Firewalls - Network Interfaces

Network Interfaces

Overview

TCP/IP is independent of the underlying physical network and IP addresses are implemented in the network software -- not in the network hardware. Unlike Ethernet addresses, which are determined by the Ethernet hardware, the system administrator assigns an IP address to each network interface.
Use the ifconfig (interface configure) command to identify the network interface to TCP/IP and to assign the IP address, subnet mask, and broadcast address to the interface. The network interface is also used to run Point-to-Point Protocol (PPP), which is the Network Access Layer protocol used to run TCP/IP over modem connections.

The ifconfig Command

The ifconfig command sets, or checks, configuration values for network interfaces, most importantly, the IP address. For example...
# ifconfig bge0 192.168.0.12 netmask 255.255.255.0 broadcast 192.168.0.255
The most important arguments include:

interface Name of the network interface to configure for TCP/IP.
In the example above, this is the Ethernet interface bge0.
address The IP address assigned to this interface.
Enter the address as either an IP address (in dotted decimal form) or as a hostname. If you use a hostname, place the hostname and its address in the /etc/hosts file. Your system must be able to find the hostname in /etc/hosts because ifconfig usually executes before DNS starts. The example uses the numeric IP address 192.168.0.12 as the address value.
netmask mask The address mask for this interface.
Ignore this argument only if you're using the default mask derived from the traditional address class structure. The address mask chosen for our imaginary network is 255.255.255.0, so that is the value assigned to interface bge0.
broadcast address The broadcast address for the network.
Most systems default to the standard broadcast address, which is an IP address with all host bits set to 1. In the ifconfig example we explicitly set the broadcast address to 192.168.0.255 to avoid any confusion, despite the fact that a Solaris 8 system will set the correct broadcast address by default. Every system on the subnet must agree on the broadcast address.

In the example above, we use keyword/value pairs because this makes explaining and understanding the syntax easier. However, Solaris does not require that syntax. The following (much shorter) command does exactly the same thing as the previous one:
# ifconfig bge0 192.168.0.12/24
In this command the network mask is defined with an address prefix and the broadcast address is allowed to default. A prefix length of 24 is the same as 255.255.255.0. The default broadcast address given that prefix length is 192.168.0.255.

The Interface Name

You can usually determine which interface is used on a system from the messages displayed on the console during a boot or with the dmesg command. The following example shows the output of the dmesg command on two different systems:
$ dmesg | grep eth 
eth0: Broadcom BCM5700 found at mem feb00000, IRQ 17, node addr 00065b3ecfd6
eth0: Broadcom BCM5401 Copper transceiver found
eth0: Scatter-gather ON, 64-bit DMA ON, Tx Checksum ON, Rx Checksum ON
eth1: Intel(R) 8255x-based Ethernet Adapter
bcm5700: eth0 NIC Link is UP, 100 Mbps half duplex
You can also use the netstat and the ifconfig commands to determine network interface names:
> netstat -in
Name  Mtu  Net/Dest      Address        Ipkts  Ierrs Opkts  Oerrs Collis Queue
lo0   8232 127.0.0.0     127.0.0.1      447304148 0     447304148 0     0      0
bge0  1500 192.168.1.0   192.168.1.60   257884467 951   1249469637 0     0      0
The -i option tells netstat to display the status of all configured network interfaces, and the -n tells netstat to display its output in numeric form. In the Solaris 9 example above, the netstat -in command displays the following fields:

Name Actual name assigned to the interface. This is the name you give to ifconfig to identify the interface. An asterisk (*) in this field indicates that the interface is not enabled; i.e., the interface is not "up."
Mtu The Maximum Transmission Unit shows the longest frame (packet) that can be transmitted by this interface without fragmentation. The MTU is displayed in bytes.
Net/Dest The Network/Destination field shows the network or the destination host to which the interface provides access. In our Ethernet examples, this field contains a network address. The network address is derived from the IP address of the interface and the subnet mask.
This field contains a host address if the interface is configured for a point-to-point (host-specific) link. The destination address is the address of the remote host at the other end of the point-to-point link. A point-to-point link is a direct connection between two computers. You can create a point-to-point link with the ifconfig command.
Address The IP Address field shows the Internet address assigned to this interface.
Ipkts The Input Packets field shows how many packets this interface has received.
Ierrs The Input Errors field shows how many damaged packets the interface has received.
Opkts The Output Packets field shows how many packets were sent out by this interface.
Oerrs The Output Errors field shows how many of the packets caused an error condition.
Collis The Collisions field shows how many Ethernet collisions were detected by this interface. Ethernet collisions are a normal condition caused by Ethernet traffic contention. This field is not applicable to non-Ethernet interfaces.
Queue The Packets Queued field shows how many packets are in the queue, awaiting transmission via this interface. Normally this is zero.

Here is the output of a netstat -in command on a Linux system...
$ netstat -in
Kernel Interface table
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR   TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0   1500   0   1131671041    400      0      01416410649      0      0      0 BMRU
eth0:  1500   0     - no statistics available -                        BMRU
eth0:  1500   0     - no statistics available -                        BMRU
eth0:  1500   0     - no statistics available -                        BMRU
lo    16436   0   16849778      0      0      016849778      0      0      0 LRU
RX-OK is the total number of input packets.
RX-ERR (errors), RX-DRP (drops), and RX-OVR (overruns) added together give the total number of input errors.
TX-OK is total number of output packets.
TX-ERR, TX-DRP, and TX-OVR counters provide the total number of output errors.
Met contains the routing metric assigned to this interface.
Flg field shows the interface flags:

R interface is running.
U interface is up.
B It is a broadcast-capable interface.
L It is a loopback interface.

The lo0 interface is the loopback interface, which every TCP/IP system has. eth0 is the Ethernet interface.
On most systems, the loopback interface is part of the default configuration, so you won't need to configure it. If you do need to configure lo0 on a Solaris system, use the following command:
# ifconfig lo0 plumb 127.0.0.1 up
This example is specific to Solaris because it contains the plumb option. This option literally creates the "plumbing" required by the network interface the first time it is configured. Subsequent reconfigurations of this interface do not require the plumb option, and other systems, such as Linux, do not use this option.
The configuration of the Ethernet interface requires more attention than the loopback interface. Many systems use an installation script to install Unix. This script requests the host address, which it then uses to configure the interface.
The ifconfig command can also be used to find out what network interfaces are available on a system. The netstat command shows only interfaces that are configured. On some systems the ifconfig command can be used to show all interfaces, even those that have not yet been configured. On Solaris 8 systems, ifconfig -a does this; on a Linux 2.0.0 system, entering ifconfig without any arguments will list all of the network interfaces.
While most hosts have only one real network interface, some hosts and all gateways have multiple interfaces. Sometimes all interfaces are the same type; e.g., a gateway between two Ethernets may have two Ethernet interfaces. netstat on a gateway like this might display lo0, eth0, and eth1. Deciphering a netstat display with multiple interfaces of the same type is still very simple. But deciphering a system with many different types of network interfaces is more difficult. You must rely on documentation that comes with optional software to choose the correct interface.

Checking the Interface with ifconfig

To display the current values assigned to the interface, enter ifconfig with an interface name and no other arguments...
> ifconfig bge0
bge0: flags=1000843 mtu 1500 index 2
        inet 192.168.1.60 netmask ffffff00 broadcast 192.168.1.255
When used to check the status of an interface on a Solaris system, the ifconfig command displays two lines of output. The first line shows the interface name, the flags that define the interface's characteristics, and the Maximum Transmission Unit (MTU) of this interface. In our example the interface name is bge0, and the MTU is 1500 bytes. The flags are displayed as both a numeric value and a set of keywords.
The interface's flags have the numeric value 1000843, which corresponds to:

UP The interface is enabled for use.
BROADCAST The interface supports broadcasts, which means it is connected to a network that supports broadcasts, such as an Ethernet.
NOTRAILERS This interface does not support trailer encapsulation.
RUNNING This interface is operational.
MULTICAST This interface supports multicasting.
IPv4 This interface supports TCP/IP version 4, which is the standard version of TCP/IP used on the Internet and described in this book.

