Friday, 24 August 2012

Most Frequently Used Linux IPTables Rules Examples

These examples will act as a basic templates for you to tweak these rules to suite your specific requirement.
For easy reference, all these 25 iptables rules are in shell script format: iptables-rules

1. Delete Existing Rules

Before you start building new set of rules, you might want to clean-up all the default rules, and existing rules. Use the iptables flush command as shown below to do this.
iptables -F                                                               
iptables --flush                                                          

2. Set Default Chain Policies

The default chain policy is ACCEPT. Change this to DROP for all INPUT, FORWARD, and OUTPUT chains as shown below.
iptables -P INPUT DROP                                                    
iptables -P FORWARD DROP                                                  
iptables -P OUTPUT DROP                                                   
When you make both INPUT, and OUTPUT chain’s default policy as DROP, for every firewall rule requirement you have, you should define two rules. i.e one for incoming and one for outgoing.

In all our examples below, we have two rules for each scenario, as we’ve set DROP as default policy for both INPUT and OUTPUT chain.
If you trust your internal users, you can omit the last line above. i.e Do not DROP all outgoing packets by default. In that case, for every firewall rule requirement you have, you just have to define only one rule. i.e define rule only for incoming, as the outgoing is ACCEPT for all packets.
Note: If you don’t know what a chain means, you should first familiarize yourself with the IPTables fundamentals.

3. Block a Specific ip-address

Before we proceed further will other examples, if you want to block a specific ip-address, you should do that first as shown below. Change the “x.x.x.x” in the following example to the specific ip-address that you like to block.
iptables -A INPUT -s "$BLOCK_THIS_IP" -j DROP                               
This is helpful when you find some strange activities from a specific ip-address in your log files, and you want to temporarily block that ip-address while you do further research.
You can also use one of the following variations, which blocks only TCP traffic on eth0 connection for this ip-address.
iptables -A INPUT -i eth0 -s "$BLOCK_THIS_IP" -j DROP                       
iptables -A INPUT -i eth0 -p tcp -s "$BLOCK_THIS_IP" -j DROP                

4. Allow ALL Incoming SSH

The following rules allow ALL incoming ssh connections on eth0 interface.
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT   
Note: If you like to understand exactly what each and every one of the arguments means, you should read How to Add IPTables Firewall Rules

5. Allow Incoming SSH only from a Sepcific Network

The following rules allow incoming ssh connections only from 192.168.100.X network.
iptables -A INPUT -i eth0 -p tcp -s --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT                       
In the above example, instead of /24, you can also use the full subnet mask. i.e “″.

6. Allow Incoming HTTP and HTTPS

The following rules allow all incoming web traffic. i.e HTTP traffic to port 80.
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT   
The following rules allow all incoming secure web traffic. i.e HTTPS traffic to port 443.
iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT   

7. Combine Multiple Rules Together using MultiPorts

When you are allowing incoming connections from outside world to multiple ports, instead of writing individual rules for each and every port, you can combine them together using the multiport extension as shown below.
The following example allows all incoming SSH, HTTP and HTTPS traffic.
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 22,80,443 -m state --state ESTABLISHED -j ACCEPT   

8. Allow Outgoing SSH

The following rules allow outgoing ssh connection. i.e When you ssh from inside to an outside server.
iptables -A OUTPUT -o eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT     
Please note that this is slightly different than the incoming rule. i.e We allow both the NEW and ESTABLISHED state on the OUTPUT chain, and only ESTABLISHED state on the INPUT chain. For the incoming rule, it is vice versa.

9. Allow Outgoing SSH only to a Specific Network

The following rules allow outgoing ssh connection only to a specific network. i.e You an ssh only to network from the inside.
iptables -A OUTPUT -o eth0 -p tcp -d --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT                         

10. Allow Outgoing HTTPS

The following rules allow outgoing secure web traffic. This is helpful when you want to allow internet traffic for your users. On servers, these rules are also helpful when you want to use wget to download some files from outside.
iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT     
Note: For outgoing HTTP web traffic, add two additional rules like the above, and change 443 to 80.

11. Load Balance Incoming Web Traffic

You can also load balance your incoming web traffic using iptables firewall rules.
This uses the iptables nth extension. The following example load balances the HTTPS traffic to three different ip-address. For every 3th packet, it is load balanced to the appropriate server (using the counter 0).
iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 0 -j DNAT --to-destination
iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 1 -j DNAT --to-destination
iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 2 -j DNAT --to-destination

12. Allow Ping from Outside to Inside

The following rules allow outside users to be able to ping your servers.
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT                     
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT                      

13. Allow Ping from Inside to Outside

The following rules allow you to ping from inside to any of the outside servers.
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT                    
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT                       

14. Allow Loopback Access

You should allow full loopback access on your servers. i.e access using
iptables -A INPUT -i lo -j ACCEPT                                                
iptables -A OUTPUT -o lo -j ACCEPT                                               

15. Allow Internal Network to External network.

On the firewall server where one ethernet card is connected to the external, and another ethernet card connected to the internal servers, use the following rules to allow internal network talk to external network.
In this example, eth1 is connected to external network (internet), and eth0 is connected to internal network (For example: 192.168.1.x).
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT                                    

16. Allow outbound DNS

The following rules allow outgoing DNS connections.
iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT                           
iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT                            

17. Allow NIS Connections

If you are running NIS to manage your user accounts, you should allow the NIS connections. Even when the SSH connection is allowed, if you don’t allow the NIS related ypbind connections, users will not be able to login.
The NIS ports are dynamic. i.e When the ypbind starts it allocates the ports.
First do a rpcinfo -p as shown below and get the port numbers. In this example, it was using port 853 and 850.
rpcinfo -p | grep ypbind                                                         
Now allow incoming connection to the port 111, and the ports that were used by ypbind.
iptables -A INPUT -p tcp --dport 111 -j ACCEPT                                   
iptables -A INPUT -p udp --dport 111 -j ACCEPT                                   
iptables -A INPUT -p tcp --dport 853 -j ACCEPT                                   
iptables -A INPUT -p udp --dport 853 -j ACCEPT                                   
iptables -A INPUT -p tcp --dport 850 -j ACCEPT                                   
iptables -A INPUT -p udp --dport 850 -j ACCEPT                                   
The above will not work when you restart the ypbind, as it will have different port numbers that time.
There are two solutions to this: 1) Use static ip-address for your NIS, or 2) Use some clever shell scripting techniques to automatically grab the dynamic port number from the “rpcinfo -p” command output, and use those in the above iptables rules.

