Linux Networking Overview

Linux networking encompasses a broad range of network configuration tasks, including managing network interfaces, securing communications with firewalls, and ensuring privacy with Virtual Private Networks (VPNs). This page provides an overview of different networking components on Linux, including network interfaces, firewalls, and VPN types.

1. Types of VPNs

A Virtual Private Network (VPN) is a secure connection between your computer and a remote server, typically used for privacy and security over public networks. There are several types of VPNs available for Linux:

  • OpenVPN: One of the most popular VPN protocols, it uses SSL/TLS for encryption and supports both UDP and TCP protocols.
  • WireGuard: A newer, simpler, and faster VPN protocol that uses modern cryptography and is often preferred for its efficiency.
  • L2TP/IPsec: A combination of the Layer 2 Tunneling Protocol (L2TP) with IPsec for encryption, often used in corporate environments.
  • PPTP (Point-to-Point Tunneling Protocol): An older VPN protocol, less secure than modern alternatives, but still in use for some legacy systems.
  • IKEv2/IPsec: Known for being fast and secure, it is widely supported on mobile devices and provides excellent performance with automatic reconnection features.

2. Types of Network Interfaces

In Linux, a network interface represents the connection between your system and a network. The most common types of network interfaces are:

  • Ethernet (Wired) Interface: Typically represented as eth0, this is the standard wired network connection for desktops, servers, and workstations.
  • Wi-Fi Interface: Wireless network interfaces are usually named wlan0 or similar and are used to connect to wireless networks (Wi-Fi).
  • Virtual Interfaces: These are software-based interfaces created for VPN connections, bridging, or virtual machines. Examples include tun0 (for OpenVPN), wg0 (for WireGuard), or docker0 (for Docker containers).
  • Loopback Interface: Represented as lo, this interface is used for internal communications within the system itself (localhost).
  • Bonded and VLAN Interfaces: Bonding allows multiple physical interfaces to be combined for increased bandwidth or redundancy, while VLAN interfaces are used to segment traffic within a network.

3. Firewall Overview

A firewall is a crucial component in Linux networking that controls incoming and outgoing network traffic based on predefined security rules. The most common types of firewalls on Linux are:

  • UFW (Uncomplicated Firewall): A simple command-line interface for managing firewall rules on Linux, often used by beginners due to its ease of use.
  • iptables: The default Linux firewall tool, which provides more advanced features for managing packet filtering, NAT (Network Address Translation), and other security tasks.
  • nftables: A newer firewall framework designed to replace iptables, offering improved performance and a more user-friendly syntax.
  • Firewalld: A dynamic firewall manager that is typically used with systems that require more advanced and flexible firewall configurations, such as Red Hat-based distributions.

4. Network Services on Linux

Linux supports a wide variety of network services that are essential for communication, remote access, and managing network configurations. Common network services include:

  • SSH (Secure Shell): A secure protocol used for remotely accessing and managing Linux systems over the network, typically via port 22.
  • DNS (Domain Name System): Resolves domain names (e.g., www.example.com) to IP addresses, allowing the system to locate services on the internet or local network.
  • DHCP (Dynamic Host Configuration Protocol): A service that automatically assigns IP addresses to devices on a network, simplifying network management and configuration.
  • Samba: A software suite that provides file and print services to SMB/CIFS clients, allowing Linux machines to share files with Windows and other operating systems.
  • HTTP/HTTPS Servers: Services like Apache and Nginx that provide web hosting services and enable communication over HTTP/HTTPS for web applications.
  • FTP (File Transfer Protocol): A service that allows file transfers between systems over a network, often used for uploading and downloading files to/from servers.

5. Conclusion

Linux networking provides flexibility and control over how systems interact with one another. Whether you're configuring simple static IPs or setting up complex VPNs and firewalls, understanding the different types of network interfaces, services, and protocols will help you maintain secure and efficient network connections. With tools like UFW, iptables, and NetworkManager, Linux offers a variety of options for managing networking tasks at both basic and advanced levels.

Firewall Tools & Distros

Linux offers a variety of firewall solutions depending on scale, use case and user experience — from low-level packet filters to user-friendly managers and dedicated firewall distributions.

A firewall is a security control system that monitors, filters, and regulates network traffic between systems or networks based on predefined rules. Its primary purpose is to prevent unauthorized access while allowing legitimate communication to pass unhindered. Firewalls act as a gatekeeper between trusted and untrusted networks, most commonly between a private system and the public Internet.

At a technical level, a firewall evaluates network traffic by inspecting packet metadata such as source and destination IP addresses, ports, protocols (TCP, UDP, ICMP), and connection state. More advanced firewalls can also inspect packet payloads, track connection states, and apply rules based on application behavior rather than raw network parameters.

Firewalls can be implemented in several forms:

  • Packet-filtering firewalls operate at the network and transport layers, allowing or blocking packets purely based on header information.
  • Stateful firewalls track active connections and allow return traffic automatically, providing stronger protection with less rule complexity.
  • Application-layer firewalls understand specific protocols (such as HTTP, FTP, or SMTP) and can enforce rules based on application-level content.
  • Host-based firewalls run on individual machines, protecting a single system.
  • Network or perimeter firewalls protect entire networks, typically running on routers, gateways, or dedicated appliances.

On Linux systems, firewall functionality is most commonly provided by the kernel itself through Netfilter, with user-space tools such as iptables, nftables, and higher-level managers like UFW or firewalld used to define and manage rule sets. Dedicated firewall distributions extend this concept by turning a Linux system into a hardened, purpose-built network security device.

Properly configured firewalls reduce attack surface, limit lateral movement in the event of a breach, enforce network segmentation, and form a foundational layer of any defense-in-depth security strategy. While not a complete security solution on their own, firewalls are a critical first line of control in protecting systems and networks from external and internal threats.

iptables

Traditional, powerful packet filter for fine-grained control. Best for experienced administrators and complex rule sets.

Use case: Low-level firewalling, custom networks.

nftables

Modern replacement for iptables providing a unified framework and cleaner syntax.

Use case: New deployments seeking better performance and maintainability.

firewalld

Dynamic zone-based firewall manager that supports both iptables and nftables backends.

Use case: Desktop and server environments requiring runtime changes without restarts.

UFW (Uncomplicated Firewall)

Ubuntu's simple frontend to iptables, great for quick host-based rule configuration.

Use case: Home systems and beginners.

Shorewall

High-level configurator for iptables/nftables using configuration files rather than raw commands.

Use case: Complex multi-zone firewall setups.

CSF (ConfigServer Firewall)

A feature-rich firewall script commonly used on web hosting control panels for additional security features.

Use case: Shared hosting servers and cPanel environments.

IPFire

Turnkey firewall distribution with a web UI and integrated features like IDS and VPN.

Use case: Small businesses and home networks wanting an appliance-like solution.

OpenWRT

Custom router firmware with package management and full configuration control.

Use case: Embedded routers, custom home network setups.

Linux Network Interface Guide

Quick reference cards for common networking tasks on Linux: interface testing, IP configuration, DHCP, DNS, routing and legacy SLIP support.

Test Ethernet & Wi‑Fi Interfaces
# List interfaces
ip a

# Ethernet link status
ethtool eth0

# Wi‑Fi scan
iw dev
sudo iwlist wlan0 scan
Configure Static IP
# Temporary static IP
sudo ip addr add 192.168.1.100/24 dev eth0
sudo ip route add default via 192.168.1.1

# DNS
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf
DHCP Client & Server

Use dhclient for client; isc-dhcp-server for server with static leases configured in /etc/dhcp/dhcpd.conf.

DNS Configuration
# Temporary
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf

# Netplan example
sudo nano /etc/netplan/01-netcfg.yaml
sudo netplan apply
Routing & Forwarding
# Enable forwarding
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

# NAT example
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Legacy: SLIP
sudo apt install slattach
sudo slattach -L -s 9600 -p slip /dev/ttyS0 &
sudo ip addr add 192.168.2.1 peer 192.168.2.2 dev sl0
sudo ip link set sl0 up

Network Services Overview

NTP Client Configuration

The Network Time Protocol (NTP) client is used to synchronize the system time with an NTP server. It allows systems to get the correct time based on time servers across the network.


sudo apt install ntpdate
sudo ntpdate time.google.com
  • Install NTP Client: sudo apt install ntpdate
  • Synchronize Time: sudo ntpdate time.google.com

NTP Server Configuration

The NTP server provides the correct time to clients on the network. It is essential for maintaining time synchronization across devices.


sudo apt install ntp
sudo systemctl start ntp
sudo systemctl status ntp
  • Install NTP Server: sudo apt install ntp
  • Start NTP Service: sudo systemctl start ntp
  • Check NTP Status: sudo systemctl status ntp

DNS Server Configuration

A DNS server resolves domain names to IP addresses for network communications.


sudo apt install bind9
sudo systemctl start bind9
dig @localhost example.com
  • Install DNS Server (BIND): sudo apt install bind9
  • Start DNS Service: sudo systemctl start bind9
  • Check DNS Server: dig @localhost example.com

DYNDNS Server Configuration

Dynamic DNS (DYNDNS) servers allow DNS records to be updated dynamically when an IP address changes.


sudo apt install ddclient
sudo systemctl start ddclient
  • Install Dynamic DNS Client (e.g., ddclient): sudo apt install ddclient
  • Start the DYNDNS Service: sudo systemctl start ddclient

Secure Telnet (SSH) Configuration

Secure Telnet (SSH) is used to securely log into a remote system over the network.


sudo apt install openssh-server
sudo systemctl start ssh
sudo systemctl status ssh
  • Install SSH Server: sudo apt install openssh-server
  • Start SSH Server: sudo systemctl start ssh
  • Check SSH Server Status: sudo systemctl status ssh

BOOTP Server Configuration

Bootstrap Protocol (BOOTP) is used to assign IP addresses to client machines when they boot up, often used in embedded systems or networks.


sudo apt install isc-dhcp-server
sudo systemctl start isc-dhcp-server
  • Install BOOTP Server (e.g., dchp-server): sudo apt install isc-dhcp-server
  • Start BOOTP Service: sudo systemctl start isc-dhcp-server

TFTP Server Configuration

Trivial File Transfer Protocol (TFTP) is used for simple file transfers, often used in network booting and device firmware updates.


sudo apt install tftpd-hpa
sudo systemctl start tftpd-hpa
tftp localhost
  • Install TFTP Server: sudo apt install tftpd-hpa
  • Start TFTP Service: sudo systemctl start tftpd-hpa
  • Check TFTP Server: tftp localhost

WireGuard Server Configuration on Ubuntu Server or Raspberry Pi

This guide details how to configure a WireGuard VPN server on an Ubuntu Server or Raspberry Pi. This setup enables remote access to the file system, terminal, and MariaDB as if on a local network.

1. Install WireGuard

Run the following commands to install WireGuard:


sudo apt update && sudo apt install wireguard -y

2. Generate Server Keys

Generate a private and public key for WireGuard:


wg genkey | tee privatekey | wg pubkey > publickey

Save the private key securely and note the public key.

3. Configure WireGuard Server

Create and edit the WireGuard server configuration file:


sudo nano /etc/wireguard/wg0.conf

Add the following content:


[Interface]
Address = 10.8.0.1/24
PrivateKey = <server_private_key>
ListenPort = 51820

# Enable IP forwarding
PostUp = sysctl -w net.ipv4.ip_forward=1
PostDown = sysctl -w net.ipv4.ip_forward=0

Replace <server_private_key> with the actual private key.

4. Enable IP Forwarding

Enable packet forwarding to allow VPN traffic:


echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

5. Start and Enable WireGuard

Run the following commands to start WireGuard:


sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0

6. Configure Firewall

If using ufw (Uncomplicated Firewall), allow WireGuard traffic:


sudo ufw allow 51820/udp
sudo ufw enable

7. Add Clients

For each client, generate keys and add them to the server.

Edit the WireGuard server configuration:


sudo nano /etc/wireguard/wg0.conf

Add a client under [Peer]:


[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.8.0.2/32

8. Restart WireGuard

Apply the new settings:


sudo systemctl restart wg-quick@wg0

9. Allow SSH Access Over VPN

Ensure SSH is accessible:


sudo systemctl enable ssh
sudo systemctl start ssh

10. Configure MariaDB to Allow VPN Access

Edit the MariaDB configuration file:


sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf

Modify the bind address:


bind-address = 10.8.0.1

Restart MariaDB:


sudo systemctl restart mariadb

11. Mount Server File System Remotely

Install SSHFS on the client:


sudo apt install sshfs -y

Mount the remote filesystem:


sshfs user@10.8.0.1:/home/user /mnt/server

Conclusion

Proceed to Client Configuration to connect Linux and Windows clients.

WireGuard Client Configuration

1. Linux Mint

Install WireGuard

First, install the WireGuard client package on Linux Mint:

sudo apt update
sudo apt install wireguard

Configure WireGuard

Set up the WireGuard configuration file:

sudo nano /etc/wireguard/wg0.conf

Example configuration:

[Interface]
PrivateKey = <Your_Private_Key>
Address = 10.0.0.2/24

[Peer]
PublicKey = <Server_Public_Key>
Endpoint = <Server_IP>:51820
AllowedIPs = 0.0.0.0/0

Enable and Start WireGuard

sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0

Mount Server Disks

To mount remote server disks:

sudo mount -t nfs <server_ip>:/remote/path /mnt

Access Command Terminal

Open a terminal and run:

gnome-terminal

2. Raspberry Pi

Install WireGuard

Use the following command to install WireGuard on Raspberry Pi:

sudo apt update
sudo apt install wireguard

Configure WireGuard

sudo nano /etc/wireguard/wg0.conf

Example configuration:

[Interface]
PrivateKey = <Your_Private_Key>
Address = 10.0.0.3/24

[Peer]
PublicKey = <Server_Public_Key>
Endpoint = <Server_IP>:51820
AllowedIPs = 0.0.0.0/0

Enable and Start WireGuard

sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0

Mount Server Disks

sudo mount -t nfs <server_ip>:/remote/path /mnt

Access Command Terminal

lxterminal

3. Windows

Install WireGuard

Download and install the WireGuard client from the official website:

Configure WireGuard

After installation, open the WireGuard client and create a new tunnel. Input the following configuration:

[Interface]
PrivateKey = <Your_Private_Key>
Address = 10.0.0.4/24

[Peer]
PublicKey = <Server_Public_Key>
Endpoint = <Server_IP>:51820
AllowedIPs = 0.0.0.0/0

Start WireGuard

Click the "Activate" button in the WireGuard client to start the VPN connection.

Mount Server Disks

To mount server disks on Windows, use the following method:

net use X: \\<server_ip>\share

Access Command Terminal

Open the command prompt by pressing Win + R, typing cmd, and pressing Enter.

OpenVPN Setup Guide

OpenVPN Server Installation and Configuration (Linux)

OpenVPN is a popular, open-source VPN solution that allows for secure communication between clients and servers over a network. Here’s how to install and configure the OpenVPN server on Linux:


sudo apt update
sudo apt install openvpn easy-rsa
sudo make-cadir /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa
source vars
./clean-all
./build-ca
./build-key-server server
./build-dh
./build-key client
cp keys/{server.crt,server.key,ca.crt,dh2048.pem} /etc/openvpn
sudo nano /etc/openvpn/server.conf
sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server
  • Install OpenVPN and Easy-RSA: sudo apt install openvpn easy-rsa
  • Configure Easy-RSA for certificate management and generate necessary keys: ./build-ca, ./build-key-server server
  • Start OpenVPN service: sudo systemctl start openvpn@server
  • Enable OpenVPN service to start on boot: sudo systemctl enable openvpn@server