The second line of ifconfig output displays information that directly relates to TCP/IP. The keyword inet is followed by the Internet address assigned to this interface. Next comes the keyword netmask, followed by the address mask written in hexadecimal. Finally, the keyword broadcast and the broadcast address are displayed.
On a Linux system the ifconfig command displays up to seven lines of information for each interface instead of the two lines displayed by the Solaris system. The additional information includes the Ethernet address, the PC IRQ, I/O Base Address and memory address, and packet statistics. The basic TCP/IP configuration information is the same on both systems.
]$ ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:06:5B:3E:CF:D6
          inet addr:172.16.1.101  Bcast:172.16.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1131763523 errors:400 dropped:0 overruns:0 frame:400
          TX packets:1416641980 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:2270798982 (2165.6 Mb)  TX bytes:3229698819 (3080.0 Mb)
          Interrupt:17 Memory:feb00000-feb10000
Refer to the Solaris ifconfig bge0 example at the beginning of this section, and check the information displayed in that example against the subnet configuration planned for our imaginary network. You'll see that the interface needs to be reconfigured. The configuration done by the user during the Unix installation did not provide all of the values we planned. The address (192.168.0.12) is correct, but the address mask (ffff0000 or 255.255.0.0) and the broadcast address (172.16.0.0) are incorrect.

Assigning an Address

The IP address can be assigned directly on the ifconfig command line or indirectly from a file. The ifconfig examples seen earlier had an IP address written in standard dotted decimal notation directly on the command line. An alternative is to use a hostname from the /etc/hosts file on the ifconfig command line to provide the address. For example:
# ifconfig bge0 amsterdam netmask 255.255.255.0
Most administrators are very comfortable with using hostnames in place of addresses. Vendor configurations, however, tend to take address assignment to another level of indirection. The ifconfig command in the startup script references a file. The file contains a hostname and the hostname maps to an address. Solaris systems place the hostname in a file named /etc/hostname. interface, where interface is the name of the interface being configured. On our sample system the file is called /etc/hostname.bge0. The hostname.bge0 file created by a standard Solaris installation contains only a simple hostname:
$ cat /etc/hostname.bge0
amsterdam
$ grep amsterdam /etc/hosts
192.168.0.1    amsterdam    amsterdam.setgetweb.com       loghost
The example shows that the Solaris configuration created the hostname.bge0 file and the necessary entry in the /etc/hosts file to map the name from hostname.bge0 to an IP address. The Solaris boot first gets the hostname from a file and then gets the address associated with that hostname from a second file. Both of these entries are required for the configuration.
Linux also uses indirection for the ifconfig configuration. Several Linux systems, including Red Hat, Mandrake, and Caldera, place the values used to configure the network interface in a file named ifcfg.interface, where interface is the name of the interface.
For example, ifcfg.eth0 contains the configuration values for the Ethernet interface eth0.
$ cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
BROADCAST=192.168.0.255
NETWORK=192.168.0.0
NETMASK=255.255.255.0
IPADDR=192.168.0.12
USERCTL=no
This file makes the configuration very easy to see.

DEVICE defines the device name, in this case eth0.
ONBOOT specifies whether the interface is initialized when the system boots. Normally an Ethernet interface is brought up and running every time the system boots.
BOOTPROTO identifies the configuration service used to configure the interface. In this case it is none, meaning that the interface is configured locally. Alternates are bootp if an old-fashioned BootP server is used, or dhcp if a DHCP server is used. If either DHCP or BootP is used, the specific configuration values listed below are not found in this file.
BROADCAST defines the broadcast address used by ifconfig.
NETWORK defines the network address.
NETMASK defines the address mask used by ifconfig.
IPADDR defines the IP address used by ifconfig.
USERCTL specifies whether users can run usernetctl to bring the interface up or down. The usernetctl command is found on only a few versions of Linux. In this case, the value no prevents the user from downing the interface.

