editing or adding, you can always fall back on one of the existing connections.

A Beginner’s Guide to Configuring IPv4 and IPv6 Addresses in Linux

As a systems administrator, you will occasionally be tasked with configuring or setting up the IP addresses of your servers to keep up with changing network requirements. As such, having fundamental skills in assigning IP addresses and configuring hostname resolution is crucial in ensuring that servers conform with the network topology.

Table of Contents

What is an IP Address?

An IP address, which stands for Internet Protocol , is a unique numerical identifier or address that identifies a device in a TCP/IP network. This could be a local area network ( LAN ) or the internet.

The IP address allows communication between devices in a network such as servers, routers, switches, and any other network device connected to the network.

Difference Between IPv4 vs IPv6

An IP address can be broadly categorized into two: IPv4 and IPv6 .

IPv4 Address

An IPv4 (IP version 4) address is a 32-bit number that is split into four octets, with each octet separated by a period or a decimal point. This is usually referred to as dotted-decimal format.

Each octet is made up of 8 bits which collectively represent a byte. An IPv4 address can further be divided into two sections. The first part represents the network section, while the remaining part defines the host section.

Network Section

The network section of an IP address identifies the class the IP address belongs. There are 3 distinct classes of IP addresses used in computer networks: Class A , Class B , and Class C .

What is IPv4 Class A

In Class A type of network, the first 8 bits (octet) define the network, while the remaining 24 bits are reserved for the hosts in the network.

The Public IP addresses range from 1.0.0.0 to 127.0.0.0.
The Private IP addresses range from 10.0.0.0 to 10.255.255.255.

Addresses 127.0.0.0 to 127.255.255.255 are reserved for loopback and other diagnostic purposes, and hence are not allocated to hosts in a network.

The default subnet mask of class A is 255.0.0.0 with the first 8 bits used to identify the network. The remaining 24 bits are designated for hosts. This class is used in networks that command a large number of hosts. It yields a maximum of 16,777,214 hosts and 126 networks.

What is IPv4 Class B

In Class B , the first two octets, or 16 bits are used to define the network ID.

The Public IP addresses range from 128.0.0.0 to 191.255.0.0.
The private IP range is from 172.16.0.0 to 172.31.255.255.

The default subnet mask is 255.255.0.0 where the first 16 bits define the network ID. This class of IP is typically used for medium-large networks and yields 65,534 hosts per network with a total of 16,382 networks.

What is IPv4 Class C

This class of IP is mostly used for small networks such as a home network or a small office or business.

In a Class C network, the first two network bits are set to 1 while the third is set to 0, i.e. 1 1 0. The remaining 21 bits of the first three octets define the network ID, and the last octet defines the number of hosts.

As such, Class C IP address produces the highest number of networks amounting to 2,097,150 , and the least number of hosts per network which is 254 hosts.

The public IP addresses range from 192.0.0.0 to 223.255.255.0.
The private IP range is from 192.168.0.0 to 192.168.255.255.

The subnet mast is 255.255.255.0.

Host Portion

The remaining section of the IP address is the host portion, which is the section that determines the number of hosts in a network. This part uniquely identifies a host in a network. All hosts in the same network share the same network portion.

For example, the following host IP addresses belong to the same network.

IPv6 Address

An IPv6 address is an alphanumeric address that is 128 bits long, arranged in eight groups, each of which contains 16 bits.

Like an IPv4 address, it is split into two parts: the network and host component. The network part makes up the first 64 bits and is used for routing purposes. The remaining 64 bits identified the address on the nodes.

Below is an example of a full IPv6 address.

This can be further shortened as follows.

IPv6 was developed as a solution to the imminent exhaustion of addresses in IPv4. As you know by now, IPv6 contains 128 bits which is four times more than the number of bits in IPv4 (32 bits). These extra bits provide more addressing space which will supplement the address provided by IPV4.

Although IPv6 is set to take over from IPv4 addressing in the near future, many organizations and ISPs still use and largely rely on IPv4 addresses.

In fact, you’ll hardly ever need to configure an IPv6 on your device to provide connectivity. The fact is, it will take a while before IPv6 replaces or phases out IPv4.

Dynamic (DHCP) and Static IP Configuration

IP allocation on client machines or any end-point devices connected to a network is done either using the DHCP protocol or manual configuration where IP addresses are statically allocated.

DHCP IP Address

DHCP ( Dynamic Host Configuration Protocol ) is a client-server protocol that dynamically allocates IP addresses to client systems on a network. The DHCP server, which in most cases is a router, contains a pool of addresses that it leases out to client devices on a network for a certain period of time. Thus, it simplifies and makes the configuration of IP addresses more efficient. Once the lease time lapses, the client acquires a new IP address.

Most systems, by default, are configured to obtain an IP automatically using the DHCP protocol. This eliminates the possibility of IP conflicts in a network where two devices share the same IP address.

The drawback of DHCP is that the IP addresses change once the lease expires. If a server is set to acquire an IP via DHCP, this will lead to connectivity issues once the IP address changes. And this is where static IP configuration comes in.

Static IP Address

In static IP configuration, IP addresses are manually configured on a client system, especially servers. Unlike dynamically allocated addresses, statically configured IP addresses remain the same and do not change.

However, the static configuration requires a lot of work from network admins. They have to manually log in and configure the static IP along with other details such as subnet mask, DNS servers, and gateway IP. In addition, they need to keep track of all the client systems with static IP addresses.

In this tutorial, we will focus on how to statically configure IP addresses on various systems.

How to Configure IPv4 Networking in Linux

In this section, we will shift focus and see how to configure an IPv4 address on Linux. We will look at how you can do this on Debian , Ubuntu , and later on RHEL and Red Hat distributions .

Configure IPv4 Address on Debian

To get started, it’s always a good idea to check your current IP configuration of the Linux system.

This displays the IP addresses and status of your network interfaces. From the output, we have two interfaces.

The first one is the lo interface which is a loopback address reserved for testing purposes only and is always designated the address 127.0.0.1 . The loopback address is not associated with any physical network interface.

The second interface is enp0s3 (this might be different in your case). This is the active network interface that maps to the physical network card on the server.

Its IPv4 address is denoted by the inet parameter, and in this case is 192.168.2.113 , which is assigned via the DHCP protocol.

In Debian, the network configuration is contained in the /etc/network/interfaces file. You can view it using the nano or vim editor .

To configure a static IPv4 address, remove or comment the allow-hotplug and dhcp lines, Then add the following configuration.

In this configuration, 192.168.2.150 will be our new IPv4 address with a netmask or network subnet of 255.255.255.0. The default gateway, which also happens to be the router’s IP, is 192.168.2.1 while the DNS nameservers are 192.168.2.1 and 8.8.8.8 .

Save the changes and exit the file.

To apply the changes, restart the networking service.

Then confirm no errors were encountered

To confirm that the server has acquired the new IP, run the following command:

The output below confirms that we have successfully configured the static IPv4 address.

Configure IPv4 Address on Ubuntu

In Ubuntu 18.04 and later versions, Netplan is the default network configuration tool, which enables easy configuration of network settings via YAML files. According to Canonical, netplan processes the YAML files and generates network configurations for systemd-network or NetworkManager .

The network configuration file for modern Ubuntu distributions is located in the /etc/netplan directory. For the desktop system, the configuration file in this directory is 01-network-manager-all.yaml . For servers, the file is /etc/netplan/01-netcfg.yaml .

Once again, let’s check our current IP address which is auto-assigned by DHCP.

Our current IP is 192.168.2.106 . We will set this to 192.168.2.180 .

To assign an IPv4 address, we will open the network configuration file.

By default, the following lines automatically set the system to use DHCP for IP assignment.

Add the following lines to assign a static IP.

Let us break down the parameters used:

enp0s3 – is the name of the network interface.
addresses – This configures the IPv4 address on the interface. This is followed by the CIDR, in this case,/24 which implies a network subnet of 255.255.255.0.
nameservers – This specifies the DNS servers to be used. In this case, we are using 8.8.8.8 and 8.8.4.4 which are Google’s name servers.
routes – This sets the gateway on your system.

Remember to replace the interface name and IP configuration to match your network environment.

Save the changes and exit.

To apply the changes made, run the following command:

Once again, verify if the changes have been reflected as shown.

Configure IPv4 Address on RHEL

In Red Hat distributions , the nmcli (NetworkManager Command Line Interface) command-line tool is one of the most preferred ways of configuring an IPv4 address. It does so using the NetworkManager service.

To view the network interface name attached to your system, execute the command:

To display the active connection, run the command:

In RHEL 9 and other Red Hat distributions based on RHEL, the network configuration file resides in the /etc/sysconfig/network-scripts directory. In our case, the configuration file is ifcfg-enp0s3 .

We will assign a static IPv4 address on the interface ‘ enp0s3 ‘ as shown:

To do so, we will run the following commands:

The commands save the changes inside the associated network configuration file. You can view the file using your preferred text editor

To confirm the new IP address, run the following command

You can also run the nmcli command without any command-line options and the active interface will be displayed at the top.

How to Configure Hostname in Linux

A well-configured system should be able to resolve its hostname or domain name to the IP address configured. Usually, the hostname and IP address mapping is done in the /etc/hosts file.

To configure hostname resolution, add a host’s entry to the /etc/hosts file. This entry includes the host’s IP address and the hostname as shown.

Be sure to update the /etc/hosts file on every Linux system that you intend to connect to the system on the same local network.

Once done, you can successfully ping the hostname of the Linux machine.

In this tutorial, we have covered IPv4 and IPv6 IP addresses and explored how you can configure IPv4 networking and hostname resolution on Linux.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Tasksel Install Group Software in Ubuntu and Debian

Tasksel – Quickly Install Software Groups in Debian and Ubuntu

How to Install KDE Plasma in Ubuntu, Debian and Mint

How to Install ImageMagick 7 on Debian and Ubuntu

How to Install Postfix with Roundcube Webmail on Ubuntu and Debian

Install Wine in Ubuntu, Debian and Linux Mint

How to Install Wine on Debian, Ubuntu and Linux Mint

How to Install and Compile Kernel in Debian

Ah, it is working like this:

I only have to put into an init script.

I face the following situation: The Internet provider has switched to IPv6.

This means the first 4 blocks, e.g., a02:560:4c19:cd00……. are changing time by time.

The Internet router is able to configure “port forwarding” for IPv6. Indeed, it is not port forwarding, but routing to an IPv6 address in my network.

Unfortunately, the Internet router is not able to route the dynamic part of the IPv6 address of my internal server. I can only configure a fix postfix of the IPv6 address:

let it be: …….. 2001:db8:1234:abcd

While the prefix is changing by the internet provider, the postfix I set it to fix.

To make a service from my internal address available to the internet, I must configure the IPv6 address of my server with the dynamic prefix of the router and the fix postfix configured for routing.

Is it possible to configure it?

Clear, it is a bug in my internet router.

Another way, maybe I will try at the weekend, while the server is getting up, I can call via IPv4 DNS to get the current IPv6 address, put it into the configuration, and restart the network stack.

Title says “Configuring IPv4 and IPv6 Addresses”.

What happened to the “ configure IPv6 section ?”

The pool of IPv4 addresses has already been exhausted so we will have to use IPv6 from now on. I may “hardly ever need to configure an IPv6” but, nevertheless, there WILL be times that I will have to configure IPv6.

It would be handy to know how to do the configuration ahead of time unless IPv6 is self-configuring.

@Dragonmouth,

To assign an IPv6 address temporarily to the network interface, run the following command:

Replace <IPv6_ADDRESS> with the desired IPv6 address, <PREFIX_LENGTH> with the appropriate prefix length and <INTERFACE_NAME> should be replaced with the actual interface name.

For example:

To assign an IPv6 address permanently to the network interface, use the following instructions:

1. Open the configuration file for the desired network interface.

The file name will usually be in the format ifcfg-<INTERFACE_NAME> . For example, if the interface name is eth0 , the file would be ifcfg-eth0 .

Add the following lines to the configuration file.

Restart the network service to apply the changes.

You can confirm your IP address by running ip command.

How to configure IPv6 static IP address using Netplan?

To configure an IPv6 address using Netplan, you can follow these steps:

1. Open the Netplan configuration file using a text editor.

Add the following network configuration to configure an IPv6 address.

In the above example, the interface eth0 is configured with the static IPv6 address 2001:db8:1234:abcd::1 with a prefix length of /64 . The IPv6 gateway is set to 2001:db8:1234:abcd::a .

2. Apply the changes by running the following command:

Thank you, it may help users with old Ubuntu versions.

In newer versions, gateway6 is deprecated.

I don’t think the gateway6 parameter is deprecated in the netplan configuration. Any source you have please share…

Got Something to Say? Join the Discussion... Cancel reply

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.

Save my name, email, and website in this browser for the next time I comment.

16 Linux ip command examples to configure network interfaces (cheatsheet)

November 18, 2022

The ip is a very powerful utility that is used to perform many tasks. Multiple older utilities such as ifconfig and route command were earlier used to perform these functions. In this article I will share different examples to configure network interfaces and routes using ip command .

Install iproute rpm

By default iproute rpm is installed on all variants of RHEL/CentOS Linux , you can also find ip binary command in the rescue and emergency target.

The absolute path is /usr/sbin/ip

1. Show IP Address of all the available interfaces using ip command

Use ip addr show to show the IP Address of all the available network interfaces on your Linux system

Here I have three interfaces (including the loopback interface), wherein we can check the IP Address of individual interface as highlighted above.

2. Show IP Address of individual interface

You can use " dev " argument along with " ip addr show " to display information of provided interface only. Here we are displaying IP Address detail for enp0s9 interface only.

3. List interfaces based on interface type

There are various types of NIC which can be available on your Linux system such as vlan , bond, bridge, vxlan etc.

Now to list only bridge interfaces on your system:

To list bond interface from your system

4. Check if NIC's link state is enabled or disabled

" ip link " will manage and display the state of all network interfaces. To display the current state of all the interfaces

To check the link state of individual interface

5. Change NIC's Link state

Since our NIC interface is already in enabled state, let us turn down link state for enp0s9 interface

Check the link state again for enp0s9

Now since it is in DOWN state, let us change the link status for enp0s9 to UP

6. Assign/Add IPv4 and IPv6 address

To assign ipv4 address using you can use " ip addr add ". To demo this step I have already temporarily unassigned/removed IP address from enp0s9 interface.

To assign IPv4 address using ip command you would need netmask prefix value which here for me is "24". You can either calculate this prefix value or you can use other online network calculators which can help you get the prefix value depending upon your netmask.

