Linux Learning · Part 5 of 7

🌐 Linux Networking

Interfaces · Static IP · SSH · DNS · Firewall · Diagnostics · Subnet Calculator

Network Interfaces

ip — the modern network tool (replaces ifconfig)

$ ip a                                     # all interfaces and IPs
$ ip addr show eth0                         # specific interface
$ ip route                                  # routing table
$ ip route show default                     # default gateway
$ ip link set eth0 up                       # bring interface up
$ sudo ip addr add 192.168.1.50/24 dev eth0 # add temp IP
$ sudo ip route add 10.0.0.0/8 via 192.168.1.1  # add static route
$ ip neigh                                  # ARP table

Static IP Configuration

Ubuntu/Debian — Netplan (/etc/netplan/00-installer-config.yaml)

network:
  version: 2
  ethernets:
    eth0:
      dhcp4: no
      addresses:
        - 192.168.1.100/24
      routes:
        - to: default
          via: 192.168.1.1
      nameservers:
        addresses: [1.1.1.1, 8.8.8.8]

$ sudo netplan try     # test (reverts if you don't confirm)
$ sudo netplan apply   # apply permanently

RHEL/Fedora — NetworkManager (nmcli)

$ sudo nmtui                                              # interactive TUI
$ nmcli device status
$ sudo nmcli con mod "eth0" ipv4.addresses "192.168.1.100/24"
$ sudo nmcli con mod "eth0" ipv4.gateway "192.168.1.1"
$ sudo nmcli con mod "eth0" ipv4.dns "1.1.1.1 8.8.8.8"
$ sudo nmcli con mod "eth0" ipv4.method manual
$ sudo nmcli con up "eth0"

SSH

SSH connect, keys, and config

$ ssh user@host
$ ssh -p 2222 user@host                           # custom port
$ ssh -i ~/.ssh/mykey.pem user@host               # specific key

# Generate a key (ed25519 recommended):
$ ssh-keygen -t ed25519 -C "user@example.com"
$ ssh-copy-id user@host                           # copy public key to server

# ~/.ssh/config — save connection profiles:
Host myserver
    HostName 192.168.1.100
    User saad
    Port 2222
    IdentityFile ~/.ssh/id_ed25519
    ServerAliveInterval 60

$ ssh myserver                                    # connect using profile

SSH tunnels and port forwarding

# Local forward — access remote service locally:
$ ssh -L 3306:db-server:3306 user@jumphost
# → connect to localhost:3306 and it tunnels to db-server:3306

# Remote forward — expose local service on remote host:
$ ssh -R 8080:localhost:3000 user@vps
# → access vps:8080 and it tunnels back to your local:3000

# Jump host / bastion:
$ ssh -J user@bastion user@internal-server

# SCP file copy:
$ scp file.txt user@host:/remote/path/
$ scp -r /local/dir user@host:/remote/

DNS

dig / nslookup — DNS lookups

$ dig google.com                  # full DNS response
$ dig +short google.com           # just the IP
$ dig google.com MX               # mail server records
$ dig google.com NS               # nameservers
$ dig @8.8.8.8 google.com         # query specific DNS server
$ dig -x 8.8.8.8                  # reverse DNS lookup
$ cat /etc/resolv.conf            # current DNS server config
$ resolvectl status               # systemd-resolved DNS status

Firewall — UFW

UFW — Uncomplicated Firewall (Debian/Ubuntu)

$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing
$ sudo ufw allow 2222/tcp          # SSH on custom port
$ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp
$ sudo ufw limit 2222/tcp          # rate-limit: block after 6 attempts in 30s
$ sudo ufw allow from 192.168.1.0/24 to any port 3306  # MySQL internal only
$ sudo ufw enable
$ sudo ufw status numbered
$ sudo ufw delete 3               # delete rule by number

firewalld (RHEL/Fedora)

$ sudo firewall-cmd --state
$ sudo firewall-cmd --list-all
$ sudo firewall-cmd --add-service=http --permanent
$ sudo firewall-cmd --add-port=8080/tcp --permanent
$ sudo firewall-cmd --reload

Network Diagnostics

Connectivity and port testing

$ ping -c 4 8.8.8.8
$ traceroute 8.8.8.8
$ mtr --report google.com           # continuous traceroute with stats
$ nc -zv google.com 443             # test if port is open
$ ss -tulnp                         # all listening ports + processes

# Packet capture:
$ sudo tcpdump -i eth0 port 80
$ sudo tcpdump -i eth0 host 8.8.8.8
$ sudo tcpdump -i eth0 -w capture.pcap  # save for Wireshark

🧮 Subnet / CIDR Calculator

Enter an IP and prefix length to calculate network details.

Subnet Calculator

IP Address

/ Prefix

Enter values above and click Calculate

🖥

Need a Linux VPS? Try DigitalOcean

Spin up a Linux droplet and practice these networking commands on a real server.

Get Started →