RHCSA Network Management Guide

Expertise in Cloud, Networking & DevOps
Photo by Vishnu Mohanan / Unsplash

πŸ“Œ Introduction

Effective network management is a critical skill for any Linux administrator and a key part of the RHCSA exam. This guide covers essential networking tasks on RHEL, including configuring IP addresses, DNS, gateways, securing SSH, and managing the firewall. Each section provides real-world command examples, best practices, and exam tips to help you succeed.


πŸ“– What You’ll Learn in This Guide

πŸ”Ή Configuring Static & Dynamic IP Addresses (with real-world scenarios)

πŸ”Ή Managing DNS Settings & Troubleshooting Name Resolution Issues

πŸ”Ή Setting Up a Default Gateway and Routing

πŸ”Ή Enabling and Securing SSH Remote Access (Including Key Authentication & Hardening)

πŸ”Ή Firewall Configuration (firewalld & iptables Best Practices)


πŸ›  Configuring Static & Dynamic IP Addresses

1️⃣ Checking Current Network Configuration

To check your current IP settings, run:

nmcli device show  # Show detailed network device information
dig +short myip.opendns.com @resolver1.opendns.com  # Check public IP
ip addr show  # Display all network interfaces and their IP addresses

2️⃣ Setting a Static IP (nmcli Method)

Setting a static IP ensures that your server maintains a fixed address, useful for services requiring consistent access.

nmcli connection modify enp1s0 ipv4.address 192.168.122.66/24  # Assign static IP
nmcli connection modify enp1s0 ipv4.gateway 192.168.122.1  # Set default gateway
nmcli connection modify enp1s0 ipv4.dns 192.168.122.1  # Set DNS server
nmcli connection modify enp1s0 ipv4.method manual  # Switch to manual (static) IP
nmcli connection up enp1s0  # Activate the connection

3️⃣ Configuring DHCP (Dynamic IP)

For environments where the IP should be assigned automatically:

nmcli connection modify enp1s0 ipv4.method auto  # Set DHCP mode
nmcli connection up enp1s0  # Apply changes

πŸ’‘ Best Practice: Ensure that your DHCP server assigns the correct IPs based on MAC address if a consistent IP is needed.


πŸ“‘ Managing DNS Settings

1️⃣ Check Current DNS Configuration

cat /etc/resolv.conf  # View current DNS settings
nmcli dev show | grep DNS  # Check DNS settings assigned by NetworkManager

2️⃣ Set DNS Using nmcli

To manually set DNS servers:

nmcli connection modify enp1s0 ipv4.dns "8.8.8.8 8.8.4.4"  # Set Google DNS
nmcli connection up enp1s0  # Apply changes

πŸ” Troubleshooting Tip:

  • Test DNS resolution:
nslookup google.com  # Query DNS manually
dig google.com  # Perform a detailed DNS lookup
  • If DNS is not resolving, check /etc/resolv.conf or restart the NetworkManager:
systemctl restart NetworkManager  # Restart service to apply changes

πŸš€ Setting Up a Default Gateway

1️⃣ Verify Current Gateway

ip route  # Display routing table

2️⃣ Add a Default Gateway

ip route add default via 192.168.122.1 dev enp1s0  # Add a new default route

πŸ” Best Practice: If you have multiple interfaces, ensure the correct one has the default route:

ip route get 8.8.8.8  # Check which interface is used for external connections

πŸ” Enabling & Securing SSH Remote Access

1️⃣ Start & Enable SSH

sudo systemctl enable --now sshd  # Start SSH and enable it at boot

2️⃣ Disable Root Login for Security

Edit /etc/ssh/sshd_config and set:

PermitRootLogin no  # Prevent direct root login

Restart SSH for changes to take effect:

sudo systemctl restart sshd  # Restart SSH service

3️⃣ Configure SSH Key Authentication

To improve security, use key-based authentication instead of passwords:

ssh-keygen  # Generate a new SSH key pair
ssh-copy-id user@server  # Copy public key to the remote server

πŸ’‘ Best Practice: Disable password authentication completely by setting:

PasswordAuthentication no  # Force SSH key authentication

in /etc/ssh/sshd_config, then restart SSH.


πŸ”₯ Firewall Configuration (firewalld)

1️⃣ Check Current Firewall Rules

firewall-cmd --list-all  # Display active firewall rules

2️⃣ Allow SSH and HTTP

sudo firewall-cmd --permanent --add-service=ssh  # Allow SSH traffic
sudo firewall-cmd --permanent --add-service=http  # Allow HTTP traffic
sudo firewall-cmd --reload  # Apply changes

3️⃣ Open a Custom Port (e.g., 8080)

sudo firewall-cmd --permanent --add-port=8080/tcp  # Open TCP port 8080
sudo firewall-cmd --reload  # Reload firewall settings

πŸ” Best Practice: Always use --permanent to ensure rules persist across reboots.


πŸ›  Essential Practice for RHCSA

βœ… Configure static & dynamic IP addresses with best practices

βœ… Manage DNS and troubleshoot name resolution issues

βœ… Secure SSH access using best security practices

βœ… Open and close firewall ports with correct configurations

βœ… Verify network connectivity and troubleshoot issues


πŸ“Œ Next Article: RHCSA Storage Management

πŸ“© Subscribe to our blog for more RHCSA tutorials and updates! πŸš€

Read more