Linux Network – Chang's Website

Network Services

Network Commands
ip addr show / ip a
ip -4 a s
ip addr add 172.17.67.3/16 dev enp0s8   # dev => device # reboot==> removedip r / ip route show
ip route add default via 192.168.56.104 # ephemeral you need to change config file
# Coreos / /etc/sysconfig/network-scripts/ifcfg-enp0s3
# Coreos / vi /etc/sysctl.conf
net.ipv4.ip_forward=1
route 
netstat -r
sysctl -p 
curl
wget
nc -vf website.com 443 # check port
netstat -tulpn
ping 
vi /etc/resolv.conf 
nameserver 127.0.0.53
options edns0 trust-ad
search
# Port Usage
isof -i
isof -i:27027. ## Check the specific port

Network Manager (nmcli)
systemctl status NetworkManager

nmcli connection
NAME UUID TYPE DEVICE
Wired connection 1 6fc98cfd-2e09-37e2-91c2-77c3659474f0 ethernet eno1
Wired connection 2 45c7d1a9-ac89-37f0-9ead-469b1a4dbd23 ethernet enp1s0
docker0 fbe673ce-a271-4db2-88ea-8892c114bdd2 bridge docker0
virbr0 5693f9f9-b622-4a9f-ba73-35cb35609460 bridge virbr0

nmcli connection add con-name home ifname enp1s1 type ethernet ip4 192.168.0.99 gw4 192.168.0.1Connection 'home' (b2bd16ff-204d-4e32-9279-c45a17f97b9d) successfully added.
nmcli connection
NAME UUID TYPE DEVICE
Wired connection 1 6fc98cfd-2e09-37e2-91c2-77c3659474f0 ethernet eno1
Wired connection 2 45c7d1a9-ac89-37f0-9ead-469b1a4dbd23 ethernet enp1s0
docker0 fbe673ce-a271-4db2-88ea-8892c114bdd2 bridge docker0
virbr0 5693f9f9-b622-4a9f-ba73-35cb35609460 bridge virbr0
home b2bd16ff-204d-4e32-9279-c45a17f97b9d ethernet --

Standard network service

[/etc/sysconfig/network-scripts]()

Routing
ip route show
route
netstat -r (name)
netstat -rn (number)
sudo netstat -tnlp | grep :22

ip r
ip route add default via ip

Port Forwarding

Enable IP Forwarding:
sysctl net.ipv4.ip_forward=1 or echo "1" > /proc/sys/net/ipv4/ip_forward (Not persistent)
Add your forwarding rule (use n.n.n.n:port):
iptables -t nat -A PREROUTING -p tcp -d 10.0.0.132 --dport 29418 -j DNAT --to-destination 10.0.0.133:29418
Ask IPtables to Masquerade:
iptables -t nat -A POSTROUTING -j MASQUERADE

Firewall

sudo iptables -L
iptables -L /INPUT/FORWARD/OUTPUT chains 
iptable -nvL
iptables -P FORWARD ACCEPT
iptables -t nat -L /PREROUTING/INPUT/OUTPUT/POSTROUTING # -t for table 
iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE /.-o outbound -j jump to /masquerading with public ip of NAT router
ipatbles -A INPUT -s 192.168.0.0/24 -p tcp -j DROP
iptables-save > firewalloff
iptables -A INPUT -i lo -j ACCEPT -i / interface 
iptables -A INPUT -m contrack --ctstate ESTABLISHED,RELATED -j ACCEPT -m /module contrack / connection tracker ctstate/ conection tracker status
If we estavlish a connection, so we start an outgoning connection, the traffic is going to be allowed to come back.

iptable -A INPUT -p tcp –dport 22 -j ACCEPT /-dport /destination port
iptables-restore < firewalloff