1 ######################################################################
2 # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
4 # A "#" character in the very first column makes the rest of the line
5 # be ignored. Blank lines are ignored. Lines may be indented freely.
6 # A "\" character at the very end of the line indicates the next line
7 # should be treated as a continuation of the current one.
9 # The "pre-up", "up", "down" and "post-down" options are valid for all
10 # interfaces, and may be specified multiple times. All other options
11 # may only be specified once.
13 # See the interfaces(5) manpage for information on what options are
15 ######################################################################
17 # We always want the loopback interface.
20 # iface lo inet loopback
22 # An example ethernet card setup: (broadcast and gateway are optional)
25 # iface eth0 inet static
26 # address 192.168.0.42
28 # netmask 255.255.255.0
29 # broadcast 192.168.0.255
32 # A more complicated ethernet setup, with a less common netmask, and a downright
33 # weird broadcast address: (the "up" lines are executed verbatim when the
34 # interface is brought up, the "down" lines when it's brought down)
37 # iface eth0 inet static
38 # address 192.168.1.42
40 # netmask 255.255.255.128
41 # broadcast 192.168.1.0
42 # up route add -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.2
43 # up route add default gw 192.168.1.200
44 # down route del default gw 192.168.1.200
45 # down route del -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.2
47 # A more complicated ethernet setup with a single ethernet card with
49 # Note: This happens to work since ifconfig handles it that way, not because
50 # ifup/down handles the ':' any differently.
51 # Warning: There is a known bug if you do this, since the state will not
52 # be properly defined if you try to 'ifdown eth0' when both interfaces
53 # are up. The ifconfig program will not remove eth0 but it will be
54 # removed from the interfaces state so you will see it up until you execute:
55 # 'ifdown eth0:1 ; ifup eth0; ifdown eth0'
56 # BTW, this is "bug" #193679 (it's not really a bug, it's more of a
60 # iface eth0 inet static
61 # address 192.168.0.100
63 # netmask 255.255.255.0
64 # broadcast 192.168.0.255
66 # iface eth0:1 inet static
67 # address 192.168.0.200
69 # netmask 255.255.255.0
71 # "pre-up" and "post-down" commands are also available. In addition, the
72 # exit status of these commands are checked, and if any fail, configuration
73 # (or deconfiguration) is aborted. So:
76 # iface eth0 inet dhcp
77 # pre-up [ -f /etc/network/local-network-ok ]
79 # will allow you to only have eth0 brought up when the file
80 # /etc/network/local-network-ok exists.
82 # Two ethernet interfaces, one connected to a trusted LAN, the other to
83 # the untrusted Internet. If their MAC addresses get swapped (because an
84 # updated kernel uses a different order when probing for network cards,
85 # say), then they don't get brought up at all.
88 # iface eth0 inet static
89 # address 192.168.42.1
90 # netmask 255.255.255.0
91 # pre-up /path/to/check-mac-address.sh eth0 11:22:33:44:55:66
92 # pre-up /usr/local/sbin/enable-masq
93 # iface eth1 inet dhcp
94 # pre-up /path/to/check-mac-address.sh eth1 AA:BB:CC:DD:EE:FF
95 # pre-up /usr/local/sbin/firewall
97 # Two ethernet interfaces, one connected to a trusted LAN, the other to
98 # the untrusted Internet, identified by MAC address rather than interface
103 # script /path/to/get-mac-address.sh
104 # map 11:22:33:44:55:66 lan
105 # map AA:BB:CC:DD:EE:FF internet
106 # iface lan inet static
107 # address 192.168.42.1
108 # netmask 255.255.255.0
109 # pre-up /usr/local/sbin/enable-masq $IFACE
110 # iface internet inet dhcp
111 # pre-up /usr/local/sbin/firewall $IFACE
113 # A PCMCIA interface for a laptop that is used in different locations:
114 # (note the lack of an "auto" line for any of these)
117 # script /path/to/pcmcia-compat.sh
118 # map home,*,*,* home
119 # map work,*,*,00:11:22:33:44:55 work-wireless
120 # map work,*,*,01:12:23:34:45:50 work-static
122 # iface home inet dhcp
123 # iface work-wireless bootp
124 # iface work-static static
125 # address 10.15.43.23
126 # netmask 255.255.255.0
129 # Note, this won't work unless you specifically change the file
130 # /etc/pcmcia/network to look more like:
132 # if [ -r ./shared ] ; then . ./shared ; else . /etc/pcmcia/shared ; fi
139 # /sbin/ifdown $DEVICE
144 # An alternate way of doing the same thing: (in this case identifying
145 # where the laptop is is done by configuring the interface as various
146 # options, and seeing if a computer that is known to be on each particular
147 # network will respond to pings. The various numbers here need to be chosen
148 # with a great deal of care.)
151 # script /path/to/ping-places.sh
152 # map 192.168.42.254/24 192.168.42.1 home
153 # map 10.15.43.254/24 10.15.43.1 work-wireless
154 # map 10.15.43.23/24 10.15.43.1 work-static
156 # iface home inet dhcp
157 # iface work-wireless bootp
158 # iface work-static static
159 # address 10.15.43.23
160 # netmask 255.255.255.0
163 # Note that the ping-places script requires the iproute package installed,
164 # and the same changes to /etc/pcmcia/network are required for this as for
165 # the previous example.
168 # Set up an interface to read all the traffic on the network. This
169 # configuration can be useful to setup Network Intrusion Detection
170 # sensors in 'stealth'-type configuration. This prevents the NIDS
171 # system to be a direct target in a hostile network since they have
172 # no IP address on the network. Notice, however, that there have been
173 # known bugs over time in sensors part of NIDS (for example see
174 # DSA-297 related to Snort) and remote buffer overflows might even be
175 # triggered by network packet processing.
178 # iface eth0 inet manual
179 # up ifconfig $IFACE 0.0.0.0 up
180 # up ip link set $IFACE promisc on
181 # down ip link set $IFACE promisc off
182 # down ifconfig $IFACE down
184 # Set up an interface which will not be allocated an IP address by
185 # ifupdown but will be configured through external programs. This
186 # can be useful to setup interfaces configured through other programs,
187 # like, for example, PPPOE scripts.
190 # iface eth0 inet manual
191 # up ifconfig $IFACE 0.0.0.0 up
192 # up /usr/local/bin/myconfigscript
193 # down ifconfig $IFACE down