Linux – Page 4 – sigtar.com

squid – your transparent proxy friend

Posted on April 10, 2009 by Daz — No Comments ↓

Still my favourite light and fast web proxy is Squid. Its very easy to setup and get running on almost all flavours of linux. You can find it here http://www.squid-cache.org/ but will probably find it in your local package manager…

This is for more my own reference… as i don’t think too many people have the need for a transparent proxy. You only need one NIC configured on your VM / machine as its most probably on the same subnet as your dsl etc…

1. Setup squid working as a proxy first!

Set the default gateway on the NIC to your router. I also added a default route 0.0.0.0 sub 0.0.0.0 to the router also just in case the default route didn’t work. But seemed to!

Setup DNS! remember you should be able to resolve a name to an IP without issues (can cause most of the problems) Point your default DNS to your router (most have built in DNS forwarders), else you can just use your ISP’s DNS’s

2. Change the squid.config to have the necessary changes to act as a transparent proxy;

nano /etc/squid/squid.conf

http_port 3128 transparent

3. Put this into the startup script; (usually in rc.d under etc) rc.local

iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128

This redirects standard tcp requests to 3128 (squid’s port)… transparent to user

4. Ensure that IP forwarding is ENABLED;

change ip_forward from 0 to 1 (usually a txt file somewhere with 0 in it), do a search and you will find it… most probably in the ipv4 directory. This way all 443 (https and other apps) can forward to the web without issue…

echo 1 > /proc/sys/net/ipv4/ip_forward

Should be it…. else good luck!

Update: I have done an updated post about configuring open solaris as a transparent proxy here : https://sigtar.com/2009/04/22/opensolaris-configuring-squid-as-transparent-proxy/

Windows / Linux – File Migration Tools

Posted on February 21, 2009 by Daz — No Comments ↓

In Windows i use robocopy…

This is the syntax to copy from one location to another… (i like how robocopy uses UNC paths)

robocopy \\192.168.9.70\videos \\192.168.9.101\videos /e /r:2 /w:10 /sec
robocopy \\192.168.9.70\software \\192.168.9.101\software /e /r:2 /w:10 /sec

Note: i always copy instead of the move. Run multiple times before switch over to shorten time for final sync. Always use the /SEC to copy over the NTFS permissions. I have had problems with the non X010 version of robocopy not copying NTFS permissions across. Check NTFS permissions before removing the source files. You can update files NTFS permissions with /SECFIX switch if required.

/e moves all directories including empty ones.

In Linux i use rsync…

i typically mount a smb share on a windows host…. (you must have cifs client on linux first)

mount -t cifs -n //192.168.9.70/backup /mnt/backup -o username=user,password=mypassword

then use rsync for the copy work…

rsync -rcav /etc/ /mnt/backup/etc/

if your after linux to linux copying then rsync is also the best way to do it (via ssh), logon to your destination box via ssh and run this from your distination diretory..

rsync -ave ssh 192.168.9.10:/var/lib/mysql .

Linux – routing examples

Posted on February 20, 2009 by Daz — No Comments ↓

set ip_forward to 1 to enable routing between nics.
type ‘route‘ to insure both networks are routed as expected (connected route added with nic)

Setup a script with the following (CHMOD 0755 the script so it executes)

iptables -F (clears previous iptables stuff)
iptables -P INPUT DROP (will set default policy to DROP all INPUT packets – Incoming to local NICs)
iptables -P OUTPUT DROP (will set default policy to DROP all OUTPUT packets – Outgoing to local NICs)
iptables -P FORWARD DROP (will set default policy to DROP all FORWARDed packets – Routed via local NICs)

allow rules;
iptables -A FORWARD -s 172.23.23.1 -d 172.23.23.2 -p tcp –dport 80 -j ACCEPT (append forward rules – self explanatory)

Add more as required.

Want to use NAT outbound?

wlan0 => external network – route to Internet
eth0 => internal network

#setup masquerading
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

A very handy tool and the current best way i’ve found to test firewall rules is to fire up tcpdump. Check man for details but here is an example of monitoring a specific destination port and host on a specific NIC;

tcpdump -i eth1 dst port 22 and dst host 192.168.4.34

If you can see the traffic leaving the interface outbound it has made it past the firewall, if not then you need to have a look at your firewall rules or check your routing table. Type route to see current routing table

Done

Linux – Add DHCP and DNS

Posted on February 11, 2009 by Daz — No Comments ↓

How to install DHCP and DNS on Fedora / Centos / Redhat box;

yum -y install dhcp.i386 bind.i386

Set services to auto start using ntsysv — services are called “dhcpd” and “named”.

How to configure dhcp;

nano /etc/dhcpd.conf — configure as per sample provided. The sample is usually located in the same directory.
service dhcpd restart – should start without problem if done correctly

Note: dhcp range has to be on the same network as your adapter. You can run dhcpd from the command line to diagnose any issues.

How to configure bind (DNS);

I usually just forward DNS requests to my internal router. To do this just edit /etc/resolve.conf and place the following line in the file;

nameserver 192.168.9.1

Use your ip above then all should be good. Test by pinging a domain like www.yahoo.com etc… You should get an ip back even if you don’t get successful pings (due to firewall etc). nslookup is also another quick and easy way to check DNS requests.

Linux – Wireless networking

Posted on February 10, 2009 by Daz — No Comments ↓

if your card is natively supported type ;

iwconfig

iwlist scanning — should also show you the wireless networks that are in range (will work if driver is loaded)

you should see wlan0 if all is good; (grab your wireless details)

iwconfig wlan0 mode managed (should already be in this mode)

there are some cool options here like “secondary” mode which the node acts as a backup master/repeater. “Repeater” – the node forwards packets between other wire-less nodes

iwconfig wlan0 channel 6 – sets wireless to channel to 6
iwconfig wlan0 essid dwireless – sets ssid to “dwireless”

K – now it gets interesting… iwconfig doesn’t support wpa2 psk out of the bag.
http://hostap.epitest.fi/wpa_supplicant/ – you want to get your hands on wpa_supplicant or similar depending on your distro. This is a good tutorial on getting it all up and running (for ubuntu, but works on other distros) http://ph.ubuntuforums.com/showthread.php?t=571188 similar one here http://www.varesano.net/blog/fabio/wpap … no+ipw2100

If you have the Asus wireless card like i did it is best to use the ndis wrapper. The native drivers do NOT work, this is even though the native driver will seem to work – detects card, and can browse the current local wireless networks. Unfortunately it cannot actually join any network (even the unencrypted ones)

do NOT just type dhclient unless you want all adapters to renew their IP’s…. ensure that you also specify the adapter.