Assign a Static IP Address to an Ubuntu Server

Most modern Ubuntu releases use netplan to manage their network settings. In this post, the default netplan configuration is changed to give the host a fixed IP address.

0 . Latest updates and prerequisites.

2023.09.14 – First draft, Ubuntu 22.04 Server.
2024.10.25 – Updated for Ubuntu 24.04.

Check back for updates, leave a comment if the post is missing some detail.

Sudo or root access is required, at minimum, to change the IP network settings.

1 . Check current settings.

With a default installation, the server is often using DHCP to get IP settings. Get current details with “ip a”:

admin@server40:~$ ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet 127.0.0.1/8 scope host lo
  valid_lft forever preferred_lft forever
  inet6 ::1/128 scope host
  valid_lft forever preferred_lft forever
2: eno1: mtu 1500 qdisc fq_codel state UP group default qlen 1000
  link/ether 00:22:4d:6a:d8:30 brd ff:ff:ff:ff:ff:ff
  altname enp0s25
  inet 172.16.30.129/24 metric 100 brd 172.16.30.255 scope global dynamic eno1
  valid_lft 690809sec preferred_lft 690809sec
  inet6 fe80::222:4dff:fe6a:d830/64 scope link
  valid_lft forever preferred_lft forever

From this output, the network card name is “eno1” with a valid IP configuration. Query netplan to see what the DHCP client values are for that adapter with “netplan ip leases <network card name>”:

admin@server40:~$ netplan ip leases eno1
#This is private data. Do not parse.
ADDRESS=172.16.30.129
NETMASK=255.255.255.0
ROUTER=172.16.30.1
SERVER_ADDRESS=172.16.30.30
T1=345600
T2=604800
LIFETIME=691200
DNS=172.16.30.30
DOMAINNAME=home.domain
CLIENTID=ffb6691d9b

The output tells you what the DHCP client services see as a valid network configuration. This information is useful to change the IP address for the new netplan configuration.

The default netplan configuration is set in a yaml file created by the Ubuntu installer. On Ubuntu 24.04 servers, this is /etc/netplan/00-installer-config.yaml. “cat” this file to check its contents to be sure:

admin@server40:~$ cat /etc/netplan/00-installer-config.yaml
#This is the network config written by 'subiquity'
network:
  ethernets:
    eno1:
      dhcp4: true
  version: 2

Notice the indentations in the file, this is important to preserve. This file shows no configuration other than DHCP for IPv4, for the active adapter, eno1..

2 . Update the yaml file.

Backup the file first, just to be sure, by copying it to another location so that it is not additionally read during the network service restart:

admin@server40:~$ cp /etc/netplan/00-installer-config.yaml ~/00-installer-config.yaml.bak

The tilde symbol, “~” is short-hand for the current user’s home folder.

Based on information from step 2, update the IP settings to a fixed address using the DNS and gateway settings of this network by modifying the yaml file.

Use an editor such as “nano” as sudo. The values for the static configuration must be valid for the current network:

sudo nano /etc/netplan/00-installer-config.yaml

Yaml files are particular about indentations, make sure the formatting is perfect, then save the file and exit the editor. Substitute the values, in this file, to settings that work for the host’s current network:

network:
  version: 2
  ethernets:
    eno1:
      dhcp4: no
      dhcp6: no
      addresses:
        - 172.16.30.40/24
      routes:
        - to: default
          via: 172.16.30.1
      nameservers:
        addresses:
        - 172.16.30.30
        - 172.16.30.31
        search:
        - home.domain

Make sure the editing and indentation is perfect.

Apply appropriate permissions to the configuration file:

admin@server40:~$ sudo chmod 600 /etc/netplan/00-installer-config.yaml

The new settings are not taken automatically, netplan must be applied, first.

3 . Check, then update the server.

Use “netplan generate”, as sudo, to check and save the configuration. This netplan option will alert to any syntax errors in the yaml file:

admin@server40:~$ sudo netplan generate
/etc/netplan/00-installer-config.yaml:16:7: Error in network definition: unknown key 'search'
    search:
    ^

As above, in the first attempt, the indentation was not correct. Once all errors are resolved, run the netplan generate command again, to be sure the syntax is perfect, then the configuration can be applied with the “netplan apply” option. At that point, the new configuration is applied and connectivity might be lost if the address is changing:

admin@server40:~$ sudo netplan apply

If there is any doubt with the validity of the configuration, “netplan try” will test the configuration and automatically revert if there is no response in a given time:

Do you want to keep these settings?

Press ENTER before the timeout to accept the new configuration

Changes will revert in  76 seconds

4 . Test the new settings.

