Quick Debian/Ubuntu networking tips

Mike Green
Oct 19, 2009 · 3 min read

IPv4 Specific

Enable Proxy ARP (Address Resolution Protocol)

Assuming eth0 as the interface, in /etc/network/interfaces add:

iface eth0 inet static
    ...
    post_up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

Route incoming traffic to another server

In other words, all traffic arriving at a certain IP should be forwarded to another server (public or internal).

iptables -t nat -I PREROUTING -d <original ip> -j DNAT --to <other server>

Route outgoing web traffic via another IP

In other words, make outgoing web traffic appear as if coming from another public IP address (registered to the server and router).

iptables -t nat -A POSTROUTING -o eth0 -p tcp -m tcp --dport 80 -j SNAT --to-source <ip>

Viewing the NAT table

Issue the following command from the shell:

iptables -t nat -L

Flush iptables

The clear the iptables entirely, issue the following command from the shell:

iptables -F && iptables -t nat -F && iptables -t mangle -F

IPv6 Specific

Enable Proxy NDP for IPv6 (Neighbor Detection Protocol)

Assuming eth0 as the interface, in /etc/network/interfaces add:

iface eth0 inet static
 ...
 post_up echo 1 > /proc/sys/net/ipv6/conf/eth0/proxy_ndp

Manually announce an IPv6 neighbor

Assuming eth0 as the public IPv6 interface:

ip -6 neigh add proxy <ipv6> dev eth0

Enable IPv6 forwarding

In /etc/sysctl.conf uncomment:

net.ipv6.conf.all.forwarding=1

Adding more than one IPv6 address per interface

Edit /etc/network/interfaces, add:

iface eth0 inet6 static
    ...
    up /sbin/ifconfig eth0 inet6 add <ip>/<netmask>

Setup a 6to4 tunnel (IPv6 to IPv4 translation)

Obtain IPv6 address for 6to4:

printf "2002:%02x%02x:%02x%02x::1n" $(echo <ipv4> | tr . ' ')
auto tun6to4
iface tun6to4 inet6 v4tunnel
    address <ipv6 obtained>
    netmask 16
    gateway ::192.88.99.1
    endpoint any
    local <actual ipv4>
auto tun6to4
iface tun6to4 inet6 v4tunnel
    address 2002:5b02:0304::1
    netmask 16
    gateway ::192.88.99.1
    endpoint any
    local 91.2.3.4

Application Specific

Setup OpenVPN tap tunnel interface on a bridge

Edit /etc/network/interfaces, add:

iface vmbr0 inet static
    ...
    bridge_ports tap0
    ...
    pre-up /usr/sbin/openvpn --mktun --dev tap0
    post-down /usr/sbin/openvpn --rmtun --dev tap0

Enable OpenVZ/Proxmox for IPv6

Edit /etc/vz/vz.conf and change:

...
IPV6="yes"
...

Adding a failover IP (OVH)

Edit /etc/network/interfaces and add a new alias:

auto eth0:<alias number>
iface eth0:<alias number> inet static
    address  <failover ip>
    netmask  255.255.255.255
auto eth0:0
iface eth0:0 inet static
    address  91.2.3.4
    netmask  255.255.255.255

Myatu’s

Myatu’s Tech Blog, from the site that has been wasting bits and bytes daily, since 2008.

Mike Green

Written by

I keep servers happy, and they keep me happy.

Myatu’s

Myatu’s

Myatu’s Tech Blog, from the site that has been wasting bits and bytes daily, since 2008.