A limitation of Debian's /etc/network/interfaces control file

April 10, 2007

Unless I am missing something, in Debian and Ubuntu there is no way to bring up an interface without having it try to obtain an IP address in some way. The interfaces(5) manpage suggests that 'auto ethN', possibly with 'iface ethN inet manual' should work, but it doesn't seem to go in my testing on Ubuntu.

You might rationally ask what use there is in bringing up an interface without an IP address. It turns out that there's a number of things that such up but unconfigured interfaces are either good for or necessary for (depending on your perspective), including:

  • running tcpdump and similar packet capture programs to do traffic accounting and/or monitoring.
  • bringing up your DSL PPPoE connection, since PPPoE uses the Ethernet purely as a transport.
  • bridging virtual guest machines onto an Ethernet (or VLAN) that the host machine is logically not on (although it clearly has physical access to them).

The Ubuntu machine I ran into this on was our traffic accounting system, and we definitely never want the monitoring interface to be assigned an IP address, or even respond to packets. (If we were being thorough, this means that we should turn off some normal Linux network settings so that the interface never responds to rogue ARPs for the machine's management IP address.)

The workaround we're currently using is to set 'iface ethN inet dhcp'. There's no DHCP server on the monitoring segment that will ever respond to the accounting machine's DHCP request; in fact, I believe that there is basically no untagged traffic flowing over that network segment.

(And yes, if this ever changes we could get a peculiar surprise.)

Sidebar: setting up unconfigured but active interfaces in Fedora

To set up such an interface in Fedora (and probably Red Hat Enterprise), you want the obvious minimal ifcfg-ethN control file:

DEVICE=ethN
ONBOOT=yes

Put this in /etc/sysconfig/network-scripts and you're good to go.

Written on 10 April 2007.
« Why indirect xdm probably doesn't work on your Linux machine
Users don't really benefit from filing bug reports »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Tue Apr 10 15:18:06 2007
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.