To check the assigned IPv4 Address for enp0s9 interface

To assign IPv6 address using ip command you can use the same command as used for IPv4 address but with the IPv6 address and netmask

Verify the IPv6 address assigned to the provided interface

7. Un-Assign/Delete IPv4 and IPv6 address

You can un-assign or delete an assigned ip address from an interface using " ip addr del " argument. Here you must give the exact IP address along with the prefix value to un-assign the ip address.

Check and verify if the ip address was un-assigned sucessfully from the provided interface

You can un-assign or delete the IPv6 address for individual interface using the same command as used for IPv4 address above.

Next check the IPv6 Address of the interface to make sure it is un-assigned from the provided interface

8. Un-assign/delete all protocol addresses from individual interface

By using " ip addr del " we only remove the provided address assigned to the respective interface. But if you wish to remove all the protocol address assigned to individual interface then you must use flush

Next check the interface detail

As you see both IPv4 and IPv6 addresses are removed.

9. Display detailed statistics of interface

To get more detailed information on packet statistics for individual interface using " -s " argument

If the "-s" option appears twice or more, the amount of information increases.

10. List available routes

To list all the available routes on your Linux system

You can also use " ip route " or " ip route show " to get the list of available routes in the routing table

11. Add default route to routing table

To add default route (adding an entry in the routing table) use " ip route add default "

Verify the available default routes in the routing table

To add more details for the default route as we have for other routes

Verify the default route again using ip command

12. Delete default route from routing table

To delete the default route, instead of using " add ", use " delete ". Now here I have two default routes, where I wish to delete the route with 10.0.2.2 for enp0s3 interface

Delete the default route

Verify the available routes in the routing table

You can also remove the default route using interface name to delete all the default routes mapped to provided interface

13. Add additional route to the routing table

Now after adding default route, you can also add additional routes to the routing table. Here we will add a route to 192.168.168.0/24 via the route 192.168.0.1

14. Delete additional route from routing table

Here we had added a new route for 192.168.168.0/24 via 192.168.0.1 . so we will attempt to delete the same here

Verify the route list again

15. Replace existing routes from routing table

We can also replace certain directives from existing routes in the routing table. In our last example we added route 192.168.168.0/24 via 192.168.0.1 so we will change this to 192.168.168.0/24 via 10.0.2.2 gateway via a different interface (enp0s3)

My existing list of routes

Replace the route values

Verify the new route list

16. Display the route an address will take

Now we have added all the routes, but we would like to know the route which any address on the linux system will take

To know the route which will be used by 192.168.168.10 address

To know the route which will be used by 192.168.0.10 address

Linux ip command is a very handy tool for Linux Administrators. The only drawback with this tool is that the changes are non-persistent which means this will not survive a reboot. But in many cases such as in rescue mode or to verify temporary network changes we can use this tool to create and assign network to interfaces.

Lastly I hope this article with different ip command examples to perform network related activities (cheatsheet) on Linux was helpful. So, let me know your suggestions and feedback using the comment section.

I have used below external references for this tutorial guide man page for ip command

Deepak Prasad

He is the founder of GoLinuxCloud and brings over a decade of expertise in Linux, Python, Go, Laravel, DevOps, Kubernetes, Git, Shell scripting, OpenShift, AWS, Networking, and Security. With extensive experience, he excels in various domains, from development to DevOps, Networking, and Security, ensuring robust and efficient solutions for diverse projects. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

For any other feedbacks or questions you can send mail to [email protected]

Thank You for your support!!

Select Your Language

Single-page

Language and Page Formatting Options

Red hat training.

A Red Hat training course is available for Red Hat Enterprise Linux

3.6. Configuring IP Networking with ip Commands

Assigning a static address using ip commands, configuring multiple addresses using ip commands, quick links.

Subscriptions
Support Cases
Customer Service
Product Documentation
Contact Customer Portal
Customer Portal FAQ
Log-in Assistance
Trust Red Hat
Browser Support Policy
Accessibility
Awards and Recognition

Related Sites

developers.redhat.com
connect.redhat.com
cloud.redhat.com

Systems Status

Red Hat Subscription Value
About Red Hat
Red Hat Jobs

Set static IP in Ubuntu using Terminal

Everything you need to know about setting static IP on an Ubuntu machine using the command line.

Dec 5, 2022 — Pratham Patel

Normally, the router's DHCP server handles assigning the IP address to every device on the network, including your computer.

The DHCP server may also give you a new IP address occasionally. This could cause a problem if you have a home lab or server setup that works on a fixed IP address.

You need to set a static IP address on your Ubuntu system to avoid problems.

Step 1: Identify the correct network interface

The first step is always to know the name of your network interface.

"But why?" you might ask. That is because since Ubuntu 20.04, the network interfaces are named using predictable network interface names . This means your one and only ethernet interface will not be named 'eth0'.

Ubuntu Server and Ubuntu Desktop use different renderers for 'netplan', they are 'systemd-networkd' and 'NetworkManager', respectively. So let's go over their differences.

Ubuntu Server

To see available network interfaces on Ubuntu Server, run the following command:

Doing so will show a similar result:

The output enumerates network interfaces with numbers.

From this, I can see that the ethernet interface is 'enp1s0'.

Ubuntu Desktop

The advantage (at least in my opinion) of having Ubuntu Desktop is having NetworkManager as the renderer for netplan .

It has a pretty CLI output :)

Run the following command to view the available network interfaces:

That will give you the device name, type, state and connection status.

Here is what it looks like on my computer:

This is more readable at first glance. I can make out that my ethernet interface is named 'enp1s0'.

Step 2: See current IP address

Now that you know which interface needs to be addressed, let us edit a file .

Before I change my IP address/set a static one, let us first see what my current IP address is .

Nice! But let's change it to '192.168.122.128' for demonstration purposes.

Step 3: See the gateway

A gateway is a device that connects different networks (basically what your all-in-one router is). To know the address of your gateway, run the following command:

The gateway address will be on the line that begins with "default via".

Below is the output of running the ip command on my computer:

On the line that starts with "default via", I can see that my gateway address '192.168.122.1'

Make a note of your gateway address.

Step 4: Set static IP address

Now that you have detail like interface name and gateway address, it is time to edit a config file.

Step 4-A: Disable cloud-init if present

The easiest way to know if cloud-init is present or not is to check if there is a package with that name.

Run the following command to check:

If you get an outupt, you have 'cloud-init' installed.

Now, to disable could-init, create a new file inside the /etc/cloud/cloud.cfg.d directory. The name does not matter, so I will call it '99-disable-cloud-init.cfg'.

Add the following line to it:

Please reboot your Ubuntu system now so that cloud-init does not interfere when we set our static IP address in the next step. :)

Back to Step 4

Once the 'cloud-init' related configuration is complete, we must now edit the netplan configuration to add our static IP address.

Go to the /etc/netplan directory. It is better if there is one file (easier to know which one to edit), but in some cases, there might also be more than one file with the extension '.yml' or '.yaml'.

When in doubt, grep for the name of your network interface. Use the following command if you are not comfortable with grep:

Since the name of network interface for my ethernet is 'enp1s0', I will run the following command:

running this command shows that the file I am looking for is '00-installer-config.yaml'. So let us take a look at it.

You might have noticed a line that says 'ethernet' and our network interface name under that. Under this is where we configure our 'enp1s0' network interface.

Since we do not want DHCP assigned IP address, let us change that field from true to no .

Add a field called addresses . Write the IP address you wish to assign your computer along with the network prefix. So I will write 192.168.122.128/24 in the addresses field.

Finally, we also need to specify DNS nameservers. For that, create a new field called nameservers and under that, create a field called addresses which contains the IP address for your DNS servers . I used Cloudflare's DNS servers but you can use whatever you want.

This is what my '00-installer-config.yaml' file looks like after editing it to my liking.

To apply the settings, run the following command:

This will take only a few seconds, and the IP address will be updated once it is done.

You can check the IP address using the hostname -I command.

Perfect! The IP address has now changed successfully.

I know that it feels complicated but this is the proper procedure when you are trying to assign static IP via the command line in Ubuntu.

Let me know if you are stuck at some point or encounter any technical issues.

Fell in love with Ubuntu the first time I tried it. Been distro-hopping since 2016.

Shell Scripting
Docker in Linux
Kubernetes in Linux
Linux interview question
id command in Linux with examples
if command in linux with examples
How to Find Your IP Address in Linux | ifconfig Command
iftop command in Linux with Examples
ifup command in Linux with Examples
import command in Linux with Examples
info command in Linux with Examples
insmod command in Linux with examples
install command in Linux with examples
iostat command in Linux with examples
iotop Command in Linux with Examples

ip Command in Linux with Examples

ipcrm command in Linux with examples
'IPCS' command in Linux with examples
iptables command in Linux with Examples
iptables-save command in Linux with examples
iwconfig command in Linux with Examples
join Command in Linux
journalctl Command in Linux with Examples
How to Kill a Process in Linux | Kill Command
last command in Linux with Examples
less command in Linux with Examples
let command in Linux with Examples
ln command in Linux with Examples
locate command in Linux with Examples

The ip command in Linux is a powerful utility for network configuration and management. It allows users to interact with various networking components such as network interfaces, routing tables, addresses, and more. In this guide, we will delve into the ip command, covering each aspect with examples, code, and detailed explanations.

Introduction to the IP Command in Linux

The ip command is part of the iproute2 package and serves as a versatile replacement for older networking tools like ` ifconfig ` and ` route ` . It provides a unified interface for configuring and managing network settings in modern Linux distributions.

Basic Usage and Syntax of IP Command

The basic syntax of the ip command is as follows:

OPTIONS : Additional options that modify the behavior of the command.
OBJECT : The networking component you want to interact with (e.g., link, address, route).
COMMAND : The action you want to perform on the specified object.
help : Displays help information about the specified object or command.

IP Command Examples and Practical Implementation

Displaying Network Interfaces and IP Addresses Using IP Command

Configuring network interfaces using ip command, managing routing tables using ip command, changing interface state using ip command, displaying detailed interface statistics using ip command.

To view information about network interfaces and their associated IP addresses, use the following command:

displaying network interface

This command displays details such as interface names (` eth0` , ` wlan0` ), MAC addresses, IPv4 and IPv6 addresses, subnet masks, and more.

To configure a network interface, you can use the ` ip link` command followed by the action (e.g., ` set` , ` add` , ` delete` ).

For example : to set the IP address of an interface:

This command assigns the IP address ` 192.168.1.100` with a subnet mask of ` 24` (equivalent to 255.255.255.0 ) to the eth0 interface.

Example 1: Deleting a Route

To delete an existing route from the routing table, you can use the ` ip route delete` command. For example:

This command removes the route to the ` 10.0.0.0/24` network via the gateway ` 192.168.1.1` through the ` eth0` interface.

Example 2: Changing the Default Gateway

To change the default gateway for outgoing traffic, you can modify the default route using the ` ip route` command. For instance:

This command sets ` 192.168.1.254` as the new default gateway through the ` eth0` interface.

Example 1: Bringing an Interface Up

To bring an interface up (activate it), you can use the ` ip link` command with the ` set` action. For example:

This command brings the ` eth0` interface up, enabling it to send and receive network traffic.

Example 2: Changing MTU (Maximum Transmission Unit)

To change the MTU (maximum transmission unit) of a network interface, you can use the ` ip link` command with the ` set` action and the ` mtu` parameter. For instance:

This command sets the MTU of the ` eth0` interface to ` 1500` bytes.

Example 1: Monitoring Interface Traffic

To monitor real-time network traffic on a specific interface, you can use the ` ip -s link` command in combination with tools like ` watch ` or ` grep ` to filter the output. For example:

This command continuously monitors the receive (RX) traffic on the ` eth0` interface, updating every second.

Example 2: Displaying Interface Errors

To identify potential issues with a network interface, you can use the ip -s link command to display detailed statistics, including error counts. For instance:

This command shows statistics related to packet errors and dropped packets on the eth0 interface.

Options available in the IP command in Linux

This option is used to show all IP addresses associated with all network devices.

This will show the information related to all interfaces available on our system.

It is used to display link layer information; it will fetch characteristics of the link layer devices currently available. Any networking device which has a driver loaded can be classified as an available device.

This link option when used with -s option is used to show the statistics of the various network interfaces.

And, to get information about a particular network interface, add an option show followed by the name of the particular network interface.

For Example:

ip -s link show enp3s0

3. monitor:

This command can monitor and display the state of devices, addresses and routes continuously.

4. neighbour:

This command is used to view the MAC address of the devices connected to your system.

ip neighbour

STABLE: This means that the neighbor is valid, but is probably already unreachable, so the kernel will try to check it at the first transmission.
REACHABLE: This means that the neighbor is valid and reachable.
DELAY: This means that a packet has been sent to the stable neighbor and the kernel is waiting for confirmation.
Delete an ARP entry:

Add an ARP entry:

The `ip` command in Linux is a powerful tool that is used for performing administrative tasks. We can say that this command is the improved version of the deprecated `ifconfig` command. As we discussed, this command can be used to manipulate devices, routing and tunnels. This `ip` command can also monitor the state of devices, routes and addresses. Overall, we can say that this command is a versatile tool that can be helpful network administrators manage their networks more efficiently.

Please Login to comment...

Similar reads, improve your coding skills with practice.

What kind of Experience do you want to share?

How to Configure Static IP Address on Ubuntu 24.04 (Desktop)

In this article, we will show you how to configure static ip address on Ubuntu 24.04 desktop step by step.

When you want a persistent IP address on your Ubuntu 24.04 desktop, then you must a configure a static IP address. Whenever we install Ubuntu then DHCP is enabled by default, and it will try to fetch the IP address from DHCP server if it is available over the network.

In Ubuntu Desktop 24.04, there are two ways to configure static IP address:

Graphical User Interface
Command Line

We will cover both the methods in this article.

Prerequisites

Pre-Install Ubuntu 24.04
Regular user with sudo rights
Basic understanding of networks

Configure Static IP Address on Ubuntu 24.04 Using GUI

We will get the following window, click on “ gearbox” icon

Go to IPv4 tab, there you will see that DHCP is enabled for automatic IP allocation.

Automatic-DHCP-Option-Ubuntu-24-04-Network-Settings-GUI

Choose Manual option to configure static IP address and specify IP details (IP address, netmask, gateway and DNS IP) as show below:

Note: Change the IP details that suits to your network

Configure Static IP Address On Ubuntu 24.04

Click on Apply .

Next, disable and enable the interface to make above changes into effect.

Above screen confirms that we have successfully configured static IP address on our Ubuntu 24.04 desktop.

Configure Static IP Address on Ubuntu 24.04 Using Command Line

We can use netplan utility and its configuration file to assign the static ip on the interface (like ep0s3 or eth0).

Netplan configuration file are placed in /etc/netplan directory. Under this directory there should be a file with name 01-netcfg.yaml , 50-cloud-init.yaml or may be else depending on your environment.

