wiki.server17.net

User Tools

Site Tools

Trace: tmux ssh openssl network
myhelp:network

Table of Contents

networking

Some ip command examples

ip addr add 192.168.50.5/24 dev eth0
ip addr del 192.168.50.5/24 dev eth0

bonding

First you need two or more interfaces, for example eth0 & eth1. Then you create a new intercafe, that could have the name bond0 → vi ifcfg-bond0 

DEVICE=bond0
NAME=bond0
TYPE=Bond
BONDING_MASTER=yes
IPADDR=192.168.1.1
PREFIX=24
ONBOOT=yes
BOOTPROTO=none
BONDING_OPTS="bonding parameters separated by spaces"

RHEL 7 Doku

routing

Default route löschen/neu setzen 

# route del -net default netmask 0.0.0.0
# route add default gw 10.11.22.1 eth0
ODER
# ip route delete default
# ip route add default via 10.11.22.1 src 10.11.22.111

Eigene Routen anlegen/löschen 

route add -net 192.168.1.0 netmask 255.255.255.0 dev eth1
ip route add 192.168.1.0/24 via 10.11.12.254 src 10.11.12.13
ip route add 192.168.1.0/24 via 10.11.12.254

route del -net 192.168.1.0 netmask 255.255.255.0 dev eth1

default gateway in der /etc/sysconfig/network eintragen 

GATEWAY=10.11.22.1

So schaut ein /etc/sysconfig/network-scripts/ifcfg-eth0 aus wenn speed usw. eingestellt ist: 

DEVICE=eth0
BOOTPROTO=none
IPADDR=10.11.22.33
NETMASK=255.255.255.0
ONBOOT=yes
TYPE=Ethernet
GATEWAY=10.11.22.1
USERCTL=no
PEERDNS=yes
ETHTOOL_OPTS="speed 100 duplex full autoneg off"

bridge

Install the bridge-utils 

yum install bridge-utils

Create a bridge file: /etc/sysconfig/network-scripts/ifcfg-br0 

DEVICE=br0
NAME=br0
TYPE=Bridge
BOOTPROTO=none
ONBOOT=yes
DELAY=10
STP=off
IPADDR=1.2.3.4
PREFIX=24
GATEWAY=1.2.3.1
DEFROUTE=yes

Create a interface file: /etc/sysconfig/network-scripts/ifcfg-eth0 

DEVICE=eth0
NAME=eth0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
BRIDGE=br0
brctl addbr br0
brctl addif br0 eth0
ifconfig eth0 down
ifconfig eth0 0.0.0.0 up
ifconfig br0 10.11.22.23 up

Change and specify interfacenames

In RHEL/CentOS 7 there is a new nameing-convention for network-interfaces implemented. Some people do not like that, so you can switch back to the old one. RHEL 7 Networking Guide

In a virtual machine you should ensure that the interfaces do not get mixed after a reboot or if you add a new NIC. Create a new file

# vi /etc/udev/rules.d/69-vmxnet3-net.rules 

SUBSYSTEM=="net", ACTION=="add", KERNELS=="0000:0b:00.0" DRIVERS=="vmxnet3", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
SUBSYSTEM=="net", ACTION=="add", KERNELS=="0000:13:00.0" DRIVERS=="vmxnet3", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"
SUBSYSTEM=="net", ACTION=="add", KERNELS=="0000:1b:00.0" DRIVERS=="vmxnet3", ATTR{type}=="1", KERNEL=="eth*", NAME="eth2"
SUBSYSTEM=="net", ACTION=="add", KERNELS=="0000:04:00.0" DRIVERS=="vmxnet3", ATTR{type}=="1", KERNEL=="eth*", NAME="eth3"
SUBSYSTEM=="net", ACTION=="add", KERNELS=="0000:0c:00.0" DRIVERS=="vmxnet3", ATTR{type}=="1", KERNEL=="eth*", NAME="eth4"
SUBSYSTEM=="net", ACTION=="add", KERNELS=="0000:14:00.0" DRIVERS=="vmxnet3", ATTR{type}=="1", KERNEL=="eth*", NAME="eth5"
SUBSYSTEM=="net", ACTION=="add", KERNELS=="0000:1c:00.0" DRIVERS=="vmxnet3", ATTR{type}=="1", KERNEL=="eth*", NAME="eth6"
SUBSYSTEM=="net", ACTION=="add", KERNELS=="0000:05:00.0" DRIVERS=="vmxnet3", ATTR{type}=="1", KERNEL=="eth*", NAME="eth7"

