Skip to content

Instantly share code, notes, and snippets.

@plembo

plembo/ubuntu-server-setup-ifupdown.md

Last active July 2, 2024 14:18
Show Gist options
  • Save plembo/50c238710074c3582eb956ea43bfa7e9 to your computer and use it in GitHub Desktop.
Save plembo/50c238710074c3582eb956ea43bfa7e9 to your computer and use it in GitHub Desktop.
Download ZIP
Ubuntu Server Setup - with ifupdown
Raw
ubuntu-server-setup-ifupdown.md

Ubuntu Server Setup - with ifupdown

The assumption here is that you're starting with a Ubuntu 20.04 LTS Server or newer, rather than Desktop, base (Ubuntu Desktop deploys NetworkManager rather than systemd-networkd by default). This box has an AMD Ryzen CPU.

The goal is networking configured for static addressing using using ifupdown, rather than the newer systemd-networkd and netplan, or (for Ubuntu Desktop) NetworkManager. It basically returns networking on Ubuntu to its Debian roots.

The physical network device name for the test machine was "ens3", it will be something else on different hardware.

NOTE: I am currently using netplan rather than ifupdown on my own Ubuntu servers. I'll keep these notes updated because the configuration is close enough to Debian that it may come in handy when I finally switch to Debian.

Please do not perform this procedure on a virtual machine hosted in the cloud. Your will probably annoy your vendor and almost certainly have to re-create the vm (or restore from a snapshot -- you do take snapshots, don't you?

Security

Every Ubuntu Server and Desktop shares one glaring security flaw: user home directories (other than root) are permissioned with read and execute rights for "other". Before going any further (and from this point forward until Canonical fixes this), be sure to reset these permissions on all user home directories:

$ sudo chmod o-rx /home/*

Configuration

  1. Make vi(m) the default editor because I don't like nano.
$ sudo apt install vim
$ sudo update-alternatives --config editor

Pick "vim.basic" from the list.

  1. Completely remove cloud-init:
$ sudo apt remove --purge cloud-init

Also mask the systemd-networkd-wait-online service, because it depends on cloud-init and will drag out system recovery after reboot:

$ sudo systemctl mask systemd-networkd-wait-online
  1. Install ifupdown and configure /etc/network/interfaces.
$ sudo apt install ifupdown
$ sudo vi /etc/network/interfaces

Add nomodeset and loglevel to /etc/default/grub so it looks something like this:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash nomodeset loglevel=3"

NOTE: loglevel must be at the end to work.

Then run sudo update-grub and reboot.

The following sets up a network bridge, which is useful for providing access to virtual machines running on the server. It also provides a bridge alias with a second IP for the system (the physical interface in this example is "ens3").

# /etc/network/interfaces
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback

auto br0
iface br0 inet static
    bridge_ports ens3
    address 10.0.1.11
    netmask 255.255.255.0
    network 10.0.1.0
    broadcast 10.0.1.255
    gateway 10.0.1.1
    dns-nameservers 10.0.1.1
    dns-nameservers 8.8.8.8
    dns-nameservers 8.8.4.4
    dns-search example.com
    up ip addr add 10.0.1.9/24 dev br0 label br0:1
    down ip addr del 10.0.1.9/24 dev br0 label br0:1

iface br0 inet6 dhcp

OR, for a simpler config without a bridge:

source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback

auto ens3
iface ens3 inet static
    address 10.0.1.11
    netmask 255.255.255.0
    network 10.0.1.0
    broadcast 10.0.1.255
    gateway 10.0.1.1
    dns-nameservers 10.0.1.1
    dns-nameservers 8.8.8.8
    dns-nameservers 8.8.4.4
    dns-search example.com

iface ens3 inet6 dhcp
  1. Make sure networking.service is enabled, disable systemd-networkd.
$ sudo systemctl enable networking
$ sudo systemctl disable systemd-networkd

Reboot the system.

$ sudo reboot
  1. If you haven't done so already, edit /etc/hosts to map the host's static ip.
$ sudo vi /etc/hosts

# /etc/hosts
127.0.0.1 localhost
10.0.1.11 myhost.example.com myhost
  1. Disable systemd-resolved and recreate /etc/resolv.conf.
$ sudo systemctl stop systemd-resolved
$ sudo systemctl disable systemd-resolved
$ sudo rm /etc/resolv.conf
$ sudo vi /etc/resolv.conf

# /etc/resolv.conf
search example.com
nameserver 10.0.1.1
nameserver 8.8.8.8
nameserver 8.8.4.4
  1. Enable serial console access (especially if this will be a virtual machine):
$ sudo systemctl enable serial-getty@ttyS0.service
$ sudo systemctl start serial-getty@ttyS0.service
  1. Install and configure chrony (which will disable systemd-timesyncd)
$ sudo apt install chrony
$ sudo vi /etc/chrony/chrony.conf

The defaults will work fine for a desktop that doesn't need a local time server.

For a server:

# pool ntp.ubuntu.com        iburst maxsources 4
# pool 0.ubuntu.pool.ntp.org iburst maxsources 1
# pool 1.ubuntu.pool.ntp.org iburst maxsources 1
# pool 2.ubuntu.pool.ntp.org iburst maxsources 2
server 0.us.pool.ntp.org iburst
server 1.us.pool.ntp.org iburst
server 2.us.pool.ntp.org iburst
server 3.us.pool.ntp.org iburst

allow 10.0.1.0/24

Where 10.0.1.0/24 is your local network.

  1. Postfix is my go to when I need to send mail over the Internet or my local network, or receive mail from services like cron (in the last case the server would be configured as Local only). Hanif Jetha and Mark Drake, "How to Install and Configure Postfix on Ubuntu 20.04" is a good place to start, https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-on-ubuntu-20-04. I use the mutt e-mail client (https://www.mutt.org) with postfix.

  2. Other helpful software and services. These are not essential, but make life a lot easier (package names are for Ubuntu):

  • needrestart tool
  • bind9utils
  • nmap
  1. After a major version upgrade you may need to remove and reinstall ubuntu-release-upgrader-core.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment