Linux Essential Commands - Networking
Configure networking and hostname resolution statically or dynamically
ss and netstat are similar. But ss is newer and more popular
# How do we see what processes on our system
# are listening for incoming network connections,
# on the TCP and UDP protocols?
sudo ss -tunlp
-l = listening
-t = TCP connections
-u = UDP connections
-n = numeric values
-p = processes
listening, tcp, udp, numeric,
"tunl,p Tunnel programs"
# Find out what process is listening for incoming connections on port 22
sudo ss -tlnp | grep :22
sudo netstat -natp | grep :22
# find out what process is listening for incoming connections on port 67
# since its a UDP port so you need to use u option as well with ss command
sudo ss -tlnpu | grep :67
# Get the list of all incoming open ports on this system
sudo netstat -tulpn | grep LISTEN
sudo ss -tulpn | grep LISTEN
PACKET FILTERING, STATIC ROUTES AND TIME SYNCHRONIZATION
firewall-cmd
# list all current firewall rules.
sudo firewall-cmd --list-all
# Allow Permanent TCP incoming connections to port 7869
sudo firewall-cmd --add-port=7869/tcp --permanent
# Remove port 53 allowing UDP traffic
sudo firewall-cmd --remove-port=53/udp
# Allow all traffic that is coming from any IP in this network range
# 10.11.12.0 to 10.11.12.255 (i.e 10.11.12.0/24)
# add the required rule in the trusted zone and the rule must be permanent.
sudo firewall-cmd --add-source=10.11.12.0/24 --zone=trusted --permanent
# Make all of these runtime rules permanent.
sudo firewall-cmd --runtime-to-permanent
Statically route IP traffic
# Check out the route table and find out the default gateway for eth0 connection on this system
ip route show
# Look for the line that contains default via
# Temporarily route all traffic that must reach the 192.168.0.* network
# through the device that has the IP 172.28.128.100
sudo ip route add 192.168.0.0/24 via 172.28.128.100
# permanently route all traffic that must reach the 192.168.0.* network
# through the device that has the IP 172.28.128.100
sudo nmcli connection modify eth1 +ipv4.routes "192.168.0.0/24 172.28.128.100"
sudo nmcli device reapply eth1
# Delete the route you just created in the previous question
sudo nmcli connection modify eth1 -ipv4.routes "192.168.0.0/24 172.28.128.100"
sudo nmcli device reapply eth1
# To configure system as route forward must be enabled
echo 1 > /proc/sys/net/ipv4/ip_forward
# make configuration persistent
echo net.ipv4.ip_forward = 1 > /etc/sysctl.d/ipv4.conf
# add an extra IP to eth1 interface on this system: 10.0.0.50/24
sudo ip a add 10.0.0.50/24 dev eth1
sudo nmcli device reapply eth1