TCP-IP

Parts of the article is inspired by "Introduction to Networking - What do all these little things do" Series Kudo to Eli the Computer Guy

Domain

Domain name can contain:

• subset of ascii characters: most domains

• subset of unicode text characters: .com, .net, and other uncommon domains

• some emoji characters: only cf, .fm, .ga, .gq, .kz, .ml, .st, .tk, .to, .uz (and .ml was free to claim, but no way to get it now, but you can get some emoji domain name Here)

Note that for most browsers, only ascii characters are guaranteed to show up normally, others are converted to punycode. Here is 13 rules chrome browser decide to show punycode or unicode (in summary, these are allowed and these are not allowed.). And Here is FireFox's policy.

When a domain is converted to punycode, you will see xn--.

Some Greek character can show normally on Chrome: and most of them (except for $\theta$, can combine with numbers while still show unicode only, but $\theta$ combined with number will be converted to punycode on Chrome). https://xn--2-umb.com/ or https://2π.com/ is a domain that leverage Chrome's property.

ε0ρδμ0θσπ

Debugging Internet

Many things might go wrong with your internet connection, especially for someone like me who manually change internet settings in resolve.conf or ip-table or some places that I don't even remember.

The best way to debug is

• check if ping [url] works, if so, at least the remote machine is online and DNS resolves correctly

• chck if ping [ip] works

• check if wget [url] works, if so, then everything should be fine. otherwise, udp or tcp connection isn't working

• check if wget [ip] works

• check if nslookup return correctly

• check ip route get [url] and check ip route route table

• boot up a fresh machine and see the difference in your routing table, if VPN is connected, you should get a ppp0 in your routing table after a while.

The Internet Components

The way you can connected to internet at your home is through the following devices:

[Device#1, Device#2, ...] -> (Wireless Access Point) -> Switch -> Firewall -> Router -> Modem -> ISP -> Rest of Internet

Note some devices above are logically multiple devices but sometimes physically one device. The product you buy to access Internet bundles all these devices.

Modem

Modem: translate analog signal to digital signal

Modem can receive signals from:

• DSL (ADSL, SDSL, VDSL)

  • bundled with phone line (phone call in differnet frequency)
  • upload and download in different frequency
  • upload speed and download are different (async)
  • limited to 756 Kbps upload
  • 5~50 Mbps
  • no neighborehood issue, dedicated telephone line
  • storm will affect connection
  • the DSL provider and telephone provider has to be the same
  • DSL signal restricted to the distance between DSL and central office of the town

• Cable

  • DOCIS3.0: 50Mbps down 20Mbps up
  • most popular
  • 5~500 Mbps
  • better latency than DSL
  • bundled with TV
  • shared among neighborehoods (trunk line to central office)
  • usually no SLA

• Fiber Optic (FIOS)

  • Low attenuation (less repeater needed)
  • 500 Mbps ~ 1.5 Gps
  • upload speed is download speed (sync)
  • no neighborehood issue
  • storm will not affect connection
  • this is the best, but no infrastructure built

• Satellite

  • data to satellite and then to ISP then to rest of Internet
  • therefore upload (or things requires back-and-forth) is trash, download is fine
  • very expensive, bad latency

• 56K Dial-up

  • bundled with phone line (phone call in will disconnect internet)
  • max speed 53 kbps

• HDSL/T1 (and T2, T3, ...)

  • synchronus connection
  • 1.5 Mbps
  • 24 64bit-channels for both voice and data
    • voice will occupy some channels of data when they are used, slowing down data speed
    • fractional T1 only get some fractional channels
  • usually has SLA

• Point-to-point (P2P) Wireless

  • (directional) antenna towel send signal to antenna on top of each building
  • usually the company provide this is not reliable

• Wireless (3G, 4G, 5G)

  • advertise of "unlimited" data (but they are actually false)
  • some restrict the number of devices you can connect to

Router

IEEE 802.11(a, b, g, n):

• 802.11a: nobody use it, not compatible with any other standards

• 802.11b: slow, old

• 802.11g: faster, stabler, standard

• 802.11n: new, allow larger area, faster, built for real time communication

Firewall

Switch / Hub

Hub: obsolete, split signal equally Switch:

• unmanaged switch: hardcoded, no configuration

• managed switch: can program switch

Switch need to match the speed of internet. Usually each building has one big switch.

