Connections and Settings

IP

• IP (Internet Protocol).

• It is used to identify a device on a network.

• Since IPv4 IPs are commonly used, there is a limit to how many IPs can be assigned, so IPs were separated into Public IPs and Private IPs, separating internal (home) network IPs from external (Internet) networks.

• The router translates between a Private IP and a Public IP, and vice versa, using NAT.

Private IP

• Used in home networks. The private IP enables communication within the home network (internal connection) but does not allow communication with other networks outside the domain of its modem/router, that is, it does not allow WAN connection, since the WAN blocks any communication that tries to use a private IP to access the Internet. The private IP is defined within the router and can be Static IP or Dynamic IP. By default, all routers assign IPs dynamically to avoid device conflicts and to prevent network access issues. To make this dynamic assignment, a 'DHCP Server' is used to distribute IPs intelligently and avoid conflicts.

Public IP

• Used to access large networks like the Internet, where each one is unique. The public IP is defined by the ISP.

• Risk considerations :

  • Your home IP is publicly linked to the domain

    • Anyone connecting to your server can see your real IP (unless you use a proxy/VPN).

  • Geolocation risks

    • Tools like ip2location  can approximate your city/ISP, making you a potential target for:

    • Doxing/swatting  (if someone malicious wants to harass you).

    • Network scanning attacks  (probing for other devices on your home network).

  • Home Network Vulnerabilities

    • Port forwarding exposes your router  – If you forwarded ports (e.g., UDP/TCP for games), attackers might:

      • Try to exploit router firmware vulnerabilities.

      • Scan for other open ports (e.g., RDP, SSH, IoT devices).

    • Malware & Intrusions  – A compromised game server could be used to pivot into your local network.

• Protecting yourself :

  • Hide Your Real IP

    • Use a VPN or Proxy  (e.g., WireGuard, Tailscale) to mask your home IP.

    • Host on a VPS  (e.g., $5/month Linode/DigitalOcean) instead of your home PC.

  • Secure Your Network

    • Disable UPnP  (prevents automatic port forwarding exploits).

    • Use a firewall  (only allow game traffic, block suspicious IPs).

    • Isolate the server  – Run it in a VM or separate device (not your main PC).

  • Limit Exposure

    • Use a whitelist  (only allow known players).

    • Add password/auth  (even if the game doesn’t natively support it).

    • Disable unused ports/services  (e.g., close RDP, SMB).

  • Monitor & Log Traffic :

    • Check router logs for unusual activity.

    • Tools like Wireshark  or fail2ban  can block brute-force attempts.

• Should You Keep Hosting from Home?

  • For private use (friends only)  → Whitelist IPs or use a VPN (ZeroTier/Tailscale).

  • For public use  → Migrate to a cheap VPS to avoid home risks.

  • For testing  → Use Cloudflare Tunnels (masks your IP) + strict firewall rules.

Domain: DDNS

• Provider :

  • No-IP  (Free, 3 hostnames)

  • DuckDNS  (Free, simple setup)

  • DynDNS  (Paid, more reliable)

• .

IPv4 (Internet Protocol version 4)

• More used today, but will be replaced by IPv6. It is an address written in 32-bit binary, containing 4 groups of octets.

IPv6 (Internet Protocol version 6)

• Less used, but is the future of IPs. It is an address written in 128-bit hexadecimal, containing 8 groups of 16 bits. IPv6 can store orders of magnitude more addresses than IPv4, which makes it far superior to IPv4 and more time-proof. Another difference is that IPv6 does not have a 'private IPv6' and 'public IPv6' version, because it has many  more IPs available, making 'private IPv6' also  the 'public IPv6', i.e., there is no distinction between them, unlike IPv4.

Special IP Addresses

• Loopback Address (RFC 3330):

  • Range 127.x.x.x  / localhost

  • "Send something from you to yourself, like a boomerang".

  • Used to reference the local machine (host).

  • Normally used as 127.0.0.1 , but can also be 127.0.0.2  up to 127.255.255.255 .

  • The main purpose of loopback is to allow a computer to send network packets to itself. It simulates communication over the network without leaving the device.

• Unspecified Network Address (RFC 6890)

  • 0.0.0.0

  • Used to refer to an unspecified network or when the device has not yet received an IP address.

  • Also used to indicate a default route.

  • Why 0.0.0.0  is Critical for Servers :

    • If you bind to 192.168.1.100 , only local devices can connect.

    • If you bind to 127.0.0.1 , only your own PC can access it.

    • 0.0.0.0  means: "Listen on every available interface" / "Listen everywhere".

      • Localhost ( 127.0.0.1 )

      • LAN ( 192.168.1.100 )

      • Public traffic (if port-forwarded via NAT)

    • With 0.0.0.0  you can access it via:

      • http://localhost:8000  (same machine)

      • http://192.168.1.100:8000  (local network)

      • http://<public_ip>:8000  (internet, if NAT is set up)

• Private network addresses (RFC 1918):

  • Range 10.x.x.x

    • Used in large private networks.

  • Range 172.16.x.x  -> 172.31.x.x

    • That is, from 172.16.0.0  to 172.31.255.255 .

    • Used in medium-sized private networks.

  • Range 192.168.x.x

    • Commonly used in small home networks.

• Link-Local Address (RFC 3927)

  • Range 169.254.x.x

  • Link-local addresses are used for communication between devices on a local network without the need for a DHCP server.

  • These addresses are assigned automatically when a device cannot obtain an IP from a router or DHCP server.

• Broadcast Addresses (RFC 919)

  • 255.255.255.255

    • The global broadcast address that sends packets to all devices on a local network.

  • Subnet broadcast address:

    • Depending on the subnet, the last IP address of a subnet is the broadcast address. For example, in the network 192.168.1.0 , the address 192.168.1.255  is the broadcast for that subnet.

• Multicast Addresses (RFC 5771)

  • 224.x.x.x  -> 239.x.x.x

    • That is, from 224.0.0.0  to 239.255.255.255 .

  • Multicast is a communication technique where a single packet is sent to a group of devices.

  • Multicast is commonly used for broadcasts like video or audio streaming.

• Documentation Test Addresses (RFC 5737)

  • 192.0.2.x

  • These addresses are reserved for examples and documentation. They should not be used in real networks.

Interfaces

• An interface is a network connection point, such as:

  • Loopback ( 127.0.0.1  or localhost ) – Only accepts local connections (from the same machine).

  • Ethernet/Wi-Fi (e.g., 192.168.1.100 ) – Accepts connections from your local network.

  • Public IP (assigned by ISP, e.g., 179.94.136.166 ) – Accepts connections from the internet (but usually belongs to your router, not your server directly).

Local Connection

Default Gateway

• Address to access router settings. It can be changed inside router settings and can be seen as the 'Router's Private IP'.

• Explanatory video: PowerCert video .

NAT (Network Address Translation)

• Translates one IP address to another. Used for communication between a home network (internal) and the Internet by converting Private IPs to Public IPs, or vice versa.

• Forwards specific ports from your router’s public IP to a private IP (e.g., PublicIP:80  → 192.168.1.100:80 ).

• Only exposes the ports you manually configure.

• "when creating a gaming server and doing port forwarding is asked of my external and internal IP. What should I put in the external IP, considering that I'll use DDNS?"

  • Leave it blank or select "Any" (depends on your router).

  • This allows connections from all external IPs (DDNS will resolve to your current public IP automatically).

  • Or enter 0.0.0.0  (symbolizes "any IP").

DMZ (Demilitarized Zone)

• "It's where the firewall protection is forbidden".

• Used to improve the security of some network devices. It is used to divide the network into 2 parts, between devices 'Outside the Firewall' and 'Inside the Firewall', which prevents granting unrestricted access to the network that would cause major security failures. The DMZ ensures there is separation between devices that should receive public access and those that should remain private on the network. Doing this not only improves security against hackers but also helps detect when connections are potential threats to the network.

• "Your router's DMZ is not a 'true DMZ', it just sets up a device as a DMZ host. Will forward all the ports to that device".

• Commonly used for gaming consoles, as an Xbox for example shouldn't worry about port forwarding, etc.

  • This makes the gaming console be out of the firewall, while the other devices connected to the router are protected behind the firewall.

  • This makes the gaming console fully exposed to the internet.

• The device in the DMZ should be configured with a static IP, rather than a dynamic IP.

• Explanation: PowerCert video .

• Pros :

  • "Set and forget" – No need to manually forward ports.

  • Useful if you’re testing multiple services and don’t want to configure NAT repeatedly.

• Cons :

  • Extremely risky – The DMZ device is fully exposed to hackers, scans, and exploits.

  • No firewall protection – Malware/attacks can directly target the device.

  • Only safe if the device has its own firewall (e.g., a properly secured Linux server).

• When to Use DMZ :

  • If you’re testing a device temporarily and need all ports open.

  • If the device has strong security (firewall, no vulnerable services).

  • Never use DMZ for everyday devices (e.g., Windows PC, smart TV).

DHCP Server (Dynamic Host Configuration Protocol)

• The 'DHCP' or 'DHCP Server' is a service/feature that runs inside a server, whether Windows, Linux, or inside the router itself. This service's role is to assign dynamic IPs to each device on the network. It is not necessary to change the 'IP Pool' or the 'Lease' (lease time), since they are just configuration options and do not affect connection quality. It is worth noting, however, that most of the time it is advisable to keep this option enabled, since disabling it makes the router lose the ability to assign dynamic IPs, which can cause a device to become unable to access the network due to multiple devices possibly having the same IP.

• Explanatory video: PowerCert video .

DNS (Domain Name System)

• It is the "path" by which the router connects to the server you are trying to access. It translates the 'domain name' to the 'domain IP', i.e., translates 'google.com' to '142.251.135.142'. When translating from 'name' to 'IP', the translation information is stored in a cache to speed up user lookups and navigation. It can be useful to clear the cache with ipconfig /flushdns  in case of communication errors where the domain cannot be found due to an IP change, and it is also useful to prevent 'DNS spoofing', which is when there is a wrong redirect because of a change in the DNS cache. It can be useful not to use the dynamic DNS provided by the ISP, as there are other DNS options that may be faster.

  • Explanation: PowerCert video .

  • Explanation and alternative DNS options: clip from ThioJoe's video .

  • DNS security and vulnerabilities: ThioJoe video .

Subnet Mask

• It is just a collection of digits that will act as a "mask" (e.g., Photoshop or Godot layer/mask) to differentiate which part of the IPv4 address number belongs to the 'Network' and which part belongs to the 'Host'. In other words, the usual value of the Subnet Mask {255.255.255.0}, used for IPv4 addresses like {192.168.1.0}, is not an address but an instruction for reading the IPv4 address. The values {255} and {0} are used to differentiate between Network and Host, where {255} symbolizes the Network and {0} symbolizes the Host. "Why is separation between 'Network' and 'Host' necessary in the IP digits?" The video below answers this question very well starting at {7:27}; in short, it is used to balance the number of subnets and the number of hosts in a network, commonly used in large companies or places with many devices that need to communicate with each other.

• Very explanatory video: PowerCert video .

MTU (Maximum Transmission Unit)

• Somewhat confusing explanation about MTU: Kevin Wallace video .

Port

• List of ports .

• It is a logical (non-physical) connection used by programs and services to exchange information. A port is always identified by a unique number (between 0-65535), just like the public IP that accompanies it during the request: "Public_IP:Port".

  • Very good analogy between 'Phone Number + Extension' and 'Public IP + Port': clip from PowerCert's video .

  • More in-depth explanation about 'Types of Ports', examples of 'Well Known Ports' and the Windows netstat  command: PowerCert video .

Port Forwarding

• It is a process done inside the router to ensure connectivity between devices on different networks. When such a connection is to be established, the "Host" sends its 'PublicIP:Port' information to the "Client", and the client's router receives this information but does not know what to do with the port, so an assignment must be made inside the router so it knows where to forward  that connection.

Packet

• It is sent by the user during a ping test, expecting to receive it back from the test domain to verify the connection between localhost and the domain. If there is 'Packet Loss', it means there are connection problems somewhere between localhost and the domain, which could be on the user side, the domain, the DNS, or anywhere in between.

• Bufferbloat:

  • Excess packet buffering causing internet slowness and increased ping.

• What is 'speed', 'bandwidth' and 'latency' .

UPnP

• It is a system that allows programs to open ports on the router without many obstacles. This improves peer-to-peer traffic but can create security problems if malware exploits this potential vulnerability. This option is enabled by default on many routers.

  • Explanation: clip from ThioJoe's video .

Firewall

• It is a system intended to prevent unauthorized access to the private network; it allows desired data and blocks unwanted data, acting like a filter. A firewall is also known as the 'first line of defense against hackers'. A firewall can be a 'host firewall', running on each device via software, such as Windows Firewall or third-party apps, or it can be a 'network firewall', which operates on the router and applies to the entire network and its devices; the 'network firewall' comes first and has priority over the 'host firewall'.

  • Explanation: PowerCert video .

Useful Windows network commands

• ping google.com -t

  • Tests connectivity between localhost and Google to check for packet loss; the -t  switch makes the ping run indefinitely until 'Ctrl + C' is pressed or the terminal is closed.

• ping localhost  or ping 127.0.0.1

  • Pings yourself to test if the network card has any failure.

• tracert google.com

  • Performs a trace route between localhost and Google, identifying each router along the path. Every time the packet passes through a router on the route, a response is sent back with timing information.

  • Traceroute (tracert) Explained - Network Troubleshooting .

• ipconfig /all

  • Shows all IP, TCP and MAC configurations.

• ipconfig /displaydns

  • Shows the DNS redirect cache content if you want to evaluate it and see if /flushdns  is needed.

• ipconfig /flushdns

  • Clears the DNS cache.