Linux

IPTABLES BASIC IN RedHat Enterprise Linux

Published

4 months ago

April 11, 2022

admin

Types Of Firewall:
1. Hardware Firewall
2. Software Firewall Hardware Firewall:
A Dedicated Device used to Allow/Deny specific Port/network. Eg:- SonicWall, SmartWall …, List of Alphabetical Hardware FireWall’s Software Firewall:
Used In OS Level which can be implemented in a small Organization. Same used for block/allow port/Network. Eg :- Windows Firewall (ipsec) Default in windows, Linux (IPTABLES), Ipchains (Redhat 8).

BASIC SYNTAX FOR IPTABLES:# iptables –t <tablename> <action> <chain> <options> -j <target>

TABLE NAME:
Filter
Nat
Mangle ACTION:
-A – Append a rule
-P – To set default policy
-D – To delete a rule
-R – To replace a rule
-F – To flush all the rule
-L – To list all the rule
-I – To insert rule
-N – To print the line number CHAINS:
Input
Output
Forward
PreRouting
PostRouting

OPTIONS OR MATCHING CRITERIA:
-s ? source ip/netmask
-d ? destination ip/netmask
–sport ? source port
–dport ? destination port
-p ? protocol (tcp, udp, icmp, etc..)
-I ? input interface (eth0,—-)
-o ? output interface (eth0,—)TARGET:
Accept
Drop
Reject
Snat
Dnat
Log
Masquerade Configuration file for IPTABLES:

The Configuration file for IPTABLES is located under /etc.

1. /etc/sysconfig/iptables-config

The IPTABLES Rules are stored in :

1. /etc/sysconfig/iptables

Services used in IPTABLES:

1.service iptables restart

2.service iptables save

3.service iptables start

4.service iptables status

How To Enable IP-Forwarding in Rhel:

1. Open /etc/sysctl.conf
2. Go to Line No = 7
3. Change net.ipv4.ip_forward = 0 to net.ipv4.ip_forward = 1
4. Save and Exit
5. Type sysctl -p to check the ip forwarding.

To List Iptables:

1. iptables -L (Capital “L”)

To Flush Iptables :

1.iptables -F (Capital “F”)

In the above Diagram you can see that iptable rule is flushed. as previous some rule is added.

once u flushed the rule there is no rule in the iptables as u can see in the above Example.

Example 1:

How to disable Ping Request using IPTABLES.

Command:

# iptables -t filter -A INPUT -p icmp -j REJECT

As you can see after applying the iptable rule we cannot able to ping that specific server from command prompt.

NOTE :

Like the above example we can allow/Deny specific port like ssh,FTP,Telnet etc….,

Example 2:

1.How to block a specific ipaddress to communicate

Command:

# iptables -t filter -A INPUT -s 192.168.0.0/24 -j REJECT

Using the above command we can able to reject the whole 192 subnet .

NOTE:

using the same example we can Allow/Deny a specific network or whole network.

Example 3:

1. How to block the Specific Port number.

Command:

# iptables -t filter -A INPUT -p tcp –sport 20 -j REJECT (Rejecting FTP Port)

In the above example the FTP port is Rejected, Thats why we are not able to connect telnet Via 20 port number.

NOTE:

Using the Same above Example we can able to Allow/Deny other Ports Like ssh(22),DNS(53)…,

To Save the IPTABLE Rule to a File:

#iptables-save > /filename.iptables

To Restore the IPTABLE Rule From file:

#iptables-restore < /filename.iptables

I Just mentioned a Drop of IPTABLES, Still there is OCEAN to explore. please explore many and post ur commends here.

Up Next

Few Linux Monitoring Tools

Don't Miss

Some Crazy Linux Commands

Linux

How To Recover The Lost Or Deleted Partitions In Linux

Published

4 months ago

April 11, 2022

admin

This article explain you how to recover the lost or deleted partition in linux. Losing of disk partition is occur due to sudden power off or some other problem like accidently deleting the hard disk partition by the users. In this cases, if you want to recover the losted disk partition their is so many recovering tools are availble on linux. In this article we will use the gpart to recover the disk partition.

The gpart is guess PC-type hard disk partitions, that tries to recover the hard disk partitions. This gpart have limitation, It can only detect the following type of partitions.

* beos

* bsddl

* ext2

* fat

* hpfs

* hmlvm

* lswap

* minix

* ntfs

* qnx4

* rfs

* s86dl

* xfs

To add more filesystem for guessing, modules can be added at runtime

Step 1

To recover the lost or deleted partition of your hard disk, first boot the system with a linux OS CD that what flavour you used in that crashed disk finally.

Step 2

Then go to rescue mode with that Linux OS CD, that bring you to a rescue mode .