Most systems take advantage of the fact that the IP address, subnet mask, and broadcast address can be set indirectly to reduce the extent that startup files need to be customized. Reducing customization lessens the chance that a system might hang while booting because a startup file was improperly edited, and it makes it possible to preconfigure these files for all of the systems on the network. Solaris systems have the added advantage that the hosts, networks, and netmasks files, which provide input to the ifconfig command, all produce NIS maps that can be centrally managed at sites using NIS.
A disadvantage of setting the ifconfig values indirectly is that it can make troubleshooting more cumbersome. If all values are set in the boot file, you only need to check the values there. When network configuration information is supplied indirectly, you may need to check several files to find the problem. An error in any of these files could cause an incorrect configuration. To make debugging easier, a few operating systems set the configuration values directly on the ifconfig command line in the boot file.
If you use a Solaris system, set the address in /etc/hostname.bge0 and /etc/hosts. If you use a Red Hat system, set the address in the /etc/sysconfig/network-scripts/ifcfg.eth0 file. If you use a Slackware system, set the address directly in the rc.inet boot file. Following the standard procedure for your system makes it easier for others to troubleshoot your computer.

Assigning a Subnet Mask

In order to function properly, every interface on a specific physical network segment must have the same address mask. For amsterdam and skyway2, the netmask value is 255.255.255.0 because both systems are attached to the same subnet.
To assign an address mask, write the mask value after the keyword netmask on the ifconfig command line or as a prefix attached to the address. When written as a prefix, the address mask is a decimal number that defines the number of bits in the address mask. For example, 192.168.0.12/24 defines a 24-bit address mask. When the subnet mask follows the keyword netmask, it is usually written in the dotted decimal form used for IP addresses.
For example, the following command assigns the correct subnet mask to the bge0 interface on skyway2:
# ifconfig le0 192.168.0.12 netmask 255.255.255.0
Putting the netmask value directly on the ifconfig command line is the most common, the simplest, and the best way to assign the mask to an interface manually. But it is rare for the mask to be assigned manually. Like addresses, address masks are made part of the configuration during the initial installation. To simplify configuration, ifconfig is able to take the netmask value from a file instead of from the command line. Conceptually, this is similar to using a hostname in place of an IP address. The administrator can place the mask value in either the hosts file or the networks file and then reference it by name. For example, the amsterdam-net administrator might add the following entry to /etc/networks:
 amsterdam-mask 255.255.255.0
Once this entry has been added, you can use the name amsterdam-mask on the ifconfig command line instead of the actual mask. For example:
# ifconfig bge0 172.16.5.2 netmask amsterdam-mask
Name amsterdam-mask resolves to 255.255.255.0, which is the correct netmask value for our sample systems.
Avoid setting the address mask value indirectly from a file that is not primarily intended for this use. The hosts file is a particularly bad choice for storing mask values. The hosts file is heavily used by other programs, and placing a mask value in this file might confuse one of these programs. Setting the address mask directly on the command line or from a file that is dedicated to this purpose is probably the best approach.
On Solaris systems, the /etc/inet/netmasks file is specifically designed to set the subnet mask.The /etc/inet/netmasks file is a table of one-line entries, each containing a network address separated from a mask by whitespace.
/etc/netmasks is symbolically linked to /etc/inet/netmasks.
Use the official network address, not a subnet address.
If a Solaris system on amsterdam-net (172.16.0.0) has an /etc/inet/netmasks file that contains the entry:
 172.16.0.0 255.255.255.0
then the following ifconfig command can be used to set the address mask:
# ifconfig bge0 172.16.5.1 netmask +
The plus sign after the keyword netmask causes ifconfig to take the mask value from /etc/inet/netmasks. ifconfig searches the file for a network address that matches the network address of the interface being configured. It then extracts the mask associated with that address and applies it to the interface.
Most Linux systems also set the address mask indirectly from a file. The ifcfg-eth0 file shown in the previous section contains the following line:
NETMASK=255.255.255.0
This line clearly defines the netmask value that is used by the ifconfig command. To modify the address mask on this Red Hat system, edit this line in the ifcfg-eth0 file.

