-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path7 Manage Basic Networking
249 lines (189 loc) · 4.39 KB
/
7 Manage Basic Networking
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
# 7.1 Configure Networking and hostname resolution statically of dynamically
To have information about your network adapters
```
$ ip link show
$ ip l
```
To have information about your ip adresses
```
$ ip addresses show
$ ip a
```
View the routing tables
```
$ ip route show
$ ip r
```
View DNS resolvers
```
$ cat /etc/resolv.conf
```
Network configuration settings are defined in:
```
$ ls /etc/sysconfig/network-scripts/
```
Network manager tools
```
$ sudo nmtui
$ sudo nmcli
```
To force network manager to immediately apply changes, rather than reboot
```
$ sudo nmcli device reapply enp0s3
Static hostname resolution
$ sudo vim /etc/hosts
$ sudo hostnamectl
```
Update the transient hostname
$ sudo hostnamectl set-hostname dev-host01
# 7.2 Configure network services to start automatically at boot
```
$ sudo systemctl status NetworkManager.service
If not present, you can install it
$ sudo dnf install NetworkManager
$ sudo systemctl start NetworkManager.service
$ sudo systemctl enable NetworkManager.service
```
To enable a connection to auto start at boot
List the connections, not the <name>
$ nmcli connection show
$ sudo nmcli connection modify <name> autoconnect yes
# 7.3 Start, Stop and Check Network Services
Two utilities : ss and netstat
To see programs ready to accept network connections
```
$ sudo ss -tunlp
$ sudo lsof -p <pid>
```
Netstat uses almost the same arguments as ss
# 7.3 Implement packet filtering
FirewallD manages network interfaces in zones
Default zone is public, any incoming connection is blocked
Check default zone
```
$ sudo firewall-cmd --get-default-zone
```
to change the default zone
```
$ sudo firewall-cmd --set-default-zone=public
```
To see the current firewall rules
```
$ sudo firewall-cmd --list-all
```
To have more information about a service
$ sudo firewall-cmd --info-service=cockpit
Allow traffic to a service
```
$ sudo firewall-cmd --add-service=http
or
$ sudo firewall-cmd --add-port=80/tcp
```
To remove a service from a set of accepted connections
```
$ sudo firewall-cmd --remove-service=http
or
$ sudo firewall-cmd --remove-port=80/tcp
```
In a public zone, the main policy is to deny incomming connections to all ports
To setup a trusted zone
```
$ sudo firewall-cmd --add-source=10.11.12.0/24 --zone=trusted
```
To get a list of zones
```
$ sudo firewall-cmd --get-active-zones
```
To remove a filter based on adresses
```
$ sudo firewall-cmd --remove-source=10.11.12.0/24 --zone=trusted
```
To allow incoming trafic on specific port
```
$ sudo firewall-cmd --add-port=12345/tcp
```
Take a look at all current rules
```
$ sudo firewall-cmd --list-all
```
To make rules permanent/persistent
```
$ sudo firewall-cmd --runtime-to-permanent
or
$ sudo firewall-cmd --add-port=12345/tcp --permanent
```
# 7.4 : Statically route IP traffic
Network 1 : 10.0.0.0
CompA : 10.0.0.1
Network 2 : 192.168.0.0
CompB : 192.168.0.1
RouterC : 10.0.0.100, 192.168.0.100
> On CompA, set static route to Network B
```
$ sudo ip route add 192.168.0.0/24 via 10.0.0.100 dev enp0s3
```
> To delete a route
```
$ sudo ip route del 192.168.0.0/24
```
> Add default route(Gateway)
```
$ sudo ip route add default via 10.0.0.100
```
To delete a default route
```
$ sudo ip route del default via 10.0.0.100
```
To make changes permanent
Look at network manager
```
$ nmcli connection show
$ sudo nmcli connection modify enp0s3 +ipv6.routes "192.168.0.0/24 10.0.0.100"
$ sudo nmcli device reapply enp0s3
```
Confirm results
```
$ ip route show
```
>To remove these routes
```
$ sudo nmcli connection modify enp0s3 -ipv6.routes "192.168.0.0/24 10.0.0.100"
$ sudo nmcli device reapply enp0s3
```
If you forget these commands, you can user __nmtui__
# 7.5 Synchronizing time using network clients
The tool used by CentOS is chronyd
To make sure it's currently running
```
$ systemctl status chronyd.service
```
You can also run __timedatectl__
```
$ timedatectl
```
To install/enable chronyd
1. Make sure the time-zone is setup
```
$ sudo timedatectl set-timezone America/New_York
```
> To see all available time-zones
```
$ timedatectl list-timezones
```
2. Install the chrony daemon
```
$ sudo dnf install chrony
```
3. Start it and enable it
```
$ sudo systemctl start chronyd.service
$ sudo systemctl enable chronyd.service
```
4. Check now the time and date control
```
timedatectl
```
5. If NTP synchronization is not enabled, enable it
```
$ sudo systemctl set-ntp true
```