Allow Ping on PFSense WAN interface

This article shows you how to allow ##ping## on the WAN side of your pfSense firewall. By default, ping to WAN address is disabled on pfSense for security reason. However, you may want to allow ping for different reasons, here is how:

# Login to pfSense
# Open Firewall > Rules.


# Change Interface to wAN.
# Change Protocol to ICMP. Continue reading “Allow Ping on PFSense WAN interface” »

Share

Install Percona Monitoring and Management using Docker

You can any distribution for installation- Rocky/Alma/CentoS 8 Stream. I assume you’ll use anyone of these instance.

Step 1: Add Docker Repository

Docker is not yet available on default repositories. Thankfully, an official repository has been provided by developers and we are going to add it first to the system. On your terminal, run the following command to add the Docker repository

$ sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo

Step 2: Install Docker in Rocky Linux/AlmaLinux

Moving on, we are going to install the Docker community edition which is freely available for download and use. But first, update the packages.

$ sudo dnf update

Next, run the command below to install Docker CE, the command-line interface (CLI), and other essential tools and dependencies. Continue reading “Install Percona Monitoring and Management using Docker” »

Share

Remove DNSCACHE from zimbra services.

If you will get a prompt stating something like “Port conflict detected: 53 (zimbra-dnscache)” with a prompt to hit ENTER to continue, you can just hit enter and let the installation/upgrade run out. Once everything is running, you will see that the Zimbra DnsCahe service is in a stopped state. To fix this error, all you have to do is

# zmcontrol status
# zmprov ms `zmhostname` -zimbraServiceEnabled dnscache
# zmprov ms `zmhostname` -zimbraServiceInstalled dnscache
# zmcontrol status

You will see that the service is removed from Zimbra’s Services.

[zimbra@mail root]$ zmcontrol status
Host mail.server.lan
amavis Running
antispam Running
antivirus Running
ldap Running
logger Running
mailbox Running
memcached Running
mta Running
opendkim Running
proxy Running
service webapp Running
snmp Running
spell Running
stats Running
zimbra webapp Running
zimbraAdmin webapp Running
zimlet webapp Running
zmconfigd Running
Share

Install MySQL 5.7 on CentOS 7

Preqrequsite:

It’s better to have installed development tools and disable NetworkManager for a produciton envrionment. You can optionally follow the steps-

Disabling NetworkManager:

systemctl stop NetworkManager
systemctl disable NetworkManager

Install Development Tools:

yum group install "Development Tools"

Remove MariaDB pre-installed libraries-

yum -y remove mariadb-libs

Enable MySQL Repository

First of all, You need to enable MySQL 5.7 community release yum repository on your system. The rpm packages for yum repository configuration are available on MySQL’s official website.

First of all, import the latest MySQL GPG key to your system.

sudo rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022

Now, use one of the below commands to configure the Yum repository as per your operating system version. Continue reading “Install MySQL 5.7 on CentOS 7” »

Share

Postfix SMTP Rotating IP using IPTables

I got 5 Public IPs. i’m Gonna configure them, so Postfix can use multiple interfaces/ips for outgoing smtp connections.

First we need creating Interface aliases for those 5 public IPs.

In my system, using centos:

# cd /etc/sysconfig/network-scripts/
# cp ifcfg-eth0 ifcfg-eth0:1
Edit ifcfg-eth0:1
# vi ifcfg-eth0\:1
DEVICE=eth0 <-- default device
HWADDR=XX:XX:XX:XX:XX:XX
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
IPADDR=202.XXX.XX.2 <-- default eth0 IP address
PREFIX=24
GATEWAY=202.XXX.XX.1
DNS1=202.XXX.XX.XX

Change DEVICE and IPADDR parameters Continue reading “Postfix SMTP Rotating IP using IPTables” »

Share

vestacp open: /etc/named.conf: permission denied

This was the error I was getting after a doing a little change in the named.conf in my newly installed vesta control panel. While restarting the named, I was getting this error-

[root@vesta2 ~]# systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2022-08-01 14:37:25 +06; 6s ago
Process: 3478 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=1/FAILURE)
Process: 3475 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)

Aug 01 14:37:25 vesta2.geospacehosting.com named[3480]: found 2 CPUs, using 2 worker threads
Aug 01 14:37:25 vesta2.geospacehosting.com named[3480]: using 1 UDP listener per interface
Aug 01 14:37:25 vesta2.geospacehosting.com named[3480]: using up to 21000 sockets
Aug 01 14:37:25 vesta2.geospacehosting.com named[3480]: loading configuration from '/etc/named.conf'
Aug 01 14:37:25 vesta2.geospacehosting.com named[3480]: open: /etc/named.conf: permission denied
Aug 01 14:37:25 vesta2.geospacehosting.com named[3480]: loading configuration: permission denied
Aug 01 14:37:25 vesta2.geospacehosting.com systemd[1]: named.service: control process exited, code=exited status=1
Aug 01 14:37:25 vesta2.geospacehosting.com systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
Aug 01 14:37:25 vesta2.geospacehosting.com systemd[1]: Unit named.service entered failed state.
Aug 01 14:37:25 vesta2.geospacehosting.com systemd[1]: named.service failed.

