≡ Menu

linux distro

Linux: 20 Iptables Examples For New SysAdmins

Linux comes with a host based firewall called Netfilter. According to the official project site:

netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.

This Linux based firewall is controlled by the program called iptables to handles filtering for IPv4, and ip6tables handles filtering for IPv6. I strongly recommend that you first read our quick tutorial that explains how to configure a host-based firewall called Netfilter (iptables) under CentOS / RHEL / Fedora / Redhat Enterprise Linux. This post list most common iptables solutions required by a new Linux user to secure his or her Linux operating system from intruders.
[click to continue…]

Most Linux distro can not display multilingual text on the console / shell prompt by default. There is a small hack which allows you to display other languages such as Hindi, Chinese, Korean, Japanese etc text on the prompt.

You need to use the bterm application, which is a terminal emulator that displays to a Linux frame buffer. It is able to display Unicode text on the console.

First, enable framebuffer by editing grub.conf file, enter:
# vi /etc/grub.conf
# vi /boot/grub/menu.lst
Find kernel line and append "vga=0x317" parameter:
kernel /vmlinuz-2.6.18-92.1.1.el5 ro root=LABEL=/ console=tty0 console=ttyS1,19200n8 vga=0x317
Save and close the file. Next, you need to install bterm - a unicode capable terminal program for the Linux frame buffer. Type the following command to install it under Fedora / RHEL / Cent OS Linux, enter:
# yum install bogl-bterm
If you are using Debian / Ubuntu Linux, enter:
$ sudo apt-get install bogl-bterm
Now reboot your Linux desktop / workstation so that kernel can create /dev/fb0. To use multilingual text on the console, type the command bterm, enter:
$ /usr/bin/bterm

Recommended Readings:

Get Free Interactive Shell Access to Linux / BSD and UNIX Like Operating Systems

From my mail bag:

Where can I get free interactive access to HP-UX or Linux distro or UNIX shell access?

You can simply grab and try out any Linux / BSD / Solaris Live CD. However, some time you cannot install and use particular UNIX like os. So, if you want to try the latest technologies over the Internet? Try HP TestDrive program:

This program allows you to testdrive some of the hottest hardware and operating systems available today. Have you ever wanted to try out HP's exciting 64-bit Integrity and PA-RISC technology? Get time on SMP x86 and Opteron ProLiant servers? Try out a Blade server. Try different Open Source operating systems such as FreeBSD, Suse, Redhat, Debian and other Linux distributions.

This program is perfect for students and new users to try out and learn basis of UNIX. You can also try and test your C/C++ programs using latest Intel compilers. It is intended for those users who want to sample the 32- and 64-bit servers running a variety of HP, UNIX, Linux and third-party operating systems and applications.

=> HP Test Drive Program [hp.com]

You can easily mount remote server file system or your own home directory using special sshfs and fuse tools.

FUSE - Filesystem in Userspace

FUSE is a Linux kernel module also available for FreeBSD, OpenSolaris and Mac OS X that allows non-privileged users to create their own file systems without the need to write any kernel code. This is achieved by running the file system code in user space, while the FUSE module only provides a "bridge" to the actual kernel interfaces. FUSE was officially merged into the mainstream Linux kernel tree in kernel version 2.6.14.

You need to use SSHFS to access to a remote filesystem through SSH or even you can use Gmail account to store files.

Following instructions are tested on CentOS, Fedora Core and RHEL 4/5 only. But instructions should work with any other Linux distro without a problem.

Step # 1: Download and Install FUSE

Visit fuse home page and download latest source code tar ball. Use wget command to download fuse package:
# wget http://superb-west.dl.sourceforge.net/sourceforge/fuse/fuse-2.6.5.tar.gz
Untar source code:
# tar -zxvf fuse-2.6.5.tar.gz
Compile and Install fuse:
# cd fuse-2.6.5
# ./configure
# make
# make install

Step # 2: Configure Fuse shared libraries loading

You need to configure dynamic linker run time bindings using ldconfig command so that sshfs command can load shared libraries such as libfuse.so.2:
# vi /etc/ld.so.conf.d/fuse.conf
Append following path:
Run ldconfig:
# ldconfig

Step # 3: Install sshfs

Now fuse is loaded and ready to use. Now you need sshfs to access and mount file system using ssh. Visit sshfs home page and download latest source code tar ball. Use wget command to download fuse package:
# wget http://easynews.dl.sourceforge.net/sourceforge/fuse/sshfs-fuse-1.7.tar.gz
Untar source code:
# tar -zxvf sshfs-fuse-1.7.tar.gz
Compile and Install fuse:
# cd sshfs-fuse-1.7
# ./configure
# make
# make install

Mounting your remote filesystem

Now you have working setup, all you need to do is mount a filesystem under Linux. First create a mount point:
# mkdir /mnt/remote
Now mount a remote server filesystem using sshfs command:
# sshfs vivek@rock.nixcraft.in: /mnt/remote

  • sshfs : SSHFS is a command name
  • vivek@rock.nixcraft.in: - vivek is ssh username and rock.nixcraft.in is my remote ssh server.
  • /mnt/remote : a local mount point

When promoted supply vivek (ssh user) password. Make sure you replace username and hostname as per your requirements.

Now you can access your filesystem securely using Internet or your LAN/WAN:
# cd /mnt/remote
# ls
# cp -a /ftpdata . &

To unmount file system just type:
# fusermount -u /mnt/remote
# umount /mnt/remote

Further readings:

How to setup Linux as a router for DSL, T1 line etc

There are a few ways to set up a Linux machine as route. Here is a relatively straight forward and common method. This method requires that the system use iptables for Network Address Translation (NAT).

This step by step small howto will help you to setup Linux router only in 2 minutes.

Configuration steps

=> First enable packet forwarding
=> Next setup Network Address Translation using IPTABLES MASQUERADE targets
=> Save the changes
=> Verify everything is working

I'm assuming that your setup is as follows:
A) You are using any Linux distro

B) eth0 is internet interface (connected to router for example) and eth1 connected to your internal lan (connected to your HUB/Switch for example).

My Linux   eth0  --> Internet
box       eth1  --> Lan

Step # 1 Turn on ip forwarding in kernel

1) Open linux kernel configuration file (you must be a root user or use su - command to become a root user):
# vi /etc/sysctl.conf

2) Add/modify following line:
net.ipv4.ip_forward = 1

Step # 2 Restart network
# /etc/init.d/network restartOR# service network restart

Step # 3 Setup IP forwarding and Masquerading (to act as router), you need to use NAT option of iptables as follows (add following rules to your iptables shell script) :
# iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
# iptables --append FORWARD --in-interface eth1 -j ACCEPT

Step # 4 You are done! Test it with ping or dig:
# ping your-isp.com
# dig yahoo.com

Step # 5 Point all desktop client to your eth1 IP address as Router/Gateway. Or use DHCP to distribute this information (recommended)

Step # 6 Put code described in step # 3 to script and call it from /etc/rc.local file.