IP FORWARDING ON LINUX -
SCENARIO -
server1 - 192.168.1.2 - 2 LAN CARDS
server2 - 10.107.80.1
Broad Band Link has been connected to server1 on LAN Card1 [eth0] - 192.168.1.2
The second ethernet card [ eth1] is connected to a switch where other computers are connected.
Now edit the file /etc/sysctl.conf and bring changes to the below line there.
#vi /etc/sysctl.conf
#Controls IP Packet Forwarding
net.ipv4.ip_forward = 1
Save the file and run the below command to enable the changes brought to the file.
# sysctl -p /etc/sysctl.conf
# service network restart
Thursday, September 30, 2010
Thursday, September 23, 2010
SQUID PROXY SERVER
WHAT IS PROXY SERVER ?
- Proxy Server controls client computer's access to Internet.
- It blocks the users from accessing undesirable websites.
- It hides the inteernal identity of a network
- It is generally used to share internet from one machine to other client machines.
- It improves performance by storing webpages locally.
- It is opensource
SQUID PROXY SERVER
- Squid is an internet object cache that can act as proxy serverr for http,ftp etc.
- Clients request URLs from squid which then serves the cached copies of the URLs if they have been previously requested.
SQUID AS HTTP ACCELERATOR -
Squid makes URL requests on be half of a client when it acts as a proxy & it serves the URL requests on be half of a server when it acts as an accelerator.
* Squid on behalf of a client ---> Proxy
* Squid on behalf of a Server ---> Accelerator
SQUID PROXY CAN BE CONFIGURED AS -
1. A simple Proxy shared server
2. A caching Web server
3. A Firewall
SERVICE PROFILE
Daemon - /urs/sbin/squid
Script - /etc/init.d/squid
SQUID SERVER INSTALLATION & CONFIGURATIONS -
[INSTALLATION OF RPM PACKAGE THROUGH YUM]
# yum install squid*
it will install squid rpm with necessary dependencies installed.
# chkconfig squid on
# vi /etc/squid/squid.conf
Go to line No - 73 or search for "http_port"
Replace the port with a new number if you want. By default the 3128 port will be found set for squid.
:wq - write and quit to save your squid configuration file
# service squid restart
Now a squid proxy server with port number as defined in the configuration file is ready to be used.
Then search for the term "INSERT"
or line number 2522
HOW TO TEST YOUR SQUID SERVICE WORKING OR NOT ?
Go to a system. open browser. set the proxy by giving the ip address & port number as defined for your squid proxy server.
Then try to access internet. Check if that comes or not. [ it depends on the restrictions you make ]
HOW TO SET PROXY ON CLIENTs ?
- Open Mozilla Firefox
- Edit -- Preferences
- General Tab -- Connection Settings
- Maual Proxy Setting
- Http Proxy -- Proxy server ip address
- Proxy Port No - Give the port number
- Ok
SQUID PROXY SETTING ON CLIENT THROUGH COMMAND MODE -
# export squid_proxy=http://squidserverip:squidport
HOW TO DEFINE RULES IN SQUID ?
# vi /etc/squid/squid.conf
Search for a term "INSERT" or go to line number 2522 [ Line number may vary version to version]
Then insert rules of your own as below -
# ACL Restricting KURTAPAIJAMA.COM from being accessed by clients
acl Jhakass url_regex kurtapaijama.com
http_access deny Jhakass
[ Jhakass is the acl defined]
So kurtapaijama.com won't be accessible to users connected to internet through this proxy server.
# ACL allowing users on systems from the subnet 192.168.0.0/24 to internet.
acl BBDM src 192.168.0.0/24
http_access allow BBDM
[BBDM (Stands for Bad Boys Dirty Minds) is the acl name]
- Proxy Server controls client computer's access to Internet.
- It blocks the users from accessing undesirable websites.
- It hides the inteernal identity of a network
- It is generally used to share internet from one machine to other client machines.
- It improves performance by storing webpages locally.
- It is opensource
SQUID PROXY SERVER
- Squid is an internet object cache that can act as proxy serverr for http,ftp etc.
