BestHub
Sign in
Operations 21 min read

Why Your Linux Network Keeps Failing? Master Subnet Masks and Gateways

This guide walks Linux administrators through the essential concepts of IP addressing, subnet masks, CIDR notation, gateway configuration, and routing, providing detailed examples for RedHat/CentOS, Debian/Ubuntu, and cloud environments, plus troubleshooting steps and advanced topics like bonding, VLANs, firewalls, and performance tuning.

MaGe Linux Operations
MaGe Linux Operations
MaGe Linux Operations
Why Your Linux Network Keeps Failing? Master Subnet Masks and Gateways

Linux Network Always Unreachable? Master Subnet Masks and Gateway Configuration

Introduction

Network configuration is a core skill for Linux system operations. Proper understanding and configuration of subnet masks, gateways, and other network parameters directly affect connectivity and performance. This article explores all aspects of Linux network configuration, providing comprehensive guidance for ops engineers.

Chapter 1: Network Fundamentals

1.1 Relationship between IP address and subnet mask

IP address is a 32‑bit identifier usually expressed in dotted decimal. Subnet mask determines the network and host portions of the address.

IP address classes:

A: 1.0.0.0 – 126.255.255.255, default mask 255.0.0.0

B: 128.0.0.0 – 191.255.255.255, default mask 255.255.0.0

C: 192.0.0.0 – 223.255.255.255, default mask 255.255.255.0

1.2 CIDR notation

CIDR uses a slash number to indicate the prefix length.

/24 equals 255.255.255.0

/16 equals 255.255.0.0

/8 equals 255.0.0.0

1.3 Role of the gateway

The gateway connects different networks, typically a router. When a packet’s destination is outside the local network, it is sent to the default gateway for forwarding.

Chapter 2: Linux Network Configuration Files

2.1 Structure of configuration files

File locations and formats vary by distribution.

RedHat/CentOS:

/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network
/etc/resolv.conf

Debian/Ubuntu:

/etc/network/interfaces
/etc/netplan/ (Ubuntu 18.04+)
/etc/resolv.conf

2.2 RedHat/CentOS network configuration

Interface file (/etc/sysconfig/network-scripts/ifcfg-eth0):

# Basic configuration
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static

# IP configuration
IPADDR=192.168.1.100
NETMASK=255.255.255.0
PREFIX=24
GATEWAY=192.168.1.1

# DNS configuration
DNS1=8.8.8.8
DNS2=8.8.4.4

# Advanced configuration
HWADDR=00:50:56:12:34:56
USERCTL=no
NM_CONTROLLED=no
DEFROUTE=yes

DHCP example:

DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=dhcp
HWADDR=00:50:56:12:34:56

2.3 Debian/Ubuntu network configuration

Traditional file (/etc/network/interfaces):

# Loopback
auto lo
iface lo inet loopback

# Static IP
auto eth0
iface eth0 inet static
    address 192.168.1.100
    netmask 255.255.255.0
    gateway 192.168.1.1
    dns-nameservers 8.8.8.8 8.8.4.4
    dns-search example.com

# DHCP
auto eth1
iface eth1 inet dhcp

# Multiple IP
auto eth0:0
iface eth0:0 inet static
    address 192.168.1.101
    netmask 255.255.255.0

Netplan (Ubuntu 18.04+):

network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses:
        - 192.168.1.100/24
      gateway4: 192.168.1.1
      nameservers:
        addresses: [8.8.8.8, 8.8.4.4]
        search: [example.com]
      dhcp4: false

Chapter 3: Deep Dive into Subnet Masks

3.1 Binary representation of subnet masks

IP address:    192.168.1.100 = 11000000.10101000.00000001.01100100
Subnet mask:   255.255.255.0 = 11111111.11111111.11111111.00000000
Network addr:  192.168.1.0   = 11000000.10101000.00000001.00000000
Broadcast:    192.168.1.255 = 11000000.10101000.00000001.11111111

