Categories
Linux linux pfsense

Creating firewall rules for pfsense to block cameras from going out

I installed pfSense 2.4.1, to replace my Asus AC68U as my router, and purchased an Ubiquiti UAP-AC-PRO for my wireless. So far so good, but I had one thing I REALLY wanted done with this new firewall, that my old one could not, and that was properly blocking all traffic going OUT, except NTP, and DNS to resolve those NTP entries. So my set up was as follows:

If you want me to get into each of the rules, let me know and I can. It works great, as I can see it allowing the NTP and DNS entries. This works best if your DNS server is your router/gateway. If it is not, you will have to substitute in what your DNS servers are. I am waiting for something to call home, so I can then report that to FDT, my camera manufacturer, and ask them WHY is it calling home?!

Categories
Linux

Centos 6 multiple vlans with one eth device

UPDATED for CentOS 7:

CentOS 7 multiple VLANs on one interface

The scenario I had was 1 eth0 device, and my port trunk’d to allow 9 and 10 vlans. I wanted to assign the full /24 to this box, using only eth0 and the trunk port in CentOS 6. This is what I had to do.

in linux NEED eth0 and one VLAN’d CFG:

cd /etc/sysconfig/network-scripts/

ifcfg-eth0.9 the .9 is the vlan

# Broadcom Corporation NetXtreme BCM5721 Gigabit Ethernet PCI Express
DEVICE=eth0.9
BOOTPROTO=none
HWADDR=00:1d:xx:xx:xx:xx
ONBOOT=yes
TYPE=Ethernet
IPADDR=173.243.116.2
NETMASK=255.255.255.0
VLAN=yes

ifcfg-eth0.10

# Broadcom Corporation NetXtreme BCM5721 Gigabit Ethernet PCI Express
DEVICE=eth0.10
BOOTPROTO=none
HWADDR=00:1d:xx:xx:xx:xx
ONBOOT=yes
TYPE=Ethernet
IPADDR=173.243.117.2
NETMASK=255.255.255.0
VLAN=yes

ifcfg-eth0
# Broadcom Corporation NetXtreme BCM5721 Gigabit Ethernet PCI Express
DEVICE=eth0
BOOTPROTO=none
HWADDR=00:1d:xx:xx:xx:xx
ONBOOT=yes
TYPE=Ethernet

ifcfg-eth0.9-range0
IPADDR_START=173.243.116.3
IPADDR_END=173.243.116.254
NETMASK=255.255.255.0
CLONENUM_START=3

ifcfg-eth0.11-range0
IPADDR_START=199.96.80.3
IPADDR_END=199.96.80.254
NETMASK=255.255.255.0
CLONENUM_START=257

******************************************************************************************

CENTOS 6 REQUIRES NO GATEWAY in ifcfg-eth0.xx so remove it

CENTOS 6 REQUIRES ROUTES ADDED:

You can do this to test, as once the server is rebooted, or network restarted these rules drop:
ip route add default via 192.119.164.1 dev eth0.8 table 1
ip route add default via 192.119.165.1 dev eth0.9 table 2
ip rule add from 192.119.164.2 tab 1 priority 500
ip rule add from 192.119.165.2 tab 2 priority 501
ip rule add from 192.119.164.0/24 table 1
ip rule add from 192.119.165.0/24 table 2

To make it permanent:
cd /etc/sysconfig/network-scripts/

echo ‘default via 192.119.169.1 dev eth0.3 table 1’ > route-eth0.3
echo ‘default via 192.119.174.1 dev eth0.6 table 2’ > route-eth0.6
echo ‘from 192.119.169.2 tab 1 priority 500’ > rule-eth0.3
echo ‘from 192.119.174.2 tab 2 priority 501’ > rule-eth0.6
echo ‘from 192.119.169.0/24 table 1’ > rule-eth0.3
echo ‘from 192.119.174.0/24 table 2’ > rule-eth0.6

******************************************************************************************

Categories
Linux

history command with timestamp linux

I always find it easier when my history has a time stamp, you can coorolate a lot of things, like last, start/stops of services, who done it, etc.

export HISTTIMEFORMAT=”%F %T ”

This will work for the session, but if you want it saved for every log in add to respective bash_profile:
~/.bash_profile or /root/.bash_profile

Categories
Linux

Firewall Status: Enabled but Stopped in CSF with cPanel

I kept getting: Firewall Status: Enabled but Stopped in my CSF in cPanel. I am currently running WHM 11.40.1 (build 11) and csf v7.03.

I tried just clicking start, no luck it would just flip back a few minutes later. So I ended up dropping to shell and running

service csf stop
iptables –flush
service csf start

that seemed to work, there must have been a hung iptables rule, or a bad rule that caused CSF to flip to disabled.

Categories
Linux

how to disable RHN in linux – red hat or centos

What I did to disable it was go to: /etc/sysconfig/rhn

and delete all of the files in it. If you want to re-enabled it after, you can just copy the files back, so you may want to copy them to a location you want to keep them at.

Categories
Linux

How to get external ip via linux command line

wget -O - -q icanhazip.com

you will get a very easy looking readout

example:

root@madhost419 [~]# wget -O - -q icanhazip.com
74.122.196.130
root@madhost419 [~]#

or via curl:

curl http://www.cPanel.net/showip.cgi

Categories
Linux

removing the limit of 100 rows in squirrel

Using the squirrel app: http://www.squirrelsql.org/ I had issues with only seeing 100 rows in a table. I fixed this by going to File -> New Sessions Properties -> Object Tree -> Contents -> limit rows. The default is 100, but you can uncheck it and you should be good.

If not, you can also do the same under New Sessions Properties -> SQL -> SQL Results – limit rows. Then uncheck it and hit OK.

That worked for me!

Categories
nagios

Could not open external command file for reading via open(): (13) -> Permission denied in nagios v4.01

I ended up getting this in my nagios.log, the fix was to change the permissions on the rw file!

chmod 777 /usr/local/nagios/var/rw/nagios.cmd

Categories
nagios

Directory index forbidden by Options directive: /var/www/html/

I was receiving this error in my nagios apache log:

Directory index forbidden by Options directive: /var/www/html/

to fix this, I just did touch index.html to /var/www/html It creates a file in the directory that is empty. I found this safer then turning on indexes for my nagios install.

Categories
Linux

internal server error with CSF (Config Server Firewall) in cPanel after upgrade in cPanel

So I was receiving this error after cPanel upgraded:

Internal Server Error

500

No response from subprocess (/usr/local/cpanel/whostmgr/docroot/cgi/addon_csf.cgi): subprocess exited with status 2

 

This did not fix it:

 

/usr/sbin/csf -x
/scripts/perlinstaller --force URI
/usr/sbin/csf -e
/usr/sbin/csf -u


If that doesn’t work this will:

 

curl -s configserver.com/free/csupdate | perl