- Clients request URLs from squid which then serves the cached copies of the URLs if they have been previously requested.
SQUID AS HTTP ACCELERATOR -
Squid makes URL requests on be half of a client when it acts as a proxy & it serves the URL requests on be half of a server when it acts as an accelerator.
* Squid on behalf of a client ---> Proxy
* Squid on behalf of a Server ---> Accelerator
SQUID PROXY CAN BE CONFIGURED AS -
1. A simple Proxy shared server
2. A caching Web server
3. A Firewall
SERVICE PROFILE
Daemon - /urs/sbin/squid
Script - /etc/init.d/squid
SQUID SERVER INSTALLATION & CONFIGURATIONS -
[INSTALLATION OF RPM PACKAGE THROUGH YUM]
# yum install squid*
it will install squid rpm with necessary dependencies installed.
# chkconfig squid on
# vi /etc/squid/squid.conf
Go to line No - 73 or search for "http_port"
Replace the port with a new number if you want. By default the 3128 port will be found set for squid.
:wq - write and quit to save your squid configuration file
# service squid restart
Now a squid proxy server with port number as defined in the configuration file is ready to be used.
Then search for the term "INSERT"
or line number 2522
HOW TO TEST YOUR SQUID SERVICE WORKING OR NOT ?
Go to a system. open browser. set the proxy by giving the ip address & port number as defined for your squid proxy server.
Then try to access internet. Check if that comes or not. [ it depends on the restrictions you make ]
HOW TO SET PROXY ON CLIENTs ?
- Open Mozilla Firefox
- Edit -- Preferences
- General Tab -- Connection Settings
- Maual Proxy Setting
- Http Proxy -- Proxy server ip address
- Proxy Port No - Give the port number
- Ok
SQUID PROXY SETTING ON CLIENT THROUGH COMMAND MODE -
# export squid_proxy=http://squidserverip:squidport
HOW TO DEFINE RULES IN SQUID ?
# vi /etc/squid/squid.conf
Search for a term "INSERT" or go to line number 2522 [ Line number may vary version to version]
Then insert rules of your own as below -
# ACL Restricting KURTAPAIJAMA.COM from being accessed by clients
acl Jhakass url_regex kurtapaijama.com
http_access deny Jhakass
[ Jhakass is the acl defined]
So kurtapaijama.com won't be accessible to users connected to internet through this proxy server.
# ACL allowing users on systems from the subnet 192.168.0.0/24 to internet.
acl BBDM src 192.168.0.0/24
http_access allow BBDM
[BBDM (Stands for Bad Boys Dirty Minds) is the acl name]
Monday, September 20, 2010
NAGIOS MONITORING SERVER (Installation & Configurations)
NAGIOS INSTALLATION & CONFIGURATION
ü Login as root .
ü Move the nagios core package from desktop to a directory /usr/local/nagios. If it is not there then create it ……… #mkdir /usr/local/nagios
ü #mv nagios…tar.gz /usr/local/nagios
ü # cd /usr/local/nagios
ü # tar xzvf nagios….tar.gz
ü # ls
ADDING USERS & GROUPS
ü # adduser nagios
ü # groupadd nagcmd
Adding nagios and Apache users to nagcmd:
ü # usermod –G nagcmd nagios
ü # usermod –G nagcmd Apache
[ Apache user will be automatically created if httpd package is installed. ]
ü Changing user and group owner for /usr/local/nagios-
# chown nagios.nagios /usr/local/nagios
ü Then ...
# cd /usr/local/nagios
# ls
As we have already extracted nagios core package that was in tar.gz form , we will see one folder for nagios.