3.2 Subnet division example

Divide 192.168.1.0/24 into four /26 subnets:

Original network: 192.168.1.0/24 (256 addresses)
New mask: /26 (64 addresses per subnet)

Subnet1: 192.168.1.0/26   (192.168.1.1‑62)
Subnet2: 192.168.1.64/26  (192.168.1.65‑126)
Subnet3: 192.168.1.128/26 (192.168.1.129‑190)
Subnet4: 192.168.1.192/26 (192.168.1.193‑254)

3.3 VLSM (Variable Length Subnet Mask)

# Server segment (needs 30 addresses)
192.168.1.0/27   # mask 255.255.255.224

# Workstation segment (needs 100 addresses)
192.168.1.128/25 # mask 255.255.255.128

# Point‑to‑point link (needs 2 addresses)
192.168.1.252/30 # mask 255.255.255.252

Chapter 4: Gateway and Routing Management

4.1 Default gateway configuration

Temporary:

# Add default gateway
route add default gw 192.168.1.1

# Or using ip command
ip route add default via 192.168.1.1

# Delete default gateway
route del default gw 192.168.1.1
ip route del default via 192.168.1.1

Permanent (RedHat/CentOS):

echo "GATEWAY=192.168.1.1" >> /etc/sysconfig/network-scripts/ifcfg-eth0

Permanent (Debian/Ubuntu):

echo "gateway 192.168.1.1" >> /etc/network/interfaces

4.2 Static route configuration

Add static route:

# Route to 10.0.0.0/8 via 192.168.1.254
route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254
# Using ip command
ip route add 10.0.0.0/8 via 192.168.1.254
ip route add 10.0.0.0/8 via 192.168.1.254 dev eth0

Permanent static routes (RedHat/CentOS):

# /etc/sysconfig/network-scripts/route-eth0
10.0.0.0/8 via 192.168.1.254
172.16.0.0/16 via 192.168.1.253

Permanent static routes (Debian/Ubuntu):

auto eth0
iface eth0 inet static
    address 192.168.1.100
    netmask 255.255.255.0
    gateway 192.168.1.1
    up route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254
    down route del -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254

4.3 Routing table management

View routing table:

# Traditional commands
route -n
netstat -rn

# Modern commands
ip route show
ip route show table main

Sample output flags explanation: U – route is up, G – uses gateway, H – host route, D – dynamic, M – modified.

Chapter 5: Network Diagnosis and Troubleshooting

5.1 Connectivity testing

# Test local network
ping 192.168.1.1

# Test external connectivity
ping 8.8.8.8
ping www.google.com

# Test specific port
telnet 192.168.1.1 80
nc -zv 192.168.1.1 80

5.2 Tracing routes

# Trace packet path
traceroute 8.8.8.8
tracepath 8.8.8.8

# Continuous monitoring with mtr
mtr 8.8.8.8

5.3 Network configuration checks

# Check interface status
ifconfig
ip addr show

# View interface statistics
ip -s link show

# Check network service status
systemctl status networking   # Debian/Ubuntu
systemctl status network      # RedHat/CentOS

5.4 Common fault isolation

Check physical connections: ethtool eth0 Verify IP configuration: ip addr show eth0 and ip route show Test DNS resolution: nslookup www.google.com and dig www.google.com Inspect firewall rules: iptables -L and

systemctl status firewalld

Chapter 6: Advanced Network Configuration

6.1 Network bonding

# /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
TYPE=Bond
BONDING_MASTER=yes
BOOTPROTO=static
IPADDR=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
BONDING_OPTS="mode=1 miimon=100"

# Slave interface /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes

6.2 VLAN configuration

# /etc/sysconfig/network-scripts/ifcfg-eth0.100
DEVICE=eth0.100
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0
VLAN=yes

6.3 Bridge configuration

# /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
IPADDR=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
ONBOOT=yes
DELAY=0

