Networking Fundamentals: Professional Quick Reference

Core Command Matrix

Nginx Reverse Proxy Snippet

server {
    listen 80;
    server_name api.ai-platform.internal;
    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

SSH Hardening (sshd_config)

PasswordAuthentication no
PermitRootLogin no
PubkeyAuthentication yes

Advanced Packet Capture (tcpdump & BPF)

[!TIP] Always use -nn to prevent DNS lookup storms and -c to limit capture file sizes.

[!CAUTION] Modifying Default Routes Deleting the default route (ip route del default) instantly severs all external internet connectivity. Use ip route replace default or ensure out-of-band management console access is available.

Troubleshooting Decision Tree

Production Diagnostics

• Connection refused (Layer 7): TCP 3-Way handshakes hit the server, but the kernel bounces back a RST because no daemon is listening. Start the app.
• Connection timed out (Layer 4/3): The SYN packet was fired, but vanished into a black hole. Check cloud Security Groups, VPC routing, or iptables.
• NXDOMAIN vs SERVFAIL (DNS): NXDOMAIN = Subdomain genuinely doesn’t exist. SERVFAIL = Upstream resolver crashed or DNSSEC failed.
• 502 vs 504 (Nginx): 502 = Nginx tried to connect to upstream and got Connection Refused. 504 = Nginx connected, but upstream timed out.