May 28, 2021 — 15:35

Author: silver  Category: network web  Comments: Off

If you ever need an IPAM and/or DCIM tool this one is highly recommended. It allows modeling all your infra including network, datacenter and virtualization using a web gui and has an extensive REST API. It can be extended by plugins and "custom fields".

Today it’s widely used and there’s plenty of docs, examples and integrations available.


The tool is build on Python/Django and uses PostgreSQL. LDAP and other auth methods can be configured. Manual installation includes installing required packages, db and http server. Upgrading to latest version is supported. There’s also Ansible playbooks available for deploying (3rd party).


There’s Sites, Racks, Devices, Virtualization, VLAN and Interfaces. VM’s and Devices are seen separately and have their own API calls, which might be something to be aware of.


Devices can be put in racks and have Connections using Cables connecting Interfaces. Same goes for Power, Console, Storage etc.


For IPAM there’s Prefixes, IP’s (4 and 6), VLANs, VRF’s and VC’s.

Importing data

Can be done in bulk with e.g. CSV or using the API. If you’re migrating from RackTables there’s ‘racktables2netbox’ but be aware it’s not updated and not directly usable in it’s current state (e.g. API’s changed). It uses ‘pynetbox’, a client lib you can also use for own scripts.


Private ranges
December 11, 2019 — 14:41

Author: silver  Category: network  Comments: Off

RFC1918 (IPv4)

  • – (10/8 prefix)
  • – (172.16/12 prefix)
  • – (192.168/16 prefix)

RFC1918 (IPv6)

  • fd00::/8



Range start-end:


December 11, 2019 — 14:32

Author: silver  Category: linux network  Comments: Off

nftables (nft) replaces iptables:

  • Debian (10 buster) links ‘iptables’ to ‘iptables-nft’ and ‘iptables-legacy’ is actually ‘iptables’
  • RH uses nft as as preferred firewall since RHEL8 and firewalld uses nft as backend

If you haven’t switched yet you might want to ‘translate’ your current iptables rules and make other programs use nft.


rules are located in:

  • Debian /etc/nftables.conf
  • RedHat /etc/sysconfig/nftables.conf


nft list ruleset

nft list chain ip filter INPUT

nft list tables nft list table ip filter


nft flush ruleset


iptables-restore-translate -f /etc/iptables/rules.v4 > /etc/iptables/ruleset.nft

ip6tables-restore-translate -f /etc/iptables/rules.v6 > /etc/iptables/ruleset6.nft


Oddly enough the only place I could find a nft plugin was here

curl -o /usr/share/netfilter-persistent/plugins.d/15-nft


Make f2b use nft. From

  • edit ‘/etc/fail2ban/jail.local.conf’: banaction = nftables-multiport

  • add to ‘/etc/nftables.conf’: include "/etc/fail2ban.conf"

  • create ‘/etc/fail2ban.conf’:

#!/usr/sbin/nft -f

# Use ip as fail2ban doesn't support ipv6 yet
table ip fail2ban {
        chain input {
                # Assign a high priority to reject as fast as possible and avoid more complex rule evaluation
                type filter hook input priority 100;

Windows IPv6 tunnel
March 28, 2018 — 11:39

Author: silver  Category: network windows  Comments: Off

How to create a 6to4 tunnel in Windows using CLI (for use with HE’s free Tunnel Broker service for example).

netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel TunnelName  
netsh interface ipv6 add address TunnelName 2001:a:b:c::2
netsh interface ipv6 add route ::/0 TunnelName 2001:a:b:c::1


  • “2001:a:b:c::” is your prefix
  • “2001:a:b:c::1” is the gateway
  • “2001:a:b:c::2” is your ipv6 address

Delete the tunnel:

netsh interface ipv6 delete address TunnelName 2001:a:b:c::2
netsh interface ipv6 delete route ::/0 TunnelName 2001:a:b:c::1
netsh interface ipv6 delete interface TunnelName

A HE tunnel can be requested here:

November 27, 2016 — 14:55

Author: silver  Category: network  Comments: Off


Linux Advanced Routing & TC:

Basic commands

I guess ifconfig is deprecated now…


ip a help

( a=address l=link r=route )


ip a show eth0

ip l show eth0

ip r get

( use ip -4 or -6 for ipv4/6 )


ip l set dev eth0 up

ip a add dev eth0


Two Default Gateways

Useful to setup for hosts on multiple subnets/networks.



Add table:

echo -e "10\trt2" >> /etc/iproute2/rt_tables

Add route/rule:

ip route add dev eth1 src table rt2
ip route add default via dev eth1 table rt2

ip rule add from table rt2
ip rule add to table rt2

ip rule add from table rt2
ip rule add to table rt2

ip route flush cache
ip route list table rt2
ip route show
ip rule show


ping -I

Making it permanent



post-up ip route add dev eth1 src table rt2
post-up ip route add default via dev eth1 table rt2
post-up ip rule add from table rt2
post-up ip rule add to table rt2


post-up ip rule add from table rt2
post-up ip rule add to table rt2


echo " dev eth1 src table rt2" >> /etc/sysconfig/network-scripts/route-eth1
echo "default via dev eth1 table rt2" >> /etc/sysconfig/network-scripts/route-eth1

echo "from table rt2" >> /etc/sysconfig/network-scripts/rule-eth1
echo "to table rt2" >> /etc/sysconfig/network-scripts/rule-eth1
echo "from table rt2" >> /etc/sysconfig/network-scripts/rule-eth1
echo "to table rt2" >> /etc/sysconfig/network-scripts/rule-eth

September 5, 2012 — 14:56

Author: silver  Category: network  Comments: Off

Useful websites:


show int status (which port, vlan)
show vlan (on switch)
show int des (all descriptions)
show ip int brief (all ip interfaces)
show hard (hardware)
show ver (version)
show environment
show ? (all show cmds)
show cdp (neighbours)
show lacp
show int p0 (port/channel)
show users
show utp status (trans/client)

We use Matomo free and open source web analytics
We also use Jetpack Stats which honors DNT