Connecting Network Namespaces with veth
This post will look at how to define network namespaces and connect to and between them using veth pairs
Rohan MolloyThis post will look at how to define network namespaces and connect to and between them using veth pairs
Rohan MolloyThis is a simple Bash script I wrote to generate memorable names for an IP address space. The names are camelCase word pairs obtained by shuffling a list of the thousand most common English words. This produces readable and memorable hostnames, e.g. FormerAbility.
Rohan MolloyComprehensive documentation of all of the options for the dnsmasq DNS/DHCP server, with practical examples
Rohan MolloyIn this tutorial, I'll be setting up a pair of authoritative DNS servers using the NSD DNS server daemon.
Rohan MolloyIt would be neat if my wireless access point could bridge directly to my cable modem so that clients would have proper public IP addresses. Being directly connected to the internet significantly increases vulnerability so the aim is to address this with a bridge firewall.
Rohan MolloyThis tutorial will show you how to set up TOR as a daemon and host hidden services. Hidden services are only available on the TOR darknet and allow you to host services without revealing your IP. Tor hidden services can be accessed via a special .onion domain. Although it hides your IP address, Tor…
Rohan MolloyDigitalocean allows, for free, the option to add an additional IP address to your virtual machine ("droplet"). These floating IPs are similiar to Amazon AWS Elastic IPs and are tied to your account and location, rather than any specific instance This means that when an instance is destroye…
Rohan MolloyToday we will learn how to create your own recursive DNS server using Unbound. This will improve performance through caching. We will also look at ad-blocking.
Rohan MolloyToday we will learn about loopback addresses that can be reached from the outside via routing. This is useful for running services on a router In a previous post, I talked about the loopback interface and how we can locally bind services to any address in the range 127.0.0.1-127.255.255.254. This is…
Rohan MolloyThe Ubiquti Edgerouter Lite has an iptables based firewall. For each firewall rule (and named set of ules) there is a is an option to enable LOG. Unsolicited traffic to tcp ports, especially ssh, telnet is very common and so our log gets quite large, rather quickly. On a device with limited storage…
Rohan MolloyThe loopback interface is most familiarly encountered as 127.0.0.1 and is referred to as the local loopback address. This address is present on every IPv4 host and is given the hostname localhost. What people either don't know or seem to forget is that on the lo interface, there's ~16 million other…
Rohan MolloySo this is one application of the SMS gateway. My home internet gets its address via DHCP, however, unless something goes wrong, the addresses are usually reasonably persistent (generally at least 10 days). I was motivated to set this up because when my ISP was having connectivity issues, it was ver…
Rohan MolloyThe command known as ss which stands for socket statistics. It is used for listing listening and established connections and to find out which processes and users are associated with them. Finding all outbound connections to a particular port ss -t -o 'dport = :ssh' --resolve | awk '{print $4,$5,%6…
Rohan MolloyThere is a command called column which allows you to format the lines produced by a command into symmetrical rows/columns, which can then be easily converted into CSV or JSON. This will be quite handy for reading and populating files. In this case, I needed to populate /etc/ethers/ from the arp tabl…
Rohan MolloySo what is DHCP? How automatic configuration works The DHCP client When you bring your laptop over to your buddies house and plug into their network, your internet is ready by "magic". This is achieved by the DHCP client daemon dhcpcd. When a new network link comes on line (e.g plugging in…
Rohan MolloyThere are lots of places where you can download ad blacklists in the form of simple host files, but they require manual installation on every device. Instead we will make records for our DNS server so we can block ads network wide. I used a blacklist from somewhocares. This github page contains a ra…
Rohan Molloy