Squid as Transparent Proxy on CentOs 6.4

In this tutorial I am going to configure squid acting as transparent proxy what does it means? It means we have no part of configurations on the client end, just to setup squid in transparent proxy mode so it will sits between client and internet. And redirect their port 80 requests to 3128 port which is default squid port. Here the simple steps which you need to perform on squid server.

Lab Environment: 

  • CetnOs 6.4 (as squid transparent proxy server), Hostname = pxy.lintut.com
  • eth0 : (Connected to Internet) IP = 192.168.1.211/24, Gateway = 192.168.1.1 and DNS = 8.8.8.8
  • eth1 : (Connected to LAN) IP = 10.0.0.1/24, and DNS = 172.0.0.1
  • Xp Pro SP3 (Client PC for testing). Hostname = xp1.lintut.com IP = 10.0.0.11/8, Gateway = 10.0.0.1(squid Server’s IP) and DNS = 10.0.0.3

Step-1 Installing squid packages.

yum install squid -y

Step-2 Edit squid configuration file ‘/etc/squid/squid.conf’. Continue reading “Squid as Transparent Proxy on CentOs 6.4” »

Share

How to define outgoing firewall rules on pFSense

LAN rules are defining rights to access internet services from your local network. So, if you block port 80 and 443 nobody from your LAN will be able to access internet. WAN rules are defining access to the resources in your LAN (or DMZ) from the internet. In this short LAB we`ll be defining LAN rules. Let’s say we want to block access to the port 443 from our local network.

My blog is on port 443, so after defining this rule we should not be able to access my blog from LAB network (or any other HTTPS secured website for that matter)

Login to your pFSense configuration via web browser – mine is is still located on http://10.20.20.1/

Select Firewall | Rules

Continue reading “How to define outgoing firewall rules on pFSense” »

Share

Join Several Partition Together To Form a Single Larger One On a Linux Using mhddfs

The easiest and fastest solution is to use mhddfs driver on Linux operating systems. It is a fuse-based file system for unifying several mount points into one. 

The mhddfs (fuse) file system allows to unite a several mount points (or directories) to the single one. So a one big filesystem is simulated and this makes it possible to combine a several hard drives or network file systems. This system is like unionfs but it can choose a drive with the most of free space, and move the data between drives transparently for the applications. While writing files they are written to a 1st hdd until the hdd has the free space (see mlimit option), then they are written on a 2nd hdd, then to 3rd etc. df will show a total statistics of all filesystems like there is a big one hdd. If an overflow arises while writing to the hdd1 then a file content already written will be transferred to a hdd containing enough of free space for a file. The transferring is processed on-the-fly, fully transparent for the application that is writing. So this behaviour simulates a big file system.

In this tutorial you will learn how to install and configure MHDDFS virtual storage pool on a Linux operating systems.

Our sample setup
For demo purpose I’ve three hard disks drive /dev/sdb1, /dev/sdc1, and /dev/sdd1 as follows: Continue reading “Join Several Partition Together To Form a Single Larger One On a Linux Using mhddfs” »

Share

How to Setup a Multi-Protocol VPN Server Using SoftEther

SoftEther VPN is one of the world’s most powerful and easy-to-use multi-protocol VPN software, made by the good folks at the University of Tsukuba, Japan. It runs on Windows, Linux, Mac, FreeBSD and Solaris and is freeware and open-source. You can use SoftEther for any personal or commercial use free of charge.

Step 1: Create a Virtual Server

First, you need to create a DigitalOcean Droplet. As mentioned in SoftEther’s website, SoftEther will work on almost every Linux distro with kernel v2.4 or above,; however it’s recommended to choose one of these distributions: CentOS, Fedora, or Red Hat Enterprise Linux.

Personally I have tried it on Ubuntu, CentOS and Fedora, both 32 and 64 bit editions, and it has worked perfectly.

