Clear PageCache only
# sync; echo 1 > /proc/sys/vm/drop_caches
Clear dentries and inodes
# sync; echo 2 > /proc/sys/vm/drop_caches
Clear PageCache, dentries and inodes
# sync; echo 3 > /proc/sys/vm/drop_caches
Seperate Private Key and Certificate file
#Generate certificates bundle file
openssl pkcs12 -nokeys -in server-cert-key-bundle.p12 -out server-ca-cert-bundle.pem
#Generate server key file.
openssl pkcs12 -nocerts -nodes -in server-cert-key-bundle.p12 -out server.key
Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
Create a .pfx/.p12 certificate file using OpenSSL
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt
Src: https://www.sslshopper.com/article-most-common-openssl-commands.html
Most of you have probably used a tunnel with an SSH connection. What you probably weren’t aware of is that you can use a dynamic tunnel to access all remote infrastructure. Furthermore, you can specify a port and a destination IP to have direct access. This process is achieved through your PuTTY configuration.
In this procedure, we will use Internet Explorer, Firefox and an RDP connection to demonstrate the use of a tunnel with an SSH connection, as well as configuring the tunnel with several other protocol types.
Local Port Forwarding
Step 1 – Load the Session
In your PuTTY configuration, configure the Host Name and Port of your remote SSH computer. Enter your Saved Sessions name, and click Save. If your session already exists, Load it as shown below:
Continue reading “SSH Tunnel on PuTTY” »
Problem
If you’re having trouble receiving mail from outside, you need to find out where the message is failing. When sending your test message, check the Log Files, especially /var/log/zimbra.log, on your MTA server. It’s often helpful to tail the logfile as you send the message:
tail -f /var/log/zimbra.log
If you see nothing logged (no connection, nothing) then the problem likely either DNS or your firewall.
Resolution
Firewall
To troubleshoot your firewall, it helps to have an account on a system outside of your network. For mail to flow inbound, servers on the internet need to connect to your MTA on port 25.
DNS issues
The mail domain that your user accounts are created under must have an MX record. To test this:
host -t mx domain
The IP address returned should be the IP (public or private) of your MTA. If it’s the public address, make sure that the Firewall is forwarding port 25 to the MTA. Continue reading “ZImbra troubleshooting incoming mail problems” »
Method 1
$ v-change-user-password admin newpassword
Method 2
$ passwd admin
Case I: if /boot is not 100% full and apt is working
1. Check the current kernel version
$ uname -r
It will shows the list like below:
3.19.0-64-generic
2. Remove the OLD kernels
2.a. List the old kernel
$ sudo dpkg --list 'linux-image*'|awk '{ if ($1=="ii") print $2}'|grep -v `uname -r`
You will get the list of images something like below:
linux-image-3.19.0-25-generic linux-image-3.19.0-56-generic linux-image-3.19.0-58-generic linux-image-3.19.0-59-generic linux-image-3.19.0-61-generic linux-image-3.19.0-65-generic linux-image-extra-3.19.0-25-generic linux-image-extra-3.19.0-56-generic linux-image-extra-3.19.0-58-generic linux-image-extra-3.19.0-59-generic linux-image-extra-3.19.0-61-generic
2.b. Now its time to remove old kernel one by one as Continue reading “Clean up boot partition – Ubuntu 14.04LTS-x64, Ubuntu 16.04LTS-x64” »
If you want to continue using an outdated release then edit /etc/apt/sources.list and change archive.ubuntu.com and security.ubuntu.com to old-releases.ubuntu.com.
You can do this with sed:
sudo sed -i -re 's/([a-z]{2}\.)?archive.ubuntu.com|security.ubuntu.com/old-releases.ubuntu.com/g' /etc/apt/sources.list
then update with:
sudo apt-get update && sudo apt-get dist-upgrade
Sometimes, it might be faster to create backups of your system and reinstall using supported release instead.
To use RHEL/CentOS 6 system as an iSCSI initiator or client, you must have iscsi-initiator-utils package installed. You can verify that this is installed on your system using the rpm command, as shown in the following example:
$ rpm -qa | grep iscsi-initiator-utils
Install the package if its not already available on your system using yum.
