Gentoo Linux amd64 ハンドブック:ネットワーク設定

はじめに

このネットワークガイドは、ユーザーがシステム設定を正しく完了し、ハードウェアのインターフェース名を特定していることを前提にしています。ネットワークインターフェース名は、ネットワークカードがシステム上のどのバスに存在するかによって命名されます。そのため、インターフェース名は eno0、ens1、wlan0、enp1s0 などの変種である可能性があります。各システムはこれとわずかに異なるインターフェース名を持つかもしれません。以下の内容ではインターフェース名は eth0 に設定されていると仮定していますが、前述したような名前でも動作します。

ネットワークカードの設定を始めるなら、まずGentooのRCシステムにそのことを伝えましょう。これは、net.lo から net.eth0 (もしくは他の、システム上のネットワークインターフェース名)へのシンボリックリンクを /etc/init.d に作成することで行うことができます。

これでもう、GentooのRCシステムはそのインターフェースについて知っているわけです。さらに、この新たなインターフェースをどのように設定するのかも教える必要があります。全てのネットワークインターフェースの設定は /etc/conf.d/net ファイルにあります。下に示すのは、DHCPと静的アドレスのサンプル設定です。

# DHCPを使う場合
config_eth0="dhcp"
  
# CIDR記法で静的IPを設定する場合
config_eth0="192.168.0.7/24"
routes_eth0="default via 192.168.0.1"
dns_servers_eth0="192.168.0.1 8.8.8.8"
  
# ネットマスクによる記法で静的IPを設定する場合
config_eth0="192.168.0.7 netmask 255.255.255.0"
routes_eth0="default via 192.168.0.1"
dns_servers_eth0="192.168.0.1 8.8.8.8"

インターフェースの設定が完了したら、次のコマンドで開始または停止できます。

ネットワークインターフェースが正常に停止と開始を行えることを確認したら、次のステップは Gentoo 起動時に開始されるように設定することです。このように:

高度な設定

The config_eth0 variable is the heart of an interface configuration. It is a high level instruction list for configuring the interface (eth0 in this case). Each command in the instruction list is performed sequentially. The interface is deemed OK if at least one command works.

Here's a list of built-in instructions:

If a command fails, specify a fallback value. The fallback has to match the config structure exactly.

It is possible to chain these values together. Here are some real world examples:

# Adding three IPv4 addresses
config_eth0="192.168.0.2/24
192.168.0.3/24
192.168.0.4/24"
  
# Adding an IPv4 address and two IPv6 addresses
config_eth0="192.168.0.2/24
4321:0:1:2:3:4:567:89ab
4321:0:1:2:3:4:567:89ac"
  
# Keep our kernel assigned address, unless the interface goes
# down so assign another via DHCP. If DHCP fails then add a
# static address determined by APIPA
config_eth0="noop
dhcp"
fallback_eth0="null
apipa"

Network dependencies

Init scripts in /etc/init.d/ can depend on a specific network interface or just "net". All network interfaces in Gentoo's init system provide what is called "net".

If, in /etc/rc.conf, the rc_depend_strict variable is set to YES, then all network interfaces that provide "net" must be active before a dependency on "net" is assumed to be met. In other words, if a system has a net.eth0 and net.eth1 and an init script depends on "net", then both must be enabled.

On the other hand, if rc_depend_strict="NO" is set, then the "net" dependency is marked as resolved the moment at least one network interface is brought up.

But what about net.br0 depending on net.eth0 and net.eth1? net.eth1 may be a wireless or PPP device that needs configuration before it can be added to the bridge. This cannot be done in /etc/init.d/net.br0 as that's a symbolic link to net.lo.

