How to create tar.gz?
December 19th, 2009
No comments
You can create tar.gz file with the following command.DO NOT ENTER / after the directory name.
tar -cvzf test.tar.gz test
Archive
Archive for the ‘Mandrake’ Category
How to Install Perl CPAN Module
October 14th, 2009
No comments
From the root prompt on your server, invoke the CPAN shell:
#perl -MCPAN -e shell
Once the Perl interpreter has loaded (and been configured), you can install modules with: install .MODULENAME
The first thing you should do is upgrade your CPAN:
cpan>install Bundle::CPAN
Once it is completed, type:
cpan>reload cpan
Now, enter the following command to retrieve all of the required modules:
cpan> install DateTime
Note
Be aware that after freshly installing makegccmake:
# perl -MCPAN -e shell CPAN
cpan> o conf make /usr/bin/make
cpan> o conf commit
List of TCP and UDP port numbers
September 29th, 2009
No comments
The following link contains list of TCP and UDP ports:
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
A basic firewall configuration suitable for a gateway/nat
September 27th, 2009
No comments
Introduction
The field of application of a NAT Gateway is in example a private LAN consisting of several PC with an Internet connection with one public IP address.
- The goal is to share the Internet connection among the LAN PCs.
- The problem is that there is only one public IP for outbound traffic.
- The solution is “Network Address Translation” (or NAT for short).
The Gateway (GW) is equipped with two network interfaces. One gets assigned the public IP, the second a private IP (i.e. 192.168.0.1). Every other LAN PCs has it’s own private IP (i.e. 192.168.0.2). If an outbound connection is requested the LAN PC talks to the gateway which masquerades the outbound traffic using the public IP. So every external connection looks like if it is coming from only one PC.
The basic firewalling will prevent all connections from outside with the exception of SSH (port 22) which we leave open for service purposes (i.e.).
System preparation
The following assumes that the gateway has two network interfaces:
- eth0 will be the external and
- eth1 the internal interface.
To use iptables you need to have at least the following kernel components compiled in or as modules
- ip_tables
- ip_conntrack and ip_conntrack_ftp
IP forwarding needs to be active (echo 1 > /proc/sys/net/ipv4/ip_forward</userdefined).
Setup the external interface using the necessary data from your provider (IP and standard gateway). The internal interface (eth1) needs to get a private IP address, like 10.174.254.197. The routing table of the gateway will be set up automatically during network initialization.
Every LAN PC will use the NAT-Gateways internal IP (192.168.0.1 in our example) as standard gateway in its networking setup.
Firewall script
#!/bin/sh ipt=/sbin/iptables extip=192.168.2.243 # replace with your EXTERNAL IP lan=10.174.254.197/27 # your LAN< # start firewall start_firwall { echo “Enabling IP forwarding.” echo 1 > /proc/sys/net/ipv4/ip_forward echo “Enabling iptables firewall.” # default policies $ipt -P INPUT DROP $ipt -P FORWARD DROP # NAT $ipt -t nat -A POSTROUTING -o eth0 -j SNAT –to-source $extip # INPUT chain $ipt -A INPUT -i lo -j ACCEPT $ipt -A INPUT -i eth1 -s $lan -j ACCEPT $ipt -A INPUT -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT $ipt -A INPUT -p tcp –destination-port 22 -j ACCEPT # FORWARD chain $ipt -A FORWARD -i eth1 -s $lan -j ACCEPT $ipt -A FORWARD -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT } # stop firewall stop_firwall { $ipt -P INPUT DROP $ipt -P OUTPUT DROP $ipt -P FORWARD DROP # allow internal traffic $ipt -A INPUT -i eth1 -j ACCEPT $ipt -A OUTPUT -o eth1 -j ACCEPT } # flushing, removing and zeroing tables
reset_firwall { chains=`cat /proc/net/ip_tables_names` for i in $chains; do $debug $ipt -t $i -F $debug $ipt -t $i -X $debug $ipt -t $i -Z done } case “$1″ in start|restart|reload) reset_firewall start_firewall ;; stop) reset_firewall stop_firewall ;; *) echo “Usage: $0 {start|stop|restart|reload}” exit 1 ;; esac exit 0