Rede Linux - Denck Docs

Comandos Essenciais

ip

# Ver interfaces e IPs
ip addr
ip addr show enp0s3

# Adicionar IP
ip addr add 192.168.1.100/24 dev eth0

# Remover IP
ip addr del 192.168.1.100/24 dev eth0

# Ver rotas
ip route
ip route show

# Adicionar rota
ip route add default via 192.168.1.1

# Ver vizinhos
ip neigh

# Link status
ip link show
ip link set eth0 up
ip link set eth0 down

ifconfig (legacy)

ifconfig
ifconfig eth0
ifconfig eth0 192.168.1.100 netmask 255.255.255.0

DNS

# Ver DNS
cat /etc/resolv.conf

# Testar DNS
nslookup google.com
dig google.com
host google.com

# Flush DNS cache
systemd-resolve --flush-caches
/etc/init.d/nscd restart

Conectividade

# Ping
ping -c 4 google.com
ping -i 0.5 -c 10 host

# Traceroute
traceroute google.com
traceroute -I google.com

# MTR (combina ping e traceroute)
mtr google.com

# Netcat
nc -zv host 80
nc -lvp 4444

Portas e Conexões

# Netstat
netstat -tulpn           # TCP/UDP listening
netstat -anp             # Todas conexões
netstat -r               # Tabela de rotas

# SS (moderno)
ss -tulpn                # Listening ports
ss -s                    # Summary
ss -tp                   # Com processos

# Lsof
lsof -i                   # Arquivos de rede
lsof -i :80              # Porta 80
lsof -i -P -n            # Sem resolver nomes

Firewall

iptables

# Listar regras
iptables -L -n -v
iptables -L INPUT -n

# Politicas padrão
iptables -P INPUT ACCEPT
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Aceitar loopback
iptables -A INPUT -i lo -j ACCEPT

# SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# HTTP/HTTPS
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Bloquear IP
iptables -A INPUT -s 192.168.1.100 -j DROP

# NAT
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.100:8080

# Salvar regras
iptables-save > /etc/iptables/rules.v4

nftables

# Ver regras
nft list ruleset

# Criar tabela
nft add table ip filter

# Criar chain
nft add chain ip filter input { type filter hook input priority 0 \; policy accept \; }

# Adicionar regra
nft add rule ip filter input tcp dport 22 accept

# Salvar
nft list ruleset > /etc/nftables.conf

UFW (Ubuntu)

ufw status
ufw enable
ufw disable

ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp

ufw deny from 192.168.1.100
ufw delete allow 80/tcp

ufw reload

Bonding/Teaming

Bonding

# /etc/network/interfaces
auto bond0
iface bond0 inet static
    address 192.168.1.10
    netmask 255.255.255.0
    gateway 192.168.1.1
    slaves eth0 eth1
    bond-mode 802.3ad
    bond-miimon 100
    bond-lacp-rate 1

# Modos
# 0 - round robin
# 1 - active-backup
# 2 - balance-xor
# 3 - broadcast
# 4 - 802.3ad (LACP)
# 5 - balance-tlb
# 6 - balance-alb

VLANs

# Instalar utilitários
apt install vlan

# Criar VLAN
ip link add link eth0 name eth0.100 type vlan id 100
ip addr add 192.168.100.10/24 dev eth0.100
ip link set eth0.100 up

# /etc/network/interfaces
auto eth0.100
iface eth0.100 inet static
    address 192.168.100.10
    netmask 255.255.255.0
    vlan-raw-device eth0

Bridge

# Criar bridge
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1

ip link set br0 up
ip addr add 192.168.1.10/24 dev br0

Túnel

SSH Tunnel

# Local port forward
ssh -L 8080:localhost:80 user@remote

# Remote port forward
ssh -R 8080:localhost:80 user@remote

# Dynamic (SOCKS proxy)
ssh -D 1080 user@remote

WireGuard

# Instalação
apt install wireguard

# Gerar chaves
wg genkey | tee privatekey | wg pubkey > publickey

# /etc/wireguard/wg0.conf
[Interface]
PrivateKey = <private-key>
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = <peer-public-key>
AllowedIPs = 10.0.0.2/32

# Ativar
wg-quick up wg0
wg-quick down wg0

NetworkManager

# CLI
nmcli device status
nmcli connection show
nmcli connection up "Wired connection 1"
nmcli connection down "Wired connection 1"

# WiFi
nmcli device wifi list
nmcli device wifi connect SSID password PASSWORD

# Adicionar IP estático
nmcli connection modify "eth0" ipv4.addresses 192.168.1.100/24
nmcli connection modify "eth0" ipv4.gateway 192.168.1.1
nmcli connection modify "eth0" ipv4.dns 8.8.8.8
nmcli connection modify "eth0" ipv4.method manual
nmcli connection up "eth0"

TCP Tuning

# Ver configurações atuais
sysctl -a | grep net.ipv4.tcp

# /etc/sysctl.conf
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 6291456
net.ipv4.tcp_wmem = 4096 65536 6291456
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

# Aplicar
sysctl -p

WiFi

# Ver interfaces
iwconfig
ip link set wlan0 up
iwlist wlan0 scan

# Conectar
wpa_passphrase SSID PASSWORD > /etc/wpa_supplicant.conf
wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant.conf
dhclient wlan0

Linux

Windows

​Comandos Essenciais

​ip

​ifconfig (legacy)

​DNS

​Conectividade

​Portas e Conexões

​Firewall

​iptables

​nftables

​UFW (Ubuntu)

​Bonding/Teaming

​Bonding

​VLANs

​Bridge

​Túnel

​SSH Tunnel

​WireGuard

​NetworkManager

​TCP Tuning

​WiFi

Comandos Essenciais

ip

ifconfig (legacy)

DNS

Conectividade

Portas e Conexões

Firewall

iptables

nftables

UFW (Ubuntu)

Bonding/Teaming

Bonding

VLANs

Bridge

Túnel

SSH Tunnel

WireGuard

NetworkManager

TCP Tuning

WiFi