# yum install iscsi-initiator-utils
Start the iscsi demaon and use chkconfig to enable it to start after reboot as well.
# service iscsi start # chkconfig iscsi on
Once you have installed the required package and started the service you can start discovering the available targets. To Obtain a listing of available targets from a given host (please note that ipaddress listed below must be replaced with the resolvable hostname or IP address of the system providing the port if different than default):
# iscsiadm -m discovery -t st -p 192.168.10.10 192.168.10.10:3260,1 iqn.2010-03.com.example:tgtd
Continue reading “Configure iSCSI Initiator (client) in CentOS / RHEL 6” »
Device Mapper Multipathing (DM-Multipath) is a native multipathing in Linux, Device Mapper Multipathing (DM-Multipath) can be used for Redundancy and to Improve the Performance. It aggregates or combines the multiple I/O paths between Servers and Storage, so it creates a single device at the OS Level.
For example, Lets say a server with two HBA card attached to a storage controller with single ports on each HBA cards. One lun assigned to the single server via two wwn number of both cards. So OS detects two devices: /dev/sdb and /dev/sdc. Once we installed the Device Mapper Multipathing. DM-Multipath creates a single device with a unique WWID that reroutes I/O to those four underlying devices according to the multipath configuration. So when there is a failure with any of this I/O paths, Data can be accessible using the available I/O Path.
Install the Device Mapper Multipath package.
Verify the device-mapper-multipath package has been installed or not.
[root@linux1 ~]# rpm -q device-mapper-multipath
If it is not installed, Install the Device Mapper Multipath package using yum to avoid dependencies issue. if yum is not configured, please refer the link Yum Configuration on Linux.
[root@linux1 ~]# yum -y install device-mapper-multipath
Basic Configuration of Linux Device Mapper Multipathing
Configuration file is /etc/multipath.conf file, take a backup of it. Edit the configuration file to ensure you have the following entries uncommented out. Continue reading “Add Multipath and connect to XFS system” »
If you want to continue using an outdated release then edit /etc/apt/sources.list and change archive.ubuntu.com and security.ubuntu.com to old-releases.ubuntu.com.
You can do this with sed:
sudo sed -i -re 's/([a-z]{2}\.)?archive.ubuntu.com|security.ubuntu.com/old-releases.ubuntu.com/g' /etc/apt/sources.list
then update with:
sudo apt-get update && sudo apt-get dist-upgrade
Sometimes, it might be faster to create backups of your system and reinstall using supported release instead.
Allow IP forwarding
(Note: if your testing this on the same box your doing this on it won’t work, you need at least 3 machines to test this out, virtual ones work nicely)
First we enable ipv4 forwarding or this will not work:
# echo "1" > /proc/sys/net/ipv4/ip_forward
XOR
# sysctl net.ipv4.ip_forward=1
next we add a filter that changes the packets destination ip and allows us to masquerade:
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.3:80 # iptables -t nat -A POSTROUTING -j MASQUERADE
The above filter gets added to iptables PREROUTING chain. The packets first go through the filters in the PREROUTING chain before iptables decides where they go. The above filter says all packets input into eth0 that use tcp protocol and have a destination port 80 will have their destination address changed to 1.2.3.4 port 80. The DNAT target in this case is responsible for changing the packets Destination IP address. Variations of this might include mapping to a different port on the same machine or perhaps to another interface all together, that is how one could implement a simple stateful vlan (in theory). Continue reading “Stateful Load Balancer with iptables and NAT” »
For example, you need to assign the IP range 192.168.10.6 – 192.168.10.100 to your eth0 interface.
Create a range file in /etc/sysconfig/network-scripts/ifcfg-eth0-range0 as below
DEVICE=eth0 BOOTPROTO=static IPADDR_START=192.168.10.6 IPADDR_END=192.168.10.100 NETMASK=255.255.255.0 CLONENUM_START=1 ONBOOT=yes TYPE=Ethernet
CLONENUM_START is the number that will be assigned to the first IP alias interface (eth0:1 in this example).
If you need to add more ranges of IPs then just use a different file for eg. ifcfg-eth0-range1, for each one of the ranges. Make sure CLONENUM_START does not overwrite other aliases.
Once you have configured the range/s of IPs you just need to restart the network service in order to activate it