Linux Networking Overview

Linux networking encompasses a broad range of network configuration tasks, including managing network interfaces, securing communications with firewalls, and ensuring privacy with Virtual Private Networks (VPNs). This page provides an overview of different networking components on Linux, including network interfaces, firewalls, and VPN types.

1. Types of VPNs

A Virtual Private Network (VPN) is a secure connection between your computer and a remote server, typically used for privacy and security over public networks. There are several types of VPNs available for Linux:

OpenVPN: One of the most popular VPN protocols, it uses SSL/TLS for encryption and supports both UDP and TCP protocols.
WireGuard: A newer, simpler, and faster VPN protocol that uses modern cryptography and is often preferred for its efficiency.
L2TP/IPsec: A combination of the Layer 2 Tunneling Protocol (L2TP) with IPsec for encryption, often used in corporate environments.
PPTP (Point-to-Point Tunneling Protocol): An older VPN protocol, less secure than modern alternatives, but still in use for some legacy systems.
IKEv2/IPsec: Known for being fast and secure, it is widely supported on mobile devices and provides excellent performance with automatic reconnection features.

2. Types of Network Interfaces

In Linux, a network interface represents the connection between your system and a network. The most common types of network interfaces are:

Ethernet (Wired) Interface: Typically represented as eth0, this is the standard wired network connection for desktops, servers, and workstations.
Wi-Fi Interface: Wireless network interfaces are usually named wlan0 or similar and are used to connect to wireless networks (Wi-Fi).
Virtual Interfaces: These are software-based interfaces created for VPN connections, bridging, or virtual machines. Examples include tun0 (for OpenVPN), wg0 (for WireGuard), or docker0 (for Docker containers).
Loopback Interface: Represented as lo, this interface is used for internal communications within the system itself (localhost).
Bonded and VLAN Interfaces: Bonding allows multiple physical interfaces to be combined for increased bandwidth or redundancy, while VLAN interfaces are used to segment traffic within a network.

3. Firewall Overview

A firewall is a crucial component in Linux networking that controls incoming and outgoing network traffic based on predefined security rules. The most common types of firewalls on Linux are:

UFW (Uncomplicated Firewall): A simple command-line interface for managing firewall rules on Linux, often used by beginners due to its ease of use.
iptables: The default Linux firewall tool, which provides more advanced features for managing packet filtering, NAT (Network Address Translation), and other security tasks.
nftables: A newer firewall framework designed to replace iptables, offering improved performance and a more user-friendly syntax.
Firewalld: A dynamic firewall manager that is typically used with systems that require more advanced and flexible firewall configurations, such as Red Hat-based distributions.

4. Network Services on Linux

Linux supports a wide variety of network services that are essential for communication, remote access, and managing network configurations. Common network services include:

SSH (Secure Shell): A secure protocol used for remotely accessing and managing Linux systems over the network, typically via port 22.
DNS (Domain Name System): Resolves domain names (e.g., www.example.com) to IP addresses, allowing the system to locate services on the internet or local network.
DHCP (Dynamic Host Configuration Protocol): A service that automatically assigns IP addresses to devices on a network, simplifying network management and configuration.
Samba: A software suite that provides file and print services to SMB/CIFS clients, allowing Linux machines to share files with Windows and other operating systems.
HTTP/HTTPS Servers: Services like Apache and Nginx that provide web hosting services and enable communication over HTTP/HTTPS for web applications.
FTP (File Transfer Protocol): A service that allows file transfers between systems over a network, often used for uploading and downloading files to/from servers.

5. Conclusion

Linux networking provides flexibility and control over how systems interact with one another. Whether you're configuring simple static IPs or setting up complex VPNs and firewalls, understanding the different types of network interfaces, services, and protocols will help you maintain secure and efficient network connections. With tools like UFW, iptables, and NetworkManager, Linux offers a variety of options for managing networking tasks at both basic and advanced levels.

1. iptables

iptables is the traditional user-space tool for configuring the Linux kernel's packet filtering rules. It's highly flexible and powerful, though often complex due to its verbose command-line syntax. It's suitable for administrators who want fine-grained control.

2. nftables

nftables is the modern replacement for iptables, offering a unified framework for both IPv4 and IPv6. It simplifies rule management, provides performance improvements, and is becoming the default firewall tool on many Linux distributions.

3. firewalld

firewalld is a dynamic firewall manager that uses zones and services to simplify management. It supports both iptables and nftables backends and allows for changes without restarting the firewall, making it ideal for modern desktop and server environments.

4. UFW (Uncomplicated Firewall)

UFW is a simple command-line frontend for iptables, designed to make managing a host-based firewall easy. It is the default on Ubuntu and ideal for basic rule sets and beginners who want straightforward security without complex syntax.

5. Shorewall

Shorewall, or Shoreline Firewall, is a high-level abstraction tool for iptables and nftables. It uses configuration files rather than direct CLI input, making it easier to manage complex setups such as multiple zones, interfaces, and policies.

6. CSF (ConfigServer Security & Firewall)

CSF is a firewall configuration script with advanced security features, designed for web hosting servers. It integrates with control panels like cPanel and includes features such as login failure detection, IP blocking, and port scanning protection.

7. IPFire

IPFire is a dedicated firewall distribution based on Linux. It provides an easy-to-use web interface and integrates features like intrusion detection, VPN, and traffic shaping. It's intended for both business and home users looking for a turnkey solution.

8. OpenWRT

OpenWRT is a Linux-based firmware for embedded devices like routers. It provides a fully writable filesystem and a package management system, allowing users to install and configure iptables, nftables, and other tools for a highly customizable firewall environment.

Linux Networking Guide

1. Test Ethernet & Wi-Fi Interfaces


# List all network interfaces
ip a

# Check Ethernet link status
ethtool eth0

# Check Wi-Fi link and scan
iw dev
iw wlan0 link
sudo iwlist wlan0 scan

2. Configure Static IP Address


# Temporary static IP (non-persistent)
sudo ip addr add 192.168.1.100/24 dev eth0
sudo ip route add default via 192.168.1.1

# Set DNS manually
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf

3. Configure DHCP Client


# Install DHCP client
sudo apt install dhclient

# Obtain IP address via DHCP
sudo dhclient eth0

4. Set Up DHCP Server with Static IP Leases


# Install DHCP server
sudo apt install isc-dhcp-server

# Edit config file
sudo nano /etc/dhcp/dhcpd.conf

# Example static lease config
host printer {
  hardware ethernet AA:BB:CC:DD:EE:FF;
  fixed-address 192.168.1.50;
}

# Set subnet config
subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.100 192.168.1.150;
  option routers 192.168.1.1;
  option domain-name-servers 8.8.8.8;
}

# Enable DHCP on eth0
sudo nano /etc/default/isc-dhcp-server
INTERFACESv4="eth0"

# Restart DHCP server
sudo systemctl restart isc-dhcp-server

5. DNS Configuration


# Manual DNS setup (temporary)
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf

# Permanent DNS setup (Netplan on Ubuntu)
sudo nano /etc/netplan/01-netcfg.yaml
# Add:
# nameservers:
#   addresses: [8.8.8.8, 1.1.1.1]

# Apply changes
sudo netplan apply

6. Enable Routing Between Interfaces


# Enable IP forwarding
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

# Make it permanent
sudo nano /etc/sysctl.conf
# Uncomment or add:
net.ipv4.ip_forward = 1

# Add forwarding rule
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# Allow traffic from internal to external interface
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

7. Install and Configure SLIP


# Install SLIP support
sudo apt install slattach

# Attach SLIP device to serial port
sudo slattach -L -s 9600 -p slip /dev/ttyS0 &

# Configure SLIP interface (sl0)
sudo ip addr add 192.168.2.1 peer 192.168.2.2 dev sl0
sudo ip link set sl0 up

Network Services Overview

NTP Client Configuration

The Network Time Protocol (NTP) client is used to synchronize the system time with an NTP server. It allows systems to get the correct time based on time servers across the network.


sudo apt install ntpdate
sudo ntpdate time.google.com

Install NTP Client: sudo apt install ntpdate
Synchronize Time: sudo ntpdate time.google.com

NTP Server Configuration

The NTP server provides the correct time to clients on the network. It is essential for maintaining time synchronization across devices.


sudo apt install ntp
sudo systemctl start ntp
sudo systemctl status ntp

Install NTP Server: sudo apt install ntp
Start NTP Service: sudo systemctl start ntp
Check NTP Status: sudo systemctl status ntp

DNS Server Configuration

A DNS server resolves domain names to IP addresses for network communications.


sudo apt install bind9
sudo systemctl start bind9
dig @localhost example.com

Install DNS Server (BIND): sudo apt install bind9
Start DNS Service: sudo systemctl start bind9
Check DNS Server: dig @localhost example.com

DYNDNS Server Configuration

Dynamic DNS (DYNDNS) servers allow DNS records to be updated dynamically when an IP address changes.


sudo apt install ddclient
sudo systemctl start ddclient

Install Dynamic DNS Client (e.g., ddclient): sudo apt install ddclient
Start the DYNDNS Service: sudo systemctl start ddclient

Secure Telnet (SSH) Configuration

Secure Telnet (SSH) is used to securely log into a remote system over the network.


sudo apt install openssh-server
sudo systemctl start ssh
sudo systemctl status ssh

Install SSH Server: sudo apt install openssh-server
Start SSH Server: sudo systemctl start ssh
Check SSH Server Status: sudo systemctl status ssh

BOOTP Server Configuration

Bootstrap Protocol (BOOTP) is used to assign IP addresses to client machines when they boot up, often used in embedded systems or networks.


sudo apt install isc-dhcp-server
sudo systemctl start isc-dhcp-server

Install BOOTP Server (e.g., dchp-server): sudo apt install isc-dhcp-server
Start BOOTP Service: sudo systemctl start isc-dhcp-server

TFTP Server Configuration

Trivial File Transfer Protocol (TFTP) is used for simple file transfers, often used in network booting and device firmware updates.


sudo apt install tftpd-hpa
sudo systemctl start tftpd-hpa
tftp localhost

Install TFTP Server: sudo apt install tftpd-hpa
Start TFTP Service: sudo systemctl start tftpd-hpa
Check TFTP Server: tftp localhost

WireGuard Server Configuration on Ubuntu Server or Raspberry Pi

This guide details how to configure a WireGuard VPN server on an Ubuntu Server or Raspberry Pi. This setup enables remote access to the file system, terminal, and MariaDB as if on a local network.

1. Install WireGuard

Run the following commands to install WireGuard:


sudo apt update && sudo apt install wireguard -y

2. Generate Server Keys

Generate a private and public key for WireGuard:


wg genkey | tee privatekey | wg pubkey > publickey

Save the private key securely and note the public key.

3. Configure WireGuard Server

Create and edit the WireGuard server configuration file:


sudo nano /etc/wireguard/wg0.conf

Add the following content:


[Interface]
Address = 10.8.0.1/24
PrivateKey = <server_private_key>
ListenPort = 51820

# Enable IP forwarding
PostUp = sysctl -w net.ipv4.ip_forward=1
PostDown = sysctl -w net.ipv4.ip_forward=0

Replace <server_private_key> with the actual private key.

4. Enable IP Forwarding

Enable packet forwarding to allow VPN traffic:


echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

5. Start and Enable WireGuard

Run the following commands to start WireGuard:


sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0

6. Configure Firewall

If using ufw (Uncomplicated Firewall), allow WireGuard traffic:


sudo ufw allow 51820/udp
sudo ufw enable

7. Add Clients

For each client, generate keys and add them to the server.

Edit the WireGuard server configuration:


sudo nano /etc/wireguard/wg0.conf

Add a client under [Peer]:


[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.8.0.2/32

8. Restart WireGuard

Apply the new settings:


sudo systemctl restart wg-quick@wg0

9. Allow SSH Access Over VPN

Ensure SSH is accessible:


sudo systemctl enable ssh
sudo systemctl start ssh

10. Configure MariaDB to Allow VPN Access

Edit the MariaDB configuration file:


sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf

Modify the bind address:


bind-address = 10.8.0.1

Restart MariaDB:


sudo systemctl restart mariadb

11. Mount Server File System Remotely

Install SSHFS on the client:


sudo apt install sshfs -y

Mount the remote filesystem:


sshfs user@10.8.0.1:/home/user /mnt/server

Conclusion

WireGuard VPN allows secure remote access.
MariaDB and SSH are accessible over VPN.
The server file system is remotely mounted.

Proceed to Client Configuration to connect Linux and Windows clients.

WireGuard Client Configuration

1. Linux Mint

Install WireGuard

First, install the WireGuard client package on Linux Mint:

sudo apt update
sudo apt install wireguard

Configure WireGuard

Set up the WireGuard configuration file:

sudo nano /etc/wireguard/wg0.conf

Example configuration:

[Interface]
PrivateKey = <Your_Private_Key>
Address = 10.0.0.2/24

[Peer]
PublicKey = <Server_Public_Key>
Endpoint = <Server_IP>:51820
AllowedIPs = 0.0.0.0/0

Enable and Start WireGuard

sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0

Mount Server Disks

To mount remote server disks:

sudo mount -t nfs <server_ip>:/remote/path /mnt

Access Command Terminal

Open a terminal and run:

gnome-terminal

2. Raspberry Pi

Install WireGuard

Use the following command to install WireGuard on Raspberry Pi:

sudo apt update
sudo apt install wireguard

Configure WireGuard

sudo nano /etc/wireguard/wg0.conf

Example configuration:

[Interface]
PrivateKey = <Your_Private_Key>
Address = 10.0.0.3/24

[Peer]
PublicKey = <Server_Public_Key>
Endpoint = <Server_IP>:51820
AllowedIPs = 0.0.0.0/0

Enable and Start WireGuard

sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0

Mount Server Disks

sudo mount -t nfs <server_ip>:/remote/path /mnt

Access Command Terminal

lxterminal

3. Windows

Install WireGuard

Download and install the WireGuard client from the official website:

Visit WireGuard Install and select Windows.

Configure WireGuard

After installation, open the WireGuard client and create a new tunnel. Input the following configuration:

[Interface]
PrivateKey = <Your_Private_Key>
Address = 10.0.0.4/24

[Peer]
PublicKey = <Server_Public_Key>
Endpoint = <Server_IP>:51820
AllowedIPs = 0.0.0.0/0

Start WireGuard

Click the "Activate" button in the WireGuard client to start the VPN connection.

Mount Server Disks

To mount server disks on Windows, use the following method:

net use X: \\<server_ip>\share

Access Command Terminal

Open the command prompt by pressing Win + R, typing cmd, and pressing Enter.

OpenVPN Setup Guide

OpenVPN Server Installation and Configuration (Linux)

OpenVPN is a popular, open-source VPN solution that allows for secure communication between clients and servers over a network. Here’s how to install and configure the OpenVPN server on Linux:


sudo apt update
sudo apt install openvpn easy-rsa
sudo make-cadir /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa
source vars
./clean-all
./build-ca
./build-key-server server
./build-dh
./build-key client
cp keys/{server.crt,server.key,ca.crt,dh2048.pem} /etc/openvpn
sudo nano /etc/openvpn/server.conf
sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server

Install OpenVPN and Easy-RSA: sudo apt install openvpn easy-rsa
Configure Easy-RSA for certificate management and generate necessary keys: ./build-ca, ./build-key-server server
Start OpenVPN service: sudo systemctl start openvpn@server
Enable OpenVPN service to start on boot: sudo systemctl enable openvpn@server

OpenVPN Client Configuration (Linux)

To connect to the OpenVPN server from a Linux machine, you need to install OpenVPN and configure the client with the server's certificates.


sudo apt install openvpn
sudo cp /path/to/server/ca.crt /etc/openvpn/
sudo cp /path/to/server/client.crt /etc/openvpn/
sudo cp /path/to/server/client.key /etc/openvpn/
sudo nano /etc/openvpn/client.conf
sudo systemctl start openvpn@client
sudo systemctl enable openvpn@client

Install OpenVPN: sudo apt install openvpn
Copy certificates to the client machine: sudo cp /path/to/server/ca.crt /etc/openvpn/
Edit client configuration file: sudo nano /etc/openvpn/client.conf
Start OpenVPN client service: sudo systemctl start openvpn@client
Enable OpenVPN client service on boot: sudo systemctl enable openvpn@client

OpenVPN Client Configuration (Android)

To connect to the OpenVPN server from an Android device, you need to install the OpenVPN Connect app and import the server’s configuration file.


1. Install the OpenVPN Connect app from the Google Play Store.
2. Transfer the OpenVPN configuration file and certificates (ca.crt, client.crt, client.key) to your Android device.
3. Open the OpenVPN Connect app and import the configuration file (client.ovpn).
4. Tap "Connect" to establish the VPN connection.

Install OpenVPN Connect app from Google Play Store.
Transfer configuration files to your Android device (ca.crt, client.crt, client.key).
Import configuration in OpenVPN Connect app and connect.

OpenVPN Client Configuration (Windows)

To connect to the OpenVPN server from a Windows machine, you need to install the OpenVPN client and configure it with the necessary certificates.


1. Download and install OpenVPN from https://openvpn.net/community-downloads/.
2. Copy the server's configuration file (client.ovpn), ca.crt, client.crt, and client.key to the OpenVPN config folder (usually C:\Program Files\OpenVPN\config).
3. Right-click the OpenVPN GUI icon in the system tray and click "Connect" to establish the VPN connection.

Download OpenVPN client from OpenVPN's official website.
Copy the configuration files (client.ovpn, ca.crt, client.crt, client.key) to the OpenVPN config folder.
Use the OpenVPN GUI to connect to the server.