How to setup Linux as a router for DSL, T1 line etc

Posted on in Categories Howto, Iptables, Linux, Networking, RedHat/Fedora Linux, Tips, Ubuntu Linux last updated November 23, 2004

There are a few ways to set up a Linux machine as route. Here is a relatively straight forward and common method. This method requires that the system use iptables for Network Address Translation (NAT).

This step by step small howto will help you to setup Linux router only in 2 minutes.

Configuration steps

=> First enable packet forwarding
=> Next setup Network Address Translation using IPTABLES MASQUERADE targets
=> Save the changes
=> Verify everything is working

I’m assuming that your setup is as follows:
A) You are using any Linux distro

B) eth0 is internet interface (connected to router for example) and eth1 connected to your internal lan (connected to your HUB/Switch for example).

My Linux   eth0  --> Internet
box       eth1  --> Lan

Step # 1 Turn on ip forwarding in kernel

1) Open linux kernel configuration file (you must be a root user or use su – command to become a root user):
# vi /etc/sysctl.conf

2) Add/modify following line:
net.ipv4.ip_forward = 1

Step # 2 Restart network
# /etc/init.d/network restartOR# service network restart

Step # 3 Setup IP forwarding and Masquerading (to act as router), you need to use NAT option of iptables as follows (add following rules to your iptables shell script) :
# iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
# iptables --append FORWARD --in-interface eth1 -j ACCEPT

Step # 4 You are done! Test it with ping or dig:
# ping your-isp.com
# dig yahoo.com

Step # 5 Point all desktop client to your eth1 IP address as Router/Gateway. Or use DHCP to distribute this information (recommended)

Step # 6 Put code described in step # 3 to script and call it from /etc/rc.local file.

How to: Troubleshoot UNIX / Linux BIND DNS server problems

Posted on in Categories BIND Dns, CentOS, Debian Linux, FreeBSD, Gentoo Linux, GNU/Open source, Howto, Linux, OpenBSD, RedHat/Fedora Linux, Suse Linux, Sys admin, Troubleshooting, Tuning, UNIX last updated November 19, 2004

BIND is the Berkeley Internet Name Domain, DNS server. It is wildly used on UNIX and Linux like oses. You can use following tools to troubleshoot bind related problems under UNIX or Linux oses.

Task: Port 53 open and listing requests

By default BIND listen DNS queries on port 53. So make sure port 53 is open and listing user requests. by running any one of the following tests. See if you can telnet to port 53 from remote computer:
$ telnet remote-server-ip 53
OR
telnet ns1.nixcraft.org domain
Output:

Trying 192.168.0.5...
Connected to ns1.nixcraft.org.
Escape character is '^]'.

If you cannot connect make sure firewall is not blocking your requests. Next use netstat command to list open and listing port 53 on server itself:
$ netstat -tulpn | grep :53
OR
# netstat -atve
Output:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode
tcp        0      0 ns1.nixcraft.org:domain *:*                     LISTEN      named      10386
tcp        0      0 rhx.test.com:domain     *:*                     LISTEN      named      10384
tcp        0      0 *:ssh                   *:*                     LISTEN      root       1785
tcp        0      0 rhx.test.com:rndc       *:*                     LISTEN      named      10388
tcp        0      0 rhx.test.com:smtp       *:*                     LISTEN      root       1873
tcp        0      0 ns1.nixcraft.org:ssh    w2k.nixcraft.org:1057   ESTABLISHED root       10501
tcp        0      0 rhx.test.com:32773      rhx.test.com:domain     TIME_WAIT   root       0
tcp        0      0 ns1.nixcraft.org:32775  ns1.nixcraft.org:domain TIME_WAIT   root       0
tcp        0      0 rhx.test.com:32774      rhx.test.com:domain     TIME_WAIT   root       0

Make sure iptables firewall is not blocking request on server:
# iptables -L -n
OR
# iptables -L -n | less
Make sure named is running:
# /etc/init.d/named status
If not start named:
# chkconfig named on
# service named start

Task: Use log files

You can use log files after starting/restarting bind to see error messages:
# tail –f /var/log/message
Output:

Nov 17 16:50:25 rhx named[3539]: listening on IPv4 interface lo, 127.0.0.1#53
Nov 17 16:50:25 rhx named[3539]: listening on IPv4 interface eth0, 192.168.0.5#53
Nov 17 16:50:25 rhx named[3539]: command channel listening on 127.0.0.1#953
Nov 17 16:50:25 rhx named[3539]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
Nov 17 16:50:25 rhx named[3539]: nixcraft.org.rev:1: no TTL specified; using SOA MINTTL instead
Nov 17 16:50:25 rhx named[3539]: zone 0.168.192.in-addr.arpa/IN: loaded serial 12
Nov 17 16:50:25 rhx named[3539]: zone localhost/IN: loaded serial 42
Nov 17 16:50:25 rhx named[3539]: zone nixcraft.org/IN: loaded serial 12
Nov 17 16:50:25 rhx named[3539]: running

Task: Check zone file for errors

You can check zone file syntax and /etc/named.conf file using following utilities. named-checkconf command is named (BIND) configuration file syntax checking tool.
# named-checkconf /etc/named.conf
Output:

/etc/named.conf:32: missing ';' before 'zone'

Plesse note that if named-checkconf did not find any errors it will not display in output on screen.

Check zone file syntax for errors. named-checkzone is zone file validity checking tool. named-checkzone checks the syntax and integrity of a zone file. It performs the same checks as named does when loading a zone. This makes named checkzone useful for checking zone files before configuring them into a name server.
# named-checkzone localhost /var/named/localhost.zone
OR
#named-checkzone nixcraft.org /var/named/nixcraft.org.zone
Output:

zone nixcraft.org/IN: loaded serial 12
OK

Task: Testing BIND/DNS with utilities

You can use host and dig utilties to test your bind configuration.

  • host: host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa.
  • dig: dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.

List IP address associated with host names:
# host nixcraft.org
OR
# host www
Output:

www.nixcraft.org has address 192.168.0.6

Perform a zone transfer for zone name using -l option:
# host -l nixcraft.org

nixcraft.org SOA ns1.nixcraft.org. admin.nixcraft.org. 12 10800 900 604800 86400
nixcraft.org name server ns1.nixcraft.org.
nixcraft.org mail is handled by 10 mail.nixcraft.org.
nixcraft.org has address 192.168.0.5
gw.nixcraft.org has address 192.168.0.254
mail.nixcraft.org has address 192.168.0.7
ns1.nixcraft.org has address 192.168.0.5
w2k.nixcraft.org has address 192.168.0.1
www.nixcraft.org has address 192.168.0.6
nixcraft.org SOA ns1.nixcraft.org. admin.nixcraft.org. 12 10800 900 604800 86400

Other examples
# dig mail.nixcraft.org
# dig 192.168.0.5

Linux: Burn multi session CDs on Linux

Posted on in Categories CentOS, Debian Linux, File system, Gentoo Linux, Hardware, Howto, Linux, Linux desktop, RedHat/Fedora Linux, Suse Linux, Ubuntu Linux last updated July 8, 2004

Under Linux you can use tool called cdrecored (use to record audio or data Compact Discs) with mkisofs (use to create an hybrid SO9660/JOLIET/HFS filesystem with optional Rock Ridge attributes ) for this purpose.

Step #1: Create first session as follows

1) Create an iso image first:

# mkisofs -R -o /tmp/cd.iso /backup/06-07-2004/

Where,

  • -R : Uses Rock Ridge naming convention/attributes
  • -o : Name of new iso file (cd.iso)
  • /backup/06-07-2004/ : Everything in /backup/06-07-2004/ will be put into cd.iso file

2) Burning the disk (or an ISO image) for first session:

# cdrecord -dev=0,0,0 -multi -data -v -eject -speed=4 /tmp/cd.iso

Where,

  • -dev=0,0,0 : device number (tip you can use cdrecord -scanbus command to get this number)
  • -multi : Start multi session disk
  • -data : This option required for HP and Sony CD Writer only.
  • -v : Verbose i.e show info while burning the disk
  • -eject : Ejects the CD when done
  • -speed=4 : Write speed (4x)
  • cd.iso : Name of image being burned

3) Mount cdrom and see the contains:

# mount /mnt/cdrom
# ls /mnt/cdrom
# rm -f /tmp/cd.iso

OR< pre># mount /dev/hda /mnt/cdrom; ls /mnt/cdrom; rm -f /tmp/cd.iso
4) You can also verify that how many sessions written so far:

# umount /mnt/cdrom
# cdrecord -dev=0,0,0 -toc

Where,

  • -dev=0,0,0 : Device number
  • -toc : Retrieve and print out the table of content

Step #2: Burning the disk (or ISO image) for next session

Next session is bit tricky. You need to specify last sessions starting and ending sector numbers this information can be obtained from the following command:

# cdrecord -dev=0,0,0 -msinfo

Output:

0,11063

1) Create next session ISO file:

# mkisofs -o /tmp/ses2.iso -R -V session2 -C $(cdrecord -dev=0,0,0 =msinfo)
-M 0,0,0 /backup/07-07-2004

Where,

  • -C $(cdrecord -dev=0,0,0 –msinfo) : This option is needed when mkisofs is used to create the image of a second session or a higher level session for a multi session disk
  • -M 0,0,0 : Specifies path to existing iso9660 image to be merged.

2) Burning the disk (or an ISO image) for second session:

# cdrecord -dev=0,0,0 -multi -data -v -eject -speed=4 /tmp/ses2.iso

3) Mount cdrom and see the contains:

# mount /mnt/cdrom; ls /mnt/cdrom; rm -f /tmp/ses2.iso

OR

# mount /dev/hda  /mnt/cdrom; ls /mnt/cdrom; rm -f /tmp/ses2.iso

Note: When you wish to close disk (multi session cd), omit the -multi option for last session.

Online references:

How to: Extract files from ISO CD images in Linux

Posted on in Categories Debian Linux, File system, Gentoo Linux, Howto, Linux, RedHat/Fedora Linux, Suse Linux, Sys admin, Tips, Ubuntu Linux last updated April 27, 2004

Under many situations you may need to get a single file/many files from Linux ISO image.

You can mount ISO images via the loop device. You need to use mount command. First login as a root user:

Extract File(s) Under Linux OS

Let us assume that your ISO image name is disk1.iso.

Step # 1: First you need to create a directory /mnt/iso

# mkdir /mnt/iso
# mount -o loop disk1.iso /mnt/iso

Step # 3: Extract file

Now you can easily copy file called file.txt from iso disk image to /tmp directory :

# cd /mnt/iso
# cp file.txt /tmp

Step # 4: Copy foo.rpm from ISO disk image:

# cd /mnt/iso/RedHat/RPMS
# cp foo.rpm /tmp 

Extract File(s) Under Windows XP or Vista Os

Windows do not have in built capability as provided by Linux to extract file. Luckly many third party software exist my favorite is Winimage http://www.winimage.com/. Download trial version (I’m sure you will love to registered this tiny utility later):

1) Install Winimage software

2) Just double click on Linux ISO file

3) Select the desired file and hit CTRL + X (or from Image menu select extract)

For more information read man pages:

man cp
man mv
man rpm
man mount
man mkdir

Linux Password Trick With Immutable Bit Using chattr Command

Posted on in Categories Linux, RedHat/Fedora Linux, Security last updated April 26, 2004

You can make a file immutable on Linux with the help of utility called chattr. One can changes the file attributes on a Linux second extended file system. The operator + causes the selected attributes to be added to the existing attributes of the files; - causes them to be removed; and = causes them to be the only attributes that the files have.

How to mount remote windows partition (windows share) under Linux

Posted on in Categories CentOS, File system, Howto, Linux, RedHat/Fedora Linux, Suse Linux, Sys admin, Tip of the day, Ubuntu Linux, UNIX, Windows, Windows server last updated April 26, 2004

All files accessible in a Linux (and UNIX) system are arranged in one big tree, the file hierarchy, rooted at /. These files can be spread out over several devices. The mount command serves to attach the file system found on some device to the big file tree.

Use the mount command to mount remote windows partition or windows share under Linux as follows:

Procedure to mount remote windows partition (NAS share)

1) Make sure you have following information:
==> Windows username and password to access share name
==> Sharename (such as //server/share) or IP address
==> root level access on Linux

2) Login to Linux as a root user (or use su command)

3) Create the required mount point:
# mkdir -p /mnt/ntserver
4) Use the mount command as follows:
# mount -t cifs //ntserver/download -o username=vivek,password=myPassword /mnt/ntserver

Use following command if you are using Old version such as RHEL <=4 or Debian <= 3: # mount -t smbfs -o username=vivek,password=D1W4x9sw //ntserver/download /mnt/ntserver

5) Access Windows 2003/2000/NT share using cd and ls command:
# cd /mnt/ntserver; ls -l
Where,

  • -t smbfs : File system type to be mount (outdated, use cifs)
  • -t cifs : File system type to be mount
  • -o : are options passed to mount command, in this example I had passed two options. First argument is password (vivek) and second argument is password to connect remote windows box
  • //ntserver/download : Windows 2000/NT share name
  • /mnt/ntserver Linux mount point (to access share after mounting)

See also:

Updated for accuracy on Aug-8-2007, 8:19PM.