Create a console connection to the new IP address and login again, then check the running configuration with “ip a”:

admin@server40:~$ ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet 127.0.0.1/8 scope host lo
  valid_lft forever preferred_lft forever
  inet6 ::1/128 scope host
  valid_lft forever preferred_lft forever
2: eno1: mtu 1500 qdisc fq_codel state UP group default qlen 1000
  link/ether 00:22:4d:6a:d8:30 brd ff:ff:ff:ff:ff:ff
  altname enp0s25
  inet 172.16.30.40/24 brd 172.16.30.255 scope global eno1
  valid_lft forever preferred_lft forever
  inet6 fe80::222:4dff:fe6a:d830/64 scope link
  valid_lft forever preferred_lft forever

The new network configuration is taken. Its not possible to check the configuration with “ip leases”, used above, because the network card is no longer running as a DHCP client.

Check the DNS settings are correct with “resolvectl status”, this lists the running DNS configuration:

admin@server40:~$ resolvectl status
Global
    Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: stub
    Link 2 (eno1)
  Current Scopes: DNS
    Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  Current DNS Server: 172.16.30.30
    DNS Servers: 172.16.30.30 172.16.30.31
    DNS Domain: home.domain

And of course the DNS capability can be tested by first “ping”-ing a hostname on the local network (to check if the search functionality is working), then “ping”-ing a public service to check if the gateway, name services and network settings all work altogether:

admin@server40:~$ ping server30
PING server30.home.domain (172.16.30.30) 56(84) bytes of data.
64 bytes from server30.home.domain (172.16.30.30): icmp_seq=1 ttl=128 time=0.204 ms
--- server30.home.domain ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.204/0.204/0.204/0.000 ms
...
localadmin@server40:~$ ping google.com
PING google.com (142.251.36.206) 56(84) bytes of data.
64 bytes from muc12s12-in-f14.1e100.net (142.251.36.206): icmp_seq=1 ttl=119 time=8.16 ms
--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 8.162/8.162/8.162/0.000 ms

To ping a remote host by name requires that DNS, the IP stack itself and routing all work together.

If all of this works, the Ubuntu server now has a static IP address.

In some cases, search domains do not work well and a manual entry must be made to /etc/systemd/resolved.conf. Use an editor such as nano and uncomment the line “domains” to have the search domain, such as this:

# FallbackDNS=
Domains=home.domain
# DNSSEC=no

5 . Custom and advanced configurations.

The steps so far cover typical IPv4 network scenarios, where most of the configuration is automatically provisioned or the needs are simple enough.

It might be there is a need for a dual stack IP network with multiple network cards. In that case, the host’s yaml file will look something like this:

network:
    version: 2
    ethernets:
        eth0:
            accept-ra: false
            addresses:
            - 2A03:B0C0:0003:1234:1234:1234:15F3:B001/64
            - 167.172.144.79/20
            - 10.19.0.5/16
            match:
                macaddress: da:16:ff:a6:12:ff
            mtu: 1500
            nameservers:
                addresses:
                - 67.207.67.3
                - 67.207.67.2
                search: [mydomain.com]
            routes:
            -   to: ::/0
                via: 2a03:b0c0:3:d0::1
            -   to: 0.0.0.0/0
                via: 167.172.160.1
            set-name: eth0
        eth1:
            addresses:
            - 10.135.88.123/16
            match:
                macaddress: 32:07:23:91:99:51
            mtu: 1500
            nameservers:
                addresses:
                - 67.207.67.3
                - 67.207.67.2
                search: [myotherdomain.com]
            set-name: eth1

With multiple network cards, it is also possible to setup a bridge. In this case, all traffic on all joined network cards is shared (like an Ethernet hub) and the host takes a virtual adapter. Configurations such as this serve to extend the network or force traffic transparently through a physical adapter, for example.

The configuration below joins networks enp6s0 and enp7s0. The host is no connected on br0 which is configured with a fixed address and network settings:

network:
  version: 2
  ethernets:
    enp6s0: {}
    enp7s0: {}
  bridges:
    br0:
      interfaces: [enp6s0,enp7s0]
      addresses: [172.16.30.200/24]
      nameservers:
         search: [fritz.box]
         addresses: [172.16.30.1]
      routes:
        - to: default
          via: 172.16.30.1

Of course, the values should match the network in which the host will reside.

6 . Supporting this blog.

This is all hand written, ther eis no AI generation on this page. If you feel I have saved you some time, you can support me by:

©horsefreeglue.com, 2024. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given.

Spread the love
Leave a Reply 0

Your email address will not be published. Required fields are marked *

eighteen − 5 =


error: Content is protected !!