Netplan-Configuration-file-Ubuntu-24-04-Desktop

Edit netplan configuration file, in our case it is 01-netcfg.yaml

save and close the file.

Note: In above file, replace the IP address details and interface according to your setup. We have also used renderer as “ NetworkManager ” which instructs netplan to use NetworkManager as its backend. It is used for desktops and for the servers and headless environments use “ networkd ” instead of NetworkManager.

Configure Static IP Address On Ubuntu 24.04 Command Line

Set the permission on this file using chmod command,

To make above changes into the affect, run below netplan apply command.

Next, verify the IP address and network connectivity.

Perfect, output above shows that we have successfully configure static ip address using netplan utility.

That’s all from this article. We hope you have found it informative and useful, feel free to post your queries and feedback in below comments section.

Read Also : How to Install Git on Ubuntu 24.04

Establishing Remote Access to Linux Servers Behind Firewalls: A Guide

Accessing a Linux server behind a firewall remotely can seem like a daunting task, but it doesn’t have to be. In just a few steps, you can establish a secure connection that allows you to manage your server from anywhere. Whether you’re a system administrator or just someone who needs to access a server occasionally, this quick overview will help you understand the process.

Tutorial for Establishing Remote Access to Linux Servers Behind Firewalls

Before diving into the step-by-step guide, let’s understand what we’re aiming to achieve. Establishing remote access to a Linux server behind a firewall involves configuring the server to accept secure connections over the internet. This process ensures that you can access the server’s resources without exposing it to security threats.

Step 1: Check your firewall settings

Ensure that your firewall allows incoming connections on the port used for remote access (typically port 22 for SSH).

Firewalls are designed to block unauthorized access to your network, but they can also prevent legitimate remote connections. Before proceeding, you must ensure that your firewall settings allow incoming connections on the port used for SSH (Secure Shell), which is the standard method for secure remote login on Linux servers.

Step 2: Install and configure SSH server

Install an SSH server on your Linux server and configure it to accept remote connections.

SSH is a protocol that provides a secure channel over an unsecured network. By installing an SSH server, such as OpenSSH, you’re setting up a way for authorized users to remotely connect to your Linux server. Be sure to follow best practices for security, such as disabling root login and using key-based authentication.

Step 3: Set up port forwarding

Configure your router to forward incoming SSH connections to the Linux server’s local IP address.

When you’re behind a firewall, often a router, you’ll need to set up port forwarding to direct incoming connections to your server. This means that any connection requests on the port you specified will be sent to your Linux server’s local IP address, allowing remote access.

Step 4: Connect from a remote client

Use an SSH client on your remote device to establish a connection to your Linux server using its public IP address.

Once everything is set up on the server side, you can connect to your Linux server from a remote client. This could be a computer or even a mobile device with an SSH client installed. Enter your server’s public IP address and authenticate with your credentials to start managing your server remotely.

After completing these steps, you will have established a secure remote connection to your Linux server behind a firewall. This will allow you to manage your server from anywhere, as long as you have an internet connection. Remember, maintaining the security of your server is crucial, so always follow best practices and keep your system updated.

Tips for Establishing Remote Access to Linux Servers Behind Firewalls

Always use strong, unique passwords for your SSH login to prevent unauthorized access.
Consider using key-based authentication instead of password authentication for added security.
Regularly update your SSH server software to patch any potential vulnerabilities.
Limit the number of allowed login attempts to prevent brute-force attacks.
Monitor your server logs to keep an eye on any suspicious activities or access attempts.

Frequently Asked Questions

What is ssh.

SSH, or Secure Shell, is a protocol that allows secure remote login and other secure network services over an unsecured network.

Is it safe to open a port on my firewall for SSH?

Yes, it is generally safe to open a port for SSH as long as you use strong authentication methods and keep your server software updated.

Can I use a different port other than the default for SSH?

Absolutely. Changing the default SSH port can add an extra layer of security by making it less predictable for potential attackers.

What is port forwarding?

Port forwarding is a network configuration that directs traffic to a specific IP address within your local network, allowing remote access to devices behind a router or firewall.

Do I need a static IP address for my server?

While it’s not strictly necessary, having a static IP makes it easier to connect consistently, as the address won’t change each time the server restarts.

Check firewall settings for SSH connections.
Install and configure an SSH server.
Set up port forwarding on your router.
Connect from a remote client using your server’s public IP.

Establishing remote access to Linux servers behind firewalls is a fundamental skill for anyone managing servers. It’s all about balancing accessibility with security. By following the steps outlined in this article, you’ve learned how to set up a secure connection that allows you to administer your server from anywhere.

Remember, the key to maintaining a secure remote access setup is keeping your system updated and monitoring for any unusual activity. Always use strong, unique passwords or, even better, key-based authentication. And don’t forget to limit login attempts and change the default SSH port if you’re feeling extra cautious.

Whether you’re a newbie or a seasoned sysadmin, remote access can simplify your workflow and enhance productivity. So, why not give it a try? And if you run into any roadblocks, there’s a wealth of information and helpful communities out there to support you on your journey. Happy remote accessing!

Kermit Matthews is a freelance writer based in Philadelphia, Pennsylvania with more than a decade of experience writing technology guides. He has a Bachelor’s and Master’s degree in Computer Science and has spent much of his professional career in IT management.

He specializes in writing content about iPhones, Android devices, Microsoft Office, and many other popular applications and devices.

Read his full bio here .

Change the hostname of your AL2 instance

When you launch an instance into a private VPC, Amazon EC2 assigns a guest OS hostname. The type of hostname that Amazon EC2 assigns depends on your subnet settings. For more information about EC2 hostnames, see Amazon EC2 instance hostname types in the Amazon EC2 User Guide for Linux Instances .

A typical Amazon EC2 private DNS name for an EC2 instance configured to use IP-based naming with an IPv4 address looks something like this: ip-12-34-56-78.us-west-2.compute.internal , where the name consists of the internal domain, the service (in this case, compute ), the region, and a form of the private IPv4 address. Part of this hostname is displayed at the shell prompt when you log into your instance (for example, ip-12-34-56-78 ). Each time you stop and restart your Amazon EC2 instance (unless you are using an Elastic IP address), the public IPv4 address changes, and so does your public DNS name, system hostname, and shell prompt.

This information applies to Amazon Linux. For information about other distributions, see their specific documentation.

Change the system hostname

If you have a public DNS name registered for the IP address of your instance (such as webserver.mydomain.com ), you can set the system hostname so your instance identifies itself as a part of that domain. This also changes the shell prompt so that it displays the first portion of this name instead of the hostname supplied by AWS (for example, ip-12-34-56-78 ). If you do not have a public DNS name registered, you can still change the hostname, but the process is a little different.

In order for your hostname update to persist, you must verify that the preserve_hostname cloud-init setting is set to true . You can run the following command to edit or add this setting:

If the preserve_hostname setting is not listed, add the following line of text to the end of the file:

To change the system hostname to a public DNS name

Follow this procedure if you already have a public DNS name registered.

For AL2: Use the hostnamectl command to set your hostname to reflect the fully qualified domain name (such as webserver.mydomain.com ).

For Amazon Linux AMI: On your instance, open the /etc/sysconfig/network configuration file in your favorite text editor and change the HOSTNAME entry to reflect the fully qualified domain name (such as webserver.mydomain.com ).

Reboot the instance to pick up the new hostname.

Alternatively, you can reboot using the Amazon EC2 console (on the Instances page, select the instance and choose Instance state , Reboot instance ).

Log into your instance and verify that the hostname has been updated. Your prompt should show the new hostname (up to the first ".") and the hostname command should show the fully-qualified domain name.

To change the system hostname without a public DNS name

For AL2: Use the hostnamectl command to set your hostname to reflect the desired system hostname (such as webserver ).

For Amazon Linux AMI: On your instance, open the /etc/sysconfig/network configuration file in your favorite text editor and change the HOSTNAME entry to reflect the desired system hostname (such as webserver ).

Open the /etc/hosts file in your favorite text editor and change the entry beginning with 127.0.0.1 to match the example below, substituting your own hostname.

You can also implement more programmatic solutions, such as specifying user data to configure your instance. If your instance is part of an Auto Scaling group, you can use lifecycle hooks to define user data. For more information, see Run commands on your Linux instance at launch and Lifecycle hook for instance launch in the AWS CloudFormation User Guide .

Change the shell prompt without affecting the hostname

If you do not want to modify the hostname for your instance, but you would like to have a more useful system name (such as webserver ) displayed than the private name supplied by AWS (for example, ip-12-34-56-78 ), you can edit the shell prompt configuration files to display your system nickname instead of the hostname.

To change the shell prompt to a host nickname

Create a file in /etc/profile.d that sets the environment variable called NICKNAME to the value you want in the shell prompt. For example, to set the system nickname to webserver , run the following command.

Open the /etc/bashrc (Red Hat) or /etc/bash.bashrc (Debian/Ubuntu) file in your favorite text editor (such as vim or nano ). You need to use sudo with the editor command because /etc/bashrc and /etc/bash.bashrc are owned by root .

Edit the file and change the shell prompt variable ( PS1 ) to display your nickname instead of the hostname. Find the following line that sets the shell prompt in /etc/bashrc or /etc/bash.bashrc (several surrounding lines are shown below for context; look for the line that starts with [ "$PS1" ):

Change the \h (the symbol for hostname ) in that line to the value of the NICKNAME variable.

(Optional) To set the title on shell windows to the new nickname, complete the following steps.

Create a file named /etc/sysconfig/bash-prompt-xterm .

Make the file executable using the following command.

Open the /etc/sysconfig/bash-prompt-xterm file in your favorite text editor (such as vim or nano ). You need to use sudo with the editor command because /etc/sysconfig/bash-prompt-xterm is owned by root .

Add the following line to the file.

Log out and then log back in to pick up the new nickname value.

Change the hostname on other Linux distributions

The procedures on this page are intended for use with Amazon Linux only. For more information about other Linux distributions, see their specific documentation and the following articles:

How do I assign a static hostname to a private Amazon EC2 instance running RHEL 7 or Centos 7?

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Thanks for letting us know we're doing a good job!

If you've got a moment, please tell us what we did right so we can do more of it.

Thanks for letting us know this page needs work. We're sorry we let you down.

If you've got a moment, please tell us how we can make the documentation better.

Steps to Add Additional IPv4 and IPv6 to Linux VPS

How to Add Additional IPv4 and IPv6 to Linux VPS

Most Linux servers have a public IP address allowing remote connections.

Adding additional IPv4 and IPv6 serves various purposes, such as:

Hosting multiple websites or services.
Loading balancing, and high availability.
Adopting IPv6 to future-proof your online presence.

To add additional IPv4 and IPv6 to Linux VPS , first, you need to have purchased Linux VPS to be able to order IPs through your VPS provider’s control panel.

The extra IP addresses must be added manually to the network interfaces since DHCP cannot be used to automatically add them to VPS.

So, the final step is to configure the network settings to manage new IP addresses.

Table of Contents

Steps to Configure IP Addresses in Linux VPS

The process of Adding additional IPv4 and IPv6 addresses involves obtaining the IPs from your VPS provider’s control panel and configuring your network settings.

This typically involves steps like logging into the control panel, requesting additional IPs, and then updating your Linux system’s network configuration file.

There are two main steps to finish this process:

Step 1: Obtain the Additional Addresses

This depends on your setup. If you’re using a cloud provider or VPS hosting, you’ll likely need to order them through their control panel.

For a local network, you might need to configure your router to assign additional addresses through DHCP or manually assign static IPs within a valid range.

To order an IPv4 and add an IPv6 address , follow the below path:

Log in to your Linux VPS Control Panel using your account credentials.
Select ‘ Manage ‘ from the upper right corner, then select ‘ Network information ‘.
A summary of your IP addresses is displayed to you. To order extra IP addresses, click “ Request IPv4 addresses .”
In the same path as above, after clicking “Request IPv4 addresses”, click ” Add new IPv6 address ” to add an IPv6 address.

How to order an IPv4 and add an IPv6 address

Note : If you send emails from your VPS using this IP address, after adding the IPv6 address, make sure you have set up your reverse DNS.

Step 2: Configure Extra IPv4 or IPv6 Addresses on Linux VPS

Once you have the additional addresses, you need to configure your Linux system to recognize and use them. The specific steps depend on your Linux distribution.

Here, we explain the way you can add an IPv4 address and an IPv6 address in Ubuntu 22.04.

Follow the below path to configure the Network Interface on Ubuntu 22.04:

Connect to the VPS via the Ubuntu VPS console or SSH .
Run the command below to view the current network interfaces:
Open the network configuration file to add the extra IPv4 and IPv6 addresses in the network interfaces:
Add the following values to the file ( For IPV4 ) ethernets: ens3: dhcp4: no dhcp6: yes addresses: - Your primary IPv4 and IPv6 addresses with the range /24 addition - Your primary IPv4 and IPv6 addresses with the range /24 addition routes: - to: default via: Your primary IP

Note : Do not enter additional gateways for secondary IPs.

For IPv6 , add:

Save the changes and exit.
Now, you are ready to use the new IP address. To do this, run:
Again, by running the ip a command, you can check the newly added IPv4 and IPv6 addresses.
If you do not see the new configuration, you must check if a file exists called 01-network-manager-all.yaml in /etc/netplan /. To do this, type:
If yes, use the command below to rename the file:

You must see the correct configuration by running the sudo netplan apply and ls /etc/netplan/ commands.

When and Why Add Additional IPv4 and IPv6 to Linux VPS

Imagine your Linux VPS as a bustling apartment building. By default, it has one main address for everyone.

But what if you want to rent out additional units? That’s where extra IP addresses come in, acting like unique door numbers for each new tenant.

Here’s why you might want to add more “door numbers” to your VPS:

Multiple Websites or Businesses:

Running separate websites or online stores? Assigning individual IP addresses to each gives them their own “shopfront” online, improving security and allowing you to manage them independently.

Scaling Up and Sharing Resources:

Need to handle more traffic or want to host a game server? Adding IPs lets you distribute the workload across multiple “apartments” within your VPS, boosting performance and reliability.

With IPv4 addresses becoming scarce, IPv6 offers a future-proof solution with a vast number of unique addresses, ensuring your virtual building has room for all its potential tenants.

Additional Notes :

Keep in mind to back up your network configuration files before making changes.
Make sure the additional IP addresses are valid and within a usable range for your network.
You might need to adjust firewall rules to allow incoming traffic on the new addresses.

How IPv4 and IPv6 are different?

IPv4, the current standard, faces an exhaustion problem due to its limited 32-bit address space.

IPv6, the next-generation protocol, offers a significantly larger 128-bit address space, ensuring an almost limitless pool of unique identifiers for future internet growth.

How do I obtain additional IP addresses?

