Both sides previous revision Previous revision Next revision | Previous revisionLast revisionBoth sides next revision |
linux_router:misc [2022-01-13 Thu wk02 07:48] – [Linux Router Setup links] baumkp | linux_router:misc [2023-12-03 Sun wk48 12:54] – [Docker Setup & Basic Commands] baumkp |
---|
====glances==== | ====glances==== |
| |
| * ''sudo apt install pipx'' ([[https://pypa.github.io/pipx/|pipx]] — Install and Run Python Applications in Isolated Environments) |
| * ''pipx ensurepath'' |
| * ''pipx install glances'' (https://nicolargo.github.io/glances/|Glances]]) |
| * ''%%pipx inject glances "glances[web]"%%'' ([[https://waylonwalker.com/pipx-w/|Glances webui with pipx]]) |
| |
| Like like the references for Debian 12 for glances install are out of date.... |
* [[https://www.tecmint.com/glances-an-advanced-real-time-system-monitoring-tool-for-linux/|Glances – An Advanced Real Time System Monitoring Tool for Linux]] | * [[https://www.tecmint.com/glances-an-advanced-real-time-system-monitoring-tool-for-linux/|Glances – An Advanced Real Time System Monitoring Tool for Linux]] |
* [[https://wiki.crowncloud.net/?How_to_install_Glances_on_Debian_11|How to Install Glances System Monitor on Debian 11]] | * [[https://wiki.crowncloud.net/?How_to_install_Glances_on_Debian_11|How to Install Glances System Monitor on Debian 11]] |
* [[https://www.linuxcapable.com/how-to-install-glances-system-monitor-on-debian-11/|How to Install Glances on Debian 11]] | * [[https://www.linuxcapable.com/how-to-install-glances-system-monitor-on-debian-11/|How to Install Glances on Debian 11]] |
| * [[https://www.linuxcapable.com/how-to-install-glances-on-debian-linux/|How to Install Glances on Debian 12, 11 or 10]] |
* [[https://github.com/nicolargo/glances|nicolargo glances]] | * [[https://github.com/nicolargo/glances|nicolargo glances]] |
| |
| |
[Service] | [Service] |
ExecStart=/usr/bin/glances -w -t 2 | #ExecStart=/usr/local/bin/glances -w -t 2 |
| ExecStart=/home/baumkp/.local/bin/glances -w -t 2 |
Restart=on-abort | Restart=on-abort |
| |
====ntopng==== | ====ntopng==== |
| |
I tried ntopng. Unfortunately this program suite simply uses too many resources on my router which loads it up close to 100%. There are often reports of dropped packet and such, further indicating overload.\\ | I tried ntopng again in December 2023. I ran in a Docker container on my Router, although markedly improved since trying a few years ago this this program suite still uses uses a lot of resources on my router which loads it up close to 50%. There are occasional reports of dropped packet and such, further indicating overload.\\ I noted a problem with installing the Docker version. The Docker package documentation and defaults are to the ''latest'', yet the available package is listed as ''stable'', e.g. ''docker run -it -p 3000:3000 --net=host ntop/ntopng:stable -i br0'' versus the instructed ''docker run -it -p 3000:3000 -v $(pwd)/ntopng.license:/etc/ntopng.license:ro --net=host ntop/ntopng:latest -i br0'' \\ |
I have decided to disable. //Worse than this this package suite caused difficulties with my system updates, so I removed it entirely. Note that this may be as it was previously disabled.//\\ | Another thing I do not like about this package is that the free community version is a significantly cut down of the full paid version. The cost on the paid versions are substaincial and I can simply not justify for non-comerical home use. There is no general individual personal free full use version available.\\ |
Another thing I do not like about this package is that the free version is a cut down of the full paid version. There is no general individual personal free full use version available. | **Hence I have decided not to use this software.** |
| |
There seem to be 2 main services to enable/disable/start/stop, nprobe and ntopng: | **tl;dr** ++++Systemd stuff, not relevant with use of Docker version| |
| <code>There seem to be 2 main services to enable/disable/start/stop, nprobe and ntopng: |
* ''sudo systemctl stop ntopng'' | to stop (or start) | * ''sudo systemctl stop ntopng'' | to stop (or start) |
* ''sudo systemctl disable ntopng'' | to disable (or enable) starting on computer startup | * ''sudo systemctl disable ntopng'' | to disable (or enable) starting on computer startup |
