Gentoo Linux x86 Handbuch: Netzwerk-Konfiguration

From Gentoo Wiki
Jump to:navigation Jump to:search
This page is a translated version of the page Handbook:X86/Full/Networking and the translation is 100% complete.

Erste Schritte

Dieses Dokument geht davon aus, dass der Benutzer seinen Kernel richtig für seine Hardware konfiguriert hat und er den Schnittstellennamen kennt. Wir nehmen außerdem an, dass die zu konfigurierende Schnittstelle eth0 ist. Dies dient lediglich als Beispiel, da sie ebenso eno0, ens1, wlan0, enp1s0 etc. heißen könnte.

Um mit der Konfiguration der Netzwerkkarte zu beginnen, geben Sie dem Gentoo RC System über sie Bescheid. Dies geschieht im Verzeichnis /etc/init.d dadurch die Erzeugung eines symbolischen Links auf net.lo mit dem Namen net.eth0 (oder wie auch immer die Netzwerkschnittstelle auf dem System heißt).

root #cd /etc/init.d
root #ln -s net.lo net.eth0

Gentoos RC System weiß nun dass es die Schnittstelle gibt. Es muss außerdem darüber Bescheid wissen, wie die neue Netzwerkschnittstelle zu konfigurieren ist. Alle Netzwerkschnittstellen werden in /etc/conf.d/net konfiguriert. Unten befindet sich eine Beispielkonfiguration für DHCP und statische Adressen.

DATEI /etc/conf.d/netBeispiel-Netzwerkkonfiguration
# Für DHCP
# Für statisches IP mit CIDR-Notation
routes_eth0="default via"
# Für statisches IP mit Netmask-Notation
config_eth0=" netmask"
routes_eth0="default via"
Wenn für eine Schnittstelle keine Konfiguration genannt ist, wird DHCP angenommen.
CIDR steht für Classless Inter-Domain Routing. Ursprünglich wurden die IPv4 Adressen in A, B oder C eingeteilt. Das frühe Einteilungssystem sah die starke Popularität des Internets nicht voraus und befindet sich in der Gefahr, dass ihm neue eindeutige Adressen ausgehen. CIDR ist ein Adressierungsschema das es erlaubt einer IP-Adresse viele IP-Adressen zuzuordnen. Eine CIDR IP-Adresse sieht wie eine gewöhnliche IP-Adresse aus mit dem Unterschied, dass sie mit einem Schrägstrich gefolgt von einer Nummer endet (beispielsweise CIDR wird in RFC 1519 beschrieben.

Nun da die Schnittstelle konfiguriert ist, können wir sie über den folgenden Befehl starten und stoppen:

root #/etc/init.d/net.eth0 start
root #/etc/init.d/net.eth0 stop
Bei der Lösung von Netzwerkproblemen sollten Sie einen Blick in die Datei /var/log/rc.log werfen. Solange rc_logger in der Konfigurationsdatei /etc/rc.conf nicht auf "NO" eingestellt ist, werden Aktivitäten beim Booten in dieser Log-Datei gespeichert.

Nun da die Netzwerkschnittstelle erfolgreich angehalten und gestartet wurde, ist der nächste Schritt sie automatisch beim Booten von Gentoo starten zu lassen. Und So machen Sie das.

root #rc-update add net.eth0 default
root #rc
Der letzte Befehl "rc" weist Gentoo an, alle Skripte im aktuellen Runlevel die noch nicht gestartet wurden zu starten.

Advanced configuration

The config_eth0 variable is the heart of an interface configuration. It is a high level instruction list for configuring the interface (eth0 in this case). Each command in the instruction list is performed sequentially. The interface is deemed OK if at least one command works.

Here's a list of built-in instructions:

Value Description
null Do nothing.
noop If the interface is up and there is an address then abort configuration successfully.
An IPv4 or IPv6 address Add the address to the interface.
dhcp, adsl, or apipa (or a custom value from a 3rd party module) Run the module which provides the command. For example dhcp will run a module that provides DHCP which can be served by dhcpcd, dhclient, or pump.

If a command fails, specify a fallback value. The fallback has to match the config structure exactly.

It is possible to chain these values together. Here are some real world examples:

DATEI /etc/conf.d/netConfiguration examples
# Adding three IPv4 addresses
# Adding an IPv4 address and two IPv6 addresses
# Keep our kernel assigned address, unless the interface goes
# down so assign another via DHCP. If DHCP fails then add a
# static address determined by APIPA
When using the ifconfig module and adding more than one address, interface aliases are created for each extra address. So with the above two examples users will get interfaces eth0, eth0:1 and eth0:2. It is not possible to do anything special with these interfaces as the kernel and other programs will just treat eth0:1 and eth0:2 as eth0.
The fallback order is important! If the null option was not specified then apipa would only be run if noop failed.

