Fedora 21 Static IP Configuration

Background
• WWS01: One Fedora 21 server (will be configured as a web server later)
• WWS01 Public IP: 104.237.145.168
• WWS01 Private IP: 192.168.176.213

Workflow (Tasks Completed)
• Set Hostname
• Updated /etc/hosts
• Set Time-zone
• Installed Software updates
• Created new user and disabled root login
• Setup SSH Key Pair Authentication
• Created Firewall
• Installed/Configured Fail2Ban
• Installed all server updates for Fedora 21
• Static IP Configuration (https://www.linode.com/docs/networking/ ... iguration/)

Problem (Static IP Configuration)
• I’m currently setting up the Static IP Configuration for the WWS01 server
• The server can ping its private IP after the configuration is complete
• However, if you restart the server the default eth0 connection is loaded and the server can not ping its private IP
• If you execute the nmcli con up "System eth0" command then the private IP is reachable again, but only until you restart

Fedora Version
[myadminsys@WWS01 ~]$ cat /etc/system-release
Fedora release 21 (Twenty One)
[myadminsys@WWS01 ~]$

Eth0 Config Files

sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0
# Configuration for eth0
DEVICE=eth0
#HWADDR=f2:3c:91:84:7e:42
BOOTPROTO=none

# This line ensures that the interface will be brought up during boot.
ONBOOT=yes

# eth0 - This is the main IP address that will be used for most outbound connections.
# The address, netmask, and gateway are all necessary.
TYPE=Ethernet
DEFROUTE=yes

# Network Manager will not control the interface if set to no
#NM_CONTROLLED=no

IPV4_FAILURE_FATAL=no
IPV6INIT=no
NAME="System eth0"
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
IPADDR=104.237.145.168
PREFIX=24
GATEWAY=104.237.145.1

sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0:0
# Configuration for eth0:0
DEVICE=eth0:0
BOOTPROTO=none

# This line ensures that the interface will be brought up during boot.
ONBOOT=yes

#NM_CONTROLLED=no

# eth0:0
# This is a private IP address. Private IPs do not have a gateway (they are not publicly routable).
# All you need to specify is the address and netmask

IPADDR=192.168.176.213
PREFIX=17
GATEWAY=104.237.145.1


Command Outputs (After Restarting the Server)

[myadminsys@WWS01 ~]$ sudo service network restart
Restarting network (via systemctl): Job for network.service failed. See "systemctl status network.service" and "journalctl -xe" for details.
[FAILED]
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo systemctl status network.service
network.service - LSB: Bring up/down networking
Loaded: loaded (/etc/rc.d/init.d/network)
Active: failed (Result: exit-code) since Sat 2015-01-17 22:13:03 UTC; 2min 46s ago
Process: 4320 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=6)

