Sunday, September 21, 2003
RedHat ftp installation
Create BootDisk
1-.Bootdisk.img
2-.Drvnet.img
ftp://192.168.1.1/pub/RedHat/base/netstg2.img
1-.Bootdisk.img
2-.Drvnet.img
ftp://192.168.1.1/pub/RedHat/base/netstg2.img
Friday, September 05, 2003
Redhat PPP streamyx
To bring up ADSL
------------------
[root@localhost]#/sbin/ifup ppp0 <- bring up the connection
[root@localhost]#/sbin/ifdown ppp0 <- bring down the connection
[root@localhost]#/sbin/adsl-status /etc/sysconfig/network-scripts/ifcfg-ppp0 <- check the connection
------------------
[root@localhost]#/sbin/ifup ppp0 <- bring up the connection
[root@localhost]#/sbin/ifdown ppp0 <- bring down the connection
[root@localhost]#/sbin/adsl-status /etc/sysconfig/network-scripts/ifcfg-ppp0 <- check the connection
Debian Linux
Dial (streamyx)
---------------
[root@localhost]#pon dsl-provider(stat) <- to dial
[root@localhost]#poff <- to disconnect
Using APT
----------
[root@localhost]#apt-setup <- to select source from the http@ftp server
[root@localhost]#apt-get install kernel-image-2.4.18-bf2.4 <- to install kernel 2.4.18 image
[root@localhost]#apt-get -u upgrade <- for upgrade
[root@localhost]#apt-get update
Location of updated file
------------------------
[root@localhost]#pwd
/var/cache/apt/archives
[root@localhost]#apt-get clean <- to clear updated file
Autostart file during booting
-----------------------------
[root@localhost]#pwd
/etc/rcS.d
[root@localhost]#ls
s40hostname.sh
[root@localhost]#vi s40hostname.sh <- edit this file for autostart purpose
Mouse port in debian
---------------------
/dev/sysmouse mouse protocol sysmouse @ mousesystems
---------------
[root@localhost]#pon dsl-provider(stat) <- to dial
[root@localhost]#poff <- to disconnect
Using APT
----------
[root@localhost]#apt-setup <- to select source from the http@ftp server
[root@localhost]#apt-get install kernel-image-2.4.18-bf2.4 <- to install kernel 2.4.18 image
[root@localhost]#apt-get -u upgrade <- for upgrade
[root@localhost]#apt-get update
Location of updated file
------------------------
[root@localhost]#pwd
/var/cache/apt/archives
[root@localhost]#apt-get clean <- to clear updated file
Autostart file during booting
-----------------------------
[root@localhost]#pwd
/etc/rcS.d
[root@localhost]#ls
s40hostname.sh
[root@localhost]#vi s40hostname.sh <- edit this file for autostart purpose
Mouse port in debian
---------------------
/dev/sysmouse mouse protocol sysmouse @ mousesystems
Wednesday, September 03, 2003
Install Squid
The command to set the squid
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
this is contain of squid.conf
######################################################################
#squid -NCd1
http_port 3128
icp_port 0
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
# forward incoming requests to localhost, port 8000
httpd_accel_host virtual
#acl acceleratedHost dst 210.187.110.78/255.255.255.255
httpd_accel_port 80
#acl acceleratedPort port 8080
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl all src 0.0.0.0/0.0.0.0
#sempoi is my samba workgroup name and class of network
acl sempoi src 192.168.1.0/255.255.255.0
#no_cache deny acceleratedHost
#always_direct allow acceleratedHost
#http_access allow acceleratedHost acceleratedPort
http_access allow sempoi
http_access deny all
cache_effective_user squid
cache_effective_group squid
cache_mgr rosli@streamyx.com
log_icp_queries off
cache_mem 64 MB
maximum_object_size 128 MB
visible_hostname sempoi.bogus
######################################################################
make sure squid already installed
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
this is contain of squid.conf
######################################################################
#squid -NCd1
http_port 3128
icp_port 0
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
# forward incoming requests to localhost, port 8000
httpd_accel_host virtual
#acl acceleratedHost dst 210.187.110.78/255.255.255.255
httpd_accel_port 80
#acl acceleratedPort port 8080
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl all src 0.0.0.0/0.0.0.0
#sempoi is my samba workgroup name and class of network
acl sempoi src 192.168.1.0/255.255.255.0
#no_cache deny acceleratedHost
#always_direct allow acceleratedHost
#http_access allow acceleratedHost acceleratedPort
http_access allow sempoi
http_access deny all
cache_effective_user squid
cache_effective_group squid
cache_mgr rosli@streamyx.com
log_icp_queries off
cache_mem 64 MB
maximum_object_size 128 MB
visible_hostname sempoi.bogus
######################################################################
make sure squid already installed
IP Masquerading & Firewall
save to script.sh and put it at /sbin
#/sbin/ics.sh
# reset the default policies in the filter table.
#
echo flushing the firewall
echo flushing the firewall
echo flushing the firewall
#
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
#
# reset the default policies in the nat table.
#
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
#
# reset the default policies in the mangle table.
#
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
#
# flush all the rules in the filter and nat tables.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
#
# erase all chains that's not default in filter and nat table.
#
iptables -X
iptables -t nat -X
iptables -t mangle -X
#
echo FIREWALL INITIALIZE
echo FIREWALL INITIALIZE
echo FIREWALL INITIALIZE
#
#
#
#
/sbin/insmod ip_conntrack_irc
#
echo basic to masquerade
iptables -F
iptables -t nat -F
iptables -t mangle -F
#nih tuk biasa nya routing takleh port forwarding dr intranet
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
#kernel flags
echo "1" > /proc/sys/net/ipv4/ip_forward
#
echo accept connection from internet
iptables -A INPUT --protocol tcp --dport 20 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 21 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 22 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 25 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 80 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 110 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 143 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 443 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 3306 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 10000 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 53 -j ACCEPT
#
#redirect to PORT eg:squid internal nets etc. etc. etc.
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
#
#
echo secure my box
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -P INPUT DROP #only if the first two are succesful
iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
#/sbin/ics.sh
# reset the default policies in the filter table.
#
echo flushing the firewall
echo flushing the firewall
echo flushing the firewall
#
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
#
# reset the default policies in the nat table.
#
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
#
# reset the default policies in the mangle table.
#
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
#
# flush all the rules in the filter and nat tables.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
#
# erase all chains that's not default in filter and nat table.
#
iptables -X
iptables -t nat -X
iptables -t mangle -X
#
echo FIREWALL INITIALIZE
echo FIREWALL INITIALIZE
echo FIREWALL INITIALIZE
#
#
#
#
/sbin/insmod ip_conntrack_irc
#
echo basic to masquerade
iptables -F
iptables -t nat -F
iptables -t mangle -F
#nih tuk biasa nya routing takleh port forwarding dr intranet
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
#kernel flags
echo "1" > /proc/sys/net/ipv4/ip_forward
#
echo accept connection from internet
iptables -A INPUT --protocol tcp --dport 20 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 21 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 22 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 25 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 80 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 110 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 143 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 443 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 3306 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 10000 -j ACCEPT
iptables -A INPUT --protocol tcp --dport 53 -j ACCEPT
#
#redirect to PORT eg:squid internal nets etc. etc. etc.
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
#
#
echo secure my box
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -P INPUT DROP #only if the first two are succesful
iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
Tuesday, September 02, 2003
Start Restart Stop System Proses
[root@sempoi root]# /etc/init.d/smb restart
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@sempoi root]#
all executetable file can be found in /etc/init.d/ directory
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@sempoi root]#
all executetable file can be found in /etc/init.d/ directory
Apache User Webpage
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
#
Saturday, August 30, 2003
IP Masquerading
modprobe ipt_MASQUERADE # If this fails, try continuing anyway
iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
Friday, August 29, 2003
Tune Hard Disk
Linux Tips - Performance
just found this stuff
Get faster file transfer by using 32-bit transfers on your hard drive
Just add the line:
hdparm -c3 /dev/hdX
to a bootup script.
If you use SuSE or other distros based on SYS V,
/sbin/init.d/boot.local
should work for you.
This enables 32-bit transfer on your hard drive. On some systems it can improve transfer performance by 75%.
To test your performance gain, type:
hdparm -t -T /dev/hdX
just found this stuff
Get faster file transfer by using 32-bit transfers on your hard drive
Just add the line:
hdparm -c3 /dev/hdX
to a bootup script.
If you use SuSE or other distros based on SYS V,
/sbin/init.d/boot.local
should work for you.
This enables 32-bit transfer on your hard drive. On some systems it can improve transfer performance by 75%.
To test your performance gain, type:
hdparm -t -T /dev/hdX
