Talk2Melbin
Innovation The Key To Success
Port Forwarding Using Iptables and Apf -Access internal network using public ip address
Aug 26th
In an organistaion some times we need to expose some of the internal services to the outer world.If the System Administrator need to access the remote windows machine ,vnc etc .. from the outer network what we will do? Port forwarding is best option to bypass the gateway. Ensure the security setting while forwarding the port address.
Public ip address is configured on the gateway and is set as nat routing. Nat routing help internal users to access the outer world. Internal user request (eg ; http , ftp ,port address)will send to the gateway and from gateway it is send to ‘www’.
Outer world can only access the internal network using the help of System Administrator. He create wise routing rules on the gateway to make access to outer world with out compromising security of the internal network, server, etc.. .
Here i am going explaining the port forwarding using iptable commands, expose an internal windows remote to outside gateway.
The command used to port forward the request from public to internal as follows,
|
# iptables -t nat -A PREROUTING -d <public ip of the gateway> -p tcp -m tcp –dport 9519 -j DNAT –to-destination 192.168.0.250:3389 |
This iptable rule is so set, that when some one Wan network ‘www’ request the microsoft remote desktop via <public ip>:9519 port, requested port is forwarded to the internal windows machine remote desktop port, which is set on static ip address 192.168.0.250
The port number 3389 along with the 192.168.0.250 is the access port address of internal microsoft remote desktop machine. On the similar way we can also configure other services.
In the case of vnc, configure the internal machine with a static ip address and vnc server. Start vnc server service on the internal machine. By default port number of the vnc would be 5900.
|
# iptables -t nat -A PREROUTING -d <public ip of the gateway> -p tcp -m tcp –dport 9520 -j DNAT –to-destination 192.168.0.251:5900 |
This iptable rule will forward the vncviewer port request from the public ip address to the internal vnc server machine port.
Make sure to give a good secure password to prevent the machine from hacking.
Using Apf
1. Edit the file inside the apf installation directory,
# vi /etc/apf/preroute.rules
Add the same iptables rule into the file and reload the apf. Make changes to the iptables port forwarding rule according to your need.
2. Reload the apf to make the port forwarding rule to make effective.
# apf -r
Virus Protection Tips – Prevent Virus Infections On Windows Machines
Aug 25th
Virus Protection Tips – Prevent Virus Infections On Windows Machines
A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term “virus” is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer.
Machines which have infected with virus will shows slow repsonse to applications. It will created security issues like sending our data to another network. Sending data like credit card details to other network will help the hacker to withdraw all the balance from our accounts.
Here i like to share some tips to prevent virus infection on windows machine.
1. Install the machine with fresh Operating System. Installation should be done using the original windows cd. Copied OS cd might contain infected files. Burning cd from virus infected machines will also cause infection.
2. Once the machine is newly installed, update the OS with the latest service packs and packages. This will help us to keep the virus and security holes away from the computer.
3. Alway keep the Firewall on. This block external attacks.
4. Install the OS with a good Antivirus Software. Cracked Anti virus software will not help much, instead it will cause issue.
5. Update the Anti virus software frequently and check the status. Run full scan on the system. If the anti virus software fail to update properly it will make us a headache. Checking on the updation date will help us to make sure the updation progress.
6. Create a simple user without any Administration privilege. Using the normal user will help to prevent unwanted installations or executions on the system.
7. Login into the normal user and work. If we need any installer to run use ‘Run As’ to install the application.
8. Keep clean the recycle bin and temp folder.
9. If you are not sure do not open any email attachments, they might have virus infection.
10. Don’t run on line scan from untrusted sites.
11. Don’t let untrusted installer to run from your machine.
12. Don not give your email password to any sites. This will cause spaming to your contacts.
13. Scan properly the usb devices before using.
14. Disabling the auto run facility will help to prevent the execution of virus from usb’s cd’s ..
Care full use of your machine will prevent from virus infections.
Oracle 11g Installation On Linux Centos 5.3 – With Oracle Startup Script And Common Errors
Aug 25th
Complete Installation Of Oracle On Linux Machine Centos 5.3
Oracle Database 11g, building on Oracle’s unique ability to deliver Grid Computing, gives Oracle customers the agility to respond faster to changing business conditions, gain competitive advantage through technology innovation, and reduce costs.
With Oracle Database 11g you can:
* Adopt new technology faster with Real Application Testing
* Manage more data for less with advanced compression and partitioning
* Simplify systems by storing all your data in the Oracle Database with Oracle SecureFiles
* Maximize the ROI of disaster recovery resources with Oracle Active Data Guard
* Free critical personnel for strategic tasks with management automation
* And much, much more…
Deployment Of Oracle On Linux Machine
1. Installation on oracle on Linux machine require an updated Linux operating system.
Considering a fresh Operating system installed with centos 5.3.We have no more troubles on configuring oracle on a fresh machine.
