Debuntu

4. Using iptables’script

4.1. From the command line

One way to apply the rules we define, is simply to run the script from the command line like:

sudo sh /path/to/firewall-script.sh

but this has the bad effect of not being restore on reboot :s, but still, this will be of great help while tweaking up your firewall.

Read the rest of this entry »

3.3. Defining custom chains

In order to get a easier to maintain iptables script, it is handy to define some custom chains, also called user-defined chains. This way, you can gather common actions into 1 chain, then, using our target switch (-j) we will be able to send packets that match specific rules to that target.
In order to create a user-defined chain, we need to use:

Read the rest of this entry »

3. Iptables Script

OK, now that we know the really basis, let see what the script is going to look like.

In this example, I assume that eth0 is the interface connected to the Internet, eth1 is the one connected to our local network.

Read the rest of this entry »

iptables is a command line tool which allow system administrators to configure Linux packet filtering ruleset.

Using iptables, you are able to tweak packet filtering, Network Address Translation (NAT) and packet mangling which in the end are going to allow you to secure your server, share your Internet connection and log unwanted traffic.

iptables is not really what we could call an easy to get with tool, but once you know the basis, it won’t be that scary .

This tutorial will provide a sample script you can use to share your Internet access and will give an overview on how to use iptables

Read the rest of this entry »

In relation to a tutorial I previously made on how-to connect to a remote mysql server by forwarding port with ssh, I found out that some distributions like debian sarge where not using a default configuration that allow you to do that by default.
People who get an error like:

ERROR 2013 (HY000): Lost connection to MySQL server during query

or

channel 3: open failed: connect failed: Connection refused

might find an answer to their problem.
Read the rest of this entry »

Setting up Reverse Name Resolution:

In order to be able to get the name of the machine located at IP 192.168.1.X, we need to set up a reverse name zone which is going to be call, in this example 1.168.192.in-addr.arpa,

edit /etc/bind/named.conf.local and add:

Read the rest of this entry »

Bind is a well known Unix name server, it is a powerfull piece of software which is used by the majority of nameservers.
This article will go though setting up a local area network that can be used at home or inside a small company.

Read the rest of this entry »

Examples:

monitoring interfaces eth0 and lo with unit type in kBit/s:

$nload eth0 lo

the same, but with both interface in the same windows:

$nload -m eth0 lo

monitoring eth0 with the max value for incoming bandwidth setted at 20kBit/s and max value for outgoing traffic at 15kBit/s with transfert unit type automatically handed by nload in Bit/s

$nload -i 20 -o 15 -u h eth0

Read the rest of this entry »

nload is a ncurse based network traffic analyser. Being a ncurse based tools, you do not need to start X in order to use that software which is necessary when administering machines remotely … and even locally actually.

Read the rest of this entry »