Pario TechnoBlob
msgbartop
A cronological documentation test project, nothing serious, really!
msgbarbottom

05 Jun 2009 Howto install Skype on a 64bit Ubuntu 9.04

This post describes how to install Skype, the popular VOIP and video conference program on a 64bit Ubuntu 9.04 (Jauty Jackalope) system.

# sudo apt-get install ia32-libs lib32asound2 libqt4-core libqt4-gui
# wget -O skype-install.deb http://www.skype.com/go/getskype-linux-ubuntu
# sudo dpkg -i --force-architecture skype-install.deb

The application should now be located under Applications -> Internet -> Skype.

Tags: , , ,

Posted by Hans-Henry Jakobsen

Filed in Linux, Network with 0 Comments

24 May 2009 ufw and IP masquerading

I’ve just upgraded my home server from Ubuntu 8.10 to 9.04 and experienced that my ufw firewall (iptables) would not route traffic from my local network to the Internet. My IP masquerading was not working anymore and since I had not documented the process when I set it up I had to search the Ubuntu pages to find the solution and came up with this.

The purpose of IP Masquerading is to allow machines with private, non-routable IP addresses on your network to access the Internet through the machine doing the masquerading. Traffic from your private network destined for the Internet must be manipulated for replies to be routable back to the machine that made the request. To do this, the kernel must modify the source IP address of each packet so that replies will be routed back to it, rather than to the private IP address that made the request, which is impossible over the Internet. Linux uses Connection Tracking (conntrack) to keep track of which connections belong to which machines and reroute each return packet accordingly. Traffic leaving your private network is thus “masqueraded” as having originated from your Ubuntu gateway machine. This process is referred to in Microsoft documentation as Internet Connection Sharing.

ufw Masquerading

IP Masquerading can be achieved using custom ufw rules. This is possible because the current back-end for ufw is iptables-restore with the rules files located in

/etc/ufw/*.rules

These files are a great place to add legacy iptables rules used without ufw, and rules that are more network gateway or bridge related.

The rules are split into two different files, rules that should be executed before ufw command line rules, and rules that are executed after ufw command line rules.

  • First, packet forwarding needs to be enabled in ufw. Two configuration files will need to be adjusted, in /etc/default/ufw change the 
    DEFAULT_FORWARD_POLICY

    to “ACCEPT”:

    DEFAULT_FORWARD_POLICY="ACCEPT"

    Then edit /etc/ufw/sysctl.conf and uncomment:

    net.ipv4.ip_forward=1

    Similarly, for IPv6 forwarding uncomment:

    net.ipv6.conf.default.forwarding=1
  • Now we will add rules to the /etc/ufw/before.rules file. The default rules only configure the filter table, and to enable masquerading the nat table will need to be configured. Add the following to the top of the file just after the header comments: 
    # nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]

# Forward traffic from eth1 through eth0.
-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

# don't delete the 'COMMIT' line or these nat table rules won't be processed
COMMIT

    The comments are not strictly necessary, but it is considered good practice to document your configuration. Also, when modifying any of the rules files in /etc/ufw, make sure these lines are the last line for each table modified:

    # don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

    For each Table a corresponding COMMIT statement is required. In these examples only the nat and filter tables are shown, but you can also add rules for the raw and mangle tables.

    [Note]
    In the above example replace eth0, eth1, and 192.168.0.0/24 with the appropriate interfaces and IP range for your network.
  • Finally, disable and re-enable ufw to apply the changes: 
    sudo ufw disable && sudo ufw enable

IP Masquerading should now be enabled. You can also add any additional FORWARD rules to the /etc/ufw/before.rules. It is recommended that these additional rules be added to the ufw-before-forward chain.

Source: https://help.ubuntu.com/9.04/serverguide/C/firewall.html

Tags: , , , , ,

Posted by Hans-Henry Jakobsen

Filed in Linux, Network, Security with 0 Comments

21 Jan 2009 IP address change notifier script

This is a simple bash script that is run by crontab every 5 minutes on a linux box.
It e-mails me the new address when a change of IP address is detected.

The script (ipchangemail.sh)

#!/bin/bash 

# Check if IP-address has changed. If a change has occured, mail me the new address
# Add the following line to crontab if you would like it to be run every 5 minutes:
# */5 * * * * ./ipchangemail.sh

# The network interface I want to monitor
NET_INTERFACE=eth0

# File to keep the latest IP address
IP_FILE=myip.txt

# Mail to this address when a change occur
MAILTO=mail@example.com

# Read the previous IP address from file
source $IP_FILE

CURRENT_IP=`/sbin/ifconfig $NET_INTERFACE | sed -n "/inet addr:.*255.255.25[0-5].[0-9]/{s/.*inet addr://; s/ .*//; p}"`

if [ "$CURRENT_IP" != "$OLD_IP" ]
then
        # Send email about address change
        `echo "New IP address detected: $CURRENT_IP" | mail -s "New IP address" $MAILTO`

        # Write new address to file
        `echo "OLD_IP=$CURRENT_IP" > $IP_FILE`
fi

The script can be downloaded here.

Tags: , , ,

Posted by Hans-Henry Jakobsen

Filed in Linux, Misc, Network, Photo etc, Scripting, Web with 0 Comments

01 Dec 2008 Network upgrade Ubuntu Server 8.04 to 8.10

This post describes how I upgraded my Ubuntu (Hardy Heron) 8.04 server installation to (Intrepid Ibex) 8.10 from the command line.

First you’ll need to make sure you are running the latest packages

# sudo aptitude update
# sudo aptitude safe-upgrade

Then you will need to install the Ubuntu upgrade package

# sudo aptitude install update-manager-core

You can start the upgrade when the package is installed

# sudo do-release-upgrade

Then you just have to follow the on-screen instructions and answer the questions as they pop up. One thing to note is the fact that it is not suggested to perform the upgrade via a remote ssh connection. I have done earlier upgrades multiple times before without any problems, but I might just have been lucky.

Tags: , , , , ,

Posted by Hans-Henry Jakobsen

Filed in Linux, Network with 0 Comments

17 Sep 2008 Disable IPv6 on Redhat RHEL4

First you remove this line from /etc/modprobe.conf if this line exists. 

alias net-pf-10 ipv6

Add the following line to /etc/modprobe.conf

alias net-pf-10 off

Reboot the system. IPv6 is now disabled.

To re-enable IPv6, remove the alias net-pf-10 off line from /etc/modprobe.conf and reboot the machine.

I’ve also made a post about how to disable IPv6 on RHEL5.

Tags: ,

Posted by Hans-Henry Jakobsen

Filed in Linux, Network with 0 Comments
« Previous Posts
Next Posts »
sidebartop

Tags

Apache apt-get awk backup basename bash CentOS convert csv Database dd Debian egrep Etch EXIF Fedora find Gentoo grep howto html imagemagick iptables iso jhead JPG mount MySQL mysqldump Nikon nmap perl PHP Postfix RedHat rhel5 rpm sed SMTP sort ssh Ubuntu vim xargs Zimbra
sidebarbottom
sidebartop

Categories

sidebarbottom
sidebartop

Recent Comments

sidebarbottom
sidebartop

Meta

sidebarbottom
© Pario TechnoBlob / Design: Smashing Wordpress Themes