Webmin SSL certificate

Posted by root on Monday Nov 11, 2013 Under Bash, Centos, Debian, Linux, SSH

This happens because the default SSL certificate that is generated by webmin is not issued by a recognized certificate authority. From a security point of view, this makes the certificate less secure because an attacker could theoretically redirect traffic from your server to another machine without you knowing, which is normally impossible if using a proper SSL certificate. Network traffic is still encrypted though, so you are safe against attackers who are just listening in on your network connection.

If you want to be really sure that the Webmin server you are connecting to is really your own, the only solution is to order a certificate from an authority like Verisign that is associated with your server’s hostname and will be recognized web browsers. This certificate should be placed in the file /etc/webmin/miniserv.pem and be in the same certifcate+key format as the existing miniserv.pem file.

To request a certificate, follow these steps :


Run the command

openssl genrsa -out key.pem 2048

This will create the file key.pem which is your private key

Run the command

openssl req -new -key key.pem -out req.pem

When it asks for the common name, be sure to enter the full hostname of your server as used in the URL, like www.yourserver.com. This will create the file req.pem, which is the certificate signing request (CSR)
Send the CSR to your certificate authority by whatever method they use. They should send you back a file that starts with —–BEGIN CERTIFICATE—– which can be put in the file cert.pem.

Combine the private key and certificate with the command cat key.pem cert.pem

/etc/webmin/miniserv.pem

Re-start webmin (making sure it is in SSL mode) to use the new key.

Tags : , , | add comments

Install HTOP on CentOS 6 64-bits x86_64

Posted by root on Sunday May 19, 2013 Under Bash, Centos, Linux

Installation process::

For CentOS 6 x86_64 – 64 bits

# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
# rpm -ihv rpmforge-release*.rf.x86_64.rpm

================================

Once RPMforge repository is installed on server then start installation with yum command.

# yum install htop

Now run following command on the terminal for server monitoring.

# htop
Tags : | add comments

Install php-mcrypt in a Centos 6

Posted by root on Sunday May 19, 2013 Under Bash, Centos, Linux, MySql, PHP

The default installation of virutalmin doesn’t come with additional PHP extensions which some php scripts may need, you have to manually install each php extension compare with easyapache from cPanel which you can install all at once.

Add centOS repo

For CentOS 5

rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

For CentOS 6

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm
yum install php-mcrypt

Check php.ini location ( /etc/php.ini is the default virtualmin php.ini location )

php -i | grep php.ini
nano /etc/php.ini

add extension to php.ini

extension =mcrypt.so

Restart Apache Server

/etc/init.d/httpd restart

After adding centOS Repositories, you could install php extension from virtualmin GUI

Webmin > System Software Packages > Choose Package from YUM >

Click Browse YUM, type the php extension name in the search box and click find packing matching button, and then click the package name install.

Add php extension to php.ini from virtualmin GUI

Webmin > Others > PHP Configuration > Edit Manually
Don’t forget to restart apache server.

Most popular PHP extension you may need:
Format: extension = [extension name].so

•bcmath
•curl
•dba
•dom
•fileinfo
•gd
•imap
•imagick
•json
•ldap
•mailparse
•mbstring
•mcrypt
•mysql
•mysqli
•ncurses
•odbc
•pdo
•pdo_mysql (requires pdo)
•pdo_odbc (requires pdo)
•pdo_pgsql (requires pdo)
•pdo_sqlite (requires pdo)
•pgsql
•rrdtool
•snmp
•soap
•tidy
•xmlreader
•xmlrpc
•xmlwriter
•xsl
•zip

Tags : | add comments

Upgrade Teamspeak Server in Linux OS

Posted by root on Tuesday May 7, 2013 Under Bash, Centos, Linux, Ubuntu

You won’t loose any channel or user or permission during your update.

Make a copy of your database file called ts3server.sqlitedb (needed for a downgrade and it’s alays better to have a backup)

Now download the server and extract it to the old server folder. Overwrite all files.

Start the server and its done

Tags : | add comments

Change hostname in CentOS

Posted by root on Tuesday May 7, 2013 Under Bash, Centos

This article will cover a simple server hostname change in CentOS. By default your server will be kicked with the server’s given name as the hostname. Some software such as CPanel require a valid Fully Qualified Domain Name or FQDN for the hostname to be used during their Licensing verification system.

