Iptables allow CIPE connection request

Posted on in Categories Iptables, Linux, Networking, Security, Troubleshooting last updated May 30, 2006

From my mail bag:

How do I accept CIPE connection requests coming from the outside?

CIPE stands for Crypto IP Encapsulation (see howto Establishing a CIPE Connection) . It is used to configure an IP tunneling device. For example, CIPE can be used to grant access from the outside world into a Virtual Private Network (VPN). All you need to find out CIPE number, once you got the number (device name) append following two IPTABLE rules (add rule to your iptables script) to script:

Iptables rules:

Add the following rules to your iptables script or configuration file:

iptables -A INPUT -p udp -i cipcb0 -j ACCEPT
iptables -A OUTPUT -p udp -o cipcb0 -j ACCEPT

CIPE use its own virtual device. It is use to transmit UDP packets so the above rule allows the cipcb0 interface to incoming request (no need to use eth0).

Replace cipcb0 with your actual device name.

References:

Sendmail is only accepting connections from localhost (127.0.0.1 IP)

Posted on in Categories FAQ, Troubleshooting last updated May 6, 2006

Q. My sendmail service is running under Linux and whenever I try to telnet it from other LAN IP, it gives connection refuse error. If I connect it from localhost it accept connection. I can only send mail from my server only. How do I force sendmail to accept mail from other hosts/LAN ips?

A. For security reason sendmail is by default configured to accept connection from local system (127.0.0.1). This should avoid open mail relay problem.

To allow connections from ALL hosts/LAN IPs open sendmail.mc file (login as the root):

# vi /etc/mail/sendmail.mc

Look for line that read as follows:

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA’)dnl

Comment or remove above line and insert new line that read as follows:

DAEMON_OPTIONS(`Port=smtp,Name=MTA’)dnl

Above line will force to accept connection from any host. Save the file. Regenerate sendmail configuration file using m4:

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

Restart sendmail service :

# /etc/init.d/sendmail restart

Caution: You should configure firewall and other Sendmail Anti-Spam configuration control to avoid problems.

See also:

RHEL: Linux Bond / Team Multiple Network Interfaces (NIC) Into a Single Interface

Posted on in Categories fedora linux, Howto, Networking, RedHat/Fedora Linux, Tips last updated April 3, 2006

Finally, today I had implemented NIC bounding (bind both NIC so that it works as a single device). Bonding is nothing but Linux kernel feature that allows to aggregate multiple like interfaces (such as eth0, eth1) into a single virtual link such as bond0. The idea is pretty simple get higher data rates and as well as link failover. The following instructions were tested on:

  1. RHEL v4 / 5 / 6 amd64
  2. CentOS v5 / 6 amd64
  3. Fedora Linux 13 amd64 and up.
  4. 2 x PCI-e Gigabit Ethernet NICs with Jumbo Frames (MTU 9000)
  5. Hardware RAID-10 w/ SAS 15k enterprise grade hard disks.
  6. Gigabit switch with Jumbo Frame

HowTo: Recovering Linux Grub Boot Loader Password

Posted on in Categories CentOS, Debian Linux, Howto, Linux, RedHat/Fedora Linux, Suse Linux, Sys admin, Tips, Troubleshooting, Ubuntu Linux last updated February 20, 2006

If you have, a password protected grub boot loader and you forgot both root and grub password, then you can recover grub-boot loader password using the following method/procedure:

* Use Knoppix cd
* Remove the password from Grub configuration file
* Reboot the system
* Change the root password
* Setup new Grub password if required (optional)

FreeBSD: Becoming Super User (su) or Enabling su Access For User Account

Posted on in Categories FreeBSD last updated February 23, 2005

The superuser is a privileged user with unrestricted access to all files and commands. The superuser has the special UID (user ID) 0. You need to become super user (root) only when tasks need root permissions. Here is how to become a super user:
Continue reading “FreeBSD: Becoming Super User (su) or Enabling su Access For User Account”