We can also turn-off the redis service unless something else wnat to also use. | We can also turn-off the redis service unless something else wnat to also use. |
* ''sudo systemctl stop redis'' | to stop (or start) | * ''sudo systemctl stop redis'' | to stop (or start) |
* ''sudo systemctl disable redis'' | to disable (or enable) starting on computer startup | * ''sudo systemctl disable redis'' | to disable (or enable) starting on computer startup </code> |
| ++++ |
| |
---- | ---- |
The Docker installation instructions for Ubuntu from Docker [[https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/#uninstall-old-versions|Get Docker CE for Ubuntu]]. | The Docker installation instructions for Ubuntu from Docker [[https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/#uninstall-old-versions|Get Docker CE for Ubuntu]]. |
| |
__**This is pretty old, I played with it circa 2017, and have not used Docker since. I have successfully been using full KVM based VMs for my main machines and so have not had much need for Docker**__ \\ | __**This is pretty old, I played with it circa 2017, and have not used Docker since. I was successfully been using full KVM based VMs for my main machines and so did not have much need for Docker**__ \\ |
That being said, I can see the benefits of containerisation, such as Docker, versus full virtual machines, such as KVM. Of course there are also benefits with full VMs!. | That being said, I can see the benefits of containerisation, such as Docker, versus full virtual machines, such as KVM. Of course there are also benefits with full VMs!. |
| |
| In 2022 I revisited Docker and basically have move my various VM applications to Docker containers/ stacks. I run my Docker instance in a VM to isolate Docker from bare metal. This is primarily as Docker plays around with iptables. I do not like this, particularly on my main router machine that I use on bare metal nftables as the router/fire software. |
====Docker Host Security==== | ====Docker Host Security==== |
| |
Comparison of [[https://www.ivpn.net/pptp-vs-l2tp-vs-openvpn|VPN protocols]] | Comparison of [[https://www.ivpn.net/pptp-vs-l2tp-vs-openvpn|VPN protocols]] |
| |
Algo VPN is a set of Ansible scripts that simplify the setup of a personal IPSEC VPN. It uses the most secure defaults available, works with common cloud providers, and does not require client software on most devices. | ++++ Algo VPN old tl;dr;|is a set of Ansible scripts that simplify the setup of a personal IPSEC VPN. It uses the most secure defaults available, works with common cloud providers, and does not require client software on most devices. |
| |
"docker pull mutemule/algo" to download docker repository | "docker pull mutemule/algo" to download docker repository |
| |
The Mutemul Algo Docker page [[file://///kpts/shared/html_kptree.net/router_ppp_nft_private_w3.html|mutemule/algo]]. Unfortunately has no instructions on how to setup the Docker installation!!!!. | The Mutemul Algo Docker page [[file://///kpts/shared/html_kptree.net/router_ppp_nft_private_w3.html|mutemule/algo]]. Unfortunately has no instructions on how to setup the Docker installation!!!!. |
| ++++ |
| |
Docker Docs [[https://docs.docker.com/engine/reference/commandline/cli/|Use the Docker command line]] | Docker Docs [[https://docs.docker.com/engine/reference/commandline/cli/|Use the Docker command line]] |
IPv4 uses some of these special addresses for private LANs (Local Area Network)s with NAT (Network Address Translation) used to connect the LANs to the WAN (Wide/World Area Network) via a router. This was required to compensate for the limited address space in IPv4. IPv4 NAT also provide some security benefits by obscuring the private LAN addresses from the public WAN. | IPv4 uses some of these special addresses for private LANs (Local Area Network)s with NAT (Network Address Translation) used to connect the LANs to the WAN (Wide/World Area Network) via a router. This was required to compensate for the limited address space in IPv4. IPv4 NAT also provide some security benefits by obscuring the private LAN addresses from the public WAN. |
| |
IPv6 does not use NAT as its native address space is suffiently large never to require in the foreseeable future. | IPv6 does not use NAT as its native address space is sufficiently large never to require in the foreseeable future. |
