You can configure linux as firewall in several ways, depends on your requirements and your network size. The easiest way is to use iptables (packet filtering) if you have a simple network or a few computers. There are other methods like pf and ipfw etc but they are quite complex to setup as you’ll need them if you have huge network or inhouse servers like web servers, email server, dns server etc with huge amount of traffic.

For for basic and simplicity we’ll use iptables as it is very easy to setup and troubleshoot, also we’ll setup this linux box to do NAT (network address translation) as well, means it will share internet with other computers.

I will setup packet filtering firewall for the following diagram

Here linux which acts as firewall and do NAT as well. If you to Linux box to assign IP to your computer you’ll need to install DHCP service, or you can assign IPs manually if you do not want DHCP server. In either case your workstations will have these TCP/IP settings.
i.e.
Workstation1

IP: 192.168.1.21
Subnetmask: 255.255.255.0
Gateway: 192.168.1.10
DNS: If you are using a router/DSL modem then DNS ip is the IP of your Router i.e. 192.168.1.1, if you are using cable modem then it will be the Public DNS IP which is 194.168.4.100 other wise if can give it the IP of linux machine if this linux box is a dns server as well. You’ll two Ethernet Cards, connect the first ethernet card (eth0) to your Switch and the second ethernet card (eth1) to your router or cable modem. Set eth1 to get IP automatically from router or cable modem and type ifconfig eth1 Let say IP assigned by router to eth1 is 192.168.1.2
Read the rest of this entry »

Postfix is an MTA (Mail Transfer Agent) for sending and receiving emails. It was developed due to the short coming found in Sendmail. The difference between the Postfix and Sendmail is that Postfix is very easy to install and configure, while sendmail on the other hand is a bit hard to work with and difficult to troubleshoot. The reason behind this is that sendmail is a single process or single binary which combines all its functions and modules built in it, so this single daemon should always be running. Postfix comes with different independent modules, responsible for delivery routing messaging and filtering etc. these modules are separate entity independent of postfix such as SMTP client, SMTP Daemon, and applications like cleanup, trivial re-write, queue manager (qmgr), pipe, local, pickup and maildrop, all interacting with each other to make a fully fledged email server.

Post has support for Regular expression such as Perl regular expression which we’ll talk about it later in this article.

Postfix Block Diagram

The image below show the email delivery process both local and remote messages.

Read the rest of this entry »

yum, also called Yellow dog Updater Modified, is a Linux utility which is use to install RPM packages/Binary Files (.rpm files). You can use yum with the following options

• install
• update
• check-update
• upgrade
• remove Read the rest of this entry »

Checking Cisco routers Logs

I will assume your cisco router’s IP is 192.168.2.1 and your linux machine IP is 192.168.2.3 where you want to see cisco router’s log

Login to your cisco router, enter into configuration mode and type logging 192.168.2.3

router > enable
Router# conf t
Router# logging 192.168.2.3

Now login into your linux machine, and edit the file syslog

#vi /etc/sysconfig/syslog

And change the line

SYSLOGD_OPTIONS="-m 0"

To

SYSLOGD_OPTIONS="-m 0 -r"

So your syslog file should look like

# Options to syslogd

# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details

SYSLOGD_OPTIONS=”-m 0 -r”

# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
# once for processing with ‘ksymoops’
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
KLOGD_OPTIONS=“-x”
#
SYSLOG_UMASK=077
# set this to a umask value to use for all log files as in umask(1).
# By default, all permissions are removed for “group” and “other”.

Save syslog file and restart syslogd service,

[root@host ~]# /etc/init.d/syslog restart
Shutting down sskernel logger:                             [  OK  ]
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
Starting kernel logger:                                    [  OK  ]

[root@host ~]#

You should see -r option in the output of the command ps ax | grep syslog

[root@host ~]# ps ax | grep syslog
2586 ?        Ss     0:00 syslogd -m 0 -r
3411 pts/1    S+     0:00 grep syslog

Now check the logs
#tail -f /var/log/syslog

This settings work when both the linux and the router are on same network, but you can send logs to remote linux machine but you have to edit the hosts.allow file and enter the the IP of the router. if you want to check logs on windows you can find some free log analyzer for windows like winlogd, download it from http://edoceo.com/creo/winlogd and check the logs on windows using that software.

Thats All!

I’m using fedora Core 6 and the proftpd version 1.3.1. In this article I will show you the basic steps of how to install proftpd using yum utility you can download and install it from source files but yum make it easy to download+install automatically to default location. I will also show you some basic concepts about ftp passive and active modes and some cisco router commands if you are behind NAT/Firewall

Connect your Linux box to the internet. and type the following command.

• yum -y install proftpd

This will download and install proftpd in default location with default settings. Before setting proftpd i will like to show you some basics concepts about how ftp works.

The default port on which the ftp is listening incoming connections is port 21, once connection is establish from with a client the server then send data to client on port 20.

FTP server works in two modes

• Active
• Passive

Read the rest of this entry »