Local port forwarding on the same host requires understanding how netfilter processes packets based on their origin. The critical distinction: traffic from external sources hits the PREROUTING chain, but packets originating locally traverse the OUTPUT chain instead. Miss either one, and your forwarding won’t work. The core problem When you forward UDP port 500 to…
iptables remains the standard firewall interface across most Linux distributions, though it’s technically a compatibility layer over nftables. Whether you’re managing legacy systems or prefer the familiar syntax, here’s what you need to know. Basic Command to Open a Port The fundamental syntax to allow inbound traffic on a specific port: sudo iptables -A INPUT…
Identifying which ports a specific process is using comes up regularly in debugging, security audits, and infrastructure management. Here are the practical methods. Using ss The ss command is the modern standard for socket inspection: ss -tlnp | grep <PID> This shows listening TCP sockets (-t for TCP, -l for listening). Add -u if you…
If you’re running dnsmasq primarily for DNS resolution and don’t need its DHCP server capabilities, you’ll want to disable DHCP while keeping DNS functional. This is a common configuration for DNS-only setups or when another service handles DHCP. Default dnsmasq behavior By default, dnsmasq ships with DHCP disabled. However, many distributions include preconfigured DHCP settings…
By default, Fedora doesn’t enable SSH access. You’ll need to install OpenSSH server, start the service, and configure your firewall to allow connections. Install OpenSSH Server sudo dnf install openssh-server openssh-clients The openssh-clients package provides the ssh command for connecting to other machines, while openssh-server allows incoming connections. Start and Enable the SSH Service sudo…
When your application fails to bind to a port, you need to identify what’s already using it. This is one of the most common debugging tasks in Linux system administration. Using ss (Modern Approach) The ss command has largely replaced netstat in modern Linux distributions. It’s faster, more efficient, and provides clearer output: ss -ltnp…
Setting up OpenVPN on an iPhone with Ovpn Spider requires a few specific steps since iOS has limitations compared to desktop environments. This guide walks you through the process. Prerequisites You’ll need: An iPhone running iOS 12 or later The OpenVPN Connect app installed from the App Store A valid .ovpn configuration file from Ovpn…
When you need to check DNS records from a particular server—especially to verify changes on authoritative nameservers before they propagate through cached resolvers—use dig with the @ syntax to specify the target DNS server. Basic Syntax dig @DNS_SERVER domain.com Replace DNS_SERVER with the IP address of the nameserver you want to query, and domain.com with…
iptables remains the standard firewall configuration tool on Linux systems, though many distributions now layer it with ufw or firewalld. Understanding the basics helps you troubleshoot, migrate, or work on systems without those abstractions. Understanding iptables Fundamentals iptables operates on three main chains: INPUT: rules for incoming traffic FORWARD: rules for traffic passing through the…
UDP packet loss on Linux commonly stems from undersized kernel buffers. When packets arrive faster than the application can process them, the kernel drops excess datagrams silently. Unlike TCP, UDP offers no retransmission, so these losses are permanent. Proper buffer tuning is essential for DNS servers, NTP, monitoring systems, video streaming, and any high-throughput UDP…
Sharing a router with roommates means dealing with bandwidth conflicts. When someone’s running torrent clients, streaming, or other bandwidth-intensive applications without limits, everyone else suffers. Here’s how to handle it systematically. Start with conversation Before implementing technical controls, talk to your roommates. Most P2P and download applications have built-in rate limiting. Asking someone to cap…
When you need to verify that two Linux systems can communicate over a specific protocol and port, you have several solid options. Let’s cover the most practical approaches. Using nc (netcat) The nc command remains a reliable choice for quick connectivity tests. It’s widely available and requires no special setup. TCP connection test To listen…
NFSv4 significantly simplifies network exposure compared to NFSv3. Where NFSv3 requires managing multiple dynamic ports (mountd, statd, lockd), NFSv4 uses only port 111 (rpcbind) and port 2049 (NFS). This makes firewall configuration and port forwarding straightforward. For production environments, consider implementing Kerberos authentication (krb5, krb5i, or krb5p) instead of relying solely on network-based access control….
Configuring an HP all-in-one printer’s scanner on Linux requires HPLIP (HP Linux Imaging and Printing) for device support and SANE (Scanner Access Now Easy) for scanning functionality. The main gotcha is that a working printer doesn’t guarantee a working scanner — they use different subsystems and need separate configuration. Installing Required Packages Start by installing…
NFSv3 uses multiple RPC services, each requiring its own port assignment. Without explicit configuration, rpcbind assigns random high ports to four critical services, making firewall rules unmaintainable. Modern deployments should prioritize NFSv4 with Kerberos, but legacy NFSv3 environments remain common enough to warrant proper port management. The NFS service stack includes seven RPC programs: Service…
UDP (User Datagram Protocol) defined in RFC 768 provides a lightweight alternative to TCP. Unlike TCP’s stream-oriented approach, UDP delivers discrete packets — each recvfrom() or recvmsg() call returns one complete datagram. The tradeoff is real: you gain speed and lower overhead, but lose automatic reliability guarantees. Your application must handle packet loss, reordering, and…
ns (Network Simulator) is a discrete-event simulator used primarily for research and educational purposes in networking. The two major versions—ns-2 and ns-3—are substantially different in architecture and usage patterns. This guide covers installation on current Fedora systems. Installing ns-2 on Fedora Note: ns-2 is legacy software and requires significant compatibility workarounds on modern systems. Consider…
Package Installation Install the required packages: dnf install nfs-utils nfs-utils includes both server and client tools. The separate rpcbind package is no longer needed on modern systems — it’s handled as a dependency and runs as part of the NFS service. Configure /etc/exports Edit /etc/exports to define which directories clients can mount and with what…
ns-2 reached end-of-life in 2011 and is no longer maintained. If you’re looking to simulate network behavior, you should use ns-3 instead, which is actively developed and provides significantly better accuracy and modern tooling. Why ns-3 Over ns-2 ns-2 was influential in academic networking research, but its architecture has fundamental limitations that became apparent over…
Port forwarding allows external hosts to reach services inside a private network by mapping traffic from a public address to an internal one. On Linux, this is implemented through iptables rules that modify packet headers as they traverse the kernel’s netfilter framework. Common use cases include exposing HTTP/HTTPS servers from a private LAN to the…