Managing Network Interfaces

Introduction to Network Interfaces

Each virtual system managed by Cloudmin has at least one network interface / IP address, which the system's hostname typically resolved to in DNS. On the virtual machine this usually appears as eth0 - how it appears on the host system differs depending on the type of virtualization being used.

It is possible for virtual system to have multiple network interfaces. For Xen and KVM instances on host systems with more than one bridge, the virtual machines can have one ethN interface per bridge. Typically each is connected to a different physical network or VLAN on the host system.

Cloudmin lets you add extra IP addresses to a virtual system, although these will usually be virtual interfaces like eth0:5. This is useful if you want a VPS to host multiple SSL-protected websites, each of which needs its own IP address.

System owners can be either completely denied access to page for managing network interfaces, or limited in how many IP addresses they can use across all their virtual machines. This can be done either at the plan level, or on an owner-by-owner basis.

Cloudmin can fully manage network interfaces on any system running Webmin, or with a Debian-based or Redhat-based Linux distribution installed. It can even manage interfaces on a down system, assuming it is running Debian, Ubuntu, RHEL, Fedora or CentOS. This allows you to fix networking errors even if a system is in-accessible, by first shutting it down and then using Cloudmin to edit interfaces.

On systems running Windows, BSD or an un-supported Linux distribution without Webmin, Cloudmin cannot manage the IP addresses assigned to network interfaces - instead, these must be set within the virtual system. However, it can configure the MAC address and network bridges assigned to each interface.

Adding a Virtual Network Interface

To create a new network interface, the steps to follow are :

  1. Select the system from the left menu, open the System Configuration category and click on Network Interfaces.
  2. Underneath the list of existing interfaces, click the Add a virtual interface link.
  3. Either enter an IP for the new interface from the IP address menu, or select Allocate automatically to have Cloudmin pick one from the allocation range you have specified for its host system.
  4. Change the netmask if needed - but typically the default will work fine.
  5. Click the Create button.

The new IP address should be immediately activated and pingable, and will be added to both the networking configuration files on the virtual system, and any virtualization config files on the host system.

Adding a Real Network Interface

Xen and KVM virtual systems also support creation of non-virtual interfaces, which appear like eth1 on the virtual machine. If the host system has multiple network bridges you can select which bridge each new real interface is connected to - it is also possible to have multiple real interfaces bridged to the same real interface on the host.

To create a new real network interface, the steps to follow are :

  1. Select the system from the left menu, open the System Configuration category and click on Network Interfaces.
  2. Underneath the list of existing interfaces, click the Add a real interface link.
  3. The Network interface name field can generally be left un-changed, as Cloudmin will pick the next free ethN device on the virtual system.
  4. If the virtual system has more than one bridge, select the one you want from the Network bridge on host menu.
  5. Either enter an IP for the new interface from the IP address menu, or select Allocate automatically to have Cloudmin pick one from the allocation range you have specified for its host system.
  6. Change the netmask if needed - but typically the default will work fine.
  7. Click the Create button.

The new IP address should be immediately activated and pingable, and will be added to both the networking configuration files on the virtual system, and any virtualization config files on the host system.

Editing and Deleting Interfaces

To change or remove an interface, do the following :

  1. Select the system from the left menu, open the System Configuration category and click on Network Interfaces.
  2. Click on the address for the interface you want to manage.
  3. If it is a virtual interface (like eth0:5) or a real interface other than the first, you can click the Delete button to remove it.
  4. Otherwise, change any of its details such as the IP, netmask or MAC address, and click Save.

Again, all changes will be activated immediately with the exception of a change in the MAC address. That will only take effect when the virtual system is shut down and started up again. Only Xen and KVM systems can have their MAC addresses changed, and only for non-virtual interfaces.

Changing the Default Gateway

Cloudmin can edit the default router on a running system with Webmin installed, or a down system with a support Linux distribution (Redhat or Debian based). The steps to do this are :

  1. Select the system from the left menu, open the System Configuration category and click on Network Interfaces.
  2. Below the list of interfaces is a Default gateway options form.
  3. Change or clear the gateway in the Gateway IP address field.
  4. Click Save.

Be careful doing this on a running virtual system though, as you may cut off access to the Cloudmin master.

If the virtual system supports IPv6, you can also set a default gateway for IPv6 routing using this same form.

DHCP and MAC Addresses

Cloudmin can be configured to setup the DHCP server on your master system to supply virtual machines with IP addresses. This can be useful if you want to use system images for operating systems that Cloudmin cannot configure the network on directly, such as Windows or FreeBSD.

The steps to setup a DHCP server are as follows :

  1. Make sure the ISC DHCPd software is installed. On Redhat or CentOS systems, this can be done with the command : yum install dhcp On Debian or Ubuntu, the command is : apt-get install dhcp3-server
  2. In Cloudmin, go to Webmin -> Servers -> DHCP Server , and add a subnet for the IP network that your virtual systems will be on.
  3. Make any other configuration changes to the DHCPd settings that you want, such as on the Edit Client Options page. Here you can set default nameservers and gateways for your virtual systems.
  4. Click the Start Server or Apply Changes button, and verify that DHCPd starts OK.
  5. Go to Cloudmin -> Cloudmin Settings -> Module Config -> DHCP settings.
  6. Change the Add DHCPd host for virtual systems option to Yes.
  7. In the Add DHCPd hosts to subnet field, enter the IP address of the subnet that you added in step 2 above.
  8. Click Save.
  9. Create a new KVM or Xen virtual system, and ensure that it successfully adds a DHCP host entry during the creation process.

IPv6 Addresses

When managing KVM, Xen or real systems running Linux with Cloudmin 5.6 or later, you can also enter IPv6 addresses for non-virtual network interfaces. However, only systems running Debian, Ubuntu, CentOS, Redhat or Fedora Linux are supported currently. IPv6 addresses can be added as follows :

  1. Select the system from the left menu, open the System Configuration category and click on Network Interfaces.
  2. Click on the address for the interface you want to add an IPv6 address to, such as eth0.
  3. Enter an address such as 2001:db8:0:f101::77 and a netmask like 64 into the IPv6 addresses table. Make sure it is within a range that has been routed to your network.
  4. Click the Save button.

Blocking IP Spoofing

Even though Cloudmin assigns IP addresses to virtual systems, it is possible under some virtualization types for a user with root access to the system to bring up an additional network interface with an IP that hasn't been officially assigned. Or he could change the IP address or MAC address of the eth0 interface. This could be used to evade bandwidth collection, and could cause IP clashes with other virtual or real systems.

Cloudmin version 6.5 and later can block this type of address spoofing by automatically setting up an EBtables firewall that only allows IP and MAC addresses assigned to the system. This requires that ebtables be installed on the host system, which fortunately is distributed as a standard package in most Linux distributions.

To enable firewalling of unassigned IPs for an existing system, do the following :

  1. Select the system from the left menu, open the Resources category and click on Resource Limits.
  2. Change the IP addresses to allow field to Only those assigned by Cloudmin, and click Save.

Blocking of un-assigned addresses will be activated immediate for running systems, and at the next boot for down systems. To undo this, select All addresses in step 2 instead. If the option is missing, double-check that the ebtables command is installed on the host system.

Firewalling can also be enabled at system creation time, via an option in the Advanced options section of the creation form. You can also enable it by default for new systems at Cloudmin Settings -> Cloudmin Configuration -> KVM Settings -> Block spoofed IPs and MACs by default? .