18. Allow Rsync From a Specific Network

The following rules allows rsync only from a specific network.
iptables -A INPUT -i eth0 -p tcp -s --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 873 -m state --state ESTABLISHED -j ACCEPT                       

19. Allow MySQL connection only from a specific network

If you are running MySQL, typically you don’t want to allow direct connection from outside. In most cases, you might have web server running on the same server where the MySQL database runs.
However DBA and developers might need to login directly to the MySQL from their laptop and desktop using MySQL client. In those case, you might want to allow your internal network to talk to the MySQL directly as shown below.
iptables -A INPUT -i eth0 -p tcp -s --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 3306 -m state --state ESTABLISHED -j ACCEPT                       

20. Allow Sendmail or Postfix Traffic

The following rules allow mail traffic. It may be sendmail or postfix.
iptables -A INPUT -i eth0 -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT   

21. Allow IMAP and IMAPS

The following rules allow IMAP/IMAP2 traffic.
iptables -A INPUT -i eth0 -p tcp --dport 143 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 143 -m state --state ESTABLISHED -j ACCEPT   
The following rules allow IMAPS traffic.
iptables -A INPUT -i eth0 -p tcp --dport 993 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 993 -m state --state ESTABLISHED -j ACCEPT   

22. Allow POP3 and POP3S

The following rules allow POP3 access.
iptables -A INPUT -i eth0 -p tcp --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 110 -m state --state ESTABLISHED -j ACCEPT   
The following rules allow POP3S access.
iptables -A INPUT -i eth0 -p tcp --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 995 -m state --state ESTABLISHED -j ACCEPT   

23. Prevent DoS Attack

The following iptables rule will help you prevent the Denial of Service (DoS) attack on your webserver.
iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
In the above example:
  • -m limit: This uses the limit iptables extension
  • –limit 25/minute: This limits only maximum of 25 connection per minute. Change this value based on your specific requirement
  • –limit-burst 100: This value indicates that the limit/minute will be enforced only after the total number of connection have reached the limit-burst level.

24. Port Forwarding

The following example routes all traffic that comes to the port 442 to 22. This means that the incoming ssh connection can come from both port 22 and 422.
iptables -t nat -A PREROUTING -p tcp -d --dport 422 -j DNAT --to
If you do the above, you also need to explicitly allow incoming connection on the port 422.
iptables -A INPUT -i eth0 -p tcp --dport 422 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 422 -m state --state ESTABLISHED -j ACCEPT   

25. Log Dropped Packets

You might also want to log all the dropped packets. These rules should be at the bottom.
First, create a new chain called LOGGING.
iptables -N LOGGING                                                                    
Next, make sure all the remaining incoming connections jump to the LOGGING chain as shown below.
iptables -A INPUT -j LOGGING                                                           
Next, log these packets by specifying a custom “log-prefix”.
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7
Finally, drop these packets.
iptables -A LOGGING -j DROP                                                                             

Wednesday, 4 July 2012

Use your Samsung Galaxy Y as Internet Access Point

One of the cool features of the Samsung Galaxy Y that is not to be found in other and older Galaxy smartphones in its class is the ability to share it's 3G internet connection to other Wi-Fi enabled devices like laptops, tablets and smartphones. This feature is commonly found on higher end Samsung Galaxy tabletss and smartphones but it is a nice treat from Samsung to have it included in this entry level Android phone.

I had a previous post of similar topic in this blog but that one deals with the Samsung Galaxy Tab. Since the naming of the feature in the menu is vastly different from that of Samsung Galaxy Tab, I took the liberty to post this one specifically for the Samsung Galaxy Y.

Having a personal Wi-Fi hotspot in your possession wherever you go offers lots of convenience to people who prefer using their laptop in browsing the internet and reading and sending email, in the absence of Wi-Fi access points in their location or even at home without regular internet  connection.

Once you activate the feature, other people can connect to your Samsung Galaxy Y and use its 3G internet connection to browse the Internet. The only downside of this feature is the maximum number of concurrent users which is set to 5 only.

To make sure that only people whom you authorize to connect will be able to use the service, you have the option to set WPA-PSK security in your device. meaning, you can set a passphrase or password which you can share with your users prior to connection just like in a dedicated Wi-Fi router/access point.

The procedure is very simple and outlined below:

1. Go to "Settings" and tap on "Wireless and Networks",

2. Tap on "Tethering and portable hotspot",

3. Tap to check the "Portable Wi-Fi Hostspot",

4. As soon as you see the "Portable Wi-Fi- hotspot AndroidAP7711 active" below the "Portable Wi-Fi hotpsot, you and your users can already connect to the Galaxy Y Access Point using your various devices but in this instance, the connection is "Open" and unsecured. What you have to do to enable security is  tap on the "Configure Portable Wi-Fi hotspot" after which you will have the option of setting your own Network SSID or leave the default "AndroidAP7711". Click on "security" below the Network SSID and choose WPA2 PSK in the dropdown list. Input your password or passphrase and you're good to go.