Network dependencies

Init scripts in /etc/init.d/ can depend on a specific network interface or just "net". All network interfaces in Gentoo's init system provide what is called "net".

If, in /etc/rc.conf, the rc_depend_strict variable is set to YES, then all network interfaces that provide "net" must be active before a dependency on "net" is assumed to be met. In other words, if a system has a net.eth0 and net.eth1 and an init script depends on "net", then both must be enabled.

On the other hand, if rc_depend_strict="NO" is set, then the "net" dependency is marked as resolved the moment at least one network interface is brought up.

But what about net.br0 depending on net.eth0 and net.eth1? net.eth1 may be a wireless or PPP device that needs configuration before it can be added to the bridge. This cannot be done in /etc/init.d/net.br0 as that's a symbolic link to net.lo.

The answer is to define a rc_net_{interface}_need setting in /etc/conf.d/net:

DATEI /etc/conf.d/netAdding a net.br0 dependency
rc_net_br0_need="net.eth0 net.eth1"

That alone, however, is not sufficient. Gentoo's networking init scripts use a virtual dependency called "net" to inform the system when networking is available. Clearly, in the above case, networking should only be marked as available when net.br0 is up, not when the others are. So we need to tell that in /etc/conf.d/net as well:

DATEI /etc/conf.d/netUpdating virtual dependencies and provisions for networking

For a more detailed discussion about dependency, consult the section on writing initscripts in the Gentoo Handbook. More information about /etc/rc.conf is available as comments within that file.

Variable names and values

Variable names are dynamic. They normally follow the structure of variable_${interface|mac|essid|apmac}. For example, the variable dhcpcd_eth0 holds the value for dhcpcd options for eth0 and dhcpcd_essid holds the value for dhcpcd options when any interface connects to the ESSID "essid".

However, there is no hard and fast rule that states interface names must be ethx. In fact, many wireless interfaces have names like wlanx, rax as well as ethx. Also, some user defined interfaces such as bridges can be given any name. To make life more interesting, wireless Access Points can have names with non alpha-numeric characters in them - this is important because users can configure networking parameters per ESSID.

The downside of all this is that Gentoo uses bash variables for networking - and bash cannot use anything outside of English alpha-numerics. To get around this limitation we change every character that is not an English alpha-numeric into an _ (underscore) character.

Another downside of bash is the content of variables - some characters need to be escaped. This can be achieved by placing the \ (backslash) character in front of the character that needs to be escaped. The following list of characters needs to be escaped in this way: ", ' and \.

In this example we use wireless ESSID as they can contain the widest scope of characters. We shall use the ESSID My "\ NET:

DATEI /etc/conf.d/netVariable names
# This does work, but the domain is invalid
dns_domain_My____NET="My \"\\ NET"

The above sets the DNS domain to My "\ NET when a wireless card connects to an AP whose ESSID is My "\ NET.

Network interface naming

How it works

Network interface names are not chosen arbitrarily: the Linux kernel and the device manager (most systems have udev as their device manager although others are available as well) choose the interface name through a fixed set of rules.

When an interface card is detected on a system, the Linux kernel gathers the necessary data about this card. This includes:

  • The onboard (on the interface itself) registered name of the network card, which is later seen through the ID_NET_NAME_ONBOARD value.
  • The slot in which the network card is plugged in, which is later seen through the ID_NET_NAME_SLOT value.
  • The path through which the network card device can be accessed, which is later seen through the ID_NET_NAME_PATH value.
  • The (vendor-provided) MAC address of the card, which is later seen through the ID_NET_NAME_MAC value.

Based on this information, the device manager decides how to name the interface on the system. By default, it uses the first hit of the first three variables above (ID_NET_NAME_ONBOARD, _SLOT or _PATH). For instance, if ID_NET_NAME_ONBOARD is found and set to eno1, then the interface will be called eno1.

Given an active interface name, the values of the provided variables can be shown using udevadm:

root #udevadm test-builtin net_id /sys/class/net/enp3s0 2>/dev/null
ID_OUI_FROM_DATABASE=Quanta Computer Inc.

As the first (and actually only) hit of the top three variables is ID_NET_NAME_PATH, its value is used as the interface name. If none of the variables contain values, then the system reverts back to the kernel-provided naming (eth0, eth1, etc.)

Using the old-style kernel naming

Before this change, network interface cards were named by the Linux kernel itself, depending on the order that drivers are loaded (amongst other, possibly more obscure reasons). This behavior can still be enabled by setting the net.ifnames=0 boot parameter in the boot loader.

Using custom names

The entire idea behind the change in naming is not to confuse people, but to make changing the names easier. Suppose a system has two interfaces that are otherwise called eth0 and eth1. One is meant to access the network through a wire, the other one is for wireless access. With the support for interface naming, users can have these called lan0 (wired) and wifi0 (wireless - it is best to avoid using the previously well-known names like eth* and wlan* as those can still collide with the suggested names).

Find out what the parameters are for the cards and then use this information to set up a custom own naming rule:

root #udevadm test-builtin net_id /sys/class/net/eth0 2>/dev/null
ID_OUI_FROM_DATABASE=Quanta Computer Inc.
root #vim /etc/udev/rules.d/70-net-name-use-custom.rules
# First one uses MAC information, and 70- number to be before other net rules
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="c8:0a:a9:42:9d:76", NAME="lan0"
root #vim /etc/udev/rules.d/76-net-name-use-custom.rules
# Second one uses ID_NET_NAME_PATH information, and 76- number to be between
# 75-net-*.rules and 80-net-*.rules
SUBSYSTEM=="net", ACTION=="add", ENV{ID_NET_NAME_PATH}=="enp3s0", NAME="wifi0"

Because the rules are triggered before the default one (rules are triggered in alphanumerical order, so 70 comes before 80) the names provided in the rule file will be used instead of the default ones. The number granted to the file should be between 76 and 79 (the environment variables are defined by a rule start starts with 75 and the fallback naming is done in a rule numbered 80).

Network modules

Netifrc scripts now support modular networking scripts, which means support for new interface types and configuration modules can easily be added while keeping compatibility with existing ones.

Modules load by default if the package they need is installed. If users specify a module here that doesn't have its package installed then they get an error stating which package they need to install. Ideally, the modules setting is only used when two or more packages are installed that supply the same service and one needs to be preferred over the other.

All settings discussed here are stored in /etc/conf.d/net unless otherwise specified.
DATEI /etc/conf.d/netModule definitions
# Prefer ifconfig over iproute2
# You can also specify other modules for an interface
# In this case we prefer pump over dhcpcd
# You can also specify which modules not to use - for example you may be
# using a supplicant or linux-wlan-ng to control wireless configuration but
# you still want to configure network settings per ESSID associated with.

Interface handlers

We provide two interface handlers presently: ifconfig and iproute2. Only one of these is needed to do any kind of network configuration.

Both are installed by default as part of the system profile. iproute2 is the more powerful and flexible package.

DATEI /etc/conf.d/netiproute2 is installed but still prefer ifconfig
# To prefer ifconfig over iproute2 if both are installed as openrc prefers
# to use iproute2 then

As both ifconfig and iproute2 do very similar things we allow their basic configuration to work with each other. For example both the below code snippet work regardless of which module the user is using.

DATEI /etc/conf.d/netExample different approaches for configuration
config_eth0=" netmask"
# We can also specify broadcast
config_eth0=" brd"
config_eth0=" netmask broadcast"


DHCP is a means of obtaining network information (IP address, DNS servers, Gateway, etc) from a DHCP server. This means that if there is a DHCP server running on the network, the user just has to tell each client to use DHCP and it sets up the network all by itself. Of course, the user will have to configure for other things like wireless, PPP or other things if required before he can use DHCP.

DHCP can be provided by dhclient, dhcpcd, or pump. Each DHCP module has its pros and cons - here is a quick run down:

DHCP module Package Pros Cons
dhclient net-misc/dhcp Made by ISC, the same people who make the BIND DNS software. Very configurable Configuration is overly complex, software is quite bloated, cannot get NTP servers from DHCP, does not send hostname by default
dhcpcd net-misc/dhcpcd Long time Gentoo default, no reliance on outside tools, actively developed by Gentoo Can be slow at times, does not yet daemonize when lease is infinite
pump net-misc/pump Lightweight, no reliance on outside tools No longer maintained upstream, unreliable, especially over modems, cannot get NIS servers from DHCP

If more than one DHCP client is installed, specify which one to use - otherwise we default to dhcpcd if available.

To send specific options to the DHCP module, use module_eth0="..." (change module to the DHCP module being used - i.e. dhcpcd_eth0).

We try to make DHCP relatively agnostic - as such we support the following commands using the dhcp_eth0 variable. The default is not to set any of them:

Releases the IP address for re-use.
Don't overwrite /etc/resolv.conf
Don't overwrite /etc/ntp.conf
Don't overwrite /etc/yp.conf
DATEI /etc/conf.d/netSample DHCP configuration
# Only needed if you have more than one DHCP module installed
dhcpcd_eth0="-t 10" # Timeout after 10 seconds
dhcp_eth0="release nodns nontp nonis" # Only get an address
dhcpcd and pump send the current hostname to the DHCP server by default so this does not need to be specified anymore.


