Parts of the article is inspired by "Introduction to Networking - What do all these little things do" Series Kudo to Eli the Computer Guy
The way you can connected to internet at your home is through the following devices:
[Device#1, Device#2, ...] -> (Wireless Access Point) -> Switch -> Firewall -> Router -> Modem -> ISP -> Rest of Internet
Note some devices above are logically multiple devices but sometimes physically one device. The product you buy to access Internet bundles all these devices.
Modem: translate analog signal to digital signal
Modem can receive signals from:
DSL (ADSL, SDSL, VDSL)
Fiber Optic (FIOS)
Point-to-point (P2P) Wireless
Wireless (3G, 4G, 5G)
IEEE 802.11(a, b, g, n):
802.11a: nobody use it, not compatible with any other standards
802.11b: slow, old
802.11g: faster, stabler, standard
802.11n: new, allow larger area, faster, built for real time communication
Hub: obsolete, split signal equally Switch:
unmanaged switch: hardcoded, no configuration
managed switch: can program switch
Switch need to match the speed of internet. Usually each building has one big switch.
Patch Panel: a layer between switch and exit point so that we can have a lot more exit points and some move connections around when they are not used.
Wireless Access Point: provides WiFi signal
Internet Service Provider: centralized institution that get you internet access
enterprice class: immediate response to issue
residential class: <5 days response to issue
Why not dynamic IP:
Email filters block emails sent from dynamic IP address
IP address change and you can't set up a server
Service Level Agreements (SLA): IPS guarantee I get certain speed 99% of time. An lawful agreement to prevent false advertisement. However, residential class seldom has such SLA. Advertised speed is not SLA.
In linux, DNS is controlled by
systemctl status resolvconf.service)
You change `/etc/network/interfaces
To see the changes, you mest reboot the server
For more detail, check this youtube
For Windows: Follow this guide.
For Linux: Follow this guide.
By default, packet forwarding is disabled in Linux systems. To enable it, open the file /etc/sysctl.conf in your favorite editor and add the line,
net.ipv4.ip_forward = 1: M's kernel receives a packet whose destination IP address indicates it's not meant for M. What will it do? When
ip_forward=0, it thinks: "I don't know why this got sent to me and I don't really care. To the trash it goes!" With ip_
forward=1, "Hmm, this is not for me. But I know where the recipient is, so I'll just resend it with the correct MAC address."
$ sudo vi /etc/sysctl.conf # Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1
Install dnsmasq to serve IP addresses to the 192.168.2.0 network.
In the rest of this tutorial we will use enp1s0 for the Ethernet network device and wlp2s0 for the WiFi for the first computer. These may be different in your computer and you would need to replace these with the values obtained by running the ip link command in the steps given below.
Next we need to configure dnsmasq. Configuring dnsmasq by editing the /etc/dnsmasq.conf file,
$ sudo vi /etc/dnsmasq.conf # Add the lines, interface=enp1s0 dhcp-range=192.168.2.100,192.168.2.200,24h
The next step is to configure the enp1s0 interface. This is done by editing the
$ sudo vi /etc/network/interfaces auto lo iface lo inet loopback # Add the lines, auto enp1s0 iface enp1s0 inet static address 192.168.2.1 network 192.168.2.0 netmask 255.255.255.0 broadcast 192.168.2.255
Next, create the file,
/etc/network/if-pre-up.d/router_firewall, using a text editor with superuser privileges (e.g.,
sudo vi /etc/network/if-pre-up.d/router_firewall), and with contents as given below. As mentioned above, this file uses enp1s0 for Ethernet NIC device file and wlp2s0 for the WiFi device file, which you might need to change if the values on your computer are different.
#!/bin/bash # # script for source Network Address Translation using iptables # iptables -F iptables -t nat -F iptables -X iptables -N val_input iptables -N val_output # allow packets with NEW, ESTABLISHED and RELATED states iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i lo -j RETURN iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o lo -j RETURN iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i enp1s0 -j RETURN iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o enp1s0 -j RETURN iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i wlp2s0 -j RETURN iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o wlp2s0 -j RETURN iptables -A val_input -j DROP iptables -A val_output -j DROP iptables -A INPUT -p tcp -j val_input iptables -A OUTPUT -p tcp -j val_output iptables -t nat -A POSTROUTING -o wlp2s0 -j MASQUERADE
iptables commands are described in the iptables tutorial. Next, make the file, /etc/network/if-pre-up.d/router_firewall, executable.
sudo chmod +x /etc/network/if-pre-up.d/router_firewall
Table of Content