This depends on your setup. Typically, you’ll order them through your VPS provider’s control panel.

How do I configure the additional IP addresses on my Linux VPS?

The process varies depending on your Linux distribution:

Identifying your network interface.
Editing the network configuration file (e.g., netplan config file in Ubuntu).
Adding entries for the new IP addresses.
Saving the changes and restarting the network service.

Are there any risks involved in adding additional IP addresses?

There are minimal risks if done correctly.

However, it’s important to:

Back up your network configuration files before making changes.
Ensure the additional IP addresses are valid and within a usable range for your network.
Adjust firewall rules to allow incoming traffic on the new addresses.

What if I encounter problems Configuring the IP addresses?

If you have chosen OperaVPS as your VPS provider, you can contact us 24/7 to receive support resources or documentation.

You can also search online forums or communities for troubleshooting guides specific to your Linux distribution.

Similar to adding extra units in an apartment building, assigning additional IPv4 and IPv6 addresses to your Linux VPS allows you to host multiple websites or services independently.

By obtaining these IPs through your VPS provider’s control panel and configuring your network settings (steps provided for Ubuntu 22.04), you can distribute the workload for better performance and leverage the vastness of IPv6 for future scalability.

Remember to back up configurations and adjust firewall rules for the new addresses.

How To Set Up a Firewall in 8 Easy Steps + Best Practices

Maine Basan

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More .

Setting up a firewall is the first step in securing your network. A successful firewall setup and deployment requires careful design, implementation, and maintenance to effectively improve your network integrity and data security. Before performing a firewall configuration, consider factors such as security requirements, network architecture, and interoperability; avoid typical firewall setup errors; and follow the best practices below.

Table of Contents

8 Considerations Before Setting Up a Firewall

Some factors to consider before you configure a firewall include creating detailed requirements and a proof of concept. Take note of your security requirements, physical environment, and component interoperability. Assess your network design, management protocols, and your future needs to ensure an effective protection without bottlenecks while also aligning with company goals and security standards for a secure network strategy.

Be sure you have the following before getting started:

Clearly-defined requirements: Understand the organization’s requirements, such as the type of firewall, performance requirements, compliance requirements, and minimum specifications. Check if the chosen solution is consistent with the organization’s goals and infrastructure.
Proof of concept: Execute a proof of concept or environment simulation once you identify the potential firewall products to select the best-fit solution for the organization’s specific requirements. Verify that the chosen firewall can meet your security standards and functions.
Firewall architecture design and environment: Finalize your architecture, harden configurations, identify location and dependencies, and define policy rules. Evaluate the network firewalls’ physical placement, security, space, power, cooling, and network requirements.
Security needs and capabilities: Determine which types of firewall, such as packet filtering, stateful inspection, or application firewalls , are most suited to their traffic requirements. Consider your other security measures like intrusion detection, VPNs , and content filtering.
Component interoperability: Verify the compatibility with your current network infrastructure, including hardware and software. Evaluate the interoperability with your logging systems, as well as prospective network upgrades. Confirm that all components integrate seamlessly.
Network requirements: Understand your network’s capacity, maximum simultaneous connections, latency requirements, and future traffic demands. Consider load balancing, failover mechanisms, and your preference for hardware-based or software-based firewalls.
Management: Evaluate the firewall’s remote management protocols, adherence to organizational regulations, and remote management access limits. Utilize centralized management capabilities across numerous devices, as well as future scalability.
Future Needs: Assess if the chosen firewall solution can meet your organization’s predicted demands, such as IPv6 migration, anticipated bandwidth requirements, and compliance with new regulations. Ensure that your firewall investment is effective and scalable over time.

8 Steps to Set Up a Firewall

To set up a firewall, configure the tool by creating rules, network zones, and policies. Activate logging and alerts, and perform extensive testing and auditing. Finally, deploy the firewall and perform regular monitoring and maintenance to provide an ideal security posture and effective network protection.

1. Prepare for Installation

The first stage in setting up a firewall is to prepare for installation after evaluating the type of firewall you need via the risk assessment listed above. Gather the necessary equipment, evaluate the network layout, and become familiar with the firewall documentation.

Physically install the firewall and ensure appropriate connections. Install hardware, operating systems, and software, apply fixes, and harden the firewall to reduce vulnerabilities. Only the administrator should have the authority to control the firewall, deactivate superfluous services, and secure the physical environment. Synchronize firewall clocks with other systems to improve log analysis.

Sample Windows Defender Firewall prompts for firewall activation.

2. Set Secure Firewall Rules & ACLs

To prevent unwanted access and ensure effective traffic management, secure your firewall through updating firmware to resolve vulnerabilities and adopting proper configurations prior to installing firewalls in production. Disabling default accounts and changing passwords improve security, as does requiring strong passwords for administrator accounts.

The Simple Network Management Protocol (SNMP) should be disabled or set securely. Firewall rules , defined by access control lists (ACLs), control traffic based on IP addresses, port numbers, and protocols. To maximize security, thoroughly test configurations, including advanced features such as web category filtering and intrusion prevention, prior to deployment.

Sample ACL configuration dashboard from Fortinet.

3. Establish Your Network Zones Structure

Establishing your network zone structure involves determining the sections of your network, known as network zones, that hold high-value assets and data and surrounding them with firewalls to regulate access and assure security. This technique complies with PCI-DSS rules and ensures strong security.

Carefully distribute resources to each zone, balancing security requirements with administrative complexity. Consider establishing a demilitarized zone for important servers to enable comprehensive traffic monitoring. Remember to create an IP address structure that efficiently connects firewall interfaces to their corresponding zones, hence improving network organization and security.

Sample network zones configuration from Palo Alto.

4. Configure Firewall Policies

Configuring policies is one of the most essential phases in effectively securing a network through firewalls. Firewall policies set network access conditions, including authorized ports, approved IP addresses, and security zones for network segmentation. Testing in a controlled environment confirms that the firewall performs as expected, blocking unwanted traffic based on ACL configurations.

Once tested, the firewall is ready for production, with a backup configuration safely preserved. Consider hiring a security specialist to check your configurations for maximum data protection. Tailor firewall capabilities such as network segmentation and application controls to specific network zones while sticking to formal policies to avoid implementation complications.

Sample firewall rule administration from ManageEngine.

Need help in creating a firewall policy document? Check out our guide on firewall policy steps and download our free template .

5. Configure Logging & Alerts

Recording and monitoring firewall activity makes sure that security risks or operational concerns are detected in a timely manner. Logging captures critical information for failure prevention, recovery, and incident response. Determine what to log and how long to keep logs based on network requirements and resource limits.

Send logs to both local and centralized storage for complete monitoring. Create administrative accounts with read-only access to logs for auditing. Configure real-time notifications for critical events such as firewall rule updates or system status changes to provide a timely reaction to possible threats or operational difficulties. Customize logging and alert settings to meet your individual network needs and security priorities.

Sample firewall log management tool from SolarWinds.

6. Test & Audit Your Firewall

Prior to deployment, conduct penetration testing and vulnerability scanning to find holes and improve defenses. Following deployment, plan regular audits to check firewall logs, verify ACLs and rules, and assure compliance. Changes should be documented and audit information stored for regulatory reporting purposes.

Implement procedures for updating firewall firmware and extensively testing additional features such as VPN and antimalware functionality. To accurately analyze firewall performance and effectiveness, ensure that the test network closely resembles production environments. Regular updates and thorough testing ensure a safe network environment.

Sample firewall policy testing from Sophos XG.

7. Deploy the Firewall

Deploying a firewall means transitioning from testing to actual operations while adhering to organizational regulations. Notify the users who were affected and coordinate any necessary equipment upgrades. Integrate the firewall’s security policy with the entire organizational policy and manage configuration changes as they occur. Consider a staged rollout or pilot program to fix difficulties before full implementation.

Integrating the firewall into the network entails more than just insertion; it also needs routing integration and possible switch reconfiguration. If you use failover mechanisms, set up network switches accordingly. Careful design and coordination guarantee that the firewall integrates seamlessly and operates effectively within the network infrastructure.

Sample firewall monitoring after deployment from Tenable.

Integrate your firewall with network monitoring tools for more efficient tracking of your network’s performance and security.

8. Manage & Maintain the Correct Firewall Configuration

Firewall configuration management and maintenance imply continual efforts to ensure maximum functionality and security. This includes testing and deploying patches , updating policy rules to accommodate new threats or changes in network requirements, and monitoring performance to identify possible resource issues. Continuously monitor logs and alerts to detect and respond to threats effectively.

Periodic testing validates firewall rules, and regular backups of policies and rule sets protect against data loss. Formal configuration management methods should govern ruleset modifications, with admin access limitations and detailed documentation for accountability. Every six months, perform firmware updates, vulnerability checks , and configuration reviews to make sure the firewall remains efficient and effectively protects the network.

Sample firewall management and policy upgrades from Azure Firewall Manager.

6 Common Mistakes to Avoid When Setting Up a Firewall

Misconfigured firewalls pose serious risks, allowing attackers easy access and endangering organizational security. Common failures involve providing unrestricted outbound traffic, forgetting to detect internal threats, updating rules inconsistently, establishing overly broad policies, testing using production data, and failing to log appropriately. These flaws expose networks to vulnerabilities and breaches, weakening security protections.

Allowing Unrestricted Outbound Traffic

A typical mistake is configuring the firewall to enable unrestricted outbound traffic. While focusing on inbound threats, failing to monitor outgoing traffic allows malware or attackers to exfiltrate data, potentially leading to costly breaches. Controlling outgoing traffic prevents unauthorized data leaks and maintains network security .

Neglecting Internal Threats

Focusing primarily on external threats exposes networks to inside attacks, including compromised internal hosts. Internal firewalls and access restrictions should be built to reduce risks from insider attacks or externally compromised systems, ensuring complete network protection.

Performing Inconsistent Firewall Rule Updates

Adopting a “set it and forget it” approach to firewall rules results in obsolete setups that don’t meet current network requirements or security policies. Regularly monitor and update firewall rules to account for changes in network architecture, user access, and regulatory compliance, ensuring an effective security posture and minimizing vulnerabilities.

Creating Overly Broad Policy Configurations

Configuring firewalls with too permissive policies, which allow traffic from any source to any destination, broadens the attack surface and exposes the network to unnecessary risk. Minimize the potential for breaches by adhering to the concept of least privilege and ensuring that the firewall regulations restrict access to just necessary services and resources.

Testing Systems with Production Data

Using production data in test settings jeopardizes security and breaches governance guidelines. Test systems shouldn’t connect to production systems or collect critical data to avoid being exposed to low-security situations. Enforcing rigorous access controls to test data assures regulatory compliance while also maintaining data integrity.

Failing to Conduct Proper Logging & Monitoring

Failure to evaluate firewall log outputs or configure monitoring systems with adequate granularity reduces threat detection and incident response capabilities. Proper logging architecture and analysis quickly detect and investigate security occurrences, enabling proactive defense actions and lowering the risk of breaches.

10 Best Practices in Setting Up a Firewall

Any errors in the configuration of your systems may increase your vulnerability to security breaches. From ensuring compliance to creating multiple layers of security, adopt the best practices below to limit these risks and avoid typical errors while configuring a firewall.

Select the Correct Firewall Type

Choose the firewall type that best meets your network’s needs. Available options include packet-filtering firewalls , stateful inspection firewalls , and sophisticated proxies with intrusion detection and prevention. For example, for a small office network, a stateful inspection firewall with minimal traffic filtering features may suffice, providing protection without being overly complex.

Utilize Compatible Security Tools

Use logging tools and run frequent audits to evaluate firewall performance. Employ penetration and vulnerability testing to assess network security. When choosing a firewall, consider a solution that strikes a balance between critical features and performance considerations, avoiding needless complexity that may reduce network efficiency. Look for compatible network security tools , such as endpoint protection platforms or threat intelligence platforms .

Streamline Processes via Automation

Automation tools make firewall configuration easier, reducing manual labor and lowering the risk of misconfiguration. Automation scripts and orchestration systems, for example, improve efficiency and provide a consistent security posture by streamlining rule management and policy enforcement across varied network environments. There are also solutions available that automate rule management, policy analysis, and compliance auditing.

Establish a Centralized Logging & Monitoring System

Centralized logging and monitoring systems collect vital information about potential threats and security breaches. Implementing a centralized logging system enables the efficient gathering, analysis, and visualization of firewall data across the network. A centralized system provides rapid detection of security issues, effective incident response , and proactive security actions to protect the network from potential threats.

Consider the Cloud Traffic

When establishing firewalls , prioritize solutions that can handle cloud-based apps and remote users. Implement policies and procedures that go beyond the traditional on-premise approaches. Failure to update firewall configurations to enable cloud traffic not only reduces productivity but also exposes enterprises to increased dangers, emphasizing the importance of a hybrid security approach that includes cloud-native defenses.

Prevent False Positives when Blocking Traffic

Fine-tune firewall policies to prevent excessively strict rules or requirements. Implement bespoke setups and whitelists to allow legitimate communications while limiting dangerous risks. Expect some initial issues and complaints as users adjust, but refine arrangements based on traffic patterns to guarantee effective security without compromising productivity.

Ensure Compliance

Firewall protection is pivotal for compliance adherence like PCI-DSS and HIPAA. Implement strong firewalls around sensitive data and ensure configuration changes meet regulatory standards. For example, adhere to logging compliance, especially under PCI-DSS, by enabling automated logging and verifying audit accuracy for comprehensive data recording.

Document the Firewall’s Capabilities

Record the firewall’s capabilities for optimal planning and deployment. For example, if a firewall lacks advanced intrusion detection capabilities, your company may need to enhance its security plan. Each firewall model has distinct characteristics and limits that influence security policies and deployment methods. Include these details in the planning document so that the firewall’s capabilities match the organization’s security objectives and requirements.

Create a Defense-in-Depth

Defense-in-depth is a security technique that involves establishing multiple layers of defense to protect against diverse threats. For example, a business may install a next-gen firewall at several network points, supplemented with antivirus software and intrusion detection systems. This strategy ensures that if one security layer fails, others are in place to reduce the risk and prevent a successful attack.

Conduct Regular Updates

Establish a consistent timetable for firewall assessments and updates to maintain continuing security while avoiding crucial activities during busy IT operations. Regular updates are required for firewall maintenance. To avoid illegal access, access controls should be reviewed and adjusted on a regular basis. Keep up with vendor-provided firmware, software patches, and security upgrades to resolve vulnerabilities and improve protection.

Bottom Line: Set Up a Firewall to Boost Your Network Security

A firewall efficiently strengthens defenses against cyberthreats while preserving data integrity and network operation. Make sure you have a specific setup for each network, taking into account its unique requirements. A comprehensive firewall audit identifies particular requirements and assesses your current structure. Additionally, regular maintenance guarantees an optimized firewall configuration, resulting in effective security measures that last over time.

