Networks

  • 3 Posts
  • 1 Sections
  • 1 Types
March 1, 2025 2 min read Docs
🚩 Firewalld
🚩 Firewalld
Docs SysAdmin Systems Unix-Like Networks
Basic Troubleshooting 1# Get the state 2firewall-cmd --state 3systemctl status firewalld 4 5# Get infos 6firewall-cmd --get-default-zone 7firewall-cmd --get-active-zones 8firewall-cmd --get-zones 9firewall-cmd --set-default-zone=home 10 11firewall-cmd --permanent --zone=FedoraWorkstation --add-source=00:FF:B0:CB:30:0A 12firewall-cmd --permanent --zone=FedoraWorkstation --add-service=ssh 13 14firewall-cmd --get-log-denied 15firewall-cmd --set-log-denied=<all, unicast, broadcast, multicast, or off> Add/Remove/List Services 1#Remove 2firewall-cmd --zone=public --add-service=ftp --permanent 3firewall-cmd --zone=public --remove-service=ftp --permanent 4firewall-cmd --zone=public --remove-port=53/tcp --permanent 5firewall-cmd --zone=public --list-services 6 7# Add 8firewall-cmd --zone=public --new-service=portal --permanent 9firewall-cmd --zone=public --service=portal --add-port=8080/tcp --permanent 10firewall-cmd --zone=public --service=portal --add-port=8443/tcp --permanent 11firewall-cmd --zone=public --add-service=portal --permanent 12firewall-cmd --reload 13 14firewall-cmd --zone=public --new-service=k3s-server --permanent 15firewall-cmd --zone=public --service=k3s-server --add-port=443/tcp --permanent 16firewall-cmd --zone=public --service=k3s-server --add-port=6443/tcp --permanent 17firewall-cmd --zone=public --service=k3s-server --add-port=8472/udp --permanent 18firewall-cmd --zone=public --service=k3s-server --add-port=10250/tcp --permanent 19firewall-cmd --zone=public --add-service=k3s-server --permanent 20firewall-cmd --reload 21 22firewall-cmd --zone=public --new-service=quay --permanent 23firewall-cmd --zone=public --service=quay --add-port=8443/tcp --permanent 24firewall-cmd --zone=public --add-service=quay --permanent 25firewall-cmd --reload 26 27firewall-cmd --get-services # It's also possible to add a service from list 28firewall-cmd --runtime-to-permanent Checks and Get infos list open port by services 1for s in `firewall-cmd --list-services`; do echo $s; firewall-cmd --permanent --service "$s" --get-ports; done; 2 3sudo sh -c 'for s in `firewall-cmd --list-services`; do echo $s; firewall-cmd --permanent --service "$s" --get-ports; done;' 4ssh 522/tcp 6dhcpv6-client 7546/udp Check one service 1firewall-cmd --info-service cfrm-IC 2cfrm-IC 3 ports: 7780/tcp 8440/tcp 8443/tcp 4 protocols: 5 source-ports: 6 modules: 7 destination: List zones and services associated 1firewall-cmd --list-all 2public (active) 3 target: default 4 icmp-block-inversion: no 5 interfaces: ens192 6 sources: 7 services: ssh dhcpv6-client https Oracle nimsoft 8 ports: 10050/tcp 1521/tcp 9 protocols: 10 masquerade: no 11 forward-ports: 12 source-ports: 13 icmp-blocks: 14 rich rules: 1firewall-cmd --zone=backup --list-all Get active zones 1firewall-cmd --get-active-zones 2backup 3 interfaces: ens224 4public 5 interfaces: ens192 Tree folder 1ls /etc/firewalld/ 2firewalld.conf helpers/ icmptypes/ ipsets/ lockdown-whitelist.xml services/ zones/ IPSET 1firewall-cmd --get-ipset-types 2firewall-cmd --permanent --get-ipsets 3firewall-cmd --permanent --info-ipset=integration 4firewall-cmd --ipset=integration --get-entries 5 6firewall-cmd --permanent --new-ipset=test --type=hash:net 7firewall-cmd --ipset=local-blocklist --add-entry=103.133.104.0/23
August 27, 2023 1 min read Docs
🚩 Network Manager
🚩 Network Manager
Docs SysAdmin Systems Unix-Like Networks
