Linux/Networking

Interfaces
List interfaces: ifconfig ifconfig -a ifconfig eth1 ip a ip route addr show ip address show ip address show dev eth1 ls /proc/sys/net/ipv4/conf/ ls /sys/class/net/

Bring interface up/down: ifconfig eth1 up ifconfig eth1 down

To configure an interface: ifconfig [interface] [address] netmask [netmask] ifconfig eth1 10.10.11.15 netmask 255.255.255.0

Kernel IP routing table Destination    Gateway         Genmask         Flags Metric Ref    Use Iface 10.10.11.0     *               255.255.255.0   U     0      0        0 eth1
 * 1) Note: This will add the following to the routing table:

Example: ifconfig eth0 up ifconfig eth0 10.10.10.5 netmask 255.255.255.0 route add default gw 10.10.10.1

Routes
List routes: route route -n ip route ip route show

Secondary IP Address
ifconfig eth0:0 192.168.1.2 netmask 255.255.255.0 up
 * 1) ifconfig [nic]:0 [IP-Address] netmask [mask] up

Ref:

ipcalc
$ ipcalc 10.20.30.55 255.255.255.0 -bnmp $ ipcalc 10.20.30.55/24 -bnmp NETMASK=255.255.255.0 PREFIX=24 BROADCAST=10.20.30.255 NETWORK=10.20.30.0

Default Gateway
route add default gw 10.10.11.1

ip route add default via 10.10.11.1
 * 1) with ip route

Kernel IP routing table Destination    Gateway         Genmask         Flags Metric Ref    Use Iface 10.10.11.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1 0.0.0.0        10.10.11.1      0.0.0.0         UG    0      0        0 eth0
 * 1) routing table:

/etc/sysconfig/network-scripts/ifup-eth: 169.254.0.0    0.0.0.0         255.255.0.0     U     0      0        0 eth0 test 169.254.0.0/16 (APIPA / DHCP link local)

Static Network Route
route add -net [network] netmask [netmask] dev [iface] route add -net 192.56.76.0 netmask 255.255.255.0 dev eth0

route add -net [network]/[cidr] dev [iface] route add -net 192.56.76.0/24 dev eth0

route del -net 192.56.76.0 netmask 255.255.255.0 dev eth0
 * 1) delete is same format as 'add', but with 'del' keyword.

route add -net [network] netmask [netmask] gw [gw-address] route add -net 192.57.66.0 netmask 255.255.255.0 gw 10.10.11.1

route add -net [network] netmask [netmask] gw [gw-address] dev [iface] route add -net 192.57.66.0 netmask 255.255.255.0 gw 10.10.11.1 dev eth1

ip route add [network]/[cidr] via [gw-address] ip route add 172.16.0.0/24 via 192.168.0.3
 * 1) Using ip route:

echo "ip route add 172.16.0.0/24 via 192.168.0.3" >> /etc/rc.local
 * 1) startup

Static Host Route
route add -host [host] dev [iface] route add -host 10.10.10.31 dev eth1

route add -host [host] gw [gw-address] route add -host 192.168.98.42 gw 192.168.99.1

Note: use 'arp -a' to verify source address

DHCP
dhclient eth0     # get dhcp address dhclient -r eth0  # release address

Server Lease information: (including DHCP server) /var/lib/dhcp/dhclient.leases option dhcp-server-identifier 192.168.1.1;

Client side lease information: (DHCP server is 'option dhcp-server-identifier') /var/lib/dhclient/dhclient.leases

How do I find out my DHCP server address - http://www.cyberciti.biz/faq/linux-find-out-dhcp-server-ip-address/

DNS
See Linux/DNS

Network Monitoring
20 Linux System Monitoring Tools Every SysAdmin Should Know - http://www.cyberciti.biz/tips/top-linux-monitoring-tools.html
 * netstat and ss - Network Statistics
 * iptraf - Real-time Network Statistics
 * tcpdump - Detailed Network Traffic Analysis
 * nmap - scan your server for open ports.
 * ntop web based tool - ntop is the best tool to see network usage in a way similar to what top command does for processes i.e. it is network traffic monitoring software. You can see network status, protocol wise distribution of traffic for UDP, TCP, DNS, HTTP and other protocols.
 * vnstat - vnStat is a console-based network traffic monitor. It keeps a log of hourly, daily and monthly network traffic for the selected interface(s).
 * mtr - mtr combines the functionality of the traceroute and ping programs in a single network diagnostic tool.

Check if IP Forwarding is enabled
We have to query the sysctl kernel value net.ipv4.ip_forward to see if forwarding is enabled or not:

Using sysctl:

sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 0

or just checking out the value in the /proc system:

cat /proc/sys/net/ipv4/ip_forward 0

As we can see in both the above examples this was disabled (as show by the value 0).

Enable IP Forwarding on the fly
As with any sysctl kernel parameters we can change the value of net.ipv4.ip_forward on the fly (without rebooting the system):

sysctl -w net.ipv4.ip_forward=1

or

echo 1 > /proc/sys/net/ipv4/ip_forward

the setting is changed instantly; the result will not be preserved after rebooting the system.

Permanent setting
Permanent setting using /etc/sysctl.conf

If we want to make this configuration permanent the best way to do it is using the file /etc/sysctl.conf where we can add a line containing net.ipv4.ip_forward = 1

/etc/sysctl.conf: net.ipv4.ip_forward = 1

if you already have an entry net.ipv4.ip_forward with the value 0 you can change that 1.

To enable the changes made in sysctl.conf you will need to run the command:

sysctl -p /etc/sysctl.conf

On RedHat based systems this is also enabled when restarting the network service:

service network restart

and on Debian/Ubuntu systems this can be also done restarting the procps service:

/etc/init.d/procps.sh restart

Source: How to enable IP Forwarding in Linux | MDLog:/sysadmin

SSH Tunneling
Port Forwarding

Local port forwarding:

ssh -L 1234:localhost:23 username@host

All traffic coming to port 1234 on the client will be forwarded to port 23 on the server (host). Note that localhost will be resolved by the sshdserver after the connection is established. In this case localhost therefore refers to the server (host) itself.

Remote port forwarding:

ssh2 -R 1234:localhost:23 username@host

All traffic which comes to port 1234 on the server (host) will be forwarded to port 23 on the client (localhost).

Port Forwarding using Iptables
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 10.161.101.40 --dport 3306 -j DNAT --to 10.20.30.48:3306 iptables -A FORWARD -p tcp -i eth0 -d 10.20.30.48 --dport 3306 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward

Firewall Topologies

 * DMZ definition
 * Firewall Topologies
 * Bastion host
 * Screened subnet
 * Dual firewalls

Address Translation
Wiki: PAT

Wiki: NAT

Red Hat Static Routes
/etc/sysconfig/network-scripts/route-

Contains lines that specify additional routes that should be added when the associated interface is brought up.

The files are processed by the ifup-routes script and uses the /sbin/ipcalc utility for all network masks and numbers. Routes are specified using the syntax:

ADDRESSn= NETMASKn= GATEWAYn=

The "n" can be any integer number, but is expected to be monotonically increasing and counting starts from 0. For example:

ADDRESS0=192.168.2.0 NETMASK0=255.255.255.0 GATEWAY0=192.168.1.1

adds a network route to the 192.168.2.0 network via the gateway at 192.168.1.1. Since you must already have a route to the network of the gateway, there is no need to specify a device.

Note: The ifup-routes script also supports an older syntax designed to be used directly as an argument to "/sbin/ip route add". This syntax is deprecated, but if no "ADDRESSn" lines are found the following will still work:

192.168.2.0/24 dev ppp0

adds a network route to the 192.168.2.0 network through ppp0.

Source: /usr/share/doc/initscripts-8.45.30/sysconfig.txt

ifconfig
To set an IP address for a device: ifconfig eth0 10.10.10.1 netmask 255.255.255.0

To bring up / bring down a device: ifconfig eth0 up ifconfig eth0 down

To create a virtual IP address: ifconfig eth0:1 10.10.20.1 netmask 255.255.255.0

counter reset
The TX/RX bytes reset at 4GB

Bytes counter of ifconfig in 7.2 resets?:
 * "the values are stored as unsigned 32-bit integers, in which case the maximum value which can be stored is 4,294,967,295 (2^32 - 1)"

This means that one can not track the usage of the system over much time.

The ifconfig counters can be forcefully reset by unloading/reloading the module.

route
To add a static route: route add -net 10.10.30.1 netmask 255.255.255.0 gw 10.10.10.1 route add -net 10.10.30.1 netmask 255.255.255.0 dev eth0 route add -net 10.10.30.1 netmask 255.255.255.0 eth0

To add a default gateway: route add default gw 10.10.10.1

mtr
My Traceroute

MTR - http://www.bitwizard.nl/mtr/

"mtr combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool.

As mtr starts, it investigates the network connection between the host mtr runs on and a user-specified destination host. After it determines the address of each network hop between the machines, it sends a sequence ICMP ECHO requests to each one to determine the quality of the link to each machine. As it does this, it prints running statistics about each machine."

Sample: My traceroute [v0.80] oeey.com.com (0.0.0.0)                                              Sat Nov  6 23:04:45 2010 Keys: Help   Display mode   Restart statistics   Order of fields   quit Packets              Pings Host                                             Loss%   Snt   Last   Avg  Best  Wrst StDev 1. xxxx                                           0.0%   112    0.3   0.3   0.3   0.5   0.0 2. xxxx                                           0.0%   112    0.4   0.4   0.4   0.5   0.0 3. ip65-44-63-65.z63-46-65.customer.algx.net      0.0%   112    1.5   3.2   1.4  79.5  10.5 4. vb1611.rar3.sanjose-ca.us.xo.net               0.0%   112   18.3  18.1  17.6  19.4   0.3

Installation
From yum: yum install mtr

Source: yum install ncurses-devel VER=0.80 cd ~/src wget ftp://ftp.bitwizard.nl/mtr/mtr-$VER.tar.gz tar -zvxf mtr-$VER.tar.gz cd mtr-$VER ./configure --prefix=/opt/mtr make sudo make install
 * 1) if you want the TUI:

Execute: mtr [HOST] /opt/mtr/sbin/mtr [HOST]

ip and iproute
The iproute2 package is designed to be a replacement for the standard networking toolset (ie. ifconfig, route, etc)

iproute2 - Advanced IP routing and network device configuration tools.
 * The iproute package contains networking utilities (ip and rtmon, for
 * example) which are designed to use the advanced networking
 * capabilities of the Linux 2.4.x and 2.6.x kernel.


 * 1) ip link list

1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:06:5b:8d:13:a0 brd ff:ff:ff:ff:ff:ff


 * 1) ip address show

1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo   inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:06:5b:8d:13:a0 brd ff:ff:ff:ff:ff:ff inet 200.3.128.12/24 brd 216.3.128.255 scope global eth0 inet6 fe80::206:5bff:fe8d:13a0/64 scope link valid_lft forever preferred_lft forever


 * 1) ip route show

200.3.128.0/24 dev eth0 proto kernel  scope link  src 200.3.128.12 default via 216.3.128.1 dev eth0

NIC Bonding
Also known as teaming, ether channel, or maybe trunking.

See Linux/Network Bonding

kping - History Ping
See kping

pinglog
See pinglog

Determining Network Driver
Linux: Find out Ethernet card driver name - http://www.cyberciti.biz/faq/linux-find-out-what-driver-my-ethernet-card-is-using/

What was installed: grep eth0 /etc/modprobe.conf

What is currently in use: ethtool -i eth0

Show module information: modinfo [MODULE]

Linux: Find Wireless Driver Chipset Information - http://www.cyberciti.biz/faq/linux-find-wireless-driver-chipset/

lspci -vv -s [ID] | grep driver # doesn't always work! Kernel driver in use: iwlagn

Show vendor/device ID: lspci -n -s [ID]

Show name and vendor/device ID: # doesn't always work lspci -nn -s [ID]

keywords
linux networking