9. LINUX ADMINISTRATION

LINUX - NETWORKING

Note =    Command Line

      Networking Applications Setup

Configuration Setup

1

ASSIGN IP SET DEFAULT GATEWAY AND CHANGE ROUTE DEVICE

[root@nc ~]# /sbin/ifconfig eth0 192.168.1.4 netmask 255.255.255.0 broadcast 192.168.1.255
[root@nc ~]# /sbin/route add default gw 192.168.1.1

[root@nc ~]# /sbin/ifconfig eth0:1 192.168.1.5 up

[root@nc ~]# ip route add 10.100.114.118/32 via 192.168.16.145 dev eth0

2

LISTING NETWORK IP ADDRESS

[noc@nc ~]$ /sbin/ifconfig -a | grep "inet add" | cut -f2 -d\: | cut -f1 -d" "

noc@sol-11:~$ curl -s checkip.dyndns.org |cut -d":" -f2|cut -d"<" -f1|cut -d" " -f2
180.141.66.191

noc@sol-11:~$ wget -qO - checkip.dyndns.org|cut -d":" -f2|cut -d"<" -f1|cut -d" " -f2
180.141.66.191

The way to get Current Public IP Address via Konsole, for easy purpose alias can be created as following

noc@sol-11:$ alias getip='wget -qO - checkip.dyndns.org|cut -d":" -f2|cut -d"<" -f1|cut -d" " -f2'
noc@sol-11:$ getip
180.141.66.191

3

LISTING NETWORK IP AND NETMASK

[noc@nc ~]$ /sbin/ifconfig | cut -d " " -f1,12,16 | grep -A 1 eth | tr -d - | tr -s "\n" |sed -e :a -e N -e 's/\n/ /'

4

SUBNETMASK TABLE CHART


5

CONFIGURE NETWORK TO USE RANGES OF IP ADDRESS

[root@sme ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0-range0
IPADDR_START=219.95.225.219
IPADDR_END=219.95.225.220
CLONENUM_START=0


ARP-SCAN TO SEARCH DEVICES ON LAN

[root@cos ~]# arp-scan --interface=eth0 --localnet
Interface: eth0, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.7 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.1.1 00:1e:40:9f:7c:4b Shanghai DareGlobal Technologies Co.,Ltd.
192.168.1.3 00:14:c2:e2:fb:af Hewlett Packard
192.168.1.4 00:06:f4:09:8a:ff Prime Electronics & Satellitics Inc.
192.168.1.11 00:03:ba:08:30:58 Sun Microsystems Inc.
192.168.1.20 00:03:ba:08:30:58 Sun Microsystems Inc.

7 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.7: 256 hosts scanned in 1.385 seconds (184.84 hosts/sec). 5 responded

7

IPTABLES ROUTING = chmod 755  /etc/sysconfig/myfirewall

!note: dont forget to set "net.ipv4.ip_forward = 1" = /etc/sysctl.conf
          and run sysctl -p

[root@ipx ~]# cat /etc/sysconfig/myfirewall
#!/bin/sh

IPT=/sbin/iptables

$IPT -F

#Masquerade = eth1 is the internet origin, eth0 LAN ip

$IPT -t nat -A POSTROUTING -o eth1 -j MASQUERADE

#allowed input

$IPT -A INPUT -p tcp --dport 80 -j ACCEPT
$IPT -A INPUT -p tcp --dport 443 -j ACCEPT
$IPT -A INPUT -p tcp --dport 22 -j ACCEPT

$IPT -A INPUT -p udp --dport 1723 -j ACCEPT


#OpenPort 53 forward to LAN ip

$IPT -t nat -I PREROUTING -p tcp -d 208.111.47.155 --dport 53 -j DNAT --to 192.168.1.100


#OpenPort 1230 redirect to port 3300 in the same system

$IPT -t nat -A PREROUTING -i eth0 -p udp --dport 1230 -j REDIRECT --to-port 3300


#Open port 1723 public and forward to LAN on port 137
$IPT -t nat -I PREROUTING -p udp -d 202.120.100.142 --dport 1723 -j DNAT --to 192.168.68.68:137

# chkconfig iptables off , add /etc/sysconfig/myfirewall to /etc/rc.local

8

OpenVPN Routed Config /dev/tun0

#server.conf

port 137
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
server 172.16.10.0 255.255.255.0
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3
status /var/log/openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
#client config-server240.ovpn

client
dev tun
proto udp
remote 210.231.210.240 137
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
verb 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1300


9

OpenVPN Bridge EtherNet    /dev/tap0

[root@vpns ~]# yum   install openvpn bridge-utils --enablerepo=epel

[root@vpns ~]# cat /etc/openvpn/server.conf

port 137
proto udp
dev tap0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server-bridge 192.168.68.67 255.255.255.240 192.168.68.70 192.168.68.78
push "route 192.168.68.67 255.255.255.240"
push "redirect-gateway"
push "dhcp-option DNS 8.8.8.8"
duplicate-cn
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 3
mssfix 1400

