Network Operations


  • Simple ssh connection

    ssh username@hostname
  • Tunneling

    ssh username@server_1 -N -f -L local_port:server_2:remote_port
  • Relay with port-forwarding


    ssh -L port_a:localhost:port_b username@server_1 sshpass -p password_for_server_2 ssh -L port_b:localhost:port_c -N username@server_2


    ssh -L 3333:localhost:4444 [email protected] sshpass -p s0mePa$$w0rd ssh -L 4444:localhost:3389 -N [email protected]

    Note: This scenario was tested with a 3 machines. The physical Windows machine with ssh (client), a Debian server (server_1) on Linode VPS, and a Windows RDP host (server_2). server_1 and server_2 have VPN tunneling with Tailscale.

    In order for this to work, server_2 must have OpenSSH Server service enabled and running. server_1 must have sshpass installed, the in and out ports whitelisted with ufw.

    This is just a makeshift method in desperate times. Looking for better ways in the future.



Might need to install first on some distributions or barebone server images.

It is basically a convenient wrapper for iptables and netfilter. Hence, (U)ncomplicated(F)ire(w)all.

⚠️ Proceed with caution. Incorrectly configuring your system firewall might result in massive failures on dependent systems and network nodes.

  • Show status

    sudo ufw status
  • Enable/Disable

    sudo ufw enable # or disable

Swap allow with deny for the opposite effect.

  • Allow port for both tcp and udp.

    ufw allow 6969
  • Allow common protocol by name for only tcp.

    sudo ufw allow http/tcp
  • Allow source and destination IP subnet range with specified protocol and port range.

    sudo ufw allow proto tcp from to port 69:420

Information Query

traceroute/tracert (Trace packets route)

  • Default and simple

    traceroute <IP | FQDN>
  • Specify max number of hops

    traceroute -m <int> <IP | FQDN>
  • Example

    traceroute -m 42069

dig (DNS lookup)

dig <IP | FQDN>

nslookup (Nameserver lookup)

Most effective when used to look into a certain web address, e.g., rather than an IP address.

nslookup <FQDN | IP>


  • List network interfaces with status, Physical MAC address, IP address, and subnet.

    ip address

Virtual Private Network (VPN)


Tailscale is a VPN service that uses WireGuard protocol. If you are looking for a fully OSS alternative to Tailscale, you can check out Headscale instead.

Tailscale can be virtually installed and used across all popular platforms. Maybe except for z/OS?

  • Create Tailscale account: (I personally use Github SSO provider)

  • Installation

    This script is provided on Tailscale official web documentation.

    curl -fsSL | sh
  • Start the service

    sudo tailscale up
  • Follow the instructions and complete the setup.

  • Some use cases I have experimented with: