Archive for category Linux
Get Detailed Information About Particular IP address Connections Using netstat Command
Posted by jervin in Linux, Networking, Server Security on December 14, 2008
I was recently investigating a LAMP application bottleneck. Part of which was to monitor web server entry points during peak hours. Looking into segregate connections and what each clients are actually doing I needed some advanced netstat know-how to get thru my goal, so I stumble upon this one from nixCraft:
netstat command and shell pipe feature can be used to dig out more information about particular IP address connection. You can find out total established connections, closing connection, SYN and FIN bits and much more. You can also display summary statistics for each protocol using netstat.
This is useful to find out if your server is under attack or not. You can also list abusive IP address using this method.
http://www.cyberciti.biz/tips/netstat-command-tutorial-examples.html
FreeBSD NFS Server and CentOS NFS Client
Posted by jervin in BSD/Mac OSX, Linux, Networking on December 8, 2008
We were recently migrating a busy site from an aging FreeBSD 5.4 and we cannot disrupt operations while switching platforms from FreeBSD to CentOS. So part of the plan was to share via NFS media files from the old FreeBSD server to the new CentOS.
Here are the steps that I had to do:
- Modify
/etc/exportsfile to include directories you want shared. Ours look something like this:/usr/home/web01/images /usr/home/web01/swf 192.168.0.4
Notice the two consecutive directories. From the man pages, when mounting two directories from the same mountpoint or filesystem it will go the same line on the exports file or you'll get errors like:
Dec 8 10:20:42 web01 mountd[5900]: can't change attributes for /usr/home/web01/swf 192.168.0.4 Dec 8 10:20:42 web01 mountd[5900]: bad exports list line /usr/home/web01/swf 192.168.0.4
-
Restart service on the server. First stop, nfsd.
/etc/rc.d/nfsd stop
You have to make sure that mountd is stopped as well.
/etc/rc.d/mountd forcestop
Then kill rpcbind, I do this by finding the PID for rpcbind and killing it manually.
ps aux|grep rpcbind
It should return something like:
root 6087 0.0 0.1 4776 1248 ?? Ss 10:28AM 0:00.01 rpcbind
Then do the killing:
kill -9 6087
Then we start these processes in reverse order:
rpcbind /etc/rc.d/nfsd start
Starting nfsd should start mountd as well.
- Verify your exports are properly listed
showmount -e
Should give you something like:
Exports list on localhost: /usr/home/web01/images 192.168.0.4 /usr/home/web01/swf 192.168.0.4
- Now if you use
hosts.allowandhosts.deny, make sure that the NFS client is allowed on the NFS services. We have these on our/etc/hosts.allownfs : 192.168.0.4 : allow mountd : 192.168.0.4 : allow rpcbind : 192.168.0.4 : allow
- Now, before mounting on or CentOS client machine we verify first wether the NFS exports are visible:
rpcinfo -p 192.168.0.3
You should get something like:
program vers proto port 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100000 4 7 111 portmapper 100000 3 7 111 portmapper 100000 2 7 111 portmapper 100005 1 udp 861 mountd 100005 3 udp 861 mountd 100005 1 tcp 767 mountd 100005 3 tcp 767 mountd 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs - So, our exports are visible we can now mount those shares.
mount -t nfs 192.168.0.3:/usr/home/web01/images /usr/home/web02/images mount -t nfs 192.168.0.3:/usr/home/web01/swf /usr/home/web02/swf
- That should do it, you should be able to see your mount points and browse files within them.
Questions welcome!
Services Behind a NAT Router and a Multihomed PC
Posted by jervin in Linux, Networking, Windows on September 27, 2008
Because of the job demand I recently acquired a second internet line for redundancy at the office. Thinking that the new second line will go stale and unused I bought an Edimax BR-6624 Dual WAN router. However since I only have 2 PCs and a laptop. Either load balancing or backup connection, the second internet line will be rarely used. So I decided to experiment.
As you can see, I have two routers 1) an Edimax BR-6624 Dual WAN router where ISP1 goes to and a 2) Linksys WRT300N where ISP2 goes. The Windows XP PC connects to both and now it is multihomed. I have configured the PC to use the Linksys router as default gateway so my browsing and downloads goes through ISP2 and my services will listen on the connection from the DUAL WAN router.
Another thing to notice is that the Dual WAN router has its failover connection from the Linksys router which is effectively ISP2. So if ISP1 fails the other PC connected to the Dual WAN router will connect through ISP2.
There is only a tricky problem which I am not able to resolve until this time. I want my HTTP and FTP services available to the internet via ISP1 which have the static IP. I have configured port forwarding for this services to the Windows XP PC. Oddly enough it is not working, and I am clueless.
I have as well tried NAT aliasing which does not work, DMZ which as well does not work. So I am wondering if the WIndows XP PC is the point of failure. I haven't got enough help to resolve this however I will keep looking and will update this post.
Remote Desktop Client after Windows XP SP3
Posted by admin in Linux, Networking, Windows on July 2, 2008
When Windows XP SP3 was officially out I eagerly installed without a problem, so I guess MS did something right this time. However a couple of months later, I needed the Remote Desktop client for work and there, MS blew up again or may I say as expected.
The pre-release version of Remote Desktop Connection has expired. To download the full version of Remote Desktop Connection, go to Windows Update or contact your system administrator.
What? Expired? Why? No Kidding!
Looking for clues, it seemed that there are two options for me to solve the situation, 1) download and install a standalone version Windows XP SP2 RC2 or later. Unfortunately MS has managed as expected to hide the download from the public sometime around March as any effort to download from their site means no joy. 2) Another option is to use a previous working version of mstsc.exe (the RDP client executable) stored at C:\WINDOWS\system32\dllcache\ with which I have gladly settled. Putting a shortcut of the file to my Desktop is better than chasing MS.