67 is machine IP , 70-78 is IP ranges client can be used , install bind9 is required

[root@vpns ~]# cp -R /usr/share/openvpn/easy-rsa/2.0 /etc/openvpn/easy-rsa
[root@vpns ~]# cd /etc/openvpn/easy-rsa ; mkdir keys ; nano -w +64 vars
[root@vpns ~]# source ./vars
[root@vpns ~]# ./clean-all
[root@vpns ~]# ./build-ca
[root@vpns ~]# ./build-key-server server
[root@vpns ~]# ./build-dh
[root@vpns ~]# ./build-key-pass client001
[root@vpns ~]# cp /usr/share/doc/openvpn-*/sample-scripts/bridge-st* /etc/openvpn/
[root@vpns ~]# chmod 755 /etc/openvpn/bridge-st*

Client Should have " ca.crt , client001.crt, client001.key

Create Second/third Client with
# cd easy-rsa
# . ./vars
# ./build-key-pass Client2


[root@vpns ~]# cat /etc/openvpn/bridge-start
#!/bin/sh
br="br0"
tap="tap0"
eth="eth0"
eth_ip="192.168.68.68"
eth_netmask="255.255.255.240"
eth_broadcast="192.168.68.79"
for t in $tap; do
    openvpn --mktun --dev $t
done

brctl addbr $br
brctl addif $br $eth

for t in $tap; do
    brctl addif $br $t
done

for t in $tap; do
    ifconfig $t 0.0.0.0 promisc up
done

ifconfig $eth 0.0.0.0 promisc up

ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast

[root@vpns ~]# cat /etc/openvpn/bridge-stop
#!/bin/sh
br="br0"
tap="tap0"
ifconfig $br down
brctl delbr $br

for t in $tap; do
    openvpn --rmtun --dev $t
done

[root@vpns ~]# /etc/rc.d/init.d/openvpn start

10

  NAGIOS SERVER ( Enable Repoforge )

[root@zvps-lan70 ~]# yum install httpd php nagios nagios-plugins  nagios-devel

[root@zvps-lan70 ~]# htpasswd -c /etc/nagios/htpasswd.users nagiosadmin
New password:
Re-type    new password:
Adding password    for user nagiosadmin

[root@zvps-lan70 ~]# /etc/init.d/nagios    start
nagios is stopped
Starting nagios:                                           [  OK  ]

11

   NAGIOS ADD HOST

[root@zvps-lan70 ~]# nano -w /etc/nagios/objects/server202.190.100.10

  • define host{
            use                          linux-server                                                                                                                          
            host_name               noc.server
            alias                        noc.server
            address                   202.190.100.10
            }

    define service{
            use                           generic-service        
            host_name                202.190.100.10
            service_description     PING
            check_command        check_ping!100.0,20%!500.0,60%
            }

    define service{
            use                            generic-service        
            host_name                 202.190.100.10
            service_description      HTTP
            check_command         check_http
            notifications_enabled   0
            }

add last line /etc/nagios/nagios.cfg
cfg_file=/etc/nagios/objects/server202.190.100.10

12

   NAGIOS NRPE ( Client )

nano -w /etc/nagios/nrpe.cfg

allowed_hosts=192.168.122.207 <- master nagios ip
 -------
dont forget : touch /var/www/html/index.html

13

  MTR ( My Traceroute ) report

 [root@s410p-clix ~]# mtr --report --report-cycles 10 digi.com.my  > CRF-DIGI.txt


14

  Monitor Server PHP Script

<?php
$site = '192.168.100.30'; $port = '22'; $check = fsockopen("$site", "$port", $errno, $errstr, 6); if (!$check)
{    echo '<font color="#FFF0000">Backup Server is currently down!</font>'; } else
{    echo '<font color="#009900">#Backup Server = (OK). </font>'; }
$site = 'crms.clixpay.net'; $port = '80'; $check = fsockopen("$site", "$port", $errno, $errstr, 6); if (!$check)
{    echo '<font color="#FFF0000">CRMS Server is currently down!</font>'; } else
{    echo '<font color="#009900">#CRMS Server = (OK). </font>'; }
$str = exec("ping -c 1 192.168.122.243");
if ($result == 0){
  echo '<font color="#009900">#VPN SStar Server = (OK). </font>';
}else{
  echo '<font color="#FFF0000">VPN SStar Server is currently down!</font>';
}
?>


15

  Solaris



16

  Solaris



17

  Solaris



18

  Solaris



300

  Solaris



300

  Solaris



300

  Solaris



300

  Solaris



300

  Solaris



300

  Solaris



Previous Section    LINUX ADMINISTRATION Next Section