{{tag>linux router monitor links darkstat glances ntopng iftop nethogs}}
======Router Miscellaneous======
======Monitoring======
There are a number of linux monitoring packages available. See these links for more examples see, [[https://www.tecmint.com/linux-performance-monitoring-tools/|13 Linux Performance Monitoring Tools – Part 2]], and [[https://www.cyberciti.biz/tips/top-linux-monitoring-tools.html|30 Linux System Monitoring Tools Every SysAdmin Should Know]]. Below are a few that I have tried and use.
====iftop====
iftop - display bandwidth usage on an interface by host\\
Use ''man iftop'' to see options.\\
Typical usage: ''sudo iftop -i br0''
====nethogs====
nethogs - Net top tool grouping bandwidth per process\\
Use ''man nethogs'' to see options.\\
Typical usage: ''sudo nethogs br0''
====darkstat====
[[https://www.tecmint.com/darkstat-web-based-linux-network-traffic-analyzer/|Darkstat – A Web Based Linux Network Traffic Analyser]], is a relatively low resource network analyser. It has a web browser interface and can provide the perfornace statistics for the main interconnection as good or better than expected in a packaged router. Another reference: [[https://www.ctrl.blog/entry/fedora-darkstat.html|How-to monitor system bandwidth usage statistics with Darkstat on Fedora]].
The darkstat output can then be seen on a web browser at ''192.168.1.1:667''
----
====glances====
* ''sudo apt install pipx'' ([[https://pypa.github.io/pipx/|pipx]] — Install and Run Python Applications in Isolated Environments)
* ''pipx ensurepath''
* ''pipx install glances'' (https://nicolargo.github.io/glances/|Glances]])
* ''%%pipx inject glances "glances[web]"%%'' ([[https://waylonwalker.com/pipx-w/|Glances webui with pipx]])
Like like the references for Debian 12 for glances install are out of date....
* [[https://www.tecmint.com/glances-an-advanced-real-time-system-monitoring-tool-for-linux/|Glances – An Advanced Real Time System Monitoring Tool for Linux]]
* [[https://wiki.crowncloud.net/?How_to_install_Glances_on_Debian_11|How to Install Glances System Monitor on Debian 11]]
* [[https://www.linuxcapable.com/how-to-install-glances-system-monitor-on-debian-11/|How to Install Glances on Debian 11]]
* [[https://www.linuxcapable.com/how-to-install-glances-on-debian-linux/|How to Install Glances on Debian 12, 11 or 10]]
* [[https://github.com/nicolargo/glances|nicolargo glances]]
===Glances Options===
//**__The best hot key is 'h' which displays/hides the help screen__**//
Below are the list of several hot keys.
* a – Sort processes automatically
* c – Sort processes by CPU%
* m – Sort processes by MEM%
* p – Sort processes by name
* i – Sort processes by I/O rate
* d – Show/hide disk I/O stats ols
* f – Show/hide file system statshddtemp
* n – Show/hide network stats
* s – Show/hide sensors stats
* y – Show/hide hddtemp stats
* l – Show/hide logs
* b – Bytes or bits for network I/Oools
* w – Delete warning logs
* x – Delete warning and critical logs
* 1 – Global CPU or per-CPU stats
* h – Show/hide this help screen
* t – View network I/O as combination
* u – View cumulative network I/O
* q – Quit (Esc and Ctrl-C also work)
===glances as a service===
Setup a systemd file for glances as a local web service ''sudo vim /lib/systemd/system/glances.service''
[Unit]
Description=Glances
Documentation=man:glances(1)
Documentation=https://github.com/nicolargo/glances
After=network.target
[Service]
#ExecStart=/usr/local/bin/glances -w -t 2
ExecStart=/home/baumkp/.local/bin/glances -w -t 2
Restart=on-abort
[Install]
WantedBy=multi-user.target
After modifying a systemd file update systemd: ''systemctl daemon-reload''
The glances output can then be seen on a web browser at ''192.168.1.1:61208''
----
====ntopng====
I tried ntopng again in December 2023. I ran in a Docker container on my Router, although markedly improved since trying a few years ago this this program suite still uses uses a lot of resources on my router which loads it up close to 50%. There are occasional reports of dropped packet and such, further indicating overload.\\ I noted a problem with installing the Docker version. The Docker package documentation and defaults are to the ''latest'', yet the available package is listed as ''stable'', e.g. ''docker run -it -p 3000:3000 --net=host ntop/ntopng:stable -i br0'' versus the instructed ''docker run -it -p 3000:3000 -v $(pwd)/ntopng.license:/etc/ntopng.license:ro --net=host ntop/ntopng:latest -i br0'' \\
Another thing I do not like about this package is that the free community version is a significantly cut down of the full paid version. The cost on the paid versions are substantial and I can simply not justify for non-commercial home use. There is no general individual personal free full use version available. The Docker container image is 2GB in size, the biggest image I have seen to date. Seems a bit bloated....\\
**Hence I have decided not to use this software.**
**tl;dr** ++++Systemd stuff, not relevant with use of Docker version|
There seem to be 2 main services to enable/disable/start/stop, nprobe and ntopng:
* ''sudo systemctl stop ntopng'' | to stop (or start)
* ''sudo systemctl disable ntopng'' | to disable (or enable) starting on computer startup
* ''sudo systemctl stop nprobe'' | to stop (or start)
* ''sudo systemctl disable nprobe'' | to disable (or enable) starting on computer startup
We can also turn-off the redis service unless something else wnat to also use.
* ''sudo systemctl stop redis'' | to stop (or start)
* ''sudo systemctl disable redis'' | to disable (or enable) starting on computer startup
++++
----
======Docker Setup & Basic Commands======
The Docker installation instructions for Ubuntu from Docker [[https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/#uninstall-old-versions|Get Docker CE for Ubuntu]].
__**This is pretty old, I played with it circa 2017, and have not used Docker since. I was successfully been using full KVM based VMs for my main machines and so did not have much need for Docker**__ \\
That being said, I can see the benefits of containerisation, such as Docker, versus full virtual machines, such as KVM. Of course there are also benefits with full VMs!.
In 2022 I revisited Docker and basically have move my various VM applications to Docker containers/ stacks. I run my Docker instance in a VM to isolate Docker from bare metal. This is primarily as Docker plays around with iptables. I do not like this, particularly on my main router machine that I use on bare metal nftables as the router/fire software.
====Docker Host Security====
Docker currently by default use iptables on the host machine to allow access to images. Unfortunately the default iptables effectively fully opens up docker on the host, which is probably a significant concern when the host is also used as a router. Docker host can be configured not to update iptables on the host, in this case all routing between the host and Docker images must be performed manually.
Stephank.nl considers IPv6 with Docker and using nftables [[https://stephank.nl/p/2017-06-05-ipv6-on-production-docker.html|IPv6 on production Docker]]
[[https://forums.docker.com/t/docker-and-iptables-configuration-startup/904|Docker and iptables configuration @startup]]
[[https://fralef.me/docker-and-iptables.html|Docker and IPtables]]
[[https://serverfault.com/questions/868926/configure-iptables-for-docker-manually-and-allow-internet-access-for-containers|Configure iptables for Docker manually and allow Internet access for containers]]
[[https://blog.daknob.net/debian-firewall-docker/|Debian Firewall when using Docker]]
[[https://docs.docker.com/engine/userguide/networking/|Docker container networking]]
[[https://stackoverflow.com/questions/23819170/setting-up-docker-containers-with-nat|Setting up docker containers with nat]]
[[https://serverfault.com/questions/705192/iptables-rule-set-so-that-a-docker-container-can-access-a-service-on-a-host-ip|Iptables rule-set so that a docker container]] can access a service on a host IP
====Docker Algo Setup & Basic Commands====
//**This is old, I played with this circa 2017 and have not used since. I certainly have no interest in Algo IPSEC VPN anymore and have been trying to get Wireguard working recently.**//
Comparison of [[https://www.ivpn.net/pptp-vs-l2tp-vs-openvpn|VPN protocols]]
++++ Algo VPN old tl;dr;|is a set of Ansible scripts that simplify the setup of a personal IPSEC VPN. It uses the most secure defaults available, works with common cloud providers, and does not require client software on most devices.
"docker pull mutemule/algo" to download docker repository
"docker run --cap-drop ALL -it -v /home/baumkp/algo:/data --name=algo mutemule/algo" to create and run image
--cap-drop All [Drop all Linux extra capabilities]
-it [Keep STDIN open even if not attached, Allocate a pseudo-TTY]
-v /home/baumkp/algo:/data [bind mount a volume]
--name=algo [give container name, can help prevent multiple containers]
mutemule/algo [name of docker image to run]
docker exec -it algo bash
docker start algo
docker stop algo
docker ps -a [list all containers, running and stopped]
docker logs algo [view container log]
docker port algo
After running "docker exec -it algo bash", in the Docker Algo shell run "./algo-docker.sh " to setup Algo.
