Ad_Feed

Monday, July 18, 2011

How to disable Reverse Proxy Filter on Bifrost during startup

Bifrost is an operating system modified, minimal and optimized Linux distribution, with the kernel configured for firewalling and routing. The filter which controls the firewall security policy, is part of the kernel code and can be configured via ipfwadm, ipchains or iptables. The Bifrost Network Project aims to find stability, performance, filter capabilities, administration, computer security, scalability and development possibilities of a Linux based streamlined router/firewall system. The hardware is basically a standard PC with two or more network interfaces or fiber ports (using preferably the Intel Tulip chip or an e1000 Gigabit card) and a flash disk.

Reverse proxy Filtering seems to be enabled by default on this OS. Even after disabling (setting value to 0) this in the rp_filter file,  a system reboot enables it back.

To disable reverse proxy filtering even at start-up, a script must be placed in the /etc/rc.d/rc.inet.local file to automatically set the value in rp_filter to 0 for all interfaces. To do this, follow the steps below:

remount disk in writeable mode

remount w
 
Edit the /etc/rc.d/rc.inet.local file and add the run script
#This script disables Reverse Proxy Filter during startup
for a in /proc/sys/net/ipv4/conf/*/rp_filter;

do
echo 0 > $a
done

To take effect, restart inet
/etc/rc.d/rc.inet.local

How to install Google Reader Indicator on ubuntu using PPA

Google Reader Indicator displays the number of unread items in your Reader account along with article title and excerpt. Click on an article will open it in your default browser.

Install Google Reader Indicator on ubuntu using PPA

Open the terminal and run the following commands

sudo add-apt-repository ppa:atareao/atareao
sudo apt-get update
sudo apt-get install google-reader-indicator

Cloned moodle site log in problem


I can't log in - I just stay stuck on the login screen (Extracted from Moodle)

This may also apply if you are seeing “Your session has timed out. Please login again” and cannot log in.
The following are possible causes and actions you can take (in no particular order):
  • Check first that your main admin account (which will be a manual account) is also a problem. If your users are using an external authentication method (e.g. LDAP) that could be the problem. Isolate the fault and make sure it really is Moodle before going any further.
  • Sessions may not be configured properly on the server. You can test this by calling the script http://yourserver/moodle/lib/session-test.php.
  • If your server is on shared hosting check that you have not reached your disk space quota. This will prevent new sessions being created and nobody will be able to log in.
  • Carefully check the permissions in your 'moodledata' area. The web server needs to be able to write to the 'sessions' subdirectory.
  • Your own computer (not your Moodle server) may have a firewall that is stripping referrer information from the browser. Here are some instructions for fixing Norton firewall products.
  • Try deleting the sessions folder in your moodledata directory (anybody currently logged in will be thrown out)
  • Try deleting cookies on your computer and/or try another browser or another client computer
  • In Site Administration > Server > Session handling, try setting a value for 'Cookie prefix'. You can also do this by setting $CFG->sessioncookie='something'; in config.php. This is especially true if you are using multiple Moodles on the same browser.
  • Make sure you have not removed or changed the Password Salt value(s) in config.php. If passwords were created using a salt the correct salt must be in config.php for those passwords to continue to work. This feature was optional since Moodle 1.6 but has been applied by default since 1.9.7.
  • Do you have a .htaccess file in your Moodle folder (or its parent directories). If so, is there anything in there that might be causing trouble (strange redirects, access restrictions etc.)?
  • You are using the correct username and password, yes?

Planned Changes to Next Ubuntu Version 10.04 (Lucid Lynx)

Planned Changes to Next Ubuntu Version 10.04 (Lucid Lynx)

Tuesday, February 23, 2010

pfsense PPTP VPN setup

Setting up a PPTP VPN server in pfsense is easy. Before doing this, you need to ask your self a few questions.

  1. What is the external interface (public IP) at which users can terminate their PPTP connections on.
  2. An address range (/28) perferably in your LAN that the remote systems will acquire.
When this two issues are sorted, we can continue setting up the server.
  • Log into your pfsense gateway, click on VPN------PPTP
     
  • Enable PPTP server, specify the external interface IP address or public address, and the remote address (a subnet of the LAN address) and SAVE.

