====== networking ======
===== Some ip command examples =====
ip addr add 192.168.50.5/24 dev eth0
ip addr del 192.168.50.5/24 dev eth0
===== bonding =====
First you need two or more interfaces, for example eth0 & eth1.
Then you create a new intercafe, that could have the name bond0 -> vi ifcfg-bond0
DEVICE=bond0
NAME=bond0
TYPE=Bond
BONDING_MASTER=yes
IPADDR=192.168.1.1
PREFIX=24
ONBOOT=yes
BOOTPROTO=none
BONDING_OPTS="bonding parameters separated by spaces"
[[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/sec-Using_Channel_Bonding.html| RHEL 7 Doku]]
===== routing =====
Default route löschen/neu setzen
# route del -net default netmask 0.0.0.0
# route add default gw 10.11.22.1 eth0
ODER
# ip route delete default
# ip route add default via 10.11.22.1 src 10.11.22.111
Eigene Routen anlegen/löschen
route add -net 192.168.1.0 netmask 255.255.255.0 dev eth1
ip route add 192.168.1.0/24 via 10.11.12.254 src 10.11.12.13
ip route add 192.168.1.0/24 via 10.11.12.254
route del -net 192.168.1.0 netmask 255.255.255.0 dev eth1
default gateway in der ''/etc/sysconfig/network'' eintragen
GATEWAY=10.11.22.1
So schaut ein ''/etc/sysconfig/network-scripts/ifcfg-eth0'' aus wenn speed usw. eingestellt ist:
DEVICE=eth0
BOOTPROTO=none
IPADDR=10.11.22.33
NETMASK=255.255.255.0
ONBOOT=yes
TYPE=Ethernet
GATEWAY=10.11.22.1
USERCTL=no
PEERDNS=yes
ETHTOOL_OPTS="speed 100 duplex full autoneg off"
===== bridge =====
Install the bridge-utils
yum install bridge-utils
Create a bridge file:
/etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
NAME=br0
TYPE=Bridge
BOOTPROTO=none
ONBOOT=yes
DELAY=10
STP=off
IPADDR=1.2.3.4
PREFIX=24
GATEWAY=1.2.3.1
DEFROUTE=yes
Create a interface file:
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
BRIDGE=br0
brctl addbr br0
brctl addif br0 eth0
ifconfig eth0 down
ifconfig eth0 0.0.0.0 up
ifconfig br0 10.11.22.23 up
===== Change and specify interfacenames =====
In RHEL/CentOS 7 there is a new nameing-convention for network-interfaces implemented. Some people do not like that, so you can switch back to the old one. [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/ch-Consistent_Network_Device_Naming.html|RHEL 7 Networking Guide]]
In a virtual machine you should ensure that the interfaces do not get mixed after a reboot or if you add a new NIC. Create a new file
''# vi /etc/udev/rules.d/69-vmxnet3-net.rules''
SUBSYSTEM=="net", ACTION=="add", KERNELS=="0000:0b:00.0" DRIVERS=="vmxnet3", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
SUBSYSTEM=="net", ACTION=="add", KERNELS=="0000:13:00.0" DRIVERS=="vmxnet3", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"
SUBSYSTEM=="net", ACTION=="add", KERNELS=="0000:1b:00.0" DRIVERS=="vmxnet3", ATTR{type}=="1", KERNEL=="eth*", NAME="eth2"
SUBSYSTEM=="net", ACTION=="add", KERNELS=="0000:04:00.0" DRIVERS=="vmxnet3", ATTR{type}=="1", KERNEL=="eth*", NAME="eth3"
SUBSYSTEM=="net", ACTION=="add", KERNELS=="0000:0c:00.0" DRIVERS=="vmxnet3", ATTR{type}=="1", KERNEL=="eth*", NAME="eth4"
SUBSYSTEM=="net", ACTION=="add", KERNELS=="0000:14:00.0" DRIVERS=="vmxnet3", ATTR{type}=="1", KERNEL=="eth*", NAME="eth5"
SUBSYSTEM=="net", ACTION=="add", KERNELS=="0000:1c:00.0" DRIVERS=="vmxnet3", ATTR{type}=="1", KERNEL=="eth*", NAME="eth6"
SUBSYSTEM=="net", ACTION=="add", KERNELS=="0000:05:00.0" DRIVERS=="vmxnet3", ATTR{type}=="1", KERNEL=="eth*", NAME="eth7"
Add the additional keyword ''net.ifnames=0'' to the grub config file: ''/etc/default/grub'' so that the file looks like:
GRUB_TIMEOUT=5
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=vg_hostname_swap/lv_swap rd.lvm.lv=vg_hostname_base/lv_base rhgb quiet net.ifnames=0"
GRUB_DISABLE_RECOVERY="true""