The answer is to define a rc_net_{interface}_need setting in /etc/conf.d/net:

rc_net_br0_need="net.eth0 net.eth1"

That alone, however, is not sufficient. Gentoo's networking init scripts use a virtual dependency called "net" to inform the system when networking is available. Clearly, in the above case, networking should only be marked as available when net.br0 is up, not when the others are. So we need to tell that in /etc/conf.d/net as well:

rc_net_eth0_provide="!net"
rc_net_eth1_provide="!net"

For a more detailed discussion about dependency, consult the section on writing initscripts in the Gentoo Handbook. More information about /etc/rc.conf is available as comments within that file.

Variable names and values

Variable names are dynamic. They normally follow the structure of variable_${interface|mac|essid|apmac}. For example, the variable dhcpcd_eth0 holds the value for dhcpcd options for eth0 and dhcpcd_essid holds the value for dhcpcd options when any interface connects to the ESSID "essid".

However, there is no hard and fast rule that states interface names must be ethx. In fact, many wireless interfaces have names like wlanx, rax as well as ethx. Also, some user defined interfaces such as bridges can be given any name. To make life more interesting, wireless Access Points can have names with non alpha-numeric characters in them - this is important because users can configure networking parameters per ESSID.

The downside of all this is that Gentoo uses bash variables for networking - and bash cannot use anything outside of English alpha-numerics. To get around this limitation we change every character that is not an English alpha-numeric into an _ (underscore) character.

Another downside of bash is the content of variables - some characters need to be escaped. This can be achieved by placing the \ (backslash) character in front of the character that needs to be escaped. The following list of characters needs to be escaped in this way: ", ' and \.

In this example we use wireless ESSID as they can contain the widest scope of characters. We shall use the ESSID My "\ NET:

# This does work, but the domain is invalid
dns_domain_My____NET="My \"\\ NET"

The above sets the DNS domain to My "\ NET when a wireless card connects to an AP whose ESSID is My "\ NET.

Network interface naming

How it works

Network interface names are not chosen arbitrarily: the Linux kernel and the device manager (most systems have udev as their device manager although others are available as well) choose the interface name through a fixed set of rules.

When an interface card is detected on a system, the Linux kernel gathers the necessary data about this card. This includes:

• The onboard (on the interface itself) registered name of the network card, which is later seen through the ID_NET_NAME_ONBOARD value.
• The slot in which the network card is plugged in, which is later seen through the ID_NET_NAME_SLOT value.
• The path through which the network card device can be accessed, which is later seen through the ID_NET_NAME_PATH value.
• The (vendor-provided) MAC address of the card, which is later seen through the ID_NET_NAME_MAC value.

Based on this information, the device manager decides how to name the interface on the system. By default, it uses the first hit of the first three variables above (ID_NET_NAME_ONBOARD, _SLOT or _PATH). For instance, if ID_NET_NAME_ONBOARD is found and set to eno1, then the interface will be called eno1.

Given an active interface name, the values of the provided variables can be shown using udevadm:

ID_NET_NAME_MAC=enxc80aa9429d76
ID_OUI_FROM_DATABASE=Quanta Computer Inc.
ID_NET_NAME_PATH=enp3s0

As the first (and actually only) hit of the top three variables is ID_NET_NAME_PATH, its value is used as the interface name. If none of the variables contain values, then the system reverts back to the kernel-provided naming (eth0, eth1, etc.)

Using the old-style kernel naming

Before this change, network interface cards were named by the Linux kernel itself, depending on the order that drivers are loaded (amongst other, possibly more obscure reasons). This behavior can still be enabled by setting the net.ifnames=0 boot parameter in the boot loader.

Using custom names

The entire idea behind the change in naming is not to confuse people, but to make changing the names easier. Suppose a system has two interfaces that are otherwise called eth0 and eth1. One is meant to access the network through a wire, the other one is for wireless access. With the support for interface naming, users can have these called lan0 (wired) and wifi0 (wireless - it is best to avoid using the previously well-known names like eth* and wlan* as those can still collide with the suggested names).

Find out what the parameters are for the cards and then use this information to set up a custom own naming rule:

ID_NET_NAME_MAC=enxc80aa9429d76
ID_OUI_FROM_DATABASE=Quanta Computer Inc.

# First one uses MAC information, and 70- number to be before other net rules
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="c8:0a:a9:42:9d:76", NAME="lan0"

# Second one uses ID_NET_NAME_PATH information, and 76- number to be between
# 75-net-*.rules and 80-net-*.rules
SUBSYSTEM=="net", ACTION=="add", ENV{ID_NET_NAME_PATH}=="enp3s0", NAME="wifi0"

Because the rules are triggered before the default one (rules are triggered in alphanumerical order, so 70 comes before 80) the names provided in the rule file will be used instead of the default ones. The number granted to the file should be between 76 and 79 (the environment variables are defined by a rule start starts with 75 and the fallback naming is done in a rule numbered 80).

ネットワークモジュール

Netifrc scripts now support modular networking scripts, which means support for new interface types and configuration modules can easily be added while keeping compatibility with existing ones.

Modules load by default if the package they need is installed. If users specify a module here that doesn't have its package installed then they get an error stating which package they need to install. Ideally, the modules setting is only used when two or more packages are installed that supply the same service and one needs to be preferred over the other.

# Prefer ifconfig over iproute2
modules="ifconfig"
  
# You can also specify other modules for an interface
# In this case we prefer pump over dhcpcd
modules_eth0="pump"
  
# You can also specify which modules not to use - for example you may be
# using a supplicant or linux-wlan-ng to control wireless configuration but
# you still want to configure network settings per ESSID associated with.
modules="!iwconfig"

インターフェース・ハンドラー

We provide two interface handlers presently: ifconfig and iproute2. Only one of these is needed to do any kind of network configuration.

Both are installed by default as part of the system profile. iproute2 is the more powerful and flexible package.

# To prefer ifconfig over iproute2 if both are installed as openrc prefers
# to use iproute2 then
modules="ifconfig"

As both ifconfig and iproute2 do very similar things we allow their basic configuration to work with each other. For example both the below code snippet work regardless of which module the user is using.

config_eth0="192.168.0.2/24"
config_eth0="192.168.0.2 netmask 255.255.255.0"
  
# We can also specify broadcast
config_eth0="192.168.0.2/24 brd 192.168.0.255"
config_eth0="192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255"

DHCP

DHCP is a means of obtaining network information (IP address, DNS servers, Gateway, etc) from a DHCP server. This means that if there is a DHCP server running on the network, the user just has to tell each client to use DHCP and it sets up the network all by itself. Of course, the user will have to configure for other things like wireless, PPP or other things if required before he can use DHCP.

DHCP can be provided by dhclient, dhcpcd, or pump. Each DHCP module has its pros and cons - here is a quick run down:

If more than one DHCP client is installed, specify which one to use - otherwise we default to dhcpcd if available.

To send specific options to the DHCP module, use module_eth0="..." (change module to the DHCP module being used - i.e. dhcpcd_eth0).

We try to make DHCP relatively agnostic - as such we support the following commands using the dhcp_eth0 variable. The default is not to set any of them:

release

Releases the IP address for re-use.

nodns

Don't overwrite /etc/resolv.conf

nontp

Don't overwrite /etc/ntp.conf

nonis

Don't overwrite /etc/yp.conf

# Only needed if you have more than one DHCP module installed
modules="dhcpcd"
  
config_eth0="dhcp"
dhcpcd_eth0="-t 10" # Timeout after 10 seconds
dhcp_eth0="release nodns nontp nonis" # Only get an address

PPPoE・PPPoA を使用した ADSL

First install the ADSL software:

Second, create the PPP net script and the net script for the Ethernet interface to be used by PPP:

Be sure to set rc_depend_strict to YES in /etc/rc.conf.