First install the ADSL software:

root #emerge --ask net-dialup/ppp

Second, create the PPP net script and the net script for the Ethernet interface to be used by PPP:

root #ln -s /etc/init.d/net.lo /etc/init.d/net.ppp0
root #ln -s /etc/init.d/net.lo /etc/init.d/net.eth0

Be sure to set rc_depend_strict to YES in /etc/rc.conf.

Now we need to configure /etc/conf.d/net.

DATEI /etc/conf.d/netA basic PPPoE setup
config_eth0=null (Specify the ethernet interface)
link_ppp0="eth0" (Specify the ethernet interface)
holdoff 3
child-timeout 60
lcp-echo-interval 15
lcp-echo-failure 3
noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp"

It is also possible to set the password in /etc/ppp/pap-secrets.

DATEI /etc/ppp/pap-secretsSample pap-secrets
# The * is important
"username"  *  "password"

If PPPoE is used with a USB modem then make sure to emerge br2684ctl. Please read /var/db/repos/gentoo/net-dialup/speedtouch-usb/files/README for information on how to properly configure it.

Please carefully read the section on ADSL and PPP in /usr/share/doc/netifrc-*/net.example.bz2. It contains many more detailed explanations of all the settings any particular PPP setup will likely need.

APIPA (Automatic Private IP Addressing)

APIPA tries to find a free address in the range by arping a random address in that range on the interface. If no reply is found then we assign that address to the interface.

This is only useful for LANs where there is no DHCP server and the system doesn't connect directly to the Internet and all other computers use APIPA.

For APIPA support, emerge net-misc/iputils with the arping USE flag or net-analyzer/arping.

DATEI /etc/conf.d/netAPIPA configuration
# Try DHCP first - if that fails then fallback to APIPA
# Just use APIPA


Bonding is used to increase network bandwidth or to improve resiliency in face of hardware failures. If a system has two network cards going to the same network, then the administrator can bond them together so the applications see just one interface but they really use both network cards.

There are many ways to configure bonding. Some of them, such as the 802.3ad LACP mode, require support and additional configuration of the network switch. For a reference of the individual options, please refer to the local copy of /usr/src/linux/Documentation/networking/bonding.txt.

First, clear the configuration of the participating interfaces:

DATEI /etc/conf.d/netClearing interface configuration

Next, define the bonding between the interfaces:

DATEI /etc/conf.d/netDefine the bonding
slaves_bond0="eth0 eth1 eth2"
# Pick a correct mode and additional configuration options which suit your needs

Remove the net.eth* services from the runlevels, create a net.bond0 one and add that one to the correct runlevel.

Bridging (802.1d support)

Bridging is used to join networks together. For example, a system may have a server that connects to the Internet via an ADSL modem and a wireless access card to enable other computers to connect to the Internet via the ADSL modem. It is possible to create a bridge to join the two interfaces together.

DATEI /etc/conf.d/netBridge configuration
# Configure the bridge - "man brctl" for more details
# To add ports to bridge br0
bridge_br0="eth0 eth1"
# You need to configure the ports to null values so dhcp does not get started
# Finally give the bridge an address - you could use DHCP as well
# Depend on eth0 and eth1 as they may require extra configuration
rc_net_br0_need="net.eth0 net.eth1"
For using some bridge setups, consult the variable name documentation.
When bridging using IPv6, SLAAC requires STP to be set to 1 as seen in the example above.

MAC address

It is possible to change the MAC address of the interfaces through the network configuration file too.

DATEI /etc/conf.d/netMAC Address change example
# To set the MAC address of the interface
# To randomize the last 3 bytes only
# To randomize between the same physical type of connection (e.g. fibre,
# copper, wireless) , all vendors
# To randomize between any physical type of connection (e.g. fibre, copper,
# wireless) , all vendors
# Full randomization - WARNING: some MAC addresses generated by this may
# NOT act as expected


Tunneling does not require any additional software to be installed as the interface handler can do it.

DATEI /etc/conf.d/netTunneling configuration
# For GRE tunnels
iptunnel_vpn0="mode gre remote key 0xffffffff ttl 255"
# For IPIP tunnels
iptunnel_vpn0="mode ipip remote ttl 255"
# To configure the interface
config_vpn0=" peer"

VLAN (802.1q support)

For VLAN support, make sure that sys-apps/iproute2 is installed and ensure that iproute2 is used as configuration module rather than ifconfig.

Virtual LAN is a group of network devices that behave as if they were connected to a single network segment - even though they may not be. VLAN members can only see members of the same VLAN even though they may share the same physical network.