Jan 17 22:13:03 WWS01 systemd[1]: Starting LSB: Bring up/down networking...
Jan 17 22:13:03 WWS01 systemd[1]: network.service: control process exited, code=exited status=6
Jan 17 22:13:03 WWS01 systemd[1]: Failed to start LSB: Bring up/down networking.
Jan 17 22:13:03 WWS01 systemd[1]: Unit network.service entered failed state.
Jan 17 22:13:03 WWS01 systemd[1]: network.service failed.
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default
link/ether 4e:e4:05:b9:d2:51 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether f2:3c:91:84:7e:41 brd ff:ff:ff:ff:ff:ff
inet 104.237.145.168/24 brd 104.237.145.255 scope global dynamic eth0
valid_lft 69405sec preferred_lft 69405sec
inet6 2600:3c03::f03c:91ff:fe84:7e42/64 scope global mngtmpaddr dynamic
valid_lft 2591979sec preferred_lft 604779sec
inet6 fe80::f03c:91ff:fe84:7e42/64 scope link
valid_lft forever preferred_lft forever
4: teql0: <NOARP> mtu 1500 qdisc noop state DOWN group default qlen 100
link/void
5: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default
link/ipip 0.0.0.0 brd 0.0.0.0
6: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default
link/gre 0.0.0.0 brd 0.0.0.0
7: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
8: ip_vti0@NONE: <NOARP> mtu 1428 qdisc noop state DOWN group default
link/ipip 0.0.0.0 brd 0.0.0.0
9: ip6_vti0@NONE: <NOARP> mtu 1500 qdisc noop state DOWN group default
link/tunnel6 :: brd ::
10: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default
link/sit 0.0.0.0 brd 0.0.0.0
11: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default
link/tunnel6 :: brd ::
12: ip6gre0@NONE: <NOARP> mtu 1448 qdisc noop state DOWN group default
link/gre6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo ip route
default via 104.237.145.1 dev eth0 proto static metric 1024
default via 104.237.145.1 dev eth0 proto dhcp src 104.237.145.168 metric 1024
96.126.108.78 via 104.237.145.1 dev eth0 proto dhcp metric 1
104.237.145.0/24 dev eth0 proto kernel scope link src 104.237.145.168
104.237.145.1 dev eth0 proto dhcp scope link src 104.237.145.168 metric 1024
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo ip neigh
fe80::8678:acff:fe57:aac1 dev eth0 lladdr 84:78:ac:57:aa:c1 router STALE
2600:3c03::8678:acff:fe57:aac1 dev eth0 lladdr 84:78:ac:57:aa:c1 router STALE
fe80::8678:acff:fe57:a841 dev eth0 lladdr 84:78:ac:57:a8:41 router STALE
fe80::1 dev eth0 lladdr 00:05:73:a0:0f:ff router STALE
104.237.145.1 dev eth0 lladdr 00:00:0c:9f:f0:1d REACHABLE
104.237.145.3 dev eth0 lladdr 84:78:ac:57:a8:41 STALE
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo iptables -nv -L
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * * 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable
8838 938K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
8 392 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2 80 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
20 1040 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:8080:8090
546 31500 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
2 68 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
447 30531 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: "
0 0 ACCEPT all -- * * 96.126.119.66 0.0.0.0/0
458 33469 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
10048 1955K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 96.126.119.66
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo nmcli con show "Wired connection 1"
Error: Wired connection 1 - no such connection profile.
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo nmcli con show eth0
connection.id: eth0
connection.uuid: f9ddea8a-3a28-4c7f-814a-13641376ef00
connection.interface-name: eth0
connection.type: 802-3-ethernet
connection.autoconnect: no
connection.timestamp: 1421533508
connection.read-only: no
connection.permissions:
connection.zone: --
connection.master: --
connection.slave-type: --
connection.secondaries:
connection.gateway-ping-timeout: 0
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: yes
802-3-ethernet.mac-address: F2:3C:91:84:7E:43
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.mac-address-blacklist:
802-3-ethernet.mtu: auto
802-3-ethernet.s390-subchannels:
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options:
ipv4.method: auto
ipv4.dns: 207.192.69.4, 207.192.69.5, 97.107.133.4
ipv4.dns-search:
ipv4.addresses:
ipv4.routes:
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.never-default: no
ipv4.may-fail: yes
ipv6.method: auto
ipv6.dns:
ipv6.dns-search:
ipv6.addresses:
ipv6.routes:
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.ip6-privacy: -1 (unknown)
ipv6.dhcp-hostname: --
GENERAL.NAME: eth0
GENERAL.UUID: f9ddea8a-3a28-4c7f-814a-13641376ef00
GENERAL.DEVICES: eth0
GENERAL.STATE: activated
GENERAL.DEFAULT: yes
GENERAL.DEFAULT6: no
GENERAL.VPN: no
GENERAL.ZONE: --
GENERAL.DBUS-PATH: /org/freedesktop/NetworkManager/ActiveConnection/0
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Settings/1
GENERAL.SPEC-OBJECT: --
GENERAL.MASTER-PATH: --
IP4.ADDRESS[1]: ip = 104.237.145.168/24, gw = 104.237.145.1
IP4.ROUTE[1]: dst = 96.126.108.78/32, nh = 104.237.145.1, mt = 1
IP4.DNS[1]: 207.192.69.4
IP4.DNS[2]: 207.192.69.5
IP4.DNS[3]: 97.107.133.4
IP4.DOMAIN[1]: members.linode.com
DHCP4.OPTION[1]: network_number = 104.237.145.0
DHCP4.OPTION[2]: requested_domain_search = 1
DHCP4.OPTION[3]: requested_nis_domain = 1
DHCP4.OPTION[4]: requested_time_offset = 1
DHCP4.OPTION[5]: host_name = li833-167
DHCP4.OPTION[6]: requested_rfc3442_classless_static_routes = 1
DHCP4.OPTION[7]: requested_classless_static_routes = 1
DHCP4.OPTION[8]: requested_domain_name = 1
DHCP4.OPTION[9]: expiry = 1421599857
DHCP4.OPTION[10]: requested_broadcast_address = 1
DHCP4.OPTION[11]: next_server = 0.0.0.0
DHCP4.OPTION[12]: broadcast_address = 104.237.145.255
DHCP4.OPTION[13]: dhcp_message_type = 5
DHCP4.OPTION[14]: requested_interface_mtu = 1
DHCP4.OPTION[15]: requested_subnet_mask = 1
DHCP4.OPTION[16]: dhcp_lease_time = 86400
DHCP4.OPTION[17]: ip_address = 104.237.145.168
DHCP4.OPTION[18]: routers = 104.237.145.1
DHCP4.OPTION[19]: requested_static_routes = 1
DHCP4.OPTION[20]: requested_domain_name_servers = 1
DHCP4.OPTION[21]: requested_nis_servers = 1
DHCP4.OPTION[22]: domain_name_servers = 207.192.69.4 207.192.69.5 97.107.133.4
DHCP4.OPTION[23]: domain_name = members.linode.com
DHCP4.OPTION[24]: requested_ntp_servers = 1
DHCP4.OPTION[25]: requested_routers = 1
DHCP4.OPTION[26]: requested_ms_classless_static_routes = 1
DHCP4.OPTION[27]: subnet_mask = 255.255.255.0
DHCP4.OPTION[28]: requested_host_name = 1
DHCP4.OPTION[29]: requested_wpad = 1
DHCP4.OPTION[30]: dhcp_server_identifier = 96.126.108.78
IP6.ADDRESS[1]: ip = 2600:3c03::f03c:91ff:fe84:7e42/64, gw = fe80::1
IP6.ADDRESS[2]: ip = fe80::f03c:91ff:fe84:7e42/64, gw = fe80::1
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo nmcli con show "System eth0"
connection.id: System eth0
connection.uuid: 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
connection.interface-name: eth0
connection.type: 802-3-ethernet
connection.autoconnect: yes
connection.timestamp: 1421449382
connection.read-only: no
connection.permissions:
connection.zone: --
connection.master: --
connection.slave-type: --
connection.secondaries:
connection.gateway-ping-timeout: 0
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: yes
802-3-ethernet.mac-address: --
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.mac-address-blacklist:
802-3-ethernet.mtu: auto
802-3-ethernet.s390-subchannels:
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options:
ipv4.method: manual
ipv4.dns:
ipv4.dns-search:
ipv4.addresses: { ip = 104.237.145.168/24, gw = 104.237.145.1 }; { ip = 192.168.176.213/17, gw = 104.237.145.1 }
ipv4.routes:
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.never-default: no
ipv4.may-fail: yes
ipv6.method: ignore
ipv6.dns:
ipv6.dns-search:
ipv6.addresses:
ipv6.routes:
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.ip6-privacy: -1 (unknown)
ipv6.dhcp-hostname: --
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo nmcli con show
NAME UUID TYPE DEVICE
eth0 f9ddea8a-3a28-4c7f-814a-13641376ef00 802-3-ethernet eth0
System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet --
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 104.237.145.168 netmask 255.255.255.0 broadcast 104.237.145.255
inet6 fe80::f03c:91ff:fe84:7e42 prefixlen 64 scopeid 0x20<link>
inet6 2600:3c03::f03c:91ff:fe84:7e42 prefixlen 64 scopeid 0x0<global>
ether f2:3c:91:84:7e:41 txqueuelen 1000 (Ethernet)
RX packets 12469 bytes 1286949 (1.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10562 bytes 2148083 (2.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 3 bytes 325 (325.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3 bytes 325 (325.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[myadminsys@WWS01 ~]$


Command Outputs (After running nmcli con up after restart)

[myadminsys@WWS01 ~]$ sudo nmcli con up "System eth0"
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo service network restart
Restarting network (via systemctl): Job for network.service failed. See "systemctl status network.service" and "journalctl -xe" for details.
[FAILED]
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo systemctl status network.service
network.service - LSB: Bring up/down networking
Loaded: loaded (/etc/rc.d/init.d/network)
Active: failed (Result: exit-code) since Sat 2015-01-17 22:35:35 UTC; 15s ago
Process: 4502 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=6)

Jan 17 22:35:35 WWS01 systemd[1]: network.service: control process exited, code=exited status=6
Jan 17 22:35:35 WWS01 systemd[1]: Failed to start LSB: Bring up/down networking.
Jan 17 22:35:35 WWS01 systemd[1]: Unit network.service entered failed state.
Jan 17 22:35:35 WWS01 systemd[1]: network.service failed.
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default
link/ether 4e:e4:05:b9:d2:51 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether f2:3c:91:84:7e:41 brd ff:ff:ff:ff:ff:ff
inet 104.237.145.168/24 brd 104.237.145.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.176.213/17 brd 192.168.255.255 scope global eth0:0
valid_lft forever preferred_lft forever
inet6 2600:3c03::f03c:91ff:fe84:7e42/64 scope global mngtmpaddr dynamic
valid_lft 2591992sec preferred_lft 604792sec
inet6 fe80::f03c:91ff:fe84:7e42/64 scope link
valid_lft forever preferred_lft forever
4: teql0: <NOARP> mtu 1500 qdisc noop state DOWN group default qlen 100
link/void
5: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default
link/ipip 0.0.0.0 brd 0.0.0.0
6: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default
link/gre 0.0.0.0 brd 0.0.0.0
7: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
8: ip_vti0@NONE: <NOARP> mtu 1428 qdisc noop state DOWN group default
link/ipip 0.0.0.0 brd 0.0.0.0
9: ip6_vti0@NONE: <NOARP> mtu 1500 qdisc noop state DOWN group default
link/tunnel6 :: brd ::
10: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default
link/sit 0.0.0.0 brd 0.0.0.0
11: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default
link/tunnel6 :: brd ::
12: ip6gre0@NONE: <NOARP> mtu 1448 qdisc noop state DOWN group default
link/gre6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo ip route
default via 104.237.145.1 dev eth0 proto static metric 1024
104.237.145.0/24 dev eth0 proto kernel scope link src 104.237.145.168
192.168.128.0/17 dev eth0 proto kernel scope link src 192.168.176.213
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo ip neigh
fe80::8678:acff:fe57:aac1 dev eth0 lladdr 84:78:ac:57:aa:c1 router STALE
fe80::8678:acff:fe57:a841 dev eth0 lladdr 84:78:ac:57:a8:41 router STALE
fe80::1 dev eth0 lladdr 00:05:73:a0:0f:ff router STALE
104.237.145.1 dev eth0 lladdr 00:00:0c:9f:f0:1d REACHABLE
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo iptables -nv -L
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * * 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable
9797 1015K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
8 392 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2 80 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
20 1040 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:8080:8090
548 31580 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
3 96 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
460 31239 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: "
0 0 ACCEPT all -- * * 96.126.119.66 0.0.0.0/0
471 34177 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
10793 2053K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 96.126.119.66
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo nmcli con show "Wired connection 1"
Error: Wired connection 1 - no such connection profile.
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo nmcli con show eth0
connection.id: eth0
connection.uuid: f9ddea8a-3a28-4c7f-814a-13641376ef00
connection.interface-name: eth0
connection.type: 802-3-ethernet
connection.autoconnect: no
connection.timestamp: 1421533851
connection.read-only: no
connection.permissions:
connection.zone: --
connection.master: --
connection.slave-type: --
connection.secondaries:
connection.gateway-ping-timeout: 0
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: yes
802-3-ethernet.mac-address: F2:3C:91:84:7E:41
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.mac-address-blacklist:
802-3-ethernet.mtu: auto
802-3-ethernet.s390-subchannels:
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options:
ipv4.method: disabled
ipv4.dns:
ipv4.dns-search:
ipv4.addresses:
ipv4.routes:
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.never-default: no
ipv4.may-fail: yes
ipv6.method: ignore
ipv6.dns:
ipv6.dns-search:
ipv6.addresses:
ipv6.routes:
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.ip6-privacy: -1 (unknown)
ipv6.dhcp-hostname: --
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo nmcli con show "System eth0"
connection.id: System eth0
connection.uuid: 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
connection.interface-name: eth0
connection.type: 802-3-ethernet
connection.autoconnect: yes
connection.timestamp: 1421534708
connection.read-only: no
connection.permissions:
connection.zone: --
connection.master: --
connection.slave-type: --
connection.secondaries:
connection.gateway-ping-timeout: 0
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: yes
802-3-ethernet.mac-address: --
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.mac-address-blacklist:
802-3-ethernet.mtu: auto
802-3-ethernet.s390-subchannels:
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options:
ipv4.method: manual
ipv4.dns:
ipv4.dns-search:
ipv4.addresses: { ip = 104.237.145.168/24, gw = 104.237.145.1 }; { ip = 192.168.176.213/17, gw = 104.237.145.1 }
ipv4.routes:
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.never-default: no
ipv4.may-fail: yes
ipv6.method: ignore
ipv6.dns:
ipv6.dns-search:
ipv6.addresses:
ipv6.routes:
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.ip6-privacy: -1 (unknown)
ipv6.dhcp-hostname: --
GENERAL.NAME: System eth0
GENERAL.UUID: 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
GENERAL.DEVICES: eth0
GENERAL.STATE: activated
GENERAL.DEFAULT: yes
GENERAL.DEFAULT6: no
GENERAL.VPN: no
GENERAL.ZONE: --
GENERAL.DBUS-PATH: /org/freedesktop/NetworkManager/ActiveConnection/2
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Settings/0
GENERAL.SPEC-OBJECT: --
GENERAL.MASTER-PATH: --
IP4.ADDRESS[1]: ip = 104.237.145.168/24, gw = 104.237.145.1
IP4.ADDRESS[2]: ip = 192.168.176.213/17, gw = 104.237.145.1
IP6.ADDRESS[1]: ip = 2600:3c03::f03c:91ff:fe84:7e42/64, gw = fe80::1
IP6.ADDRESS[2]: ip = fe80::f03c:91ff:fe84:7e42/64, gw = fe80::1
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo nmcli con show
NAME UUID TYPE DEVICE
eth0 f9ddea8a-3a28-4c7f-814a-13641376ef00 802-3-ethernet --
System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
[myadminsys@WWS01 ~]$