そして /etc/conf.d/net を設定することが必要です。

config_eth0=null (Specify the ethernet interface)
config_ppp0="ppp"
link_ppp0="eth0" (Specify the ethernet interface)
plugins_ppp0="pppoe"
username_ppp0='user'
password_ppp0='password'
pppd_ppp0="
noauth
defaultroute
usepeerdns
holdoff 3
child-timeout 60
lcp-echo-interval 15
lcp-echo-failure 3
noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp"
  
rc_need_ppp0="net.eth0"

また、 /etc/ppp/pap-secrets 内にパスワードを記載することもできます。

# 以下の「*」は必要です。
"username"  *  "password"

If PPPoE is used with a USB modem then make sure to emerge br2684ctl. Please read /usr/portage/net-dialup/speedtouch-usb/files/README for information on how to properly configure it.

APIPA (Automatic Private IP Addressing)

APIPA tries to find a free address in the range 169.254.0.0-169.254.255.255 by arping a random address in that range on the interface. If no reply is found then we assign that address to the interface.

This is only useful for LANs where there is no DHCP server and the system doesn't connect directly to the Internet and all other computers use APIPA.

For APIPA support, emerge net-misc/iputils with the arping USE flag or net-analyzer/arping.

# Try DHCP first - if that fails then fallback to APIPA
config_eth0="dhcp"
fallback_eth0="apipa"
  
# Just use APIPA
config_eth0="apipa"

Bonding

Bonding is used to increase network bandwidth or to improve resiliency in face of hardware failures. If a system has two network cards going to the same network, then the administrator can bond them together so the applications see just one interface but they really use both network cards.

There are many ways to configure bonding. Some of them, such as the 802.3ad LACP mode, require support and additional configuration of the network switch. For a reference of the individual options, please refer to the local copy of /usr/src/linux/Documentation/networking/bonding.txt.

First, clear the configuration of the participating interfaces:

config_eth0="null"
config_eth1="null"
config_eth2="null"

Next, define the bonding between the interfaces:

slaves_bond0="eth0 eth1 eth2"
config_bond0="192.168.100.4/24"
# Pick a correct mode and additional configuration options which suit your needs
mode_bond0="balance-alb"

Remove the net.eth* services from the runlevels, create a net.bond0 one and add that one to the correct runlevel.

ブリッジ (802.1d サポート)

Bridging is used to join networks together. For example, a system may have a server that connects to the Internet via an ADSL modem and a wireless access card to enable other computers to connect to the Internet via the ADSL modem. It is possible to create a bridge to join the two interfaces together.

# Configure the bridge - "man brctl" for more details
bridge_forward_delay_br0=0
bridge_hello_time_br0=200
bridge_stp_state_br0=1
  
# To add ports to bridge br0
bridge_br0="eth0 eth1"
  
# You need to configure the ports to null values so dhcp does not get started
config_eth0="null"
config_eth1="null"
  
# Finally give the bridge an address - you could use DHCP as well
config_br0="192.168.0.1/24"
  
# Depend on eth0 and eth1 as they may require extra configuration
rc_net_br0_need="net.eth0 net.eth1"

MAC アドレス

It is possible to change the MAC address of the interfaces through the network configuration file too.

# To set the MAC address of the interface
mac_eth0="00:11:22:33:44:55"
  
# To randomize the last 3 bytes only
mac_eth0="random-ending"
  
# To randomize between the same physical type of connection (e.g. fibre,
# copper, wireless) , all vendors
mac_eth0="random-samekind"
  
# To randomize between any physical type of connection (e.g. fibre, copper,
# wireless) , all vendors
mac_eth0="random-anykind"
  
# Full randomization - WARNING: some MAC addresses generated by this may
# NOT act as expected
mac_eth0="random-full"

トンネリング

Tunneling does not require any additional software to be installed as the interface handler can do it.

# GRE トンネル
iptunnel_vpn0="mode gre remote 207.170.82.1 key 0xffffffff ttl 255"
  
# IPIP トンネル
iptunnel_vpn0="mode ipip remote 207.170.82.2 ttl 255"
  
# インターフェース設定
config_vpn0="192.168.0.2 peer 192.168.1.1"

VLAN (802.1q サポート)

For VLAN support, make sure that sys-apps/iproute2 is installed and ensure that iproute2 is used as configuration module rather than ifconfig.

