How to Configure Networking Services on a Linux Server

Linux servers power critical infrastructure worldwide, from web hosting and cloud platforms to enterprise networks. A foundational aspect of managing these servers is configuring networking services—without reliable network connectivity and properly tuned services, even the most powerful server remains isolated and ineffective. This guide demystifies the process of setting up and managing core networking services on Linux. We’ll cover fundamental concepts, step-by-step configuration for essential services (e.g., SSH, DNS, DHCP, HTTP/HTTPS), common tools, and best practices to ensure security, reliability, and performance. Whether you’re a system administrator, developer, or IT enthusiast, this blog will equip you to configure networking services with confidence.

Fundamentals of Linux Networking
- 1.1 The Linux Network Stack
- 1.2 Key Networking Services
Essential Tools for Network Management
- 2.1 ip Command (Replacing ifconfig)
- 2.2 NetworkManager (nmcli)
- 2.3 Netplan (Modern Configuration)
- 2.4 Firewall Tools (ufw/iptables)
Step-by-Step Configuration of Core Services
- 3.1 Basic Network Interface Setup (Static/Dynamic IP)
- 3.2 Secure Shell (SSH)
- 3.3 DNS (Client and Server)
- 3.4 DHCP Server
- 3.5 HTTP/HTTPS with Nginx
- 3.6 NTP (Time Synchronization)
Common Practices
Best Practices
Conclusion
References

1. Fundamentals of Linux Networking

1.1 The Linux Network Stack

Linux networking is built on a layered stack, combining kernel-space components (e.g., network drivers, TCP/IP stack) and user-space tools (e.g., ip, sshd). Key layers include:

Link Layer: Manages physical connections (Ethernet, Wi-Fi) and MAC addresses.
Network Layer: Handles IP addressing and routing (IPv4/IPv6).
Transport Layer: Manages end-to-end communication (TCP, UDP).
Application Layer: Hosts services like SSH, HTTP, and DNS.

1.2 Key Networking Services

Networking services enable communication between servers, clients, and external networks. Below are critical services and their purposes:

Service	Purpose	Common Tools/Libraries
SSH	Secure remote access to the server.	`openssh-server`, `sshd`
DNS	Translates domain names to IP addresses (and vice versa).	`dnsmasq`, `bind9` (server); `resolv.conf` (client)
DHCP	Automatically assigns IP addresses to clients on a network.	`isc-dhcp-server`
HTTP/HTTPS	Serves web content (unencrypted/encrypted).	`nginx`, `apache2`
NTP	Synchronizes system time with global time servers.	`chrony`, `ntpd`
Firewall	Controls inbound/outbound network traffic for security.	`ufw`, `iptables`, `firewalld`

2. Essential Tools for Network Management

Before diving into service configuration, master these tools to diagnose and manage network interfaces, connections, and traffic.

2.1 `ip` Command (Replacing `ifconfig`)

The ip command (part of the iproute2 package) is the modern replacement for ifconfig. Use it to manage interfaces, IP addresses, and routing.

Common ip Subcommands:

ip addr: List/modify IP addresses of interfaces.
ip link: Manage physical layer settings (e.g., enable/disable interfaces).
ip route: View/modify routing tables.

Examples:

# List all interfaces and their IP addresses
ip addr show

# Enable/disable an interface (e.g., eth0)
ip link set eth0 up   # Enable
ip link set eth0 down # Disable

# Assign a temporary static IP (persists until reboot)
ip addr add 192.168.1.100/24 dev eth0

# View routing table (default gateway, subnets)
ip route show

2.2 NetworkManager (`nmcli`)

NetworkManager is a daemon that simplifies network configuration (wired, wireless, VPNs). Use nmcli (CLI) or nmtui (TUI) to interact with it.

Examples:

# List all connections
nmcli connection show

# Connect to a wired network (static IP)
nmcli connection add con-name "static-eth0" ifname eth0 type ethernet ip4 192.168.1.100/24 gw4 192.168.1.1

# Activate the connection
nmcli connection up "static-eth0"

# Check connection status
nmcli general status

2.3 Netplan (Modern Configuration)

Netplan (used in Ubuntu 18.04+, Debian 10+) replaces traditional ifupdown with YAML-based configuration files. It generates configs for NetworkManager or systemd-networkd.