[myadminsys@WWS01 ~]$ sudo ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 104.237.145.168 netmask 255.255.255.0 broadcast 104.237.145.255
inet6 fe80::f03c:91ff:fe84:7e42 prefixlen 64 scopeid 0x20<link>
inet6 2600:3c03::f03c:91ff:fe84:7e42 prefixlen 64 scopeid 0x0<global>
ether f2:3c:91:84:7e:41 txqueuelen 1000 (Ethernet)
RX packets 13565 bytes 1378433 (1.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11417 bytes 2272241 (2.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.176.213 netmask 255.255.128.0 broadcast 192.168.255.255
ether f2:3c:91:84:7e:41 txqueuelen 1000 (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 9 bytes 1003 (1003.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9 bytes 1003 (1003.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[myadminsys@WWS01 ~]$

Notes
It seems that the default eth0 connection is overriding the static connection. Linode support and myself are stuck on how to resolve the issue. I have also tried to configure the connection using nmtui but it still fails on reboot.

At present the only workaround is to create a script that executes on bootup which will issue the nmcli con up "System eth0" command to allow connections to the private IP.

NetworkManager does not fully support interface labels, mostly because doing this has been unnecessary since kernel ~2.2 (1999).

I suggest instead a configuration something like this:

DEVICE=eth0

BOOTPROTO=none
ONBOOT=yes

IPADDR0=104.237.145.168
PREFIX0=24

GATEWAY=104.237.145.1

IPADDR1=192.168.176.213
PREFIX1=17

Which is supported by both native ifcfg as well as the ifcfg-rh NM plugin. This is documented in https://git.fedorahosted.org/cgit/initscripts.git/tree/sysconfig.txt#n473.



Are you wanting to use network.service, or NM? You can't really have both while simultaneously retaining your sanity. Pick one.

@buhman I appreciate the config update. I initially had one config file (excerpt below). But even with the one file, once the server reboots the private IP is lost.

Regarding NM or Network.Service, I'm using NM since the server initially used it. I included the Network.Service commands because I was asked to execute those commands by Linode support. I just wanted to be as thorough as possible when providing the outputs and problem.

In any case, even with the one eth0 file the private IP does not persist after reboot. If you have any other suggestions please let me know. I am wondering if it would make sense to delete the eth0 connection using nmtui. Since it seems that the eth0 connection is being used at boot.

NAME UUID TYPE DEVICE
eth0 50d8d116-cb65-4a09-b2bb-bdbbada79e36 802-3-ethernet eth0
System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0

INITIAL IFCFG-ETH0 FILE

/etc/sysconfig/network-scripts/ifcfg-eth0
# Configuration for eth0
DEVICE=eth0
BOOTPROTO=none

# This line ensures that the interface will be brought up during boot.
ONBOOT=yes

# Adding a public IP address.
# The netmask is taken from the PREFIX (where 24 is Public IP, 17 is Private IP)
IPADDR0=104.237.145.168
PREFIX0=24

# Specifying the gateway
GATEWAY0=104.237.145.1

# Adding a private IP address.
IPADDR1=192.168.176.213
PREFIX1=17

I suppose I wasn't clear: NM and network.service are mutually exclusive.



"is lost" is not really a valid way to look at this. Interface state is in kernel memory, which is in volatile memory. With no kernel (the thing that vanishes when you reboot), your interface state also ceases to exist.

On boot, you begin with nothingness. The kernel then initializes network interfaces, which does not include things like adding addresses or adding routes.

And only after that, some time probably in late-boot, some userland thing is playing with your network interface--104.237.145.168 does not simply magic itself out of the nether.



I'm wondering why you never nmcli show'ed that. I bet that one is doing DHCP or similar. Or, you might have network.service enabled, and not NetworkManager. Citation needed, however I suspect NM doesn't touch already-configured interfaces unless you tell it to do so manually with something like nmcli. On the other hand, NM (unlike earlier hacks like ifcfg) knows how to go from X arbitrary initial interface state to Y arbitrary desired interface state (or at least thinks it does). You might be getting one of your NM connections applied, then the other.

find /etc/systemd/system

@buhman I did show the output for nmcli con show in the initial post. I'm not sure what your directions are really, so if you have suggestions please let me know. You are correct there is a connection still using DHCP (that is the problem), the question is how to disable it. I have made changes to the files I know, and Linode Support has also tried to address the issue but nothing works.

Even if I delete the eth0 connection using nmtui, the connection shows up again after reboot. This is puzzling. If I modify the eth0 connection in nmtui then reboot, another eth0 connection is created.

nmcli con show
NAME UUID TYPE DEVICE
eth0 212b7753-634d-4dc4-9c9a-45d3a1479d05 802-3-ethernet eth0
System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet --

I'm pretty sure that the Network.Service is not enabled, only the Network Manager is enabled and running:

service NetworkManager status
Redirecting to /bin/systemctl status NetworkManager.service
● NetworkManager.service - Network Manager
Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled)
Active: active (running) since Sun 2015-01-18 02:11:01 UTC; 15min ago
Main PID: 2331 (NetworkManager)
CGroup: /system.slice/NetworkManager.service
├─2331 /usr/sbin/NetworkManager --no-daemon
└─2410 /sbin/dhclient -d -q -sf /usr/libexec/nm-dhcp-helper -pf /v...


find /etc/systemd/system

/etc/systemd/system
/etc/systemd/system/sysstat.service.wants
/etc/systemd/system/sysstat.service.wants/sysstat-collect.timer
/etc/systemd/system/sysstat.service.wants/sysstat-summary.timer
/etc/systemd/system/system-update.target.wants
/etc/systemd/system/system-update.target.wants/systemd-readahead-drop.service
/etc/systemd/system/getty.target.wants
/etc/systemd/system/getty.target.wants/ ... y1.service
/etc/systemd/system/basic.target.wants
/etc/systemd/system/basic.target.wants/iptables.service
/etc/systemd/system/default.target.wants
/etc/systemd/system/default.target.wants/systemd-readahead-replay.service
/etc/systemd/system/default.target.wants/systemd-readahead-collect.service
/etc/systemd/system/syslog.service
/etc/systemd/system/dbus-org.freedesktop.NetworkManager.service
/etc/systemd/system/multi-user.target.wants
/etc/systemd/system/multi-user.target.wants/sshd.service
/etc/systemd/system/multi-user.target.wants/sysstat.service
/etc/systemd/system/multi-user.target.wants/systemd-resolved.service
/etc/systemd/system/multi-user.target.wants/remote-fs.target
/etc/systemd/system/multi-user.target.wants/mandb.timer
/etc/systemd/system/multi-user.target.wants/auditd.service
/etc/systemd/system/multi-user.target.wants/systemd-networkd.service
/etc/systemd/system/multi-user.target.wants/crond.service
/etc/systemd/system/multi-user.target.wants/NetworkManager.service
/etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service

