On the Net

|Main Blog|Yearning|  

Words of God


About Linux News and OpenSource




and below are my posts....


Wednesday, November 30, 2005

Using LINUX as NAT gateway

Share your internet connection in your LAN by using Linux and IPTABLES. First, create a script and put it in your /etc/rc.d/ then name it gateway.sh like below..

root@localhost#vi /etc/rc.d/gateway.sh

then enter the following:
#!/bin/sh
echo “1″ > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

where eth1 is your interface connected to internet and eth0 is the interface connected to LAN. Then the ip address of your eth0 should be the ip gateway of the hosts connected to your LAN.

After you made that little script, put that in your rc.local file so it will run everytime the pc starts-up. Do it like this:

root@localhost#vi /etc/rc.d/rc.local

#at the end of all the script, enter the ff. line
/etc/rc.d/gateway.sh

then save it

Opps, we have not yet made that gateway.sh executable, so to make it, do it like this:
root@localhost#chmod +x /etc/rc.d/gateway.sh

now you can run that script or when you restart, it will just start.

Basic Cisco Router SNMP Config

Basic Cisco Router SNMP Configuration

To enable read-only SNMP services, use the following configuration command:

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#snmp-server community thisisatest ro
Router(config)#end
Router#

thisisatest is the read-only community string

To enable read-write SNMP services, use the following command:

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#snmp-server community thisisatest rw
Router(config)#end
Router#

The CHMOD command

Note: $ signifies user prompt, # signifies root prompt


The chmod command changes permissions on files and directories. Type $man chmod in your linux console for further info. If you would like to see what permission a file has, you may type in your console the command
$ls -l testfile.txt
-rw-rw-r– 1 ken ken 0 May 16 11:21 testfile.txt

# the file has a permission of 664… see table below

Table 001
Illustrates the eight possible combinations of numbers used for changing permissions.
Decimal—–Binary—–Permissions
0 000 none
1 001 –x
2 010 -w-
3 011 -wx
4 100 r–
5 101 r-x
6 110 rw-
7 111 rwx

The symbolic notation for chmod is as follows: r = read; w = write; x = execute; u = user;
g = group; o = others; a = all.

ex. for chmod command

$chmod 777 testfile.txt - would make the permission of the file rwx-rwx-rwx

$chmod g-x testfile.txt - would change the file permission to rwx-rw-rwx

the command g-x removes the x permission to the g(group)

$chmod g+x testfile.txt - would again add the x permission to the group rwx-rwx-rwx

In MO, its easier to remember and to use symbolic notation to add or remove a file permissions.

$chmod og-x -R /home/user/bin - would remove all the x permission on other users and the group on all the
files inside the /home/user/bin directory - rwx-rw-rw assuming the original file permission was 777 or rwx-rwx-rwx

reference book: UNIX Shells by example 4th Edition

Tuesday, November 08, 2005

Mandriva Linux 10.1 Dial-in Server

Here' s my Dial-in Server setup on my mandrake 10.1 using US Robotics 56 K Data Fax External Modem

Below are the steps and configs:

1. Make sure that the host acting as Dial-in server has a working internet connection.

2. Download and install mgetty. [on my system, #urpmi mgetty]

3. After installing mgetty, edit the inittab [#vi /etc/inittab ], and I added the text below on the last line of my iniitab. My modem is on Com2 and so its ttyS1.

S1:2345:respawn:/sbin/mgetty -s 57600 -D ttyS1

4. My /etc/mgetty+sendfax/mgetty.config

data-only yes
speed 57600
modem-type auto
modem-check-time 1800
init-chat "" AT&F1M0
port ttyS1
debug 9

5. My /etc/mgetty+sendfax/login.config.
[actually, I just commented it out from the original login.config file, be sure to comment the lastline portion of that file.]

/AutoPPP/ - a_ppp /usr/sbin/pppd auth -chap +pap login debug

6. I just disregard dialin.config, all of the text inside were commented, I did'nt touch anything in here.

7. Install ppp [#urpmi ppp] and below are my /etc/ppp/*configs

#/etc/ppp/options
asyncmap 0
crtscts
nodetach
deflate 15
debug
lock
login
modem
netmask 255.255.255.0
ms-dns 202.71.176.2
ms-dns 202.71.176.3
require-pap
refuse-chap

#note: the word "login" above means that I will use the username and password of the existing users of this box

#----------------------------------------------------------------------

#/etc/ppp/options.ttyS1
192.168.1.101:192.168.1.102

#note: *.101 is the assigned local IP, *.101 will be the remote IP
#These IP are not yet assigned to any host connected to LAN
#----------------------------------------------------------------------

#/etc/ppp/pap-secrets
# Secrets for authentication using PAP
# client server secret IP addresses
* * "" *

#----------------------------------------------------------------------

8. The eth0 of this box is directly connected to the internet, so I have to do a masquerading on IPtables to share the internet it has on the connected ppp interface. I added the text below on my rc.firewall script for the said purpose, NAT.

#NAT
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

9. As of now, I am using windows XP and 2000 on the dialing client side and it works fine, I can connect up to 40 kbps (eh, very slow) but at least, I can check emails and do some slow browsing. I'd tried a linux client but it wont connect, it has some sort of errors, and I have to investigate further so I can use linux at home.