Loading...

VONDS ©

Lab 135: Fix Wrong Static IP on eth0

Back to Lab Index

Diagnose a cloned host that booted with the wrong static IPv4 address and cannot reach its gateway. Correct the NetworkManager connection using nmcli, apply the change, and verify gateway reachability plus DNS resolution.

networking troubleshooting nmcli networkmanager core

Scenario

This RHEL host was cloned from a template. The eth0 connection came up with the wrong static IP, so the machine cannot reach the gateway. You have local console access only and must fix the NetworkManager connection.

Operator context

Cloned images frequently reuse network profiles. Your goal is to correct the connection profile, apply it cleanly, then prove success with routing and DNS checks.

Objective

  • Identify the incorrect IPv4 address currently on eth0.
  • Identify the active NetworkManager connection profile name for eth0.
  • Set the exact target static IP and gateway.
  • Set DNS servers to 1.1.1.1 and 8.8.8.8.
  • Bring the connection down and back up to apply changes.
  • Verify the correct address and default route exist.
  • Prove gateway reachability and hostname resolution.

Concepts

  • A link can be UP and still be unusable if the address is on the wrong subnet.
  • On NetworkManager systems, change the connection profile, not the interface state by hand.
  • After profile edits, bounce the connection so live state matches the new configuration.
  • “Fixed routing” means you can reach the gateway and you have a correct default route.
  • Closure is routing plus DNS: prove you can resolve a name, not just ping an IP.

Walkthrough

Step 1 : Show the current IPv4 address on eth0.
Command 
ip -4 addr show dev eth0
# OR
ip a show dev eth0

Capture the current state before changing anything. If the address is on the wrong subnet, the host will not be able to reach the intended gateway. 

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    inet 192.168.1.20/24 brd 192.168.1.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
Step 2 : Verify the gateway is unreachable from the wrong subnet.
Command 
ping -c 2 192.168.50.1

This gives you a clean “before” signal. If the host is on the wrong network, it will not be able to reach the intended gateway. 

PING 192.168.50.1 (192.168.50.1) 56(84) bytes of data.

--- ping statistics ---
2 packets transmitted, 0 received, 100% packet loss
Step 3 : Identify the active NetworkManager connection name for eth0.
Command 
nmcli -t -f NAME,DEVICE con show --active

Modify the connection profile name, not the interface name. This avoids updating the wrong profile on cloned systems. 

System eth0:eth0
Step 4 : Set the correct static IPv4 address and gateway.
Command 
sudo nmcli con mod "System eth0" ipv4.method manual ipv4.addresses 192.168.50.20/24 ipv4.gateway 192.168.50.1

This corrects the source IP and the default gateway in the connection profile. Without both, the host will still fail to reach anything off-link. 

(no output)
Step 5 : Set DNS servers for the connection.
Commands 
sudo nmcli con mod "System eth0" ipv4.dns "1.1.1.1 8.8.8.8"
sudo nmcli con mod "System eth0" ipv4.ignore-auto-dns yes

Even after fixing routing, many workflows still fail without DNS. Ignoring auto DNS prevents DHCP from overwriting your resolver settings. 

(no output)
Step 6 : Bring the connection down and back up to apply changes.
Command 
sudo nmcli con down "System eth0" && sudo nmcli con up "System eth0"

This forces the running network state to match the updated profile. 

Connection 'System eth0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
Connection 'System eth0' successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
Step 7 : Verify the correct IP and default route exist.
Commands 
ip -4 addr show dev eth0
ip route

Success criteria is evidence: the intended address on the interface and a default route pointing at the intended gateway. 

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    inet 192.168.50.20/24 brd 192.168.50.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever

default via 192.168.50.1 dev eth0 proto static metric 100
192.168.50.0/24 dev eth0 proto kernel scope link src 192.168.50.20 metric 100
Step 8 : Prove gateway reachability and hostname resolution.
Commands 
ping -c 2 192.168.50.1
getent hosts example.com

This proves the operator path: the gateway is reachable and DNS works. 

PING 192.168.50.1 (192.168.50.1) 56(84) bytes of data.
64 bytes from 192.168.50.1: icmp_seq=1 ttl=64 time=0.451 ms
64 bytes from 192.168.50.1: icmp_seq=2 ttl=64 time=0.437 ms

--- ping statistics ---
2 packets transmitted, 2 received, 0% packet loss

93.184.216.34   example.com

Breakpoints

Connection name is different

Do not assume "System eth0". Pull the active connection name with nmcli -t -f NAME,DEVICE con show --active and use that exact name in your commands.

Gateway still unreachable after changes

Confirm the prefix length is correct and verify you are on the intended VLAN or network. If the IP is correct but the gateway cannot be pinged, suspect upstream switching, routing, or ACLs.

DNS still fails but gateway ping works

Confirm /etc/resolv.conf was regenerated and contains your intended nameservers. If it did not change, you may be editing a different connection profile than the one that is active.

Cleanup checklist

If you need to revert to DHCP for IPv4 addressing and DNS, switch the connection back to auto, allow DHCP-provided DNS, and re-apply.

Commands 
sudo nmcli con mod "System eth0" ipv4.method auto
sudo nmcli con mod "System eth0" ipv4.ignore-auto-dns no
sudo nmcli con mod "System eth0" ipv4.dns ""
sudo nmcli con down "System eth0" && sudo nmcli con up "System eth0"

Reference

  • ip -4 addr show dev <iface> : Display the IPv4 address currently applied to an interface.
    • -4 : IPv4 only.
    • dev <iface> : Limit output to a specific interface.
  • ping -c <n> <ip> : Test reachability to an IP (useful for gateway checks).
    • -c <n> : Send a fixed number of echo requests.
  • nmcli -t -f NAME,DEVICE con show --active : Show active NetworkManager connections and their devices.
    • -t : Terse output.
    • -f : Select fields to print.
  • nmcli con mod <name> ipv4.method manual : Set a connection to static IPv4.
  • nmcli con mod <name> ipv4.addresses A/B : Set a static IPv4 address and prefix length.
  • nmcli con mod <name> ipv4.gateway G : Set the IPv4 default gateway.
  • nmcli con mod <name> ipv4.dns "A B" : Set persistent DNS servers on a connection.
  • nmcli con mod <name> ipv4.ignore-auto-dns yes|no : Control whether DHCP-provided DNS is used.
  • nmcli con down <name> && nmcli con up <name> : Re-apply the connection profile to live network state.
  • ip route : Show the routing table (confirm default route and subnet).
  • getent hosts <name> : Confirm name resolution through NSS.