Versione attuale delle 22:51, 19 dic 2024

Introduction

This is the first release of the GOLEM Network Howto, this document aims to be a sort of unofficial update of the Linux Networking Howto.

General Information about Networking

Sources of non-linux-specific network information

If you are looking for general TCP/IP networking information, here you can find some resources:

IBM TCP/IP Tutorial and Technical Overview

IPv4 Addresses

Internet Protocol v4 Addresses are composed of 4 bytes (32 bit), each byte is converted to a decimal number (0-255) and bytes are separated by a . (dot), for this reason IPv4 addresses are limits to near 4 billions (2³²). Usually every network interface has its own IP address in a format like this: 192.168.0.5

Subnetting

Addresses in a network have some digits in common, that part is called the network portion of the address, the remaining numbers are called the host portion.

For example:

           -----------------  ---------------
           Host Address       192.168.0.23
           Network Portion    192.168.0.
           Host portion                .23
           -----------------  ---------------
           Network Address    192.168.0.0
           Broadcast Address  192.168.0.255
           -----------------  ---------------

Subnetting is a way to subdivide an TCP/IP network. The Classless Inter-Domain Routing (CIDR) is the current method for defining subnet, the IP address is followed by a prefix number between 0 and 32 that shows how many bits represent the network.

192.168.0.23/24 => network 192.168.0.0 - 192.168.0.255
192.168.0.23/16 => network 192.168.0.0 - 192.168.255.255

This method replace the obsolete classful network addressing architecture.

The maximum number of addresses of a network may be calculated as 2^{32 − prefix number}

CIDR	Classful network mask	Number of Hosts	Typical use
/8	255.0.0.0	16777214 = 2²⁴ - 2	Largest IANA block allocation
/9	255.128.0.0	8388608 = 2²³
/10	255.192.0.0	4194304 = 2²²
/11	255.224.0.0	2097152 = 2²¹
/12	255.240.0.0	1048576 = 2²⁰
/13	255.248.0.0	524288 = 2¹⁹
/14	255.252.0.0	262144 = 2¹⁸
/15	255.254.0.0	131072 = 2¹⁷
/16	255.255.0.0	65536 = 2¹⁶
/17	255.255.128.0	32768 = 2¹⁵	ISP / large business
/18	255.255.192.0	16384 = 2¹⁴	ISP / large business
/19	255.255.224.0	8192 = 2¹³	ISP / large business
/20	255.255.240.0	4096 = 2¹²	Small ISP / large business
/21	255.255.248.0	2048 = 2¹¹	Small ISP / large business
/22	255.255.252.0	1024 = 2¹⁰
/23	255.255.254.0	512 = 2⁹
/24	255.255.255.0	256 = 2⁸	Large LAN
/25	255.255.255.128	128 = 2⁷	Large LAN
/26	255.255.255.192	64 = 2⁶	Small LAN
/27	255.255.255.224	32 = 2⁵	Small LAN
/28	255.255.255.240	16 = 2⁴	Small LAN
/29	255.255.255.248	8 = 2³	The smallest multi-host network
/30	255.255.255.252	4 = 2²	Point-to-point links (glue network)
/31	255.255.255.254	2 = 2¹	Point-to-point network (RFC 3021)
/32	255.255.255.255	1 = 2⁰	Single host

Traffic between subnets is guaranteed by routers.

IPv6 Addresses

IPv6

Network Configuration

Driver

Modern Linux distributions already include driver for most of LAN and WiFi devices. Otherwise try to upgrade your OS or compile and install a newer kernel.

Network tools

iproute2: IP Routing Utilities

nftables: Linux kernel packet control tool (firewall)

iputils: arping, clockdiff, ping, tracepath

Legacy tools

net-tools: configuration tools for Linux networking (arp, ifconfig, ipmaddr, iptunnel, mii-tool, nameif, netstat, plipconfig, rarp, route, slattach)

iptables: Linux kernel packet control tool (firewall)

Network Application Programs

Most common network applications, derived from the 4.4BSDLite2 distribution, are collected in the inetutils package: dnsdomainname, ftp, ftpd, hostname, ifconfig, ping, rcp, rlogin, rlogind, rsh, rshd, talk, talkd, telnet, telnetd, whois

Setup LAN Interfaces

Predictable Network Interface Names

Starting with v197 systemd assign fixed and predictable network interface names for all local network devices instead of the traditional eth0, eth1, wlan0 which may change after a reboot post kernel update. This feature simplify the system management and fix potential security implications e.g., changing firewall rules.

These names are based on hardware firmware/topology/location information and they stay fixed even if hardware is added or removed.

Prefix	Description
en	Ethernet
ib	InfiniBand
sl	Serial line IP (slip)
wl	Wireless local area network (WLAN)
ww	Wireless wide area network (WWAN)

eth0 could be renamed enp6s0: en (ethernet) + p6 (bus 6) + s0 (slot 0)

Manual managing

The following commands activates the enp6s0 interface with the IP 192.168.0.2, for the subnet 192.168.0.1-255, using the router-gateway 192.168.0.1

# ip addr add 192.168.0.2/24 dev enp6s0
# ip route add default via 192.168.0.1

Edit the /etc/resolv.conf file adding a list of DNS IP addresses for enabling the address resolution

nameserver 8.8.8.8
nameserver 1.1.1.1

For a non fixed IP address in a LAN with a DHCP server just run

# dhcpcd enp6s0

Useful commands

Show devices IP addresses

# ip addr

Show information of a specific interface

# ip addr show enp6s0

Add IP addresses on a device

# ip addr add 192.0.2.10/24 dev enp6s0

Delete a device IP

# ip addr delete 192.0.2.10/24 dev enp6s0

Enabling the interface enp6s0 without specifying an IP

# ip link set dev enp6s0 up

Disabling the interface enp6s0

# ip link set dev enp6s0 down

Set 192.168.0.2 as default gateway for the host

# ip route add default via 192.0.2.1

Add the gateway 192.168.0.1 route for the interfaces enp2s0 10.0.2.0

# ip route add 10.0.2.1/24 via 192.168.0.1 dev enp2s0

Remove the gateway 192.168.0.1 route for the interfaces enp2s0 10.0.2.0

# ip route del 10.0.2.0/24 via 192.168.0.1 dev enp2s0

Show the routing table

# ip route show

Setup WLAN Interfaces

Utility	WEXT	nl80211	WEP	WPA
wireless_tools	Yes	No	Yes	No
iw	No	Yes	Yes	No
wpa_supplicant	Yes	Yes	No	Yes
iwd/iwgtk	No	Yes	No	Yes

iw vs wireless_tools (both legacy)

wpa_supplicant

idw

systemd-networkd

systemd-networkd is a system service, part of systemd, for the network configuration management.

Enable the systemd-networkd daemon

# systemctl enable --now systemd-networkd.service

Enable and set the DNS

# systemctl enable --now systemd-resolved.service
# ln -rsf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

DHCP

/etc/systemd/network/20-wired.network

[Match]
Name=enp1s0
[Network]
DHCP=yes

Static IP

/etc/systemd/network/20-wired.network

[Match]
Name=enp1s0
[Network]
Address=10.1.10.9/24
Gateway=10.1.10.1
DNS=10.1.10.1

Rename a network interface

Create and edit a .link file e.g., /etc/systemd/network/10-ethusb0.link

[Match]
MACAddress=12:34:56:78:90:ab
[Link]
Description=USB to Ethernet Adapter
Name=ethusb0

Ignore a network interface

If you want to exclude some network device to be automatically configured by Network Manager just explicit this in the config file:

/etc/NetworkManager/conf.d/99-unmanaged-devices.conf

[keyfile]
#unmanaged-devices=interface-name:enp6s0;interface-name:enp0s13f0u1u3

NetworkManager

NetworkManager è una utility che si è imposta come standard per la configurazione della reti Linux (LAN e Wifi)

Si compone di un demone, un'interfaccia da riga di comando (nmcli) ed un'interfaccia di configurazione basata su un menu testuale (nmtui).

I principali desktop enviroment come GNOME e KDE Plasma possiedono una utility grafica che consente loro di configurare graficamente le reti basandosi su NetworkManager.