Virtual LAN is a group of network devices that behave as if they were connected to a single network segment - even though they may not be. VLAN members can only see members of the same VLAN even though they may share the same physical network.

To configure VLANs, first specify the VLAN numbers in /etc/conf.d/net like so:

vlans_eth0="1 2"

Next, configure the interface for each VLAN:

config_eth0_1="172.16.3.1 netmask 255.255.254.0"
routes_eth0_1="default via 172.16.3.254"
  
config_eth0_2="172.16.2.1 netmask 255.255.254.0"
routes_eth0_2="default via 172.16.2.254"

VLAN-specific configurations are handled by vconfig like so:

vlan1_name="vlan1"
vlan1_ingress="2:6 3:5"
eth0_vlan1_egress="1:2"

はじめに

Linuxでの無線ネットワーキングは、多くの場合、極めて簡単です。wifiの設定には3つの方法があり、ひとつはグラフィカルクライアント、ひとつはテキストモードインターフェース、そしてもうひとつはコマンドラインインターフェースです。

もう既にデスクトップ環境をインストールしたなら、もっとも簡単な方法は、グラフィカルクライアントを使うことです。wicdやNetworkManagerといったほとんどのグラフィカルクライアントは、極めて直感的であり、これらの提供するマウスによる便利なインターフェースを使えば、ユーザーは数秒でネットワークに接続できます。

無線は、いくつかの設定ファイルの編集により、コマンドラインから設定することもできます。このやり方ではセットアップに多少時間がかかりますが、ダウンロードしてインストールするパッケージも最も少なくて済みます。グラフィカルクライアントの使い方は(彼らのホームページの親切なスクリーンショットも相まって)ほとんど自明ですから、ここではコマンドラインでの方法に注目することにします。

コマンドラインでの無線の設定をサポートするツールは3つあります。 net-wireless/iw と net-wireless/wireless-tools と net-wireless/wpa_supplicant です。これらの2つでは、net-wireless/wpa_supplicant のほうが好ましいでしょう。覚えておくべき重要な事柄は、無線ネットワークはグローバルに設定されるのであり、インターフェースごとに設定されるのではないということです。

net-wireless/iw ソフトウェアはほとんど全てのカードとドライバーをサポートしますが、WPA-onlyのアクセスポイントには接続できません。ネットワークがWEPによる暗号化のみを提供するか、もしくは完全にオープンならば、net-wireless/iw はシンプリシティの面で他のパッケージに勝ります。

いくつかの無線カードはデフォルトで無効化されています。有効にするには、ハードウェアの文書を参照してください。これらのうちいくつかは、rfkill アプリケーションを使ってunblockできます。その場合、rfkill list で利用できるカードを確認し、rfkill unblock INDEX で無線機能を有効化してください。そうでない場合、無線カードはラップトップのボタンやスイッチ、特別なキーの組み合わせによってアンロックする必要があるかもしれません。

WPA supplicant

WPA supplicant projectは、WPAが有効なアクセスポイントに接続するためのパッケージを提供しています。

次に、wpa_supplicantモジュールがwireless-toolsより優先されるように、/etc/conf.d/net の設定をします(両方がインストールされている場合、wireless-toolsがデフォルトになります)。

# wpa_supplicantをwireless-toolsより優先する
modules="wpa_supplicant"

次に、wpa_supplicant自体の設定をします(アクセスポイントのセキュアさによっては、ややトリッキーになってきます)。下の例は、wpa_supplicantに付属する /usr/share/doc/wpa_supplicant-<version>/wpa_supplicant.conf.gz を抜き出し、簡単にしたものです。