To configure VLANs, first specify the VLAN numbers in /etc/conf.d/net like so:

DATEI /etc/conf.d/netSpecifying VLAN numbers
vlans_eth0="1 2"

Next, configure the interface for each VLAN:

DATEI /etc/conf.d/netInterface configuration for each VLAN
config_eth0_1=" netmask"
routes_eth0_1="default via"
config_eth0_2=" netmask"
routes_eth0_2="default via"

VLAN-specific configurations are handled by vconfig like so:

DATEI /etc/conf.d/netConfiguring the VLANs
vlan1_ingress="2:6 3:5"
For using some VLAN setups, consult the variable name documentation.


Wireless networking on Linux is usually pretty straightforward. There are three ways of configuring wifi: graphical clients, text-mode interfaces, and command-line interfaces.

The easiest way is to use a graphical client once a desktop environment is installed. Most graphical clients, such as NetworkManager, are pretty self-explanatory. They offer a handy point-and-click interface that gets users on a network in just a few seconds.

NetworkManager offers text-mode or command-line interface utilities in addition to the main graphical interface. Emerge the net-misc/networkmanager package with the ncurses USE flag enabled. The nmtui utility is particularly useful for folks who do not use a X or Wayland based desktop environment, but still desire an easy-to-use tool that does not require hand-editing configuration files.

Wireless can also be configured from the command line by editing a few configuration files. This takes a bit more time to setup, but it also requires the fewest packages to download and install. Since the graphical clients are mostly self-explanatory (with helpful screen shots at their home pages), we'll focus on the command line alternatives.

There are three tools that support command-line driven wireless configurations: net-wireless/iw, net-wireless/wireless-tools, and net-wireless/wpa_supplicant. Of these three, net-wireless/wpa_supplicant is the preferred one. The important thing to remember is that wireless networks are configured on a global basis and not an interface basis.

The net-wireless/iw software, the successor of net-wireless/wireless-tools, supports nearly all cards and drivers, but it cannot connect to WPA-only Access Points. If the networks only offer WEP encryption or are completely open, then net-wireless/iw beats the other package over simplicity.

Some wireless cards are deactivated by default. To activate them, please consult the hardware documentation. Some of these cards can be unblocked using the rfkill application. If that is the case, use rfkill list to see the available cards and rfkill unblock INDEX to activate the wireless functionality. If not, then the wireless card might need to be unlocked through a button, switch or special key combination on the laptop.

WPA supplicant

The WPA supplicant project provides a package that allows users to connect to WPA enabled access points.

root #emerge --ask net-wireless/wpa_supplicant
It is necessary to have CONFIG_PACKET enabled in the kernel for wpa_supplicant to work. To see if it is enabled on the current kernel, try:
root #zgrep CONFIG_PACKET /proc/config.gz
root #grep CONFIG_PACKET /usr/src/linux/.config
Depending on the USE flags, wpa_supplicant can install a graphical interface written in Qt5, which will integrate nicely with KDE. To get it, enable USE="qt5" for the net-wireless/wpa_supplicant package.

Next, configure /etc/conf.d/net so that the wpa_supplicant module is preferred over wireless-tools (if both are installed, wireless-tools is the default).

DATEI /etc/conf.d/netForce the use of wpa_supplicant
# Prefer wpa_supplicant over wireless-tools
When using the host-ap driver it is necessary to put the card in Managed mode before it can be used with wpa_supplicant correctly. This can be achieved by setting iwconfig_eth0="mode managed" in /etc/conf.d/net.

Next configure wpa_supplicant itself (which is a bit more tricky depending on how secure the Access Points are). The below example is taken and simplified from /usr/share/doc/wpa_supplicant-<version>/wpa_supplicant.conf.gz which ships with wpa_supplicant.

DATEI /etc/wpa_supplicant/wpa_supplicant.confSomewhat simplified example
# The below line not be changed otherwise wpa_supplicant refuses to work
# Ensure that only root can read the WPA configuration
# Let wpa_supplicant take care of scanning and AP selection
# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers
  psk="very secret passphrase"
  # The higher the priority the sooner we are matched
# Same as previous, but request SSID-specific scanning (for APs that reject
# broadcast SSID)
  ssid="second ssid"
  psk="very secret passphrase"
# Only WPA-PSK is used. Any valid cipher combination is accepted
  pairwise=CCMP TKIP
  group=CCMP TKIP WEP104 WEP40
# Plaintext connection (no WPA, no IEEE 802.1X)
# Shared WEP key connection (no WPA, no IEEE 802.1X)
  # Keys in quotes are ASCII keys
  # Keys specified without quotes are hex keys
# Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key
# IEEE 802.11 authentication
# IBSS/ad-hoc network with WPA-None/TKIP
  ssid="test adhoc"
  psk="secret passphrase"

Wireless tools

Initial setup and managed mode

The wireless tools project provides a generic way to configure basic wireless interfaces up to the WEP security level. While WEP is a weak security method it's still prevalent in the world.

