Archive for the ‘ tips and tricks ’ Category

Playing with YUM API

I was migrating from one server to another and because I love python, I really try to involve it into each and every script I’m writing.
So I saved all of my installed packages in a text file called installed.txt , and using the yum python API, I managed to install all the needed packages as easy as this:

Read more

Setting up simple Upstart Service

Service are important when you decide to monitor or keep a job running on your server
Upstart made it easy like heaven to add new service taking care  of controlling the service,
Here is an example how to setup very simple service and control it afterwards easy as this :

# Ubuntu / Debian
cd /etc/init
touch mysimpleservice.conf

Read more

iptables rules for NAT with FTP active / passive connections

If you have an FTP server running behind a server that acts as the gateway or firewall, here are the rules to enable full NAT for active and passive connections.

# general rules for forwarding traffic between external interface tap0 and internal interface eth0
iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE
iptables -A FORWARD -i tap0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tap0 -j ACCEPT

# NAT for active/passive FTP. 192.168.178.21 would be your internal ftp server
iptables -t nat -A PREROUTING  -p tcp  --dport 20 -j DNAT --to 192.168.178.21:20
iptables -t nat -A PREROUTING  -p tcp  --dport 21 -j DNAT --to 192.168.178.21:21
iptables -t nat -A PREROUTING  -p tcp  --dport 1024:65535 -j DNAT --to 192.168.178.21:1024-65535
iptables -A FORWARD -s 192.168.178.21 -p tcp --sport 20 -j ACCEPT
iptables -A FORWARD -s 192.168.178.21 -p tcp --sport 21 -j ACCEPT
iptables -A FORWARD -s 192.168.178.21 -p tcp --sport 1024:65535 -j ACCEPT

# allowing active/passive FTP
iptables -A OUTPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT

Read more

Spacewalk vs. Katello

When managing alot of systems (virtual or physical) it makes sense to centralize the package management. It also saves you alot of time.

Spacewalk does exactly that for RPM-based systems like CentOS, Fedora or SLE. Its the community and open-source version of the RedHat Network Satellite Products  (RHN). It brings you alot of nice features like

  • Systems inventory with hardware and software info (DMI)
  • Centralized package management. Installing / Updating software on systems (single/grouped/batch)
  • Errata overview for systems (security/bugfixes/enhancements)
  • Kickstart / Provision systems
  • Audit
  • basic config file distribution (better do this with puppet/chef)
  • basic monitoring (better do this with munin/graphite/ganglia..)

Read more

ERROR: [ipv6_set_default_route] Given IPv6 default gateway ‘fe80 :: 1’ is link-local

ERROR: [ipv6_set_default_route] Given IPv6 default gateway ‘fe80 :: 1’ is link-local, but no scope or gateway device is specified

If you encounter this error on CentOS6 then remove IPV6_DEFAULTGW=fe80::1 from /etc/sysconfig/network-scripts/ifcfg-eth0 and do a

sercvice network restart

Your IPv6 networking should still be working but there error should be gone.

Unzip multiple files in same directory on Mac OS X

If you have multiple zip files in a directory and you want to extract all of them at once into that directory, then simply do

  • Open Spotlight and enter “Terminal”
  • then enter the following
# go to the containing folder
cd /Users/phil/Downloads/folder_with_zips

# backslash with SHIFT+ALT+7
unzip \*.zip

# cleanup unwanted zips
rm -f *.zip

Thats it !

Error “SIOCSIFADDR: Cannot allocate memory” when adding many IPv6 addresses

While adding many many IPv6 addresses, you might run into this error

SIOCSIFADDR: Cannot allocate memory

The error isn’t very descriptive but fortunately this can be resolved very easily by increasing the IPv6 routing tables maximum size:

nano /proc/sys/net/ipv6/route/max_size

 

Fix “App can’t be opened because it is from an unidentified developer” error on Mac OS X

You might have gotten this error saying

“.. can’t be opened because it is from an unidentified developer” / “.. kann nicht geöffnet werden, da es von einem nicht verifizierten Entwickler stammt.”

can't be opened because it is from an unidentified developer

Instead of turning off the security feature GateKeeper entirely which is suggested by most websites on this topic, you should rather make an exception for those applications that produce this error but you got them from a trusted source!

This is done fairly simple: Read more

Howto resume SCP transfer

From time to time you will end up with an incomplete scp transfer. That gets annoying when the total transfer was high. The solution is to use rsync for resuming like so:

rsync -partial -progress --rsh=ssh user@host:/path/to/remote/file /path/local/file

# short version
rsync -P --rsh=ssh user@host:/path/to/remote/file /path/local/file

You can also add an alias so you dont have to remember all those flags. Add to your .bashrc or .bash_aliases

alias scpresume="rsync -P --rsh=ssh"

iptables settings for outgoing FTP

Getting FTP to fully work with iptables can be a pain in the ass. Thinking of active and passive mode here. Even if you are familiar with iptables, its easier to copy/paste this rather than writing this down out of your head. (I am here refering to outgoing FTP connections, meaning you are acting as the client). So here are the rules you were looking for:

-A INPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED -j ACCEPT

-A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT

Basically what this does is tell iptables to open up FTP command port 21 and data port 20 for connection related to ones established on 21. It also allows the random ports >=1024 for related connections.
These rules apply for both active and passive connections.