From Fedora Project Wiki

(Note on VPN connections)
(added content from https://fedoraproject.org/wiki/Features/RealHotspot)
(14 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{header|docs}}
{{header|docs}}
{{Docs_beat_open}}


== Network Device Naming ==
== Consistent network device naming ==


Servers often have multiple Ethernet ports, either embedded on the motherboard, or on add-in PCI cards.  Linux has traditionally named these ports ethX, but there has been no correlation of the ethX names to the chassis labels - the ethX names are non-deterministic.  Starting in Fedora 15, Ethernet ports will have a new naming scheme corresponding to physical locations, rather than ethX. Ethernet ports embedded on server motherboards will be named em<port_number>, while ports on PCI cards will be named pci<slot_number>p<port_number>, corresponding to the chassis labels. Additionally, if the network device is an SR-IOV Virtual Function or has Network Partitioning (NPAR) capability, the name will have a suffix of _<virtual_function> or _<partition>.
Fedora 18 continues previous releases' use of '''biosdevname''' to set network device names in a deterministic manner. Ethernet ports embedded on server motherboards will be named <code>em<port_number></code>, while ports on PCI cards will be named <code>p<slot_number>p<port_number></code>, corresponding to the chassis labels. This feature may be disabled by passing <code>"biosdevname=0"</code> on the kernel command line, in which case, behavior will revert to using ethX names.  


By changing the naming convention, system administrators will no longer have to guess at the ethX to physical port mapping, or invoke workarounds on each system to rename them into some "sane" order.
== better network security with firewalld ==
'''firewalld''' will be the default firewall solution for Fedora 18, replacing '''iptables'''.  Using '''firewalld'''will allow for application of policy changes without reloading, allowing connection states to stay unbroken when rules are changed.  


This feature affects all physical systems that expose network port naming information in SMBIOS 2.6 or later (specifically field types 9 and 41).  Dell PowerEdge 10G and newer servers (PowerEdge 1950 III family, PowerEdge R710 family, and newer), and HP ProLiant G6 servers and newer are known to expose this information, as do some newer desktop models. Furthermore, most older systems expose some information in the PCI IRQ Routing Table, which will be consulted if information is not provided by SMBIOS.
A D-BUS interface allows approved applications to communicate status and present complex or temporary needs to the firewall without requiring hand configuration by an administrator. This improves support for dynamic environments like libvirtd, which previously had to be restarted when iptables rules were changed.  


Fedora running as a guest virtual machine will continue to use the ethX names.
Manual administration can be done with firewall-cmd. Documentation on firewalld can be found in the included manpages, firewall-cmd(1), firewalld(1), firewalld.conf(5), firewalld.icmptype(5), firewalld.service(5), firewalld.zone(5).


Existing installations upgraded to Fedora 15 will not see a change in names unless /etc/udev/rules.d/70-persistent-net.rules is deleted and the HWADDR lines are removed from all /etc/sysconfig/network-scripts/ifcfg-* files, and those files are renamed to use the new device names.
== Team Driver improves NIC bonding ==
 
Fedora 18 includes Team Driver which facilitates grouping of multiple network interfaces together so they act like a single network interface. This extends teaming possibilities provided by existing bonding driver. It also provides userspace driven, modular alternative to bonding driver. Usage information can be found in man teamd.conf(5), man teamd(8), and man teamdctl(8).
You may continue to write rules in /etc/udev/rules.d/70-persistent-net.rules to change the device names to anything you wish.  Such will take precedence over this physical location naming scheme.  Such rules may look like:
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:11:22:33:44:55", ATTR{type}=="1", KERNEL=="eth*", NAME="public"
 
This feature may be disabled by passing "biosdevname=0" on the kernel command line, in which case, behavior will revert to using ethX names.
 
== VPN default visibility ==
 
By default, a new network connection using NetworkManager in GNOME 3 has the ''Available to all users'' option enabled. This default selection includes new VPN connections. This allows a laptop user to restart the session without having to select the VPN and enter credentials again. However, it may not be desirable to some users. To remove this option, turn off the ''Available to all users'' checkbox when setting up the network.
 
To change the option after a connection has already been created, select the NetworkManager icon in the top-bar, and select ''Network Settings'' in the network menu.  The Network settings window appears. Select the desired connection and then select the ''Options'' button. At the bottom of the connection window, turn off the ''Available to all users'' checkbox, and select ''Save...'' to save the configuration.


== Bring your own hotspot ==
NetworkManager now supports an enhanced Hotspot/Internet Connection Sharing mode for WiFi, which enables a much smoother connection sharing experience and is better supported by hardware. This mode is automatically enabled only for newly created connection to ensure existing configuration is unchanged.


[[Category:Docs Project]]
[[Category:Docs Project]]
[[Category:Draft documentation]]
[[Category:Draft documentation]]
[[Category:Documentation beats]]
[[Category:Documentation beats]]

Revision as of 15:58, 26 October 2012

DocsProject Header docTeam1.png
Note.png
Beat is open
This beat is now ready to have Fedora 25 content added by the beat writer


Consistent network device naming

Fedora 18 continues previous releases' use of biosdevname to set network device names in a deterministic manner. Ethernet ports embedded on server motherboards will be named em<port_number>, while ports on PCI cards will be named p<slot_number>p<port_number>, corresponding to the chassis labels. This feature may be disabled by passing "biosdevname=0" on the kernel command line, in which case, behavior will revert to using ethX names.

better network security with firewalld

firewalld will be the default firewall solution for Fedora 18, replacing iptables. Using firewalldwill allow for application of policy changes without reloading, allowing connection states to stay unbroken when rules are changed.

A D-BUS interface allows approved applications to communicate status and present complex or temporary needs to the firewall without requiring hand configuration by an administrator. This improves support for dynamic environments like libvirtd, which previously had to be restarted when iptables rules were changed.

Manual administration can be done with firewall-cmd. Documentation on firewalld can be found in the included manpages, firewall-cmd(1), firewalld(1), firewalld.conf(5), firewalld.icmptype(5), firewalld.service(5), firewalld.zone(5).

Team Driver improves NIC bonding

Fedora 18 includes Team Driver which facilitates grouping of multiple network interfaces together so they act like a single network interface. This extends teaming possibilities provided by existing bonding driver. It also provides userspace driven, modular alternative to bonding driver. Usage information can be found in man teamd.conf(5), man teamd(8), and man teamdctl(8).

Bring your own hotspot

NetworkManager now supports an enhanced Hotspot/Internet Connection Sharing mode for WiFi, which enables a much smoother connection sharing experience and is better supported by hardware. This mode is automatically enabled only for newly created connection to ensure existing configuration is unchanged.

Retrieved from "https://fedoraproject.org/w/index.php?title=Documentation_Networking_Beat&oldid=308781"