# Member interface /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
BRIDGE=br0

Chapter 7: Network Security Configuration

7.1 Firewall setup (iptables)

# Allow loopback
iptables -A INPUT -i lo -j ACCEPT

# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow HTTP/HTTPS
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Default drop
iptables -P INPUT DROP

7.2 Access control with TCP wrappers

# /etc/hosts.allow
sshd: 192.168.1.0/24
httpd: ALL

# /etc/hosts.deny
ALL: ALL

Chapter 8: Performance Optimization and Monitoring

8.1 Kernel parameter tuning

# /etc/sysctl.conf
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 65536 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_congestion_control = bbr
net.core.netdev_max_backlog = 5000

8.2 Network monitoring

# Real‑time traffic
iftop -i eth0
nethogs eth0
ss -tuln

Chapter 9: Automated Network Configuration

9.1 Scripted network setup

#!/bin/bash
# network-config.sh
INTERFACE="eth0"
IP_ADDRESS="192.168.1.100"
NETMASK="255.255.255.0"
GATEWAY="192.168.1.1"
DNS1="8.8.8.8"
DNS2="8.8.4.4"

if [ -f /etc/redhat-release ]; then
    cat > /etc/sysconfig/network-scripts/ifcfg-$INTERFACE <<EOF
DEVICE=$INTERFACE
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static
IPADDR=$IP_ADDRESS
NETMASK=$NETMASK
GATEWAY=$GATEWAY
DNS1=$DNS1
DNS2=$DNS2
EOF
    systemctl restart network
elif [ -f /etc/debian_version ]; then
    cat > /etc/network/interfaces <<EOF
auto lo
iface lo inet loopback

auto $INTERFACE
iface $INTERFACE inet static
    address $IP_ADDRESS
    netmask $NETMASK
    gateway $GATEWAY
    dns-nameservers $DNS1 $DNS2
EOF
    systemctl restart networking
fi

9.2 Ansible network playbook (excerpt)

---
- name: Configure network interface
  hosts: servers
  become: yes
  vars:
    interface: eth0
    ip_address: 192.168.1.100
    netmask: 255.255.255.0
    gateway: 192.168.1.1
  tasks:
    - name: Configure (RedHat/CentOS)
      template:
        src: ifcfg-interface.j2
        dest: "/etc/sysconfig/network-scripts/ifcfg-{{ interface }}"
      when: ansible_os_family == "RedHat"
      notify: restart network

    - name: Configure (Debian/Ubuntu)
      template:
        src: interfaces.j2
        dest: /etc/network/interfaces
      when: ansible_os_family == "Debian"
      notify: restart networking

  handlers:
    - name: restart network
      service:
        name: network
        state: restarted
    - name: restart networking
      service:
        name: networking
        state: restarted

Chapter 10: Cloud Environment Network Configuration

10.1 AWS instance networking

# Associate Elastic IP
aws ec2 associate-address --instance-id i-1234567890abcdef0 --public-ip 203.0.113.12

# Open HTTP port in security group
aws ec2 authorize-security-group-ingress \
    --group-id sg-12345678 \
    --protocol tcp \
    --port 80 \
    --cidr 0.0.0.0/0

10.2 Docker networking

# Create custom bridge network
docker network create --driver bridge \
    --subnet=192.168.100.0/24 \
    --gateway=192.168.100.1 \
    mynetwork

# Run container on that network
docker run -d --name web \
    --network mynetwork \
    --ip 192.168.100.10 \
    nginx

Conclusion

Linux network configuration is an essential skill for operations engineers. By mastering subnet masks, gateway mechanisms, and configuration methods, and combining practical troubleshooting experience, you can ensure stable and efficient networking. As cloud and container technologies evolve, the complexity of network setup grows, requiring continuous learning and practice to meet new challenges.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

routingSysadmingatewayNetwork ConfigurationSubnet Mask
MaGe Linux Operations
Written by

MaGe Linux Operations

Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment