REBIRTH

2026-04-27 01:30:33 +02:00
parent 9e29b8b096
commit 49e7930541
80 changed files with 924 additions and 703 deletions
--- a/networking/agate.md
+++ b/networking/agate.md
@@ -4,6 +4,8 @@ tags:
 - networking
 - arch
 - gemini
+requires:
+- distros/arch/install_yay.md
 ---

 Docs are [here](https://github.com/mbrubeck/agate).
@@ -54,7 +56,7 @@ agate --content $GEMDIR --certs $GEMDIR/.certs \

 Once that works, it's time to make a service file; select any name for it:

-`SVFILE=st`
+`${svfile}=st`

 ```
 echo "
@@ -63,27 +65,27 @@ CERT=--certs $GEMDIR/.certs
 ADDR=--addr [::]:1965 --addr 0.0.0.0:1965
 HOSTNAME=--hostname $DOMAIN1 --hostname $DOMAIN2
 LANG=--lang $LANG
-" > $SVFILE.conf
+" > ${svfile}.conf
 ```

 Check the service file has all those variables and looks right:

-`cat $SVFILE.conf`
+`cat ${svfile}.conf`

 Now move it into the agate config directory:

-`mv $SVFILE.conf /etc/agate/`
+`mv ${svfile}.conf /etc/agate/`

 And finally, start the service:

 ```
 systemctl daemon-reload
-systemctl enable --now agate@$SVFILE.conf
+systemctl enable --now agate@${svfile}.conf
 ```

 Your Gemini capsule should be available, and you should be able to see any access in the logs:

 ```
-journalctl -xeu agate@$SVFILE.conf
+journalctl -xeu agate@${svfile}.conf
 ```

--- a/networking/dns.md
+++ b/networking/dns.md
@@ -1,5 +1,5 @@
 ---
-title: dns
+title: DNS Record List
 tags: 
 - networking
 - host
@@ -12,10 +12,9 @@ tags:
 | CNAME       | Alternative Address | "$domain".rs, "$subdomain.$domain".com |
 | NS          | Nameserver          | ns1.fastname.com                       |
 | MX          | Email server        | "$domain".com                          |
-| TXT         | Literally anything,including ownership of a domain |         |
-|             |                     |                                        |
+| TXT         | Literally anything,including ownership of a domain | -       |

-Query a host with the `host` command.
+Query a host's IP and email handlers with the `host` command.

 ```sh
 host $domain.$tld
--- a/networking/fail2ban.md
+++ b/networking/fail2ban.md
@@ -3,7 +3,7 @@ title: fail2ban
 tags: 
 - networking
 requires: 
- ssh
+- networking/ssh.md
 ---
 # SSH Daemon Jail

--- a/networking/nat_check.md
+++ b/networking/nat_check.md
@@ -0,0 +1,44 @@
+---
+title: Check if NAT-blocked
+tags: 
+- networking
+- nat
+---
+
+Trace the route to any domain name.
+
+```sh
+traceroute to splint.rs (89.216.117.22), 30 hops max, 60 byte packets
+ 1  _gateway (192.168.0.1)  0.265 ms  0.209 ms  0.193 ms
+ 2  100.64.0.1 (100.64.0.1)  56.974 ms  60.893 ms  60.911 ms
+ 3  172.31.254.2 (172.31.254.2)  61.795 ms  61.610 ms  70.443 ms
+ 4  172.31.254.2 (172.31.254.2)  69.929 ms  69.948 ms  71.265 ms
+ 5  bg-tp-m-0-be4-100.sbb.rs (89.216.12.0)  72.890 ms  73.268 ms *
+ 6  bg-ne-m-10-be3.sbb.rs (89.216.6.76)  78.474 ms  77.306 ms  77.821 ms
+ 7  * bg-tp-m-11-be1.sbb.rs (89.216.6.75)  35.022 ms bg-tp-m-12-be1.sbb.rs (89.216.6.77)  63.808 ms
+ 8  89.216.4.63 (89.216.4.63)  63.753 ms 89.216.4.61 (89.216.4.61)  65.546 ms  67.876 ms
+ 9  * * *
+10  * * *
+11  * * *
+12  * * *
+13  * * *
+1
+```
+
+The first hop goes to a router (`192.`...).
+The second hop looks like an internal address, so I'm going to double-check.
+
+```sh
+address=100.64.0.1
+curl -s http://api.db-ip.com/v2/free/$address
+    {
+        "ipAddress": "100.64.0.1",
+        "countryCode": "ZZ"
+    }
+```
+
+That's not a real country code, so the second hop passes through something with an [internal address][internalIPs] after the router.
+It looks like this connection has a [NAT layer][natIPs].
+
+[internalIPs]: https://en.wikipedia.org/wiki/List_of_reserved_IP_addresses
+[natIPs]: https://en.wikipedia.org/wiki/Carrier-grade_NAT
--- a/networking/nmap.md
+++ b/networking/nmap.md
@@ -12,9 +12,9 @@ nmap 192.168.1.1/24

 Flags:

-| Flag | Meaning | Effect |
-| :---| :---| :---|
-| -F | Fast | First 100 ports only |
+| Flag | Meaning | Effect               |
+|:-----|:--------|:---------------------|
+| -F   | Fast    | First 100 ports only |

 Look for a web server, which has ports 80 and 443 open:

--- a/networking/ssh/sshfs.md
+++ b/networking/ssh/sshfs.md
@@ -3,7 +3,7 @@ title: sshfs
 tags: 
 - networking
 requires: 
- ssh
+- networking/ssh.md
 ---
 # Mount 

--- a/networking/ssh/tricks.md
+++ b/networking/ssh/tricks.md
@@ -5,7 +5,7 @@ tags:
 - ssh
 - tricks
 requires: 
- ssh
+- networking/ssh.md
 ---

 Mount a remote filesystem locally with fuse-sshfs: