UP | HOME
Sachin Patil

Sachin

Free Software developer & Emacser

Network utilities

Published on Mar 24, 2012 by Sachin.

Few network configuration which can be performed using CLI, this post covers examples with syntax.

(Updated on Jun 04, 2019)

Note: You must be root or sudo user to run following commands. ifconfig has been deprecated in favor of ip

Assign IP address

Syntax

1: ifconfig <INTERFACE> <IP-ADDRESS> netmask <NETMASK>
2: # or
3: ip addr add <IP-ADDRESS/CIDR> dev <INTERFACE>

Example

1: ifconfig eth0 192.168.1.11 netmask 255.255.255.0
2: # or
3: ip addr add 192.168.1.11/24 dev eth0

Add gateway/route

Syntax

1: route add default gw <GATEWAY-IP> <INTERFACE>
2: # or
3: ip route add default via <GATEWAY-IP> dev <INTERFACE>

Example

1: route add default gw 192.168.1.1 eth0
2: # or
3: ip route add default via 192.168.1.1 dev eth0

Temporary spoof MAC address

Syntax

1: ip link set down dev DEVICE_NAME
2: ip link set dev DEVICE_NAME address AA:BB:CC:DD:EE:FF
3: ip link set up dev DEVICE_NAME

Example

1: ip link set down dev enp0s21
2: ip link set dev enp0s21 address AA:BB:CC:DD:EE:FF
3: ip link set up dev enp0s21

Set DNS address

Optionally DNS can be entered in the file /etc/resolv.conf in following format

1: # /etc/resolv.conf
2: nameserver 8.8.8.8
3: nameserver 8.8.4.4

All the above changes will be temporary(unless you reboot the system)

Additional scenario

  • You want 10.10.10.x address space to bypass default gateway of the network. You can reach network range of 10.10.10.0/24 via 192.168.1.11 on device eth0

    ip route add 10.10.10.0/24 via 192.168.1.11 dev eth0
    
  • Make routes persistent(on Fedora/RHEL)

    Add following entry into the file /etc/sysconfig/network-scripts/route-DEVICE_NAME

    10.10.10.0/24 via 192.168.1.11 dev DEVICE_NAME
    

CLI to control NetworkManager

Check overall status

nmcli general status

Show all connections

nmcli connection

Show details for specific connection

Syntax

nmcli connection show <GENERAL.NAME>

Example

nmcli connection show my-dsl-conn

Connect using connection name

Syntax

nmcli connection up <GENERAL.NAME>

Example

nmcli connection up my-dsl-conn

SSH: Secure shell

SOCKS proxy

ssh -N -D 1080 user@server

where

-N: Do not execute remote commands

-D: [bind address:]port (port in the above example)

Local port forwarding

Forward all the requests from local port to remote port via remote-server.

Example:

ssh -L 8000:blocked-domain.com:80 user@remote-server

In the above example the website blocked-domain.com is not accessible from local machine(may be because it is blocked) but it can be accessed from remote-server. We create an SSH tunnel to remote-server and forward all the request from local port 8000 to port 80 of blocked-domain.com via remote-server. Once the connection is established, the blocked-domain.com can be accessed from local machine on port 8000(localhost:8000). The domain blocked-domain.com hence assumes that all the requests are coming from remote-server.

Syntax:

ssh -L <LOCAL_PORT>:<REMOTE_HOST>:<REMOTE_PORT> user@remote-server

Another example of forwarding local port is found in the manpage of ssh:

When encrypting communication between an IRC client and server, even though the IRC server does not directly support encrypted communications. This works as follows: the user connects to the remote host using ssh, specifying a port to be used to forward connections to the remote server. After that it is possible to start the service which is to be encrypted on the client machine, connecting to the same local port, and ssh will encrypt and forward the connection.

The following example tunnels an IRC session from client machine “127.0.0.1” (localhost) to remote server “server.example.com”:

ssh -f -L 1234:localhost:6667 server.example.com sleep 10
irc -c '#users' -p 1234 pinky 127.0.0.1

This tunnels a connection to IRC server server.example.com“, joining channel ”#users“, nickname ”pinky“, using port 1234. It doesn’t matter which port is used, as long as it’s greater than 1023 (remember, only root can open sockets on privileged ports) and doesn’t conflict with any ports already in use. The connection is forwarded to port 6667 on the remote server, since that’s the standard port for IRC services.

The -f option backgrounds ssh and the remote command sleep 10 is specified to allow an amount of time (10 seconds, in the example) to start the service which is to be tunnelled. If no connections are made within the time specified, ssh will exit.

Remote port forwarding

Forward all requests from the remote port to local port.

Example:

ssh -R 8000:localhost:3000 user@remote-server.com

In the above example assume that we are developing a website and we test it locally on port 3000(localhost:3000), but if we want to showcase or demonstrate the website to the public, we create a remote tunnel to remote-server.com and forward all traffic from remote-server.com:8000 to localhost:3000. Any one accessing remote-server.com:8000 will be able to access the website.

Syntax:

ssh -R <REMOTE_PORT>:localhost:<LOCAL_PORT> user@remote-server.com