/ - rtt - IT Resource

  • systemd management using systemctl and journalctl to check systemd logs


    systemd is like the service manager for your Centos and other modern Linux distributions (including Debian/Mint/Ubuntu) allows you to enable services, stop them, restart them, check their status and even reboot your system. The key commands or arguments you will use with systemctl are the following: Unit Commands:   list-units [PATTERN...]         List loaded units &nbs........
  • iptables guide and examples and howto


    iptables allow port 22 example Of course change --dport and -s to suit your needs #allow certain IP to access port 22  iptables -A INPUT -p tcp -m tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT # block others iptables -A INPUT -p tcp --dport 22 -j DROP........
  • iptables v1.4.7: can't initialize iptables table `NAT': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.


    iptables -t NAT -A PREROUTING -s 24.30.44.0/24 -j DNAT --to-destination 10.10.10.1 iptables v1.4.7: can't initialize iptables table `NAT': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. Solution # it is case sensitive "nat" and DO NOT use "NAT" or you will get this error! iptables -t nat -A PREROUTING -s 24.30.44.0/24 -j DNAT --to-destination 10.10.10.1........
  • Avocent DSR8020 KVM/IP - Network Connect Error - Solution


    This error is commonly due to Java security or TLS settings but there is a second issue with forwarded ports that also causes it.   1. Java Security/TLS Settings issue: This article has the solution to change them all in Linux automatically 2. Port Forwarding Issue if your Avocent DSR is behind NAT/private IP........
  • How to clear all iptables rules for all tables and chains


    iptables -F iptables -t nat -F iptables -t mangle -F This is as simple as it gets.........
  • iptables how to forward localhost port to remote public IP


    iptables -t nat -A OUTPUT -m addrtype --src-type LOCAL --dst-type LOCAL -p tcp --dport 3306 -j DNAT --to-destination ip.ip.ip.ip iptables -t nat -A POSTROUTING -m addrtype --src-type LOCAL --dst-type UNICAST -j MASQUERADE sysctl -w net.ipv4.conf.all.route_localnet=1 Make sure you substitute "ip.ip.ip.ip" for your real public IP and also the "--dport 3306" for the port you want to forward. Finally run the sysctl command and........
  • Centos extremely secure iptables setup


    If you want to make sure only a certain IP can access your server for any service or protocol here is a way to do it (just be sure you have access to the IP(s) mentioned or you will be locked out).   iptables -F iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp -s IP.IP.IP.IP -j ACCEPT iptables -A INPUT -j DROP serv........
  • iptables: Applying firewall rules: iptables-restore: line 40 failed


     service iptables start  iptables: Applying firewall rules: iptables-restore: line 40 failed                                                            [FAILED]........
  • iptables port forwarding multiple ports to another IP


    iptables -t nat -A PREROUTING -p tcp -m multiport --dports 80,443,2068,8192 -j DNAT --to-destination 192.168.1.175 Just adjust the "--dports" to the ports you need and the --to-destination to the destination IP (note it must be on the same network as the server running iptables........
  • OpenVZ vzctl update changes how iptables work - iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. updated solution


    Are you getting the same old error message even though your iptables settings for OpenVZ are correct? iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. The reason is because in newer vzctl  the old way of setting IPTABLES="" in vz.conf is completely deprecated (I spent some time fiddling wondering why my settings were correct but........
  • Openvz iptables v1.4.7: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. solution


    iptables -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1/32 --dport 3389 -j DNAT --to-destination 192.168.5.2:3389 iptables v1.4.7: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. The above is often because you don't have the correct modules loaded on the hostnode or enabled for the container but in some cases it's actually a weird openvz setting. Che........
  • iptables how to forward port to another IP address with DNAT


    -A PREROUTING -d 98.98.98.5/32 -p tcp -m tcp --dport 1050 -j DNAT --to-destination 192.168.1.50:3389 The above forwards port 1050 on IP 98.98.98.5 to 192.168.1.50 port 3389 (you can obviously edit things to meet your needs).........
  • iptables howto multiport forward in single line example


