TCP-IP

Parts of the article is inspired by "Introduction to Networking - What do all these little things do" Series Kudo to Eli the Computer Guy

The Internet Components

The way you can connected to internet at your home is through the following devices:

[Device#1, Device#2, ...] -> (Wireless Access Point) -> Switch -> Firewall -> Router -> Modem -> ISP -> Rest of Internet

Note some devices above are logically multiple devices but sometimes physically one device. The product you buy to access Internet bundles all these devices.

Modem

Modem: translate analog signal to digital signal

Occupied Frequency of Analog Voice, ADSL, and VDSL

Occupied Frequency of Analog Voice, ADSL, and VDSL

Modem can receive signals from:

Router

IEEE 802.11(a, b, g, n):

Firewall

Switch / Hub

Hub: obsolete, split signal equally Switch:

Switch need to match the speed of internet. Usually each building has one big switch.

Patch Panel: a layer between switch and exit point so that we can have a lot more exit points and some move connections around when they are not used.

Wireless Access Point

Wireless Access Point: provides WiFi signal

ISP

Internet Service Provider: centralized institution that get you internet access

Why not dynamic IP:

Service Level Agreements (SLA): IPS guarantee I get certain speed 99% of time. An lawful agreement to prevent false advertisement. However, residential class seldom has such SLA. Advertised speed is not SLA.

DNS

In linux, DNS is controlled by /etc/resolv.conf, however, NetworkManager and resolvconf (systemctl status resolvconf.service)

To change /etc/resolv.conf:

To see the changes, you mest reboot the server

For more detail, check this youtube

Connecting Two Computers

For Windows: Follow this guide.

For Linux: Follow this guide.

By default, packet forwarding is disabled in Linux systems. To enable it, open the file /etc/sysctl.conf in your favorite editor and add the line, net.ipv4.ip_forward = 1: M's kernel receives a packet whose destination IP address indicates it's not meant for M. What will it do? When ip_forward=0, it thinks: "I don't know why this got sent to me and I don't really care. To the trash it goes!" With ip_forward=1, "Hmm, this is not for me. But I know where the recipient is, so I'll just resend it with the correct MAC address."

$ sudo vi /etc/sysctl.conf

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

Install dnsmasq to serve IP addresses to the 192.168.2.0 network.

In the rest of this tutorial we will use enp1s0 for the Ethernet network device and wlp2s0 for the WiFi for the first computer. These may be different in your computer and you would need to replace these with the values obtained by running the ip link command in the steps given below.

Next we need to configure dnsmasq. Configuring dnsmasq by editing the /etc/dnsmasq.conf file,

$ sudo vi /etc/dnsmasq.conf
# Add the lines,
interface=enp1s0
dhcp-range=192.168.2.100,192.168.2.200,24h

The next step is to configure the enp1s0 interface. This is done by editing the /etc/network/interfaces file.

$ sudo vi /etc/network/interfaces
auto lo
iface lo inet loopback

# Add the lines,

auto enp1s0
iface enp1s0 inet static
        address 192.168.2.1
        network 192.168.2.0
        netmask 255.255.255.0
        broadcast 192.168.2.255

Next, create the file, /etc/network/if-pre-up.d/router_firewall, using a text editor with superuser privileges (e.g., sudo vi /etc/network/if-pre-up.d/router_firewall), and with contents as given below. As mentioned above, this file uses enp1s0 for Ethernet NIC device file and wlp2s0 for the WiFi device file, which you might need to change if the values on your computer are different.

#!/bin/bash
#
# script for source Network Address Translation using iptables
#

iptables -F
iptables -t nat -F
iptables -X

iptables -N val_input
iptables -N val_output

# allow packets with NEW, ESTABLISHED and RELATED states
iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i lo -j RETURN
iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o lo -j RETURN

iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i enp1s0 -j RETURN
iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o enp1s0 -j RETURN

iptables -A val_input -m state --state NEW,ESTABLISHED,RELATED -i wlp2s0 -j RETURN
iptables -A val_output -m state --state NEW,ESTABLISHED,RELATED -o wlp2s0 -j RETURN

iptables -A val_input -j DROP
iptables -A val_output -j DROP

iptables -A INPUT -p tcp -j val_input
iptables -A OUTPUT -p tcp -j val_output

iptables -t nat -A POSTROUTING -o wlp2s0 -j MASQUERADE

iptables commands are described in the iptables tutorial. Next, make the file, /etc/network/if-pre-up.d/router_firewall, executable.

sudo chmod +x /etc/network/if-pre-up.d/router_firewall

Table of Content