October 8, 2025
Wednesday 12:46 AM
Wednesday 12:46 AM
| Public Links |
|---|
| - CenTex NWS Alerts |
| Synapse Misfires |
|---|
| - Eww, That Smell |
| - Here Ya Go! |
| - Texas Weather |
| - Takes a Village |
| - It Was Vewy Quiet |
| - TPWD Geocaching |
| Not Logged In |
| Originals |
|---|
| - On Photography |
| Not Logged In |
| Topical Collections - My Online Memory |
|---|
| - HippoFan Geocaching |
| - Home Automation |
| - 3D Printing |
| - Build Your Own Server |
| - Amateur Radio |
| - Daily Compute |
| - Recreational Vehicles |
| - Drones |
| - Live Streaming |
| - Smokers |
| - Woodworking |
| Not Logged In |
Networking Topics
Devices / MAC/IP Addresses / hosts / routers / firewalls / ftpd / sshd / filezilla
CentOS / RHEL Network Devices
MAC / IP Addresses
/etc/hosts file
/etc/hosts (vital for local testing)The hosts file defines IP addresses and hostnames at the local level. This means if your server needs the IP of a particular server it can go to this file and find out what IP address to use. (More on bind and DNS at another time.)
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.100 mynewserver.net www.mynewserver.net www.myothernewserver.net myothernewserver.net
Router Settings
If your intent is to open up the server to the outside world, meaning grant people outside your router access to its web or mail server, you'll need to configure the router to allow certain types of network traffic to pass. This traffic will be specified either by traffic type or internet port number or both, depending on your router.
My current Linksys "Smart Wi-Fi" router has the settings under the Router Settings => Security menu, within the Apps and Gaming tab.
Selecting Single Port Forwarding gets me to the following menu
| Application name | External Port | Internal Port | Protocol | Device IP# | Enabled | |
|---|---|---|---|---|---|---|
| web-http | 80 | 80 | Both | 192.168.1.10 | True | Edit/ Delete |
| web-https | 443 | 443 | Both | 192.168.1.10 | True | Edit/ Delete |
Firewall Settings
The linux firewall daemon is enabled by default.
Some firewall sample commands
The linux firewall daemon is enabled by default.
[root@localhost ~]# systemctl status firewalld
* firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset; enabled)
Active: active (running) since Thu 2023-03-02 15:29:42 CST; 2 days ago
Docs: man:firewalld(1)
Main PID: 930 (firewalld)
Tasks: 3 (limit: 614226)
Memory: 47.3M
CPU: 2.162s
CGroup: /system.slice/firewalld.service
+- 930 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid
Mar 02 15:29:34 localhost system[1]: Starting firewalld - dynamic firewall daemon...
Mar 02 15:29:42 localhost system[1]: Started firewalld - dynamic firewall daemon.
# Show which services are in the current firewall configuration [root@localhost ~]# firewall-cmd --list-services dhcpv6-client http https ssh # Show all predefined services you can choose to enable [root@localhost ~]# firewall-cmd --get-servicesRH-Satellite-6 RH-Satellite-6-capsule afp amanda-client amanda-k5-client amqp amqps apcupsd audit ausweisapp2 bacula bacula-client bb bgp bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc bittorrent-lsd ceph ceph-mon cfengine checkmk-agent cockpit collectd condor-collector cratedb ctdb dhcp dhcpv6 dhcpv6-client distcc dns dns-over-tls docker-registry docker-swarm dropbox-lansync elasticsearch etcd-client etcd-server finger foreman foreman-proxy freeipa-4 freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp galera ganglia-client ganglia-master git gpsd grafana gre high-availability http http3 https ident imap imaps ipfs ipp ipp-client ipsec irc ircs iscsi-target isns jellyfin jenkins kadmin kdeconnect kerberos kibana klogin kpasswd kprop kshell kube-api kube-apiserver kube-control-plane kube-control-plane-secure kube-controller-manager kube-controller-manager-secure kube-nodeport-services kube-scheduler kube-scheduler-secure kube-worker kubelet kubelet-readonly kubelet-worker ldap ldaps libvirt libvirt-tls lightning-network llmnr llmnr-tcp llmnr-udp managesieve matrix mdns memcache minidlna mongodb mosh mountd mqtt mqtt-tls ms-wbt mssql murmur mysql nbd netbios-ns