To gain insights into your company’s specific firewall needs and assess its current status, explore our guide on performing a comprehensive firewall audit .

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

IT Security Resources

How to block a program in a firewall (windows & mac).

Blue shield with lock icon on a technological background.

Vulnerability Recap 5/6/24 – Aruba, Dropbox, GitLab Bugs

Warning icon on red cybersecurity background.

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

Glowing futuristic backround with lock on digital integrated circuit.

Red Team vs Blue Team vs Purple Team: Differences Explained

A digital shield deflecting arrows made of binary code, symbolizing the active defense against cyber threats.

Top Cybersecurity Companies

Top 10 cybersecurity companies.

1 Uniqkey – Business Password Manager

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis

Creative network and world hologram background.

How To Set Up DMZ on Servers: 7-Step DMZ Configuration

Legacy versions

The legacy versions of the Compose file reference has moved to the V1 branch of the Compose repository . They are no longer being actively maintained.

The latest and recommended version of the Compose file format is defined by the Compose Specification . This format merges the 2.x and 3.x versions and is implemented by Compose 1.27.0+ . For more information, see the History and development of Docker Compose .

Select Product

Machine Translated

14.1 - Current Release

NetScaler Release Notes

Getting Started with NetScaler

Where Does a NetScaler Appliance Fit in the Network?

How a NetScaler Communicates with Clients and Servers

Introduction to the NetScaler Product Line

Install the hardware

Access a NetScaler

Configure the ADC for the first time

Secure your NetScaler deployment

Configure high availability

Change an RPC node password

Configuring a FIPS Appliance for the First Time

Understanding Common Network Topologies

System management settings

System settings

Packet forwarding modes

Network interfaces

Clock synchronization

DNS configuration

SNMP configuration

Verify Configuration

Load balance traffic on a NetScaler appliance

Load balancing

Persistence settings

Configure features to protect the load balancing configuration

A typical load balancing scenario

Use case - How to force Secure and HttpOnly cookie options for websites using the NetScaler appliance

Accelerate load balanced traffic by using compression

Secure load balanced traffic by using SSL

Features at a Glance

Application Switching and Traffic Management Features

Application Acceleration Features

Application Security and Firewall Features

Application Visibility Feature

NetScaler Solutions

Setting up NetScaler for Citrix Virtual Apps and Desktops

Global Server Load Balancing (GSLB) Powered Zone Preference

Anycast support in NetScaler

Deploy digital advertising platform on AWS with NetScaler

Enhancing Clickstream analytics in AWS using NetScaler

NetScaler in a Private Cloud Managed by Microsoft Windows Azure Pack and Cisco ACI

Creating a NetScaler Load Balancer in a Plan in the Service Management Portal (Admin Portal)

Configuring a NetScaler Load Balancer by Using the Service Management Portal (Tenant Portal)

Deleting a NetScaler Load Balancer from the Network

NetScaler cloud native solution

Kubernetes Ingress solution

Service mesh

Solutions for observability

API gateway for Kubernetes

Use NetScaler ADM to Troubleshoot NetScaler cloud native Networking

Deploy a NetScaler VPX instance

Support matrix and usage guidelines

Optimize NetScaler VPX performance on VMware ESX, Linux KVM, and Citrix Hypervisors

Support for increasing NetScaler VPX disk space

Apply NetScaler VPX configurations at the first boot of the NetScaler appliance in cloud

Improve SSL-TPS performance on public cloud platforms

Configure simultaneous multithreading for NetScaler VPX on public clouds

Install a NetScaler VPX instance on a bare metal server

Install a NetScaler VPX instance on Citrix Hypervisor

Configuring NetScaler Virtual Appliances to use Single Root I/O Virtualization (SR-IOV) Network Interfaces

Install a NetScaler VPX instance on VMware ESX

Configure NetScaler VPX to use VMXNET3 network interface

Configure NetScaler VPX to use SR-IOV network interface

Configure NetScaler VPX to use Intel QAT for SSL acceleration in SR-IOV mode

Migrating the NetScaler VPX from E1000 to SR-IOV or VMXNET3 network interfaces

Configure NetScaler VPX to use PCI passthrough network interface

Apply NetScaler VPX configurations at the first boot of the NetScaler appliance on VMware ESX hypervisor

Install a NetScaler VPX instance on VMware cloud on AWS

Install a NetScaler VPX instance on Microsoft Hyper-V servers

Install a NetScaler VPX instance on Linux-KVM platform

Prerequisites for installing NetScaler VPX virtual appliances on Linux-KVM platform

Provisioning the NetScaler virtual appliance by using OpenStack

Provisioning the NetScaler virtual appliance by using the Virtual Machine Manager

Configuring NetScaler virtual appliances to use SR-IOV network interface

Configure a NetScaler VPX on KVM hypervisor to use Intel QAT for SSL acceleration in SR-IOV mode

Configuring NetScaler virtual appliances to use PCI Passthrough network interface

Provisioning the NetScaler virtual appliance by using the virsh Program

Managing the NetScaler Guest VMs

Provisioning the NetScaler virtual appliance with SR-IOV on OpenStack

Configuring a NetScaler VPX instance on KVM to use OVS DPDK-Based host interfaces

Apply NetScaler VPX configurations at the first boot of the NetScaler appliance on the KVM hypervisor

Deploy a NetScaler VPX instance on AWS

AWS terminology

AWS-VPX support matrix

Limitations and usage guidelines

Prerequisites

Configure AWS IAM roles on NetScaler VPX instance

How a NetScaler VPX instance on AWS works

Deploy a NetScaler VPX standalone instance on AWS

Scenario: standalone instance

Download a NetScaler VPX license

Load balancing servers in different availability zones

How high availability on AWS works

Deploy a VPX HA pair in the same AWS availability zone

High availability across different AWS availability zones

Deploy a VPX high-availability pair with elastic IP addresses across different AWS zones

Deploy a VPX high-availability pair with private IP addresses across different AWS zones

Deploy a NetScaler VPX instance on AWS Outposts

Protect AWS API Gateway using the NetScaler Web Application Firewall

Add back-end AWS auto scaling service

Deploy NetScaler GSLB on AWS

Deploy NetScaler VPX on AWS

Configure a NetScaler VPX instance to use SR-IOV network interface

Configure a NetScaler VPX instance to use Enhanced Networking with AWS ENA

Upgrade a NetScaler VPX instance on AWS

Troubleshoot a VPX instance on AWS

Deploy a NetScaler VPX instance on Microsoft Azure

Azure terminology

Network architecture for NetScaler VPX instances on Microsoft Azure

Configure a NetScaler standalone instance

Configure multiple IP addresses for a NetScaler VPX standalone instance

Configure a high-availability setup with multiple IP addresses and NICs

Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands

Deploy a NetScaler high-availability pair on Azure with ALB in the floating IP-disabled mode

Deploy the NetScaler for Azure DNS private zone

Configure a NetScaler VPX instance to use Azure accelerated networking

Configure HA-INC nodes by using the NetScaler high availability template with Azure ILB

Configure HA-INC nodes by using the NetScaler high availability template for internet-facing applications

Configure a high-availability setup with Azure external and internal load balancers simultaneously

Install a NetScaler VPX instance on Azure VMware solution

Configure a NetScaler VPX standalone instance on Azure VMware solution

Configure a NetScaler VPX high availability setup on Azure VMware solution

Configure Azure route server with NetScaler VPX HA pair

Add Azure autoscale settings

Azure tags for NetScaler VPX deployment

Configure GSLB on NetScaler VPX instances

Configure GSLB on an active-standby high availability setup

Deploy NetScaler GSLB on Azure

Deploy NetScaler Web App Firewall on Azure

Configure address pools (IIP) for a NetScaler Gateway appliance

Configure multiple IP addresses for a NetScaler VPX instance in standalone mode by using PowerShell commands

Additional PowerShell scripts for Azure deployment

Create a support ticket for the VPX instance on Azure

Deploy a NetScaler VPX instance on Google Cloud Platform

Deploy a VPX high-availability pair on Google Cloud Platform

Deploy a VPX high-availability pair with external static IP address on Google Cloud Platform

Deploy a single NIC VPX high-availability pair with private IP address on Google Cloud Platform

Deploy a VPX high-availability pair with private IP addresses on Google Cloud Platform

Install a NetScaler VPX instance on Google Cloud VMware Engine

Add back-end GCP Autoscaling service

VIP scaling support for NetScaler VPX instance on GCP

Troubleshoot a VPX instance on GCP

Jumbo frames on NetScaler VPX instances

Automate deployment and configurations of NetScaler

Allocate and apply a license

Data governance

Console Advisory Connect

Upgrade and downgrade a NetScaler appliance

Before you begin

Upgrade considerations for configurations with classic policies

Upgrade considerations for customized configuration files

Upgrade considerations - SNMP configuration

Download a NetScaler release package

Upgrade a NetScaler standalone appliance

Downgrade a NetScaler standalone appliance

Upgrade a high availability pair

In Service Software Upgrade support for high availability

Downgrade a high availability pair

Troubleshooting

Solutions for Telecom Service Providers

Large Scale NAT

Points to Consider before Configuring LSN

Configuration Steps for LSN

Sample LSN Configurations

Configuring Static LSN Maps

Configuring Application Layer Gateways

Logging and Monitoring LSN

TCP SYN Idle Timeout

Overriding LSN configuration with Load Balancing Configuration

Clearing LSN Sessions

Load Balancing SYSLOG Servers

Port Control Protocol

LSN44 in a cluster setup

Dual-Stack Lite

Points to Consider before Configuring DS-Lite

Configuring DS-Lite

Configuring DS-Lite Static Maps

Configuring Deterministic NAT Allocation for DS-Lite

Configuring Application Layer Gateways for DS-Lite

Logging and Monitoring DS-Lite

Port Control Protocol for DS-Lite

Large Scale NAT64

Points to Consider for Configuring Large Scale NAT64

Configuring DNS64

Configuring Large Scaler NAT64

Configuring Application Layer Gateways for Large Scale NAT64

Configuring Static Large Scale NAT64 Maps

Logging and Monitoring Large Scale NAT64

Port Control Protocol for Large Scale NAT64

LSN64 in a cluster setup

Mapping Address and Port using Translation

Telco subscriber management

Subscriber aware traffic steering

Subscriber aware service chaining

Subscriber aware traffic steering with TCP optimization

Policy based TCP profile selection

Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols

Provide DNS Infrastructure/Traffic Services, such as, Load Balancing, Caching, and Logging for Telecom Service Providers

Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider

Bandwidth Utilization Using Cache Redirection Functionality

NetScaler TCP Optimization

Getting Started

Management Network

High Availability

Gi-LAN Integration

TCP Optimization Configuration

Analytics and Reporting

Real-time Statistics

Technical Recipes

Scalability

Optimizing TCP Performance using TCP Nile

Troubleshooting Guidelines

Frequently Asked Questions

NetScaler Video Optimization

Configuring Video Optimization over TCP

Video Optimization over UDP

NetScaler URL Filtering

URL Categorization

Authentication, Authorization, and Auditing

Admin Partition

Connection Management

Content Switching

Integrated Caching

Installing, Upgrading, and Downgrading

Load Balancing

NetScaler GUI

Authentication, authorization, and auditing application traffic

How authentication, authorization, and auditing works

Basic components of authentication, authorization, and auditing configuration

Authentication virtual server

Authorization policies

Authentication profiles

Authentication policies

Users and groups

Authentication methods

Multi-Factor (nFactor) authentication

SAML authentication

OAuth authentication

LDAP authentication

RADIUS authentication

TACACS authentication

Client certificate authentication

Negotiate authentication

Web authentication

Forms based authentication

401 based authentication

reCaptcha for nFactor authentication

Native OTP support for authentication

Push notification for OTP

Authentication, authorization, and auditing configuration for commonly used protocols

Single sign-on types

NetScaler Kerberos single sign-on

Enable SSO for Basic, Digest, and NTLM authentication

Content Security Policy response header support for NetScaler Gateway and authentication virtual server generated responses

Self-service password reset

Web Application Firewall protection for VPN virtual servers and authentication virtual servers

