Friday, March 8, 2013

OpenBSD bridge port

To make a bridge port in OpenBSD. You have to do the following things

1. Create a file called /etc/hostname.bridge0,  and add the following line:
            add [interface name1]
            add [interface name2]
            up
2. In indiual interface files /etc/hostname.[interface name] either put IP or following line
        up media autoselect
   for IP write following line
        inet [ip address] [netmask] [broadcast address]

Source:
http://www.cyberciti.biz/faq/setting-up-a-network-bridge-in-openbsd/
    
 
Posted by at No comments:

Wednesday, March 6, 2013

openBSD firewall NAT rules

1. Source NAT rule:

pass out on [external interface name] from [internal interface name]:network to any nat-to [external interface name]

2. Destination NAT rule:

pass in on [external interface name] proto tcp from [external source ip] to any port 80  rdr-to [internal dst interface]

Also you need to add alias IP at external interface to take care of arp request. The sample config(/etc/hostname.[interface name] for interface is as following

 inet [ipaddress] [mask ] [broadcast address]
 for alias ip add the following line
inet alias  [ipaddress] [mask] [broadcast address]
Posted by at No comments:

Monday, October 1, 2012

Iptable a simple and effective firewall for LINUX based machine

Hi All,

When I first encountered iptables It sacred me a lot.  But believe me it is very simple to configure IPtable. In this post I am talking about how to achieve a host firewall using iptable
1. Install iptables. Usually it comes pre-installed unless and until you deselect it while OS installation.
2. In rpm based linux destro, iptables takes configuration from file /etc/sysconfig/iptables

But this does not restrict you to specify your configurations from other locations(in this scenario you have to run iptables-restore command. may in rc.local file)

3. Go for editing iptables file and put your configuration in filter table under INPUT (deals with packet address to this host machine) chain and OUTPUT (packet originating from this machine)chain

Set default policy DROP for all chain

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]

#allow all connection from loopback address for all protocol
-A INPUT  -i lo  -j ACCEPT
-A OUTPUT  -o lo  -j ACCEPT

#accept all icmp packet
-A INPUT -i eth0 -s nw-address -p icmp --icmp-type echo-request -j ACCEPT
-A INPUT -i eth0 -s nw-address -p icmp --icmp-type echo-reply   -j ACCEPT
-A OUTPUT -o eth0 -d nw-address -p icmp --icmp-type echo-request -j ACCEPT
-A OUTPUT -o eth0 -d nw-address -p icmp --icmp-type echo-reply   -j ACCEPT

#accept ssh and webserver
-A INPUT -i eth0 -s nw-address  -p tcp  --match multiport --dports 22,80,443 -j ACCEPT
-A OUTPUT -o eth0 -d nw-address -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT



Instead for -j you may put DROP or LOG also


Thanks and regards
lalit patel


Posted by at No comments:
Labels: ,

Monday, July 23, 2012

How to return mutiple objects from a function in java

Hi,
There a number of situation where we do require to return multiple object from a java function.  Let me clear one thing Java as of now does not support this. So how to achieve it ?

1. It returned objects are of same type: make an array and return it.

2. If the returned objects are of different type: wrap it in some other class,make a object and return.

simple and cool

thanks and regards
lalit patel
Posted by at No comments:

Thursday, July 5, 2012

Problem arising due to system name difference between file linux /etc/sysconfig/network and /etc/hosts file

Hi All,

Recently I came across a problem where system names differed between /etc/sysconfig/network and /etc/hosts file.

This broke down a SNMP application. After a long hour of headache and debugging I finally traced out. That both the name should be the same.


Thanks and regards

lalit patel

Posted by at No comments:

Problem of Jpcap require libpcap.so.0.9 library solved

Hi All,

Jpcap is a java library which uses native C library (libpcap) for packet capturing.
Jpcap require libpcap version to be greater than 0.9. Recently I came across a strange problem. I had Redhat 6 Enterprise  edition linux. It has got libpcap 1.0.0 version installed. But jpcap failed to recognize it. So I made a soft link using following command

ln -s libpcap.so.1.0.0 libpcap.so.0.9

and it worked

thanks and regards
lalit patel




Posted by at 2 comments:

Monday, June 18, 2012

How to send email alert without using sendmail or postfix

Hi All,

Recently I came across a problem where I had to send email alert(with out any attachment) about system health. One way was to configure Sendmail or Postfix. But It was overkill. I had to just send an alert and forget. For that tiny utility ssmtp comes in a very  handy way. First just install ssmtp using rpm of deb package. Thet configure /etc/ssmtp/ssmtp.conf file

  root=user@example.com

  AuthUser=username
  AuthPass=password
  AuthMethod=CRAM-MD5

  mailhub=mail.example.com  //your smtp server

  rewriteDomain=example.com  //your domain name

  hostname=hostname.domain //your machine hostname 
 
 
and bingo you are ready to use ssmtp to send mail
just try following command


echo "Hello world"| ssmtp yourmailid@example.com
 
also you can add these line in cronjob also. 
 


Note:-
1. Make ssmtp.conf permission as 640 aka chmod 640 /etc/ssmtp/ssmtp.conf
2. Make sure ssmtp user has no valid shell. Techincally it should have /sbin/nologin as shell
 
 
 Source:- 
ssmtp guide


Posted by at No comments:
Subscribe to: Posts (Atom)