 By the way, before you do the above-mentioned things, make sure that your phone has enough load credits if you are on prepaid cellular service and that your network's APN is properly configured to browse over 3G. If you can browse the internet on your Galaxy Y prior to setting up the Access Point, then you will have no problem. If you cannot access the internet, check on your 'Mobile Networks Settings" and see if the "Use Packet Data" is checked or activated. This setting determines your phones capability to access the internet given enough  load credits and proper APN configuration.

In my case, prior to doing these things, I subscribe first to a day's unlimited internet with my Mobile Network or cellular provider to enjoy unhampered browsing with my pals and family members.

Wednesday, 27 June 2012

Snmpd filling up /var/log/messages

At work we have a central monitoring system for servers called Cacti, this uses standard snmp connections to servers to get their status, disk usage, CPU performance.
On my CentOS linux servers the standard snmpd daemon works well with Solarwinds but the monitoring server seems to make a lot of connections to the system and each one gets logged via the syslog daemon to /var/log/messages giving rise to lots of lines saying things like
snmpd[345435]: Connection from UDP: []:135                
last message repeated 8 times
last message repeated 13 times
These are only information messages saying a connection has been established. This is rather annoying when you are trying to read other things in /var/log/messages. The way to turn off these messages is to change the logging options of the snmpd daemons.
On Redhat ( and Ubuntu) the default logging ( the -L options ) show:–
-Ls d
Meaning log to syslog using the facility of daemon ( see syslogd and syslog.conf for more information on what that means in detail, for now suffice it to say it means all messages are written to /var/log/messages ).
The man pages for snmpcmd ( common to all net-snmp programmes ) explain you can set this to only log messages above a certain priority.
Using priorities 0-4 means warning messages, errors, alerts and critical etc messages are logged but notice info and debug level messages are ignored.
The manual pages are not that clear, to me at least at first, hence this blog.
So if we change the -Ls d to the following this will stop those messages but still allow important messages to get through:–
LS 0-4 d
The capital S is crucial to the syntax.
So where and how do we set these options? Well the snmpd daemon is started by a standard init script /etc/init.d/snmpd
In both RHEL5 and Ubuntu the scripts have some default options but also read in settings from a config file. In Ubuntu the relevant portion of the script is:-
SNMPDOPTS=’-Lsd -Lf /dev/null -p /var/run/’
TRAPDOPTS=’-Lsd -p /var/run/’
#Reads config file (will override defaults above)
[ -r /etc/default/snmpd] && . /etc/default/snmpd
So this sets the variable SNMPDOPTS to the default value and then if the file /etc/default/snmpd is readable it “sources” the content of that file.
Thus if /etc/default/snmpd contains the line
SNMPDOPTS='-LS 0-4 d -Lf /dev/null -p /var/run/'
Then stopping and starting the snmpd daemon will make it run with the new logging options we want.
sudo /etc/init.d/snmpd restart
In RHEL5 the equivalent file is /etc/snmp/snmpd.options and the equivalent variable is OPTIONS rather than SNMPDOPTS
Now there could be security implications to not recording the IP address of every SNMP request on your server in case some other system is connecting that shouldn’t be, but there are ways with community strings and other authentication options for SNMP to reduce the risk of that.
All in all the I think the risk of missing an important message in /var/log/messages outweighs the risks from not logging the snmpd messages.

shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory

Hey Guys,

If you facing issue " shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory " for restarting service whaterver mysql,httpd,etc,

just do "cd or cd / " on console

it will resolved.

[root@domU-taging]# /etc/init.d/mysqld restart
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
Stopping MySQL: [ OK ]
Starting MySQL: [ OK ]

[root@domU-taging]# cd

[root@domU- ~]# /etc/init.d/mysqld restart
Stopping MySQL: [ OK ]
Starting MySQL: [ OK ]


Monday, 25 June 2012

Using Mutt to send email

Mutt is a popular email client (MUA) which is common on Linux systems.
Given below are some how-tos on basic uses of mutt. For all UNIX utilities, the "man pages" are your best bet to learn them. I’ve just documented some popular uses of mutt. Refer the "man pages" for a more comprehensive understanding of mutt. The commands below have been tested on Red Hat Enterprise Linux 4.0 AS Update 7 with mutt v1.4.1i, unless otherwise stated.
HOW-TO 1: Send email with blank/empty body
mutt -s "Test email" < /dev/null
# where:
# -s => Subject
# => recipient's email address
HOW-TO 2: Send email with body read from a file
mutt -s "Test email" < email_body.txt
# where:
# -s => Subject
# => recipient's email address
# email_body.txt => file containing message body
HOW-TO 3: Send email with a customized sender name and email address
# The .muttrc file is Mutt's configuration file. It's default location is the $HOME directory.
# If you locate it elsewhere, specify its location with the '-F' flag.
# Add the following to the .muttrc file:
set realname="Joe Bloggs"
set from=""
set use_from=yes
# where:
# realname => Sender's name as it appears in the recipient's mail inbox.
# from => the "reply-to" address
After configuring .muttrc, send emails as per how-tos 1 and 2.
HOW-TO 4: Send attachment(s)
mutt -s "Test email" -a file1 -a file2 < /dev/null
# where:
# -s => Subject
# => recipient's email address
# file1 => first attachment
# file2 => second attachment
HOW-TO 5: Send HTML email
I know that the technical purists out there abhor HTML emails due to potential issues with accessibility and security, but hey, there’s no denying the fact that HTML-formatted emails are far more interesting to look at than plain-text email and are better at drawing your attention to specific information (ask the marketing guys and senior executives!). HTML-formatted emails are supported by Mutt versions 1.5 and higher. Here’s how you may send an HTML-formatted email using mutt v1.5.21:
mutt -e "set content_type=text/html" -s "Test email" < welcome.html
# where:
# -s => Subject
# => recipient's email address
# -e => command to execute
# content_type => email body MIME type
The MIME type multipart/alternative ensures your emails are received properly by both plain-text and HTML clients, but it does not work well with mutt at present.

Tuesday, 5 June 2012

MySQL Table is marked as crashed and last (automatic?) repair failed

If you have a table in mysql that has crashed and your attempts to repair it using mysqlcheck have failed, then you may have to resort to the lower level myisamchk command.

To use this, you will need to stop the server process (usually service mysqld stop or /etc/init.d/mysqld stop) and then find the data files (usually in /var/lib/mysql/databasename).

You can then run the following command against the table:

myisamchk -r -v -f --sort_buffer_size=128M --key_buffer_size=128M /var/lib/mysql/database/table.MYI

Obviously replacing database/table with the correct database and table.

Monday, 4 June 2012

CentOS: Install Yum

1. Login to your container/VPS via ssh as the root user.
2. Determine which version of CentOS you are running.
cat /etc/redhat-release

The output will be either:
CentOS release 6.2 (Final)
CentOS release 5.7 (Final)
CentOS release 5.6 (Final)
CentOS release 5.5 (Final)

3. Paste the commands for your CentOS version to your command line.

CentOS 6.2:
rpm -Uvh --nodeps$(uname -i)/Packages/yum-metadata-parser-1.1.2-16.el6.$(uname -i).rpm$(uname -i)/Packages/yum-plugin-fastestmirror-1.1.30-10.el6.noarch.rpm

rpm -Uvh$(uname -i)/Packages/gpgme-1.1.8-3.el6.$(uname -i).rpm$(uname -i)/Packages/pygpgme-0.1-18.20090824bzr68.el6.$(uname -i).rpm$(uname -i)/Packages/python-iniparse-0.3.1-2.1.el6.noarch.rpm$(uname -i)/Packages/python-urlgrabber-3.9.1-8.el6.noarch.rpm$(uname -i)/Packages/python-pycurl-7.19.0-8.el6.$(uname -i).rpm$(uname -i)/Packages/rpm-python-4.8.0-19.el6.$(uname -i).rpm$(uname -i)/Packages/yum-3.2.29-22.el6.centos.noarch.rpm

CentOS 5.7:
rpm -Uvh --nodeps$(uname -i)/CentOS/yum-fastestmirror-1.1.16-16.el5.centos.noarch.rpm$(uname -i)/CentOS/yum-metadata-parser-1.1.2-3.el5.centos.$(uname -i).rpm

rpm -Uvh$(uname -i)/CentOS/libxml2-2.6.26-2.1.12.$(uname -i).rpm$(uname -i)/CentOS/m2crypto-0.16-8.el5.$(uname -i).rpm$(uname -i)/CentOS/python-elementtree-1.2.6-5.$(uname -i).rpm$(uname -i)/CentOS/python-iniparse-0.2.3-4.el5.noarch.rpm$(uname -i)/CentOS/python-sqlite-1.1.7-1.2.1.$(uname -i).rpm$(uname -i)/CentOS/python-urlgrabber-3.1.0-6.el5.noarch.rpm$(uname -i)/RPMS/rpm-python-$(uname -i).rpm$(uname -i)/CentOS/yum-3.2.22-37.el5.centos.noarch.rpm

CentOS 5.6:
rpm -Uvh --nodeps$(uname -i)/CentOS/yum-fastestmirror-1.1.16-14.el5.centos.1.noarch.rpm$(uname -i)/CentOS/yum-metadata-parser-1.1.2-3.el5.centos.$(uname -i).rpm

rpm -Uvh$(uname -i)/CentOS/libxml2-2.6.26-$(uname -i).rpm$(uname -i)/CentOS/python-elementtree-1.2.6-5.$(uname -i).rpm$(uname -i)/CentOS/python-iniparse-0.2.3-4.el5.noarch.rpm$(uname -i)/CentOS/python-sqlite-1.1.7-1.2.1.$(uname -i).rpm$(uname -i)/CentOS/rpm-python-$(uname -i).rpm$(uname -i)/CentOS/m2crypto-0.16-6.el5.8.$(uname -i).rpm$(uname -i)/CentOS/python-urlgrabber-3.1.0-6.el5.noarch.rpm$(uname -i)/CentOS/yum-3.2.22-33.el5.centos.noarch.rpm

CentOS 5.5:
rpm -Uvh --nodeps$(uname -i)/CentOS/yum-fastestmirror-1.1.16-14.el5.centos.1.noarch.rpm$(uname -i)/CentOS/yum-metadata-parser-1.1.2-3.el5.centos.$(uname -i).rpm

rpm -Uvh$(uname -i)/RPMS/libxml2-2.6.26-$(uname -i).rpm$(uname -i)/CentOS/m2crypto-0.16-6.el5.6.$(uname -i).rpm$(uname -i)/CentOS/python-elementtree-1.2.6-5.$(uname -i).rpm$(uname -i)/CentOS/python-iniparse-0.2.3-4.el5.noarch.rpm$(uname -i)/CentOS/python-sqlite-1.1.7-1.2.1.$(uname -i).rpm$(uname -i)/CentOS/python-urlgrabber-3.1.0-5.el5.noarch.rpm$(uname -i)/RPMS/rpm-python-$(uname -i).rpm$(uname -i)/CentOS/yum-3.2.22-26.el5.centos.noarch.rpm

Friday, 1 June 2012

VOS3000 Installation Manual

How to install VOS3000 soft switch.

1- Install CentOS 5.5 or latest.
2- Choose minimum installation
3- Choose Server mode only don’t install KDE or GNOME.
4- Run the following command
   #yum update       (to update the CentOS)

5- Better to install webmin to manage CentOS remotely.

     # cd  /var
  # wget

  # rpm  -ivh  webmin-1.530-1.noarch.rpm 

After the installation open your browser and try to login i to webmin

Login  with root .  and update the webmin and update the operating systems .

6-  Disable the SELINUX mode
    # vi  /etc/sysconfig/selinux
          # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    # enforcing - SELinux security policy is enforced.
    # permissive - SELinux prints warnings instead of enforcing.
    # disabled - SELinux is fully disabled.
    SELINUX=disabled    # SELINUXTYPE= type of policy in use. Possible values are:
    # targeted - Only targeted network daemons are protected.
    # strict - Full SELinux protection.

    # SETLOCALDEFS= Check local definition changes


Save the file and exit

7   Check the iptables status of IPv4 and IPv6 to install VOS 3000 successfully disables the firewall

 Follow the below command   
#   /etc/init.d/iptables status
     This command will show IPtables is running or stop

#   /etc/init.d/iptables save
     This command will save the iptables (firewall rules)

#  /etc/init.d/iptables stop
   This command will stop the IPtables 

#   chkconfig iptables off
    This Command will disable the iptables services  

#  /etc/init.d/ip6tables status
  This command willl show IPtables is running or stop

#  /etc/init.d/ip6tables save
This command will save the iptables (firewall rules)

#  /etc/init.d/ip6tables stop
  This command will stop the IPtables 

#  chkconfig ip6tables off
This Command will disable the iptables services 

#  ca /etc/issue
# cat /etc/issue

Reboot the server and check the IPtables is off.
#  reboot

8-Install the dependency software’s for VOS 3000
                # cd /usr
      # tar xvf apache-tomcat-5.5.15.tar.gz
      # rpm -ivh perl-DBI-1.40-5.i386.rpm
      # rpm -ivh MySQL-server-community-5.0.51a-0.rhel4.i386.rpm
      # rpm -ivh MySQL-client-community-5.0.51a-0.rhel4.i386.rpm
      # rpm -ivh jdk-1_5_0_08-linux-i586.rpm
      # rpm -ivh emp-2.1.1-5.noarch.rpm

# rpm -ivh mbx3000-2.1.1-5.i586.rpm
      # rpm -ivh vos3000-2.1.1-5.i586.rpm
      # rpm -ivh ivr-2.1.1-5.i586.rpm
           Restart the VOS3000d Services
#  /etc/init.d/vos3000d restart
      # /etc/init.d/vos3000dall restart
      Restart the MySQL services
#  service mysql restart
Reboot the Server
Now VOS3000 Installation has done  
Procedure of License Installation of VOS3000
VOS3000 License require the Server IP address and MAC address
To get the IP address and MAC Address follow below

      #  ifconfig
      Link encap:Ethernet  HWaddr 00:0C:29:27:03:FD
inet addr:  Bcast:  Mask:
Create a directory for VOS3000 License
      # cd /usr/kunshi
      # mkdir license
      # cd license
Copy the License  file here and make it executable
      # chmod 755 license.dat
      Now restart the MySQL Services
      # /etc/init.d/mysql restart
            Restart the VOS3000 Services
      # /etc/init.d/vos3000d
      # /etc/init.d/vos3000d  restart
      # /etc/init.d/vos3000dall  restart
      # /etc/init.d/mbx3000d restart
Now change the MySQL root Password
      # usr/bin/mysqladmin -u root password vos3000

Friday, 18 May 2012

MySQL Error: Client requested master to start replication from impossible position

Error reading packet from server: Client requested master to start replication from impossible position (server_errno=1236)
Got fatal error 1236: 'Client requested master to start replication from impossible position' from master when reading data from binary log 
This might happen, for example, if there is a power failure on the master and it is unable to write out all the transactions to the replication log.

The proper way to fix it

Start replication all over.  Follow normal instructions on taking the main database down, record the master position, make a snapshot, copy it over to slave, start things back up, etc.

A more lazy clever approach

Assmption:  Lets assume that your slave was up-to-date with the master when things went sour.  This should usually be the case on a properly-configured not-overly-loaded replication setup.

First, lets look at the master status on the master:

mysql> show master status;
| File           | Position | Binlog_do_db | Binlog_ignore_db |
| box162-bin.014 | 29510700 |              |                  |
1 row in set (0.00 sec)

Okay, lets assume that when you rebooted the master or brought it back up after the power failure, that it will have started this new log, number 014.

My slave was stuck on number 013, and giving the "Client requested master to start replication from impossible position" error.

How to fix?  Well, again, with the big assumption that the slave was generally up-to-date anyway, I simply went to the slave and did:

slave stop;
slave start;

And there we have it!  The slave will start replicating on the new file.  When power goes out and you have incomplete replication logs like this, we're really hoping that things are close enough in sync that this works.

Just do a "show slave status" on your slave, and make sure Slave_IO_Running and Slave_SQL_Running both say yes.

If you get errors about duplicate keys or other SQL inconsistency, then sorry, you were not as lucky this time.  Do the normal backup.

Monday, 14 May 2012

RAID 0, RAID 1, RAID 5, RAID 10 Explained with Diagrams

RAID stands for Redundant Array of Inexpensive (Independent) Disks.
On most situations you will be using one of the following four levels of RAIDs.
  • RAID 0
  • RAID 1
  • RAID 5
  • RAID 10 (also known as RAID 1+0)
This article explains the main difference between these raid levels along with an easy to understand diagram.