**Start container at boot:**
It is assumed that the container has been previously created/run and is available to be started at boot.
''sudo vim /etc/systemd/system/algo.service''
[Unit]
Description=Algo container
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStart=/usr/bin/docker start -a algo
ExecStop=/usr/bin/docker stop -t 2 algo
[Install]
WantedBy=default.target
Techcrunch.com [[https://techcrunch.com/2017/04/09/how-i-made-my-own-vpn-server-in-15-minutes/|How I made my own VPN server in 15 minutes]]
Algo [[https://github.com/trailofbits/algo|Git main page Set up a personal IPSEC VPN in the cloud]] and [[https://github.com/trailofbits/algo/blob/master/config.cfg|algo/config.cfg]] that can copied, if necessary.
The Mutemul Algo Docker page [[file://///kpts/shared/html_kptree.net/router_ppp_nft_private_w3.html|mutemule/algo]]. Unfortunately has no instructions on how to setup the Docker installation!!!!.
++++
Docker Docs [[https://docs.docker.com/engine/reference/commandline/cli/|Use the Docker command line]]
====OpenVPN for Docker====
OpenVPN server in a Docker container complete with an [[https://github.com/kylemanna/docker-openvpn|EasyRSA PKI CA kylemanna/docker-openvpn]]
How to Geek - How to connect to a [[https://www.howtogeek.com/215730/how-to-connect-to-a-vpn-from-your-iphone-or-ipad/|VPN from your iPhone]]
----
=====Reserved Ports and IPv4 Reserved Addresses=====
It took me some time to track down this authoritative information, but it was relatively simple as this information is authoritatively define in RFC (Request of Comments) de facto standards as noted below.
**IANA Service Name and Transport Protocol Port online [[https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml|Number Registry]]**
[[https://tools.ietf.org/html/rfc3232|RFC 3232]] replaced [[https://tools.ietf.org/html/rfc1700|RFC 1700]]. RFC 3232 states that RFC 1700 has been replaced by an online database, see link given above. [[https://tools.ietf.org/html/rfc6335|RFC 6335]] also has information on Port Number Registry and the associated database.
Most Unix like operating systems have a service name database file: ''/etc/services''. It is assumed that nft uses the /etc/services database for named ports definition.
Some ports of interest:
Name Port Protocols Description
ftp-data 20 {tcp, udp, sctp} File Transfer [Default Data]
ftp 21 {tcp, udp, sctp} File Transfer Protocol [Control]
ssh 22 {tcp, udp, sctp} The Secure Shell (SSH) Protocol
smtp 25 {tcp, udp} Simple Mail Transfer
domain 53 {tcp, udp} Domain Name Server (DNS)
bootps 67 {tcp, udp} Bootstrap Protocol Server (DHCP)
bootpc 68 {tcp, udp} Bootstrap Protocol Client (DHCP)
http 80 {tcp, udp, sctp} World Wide Web HTTP
pop3 110 {tcp, udp} Post Office Protocol Version 3
ntp 123 {tcp, udp} Network Time Protocol
imap2 143 {tcp, udp} Internet Message Access Protocol
ldap 389 {tcp, udp} Lightweight Directory Access Protocol
https 443 {tcp, udp, sctp} http protocol over TLS/SSL
urd 465 {tcp} ssmtp smtps URL Rendesvous Directory for SSM
ldaps 636 {tcp, udp} ldap protocol over TLS/SSL (was sldap)
rsync 873 {tcp, udp} rsync
ftps-data 989 {tcp, udp} File Transfer [Default Data]
ftps 990 {tcp, udp} File Transfer Protocol [Control]
imaps 993 {tcp, udp} imap4 protocol over TLS/SSL
pop3s 995 {tcp, udp} pop3 protocol over TLS/SSL (was spop3)
openvpn 1194 {tcp, udp} OpenVPN
Notes:
-TCP = Transmission Control Protocol
-UDP = User Datagram Protocol
-SCTP = Stream Control Transmission Protocol
-The Bootstrap Protocol was a precursor to DHCP (Dynamic Host Configuration Protocol)
**[[https://www.ietf.org/rfc/rfc3330.txt|RFC 3330]] Special-Use IPv4 Addresses, September 2002**
IPv4 uses some of these special addresses for private LANs (Local Area Network)s with NAT (Network Address Translation) used to connect the LANs to the WAN (Wide/World Area Network) via a router. This was required to compensate for the limited address space in IPv4. IPv4 NAT also provide some security benefits by obscuring the private LAN addresses from the public WAN.