Polling during authentication

Session and traffic management

Rate Limiting for NetScaler Gateway

Authorizing user access to application resources

Auditing authenticated sessions

NetScaler as an Active Directory Federation Service proxy

Web Services Federation protocol

Active Directory Federation Service Proxy Integration Protocol compliance

On-premises NetScaler Gateway as an identity provider to Citrix Cloud

Support for active-active GSLB deployments on NetScaler Gateway

Configuration support for SameSite cookie attribute

Handling authentication, authorization and auditing with Kerberos/NTLM

Troubleshoot authentication and authorization related issues

Admin partition

NetScaler configuration support in admin partition

Configure admin partitions

VLAN configuration for admin partitions

VXLAN support for admin partitions

SNMP support for admin partitions

Audit log support for admin partitions

Display configured PMAC addresses for shared VLAN configuration

Action analytics

Configure a selector

Configure a stream identifier

View statistics

Group records on attribute values

Clear a stream session

Configure policy for optimizing traffic

How to limit bandwidth consumption for user or client device

AppExpert applications

How AppExpert application works

Customize AppExpert configuration

Configure user authentication

Monitor NetScaler statistics

Delete an AppExpert application

Configure application authentication, authorization, and auditing

Set up a custom NetScaler application

NetScaler Gateway Applications

Enable AppQoE

AppQOE actions

AppQoE parameters

AppQoE policies

Entity templates

HTTP callouts

How an HTTP callout works

Notes on the format of HTTP requests and responses

Configure an HTTP callout

Verify the configuration

Invoke an HTTP callout

Avoid HTTP callout recursion

Cache HTTP callout responses

Use Case: Filter clients by using an IP blacklist

Use Case: ESI support for fetching and updating content dynamically

Use Case: Access control and authentication

Use Case: OWA-Based spam filtering

Use Case: Dynamic content switching

Pattern sets and data sets

How string matching works with pattern sets and data sets

Configure a pattern set

Configure a data set

Use Pattern sets and data sets

Sample usage

Configure and use variables

Use case for caching user privileges

Use case for limiting the number of sessions

Policies and expressions

Introduction to policies and expressions

Configuring advanced policy infrastructure

Configure advanced policy expression: Getting started

Advanced policy expressions: Evaluating text

Advanced policy expressions: Working with dates, times, and numbers

Advanced policy expressions: Parsing HTTP, TCP, and UDP data

Advanced policy expressions: Parsing SSL certificates

Advanced policy expressions: IP and MAC Addresses, Throughput, VLAN IDs

Advanced policy expressions: Stream analytics functions

Advanced policy expressions: DataStream

Typecasting data

Regular expressions

Summary examples of advanced policy expressions

Tutorial examples of advanced policies for rewrite

Rewrite and responder policy examples

Rate limiting

Configure a stream selector

Configure a traffic rate limit identifier

Configure and bind a traffic rate policy

View the traffic rate

Test a rate-based policy

Examples of rate-based policies

Sample use cases for rate-based policies

Rate limiting for traffic domains

Configure rate limit at packet level

Enable the responder feature

Configure a responder action

Configure a responder policy

Bind a responder policy

Set the default action for a responder policy

Responder action and policy examples

Diameter support for responder

RADIUS support for responder

DNS support for the responder feature

MQTT support for responder

How to redirect HTTP requests

Content-length header behavior in a rewrite policy

Rewrite action and policy examples

URL transformation

RADIUS support for the rewrite feature

Diameter support for rewrite

DNS support for the rewrite feature

MQTT support for rewrite

String maps

Getting started

Advanced policy expressions for URL evaluation

Configure URL set

URL pattern semantics

URL categories

Configuring the AppFlow Feature

Exporting Performance Data of Web Pages to AppFlow Collector

Session Reliability on NetScaler High Availability Pair

API Security

Import API Specification

API Specification Validation

Advanced Policy Expressions using API Specification

API Traffic Visibility using API Specification Validation

Application Firewall

FAQs and Deployment Guide

Introduction to Citrix Web App Firewall

Configuring the Application Firewall

Enabling the Application Firewall

The Application Firewall Wizard

Manual Configuration

Manual Configuration By Using the GUI

Manual Configuration By Using the Command Line Interface

Manually Configuring the Signatures Feature

Adding or Removing a Signatures Object

Configuring or Modifying a Signatures Object

Protecting JSON Applications using Signatures

Updating a Signatures Object

Signature Auto Update

Snort rule integration

Exporting a Signatures Object to a File

The Signatures Editor

Signature Updates in High-Availability Deployment and Build Upgrades

Overview of Security checks

Top-Level Protections

HTML Cross-Site Scripting Check

HTML SQL Injection Checks

SQL grammar-based protection for HTML and JSON payload

Command injection grammar-based protection for HTML payload

Relaxation and deny rules for handling HTML SQL injection attacks

HTML Command Injection Protection

Custom keyword support for HTML payload

XML External Entity Protection

Buffer Overflow Check

Application Firewall Support for Google Web Toolkit

Cookie Protection

Cookie Consistency Check

Cookie Hijacking Protection

SameSite cookie attribute

Data Leak Prevention Checks

Credit Card Check

Safe Object Check

Advanced Form Protection Checks

Field Formats Check

Form Field Consistency Check

CSRF Form Tagging Check

Managing CSRF Form Tagging Check Relaxations

URL Protection Checks

Start URL Check

Deny URL Check

XML Protection Checks

XML Format Check

XML Denial-of-Service Check

XML Cross-Site Scripting Check

XML SQL Injection Check

XML Attachment Check

Web Services Interoperability Check

XML Message Validation Check

XML SOAP Fault Filtering Check

JSON Protection Checks

JSON DOS Protection

JSON SQL Protection

JSON XSS Protection

JSON Command Injection Protection

Managing Content Types

Creating Application Firewall Profiles

Enforcing HTTP RFC Compliance

Configuring Application Firewall Profiles

Application Firewall Profile Settings

Changing an Application Firewall Profile Type

Exporting and Importing an Application Firewall Profile

Detailed troubleshooting with WAF logs

File Upload Protection

Configuring and Using the Learning Feature

Dynamic Profiling

Supplemental Information about Profiles

Custom error status and message for HTML, XML, or JSON error object

Policy Labels

Firewall Policies

Auditing Policies

Importing and Exporting Files

Global Configuration

Engine Settings

Confidential Fields

Field Types

XML Content Types

JSON Content Types

Statistics and Reports

Application Firewall Logs

PCRE Character Encoding Format

Whitehat WASC Signature Types for WAF Use

Streaming Support for Request Processing

Trace HTML Requests with Security Logs

Application Firewall Support for Cluster Configurations

Debugging and Troubleshooting

Large File Upload Failure

Miscellaneous

Use case - Binding Web App Firewall policy to a VPN virtual server

Signatures Alert Articles

Signature update version 128

Signature update version 127

Signature update version 126

Signature update version 125

Signature update version 124

Signature update version 123

Signature update version 122

Signature update version 121

Signature update version 120

Signature update version 119

Signature update version 118

Signature update version 117

Signature update version 116

Signature update version 115

Signature update version 114

Signature update version 113

Signature update version 112

Signature update version 111

Signature update version 110

Signature update version 109

Signature update version 108

Signature update version 107

Signature update version 106

Signature update version 105

Bot Management

Bot detection

Configure bot profile setting

Configure bot signature setting

Bot signature auto update

Bot troubleshooting

Bot signature alert articles

Bot signature update version 5

Bot signature update version 6

Bot signature update version 7

Bot signature update version 8

Bot signature update version 9

Bot signature update version 10

Bot signature update version 11

Bot signature update version 12

Bot signature update version 13

Bot signature update version 14

Bot signature update version 15

Bot signature update version 16

Cache Redirection

Cache redirection policies

Built-in cache redirection policies

Configure a cache redirection policy

Cache redirection configurations

Configure transparent redirection

Configure forward proxy redirection

Configure reverse proxy redirection

Selective cache redirection

Enable content switching

Configure a load balancing virtual server for the cache

Configure policies for content switching

Configure precedence for policy evaluation

Administer a cache redirection virtual server

View cache redirection virtual server statistics

Enable or disable a cache redirection virtual server

Direct policy hits to the cache instead of the origin

Back up a cache redirection virtual server

Manage client connections for a virtual server

Enable external TCP health check for UDP virtual servers

N-tier cache redirection

Configure the upper-tier NetScaler appliances

Configure the lower-tier NetScaler appliances

Translate destination IP address of a request to origin IP address

NetScaler configuration support in a cluster

Cluster overview

Synchronization across cluster nodes

Striped, partially striped, and spotted configurations

Communication in a cluster setup

Traffic distribution in a cluster setup

Cluster nodegroups

Cluster and node states

Routing in a cluster

IP addressing for a cluster

Configuring layer 3 clustering

Setting up a NetScaler cluster

Setting up inter-node communication

Creating a NetScaler cluster

Adding a node to the cluster

Viewing the details of a cluster

Distributing traffic across cluster nodes

Using Equal Cost Multiple Path (ECMP)

Using cluster link aggregation

Using USIP mode in cluster

Managing the NetScaler cluster

Configuring linksets

Nodegroups for spotted and partially-striped configurations

Configuring redundancy for nodegroups

Disabling steering on the cluster backplane

Synchronizing cluster configurations

Synchronizing time across cluster nodes

Synchronizing cluster files

Viewing the statistics of a cluster

Discovering NetScaler appliances

Disabling a cluster node

Removing a cluster node

Removing a node from a cluster deployed using cluster link aggregation

Detecting jumbo probe on a cluster

Route monitoring for dynamic routes in cluster

Monitoring cluster setup using SNMP MIB with SNMP link

Monitoring command propagation failures in a cluster deployment

Graceful shutdown of nodes

Graceful shutdown of services

IPv6 ready logo support for clusters

Managing cluster heartbeat messages

Configure secure heartbeats

Configuring owner node response status

Monitor Static Route (MSR) support for inactive nodes in a spotted cluster configuration

VRRP interface binding in a single node active cluster

Cluster setup and usage scenarios

Creating a two-node cluster

Migrating an HA setup to a cluster setup

Transitioning between a L2 and L3 cluster

Setting up GSLB in a cluster

Using cache redirection in a cluster

Using L2 mode in a cluster setup

Using cluster LA channel with linksets

Backplane on LA channel

Common interfaces for client and server and dedicated interfaces for backplane

Common switch for client, server, and backplane

Common switch for client and server and dedicated switch for backplane

Different switch for every node

Sample cluster configurations

Using VRRP in a cluster setup

Monitoring services in a cluster using path monitoring

Backup and restore of cluster setup

Upgrading or downgrading the NetScaler cluster

Operations supported on individual cluster nodes

Support for heterogeneous cluster

Troubleshooting the NetScaler cluster

Tracing the packets of a NetScaler cluster

Troubleshooting common issues

Configuring Basic Content Switching

Customizing the Basic Content Switching Configuration

Content Switching for Diameter Protocol

Protecting the Content Switching Setup against Failure

Managing a Content Switching Setup

Managing Client Connections

Persistence support for content switching virtual server

Configure database users

Configure a database profile

Configure load balancing for DataStream

Configure content switching for DataStream

Configure monitors for DataStream

Use Case 1: Configure DataStream for a primary/secondary database architecture

Use Case 2: Configure the token method of load balancing for DataStream

Use Case 3: Log MSSQL transactions in transparent mode

Use Case 4: Database specific load balancing

DataStream reference

Domain Name System

Configure DNS resource records

Create SRV records for a service

Create AAAA Records for a domain name

Create address records for a domain name

Create MX records for a mail exchange server

Create NS records for an authoritative server

Create CNAME records for a subdomain

Create NAPTR records for telecommunications domain

Create PTR records for IPv4 and IPv6 addresses

Create SOA records for authoritative information

Create TXT records for holding descriptive text

Create CAA records for a domain name

View DNS statistics

Configure a DNS zone

Configure the NetScaler as an ADNS server

Configure the NetScaler as a DNS proxy server

Configure the NetScaler as an end resolver

Configure the NetScaler as a forwarder

Configure NetScaler as a non-validating security aware stub-resolver

Jumbo frames support for DNS to handle responses of large sizes

Configure DNS logging

Configure DNS suffixes

DNS ANY query

Configure negative caching of DNS records

Caching of EDNS0 client subnet data when the NetScaler appliance is in proxy mode

Domain name system security extensions

Configure DNSSEC

Configure DNSSEC when the NetScaler is authoritative for a zone

Configure DNSSEC for a zone for which the NetScaler is a DNS proxy server

Configure DNSSEC for GSLB domain names

Zone maintenance

Offload DNSSEC operations to the NetScaler

Admin partition support for DNSSEC

Support for wildcard DNS domains

Mitigate DNS DDoS attacks

Use case - configure the automatic DNSSEC key management feature

Use Case - configure the automatic DNSSEC key management on GSLB deployment

Use Case - how to revoke a compromised active key

Firewall Load Balancing

Sandwich Environment

Enterprise Environment

Multiple-Firewall Environment

Global Server Load Balancing

GSLB deployment types

Active-active site deployment

Active-passive site deployment

Parent-child topology deployment using the MEP protocol

GSLB configuration entities

GSLB methods

GSLB algorithms

Static proximity

Dynamic round trip time method

Configure static proximity

Add a location file to create a static proximity database

Add custom entries to a static proximity database

Set location qualifiers

Specify proximity method

Synchronize GSLB static proximity database

Configure site-to-site communication

Configure metrics exchange protocol

Configure GSLB by using a wizard

Configure active-active site

Configure active-passive site

Configure parent-child topology

Configure GSLB entities individually

Configure an authoritative DNS service

Configure a basic GSLB site

Configure a GSLB service

Configure a GSLB service group

Configure a GSLB virtual server

Bind GSLB services to a GSLB virtual server

Bind a domain to a GSLB virtual server

Example of a GSLB setup and configuration

Synchronize the configuration in a GSLB setup

Manual synchronization between sites participating in GSLB

Real-time synchronization between sites participating in GSLB

View GSLB synchronization status and summary

SNMP traps for GSLB configuration synchronization

GSLB dashboard

Monitor GSLB services

How domain name system works with GSLB

Priority order for GSLB services

Upgrade recommendations for GSLB deployment

Use case: Deployment of domain name based autoscale service group

Use case: Deployment of IP address based autoscale service group

How-to articles

Customize your GSLB configuration

Configure persistent connections

Manage client connections

Configure GSLB for proximity

Protect the GSLB setup against failure

Configure GSLB for disaster recovery

Override static proximity behavior by configuring preferred locations

Configure GSLB service selection using content switching

Configure GSLB for DNS queries with NAPTR records

Configure GSLB for wildcard domain

Use the EDNS0 client subnet option for GSLB

Example of a complete parent-child configuration using the metrics exchange protocol

Link Load Balancing

Configuring a Basic LLB Setup

Configuring RNAT with LLB

Configuring a Backup Route

Resilient LLB Deployment Scenario

Monitoring an LLB Setup

How load balancing works

Set up basic load balancing

Load balance virtual server and service states

Support for load balancing profile

Load balancing algorithms

Least connection method

Round robin method

Least response time method

LRTM method

Hashing methods

Least bandwidth method

Least packets method

Custom load method

Static proximity method

Token method

Least request method

Configure a load balancing method that does not include a policy

Persistence and persistent connections

About Persistence

Source IP address persistence

HTTP cookie persistence

SSL session ID persistence

Diameter AVP number persistence

Custom server ID persistence

IP address persistence

SIP Call ID persistence

RTSP session ID persistence

Configure URL passive persistence

Configure persistence based on user-defined rules

Configure persistence types that do not require a rule

Configure backup persistence

Configure persistence groups

Share persistent sessions between virtual servers

Configure RADIUS load balancing with persistence

View persistence sessions

Clear persistence sessions

Override persistence settings for overloaded services

Insert cookie attributes to ADC generated cookies

Customize a load balancing configuration

Customize the hash algorithm for persistence across virtual servers

Configure the redirection mode

Configure per-VLAN wildcarded virtual servers

Assign weights to services

Configure the MySQL and Microsoft SQL server version setting

Multi-IP virtual servers

Limit the number of concurrent requests on a client connection

Configure diameter load balancing

Configure FIX load balancing

MQTT load balancing

Protect a load balancing configuration against failure

Redirect client requests to an alternate URL

Configure a backup load balancing virtual server

Configure spillover

Connection failover

Flush the surge queue

Manage a load balancing setup

Manage server objects

Manage services

Manage a load balancing virtual server

Load balancing visualizer

Manage client traffic

Configure sessionless load balancing virtual servers

Redirect HTTP requests to a cache

Enable cleanup of virtual server connections

Rewrite ports and protocols for HTTP redirection

Insert IP address and port of a virtual server in the request header

Use a specified source IP for backend communication

Set a time-out value for idle client connections

Manage RTSP connections

Manage client traffic on the basis of traffic rate

Identify a connection with layer 2 parameters

Configure the prefer direct route option

Use a source port from a specified port range for backend communication

Configure source IP persistency for backend communication

Use IPv6 link local addresses on server side of a load balancing setup

Advanced load balancing settings

Gradually stepping up the load on a new service with virtual server–level slow start