In all the diagrams mentioned below:
  • A, B, C, D, E and F – represents blocks
  • p1, p2, and p3 – represents parity



Following are the key points to remember for RAID level 0.
  • Minimum 2 disks.
  • Excellent performance ( as blocks are striped ).
  • No redundancy ( no mirror, no parity ).
  • Don’t use this for any critical system.


Following are the key points to remember for RAID level 1.
  • Minimum 2 disks.
  • Good performance ( no striping. no parity ).
  • Excellent redundancy ( as blocks are mirrored ).



Following are the key points to remember for RAID level 5.
  • Minimum 3 disks.
  • Good performance ( as blocks are striped ).
  • Good redundancy ( distributed parity ).
  • Best cost effective option providing both performance and redundancy. Use this for DB that is heavily read oriented. Write operations will be slow.



Following are the key points to remember for RAID level 10.
  • Minimum 4 disks.
  • This is also called as “stripe of mirrors”
  • Excellent redundancy ( as blocks are mirrored )
  • Excellent performance ( as blocks are striped )
  • If you can afford the dollar, this is the BEST option for any mission critical applications (especially databases).

Friday, 4 May 2012

Install RRDTool on Red Hat Enterprise Linux

RRD is the Acronym for Round Robin Database. RRD is a system to store and display time-series data (i.e. network bandwidth, machine-room temperature, server load average). It stores the data in a very compact way that will not expand over time, and it presents useful graphs by processing the data to enforce a certain data density. It can be used either via simple wrapper scripts (from shell or Perl) or via frontends that poll network devices and put a friendly user interface on it.

Installing RRDTool on RHEL

In order to install RRDTool on Red Hat Enterprise Linux / CentOS Linux 64 bit version you need to install few development tools and libraries.

