Phase 5: Networking
Phase 5: Networking
RHEL uses NetworkManager with nmcli and firewalld. Not ip/ufw — learn the RHEL way.
Static IP Configuration
# List connections
nmcli connection show# Show current IP
nmcli device show | grep -E 'DEVICE|IP4.ADDRESS|IP4.GATEWAY|IP4.DNS'# Set static IP (adjust interface name, IP, gateway, DNS to your lab)
sudo nmcli connection modify "Wired connection 1" \
ipv4.method manual \
ipv4.addresses 10.50.1.XXX/24 \
ipv4.gateway 10.50.1.1 \
ipv4.dns "10.50.1.50 10.50.1.1" \
ipv4.dns-search "inside.domusdigitalis.dev"# Apply changes
sudo nmcli connection up "Wired connection 1"# Verify
nmcli device show | grep -E 'IP4'Hostname Resolution
# Verify /etc/hosts
cat /etc/hosts# Add local entry if DNS not resolving yet
echo "10.50.1.XXX rhel9-ws.inside.domusdigitalis.dev rhel9-ws" | sudo tee -a /etc/hostsFirewalld Configuration
firewalld uses zones. The default zone is public.
# Check status
sudo firewall-cmd --state# List current zone and rules
sudo firewall-cmd --list-all# Allow SSH (should already be default)
sudo firewall-cmd --permanent --add-service=ssh# Allow Cockpit
sudo firewall-cmd --permanent --add-service=cockpit# Reload to apply permanent rules
sudo firewall-cmd --reload# Verify
sudo firewall-cmd --list-servicesFirewalld Zone Management
# List all zones
firewall-cmd --get-zones# Show active zones
firewall-cmd --get-active-zones# Add a custom service rule (example: allow port 8080)
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload# Rich rules (example: allow 10.50.1.0/24 to SSH)
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.50.1.0/24" service name="ssh" accept'
sudo firewall-cmd --reload| Check | Status |
|---|---|
Static IP configured with nmcli |
[ ] |
Gateway and DNS set |
[ ] |
Hostname resolves (forward and reverse) |
[ ] |
firewalld running |
[ ] |
SSH and Cockpit services allowed |
[ ] |
Permanent rules applied and reloaded |
[ ] |