# この行は変更しないこと。さもないと、wpa_supplicantは仕事をしません
ctrl_interface=/var/run/wpa_supplicant
  
# 確実にrootのみがWPAの設定を読めるようにする
ctrl_interface_group=0
  
# wpa_supplicantがスキャンとAP選択の面倒をみるようにする
ap_scan=1
  
# シンプルなケース: WPA-PSK、ASCIIパスフレーズのPSK、有効な暗号化方式を全て許可
network={
  ssid="simple"
  psk="very secret passphrase"
  # priorityが高いほど早くマッチする
  priority=5
}
  
# 上と同じ、但しSSIDを明確にしたスキャンを要求
# (ブロードキャストSSIDを拒否するAP向け)
network={
  ssid="second ssid"
  scan_ssid=1
  psk="very secret passphrase"
  priority=2
}
  
# WPA-PSKのみを使用。有効な暗号化方式の組み合わせを全て許可
network={
  ssid="example"
  proto=WPA
  key_mgmt=WPA-PSK
  pairwise=CCMP TKIP
  group=CCMP TKIP WEP104 WEP40
  psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
  priority=2
}
  
# 平文での接続(WPAなし、IEEE 802.1Xなし)
network={
  ssid="plaintext-test"
  key_mgmt=NONE
}
  
# 共有WEPキー接続(WPAなし、IEEE 802.1Xなし)
network={
  ssid="static-wep-test"
  key_mgmt=NONE
  # 引用符で囲われたキーはASCIIキー
  wep_key0="abcde"
  # 引用符なしで指定されたキーは16進キー
  wep_key1=0102030405
  wep_key2="1234567890123"
  wep_tx_keyidx=0
  priority=5
}
  
# 共有キーによる共有WEPキー接続(WPAなし、IEEE 802.1Xなし)
# IEEE 802.11認証
network={
  ssid="static-wep-test2"
  key_mgmt=NONE
  wep_key0="abcde"
  wep_key1=0102030405
  wep_key2="1234567890123"
  wep_tx_keyidx=0
  priority=5
  auth_alg=SHARED
}
  
# WPA-None/TKIPを使ったIBSS/ad-hocネットワーク
network={
  ssid="test adhoc"
  mode=1
  proto=WPA
  key_mgmt=WPA-NONE
  pairwise=NONE
  group=TKIP
  psk="secret passphrase"
}

Wireless tools

初期セットアップとmanagedモード

wireless tools project はWEPセキュリティーレベルまでの基本的な無線インターフェースを設定する一般的な方法を提供します。WEPは脆弱なセキュリティ手法ですが、いまだ世界中で広く使われています。

wireless toolsの設定はいくつかの主要な変数によって制御されます。以下の設定ファイルのサンプルで必要なものすべてが説明されているはずです。設定がないことは"もっとも強い暗号化されていないアクセスポイントへ接続せよ"という意味になることを心に留めておいてください - wireless toolsは常にシステムを何かに接続させようとします。

# iwconfigをwpa_supplicantより優先する
modules="iwconfig"
  
# ESSID1とESSID2というアクセスポイントのWEPキーを設定する
# 最大4つのWEPキーを設定できますが、同時に有効になるのは1つだけなので
# デフォルトのインデックスとして[1]を指定してキー[1]を設定し、
# それから再度アクティブなキーを[1]に変更します
# 1以外のWEPキーを使用する他のESSIDを定義する場合に備えてこのようにします
#
# キーの前に s: と付けることでASCIIキーとして扱われ、それ以外はHEXキーになります
#
# enc open とするとオープンセキュリティ(もっとも安全性が高い)が指定されます
# enc restricted とすると制限セキュリティ(もっとも安全性が低い)が指定されます
key_ESSID1="[1] s:yourkeyhere key [1] enc open"
key_ESSID2="[1] aaaa-bbbb-cccc-dd key [1] enc restricted"
  
