Network Operations
SSH
-
Simple
ssh
connectionssh username@hostname
-
Tunneling
ssh username@server_1 -N -f -L local_port:server_2:remote_port
-
Relay with port-forwarding
Synopsis:
ssh -L port_a:localhost:port_b username@server_1 sshpass -p password_for_server_2 ssh -L port_b:localhost:port_c -N username@server_2
Example:
ssh -L 3333:localhost:4444 [email protected] sshpass -p s0mePa$$w0rd ssh -L 4444:localhost:3389 -N [email protected]@server-2.example.com
Note: This scenario was tested with a 3 machines. The physical Windows machine with ssh (client), a Debian server (
server_1
) on Linode VPS, and a Windows RDP host (server_2
).server_1
andserver_2
have VPN tunneling with Tailscale.In order for this to work,
server_2
must have OpenSSH Server service enabled and running.server_1
must havesshpass
installed, the in and out ports whitelisted withufw
.This is just a makeshift method in desperate times. Looking for better ways in the future.
Firewall
ufw
Might need to install first on some distributions or barebone server images.
It is basically a convenient wrapper for iptables
and netfilter
. Hence, (U)ncomplicated(F)ire(w)all.
β οΈ Proceed with caution. Incorrectly configuring your system firewall might result in massive failures on dependent systems and network nodes.
-
Show status
sudo ufw status
-
Enable/Disable
sudo ufw enable # or disable
Swap
allow
withdeny
for the opposite effect.
-
Allow port for both tcp and udp.
ufw allow 6969
-
Allow common protocol by name for only tcp.
sudo ufw allow http/tcp
-
Allow source and destination IP subnet range with specified protocol and port range.
sudo ufw allow proto tcp from 10.0.0.1/24 to 192.0.0.2/28 port 69:420
Information Query
traceroute/tracert (Trace packets route)
-
Default and simple
traceroute <IP | FQDN>
-
Specify max number of hops
traceroute -m <int> <IP | FQDN>
-
Example
traceroute -m 42069 google.com
dig (DNS lookup)
dig <IP | FQDN>
nslookup (Nameserver lookup)
Most effective when used to look into a certain web address, e.g. google.com, rather than an IP address.
nslookup <FQDN | IP>
ip/ipconfig/ifconfig
-
List network interfaces with status, Physical MAC address, IP address, and subnet.
ip address
Virtual Private Network (VPN)
Tailscale
Tailscale is a VPN service that uses WireGuard protocol. If you are looking for a fully OSS alternative to Tailscale, you can check out Headscale instead.
Tailscale can be virtually installed and used across all popular platforms. Maybe except for z/OS?
-
Create Tailscale account: https://login.tailscale.com/start (I personally use Github SSO provider)
-
Installation
This script is provided on Tailscale official web documentation.
curl -fsSL https://tailscale.com/install.sh | sh
-
Start the service
sudo tailscale up
-
Follow the instructions and complete the setup.
-
Some use cases I have experimented with:
- Simply connect with VPNβd devices.
- Set up exit nodes to bypass geo-locking.
- Set up a relay node to access systems connected to the VPN service.