[tux networking]

Howto Set Up Multiple Network Schemes on a Linux Laptop

As you take your laptop from one network to the next, from home to work or from the coffee shop to the conference, how do you tell it about each new network?

Modern Linux systems come with nifty GUI programs such as NetworkManager -- but they have some drawbacks. They're sometimes tricky to use if you switch among several different networks, and NetworkManager in particular is rather heavyweight: it doesn't work unless you have a desktop with a panel and are running hald and all its associated daemons, and they can get confused if you have multiple network interfaces. On a laptop with modest hardware, it all seems like overkill. Isn't there a lighter-weight way to manage networks?

This HOWTO covers easy ways of setting up schemes, to make it very easy to move among different types of networks. I started developing this back around 2002 under Redhat 7.3 and 8.0, but the modern version (circa 2009) is based around Ubuntu/Debian systems and hasn't been tested on non-Debian systems.

Some years after I first wrote this, a package called netenv appeared on Debian and Ubuntu which appeared to do exactly what my network schemes had been doing all along (even to using some of the same code). Unfortunately it was missing a few important elements and didn't actually work. So I've stuck to my own scripts.


  1. The Basics
  2. Initial setup
  3. Making new schemes
    1. Static IP on eth0
    2. Wireless access on eth1 with an essid and a WEP key
    3. Wireless with WPA -- maybe
    4. PCMCIA, Cardbus, USB and the mysterious allow-hotplug directive
    5. Notes on scheme writing
  4. Automatic schemes
  5. Special DNS for specific schemes
  6. PPP + Local net (for the rare folk still using a modem

The Basics: How to use network schemes

Here's how my network schemes work:
You always have a net scheme which defines which network you'll try to connect to. For instance, you start out at home on your wired network, so you start with the scheme named "home".

Now you carry your laptop to work and want to connect to the wireless network there. You have to tell your laptop to disable the wired network, enable the wireless one, and connect with the appropriate passwords. You do that by typing:

netscheme work

After work, you go to your favorite coffee shop. They have a wireless net too, but it's open, so using the password from work doesn't work there. So you type:

netscheme cafe

And so on. If you go to a new place, you just make a new scheme.

Initial setup

On Debian-based systems (including derivatives like Ubuntu), networking is handled through a directory called /etc/network; in particular, there's a file called /etc/network/interfaces that controls how the machine will attempt to connect to either wired or wireless networks. That's where you set all sorts of values like the IP address or DHCP, the wireless essid and key, and so forth.

What we'll do is create a bunch of interfaces files suitable for different conditions, and give them appropriate names.

Let's start with the simplest possible interfaces file: a wired network, on interface eth0, using DHCP. That looks like this:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet dhcp

Compare that with your own /etc/network/interfaces. Use your own version for the next step if it's different from this one.

Now set up a schemes directory. I'm assuming that you have a currently working setup in /etc/network/interfaces and you're going to call this initial scheme "home".

mkdir /etc/network/schemes
cp /etc/network/interfaces /etc/network/schemes/interfaces-home

You're almost done; now all you need is the scheme-switching script. It's a very simple shell script which you can get here:
There's also a simpler, older shell script version, for comparison: netscheme.
Take that script and name it /etc/network/schemes/netscheme and be sure that it's executable:

chmod 755 /etc/network/schemes/netscheme

One more thing: you have to be root to run the netscheme script. If you use sudo, you might want to add it in the sudoers file to the list of programs you're allowed to run without a password.

If you can't remember what scheme you're in, running netscheme with no scheme name will tell you.

Writing new schemes

If you finished the steps in the previous section, you're all set with network schemes. But one network scheme isn't very useful! You need to make some more schemes so you can really use the system.

For each scheme, you need to create a file called /etc/network/schemes/interfaces-schemename ... don't forget the interfaces- part.

So how do you figure out what to put in the file? Obviously, it depends on your setup, but here are some typical interfaces files:

Static IP on eth0

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static

Obviously, change the network numbers appropriately.

Wireless access on eth1 with an essid and a WEP key

auto lo
iface lo inet loopback

auto eth1
iface eth1 inet dhcp
wireless-essid network name
wireless-key 6BF278D208

If your wireless is on wlan0 instead of eth1, use that instead.

Wireless with WPA

WPA used to be really complicated, but under modern Debian and Ubuntu systems it's gotten simple. It looks like this:

auto lo
iface lo inet loopback

auto eth1
iface eth1 inet dhcp
wpa-ssid the-essid
wpa-psk the-password

For the password you can just use the user-readable password -- you don't have to convert it to a hex code.

