Sachin Patil

Sachin Patil

Free Software Developer | GNU Emacs Hacker

[Notes] Network utilities
Published on Mar 24, 2012 by Sachin.

Few network configuration which can be performed using CLI, this post covers examples with syntax.

(Updated on May 25, 2020)

Note: root or sudo access is required to run few commands. ifconfig has been deprecated in favor of ip.

Assign IP address


1: ifconfig <INTERFACE> <IP-ADDRESS> netmask <NETMASK>
2: # or
3: ip addr add <IP-ADDRESS/CIDR> dev <INTERFACE>


1: ifconfig eth0 netmask
2: # or
3: ip addr add dev eth0

Add gateway/route


1: route add default gw <GATEWAY-IP> <INTERFACE>
2: # or
3: ip route add default via <GATEWAY-IP> dev <INTERFACE>


1: route add default gw eth0
2: # or
3: ip route add default via dev eth0

Temporary spoof MAC address


1: ip link set down dev DEVICE_NAME
2: ip link set dev DEVICE_NAME address AA:BB:CC:DD:EE:FF
3: ip link set up dev DEVICE_NAME


1: ip link set down dev enp0s21
2: ip link set dev enp0s21 address AA:BB:CC:DD:EE:FF
3: ip link set up dev enp0s21

Set DNS address

Optionally DNS can be entered in the file /etc/resolv.conf in following format

1: # /etc/resolv.conf
2: nameserver
3: nameserver

All the above changes will be temporary(unless you reboot the system)

Additional scenario

  • You want 10.10.10.x address space to bypass default gateway of the network. You can reach network range of via on device eth0

    ip route add via dev eth0
  • Make routes persistent(on Fedora/RHEL)

    Add following entry into the file /etc/sysconfig/network-scripts/route-DEVICE_NAME via dev DEVICE_NAME

CLI to control NetworkManager

Check overall status

nmcli general status

Show all connections

nmcli connection

Show all devices

1: nmcli device
3: # Sample output
5: enp0s25     ethernet  connected    enp0s25
6: virbr0      bridge    connected    virbr0
7: wlp3s0      wifi      unavailable  --
8: lo          loopback  unmanaged    --
9: virbr0-nic  tun       unmanaged    --

Show details for specific connection


nmcli connection show <GENERAL.NAME>


nmcli connection show my-dsl-conn

Connect using connection name


nmcli connection up <GENERAL.NAME>


nmcli connection up my-dsl-conn

Show status of the WIFI

1: nmcli radio
3: # Sample output
5: enabled  disabled  enabled  disabled

Enable WIFI

nmcli radio wifi on

Networking Status/Enable/Disable

Check Network status

1: nmcli networking
3: # Sample output
4: enabled

Force NetworkManager to re-checks the connectivity

1: nmcli networking connectivity check
3: # Sample output
4: full

Disable networking

nmcli networking off

Enable networking

nmcli networking on

SSH: Secure shell

SOCKS proxy

ssh -N -D 1080 user@server


-N: Do not execute remote commands

-D: [bind address:]port (port in the above example)

Local port forwarding

Forward all the requests from local port to remote port via remote-server.


ssh -L 8000:blocked-domain.com:80 user@remote-server

In the above example the website blocked-domain.com is not accessible from local machine(may be because it is blocked) but it can be accessed from remote-server. We create an SSH tunnel to remote-server and forward all the request from local port 8000 to port 80 of blocked-domain.com via remote-server. Once the connection is established, the blocked-domain.com can be accessed from local machine on port 8000(localhost:8000). The domain blocked-domain.com hence assumes that all the requests are coming from remote-server.


ssh -L <LOCAL_PORT>:<REMOTE_HOST>:<REMOTE_PORT> user@remote-server

Another example of forwarding local port is found in the manpage of ssh:

When encrypting communication between an IRC client and server, even though the IRC server does not directly support encrypted communications. This works as follows: the user connects to the remote host using ssh, specifying a port to be used to forward connections to the remote server. After that it is possible to start the service which is to be encrypted on the client machine, connecting to the same local port, and ssh will encrypt and forward the connection.

The following example tunnels an IRC session from client machine “” (localhost) to remote server “server.example.com”:

ssh -f -L 1234:localhost:6667 server.example.com sleep 10
irc -c '#users' -p 1234 pinky

This tunnels a connection to IRC server server.example.com“, joining channel ”#users“, nickname ”pinky“, using port 1234. It doesn’t matter which port is used, as long as it’s greater than 1023 (remember, only root can open sockets on privileged ports) and doesn’t conflict with any ports already in use. The connection is forwarded to port 6667 on the remote server, since that’s the standard port for IRC services.

The -f option backgrounds ssh and the remote command sleep 10 is specified to allow an amount of time (10 seconds, in the example) to start the service which is to be tunnelled. If no connections are made within the time specified, ssh will exit.

Remote port forwarding

Forward all requests from the remote port to local port.


ssh -R 8000:localhost:3000 user@remote-server.com

In the above example assume that we are developing a website and we test it locally on port 3000(localhost:3000), but if we want to showcase or demonstrate the website to the public, we create a remote tunnel to remote-server.com and forward all traffic from remote-server.com:8000 to localhost:3000. Any one accessing remote-server.com:8000 will be able to access the website.


ssh -R <REMOTE_PORT>:localhost:<LOCAL_PORT> user@remote-server.com