The no-monitor option for services

Protect applications on protected servers against traffic surges

Enable cleanup of virtual server and service connections

Enable or disable persistence session on TROFS services

Direct requests to a custom web page

Enable access to services when down

Enable TCP buffering of responses

Enable compression

Maintain client connection for multiple client requests

Insert the IP address of the client in the request header

Retrieve location details from user IP address using geolocation database

Use source IP address of the client when connecting to the server

Use client source IP address for backend communication in a v4-v6 load balancing configuration

Configure the source port for server-side connections

Set a limit on the number of client connections

Set a limit on number of requests per connection to the server

Set a threshold value for the monitors bound to a service

Set a timeout value for idle client connections

Set a timeout value for idle server connections

Set a limit on the bandwidth usage by clients

Redirect client requests to a cache

Retain the VLAN identifier for VLAN transparency

Configure automatic state transition based on percentage health of bound services

Static proximity based on NetScaler location

Built-in monitors

TCP-based application monitoring

SSL service monitoring

HTTP/2 service monitoring

Proxy protocol service monitoring

FTP service monitoring

Secure monitoring of servers by using SFTP

Set SSL parameters on a secure monitor

SIP service monitoring

RADIUS service monitoring

Monitor accounting information delivery from a RADIUS server

DNS and DNS-TCP service monitoring

LDAP service monitoring

MySQL service monitoring

SNMP service monitoring

NNTP service monitoring

POP3 service monitoring

SMTP service monitoring

RTSP service monitoring

ARP request monitoring

Citrix Virtual Desktops Delivery Controller service monitoring

Citrix StoreFront stores monitoring

Oracle ECV service monitoring

Custom monitors

Configure HTTP-inline monitors

Understand user monitors

How to use a user monitor to check web sites

Understand the internal dispatcher

Configure a user monitor

Understand load monitors

Configure load monitors

Unbind metrics from a metrics table

Configure reverse monitoring for a service

Configure monitors in a load balancing setup

Create monitors

Configure monitor parameters to determine the service health

Bind monitors to services

Modify monitors

Enable and disable monitors

Unbind monitors

Remove monitors

View monitors

Close monitor connections

Ignore the upper limit on client connections for monitor probes

Manage a large scale deployment

Ranges of virtual servers and services

Configure service groups

Manage service groups

Configure a desired set of service group members for a service group in one NITRO API call

Configure automatic domain based service group scaling

Service discovery using DNS SRV records

Translate the IP address of a domain-based server

Mask a virtual server IP address

Configure load balancing for commonly used protocols

Load balance a group of FTP servers

Load balance DNS servers

Load balance domain-name based services

Load balance a group of SIP servers

Load balance RTSP servers

Load balance remote desktop protocol (RDP) servers

Priority order for load balancing services

Use case 1: SMPP load balancing

Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream

Use case 3: Configure load balancing in direct server return mode

Use case 4: Configure LINUX servers in DSR mode

Use case 5: Configure DSR mode when using TOS

Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field

Use case 7: Configure load balancing in DSR mode by using IP Over IP

Use case 8: Configure load balancing in one-arm mode

Use case 9: Configure load balancing in the inline mode

Use case 10: Load balancing of intrusion detection system servers

Use case 11: Isolating network traffic using listen policies

Use case 12: Configure Citrix Virtual Desktops for load balancing

Use case 13: Configure Citrix Virtual Apps and Desktops for load balancing

Use case 14: ShareFile wizard for load balancing Citrix ShareFile

Use case 15: Configure layer 4 load balancing on the NetScaler appliance

Load balancing FAQs

IP Addressing

Configuring NetScaler-Owned IP Addresses

How the NetScaler Proxies Connections

Enabling Use Source IP Mode

Configuring Network Address Translation

Configuring Static ARP

Setting the Timeout for Dynamic ARP Entries

Configuring Neighbor Discovery

Configuring IP Tunnels

Class E IPv4 packets

Monitor the free ports available on a NetScaler appliance for a new back-end connection

Configuring MAC-Based Forwarding

Configuring Network Interfaces

Configuring Forwarding Session Rules

Understanding VLANs

Configuring a VLAN

Configuring NSVLAN

Configuring Allowed VLAN List

Configuring Bridge Groups

Configuring Virtual MACs

Configuring Link Aggregation

Redundant Interface Set

Binding an SNIP address to an Interface

Monitoring the Bridge Table and Changing the Aging time

NetScaler Appliances in Active-Active Mode Using VRRP

Using the Network Visualizer

Configuring Link Layer Discovery Protocol

Jumbo Frames

NetScaler Support for Microsoft Direct Access Deployment

Access Control Lists

Simple ACLs and Simple ACL6s

Extended ACLs and Extended ACL6s

MAC Address Wildcard Mask for ACLs

Blocking Traffic on Internal Ports

Configuring Dynamic Routes

Configuring Static Routes

Route Health Injection Based on Virtual Server Settings

Configuring Policy-Based Routes

Traffic distribution in multiple routes based on five tuples information

Troubleshooting Routing Issues

Internet Protocol version 6 (IPv6)

Traffic Domains

Inter Traffic Domain Entity Bindings

Virtual MAC Based Traffic Domains

Geneve tunnels

Best practices for networking configurations

Configure to source NetScaler FreeBSD data traffic from a SNIP address

Observability

Integration with Prometheus

Monitor NetScaler and applications using Prometheus

Integration with Splunk

Export metrics directly from NetScaler to Splunk

Export transaction logs directly from NetScaler to Splunk

Export management logs directly from NetScaler to Splunk

Export audit logs and events directly from NetScaler to Splunk

Integration with Elasticsearch

Export transaction logs directly from NetScaler to Elasticsearch

NetScaler advanced analytics

Sample dashboards for endpoints

Sample dashboards on Grafana

Sample dashboards on Splunk

NetScaler metrics reference

Priority Load Balancing

NetScaler Extensions

NetScaler extensions - language overview

Simple types

Expressions

Control structures

NetScaler extensions - library reference

NetScaler extensions API reference

Protocol extensions

Protocol extensions - architecture

Protocol extensions - traffic pipeline for user defined TCP client and server behaviors

Protocol extensions - use cases

Tutorial – Add MQTT protocol to the NetScaler appliance by using protocol extensions

Tutorial - Load balancing syslog messages by using protocol extensions

Protocol extensions command reference

Troubleshoot protocol extensions

Policy extensions

Configure policy extensions

Policy extensions - use cases

Troubleshooting policy extensions

Optimization

Client Keep-Alive

HTTP Compression

Configure selectors and basic content groups

Configure policies for caching and invalidation

Cache support for database protocols

Configure expressions for caching policies and selectors

Display cached objects and cache statistics

Improve cache performance

Configure cookies, headers, and polling

Configure integrated cache as a forward proxy

Default Settings for the Integrated Cache

Front End Optimization

Media Classification

IP Reputation

SSL offload and acceleration

SSL offloading configuration

Support for TLS 1.3 protocol

SSL certificates

Create a certificate

Install, link, and update certificates

Generate a server test certificate

Import and convert SSL files

Bind an SSL certificate to a virtual server on the NetScaler appliance

SSL profiles

SSL profile infrastructure

Secure front-end profile

Appendix A: Sample migration of the SSL configuration after upgrade

Appendix B: Default front-end and back-end SSL profile settings

Legacy SSL profile

Migrate the SSL configuration to the enhanced SSL profile

Certificate revocation lists

Monitor certificate status with OCSP

OCSP stapling

Ciphers available on the NetScaler appliances

ECDHE ciphers

Diffie-Hellman (DH) key generation and achieving PFS with DHE

Cipher redirection

Leverage hardware and software to improve ECDHE and ECDSA cipher performance

ECDSA cipher suites support

Configure user-defined cipher groups on the ADC appliance

Server certificate support matrix on the ADC appliance

Client authentication

Server authentication

SSL actions and policies

SSL policies

SSL built-in actions and user-defined actions

SSL policy binding

SSL policy labels

Selective SSL logging

Support for DTLS protocol

Support for Intel Coleto SSL chip based platforms

MPX 14000 FIPS appliances

SDX 14000 FIPS appliances

Limitations

Terminology

Initialize the HSM

Create partitions

Provision a new instance or modify an existing instance and assign a partition

Configure the HSM for an instance on an SDX 14030/14060/14080 FIPS appliance

Create a FIPS key for an instance on an SDX 14030/14060/14080 FIPS appliance

Upgrade the FIPS firmware on a VPX instance

Support for Thales Luna Network hardware security module

Configure a Thales Luna client on the ADC

Configure Thales Luna HSMs in a high availability setup on the ADC

Additional ADC configuration

NetScaler appliances in a high availability setup

Support for Azure Key Vault

Content inspection

ICAP for remote content inspection

Inline Device Integration with NetScaler

Integration with IPS or NGFW as inline devices

IDS Integration

IDS Layer 3 Integration

Content Inspection Statistics for ICAP, IPS, and IDS

SSL forward proxy

Getting started with SSL forward proxy

Proxy modes

SSL interception

User identity management

URL filtering for SSL forward proxy

URL categorization

URL reputation score

Analytics for SSL forward proxy

Using ICAP for remote content inspection

Surge protection

Disable and reenable surge protection

Set thresholds for surge protection

DNS security options

Basic operations

Unified configuration file

Authentication and authorization for System Users

Configuring Users, User Groups, and Command Policies

User Account and Password Management

Resetting the Default Administrator (nsroot) Password

Configuring External User Authentication

SSH Key-based Authentication for NetScaler Administrators

Two Factor Authentication for System Users

Restricted Management Interface Access

TCP Configurations

HTTP Configurations

Configuring HTTP/2 on the NetScaler Appliance

HTTP/2 DoS mitigation

HTTP/3 over QUIC

HTTP/3 Configuration

HTTP/3 Policy Configuration

HTTP/3 Service Discovery

gRPC End-to-End Configuration

gRPC Bridging

gRPC Reverse Bridging

gRPC Call Termination

gRPC with Rewrite Policy Configuration

gRPC with Responder Policy Configuration

gRPC Health Monitor

QUIC bridge configuration

Proxy Protocol

Client IP Address in TCP Option

Configuring the NetScaler to Generate SNMP Traps

Configuring the NetScaler for SNMP v1 and v2 Queries

Configuring the NetScaler for SNMPv3 Queries

Configuring SNMP Alarms for Rate Limiting

Configuring SNMP in FIPS Mode

Audit Logging

Configuring the NetScaler Appliance for Audit Logging

Installing and Configuring the NSLOG Server

Running the NSLOG Server

Customizing Logging on the NSLOG Server

SYSLOG Over TCP

Default Settings for the Log Properties

Sample Configuration File (audit.conf)

Web Server Logging

Configuring the NetScaler for Web Server Logging

Installing the NetScaler Web Logging (NSWL) Client

Configuring the NSWL Client

Customizing Logging on the NSWL Client System

Reporting Tool

CloudBridge Connector

Monitoring CloudBridge Connector Tunnels

Configuring a CloudBridge Connector Tunnel between two Datacenters

Configuring CloudBridge Connector between Datacenter and AWS Cloud

Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Virtual Private Gateway on AWS

Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud

Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud

Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Cisco IOS Device

Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Fortinet FortiGate Appliance

CloudBridge Connector Tunnel Diagnostics and Troubleshooting

CloudBridge Connector Interoperability – StrongSwan

CloudBridge Connector Interoperability – F5 BIG-IP

CloudBridge Connector Interoperability – Cisco ASA

Points to Consider for a High Availability Setup

Configuring High Availability

Configuring the Communication Intervals

Configuring Synchronization

Synchronizing Configuration Files in a High Availability Setup

Configuring Command Propagation

Restricting High-Availability Synchronization Traffic to a VLAN

Configuring Fail-Safe Mode

Configuring Virtual MAC Addresses

Configuring High Availability Nodes in Different Subnets

Configuring Route Monitors

Limiting Failovers Caused by Route Monitors in non-INC mode

Configuring Failover Interface Set

Understanding the Causes of Failover

Forcing a Node to Fail Over

Forcing the Secondary Node to Stay Secondary

Forcing the Primary Node to Stay Primary

High Availability FAQs

Troubleshooting High Availability Issues

Managing High Availability Heartbeat Messages on a NetScaler Appliance

Remove and Replace a NetScaler in a High Availability Setup

Request retry

Request retry if back-end server resets TCP connection

Request retry if back-end server resets TCP connection during connection establishment

Request retry if back-end server response times out

TCP Optimization

How to record a packet trace on NetScaler

How to free space on /var directory

How to download core or crashed files from NetScaler appliance

How to collect performance statistics and event logs

How to configure log file rotation

How to free space on /flash directory

Reference Material

Document History

This content has been machine translated dynamically.

Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)

Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)

Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)

此内容已经过机器动态翻译。放弃

このコンテンツは動的に機械翻訳されています。免責事項

이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인

Este texto foi traduzido automaticamente. (Aviso legal)

Questo contenuto è stato tradotto dinamicamente con traduzione automatica. (Esclusione di responsabilità))

This article has been machine translated.

Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)

Ce article a été traduit automatiquement. (Clause de non responsabilité)

Este artículo ha sido traducido automáticamente. (Aviso legal)

この記事は機械翻訳されています. 免責事項

이 기사는 기계 번역되었습니다. 책임 부인

Este artigo foi traduzido automaticamente. (Aviso legal)

这篇文章已经过机器翻译. 放弃

Questo articolo è stato tradotto automaticamente. (Esclusione di responsabilità))

Translation failed!

Configure a NetScaler VPX on ESX hypervisor to use Intel QAT for SSL acceleration in SR-IOV mode

The NetScaler VPX instance on the VMware ESX hypervisor can use the Intel QuickAssist Technology (QAT) to accelerate the NetScaler SSL performance. Using Intel QAT, all heavy-latency crypto processing can be offloaded to the chip thus freeing up one or more host CPUs to do other tasks.

Previously, all NetScaler data path crypto processing was done in the software using host vCPUs.

Note: Currently, NetScaler VPX supports only the C62x chip model under Intel QAT family. This feature is supported starting from NetScaler release 14.1 build 8.50.

The ESX host is provisioned with one or more Intel C62x (QAT) chips.
NetScaler VPX meets the VMware ESX hardware requirements. For more information, see Install a NetScaler VPX instance on VMware ESX .

There’s no provision to reserve crypto units or bandwidth for individual VMs. All the available crypto units of any Intel QAT hardware are shared across all VMs using the QAT hardware.

Set up the host environment for using Intel QAT

Download and install the Intel-provided VMware driver for the C62x series (QAT) chip model in the VMware host. For more information on the Intel package downloads and installation instructions, see Intel QuickAssist Technology Driver for VMware .

Enable SR-IOV on the ESX host.

Create virtual machines. When creating a VM, assign the appropriate number of PCI devices to meet the performance requirements.