    -A PREROUTING -p tcp -m multiport --dports 10000,18080,13306 -j DNAT --to-destination 192.168.5.83........
  • Asterisk iptables block bruteforce attacks howto with fail2ban


    yum -y install fail2ban vi /etc/fail2ban/jail.conf [asterisk-tcp] enabled  = true filter   = asterisk action   = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]            sendmail-whois[name=Asterisk, dest=you@example.com, sender=fail2ban@example.com] logpath  = /var/log/asterisk/messages maxret........
  • pxe-32 tftp open timeout


    pxe-32 tftp open timeout   The solution was to enable tftp in xinetd with "chkconfig tftp on". See the troubleshooting below:   chkconfig --list NetworkManager     0:off    1:off    2:off    3:off    4:off    5:off    6:off acpid              0:off&n........
  • bash for loop with specific numbers


    Say if you need to make a firewall script to block certain ports this works great. for ports in 21 25 443; do iptables rules here done........
  • iptables centos error getsockopt failed strangely: Invalid argument


    iptables -t nat -A PREROUTING -p udp -m multiport --dports 20,123,443 -j REDIRECT --to-port 53 getsockopt failed strangely: Invalid argument........
  • Execute Local Bash Scripts remotely by SSH


    for ip in `cat fixlist.txt`; do sudo -u apache ssh root@$ip "`cat iptablesrules.sh`" done In the above example we are going to execute the commands within the local file "iptablesrules.sh" on all the machines in "fixlist.txt".  This is a great way of performing server maintenance in a clustered or cloud environment.........
  • iptables redirect ports to a different host and port + NAT Masquerade howto/solution


    This is important if you need public access to internal IPs such as at your office and don't want to use a VPN just to SSH into different servers: Below forwards the port "10001" to the IP 192.200.5.53 on port 22 (of course adjust it to your needs). iptables -t nat -A PREROUTING -p tcp --dport 10001 -j DNAT --to-destination 192.200.5.53:22 Remember to enable MASQUERADE on your NAT IPs or they won't be able to talk to the outside world (........
  • iptables v1.4.10: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)


    I have iptable_filter loaded on the hostnode so I don't understand this issue.........
  • Setup PXE Boot using Centos and dhcpd, tftp and syslinux


    This is something I often setup for clients because it's very helpful for people in datacenters, this allows custom OS installs on demand, you can customize it more by using kickstart etc.. but here's a base I use before customizing more: This little script below will install everything you need to get booting by PXE Linux. It also assumes you set a local IP (be sure not to overwrite your existing IP) on eth0:0 (note the :0) as 192.168.1.10 and it........
  • iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) - OpenVZ Container Problem iptables module problem solution


    iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) This solution applies to all other iptables modules/problems for OpenVZ, you'll just need to add them to both lists/lines below if you have modules other than what I have below. The modules need to be enabled in both iptables and the OpenVZ hostnode itself and then the containers which need it must be restarted. How To Enable IPTables Modules in OpenVZ........
  • iptables block torrents/torrenting


    This is a very basic method and won't work in all cases but will reduce the chance of torrenting/abuse by your server users. iptables -A INPUT -p tcp --destination-port 6881:6999 -j REJECT iptables -A OUTPUT -p tcp --source-port 6881:6999 -j REJECT........
  • OpenVPN don't use bridgestart.sh or bridge at all use iptables


    I used the suggested script to bridge from OpenVPN and it took my client's server off-line!  Don't ever use their "sample" scripts if you don't have another way of accessing the server than SSH. I actually found it easier to use iptables to tell it to route IPs based on a certain subnet to route through eth0: iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o eth0 -j MASQUERADE Replace "192.168.200.0/24" with your subnet of cour........
  • SPAMASSASSIN/spamcd solution - spamc[16225]: connect to spamd on 127.0.0.1 failed, retrying (#2 of 3): Connection timed out


    May  6 08:16:57 devbox spamc[16225]: connect to spamd on 127.0.0.1 failed, retrying (#2 of 3): Connection timed out May  6 08:17:02 devbox spamc[20214]: connect to spamd on 127.0.0.1 failed, retrying (#1 of 3): Connection timed out spamc[16225]: connect to spamd on 127.0.0.1 failed, retrying (#3 of 3): Connection timed out First make sure that the spamd service is actually running, this is your spamd (spamassassin server) cannot be reached.  In my c........
  • SSH Tunnel Dynamic Proxy Stops Working Right Away even with Root and High Port