Add the additional keyword net.ifnames=0 to the grub config file: /etc/default/grub so that the file looks like: 

GRUB_TIMEOUT=5
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=vg_hostname_swap/lv_swap rd.lvm.lv=vg_hostname_base/lv_base rhgb quiet net.ifnames=0"
GRUB_DISABLE_RECOVERY="true""

net.ifnames=0 is added to the end of the GRUBCMDLINELINUX Variable

The new option must find a way into the grub. A new config can be made with the following command: 

# grub2-mkconfig -o /boot/grub2/grub.cfg

After that do not forget to rename the ifcfg-files! 

# mv ifcfg-crapyname ifcfg-eth0

Disable IPv6

CentOS/RHEL 7

To disable the kernel model edit the grub config file: /etc/default/grub and add in the line GRUBCMDLINELINUX the parameter ipv6.disable=1 so that the file look like 

GRUB_TIMEOUT=5
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=vg_hostname_swap/lv_swap rd.lvm.lv=vg_hostname_base/lv_base rhgb quiet ipv6.disable=1"
GRUB_DISABLE_RECOVERY="true""

Reconfigure your grub with the following command: 

# grub2-mkconfig -o /boot/grub2/grub.cfg

CentOS/RHEL 6

Create and edit the file /etc/modprobe.d/ipv6.conf 

options ipv6 disable=1

Just to be sure you can disable the ip6tables chkconfig ip6tables off. If it is not already done also change or add the following line in /etc/sysconfig/network 

NETWORKING_IPV6=no

firewalld

Block an IP with the firewall-cmd 

firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -s 10.11.12.13/32 -j DROP

–permanent would make this rule “forever”, so it exists until to the next reboot or restart of the firewall.

Router

How to build your own router OK OK, I also copied the whole thing, to make here accessible.

VPN

Read a pretty good documentation at RedHat.

OPENVPN

Some links for helping out. I prefer now WIREGUARD.

Wireguard

https://serversideup.net/generating-wireguard-qr-codes-for-fast-mobile-deployments/

https://emanuelduss.ch/2018/09/wireguard-vpn-road-warrior-setup/

https://www.cyberciti.biz/faq/centos-8-set-up-wireguard-vpn-server/

Create Client Keys

# cd /etc/wireguard
# wg genkey | tee newclient-private.key | wg pubkey > newclient-public.key
# ls -l newclient-*

Create Client Configuration

vi newclient-private.conf 

#newclient
[Interface]
PrivateKey = <Key from newclient-private.key>
Address = 10.20.30.40 # The VPN-IP from your newclient
DNS = 10.10.10.10, 20.20.20.20 # optional if you want the use a specific DNS in your VPN

[Peer]
PublicKey = <Public-Key from your server>
Endpoint = 10.20.30.1:6789 # IP or DNS and port from your server
AllowedIPs = 10.0.0.0/8, 192.168.1.1/32 # IPs which for which the client is going to use the VPN

Create Server Configuration

vi wg0.conf 

#Server configuration for wg0
[Interface]
# Your server private VPN IP
Address = 10.11.12.1/24
 
# The port your server is listen
ListenPort = 9876
 
PrivateKey = <the private key from your server>

#Client 1
[Peer]
PublicKey = <the public key from Client 1>
AllowedIPs = 10.20.30.39/32

#newclient
[Peer]
PublicKey = <the public key from newclient - cat /etc/wireguard/newclient-public.key>
AllowedIPs = 10.20.30.40/32

Create a QR-code that can be scanned with your phone 

qrencode -t ansiutf8 -r /etc/wireguard/newclient-public.conf

Speedtest

with netcat (nc):

Start netcat on serverA 

nc -v -l 6789 > /dev/null

On serverB, run the following command: 

dd if=/dev/zero bs=1024K count=1024 | nc -v <IP-of-serverA> 6789
, , ,
myhelp/network.txt · Last modified: by ulrich