Enable 1:1 NAT in Iptables

1:1 NAT maps a single Public IP Address to one of your computer within your local area network (LAN). Unlike port forwarding, 1:1 NAT forwards all ports from one external IP to one internal IP.

iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.2 -j SNAT --to-source 83.229.64.2 iptables -t nat -A PREROUTING -i eth0 -d 83.229.64.2 -j DNAT --to-destination 192.168.1.2 iptables -A FORWARD -s 83.229.64.2 -j ACCEPT iptables -A FORWARD -d 192.168.1.2 -j ACCEPT
Share

How to enable Port Forwarding in Iptables

Port forwarding allows remote computers, for example, computers on the Internet, to connect to a specific computer or service within a private local area network (LAN).
Typical applications include the following:

  • Running a public HTTP server within a private LAN
  • Permitting Secure Shell access to a host on the private LAN from the Internet
  • Permitting FTP access to a host on a private LAN from the Internet

In Linux, you can configure port forwarding using iptables command.
The below example is to enable the port forwarding of port 80 of the external ip address “83.229.64.2” to the port 80 of the computer inside the LAN with the ip address of “192.168.1.2”.

iptables -t nat -A PREROUTING -i eth0 -d 83.229.64.1 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.2:80 iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
Share

7 Inspiring Steve Jobs Quotes That Just Might Change Your Life

He came, he saw, he conquered…and he left behind some words to live by:

“I’m convinced that about half of what separates successful entrepreneurs from the non-successful ones is pure perseverance.”

Everyone says they go the extra mile. Almost no one actually does. Most people who do go there think, “Wait…no one else is here…why am I doing this?” And they leave, never to return.

That’s why the extra mile is such a lonely place. Continue reading “7 Inspiring Steve Jobs Quotes That Just Might Change Your Life” »

Share

NFS Server and Client on Debian 6/7

Assumptions:

NFS Server IP: 172.16.5.100

NFS Client Node1: 172.16.5.101

NFS Client Node2: 172.16.5.102

NFS Client Node3: 172.16.5.103

NFS Client Node4: 172.16.5.104

On the NFS Server:

Install nfs-kernel-server Install nfs-kernel-server and nfs-common Install nfs-common on the computer that has the files to be shared.

apt-get update && sudo apt-get install nfs-kernel-server nfs-common

Edit the exports file that shows what to share and with whom. So run: Continue reading “NFS Server and Client on Debian 6/7” »

Share

Install and configure fail2ban

Servers do not exist in isolation, and those servers with only the most basic SSH configuration can be vulnerable to brute force attacks. fail2ban provides a way to automatically protect the server from malicious signs. The program works by scanning through log files and reacting to offending actions such as repeated failed login attempts.

Step One—Install Fail2Ban

Because fail2ban is not available from CentOS, we should start by downloading the EPEL repository:

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Follow up by installing fail2ban:

yum install fail2ban

Step Two—Copy the Configuration File

The default fail2ban configuration file is location at /etc/fail2ban/jail.conf. The configuration work should not be done in that file, however, and we should instead make a local copy of it.

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

After the file is copied, you can make all of your changes within the new jail.local file. Many of possible services that may need protection are in the file already. Each is located in its own section, configured and turned off. Continue reading “Install and configure fail2ban” »

Share

rkhunter perfect configuration

Introduction

Exposing any computer to the internet is in some ways risky. There are many ways that your server can be compromised or attacked by remote systems and malicious software, and it is an ongoing and proactive process to defend yourself against potential threats.

One potential concern is rootkits. Rootkits are software secretly installed by a malicious intruder to allow that user continued access to the server once security is breached. This is an extremely dangerous problem, because even after the entry vector that the user originally used to gain access is fixed, they can continue to enter the server using the rootkit they installed.

One tool that can help you protect your system from these kinds of problems is rkhunter. This software checks your system against a database of known rootkits. Additionally, it can check other system files to make sure they are in line with expected properties and values.

In this guide, we will install and configure rkhunter to protect our Ubuntu 12.04 VPS. Continue reading “rkhunter perfect configuration” »

Share

Add EPEL Repo to CentOS or SL 6

For 64 Bit

rpm –import http://fedoraproject.org/static/0608B895.txt
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm

For 32 Bit

rpm –import http://fedoraproject.org/static/0608B895.txt
wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm

Additional Add Remi Repo

rpm –import http://rpms.famillecollet.com/RPM-GPG-KEY-remi
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

yum install yum-priorities

Edit /etc/yum.repos.d/epel.repo

vi /etc/yum.repos.d/epel.repo

Share

Open Sourced Load Balancer

Linux Virtual Server
The Linux Virtual Server Project is a project to cluster many real servers together into a highly available, high-performance virtual server. The LVS load balancer handles connections from clients and passes them on the the real servers (so-called Layer 4 switching) and can virtualize almost any TCP or UDP service, like HTTP, HTTPS, NNTP, FTP, DNS, ssh, POP3, IMAP4, SMTP, etc. It is fully transparent to the client accessing the virtual service.
Homepage: http://www.LinuxVirtualServer.org/

BalanceNG
BalanceNG is a modern software IP load balancing solution. It is small, fast, and easy to use and setup. It offers session persistence, different distribution methods (Round Robin, Random, Weighted Random, Least Session, Least Bandwidth, Hash, Agent, and Randomized Agent) and a customizable UDP health check agent in source code. It supports VRRP to set up high availability configurations on multiple nodes. It supports SNMP, integrating the BALANCENG-MIB with Net-SNMPD. It implements a very fast in-memory IP-to-location database, allowing powerful location-based server load-balancing.
Homepage:http://www.inlab.de/balanceng/

HAproxy 
HAproxy is a high-performance and highly-robust TCP and HTTP load balancer which provides cookie-based persistence, content-based switching, advanced traffic regulation with surge protection, automatic failover, run-time regex-based header control, Web-based reporting, advanced logging to help trouble-shooting buggy applications and/or networks, and a few other features. Its own event-driven state machine achieves 20,000 hits per second and surpasses GigaEthernet on modern hardware, even with tens of thousands of simultaneous connections.
Homepage:http://haproxy.1wt.eu/ Continue reading “Open Sourced Load Balancer” »

Share