Networking
Interfaces, DNS, firewalls, VPNs, static IPs and troubleshooting connectivity.
Bufferbloat-Free Networking with CAKE
Fix bufferbloat on Linux using CAKE qdisc with tc, including autorate-ingress for variable links, persistent systemd configuration, and latency verification.
IPv6 on Linux — A Practical Guide
Configure IPv6 on Linux from scratch: address types, SLAAC with privacy extensions, DHCPv6, static addressing, routing, nftables firewall rules, and dual-stack operation.
Self-Host the Tailscale Control Plane with Headscale
Run your own Tailscale control plane with Headscale: install, configure TLS, register nodes with pre-auth keys, and enforce ACL policies on your infrastructure.
Set Up an OpenVPN Server
Build a complete OpenVPN server on Linux using Easy-RSA 3 for PKI, a hardened server.conf, client .ovpn profiles, and systemd — with a WireGuard comparison.
Expose a Service with Cloudflare Tunnel
Expose local services to the internet without port-forwarding using Cloudflare Tunnel. Install cloudflared, create a named tunnel, configure ingress rules, and run as a systemd service.
Build a Mesh VPN with Nebula
Build a fully self-hosted mesh VPN with Nebula: create a CA, sign node certs, configure lighthouses, enforce group-based firewall rules, and run as a systemd service.
Use Wireshark on Linux
Install Wireshark on Linux, configure non-root capture, use capture and display filters, decrypt TLS with SSLKEYLOGFILE, and follow TCP streams end-to-end.
Use tcpdump Effectively
Master tcpdump with BPF filters, ring buffer tuning, rotating pcap captures, and a systemd service wrapper — without dropping packets or wasting disk space.
Test HTTP Endpoints with curl and httpie
Learn to test HTTP APIs from the command line using curl flags and HTTPie syntax, covering GET/POST, JSON bodies, auth headers, and mutual TLS.
Set Up systemd-resolved Cleanly
Enable systemd-resolved's stub listener, configure DNS-over-TLS, set up conditional forwarding for split-horizon DNS, and debug with resolvectl.
Diagnose Routing with mtr and traceroute
Learn to diagnose network routing problems using mtr and traceroute, covering ICMP/UDP/TCP probe types, asymmetric routing, and when results mislead you.
VLANs on Linux
Configure 802.1Q VLAN sub-interfaces on Linux using ip link and NetworkManager, covering switch trunk port setup, persistence, and firewall integration.
Linux Network Bonding (LACP and active-backup)
Configure Linux network bonding in LACP (802.3ad) and active-backup modes, including switch setup, systemd-networkd, NetworkManager, and fault-injection testing.
Linux Bridges (br0 etc.) Explained
Learn how Linux bridges (br0) work, when to use them for VMs and containers, how to configure them with iproute2, and how to manage STP correctly.
Turn a Linux Box into a Router
Configure a Linux machine as a full router: static interfaces, kernel IP forwarding, nftables NAT, dnsmasq DHCP, and DNS forwarding — step by step.
How to Diagnose a Slow Network on Linux
Diagnose Linux network slowness layer by layer using ping, mtr, iperf3, ethtool, tcpdump, and dmesg—from bad cables to kernel buffer tuning.
Configure Tailscale on Linux
Install Tailscale on Linux, authenticate devices, enable MagicDNS, configure exit nodes and subnet routes, and set up basic ACLs for access control.
Configure systemd-networkd
Learn how to configure systemd-networkd with .network unit files for static IPs, DHCP, bonding, bridges, and VLANs on modern Linux servers.
nftables from Scratch
Build a complete nftables firewall from scratch: tables, chains, hooks, sets, maps, NAT, and atomic transactional updates explained with real rules.
firewalld Zones and Rich Rules in Practice
Assign interfaces to firewalld zones, open services, write rich rules for source-based and rate-limited policies, and manage runtime vs permanent config.
How to Build a WireGuard Mesh Between Servers
Build a WireGuard mesh VPN across multiple servers: key generation, per-node configs, AllowedIPs routing logic, NAT traversal, firewall rules, and full verification.
How to Set Up Unbound as a Recursive DNS Resolver
Install Unbound, configure root hints and DNSSEC validation, and point your LAN at a private recursive DNS resolver — no upstream forwarder required.
How to Configure nginx as a Reverse Proxy
Configure nginx as a reverse proxy: proxy_pass basics, correct header forwarding, WebSocket upgrade handling, and TLS termination with Let's Encrypt.
How to Use the ip Command
Master the ip command to manage interfaces, addresses, routes, and ARP neighbours — the modern replacement for ifconfig, route, and arp on Linux.
How to Troubleshoot Network Connectivity
Diagnose Linux network problems layer by layer using ip, ping, traceroute, ss, and dig — from interface state to DNS resolution.
TCP/IP Protocols Explained
Understand IP, TCP, UDP, ICMP, ports, and the four-layer model — the core networking concepts every Linux sysadmin must know before touching a firewall or debugg
Squid ACL Configuration Explained
Learn how Squid proxy ACL definitions and http_access rules work, why ordering is critical, and avoid the most common allow/deny configuration mistakes.
How to Set Up a VPN with WireGuard
Set up a WireGuard VPN on Linux from scratch: generate keys, configure server and client peers, enable routing, and verify a live encrypted tunnel.
How to Set Up a DNS Server with BIND
Install and configure BIND 9 as a caching resolver and authoritative nameserver, with forward/reverse zones, common resource records, and firewall rules.
How to Set Up a DHCP Server on Linux
Install and configure ISC DHCP or Kea on Linux: define scopes, set static reservations, inspect leases, open firewall ports, and hook into dynamic DNS.
Port Forwarding on Linux
Forward ports on Linux using nftables DNAT rules, SSH local/remote tunnels, and router NAT configuration — with persistence and troubleshooting tips.
Multicast Networking on Linux
Configure IPv4/IPv6 multicast on Linux: addressing, IGMP group membership, interface flags, and live testing with iperf3 and socat.
MTU and Packet Fragmentation Explained
Learn what MTU is, how path MTU discovery works, why it breaks, and how to diagnose and fix MTU mismatches on Linux with practical commands and examples.
Linux Networking Fundamentals
Master Linux networking from the ground up: interfaces, IP addressing, gateways, DNS, and the essential tools ip, ping, and ss with distro-specific examples.
Linux DNS Configuration
Configure Linux DNS end-to-end: understand /etc/resolv.conf, manage systemd-resolved, use /etc/hosts for static overrides, and verify with dig.
Limit Bandwidth on Linux with tc
Shape Linux network traffic with tc, HTB qdiscs, and fq_codel. Enforce per-interface and per-host bandwidth limits that survive reboots via systemd.
IP Masquerading and NAT on Linux
Set up IP masquerading and NAT on Linux using nftables to turn any machine into a router. Covers ip_forward, SNAT, DNAT, and iptables equivalents.
An Introduction to TCP/IP
Learn how TCP/IP works — IP addressing, routing, TCP vs UDP, ports, DNS, and the layered model — with practical Linux commands to see it all in action.
How TCP/IP Networking Actually Works
Trace a TCP connection from socket to wire: routing table lookups, ARP, the three-way handshake, MTU/PMTUD, and how NAT rewrites packets on a Linux gateway.
How to Configure a Static IP on Linux
Configure a static IP on Linux using Netplan, NetworkManager (nmcli), or systemd-networkd across Ubuntu, Fedora, Debian, and Arch with verified steps.
Common Linux Network Ports Reference
Learn Linux port ranges, read /etc/services, find what's listening with ss and nmap, and apply solid firewall rules to expose or block the right ports.