Thursday, June 5, 2008

creating NAT using Linux IPtables

If you are running a recent 2.6 Linux Kernel this four step process should work for you. This has been specifically tested on FCore 3, 4, 5, and 6.. should work on any modern Linux distribution. All of these commands must be executed as the root user.

First you need to tell your kernel that you want to allow IP forwarding. 

echo 1 > /proc/sys/net/ipv4/ip_forward

Then you'll need to configure iptables to forward the packets from your internal network, on /dev/eth1, to your external network on /dev/eth0. You do this will the following commands: 

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

You should now be NATing. You can test this by pinging an external address from one of your internal hosts. The last step is to ensure that this setup survives over a reboot. Obviously you should only do these last two steps if your test is a success.

You will need to edit /etc/sysctl.conf and change the line that says net.ipv4.ip_forward = 0 to net.ipv4.ip_forward = 1. This essentially tells your kernel to do step one on boot.

Ok last step for Fedora/RHEL users. In order for your system to save the iptables rules we setup in step two you have to configure iptables correctly. You will need to edit /etc/sysconfig/iptables-config and make sure IPTABLES_MODULES_UNLOAD, IPTABLES_SAVE_ON_STOP, and IPTABLES_SAVE_ON_RESTART are all set to 'yes'.

For non-Fedora/RHEL users you can simply setup an init script for this or simply append these commands to the existing rc.local script so they are executed on boot
Posted by at No comments:

Thursday, October 18, 2007

creating global rules in openwebmail

open Openwebmail cgi-bin folder (/var/www/cgi-bin/openwebmail)/etc/filter.book and add the rule. Local user rules exist in ~user/.openwebmail/webmail/filter.book
Posted by at No comments:

Wednesday, October 10, 2007

amavis - To allow only password protected archives 

Add these two rules somewhere towards the end
of the list in $banned_filename_re:

# allow if it is or contains any undecipherable components:
[ qr'^UNDECIPHERABLE$'=> 0 ],

qr'^\.(zip|tar)$',  # block zip and tar (unless password protected)
Posted by at No comments:

Encrypting file in Linux

To encrypt single file, use command gpg

$ gpg -c filename

Enter Passphrase:
Repeat passphrase:

File becomes filename.gpg

To Decrypt

gpg filename.gpg
gpg: CAST5 encrypted data
gpg: Enter passphrase

original file is extracted out of the encrypted file
Posted by at No comments:

Friday, September 28, 2007

pwck, grpck

pwck for checking correctness of passwd file

grpck for checking correctness of group file
Posted by at No comments:

Thursday, September 27, 2007

copy files by date

scp files created in DIR_NAME on a particular date to TARGET_COMPUTER

find DIR_NAME -mtime "{DATE}" -exec scp {} TARGET_COMPUTER \;
Posted by at No comments:

process states

use top command to know the status of a process

state of the process:
S-sleeping,
R-running,
T-stopped or traced,
D-uniterruptable sleep,
Z=zombie.
Posted by at No comments:
Subscribe to: Comments (Atom)