[Notes] Network utilities
Published on Mar 24, 2012 by Sachin.
Few network configuration which can be performed using CLI, this post covers examples with syntax.
(Updated on May 25, 2020)
Note: root or sudo access is required to run few commands. ifconfig has
been deprecated in favor of ip.
Assign IP address
Syntax
1: ifconfig <INTERFACE> <IP-ADDRESS> netmask <NETMASK> 2: # or 3: ip addr add <IP-ADDRESS/CIDR> dev <INTERFACE>
Example
1: ifconfig eth0 192.168.1.11 netmask 255.255.255.0 2: # or 3: ip addr add 192.168.1.11/24 dev eth0
Add gateway/route
Syntax
1: route add default gw <GATEWAY-IP> <INTERFACE> 2: # or 3: ip route add default via <GATEWAY-IP> dev <INTERFACE>
Example
1: route add default gw 192.168.1.1 eth0 2: # or 3: ip route add default via 192.168.1.1 dev eth0
Temporary spoof MAC address
Syntax
1: ip link set down dev DEVICE_NAME 2: ip link set dev DEVICE_NAME address AA:BB:CC:DD:EE:FF 3: ip link set up dev DEVICE_NAME
Example
1: ip link set down dev enp0s21 2: ip link set dev enp0s21 address AA:BB:CC:DD:EE:FF 3: ip link set up dev enp0s21
Set DNS address
Optionally DNS can be entered in the file /etc/resolv.conf in
following format
1: # /etc/resolv.conf 2: nameserver 8.8.8.8 3: nameserver 8.8.4.4
All the above changes will be temporary(unless you reboot the system)
Additional scenario
You want 10.10.10.x address space to bypass default gateway of the network. You can reach network range of 10.10.10.0/24 via 192.168.1.11 on device
eth0ip route add 10.10.10.0/24 via 192.168.1.11 dev eth0
Make routes persistent(on Fedora/RHEL)
Add following entry into the file
/etc/sysconfig/network-scripts/route-DEVICE_NAME10.10.10.0/24 via 192.168.1.11 dev DEVICE_NAME
CLI to control NetworkManager
Check overall status
nmcli general status
Show all connections
nmcli connection
Show all devices
1: nmcli device 2: 3: # Sample output 4: DEVICE TYPE STATE CONNECTION 5: enp0s25 ethernet connected enp0s25 6: virbr0 bridge connected virbr0 7: wlp3s0 wifi unavailable -- 8: lo loopback unmanaged -- 9: virbr0-nic tun unmanaged --
Show details for specific connection
Syntax
nmcli connection show <GENERAL.NAME>
Example
nmcli connection show my-dsl-conn
Connect using connection name
Syntax
nmcli connection up <GENERAL.NAME>
Example
nmcli connection up my-dsl-conn
Show status of the WIFI
1: nmcli radio 2: 3: # Sample output 4: WIFI-HW WIFI WWAN-HW WWAN 5: enabled disabled enabled disabled
Enable WIFI
nmcli radio wifi on
Networking Status/Enable/Disable
Check Network status
1: nmcli networking 2: 3: # Sample output 4: enabled
Force NetworkManager to re-checks the connectivity
1: nmcli networking connectivity check 2: 3: # Sample output 4: full
Disable networking
nmcli networking off
Enable networking
nmcli networking on
SSH: Secure shell
SOCKS proxy
ssh -N -D 1080 user@server
where
-N: Do not execute remote commands
-D: [bind address:]port (port in the above example)
Local port forwarding
Forward all the requests from local port to remote port via remote-server.
Example:
ssh -L 8000:blocked-domain.com:80 user@remote-server
In the above example the website blocked-domain.com is not accessible from local machine(may be because it is blocked) but it can be accessed from remote-server. We create an SSH tunnel to remote-server and forward all the request from local port 8000 to port 80 of blocked-domain.com via remote-server. Once the connection is established, the blocked-domain.com can be accessed from local machine on port 8000(localhost:8000). The domain blocked-domain.com hence assumes that all the requests are coming from remote-server.
Syntax:
ssh -L <LOCAL_PORT>:<REMOTE_HOST>:<REMOTE_PORT> user@remote-server
Another example of forwarding local port is found in the manpage of ssh:
When encrypting communication between an IRC client and server, even though the IRC server does not directly support encrypted communications. This works as follows: the user connects to the remote host using ssh, specifying a port to be used to forward connections to the remote server. After that it is possible to start the service which is to be encrypted on the client machine, connecting to the same local port, and ssh will encrypt and forward the connection.
The following example tunnels an IRC session from client machine “127.0.0.1” (localhost) to remote server “server.example.com”:
ssh -f -L 1234:localhost:6667 server.example.com sleep 10
irc -c '#users' -p 1234 pinky 127.0.0.1
This tunnels a connection to IRC server server.example.com“, joining channel ”#users“, nickname ”pinky“, using port 1234. It doesn’t matter which port is used, as long as it’s greater than 1023 (remember, only root can open sockets on privileged ports) and doesn’t conflict with any ports already in use. The connection is forwarded to port 6667 on the remote server, since that’s the standard port for IRC services.
The -f option backgrounds ssh and the remote command sleep 10 is specified
to allow an amount of time (10 seconds, in the example) to start the service
which is to be tunnelled. If no connections are made within the time
specified, ssh will exit.
Remote port forwarding
Forward all requests from the remote port to local port.
Example:
ssh -R 8000:localhost:3000 user@remote-server.com
In the above example assume that we are developing a website and we test it locally on port 3000(localhost:3000), but if we want to showcase or demonstrate the website to the public, we create a remote tunnel to remote-server.com and forward all traffic from remote-server.com:8000 to localhost:3000. Any one accessing remote-server.com:8000 will be able to access the website.
Syntax:
ssh -R <REMOTE_PORT>:localhost:<LOCAL_PORT> user@remote-server.com