Parts of the article is inspired by "Introduction to Networking - What do all these little things do" Series Kudo to Eli the Computer Guy
Domain name can contain:
subset of ascii characters: most domains
subset of unicode text characters: .com
, .net
, and other uncommon domains
some emoji characters: only cf
, .fm
, .ga
, .gq
, .kz
, .ml
, .st
, .tk
, .to
, .uz
(and .ml
was free to claim, but no way to get it now, but you can get some emoji domain name Here)
Note that for most browsers, only ascii characters are guaranteed to show up normally, others are converted to punycode. Here is 13 rules chrome browser decide to show punycode or unicode (in summary, these are allowed and these are not allowed.). And Here is FireFox's policy.
When a domain is converted to punycode, you will see xn--
.
Some Greek character can show normally on Chrome: and most of them (except for \theta, can combine with numbers while still show unicode only, but \theta combined with number will be converted to punycode on Chrome). https://xn--2-umb.com/
or https://2π.com/
is a domain that leverage Chrome's property.
ε0ρδμ0θσπ
Many things might go wrong with your internet connection, especially for someone like me who manually change internet settings in resolve.conf
or ip-table or some places that I don't even remember.
The best way to debug is
check if ping [url]
works, if so, at least the remote machine is online and DNS resolves correctly
chck if ping [ip]
works
check if wget [url]
works, if so, then everything should be fine. otherwise, udp
or tcp
connection isn't working
check if wget [ip]
works
check if nslookup
return correctly
check ip route get [url]
and check ip route
route table
boot up a fresh machine and see the difference in your routing table, if VPN is connected, you should get a ppp0
in your routing table after a while.
The way you can connected to internet at your home is through the following devices:
[Device#1, Device#2, ...] -> (Wireless Access Point) -> Switch -> Firewall -> Router -> Modem -> ISP -> Rest of Internet
Note some devices above are logically multiple devices but sometimes physically one device. The product you buy to access Internet bundles all these devices.
Modem: translate analog signal to digital signal
Modem can receive signals from:
DSL (ADSL, SDSL, VDSL)
Cable
Fiber Optic (FIOS)
Satellite
56K Dial-up
Point-to-point (P2P) Wireless
Wireless (3G, 4G, 5G)
IEEE 802.11(a, b, g, n):
802.11a: nobody use it, not compatible with any other standards
802.11b: slow, old
802.11g: faster, stabler, standard
802.11n: new, allow larger area, faster, built for real time communication
Hub: obsolete, split signal equally Switch:
unmanaged switch: hardcoded, no configuration
managed switch: can program switch
Switch need to match the speed of internet. Usually each building has one big switch.
Patch Panel: a layer between switch and exit point so that we can have a lot more exit points and some move connections around when they are not used.
Wireless Access Point: provides WiFi signal
Internet Service Provider: centralized institution that get you internet access
enterprice class: immediate response to issue
residential class: <5 days response to issue
80
)Why not dynamic IP:
Email filters block emails sent from dynamic IP address
IP address change and you can't set up a server
Service Level Agreements (SLA): IPS guarantee I get certain speed 99% of time. An lawful agreement to prevent false advertisement. However, residential class seldom has such SLA. Advertised speed is not SLA.
In linux, DNS is controlled by /etc/resolv.conf
, however, NetworkManager
and resolvconf
(systemctl status resolvconf.service
)
To change /etc/resolv.conf
:
You change /etc/resolvconf/resolv.conf.d/base
You change `/etc/network/interfaces
To see the changes, you mest reboot the server
For more detail, check this youtube
For Windows: Follow this guide.
For Linux: Follow this guide.
By default, packet forwarding is disabled in Linux systems. To enable it, open the file /etc/sysctl.conf
in your favorite editor and add the line, net.ipv4.ip_forward = 1
: M's kernel receives a packet whose destination IP address indicates it's not meant for M. What will it do? When ip_forward=0
, it thinks: "I don't know why this got sent to me and I don't really care. To the trash it goes!" With ip_forward=1
, "Hmm, this is not for me. But I know where the recipient is, so I'll just resend it with the correct MAC address."
$ sudo vi /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
Install dnsmasq to serve IP addresses to the 192.168.2.0 network.
In the rest of this tutorial we will use enp1s0 for the Ethernet network device and wlp2s0 for the WiFi for the first computer. These may be different in your computer and you would need to replace these with the values obtained by running the ip link command in the steps given below.
Next we need to configure dnsmasq. Configuring dnsmasq by editing the /etc/dnsmasq.conf
file,
$ sudo vi /etc/dnsmasq.conf
# Add the lines,
interface=enp1s0
dhcp-range=192.168.2.100,192.168.2.200,24h
The next step is to configure the enp1s0
interface. This is done by editing the /etc/network/interfaces
file.
$ sudo vi /etc/network/interfaces
auto lo
iface lo inet loopback
# Add the lines,
auto enp1s0
iface enp1s0 inet static
address 192.168.2.1
network 192.168.2.0
netmask 255.255.255.0
broadcast 192.168.2.255
Next, create the file, /etc/network/if-pre-up.d/router_firewall
, using a text editor with superuser privileges (e.g., sudo vi /etc/network/if-pre-up.d/router_firewall
), and with contents as given below. As mentioned above, this file uses enp1s0 for Ethernet NIC device file and wlp2s0 for the WiFi device file, which you might need to change if the values on your computer are different.
#!/bin/bash
#
# script for source Network Address Translation using iptables
#
iptables -F
iptables -t nat -F
iptables -X
iptables -N val_input
iptables -N val_output
# allow packets with NEW, ESTABLISHED and RELATED states
iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i lo -j RETURN
iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o lo -j RETURN
iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i enp1s0 -j RETURN
iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o enp1s0 -j RETURN
iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i wlp2s0 -j RETURN
iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o wlp2s0 -j RETURN
iptables -A val_input -j DROP
iptables -A val_output -j DROP
iptables -A INPUT -p tcp -j val_input
iptables -A OUTPUT -p tcp -j val_output
iptables -t nat -A POSTROUTING -o wlp2s0 -j MASQUERADE
iptables
commands are described in the iptables tutorial. Next, make the file, /etc/network/if-pre-up.d/router_firewall
, executable.
sudo chmod +x /etc/network/if-pre-up.d/router_firewall
Table of Content