• Abusive IP ranges blacklist


    Make sure this makes sense for you but I've started to block a lot of commercial Cloud services and easily accessible providers as they are a very high source of abusive traffic. The cost savings for a lot of organizations are huge, as you now have less bandwidth usage and less resource usage from garbage/bot/malicious traffic. This mainly works for when you can be reasonably sure that your audience has no business visiting your service(s) from freely accessible commercial IP ........
  • How to use the FTDI USB serial cable to RJ45 adapter to connect to the console on Cisco/Juniper Switch Router Firewall in Linux Ubuntu Debian Redhat


    This should work for most console ports of other manufacturers too. It is a quick and simple method for emegencies or deploying a few appliances/devices in a non-standard environment or small environment. However, if this is a route thing, or the equipment is not physically close to you, it would be best to use some sort of "Terminal" server which is an IP connected switch with several serial ports built-in for this purpose. Normally they accessible by web/........
  • Grandstream Phone Vulnerability Security Issue Remote Backdoor Connection to 207.246.119.209:3478


    Have you checked your router/firewall logs and disconcertingly see connections to an unknown IP207.246.119.209:3478 from your Grandstream VOIPphones? You're not alone and the Grandstream forums have discussed this issue. However, even their own staff d........
  • How To Create OpenVPN Server for Secure Remote Corporate Access in Linux Debian/Mint/Ubuntu with client public key authentication


    Why choose OpenVPN instead of a firewall appliance? OpenVPN can be a reliable and easy replacement for traditional hardware or just be an additional tool that your company uses so that the firewall can focus on its job rather than acting as a VPNappliance at the same time. When comparing OpenVPN with traditional firewal........
  • Proxmox Services Won't Start Failed to start The Proxmox VE cluster filesystem. Proxmox VE firewall. PVE Status Daemon. Proxmox VE scheduler. PVE Cluster HA Resource Manager Daemon. PVE Local HA Resource Manager Daemon.


    There are many reasons why Proxmox services may not start, but one common one, is if you have changed your /etc/hostname or /etc/hosts and don't have a valid FQDN (eg. proxmox01 instead proxmox01.com). Failed to start The Proxmox VE cluster filesystem. Failed to start Proxmox VE firewall. Failed to start PVE Status Daemon. Failed to start Proxmox VE scheduler. Failed to start PVE Cluster HA Resource Manager Daemon. Failed to star........
  • How to install Kubernetes with microk8s and deploy apps on Debian/Mint/Ubuntu Linux


    Kubernetes Easy Beginners Tutorial/Architecture Guide Kubernetes is known as container orchestration and we should start at explaining the container part of it. A Container is what runs the actual application and based on an Image, and are more comparable to something like an LXC Container, Virtuozzo/OpenVZ using the Linux Kernel Namespaces feature. Containers run these images as independent, isolated operating environments under the O........
  • Cisco Howto Configure Console Port/Terminal/Comm Server with Async Cable Setup


    This assumes that you've already installed the relevant HWIC cards eg. Cisco Asynchronous Serial NIM These are essentially cards that you install into your router, once installed you connect an Async cable to one of the ports on the card which normally gives you 8 console cables and are normally labelled 1 through 8. You connect all of the cables to the devices you need (even non-Cisco devices) whether switches, routers or firewalls, they will usually work. The real m........
  • EFI PXE grub2 Howto guide for Linux EFI PXE Booting on Debian, Mint, Ubuntu, RHEL


    Just a quick note and warning is that if you are testing to see if EFIPXE booting works on a VM, MAKE SURE it actually works. For example Iinitially tested using my Distro's QEMU 2.5+dfsg-5ubuntu10.46 and ovmf BIOS firmware (OVMF supports EFI). However, I found on old versions of QEMU (like 2.5), EFIbooting with GRUB NEVER works so it may appear that you have made a mistake when everything is fine when you boot a physi........
  • Juniper JunOS Command Overview and Howtos Switch, Router, Firewall Tutorial Guide


    Enable "cli" mode equivalent in JunOS cli Configure Mode configure So rather than going to the console on a Cisco switch and typing "enable" and then "conf t", the equivalent in JunOS is "cli" and "configure". How Do You Apply Changes You've Made? You can make all kinds of changes to the switch, but remember they are not........
  • How To Install NextCloud on Centos 7 and Centos 8


    yum -y install wget unzip wget https://download.nextcloud.com/server/releases/nextcloud-18.0.2.zip unzip nextcloud-18.0.2.zip yum -y install php php-mysqlnd php-json php-zip php-dom php-xml php-libxml php-mbstring php-gd mysql mysql-server Last metadata expiration check: 0:58:02 ago on Fri 13 Mar 2020 02:12:49 PM EDT. Dependencies resolved. ===================================================================........
  • Centos 7 Stopped and Disabled Firewalld and ports still blocked