Netplan Workflow:

Edit YAML configs in /etc/netplan/ (e.g., 01-netcfg.yaml).
Validate with netplan try (tests config without applying permanently).
Apply with netplan apply.

Example: Static IP Configuration

# /etc/netplan/01-netcfg.yaml
network:
  version: 2
  renderer: networkd  # Use NetworkManager for desktop; networkd for servers
  ethernets:
    eth0:  # Replace with your interface name (check with `ip link`)
      dhcp4: no  # Disable DHCP
      addresses: [192.168.1.100/24]  # Static IP and subnet (CIDR notation)
      gateway4: 192.168.1.1  # Default gateway
      nameservers:
        addresses: [8.8.8.8, 8.8.4.4]  # DNS servers (Google DNS)

Apply the config:

sudo netplan try  # Test for syntax errors
sudo netplan apply  # Apply permanently

2.4 Firewall Tools (`ufw`/`iptables`)

Firewalls restrict traffic to/from the server. Use ufw (Uncomplicated Firewall) for simplicity or iptables for granular control.

`ufw` (Simplified Firewall)

# Install ufw (pre-installed on most Ubuntu systems)
sudo apt install ufw

# Allow SSH (port 22), HTTP (80), HTTPS (443)
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Deny all other inbound traffic (default policy)
sudo ufw default deny incoming
sudo ufw default allow outgoing

# Enable ufw (starts on boot)
sudo ufw enable

# Check status
sudo ufw status verbose

`iptables` (Advanced Firewall)

For custom rules (e.g., port forwarding, rate limiting), use iptables directly:

# Allow SSH, HTTP, HTTPS (save rules with `iptables-save` on Debian/Ubuntu)
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -j DROP  # Deny all other inbound traffic

# Save rules (persist across reboots; RHEL/CentOS uses `firewalld`)
sudo iptables-save | sudo tee /etc/iptables/rules.v4

3. Step-by-Step Configuration of Core Services

3.1 Basic Network Interface Setup (Static/Dynamic IP)

Most servers require a static IP for reliability (e.g., web servers, DNS servers). Use Netplan (modern) or traditional config files (older systems).

Netplan (Ubuntu 18.04+, Debian 10+):
See Section 2.3 for a static IP example. For dynamic IP (DHCP), set dhcp4: yes:

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: yes  # Use DHCP to get IP, gateway, DNS

Traditional: /etc/network/interfaces (Debian/Ubuntu <18.04):

# Edit config file
sudo nano /etc/network/interfaces

# Static IP configuration
auto eth0
iface eth0 inet static
  address 192.168.1.100
  netmask 255.255.255.0
  gateway 192.168.1.1
  dns-nameservers 8.8.8.8 8.8.4.4

# Restart networking
sudo systemctl restart networking

3.2 Secure Shell (SSH)

SSH enables secure remote access. Always harden SSH to prevent brute-force attacks.

Step 1: Install OpenSSH Server

# Ubuntu/Debian
sudo apt install openssh-server

# RHEL/CentOS
sudo dnf install openssh-server

# Start and enable on boot
sudo systemctl enable --now sshd

Step 2: Harden sshd_config
Edit /etc/ssh/sshd_config to disable insecure settings:

sudo nano /etc/ssh/sshd_config

Key changes:

Port 2222                # Use a non-default port (e.g., 2222) to reduce noise
PermitRootLogin no       # Disable direct root login
PasswordAuthentication no # Require SSH keys (no password logins)
PubkeyAuthentication yes # Enable public key authentication
AllowUsers alice bob     # Restrict login to specific users (optional)

Step 3: Generate SSH Keys (Client-Side)
On your local machine, generate a key pair and copy it to the server:

# Generate key (press Enter for defaults)
ssh-keygen -t ed25519  # Ed25519 is more secure than RSA

# Copy public key to server (replace user@server-ip and port)
ssh-copy-id -p 2222 [email protected]

Step 4: Restart SSH Service

sudo systemctl restart sshd

Test login with:

ssh -p 2222 [email protected]

3.3 DNS (Client and Server)

Client-Side DNS: `resolv.conf`

Clients use /etc/resolv.conf to specify DNS servers. On systems with NetworkManager/Netplan, this file is often managed automatically, but you can override it:

# Temporary: Edit resolv.conf directly (may be overwritten by NetworkManager)
sudo nano /etc/resolv.conf
nameserver 8.8.8.8  # Google DNS
nameserver 1.1.1.1  # Cloudflare DNS

# Persistent: Use Netplan/NetworkManager to set DNS (see Section 2.3)

Server-Side DNS: `dnsmasq` (Lightweight Local Server)

For small networks, dnsmasq acts as a DNS forwarder and DHCP server. Install and configure it to resolve local hostnames (e.g., server1.lan → 192.168.1.100).