Note: Each C62x (QAT) chip can have up to three separate PCI endpoints. Each endpoint is a logical collection of VFs, and shares the bandwidth equally with other PCI endpoints of the chip. Each endpoint can have up to 16 VFs that show up as 16 PCI devices. You can add these devices to the VM to do the crypto acceleration using the QAT chip.

Points to note
If the VM crypto requirement is to use more than one QAT PCI endpoint/chip, it’s recommended to pick the corresponding PCI devices/VFs in a round-robin fashion to have a symmetric distribution.

It’s recommended that the number of PCI devices picked is equal to the number of licensed vCPUs (without including the management vCPU count). Adding more PCI devices than the available number of vCPUs does not necessarily improve the performance.

Consider an ESX host with one Intel C62x chip that has 3 endpoints. While provisioning a VM with 6 vCPUs, pick 2 VFs from each endpoint, and assign them to the VM. This kind of assignment ensures an effective and equal distribution of crypto units for the VM. From the total available vCPUs, by default, one vCPU is reserved for the management plane, and the rest of the vCPUs are available for the data plane PEs.

Assign QAT VFs to VPX using the vSphere web client

In the vSphere web client, navigate to the ESX host where the virtual machine is located and click Power off .

Navigate to Actions > Edit settings > Add other device , and select PCI device.

For the newly added PCI device, assign the c6xx QAT VF, and save the configuration.

Power on the VM again.

Run the stat ssl command in the NetScaler CLI to display the SSL summary, and verify the SSL cards after assigning QAT VFs to VPX.

About the deployment

This deployment was tested with the following component specifications:

NetScaler VPX version and build: 14.1–8.50
VMware ESXi version: 7.0.3 (build 20036589)
Intel C62x QAT driver version for VMware: 1.5.1.54

Machine Translation Feedback Form

Do you want to switch to the website in your browser preferred language?

Edit Article

IMAGES

How to Assign IP Address in Linux
How to get IP Address in Linux using Command terminal
How To Assign Multiple IP Addresses To Network Interface In Linux
How To Assign Multiple IP Addresses To Network Interface In Linux
How to configure IP address in Linux
How to Check the IP Address in Linux

VIDEO

Quickly assignment of IP address in Redhat Linux
How to assign Static IP Address in Ubuntu 17.04
configure ip address in linux method 2
How To Configure Static IP in Ubuntu 18.04 Desktop
How to Assign IP Address through Command Prompt || Assign IP Address Via CMD
How to Set A Static IP Address on Linux

COMMENTS

How to Assign an IP Address on a Linux Computer (with Pictures)
Change the item's IP address. Type in sudo ifconfig name ipaddress netmask 255.255.255. up—making sure to replace name with your item's name and ipaddress with your preferred IP address—and press ↵ Enter.. To assign an IP of "192.168.2.100" to your ethernet connection ("eth0"), for example, you'd enter sudo ifconfig eth0 192.168..100 netmask 255.255.255. here.
How to Use the ip Command on Linux
The ip command has replaced the older ifconfig command in modern versions of Linux. The ip command allows you to configure IP addresses, network interfaces, and routing rules on the fly without rebooting. Run "ip addr" in the Terminal to get your PC's local IP address. You can configure IP addresses, network interfaces, and routing rules on the ...
Manual Network Configuration in Linux and How to Set a Static IP Address
In this tutorial, we look at standard low-level files and tools to configure our IP address settings. We start off by briefly discussing dynamic and static addresses. After picking static IP network configuration as an example, we look at a universal way to perform it under Linux. Next, we explore network managers in detail.
How to Change IP Address in Linux
The ip command is available on most Linux distributions. For setting an IP address, use it like this: ip addr add [ip_address] dev [interface] For example, add an IP address to the eth1 interface as: sudo ip addr add 192.168.56.21/24 dev eth1. You now have two IP addresses: one from the old configuration and one from the new command:
How to Set Static IP Address and Configure Network in Linux
Unlike desktop machines where you can use dynamic IP addresses, on a server infrastructure, you will need to setup a static IP address (at least in most cases). Read Also: How to Set or Change System Hostname in Linux</p. This article is meant to show you how to configure static IP address on most frequently used Linux distributions.
How to Assign Static IP Address on Ubuntu Linux
Method 2: Switch to static IP address in Ubuntu graphically. If you are on desktop, using the graphical method is easier and faster. Go to the settings and look for network settings. Click the gear symbol adjacent to your network connection. Next, you should go to the IPv4 tab.
How to Set a Static IP Address in Ubuntu
Set a Static IP in Ubuntu with the GUI. Click the icons at the far-right end of the system bar to show the system menu, then click on the "Wired Connected" menu option. If you're using a wireless connection, instead click the name of your Wi-Fi network. The available connections are displayed.
Linux ip Command with Examples
For example, to bring the interface eth0 online, you would type:. ip link set eth0 up. And to bring if offline. ip link set eth0 down Displaying and Altering the Routing Table #. To assign, remove, and display the kernel routing table use the route object. The most commonly used commands when working with the routes objects are: list, add, and del. Display routing table #
ip Command Examples in Linux
To assign an IP address to a specific network interface, use the addr add flag as shown here: sudo ip addr add <IP/subnet> dev <Interface>. For example, here, I added 192.168.1.100/24 IP address for the enp1s0 interface: sudo ip addr add 192.168.1.100/24 dev enp1s0.
How to Configure Static IP Address on Ubuntu 20.04
Depending on the interface you want to modify, click either on the Network or Wi-Fi tab. To open the interface settings, click on the cog icon next to the interface name. In "IPV4" Method" tab, select "Manual" and enter your static IP address, Netmask and Gateway. Once done, click on the "Apply" button.
How To Change IP Address on Linux
To change your IP address on Linux, use the "ifconfig" command followed by the name of your network interface and the new IP address to be changed on your computer. To assign the subnet mask, you can either add a "netmask" clause followed by the subnet mask or use the CIDR notation directly.
How to Configure IPv4 and IPv6 Addresses in Linux
dns-nameservers 192.168.2.1 8.8.8.8. In this configuration, 192.168.2.150 will be our new IPv4 address with a netmask or network subnet of 255.255.255.. The default gateway, which also happens to be the router's IP, is 192.168.2.1 while the DNS nameservers are 192.168.2.1 and 8.8.8.8. Set Static IP Address in Debian.
How to Set Static IP Address and Modifying Routing Table on Linux
Configuring IP addresses and routes from the command line is a mandatory skill that every Linux administrator should learn. In this article, we will review how we can assign a static IP address using ip and ifconfig commands.. In addition, we will discuss how we can use the ip route command to create a static route to change the default gateway for the Linux system.
16 Linux ip command examples to configure network interfaces
To assign IPv6 address using ip command you can use the same command as used for IPv4 address but with the IPv6 address and netmask. bash. # ip addr add 2001:0001:0001:1443::0411/122 dev eno55. Verify the IPv6 address assigned to the provided interface. bash.
Linux ip Command Examples
Query the status of a IP interface. 3. Configure the local loop-back, Ethernet and other IP interfaces. 4. Mark the interface as up or down. 5. Configure and modify default and static routing. 6. Set up tunnel over IP. 7. Show ARP or NDISC cache entry. 8. Assign, delete, set up IP address, routes, subnet and other IP information to IP ...
Linux ifconfig Command
With the ifconfig command, you can assign an IP address and netmask to a network interface. Use the following syntax to assign the IP address and netmask: ifconfig [interface-name] [ip-address] netmask [subnet-mask] For example, to assign the IP address 192.168..101 and netmask 255.255.. to the interface eth0, you would run:
3.6. Configuring IP Networking with ip Commands Red Hat Enterprise
As the ip utility supports assigning multiple addresses to the same interface it is no longer necessary to use the alias interface method of binding multiple addresses to the same interface. The ip command to assign an address can be repeated multiple times in order to assign multiple address. For example: ~]# ip address add 192.168.2.223/24 dev enp1s0 ~]# ip address add 192.168.4.223/24 dev ...
How to configure a static IP address on RHEL 8 / CentOS 8 Linux
To change the IP address of the "enp1s0" interface with a direct nmcli command, we run: $ sudo nmcli connection modify enp1s0 IPv4.address 192.168.122.66/24. Notice that we specified the routing prefix together with the IP using the so called CIDR notation (Classes Inter-Domain Routing). We use a similar syntax to change the gateway and the ...
Set static IP in Ubuntu using Command Line
Write the IP address you wish to assign your computer along with the network prefix. So I will write 192.168.122.128/24 in the addresses field. Finally, we also need to specify DNS nameservers. For that, create a new field called nameservers and under that, create a field called addresses which contains the IP address for your DNS servers. I ...
ip Command in Linux with Examples
Example 1: Bringing an Interface Up. To bring an interface up (activate it), you can use the `ip link` command with the `set` action. For example: sudo ip link set eth0 up. This command brings the `eth0` interface up, enabling it to send and receive network traffic.
How to Set a Static IP Address in Linux
NAME=eth0. DEVICE=eth0. ONBOOT=yes // starts on boot. You can then apply this configuration by running: /etc/init.d/network restart. Ok, that will get you up and running with a static IP on the two most common Linux distros. Now let's take a deeper look at the new ip command.
How to configure a static IP address on CentOS 7 / RHEL 7
Verify new IP settings using the ip command for the NIC named eth0: # ip a s eth0 Verify new routing settings: # ip r Next, verify DNS servers settings using the cat command or grep command to query the /etc/resolv.conf file as follows: # cat /etc/resolv.conf Finally verify the internet connectivity using the ping command: # ping -c 3 cyberciti ...
How to Configure Static IP Address on Ubuntu 24.04 (Desktop)
When you want a persistent IP address on your Ubuntu 24.04 desktop, then you must a configure a static IP address. Whenever we install Ubuntu then DHCP is enabled by default, and it will try to fetch the IP address from DHCP server if it is available over the network. In Ubuntu Desktop 24.04, there are two ways to configure static IP address:
Seting up a Linux Server as a Router
IP aliasing in Linux allows assigning multiple IP addresses to a single network interface. ... We'll then configure eth0 to obtain IP addresses through DHCP for internet access and eth1 as a private network. In this tutorial, we'll use three computers: a Linux machine as the router, a Linux machine as the first client, and a Windows machine ...
Establishing Remote Access to Linux Servers Behind Firewalls: A Guide
While it's not strictly necessary, having a static IP makes it easier to connect consistently, as the address won't change each time the server restarts. Summary. Check firewall settings for SSH connections. Install and configure an SSH server. Set up port forwarding on your router. Connect from a remote client using your server's public IP.
Change the hostname of your AL2 instance
Change the system hostname. If you have a public DNS name registered for the IP address of your instance (such as webserver.mydomain.com), you can set the system hostname so your instance identifies itself as a part of that domain.This also changes the shell prompt so that it displays the first portion of this name instead of the hostname supplied by AWS (for example, ip-12-34-56-78).
How to Add Additional IPv4 and IPv6 to Linux VPS
Steps to Configure IP Addresses in Linux VPS. The process of Adding additional IPv4 and IPv6 addresses involves obtaining the IPs from your VPS provider's control panel and configuring your network settings. This typically involves steps like logging into the control panel, requesting additional IPs, and then updating your Linux system's ...
How To Set Up a Firewall in 8 Easy Steps + Best Practices
Firewall rules, defined by access control lists (ACLs), control traffic based on IP addresses, port numbers, and protocols. To maximize security, thoroughly test configurations, including advanced ...
Legacy versions
The legacy versions of the Compose file reference has moved to the V1 branch of the Compose repository.They are no longer being actively maintained. The latest and recommended version of the Compose file format is defined by the Compose Specification.This format merges the 2.x and 3.x versions and is implemented by Compose 1.27.0+.For more information, see the History and development of Docker ...
Configure a NetScaler VPX on ESX hypervisor to use Intel QAT for SSL
Insert the IP address of the client in the request header . Retrieve location details from user IP address using geolocation database . Use source IP address of the client when connecting to the server . Use client source IP address for backend communication in a v4-v6 load balancing configuration . Configure the source port for server-side ...

How to Assign an IP Address on a Linux Computer

Debian, Ubuntu, & Linux Mint

Assign an IP Address to a Debian, Ubuntu, or Linux Mint Computer

Expert Q&A

You Might Also Like

About This Article

Reader Success Stories

Is this article up to date?

Featured Articles

Trending Articles

Watch Articles

How to Assign Static IP Address on Ubuntu Linux

Method 1: Assign static IP in Ubuntu using command line

Step 1: Get the name of network interface and the default gateway

Step 2: Locate Netplan configuration

Step 3: Edit Netplan configuration for assigning static IP

Method 2: Switch to static IP address in Ubuntu graphically

Meet DebianDog - Puppy sized Debian Linux

How-To Geek

Quick Links

A Beginner’s Guide to Configuring IPv4 and IPv6 Addresses in Linux

What is an IP Address?

Difference Between IPv4 vs IPv6

IPv4 Address

Network Section

What is IPv4 Class A

What is IPv4 Class B

What is IPv4 Class C

Host Portion

IPv6 Address

Dynamic (DHCP) and Static IP Configuration

DHCP IP Address

Static IP Address

How to Configure IPv4 Networking in Linux

Configure IPv4 Address on Debian

Configure IPv4 Address on Ubuntu

Configure IPv4 Address on RHEL

How to Configure Hostname in Linux

Related Posts

Got Something to Say? Join the Discussion... Cancel reply

16 Linux ip command examples to configure network interfaces (cheatsheet)

Install iproute rpm

1. Show IP Address of all the available interfaces using ip command

2. Show IP Address of individual interface

3. List interfaces based on interface type

4. Check if NIC's link state is enabled or disabled

5. Change NIC's Link state

6. Assign/Add IPv4 and IPv6 address

7. Un-Assign/Delete IPv4 and IPv6 address

8. Un-assign/delete all protocol addresses from individual interface

9. Display detailed statistics of interface

10. List available routes

11. Add default route to routing table

12. Delete default route from routing table

13. Add additional route to the routing table

14. Delete additional route from routing table

15. Replace existing routes from routing table

16. Display the route an address will take

Leave a Comment Cancel reply

Recent Comments

Select Your Language

Language and Page Formatting Options

3.6. Configuring IP Networking with ip Commands

Related Sites

Systems Status

Red Hat legal and privacy links

Set static IP in Ubuntu using Terminal

Step 1: Identify the correct network interface

Ubuntu Server

Ubuntu Desktop

Step 2: See current IP address

Step 3: See the gateway

Step 4: Set static IP address

Step 4-A: Disable cloud-init if present

Back to Step 4

On this page

ip Command in Linux with Examples

Introduction to the IP Command in Linux

Basic Usage and Syntax of IP Command

Displaying Network Interfaces and IP Addresses Using IP Command