Installation

Depending on the distribution used, the following command must be used

Arch Linux: # pacman -S networkmanager
Debian: # apt-get install network-manager
Red Hat: # yum install NetworkManage

Enable the daemon

# systemctl enable --now NetworkManager

Configurazione

Menu di configurazione: qualora si utilizzi un sistema privo di interfaccia grafica e si desideri configurare una rete wifi si consiglia caldamente l'utilizzo dell'applicazione nmtui
Per chi dovesse prediligere la configurazione manuale: nmcli
Per impedire a Network Manager di gestire una certa interfaccia di rete è sufficiente aggiungere il suo MAC Address al file di configurazione /etc/NetworkManager/NetworkManager.conf

[main]
plugins=keyfile
[keyfile]
unmanaged-devices=mac:00:25:21:73:90:72

Sharing Internet connection

Enable IP forwarding

# echo 1 > /proc/sys/net/ipv4/ip_forward

To keep IP forwarding enabled edit /etc/sysctl.conf

net.ipv4.ip_forward = 1

Enabling IP masquerading (let the computer acts as a gateway for the network)

# iptables -t nat -A POSTROUTING -o enp6s0 -j MASQUERADE

enp6s0 it's not a fixed value, you may have to replace it with your computer the external device which is already connected on Internet

Per applicare automaticamente tale regola ad ogni riavvio

# iptables-save > /etc/iptables.ipv4.nat
# iptables-restore < /etc/iptables.ipv4.nat

Check if your system loaded the following modules: ip_tables, ip_conntrack, iptable_nat, ipt_MASQUERADE. Otherwise you have to manually load them with modprobe, to automatically load them at the boot and create the file /etc/modules-load.d/firewall.conf .

ip_tables
ip_conntrack
iptable_nat
ipt_MASQUERADE

Share on a LAN

Set a static IP to the ethernet card connected to the LAN (e.g., enp2s0)

# ip addr add 192.168.5.1/24 dev enp2s0

To save this configuration it's possible to use systemd-networkd.

# systemctl enable --now systemd-networkd.service

Create the file /etc/systemd/network/20-wired.network

[Match]
Name=enp2s0
[Network]
Address=192.168.5.1/24

Share with WI-FI

Configurazione scheda wireless

# iwconfig wlp7s0 mode Master
# iwconfig wlp7s0 ESSID GOLEM-NET
# iwconfig wlp7s0 enc off
# ifconfig wlp7s0 192.168.5.1 netmask 255.255.255.0 up

Install hostapd and configure the protected access (WPA)

/etc/hostapd/hostapd.conf

# Device interface
interface=wlp7s0
# Driver
driver=nl80211
# Name of the net (SSID)
ssid=GOLEM-NET
hw_mode=g
# Channel
channel=6
macaddr_acl=0
# Righe per la protezione
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
# Password
wpa_passphrase=password
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

Automatically assigning IP addresses

Install dhcp

Edit /etc/dhcpd.conf adding the rules for the internal network (es.: enp2s0, wlp7s0)

subnet 192.168.5.0 netmask 255.255.255.0 {
range 192.168.5.100  192.168.5.200;
option domain-name-servers 8.8.8.8;
}

Restart the dhcp daemon

# systemctl restart dhcpd

Boot from LAN

Preboot eXecution Environment: boot from LAN or Internet with a PXE

Install and enable tftpd-htpa to provide the installation file.

Edit /etc/dhcpd.conf adding the following lines

next-server 192.168.0.2;
filename "pxelinux.0";

next-server is the IP address of the dhcpd/TFTP server and filename is the image to boot (e.g., Arch Linx Netboot).

https://www.debian.org/releases/stable/amd64/ch04s05.en.html

https://gist.github.com/rikka0w0/50895b82cbec8a3a1e8c7707479824c1

https://wiki.golem.linux.it/PXE

PXE on Ubuntu

Lato client

ipxe.iso
Custom PXE

VPN

WireGuard server

Server config

WireGuard client

Client config

Firewall

Block ports, transparent proxy...