IPv6 does not use NAT as its native address space is sufficiently large never to require in the foreseeable future.
Another interesting links:
* **IANA [[https://www.iana.org/protocols]]**
* Redhat [[https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/security_guide/ch-ports|Appendix C. Common Ports]]
* [[https://linuxhandbook.com/common-ports/|Common Networking Port Numbers in Linux]]
* [[https://www.stationx.net/common-ports-cheat-sheet/|Common Ports Cheat Sheet: The Ultimate Ports & Protocols List]]
* [[https://www.geeksforgeeks.org/50-common-ports-you-should-know/|50 Common Ports You Should Know]]
* Distribution List of Ports (information only)
* Gentoo [[https://wiki.gentoo.org/wiki/Project:Quality_Assurance/UID_GID_Assignment|Project:Quality Assurance/UID GID Assignment]]
* Archlinux [[https://wiki.archlinux.org/title/DeveloperWiki:UID_/_GID_Database|DeveloperWiki:UID / GID Database]]
* Red Hat [[https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/s1-users-groups-standard-users|37.3. Standard Users]]
----
=====The following is a list of related commonly used commands and scripts:=====
*Get external IP address ''wget http://ipinfo.io/ip -qO -''
*To check the current network hardware configuration ''ip a''
*Systemd common commands (start / stop / restart / status) (enable / disable for boot control)
*To start (/stop /enable) the bind9 daemon ''sudo systemctl start bind9''
*To check networking status ''sudo systemctl status networking''
*List current Systemd operating units: ''sudo systemctl list-units | grep '*'''. Change or remove the grep statement as required.
*To find where systemd services scripts are located use ''systemctl show -p FragmentPath nftables''
*To list all systemd services: ''systemctl list-unit-files'', use ''systemctl list-unit-files --state=enabled'' to check all enabled. A good reference from DigitalOcean for [[https://www.digitalocean.com/community/tutorials/how-to-use-systemctl-to-manage-systemd-services-and-units|Systemctl]] to manage systemd services and units and for [[https://www.digitalocean.com/community/tutorials/how-to-use-journalctl-to-view-and-manipulate-systemd-logs|journalctl]].
*Some commonly used system services for router setup:
*bind9.service
*networking.service
*isc-dhcp-server.service
*isc-dhcp-server6.service
*The journalctl command shows the information stored in the system journal:
*''sudo journalctl -b'' shows all journal entries collected since current boot
*''journalctl --list-boots'' lists recorded boots. The default option for Storage is ''Storage=auto'' in ''/etc/systemd/journald.conf''. For this option if the directory ''/var/log/journal'' is present previous boot log files are saved. Conversely if not present, then previous boot files are not saved. Check man journalctl.conf for details. Use ''sudo ls -la /var/log/journal'' to see if directory already exists, ''sudo mkdir -p /var/log/journal'' to create directory if not existing, and ''sudo rm -R /var/log/journal'' to remove directory and any contents.
