Here is a clever way of making a single ethernet port to talk to two networks (on the same physical network). WHY? Well, I have a neat little Blackfin EZLite kit that will only work with the IP address 192.168.1.1 with a netmask of 255.255.255.0. This is not the address of my home network, so, I need to be able to connect it to the network, but I don't want to run a whole second set of cables, hubs, etc. So I found this:
By default, my eth0 on my main computer is 10.0.0.2/24, and all the other computers are 10.0.0.???. it turns out that the0 can be assigned a virtual port as well, being named eth0:0. To do this, all I have to do is:
# ip addr add 192.168.1.2/24 dev eth0 # ip addr show [eth0]
The first command sets up the basic network information,
with the "/24" specifying the 24-bit netmask, or,
255.255.255.0. The eth0 is optional; if ignored, it
will show the IP addresses of all ports on the computer.
Here is a clever way of checking what computers are connected on the immideate network:
# nmap -sn 10.0.0.0/24
Of course, select an appropriate network range for your system.
Drop an IP Range of input packets
# iptables -A INPUT -s 93.123.109.0/24 -j DROP
save current tables to a file
# iptables-save > filename
restore file to current tables
# iptables-restore < filename
Log and drop input packets from IP range (see messages in /var/log/syslog)
# iptables -N LOG_DROP # iptables -A LOG_DROP -j LOG --log-level 4 --log-prefix="INPUT_LOG_DROP: " # iptables -A LOG_DROP -j DROP # iptables -A INPUT -s 64.23.166.181 -J LOG_DROP
List rules with numbers
# iptables -L --line-numbers
Delete a rule by line number
# iptables -D INPUT 3
Sometimes, a Linux user might be caught behind a firewall that is.... unfriendly... to Linux. There is a "trusted device" setting that Windoze biggots use to block non-Windoze computers. Typically, this will block all IP traffic except HTTP and HTTPS. The way they detect operating systems in the IP traffic is by using "fingerprinting." The main difference (although there may be others) is the Time-To-Live (TTL) value. Windows typically uses 128, while Linux uses 64. I suppose you could dig through the kernel code to change that, which was what I started doing, but I realized there was a better way. By switching the 128 to 64 in the IP packet, we can essentially lie to the firewall, and claim to be a Windoze computer. Makes me feel kinda dirty, but if they want to profile against Linux, I don't really feel too badly about lying to them. The way to perform this lie is with iptables:
# iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN SYN -j TTL --ttl-set 128
I've only tried this once, but it worked great.
ping -b 255.255.255.255
Back in the days we didn't have to worry about hackers ALL the time, one useful tool for finding which computers were up and active on the network was a broadcast ping. Basically, this was accomplished by pinging the broadcast address of a network. OK, that will probably need more explanation of IPV4 than I care to go into.
The private IP address for Class C networks is 192.168.0.0, although others are usually fine, such as 192.168.1.0 also. Frequently, you will find these addresses followed by /24: so it looks like 192.168.0.0/24. this means that the first 24 bits are the "network" address (192.168.0.0), and the usable IP addresses on the network range from 192.168.0.1 up through 192.168.0.254, and the reserved broadcast address is 192.168.0.255.
Now - if you are on one computer at IP address 192.168.0.4 and you want to check a computer at IP address 192.168.0.12, you can simply "ping" it:
$ ping 192.168.0.12 PING 192.168.0.12 (192.168.0.12) 56(84) bytes of data. 64 bytes from 192.168.0.12: icmp_seq=1 ttl=54 time=13.9ms 64 bytes from 192.168.0.12: icmp_seq=2 ttl=54 time=14.5ms 64 bytes from 192.168.0.12: icmp_seq=3 ttl=54 time=16.1ms ^C --- 192.168.0.12 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 13.897/14.837,16.081/0.917 ms
All of that provides information talking to that computer, and some basic statistics on travel time. It's great for reaching out to a single computer, but trying to check every computer on a network would be fairly miserable. Instead, it USED to be possible to send out a broadcast ping to the entire network:
~$ ping -b 192.168.0.255 WARNING: pinging broadcast address PING 192.168.0.255 (192.168.0.255) 56(84) bytes of data. 64 bytes from 192.168.0.4: icmp_seq=1 ttl=64 time=0.022 ms 64 bytes from 192.168.0.9: icmp_seq=1 ttl=64 time=0.130 ms 64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.238 ms 64 bytes from 192.168.0.4: icmp_seq=2 ttl=64 time=0.026 ms 64 bytes from 192.168.0.9: icmp_seq=2 ttl=64 time=0.112 ms 64 bytes from 192.168.0.2: icmp_seq=2 ttl=64 time=0.272 ms 64 bytes from 192.168.0.4: icmp_seq=3 ttl=64 time=0.027 ms 64 bytes from 192.168.0.9: icmp_seq=3 ttl=64 time=0.114 ms 64 bytes from 192.168.0.2: icmp_seq=3 ttl=64 time=0.244 ms ^C --- 192.168.0.255 ping statistics --- 3 packets transmitted, 3 received, +6 duplicates, 0% packet loss, time 2058ms rtt min/avg/max/mdev = 0.022/0.131/0.272/0.093 ms
In this case, every computer is replying to the ping. This made it very nice to run a simple check on the ehalth of all the computers on the network.
Thanks to security concerns and hackers, most modern Linux distributions have this function disabled. Whenever you come across a hacker, make sure you "thank" them appropriately.
Well, this can be fixed fairly simply in Slackware, and I have to assume that other distributions do something similar.... Do all of these as root....
Step 1: create 99-custom.conf file:
# echo "net.ipv4.icmp_echo_ignore_broadcasts = 0" > /etc/sysctl.d/99-custom.conf
Step 2: invoke change
# sysctl --system
There you go. Actually fairly simple.
(ideally...)
Now, before we get into this, this was the original, ideal set of definitions. After years of "Well, shit, we need more space," we don't really follow this all that prcisely any more.
Class C networks contain 254 usable addresses per domain, using a netmask of 255.255.255.0. The IP address range is 192.0.0.0 up through 255.255.255.255, with the very special "myself" address of 127.0.0.1 being reserved. The "private" IP range 192.168.0.0/16 (192.168.0.0 through 192.168.255.255) is the default use for people's home networks, not visible to the outside internet. There are very incredibly rare few family home networks that need to use that many addresses, although now that SO MUCH crap around the house is being connected; every laptop, computer, tablet, cell phone, "smart" device (TV, etc.), it's mot as unimaginable as it used to be for a single family to run low on address availability.
Class B networks contain 65534 usable addresses per domain using a netmask of 255.255.0.0. The IP address range is 128.0.0.0 up to 191.255.255.255. The "private" address in this range is 172.16.0.0/12 up through 172.31.255.255.
Class A networks contain 16777214 usable addresses per domain using a netmask of 255.0.0.0. The IP address range is 0.0.0.0 up through 127.255.255.255. The "private" address in this range is 10.0.0.0/8 up through 10.255.255.255.
Loopback Addresses are used for testing. The most commonly used address is 127.0.0.1, but anything in the range 127.0.0.0 up through 127.255.255.255 will do the same thing.
Link-Local Addresses 169.254.0.0 through 169.254.255.255 are used when a computer fails to receive an IP address from a DHCP server. I think this is a Micro$oft Windoze thing, only; I don't think Linux or Mac does this.
Multicast Addresses in the range 224.0.0.0 through 239.255.255.255 are used for sending data to multiple devices such as video streaming. (Class D)
Reserved for future use in the range 240.0.0.0 through 255.255.255.255 is Class E (experimental). These are addresses used in textbooks as examples, but not actually assigned. I think this is no longer accurate.