Wireless tools configuration is controlled by a few main variables. The sample configuration file below should describe all that is needed. One thing to bear in mind is that no configuration means "connect to the strongest unencrypted Access Point" - wireless tools will always try and connect the system to something.

root #emerge --ask net-wireless/wireless-tools
Although net-wireless/iw is the current tool for the wireless stack, net-misc/netifrc before version 0.6.0 does not work with the new commands. net-wireless/wireless-tools must be used with netifrc with earlier versions. For more information consult the variable name documentation.
DATEI /etc/conf.d/netSample iwconfig setup
# Prefer iwconfig over wpa_supplicant
# Configure WEP keys for Access Points called ESSID1 and ESSID2
# You may configure up to 4 WEP keys, but only 1 can be active at
# any time so we supply a default index of [1] to set key [1] and then
# again afterwards to change the active key to [1]
# We do this incase you define other ESSID's to use WEP keys other than 1
# Prefixing the key with s: means it's an ASCII key, otherwise a HEX key
# enc open specified open security (most secure)
# enc restricted specified restricted security (least secure)
key_ESSID1="[1] s:yourkeyhere key [1] enc open"
key_ESSID2="[1] aaaa-bbbb-cccc-dd key [1] enc restricted"
# The below only work when we scan for available Access Points
# Sometimes more than one Access Point is visible so we need to
# define a preferred order to connect in
preferred_aps="'ESSID1' 'ESSID2'"

Fine-tune AP selection

It is possible to add some extra options to fine-tune the AP selection, but these are not required.

One way is to configure the system so it only connects to preferred APs. By default if everything configured has failed and wireless-tools can connect to an unencrypted Access Point then it will. This can be controlled by the associate_order variable. Here's a table of values and how they control this.

Value Description
any Default behavior.
preferredonly Only connect to visible APs in the preferred list.
forcepreferred Forceably connect to APs in the preferred order if they are not found in a scan.
forcepreferredonly Do not scan for APs - instead just try to connect to each one in order.
forceany Same as forcepreferred + connect to any other available AP.

There is also the blacklist_aps and unique_ap selection. blacklist_aps works in a similar way to preferred_aps. unique_ap is a yes or no value that says if a second wireless interface can connect to the same Access Point as the first interface.

DATEI /etc/conf.d/netblacklist_aps and unique_ap example
# Sometimes you never want to connect to certain access points
blacklist_aps="'ESSID3' 'ESSID4'"
# If you have more than one wireless card, you can say if you want
# to allow each card to associate with the same Access Point or not
# Values are "yes" and "no"
# Default is "yes"

Ad-hoc and master modes

To set the system up as an ad-hoc node when it fails to connect to any Access Point in managed mode, use this as a fallback:

DATEI /etc/conf.d/netFallback to ad-hoc mode
adhoc_essid_eth0="This Adhoc Node"

It is also possible to connect to ad-hoc networks, or to run the system in master mode so it becomes an access point itself.

DATEI /etc/conf.d/netSample ad-hoc/master configuration
# Set the mode - can be managed (default), ad-hoc or master
# Not all drivers support all modes
# Set the ESSID of the interface
# In managed mode, this forces the interface to try and connect to the
# specified ESSID and nothing else
essid_eth0="This Adhoc Node"
# We use channel 3 if you don't specify one
An important resource about channel selection is the BSD wavelan documentation found at the NetBSD documentation. There are 14 channels possible; We are told that channels 1-11 are legal for North America, channels 1-13 for most of Europe, channels 10-13 for France, and only channel 14 for Japan. If in doubt, please refer to the documentation that came with the card or access point. Make sure that the channel selected is the same channel the access point (or the other card in an ad-hoc network) is on. The default for cards sold in North America and most of Europe is 3; the default for cards sold in France is 11, and the default for cards sold in Japan is 14.

Troubleshooting wireless tools

There are some more variables that can help to get the wireless up and running due to driver or environment problems. Here's a table of other things that can be tried.