*''sudo journalctl -b -1'' shows all journal entries collected from a previous boot, -2 from the boot before that, etc. ''sudo journalctl -b 0'' is effectively the same as ''sudo journalctl -b''
*''sudo journalctl -u networking'' and tends to give more / different format information than ''sudo systemctl status networking''
*Links to info on the ip and ifconfig commands
*[https://p5r.uk/blog/2010/ifconfig-ip-comparison.html|[ifconfig vs ip]]
*Ubuntu man [[http://manpages.ubuntu.com/manpages/trusty/man8/ip.8.html|ip]], [[http://manpages.ubuntu.com/manpages/trusty/man8/ifconfig.8.html|ifconfig]]
*nixCraft [[https://www.cyberciti.biz/faq/linux-ip-command-examples-usage-syntax/|Linux ip Command Examples]]
*[[http://www.configserverfirewall.com/ubuntu-linux/ubuntu-set-static-ip-address/|How to set static IP Address in Ubuntu Server 16.04]]
*[[https://www.linuxtechi.com/ip-command-examples-for-linux-users/|12 ip Command Examples for Linux Users]]
*[[https://www.tecmint.com/ip-command-examples/|10 Useful “IP” Commands to Configure Network Interfaces]]
*[[https://linoxide.com/linux-command/use-ip-command-linux/|How To Use Ip Command In Linux with Examples]]
=====Some related links=====
====Linux Router Setup links====
Some basic research on Linux Router led me to the following:
*xdeb.org [[https://xdeb.org/post/2019/09/26/setting-up-a-server-firewall-with-nftables-that-support-wireguard-vpn/|Setting up a server firewall with nftables that support WireGuard VPN]]
*The Ars guide to building a [[https://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linuxRed-router-from-scratch/|Linux router]] from scratch
*[[https://opensource.com/life/16/6/why-i-built-my-own-linux-router|Why I built my own homebrew Linux router]]
*Lifehacker - Build Your Own Speedy Little [[https://www.lifehacker.com.au/2016/04/build-your-own-speedy-little-linux-powered-diy-router/]]
*Archlinux [[https://wiki.archlinux.org/index.php/router|Router]]
*Kill-9 Ubuntu 16.04 based Router [[https://killtacknine.com/building-an-ubuntu-16-04-router-part-1-network-interfaces/|Part 1]] Sadly this link is no loner up and has been spammed!
*Ubuntu forums [[https://ubuntuforums.org/showthread.php?t=2341699|Setup Ubuntu Server as a router using a PPPoE connection]]
*Gibson Research [[https://www.grc.com/nat/nat.htm|NAT Router Security Solutions]] and [[https://www.grc.com/nat/nats.htm|Multi-NAT Router Networks]]
*An interesting discussion on double NAT and configurations - [[http://www.graemenoble.id.au/post/48695277030/double-nat-explained-and-possible-solutions|Double NAT explained and possible solutions]]
====NFTables links====
Some basic research on NFTables led me to the following
*[[https://wiki.nftables.org/wiki-nftables/index.php/Main_Page|NFTables Wiki]] main page
*I like this one due to the explanation, stosb [[https://stosb.com/blog/explaining-my-configs-nftables/|Explaining My Configs: nftables]]
*netfilter [[https://people.netfilter.org/pablo/nft-tutorial.pdf|nftables tutorial]]
*Wiki nftables [[https://wiki.nftables.org/wiki-nftables/index.php/Main_Page|Main Page]], [[https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes|Quick reference-nftables in 10 minutes]] and [[https://wiki.nftables.org/wiki-nftables/index.php/Sets|Sets]]
*Gentoo.org [[https://wiki.gentoo.org/wiki/Nftables|Nftables]]
*Archlinux [[https://wiki.archlinux.org/index.php/nftables|Nftables]]
*LinuxQuestions.org [[http://www.linuxquestions.org/questions/blog/serafean-248414/nftables-series-part-1-baby-steps-36341/|nftables - baby steps]] and [[http://www.linuxquestions.org/questions/blog/serafean-248414/nftables-nat-37184/|NFTables NAT]]
*Linux Audit [[https://linux-audit.com/nftables-beginners-guide-to-traffic-filtering/|Beginners Guide to nftables Traffic Filtering]]
*Debian wiki [[https://wiki.debian.org/nftables|nftables]]
*Linux audit [[https://linux-audit.com/nftables-beginners-guide-to-traffic-filtering/|Beginners Guide to nftables Traffic Filtering]]
*home.regit.org [[https://home.regit.org/netfilter-en/nftables-quick-howto/|Nftables quick howto]]
*A comparison between Nftables and IPTables from OpenWrt [[https://wiki.openwrt.org/doc/howto/netfilter|Netfilter/iptables]]
*Netfilter [[http://ebtables.netfilter.org/br_fw_ia/br_fw_ia.html|ebtables/iptables]] interaction on a Linux-based bridge.