Step 3

Now you put the following command for available disk partition checking

# fdisk -l

Disk /dev/sda: 160.0 GB, 160041885696 bytes

18 heads, 4 sectors/track, 4341414 cylinders

Units = cylinders of 72 * 512 = 36864 bytes

Device Boot Start End Blocks Id System

This show no partition on your disk, it means all the partiotions are losted.

Step 4

Now run the below command

# gpart /dev/sda

The output of the above command will be like this

This command will show’s the all guessed partitions available on the hard disk. Now verify the result that showing the lost partition of your disk correctly or not.

Step 5

After verifying the output write the the partition table by using the -W option on gpart command

# gpart -W /dev/sda /dev/sda

it can be written the guessed disk partition to the specified file or device on your hard disk. now you got back your deleted partition successfully .

Linux

Basics Of Network File Sharing Setup on Linux

Published

4 months ago

April 11, 2022

admin

Introduction:

Network File Sharing (NFS) is a protocol which used to share the local hard disk Between the Linux machines over the network, that act as a local disk to the clent user.

Versions:

At present there are three versions of NFS

* NFSv2 – It is a older and is widely supported version

* NFSv3 – It supports safe asynchronous writes and a more robust error handling than NFSv2,it also supports 64-bit file sizes and offsets

* NFSv4 – It works through firewalls and on the Internet, no longer requires an rpcbind service, supports ACLs, and utilizes stateful operations

Port Number :

The Default Port Number of NFS is 2049

Packages Needed:

The Packages needed for NFS are

* nfs-utils

* portmap

* nfs4-acl-tools

Required Services:

To run the NFS the following dameon or services is used

* portmap (rpcbind for RHEL 6)

* nfslock

* nfs

Portmap :

portmap or RPC Program or otherwise called as rpcbind.NFS uses Remote Procedure Calls (RPC) to handle the requests between clients and servers.

nfslock :

It lock the files for remote and local nfs request .

nfs :

service nfs start the NFS server and the appropriate RPC processes to service requests for shared NFS file systems.

Configuring NFS on the Server :

Both the NFS server and NFS client need the NFS package installed and running on the machine. The server needs rpcbind, nfs, and nfslock operational, as well as a correctly configured /etc/exports file.The /etc/exports file is the main NFS configuration file, and it consists of two columns. The first column lists the sharing directories over the network. The second column has two parts. The first part is for mentioning the networks or DNS domains that can get access to the directory, and the second part is for NFS options in brackets.

Example:

# vim /etc/exports

/home/example/share 192.168.1.2 (ro,sync)

:wq

Then Start the Required services

Configuring NFS on The Client :

NFS configuration on the client requires you to start the NFS application; create a directory on which to mount the NFS server’s directories that you exported via the /etc/exports file, and finally to mount the NFS server’s directory on your local directory, or mount point.

/etc/fstab file

The /etc/fstab file lists all the partitions that need to be mounted automatically when the system boots. For this, we need to edit the /etc/fstab file if you need the NFS directory to be made permanently available to the users .

A valid /etc/fstab entry to mount an NFS export should contain the following information:

server:/remote-shaing-path/ /local-mounting-directory/ nfs options 0 0

Example:

# vim /etc/fstab

192.168.1.2:/home/example/sharing /home/example2/remote-files nfs soft,nfsvers=2 0 0

:wq

Possible NFS Mount Options

bg ==========> Retry mounting in the background if mounting initially fails

fg ==========> Mount in the foreground

soft ==========> Use soft mounting

hard ==========> Use hard mounting

rsize=n ==========> The amount of data NFS will attempt to access per read operation. The default is dependent on the kernel. For NFS version 2, set it to 8192 to assure maximum throughput.

wsize=n ==========> The amount of data NFS will attempt to access per write operation. The default is dependent on the kernel. For NFS version 2, set it to 8192 to assure maximum throughput.

nfsvers=n ==========> The version of NFS the mount command should attempt to use

tcp ==========> Attempt to mount the filesystem using TCP packets: the default is UDP.

intr ==========> If the filesystem is hard mounted and the mount times out, allow for the process to be aborted using the usual methods such as CTRL-C and the kill command.

Temprovary Mount of NFS :

mount -t nfs [SERVER:sharing-path] [mounting-directory]

Example : # mount -t nfs 192.168.1.2:/home/example/sharing /mnt/

( -t indicates the file system type )

Linux

Unix/Linux command prompt keyboard shortcut keys

Published

4 months ago

April 11, 2022

admin

Linux / Unix Command prompt supports huge number of shortcut keys. If you familiar with the shortcut keys you can utilizes the command prompt very faster. The more practice on the shortcut keys will give you more speed in the command prompt. Below are the shortcut keys.