Step 2: Update your Server Software

Using the command below, update and upgrade your server software packages to the latest version:

Debian / Ubuntu:

apt-get update && apt-get upgrade

CentOS / Fedora:

yum upgrade

Step 3: Download SoftEther

You can download the latest SoftEther server package for Linux from their website:

Download SoftEther

Unfortunately, there is no way of getting the latest version through package managers (or even using a single url) at the moment. Therefore you have to browse their website using a desktop browser to download the package. There are a couple of ways of dealing with this: First, browse their website on your own computer and then depending on your server configuration (OS, x86/x64, etc.) find the link to the appropriate package then use wget to download the package to your server. Alternatively, you can use a terminal based web browser such as lynx to browse the SoftEther website and download the right package. Continue reading “How to Setup a Multi-Protocol VPN Server Using SoftEther” »

Share

Install and integrate DKIM with OpenDKIM and Postfix on a CentOS 6

UPDATE THE SYSTEM

Before going any further, make sure you’re in a screen session and your system is fully up-to-date by running:

## screen -U -S opendkim-screen
## yum update

ENABLE EPEL REPOSITORY

OpenDKIM is available in the EPEL repository, so we need to enable it on the system before we can install OpenDKIM

## wget -P /tmp http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm
## rpm -Uvh /tmp/epel-release-6-8.noarch.rpm
## rm -f /tmp/epel-release-6-8.noarch.rpm

INSTALL OPENDKIM

Install the package using yum:

## yum install opendkim

CONFIGURE OPENDKIM

Next thing to do is to configure OpenDKIM. Its main configuration file is located in /etc/opendkim.conf, so before making any changes create a backup and add/edit the following: Continue reading “Install and integrate DKIM with OpenDKIM and Postfix on a CentOS 6” »

Share

Setup a Site to Site IPsec VPN With Strongswan and PreShared Key Authentication

Today we will setup a Site to Site ipsec VPN with Strongswan, which will be configured with PreShared Key Authentication.

After our tunnels are established, we will be able to reach the private ips over the vpn tunnels.

Get the Dependencies:
Update your repository indexes and install strongswan:

$ apt update && sudo apt upgrade -y
$ apt install strongswan -y

Set the following kernel parameters:

$ cat >> /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 1 
net.ipv4.conf.all.accept_redirects = 0 
net.ipv4.conf.all.send_redirects = 0
EOF

$ sysctl -p /etc/sysctl.conf

Generate Preshared Key:
We will need a preshared key that both servers will use: Continue reading “Setup a Site to Site IPsec VPN With Strongswan and PreShared Key Authentication” »

Share

SCP Command Syntax

Before going into how to use the scp command, let’s start by reviewing the basic syntax. The scp utility expressions take the following form:

scp [OPTION] [user@]SRC_HOST:]file1 [user@]DEST_HOST:]file2

OPTION – scp options such as cipher, ssh configuration, ssh port, limit, recursive copy ..etc
[user@]SRC_HOST:]file1 – Source file.
[user@]DEST_HOST:]file2 – Destination file
Local file should be specified using an absolute or relative path while remote file names should include a user and host specification.

scp provides a number of options that control every aspect of its behavior. The most widely used options are:

-P Specifies the remote host ssh port.
-p Preserves files modification and access times.
-q Use this option if you want to suppress the progress meter and non-error messages.
-C. This option will force scp to compresses the data as it is sent to the destination machine.
-r This option will tell scp to recursively copy directories. Continue reading “SCP Command Syntax” »

Share

Configure Apache With Self-Signed TLS/SSL Certificate on Ubuntu 16.04

Step 1: Generating the certificate

First, let’s create a place to store the file.

mkdir ~/certificates
cd ~/certificates

Generate CSR and private key.

openssl req -x509 -newkey rsa:4096 -keyout apache.key -out apache.crt -days 365 -nodes

It will ask for information for the certificate request. Complete with the appropriate information.

Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: FL
Locality Name (eg, city) []: Miami
Organization Name (eg, company) [My Company]: My Company
Organizational Unit Name (eg, section) []:

Common name should be your domain name or the server’s IP address. Also, fill in your email. Continue reading “Configure Apache With Self-Signed TLS/SSL Certificate on Ubuntu 16.04” »

Share

Upgrade PHP version to 7.2 from 7.0 on Ubuntu 16.04

Check your PHP version installed

Before we start, we can simply type the following command to check the existing PHP version installed on the server.

$ php -v

If you installed Ubuntu 16.04 LTS, you will get PHP 7.0.30 installed on your server by running installation script from VestaCP. In this tutorial, we will upgrade our PHP version to 7.2 to enjoy more features and bug fixes.

Check your PHP modules installed

To check installed PHP modules in Ubuntu, type the following command (as Ubuntu makes PHP modules available via packages):

$ dpkg — get-selections | grep -v deinstall | grep php7.0

Remember mark installed modules list, as you need to install them again after upgraded to PHP 7.2. We don’t need to install mcrypt as it has been dropped from PHP 7.2.

In this tutorial, we need to install those modules again: Continue reading “Upgrade PHP version to 7.2 from 7.0 on Ubuntu 16.04” »

Share