Understanding NAT, Direct Routing & Tunneling Rumi, May 3, 2016 Virtual Server via NAT The advantage of the virtual server via NAT is that real servers can run any operating system that supports TCP/IP protocol, real servers can use private Internet addresses, and only an IP address is needed for the load balancer. The disadvantage is that the scalability of… Continue Reading
Testing Freeradius of Pfsense Rumi, April 4, 2016April 4, 2016 FreeRADIUS offers an easy to use command line tool to check if the server is running and listening to incoming requests. Aninterface, a NAS/Client and a user must all be configured: Add a User with the following configuration:Username: testuser Password: testpassword Add a Client/NAS with the following configuration:IP-Address: 127.0.0.1 Shared… Continue Reading
TeamViewer for Headless Linux Unattended System Access Rumi, March 20, 2016 Googled for hours, couldn’t found a solid documentation on this. After many different stitching material- prepared a little moderate installation (at least it worked for me). My Linux OS is Debian 8.x- believe should work in other debian version and Ubuntu as well. But, before continuing this, make sure- You have… Continue Reading
NFS fix on LXC Host Server Rumi, March 17, 2016July 28, 2018 NFS client on LXC seems do not work. Why? The problem is apparmor on the real machine that block any appempt to mount NFS volumes. In order to try to minimize the security changes on apparmor I add the following lines in/etc/apparmor.d/lxc/lxc-default # allow nfs mount everywhere mount fstype=rpc_pipefs, mount… Continue Reading
Remote Administering pfsense Rumi, March 15, 2016 To open the firewall GUI up completely, create a firewall rule to allow remote firewall administration – do not create a port forward or any other NAT configuration. Example Firewall Rule Setup Firewall > Rules, WAN Tab Action: pass Interface: WAN Protocol: TCP Source: Any (or restrict by IP/subnet) Destination:… Continue Reading
Reverse Proxy with Caching Rumi, February 15, 2016 A Sample Nginx Reverse proxy configuration- an alternative to Varnish cache (kind of more simplistic)- user www-data; worker_processes 4; pid /var/run/nginx.pid; events { worker_connections 768; # multi_accept on; } http { proxy_cache_path /cache levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g; server { location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host; proxy_cache STATIC; proxy_cache_valid… Continue Reading
Reinstalling MySQL on CentOS/Redhat 6 Rumi, February 7, 2016 Some time we faces issues with MySQL installation on Linux machine. If we simply remove MySQL packages and re-install doesn’t fixes the issue, in that case old settings may still exists on server which again affects new install. In that case first uninstall MySQL completely from system and erase all… Continue Reading
Simple failover cluster using UCARP on Ubuntu (Heartbeat Alternative) Rumi, January 24, 2016 In this tutorial, I’ll show you the steps to create a simple failover cluster on Ubuntu using CARP. To make the things meaningful,we’ll create the cluster for Apache service but you can use it for any other service, which relay on IP. Scenario: Here is my Setup: PrimarySrv: This is the… Continue Reading
Linux Tune Network Stack (Buffers Size) To Increase Networking Performance Rumi, December 23, 2015 By default the Linux network stack is not configured for high speed large file transfer across WAN links. This is done to save memory resources. You can easily tune Linux network stack by increasing network buffers size for high-speed networks that connect server systems to handle more network packets. The… Continue Reading
How to Encrypt VNC Traffic with Putty Rumi, December 9, 2015 By default, VNC is not secure protocol.VNC uses encryption during initial connection and login (passwords are not sent in plain-text). Once, we connected then all the VNC data is unencrypted and hacker could sniff our VNC session. It is better (safer) to start VNC server only on 127.0.0.1(localhost) and tunnel it… Continue Reading