    • To create PPTP users, click on the user tab, then click on the add user sign. Enter username and password and SAVE.

    •  PPTP will automatically create a rule allowing traffic to the interface.

    Configure PPTP client under windows
    • Start --> Control Panel --> Network Connections
      File --> New Connection --> Next
      Connect to the network at my workplace --> Next
      Select VPN connection --> Next
      Enter descriptive name for connection --> Next
      Do not dial the initial connection --> Next
      Enter hostname or PUBLIC IP address of the PPTP server --> Next
      Note that in this example the IP here is RFC1918 private, however that’s only because in my lab environment the WAN IP is on a private segment.
      Select do not use smart card --> Next
      Click on Finish
      That is all that is required. Now, if you will be accessing resources on the VPN network that are not directly connected to the firewall itself, you will probably want to skip this step.
      If you do skip this step when you connect to the PPTP server, your default gateway for ALL traffic will be via the PPTP VPN. With the current ruleset I’ve created in this example, this means that you will be unable to reach any resources outside the LAN or DMZ subnets.
      To remedy the situation, click on Properties
      Click on Networking --> Internet Protocol
      Properties --> Advanced
      Uncheck “use default gateway on remote network”
      Click OK, OK, OK
      Now enter your username and password (configured during the PPTP User Setup process)
      Click on Connect
      Should get Connecting --> Verifying username & password --> Authenticated
      Now right click on the tray icon for the VPN connection --> Properties --> Details
      Ensure that we are using MSCHAP v2 and MPPE 128

    Enable Apache "public_html" for users in Ubuntu

    Imagine you have a server with many users who are developers. You want each user to have their own public_html in their home directory. If a user with username val, can have test his own site or have his own website on: http://localhost/~val

    Enable mod_userdir
    To achieve that, first, what you need to do is to enable mod_userdir, which is installed by default with Apache2.
    sudo a2enmod userdir

    Create public_html directory
    Second, the user need to create public_html directory in their home directory
    mkdir public_html 

    Restart Apache
    Finally, you should restart Apache.
    sudo /etc/init.d/apache2 restart

    You can test with http://localhost/~val or http://ip-address-of-system/~username

    Saturday, February 6, 2010

    Setup ospf on pfsense

    Setting up ospf support for pfsense is easy. Pfsense is a freebsd flavor, but installing ospf support is done using the "pkg_add" command in the console, instead of the usual web administrative tool present.

    Below are the steps in installing ospf in pfsense.

    1. start by downloading the openospfd package from the freebsd website. In the console or terminal, type :
    2. #pkg_add ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/net/openospfd-4.3.tbz
    3. This will download and install (libevent-1.4.6 package) its dependency.
    4. Create a simple config file "/usr/local/etc/ospfd.conf", where 1.2.3.4 is the IP address of the interface, and rl0 is the interface:
      # cat /usr/local/etc/ospfd.conf
      router-id: 1.2.3.4
      area 0.0.0.0 {
      interface rl0
      }
    5. Change the permission for the configuration file :
      # chmod 600 /usr/local/etc/ospfd.conf
    6. Test the ospf config with the command below:
      # /usr/local/sbin/ospfd -n -v
    7. To start, use :
      # /usr/local/sbin/ospfd
    8. Rename the file below:
      # mv /usr/local/etc/rc.d/openospfd /usr/local/etc/rc.d/openospfd.sh
    9. Enable ospf from boot up
      # vi /usr/local/etc/rc.d/openospfd.sh <-- add line openospfd_enable="YES"


    When the config-check command (# /usr/local/sbin/ospfd -n -v) was run, below was the putput from my system.

    router-id 192.168.0.225
    fib-update yes
    rfc1583compact no
    spf-delay 1
    spf-holdtime 5

    area 0.0.0.0 {
    interface rl0:192.168.0.245 {
    hello-interval 10
    metric 10
    retransmit-interval 5
    router-dead-time 40
    router-priority 1
    transmit-delay 1
    auth-type none
    }
    }