Iptables configuration examples

Posted on October 9, 2012 by BackTrack

As Linux systems become popular, it may be used as gateway in small networks.
This is the case when iptables – standard Linux firewall will come in handy.

You can easily set up simple NAT-ed network with few simple command lines.

Basic syntax: iptables -t *table* *command*

Parameters:
-L – list rules
-F – flush all rules
-A – add rule
ex: iptables -t *table* -A *chain* *rule*
-D – delete rule

For example: iptables -t *table* -D *chain* *rule number*

To make current ruleset persistent, run:

[code]
/etc/init.d/iptables save
[/code]

So let’s imagine we have a simple netork (at home), with a Linux host, Internet gateway (cable modem or similar) and a PC host (running Windows for example).

Continue reading →

Tags: iptablesPosted by BackTrack in Linux, Networking on October 9, 2012

Nginx + SSL + PHP-FPM sample config

Posted on October 5, 2012 by BackTrack

[code]
server {
listen 443;
server_name server.name.com;
root /d1/html/phpbb;

ssl on;
ssl_certificate /etc/ssl/certificate.crt;
ssl_certificate_key /etc/ssl/private.key;

ssl_session_timeout 5m;

ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
index index.php index.html index.htm;
}

location ~ \.php$ {
include /etc/nginx/fastcgi_params;
if (-f $request_filename) {
fastcgi_pass 127.0.0.1:9000;
}
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}

[/code]

Tags: nginx, php, sslPosted by BackTrack in Linux on October 5, 2012

wget not working in cron

Posted on October 4, 2012 by BackTrack

Please make sure that:

1. Cron is running (/etc/init.d/crond restart) – a bit obvious but worth a check

2. You specify full path to wget (like /usr/bin/wget)

For testing purposes you may paste this line to your crontab to make sure it’s working:

[code]
* * * * * /usr/bin/wget -O /tmp/index.php pingtool.org
[/code]
This will save a copy of index page from pingtool.org to /tmp/index.php

Tags: cron, wgetPosted by BackTrack in Linux on October 4, 2012

Using flock to ensure only one instance of script is running

Posted on October 2, 2012 by BackTrack

When you have a cron job that takes a while to finish, you need to be sure the next scheduled execution won’t come before completion of previous one. (For example you want file backup to finish before starting a new one).
Linux has one useful utility, that addresses this specific issue – flock.
[code]
/usr/bin/flock -w 600 /var/tmp/myscript.lock /root/myscript.sh
[/code]
This will execute /root/myscript.sh only if previous instance of this script has finished.
Key -w 600 means that flock will wait for 10 minutes for previous instance of the script to finish, before aborting the execution.
You may want to put 0 here or omit the -w key entirely, so the script wait for indefinitely long time for previous instance to finish.

A bit better place for lock files is /var/run folder, however you may have to create a lockfile and give user write permissions for it before.

Tags: flock scriptPosted by BackTrack in Linux on October 2, 2012

Adding new admin user to CheckPoint Gaia with expert permissions

Posted on October 1, 2012 by BackTrack

To add a new administrator user account with “expert” prompt add following lines to configuration in the CLI shell:

[code]
add user NEWUSER uid 0 homedir /home/NEWUSER
set user NEWUSER gid 100 shell /bin/bash
set user NEWUSER password-hash $1$************ / OR / set user NEWUSER password
add rba user NEWUSER roles adminRole
[/code]

Replase NEWUSER with new administrator’s login name.

This new account will login in “expert” shell and will not need to type additional password.
To access Gaia’s CLI shell user will need to execute /bin/clish

Tags: checkpointPosted by BackTrack in Networking on October 1, 2012

4 Replies