    This is a gotcha but be aware sometimes iptables may be active and loaded by default. Also make sure you don't just disable firewalld but also stop it otherwise it will still block stuff: systemctl stop firewalld If the above is not the issue then it is possible iptables is running and blocking stuff too, so you'll need to stop iptables. So in addition to opening firewalld or disabling it, you would need to disable iptables........
  • Centos 7 how to save iptables rules like Centos 6


    yum install iptables-services systemctl enable iptables service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]........
  • Debian Ubuntu Mint Howto Create Bridge (br0)


    Having a network bridge allows you to bridge traffic under multiple devices so they can talk natively without using any special routing, iptables/firewall or other trickery. To create your bridge you need the bridge-utils package for brctl and if you want to do things like bridge VMs that run on a tap device you will need the uml-utilities which provides "tunctl". 1.) Install the utilities to make our bridge sudo apt-get i........
  • ssh reverse proxy to enable remote access behind a LAN and firewall


    So say you are behind a typical NAT/LAN setup whether at home, work or while travelling. What if you have a computer or server that you need to connect to from the outside? Yes you could use a VPN but a quick and dirty, temporary and secure way is to use SSH's Reverse Tunneling Proxy feature. Requirements On the remote ssh server host you need the GatewayPorts option enabled in sshd_config (be........
  • iptables linux firewall recommended rules for public computing


    Whether you are at work, at the coffee shop or on the public internet here are some basic but effective rules for iptables that lock things down (eg. no one can SMB or SSH to you or really anything): # Generated by iptables-save v1.4.21 on Fri Dec 14 14:00:08 2018 *nat :PREROUTING ACCEPT [160:19844] :INPUT ACCEPT [4:357] :OUTPUT ACCEPT [2955:182236] :POSTROUTING ACCEPT [2955:182236] COMMIT # Completed on Fri Dec 14........
  • systemd management using systemctl and journalctl to check systemd logs


    systemd is like the service manager for your Centos and other modern Linux distributions (including Debian/Mint/Ubuntu) allows you to enable services, stop them, restart them, check their status and even reboot your system. The key commands or arguments you will use with systemctl are the following: Unit Commands: list-units [PATTERN...] List loaded units &nbs........
  • How To Secure Samba NMBD/SMBD to bind to a specific IP address


    By default Samba SMB/NMB listen on ANY and ALLIPs on your system by binding to 0.0.0.0. Obviously this is a huge security risk if you have a public facing server with both internal and external access. Usually when a system administrator sets up a samba server their intention is just to share with a LAN. To do this you need to the following options under the [global] section in smb.conf bind interfaces only = yes interfaces = 192........
  • mysqld in Linux hacked


    Check for crap in /var/lib/mysql like this ls -al /var/lib/mysql/ total 20888 drwxr-xr-x 24 mysql mysql 4096 Oct 3 18:30 . drwxr-xr-x 20 root root 4096 Oct 3 04:23 .. -rw-rw-rw- 1 mysql mysql 11776 Oct 3 17:10 c:exp.exe -rw-rw-rw- 1 mysql mysql 48128 Oct 3 17:10 c:exp1.exe........
  • Linux Mint Install Netboot PXE Guide Howto


    *Update so this doesn't work it must be something to do with the path of nfs or something else but the installer fails with "Installer crashed" at the end whereas with the CD/USB it works. This assumes you've already installed and configured a separate PXE/DHCP server somewhere else and your /tftpboot directory is setup. This is for Linux Mint 18.1 but generally applies to most versions although you may have tro change things like "casper"........
  • MySQL Allow Access from Remote Host IP and Update All Users


    Change Host="192.168.5.99" with the remote IP allowed(this is of course more secure but also cumbersome if your IP changes). You could also have a single layer of protection that specifies the IP via firewall or both (of course both are far mor secure). UPDATE user SET Host="192.168.5.99" where Host="localhost" or for any/wildcard UPDATE user SET Host="%" where Host="localhost&qu........
  • The connection was reset The connection to the server was reset while the page was loading.


    In Firefox I cannot connect to any website, proxy is disabled and outside network access is confirmed, no system or manual proxy was set on this Linux Mint/Ubuntu system. Normally this can be caused by proxy or DNS problems and the weird thing is that traceroute and ping to other IPs worked fine but even connecting to sites by IP was not working. The connection was reset The connection to the server was reset while the page was loading.........
  • iptables: Applying firewall rules: iptables-restore: line 40 failed


    service iptables start iptables: Applying firewall rules: iptables-restore: line 40 failed [FAILED]........
  • bash for loop with specific numbers


    Say if you need to make a firewall script to block certain ports this works great. for ports in 21 25 443; do iptables rules here done........
  • SSH Tunnel Dynamic Proxy Stops Working Right Away even with Root and High Port


    I keep getting messages like this shortly after using the proxy (it works for a few seconds/page loads and then stops): channel 12: open failed: administratively prohibited: open failed I'm not sure what the issue is unless there's some kind of hardware firewall on the other end. I've used this exact configuration on multiple servers with no issue and even disabled iptables etc..........
  • named/bind cannot find zone file, load zone files without specifying full directory path/loading master file genuine.com.zone: file not found


    genuine.com/IN: loading master file genuine.com.zone: file not found _default/genuine.com/IN: file not found I always found it silly that no one really talks about this and apparently many like me and even control panels like Plesk were still using hard paths. I always thought "why can't I just specify the name of the zone file and have bind find it". Surely the default search path must be /var/named or somewhere else but there is no such thing.........
  • Ubuntu/Debian DRBD 8.0 Setup Guide


