You have built two or more network cards into one Linux system and each of these cards has its own default gateway. By default, you can only have one default gateway on a system. The case described would lead to asynchronous routing, whereby the router would reject the packets as appropriate.
The iproute2 program, which is included in all current Linux distributions and already installed even, as a rule, can be used for the solution of this problem. Normally, a Linux system only has one routing table, in which only one default gateway can make entries. With iproute2, you have the ability to setup an additional routing table, for one thing, and allow this table to be used by the system based on rules, for another. Continue reading “Two Default Gateways on One System” »
eth0- 172.30.0.100 | Gateway- 172.30.0.97
eth1- 192.168.2.247 | Gateway- 192.168.2.1
Need to connect to SIP BOX destination (fictitious)- 22.214.171.124
eth0 has not internet access but it uses the mentioned (172.30.0.97) as gateway to reach 126.96.36.199 server
eth0 has internet access by using 192.168.2.1 gateway.
Here goes the configuration on /etc/sysconfig/network-scripts/ifcfg-eth0 Continue reading “2 Gateways or Multiple Gateway on a single CentOS box” »
I enjoyed reading the following article, though would worth keeping a copy on my blog. Happy Reading-
Today I will be talking a lot about OpenBSD, FreeBSD and other Unix-like operating systems from the Berkeley Software Distribution. I thought that would be appropriate being my first document on Unixmen. I however will also be talking about Linux and Untangle and how they complement Unix based firewalls such as Pfsense.
I would like to explain what I think is the best way to secure a network from hackers and bots and why these techniques work as well as I say they do. I however will not be explaining how, as I will save that for another article. That being said if there is anything in error here please let me know but I am sure you will find nothing in contrast to common theory. I would also like to show you guys some things I like to do and things I think are critical to IT security. Continue reading “Pf vs Iptables- a Great comparative article” »
You can download the newest version of Cacti from its website.
Install apache webserver with php support, mysql database server, snmp, some php modules and rrdtool.
apt-get install apache2 libapache2-mod-php5 php5 php5-cli php5-mysql php5-gd php5-snmp mysql-client mysql-server libmysqlclient15-dev snmp snmpd rrdtool
Add a user account for cacti. Continue reading “Cacti on Debian (Updated)” »
1:1 NAT maps a single Public IP Address to one of your computer within your local area network (LAN). Unlike port forwarding, 1:1 NAT forwards all ports from one external IP to one internal IP.
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.2 -j SNAT --to-source 188.8.131.52 iptables -t nat -A PREROUTING -i eth0 -d 184.108.40.206 -j DNAT --to-destination 192.168.1.2 iptables -A FORWARD -s 220.127.116.11 -j ACCEPT iptables -A FORWARD -d 192.168.1.2 -j ACCEPT
Port forwarding allows remote computers, for example, computers on the Internet, to connect to a specific computer or service within a private local area network (LAN).
Typical applications include the following:
- Running a public HTTP server within a private LAN
- Permitting Secure Shell access to a host on the private LAN from the Internet
- Permitting FTP access to a host on a private LAN from the Internet
In Linux, you can configure port forwarding using iptables command.
The below example is to enable the port forwarding of port 80 of the external ip address “18.104.22.168” to the port 80 of the computer inside the LAN with the ip address of “192.168.1.2”.
iptables -t nat -A PREROUTING -i eth0 -d 22.214.171.124 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.2:80 iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
He came, he saw, he conquered…and he left behind some words to live by:
“I’m convinced that about half of what separates successful entrepreneurs from the non-successful ones is pure perseverance.”
Everyone says they go the extra mile. Almost no one actually does. Most people who do go there think, “Wait…no one else is here…why am I doing this?” And they leave, never to return.
That’s why the extra mile is such a lonely place. Continue reading “7 Inspiring Steve Jobs Quotes That Just Might Change Your Life” »
NFS Server IP: 172.16.5.100
NFS Client Node1: 172.16.5.101
NFS Client Node2: 172.16.5.102
NFS Client Node3: 172.16.5.103
NFS Client Node4: 172.16.5.104
On the NFS Server:
Install nfs-kernel-server Install nfs-kernel-server and nfs-common Install nfs-common on the computer that has the files to be shared.
apt-get update && sudo apt-get install nfs-kernel-server nfs-common
Edit the exports file that shows what to share and with whom. So run: Continue reading “NFS Server and Client on Debian 6/7” »
Servers do not exist in isolation, and those servers with only the most basic SSH configuration can be vulnerable to brute force attacks. fail2ban provides a way to automatically protect the server from malicious signs. The program works by scanning through log files and reacting to offending actions such as repeated failed login attempts.
Step One—Install Fail2Ban
Because fail2ban is not available from CentOS, we should start by downloading the EPEL repository:
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Follow up by installing fail2ban:
yum install fail2ban
Step Two—Copy the Configuration File
The default fail2ban configuration file is location at /etc/fail2ban/jail.conf. The configuration work should not be done in that file, however, and we should instead make a local copy of it.
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
After the file is copied, you can make all of your changes within the new jail.local file. Many of possible services that may need protection are in the file already. Each is located in its own section, configured and turned off. Continue reading “Install and configure fail2ban” »