# 以下の部分は利用可能なアクセスポイントをスキャンするときのみ有効です
  
# 複数のアクセスポイントが見える場合があるので、
# 接続先の優先順位を定義する必要があります
preferred_aps="'ESSID1' 'ESSID2'"

APの選択を微調整する

いくつかのオプションを追加してAPの選択を微調整することができますが、これらは必須ではありません。

1つの方法は、選択したAPのみに接続するようシステムを設定することです。デフォルトでは、すべての設定済みのものに失敗し、かつwireless-toolsが暗号化されていないアクセスポイントに接続できる場合、それに接続します。associate_order 変数でこの振る舞いを変更できます。値とどのように変更されるかを示した表は以下のとおりです。

blacklist_apsとunique_apという選択もあります。blacklist_apsはpreferred_apsと似た動作をします。unique_apはyesまたはnoの値で、2つめの無線インターフェースが1つめのインターフェースと同じアクセスポイントに接続できるかを表します。

# あるアクセスポイントに絶対に接続したくない場合もあります
blacklist_aps="'ESSID3' 'ESSID4'"
  
# 複数の無線カードがある場合、各カードに
# 同じアクセスポイントへの接続を許すかどうか指定できます
# 値は"yes"か"no"です
# デフォルトは"yes"です
unique_ap="yes"

Ad-hocおよびmasterモード

managedモードですべてのアクセスポイントへの接続が失敗した場合、フォールバックとしてシステムをad-hocノードに設定するには以下を使います:

adhoc_essid_eth0="This Adhoc Node"

ad-hocネットワークに接続したり、システムをmasterモードにしてそれ自体をアクセスポイントにすることもできます。

# モードの設定 - managed (default), ad-hoc または master に設定できます
# すべてのドライバーがすべてのモードをサポートしているとは限りません
mode_eth0="ad-hoc"
  
# インターフェースのESSIDを設定します
# managedモードでは、インターフェースは指定されたESSIDのみを試行、接続します
essid_eth0="This Adhoc Node"
  
# 指定されていない場合、チャンネル3が使用されます
channel_eth0="9"

wireless toolsのトラブルシューティング

ドライバーや環境の問題によっては無線を立ち上げ維持する上で役に立つさらにいくつかの変数があります。

ESSIDごとにネットワーク設定を定義する

この節では、ESSIDベースでネットワークを設定する方法を説明します。例として、ESSIDが ESSID1 の無線ネットワークには静的IPアドレスを設定し、ESSIDが ESSID2 のものにはDHCPを使用します。

config_ESSID1="192.168.0.3/24 brd 192.168.0.255"
routes_ESSID1="default via 192.168.0.1"
  
config_ESSID2="dhcp"
fallback_ESSID2="192.168.3.4/24"
fallback_route_ESSID2="default via 192.168.3.1"
  
# ネームサーバーその他についても定義できます
# 注意: 特に設定しない限り、DHCPはこれらを上書きします
dns_servers_ESSID1="192.168.0.1 192.168.0.2"
dns_domain_ESSID1="some.domain"
dns_search_domains_ESSID1="search.this.domain search.that.domain"
  
# アクセスポイントのMACアドレスによって上書きします
# これは同じESSIDを持つ別の場所に行く場合に便利です
config_001122334455="dhcp"
dhcpcd_001122334455="-t 10"
dns_servers_001122334455="192.168.0.1 192.168.0.2"

Standard function hooks

Four functions can be defined in /etc/conf.d/net which will be called surrounding the start/stop operations. The functions are called with the interface name first so that one function can control multiple adapters.

The return values for the preup() and predown() functions should be 0 (success) to indicate that configuration or de-configuration of the interface can continue. If preup() returns a non-zero value, then interface configuration will be aborted. If predown() returns a non-zero value, then the interface will not be allowed to continue de-configuration.

The return values for the postup() and postdown() functions are ignored since there's nothing to do if they indicate failure.