Stay tuned as I will continue to hunt for Windows XP SP3 RC2 download, and when I do find them I'll post some links here.
Automated Document Collection via Fax using HylaFax
Posted by jervin in Linux, Networking on May 28, 2008
I. Our OS of choice is CentOS (latest release 5.1) since a HylaFAX rpm is widely available. Assuming we already have a working OS with its network properly configured to reach outside world.
II. Secondly we need to install our modem of choice, in this case a Conexant based data/fax modem. To support the fax capability we need to use the paid version of the linuxant.org HSF softmodem driver. Their website (linuxant.org) provides and simple and easy way to install the driver as well as activating the purchased license.
III. For more convenience we will create a middle user or utility user called ‘faxman’ using whatever password plus we also generate an rsa private key pair. Assuming an rsa key pair has been generated copy the private key to the $POOL/etc/ directory as ‘faxman_id_rsa’
# cp /home/faxman/.ssh/id_rsa /var/spool/hylafax/etc/faxman_id_rsa
# chown uucp.uucp /var/spool/hylafax/etc/faxman_id_rsa
# chmod 0600 /var/spool/hylafax/etc/faxman_id_rsa
Another requirement is that the faxman user should be able to login to localhost using his private key so we do:
faxman@localhost ~$ cat .ssh/id_rsa.pub > .ssh/authorized_keys2
faxman@localhost ~$ chmod 0600 .ssh/*
So when you do:
faxman@localhost ~$ ssh localhost
faxman should login without a fuzz.
IV. Our next step is HylaFax, searching over rpm.pbone.net we found a compatible rpm version 4.4.4 (http://rpm.pbone.net/index.php3/stat/4/idpl/6051053/com/hylafax-4.4.4-1rhel5.i386.rpm.html). Make sure before you install that you satisfied the dependencies (sharutils, gcc, ghostscript(optional)). Once the RPM has been installed faxsetup will automatically execute, accept all defaults except set the correct country code, area code and the phone number the modem will be attached to. Afterwards you will be prompted to configure your modem via faxaddmodem, same as faxsetup, accept defaults except country code, area code and phone number.
V. Next we customize some scripts that comes with hylafax, first up $SPOOL/etc/FaxDispatch . Normally this file sends out email notification to the faxmaster (in our case faxman user) but we will add some values and procedures to scp in and call some external notication script.
## These values will determine to what server and directory the inbound facsimile is to be sent to.
SSH_HOST=jhive.net;
SSH_USER=<user>;
SSH_PASS=<pass>;
SSH_PREFIX=/home/hylafax/web;
NOTIFY=http://www.jhive.net/hylafax/notify.php
Where:
SSH_HOST : the remote host where we will scp our converted facsimiles to
SSH_USER : the remote user
SSH_PASS : optional, but keep here
SSH_PREFIX : the remote directory to send the files to
NOTIFY : an http based service that will be called with an attached querystring with the name of the scp’ed folder.
Another important requirement:
Our ‘faxman’ user must be able to login to SSH_HOST as SSH_USER using only private key pair so you must set this up as well before attempting anything.
Our next script will be $SPOOL/bin/faxrcvd , this script handles whatever it is you want to do with RAW INBOUND (tiff) facsimiles. Open the faxrvcd script and replace the MailWithFAX procedure with this:
MailWithFAX ()
{
template="etc/templates/$TEMPLATE/faxrcvd-$1.txt"
files_1=$FILE;
filetype_1=TIFF;
nfiles=1;
for ft in $FILETYPE
do
ATTACH_ARGS="$ATTACH_ARGS "`BuildAttachArgs $ft`
done
eval CreateMailMessage $template $ATTACH_ARGS \
2>$ERRORSTO | $SENDMAIL -f"$FROMADDR" -oi "$SENDTO"
SSHDispatch
}
SSHDispatch ()
{
IPAY_DATE=`date '+%Y%m%d%H%M%S'`
if [ -d $TMPDIR ]
then
/bin/chmod -R 0777 $TMPDIR
/usr/bin/ssh -i etc/faxman_id_rsa faxman@localhost "/usr/bin/scp -p -r $TMPDIR $SSH_USER@$SSH_HOST:$SSH_PREFI
X/$IPAY_DATE" 1>>log/scp.log 2>>log/scp.log
export LYNX_TEMP_SPACE=/tmp; /usr/bin/lynx -dump "$NOTIFY?$SSH_HOST:$SSH_PREFIX/$DATE" 1>>log/lynx.log 2
>>log/lynx.log
/bin/chmod -R 0700 $TMPDIR
fi
}
Lastly for this step, we create some additional logs $SPOOL/log/lynx.log and $SPOOL/log/scp.log
touch /var/spool/hylafax/log/scp.log
touch /var/spool/hylafax/log/lynx.log
chown uucp.uucp touch /var/spool/hylafax/log/scp.log
chown uucp.uucp touch /var/spool/hylafax/log/lynx.log
VI. Open up /etc/aliases and add the following:
# alias for notification messages from HylaFAX servers
faxman: <a valid email address where you want notifications sent out to>
FaxMaster: faxman
Close the aliases file and commit by:
# newliases
VII. You should be all set, fire up:
/usr/sbin/faxgetty <your modem device i.e. ttySHSF0>
… and fax away!
VIII. Troubleshooting:
Wondering why your faxes aren’t being sent to remote server or your notify script not being called or failing? Check $SPOOL/log/lynx.log and $SPOOL/log/scp.log