Variable name Default value Description
iwconfig_eth0 See the iwconfig man page for details on what to send iwconfig.
iwpriv_eth0 See the iwpriv man page for details on what to send iwpriv.
sleep_scan_eth0 0 The number of seconds to sleep before attempting to scan. This is needed when the driver/firmware needs more time to active before it can be used.
sleep_associate_eth0 5 The number of seconds to wait for the interface to associate with the Access Point before moving onto the next one.
associate_test_eth0 MAC Some drivers do not reset the MAC address associated with an invalid one when they lose or attempt association. Some drivers do not reset the quality level when they lose or attempt association. Valid settings are MAC, quality and all.
scan_mode_eth0 Some drivers have to scan in ad-hoc mode, so if scanning fails try setting ad-hoc here.
iwpriv_scan_pre_eth0 Sends some iwpriv commands to the interface before scanning. See the iwpriv man page for more details.
iwpriv_scan_post_eth0 Sends some iwpriv commands to the interface after scanning. See the iwpriv man page for more details.

Defining network configuration per ESSID

In this section, we show how to configure network settings based on the ESSID. For instance, with the wireless network with ESSID ESSID1 configure a static IP address while ESSID ESSID2 uses DHCP.

This works with both wpa_supplicant as well as wireless-tools
Please consult the variable name documentation.
DATEI /etc/conf.d/netoverride network settings per ESSID
config_ESSID1=" brd"
routes_ESSID1="default via"
fallback_route_ESSID2="default via"
# We can define nameservers and other things too
# NOTE: DHCP will override these unless it's told not to
dns_search_domains_ESSID1="search.this.domain search.that.domain"
# You override by the MAC address of the Access Point
# This handy if you goto different locations that have the same ESSID
dhcpcd_001122334455="-t 10"

Standard Funktionshooks

Vier Funktionen können in /etc/conf.d/net definiert werden, die vor und nach der start/stop Operationen aufgerufen werden. Die Funktionen werden mit vorangestelltem Schnittstellennamen aufgerufen, so dass eine Funktion mehrere Adapter kontrollieren kann.

Der Rückgabewert der preup() und predown() Funktionen sollte 0 sein (Erfolg) um anzuzeigen, dass die Konfiguration und De-Konfiguration der Schnittstelle fortgesetzt werden kann. Wenn preup() einen Wert ungleich null zurückliefert, wird die Konfiguration der Schnittstellen abgebrochen. Wenn predown() einen Wert ungleich null zurückgibt, ist es der Schnittstelle nicht gestatten die De-Konfiguration fortzusetzen.

Die Rückgabewerte der postup() und postdown() Funktionen werden ignoriert da es nichts weiter zu tun gibt, wenn sie einen Fehler anzeigen.

${IFACE} ist auf das Interface gesetzt, das gestartet/ gestoppt wird. ${IFVAR} ist ${IFACE} in einen Variablennamen umgesetzt, den bash gestattet.

DATEI /etc/conf.d/netpre/post up/down Funktionsbeispiele
preup() {
  # Überprüft die Existenz eines Links auf die Schnittstelle vor
  # der Aktivierung. Dies funktioniert nur mit einigen
  # Netzwerk-Adaptern und benötigt ein installiertes ethtool Paket.
  if ethtool ${IFACE} | grep -q 'Link detected: no'; then
    ewarn "No link on ${IFACE}, aborting configuration"
    return 1
  # Denken Sie daran 0 bei Erfolg zurückzugeben
  return 0
predown() {
  # Der Standard im Script ist auf NFS root zu prüfen und in diesem
  # Fall das Stoppen der Schnittstelle zu unterbinden. Beachten Sie,
  # dass Sie diese Logik überschreiben, wenn Sie eine predown()
  # Funktion angeben. Hier ist sie für den Fall, dass Sie sie dennoch
  # wollen ...
  if is_net_fs /; then
    eerror "root filesystem is network mounted -- can't stop ${IFACE}"
    return 1
  # Denken Sie daran 0 bei Erfolg zurückzugeben
  return 0
postup() {
  # Diese Funktion könnte beispielsweise genutzt werden, um sich bei
  # einem DNS Service zu registrieren. Eine weitere Möglichkeit würde
  # das Senden/Empfangen von Mails nach dem Start einer Schnittstelle
  # sein.
       return 0
postdown() {
  # Diese Funktion ist hauptsächlich der Vollständigkeit halber
  # hier... Ich habe bisher noch nicht darüber nachgedacht etwas
  # Raffiniertes damit anzustellen ;-D
  return 0
Für weitere Informationen zum Schreiben von Funktionen lesen Sie bitte /usr/share/doc/netifrc-*/net.example.bz2.

Wireless Tools Funktionshook

Dies wird mit WPA Supplicant nicht funktionieren - aber die Variablen ${ESSID} und ${ESSIDVAR} sind in der Funktion postup() verfügbar.

Zwei Funktionen können in /etc/conf.d/net definiert werden, die vor und nach der start/stop Operationen aufgerufen werden. Die Funktionen werden mit vorangestelltem Schnittstellennamen aufgerufen, so dass eine Funktion mehrere Adapter kontrollieren kann.

