Quick Debian/Ubuntu networking tips

Mike Green
Oct 19, 2009 · 3 min read
Image for post
Image for post

Like anyone else, at times I forget how to do certain things when it comes to networking.

Here are a few reminders / tips specific to Debian and Ubuntu.

IPv4 Specific

Assuming eth0 as the interface, in /etc/network/interfaces add:

iface eth0 inet static
...
post_up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

In other words, all traffic arriving at a certain IP should be forwarded to another server (public or internal).

Using iptables, issue the following command from the shell:

iptables -t nat -I PREROUTING -d <original ip> -j DNAT --to <other server>

Where <original ip> is the IP where incoming traffic is received, and <other server> is where the traffic should be routed to.

In other words, make outgoing web traffic appear as if coming from another public IP address (registered to the server and router).

Assuming that eth0 is the public interface, using iptables issue the following command from the shell:

iptables -t nat -A POSTROUTING -o eth0 -p tcp -m tcp --dport 80 -j SNAT --to-source <ip>

Where <ip> is the IP address to be used.

Note: You can substitute tcp for udp, or use a different port for other applications such as FTP. Also, the IP must be routable to your server.

Issue the following command from the shell:

iptables -t nat -L

The clear the iptables entirely, issue the following command from the shell:

iptables -F && iptables -t nat -F && iptables -t mangle -F

IPv6 Specific

Assuming eth0 as the interface, in /etc/network/interfaces add:

iface eth0 inet static
...
post_up echo 1 > /proc/sys/net/ipv6/conf/eth0/proxy_ndp

Assuming eth0 as the public IPv6 interface:

ip -6 neigh add proxy <ipv6> dev eth0

Where <ipv6> is the actual IPv6 address.

In /etc/sysctl.conf uncomment:

net.ipv6.conf.all.forwarding=1

Edit /etc/network/interfaces, add:

iface eth0 inet6 static
...
up /sbin/ifconfig eth0 inet6 add <ip>/<netmask>

Where <ip>/<netmask> is the actual IPv6 and netmask respectively, i.e.: dead:beef:cafe:1::1/64.

Note: The last entry takes priority.

Obtain IPv6 address for 6to4:

printf "2002:%02x%02x:%02x%02x::1n" $(echo <ipv4> | tr . ' ')

Where <ipv4> is the actual IPv4 address, i.e.., 91.2.3.4 would result in 2002:5b02:0304::1.

Edit /etc/network/interfaces, add:

auto tun6to4
iface tun6to4 inet6 v4tunnel
address <ipv6 obtained>
netmask 16
gateway ::192.88.99.1
endpoint any
local <actual ipv4>

Where the <ipv6 obtained> and <actual ipv4> is from the explanation given earlier. For example:

auto tun6to4
iface tun6to4 inet6 v4tunnel
address 2002:5b02:0304::1
netmask 16
gateway ::192.88.99.1
endpoint any
local 91.2.3.4

Note: 192.88.99.1 will automatically select the nearest IPv6 to IPv4 gateway.

Application Specific

Edit /etc/network/interfaces, add:

iface vmbr0 inet static
...
bridge_ports tap0
...
pre-up /usr/sbin/openvpn --mktun --dev tap0
post-down /usr/sbin/openvpn --rmtun --dev tap0

Edit /etc/vz/vz.conf and change:

...
IPV6="yes"
...

Edit /etc/network/interfaces and add a new alias:

auto eth0:<alias number>
iface eth0:<alias number> inet static
address <failover ip>
netmask 255.255.255.255

Where <alias number> is a sequential number starting at 0 (zero) and <failover ip> is the actual failover IP address. For example:

auto eth0:0
iface eth0:0 inet static
address 91.2.3.4
netmask 255.255.255.255

Myatu’s

Myatu’s Tech Blog, from the site that has been wasting bits…

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store