Network

23 Notes
+ Check if IPv6 is enabled (Sept. 26, 2022, 9:35 a.m.)

cat /sys/module/ipv6/parameters/disable If IPv6 is in disabled state, the output would be "1". ------------------------------------------------------------------------- ip -6 addr If IPv6 is in disabled state then you will get an empty output. ------------------------------------------------------------------------- lsof -a -i6 If IPv6 is in disabled state, then the output of the same command would be empty. -------------------------------------------------------------------------

+ NetworkManager Logs (Aug. 25, 2022, 11:19 a.m.)

journalctl -f -u NetworkManager tail -f /var/log/syslog | grep NetworkManager

+ Clear local DNS cache (Jan. 28, 2021, 10:33 a.m.)

Ubuntu: sudo systemd-resolve --flush-caches Windows: ipconfig /flushdns OSX: sudo killall -HUP mDNSResponder

+ Proxy, Proxy Server, Reverse Proxy (Oct. 18, 2020, 1:48 p.m.)

Proxy: A proxy means that information is going through a third party, before getting to the location. ------------------------------------------------------------------------------ Proxy Server: If you don’t want a service to know your IP, you can use a proxy. A proxy is a server that has been set up specifically for this purpose. If the proxy server you are using is located in, for example, Amsterdam, the IP that will be shown to the outside world is the IP from the server in Amsterdam. The only ones who will know your IP are the ones in control of the proxy server. ------------------------------------------------------------------------------ Reverse Proxy: A proxy will add a layer of masking. It’s the same concept in a reverse proxy, except instead of masking outgoing connections (you accessing a webserver), it’s the incoming connections (people accessing your webserver) that will be masked. You simply provide a URL like example.com, and whenever people access that URL, your reverse proxy will take care of where that request goes. ------------------------------------------------------------------------------ Let's say you walk into your favorite restaurant. You are hungry. You want to have your favorite food. You give an order to the waiter. The waiter takes your order and goes to the kitchen. The waiter asks the chef to cook all the things that you asked from the waiter. Chef cooked the food. The waiter brings your food. Key things to note: You requested the waiter. The waiter fulfilled your request without making you go to the kitchen. The chef doesn't know for whom that food was. In this example, the waiter is a proxy, and the chef is the internet. A proxy acts as a firewall between you and the internet. A proxy provides security, privacy, and other levels of functionality. You can set up a proxy server in Nigeria. Then you can make an HTTP request on the internet and that request would go to Nigeria first and then on the internet in easy language. ------------------------------------------------------------------------------ Another example of proxy would be multiple computers in one company or building. All computers inside a company have IP address under the supreme IP address of a company. All the internet requests are made under one IP address which makes it harder to trace back to an individual computer. Proxy is all about making secure external requests. ------------------------------------------------------------------------------

+ Disable Network Manager (Sept. 8, 2020, 2:08 p.m.)

systemctl stop NetworkManager.service systemctl disable NetworkManager.service vim /etc/NetworkManager/NetworkManager.conf [ifupdown] managed=false apt install ifupdown

+ iptables - Examples (Nov. 18, 2018, 2:53 p.m.)

https://www.cyberciti.biz/tips/linux-iptables-examples.html Displaying the status of your firewall: iptables -L -n -v --line-numbers -L: List rules -v: Display detailed information -n: Display IP address and port in numeric format. Do not use DNS to resolve names. This will speed up listing. ------------------------------------------------------------------ Display INPUT or OUTPUT chain rules: iptables -L INPUT -n -v iptables -L OUTPUT -n -v --line-numbers ------------------------------------------------------------------ Stop / Start / Restart the Firewall: service iptables stop service iptables start service iptables restart You can use the iptables command itself to stop the firewall and delete all rules: iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT -F: Deleting (flushing) all the rules -X: Delete chain -t table_name: Select table (called nat or mangle) and delete/flush rules. -P: Set the default policy (such as DROP, REJECT, or ACCEPT). ------------------------------------------------------------------ Delete Firewall Rules: To display line number along with other information for existing rules, enter: iptables -L INPUT -n --line-numbers iptables -L OUTPUT -n --line-numbers iptables -L OUTPUT -n --line-numbers | less iptables -L OUTPUT -n --line-numbers | grep 202.54.1.1 You will get the list of IP. Look at the number on the left, then use the number to delete it. For example delete line number 4, enter: iptables -D INPUT 4 OR find source IP 202.54.1.1 and delete from the rule: iptables -D INPUT -s 202.54.1.1 -j DROP -D: Delete one or more rules from the selected chain ------------------------------------------------------------------

+ Set custom DNS servers (Oct. 18, 2018, 3:34 p.m.)

