Tuesday, June 2, 2009

ip range with ipables | specify source ip range in iptables | specify destination ip range in iptables

iptables can use a range of IP address.
I have tested with iptables version 1.3.7 with Linux Kernel version 2.6.21-7.
Range specification depends on "iprange" module of iptables.


To specify a range of source IP address with iptables, use the following syntax,
# iptables -A INPUT -p tcp -m iprange --src-range 192.168.2.2-192.168.2.50 -j ACCEPT

To specify a range of destinationIP address with iptables, use the following syntax,
# iptables -A INPUT -p tcp -m iprange --dst-range 192.168.2.51-192.168.2.100 -j DROP


Saturday, May 16, 2009

What is SELinux

History: SELinux was originally a development project from the National Security Agency (NSA) more..
Security-enhanced Linux (SELinux) is an implementation of a mandatory access control mechanism. This mechanism is in the Linux kernel, checking for allowed operations after standard Linux discretionary access controls are checked. more.....
SELinux Architecture: more....

Enable or Disable SELinux on Linux/Fedora

In Fedora Core and RedHat Enterprise Linux one can Permanently Disable of Enable SELinux.
Edit the file /etc/selinux/config
then set: SELINUX=disabled
and then reboot the system!!



Monday, April 20, 2009

Configure Linux/Fedora as a Router | Enable Packet Forwarding in Linux/Fedora

Configuring a Linux Box as a Router is a easy task.

Step1: Set net.ipv4.ip_forward = 1 in the file /etc/sysctl.conf

Step2: Restart Network Service, command: service network restart
Note: If you do not want to Restart Network Service, use the following command to enable
packet forwarding: echo "1" > /proc/sys/net/ipv4/ip_forward

Step3: Add the static routes to different subnets, hosts etc. using the command: route add .....

Note: This will work if, the firewall don't block the packets from one sub-net to another.

Enable NAT on Linux|Configure NAT on Linux

NAT enabling is suitable when a Linux Box works as a router.

Assuming that, the Linux box has two network interface with the following parameters.

eth0: IP Address 192.168.10.1/24, connected with Local LAN.
eth1: IP Address 203.200.160.226/29, connected with WAN, Gateway: 203.200.160.225/29

To enable NAT for the Local Private LAN, iptables can be used.
Command is: iptables -A POSTRUTING -t nat -s 192.168.10.0/24 -o eth1 -j MASQUERADE
Note: This will work if,
1) the Linux Box is already configured to work as router.
2) the firewall don't block the packets from Private LAN to WAN.

Monday, March 9, 2009

overflow in var file system | clean squid log files and squid cache

/var file system can overflow for the following reason:
# Are you using squid?
If so,
1. clean squid cache using the command : rm –rf /var/spool/squid/*
2. clean squid access log using the command : rm –rf /var/log/squid/*
Before cleaning, stop squid service using the command: service squid stop
OR killall -9 squid
Then start squid service using the command: service squid start

fdsfds

Tuesday, February 24, 2009

download rpm using yum, but do not install, --downloadonly doesn't download,

Yum can be used to download(only) suitable rpm and its dependencies.
Yum downloadonly plugin is required to download rpms without installing them.
First, install downloadonly plugins using the command:

# yum install yum-downloadonly

Now you can download any rpm without installing. For example to download tomcat5-webapps & its all dependencies in current directory ( . ), I have used the following command:

#yum install --downloadonly --downloaddir . tomcat5-admin-webapps tomcat5-webapps