Contents
1 Hostname Change
1.1 Sysconfig/Network
1.2 Hosts File
1.3 Run Hostname
1.4 Restart Networking

Hostname Change
There are 4 steps in a hostname change, luckily all the steps are easy.

Sysconfig/Network

Open the /etc/sysconfig/network file with your favorite text editor. Modify the HOSTNAME= value to match your FQDN host name.

# sudo nano /etc/sysconfig/network
HOSTNAME=myserver.domain.com

Hosts File

Change the host that is associated to your main IPaddress for your server, this is for internal networking (found at /etc/hosts):

hostname.domain.com hostname

Run Hostname

The ‘hostname’ command will let you change the hostname on the server that the commandline remembers, but it will not actively update all programs that are running under the old hostname.

hostname roltel.net


Restart Networking

At this point all the necessary changes that needed to be made have been made, you will want to restart networking on your server to make sure that changes will be persistent on reboot:

# /etc/init.d/network restart

source: http://www.rackspace.com/knowledge_center/article/centos-hostname-change

Tags : | add comments

Install VNC on CentOS

Posted by root on Tuesday Apr 16, 2013 Under Bash, Centos

VNC is a protocol that is used to share the desktop with other users/computers over the network/Internet.In order to share a desktop, VNC server must be install and configure on the computer and VNC client must be run on the computer that will access the shared desktop.

When we install the minimal copy of CentOS Server, it only gives us the “Command Line” interface.

But some people prefer GUI instead and for this they install Full version of Gnome on CentOS. Actually there is a better way and that is to install VNC. VNC provides a lightweight virtual desktop than full blown version of Gnome.

To run the VNC Server on CentOS, we have to install these required packages:

sudo yum groupinstall Desktop
sudo yum install tigervnc-server
sudo yum install xorg-x11-fonts-Type1

This is optional:

sudo yum install vnc

To start VNC Server on boot

sudo chkconfig vncserver on

To setup users’ VNC password:

vncpasswd

Edit the /etc/sysconfig/vncservers file:

sudo nano /etc/sysconfig/vncservers

Add the following to the end of the file:


VNCSERVERS="1:arbab"
VNCSERVERARGS[1]="-geometry 1024x600"

The iptables rules need to be amended to open the VNC ports:


sudo iptables -I INPUT 5 -m state --state NEW -m tcp -p tcp -m multiport --dports 5901:5903,6001:6003 -j ACCEPT
sudo service iptables save
sudo service iptables restart

Restart the VNC Server:

sudo service vncserver restart

Now kill the VNC Server:

vncserver -kill :1

Edit the xstartup file in .vnc directory:

nano .vnc/xstartup

Comment the last line and run the Gnome:

#twm & 
exec gnome-session &

Restart the service:


sudo service vncserver restart

Now, download VNCViewer onto our desktop computer from which we want to access the shared desktop. Connect using ServerIP/Name:1 (:1 is for the VNC server window), In my case it is centos:1.

Enter the password that we created using the vncpasswd command:

We now have GUI access to our server.

Ability to connect for multiple users:

Create a local user, using the following command:

sudo adduser ali

Create a password for newly created user:


sudo passwd ali

Switch to the newly created user and run vncpasswd command for it:

su ali
vncpasswd

Edit the /etc/sysconfig/vncservers file:


sudo nano /etc/sysconfig/vncservers

Add these lines for new user:

VNCSERVERS="1:arbab 2:ali"
VNCSERVERARGS[1]="-geometry 1024x600"
VNCSERVERARGS[2]="-geometry 1024x600"

Restart the VNC service:

sudo service vncserver restart

Kill the vncserver session for new user and edit the xstartup file:


su ali
vncserver -kill :2
cd ~
nano .vnc/xstartup

Modify the file so it looks like this:

#twm & 
exec gnome-session &

Restart the VNC service:

sudo service vncserver restart

Connect with newly created user using centos:2, Where centos is my server name:

Enter the password that we created using the vncpasswd command:

We now have GUI access to our server for newly created user.

Tags : , , | add comments

Locate files on Linux

Posted by root on Wednesday Feb 27, 2013 Under Bash, Centos, Debian, Linux, Ubuntu

The locate command is often the simplest and quickest way to find the locations of files and directories on Linux and other Unix-like operating systems.

