RHCSA Network Management Guide

📌 Introduction

Effective network management is a critical skill for any Linux administrator and a key part of the RHCSA exam. This guide covers essential networking tasks on RHEL, including configuring IP addresses, DNS, gateways, securing SSH, and managing the firewall. Each section provides real-world command examples, best practices, and exam tips to help you succeed.

📖 What You’ll Learn in This Guide

🔹 Configuring Static & Dynamic IP Addresses (with real-world scenarios)

🔹 Managing DNS Settings & Troubleshooting Name Resolution Issues

🔹 Setting Up a Default Gateway and Routing

🔹 Enabling and Securing SSH Remote Access (Including Key Authentication & Hardening)

🔹 Firewall Configuration (firewalld & iptables Best Practices)

🛠 Configuring Static & Dynamic IP Addresses

1️⃣ Checking Current Network Configuration

To check your current IP settings, run:

nmcli device show  # Show detailed network device information
dig +short myip.opendns.com @resolver1.opendns.com  # Check public IP
ip addr show  # Display all network interfaces and their IP addresses

2️⃣ Setting a Static IP (nmcli Method)

Setting a static IP ensures that your server maintains a fixed address, useful for services requiring consistent access.

nmcli connection modify enp1s0 ipv4.address 192.168.122.66/24  # Assign static IP
nmcli connection modify enp1s0 ipv4.gateway 192.168.122.1  # Set default gateway
nmcli connection modify enp1s0 ipv4.dns 192.168.122.1  # Set DNS server
nmcli connection modify enp1s0 ipv4.method manual  # Switch to manual (static) IP
nmcli connection up enp1s0  # Activate the connection

3️⃣ Configuring DHCP (Dynamic IP)

For environments where the IP should be assigned automatically:

nmcli connection modify enp1s0 ipv4.method auto  # Set DHCP mode
nmcli connection up enp1s0  # Apply changes

💡 Best Practice: Ensure that your DHCP server assigns the correct IPs based on MAC address if a consistent IP is needed.

📡 Managing DNS Settings

1️⃣ Check Current DNS Configuration

cat /etc/resolv.conf  # View current DNS settings
nmcli dev show | grep DNS  # Check DNS settings assigned by NetworkManager

2️⃣ Set DNS Using nmcli

To manually set DNS servers:

nmcli connection modify enp1s0 ipv4.dns "8.8.8.8 8.8.4.4"  # Set Google DNS
nmcli connection up enp1s0  # Apply changes

🔍 Troubleshooting Tip:

• Test DNS resolution:

nslookup google.com  # Query DNS manually
dig google.com  # Perform a detailed DNS lookup

• If DNS is not resolving, check /etc/resolv.conf or restart the NetworkManager:

systemctl restart NetworkManager  # Restart service to apply changes

🚀 Setting Up a Default Gateway

1️⃣ Verify Current Gateway

ip route  # Display routing table

2️⃣ Add a Default Gateway

ip route add default via 192.168.122.1 dev enp1s0  # Add a new default route

🔍 Best Practice: If you have multiple interfaces, ensure the correct one has the default route:

ip route get 8.8.8.8  # Check which interface is used for external connections

🔐 Enabling & Securing SSH Remote Access

1️⃣ Start & Enable SSH

sudo systemctl enable --now sshd  # Start SSH and enable it at boot

2️⃣ Disable Root Login for Security

Edit /etc/ssh/sshd_config and set:

PermitRootLogin no  # Prevent direct root login

Restart SSH for changes to take effect:

sudo systemctl restart sshd  # Restart SSH service

3️⃣ Configure SSH Key Authentication

To improve security, use key-based authentication instead of passwords:

ssh-keygen  # Generate a new SSH key pair
ssh-copy-id user@server  # Copy public key to the remote server

💡 Best Practice: Disable password authentication completely by setting:

PasswordAuthentication no  # Force SSH key authentication

in /etc/ssh/sshd_config, then restart SSH.

🔥 Firewall Configuration (firewalld)

1️⃣ Check Current Firewall Rules

firewall-cmd --list-all  # Display active firewall rules

2️⃣ Allow SSH and HTTP

sudo firewall-cmd --permanent --add-service=ssh  # Allow SSH traffic
sudo firewall-cmd --permanent --add-service=http  # Allow HTTP traffic
sudo firewall-cmd --reload  # Apply changes

3️⃣ Open a Custom Port (e.g., 8080)

sudo firewall-cmd --permanent --add-port=8080/tcp  # Open TCP port 8080
sudo firewall-cmd --reload  # Reload firewall settings

🔍 Best Practice: Always use --permanent to ensure rules persist across reboots.

🛠 Essential Practice for RHCSA

✅ Configure static & dynamic IP addresses with best practices

✅ Manage DNS and troubleshoot name resolution issues

✅ Secure SSH access using best security practices

✅ Open and close firewall ports with correct configurations

✅ Verify network connectivity and troubleshoot issues

📌 Next Article: RHCSA Storage Management

📩 Subscribe to our blog for more RHCSA tutorials and updates! 🚀