Archive for March, 2010

shell scripting syntax

March 30, 2010

– Printing/Redirecting PID of current program

echo $$ >/tmp/out.pid

– Comparing floating value –

a=1.34
b=1.21

res=`expr $a > $b` [ if true then res =1 else res =0 ]

– Running a script with a particular user

if [ “$LOGNAME” != “tarique” ]; then
echo
echo “Only user bea can run this script”
echo
exit 1
fi

– Logical AND with if condition

if [[ ! -f /tmp/out.pid && $res -eq 1 ]] ; then

– Nested for loop

for (( j = 0 ; j <=1 ; j++ ))
do
for (( i = 0 ; i <=9 ; i++ ))
do
….
done
done

– Date formatting

D=`date '+%y-%d-%m %H:%M:%S'`

– Adding value of two variables

result=$(($Value1 + $Value2))

– Remote command execution –

ssh tarique@remotesrv 'touch /tmp/test;rm -f /tmp/test'

linux box as a router

March 17, 2010

Two scenario –

1. Private – Public
2. Private – Private ( inside your LAN)

1. Private – Public

a) Assign Public IP address to the Fast Ethernet Card with the followings;

eth0
IP Address (61.5.156.1) change with your public IP address
Net Mask (Provided by the Internet service provider)
Default Gateway
Preferred DNS

b) Create a virtual IP address on this Fast Ethernet Card

Copy and paste the configuration file of the eth0 with a new name eth0:0
Assign a private IP Address like you have assigned the other computers in your local area network

eth0:0
IP Address (192.168.1.10)
Net mask (255.255.255.0)
Default Gateway (leave this blank)

c) Creating forwarding rules with iptables:

Delete and flush. Default table is “filter”. Others like “nat” must be explicitly stated.

iptables –F – Flush all the rules in filter and nat tables
iptables –t nat –F
iptables –delete-chain

Delete all chains that are not in default filter and nat table
iptables –table nat –delete-chain

# Set up IP FORWARDing and Masquerading
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -j ACCEPT

d) Enables packet forwarding by kernel
echo 1 > /proc/sys/net/ipv4/ip_forward

e) Create a route for internal packets:

route add -net 192.168.1.0/24 gw 61.5.156.146 dev eth0

Change 61.5.156.146 with your Gateway IP Address

2. Private – Private

Assume,

Your current net – 192.168.1.0/24 and gateway/firewall – 192.168.1.1
Now wanna create a separate Lan 192.168.2.0/24 and forward packet through 192.168.1.1 to outside world using a box inside your network.

Choose a box you wanna turn it as router and follow the steps

a) IP setting will be as follows –
eth0 – 192.168.1.15
255.255.255.0
192.168.1.1 (gw)
eth0:0 – 192.168.2.1
255.255.255.0
gw ( leave blank)

b) Then on gw machine ( 192.168.1.1) make sure the followings –

Add a POSTROUTING for 192.168.2.0/24 LAN

iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/20 -d ! 192.168.0.0/20 -j SNAT –to-source

[ This will forward and reverse packets from gw 192.168.2.0 network to outside world ]

And add a route for your 192.168.2.0/24 lan –

route add -net 192.168.2.0/24 gw 192.168.1.15

Also make sure your DNS allow query from outside your lan –

allow-query {
192.168.0.0/20;
};

c) Enables packet forwarding by kernel
echo 1 > /proc/sys/net/ipv4/ip_forward

Now you go!! you are done! your 2.0 network will be able to talk to outside world through 192.168.1.15 -> 192.168.1.1

Note: On your client machine ( say 192.168.2.20) use 192.168.2.1 as your default gateway and 192.168.1.1 as nameserver.

If you want to restrict that none from 2.0/24 network can reach anyone of 1.0/24 network – except 1.1 then
add the following rules with your firewall –

iptables -I FORWARD -s 192.168.2.0/24 -d 192.168.1.0/24 -p all -j REJECT -o eth0
[ This will block all traffic of 1.0/24 lan from 2.0/24 lan ]

iptables -I FORWARD -s 192.168.2.0/24 -d 192.168.1.1 -p all -j ACCEPT -o eth0
[ only allow traffic for gw ]

Apache + tomcat (mod_jk)

March 10, 2010

1. Install Apache, Tomcat and mod_jk

Install Apache (with devel package), Tomcat (with webapps package) and apache2-mod_jk. start both. You can check Apache by pointing your browser at localhost and Tomcat by pointing your browser at localhost:8080 (you should get the default start page).

2. Configure mod_jk

Next, edit /etc/apache2/httpd.conf and add:

# Load mod_jk module
LoadModule jk_module modules/mod_jk.so

JkWorkersFile /local/tomcat/conf/jk/workers.properties

# Where to put jk logs
JkLogFile /local/apache2/logs/mod_jk_log

# Set the jk log level [debug/error/info]
JkLogLevel info

# Select the log format
JkLogStampFormat “[%a %b %d %H:%M:%S %Y] ”

# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories

# JkRequestLogFormat set the request format
JkRequestLogFormat “%w %V %T”

# Send servlet for context /examples to worker named worker1
JkMount /your-url/* worker1

You can do this alternatively in your vhost. This configuration will send all jsp’s and all in the path /servlets-examples/* to Tomcat. If you know the exact path to your servlet, you can write:

JkMount /trn-webapp-0.8.1/map worker1

for example, where map is the servlet

Next, create /etc/apache2/workers.properties with the following content:

worker.list=worker1
worker.worker1.port=8009
worker.worker1.host=localhost
worker.worker1.type=ajp13

Then, goto /etc/tomcat5/base/ and check your server.xml. You should find something like this:

Make sure, it is enabled (without ).

At this point, you can edit also your /etc/tomcat5/base/tomcat-users.xml. You can replace it with this:

You should replace root and password with your own settings

For testing purposes, edit httpd.conf and set Document Root, Directory and Options:

ScriptAlias /modjk/ /usr/local/apache/modjk/

AllowOverride None
Options none
Order allow,deny
Allow from localhost

Now first restart Tomcat, then Apache. (If you change something in Tomcat, everytime restart Tomcat first and then restart Apache, too!)

Apache unusual bugs or warning

March 10, 2010

1. [warn] (128)Network is unreachable: connect to listener on [::]:80

Your apache config has some serious bugs.

Please check the IP addresses. Either of
the Listen-statement or of your Virtual Hosts.
“[::]:80” does not look good.

Soln:

You can try changing these to “Listen 0.0.0.0:443” and :80 respectively including virtual host
listen address too.