Die Rückgabewerte der Funktion preassociate() sollte 0 sein (Erfolg) um anzuzeigen, dass die Konfiguration oder De-Konfiguration der Schnittstelle fortgesetzt werden kann. Wenn preassociate() einen Wert ungleich Null zurückgibt, wird die Schnittstellen-Konfiguration abgebrochen.

Der Rückgabewert der Funktion postassociate() wird ignoriert, weil es nicht zu tun gibt wenn er Fehler anzeigt.

${ESSID} wir auf die exakte ESSID des Access Pionts (AP) gesetzt zu dem sich das System verbindet. ${ESSIDVAR} ist ${ESSID} in einen Variablennamen umgewandelt, den bash erlaubt.

DATEI /etc/conf.d/netpre/post Verbindungs-Funktionen
preassociate() {
  # Das Untere fügt zwei Konfigurations-Variablen leap_user_ESSID und
  # leap_pass_ESSID hinzu. Wenn beide für die ESSID konfiguriert sind
  # zu der sie verbunden sind, führen wir das CISCO LEAP Script aus.

  local user pass
  eval user=\"\$\{leap_user_${ESSIDVAR}\}\"
  eval pass=\"\$\{leap_pass_${ESSIDVAR}\}\"
  if [[ -n ${user} && -n ${pass} ]]; then
    if [[ ! -x /opt/cisco/bin/leapscript ]]; then
      eend "For LEAP support, please emerge net-misc/cisco-aironet-client-utils"
      return 1
    einfo "Waiting for LEAP Authentication on \"${ESSID//\\\\//}\""
    if /opt/cisco/bin/leapscript ${user} ${pass} | grep -q 'Login incorrect'; then
      ewarn "Login Failed for ${user}"
      return 1
  return 0
postassociate() {
  # Diese Funktion ist hauptsächlich der Vollständigkeit halber
  # hier... Ich habe bisher noch nicht darüber nachgedacht etwas
  # Raffiniertes damit anzustellen ;-D
  return 0
${ESSID} und ${ESSIDVAR} sind in den Funktionen predown() und postdown() nicht verfügbar.
Schauen Sie sich bitte /usr/share/doc/netifrc-*/net.example.bz2 an, um weitere Informationen zum Schreiben von angepassten Funktionen zu erhalten.


Mit Laptops können Systeme immer in Bewegung sein. Daraus resultiert, dass am System nicht immer ein Ethernet Kabel angeschlossen sein kann oder ein Access Point verfügbar ist. Außerdem möchte der Benutzer möglicherweise, dass das Netzwerk automatisch funktioniert, wenn ein Ethernet Kabel eingesteckt wird oder ein Access Point gefunden wird.

In diesem Kapitel behandeln wir, wie dies erreicht werden kann.

Dieses Dokument spricht nur über ifplugd, aber es gibt Alternativen wie netplug. netplug ist eine leichtgewichtige Alternative zu ifplugd, aber es verlässt sich darauf, dass die Kernel Netzwerktreiber korrekt arbeiten und viele Treiber tun dies nicht.


ifplugd ist ein Dienst der Schnittstellen startet und stoppt, wenn ein Netzwerkkabel eingesteckt oder abgezogen wird. Es kann ebenfalls die Zuordnung von Access Points handhaben oder wenn neue in Reichweite kommen.

root #emerge --ask sys-apps/ifplugd

Die Konfiguration von ifplugd ist außerdem ziemlich geradlinig. Sie befindet sich in /etc/conf.d/net. Führen Sie man ifplugd aus, um Details zu den verfügbaren Variablen zu erhalten. Sehen Sie sich außerdem /usr/share/doc/netifrc-*/net.example.bz2 für weitere Beispiele an.

DATEI /etc/conf.d/netBeispiel Konfiguration ifplug
# Ersetzen Sie eth0 mit der zu überwachenden Schnittstelle
# Um eine drahtlose Schnittstelle zu überwachen

Zusätzlich zur Verwaltung mehrerer Netzwerkverbindungen möchten die Nutzer vielleicht ein Tool hinzufügen, das den Umgang mit mehreren DNS Servern und Konfigurationen vereinfacht. Das ist sehr praktisch, wenn das System seine IP-Adresse über DHCP empfängt.

root #emerge --ask net-dns/openresolv

Werfen Sie einen Blick auf man resolvconf, um mehr über seine Funktionen zu lernen.

Warning: Display title "Gentoo Linux x86 Handbuch: Netzwerk-Konfiguration" overrides earlier display title "Handbuch:X86/Komplett/Netzwerk".