HowTo Setup A Server With Multiple Network Interface Adapters Using: "nstnetcfg"
Contents
Overview
This page demonstrates how to setup networking with an NST server that is configured with multiple network interface adapters for performing simultaneous network computing surveillance tasks. The NST script: "nstnetcfg" command line tool was designed to make this task easy to accomplish using the underlying "network" service.
The diagram below will be used as a reference for setting up a multi-network interface adapter server using NST. The rear panel of a 1U Server is shown with NIC attachment to the network infrastructure. The network security staff for fictitious company: "TxyCorp" would like to use NST for monitoring different network segments throughout their network computing environment. In particular, they would like to monitor traffic entering and leaving their corporation, web server traffic, all client electronic business transactions and remote traffic to and from their satellite offices.
When booting up "NST Live" or after a hard disk installation, the "Network Manager" service is on by default for managing all network interfaces found on an NST system. Network Manager provides a quick and easy method for setting up networking on a system equipped with a wireless interface and uses DHCP for IPv4 Address configuration. When a system is configured with two or more wired network interfaces or requires a multi-homed network setup, the "network" service may be a better choice for setting up the network configuration.
The nstnetcfg script will help mitigate some of the error prone tasks necessary when setting up networking on a NST (Linux) system using the "network" service.
Network Interface Setup Configuration Information
In this section we will identify each network interface and how it should be setup using the 1U Server configuration illustrated in the reference diagram above. Network parameters such as the Subnet Mask, Host Name(s), Domain Name Servers, Domain Name, Gateway and Default Interface will also be identified. The table below depicts values that will be used when setting up networking for this demonstration using the nstnetcfg script.
Interface / Parameter | Configuration Values |
---|---|
em0 | IPv4 Address: 172.30.1.16, Network Routing Prefix: 24, Host Name: nstsurv1-mon, Gateway: 10.221.1.1 |
em1 | IPv4 Address: 10.221.5.14, Network Routing Prefix: 16, Host Name: nstsurv1, Gateway: 10.221.1.1 |
em2 | IPv4 Address: stealth |
em3 | IPv4 Address: stealth |
p2p1 | IPv4 Address: stealth |
p2p2 | IPv4 Address: stealth |
p4p1 | IPv4 Address: stealth |
p4p2 | IPv4 Address: stealth |
p6p1 | IPv4 Address: stealth |
p6p2 | IPv4 Address: stealth |
Domain Name Servers | 10.221.1.10, 10.221.1.11 |
Domain Name | txycorp.com |
Virtual Host (ssl.conf) | *.443 |
Server Name (ssl.conf) | nstsurv1.txycorp.com:443 |
Network Interface Configuration: nstnetcfg
We will now use the NST script: "nstnetcfg" for setting up networking on this server. This script will disable the "NetworkManager" service and enable the "network" service when setting up a static IPv4 Address (--mode ipv4). The "NetworkManager" service will also be disabled at boot time and the "network" service will be enabled at boot time. Use the sequence of nstnetcfg invocations below to serve as an example for setting up networking on your NST server.
Initialize All Network Interfaces
The nstnetcfg mode: --init will put the networking setup posture in a known initialized state. Both the "NetworkManager" service and the "network" service will be disabled with their associated configuration files removed. The "LoopBack" interface device is never altered or removed with this mode. It is wise to first use this mode prior to setting up networking so that any lingering "NetworkManager" configuration files will not interfere with the "network" service operation.
[root@probe ~]#
Static IPv4 Configured Interfaces
Interface: em1
[root@probe ~]#
Interface: em0
[root@probe ~]#
Stealth Configured Interfaces
Interface: em2
[root@probe ~]#
Interface: em3
[root@probe ~]#
Interface: p2p1
[root@probe ~]#
Interface: p2p2
[root@probe ~]#
Interface: p4p1
[root@probe ~]#
Interface: p4p2
[root@probe ~]#
Interface: p6p1
[root@probe ~]#
Interface: p6p2
[root@probe ~]#
Stealth Interface Combo Setting Command
[root@probe ~]#
SSL (HTTPS) Configuration
[root@probe ~]#