Step # 1: Install required dependencies

Login as root and type the following command:
# yum install cairo-devel libxml2-devel pango-devel pango libpng-devel freetype freetype-devel libart_lgpl-devel
Sample output:
Loading "rhnplugin" plugin
Loading "security" plugin
rhel-x86_64-server-vt-5   100% |=========================| 1.4 kB    00:00
rhn-tools-rhel-x86_64-ser 100% |=========================| 1.2 kB    00:00
rhel-x86_64-server-5      100% |=========================| 1.4 kB    00:00
Setting up Install Process
Parsing package install arguments
Package libxml2-devel - 2.6.26- is already installed.
Package libxml2-devel - 2.6.26- is already installed.
Package pango - 1.14.9-3.el5.i386 is already installed.
Package pango - 1.14.9-3.el5.x86_64 is already installed.
Package freetype - 2.2.1-20.el5_2.i386 is already installed.
Package freetype - 2.2.1-20.el5_2.x86_64 is already installed.
Resolving Dependencies
--> Running transaction check
---> Package libart_lgpl-devel.x86_64 0:2.3.17-4 set to be updated
---> Package pango-devel.i386 0:1.14.9-3.el5 set to be updated
--> Processing Dependency: libXft-devel for package: pango-devel
--> Processing Dependency: libXrender-devel for package: pango-devel
--> Processing Dependency: libXext-devel for package: pango-devel
--> Processing Dependency: libX11-devel for package: pango-devel
--> Processing Dependency: fontconfig-devel >= 2.0 for package: pango-devel
---> Package pango-devel.x86_64 0:1.14.9-3.el5 set to be updated
---> Package freetype-devel.x86_64 0:2.2.1-20.el5_2 set to be updated
---> Package libpng-devel.i386 2:1.2.10-7.1.el5_0.1 set to be updated
---> Package cairo-devel.x86_64 0:1.2.4-5.el5 set to be updated
---> Package libpng-devel.x86_64 2:1.2.10-7.1.el5_0.1 set to be updated
---> Package cairo-devel.i386 0:1.2.4-5.el5 set to be updated
---> Package libart_lgpl-devel.i386 0:2.3.17-4 set to be updated
--> Processing Dependency: for package: libart_lgpl-devel
---> Package freetype-devel.i386 0:2.2.1-20.el5_2 set to be updated
--> Running transaction check
---> Package libXrender-devel.i386 0:0.9.1-3.1 set to be updated
--> Processing Dependency: xorg-x11-proto-devel for package: libXrender-devel
---> Package libXft-devel.i386 0:2.1.10-1.1 set to be updated
---> Package libX11-devel.i386 0:1.0.3-9.el5 set to be updated
--> Processing Dependency: libXdmcp-devel for package: libX11-devel
--> Processing Dependency: libXau-devel for package: libX11-devel
---> Package fontconfig-devel.i386 0:2.4.1-7.el5 set to be updated
---> Package libart_lgpl.i386 0:2.3.17-4 set to be updated
---> Package libXext-devel.i386 0:1.0.1-2.1 set to be updated
--> Running transaction check
---> Package xorg-x11-proto-devel.i386 0:7.1-9.fc6 set to be updated
--> Processing Dependency: mesa-libGL-devel for package: xorg-x11-proto-devel
---> Package libXdmcp-devel.i386 0:1.0.1-2.1 set to be updated
---> Package libXau-devel.i386 0:1.0.1-3.1 set to be updated
--> Running transaction check
---> Package mesa-libGL-devel.i386 0:6.5.1-7.5.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
 Package                 Arch       Version          Repository        Size
 libart_lgpl-devel       x86_64     2.3.17-4         rhel-x86_64-server-5   21 k
 libart_lgpl-devel       i386       2.3.17-4         rhel-x86_64-server-5   21 k
 pango-devel             i386       1.14.9-3.el5     rhel-x86_64-server-5  280 k
 pango-devel             x86_64     1.14.9-3.el5     rhel-x86_64-server-5  281 k
Installing for dependencies:
 cairo-devel             x86_64     1.2.4-5.el5      rhel-x86_64-server-5  131 k
 cairo-devel             i386       1.2.4-5.el5      rhel-x86_64-server-5  130 k
 fontconfig-devel        i386       2.4.1-7.el5      rhel-x86_64-server-5  168 k
 freetype-devel          x86_64     2.2.1-20.el5_2   rhel-x86_64-server-5  151 k
 freetype-devel          i386       2.2.1-20.el5_2   rhel-x86_64-server-5  151 k
 libX11-devel            i386       1.0.3-9.el5      rhel-x86_64-server-5  665 k
 libXau-devel            i386       1.0.1-3.1        rhel-x86_64-server-5   11 k
 libXdmcp-devel          i386       1.0.1-2.1        rhel-x86_64-server-5  7.6 k
 libXext-devel           i386       1.0.1-2.1        rhel-x86_64-server-5   57 k
 libXft-devel            i386       2.1.10-1.1       rhel-x86_64-server-5   16 k
 libXrender-devel        i386       0.9.1-3.1        rhel-x86_64-server-5  8.9 k
 libart_lgpl             i386       2.3.17-4         rhel-x86_64-server-5   76 k
 libpng-devel            i386       2:1.2.10-7.1.el5_0.1  rhel-x86_64-server-5  182 k
 libpng-devel            x86_64     2:1.2.10-7.1.el5_0.1  rhel-x86_64-server-5  186 k
 mesa-libGL-devel        i386       6.5.1-7.5.el5    rhel-x86_64-server-5  465 k
 xorg-x11-proto-devel    i386       7.1-9.fc6        rhel-x86_64-server-5  247 k
Transaction Summary
Install     20 Package(s)
Update       0 Package(s)
Remove       0 Package(s)
Total download size: 3.2 M
Is this ok [y/N]:
Downloading Packages:
(1/20): libXext-devel-1.0 100% |=========================|  57 kB    00:00
(2/20): freetype-devel-2. 100% |=========================| 151 kB    00:00
(3/20): libXau-devel-1.0. 100% |=========================|  11 kB    00:00
(4/20): libart_lgpl-devel 100% |=========================|  21 kB    00:00
(5/20): libart_lgpl-2.3.1 100% |=========================|  76 kB    00:00
(6/20): cairo-devel-1.2.4 100% |=========================| 130 kB    00:00
(7/20): libpng-devel-1.2. 100% |=========================| 186 kB    00:00
(8/20): cairo-devel-1.2.4 100% |=========================| 131 kB    00:00
(9/20): fontconfig-devel- 100% |=========================| 168 kB    00:00
(10/20): mesa-libGL-devel 100% |=========================| 465 kB    00:01
(11/20): libXdmcp-devel-1 100% |=========================| 7.6 kB    00:00
(12/20): libpng-devel-1.2 100% |=========================| 182 kB    00:00
(13/20): libX11-devel-1.0 100% |=========================| 665 kB    00:02
(14/20): freetype-devel-2 100% |=========================| 151 kB    00:00
(15/20): libXft-devel-2.1 100% |=========================|  16 kB    00:00
(16/20): pango-devel-1.14 100% |=========================| 281 kB    00:01
(17/20): pango-devel-1.14 100% |=========================| 280 kB    00:01
(18/20): libXrender-devel 100% |=========================| 8.9 kB    00:00
(19/20): libart_lgpl-deve 100% |=========================|  21 kB    00:00
(20/20): xorg-x11-proto-d 100% |=========================| 247 kB    00:01
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: libart_lgpl                  ####################### [ 1/20]
  Installing: freetype-devel               ####################### [ 2/20]
  Installing: fontconfig-devel             ####################### [ 3/20]
  Installing: libpng-devel                 ####################### [ 4/20]
  Installing: libXau-devel                 ####################### [ 5/20]
  Installing: libart_lgpl-devel            ####################### [ 6/20]
  Installing: libart_lgpl-devel            ####################### [ 7/20]
  Installing: libpng-devel                 ####################### [ 8/20]
  Installing: freetype-devel               ####################### [ 9/20]
  Installing: xorg-x11-proto-devel         ####################### [10/20]
  Installing: libX11-devel                 ####################### [11/20]
  Installing: libXrender-devel             ####################### [12/20]
  Installing: libXft-devel                 ####################### [13/20]
  Installing: cairo-devel                  ####################### [14/20]
  Installing: libXext-devel                ####################### [15/20]
  Installing: pango-devel                  ####################### [16/20]
  Installing: pango-devel                  ####################### [17/20]
  Installing: libXdmcp-devel               ####################### [18/20]
  Installing: mesa-libGL-devel             ####################### [19/20]
  Installing: cairo-devel                  ####################### [20/20]
Installed: libart_lgpl-devel.x86_64 0:2.3.17-4 libart_lgpl-devel.i386 0:2.3.17-4 pango-devel.i386 0:1.14.9-3.el5 pango-devel.x86_64 0:1.14.9-3.el5
Dependency Installed: cairo-devel.x86_64 0:1.2.4-5.el5 cairo-devel.i386 0:1.2.4-5.el5 fontconfig-devel.i386 0:2.4.1-7.el5 freetype-devel.x86_64 0:2.2.1-20.el5_2 freetype-devel.i386 0:2.2.1-20.el5_2 libX11-devel.i386 0:1.0.3-9.el5 libXau-devel.i386 0:1.0.1-3.1 libXdmcp-devel.i386 0:1.0.1-2.1 libXext-devel.i386 0:1.0.1-2.1 libXft-devel.i386 0:2.1.10-1.1 libXrender-devel.i386 0:0.9.1-3.1 libart_lgpl.i386 0:2.3.17-4 libpng-devel.i386 2:1.2.10-7.1.el5_0.1 libpng-devel.x86_64 2:1.2.10-7.1.el5_0.1 mesa-libGL-devel.i386 0:6.5.1-7.5.el5 xorg-x11-proto-devel.i386 0:7.1-9.fc6