OpenVPN Client Configuration (Linux)

To connect to the OpenVPN server from a Linux machine, you need to install OpenVPN and configure the client with the server's certificates.


sudo apt install openvpn
sudo cp /path/to/server/ca.crt /etc/openvpn/
sudo cp /path/to/server/client.crt /etc/openvpn/
sudo cp /path/to/server/client.key /etc/openvpn/
sudo nano /etc/openvpn/client.conf
sudo systemctl start openvpn@client
sudo systemctl enable openvpn@client
  • Install OpenVPN: sudo apt install openvpn
  • Copy certificates to the client machine: sudo cp /path/to/server/ca.crt /etc/openvpn/
  • Edit client configuration file: sudo nano /etc/openvpn/client.conf
  • Start OpenVPN client service: sudo systemctl start openvpn@client
  • Enable OpenVPN client service on boot: sudo systemctl enable openvpn@client

OpenVPN Client Configuration (Android)

To connect to the OpenVPN server from an Android device, you need to install the OpenVPN Connect app and import the server’s configuration file.


1. Install the OpenVPN Connect app from the Google Play Store.
2. Transfer the OpenVPN configuration file and certificates (ca.crt, client.crt, client.key) to your Android device.
3. Open the OpenVPN Connect app and import the configuration file (client.ovpn).
4. Tap "Connect" to establish the VPN connection.
  • Install OpenVPN Connect app from Google Play Store.
  • Transfer configuration files to your Android device (ca.crt, client.crt, client.key).
  • Import configuration in OpenVPN Connect app and connect.

OpenVPN Client Configuration (Windows)

To connect to the OpenVPN server from a Windows machine, you need to install the OpenVPN client and configure it with the necessary certificates.


1. Download and install OpenVPN from https://openvpn.net/community-downloads/.
2. Copy the server's configuration file (client.ovpn), ca.crt, client.crt, and client.key to the OpenVPN config folder (usually C:\Program Files\OpenVPN\config).
3. Right-click the OpenVPN GUI icon in the system tray and click "Connect" to establish the VPN connection.
  • Download OpenVPN client from OpenVPN's official website.
  • Copy the configuration files (client.ovpn, ca.crt, client.crt, client.key) to the OpenVPN config folder.
  • Use the OpenVPN GUI to connect to the server.
Tux the Linux Penguin

Filename: tux.svg

Description: Tux is the official Linux mascot — a friendly cartoon penguin designed to represent the open-source spirit of Linux. It features a black and white penguin with yellow feet and beak, usually shown sitting and smiling cheerfully.

By Larry Ewing, Simon Budig, Garrett LeSage - https://isc.tamu.edu/~lewing/linux/, http://www.home.unix-ag.org/simon/penguin/, garrett/Tux on GitHub, CC0, Link
Jazenga Educational

Jazenga Educational was created to:

  • Explain Electronics basics with some useful calculators
  • Show Programming: C, C++, PHP, Pascal, assembly, and system development
  • Networking: how to connect computers, install server software and more
  • Embedded systems: Showing practical examples of the use of embedded microcontrollers

We continue to develop and add content

About Peter Dunne - Owner/Creator of Jazenga

Professional Summary:

Peter Dunne is a multifaceted engineer, inventor, linguist, programmer, and scientist with a passion for creating advanced technologies...

Expertise:

  • Electronics & Embedded Systems: Peter has designed numerous electronics systems...
  • Programming: C, C++, PHP, Pascal, assembly, and system development
  • Networking: Fiber optics, ADSL, routers and switches
  • Mechanical & Systems Engineering: Pneumatics, hydraulics, welding, metal fabrication

Mission at Jazenga:

Peter is committed to fostering a community of learning and innovation through Jazenga...

Contact: Email 📧 peterjazenga@gmail.com
WhatsApp 💬 +44 7932 676 847   |   Signal 🔐 +44 7932 676 847

Copyright © Peter Ivan Dunne, all rights reserved