Few network configuration which can be performed using CLI, this post covers examples with syntax.
(Updated on Jun 04, 2019)
Note: You must be
sudo user to run following commands.
ifconfig has been deprecated in favor of
Assign IP address
1: ifconfig <INTERFACE> <IP-ADDRESS> netmask <NETMASK> 2: # or 3: ip addr add <IP-ADDRESS/CIDR> dev <INTERFACE>
1: ifconfig eth0 192.168.1.11 netmask 255.255.255.0 2: # or 3: ip addr add 192.168.1.11/24 dev eth0
1: route add default gw <GATEWAY-IP> <INTERFACE> 2: # or 3: ip route add default via <GATEWAY-IP> dev <INTERFACE>
1: route add default gw 192.168.1.1 eth0 2: # or 3: ip route add default via 192.168.1.1 dev eth0
Temporary spoof MAC address
1: ip link set down dev DEVICE_NAME 2: ip link set dev DEVICE_NAME address AA:BB:CC:DD:EE:FF 3: ip link set up dev DEVICE_NAME
1: ip link set down dev enp0s21 2: ip link set dev enp0s21 address AA:BB:CC:DD:EE:FF 3: ip link set up dev enp0s21
Set DNS address
Optionally DNS can be entered in the file
1: # /etc/resolv.conf 2: nameserver 188.8.131.52 3: nameserver 184.108.40.206
All the above changes will be temporary(unless you reboot the system)
You want 10.10.10.x address space to bypass default gateway of the network. You can reach network range of 10.10.10.0/24 via 192.168.1.11 on device
ip route add 10.10.10.0/24 via 192.168.1.11 dev eth0
Make routes persistent(on Fedora/RHEL)
Add following entry into the file
10.10.10.0/24 via 192.168.1.11 dev DEVICE_NAME
CLI to control NetworkManager
Check overall status
nmcli general status
Show all connections
Show details for specific connection
nmcli connection show <GENERAL.NAME>
nmcli connection show my-dsl-conn
Connect using connection name
nmcli connection up <GENERAL.NAME>
nmcli connection up my-dsl-conn
SSH: Secure shell
ssh -N -D 1080 user@server
-N: Do not execute remote commands
[bind address:]port (port in the above example)
Local port forwarding
Forward all the requests from local port to remote port via remote-server.
ssh -L 8000:blocked-domain.com:80 user@remote-server
In the above example the website blocked-domain.com is not accessible from local machine(may be because it is blocked) but it can be accessed from remote-server. We create an SSH tunnel to remote-server and forward all the request from local port 8000 to port 80 of blocked-domain.com via remote-server. Once the connection is established, the blocked-domain.com can be accessed from local machine on port 8000(localhost:8000). The domain blocked-domain.com hence assumes that all the requests are coming from remote-server.
ssh -L <LOCAL_PORT>:<REMOTE_HOST>:<REMOTE_PORT> user@remote-server
Another example of forwarding local port is found in the manpage of
When encrypting communication between an IRC client and server, even though the IRC server does not directly support encrypted communications. This works as follows: the user connects to the remote host using ssh, specifying a port to be used to forward connections to the remote server. After that it is possible to start the service which is to be encrypted on the client machine, connecting to the same local port, and ssh will encrypt and forward the connection.
The following example tunnels an IRC session from client machine “127.0.0.1” (localhost) to remote server “server.example.com”:
ssh -f -L 1234:localhost:6667 server.example.com sleep 10 irc -c '#users' -p 1234 pinky 127.0.0.1
This tunnels a connection to IRC server server.example.com“, joining channel ”#users“, nickname ”pinky“, using port 1234. It doesn’t matter which port is used, as long as it’s greater than 1023 (remember, only root can open sockets on privileged ports) and doesn’t conflict with any ports already in use. The connection is forwarded to port 6667 on the remote server, since that’s the standard port for IRC services.
The -f option backgrounds ssh and the remote command
sleep 10 is specified
to allow an amount of time (10 seconds, in the example) to start the service
which is to be tunnelled. If no connections are made within the time
specified, ssh will exit.
Remote port forwarding
Forward all requests from the remote port to local port.
ssh -R 8000:localhost:3000 email@example.com
In the above example assume that we are developing a website and we test it locally on port 3000(localhost:3000), but if we want to showcase or demonstrate the website to the public, we create a remote tunnel to remote-server.com and forward all traffic from remote-server.com:8000 to localhost:3000. Any one accessing remote-server.com:8000 will be able to access the website.
ssh -R <REMOTE_PORT>:localhost:<LOCAL_PORT> firstname.lastname@example.org