The basic syntax for locate is:

locate [options] name(s)

To install on CentOS

yum install mlocate

When used without any options, locate displays every absolute pathname for which the user has access permission that contains any of the names of files and/or directories that are provided to it as arguments (i.e., input data).

The absolute pathname, also referred to as the absolute path or the full path, is the hierarchy of directories from the root directory to the designated file or directory. The root directory is the directory at the very top of the filesystem (i.e., hierarchy of files) that contains all other directories and files on the system and which is designated by a forward slash ( / ). It is important that the absolute pathname is returned both because it tells the exact locations on the system and because it makes it possible to indicate the locations of files or directories that have the same name but different absolute paths.

Thus, for example, the following would list the absolute paths of all files named file1 and all directories named dir1 for which the user had access permission:

locate file1 dir1

It would also list any other absolute pathnames that contained these strings (i.e., sequences of characters), for example /home/john/file123 or /usr/local/mydir1/index.html.

The specificity of locate can be increased by using it together with wildcards or other regular expressions. Wildcards are characters that can be used to substitute for any other character or characters. For example, the star character ( * ) is a wildcard that can represent any single character or any string containing any number of characters. Regular expressions are a string that describes or matches a set of strings, according to certain syntax rules. For example, the following command uses the star wildcard to display all files on the system that have the .png filename extension:

locate “*.png”

The -q option is used to suppress error messages, such as those that might be returned in the event that the user does not have permission to access designated files or directories. Thus, the following would suppress any error messages in the above example:

 locate "*.png" -q

It is often the case that a large number of results will be returned for any query. The -n option followed by an integer limits the results to a specific number. For example, the following command would display only 15 results in a search for files that have an .html extension:

   locate -n 15 "*.html"

An alternative is to use a pipe (represented by the vertical bar character) to redirect the output of locate from the display screen to a pager such as more or less, which presents only one screenful of output at a time, for example,


    locate "*.html" | less

The -i option performs a case-insensitive search. That is, it will return any results that match the arguments regardless of whether individual letters are lower case or upper case. For example, the following would return all files with the extension .html, .HTML, or some combination thereof:

locate -i "*.HtmL"

On some systems, such as Red Hat, the program slocate is installed by default instead of locate, and entering the locate command activates a script (i.e., a short program) that causes slocate to be launched. slocate provides a secure way to index and quickly search for files on a system by storing file permissions and ownership data so that users will not see files for which they do not have access.

The -V option can be used to show which version of locate is used, including whether it is locate or slocate. Another way to determine whether slocate is being used is to see if an absolute pathname such as /usr/bin/slocate is returned when the following command is issued:

 locate locate

locate and slocate actually search a built-in database, named locate.db or slocate.db, respectively, rather than the entire hard disk drive itself, in order to provide a much shorter searching time. This database is automatically updated on a regular basis by cron, a small program that runs in the background, performing various tasks at regularly scheduled intervals. The updating is performed each night if the computer is on continuously.

Because the database is not updated immediately, recently created files and directories might not show up when searching for them with locate or slocate. Fortunately, however, it is a simple matter to update the database manually, although it might take a few minutes. Manual updating can be accomplished by logging in as the root user (i.e., administrative user), such as by using the su (i.e., substitute user) command, and then issuing the following command:

 updatedb

The same thing can be accomplished by the root user by using locate with its -u (i.e., update) option, i.e.,

  locate -u

For the curious, the database is located at /var/lib/slocate/slocate.db on some systems, such as Red Hat. Its exact location on any particular system can be found by the root user (because ordinary users will not have access permission on most systems) with the locate command as follows:


    locate locate.db

The database is a binary file (i.e., a non-text file). However, for the really curious user who has root permission, the human-readable portion of its contents can be viewed by first using the strings command to extract all the plain text and by then piping the output to less for displaying one screenful at a time as follows:

    strings /var/lib/slocate/slocate.db | less

If it is desired to perform a more sophisticated search, including searching by attributes other than name (e.g., by size, creation date or location), the find command should be used.

Tags : | add comments

Install IRSSI on CentOS

Posted by root on Wednesday Feb 27, 2013 Under Bash, Centos, IRC

Irssi is a terminal based IRC client for UNIX systems. It also supports SILC and ICB protocols via plugins.

To install irssi on CentOS:

   root# yum install irssi

Irssi 0.8 documentation – http://irssi.org/documentation

Tags : | add comments

Screen Tutorial

Posted by root on Friday Feb 15, 2013 Under Bash, Centos, Debian, Linux

What is screen?

screen is a terminal multiplexer: it takes many different running processes and manages which of them gets displayed to the user. Think of it as a window manager for your console or terminal emulator. With screen, you can have interactive processes running on your home computer and connect to them from anywhere else to check on their progress. What sorts of programs are good for running in screen?

Terminology

There are three different ways you can think about what screen is displaying to your console. We’ll need to be familiar with the meaning of these terms for the rest of the presentation:

session – A session is created when you start a new instance of screen on the command line. Within a session, you can have multiple programs running. A single session can hold many windows.
window – Windows are created inside a session, and manage the running programs. By default, a single new window is created when you start up screen to display the running program (for example, a shell). You can create many windows within a single session and quickly switch between them.
region – A region is a part of the current window. When you do a split, you are creating two different regions within the same window. Each region can then display a different program.

Additionally, it helps to know what the following mean:

detach – Detaches the currently running program from the terminal. From the user’s perspective, the running program simply disappears and the user is dumped back to a shell prompt outside screen management. However, all programs being managed by screen continue to run.
attach – Attach to a previously detached program. This will bring the program running under the detached session back to the user’s terminal, as if you were watching it the whole time.

The Basics
Commanding screen

screen tries to stay out of your way as much as possible. Just about everything you type gets sent to the running program. This makes interacting with screen a little bit weird. All screen commands begin with control-a, which will be abbreviated with ^A. Anything you’re supposed to type will be shown in the white-on-grey scheme. After you give it the ^A, you give a command key which tells screen what to do. ^A ? brings up a list of all the possible commands, while ^A : brings up a command prompt that you can use to type commands and set variables. All the command keys have a full word equivalent that you can type.
Making New Sessions

You make a new session on the command line. Without any options, screen will make a new session and run your $SHELL inside it:

$ screen

This session will be named with the PID, TTY, and hostname where the session was started. Not very descriptive or exciting. Luckily, you can easily give the session a name:

$ screen -S edonkey

If you start up a screen session and forget to give it a name, don’t worry. You can use ^A :sessionname to give it a name. Note that the session names have nothing to do with window names, as we will see later. Finally, you can have screen start a program other than $SHELL with the common option:

$ screen -e pine
Detaching

So you’re sitting there recompiling your distribution when you see it’s time to run to class. You’d like to be able to check out the progress later from a lab. Luckily, you started the compile up in a screen session. To be able to attach to it later, you first need to detach from it here, with ^A d. The compile session will disappear, and you’ll be back at the prompt that you started screen from.

There are ways to attach to a running screen session you forgot to detach from. Those will be covered later.
Attaching

The opposite operation from detaching is attaching, which is where you reconnect to a previously detached session. If you’ve only got one session running, it’s very easy to attach to it:

$ screen -r

However, it’s possible that you have many sessions running at once. In that case, you’ll need to tell screen which session to attach to. Of course, first you will want to know what the possibilities are. Luckily, screen has a command line option to list running sessions:

$ screen -ls
There are screens on:
15150.uml-slk (Detached)
18614.uml-fed (Detached)
2 Sockets in /tmp/screens/S-root.

Then you just specify the name or PID of the session after the -r command line option and that session will be attached. You can see why you might want to name things beforehand, especially if you have lots of stuff running.

Working Within a Session

Running several sessions is handy but switching among them can be a pain, since you have to detach and reattach all the time. A better option is to run a single session with several windows inside it. As you’ll see, switching among many windows is very quick and powerful.

New Windows

Making a new window is easy. Just hit ^A c. screen will start up a new active window and run $SHELL in it. Your previously active window will be hidden from you, but any programs on it are still running. If you detach a session with many windows in it, all programs on all windows will continue running. When you reattach, the active window will be displayed again.
Managing Windows

The most difficult thing about lots of windows is keeping track of them. The default display doesn’t show you anything about what windows are open or what programs are running in them. When you switch from one window to another, the previous one just disappears. Luckily, screen provides many ways to keep track of all your windows.

Windows can have names, just like sessions. The default window name is the program running in it, which will usually be $SHELL. Renaming windows will help you keep track of them, and is done with ^a A. screen will display a prompt at the bottom for you to provide a name.