Solution:

Step-1: Execute the following command-

restorecon -RFv /etc/named.conf

Step-2: Setting permission-

chmod 644 /etc/named.conf
Share

Observium Installer Script on Ubuntu 20.04 or Debian 11

Automated Installation

Observium has an automated install script for use on Ubuntu and Debian systems. Using the automated installation script is as easy as downloading it, running it and answering a few simple questions, start with:

wget http://www.observium.org/observium_installscript.sh
chmod +x observium_installscript.sh
./observium_installscript.sh

You may need to install wget on bare installations

apt install wget

For manual installation you may read the link below-

https://docs.observium.org/install_debian/#manual-installation

Share

Enabling Ping requests to OCI Instance

If you want to test with Ping requests you’ll need to modify the Ingress rules on the security list associated with the VCN, Subnet, network device, thing, what ever, to allow ICMP packets. Allowing ICMP traffic is not required, it’s an option. Please only take this option if you understand the possible impact. The following directions cover enabling ICMP requests for a subnet. Continue reading “Enabling Ping requests to OCI Instance” »

Share

Generating an SSH Key Pair on Windows Using the PuTTYgen and use it on OCI with machine instance

The PuTTYgen program is part of PuTTY, an open source networking client for the Windows platform.
To generate an SSH key pair on Windows using the PuTTYgen program:

  1. Download and install PuTTY or PuTTYgen.To download PuTTY or PuTTYgen, go to http://www.putty.org/ and click the You can download PuTTY here link.
  2. Run the PuTTYgen program.The PuTTY Key Generator window is displayed.
  3. Set the Type of key to generate option to SSH-2 RSA.
  4. In the Number of bits in a generated key box, enter 2048.
  5. Click Generate to generate a public/private key pair.As the key is being generated, move the mouse around the blank area as directed. (Optional) Enter a passphrase for the private key in the Key passphrase box and reenter it in the Confirm passphrase box.
  6. Click Save private key to save the private key to a file. To adhere to file-naming conventions, you should give the private key file an extension of .ppk (PuTTY private key). Note: The .ppk file extension indicates that the private key is in PuTTY’s proprietary format. You must use a key of this format when using PuTTY as your SSH client. It cannot be used with other SSH client tools. Refer to the PuTTY documentation to convert a private key in this format to a different format.
  7. Select all of the characters in the Public key for pasting into OpenSSH authorized_keys file box.Make sure you select all the characters, not just the ones you can see in the narrow window. If a scroll bar is next to the characters, you aren’t seeing all the characters.


    Example-

    ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA0Bp2Pf+u2KfbackWAjOYbtT1Ub8oLhWFrAShUqXk5QjDZI2K/p8y/9sY3S9bNJThWvdFFsY7EjQZmiEL1vlj+/AaZ3/Ht3/WHR9R6zOeEr3nDxoN13jVZH9QU0a7028xf2R35Y4a3CI3TOCUPnvJN2B38rZ9Ruz/HMjOrEit7PhKSJ2OD2xdqVHI3lDXQ75aO1r79kC3lYL7PD+R0zHjtj0ugwbd97SUB02T85yjeJelBfHFni62vC+MF9bo0h0ZMKqP1PYKhxkgYTv+vK+ZxNoLgNOeTDf8HDvkHBuSTnuJL5tF8VEakIJ2uK9ht8uSKtQcNcrmtTmYlIcCI6THOw== rsa-key-20220629
  8. Right-click somewhere in the selected text and select Copy from the menu.
  9. Open a text editor and paste the characters, just as you copied them. Start at the first character in the text editor, and do not insert any line breaks.
  10. Save the text file in the same folder where you saved the private key, using the .pub extension to indicate that the file contains a public key.
    1. If you or others are going to use an SSH client that requires the OpenSSH format for private keys (such as the ssh utility on Linux), export the private key:On the Conversions menu, choose Export OpenSSH key.
    2. Save the private key in OpenSSH format in the same folder where you saved the private key in .ppk format, using an extension such as .openssh to indicate the file’s content.
Share