Step # 2: Download latest rrdtool tar ball

Type the following commands:
# cd /opt/
# wget

Untar tar ball, enter:
# tar -zxvf rrdtool-1.3.1.tar.gz

Step #3: Compile and install rrdtool

You need to set PKG_CONFIG_PATH, enter:
# export PKG_CONFIG_PATH=/usr/lib/pkgconfig/
Type the following commands:
# ./configure
Sample output:
config.status: executing default-1 commands
config.status: executing intltool commands
config.status: executing default commands
config.status: executing po/stamp-it commands
checking in... and out again
ordering CD from .... just kidding ;-)
Config is DONE!
          With MMAP IO: yes
       Static programs: no
          Perl Modules: perl_piped perl_shared
           Perl Binary: /usr/bin/perl
          Perl Version: 5.8.8
          Perl Options: PREFIX=/usr/local/rrdtool-1.3.1 LIB=/usr/local/rrdtool-1.3.1/lib/perl/5.8.8
          Ruby Modules:
           Ruby Binary: no
          Ruby Options: sitedir=$(DESTDIR)NONE/lib/ruby
    Build Tcl Bindings: no
 Build Python Bindings: yes
          Build rrdcgi: yes
       Build librrd MT: yes
     Link with libintl: yes
             Libraries: -lxml2 -lcairo -lcairo -lcairo -lm  -lcairo -lpng12   -lpangocairo-1.0 -lpango-1.0 -lcairo -lgobject-2.0 -lgmodule-2.0 -ldl -lglib-2.0
Type 'make' to compile the software and use 'make install' to
install everything to: /usr/local/rrdtool-1.3.1.
       ... that wishlist is NO JOKE. If you find RRDtool useful
make me happy. Go to and
place an order.
                               -- Tobi Oetiker 
Now compile and install RRDTool on RHEL:
# make
# make install
# cd /usr/local/
# ln -s rrdtool-1.3.1/ rrdtool/
# cd rrdtool
# ls -l

Friday, 10 February 2012

How to Root Your Samsung Galaxy Ace

If you own a Samsung Galaxy Ace S5830 running on Android 2.3.5 Gingerbread DDKQ5 or DDKQ6 version, you can now easily root your device. If you are unsure what version your phone is running, you can verify by heading to Settings > About Phone > Firmware Version, in which you can find valuable information on what type of firmware version your device has.

What is Rooting?

For those of you who are not familiar with rooting, it is like jailbreaking your phone to support neat new features normally not found on a smartphone. There are many benefits you can have once you gain root access on your device. For example, you can make your phone run faster, install custom ROMs, and install (sideload) applications from third-party sources.
Along with great functionalities and features rooting has to offer, it also has some downsides. Once you root your device, you are also (possibly) voiding its warranty. Although, there is usually the option of unrooting your device by updating it with a stock ROM. Overall, rooting can be a win-win situation.


  • Just in case your phone data, call log, text messages, and media files get erased in the process, you need to backup those files as a precautionary measure.
  • In order for the rooting process to begin, it is highly suggested that you need to at least charge your phone to 60%.
  • You also need to enable USB Debugging on your phone. This can be enabled by heading to Settings > Applications > Development > USB Debugging.
  • Lastly, close all potentially conflicting applications on your computer such as antivirus software, Samsung Kies PC Suite, and firewall software as they tend to disrupt or block the rooting process. If you do have other unnecessary applications that cause your phone delays, you should uninstall them or remove them as well.
Once the necessary preparations have been done, you are now ready to proceed to the rooting instructions.

Rooting Instructions

  1. Download the latest Galaxy ACE Rooting Package to your computer. Get the file here (about 925 KB).
  2. Connect your phone to your computer via USB cable.
  3. Copy the downloaded ZIP file to your phone’s SD card without renaming or modifying the file.
  4. Reboot into recovery mode. Turn off your phone. Then, simultaneously press and hold the Volume Up + OK button, and press the Power button.
  5. Your phone will boot to the recovery mode screen. From here, choose “Install zip from SD Card” and select “Choose Zip from SD”.
  6. Using the Volume Up and Volume Down keys, locate the ZIP file that you just copied to your SD card (the one named “”). Press the Power button to select it.
  7. Wait for about 5 – 10 minutes for the rooting process to finish.
  8. Once the rooting process is done, your phone will automatically reboot. If it fails to do so, head back to the main menu by selecting “++++ Go Back ++++” and select “Reboot System Now” to manually reboot your phone.
Congratulations! You have successfully rooted your Samsung Galaxy Ace. You can now enjoy the benefits of having a rooted device.

Friday, 27 January 2012

How to do a "printscreen" with a MacBook/MacBook Pro on the Windows side

This is the case: You have a MacBook or a MacBook Pro (I supose it should work on a iMac too), and for some reason you have Windows(r) installed and want to take a screenshot (printscreen).
This was tested with BootCamp 2.0
Since the MacBook/MacBook Pro don't have a "printscreen" key you shoul try this:

Shift + Fn + F11 (If your functions key controls the hardware)
Shift + F11 (If  your function keys bahaves as normal  functions keys) 

If you want take a screenshot of the active window jus add the Alt key.

Alt + Shift + Fn + F11 (If your functions key controls the hardware)
Alt + Shift + F11 (If  your function keys bahaves as normal  functions keys) 

Document Actions