A simple way to list all your windows is ^A w, which just gives you all the names and window number along the bottom of the screen. This line also displays some status information, the most important being that the current window is marked with an asterisk. This is just a list, though; there’s no way to switch. If you want to pick from a list, you can use ^A “, arrow down to the window you want, and hit return. Or if you know the window number, ^A 0-9 will bring that window up. As we’ll see later, there’s a way to have a continuous window list display. This combined with switching on a number is the fastest way to move around.

Managing Regions

Finally, you’ve got screen regions. Just like vim can split the display up into several areas, so can screen. You can split the window up into two equally sized regions with ^A S. The already running program will get squashed into a region half its original size, and a new region will open up on the other half. This new region will have nothing running in it, since you might want to stick one of your currently running windows inside it.

There’s several ways to change focus among regions, but the simplest is the obvious ^A Once you’re in the new region, you can display any of your windows in that region just by switching to them with ^A 0-9, or you can create a new shell in that region with ^A c.

And last, you might get tired of all these regions clogging up your window and want to kill them. You can make the current region the only visible one with ^A Q, which simply hides all the other regions and makes them accessible via the window numbers. Or, you can kill off the current region entirely with ^A X. Note that hiding a region keeps programs running, while killing a region kills any programs running in it.
Quitting screen

screen quits when everything running inside it quits. This means you’ll need to step through all your windows and kill the shells running inside them with ^D or exit. Usually, this is exactly what you want. Sometimes, though, you might want screen to just go away immediately. ^A ^\ will kill screen, and everything running underneath it. That means all the shells running on all the windows, and all the processes started by all those shells. That’s certainly not a command you want to use too often.

Advanced Topics
Attaching

Sometimes, you might be at a remote location and want attach to a session that you’d forgotten to detach from earlier. You’re not out of luck, because screen provides you a couple ways to handle this situation. The first approach is:

$ screen -x src

This attaches to the src session without detaching first. So in other words, you’ve got two sessions looking at exactly the same thing. Anything you do on one session will be displayed on all of them. When you’re done, detaching from the one session leaves the other attached. It helps to have the same terminal type and size to do this, though.

You can also use one of the six -D -R option combinations described in the screen man page to detach any active sessions before attaching again.
Digraphs

Digraphs are characters that take us several keystrokes to type, because our keyboard doesn’t have the right symbols. Good examples are European letters and international money symbols, like �, �, and �. X supports these characters with the compose key, which you can map to any spare key you’ve got on your keyboard. screen provides similar functionality with the digraph command. Just type ^A ^V followed by the characters that make up the digraph. The three characters I made above are done with:

� = ^A ^V e :
� = ^A ^V o /
� = ^A ^V A E

screen’s digraph list is built-in, so you can’t yet add your own. Note that ^V is also the vim insert mode command that allows you to put control sequences into your files.
Monitoring

Say you’ve got a whole bunch of windows open. One of those windows is idling in a very inactive IRC channel. Since not much goes on in there, you don’t keep that window active but you would like to know when something is said. screen lets you monitor any window for activity by first switching to the window, and then hitting ^A M. When activity in that window occurs, screen will display a message at the bottom.

On the other hand, say one of your windows is a compile of X. There’s lots and lots of activity and you’d like to know when the build is finished. You can monitor for 30 seconds of inactivity by switching to the window and hitting ^A _. When the window goes silent, screen will display a message at the bottom.

These monitoring commands are toggles, so you can turn them off by switching to any monitored window and issuing the command again.
Nested screens

Yes, it is possible to have screen sessions inside each other. This can be really confusing, so I’m only mentioning it so you know it’s possible. One problem with nested screens is sending the ^A to one of the nested sessions, since the most outside session will interpret the key and not send it where you wanted. In this case, you need ^A a which simply sends ^A to the running program, which might just be another screen. If you had one screen inside another and wanted a list of windows on the inner one, you’d need to do ^A a w.
Multiple Users

Finally, screen allows several users to connect to a single session at the same time. It provides an access list for the session and allows you to set read/write/execute permissions for each user on that list. It even provides a way to set up user groups. One good reason for this multiple user feature is that you can interactively have several people looking at some source code so there’s no confusion as to what part you’re talking about.

Before anyone else can connect to your screen sessions, you have to enable multiuser mode with ^A :multiuser on. Then, you give another user permission to connect with ^A :aclchg david +r “#”. This means that the system user has read permission on all windows. You can specify multiple users, write and execute permissions, and certain windows. Be especially careful with the execute permission as that will let other people create new windows and change the acl permissions themselves.