''net.ifnames=0'' is added to the end of the GRUB_CMDLINE_LINUX Variable
The new option must find a way into the grub. A new config can be made with the following command:
# grub2-mkconfig -o /boot/grub2/grub.cfg
**After that do not forget to rename the ifcfg-files!**
# mv ifcfg-crapyname ifcfg-eth0
===== Disable IPv6 =====
==== CentOS/RHEL 7 ====
To disable the kernel model edit the grub config file: ''/etc/default/grub'' and add in the line ''GRUB_CMDLINE_LINUX'' the parameter ''ipv6.disable=1'' so that the file look like
GRUB_TIMEOUT=5
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=vg_hostname_swap/lv_swap rd.lvm.lv=vg_hostname_base/lv_base rhgb quiet ipv6.disable=1"
GRUB_DISABLE_RECOVERY="true""
Reconfigure your grub with the following command:
# grub2-mkconfig -o /boot/grub2/grub.cfg
==== CentOS/RHEL 6 ====
Create and edit the file ''/etc/modprobe.d/ipv6.conf''
options ipv6 disable=1
Just to be sure you can disable the ip6tables ''chkconfig ip6tables off''. If it is not already done also change or add the following line in ''/etc/sysconfig/network''
NETWORKING_IPV6=no
====== firewalld ======
Block an IP with the firewall-cmd
firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -s 10.11.12.13/32 -j DROP
''--permanent'' would make this rule "forever", so it exists until to the next reboot or restart of the firewall.
====== Router ======
How to build your own [[https://fedoramagazine.org/build-network-router-firewall-fedora-22-systemd-networkd/|router]]
OK OK, I also copied the whole thing, to make [[myhelp:network:router|here]] accessible.
====== VPN ======
Read a pretty good documentation at [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html|RedHat]].
===== OPENVPN =====
Some links for helping out. I prefer now WIREGUARD.
* [[https://chichivica.github.io/2017/08/02/Install-OpenVPN-on-Fedora-26/|fedora 26]]
* [[https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7|Centos 7 - Digital Ocean]]
* [[https://www.cyberciti.biz/faq/howto-setup-openvpn-server-on-ubuntu-linux-14-04-or-16-04-lts/|Cyperciti]]
* [[https://www.ostechnix.com/easiest-way-install-configure-openvpn-server-linux/|easy way]]
* [[https://fedoraproject.org/wiki/Openvpn|fedora wiki]]
===== Wireguard =====
https://serversideup.net/generating-wireguard-qr-codes-for-fast-mobile-deployments/
https://emanuelduss.ch/2018/09/wireguard-vpn-road-warrior-setup/
https://www.cyberciti.biz/faq/centos-8-set-up-wireguard-vpn-server/
==== Create Client Keys ====
# cd /etc/wireguard
# wg genkey | tee newclient-private.key | wg pubkey > newclient-public.key
# ls -l newclient-*
==== Create Client Configuration ====
vi newclient-private.conf
#newclient
[Interface]
PrivateKey =
Address = 10.20.30.40 # The VPN-IP from your newclient
DNS = 10.10.10.10, 20.20.20.20 # optional if you want the use a specific DNS in your VPN
[Peer]
PublicKey =
Endpoint = 10.20.30.1:6789 # IP or DNS and port from your server
AllowedIPs = 10.0.0.0/8, 192.168.1.1/32 # IPs which for which the client is going to use the VPN
==== Create Server Configuration ====
vi wg0.conf
#Server configuration for wg0
[Interface]
# Your server private VPN IP
Address = 10.11.12.1/24
# The port your server is listen
ListenPort = 9876
PrivateKey =
#Client 1
[Peer]
PublicKey =
AllowedIPs = 10.20.30.39/32
#newclient
[Peer]
PublicKey =
AllowedIPs = 10.20.30.40/32
Create a QR-code that can be scanned with your phone
qrencode -t ansiutf8 -r /etc/wireguard/newclient-public.conf
====== Speedtest ======
with netcat (nc):
Start netcat on serverA
nc -v -l 6789 > /dev/null
On serverB, run the following command:
dd if=/dev/zero bs=1024K count=1024 | nc -v 6789
{{tag>[Good2Know HowTo VPN Firewall]}}