14. Connecting to a Network

The LFS book covers setting up networking by connecting to a LAN with a static IP address. There are other methods used to obtain an IP address and connect to a LAN and other networks (such as the Internet). The most popular methods (DHCP and PPP) are covered in this chapter.

DHCP stands for Dynamic Host Configuration Protocol. It is a protocol used by many sites to automatically provide information such as IP addresses, subnet masks and routing information to computers. If your network uses DHCP, you will need a DHCP client in order to connect to it.

14.1 Advanced Network Setup

Network Bridge

Kernel Configuration

Enable the following options in the kernel configuration and recompile the kernel if necessary:

Networking support: Y
  Networking options:
    802.1d Ethernet Bridging: M or Y

Setting up a Network Bridge

In this section we are are going to discuss how to set up a network bridge using systemd-networkd. In the examples below, eth0 represents the external interface that is being bridged, while br0 represents the bridge interface.

To create a bridge interface, create the following configuration file by running the following command as the root user:

cat > /etc/systemd/network/50-br0.netdev << EOF
[NetDev]
Name=br0
Kind=bridge
EOF

To assign a network interface to a bridge, create the following configuration file by running the following command as the root user:

cat > /etc/systemd/network/51-eth0.network << EOF
[Match]
Name=eth0

[Network]
Bridge=br0
EOF

Repeat the process for any other interfaces that need to be bridged. Note that it is important that nothing assigns any addresses to the bridged interfaces. If you are using NetworkManager-1.42.0, make sure you configure them to ignore the bridged interfaces, as well as the bridge interface itself.

If you are on a network which uses DHCP for assigning ip addresses, create the following configuration file by running the following command as the root user:

cat > /etc/systemd/network/60-br0.network << EOF
[Match]
Name=br0

[Network]
DHCP=yes
EOF

Alternatively, if using a static ip setup, create the following configuration file by running the following command as the root user:

cat > /etc/systemd/network/60-br0.network << EOF
[Match]
Name=br0

[Network]
DHCP=yes
EOF

To bring up the bridge interface, simply restart the systemd-networkd daemon by running the following command as the root user:

systemctl restart systemd-networkd

14.2 dhcpcd-9.4.1

Introduction to dhcpcd

dhcpcd is an implementation of the DHCP client specified in RFC2131. A DHCP client is useful for connecting your computer to a network which uses DHCP to assign network addresses. dhcpcd strives to be a fully featured, yet very lightweight DHCP client.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

dhcpcd Dependencies

Optional

LLVM-15.0.7 (with Clang), ntp-4.2.8p15, chronyd, and ypbind

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/dhcpcd

Privilege separation

Recent releases of dhcpcd optionally support privilege separation. As the practical security benefits of this are unclear for a program like dhcpcd and the setup is more complicated, the book currently defaults to disable it.

If you however would like to use privilege separation, additional installation steps are necessary to set up the proper environment. Issue the following commands as the root user:

install  -v -m700 -d /var/lib/dhcpcd &&

groupadd -g 52 dhcpcd        &&
useradd  -c 'dhcpcd PrivSep' \
         -d /var/lib/dhcpcd  \
         -g dhcpcd           \
         -s /bin/false       \
         -u 52 dhcpcd &&
chown    -v dhcpcd:dhcpcd /var/lib/dhcpcd

Installation of dhcpcd

Fix a runtime error caused by a change in glibc-2.36:

sed '/Deny everything else/i SECCOMP_ALLOW(__NR_getrandom),' \
    -i src/privsep-linux.c

Build dhcpcd without privilege separation by running the following command:

./configure --prefix=/usr                \
            --sysconfdir=/etc            \
            --libexecdir=/usr/lib/dhcpcd \
            --dbdir=/var/lib/dhcpcd      \
            --runstatedir=/run           \
            --disable-privsep         &&
make

Build dhcpcd with privilege separation by running the following commands:

./configure --prefix=/usr                \
            --sysconfdir=/etc            \
            --libexecdir=/usr/lib/dhcpcd \
            --dbdir=/var/lib/dhcpcd      \
            --runstatedir=/run           \
            --privsepuser=dhcpcd         &&
make

To test the results, issue: make test.

Now, as the root user:

make install

Command Explanations

--libexecdir=/usr/lib/dhcpcd: Set a more proper location for dhcpcd internal libraries.

