Ubunto Server Make Firewall Rules Persist

Aly my friend was facing problem yesterday with his Ubuntu server iptables rules . after editing the rules it flushed every time after reboot.

Ubunto-Server

This is normal behavior for Ubuntu server but what if we need to make these rules persist after reboot , we tried many things , for me in RHEL it is piece of cake you just save it 😀

#/etc/init.d/iptables save

But with Ubuntu its little bit different , I made simple script to restore it from config file iun rc.local but it failed , and another script to start it after start the network service and it also failed.

So i used the easy way to handle such issues .. Just insert your rules on the active file for the iptables and no way to flush it.

– save your rules

#cat iptables.rules and it should contain your save one if not just save it
#cat iptables.rules > iptables.up.rules
#cat iptables.rules > /var/lib/iptables/active

#Viva Redhat 🙂

Advertisements

SSH Tunneling

How to tunnel the traffic through ssh to get a proxy?

First of all ssh server should accept the TCP Forwarding .. if not so this will not work ..

it’s simple , Lets say that you have 2 servers and your client and to be totally undetectable from any DPI and the traffic will be through the ssh so we will tunnel the traffic from the Client machine to server A [ 1.1.1.1 ] and from server A we will tunnel the traffic to Server B [ 2.2.2.2 ] … This will be also undetectable if its’ established only between the client and the server

So from the CLI excute the following command As ROOT :
[root@Bassem] ssh username@1.1.1.1 -L 8081:2.2.2.2:80 -X

Now you can export your localhost ip 127.0.0.1 on port 8081 to as http/s_proxy or ftp_proxy or on your browser and the local port 8081 will forward the TCP packets to the back end server at the end of the tunnel which will be 80 on 2.2.2.2

Linux Updates Notification By Mail

The greatest thing on open source platforms that you can do whatever you wanna do .. Simply it’s Perfect

– If you have many linux platforms so you can trace the updates and make sure that admins upgrades the packages and kernel via many ways , I will just mention on of them can be deployed on Redhat .. you can trace the updates and receive it via mail through Yum .

– Yum-updatesd package installed by default with RHEL 5.X and 6.X to inform you with the updates , With some modifications on the default options found on the configuration files you will be able to receive the updates found on the machines

1# make sure the package is installed, enable it on boot and start the service

as root rpm -q yum-updatesd ; chkconfig yum-updatesd on ; /etc/init.d/yum-updatesd start

2# Open the main config file for the service with your favorite editor for me vim is the best

vim /etc/yum/yum-updatesd.conf

set the below parameters


run_interval = 172800 [ Two days ]  this is cool for me , you can set the time you need
emit_via = email
email_from = " Sender mail address"
email_to = " Recipient Mail address"
do_update = no
do_download_deps = no
do_download = no
smtp_server = 'You smtp_server:port'

3# take a look also at /usr/libexec/yum-updatesd-helper ” Python script”  .. You can customize it also to add or remove some sockets if you want to ..

Thanks,

Bassem