| |
Another interesting link, **IANA [[https://www.iana.org/protocols]]** | Another interesting links: |
| * **IANA [[https://www.iana.org/protocols]]** |
| * Redhat [[https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/security_guide/ch-ports|Appendix C. Common Ports]] |
| * [[https://linuxhandbook.com/common-ports/|Common Networking Port Numbers in Linux]] |
| * [[https://www.stationx.net/common-ports-cheat-sheet/|Common Ports Cheat Sheet: The Ultimate Ports & Protocols List]] |
| * [[https://www.geeksforgeeks.org/50-common-ports-you-should-know/|50 Common Ports You Should Know]] |
| * Distribution List of Ports (information only) |
| * <fc #ff00ff>Gentoo</fc> [[https://wiki.gentoo.org/wiki/Project:Quality_Assurance/UID_GID_Assignment|Project:Quality Assurance/UID GID Assignment]] |
| * <fc #4682b4>Archlinux</fc> [[https://wiki.archlinux.org/title/DeveloperWiki:UID_/_GID_Database|DeveloperWiki:UID / GID Database]] |
| * <fc #ff0000>Red Hat</fc> [[https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/s1-users-groups-standard-users|37.3. Standard Users]] |
| |
---- | ---- |
*The Ars guide to building a [[https://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux<fc #ff0000>Red</fc>-router-from-scratch/|Linux router]] from scratch | *The Ars guide to building a [[https://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux<fc #ff0000>Red</fc>-router-from-scratch/|Linux router]] from scratch |
*[[https://opensource.com/life/16/6/why-i-built-my-own-linux-router|Why I built my own homebrew Linux router]] | *[[https://opensource.com/life/16/6/why-i-built-my-own-linux-router|Why I built my own homebrew Linux router]] |
*Lifehacker - Build Your Own Speedy Little [[https://www.lifehacker.com.au/2016/04/build-your-own-speedy-little-linux-powered-diy-router/Linux-Powered DIY Router]] | *Lifehacker - Build Your Own Speedy Little [[https://www.lifehacker.com.au/2016/04/build-your-own-speedy-little-linux-powered-diy-router/]] |
*Archlinux [[https://wiki.archlinux.org/index.php/router|Router]] | *Archlinux [[https://wiki.archlinux.org/index.php/router|Router]] |
*Kill-9 Ubuntu 16.04 based Router [[https://killtacknine.com/building-an-ubuntu-16-04-router-part-1-network-interfaces/|Part 1]] Sadly this link is no loner up and has been spammed! | *Kill-9 Ubuntu 16.04 based Router [[https://killtacknine.com/building-an-ubuntu-16-04-router-part-1-network-interfaces/|Part 1]] Sadly this link is no loner up and has been spammed! |
*Ubuntu documentation [[https://help.ubuntu.com/community/UbuntuBonding|Bonding]], [[https://help.ubuntu.com/community/KVM/Networking|KVM networking]], [[https://help.ubuntu.com/community/NetworkConnectionBridge|network bridging]] and [[https://help.ubuntu.com/community/BridgingNetworkInterfaces|bridging network interfaces]] | *Ubuntu documentation [[https://help.ubuntu.com/community/UbuntuBonding|Bonding]], [[https://help.ubuntu.com/community/KVM/Networking|KVM networking]], [[https://help.ubuntu.com/community/NetworkConnectionBridge|network bridging]] and [[https://help.ubuntu.com/community/BridgingNetworkInterfaces|bridging network interfaces]] |
*Linux.com [[https://www.linux.com/learn/create-secure-linux-based-wireless-access-point|Create a secure Linux-based wireless access point]] | *Linux.com [[https://www.linux.com/learn/create-secure-linux-based-wireless-access-point|Create a secure Linux-based wireless access point]] |
*Gentoo [[https://wiki.gentoo.org/wiki/Home_Router|Home Router]] | *Gentoo [[https://wiki.gentoo.org/wiki/Home_router|Home Router]] |
*Stackexchange [[https://unix.stackexchange.com/questions/128439/good-detailed-explanation-of-etc-network-interfaces-syntax|Good detailed explanation of /etc/network/interfaces syntax?]] and [[https://unix.stackexchange.com/questions/192671/what-is-a-hotplug-event-from-the-interface/192913#192913|What is a hotplug event from the interface?]] | *Stackexchange [[https://unix.stackexchange.com/questions/128439/good-detailed-explanation-of-etc-network-interfaces-syntax|Good detailed explanation of /etc/network/interfaces syntax?]] and [[https://unix.stackexchange.com/questions/192671/what-is-a-hotplug-event-from-the-interface/192913#192913|What is a hotplug event from the interface?]] |
| |