1- vim /etc/resolvconf/resolv.conf.d/head 2- resolvconf --enable-updates 3- resolvconf -u

+ Disable IPv6 (Sept. 10, 2018, 2:29 p.m.)

vim /etc/sysctl.conf net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6=1 sudo sysctl -p This method to disable IPv6 after reboot using /etc/sysctl.conf configuration file does not work. However, this seems to be a bug. ------------------------------------------------------------------------------ The recommended method to disable IPv6 after reboot is to configure the GRUB boot loader to pass kernel parameters during the boot time. vim /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1" GRUB_CMDLINE_LINUX="ipv6.disable=1" update-grub2 ------------------------------------------------------------------------------

+ DNS servers (April 17, 2020, 9:52 a.m.)

Google’s DNS servers: 8.8.8.8 8.8.4.4 ---------------------------------------------------------- OpenDNS Servers: 208.67.222.222 208.67.220.220 ----------------------------------------------------------

+ kbps kB/s (March 11, 2020, 9:11 a.m.)

kbps or Kilobits Per Second - One kilobit is 1000 bits, and bits are the smallest possible unit of information (a little on/off switch). This was typically used by mobile connections, but as mobile carriers get faster they're switching over to megabits. kB/s or KiloBytes Per Second - Bytes are made up of eight bits, so one kilobyte equals eight kilobits. File-sizes on your computer are typically measured in bytes, so you'll usually see kilobytes used by download utilities. Bytes are capitalized when used in acronyms to distinguish them from bits, since both start with the letter B. Mbps or Megabits Per Second - The default, as we've already discussed. It takes 1000 kilobits to make a megabit. MB/s or MegaBytes Per Second - It takes eight megabits to make one megabyte. Most of the files on your computer are measured in megabytes, and if you have a fast connection you'll see this used in download utilities.

+ netplan (Feb. 4, 2020, 7:46 a.m.)

https://netplan.io/examples apt install netplan.io DO NOT install "netplan". You need to install "netplan.io" --------------------------------------------------------------------------------- network: version: 2 ethernets: enp1s0: dhcp4: no addresses: [192.168.1.101/24] gateway4: 192.168.1.1 nameservers: addresses: [8.8.8.8, 192.168.1.100] --------------------------------------------------------------------------------- network: version: 2 renderer: networkd ethernets: enp3s0: addresses: - 10.10.10.2/24 gateway4: 10.10.10.1 nameservers: search: [mydomain, otherdomain] addresses: [10.10.10.1, 1.1.1.1] --------------------------------------------------------------------------------- netplan try --------------------------------------------------------------------------------- netplan apply ---------------------------------------------------------------------------------

+ Linux network configuration files (Jan. 30, 2020, 10:43 a.m.)

/etc/systemd/resolved.conf /etc/resolv.conf /etc/NetworkManager/NetworkManager.conf /etc/resolvconf/resolv.conf.d/head /etc/dhcp/dhclient.conf /etc/network/interfaces

+ dnsmasq (Jan. 28, 2020, 10:30 a.m.)

1- apt install dnsmasq resolvconf 2- Create a file named /etc/my_hosts and write your IPs and Hostnames in it: 192.168.1.100 files.office.local 3- Edit the file /etc/dnsmasq.conf server=8.8.8.8 server=8.8.4.4 addn-hosts=/etc/my_hosts domain-needed bogus-priv strict-order expand-hosts domain=office.local 4- By default, the /etc/resolv.conf file is linked to another systemd configuration file: ls -l /etc/resolv.conf (You need to delete this file and create another one yourself) vim /etc/resolv.conf nameserver 192.168.1.100 nameserver 8.8.8.8 5- Tell the other machines to use the server as the DNS server. Edit /etc/resolv.conf and replace all nameserver lines with a single nameserver 192.168.1.100 (the IP address of the Server). vim /etc/resolv.conf nameserver 192.168.1.100 nameserver 8.8.8.8

+ Test if a port is open (April 7, 2018, 7:37 p.m.)

telnet mohsenhassani.ir 80 nc -z mohsenhassani.ir 80

+ Cisco Certification Program Overview (Feb. 19, 2018, 4:27 p.m.)

Routing/Switching Data Center Voice Security Wireless Design Service Provider Service Provider Operations Video ---------------------------------------------------------------------------- Cisco Certified Entry Networking Technician (CCENT) Cisco Certified Technician (CCT) Cisco Certified Network Associate (CCNA) Cisco Certified Design Associate (CCDA) Cisco Certified Network Professional (CCNP) Cisco Certified Design Professional (CCDP) Cisco Certified Internetwork Expert (CCIE) Cisco Certified Design Expert (CCDE) Cisco Certified Architect (CCAr)

+ Subnet Mask (Sept. 19, 2017, 3:35 p.m.)

