Archive for June, 2008

Sources of Lack of Connectivity

Another problem that we have to face is lack of connectivity. The sources of this issue is:

–> Power failures

–> The remote server or an application on the remote server being shutdown.

Advertisements

Comments (1)

Sources of Network Slowness

Maximum Network Support people have to face the problem with network slowness. Here I want to some sources of this issue:

–> NIC duplex and speed incompatibilities

–> Network congestion

–> Poor routing

–> Bad cabling

–> Electrical interference

–> An overloaded server at the remote end of the connection

–> Misconfigured DNS

Wish you to comment a advice about this issue.

Comments (1)

DHCP Server Configuration

DHCP stands for Dynamic Host Configuration Protocol. This protocol reduces the workload. dhcp-3.0.1-59.EL4, dhcp-3.0.1-58.EL4, dhcp-3.0.1-54.EL4 — anyone of these packages are used for dhcp server. At first we have to check the package whether it is installed or not. We can check this with the following command.

#rpm -qa | grep dhcpd*

Here the * sign after the ‘dhcpd’ means anything after ‘dhcpd’ wil be grep. If the package is installed than we can directly go for configuration. If no output appears than we have to install the package. We can do this with the following command.

#rpm -ivh dhcpd*

Now, the package is installed. We have to edit the /etc/dhcpd.conf file to configure the dhcp server.

vi /etc/dhcpd.conf

Sometimes we will not find any file like /etc/dhcpd.conf . At such situation we have to go to /usr/share/doc/ directory. There we will find another folder named like dhcp-3.01. We will enter into that directory.

#cd /usr/share/doc

#cd dhcp-3.01

Here will find a file named dhcpd.conf.sample. We will copy this file as follows.

cp dhcpd.conf.sample /etc/dhcpd.conf

Now we will edit the file.

vi /etc/dhcpd.conf

And in this file we will change the file as follows.

{

optionrouters 192.168.100.1

optionnetmask 255.255.255.0

domainnameserver 192.168.0.1, 4.2.2.1;

optionbroadcastaddress 192.168.100.255

optionbootp 192.168.100.2 192.168.100.254

defaultleasttime 21600

maxleasttime 43200

}

This will configure dhcp server. If we want to enter fixed IP, than we have to add the folowing after the previous command.

host DNS

{

hw ether 00:21:D3:C1:11:12

fixed-address 192.168.100.5

}

This is important as some pc connected to printer will need to have fixed IP.

Thats all according to my knowledge. Expect some comments about this issue.

Leave a Comment

A simple Firewall at Linux

Here I want to share a simple firewall example. This will be a firewall using iptables at Linux. We have to create a file at /usr/bin name firewall. We can do this with the following command.

vi /usr/bin/firewall

Then we will edit the file. The edition are written below:

vi /usr/bin/firewall

#!/bin/bash

iptables -F


# set defaukt policy

iptables -P INPUT ACCEPT

iptables -P OUTPUT ACCEPT

iptables -P FORWARD DROP


# accept WAN interface

iptables -A FORWARD -i eth0 -j ACCEPT


# allow a specific IP

iptables -A FORWARD -i eth1 -s 192.168.100.2/32 -d  0/0 -j ACCEPT

Now We will set execution permission to all type user with the following command.

chmod +x /usr/bin/firewall

Now if we write firewall, just like other unix command, it will start firewall file.

For adding at startup configuration we can write a command at /etc/rc.local

vi /etc/rc.local

/usr/bin/firewall

We can also allow or deny any specified MAC also with the following command:

iptables -A FORWARD -i eth0 -s 192.168.100.2 -m mac –mac-source 00:21:D3:C1:11:17 -d 0/0 -j ACCEPT

We have add to the /usr/bin/firewall file.

Expect to get better advice.

Comments (1)

Gateway Server Configuration

Gateway server configuration is the easiest thing in Linux server configuration. For this we have to follow the following steps.

1. We have to ensure that the server computer two NICs. Then we have to configure the NICs. I think most of us can do this thing. To configure interface eth1 we have to create a file /etc/sysconfig/network-scripts/ifcfg-eth1 (If there is no such file; if there exist the file then we have to edit this file) as follows:

vi /etc/sysconfig/network-scripts/ifcfg-eth1

# Intel Corporation 82573E Gigabit Ethernet Controller (Copper)

DEVICE=eth1

BOOTPROTO=static

HWADDR=12:34:56:78:9A:BC

IPADDR=192.168.100.1

NETMASK=255.255.255.0

Here the network is 192.168.100.0/24

This is the LAN side.

We will configure WAN side at eth0 with the following command:

vi /etc/sysconfig/network-scripts/ifcfg-eth0

# Intel Corporation 82573E Gigabit Ethernet Controller (Copper)

DEVICE=eth0

BOOTPROTO=static

HWADDR=12:34:56:78:9A:BC

IPADDR=221.120.96.233

NETMASK=255.255.255.224
Now we will restart the interfaces.

/etc/init.d/network restart
2. Now we have to do minimum two things.

* IP forwarding

* NAT (Network Address Translation)

3. For IP forwarding we can chose any one procedure as follows:

* Procedure 1: We can write only one command as follows :

# echo 1>/proc/sys/net/ipv4/ip_forward

and then entry this line at /etc/rc.local file.

* Procedure 2: We can edit the /etc/sysctl.conf file and do there we will change the value 0 of net.ipv4.ip_forward to 1.

# vi /etc/sysctl.conf

net.ipv4.ip_forward=1

Then we have to restart the file with the following command:

# sysctl -p
4. For NAT we can add only two line at /etc/rc.local file:

iptables -t nat -F

iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 0/0 -j SNAT –to-source 221.120.96.233

Thats all. Our Gateway server is configured. Now we can check whether its working or not.

Any suggestions ?

Comments (2)

Copy from a remote Server

We can copy from and copy to a remote server using scp command. scp means secure copy. The structure of the command is as follows:

scp source destination

Suppose I want to copy to 192.168.100.5 . We want to copy the /etc/passwd to the remote server at /root .

Then we have to use the following command:

scp /etc/passwd root@192.168.100.5:/root

If we want to copy from 192.168.100.5 /etc/passwd file to /root, then we will write

scp root@192.168.100.5:/etc/passwd /root

We have to remind one thing that we must have to use root user for secure copy.

To copy a folder we have to use the following structure:

scp -r source destination

Leave a Comment

Allow and deny IP for ssh

We can allow and deny IP for ssh. To do this we have to change some configuration at /etc/host.deny and /etc/host.allow files. Suppose we want to deny 192.168.100.5, then we will edit the /etc/host.deny file and do some changes as follows.

vi /etc/host.deny

sshd:192.168.100.5

Save & exit

This will deny 192.168.100.5 to ssh.

Suppose we want to allow only 192.168.100.5 to ssh. Then we will edit two files as follows:

vi /etc/host.deny

sshd:all

save & exit

vi /etc/host.allow

sshd:192.168.100.5

save & exit

We can do the same by changing only at /etc/host.deny as follows:

vi /etc/host.deny

sshd:all except 192.168.100.5

save & exit

Comments (2)

Older Posts »