Turn on the Network Helper, reboot, and be done with it.

https://www.linode.com/docs/platform/network-helper

-Chris

Wat. Well, that's another option: if NM is too frustrating, you could switch to systemd-networkd, which would fix your problem in about zero seconds. In fact, it's enabled by default in our F21 template.



Ahh; forgive me, it was a rather lengthy read ;p.



Oh, so you want the verbatim answer?

Well then, how about this:

systemctl disable NetworkManager
ln -s /dev/null /etc/systemd/network/10-dhcp.network
cat <<EOF > /etc/systemd/network/05-static.network
[Match]
Name=eth0

[Network]
Address=104.237.145.168/24
Address=192.168.176.213/17
Gateway=104.237.145.1
EOF

Doesn't help here because:

1) No F21 support
2) Would not do the RightThing™ here anyway (nor should it try to fix this particular type of problem)

@caker I have tried Network Helper, as stated by buhman, it does not support F21

@buhman I have tried doing this with and without Network Manager, the same issue occurs. I have even added NM_CONTROLLED=no to the ifcfg-eth0 file with no luck. If you don't mind, please explain what you're attempting to do (below).

systemctl disable NetworkManager
ln -s /dev/null /etc/systemd/network/10-dhcp.network
cat <<EOF > /etc/systemd/network/05-static.network
[Match]
Name=eth0

[Network]
Address=104.237.145.168/24
Address=192.168.176.213/17
Gateway=104.237.145.1
EOF

1) disable NM (as a result all your sysconfig networking stuff will cease to have effect)



2) mask the 10-dhcp.network unit, which is in /usr/lib/systemd/network in the Linode F21 template



3) create 05-static.network (name does not matter, however it might be useful to know that units are applied in lexicographic order) with contents:

[Match]
Name=eth0

[Network]
Address=104.237.145.168/24
Address=192.168.176.213/17
Gateway=104.237.145.1

See http://www.freedesktop.org/software/systemd/man/systemd.network.html for more fun.

In retrospect, I now realize that this whole thing arose from following the F20 section of https://www.linode.com/docs/networking/linux-static-ip-configuration, while, as a result of systemd-networkd being enabled in the F21 template, results in the behavior you describe if the article is followed verbatim. You could have also probably made NM work by going the other way and disabling systemd-networkd, but that seems rather backwards to me.

https://github.com/linode/docs/pull/158

Isn't SYSTEMD fun???

_________________
Either provide enough details for people to help, or sit back and listen to the crickets chirp.
Security thru obscurity is a myth - and really really annoying.

@buhman I appreciate the effort in helping. I looked over the Arch Linux steps. However, the 'Network' directory does not exist in the systemd directory.

[myadminsys@wws01 systemd]$ ln -s /dev/null /etc/systemd/network/10-dhcp.network ln: failed to create symbolic link '/etc/systemd/network/10-dhcp.network': No such file or directory
[myadminsys@wws01 systemd]$

[myadminsys@wws01 systemd]$ ls
bootchart.conf journald.conf resolved.conf system.conf user
coredump.conf logind.conf system timesyncd.conf user.conf

I just tested this and can confirm that if you make the directory and then proceed as the Arch Linux steps suggest you will be all set. Just make sure your system is, in fact, using systemd-networkd and not NetworkManager. However, by default, the Linode distribution image for Fedora 21 is using systemd-networkd, so you should be all set if you just make that directory <3

@buhman I decided to create the 'Network' directory and then execute the commands in the Arch Linux steps. After reboot the server private and public IPs are reachable. It seems that you were correct, the Arch Linux steps works for F21. I choose to stop and disable Network Manager, using systemd-networkd instead. I agree it didn't make sense to disable systemd-networkd and use NM.

I will try a few reboots and let you know if the issue returns, but I'm sure its been resolved. I appreciate your help and patience. Thank you very much.

@drussell Thanks for the confirmation, I saw your post after I posting. I appreciate the effort.