Basic Troubleshooting Checks interfaces 1nmcli con show 2NAME UUID TYPE DEVICE 3ens192 4d0087a0-740a-4356-8d9e-f58b63fd180c ethernet ens192 4ens224 3dcb022b-62a2-4632-8b69-ab68e1901e3b ethernet ens224 5 6nmcli dev status 7DEVICE TYPE STATE CONNECTION 8ens192 ethernet connected ens192 9ens224 ethernet connected ens224 10ens256 ethernet connected ens256 11lo loopback unmanaged -- 12 13# Get interfaces details : 14nmcli connection show ens192 15nmcli -p con show ens192 16 17# Get DNS settings in interface 18UUID=$(nmcli --get-values connection.uuid c show "cloud-init eth0") 19nmcli --get-values ipv4.dns c show $UUID Changing Interface name 1nmcli connection add type ethernet mac "00:50:56:80:11:ff" ifname "ens224" 2nmcli connection add type ethernet mac "00:50:56:80:8a:0b" ifname "ens256" Create a custom config 1nmcli con load /etc/sysconfig/network-scripts/ifcfg-ens224 2nmcli con up ens192 Adding a Virtual IP 1nmcli con mod enp1s0 +ipv4.addresses "192.168.122.11/24" 2ip addr del 10.163.148.36/24 dev ens160 3 4nmcli con reload # before to reapply 5nmcli device reapply ens224 6systemctl status network.service 7systemctl restart network.service Add a DNS entry 1UUID=$(nmcli --get-values connection.uuid c show "cloud-init eth0") 2DNS_LIST=$(nmcli --get-values ipv4.dns c show $UUID) 3nmcli conn modify "$UUID" ipv4.dns "${DNS_LIST} ${DNS_IP}" 4 5# /etc/resolved is managed by systemd-resolved 6sudo systemctl restart systemd-resolved
August 1, 2023 2 min read Docs
🐙 Network troubleshooting
🐙 Network troubleshooting
Docs Devops Kubernetes Networks Infrastructure
Troubleshoot DNS vi dns.yml 1apiVersion: v1 2kind: Pod 3metadata: 4 name: dnsutils 5 namespace: default 6spec: 7 containers: 8 - name: dnsutils 9 image: registry.k8s.io/e2e-test-images/jessie-dnsutils:1.3 10 command: 11 - sleep 12 - "infinity" 13 imagePullPolicy: IfNotPresent 14 restartPolicy: Always deploy dnsutils 1k apply -f dns.yml 2pod/dnsutils created 3 4kubectl get pods dnsutils 5NAME READY STATUS RESTARTS AGE 6dnsutils 1/1 Running 0 36s Troubleshoot with dnsutils 1kubectl exec -i -t dnsutils -- nslookup kubernetes.default 2;; connection timed out; no servers could be reached 3command terminated with exit code 1 4 5kubectl exec -ti dnsutils -- cat /etc/resolv.conf 6search default.svc.cluster.local svc.cluster.local cluster.local psflab.local 7nameserver 10.43.0.10 8options ndots:5 9 10kubectl get endpoints kube-dns --namespace=kube-system 11NAME ENDPOINTS AGE 12kube-dns 10.42.0.6:53,10.42.0.6:53,10.42.0.6:9153 5d1h 13 14kubectl get svc kube-dns --namespace=kube-system 15NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE 16kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP,9153/TCP 5d1h CURL 1cat << EOF > curl.yml 2apiVersion: v1 3kind: Pod 4metadata: 5 name: curl 6 namespace: default 7spec: 8 containers: 9 - name: curl 10 image: curlimages/curl 11 command: 12 - sleep 13 - "infinity" 14 imagePullPolicy: IfNotPresent 15 restartPolicy: Always 16EOF 17 18k apply -f curl.yml 19 20#Test du DNS 21kubectl exec -i -t curl -- curl -v telnet://10.43.0.10:53 22kubectl exec -i -t curl -- curl -v telnet://kube-dns.kube-system.svc.cluster.local:53 23kubectl exec -i -t curl -- nslookup kube-dns.kube-system.svc.cluster.local 24 25curl -k -I --resolve subdomain.domain.com:52.165.230.62 https:/subdomain.domain.com/

Bałtyk Blog

A simple IT blog trying to make sense of it all. Thoughts, discoveries, and documentation from a SysAdmin and DevOps guy — learned by breaking, fixing, and sometimes finding elegant solutions.