Like anyone else, at times I forget how to do certain things when it comes to networking.

Here are a few reminders / tips specific to Debian and Ubuntu.

IPv4 Specific

Enable Proxy ARP (Address Resolution Protocol)

Assuming eth0 as the interface, in /etc/network/interfaces add:

iface eth0 inet static

    ...

    post_up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

Route incoming traffic to another server

In other words, all traffic arriving at a certain IP should be forwarded to another server (public or internal).

Using iptables, issue the following command from the shell:

iptables -t nat -I PREROUTING -d <original ip> -j DNAT --to <other server>

Where <original ip> is the IP where incoming traffic is  received, and <other server> is where the traffic should be routed to.

Route outgoing web traffic via another IP

In other words, make outgoing web traffic appear as if coming from another public IP address (registered to the server and router).

Assuming that eth0 is the public interface, using iptables issue the following command from the shell:

iptables -t nat -A POSTROUTING -o eth0 -p tcp -m tcp --dport 80 -j SNAT --to-source <ip>

Where <ip> is the IP address to be used.

Note: You can substitute tcp for udp, or use a different port for other applications such as FTP. Also, the IP must be routable to your server.

Viewing the NAT table

Issue the following command from the shell:

iptables -t nat -L

Flush iptables

The clear the iptables entirely,  issue the following command from the shell:

iptables -F && iptables -t nat -F && iptables -t mangle -F

IPv6 Specific

Enable Proxy NDP for IPv6 (Neighbor Detection Protocol)

Assuming eth0 as the interface, in /etc/network/interfaces add:

iface eth0 inet static

 ...

 post_up echo 1 > /proc/sys/net/ipv6/conf/eth0/proxy_ndp

Manually announce an IPv6 neighbor

Assuming eth0 as the public IPv6 interface:

ip -6 neigh add proxy <ipv6> dev eth0

Where <ipv6> is the actual IPv6 address.

Enable IPv6 forwarding

In /etc/sysctl.conf uncomment:

net.ipv6.conf.all.forwarding=1

 

Adding more than one IPv6 address per interface

Edit /etc/network/interfaces, add:

iface eth0 inet6 static

    ...

    up /sbin/ifconfig eth0 inet6 add <ip>/<netmask>

Where <ip>/<netmask> is the actual IPv6 and netmask respectively, i.e.: dead:beef:cafe:1::1/64.

Note:  The last entry takes priority.

Setup a 6to4 tunnel (IPv6 to IPv4 translation)

Obtain IPv6 address for 6to4:

printf "2002:%02x%02x:%02x%02x::1\n" $(echo <ipv4> | tr . ' ')

Where <ipv4> is the actual IPv4 address, i.e.., 91.2.3.4 would result in 2002:5b02:0304::1.

Edit /etc/network/interfaces, add:

auto tun6to4

iface tun6to4 inet6 v4tunnel

    address <ipv6 obtained>

    netmask 16

    gateway ::192.88.99.1

    endpoint any

    local <actual ipv4>

Where the <ipv6 obtained> and <actual ipv4> is from the explanation given earlier. For example:

auto tun6to4

iface tun6to4 inet6 v4tunnel

    address 2002:5b02:0304::1

    netmask 16

    gateway ::192.88.99.1

    endpoint any

    local 91.2.3.4

Note: 192.88.99.1 will automatically select the nearest IPv6 to IPv4 gateway.

Application Specific

Setup OpenVPN tap tunnel interface on a bridge

Edit /etc/network/interfaces, add:

iface vmbr0 inet static

    ...

    bridge_ports tap0

    ...

    pre-up /usr/sbin/openvpn --mktun --dev tap0

    post-down /usr/sbin/openvpn --rmtun --dev tap0

Enable OpenVZ/Proxmox for IPv6

Edit /etc/vz/vz.conf and change:

...

IPV6="yes"

...

Adding a failover IP (OVH)

Edit /etc/network/interfaces and add a new alias:

auto eth0:<alias number>

iface eth0:<alias number> inet static

    address  <failover ip>

    netmask  255.255.255.255

Where <alias number> is a sequential number starting at 0 (zero) and <failover ip> is the actual failover IP address. For example:

auto eth0:0

iface eth0:0 inet static

    address  91.2.3.4

    netmask  255.255.255.255

Related posts:

1. Compiling NginX on Debian / Ubuntu
2. Guide: Firewall and router with Proxmox
3. Blocking w00tw00t scans