<< Back to shouce.jb51.net

Network Status

The Network Status subsection displays the following in top-down order:

Interfaces

Interfaces - This section displays information on all your network devices. This includes PPP, OpenVPN, IPSec, Loopback, etc. Basically this is the output of ifconfig

Figure 3.8. Displays interfaces

Displays interfaces

You will find each interface name colored with the appropriate zones color. The purple color identifies interfaces which belongs to a VPN. Since each zone in reality is a bridge to which all assigned interface are joined, you need to take a look at the interfaces beginning with br. They are the real zone interfaces which are holding the ip addresses you configured, however they are virtual interfaces. The interfaces beginning with eth are the physically existing network cards. The interface called lo is the loopback interface. This one is needed to allow communication with the machine itself without to leave any real network card. You may also find interfaces beginning with tap. That one will be used for openvpn tunnels.

Each interface shows a bunch of information at the right side. If you like to know more than it would be probably better to read the Network Administrators Guide. Here you will find a short description about the most important values:

Link encap

Specifies the link type. Values like Ethernet, Local Loopback, Pont-to-Point Protocol may appear here.

HWaddr

The hardware address (MAC) of the respective interface

inet addr

The IP address which has been assigned to the interface. You may notice that the interfaces which are part of a bridge does not have an ip address.

Bcast

The broadcast address which has been assigned to the interface.

Mask

The network mask which has been assigned to the interface.

RX/TX packets

This lines shows how many packets has been received or transmitted errorfree, how many error occurred, how many packets were dropped, probably because of low memory, and how many were lost because of an overrun. Receiver overruns usually happen when packets come in faster than the kernel can service the last interrupt.

RX/TX bytes

This lines shows the data volume which has been received or transmitted by this interface.

Between the lines descibed above you find a line with information about the status and options set for the respective interface. You probably may be concerned about the PROMISC option which is set for most interfaces. Most physically mounted network cards are put into promiscuous mode since they are all part of a bridge and therefore need to be in this mode.

RED DHCP configuration

Displays the DHCP configuration on your RED interfaces if the DHCP is required by your internet connection.

Figure 3.9. Displays current RED DHCP configuration

Displays current RED DHCP configuration

Current Dynamic Leases

Displays the contents of the /var/state/dhcp/dhcpd.leases file if the DHCP server is enabled. The current dynamic leases are listed, with hostnames if available, and expiry dates.

Leases that have expired are scored through.

Figure 3.10. Displays current dynamic leases

Displays current dynamic leases

Note

This section will only be visible if DHCP is enabled. Refer to the section on the DHCP Server for details.

Routing Table Entries

This is the output of route -n, which shows the kernel routing table. The routing table lets the kernel know which block of ip addresses it can find behind which interface. Most of the lines which you see in the output contain information about your local networks. But since you need the firewall to have connections to the internet, which in fact are all destinations with ip addresses which are not directly known to the kernel there is need of an entry which sends all packets to a specific ip address in hope that that host knows more about the delivery. That host is called default gateway. Within your output you may identify this configuration in the line with destination network address 0.0.0.0, which means all destinations.

Figure 3.11. Displays current routing table

Displays current routing table

Besides, each line shows you the following information:

Destination

Specifies the destination network address. The kernel compares the destination ip address of each packet passing through it with this destination network address and so searches an entry to which network the ip address may belong to.

Gateway

Specifies the gateway, which is the host to which the packet should be sent. 0.0.0.0 means, put it on the media (LAN) and do not send it to a specific host.

Genmask

The network mask of the respective network.

Flags

The only interesting flags would be the following:

  • U - means that the route is up.

  • G - means that the route uses the gateway address specified by gateway.

  • H - means that the route entry is a host route, which is true only for a host instead a whole network. You may notice that the netmask in this case is 255.255.255.255.

Iface

Specifies the interface through which the kernel will send the packets away if the respective routing entry applies.

ARP Table Entries

This is the output of arp -n, which displays the ARP cache. In LAN's on deepest layer the network interfaces will not be addressed by an IP addres, but by the MAC address. In order to let the kernel know which IP address is assigned to which MAC address, the kernel sends an ARP request which basically is a broadcast packet which asks all connected network interfaces who has the desired IP address. The one who has the relevant IP address, responds with an ARP response including it's MAC address. In order that the kernel does not have to send ARP requests all the time, responses will be cached in the ARP table for a while.

Figure 3.12. Displays ARP table

Displays ARP table

The output will show you the actual cached assignements of the ip address (Address) to MAC address (HWaddress). Additionally you see also behind which interface you can find the network card with the respective MAC address (Iface).

You may notice lines with [incomplete] instead of a MAC address. This will happen if someone tried to reach an ip address which is currently not available because it is wrong or the device with the assigned ip address is currently down or not connected.