--dbdir=/var/lib/dhcpcd: The default /var/db is not FHS-compliant

--runstatedir=/run: The default /var/run is a symbolic link to /run.

--with-hook=...: You can optionally install more hooks, for example to install some configuration files such as ntp.conf. The set of hooks is in the dhcpcd-hooks directory in the build tree.

--disable-privsep: Do not use privilege separation, which is the default.

--privsepuser=dhcpcd: Use this unprivileged user in a privilege separation setup.

--with-hook=...: You can optionally install more hooks, for example to install some configuration files such as ntp.conf. The set of hooks is in the dhcpcd-hooks directory in the build tree.

Configuring dhcpcd

Config Files

/etc/dhcpcd.conf

General Configuration Information

If you want to configure network interfaces at boot using dhcpcd, you need to install the systemd unit included in blfs-systemd-units-20220720 package by running the following command as the root user:

make install-dhcpcd

Note

The default behavior of dhcpcd is to set the hostname and the mtu. It also overwrites /etc/resolv.conf and /etc/ntp.conf. These modifications to system configuration files are done by hooks which are stored in /lib/dhcpcd/dhcpcd-hooks. Set up dhcpcd by removing or adding hooks from/to that directory. The execution of hooks can be disabled by using the --nohook (-C) command line option or by the nohook option in the /etc/dhcpcd.conf file.

Note

Make sure that you disable the systemd-networkd service or configure it not to manage the interfaces you want to manage with dhcpcd.

At this point you can test if dhcpcd is behaving as expected by running the following command as the root user:

systemctl start dhcpcd@eth0

To start dhcpcd on a specific interface at boot, enable the previously installed systemd unit by running the following command as the root user:

systemctl enable dhcpcd@eth0

Replace eth0 with the actual interface name.

Contents

Installed Program: dhcpcd

Installed Library: /usr/lib/dhcpcd/dev/udev.so

Installed Directory: /{usr,var}/lib/dhcpcd and /usr/share/dhcpcd

Short Descriptions

dhcpcd is an implementation of the DHCP client specified in RFC2131.

udev.so adds udev support for interface arrival and departure; this is because udev likes to rename the interface, which it can’t do if dhcpcd grabs it first.

14.3 DHCP-4.4.3-P1

Introduction to ISC DHCP

The ISC DHCP package contains both the client and server programs for DHCP. dhclient (the client) is used for connecting to a network which uses DHCP to assign network addresses. dhcpd (the server) is used for assigning network addresses on private networks.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/dhcp

Kernel Configuration

You must have Packet Socket support. IPv6 support is optional.

[*] Networking support --->        [CONFIG_NET]
      Networking options --->
        <*> Packet socket          [CONFIG_PACKET]
        <*> The IPv6 Protocol ---> [CONFIG_IPV6]

Installation of ISC DHCP

Note

This package does not support parallel build.

Note

Be careful with the instructions below. The single and double quotes are important because the defined variables are used verbatim in the code.

Install ISC DHCP by running the following commands:

( export CFLAGS="${CFLAGS:--g -O2} -Wall -fno-strict-aliasing                 \
        -D_PATH_DHCLIENT_SCRIPT='\"/usr/sbin/dhclient-script\"'     \
        -D_PATH_DHCPD_CONF='\"/etc/dhcp/dhcpd.conf\"'               \
        -D_PATH_DHCLIENT_CONF='\"/etc/dhcp/dhclient.conf\"'"        &&

./configure --prefix=/usr                                           \
            --sysconfdir=/etc/dhcp                                  \
            --localstatedir=/var                                    \
            --with-srv-lease-file=/var/lib/dhcpd/dhcpd.leases       \
            --with-srv6-lease-file=/var/lib/dhcpd/dhcpd6.leases     \
            --with-cli-lease-file=/var/lib/dhclient/dhclient.leases \
            --with-cli6-lease-file=/var/lib/dhclient/dhclient6.leases
) &&
make -j1

This package does not come with a test suite.

If you only want to install the ISC DHCP client, issue the following commands as the root user:

make -C client install             &&
install -v -m755 client/scripts/linux /usr/sbin/dhclient-script

Skip to the section called “Client Configuration” in order to configure the client

If you only want to install the ISC DHCP server, issue the following command as the root user:

make -C server install

Skip to the section called “Server Configuration” in order to configure the server.

Alternatively, you can install whole package which includes the client, server, relay, static libraries and development headers by running the following commands as the root user:

make install &&
install -v -m755 client/scripts/linux /usr/sbin/dhclient-script

Configuring ISC DHCP

Config Files

/etc/dhcp/dhclient.conf and /etc/dhcp/dhcpd.conf

Client Configuration

Create a basic /etc/dhcp/dhclient.conf by running the following command as the root user:

install -vdm755 /etc/dhcp &&
cat > /etc/dhcp/dhclient.conf << "EOF"
# Begin /etc/dhcp/dhclient.conf
#
# Basic dhclient.conf(5)

#prepend domain-name-servers 127.0.0.1;
request subnet-mask, broadcast-address, time-offset, routers,
        domain-name, domain-name-servers, domain-search, host-name,
        netbios-name-servers, netbios-scope, interface-mtu,
        ntp-servers;
require subnet-mask, domain-name-servers;
#timeout 60;
#retry 60;
#reboot 10;
#select-timeout 5;
#initial-interval 2;

# End /etc/dhcp/dhclient.conf
EOF

See man 5 dhclient.conf for additional options.

Now create the /var/lib/dhclient directory which will contain DHCP Client leases by running the following command as the root user:

install -v -dm 755 /var/lib/dhclient

If you want to configure network interfaces at boot using dhclient, you need to install the [[email protected]](/cdn-cgi/l/email-protection) unit included in the blfs-systemd-units-20220720 package by running the following command as the root user:

make install-dhclient

Note

Make sure that you disable the systemd-networkd service or configure it not to manage the interfaces you want to manage with dhclient.

At this point you can test if dhclient is behaving as expected by running the following command as the root user:

systemctl start dhclient@eth0

To start dhclient on a specific interface at boot, enable the previously installed systemd unit by running the following command as the root user:

systemctl enable dhclient@eth0

Replace eth0 with the actual interface name.

Server Configuration

Note that you only need the DHCP server if you want to issue LAN addresses over your network. The DHCP client doesn’t need the server in order to function properly.

Start with creating /etc/dhcp/dhcpd.conf by running the following command as the root user:

cat > /etc/dhcp/dhcpd.conf << "EOF"
# Begin /etc/dhcp/dhcpd.conf
#
# Example dhcpd.conf(5)

# Use this to enable / disable dynamic dns updates globally.
ddns-update-style none;

# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;
max-lease-time 7200;

# This is a very basic subnet declaration.
subnet 10.254.239.0 netmask 255.255.255.224 {
  range 10.254.239.10 10.254.239.20;
  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}

# End /etc/dhcp/dhcpd.conf
EOF

Adjust the file to suit your needs. See man 5 dhcpd.conf for additional options.

Now create the /var/lib/dhcpd/dhcpd.leases directory which will contain DHCP Server leases by running the following commands as the root user:

install -v -dm 755 /var/lib/dhcpd &&
touch /var/lib/dhcpd/dhcpd.leases

If you want to start the DHCP Server at boot, install the dhcpd.service unit included in the blfs-systemd-units-20220720 package:

make install-dhcpd

You will need to edit the /etc/default/dhcpd in order to set the interface on which dhcpd will serve the DHCP requests.

Contents

Installed Programs: dhclient, dhclient-script, dhcpd, dhcrelay and omshell

Installed Libraries: libdhcpctl.a and libomapi.a

Installed Directories: /etc/dhcp, /usr/include/dhcpctl, /usr/include/isc-dhcp, /usr/include/omapip, /var/lib/dhclient and /var/lib/dhcpd

Short Descriptions

dhclient is the implementation of the DHCP client.

dhclient-script is used by dhclient to (re)configure interfaces. It can make extra changes by invoking custom dhclient-{entry,exit}-hooks.

dhcpd implements Dynamic Host Configuration Protocol (DHCP) and Internet Bootstrap Protocol (BOOTP) requests for network addresses.

dhcrelay provides a means to accept DHCP and BOOTP requests on a subnet without a DHCP server and relay them to a DHCP server on another subnet.

omshell provides an interactive way to connect to, query and possibly change the ISC DHCP Server’s state via OMAPI, the Object Management API.