# cd nagios-3.0.3
# ./configure –prefix=/usr/local/nagios
--with-cgiurl=/nagios/cgi-bin --with-htmurl=/nagios/
--with-nagios-user=nagios --with-nagios-group=nagios
--with-command-group=nagcmd
Compiling binaries-
# make all
[compiles nagios and CGIs. (compiles—error checking for the source code)]
[compiles nagios and CGIs. (compiles—error checking for the source code)]
Installing binraies
# make install
[Installing binaries and HTML files i.e the documentation and the main webpage
[Installing binaries and HTML files i.e the documentation and the main webpage
# make install-init Installing init script to /etc/rc.d/init.d/nagios
# make install-commandmode
# make install-config
[To get configuration files like main,resource and CGI configuration files installed.]
[To get configuration files like main,resource and CGI configuration files installed.]
HOW TO CHECK NAGIOS IS INSTALLED OR NOT ?
# cd /usr/local/nagios
# ls
We should get five directories as
etc ------ Contains Main, resource,CGI configuration files
bin ------ Contains Nagios core program
share ---- Contains HTML files for web interface and online documentation.
Sbin ----- Contains CGIs
Var ------ Contains logfiles, status files etc.
Libexec –
NAGIOS PLUG-INS:
Nagios plug-ins are installed in libexec directory.
Here we moved the nagos plug-in package from Desktop to /usr/local/nagios/libexec. But it is not compulsory to extract the package in side the libexec directory. Where ever we extract, it will be installed in libexec.
# mv nagios-plugins…tar.gz /usr/local/nagios/libexec
# cd /usr/local/nagios/libexec
# tar xxvf nagios-plugin-…tar.gz
# ls
# cd nagios-plugins-1.4.13
# ./configure –prefix=/usr/local/nagios --with-nagios-user=nagios
–with-nagios-group=nagios
It may show some RedHat soaping or some problem related to RedHat.
Then try---
# ./configure –enable-redhat-pthread-workaround [preferable]
Or
# ./configure –disable-redhat-pthread
Then
# make all
# make install
Nagios plug-ins are installed.
3) Post install Configuration of Nagios
Edit apache’s httpd.conf file. (the location of the httpd.conf file may differ)vim /etc/httpd/conf/httpd.confAdd the following line at the end of the file.Include /etc/httpd/conf/nagios.confCreate the file ‘/etc/httpd/conf/nagios.conf’.vi /etc/httpd/conf/nagios.confAdd the following contents to this file.————————————————-
ScriptAlias /nagios/cgi-bin/ /usr/local/nagios/sbin/
<Directory /usr/local/nagios/sbin/>
AllowOverride AuthConfig
Options ExecCGI
Allow from all
Order allow,deny
</Directory>
Alias /nagios/ /usr/local/nagios/share/
<Directory /usr/local/nagios/share/>
Options None
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
————————————————–
<Directory /usr/local/nagios/share/>
Options None
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
————————————————–
Make sure the updations done with http is fine and restart apache.
#service httpd restartCreate ‘.htaccess’ file in ‘/usr/local/nagios/share/’ and ‘/usr/local/nagios/sbin/’.#touch /usr/local/nagios/share/.htaccess#touch /usr/local/nagios/sbin/.htaccess - securing access to CGI files.AuthName "Nagios Access"AuthType BasicAuthUserFile /usr/local/nagios/etc/htpasswd.usersrequire valid-userhtpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadminls -l /usr/local/nagios/etc/htpasswd.userschmod o+r /usr/local/nagios/etc/htpasswd.usersservice httpd restart5)Advanced Nagios Configurations.
Rename the sample files to the real names.cd /usr/local/nagios/etc/for i in *sample ; do mv $i `echo "$i" |sed s/-sample//` ; donecheck_external_commands=1Physical_html_path=/usr/local/nagios/share
use_authentication=1authorized_for_system_information=nagiosadminauthorized_for_configuration_information=nagiosadminauthorized_for_system_commands=nagiosadminauthorized_for_all_services=nagiosadminauthorized_for_all_hosts=nagiosadminauthorized_for_all_service_commands=nagiosadminauthorized_for_all_host_commands=nagiosadminIf the authentication for the cgi files in side /usr/local/nagios/sbin directory are not enabled, then we won’t be able to r
submit passive checks for a particular service for a particular host in nagios manually.
Subscribe to:
Posts (Atom)