    I've only used it on Centos, soI thought I'd make a quick Debian guide: Install the DRBD Package apt-get install drbd8-utils Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libswfdec-0.8-0 Use 'apt-get autoremove' to remove them. The following........
  • DRBD WFConnection Problem/Solution


    This has stumped me a few times because I keep forgetting that Centos 5.5 comes with a default iptables configuration that ends up blocking DRBD traffic,I tried all the normal things and couldn't understand why I couldn't make my normal DRBD config work. So if you have WFConnection problems and have tried the normal "mailing list" fixes, check your firewall status first! Both Nodes Say the Following: version: 8.3.8 (api:88/prot........
  • MySQL Recover/Reset Lost/Forgotten root Password


    One note is to secure MySQL, I don't know for sure but I believe you could login to MySQL remotely with no password during this operation (I'm not sure, maybe it doesn't accept blank passwords but I firewall MySQL port anyway and recommend you do the same). First edit /etc/my.cf Under the [mysqld] field add the following line somewhere: skip-grant-tables Now restart mysql: service mysql restart or on Debian sty........
  • Trouble connecting between Windows XP and Windows 98 Shares


    Trouble connecting between Windows XP and Windows 98 SharesOk a few things to check for: * Disable all firewalls * Make sure NetBEUI is enabled on both computers * Make sure the Windows XP computer has the name of the computer logged in user of Windows 98 added as an XP user * Add the XP user to anything you want to share That fixed my problem........
  • Helpful IPFW Examples


    Helpful IPFW ExamplesSomeone's real life examples: http://lists.freebsd.org/pipermail/freebsd-security/2004-July/002181.html Or you can try the FreeBSD Handbook guide: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html........
  • Proftp Passive Ports


    Proftp Passive PortsIf you use a locked down firewall you can edit proftpd.conf and tell it something like this: [quote:8419cab1f8]PassivePorts 6170 6270[/quote:8419cab1f8] That would force all passive ftp traffic to ports 6170 6270 which you could then open on your firewall rather than leaving open ports 1024-65000 open........
  • Basic Port Listing


    Basic Port ListingHopefully someone finds this useful or at least interesting. http://www.sans.org/top20/#u9 Name Port Protocol Description Small services ........
  • Linux/Unix Open SSH Login Without Password Key Exchange including Debian, Redhat, Fedora, Ubuntu, BSD etc..


    In those 4 simple commands you can setup mutual key exchange between two sshservers by using a single login shell session and single window. *Just change the IP address examples of (10.10.0.2) to the target of your mutual key exchange. It doesn't matter if the server is on a LANor WAN(well unless the server is behind a firewall and you cannot SSHinto it).........
  • How To Save iptables firewall rules Centos/Redhat/Fedora Linux


    This is something that annoys a lot of people, fortunately the Redhat style OS's are the most simple in this respect. I disagree that Debian's way makes sense, it is more of a hackish approach in how they implement iptables. Anyway, for those who are using Redhat/Centos style OS's it is very simple. Set your rules from the shell/command prompt and to save the iptables firewall rules so they are remember/loaded on boot just run this command: service iptables........
  • Latest Articles

  • Cisco CME How To Enable ACD hunt groups
  • How to install gns3 on Linux Ubuntu Mint
  • How to convert audio for Asterisk .wav format
  • Using Cisco CME Router with Asterisk as a dial-peer
  • Cisco CME How To Configure SIP Trunk VOIP
  • Virtualbox host Only Network Error Failed to save host network interface parameter - Cannot change gateway IP of host only network
  • Cisco CME and C7200 Router Testing and Learning Environment on Ubuntu 20+ Setup Tutorial Guide
  • Abusive IP ranges blacklist
  • How to Install Any OS on a Physical Drive from Windows Using VMware Workstation (Linux, Windows, BSD)
  • CDN Cloudflare how to set and preserve the real IP of the client without modifying application code on Apache
  • CentOS 7 fix Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=container error was 14: curl#6 -
  • Ubuntu Debian How To Install Recommended Packages Automatically
  • How to set Linux Ubuntu Redhat Debian Command Line http https socks proxy for yum apt
  • How to resize a pdf without losing much quality in Linux Mint Ubuntu Debian Redhat Solution
  • qemu: could not load PC BIOS 'bios-256k.bin' solution
  • Proxmox How To Custom Partition During Install
  • Hyper-V Linux VM Boots to Black Screen, Storage, NIC Not Found Issues
  • Ubuntu Mint How to Fix Missing/Broken /dev and /dev/pts which causes terminal to immediately close exit and not work
  • How high can a Xeon CPU get?
  • bash fix PATH environment variable "command not found" solution