RHCSA Network Management Guide
π Introduction
Effective network management is a critical skill for any Linux administrator and a key part of the RHCSA exam. This guide covers essential networking tasks on RHEL, including configuring IP addresses, DNS, gateways, securing SSH, and managing the firewall. Each section provides real-world command examples, best practices, and exam tips to help you succeed.
π What Youβll Learn in This Guide
πΉ Configuring Static & Dynamic IP Addresses (with real-world scenarios)
πΉ Managing DNS Settings & Troubleshooting Name Resolution Issues
πΉ Setting Up a Default Gateway and Routing
πΉ Enabling and Securing SSH Remote Access (Including Key Authentication & Hardening)
πΉ Firewall Configuration (firewalld & iptables Best Practices)
π Configuring Static & Dynamic IP Addresses
1οΈβ£ Checking Current Network Configuration
To check your current IP settings, run:
nmcli device show # Show detailed network device information
dig +short myip.opendns.com @resolver1.opendns.com # Check public IP
ip addr show # Display all network interfaces and their IP addresses
2οΈβ£ Setting a Static IP (nmcli Method)
Setting a static IP ensures that your server maintains a fixed address, useful for services requiring consistent access.
nmcli connection modify enp1s0 ipv4.address 192.168.122.66/24 # Assign static IP
nmcli connection modify enp1s0 ipv4.gateway 192.168.122.1 # Set default gateway
nmcli connection modify enp1s0 ipv4.dns 192.168.122.1 # Set DNS server
nmcli connection modify enp1s0 ipv4.method manual # Switch to manual (static) IP
nmcli connection up enp1s0 # Activate the connection
3οΈβ£ Configuring DHCP (Dynamic IP)
For environments where the IP should be assigned automatically:
nmcli connection modify enp1s0 ipv4.method auto # Set DHCP mode
nmcli connection up enp1s0 # Apply changes
π‘ Best Practice: Ensure that your DHCP server assigns the correct IPs based on MAC address if a consistent IP is needed.
π‘ Managing DNS Settings
1οΈβ£ Check Current DNS Configuration
cat /etc/resolv.conf # View current DNS settings
nmcli dev show | grep DNS # Check DNS settings assigned by NetworkManager
2οΈβ£ Set DNS Using nmcli
To manually set DNS servers:
nmcli connection modify enp1s0 ipv4.dns "8.8.8.8 8.8.4.4" # Set Google DNS
nmcli connection up enp1s0 # Apply changes
π Troubleshooting Tip:
- Test DNS resolution:
nslookup google.com # Query DNS manually
dig google.com # Perform a detailed DNS lookup
- If DNS is not resolving, check
/etc/resolv.conf
or restart the NetworkManager:
systemctl restart NetworkManager # Restart service to apply changes
π Setting Up a Default Gateway
1οΈβ£ Verify Current Gateway
ip route # Display routing table
2οΈβ£ Add a Default Gateway
ip route add default via 192.168.122.1 dev enp1s0 # Add a new default route
π Best Practice: If you have multiple interfaces, ensure the correct one has the default route:
ip route get 8.8.8.8 # Check which interface is used for external connections
π Enabling & Securing SSH Remote Access
1οΈβ£ Start & Enable SSH
sudo systemctl enable --now sshd # Start SSH and enable it at boot
2οΈβ£ Disable Root Login for Security
Edit /etc/ssh/sshd_config
and set:
PermitRootLogin no # Prevent direct root login
Restart SSH for changes to take effect:
sudo systemctl restart sshd # Restart SSH service
3οΈβ£ Configure SSH Key Authentication
To improve security, use key-based authentication instead of passwords:
ssh-keygen # Generate a new SSH key pair
ssh-copy-id user@server # Copy public key to the remote server
π‘ Best Practice: Disable password authentication completely by setting:
PasswordAuthentication no # Force SSH key authentication
in /etc/ssh/sshd_config
, then restart SSH.
π₯ Firewall Configuration (firewalld)
1οΈβ£ Check Current Firewall Rules
firewall-cmd --list-all # Display active firewall rules
2οΈβ£ Allow SSH and HTTP
sudo firewall-cmd --permanent --add-service=ssh # Allow SSH traffic
sudo firewall-cmd --permanent --add-service=http # Allow HTTP traffic
sudo firewall-cmd --reload # Apply changes
3οΈβ£ Open a Custom Port (e.g., 8080)
sudo firewall-cmd --permanent --add-port=8080/tcp # Open TCP port 8080
sudo firewall-cmd --reload # Reload firewall settings
π Best Practice: Always use --permanent
to ensure rules persist across reboots.
π Essential Practice for RHCSA
β Configure static & dynamic IP addresses with best practices
β Manage DNS and troubleshoot name resolution issues
β Secure SSH access using best security practices
β Open and close firewall ports with correct configurations
β Verify network connectivity and troubleshoot issues
π Next Article: RHCSA Storage Management
π© Subscribe to our blog for more RHCSA tutorials and updates! π