In Windows i use robocopy…
This is the syntax to move from one location to another… (i like how robocopy uses UNC paths)
robocopy \\192.168.9.70\videos \\192.168.9.101\videos /move /e /r:2 /w:10
robocopy \\192.168.9.70\software \\192.168.9.101\software /move /e /r:2 /w:10
Note: if you are in a production environment execute the above without the /move for the first run!, if all goes well then run again with the /move switch (this reduces the downtime if you are swapping out servers). i.e. run the first pass before the change window.
/e moves all directories including empty ones.
In Linux i use rsync…
i typically mount a smb share on a windows host…. (you must have cifs client on linux first)
mount -t cifs -n //192.168.9.70/backup /mnt/backup -o username=user,password=mypassword
then use rsync for the copy work…
rsync -rcav /etc/ /mnt/backup/etc/
if your after linux to linux copying then rsync is also the best way to do it (via ssh), logon to your destination box via ssh and run this from your distination diretory..
rsync -ave ssh 192.168.9.10:/var/lib/mysql .
set ip_forward to 1 to enable routing between nics.
type ‘route‘ to insure both networks are routed as expected (connected route added with nic)
Setup a script with the following (CHMOD 0755 the script so it executes)
iptables -F (clears previous iptables stuff)
iptables -P INPUT DROP (will set default policy to DROP all INPUT packets – Incoming to local NICs)
iptables -P OUTPUT DROP (will set default policy to DROP all OUTPUT packets – Outgoing to local NICs)
iptables -P FORWARD DROP (will set default policy to DROP all FORWARDed packets – Routed via local NICs)
allow rules;
iptables -A FORWARD -s 172.23.23.1 -d 172.23.23.2 -p tcp –dport 80 -j ACCEPT (append forward rules – self explanatory)
Add more as required.
Want to use NAT outbound?
wlan0 => external network – route to Internet
eth0 => internal network
#setup masquerading
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
A very handy tool and the current best way i’ve found to test firewall rules is to fire up tcpdump. Check man for details but here is an example of monitoring a specific destination port and host on a specific NIC;
tcpdump -i eth1 dst port 22 and dst host 192.168.4.34
If you can see the traffic leaving the interface outbound it has made it past the firewall, if not then you need to have a look at your firewall rules or check your routing table. Type route to see current routing table
Done
How to install DHCP and DNS on Fedora / Centos / Redhat box;
yum -y install dhcp.i386 bind.i386
Set services to auto start using ntsysv — services are called “dhcpd” and “named”.
How to configure dhcp;
nano /etc/dhcpd.conf — configure as per sample provided. The sample is usually located in the same directory.
service dhcpd restart – should start without problem if done correctly
Note: dhcp range has to be on the same network as your adapter. You can run dhcpd from the command line to diagnose any issues.
How to configure bind (DNS);
I usually just forward DNS requests to my internal router. To do this just edit /etc/resolve.conf and place the following line in the file;
nameserver 192.168.9.1
Use your ip above then all should be good. Test by pinging a domain like www.yahoo.com etc… You should get an ip back even if you don’t get successful pings (due to firewall etc). nslookup is also another quick and easy way to check DNS requests.
if your card is natively supported type ;
iwconfig
iwlist scanning — should also show you the wireless networks that are in range (will work if driver is loaded)
you should see wlan0 if all is good; (grab your wireless details)
iwconfig wlan0 mode managed (should already be in this mode)
there are some cool options here like “secondary” mode which the node acts as a backup master/repeater. “Repeater” – the node forwards packets between other wire-less nodes
iwconfig wlan0 channel 6 – sets wireless to channel to 6
iwconfig wlan0 essid dwireless – sets ssid to “dwireless”
K – now it gets interesting… iwconfig doesn’t support wpa2 psk out of the bag.
http://hostap.epitest.fi/wpa_supplicant/ – you want to get your hands on wpa_supplicant or similar depending on your distro. This is a good tutorial on getting it all up and running (for ubuntu, but works on other distros) http://ph.ubuntuforums.com/showthread.php?t=571188 similar one here http://www.varesano.net/blog/fabio/wpap … no+ipw2100
If you have the Asus wireless card like i did it is best to use the ndis wrapper. The native drivers do NOT work, this is even though the native driver will seem to work – detects card, and can browse the current local wireless networks. Unfortunately it cannot actually join any network (even the unencrypted ones)
do NOT just type dhclient unless you want all adapters to renew their IP’s…. ensure that you also specify the adapter.
Things you’ll need; (basic instructions)
SSH – either Linux or Open SSH for windows (set this up first and ensure its working!). I have only used Linux, so i do not know the details of setting up a Open SSH box on windows (good luck).
Router with pinhole or port forwarding abilities. — forward your external 443 port to internal 22 on your SSH box
Putty.exe – use this to test your SSH connection locally (you should be able to connect on port 22 locally or 443 externally)
Your home IP – setup a dyndns account on one of the free services available on the web (either use your router if it has it or get a dyndns client that runs on your ssh box) — i use dyndns.org
Putty is the client side device that you will use when you are not local to your network. If you are connecting to your SSH box from external (i.e. at work) then you’ll need to configure a SSH connection profile to connect on port 443. If you have a proxy at work (which you will most probably have) you need to ensure you have filled out your proxy address and authentication details — select HTTP then enter your username / password. Then try to connect.
When you can successfully connect to your SSH box from work via 443 you can then create SSH tunnels. Under SSH on putty there is a tunnels option. This is where you can forward local ports to your remote ports… for example – 127.0.0.1:82 –> 192.168.0.10:3389. Then if you fire up RDC you can connect to your remote machine via 127.0.0.1:82
Simple? — if i haven’t made a specific part clear please ask any questions and i’ll try to make it easier to follow