Update the os with yum update.
# yum update -y
This command will help to update all the packages to the latest version.
* Select the Os according to the architecture (32bit and 64bit)
2. Once the machine is updated we need to install some more additional package that support oracle installation and its working. Packages details are follows,
Required package versions (or later):
* compat-libstdc++-33-3.2.3-61
* elfutils-libelf-0.125-3.el5
* elfutils-libelf-devel-0.125-3.el5
* glibc-2.5-12
* glibc-devel-2.5-12
* glibc-common-2.5-12
* gcc-4.1.1-52.el5
* gcc-c++-4.1.1-52.el5
* kernel-headers
* libgcc-4.1.1-52.el5
* libaio-0.3.106-3.2
* libaio-devel-0.3.106-3.2
* libstdc++-4.1.1-52.el5
* libstdc++-devel-4.1.1-52.el5
* unixODBC-2.2.11-7.1
* unixODBC-devel-2.2.11-7.1
* sysstat-7.0.0-3.el5
* binutils-2.17.50.0.6-2.el5
* make-3.81-1.1
If you’ve performed a “default RPMs” install as suggested by Oracle, there are still some required packages that must be installed:
* compat-libstdc++-33
* elfutils-libelf-devel
* glibc-devel-2.5
* gcc
* gcc-c++
* libaio-devel
* libstdc++-devel
* unixODBC
* unixODBC-devel
* sysstat
We are able to install this packages via yum utility
# yum install <packages> (try to locate the latest packages and install)
# yum search <package> (search help us to find the latest package on the reposiroty)
* I am not giving the full command for “yum install <Package Names>”, because some of them have updated one’s. I like you to install the updated one.
3. Download the oracle database package.
http://www.oracle.com/technology/software/products/database/index.html
Login into the site to download the package.
** Select the proper architecture otherwise the installation will stop on middle with error.
** Choose 64bit for 64bit machine and 32bit for 32bit machine.
4. Configure Limits
Edit /etc/security/limits.conf and add the following:
soft nproc 2047
hard nproc 16384
soft nofile 1024
hard nofile 65536
5. Configure Pam.d
Edit /etc/pam.d/login and add the following line:
session required /lib/security/pam_limits.so
6. Modify Kernel Parameters
Edit /etc/sysctl.conf change accordingly:
# Controls the maximum shared segment size, in bytes
#kernel.shmmax = 68719476736
# Controls the maximum number of shared memory segments, in pages
#kernel.shmall = 4294967296
kernel.shmall = 2097152
kernel.shmmax = 536870912
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 6553600
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default=4194304
net.core.wmem_default=262144
net.core.rmem_max=4194304
net.core.wmem_max=262144
7. Run Command To Modify Kernel Parameters
# sysctl -p
Command displays the kernel parameters set on display. On my machine it shows like this,
[root@oracle ~]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmall = 2097152
kernel.shmmax = 536870912
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 6553600
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default = 4194304
net.core.wmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_max = 262144
8. Create the Oracle Groups and User Account
create the Linux groups and user account that will be used to install and maintain the Oracle Database
# groupadd oinstall
# groupadd dba
# useradd -m -g oinstall -G dba oracle
# id oracle
# passwd oracle (set password for oracle user)
9. Create Directories
Now create directories to store the Oracle Database. These directories would normally be created as separate file systems.
# mkdir -p /u01/app/oracle
# chown -R oracle:oinstall /u01/app/oracle
# chmod -R 775 /u01/app/oracle
10. Set Static Ip Address.
Machine need to set with a static ip address. Use the command to set the ip address,
# system-config-network
*Assigning the machine ip with dhcp will fail to start oracle service.
11. Now the time to install the application. Extract the application using the command,
# unzip <oracle package>
* Choose other than /tmp folder. If the temp is assigned with low space,the extracting size will cause issue on the machine.
12. Graphics is needed to install the oracle. Switch to run level “5″.
**Use ssh -X oracle@serveipaddress
or
**Use Vnc Server
13. Login as oracle user
14. Go to the extracted oracle package
# cd /opt/<oracle package>
15. Run the installer:
# ./runinstaller
The installation settings are pretty explanatory. Just go with the defaults, and if there is an error at some point the details panel will explain whats wrong.
At one point you will be asked for te SYSMAN password. Remember it because it will be used to login into the web console.
When you near the very end of the installation, you will be asked to run one or two scripts as root. Just open up a terminal, su – into root and run the scripts which have their full paths displayed for your convenience.
To logon to the web console, in a browser type:
https://localhost:1158/em
Default user name is : sys
Note:
If you use just http, I was asked to download a bin file so add the https. Also if this isn’t coming up check and see if apache is running.
Starting And Stoping Oracle
You might need to start oracle back up or stop it at some point so sue these commands which are located in:
/u01/app/oracle/product/11.1.0/db_1/bin/emctl start dbconsole lsnrctl start dbstart emctl stop dbconsole lsnrctl stop dbstop
Common Errors While Starting Stoping Service
1. Architecture Selection
Selecting the unmatched architecture will cause issue during the installation (64 bit and 32bit). Select the package according to the Operating System and the machine architecture.
2. Error Message,
“ORACLE_HOME_LISTNER is not SET, unable to auto-stop Oracle Net Listener”
Solution :
Edit file “dbstart” & “dbshut”, find line $ORACLE_HOME_LISTNER=$1
and change to = $ORACLE_HOME_LISTNER=/u01/app/oracle/product
3. Error Message,
“Message 1070 not found; No message file for product=NETWORK,
facility=TNSTNS-125
38: Message 12538 not found; No message file for product=NETWORK,
facility=TNS
TNS-12560: Message 12560 not found; No message file for
product=NETWORK, facili
ty=TNS
TNS-00508: Message 508 not found; No message file for
product=NETWORK, facilit
y=TNS”
Solution : Configure ORACLE_HOME
create a new file named oracle.sh under profile.d
# vi /etc/profile.d/oracle.sh
Edit the file and add the value,
export ORACLE_HOME=/u01/app/oracle/product/11.1.0/db_1/
# source /etc/profile.d/oracle.sh
4. Error Message,
“Environment variable ORACLE_SID not defined. Please define it”
Solution : Configure SID value
# vi /etc/profile.d/oracle.sh
Edit the file and add the value,
export ORACLE_SID=orcl
# source /etc/profile.d/oracle.sh
5. Error Message,
“OC4J Configuration issue. /u01/app/oracle/product/11.1.0/db_1/oc4j/j2ee/OC4J_DBConsole_oracle.****_ORCL not found.”
Solution : Edit the file,
# vi /etc/profile.d/oracle.sh
and change ORACLE_SID=?? accordingly with the present directory inside the folder, /u01/app/oracle/product/11.1.0/db_1/oc4j/j2ee/
Start Oracle Service Automatically At System Start Up
1. Edit /etc/oratab
change the value to
orcl:/u01/app/oracle/product/11.1.0/db_1:Y
2. Create a new startup script,
# vi /etc/init.d/dbora
Add The Lines
#!/bin/sh # chkconfig: 345 99 10 # description: Oracle auto start-stop script. # # Set ORA_HOME to be equivalent to the $ORACLE_HOME # from which you wish to execute dbstart and dbshut; # # Set ORA_OWNER to the user id of the owner of the # Oracle database in ORA_HOME. ORA_HOME=/u01/app/oracle/product/11.1.0/db_1 ORA_OWNER=oracle if [ ! -f $ORA_HOME/bin/dbstart ] then echo "Oracle startup: cannot start" exit fi case "$1" in 'start') # Start the Oracle databases: # The following command assumes that the oracle login # will not prompt the user for any values su - $ORA_OWNER -c "$ORA_HOME/bin/emctl start dbconsole" su - $ORA_OWNER -c "$ORA_HOME/bin/lsnrctl start" su - $ORA_OWNER -c $ORA_HOME/bin/dbstart ;; 'stop') # Stop the Oracle databases: # The following command assumes that the oracle login # will not prompt the user for any values su - $ORA_OWNER -c "$ORA_HOME/bin/emctl stop dbconsole" su - $ORA_OWNER -c "$ORA_HOME/bin/lsnrctl stop" su - $ORA_OWNER -c $ORA_HOME/bin/dbshut ;; esac
3. Change the permission,
# chmod 750 /etc/init.d/dbora
4. Add it to chkconfig,
# chkconfig --level 345 dbora on
5. Start and Stop the service using,
# /etc/init.d/dbora start # /etc/init.d/dbora stop
Vtiger Installation And Configuration
Aug 25th
Vtiger Installation And Configuration
vtiger CRM is an CRM application that was forked from SugarCRM with the intention of being a fully open source CRM application with comparable functionality to SugarCRM and Salesforce.com. It offers reporting, a customer portal and an Outlook plugin in its free edition, whereas those functions are in paid versions of the other CRM applications.