Addresses Hosts Netmask Amount of a Class C /30 4 2 255.255.255.252 1/64 /29 8 6 255.255.255.248 1/32 /28 16 14 255.255.255.240 1/16 /27 32 30 255.255.255.224 1/8 /26 64 62 255.255.255.192 1/4 /25 128 126 255.255.255.128 1/2 /24 256 254 255.255.255.0 1 /23 512 510 255.255.254.0 2 /22 1024 1022 255.255.252.0 4 /21 2048 2046 255.255.248.0 8 /20 4096 4094 255.255.240.0 16 /19 8192 8190 255.255.224.0 32 /18 16384 16382 255.255.192.0 64 /17 32768 32766 255.255.128.0 128 /16 65536 65534 255.255.0.0 256

+ Traffic Control - Limit Network Interface (Aug. 28, 2017, 3:28 p.m.)

For slowing an interface down: tc qdisc add dev eth1 root tbf rate 220kbit latency 50ms burst 1540 tc qdisc add dev eno3 root tbf rate 8096kbit latency 1ms burst 4096 explanation: qdisc - queueing discipline latency - number of bytes that can be queued waiting for tokens to become available. burst - Size of the bucket, in bytes. rate - speedknob

+ Zabbix - Installation (April 26, 2017, 4:45 p.m.)

Zabbix Server: 1- apt-get install apache2 mysql-server php5 php5-cli php5-common php5-mysql 2- Update timezone in php configuration file /etc/php5/apache2/php.ini: date.timezone = 'Asia/Tehran' 3- apt-get install zabbix-server-mysql zabbix-frontend-php 4- Create Database Schema: mysql -u root -p mysql> CREATE DATABASE zabbixdb; mysql> GRANT ALL on zabbixdb.* to zabbix@localhost IDENTIFIED BY 'deskbit'; mysql> FLUSH PRIVILEGES; 5- Restart zabbix database schema in newly created database: cd /usr/share/zabbix-server-mysql zcat schema.sql.gz | mysql -u root -p zabbixdb zcat images.sql.gz | mysql -u root -p zabbixdb zcat data.sql.gz | mysql -u root -p zabbixdb 6- Edit Zabbix Configuration File: vim /etc/zabbix/zabbix_server.conf DBHost=localhost DBName=zabbixdb DBUser=zabbix DBPassword=password 7- Enable zabbix conf for apache: cp /usr/share/doc/zabbix-frontend-php/examples/apache.conf /etc/apache2/sites-enabled/ 8- Set some values confi files: /etc/php5/apache2/php.ini post_max_size = 16M max_execution_time = 300 max_input_time = 300 9- Restart Apache and Zabbix: /etc/init.d/apache2 restart /etc/init.d/zabbix-server restart 10- Open the following address in a browser: http://zabbix.deskbit.local/zabbix/zabbix In the 3rd Step (Configure DB connection): Database host: localhost Database port: 0 Database name: zabbixdb User: zabbix Password: deskbit 11- In step 6, (Install), it can't create the file "zabbix.conf". To fix the error you need to: chmod 777 /etc/zabbix 12- Zabbix Login Screen: Username: admin Password: zabbix ------------------------------------------------------------ Zabbix Agent: 1- sudo apt-get install zabbix-agent 2- Edit Zabbix Agent Configuration: vim /etc/zabbix/zabbix_agentd.conf Server=192.168.1.11 Hostname=Server2 3- Restart Zabbix Agent: /etc/init.d/zabbix-agent restart ------------------------------------------------------------

+ List all IPs in the connected network (April 21, 2017, 12:23 p.m.)

sudo apt-get install arp-scan sudo arp-scan --interface=eth0 --localnet --------------------------------------------------------------- sudo apt-get install nmap nmap -sn 192.168.21.0/24 ---------------------------------------------------------------

+ Find Gateway IP (Jan. 8, 2017, 1:19 p.m.)

ip route | grep default

+ Check if outgoing port is blocked (Sept. 14, 2016, 8:57 p.m.)

Use one of the tools to check if the outgoing VPS port is blocked: curl portquiz.net:80 OR telnet portquiz.net 80 OR nc -v portquiz.net 80 OR wget -qO- portquiz.net:80

+ Routing (Aug. 22, 2015, 3:28 p.m.)

ip route add {dst ip} via {gateway ip} dev ethx src {src ip}

+ Server interfaces config file (Aug. 22, 2014, 10:03 a.m.)

Add this configuration to the file: /etc/network/interfaces auto ens3 allow-hotplug ens3 iface ens3 inet static address 192.168.1.101 netmask 255.255.255.0 gateway 192.168.1.1 dns-nameservers 8.8.8.8 If you're connecting to a WiFi, add these two options: wpa-ssid Mohsen-HomeWiFi wpa-psk YourPassword --------------------------------------------------------------------- Add this command to the file rc.local to allow the eth0 get IP: route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.1.1 Create a file named /etc/resolv.conf and write this command in it: nameserver 4.2.2.4 ifconfig eth0 broadcast 255.255.255.192 ---------------------------------------------------------------------