Set the Broadcast Address

RFC 919, Broadcasting Internet Datagrams, defines the format of a broadcast address as an address with all host bits set to 1. Since the broadcast address is so precisely defined, ifconfig is able to compute it automatically, and you should always be able to use the default.
For example, the ifconfig command to set the broadcast address for amsterdam's bge0 interface is:
# ifconfig bge0 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255
The broadcast address is relative to the local subnet. amsterdam views this interface as connected to network 192.168.0.0; therefore, its broadcast address is 192.168.0.255. Depending on the implementation, a Unix system could interpret the address 172.16.255.255 as host address 255 on subnet 255 of network 172.16.0.0, or as the broadcast address for amsterdam-net as a whole. In neither case would it consider 172.16.255.255 the broadcast address for subnet 192.168.0.0.
Solaris systems can indirectly set the broadcast address from the netmask value defined in /etc/inet/netmasks, if that file is used. The previous section showed that netmask + takes the netmask value from a file. Likewise, the broadcast + syntax calculates the correct broadcast value using the netmask value from the netmasks file:
# ifconfig bge0 192.168.0.1 netmask + broadcast +
Assume that the netmask defined in netmasks is 255.255.255.0. This tells the Solaris system that the first three bytes are network bytes and that the fourth byte contains the host portion of the address. Since the standard broadcast address consists of the network bits plus host bits of all 1s, Solaris can easily calculate that the broadcast address in this case is 192.168.0.255.
Linux makes it even easier. The ifcfg-eth0 file on our sample Red Hat system clearly defines the broadcast address with the line:
BROADCAST=192.168.0.255
Modify the broadcast address by modifying this line in the ifcfg-eth0 file.

Enabling and disabling the interface

The ifconfig command has two arguments, up and down, for enabling and disabling the network interface. The up argument enables the network interface and marks it ready for use. The down argument disables the interface so that it cannot be used for network traffic.
Use the down argument when interactively reconfiguring an interface. Some configuration parameters -- for example, the IP address -- cannot be changed unless the interface is down. First, the interface is brought down. Then, the reconfiguration is done, and the interface is brought back up. For example, the following steps change the address for an interface:
# ifconfig eth0 down
# ifconfig eth0 172.16.1.2 up
After these commands execute, the interface operates with the new configuration values. The up argument in the second ifconfig command is not always required because it is the default on some systems. However, an explicit up is commonly used after the interface has been disabled, or when an ifconfig command is used in a script file to avoid problems because up is not the default on all systems.

ARP

The Address Resolution Protocol (ARP) protocol maps IP addresses to physical Ethernet addresses. Enable with the ifconfig keyword arp and disable it with the keyword -arp.
Certain networks using specialized equipment or developmental hardware cannot handle ARP, but this is rare, and ARP should generally always be enabled.

Promiscuous mode

Promiscuous mode is used to examine the packets traveling on a local Ethernet. By default, an Ethernet interface passes only frames that are addressed to the local host up to the higher layer protocols. Promiscuous mode passes all frames up without regard to the address in those frames.
On a Linux system, promiscuous mode is enabled using the promisc option of the ifconfig command. For example:
$ ifconfig eth0 promisc
Promiscuous mode is disabled by using -promisc. By default promiscuous mode is disabled. When it is enabled, the local system is forced to process many packets that are normally discarded by the Ethernet interface hardware. Promiscuous mode is enabled only for certain troubleshooting applications.
On Solaris systems, promiscuous mode is enabled by programs that need it. It is not set by the ifconfig command.

Metric

Depending on the OS, the ifconfig command can create an entry in the routing table for every interface that is assigned an IP address. ifconfig determines the route's destination network by applying the interface's address mask to the interface's IP address. For example, the bge0 interface on amsterdam has an address of 192.168.0.1 and a mask of 255.255.255.0. Applying this mask to the address provides the destination network, which is 192.168.0.0. The netstat -in display shows the destination address:
> netstat -in
Name  Mtu  Net/Dest      Address        Ipkts  Ierrs Opkts  Oerrs Collis Queue
lo0   8232 127.0.0.0     127.0.0.1      447609744 0     447609744 0     0      0
bge0  1500 192.168.1.0   192.168.1.60   258060298 951   1249629083 0     0      0
The Routing Information Protocol (RIP) is a routing protocol sometimes used by Unix. RIP does two things: it distributes routing information to other hosts, and it uses incoming routing information to build routing tables dynamically. The routes created by ifconfig are one source of the routing information distributed by RIP, and the ifconfig metric argument can be used to control how RIP uses this routing information.
RIP makes routing decisions based on the cost of a route. The route's cost is determined by a routing metric associated with the route. A routing metric is just a number. The lower the number, the lower the cost of the route; the higher the number, the higher the cost. When building a routing table, RIP favors low-cost routes over high-cost routes. Directly connected networks are given a very low cost. Therefore, the default metric is for a route through an interface to a directly attached network. However, you can use the metric argument to supply a different routing metric for an interface.
To increase the cost of an interface to 3, so that RIP prefers routes with values of 0, 1, or 2, use metric 3 on the ifconfig command line:
# ifconfig std0 10.104.0.19 metric 3
Use the metric option only if there is another route to the same destination and you want to use it as the primary route. We did not use this command on amsterdam because it has only one interface connected to the outside world. If it had a second connection, say, through a higher-speed link, then the command shown above could be used to direct traffic through the higher-performance interface.
A related ifconfig parameter is available on Solaris systems. RIP builds the routing table by choosing the most economical routes, and it distributes the routing table information to other hosts. The metric parameter controls which routes RIP selects as the lowest cost. The private argument, available on Solaris systems, controls the routes that RIP distributes. If private is specified on the ifconfig command line, the route created by that ifconfig command is not distributed by RIP. The default value is -private, which permits the route to be distributed. The private parameter is not universally supported.
Additionally, not all systems make use of the metric argument. A Linux system doesn't create a routing table entry when it processes the ifconfig command. When configuring a Linux system, you add an explicit route command for each interface. (The route command is covered in the next chapter.) Linux systems reject the metric argument, as this example shows:
# ifconfig eth0 192.168.0.4 metric 3
SIOCSIFMETRIC: Operation not supported
Set the routing metric in a routing configuration file instead of on the ifconfig command line. This is the preferred method of providing routing information for newer routing software.

Maximum Transmission Unit

A maximum transmission unit (MTU) is the largest packet that can be transported over a physical network. On Ethernet, the maximum size is 1500 bytes, which is defined as part of the Ethernet standard. By default, ifconfig chooses the optimum MTU, which is usually the largest legal MTU for a given type of network hardware. However, a smaller MTU is helpful to achieve the following goals:

To avoid fragmentation.
If the traffic travels from a network with a large MTU (such as an FDDI network with an MTU of 4500 bytes) through a network with a smaller MTU (like an Ethernet), the smaller MTU size may be best in order to avoid packet fragmentation. It is possible that specifying an MTU of 1500 on the interface connected to the FDDI may actually improve performance by avoiding fragmentation in the routers. This would be done only if fragmentation actually appeared to be the cause of a performance problem.
To reduce buffer overruns or similar problems.
On serial line connections, it is possible to have equipment of such low performance that it cannot keep up with standard 1006-byte packets. In this case, it is possible to avoid buffer overruns or SILO overflows by using a smaller MTU. However, such solutions are temporary fixes. The real fix is to purchase the correct hardware for the application.

To change the MTU, use the mtu command-line argument:
# ifconfig fddi0 172.16.16.1 netmask 255.255.255.0 mtu 1500
This forces the FDDI interface on 172.16.16.1 to use an MTU of 1500 bytes.

Putting ifconfig in the startup scripts

The ifconfig command is normally executed at boot time by a startup file. On BSD Unix systems, the ifconfig commands are usually located in /etc/rc.boot or /etc/rc.local.
To override a BSD system's default configuration, place a full ifconfig command in the rc.local script. rc.local executes at the end of the startup process. Any interface configuration values set in this file override the earlier interface configuration. For example, the following line placed in that file configures eth0 without regard to any earlier configuration:
ifconfig eth0 192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0
The BSD startup model is used on BSD systems and SunOS systems. Linux and Solaris systems use the System V startup model. However, Red Hat Linux systems have an rc.local script in the /etc/rc.d directory. On a Red Hat system, place the custom ifconfig command in the rc.local file to override the default configuration.
Solaris does not have an rc.local script or a central directory of scripts for all runlevels. If you want to use an rc.local script on a Solaris system, you need to create your own and add it to the runlevel 3 directory. You need to name it properly to ensure it executes at the end of the Solaris startup process. For example, the file /etc/rc3.d/S99local would execute at the end of the standard Solaris runlevel 3 startup. Commands placed in this file would override the previous configuration.

