Two Default Gateways on One System

Problem Description

You have built two or more network cards into one Linux system and each of these cards has its own default gateway. By default, you can only have one default gateway on a system. The case described would lead to asynchronous routing, whereby the router would reject the packets as appropriate.

Solution

The iproute2 program, which is included in all current Linux distributions and already installed even, as a rule, can be used for the solution of this problem. Normally, a Linux system only has one routing table, in which only one default gateway can make entries. With iproute2, you have the ability to setup an additional routing table, for one thing, and allow this table to be used by the system based on rules, for another. Continue reading “Two Default Gateways on One System” »

Share

2 Gateways or Multiple Gateway on a single CentOS box

Scenerio-

eth0- 172.30.0.100 | Gateway- 172.30.0.97

eth1- 192.168.2.247 | Gateway- 192.168.2.1

Need to connect to SIP BOX destination (fictitious)- 202.140.1.1

eth0 has not internet access but it uses the mentioned (172.30.0.97) as gateway to reach 202.140.1.1 server

eth0 has internet access by using 192.168.2.1 gateway.

Here goes the configuration on /etc/sysconfig/network-scripts/ifcfg-eth0 Continue reading “2 Gateways or Multiple Gateway on a single CentOS box” »

Share

Pf vs Iptables- a Great comparative article

I enjoyed reading the following article, though would worth keeping a copy on my blog. Happy Reading-

Today I will be talking a lot about OpenBSD, FreeBSD and other Unix-like operating systems from the Berkeley Software Distribution. I thought that would be appropriate being my first document on Unixmen. I however will also be talking about Linux and Untangle and how they complement Unix based firewalls such as Pfsense.

I would like to explain what I think is the best way to secure a network from hackers and bots and why these techniques work as well as I say they do. I however will not be explaining how, as I will save that for another article. That being said if there is anything in error here please let me know but I am sure you will find nothing in contrast to common theory. I would also like to show you guys some things I like to do and things I think are critical to IT security. Continue reading “Pf vs Iptables- a Great comparative article” »

Share

Cacti on Debian (Updated)

Downloading Cacti

You can download the newest version of Cacti from its website.

wget http://www.cacti.net/downloads/cacti-0.8.7b.tar.gz

Installing Cacti

Install apache webserver with php support, mysql database server, snmp, some php modules and rrdtool.

apt-get install apache2 libapache2-mod-php5 php5 php5-cli php5-mysql php5-gd php5-snmp mysql-client mysql-server libmysqlclient15-dev snmp snmpd rrdtool

Add a user account for cacti. Continue reading “Cacti on Debian (Updated)” »

Share

Enable 1:1 NAT in Iptables

1:1 NAT maps a single Public IP Address to one of your computer within your local area network (LAN). Unlike port forwarding, 1:1 NAT forwards all ports from one external IP to one internal IP.

iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.2 -j SNAT --to-source 83.229.64.2 iptables -t nat -A PREROUTING -i eth0 -d 83.229.64.2 -j DNAT --to-destination 192.168.1.2 iptables -A FORWARD -s 83.229.64.2 -j ACCEPT iptables -A FORWARD -d 192.168.1.2 -j ACCEPT
Share

How to enable Port Forwarding in Iptables

Port forwarding allows remote computers, for example, computers on the Internet, to connect to a specific computer or service within a private local area network (LAN).
Typical applications include the following:

  • Running a public HTTP server within a private LAN
  • Permitting Secure Shell access to a host on the private LAN from the Internet
  • Permitting FTP access to a host on a private LAN from the Internet

In Linux, you can configure port forwarding using iptables command.
The below example is to enable the port forwarding of port 80 of the external ip address “83.229.64.2” to the port 80 of the computer inside the LAN with the ip address of “192.168.1.2”.

iptables -t nat -A PREROUTING -i eth0 -d 83.229.64.1 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.2:80 iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
Share

7 Inspiring Steve Jobs Quotes That Just Might Change Your Life

He came, he saw, he conquered…and he left behind some words to live by:

“I’m convinced that about half of what separates successful entrepreneurs from the non-successful ones is pure perseverance.”

Everyone says they go the extra mile. Almost no one actually does. Most people who do go there think, “Wait…no one else is here…why am I doing this?” And they leave, never to return.

That’s why the extra mile is such a lonely place. Continue reading “7 Inspiring Steve Jobs Quotes That Just Might Change Your Life” »

Share

NFS Server and Client on Debian 6/7

Assumptions:

NFS Server IP: 172.16.5.100

NFS Client Node1: 172.16.5.101

NFS Client Node2: 172.16.5.102

NFS Client Node3: 172.16.5.103

NFS Client Node4: 172.16.5.104

On the NFS Server:

Install nfs-kernel-server Install nfs-kernel-server and nfs-common Install nfs-common on the computer that has the files to be shared.

apt-get update && sudo apt-get install nfs-kernel-server nfs-common

Edit the exports file that shows what to share and with whom. So run: Continue reading “NFS Server and Client on Debian 6/7” »

Share

Install and configure fail2ban

Servers do not exist in isolation, and those servers with only the most basic SSH configuration can be vulnerable to brute force attacks. fail2ban provides a way to automatically protect the server from malicious signs. The program works by scanning through log files and reacting to offending actions such as repeated failed login attempts.

Step One—Install Fail2Ban

Because fail2ban is not available from CentOS, we should start by downloading the EPEL repository:

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Follow up by installing fail2ban:

yum install fail2ban

Step Two—Copy the Configuration File

The default fail2ban configuration file is location at /etc/fail2ban/jail.conf. The configuration work should not be done in that file, however, and we should instead make a local copy of it.

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

After the file is copied, you can make all of your changes within the new jail.local file. Many of possible services that may need protection are in the file already. Each is located in its own section, configured and turned off. Continue reading “Install and configure fail2ban” »

Share