by Joshua Branson — August 02, 2022
So I recently bought a guix system server! It cost me about $250. It’s got 16GB
of RAM (I can upgrade to 32GB) with a 4TB harddrive. I may play with RAID at
some point, but that’s a little down the line. If you want some help getting
something like this for yourself, please contact me. This blog post is my first
attempt at trying to figure out how to connect to
copertino, to the
internet. Now on with the blog post!
So when you are like me, and you start to wonder how the internets work, a good
thing to learn first is difference between WAN and LAN. LAN is your local area
network. When you are at home, on your computer, you are on your LAN. If your
computer talks to another computer in your house, then those machines are using
the LAN. When your computer talks to
www.gnu.org, your computer is accessing
the WAN, which is the wide area network, usually called the internet.
Computers talk to each other via IP addresses. An IP address is a numerical ID that is unique to each computer. Computers use IP address as essentially phone numbers to reach out and say, “Hey what time are we having this binary number crunching date?” What’s interesting, is computers have more than just a phone number, they have a phone number, plus several extensions.
When you call a business, and they say, “Thanks for calling Bank of Scotland. Please press 5 to talk to a manager, 4 to talk to a sales person, and 3 to open an account. Thanks!” 5, 4, and 3 are extensions. Computers have the same thing, on steroids. They calls extensions ports, and there are like 50,000+ ports. Ports are usually set up to be used by specific applications. For example, your web browser uses port 80 and 443 to visit websites.
Here’s a crazy example.
ping -c 1 gnu.org
PING gnu.org (188.8.131.52): 56 data bytes 64 bytes from 184.108.40.206: icmp<sub>seq</sub>=0 ttl=55 time=39.078 ms — gnu.org ping statistics — 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 39.078/39.078/39.078/0.000 ms
So, we now know that gnu.org is serving it’s website on 220.127.116.11. Try posting this in a web browser url: 18.104.22.168. You’ll end up at savannah.nongnu.org, which is a website that the fabulous people at GNU run.
Anyway, let’s take a look at your IP address:
ip address show
1: lo: <LOOPBACK,MULTICAST,UP,LOWER<sub>UP</sub>> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope global lo valid<sub>lft</sub> forever preferred<sub>lft</sub> forever 2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER<sub>UP</sub>> mtu 1500 qdisc pfifo<sub>fast</sub> state UP group default qlen 1000 link/ether 00:1c:25:9a:37:ba brd ff:ff:ff:ff:ff:ff inet 192.168.1.122/24 brd 192.168.1.255 scope global dynamic noprefixroute enp0s25 valid<sub>lft</sub> 22986sec preferred<sub>lft</sub> 22986sec inet6 fe80::36a7:f91e:a1e0:16fe/64 scope link noprefixroute valid<sub>lft</sub> forever preferred<sub>lft</sub> forever 3: wlp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether b6:cf:27:17:7c:fc brd ff:ff:ff:ff:ff:ff permaddr e4:ce:8f:59:d6:bf
Let’s take the above output line by line:
1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet *127.0.0.1/8* scope global lo valid_lft forever preferred_lft forever lo is your loopback device, which is fancy talk for "ME". The embolded *127.0.0.1* is a universal alias for "ME". If you have a web site running on your computer, typing in 127.0.0.1:80 lets you access that website. 127.0.0.1:80 means, talk to the computer at address 127.0.0.1 (which is me), and request the content on port 80. 2: *enp0s25*: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:1c:25:9a:37:ba brd ff:ff:ff:ff:ff:ff *inet* *192.168.1.122/24* brd 192.168.1.255 scope global dynamic noprefixroute enp0s25 valid_lft 22986sec preferred_lft 22986sec *inet6* *fe80::36a7:f91e:a1e0:16fe/64* scope link noprefixroute valid_lft forever preferred_lft forever *enp0s25* is your ethernet device. Anything that begins with an 'e' is usually an ethernet device. Ethernet is usually the blue cable that you plug into your laptop or server. Laptops increasingly do not have ethernet, which is sad 'cause ethernet is faster than wifi. *init* means IPv4. Remember when I said that computers have IP address? Well than have one that looks like *192.168.1.122*. That is the IPv4 address. People now adays have phones, tablets, gaming consoles, smart watches, etc. and each need an IP address. As a result, the IPv4 address space is getting a little crowded. So some smart people introduced IPv6, which has much more unique IDs. (Keep reading to see an example IPv6 address). Unfortunately for me, an IP address of 192.168.number.number is a LAN IP. That means I have to be in my house to talk to view my personal website. I cannot view that website at work. :( *init6* is IPv6. And *fe80::36a7:f91e:a1e0:16fe* is this computer's IPv6 address. fe80 is also a LAN IPv6 address. The outside world cannot use that address to talk to this local computer. 3: *wlp2s0*: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether b6:cf:27:17:7c:fc brd ff:ff:ff:ff:ff:ff permaddr e4:ce:8f:59:d6:bf This is my wifi device. Anything that begins with an 'w' is usually a wifi device. ip route
default via 192.168.1.1 dev enp0s25 proto dhcp metric 100 192.168.1.0/24 dev enp0s25 proto kernel scope link src 192.168.1.122 metric 100
The number after default is the default gateway. That is my router’s LAN IP address. If I type that into a web browser, when I am at home, then I can log into my router. Usually your router’s username and password is on a stick on the back of your router.
Also, it should be possible for me to log into the router and tell it to open up
ports 80 and 443 (http and https), so that anyone connecting to say
www.copertino.me would be connecting to my computer only, AND NOT my
roommates’ laptop. However, an attacker could still potentially break into my
guix system computer, and attack my roommate’s computer.
Also, if you decide to play around with customizing your router, I would recommend OpenBSD. OpenBSD potentially has some binary blobs for wifi, which is why the FSF will not endorse it as a free distro. but if you don’t use wifi, then there is no software freedom issues. Anyway, I have recently developed quite the crush on OpenBSD, and I found this guide, that helps you use OpenBSD for your router. It’s actually quite comprehensive:
In this guide we’re going to take a look at how we can use cheap and “low end” hardware to build an amazing OpenBSD router with firewalling capabilities, segmented local area networks, DNS with domain blocking, DHCP and more.
We will use a setup in which the router segments the local area network (LAN) into three separate networks, one for the grown-ups in the house, one for the children, and one for public facing servers (a DMZ), such as a private web server or mail server. We will also look at how we can use DNS to block out ads, porn, and other websites on the Internet. The OpenBSD router can also be used on small to mid-size offices.