interface	Name of the network interface to configure for TCP/IP. In the example above, this is the Ethernet interface bge0.
address	The IP address assigned to this interface. Enter the address as either an IP address (in dotted decimal form) or as a hostname. If you use a hostname, place the hostname and its address in the /etc/hosts file. Your system must be able to find the hostname in /etc/hosts because ifconfig usually executes before DNS starts. The example uses the numeric IP address 192.168.0.12 as the address value.
netmask mask	The address mask for this interface. Ignore this argument only if you're using the default mask derived from the traditional address class structure. The address mask chosen for our imaginary network is 255.255.255.0, so that is the value assigned to interface bge0.
broadcast address	The broadcast address for the network. Most systems default to the standard broadcast address, which is an IP address with all host bits set to 1. In the ifconfig example we explicitly set the broadcast address to 192.168.0.255 to avoid any confusion, despite the fact that a Solaris 8 system will set the correct broadcast address by default. Every system on the subnet must agree on the broadcast address.

Name	Actual name assigned to the interface. This is the name you give to ifconfig to identify the interface. An asterisk (*) in this field indicates that the interface is not enabled; i.e., the interface is not "up."
Mtu	The Maximum Transmission Unit shows the longest frame (packet) that can be transmitted by this interface without fragmentation. The MTU is displayed in bytes.
Net/Dest	The Network/Destination field shows the network or the destination host to which the interface provides access. In our Ethernet examples, this field contains a network address. The network address is derived from the IP address of the interface and the subnet mask. This field contains a host address if the interface is configured for a point-to-point (host-specific) link. The destination address is the address of the remote host at the other end of the point-to-point link. A point-to-point link is a direct connection between two computers. You can create a point-to-point link with the ifconfig command.
Address	The IP Address field shows the Internet address assigned to this interface.
Ipkts	The Input Packets field shows how many packets this interface has received.
Ierrs	The Input Errors field shows how many damaged packets the interface has received.
Opkts	The Output Packets field shows how many packets were sent out by this interface.
Oerrs	The Output Errors field shows how many of the packets caused an error condition.
Collis	The Collisions field shows how many Ethernet collisions were detected by this interface. Ethernet collisions are a normal condition caused by Ethernet traffic contention. This field is not applicable to non-Ethernet interfaces.
Queue	The Packets Queued field shows how many packets are in the queue, awaiting transmission via this interface. Normally this is zero.

R	interface is running.
U	interface is up.
B	It is a broadcast-capable interface.
L	It is a loopback interface.

UP	The interface is enabled for use.
BROADCAST	The interface supports broadcasts, which means it is connected to a network that supports broadcasts, such as an Ethernet.
NOTRAILERS	This interface does not support trailer encapsulation.
RUNNING	This interface is operational.
MULTICAST	This interface supports multicasting.
IPv4	This interface supports TCP/IP version 4, which is the standard version of TCP/IP used on the Internet and described in this book.

DEVICE	defines the device name, in this case eth0.
ONBOOT	specifies whether the interface is initialized when the system boots. Normally an Ethernet interface is brought up and running every time the system boots.
BOOTPROTO	identifies the configuration service used to configure the interface. In this case it is none, meaning that the interface is configured locally. Alternates are bootp if an old-fashioned BootP server is used, or dhcp if a DHCP server is used. If either DHCP or BootP is used, the specific configuration values listed below are not found in this file.
BROADCAST	defines the broadcast address used by ifconfig.
NETWORK	defines the network address.
NETMASK	defines the address mask used by ifconfig.
IPADDR	defines the IP address used by ifconfig.
USERCTL	specifies whether users can run usernetctl to bring the interface up or down. The usernetctl command is found on only a few versions of Linux. In this case, the value no prevents the user from downing the interface.