Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Linux Networking

Linux Networking

N. P. O'Donnell, 2021

Network Interfaces

Bring eth0 interface down:

WARNING: If you do this remotely (like through an SSH connection), it will disconnect you...

ip link set eth0 down

Bring eth0 interface up:

ip link set eth0 up

Set MTU

ip link set dev eth0 mtu 1420

IPIP Tunnel

Scenario involves 2 machines.

Machine 1's IP address is 172.31.95.154

Machine 2's IP address is 172.32.31.103

Step 1: Create tunnel interfaces

On machine 1:

ip tunnel add tun0 mode ipip remote 172.32.31.103 local 172.31.95.154

On machine 2:

ip tunnel add tun0 mode ipip remote 172.31.95.154 local 172.32.31.103

Step 2: Give them IP addresses

Make sure the IP addresses don't clash with existing ones!

On machine 1:

ip address add 192.168.0.1/24 dev tun0

On machine 2:

ip address add 192.168.0.2/24 dev tun0

Step 3: Bring them up

On both machines:

ip link set tun0 up

Then a ping test...

On machine 1:

ping 192.168.0.2

On machine 2:

ping 192.168.0.1

Routing

Display the routing table:

ip route show

Adding Routes

Route all traffic to a single IP address 135.125.202.171 through interface tun0:

ip route add 135.125.202.171 dev tun0

Route all traffic to IP address range 8.8.0.0/16 via 192.168.0.2:

ip route add 8.8.0.0/16 via 192.168.0.2

Getting Routes

Get the root for 8.8.8.8:

ip route get 8.8.8.8

Wireguard

Creating Keys

Create private key:

wg genkey

Create Public Key:

wg pubkey

Then paste in the private key followed by Ctrl-D.

Or use pipes.

One liner:

((wg genkey | tee privkey) | wg pubkey) > pubkey

Install Wireguard on Amazon Linux 2 (as root):

yum upgrade -y
amazon-linux-extras install -y epel
curl -Lo /etc/yum.repos.d/wireguard.repo   https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
yum clean all
yum install -y wireguard-dkms wireguard-tools

Configuration File:

/etc/wireguard/wg0.conf

Check status:

wg

WG-Quick

WG Quick is used for quickly prototyping wireguard configurations.

Bring wg0 interface up:

wg-quick up wg0

Bring wg0 interface down:

wg-quick down wg0

Socat

Test sending of UDP datagrams

On receiving machine:

socat -u udp-recv:12345,reuseaddr -

On sending machine:

socat - udp-sendto:<ip>:12345

Then type some characters on the sending machine.

TCPDump

Show all traffic:

sudo tcpdump

Show UDP traffic:

sudo tcpdump udp
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment