Top Nav

Archive | Networking

Block IP Address With IPTables

Need to block am IP address from your server? Here’s an IPTables command:

/sbin/iptables -I INPUT -s w.x.y.z -j DROP

where w.x.y.z is the IP address to be blocked.

Here’s a way to block and address with just the route command:

/sbin/route add -host w.x.y.z reject

0

IPTables – Filter ICMP Timestamp Requests & Replies

Here’s how to filter or block ICMP timestamp requests and replies.

On Redhat/CentOS, edit /etc/sysconfig/iptables and add the following lines

and then run:

Or run the following commands:

Recently on an Ubantu server we just added these lines to /etc/rc.local:

0

OpenNMS Install

OpenNMS is a great network monitoring tool. Here’s the OpenNMS site:

http://www.opennms.org

In this case I’m going to do an install on to a RedHat Fedora Core 1 server. Here’s the installation guide:

https://sourceforge.net/docman/display_doc.php?docid=23937&group_id=4141

The first step is to install the various prerequisites:

– Java 2 SDK 1.4.2 or later from http://java.sun.com

We did a stock install of the 1.4.2_07 tar/gz package to /usr/local/. Don’t forget to export the JAVA_HOME environment variable:

– Tomcat 4 from http://jakarta.apache.org/tomcat/index.html

We did a standard install of the 4.1.31 tar/gz package following the instructions here:

http://jakarta.apache.org/tomcat/tomcat-4.1-doc/RUNNING.txt

The install was placed at /usr/local/jakarta-tomcat-4.0.

We added the following lines to /etc/rc.local to start Tomcat on bootup and open the appropriate firewall ports:

At this point Tomcat was accessible at http://{myipaddress}:8080

– RRDTool from http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/

We used the 1.0.49 source tar/gz package and built it using the instructions in the enclosed README file. The package was installed to: /usr/local/rrdtool-1.0.49

Had to add a –enable-shared option to the configure command line to get the shared libraries to build.

Had to symlink rrdtool into /usr/bin so that opennms could find it:

ln -s /usr/local/rrdtool-1.0.49/bin/rrdtool /usr/bin/rrdtool

Also edited /etc/ld.so.conf and add “/usr/local/rrdtool-1.0.49/lib/” – the path to the rddtool shared libraries. Finally ran ldconfig to update the cache.

– PostgreSQL 7.2 or later from http://www.postgresql.org/

We used the 7.4.7 release and installed the following binary rpms:

postgresql-7.4.7-2PGDG.i686.rpm
postgresql-contrib-7.4.7-2PGDG.i686.rpm
postgresql-devel-7.4.7-2PGDG.i686.rpm
postgresql-docs-7.4.7-2PGDG.i686.rpm
postgresql-jdbc-7.4.7-2PGDG.i686.rpm
postgresql-libs-7.4.7-2PGDG.i686.rpm
postgresql-pl-7.4.7-2PGDG.i686.rpm
postgresql-server-7.4.7-2PGDG.i686.rpm
postgresql-tcl-7.4.7-2PGDG.i686.rpm
postgresql-test-7.4.7-2PGDG.i686.rpm

After installing we did the following commands to start the database and set it to start on bootup:

And that does it for the prerequisites.

We’ll now install OpenNMS, still following the instructions at:

https://sourceforge.net/docman/display_doc.php?docid=23937&group_id=4141

To keep the install simple we used the FC1 RPM binaries provided by OpenNMS. After downloading we had three files:

opennms-1.2.0-1_fc1.i386.rpm
opennms-docs-1.2.0-1_fc1.i386.rpm
opennms-webapp-1.2.0-1_fc1.i386.rpm

Next we tried to install the first rpm with:

rpm -i opennms-1.2.0-1_fc1.i386.rpm

We ran into some problems with missing dependancies at this point. First we had to install:

compat-libstdc++-7.3-2.96.118.i386.rpm

which was downloaded from RPMFind.

Then we installed with dependancies turned off.

rpm -i –nodeps opennms-1.2.0-1_fc1.i386.rpm
rpm -i opennms-docs-1.2.0-1_fc1.i386.rpm
rpm -i –nodeps opennms-webapp-1.2.0-1_fc1.i386.rpm

Many of the opennms files get installed to:

/opt/OpenNMS

Next we’ll setup the installer:

export OPENNMS_HOME=/opt/OpenNMS
$OPENNMS_HOME/bin/runjava -s

And run the installer:

$OPENNMS_HOME/bin/install -disU

This failed with jdbc errors about problems connection to postgres.

To fix it we added the following firewall rule:

iptables -A INPUT -s 127.0.0.1 -p tcp –dport 5432 -j ACCEPT

And modified the pg_hba.conf file to this:

local all all ident sameuser
host all all 127.0.0.1 255.255.255.255 trust

Now the installer ran properly.

Next we ran the installer for the webapps:

export CATALINA_HOME=/usr/local/jakarta-tomcat-4.0
$OPENNMS_HOME/bin/install -y -w $CATALINA_HOME/webapps -W $CATALINA_HOME/server/lib

This worked without any problems.

Next we tried to start opennms with:

$OPENNMS_HOME/bin/opennms.sh start

This took a really long time to return and then reported that startup had failed. In fact startup worked it just takes several minutes.

We had to restart tomcat before we could get to the webapp at:

http://{myipaddress}:8080/opennms

The initial login was user “admin” and password “admin”

Finally we set opennms to start on boot with:

chkconfig –add opennms

0

Fixing ethernet interface speed

On redhat, the ETHTOOL_OPTS can provide some control over interface speed. Here’s the description from documentation:

The ethtool utility provides extensive low level control over ethernet interfaces.

0

Redhat Network Config Resources

Here are some handy references about network config on redhat:

  • /usr/share/doc/initscripts-<version>/sysconfig.txt — A guide to available options for network configuration files, including IPv6 options not covered in this chapter.
  • /usr/share/doc/iproute-<version>/ip-cref.ps — This file contains a wealth of information about the ip command, which can be used to manipulate routing tables, among other things. Use the ggv or kghostview application to view this file.
  • http://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/ref-guide/ch-networkscripts.html
0