*Wolfhechel github [[https://gist.github.com/wolfhechel/db7ed3be31feb104752e|nftables router]]
*[[http://kangran.su/~nnz/pub/nf-doc/nftables/|nft man]]
*Kernalnewbies [[https://kernelnewbies.org/nftables_examples|nftables examples]]
*Moutane [[http://moutane.net/RMLL2014/day_1-1620-Eric_Leblond-Netfilter_logging_at_the_nftables_age.pdf|Logging in the nftables age]]
*Deepspace6 Linux IPv6 Howto 18.5. [[http://mirrors.deepspace6.net/Linux+IPv6-HOWTO/x2561.html|Firewalling using nftables]]
*www.iptables.info [[http://www.iptables.info/en/tcp-ip.html#TCPIPLAYERS|TCP/IP repetition]], [[http://www.iptables.info/en/connection-state.html|The state machine]] and [[http://www.iptables.info/en/iptables-contents.html|contents]]
*Spinics [[https://www.spinics.net/lists/netfilter/msg56329.html|how to do port forwarding using nftables map]]
*Redhat developer [[https://developers.redhat.com/blog/2017/01/10/migrating-my-iptables-setup-to-nftables/|Migrating my iptables setup to nftables]]
====Ubuntu Network Setup Links====
Links relating to bridged and bonded Networking
A bridged network allows different networks to be connected, both physical, like NICs or Wifi and virtual, allowing virtual machine to connect to a physical network and even be assigned a LAN IP address. Bonding allows physical networking devices such as NICs or Wifi to be bonded to allow increased bandwidth or redundancy. Sadly there seems to be alot of information out there that is either for older version of software or other purposing.
*Debian wiki [[https://wiki.debian.org/BridgeNetworkConnections|BridgeNetworkConnections]] and [[https://wiki.debian.org/Bonding|Bonding]]
*Serverfault [[https://serverfault.com/questions/348266/how-do-i-put-a-bridge-on-top-of-a-bonded-interface|How do I put a bridge on top of a bonded interface?]]
*nixCraft [[https://www.cyberciti.biz/faq/ubuntu-linux-bridging-and-bonding-setup/|How To Setup Bonded (bond0) and Bridged (br0) Networking On Ubuntu LTS Server]]
*nixCraft [[https://serverfault.com/questions/776057/802-3ad-bonding-configuration-file-on-an-ubuntu-16-04-lts-server|802.3ad bonding configuration file on an Ubuntu 16.04 LTS Server]]
*nixCraft [[https://www.cyberciti.biz/faq/ubuntu-setup-a-bonding-device-and-enslave-two-real-Ethernet-devices/|setup a bonding device and enslave two real Ethernet devices]], [[https://www.cyberciti.biz/faq/how-to-create-bridge-interface-ubuntu-linux/|How To Setup Bridge (br0) Network]], & [[https://www.cyberciti.biz/faq/debian-network-interfaces-bridge-eth0-eth1-eth2/|Debian Linux: Configure Network Interfaces As A Bridge / Network Switch]]
*Unixmen Ubuntu [[https://www.unixmen.com/linux-basics-create-network-bonding-on-ubuntu-14-10/|Create Network Bonding On Ubuntu 14.10]]
*The Linux foundation [[https://wiki.linuxfoundation.org/networking/bridge|bridge]], [[https://wiki.linuxfoundation.org/networking/bonding?s[]=network&s[]=bond|bonding]] and [[https://wiki.linuxfoundation.org/networking/start?s[]=bonding&s[]=bridging|Kernel Networking]]
*Ubuntu documentation [[https://help.ubuntu.com/community/UbuntuBonding|Bonding]], [[https://help.ubuntu.com/community/KVM/Networking|KVM networking]], [[https://help.ubuntu.com/community/NetworkConnectionBridge|network bridging]] and [[https://help.ubuntu.com/community/BridgingNetworkInterfaces|bridging network interfaces]]
*Linux.com [[https://www.linux.com/learn/create-secure-linux-based-wireless-access-point|Create a secure Linux-based wireless access point]]
*Gentoo [[https://wiki.gentoo.org/wiki/Home_router|Home Router]]
*Stackexchange [[https://unix.stackexchange.com/questions/128439/good-detailed-explanation-of-etc-network-interfaces-syntax|Good detailed explanation of /etc/network/interfaces syntax?]] and [[https://unix.stackexchange.com/questions/192671/what-is-a-hotplug-event-from-the-interface/192913#192913|What is a hotplug event from the interface?]]