Now the user you granted access to can connect with:

$ screen -r chris/

At any time, you can delete other users with acldel david. As with any system that involves multiple users, there are a lot of security implications and access features. Use carefully and see the man page for the details.
Customization with $HOME/.screenrc

/etc/screenrc and $HOME/.screenrc are the screen configuration files, with the $HOME one overriding values set in the global one. You can experiment with settings while screen is running, and then move those settings into your .screenrc file to make them permanent. Just about anything you can type into screen can be added to the config file. I’m only going to touch on a few. See the man page for more.
Visual Bell

Instead of beeping, the visual bell displays a message when something happens. The default screen message is ” Wuff —- Wuff!! “, which is pretty stupid. You can change this with the following line:
vbell_msg “beep”

Key Bindings

You can add your own commands that are bound to keys. For example, here’s an example key binding that opens a new window with an ssh session to a different computer:
bind ‘R’ screen ssh root@foc-gw-1

Now hitting ^A R will open up a new window with an ssh session in it. As you can see, you still need to hit ^A to get screen to pay attention. Key bindings can get way more complicated than this, of course.
Terminal Hacks

screen lets you modify the termcap entry without having to make up an entire new one by hand. I’m not really going to cover this, except to mention it. I don’t really understand all the termcap stuff so I can’t talk about it too much. But if you know that you need to edit the terminal settings, screen will let you do that. Here’s an example out of the system default:
termcap vt100 dl=5\E[M
Startup Windows

You can specify all sorts of windows to start up when you run screen. Just list them in your .screenrc file with the screen command, like so:

screen 0 ssh chris@ziggy -e pine
screen 1 vim ~/src/manos/src/kern/GNUmakefile
screen 2 ssh -X root@unit


Fancy Status Line

Earlier, I mentioned that you could have a constant display of what windows are open, to make switching between them faster. You do this with the hardstatus line. By default, status goes up into the titlebar of an xterm, or down at the bottom of the screen on the console. However, you can force that status line to always stay at the bottom of the screen by adding this to your .screenrc:

hardstatus on
hardstatus alwayslastline

Then you just need to set up a statusline string that displays the information you want. The following statusline displays a list of all the windows and their numbers on the left side, and the date and time on the right side:
hardstatus string “%w%=%m/%d %c”

Of course, these status lines can get much more complicated including colors, output of random programs, and so forth. See the man page section “STRING ESCAPES” for details.
Conclusion

screen is a complex and powerful program for managing interactive console programs, similar to how a window manager handles graphical programs. screen is more powerful than a window manager, though, because it allows you to attach and detach from the running programs as much as you want. I’ve only covered a few of its many features in this presentation. The man page is far more detailed.

This presentation is available at http://www.bangmoney.org/presentations/screen.html and is © 2004 Chris Lumens.

Tags : , , , , | add comments

Port Forwarding with IP Tables

Posted by root on Tuesday May 22, 2012 Under Bash, Centos, Linux, Remote Access

In this tutorial we’ll set up a simple port forwarding (NAT) using iptables.

1. Enable ip forward

echo "1" > /proc/sys/net/ipv4/ip_forward

2. Append routing rules to the nat table

iptables -t nat -A PREROUTING -p tcp -s 0/0 -d {local_ip} --dport {local_port} -j DNAT --to {destination_ip}:{destination_port}

iptables -t nat -A POSTROUTING -o eth0 -d {destination_ip} -j SNAT --to-source {local_ip}

{local_ip}: A ip address mapped on the local system
{local_port}: The port you would like to listen on
{destination_ip}: Destination ip address
{destination_port}: Destination port

3. Now you can access http://{local_ip}:{local_port} and would actually be getting response from http://{destination_ip}:{destination_port}

A working example

If the ip address of your system is 32.64.128.200 and you import the following rules, you would be able to connect to http://32.64.128.200:8080 and actually see the Google search engine because 216.239.59.105:80 is one of Google’s web servers.

iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 32.64.128.200 --dport 8080 -j DNAT --to 216.239.59.105:80
iptables -t nat -A POSTROUTING -o eth0 -d 216.239.59.105 -j SNAT --to-source 32.64.128.200
Tags : | add comments