Step 1: Install dnsmasq

sudo apt install dnsmasq

Step 2: Configure dnsmasq
Edit /etc/dnsmasq.conf:

sudo nano /etc/dnsmasq.conf

Add:

# Listen on your LAN interface (e.g., eth0)
interface=eth0

# Define local domain and IP range (e.g., .lan)
local=/lan/
domain=lan

# Add static hostnames (local devices)
address=/server1.lan/192.168.1.100
address=/printer.lan/192.168.1.101

# Forward unknown queries to upstream DNS (Google)
server=8.8.8.8
server=8.8.4.4

Step 3: Restart dnsmasq

sudo systemctl restart dnsmasq
sudo systemctl enable dnsmasq

Test with dig (DNS lookup tool):

dig server1.lan @192.168.1.100  # Query your DNS server

3.4 DHCP Server (`isc-dhcp-server`)

A DHCP server assigns IP addresses, subnet masks, and gateways to clients automatically.

Step 1: Install isc-dhcp-server

sudo apt install isc-dhcp-server

Step 2: Configure the Server
Edit /etc/dhcp/dhcpd.conf:

sudo nano /etc/dhcp/dhcpd.conf

Add a subnet declaration (replace values for your network):

subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.150 192.168.1.200;  # IP range to assign
  option routers 192.168.1.1;         # Default gateway
  option subnet-mask 255.255.255.0;   # Subnet mask
  option domain-name-servers 192.168.1.100, 8.8.8.8;  # DNS servers (local dnsmasq + Google)
  default-lease-time 600;             # 10 minutes
  max-lease-time 7200;                # 2 hours
}

# Reserve IP for a specific MAC address (e.g., a printer)
host printer {
  hardware ethernet aa:bb:cc:dd:ee:ff;  # Printer's MAC address
  fixed-address 192.168.1.101;
}

Step 3: Specify Interfaces
Edit /etc/default/isc-dhcp-server to set the interface (e.g., eth0):

INTERFACESv4="eth0"

Step 4: Start the Service

sudo systemctl restart isc-dhcp-server
sudo systemctl enable isc-dhcp-server

Check logs for issues:

journalctl -u isc-dhcp-server

3.5 HTTP/HTTPS with Nginx

Nginx is a lightweight, high-performance web server. We’ll configure it to serve static content and enable HTTPS with Let’s Encrypt.

Step 1: Install Nginx

sudo apt install nginx
sudo systemctl enable --now nginx

Step 2: Serve Static Content
Create a website root and sample HTML file:

sudo mkdir -p /var/www/example.com/html
sudo chown -R $USER:$USER /var/www/example.com/html
echo "<h1>Hello, Nginx!</h1>" | sudo tee /var/www/example.com/html/index.html

Create an Nginx server block (/etc/nginx/sites-available/example.com):

server {
    listen 80;
    server_name example.com www.example.com;  # Replace with your domain

    root /var/www/example.com/html;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}

Enable the site and test Nginx config:

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
sudo nginx -t  # Validate config
sudo systemctl reload nginx

Step 3: Enable HTTPS with Let’s Encrypt
Use certbot to obtain a free SSL certificate:

# Install certbot and Nginx plugin
sudo apt install certbot python3-certbot-nginx

# Obtain and auto-configure SSL
sudo certbot --nginx -d example.com -d www.example.com

Certbot will:

Request a certificate from Let’s Encrypt.
Update Nginx config to redirect HTTP → HTTPS.
Set up auto-renewal (certificates expire after 90 days).

3.6 NTP (Time Synchronization)

Accurate time is critical for logs, security (e.g., Kerberos), and distributed systems. Use chrony (modern, lightweight) instead of

Table of Contents