    I keep getting messages like this shortly after using the proxy (it works for a few seconds/page loads and then stops): channel 12: open failed: administratively prohibited: open failed I'm not sure what the issue is unless there's some kind of hardware firewall on the other end.  I've used this exact configuration on multiple servers with no issue and even disabled iptables etc..........
  • yum in Centos 5/Xen halts and exits suddenly


    yum exits in the middle The problem is this VPS seems to be an OpenVZ template from HyperVM.  The only way to make it work was to disable i386 packages since this was an x64 kernel.  That shouldn't be necessary but it was the only way to make yum stop quitting after the first package or two.  I couldn't find any issue by checking the logs either. echo y|yum install vim-minimal telnet expect jwhois net-tools slocate iptables elinks gawk L........
  • DRBD WFConnection Problem/Solution


    This has stumped me  a few times because I keep forgetting that Centos 5.5 comes with a default iptables configuration that ends up blocking DRBD traffic, I tried all the normal things and couldn't understand why I couldn't make my normal DRBD config work.  So if you have WFConnection problems and have tried the normal "mailing list" fixes, check your firewall status first! Both Nodes Say the Following: version: 8.3.8 (api:88/prot........
  • Openvz Live Migration Error - Error: undump failed: Invalid argument Restoring failed: Error: iptables-restore exited with 2 Error: Most probably some iptables modules are not loaded Error: rst_restore_net: -22


    Adding IP address(es): 192.168.5.8 192.168.5.9 Setting CPU units: 1000 Error: undump failed: Invalid argument Restoring failed: Error: iptables-restore exited with 2 Error: Most probably some iptables modules are not loaded Error: rst_restore_net: -22 Container start failed Stopping container ... Container was stopped Container is unmounted Error:  Failed to undump VE Resuming... vzquota : (erro........
  • OpenVZ iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. Solution


    This error is annoying, in a Virtuozzo KB entry about this ip tables nat problem they say the kernel needs to be ugpraded: Symptoms The node runs 2.6.18-x kernel older than 2.6.18-028stab053.10. NAT module does not work in container, you get "can't initialize iptables table 'nat'" error: # iptables  -t nat ........
  • Openvz Enable Most Common iptables modules


    The default options for iptables are very basic.  Here is what you need to do in order to enable them in OpenVZ. 1.) Add the modules to iptables and restart iptables: vi /etc/sysconfig/iptables-config Edit the line as so: IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp" 2.........
  • How To Save iptables firewall rules Centos/Redhat/Fedora Linux


    This is something that annoys a lot of people, fortunately the Redhat style OS's are the most simple in this respect.  I disagree that Debian's way makes sense, it is more of a hackish approach in how they implement iptables. Anyway, for those who are using Redhat/Centos style OS's it is very simple. Set your rules from the shell/command prompt and to save the iptables firewall rules so they are remember/loaded on boot just run this command: service iptables........
  • Latest Articles

  • syntax error, unexpected T_SL in PHP Solution
  • grep regular expression match number range between specific numbers
  • bash how to print out lines of text within a range from the first occurrence
  • bash script how to to check LAN computers for open ports
  • MySQL Using mytop Debug Source of High IO and Slow Performance
  • How To Mathematically Convert and Calculate Binary Value To Decimal Value
  • systemd management using systemctl and journalctl to check systemd logs
  • css how to format code in the code tag
  • css br with extra blank line
  • What is /dev/pts and why do we need it in Linux?
  • Linux What is umask (user mask) for file and directory creation permissions and how to calculate umask and change the defaults
  • Linux Permissions and Groups Real Usecase for Group Access
  • Centos 7 python34 how to install the gi library
  • Centos 7 - Convert Minimal to Graphical GUI GNOME or KDE Desktop
  • AMD Set Fan Speed and Other Powerplay Memory/CPU Timings with a Linux script
  • Ethereum Mining Claymore Nanopool Error
  • genisoimage errors with long filenames and deep directory structures
  • Linux Kernel USB Export Errors
  • How to download gajim 0.16.9 XMPP/Jabber client so you can use OMEMO encryption
  • HP DL385 G7 Linux BIOS Update Flash