status-update-july-2022.md 7.9 KB

title:Status Update July 2022 date: 2022-08-02 13:00 tags: status update

summary: Status Update

So I recently bought a guix system server! It cost me about $250. It’s got 16GB of RAM (I can upgrade to 32GB) with a 4TB harddrive. I may play with RAID at some point, but that’s a little down the line. If you want some help getting something like this for yourself, please contact me. This blog post is my first attempt at trying to figure out how to connect to copertino, to the internet. Now on with the blog post!

So when you are like me, and you start to wonder how the internets work, a good thing to learn first is difference between WAN and LAN. LAN is your local area network. When you are at home, on your computer, you are on your LAN. If your computer talks to another computer in your house, then those machines are using the LAN. When your computer talks to www.gnu.org, your computer is accessing the WAN, which is the wide area network, usually called the internet.

Computers talk to each other via IP addresses. An IP address is a numerical ID that is unique to each computer. Computers use IP address as essentially phone numbers to reach out and say, “Hey what time are we having this binary number crunching date?” What’s interesting, is computers have more than just a phone number, they have a phone number, plus several extensions.

When you call a business, and they say, “Thanks for calling Bank of Scotland. Please press 5 to talk to a manager, 4 to talk to a sales person, and 3 to open an account. Thanks!” 5, 4, and 3 are extensions. Computers have the same thing, on steroids. They calls extensions ports, and there are like 50,000+ ports. Ports are usually set up to be used by specific applications. For example, your web browser uses port 80 and 443 to visit websites.

Here’s a crazy example.

ping -c 1 gnu.org

PING gnu.org (209.51.188.116): 56 data bytes 64 bytes from 209.51.188.116: icmpseq=0 ttl=55 time=39.078 ms — gnu.org ping statistics — 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 39.078/39.078/39.078/0.000 ms

So, we now know that gnu.org is serving it’s website on 209.51.188.116. Try posting this in a web browser url: 209.51.188.116. You’ll end up at savannah.nongnu.org, which is a website that the fabulous people at GNU run.

Anyway, let’s take a look at your IP address:

ip address show

1: lo: UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope global lo
   valid<sub>lft</sub> forever preferred<sub>lft</sub> forever

2: enp0s25: UP> mtu 1500 qdisc pfifofast state UP group default qlen 1000

link/ether 00:1c:25:9a:37:ba brd ff:ff:ff:ff:ff:ff
inet 192.168.1.122/24 brd 192.168.1.255 scope global dynamic noprefixroute enp0s25
   valid<sub>lft</sub> 22986sec preferred<sub>lft</sub> 22986sec
inet6 fe80::36a7:f91e:a1e0:16fe/64 scope link noprefixroute
   valid<sub>lft</sub> forever preferred<sub>lft</sub> forever

3: wlp2s0: mtu 1500 qdisc noqueue state DOWN group default qlen 1000

link/ether b6:cf:27:17:7c:fc brd ff:ff:ff:ff:ff:ff permaddr e4:ce:8f:59:d6:bf

Let’s take the above output line by line:

1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet *127.0.0.1/8* scope global lo
       valid_lft forever preferred_lft forever


lo is your loopback device, which is fancy talk for "ME". The embolded
*127.0.0.1* is a universal alias for "ME". If you have a web site running on
your computer, typing in 127.0.0.1:80 lets you access that website. 127.0.0.1:80
means, talk to the computer at address 127.0.0.1 (which is me), and request the
content on port 80.

2: *enp0s25*: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:1c:25:9a:37:ba brd ff:ff:ff:ff:ff:ff
    *inet* *192.168.1.122/24* brd 192.168.1.255 scope global dynamic noprefixroute enp0s25
       valid_lft 22986sec preferred_lft 22986sec
    *inet6* *fe80::36a7:f91e:a1e0:16fe/64* scope link noprefixroute
       valid_lft forever preferred_lft forever

*enp0s25* is your ethernet device.  Anything that begins with an 'e' is usually
 an ethernet device.  Ethernet is usually the blue cable that you
 plug into your laptop or server.  Laptops increasingly do not have ethernet,
 which is sad 'cause ethernet is faster than wifi.


*init* means IPv4. Remember when I said that computers have IP address? Well
than have one that looks like *192.168.1.122*. That is the IPv4 address. People
now adays have phones, tablets, gaming consoles, smart watches, etc. and each
need an IP address. As a result, the IPv4 address space is getting a little
crowded. So some smart people introduced IPv6, which has much more unique IDs.
(Keep reading to see an example IPv6 address).


Unfortunately for me, an IP address of 192.168.number.number is a LAN IP. That
means I have to be in my house to talk to view my personal website. I cannot
view that website at work. :(


*init6* is IPv6. And *fe80::36a7:f91e:a1e0:16fe* is this computer's IPv6
 address. fe80 is also a LAN IPv6 address. The outside world cannot use that
 address to talk to this local computer.

3: *wlp2s0*: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether b6:cf:27:17:7c:fc brd ff:ff:ff:ff:ff:ff permaddr e4:ce:8f:59:d6:bf

This is my wifi device.  Anything that begins with an 'w' is usually a wifi device.

ip route

default via 192.168.1.1 dev enp0s25 proto dhcp metric 100 192.168.1.0/24 dev enp0s25 proto kernel scope link src 192.168.1.122 metric 100

The number after default is the default gateway. That is my router’s LAN IP address. If I type that into a web browser, when I am at home, then I can log into my router. Usually your router’s username and password is on a stick on the back of your router.

Also, it should be possible for me to log into the router and tell it to open up ports 80 and 443 (http and https), so that anyone connecting to say www.copertino.me would be connecting to my computer only, AND NOT my roommates’ laptop. However, an attacker could still potentially break into my guix system computer, and attack my roommate’s computer.

Also, if you decide to play around with customizing your router, I would recommend OpenBSD. OpenBSD potentially has some binary blobs for wifi, which is why the FSF will not endorse it as a free distro. but if you don’t use wifi, then there is no software freedom issues. Anyway, I have recently developed quite the crush on OpenBSD, and I found this guide, that helps you use OpenBSD for your router. It’s actually quite comprehensive:

In this guide we’re going to take a look at how we can use cheap and “low end” hardware to build an amazing OpenBSD router with firewalling capabilities, segmented local area networks, DNS with domain blocking, DHCP and more.

We will use a setup in which the router segments the local area network (LAN) into three separate networks, one for the grown-ups in the house, one for the children, and one for public facing servers (a DMZ), such as a private web server or mail server. We will also look at how we can use DNS to block out ads, porn, and other websites on the Internet. The OpenBSD router can also be used on small to mid-size offices.