http_port 192.168.[98|106].64:port
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
dns_timeout 1 minutes
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl [se|fx]-net src 192.168.[98|106].0/24
acl safe_urls dstdomain .xxx.com
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port
acl Safe_ports port http_port https_port # http, https
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny !safe_urls
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localhost
http_access allow [se|fx]-net
http_access deny all
http_reply_access allow all
cache_mgr someone@some.com
coredump_dir /usr/local/squid/var/cache
squid basic option August 27, 2009
HowTo: Creating virtual interfaces in solaris/Redhat/Debian July 19, 2009
Sometimes it’s useful to create a virtual network interface on your Solaris box, so that you can associate multiple IP addresses with the same host and not have to go through all the trouble of buying another NIC.
Here’s a quick HOWTO. Let’s assume our network card is eri0, and we want to create a virtual interface called eri0:1
Create the virtual interface:
# ifconfig eri0:1 plumb
Configure the virtual interface:
# ifconfig eri0:1 179.164.83.161 netmask 255.255.255.0 broadcast 179.164.83.255
Check to make sure it worked:
# ifconfig -a
eri0:1: flags=1000842 mtu 1500 index 2
inet 179.164.83.161 netmask ffffff00 broadcast 179.164.83.255
Finally bring up your new virtual interface:
# ifconfig eri0:1 up
To make it come up on start:
create /etc/hostname.eri0:1 with hostname in it
make sure the hostname is in /etc/hosts
To Disable: ifconfig eri0:1 unplumb
In RedHat
# ifconfig eth0:1 192.168.30.128 netmask 255.255.255.0
That’s all it takes! Let’s check to make sure it took:
# ifconfig -a
You can (and should!) also give this new address its own name in the /etc/hosts file:
192.168.30.128 stationX
To make this permanent in RedHat or Mandriva, look in the directory /etc/sysconfig/network-scripts — you’ll see a file called ifcfg-eth0. Copy that file and edit it to create a new ifcfg-eth0:1 (Be sure to edit the contents of the file to give it the right address and netmask, of course.)
Now your eth0:1 interface will start automatically at reboot, just like eth0 itself. You can have as many of these “ifcfg-” files as you like, within reason.
In Debian
the file is called “/etc/network/interfaces” and is somewhat simpler:
auto eth0
iface eth0 inet static
address 172.16.0.6
netmask 255.255.255.0
auto eth0:1
iface eth0:1 inet static
address 192.168.30.128
netmask 255.255.255.0
You still have to tell the machine about the new network of which it is now a member. That’s the job of the route command:
# route add -net 192.168.30.0 netmask 255.255.255.0
# route
Cheers!!!
NTP – A insight look July 13, 2009
A NTP server is really just a time server that utilises Network Time Protocol (NTP). Whilst other time protocols do exist, NTP is by far the most commonly used and is utilised in over ninety percent of time servers.
NTP server and time server are therefore interchangeable terms but describe the same thing: a device used to receive and distribute a timing signal.
The timing signal utilised by most NTP server is a UTC time source. UTC (Coordinated Universal Time) is a global time scale based on the time told by atomic clocks. By utilising UTC a NTP server can in affect, synchronise a network to the same time as millions of other computer networks from around the world. This has made possible many online global transactions that just simply wouldn’t be possible without UTC.
The timing signal is received by the NTP server (or time server) via a number of ways; the Internet, national time and frequency transmission (long wave) or the GPS (global positioning system) network. Once received the time server (NTP server) checks the authenticity of this signal (except from Internet sources where authentication is not possible), evaluates its accuracy then distributes it amongst the network.
To prevent a possible overload of time requests to the time server, machines that receive a time signal from the NTP server, can themselves be used as a time reference and the machines that receive a time signal from those can again be used as a reference. This hierarchy is called stratum levels. A NTP server is a stratum 1 device, a machine that receives a signal directly from the time server is a stratum 2 device and if a machine receives a signal from that it becomes stratum 3.
NTP server Stratum level explain
NTP is a hierarchical protocol and is divided into stratum which define the distance from the reference clock. A reference clock source that relays UTC (Coordinated Universal Time) time and has little or no delay is known as a stratum-0 device. Stratum-0 servers cannot be used on the network, instead, they are directly connected to computers which then operate as primary.
A primary server that receives a time signal from a stratum 0 device either through the GPS network or national time and frequency transmission is known as a stratum-1 device. On a network a stratum 1 time server supplies the time to other devices on the network which are known as stratum-2 devices. These also can be used as a time source and equipment that connects to a stratum-2 device to receive it become stratum-3 and so on.
NTP can handle up to 16 different stratum levels, although the lower down the hierarchy you go the less accurate the devices become. However, to make the system more reliable, each client can receive a time source from multiple servers. Stratum 2 devices and below can also synchronise with each other. The NTP software monitors continuously the figures of stability and accuracy of all the servers and always chooses a server with the best figures.
Multiple stratum are used an in larger networks because to bombard a single stratum-1 time server with NTP requests from thousands of machines could cause it to overload or block the network itself with workstations/routers etc repeatedly waiting for their time synchronisation requests to go through.
Telling the NTP time
Network Time Protocol (NTP) is an Internet based protocol designed to distribute and synchronise time across a network.
NTP is in fact one of the oldest Internet protocols having been developed in the late 1980’s at Delaware University when the Internet was still in its infancy. It was devised by Professor David Mills and his team when they realised the need for accurate time synchronisation if computers were needed to communicate with each other.