${IFACE} is set to the interface being brought up/down. ${IFVAR} is ${IFACE} converted to variable name bash allows.

preup() {
  # Test for link on the interface prior to bringing it up.  This
  # only works on some network adapters and requires the ethtool
  # package to be installed.
  if ethtool ${IFACE} | grep -q 'Link detected: no'; then
    ewarn "No link on ${IFACE}, aborting configuration"
    return 1
  fi
  
  # Remember to return 0 on success
  return 0
}
  
predown() {
  # The default in the script is to test for NFS root and disallow
  # downing interfaces in that case.  Note that if you specify a
  # predown() function you will override that logic.  Here it is, in
  # case you still want it...
  if is_net_fs /; then
    eerror "root filesystem is network mounted -- can't stop ${IFACE}"
    return 1
  fi
  
  # Remember to return 0 on success
  return 0
}
  
postup() {
  # This function could be used, for example, to register with a
  # dynamic DNS service.  Another possibility would be to
  # send/receive mail once the interface is brought up.
       return 0
}
  
postdown() {
  # This function is mostly here for completeness... I haven't
  # thought of anything nifty to do with it yet ;-)
  return 0
}

Wireless tools function hook

Two functions can be defined in /etc/conf.d/net which will be called surrounding the associate function. The functions are called with the interface name first so that one function can control multiple adapters.

The return values for the preassociate() function should be 0 (success) to indicate that configuration or de-configuration of the interface can continue. If preassociate() returns a non-zero value, then interface configuration will be aborted.

The return value for the postassociate() function is ignored since there's nothing to do if it indicates failure.

${ESSID} is set to the exact ESSID of the AP the system is connecting to. ${ESSIDVAR} is ${ESSID} converted to a variable name bash allows.

preassociate() {
  # The below adds two configuration variables leap_user_ESSID
  # and leap_pass_ESSID. When they are both configured for the ESSID
  # being connected to then we run the CISCO LEAP script
  
  local user pass
  eval user=\"\$\{leap_user_${ESSIDVAR}\}\"
  eval pass=\"\$\{leap_pass_${ESSIDVAR}\}\"
  
  if [[ -n ${user} && -n ${pass} ]]; then
    if [[ ! -x /opt/cisco/bin/leapscript ]]; then
      eend "For LEAP support, please emerge net-misc/cisco-aironet-client-utils"
      return 1
    fi
    einfo "Waiting for LEAP Authentication on \"${ESSID//\\\\//}\""
    if /opt/cisco/bin/leapscript ${user} ${pass} | grep -q 'Login incorrect'; then
      ewarn "Login Failed for ${user}"
      return 1
    fi
  fi
  
  return 0
}
  
postassociate() {
  # This function is mostly here for completeness... I haven't
  # thought of anything nifty to do with it yet ;-)
  
  return 0
}

ネットワーク管理

With laptops, systems can be always on the move. As a result, the system may not always have an Ethernet cable or plugged in or an access point available. Also, the user may want networking to automatically work when an Ethernet cable is plugged in or an access point is found.

In this chapter, we cover how this can be done.

ifplugd

ifplugd is a daemon that starts and stops interfaces when an Ethernet cable is inserted or removed. It can also manage detecting association to Access Points or when new ones come in range.

Configuration for ifplugd is fairly straightforward too. The configuration is held in /etc/conf.d/net. Run man ifplugd for details on the available variables. Also, see /usr/share/doc/netifrc-*/net.example.bz2 for more examples.

# Replace eth0 with the interface to be monitored
ifplugd_eth0="..."
  
# To monitor a wireless interface
ifplugd_eth0="--api-mode=wlan"

In addition to managing multiple network connections, users may want to add a tool that makes it easy to work with multiple DNS servers and configurations. This is very handy when the system receives its IP address via DHCP.

See man resolvconf to learn more about its features.

Warning: Display title "Gentoo Linux amd64 ハンドブック:ネットワーク設定" overrides earlier display title "ハンドブック:AMD64/フル/ネットワーク".