Mikrotik RouterOS – “drop all from WAN not DSTNATed”

Posted on January 10, 2020 by admin

The default DSTNATed firewall rule keeps traffic from the WAN accessing LAN side IP addresses.

More info here

Printing the rules on a router with the default config should show the following.

;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-nat-state=!dstnat in-interface=ether1

If you are wanting to add the rule to a router, you can copy and past the following command. Replace in-interface=ether with your in interface.

/ip firewall add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat in-interface=ether1

EdgePoint – set IP configuration to DHCP via command line

Posted on October 8, 2019 by admin

Change eth0 to the interface you would like to change.

SSH into EdgePoint and type in configure to get into a configuration prompt

configure

Now set interface eth0 to dhcp

set interfaces ethernet eth0 address dhcp

Delete the static IP address on eth0 if needed

delete interfaces ethernet eth0 address 192.168.1.1/24

Save changes

commit

Setup DHCP server on Linux

Posted on October 4, 2019 by admin

Install dhcp server software

sudo apt install isc-dhcp-server

Edit the following config file and set the networking interface it should use. In this case enp60s0

sudo vi /etc/default/isc-dhcp-server

Example line to change

INTERFACESv4="enp60s0"

Now edit the dhcpd.con file

sudo vi /etc/dhcp/dhcpd.conf

Add the following in. Change the addresses and settings as needed.

subnet 192.168.47.0 netmask 255.255.255.0 {
   range 192.168.47.26 192.168.47.30;
   option domain-name-servers ns1.internal.example.org;
   option domain-name "internal.example.org";
   option subnet-mask 255.255.255.0;
   option routers 192.168.47.1;
   option broadcast-address 192.168.47.255;
   default-lease-time 600;
   max-lease-time 7200;
 }

Set a static ip on the computer that’ll be acting as the dhcp server. You can set it as the gateway if it is the gateway.

Allow dhcp through the firewall

sudo ufw allow  67/udp
sudo ufw reload

Restart the service and connect a client.

sudo systemctl restart isc-dhcp-server

More info.

You can look at dhcp leases with the following command

tail -f /var/lib/dhcp/dhcpd.leases

Disable Network Manager in CentOS

Posted on September 20, 2019 by admin

Disable the service from starting on system boot

systemctl disable NetworkManager

Stop the service from running

systemctl stop NetworkManager

And if you want to remove it from the system.

yum remove NetworkManager

Refer to this post if you need to set a static IP Address

Set static ip address in Ubuntu 19.04

Posted on August 30, 2019 by admin

The network configuration settings for the server edition of Ubuntu are now stored in the following location. Create the file if it does not exist.

sudo vi /etc/netplan/01-network-manager-all.yaml

Add or edit the config file to the following. Change eno1 to your interface name and the address and gateway to the appropriate IP’s

For more information, see netplan(5).
 network:
   version: 2
   renderer: networkd
   ethernets:
     eno1:
      dhcp4: no
      addresses: [192.168.200.24/24]
      gateway: 192.168.200.1
      nameservers:
        addresses: [8.8.8.8,8.8.4.4]

Now apply the changes with the following command.

sudo netplan apply

Find IP address from command line on Linux

Posted on May 3, 2019 by admin

Using ip command

ip add

example output

bob@localhost:~$ ip add
 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
     inet 127.0.0.1/8 scope host lo
        valid_lft forever preferred_lft forever
     inet6 ::1/128 scope host
        valid_lft forever preferred_lft forever
 2: eno1:  mtu 1500 qdisc mq state UP group default qlen 1000
     link/ether 38:ea:a7:13:a4:fe brd ff:ff:ff:ff:ff:ff
     inet 192.168.1.21/24 brd 192.168.1.1 scope global dynamic noprefixroute eno1
        valid_lft 513sec preferred_lft 513sec
     inet6 13ac::98fe::ae78:d1ff/64 scope link noprefixroute
        valid_lft forever preferred_lft forever
 bob@localhost:~$

ifconfig

You may need to install net-tools to use

ifconfig

example output

bob@localhost:~$ ifconfig 
eno1: flags=4163  mtu 1500
         inet 192.168.200.58  netmask 255.255.255.0  broadcast 192.168.1.21
         inet6  13ac::98fe::ae78:d1ff  prefixlen 64  scopeid 0x20
         ether b8:ac:6f:91:01:e8  txqueuelen 1000  (Ethernet)
         RX packets 184950632  bytes 9487577263452
         RX errors 0  dropped 0  overruns 0  frame 0
         TX packets 128473456  bytes 234612443785 
         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Using the hostname command

hostname -I

Output is just the IP address. Example below

192.168.1.21

Incredigeek

Tag Archives: ip