A NTP server is a dedicated device that receives a single timing source and then distributes it amongst all network devices. A NTP server will receive the timing information through a number of ways but normally it is a UTC source (coordinated universal time) a global timescale based on the time as told by ATOMIC CLOCKS.
NTP handles the time in a different way to how humans perceive and deal with it. While we may split a time into seconds, minutes, hours, days, months and years; NTP regards time as a single number which is the number of seconds since the ‘prime epoch’.
The prime epoch is a date set for when NTP began counting seconds. For NTP the prime Epoch is 00.01 on 1 January 1900 so that means on 1 January 2008 the time according to NTP will be 3405888000, which is the number of seconds since 1900.
Finding a Public NTP server
A public NTP Server is a time server on the Internet that, as the name suggests, members of the public can use as a timing source. The best location on the Internet to find a list of public NTP servers is the home of NTP – www.ntp.org
Setting local date and time using NTP
The ntpdate command sets the local date and time by polling the NTP servers specified to determine the correct time. It obtains a number of samples from each server specified and applies the standard NTP clock filter and selection algorithms to select the best of the samples.
The ntpdate command makes time adjustments in one of the following ways:
- If it determines that the clock is off by more than 0.5 seconds, it steps the clock’s time by calling the settimeofday subroutine. This is the preferred method at boot time.
- If it determines that the clock is off by less than 0.5 seconds, it slews the clock’s time by calling the adjtime subroutine with the offset. This method tends to keep a badly drifting clock more accurate, though at some expense to stability. When running the ntpdate command on a regular basis from the cron command instead of running a daemon, doing so once every hour or two results in precise enough timekeeping to avoid stepping the clock.
Notes:
- The ntpdate command’s reliability and precision improves dramatically with a greater number of servers. Although you can use a single server, you obtain better performance by providing at least three or four servers.
- If an NTP server daemon like the xntpd daemon is running on the same host, the ntpdate command will decline to set the date.
- You must have root authority on the local host to run this command.
The New Ubuntu Uncomplicated Firewall UFW July 13, 2009
Here is an overview on howto use ufw the Uncomplicated Firewall:
Lets turn UFW on:
sudo ufw enable
When you initially turn the firewall on, it is in ACCEPT mode, and will accept everything incoming and outgoing until you make rulesets.
The simple syntax to allow an incoming/outgoing connection on a specified port to any host would be:
sudo ufw allow 53
To specify a protocol, append ’/protocol’ to the port. For example lets enable tcp connections on port 53 incoming/outgoing:
sudo ufw allow 53/tcp
or for udp
sudo ufw allow 53/udp
You can also allow by service name since ufw reads from /etc/services
Lets see what services are in /etc/services:
cat /etc/services | less
As an example lets allow ssh which is port 22
sudo ufw allow ssh
You can also use a fuller syntax, specifying the source and destination addresses and ports. This syntax is based on OpenBSD’s PF syntax. Which will deny all traffic to tcp port 22 on this host
ufw deny proto tcp to any port 22
To deny all traffic from the RFC1918 Class A network (10.0.0.0/8) to tcp port 22 with the address 192.168.0.1 we would use this:
ufw deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 22
If you want to deny all traffic from the IPv6 2001:db8::/32 to tcp port 80 on this host you would use:
ufw deny proto tcp from 2001:db8::/32 to any port 80
To delete a rule, simply prefix the original rule with delete. For example, if the original rule was:
ufw deny 80/tcp
Use this to delete it:
sudo ufw delete deny 80/tcp
Lets deny all access to port 80
sudo ufw deny 80
Lets allow all access to port 80
sudo ufw allow 80/tcp
Lets block a single host:
sudo ufw deny from 207.46.232.182
The above command blocked microsoft lol
Lets block microsoft’s class b
sudo ufw deny from 207.46.0.0/16
//
Lets allow all access from RFC1918 networks(LAN/WLAN’s) to this host:
sudo ufw allow from 10.0.0.0/8
sudo ufw allow from 172.16.0.0/12
sudo ufw allow from 192.168.0.0/16
Lets Deny access to udp port 139 from host 192.168.1.1:
sudo ufw deny proto udp from 192.168.1.1 to any port 139
The same thing above with tcp instead:
sudo ufw deny proto tcp from 192.168.1.1 to any port 139
Allow access to udp 192.168.1.1 port 22 from 192.168.1.100 port 22:
sudo ufw allow proto udp from 192.168.1.100 port 22 to 192.168.1.1 port 22
To check the status of ufw with the ports in the listening state use:
sudo ufw status
To disable ufw use:
sudo ufw disable
To enable logging use:
ufw logging on
To disable logging use:
ufw logging off
svn triks June 29, 2009
SVN commands
Create Repo
svnadmin create <repo name>
Checkout
svn checkout or
svn co https://192.168.10.1:<port>/svn/ltm-cg
svn co file:///svn/ltm-cg
Updating revision
svn update
Status check
svn status
Adding to new version
svn add <name> or svn add *
Deleting an item from revision
svn del <what u want to del>
Committing new revision
svn commit -m “any comment”
Ignoring unrevisioned item during svn status check
First go to the svn directory where you want to ignore.
svn propset svn:ignore <give a suitable name> .
and you will find a message like ” property ’svn:ignore’ set on ‘.’ “
Now to edit this property file first export EDITOR=vi and the run
svn propedit svn:ignore <you just give name with propset>
To delete a ignore property – svn propdel svn:ignore <prop file name>
To view the property list – svn propget svn:ignore <prop file name>
