Tag Archives: linux

Linux IPv6 command cheatsheet

This post is intended to be a quick note to self on linux IPv6 commands, for quick reference when needed.

 

 

# Find the route decision for a given address.
ip route get 2a00:1450:4001:820::200e

ip -6 route
route -A inet6 (apt-get install net-tools) # equivalent to netstat -rn -A inet6
netstat -A inet6 -rn
netstat -r
ip -6 route show table 51820
ip -6 neigh
ip -6 neigh show proxy

# DHCPv6 release / renew
dhclient -6 -r ens18
dhclient -6 ens18

# Flush IPv6 neighbors cache
ip -family inet6 neigh flush any

# Find the route decision for a given address.
ip route get 2a00:1450:4001:820::200e

# Request a router advertisement (apt-get install -y ndisc6)
rdisc6 eth0

# Perform a Neighbor Solicitation (arp IPv4 equivalent) (apt-get install -y ndisc6)
ndisc6 2001:db8::42 eth0

# ping multicast address to have all link-local hosts to respond.
ping ff02::1%eth0

Good articles about IPv6:

Troubleshooting tools:

Bonus section ‘ufw’ firewall

Check status of firewall and enable or disable.
# ufw status
# ufw enable
# ufw disable

View firewall rules and number to delete a specific rule.
# ufw status verbose
# ufw status numbered

Delete a firewall rule (from number of last cmd)
# ufw delete 12

Rules needed to allow IPv6 routing via wireguard to endpoint (no iptables forwarding would be needed on IPv6 as the other peer carries the public IP – they also should implement a firewall before using the below command!)
# ufw route allow in on eth0 out on wghub to 2602:xxx:730b:xxx:cafe::12

IPv4 firewall and routing rule to open Plex Media Server port 32400 and internal IPv4 space of wireguard peer.
# ufw allow in on eth0 out on wghub to 10.100.100.11 port 32400
# ufw route allow in on eth0 out on wghub to 10.100.100.11 port 32400

Add rule and get logs for matches of that rule:
# ufw allow log proto any from any to 192.168.1.x

View logs:
# tail -f /var/log/ufw.log

Extra bonus iptables NAT forwarding

On VPS (public endpoint) forward IPv4 traffic on tcp/32400 to wireguard peer. (recall IPv6 doesn’t need a rule)
# iptables -A PREROUTING -t nat -i eth0 -p tcp –dport 32400 -j DNAT –to 10.100.100.11:32400

Test your port forwards

For IPv6 I use:
http://www.ipv6scanner.com/cgi-bin/main.py

For IPv4:
https://www.yougetsignal.com/tools/open-ports/

LXC allow non-root users to bind to port 80 (couchpotato example)

A follow-up to my last post dealing with unprivileged port access on linux containers.

This time, I have a couchpotato container that I want to change its default port from 5050 to port 80, so that it is as simple as http://mycouch/ to access from the local network.
Continue reading

SecureCRT mapping “Page Up” and “Page Down” for Nano/SSH

If you use a windows ssh terminal client, or even macosx’s terminal.app, the functionality of your page up and page down key may not behave like you want it to. For example, in SecureCRT using pageup will actually page up your scroll buffer, and pagedown will scroll down your page buffer.

You’ll need to remap your keys to send the correct signal to your terminal. Change it from the default system function to “send string” and the following strings:

PageUp = 33[5~
PageDown = 33[6~

33 is a shortcut for the ESCAPE key (esc) since in some programs you can’t type in the actualy escape key.

Here are some other codes as well in case you need to remap keys.

Pause = 32
Macro = 03 # Break (Shift-Pause)
Home = 33[1~
Insert = 33[2~
Remove = 33[3~ # Delete
End = 33[4~

In SecureCRT the area to remap your keys is Tools -> Keymap Editor.

This is especially handy if you use command line IRC clients such as Irssi or BitchX.