====Docker Related links====
*Docker Docs [[https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/|Get Docker CE for Ubuntu]], [[https://docs.docker.com/engine/installation/linux/linux-postinstall/|Post-installation steps for Linux]] and [[file://///kpts/shared/html_kptree.net/Docker%20Engine%20user%20guide|Docker Engine user guide]]
*Digital Ocean [[https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-16-04|How To Install and Use Docker on Ubuntu 16.04]]
====DNS/DHCP Related links====
*BigDinosaur Blog [[https://blog.bigdinosaur.org/running-bind9-and-isc-dhcp/|Running BIND9 and ISC-DHCP]]
*Kill-9 Ubuntu 16.04 based Router https://killtacknine.com/building-an-ubuntu-16-04-router-part-2-dhcp/|Part 2 - DHCP]]
*ISC Knowledge Base [[https://kb.isc.org/article/AA-00502/31/A-Basic-Guide-to-Configuring-DHCP-Failover.html|A Basic Guide to Configuring DHCP Failover]]
*Internet Systems Consortium (ISC) [[https://www.isc.org/kea/|Kea]] Modern Open Source DHCPv4 & DHCPv6 Server
*Dragon Org [[https://blogging.dragon.org.uk/dns-bind9-dhcp-ubuntu-16-04-2/|DNS with bind9 and DHCP on Ubuntu 16.04]]
*DigitalOcean [[https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-16-04|How To Configure BIND as a Private Network DNS Server on Ubuntu 16.04]] and [[https://www.digitalocean.com/community/tutorial_series/an-introduction-to-managing-dns|An Introduction to Managing DNS]]
====IPv6 Related Links====
*IPV FREENET6.NET [[http://www.freenet6.net/aboutfreenet6.shtml|About]], [[http://www.freenet6.net/reverse-dns.shtml|How to request a reverse DNS delegation for a /48 IPv6 prefix ?]]
*Wikipedia [[https://en.wikipedia.org/wiki/IPv6|IPv6]], [[https://en.wikipedia.org/wiki/IPsec|IPsec]], [[https://en.wikipedia.org/wiki/Domain_Name_System|DNS]], [[https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol|DHCP]]
*Linux IPv6 Router Advertisement Daemon ([[http://www.litech.org/radvd/|radvd]])
*scottlinux.com | Linux Blog [[https://scottlinux.com/2014/04/28/debian-linux-home-router-with-ipv4-and-ipv6/|Debian Linux Home Router with IPv4 and IPv6]]
*nixCraft Apache IPv6 Configuration: [[https://www.cyberciti.biz/faq/ipv6-apache-configuration-tutorial/|Dual Stacked IPv4 & IPv6 Virtual Hosts]]
*Loyola University Chicago, on line book :- An Introduction to Computer Networks [[http://intronetworks.cs.luc.edu/current/html/index.html|Contents]], [[http://intronetworks.cs.luc.edu/current/html/ipv6.html|IP version 6], there is also a pdf and epub version that can be downloaded.
*Ubuntu wiki [[https://wiki.ubuntu.com/IPv6|IPv6]] [[https://wiki.ubuntu.com/DHCPv6|DHCPv6]]
*Linux.com- Practical Networking for Linux Admins: [[https://www.linux.com/learn/intro-to-linux/2017/7/practical-networking-linux-admins-ipv6-routing|IPv6 Routing]]
*Stackexchange Superuser [[https://superuser.com/questions/1190312/how-to-configure-radvd-for-linux-ipv6-router-towards-upstream-dsl-gateway|how to configure radvd for linux ipv6 router towards upstream dsl gateway]]
*Gentoo Linux [[https://wiki.gentoo.org/wiki/IPv6_router_guide|IPv6 router guide]] //This one is a bit outdated.//
*The Debian Administrator's Handbook [[https://debian-handbook.info/browse/stable/sect.ipv6.html|10.5. IPv6]]
====VPN Related Links====
*stosb Explaining My Configs: [[https://stosb.com/blog/explaining-my-configs-openvpn/|OpenVPN]]
====Other Related links====
*Javapipe - [[https://javapipe.com/ddos/blog/iptables-ddos-protection/|DDoS Protection With IPtables]]: The Ultimate Guide
*Followup on [[https://wiki.meurisse.org/wiki/sslh|sslh installation guide]]
*Purdue Uni IPTables lesson notes [[https://engineering.purdue.edu/kak/compsec/NewLectures/Lecture18.pdf|Lecture 18: Packet Filtering Firewalls (Linux)]]
*nixCraft Linux: [[https://www.cyberciti.biz/faq/check-network-connection-linux/|Check Network Connection Command]]
*This is old, but topical, BigDinosaur Blog - [[https://blog.bigdinosaur.org/securing-ssh-with-iptables/|Securing ssh with iptables]]
<- linux_router:tc|Prev page ^ linux_router:start|Start page ^ linux_router:wireguard|Next page ->