Fresh Ubuntu (WSL) Tweaks

I’ve recently found myself doing more Linux based tasks so brushing up on my CLI and getting my head back around Ubuntu and it’s derivatives was a must.

Here’s my list of essential Ubuntu and Ubuntu WSL fresh install tweaks…

Installing the following apps – all are command line driven and can be installed with:
sudo apt install ...

nmap – Great for port scanning individual IP addresses either broadly or for specific port and protocols, very good if used to probe a range or subnet as well if you want to get quick visibility. One of my favourite one liners with this at the moment is:
nmap -p80 192.168.0.0/24 -oG - | grep 80/open
This will run a sweep across the IP subnet or range you enter along the given port and print a clean list of what responds.

net-tools – Over the years I’ve seen Ubuntu change the way it handles networking and sometimes you just need a fast way of getting what you want. A common one for me is needing your gateway IP on the computer you are using by using, annoyingly Windows does this well with ipconfig but this allows you:
route

ncdu – I found this super handy little app when trying to figure out what was eating away at my home directory, it’s a disk usage visualiser, you can run it broadly or point it at a particular directory and it will calculate disk usage and allow you to drill down through sub folders:
ncdu /path/to/directory
ncdu /


htop – Very common one, let’s you see what’s going on with your system in a similar way to top but with a nicer and colourful graphic:
htop

iperf – Not one I use too often as rarely do I have the luxury of a Linux box at either end of the network I’m working on. Still good for testing throughput in your network though. I do need to get around to switching towards iperf3 but for the rarity I use it – original iperf does me well for now:
iperf -s
iperf -c IP.OF.SERVER.HERE


whois – A good IP lookup tool, ideal if you’re trying to figure out what or where owns the IP you’re seeing traffic going to or from. It gives credible information back and offers larger network information if you are trying to build firewall rules or access lists:
whois IP.ADDRESS.YOU.WANT

arping – Another one I don’t use massively regularly but is very handy in situations where you suspect a duplicate LAN IP or need some more info on the MAC address:
sudo arping IP.ADDRESS.YOU.WANT

Other tweaks I like to make…

Command history adjustment: This one allows you to use the “page up” and “page down” to scan through your command history, ideal if you can remember the first letter or word but need a nudge to remember the full command (aside from history of course):
sudo nano /etc/inputrc
Then search for the lines with the following and remove the “#” pre-cedeing these lines:
alternate mappings for "page up" and "page down" to search the history
"\e[5~": history-search-backward
"\e[6~": history-search-forward

Bonus Tweak
This one is shortly about to become “not a thing” and I know it uses the oh so dirty “snap” which has it’s security issues.
MikroTik Winbox Easy Installation:
sudo snap install winbox

There you go!
From being a Linux daily driver, forced migration to Windows for 5 years and then re-emerging back towards Linux primarily with the use of WSL this is where my starting point is and for going forwards as I undoubtedly start rebuilding my virtual estate.

pfSense FQ_CoDel & Bufferbloat

I’ll start with – Tom from Lawrence Systems absolutely nailed the tutorial for this!

Bufferbloat is something that sits in my mind, recently I’ve picked up the gaming mantle again and latency has been greatly improved by me now being on FTTP as opposed to the old SoGEA FTTC service. Improving that latency though and making it more even is something I’ve always been on top of previously using a USG3 (smart queues), then SFQ on MikroTik before FQ_CoDel when ROS7 launched and then more recently FQ_CoDel with pfSense. Other queue algorithms are about and work to a degree but FQ_CoDel is the one I’ve had most success with.

I followed some YT videos in the past and thought I’d taken in the documentation properly but it turns out I hadn’t, Tom nailed it with this recent video though and following this moved me from an A to an A+ on the bloat test.

It’s super simple and in general if you’re doing anything latency dependant I’d highly advise implementing some kind of FQ_CoDel

Windows Home Lab?

I’ve got an IT based project on again! It’s been an absolute age since I’ve been “interested” in my IT and computers and servers and all things good like this but I’ve got a project on my hands, add in as well I currently have a renewed interest in learning and relearning some network essentials and generally needing to sharpen back up on these things (more to come on that in the future).

So…
I had a spare HP Gen8 Microserver with one of the 1260 Xeon’s (4c8t) and 16GB RAM so a decent little box by most accounts. A quick amazon order for 2 Oracle SSD>HDD mounting brackets and I’ve got 2 Crucial 240GB SSD’s in the first two 6Gb SATA drive bays.

A quick hop over onto Gamers Outlet and I’d bagged a Server 2022 license and probably 10 minutes of installing later I have a decent little server running. This is being used now in 2 parts, firstly for my project to look at guest accounts, remote desktop access and how to lock down users. The second part of it is to spin up a HyperV environment and get some MikroTik CHR’s talking to each other! A return to MikroTik world albeit brief as I don’t envisage my work going that way again any time soon, it was good to use Tik to understand the concepts and replicate in my own way.

More to come as the IT project unfolds and yeah maybe more networky stuff…

ReInstalled pfSense CE

I said I wasn’t going to but then I’ve lost access to some of the packages I was using and am unable to install any more so it was time to sidegrade to the CE from Plus. I’ve watched Tom from Lawrence Systems YouTube video on how to do it a couple of times and to be fair the process was perfectly easy.
Backup>Reinstall>Restore

Whilst my firewall was down I took advantage and upgraded the BIOS which had eluded me on the last shutdown but this time it was done without issues.

Back up and running and absolutely nothing specal to report which is kind of what you want of a firewall. No problems, no oddities.

Still got this odd “can’t reach Gb” problem on the WAN which I think is down to signle core performance but I can lve with it for now being as changes may be coming soon in that department anyway.

10Gb Firewall > Core Switch

My Intel X520 card have arrived and have been far better than expected. They’re both like new, one even has the LP bracket with it and all 4 Intel SFP’s are like brand new.
I moved both my LAN and WAN interfaces to the R210’s onboard coppers and installed the new card, connected up with a temporary fibre patch cable and it came straight up. LAN moved back onto the 10Gb along with the VLAN’s and we are now live with 10Gb Firewall>Switch>CaveSwitch – Complete 10Gb backbone.

Will it make a difference day to day? Nope. But it’s been an itech I’ve been dying to scratch and now I have a spare X520 to install into the backup server and get rid of the 4 ether LACP.