* Sales automation (customizable product entries, inventory management, quotations, billing, and trouble ticketing)
* Customer support & service functions, including a customer self-service portal
* Marketing automation (lead generation, campaign support, knowledge bases)
* Analysis and reporting
User interaction features include:
* Integration with corporate E-mail systems (plugin for Microsoft Outlook, Mozilla Thunderbird extension)
* Support of the Asterisk PBX phone system
* Calendaring
* Tag cloud functionality
* RSS feed suscription
* PDF document generation via the TCPDF library
In addition, vtiger features multiple database support, security management, and various web forms. The project is available in over 15 different languages.
Interface similarities between vtiger and the CRM module of the Zoho Office Suite have been noted. However, this seems to be attributable to common corporate sponsorship, not to a common software code base
Technology
vTiger is built on the LAMP/WAMP (Linux/Windows, Apache, MySQL, and PHP) stack with code from other open source projects such as SugarCRM. The core development team of vtiger CRM is based in Bangalore, India.
Installation Of Vtiger without Apache and Mysql on Linux Box
Requirement
Linux box should have a running Apache server and Mysql server. Both should be updated to the latest version.
System should have adequate resource for running the vtiger.
System need to have the latest php version installed with apache.
Installation Steps,
1. Download latest vtiger source .tar.gz from the site.
http://www.vtiger.org/
http://vtiger.com/
2. Save it on a temporary location.
3. Ungzip the package using the command,
# tar -xvjf <package name>
4. Once the package is extracted move into the preferred apache location. (Here i have a separate /var/www/html/vhost/vtiger/vt directory where apache can access)
# mv <extract package> /var/www/html/vhost/vtiger/vt
5. Create a new database and user for vtiger on mysql .
# Login into mysql
# mysql -u root -p (use this where mysql root password is set)
# mysql> create database vtigercrm;
# mysql> grant all privileges on vtigercrm.* to vtigeradmin@’%’ identified by ‘password’;
Login into the mysql using the new user and confirm the validation.
6. Configure the apache to locate the “vt directory”.
Create a new file under /etc/httpd/conf.d/vt.conf
Add the following lines into vt.conf file under apache/conf.d.
NameVirtualHost 192.168.0.252:80
<VirtualHost 192.168.0.252:80>
ServerName vt.talk2melbin.com:80
ServerAlias www.vt.talk2melbin.com
UseCanonicalName Off
ServerAdmin “melbin.mathew@talk2melbin.com”
DocumentRoot /var/www/html/vhost/vtiger/vt/
</VirtualHost>
* If you have already mentioned the name virtual host on apache conf, no need to mention the namevirtualhost field again.
* 192.168.0.252 is the ip address of the apache server.
* vt.talk2melbin.com should be given correctly on the DNS server. so as on calling the url on the web browser it will directly display the vtiger login page.
* To resolve the domain name, temporarily give the domain name on /etc/hosts file
192.168.0.252 vt.talk2melbin.com
192.168.0.252 www.vt.talk2melbin.com
7. Once the configuration part is done. Call the www.vt.talk2melbin.com on the web browser. It will prompt for the installation procedure. Follow the instruction and make all the required parameters to yes.
8.Give the required field like password ,database user name, url and finish.
Once the vtiger is installed, we are able to login into the vtiger console using admin user name and password. Create new user login’s and set the email server parameters from the admin console.
Configure Nat Routing Between Two Network Interfaces
Aug 24th
Configure Nat Routing Between Two Network Interfaces
Network Address Translation (Nat) help to route the request through the gateway. It will help the system administrator to control the traffic over the network and monitor the users usage.
Nat is done using two Ethernet interfaces and basically the public address is accessible by the internal users, but the public people wont able to access the internal network with out the help of system administrator.
This help to prevent the access to internal network with our administrator permission and increase the security.
This is done with the help of iptables and ip forwarding on kernel parameter.
1. Edit,
#vi /etc/sysctl.conf
change the parameter,
net.ipv4.ip_forward = 1
and restart the network. The value can see on runing the command
#sysctl -p
2. The iptable command used to make it done is,
#iptables -t nat -A POSTROUTING -o eth0 -jMASQUERADE
where eth0 is the external network.It may vary depend on the interface naming.
command will configure nat between public and internal interfaces.
Save the iptables rule using the command,
#iptables save
Configure Apf with Nat
Apf can able to configure to make the nat working. We need to edit the post routing rule on apf configuration file.
# vi /etc/apf/postroute.rules
and add the same line
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADEsave and exit and reload apf#apf -r