netdata-dashboard nfs nfs3 nmea-0183 nrpe ntp nut openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole plex pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy prometheus prometheus-node-exporter proxy-dhcp ps3netsrv ptp pulseaudio puppetmaster quassel radius rdp redis redis-sentinel rpc-bind rquotad rsh rsyncd rtsp salt-master samba samba-client samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptls snmptls-trap snmptrap spideroak-lansync spotify-sync squid ssdp ssh steam-streaming svdrp svn syncthing syncthing-gui synergy syslog syslog-tls telnet tentacle tftp tile38 tinc tor-socks transmission-client upnp-client vdsm vnc-server wbem-http wbem-https wireguard ws-discovery ws-discovery-client ws-discovery-tcp ws-discovery-udp wsman wsmans xdmcp xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent zabbix-server zerotier
# Add a new service to the firewall "allowed" rules
[root@localhost ~]# firewall-cmd --add-service=zerotier
success
# Make sure it is included
[root@localhost ~]# firewall-cmd --list-services
dhcpv6-client http https ssh zerotier
# Make the changes permanent
[root@localhost ~]# firewall-cmd --runtime-to-permanent
success
# Block a specific IP address from everything, or more precisely, ignore it so it gets no response.
[root@localhost ~]# firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='xx.xx.xx.xx/xx' drop"
success
85.208.214.85
35.216.169.119
94.102.51.9 masscan
scan for parameters/strings: masscan
# Make the changes permanent
[root@localhost ~]# firewall-cmd --runtime-to-permanent
success
# If your system has two network interfaces, use the following command to change one interface into another zone.
[root@localhost ~]# firewall-cmd --zone=internal --change-interface=enp6s0
# Verify it worked using the following command:
[root@localhost ~]# sudo firewall-cmd --get-active-zones
public
interfaces: enp4s0
internal
interfaces: enp6s0
# Make the changes permanent
[root@localhost ~]# firewall-cmd --runtime-to-permanent
success
Setting up VsFTPd
Setting up ssh daemon
Setting up FileZilla on you Windows client
Choose the installation options for your system
Click on "File" - "SiteManager:
Click on "New Site" and name it appropriately
Under General, select "SFTP - SSH File Transfer Protocol" as the Protocol Add the new Host server's IP Address, and the Port Number assigned above
"Logon Type" = "Normal"
"User" = your (non root) user name
Option: Either enter the user's password into the "Password" field, or leave it blank to be prompted for each session for security.
Click "OK"
Under Advanced, select both local (client) and remote (on the server) foldernames to start each session.
Everything else can remain as delivered.
To try it out, use the pulldown below "File" to open the newly created site
Click on "File" - "SiteManager:
Click on "New Site" and name it appropriately
Under General, select "SFTP - SSH File Transfer Protocol" as the Protocol Add the new Host server's IP Address, and the Port Number assigned above
"Logon Type" = "Normal"
"User" = your (non root) user name
Option: Either enter the user's password into the "Password" field, or leave it blank to be prompted for each session for security.
Click "OK"
Under Advanced, select both local (client) and remote (on the server) foldernames to start each session.
Everything else can remain as delivered.
To try it out, use the pulldown below "File" to open the newly created site
|
"Enough generations of socialist policies have now passed for us to judge their effects. They are bleak. Socialism undermines the character of a nation and of its citizens. In simpler words, socialism makes people worse." - Dennis Prager |
| Geek Humor |
|---|
| Okay, you read the geek humor. That's enough social interaction for today. |
| Regular Reading |
|---|
| Blogs and RSS Feeds |
| Special Archives |
| People of The Son |
| People of the Gun |
| Groups of the Gun |
| People of the Hack |
| Legal Eagles |
| Mine, all Mine |
An exercise in truly free free-speech. No license required, no training wheels available.
"When words lose their meaning, people will lose their liberty." -- Confucius
vincit omnia veritas