If your network card is PCMIA, Cardbus or other hot-pluggable design

If your network card isn't always present on the system, you'll want to add this line right under the "auto" line (using eth0, eth1, wlan0 or whatever is appropriate for the interface):

allow-hotplug wlan0

I think this applies to USB wi-fi as well, though I've never actually used one.

There's not much documentation on what allow-hotplug actually does. man interfaces (a fairly good man page, BTW) implies that ifup will refuse to bring up an interface unless allow-hotplug is set; but if the network is being started via /etc/init.d/networking start either way, why do different things happen depending on whether allow-hotplug is present? It's all very confusing, but take my word for it, you need allow-hotplug if you're using PCMCIA or Cardbus (or probably USB).

Notes on scheme writing

It's important to have only one real network interface (not including lo) specified in the interface-schemename file, (if you're deliberately routing from one network interface to the other, then you probablyknow enough to be able to ignore that advice safely).

At least on my current system (Ubuntu Hardy), if I simultaneously leave up both eth0 (the built-in wired networking) and eth1 (the built-in wireless), then routing will get horribly confused even if one of the two is completely disconnected.

The only way I've found to fix this is

ifconfig eth0 up
ifconfig eth1 down
to bring one interface up and one down. You'd think ifup and ifdown would do it, based on their very vague man pages, but in fact they don't do anything as far as I can tell. So the netscheme script starts out by marking all interfaces down, then bringing up any interfaces specified in the file.

This also means that if you want a scheme that specifies no networking at all, just make a scheme containing only the lo entry, and all other interfaces will be ifconfiged down.

You may have noticed that all the schemes start with the entry for lo, the loopback device. I could make the netscheme script put that in automatically, but it seems easy enough to leave it in each scheme so I haven't bothered.

Automatic schemes

Sometimes you go to a cafe or a conference that doesn't have any complicated key or other information, but it does require you to specify the essid (the name of the wireless net). netscheme has a special case for that: if you type

netscheme essid
and there's no scheme already named essid, it will ask you if you want to make a new scheme. If you answer anything but n, it will change the scheme to the name you specified.

It doesn't currently save that as a new scheme, but you can always run it again if you return to the same network.

Special DNS for specific schemes

Linux specifies DNS settings in the file /etc/resolv.conf

If you use a static IP address, then you won't get DNS information from the DHCP server. In that case, you'll probably want to create a resolv.conf for your setup, and save it as /etc/network/schemes/resolv.conf-schemename. It will be copied into place every time you switch to that scheme.

Occasionally, you may find a network that works okay except that it doesn't have proper DNS information. (This is fairly common in wrongly-configured motel wireless networks.) If you can find some DNS settings that work (hint: sometimes your home or work settings will work, or sometimes the network number with a host id of 1 will work), save it as resolv.conf-schemename.

That's it!

That's really all you need to know - go forth and network! The rest of this howto is older information concerning details that were important to older systems.

PPP + Local Net

For ages I wanted a simple way to set up PPP and ethernet at the same time, so that on trips, my husband and I could share a single PPP connection between our two laptops.  We finally have it, and it turns out to be fairly simple!  It doesn't matter whether the second connection is a network card, wireless, or ad-hoc wireless; they're interchangeable and all follow the principles outlined in the rest of this document.

I'm not going to write up a full howto here, but there are a few important keys you need to know:

First, on the gateway machine (the one that is going to run the modem connection), you need a network scheme that uses static IP addresses (we use the 192.168.1 network) and no gateway entry.  No gateway is very important; if you leave in your gateway line, then as soon as you activate the network, it will take over and leave your PPP connection dead.

On the slave machine (the one not running the modem), set the gateway to be the local IP address (on the 192.168.1 net or whatever local network you're using) of the machine with the modem, and that should be all you need to do on that machine.

Finally, on the gateway machine, you need iptables installed and configured.

Once all these are in place, do these steps:

  1. Start the PPP connection on the gateway.
  2. Start local networking on both machines (order not important).
  3. Verify that the machines can talk to each other locally, and that the gateway machine can still see the outside world through PPP).
  4. Use iptables to turn on connection sharing, using this lesson from linuxchix which explains it much better than I would.
  5. If everything is working, then from the slave machine, scp /etc/resolv.conf from the gateway machine; or else set up a DNS server on the gateway machine.

Linux Links
Shallow Sky Home