Patch Panel: a layer between switch and exit point so that we can have a lot more exit points and some move connections around when they are not used.

Wireless Access Point

Wireless Access Point: provides WiFi signal

ISP

Internet Service Provider: centralized institution that get you internet access

• enterprice class: immediate response to issue

• residential class: <5 days response to issue

  • some ISP block certain ports (like 80)
  • some ISP only provide dynamic IP to residential

Why not dynamic IP:

• Email filters block emails sent from dynamic IP address

• IP address change and you can't set up a server

Service Level Agreements (SLA): IPS guarantee I get certain speed 99% of time. An lawful agreement to prevent false advertisement. However, residential class seldom has such SLA. Advertised speed is not SLA.

DNS

In linux, DNS is controlled by /etc/resolv.conf, however, NetworkManager and resolvconf (systemctl status resolvconf.service)

To change /etc/resolv.conf:

• You change /etc/resolvconf/resolv.conf.d/base

• You change `/etc/network/interfaces

To see the changes, you mest reboot the server

For more detail, check this youtube

Connecting Two Computers

For Windows: Follow this guide.

For Linux: Follow this guide.

By default, packet forwarding is disabled in Linux systems. To enable it, open the file /etc/sysctl.conf in your favorite editor and add the line, net.ipv4.ip_forward = 1: M's kernel receives a packet whose destination IP address indicates it's not meant for M. What will it do? When ip_forward=0, it thinks: "I don't know why this got sent to me and I don't really care. To the trash it goes!" With ip_forward=1, "Hmm, this is not for me. But I know where the recipient is, so I'll just resend it with the correct MAC address."

$ sudo vi /etc/sysctl.conf

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

Install dnsmasq to serve IP addresses to the 192.168.2.0 network.

In the rest of this tutorial we will use enp1s0 for the Ethernet network device and wlp2s0 for the WiFi for the first computer. These may be different in your computer and you would need to replace these with the values obtained by running the ip link command in the steps given below.

Next we need to configure dnsmasq. Configuring dnsmasq by editing the /etc/dnsmasq.conf file,

$ sudo vi /etc/dnsmasq.conf
# Add the lines,
interface=enp1s0
dhcp-range=192.168.2.100,192.168.2.200,24h

The next step is to configure the enp1s0 interface. This is done by editing the /etc/network/interfaces file.

$ sudo vi /etc/network/interfaces
auto lo
iface lo inet loopback

# Add the lines,

auto enp1s0
iface enp1s0 inet static
        address 192.168.2.1
        network 192.168.2.0
        netmask 255.255.255.0
        broadcast 192.168.2.255

Next, create the file, /etc/network/if-pre-up.d/router_firewall, using a text editor with superuser privileges (e.g., sudo vi /etc/network/if-pre-up.d/router_firewall), and with contents as given below. As mentioned above, this file uses enp1s0 for Ethernet NIC device file and wlp2s0 for the WiFi device file, which you might need to change if the values on your computer are different.

#!/bin/bash
#
# script for source Network Address Translation using iptables
#

iptables -F
iptables -t nat -F
iptables -X

iptables -N val_input
iptables -N val_output

# allow packets with NEW, ESTABLISHED and RELATED states
iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i lo -j RETURN
iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o lo -j RETURN

iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i enp1s0 -j RETURN
iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o enp1s0 -j RETURN

iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i wlp2s0 -j RETURN
iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o wlp2s0 -j RETURN

iptables -A val_input -j DROP
iptables -A val_output -j DROP

iptables -A INPUT -p tcp -j val_input
iptables -A OUTPUT -p tcp -j val_output

iptables -t nat -A POSTROUTING -o wlp2s0 -j MASQUERADE

iptables commands are described in the iptables tutorial. Next, make the file, /etc/network/if-pre-up.d/router_firewall, executable.

sudo chmod +x /etc/network/if-pre-up.d/router_firewall