https://wiki.archlinux.org/title/Nftables

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/getting-started-with-nftables_configuring-and-managing-networking#assembly_creating-and-managing-nftables-tables-chains-and-rules_getting-started-with-nftables

https://guide.debianizzati.org/index.php/Nftables

https://home.regit.org/netfilter-en/nftables-quick-howto/

https://wiki.nftables.org/wiki-nftables/index.php/Main_Page

Routing Protocol

Bird Internet Routing Daemon

Bibliography

Linux Networking HOWTO

@@ Riga 8: / Riga 8: @@
 * [https://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf IBM TCP/IP Tutorial and Technical Overview]
+==IPv4 Addresses==
-= Generic Network Configuration Information =
-==Network tools==
-[https://wiki.linuxfoundation.org/networking/iproute2 iproute2]: IP Routing Utilities
-[https://netfilter.org/projects/nftables/ nftables]: Linux kernel packet control tool (firewall)
-[https://github.com/iputils/iputils iputils]: arping, clockdiff, ping, tracepath
-==Legacy tools==
-[http://net-tools.sourceforge.net/ net-tools]: configuration tools for Linux networking (arp, ifconfig, ipmaddr, iptunnel, mii-tool, nameif, netstat, plipconfig, rarp, route, slattach)
-[http://net-tools.sourceforge.net/ iptables]: Linux kernel packet control tool (firewall)
-==Network Application Programs==
-Most common network application programs are collected in the [https://www.gnu.org/software/inetutils/ inetutils] package: dnsdomainname, ftp, ftpd, hostname, ifconfig, ping, rcp, rlogin, rlogind, rsh, rshd, talk, talkd, telnet, telnetd, whois
-==IPv4 Addresses, an Explanation==
 [[File:Ipv4-1.webp|500px|right]]
 Internet Protocol v4 Addresses are composed of 4 bytes (32 bit), each byte is converted to a decimal number (0-255) and bytes are separated by a '''.''' ''(dot)'', for this reason IPv4 addresses are limits to near 4 billions (2<sup>32</sup>). Usually every network interface has its own IP address in a format like this: <code>192.168.0.5</code>
@@ Riga 43: / Riga 25: @@
              -----------------  ---------------
-[https://en.wikipedia.org/wiki/Subnet Subnetting] is a way to subdivide an TCP/IP network. The Classless Inter-Domain Routing (CIDR) is the current method for defining subnet, the IP address is followed by a ''prefix number'' between 0 and 32 that shows how many bits represent the network; es.: <code>192.168.0.23/24</code>. This method replace the obsolete [https://en.wikipedia.org/wiki/Classful_network classful network] addressing architecture.
+[https://en.wikipedia.org/wiki/Subnet Subnetting] is a way to subdivide an TCP/IP network. The Classless Inter-Domain Routing (CIDR) is the current method for defining subnet, the IP address is followed by a '''prefix number''' between 0 and 32 that shows how many bits represent the network.
+.168.0.23/24 => network 192.168.0.0 - 192.168.0.255
+.168.0.23/16 => network 192.168.0.0 - 192.168.255.255
+This method replace the obsolete [https://en.wikipedia.org/wiki/Classful_network classful network] addressing architecture.
 The maximum number of addresses of a network may be calculated as 2<sup>32 − prefix number</sup>
@@ Riga 49: / Riga 36: @@
 {| class="wikitable"
 |-----
-! Notazione CIDR || Classful network mask || Number of Hosts || Typical use
+! CIDR || Classful network mask || Number of Hosts || Typical use
 |-----
 | align="right" | /8 || 255.0.0.0 || align="right" | 16777214 = 2<sup>24</sup> - 2 || Largest IANA block allocation
@@ Riga 101: / Riga 88: @@
 | align="right" | /32 || 255.255.255.255 || align="right" | 1 = 2<sup>0</sup> || Single host
 |}
+Traffic between subnets is guaranteed by routers.
+==IPv6 Addresses==
+''[https://wiki.golem.linux.it/IPv6_@_GOLEM IPv6]''
+= Network Configuration =
+==Driver==
+Modern Linux distributions already include driver for most of LAN and WiFi devices. Otherwise try to upgrade your OS or compile and install a newer [https://www.kernel.org kernel].
+==Network tools==
+[https://wiki.linuxfoundation.org/networking/iproute2 iproute2]: IP Routing Utilities
+[https://netfilter.org/projects/nftables/ nftables]: Linux kernel packet control tool (firewall)
+[https://github.com/iputils/iputils iputils]: arping, clockdiff, ping, tracepath
+==Legacy tools==
+[http://net-tools.sourceforge.net/ net-tools]: configuration tools for Linux networking (arp, ifconfig, ipmaddr, iptunnel, mii-tool, nameif, netstat, plipconfig, rarp, route, slattach)
+[http://net-tools.sourceforge.net/ iptables]: Linux kernel packet control tool (firewall)
+==Network Application Programs==
+Most common network applications, derived from the 4.4BSDLite2 distribution, are collected in the [https://www.gnu.org/software/inetutils/ inetutils] package: dnsdomainname, ftp, ftpd, hostname, ifconfig, ping, rcp, rlogin, rlogind, rsh, rshd, talk, talkd, telnet, telnetd, whois
+==Setup LAN Interfaces==
+===Predictable Network Interface Names===
+Starting with v197 systemd assign fixed and predictable network interface names for all local network devices instead of the traditional ''eth0'', ''eth1'', ''wlan0'' which may change after a reboot post kernel update. This feature simplify the system management and fix potential security implications e.g., changing firewall rules.
+These names are based on hardware firmware/topology/location information and they stay fixed even if hardware is added or removed.
+ Prefix	Description
+ en	Ethernet
+ ib	InfiniBand
+ sl	Serial line IP (slip)
+ wl	Wireless local area network (WLAN)
+ ww	Wireless wide area network (WWAN)
+eth0 could be renamed enp6s0: en (ethernet) + p6  (bus 6) + s0 (slot 0)
+=== Manual managing ===
+The following commands activates the enp6s0 interface with the IP 192.168.0.2, for the subnet 192.168.0.1-255, using the router-gateway 192.168.0.1
+ # ip addr add 192.168.0.2/24 dev enp6s0
+ # ip route add default via 192.168.0.1
+Edit the /etc/resolv.conf file adding a list of DNS IP addresses for enabling the [https://en.wikipedia.org/wiki/Domain_Name_System address resolution]
+ nameserver 8.8.8.8
+ nameserver 1.1.1.1
+For a non fixed IP address in a LAN with a DHCP server just run
+ # dhcpcd enp6s0
+==== Useful commands ====
+Show devices IP addresses
+ # ip addr
+Show information of a specific interface
+ # ip addr show enp6s0
+Add IP addresses on a device
+ # ip addr add 192.0.2.10/24 dev enp6s0
+Delete a device IP
+ # ip addr delete 192.0.2.10/24 dev enp6s0
+Enabling the interface enp6s0 without specifying an IP
+ # ip link set dev enp6s0 up
+Disabling the interface enp6s0
+ # ip link set dev enp6s0 down
+Set 192.168.0.2 as default gateway for the host
+ # ip route add default via 192.0.2.1
+Add the gateway 192.168.0.1 route for the interfaces enp2s0 10.0.2.0
+ # ip route add 10.0.2.1/24 via 192.168.0.1 dev enp2s0
+Remove the gateway 192.168.0.1 route for the interfaces enp2s0 10.0.2.0
+ # ip route del 10.0.2.0/24 via 192.168.0.1 dev enp2s0
+Show the routing table
+ # ip route show
+==Setup WLAN Interfaces==
+{| class="wikitable"
+! [https://wiki.archlinux.org/title/Network_configuration/Wireless#Utilities Utility] !! [https://wireless.wiki.kernel.org/en/developers/documentation/wireless-extensions WEXT] !! [https://wireless.wiki.kernel.org/en/developers/documentation/nl80211 nl80211] !! WEP !! WPA
+|-
+| [https://hewlettpackard.github.io/wireless-tools/Tools.html wireless_tools] || Yes || No || Yes || No
+|-
+| [https://wireless.wiki.kernel.org/en/users/documentation/iw iw] || No || Yes || Yes || No
+|-
+| [https://wiki.archlinux.org/title/wpa_supplicant wpa_supplicant] || Yes || Yes || No || Yes
+|-
+| [https://wiki.archlinux.org/title/Iwd iwd]/iwgtk || No || Yes || No || Yes
+|}
+[https://wiki.archlinux.org/title/Network_configuration/Wireless#iw iw vs wireless_tools] (both legacy)
+[https://wiki.archlinux.org/title/Wpa_supplicant wpa_supplicant]
+[https://wiki.archlinux.org/title/Iwd idw]
+=systemd-networkd=
+'''[https://wiki.archlinux.org/title/Systemd-networkd systemd-networkd'''] is a system service, part of systemd, for the network configuration management.
+Enable the systemd-networkd daemon
+ # systemctl enable --now systemd-networkd.service
+Enable and set the DNS
+ # systemctl enable --now systemd-resolved.service
+ # ln -rsf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+==DHCP==
+/etc/systemd/network/20-wired.network
+ [Match]
+ Name=enp1s0
+ [Network]
+ DHCP=yes
+==Static IP==
+/etc/systemd/network/20-wired.network
+ [Match]
+ Name=enp1s0
+ [Network]
+ Address=10.1.10.9/24
+ Gateway=10.1.10.1
+ DNS=10.1.10.1
+==Rename a network interface==
+Create and edit a .link file e.g., ''/etc/systemd/network/10-ethusb0.link''
+ [Match]
+ MACAddress=12:34:56:78:90:ab
+ [Link]
+ Description=USB to Ethernet Adapter
+ Name=''ethusb0''
+==Ignore a network interface==
+If you want to exclude some network device to be automatically configured by Network Manager just explicit this in the config file:
+'''/etc/NetworkManager/conf.d/99-unmanaged-devices.conf'''
+ [keyfile]
+ #unmanaged-devices=interface-name:enp6s0;interface-name:enp0s13f0u1u3
+= NetworkManager =
+[https://networkmanager.dev/ NetworkManager] è una utility che si è imposta come standard per la configurazione della reti Linux (LAN e Wifi)
+Si compone di un demone, un'interfaccia da riga di comando [https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_basic_system_settings/assembly_configuring-and-managing-network-access_configuring-basic-system-settings#configuring-a-static-ethernet-connection-using-nmcli_assembly_configuring-and-managing-network-access (nmcli)] ed un'interfaccia di configurazione basata su un menu testuale ([https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_basic_system_settings/assembly_configuring-and-managing-network-access_configuring-basic-system-settings nmtui]).
+I principali desktop enviroment come GNOME e KDE Plasma possiedono una utility grafica che consente loro di configurare graficamente le reti basandosi su NetworkManager.
+== Installation ==
+Depending on the distribution used, the following command must be used
+* Arch Linux: # pacman -S networkmanager
+* Debian: # apt-get install network-manager
+* Red Hat: # yum install NetworkManage
+Enable the daemon
+ # systemctl enable --now NetworkManager
+==Configurazione==
+* Menu di configurazione: qualora si utilizzi un sistema privo di interfaccia grafica e si desideri configurare una rete wifi si consiglia caldamente l'utilizzo dell'applicazione <code>nmtui</code>
+* Per chi dovesse prediligere la configurazione manuale: <code>nmcli</code>
+* Per impedire a Network Manager di gestire una certa interfaccia di rete è sufficiente aggiungere il suo MAC Address al file di configurazione <code>/etc/NetworkManager/NetworkManager.conf</code>
+ [main]
+ plugins=keyfile
+ [keyfile]
+ unmanaged-devices=mac:''00:25:21:73:90:72''
+=Sharing Internet connection=
+Enable IP forwarding
+ # echo 1 > /proc/sys/net/ipv4/ip_forward
+To keep IP forwarding enabled edit ''/etc/sysctl.conf''
+ net.ipv4.ip_forward = 1
+Enabling IP masquerading (let the computer acts as a gateway for the network)
+ # iptables -t nat -A POSTROUTING -o enp6s0 -j MASQUERADE
+''enp6s0'' it's not a fixed value, you may have to replace it with your computer the external device which is already connected on Internet
+Per applicare automaticamente tale regola ad ogni riavvio
+ # iptables-save > /etc/iptables.ipv4.nat
+ # iptables-restore < /etc/iptables.ipv4.nat
+Check if your system loaded the following modules: ip_tables, ip_conntrack, iptable_nat, ipt_MASQUERADE. Otherwise you have to manually load them with ''modprobe'', to automatically load them at the boot and create the file '''/etc/modules-load.d/firewall.conf''' .
+ ip_tables
+ ip_conntrack
+ iptable_nat
+ ipt_MASQUERADE
+== Share on a LAN ==
+Set a static IP to the ethernet card connected to the LAN (e.g., enp2s0)
+ # ip addr add 192.168.5.1/24 dev enp2s0
+To save this configuration it's possible to use systemd-networkd.
+ # systemctl enable --now systemd-networkd.service
+Create the file ''/etc/systemd/network/20-wired.network''
+ [Match]
+ Name=enp2s0
+ [Network]
+ Address=192.168.5.1/24
+== Share with WI-FI ==
+=== Configurazione scheda wireless ===
+ # iwconfig wlp7s0 mode Master
+ # iwconfig wlp7s0 ESSID GOLEM-NET
+ # iwconfig wlp7s0 enc off
+ # ifconfig wlp7s0 192.168.5.1 netmask 255.255.255.0 up
+Install [https://w1.fi/hostapd/ hostapd] and configure the protected access ([https://it.wikipedia.org/wiki/Wi-Fi_Protected_Access WPA])
+''/etc/hostapd/hostapd.conf''
+ # Device interface
+ interface=wlp7s0
+ # Driver
+ driver=nl80211
+ # Name of the net (SSID)
+ ssid=GOLEM-NET
+ hw_mode=g
+ # Channel
+ channel=6
+ macaddr_acl=0
+ # Righe per la protezione
+ auth_algs=1
+ ignore_broadcast_ssid=0
+ wpa=2
+ # Password
+ wpa_passphrase=''password''
+ wpa_key_mgmt=WPA-PSK
+ wpa_pairwise=TKIP
+ rsn_pairwise=CCMP
+==Automatically assigning IP addresses==
+Install [https://www.isc.org/dhcp dhcp]
+Edit ''/etc/dhcpd.conf'' adding the rules for the internal network (es.: enp2s0, wlp7s0)
+ subnet 192.168.5.0 netmask 255.255.255.0 {
+ range 192.168.5.100  192.168.5.200;
+ option domain-name-servers 8.8.8.8;
+ }
+Restart the dhcp daemon
+ # systemctl restart dhcpd
+=Boot from LAN=
+[https://en.wikipedia.org/wiki/Preboot_Execution_Environment Preboot eXecution Environment]: boot from LAN or Internet with a [https://wiki.archlinux.org/title/Preboot_Execution_Environment PXE]
+Install and enable [https://www.kernel.org/pub/software/network/tftp/tftp-hpa/ tftpd-htpa] to provide the installation file.
+Edit ''/etc/dhcpd.conf'' adding the following lines
+ next-server 192.168.0.2;
+ filename "pxelinux.0";
+next-server is the IP address of the dhcpd/TFTP server and filename is the image to boot (e.g., [https://archlinux.org/releng/netboot/ Arch Linx Netboot]).
+https://www.debian.org/releases/stable/amd64/ch04s05.en.html
+https://gist.github.com/rikka0w0/50895b82cbec8a3a1e8c7707479824c1
+https://wiki.golem.linux.it/PXE
+[https://reintech.io/blog/setting-up-pxe-boot-server-ubuntu-22 PXE on Ubuntu]
+Lato client
+ [https://ipxe.org/download ipxe.iso]
+ [https://github.com/xbgmsharp/ipxe-buildweb Custom PXE]
+=VPN=
+==WireGuard server==
+Server [https://wiki.archlinux.org/title/WireGuard#Specific_use-case:_VPN_server config]
+==WireGuard client==
+Client [https://www.wireguard.com/quickstart/ config]
+=Firewall=
+Block ports, transparent proxy...
+https://wiki.archlinux.org/title/Nftables
+https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/getting-started-with-nftables_configuring-and-managing-networking#assembly_creating-and-managing-nftables-tables-chains-and-rules_getting-started-with-nftables
+https://guide.debianizzati.org/index.php/Nftables
+https://home.regit.org/netfilter-en/nftables-quick-howto/
+https://wiki.nftables.org/wiki-nftables/index.php/Main_Page
+=Routing Protocol=
+[https://bird.network.cz/ Bird Internet Routing Daemon]
 = Bibliography =
 [https://tldp.org/HOWTO/NET3-4-HOWTO-5.html Linux Networking HOWTO]

Differenze tra le versioni di "Net-HOWTO"