Best of Technical Support
Current setup: I'm running ipchains as a firewall and to proxy my other machine to the Web via DSL. This Linux firewall has two NIC cards: one with a public IP address, the other on my private 10.100.100 network. I have a web server on the private network (10.100.100.20). How do I configure ipchains to redirect all web requests at my firewall to the web server on my internal network? —Mitchel Vernor, email@example.com
You'll need to use a port forwarding tool (such as redir or ipmasqadm) to “redirect” all requests that try to connect to port 80 (assuming you are using the default port) of your firewall's address to the web server's address. redir is a user-space program that has some limitations, but works with older kernel versions. ipmasqadm (which I recommend) works with 2.2.x (some 2.1.x also) and it is kernel-based.
Assuming all other input, output and forward chains are present, you should simply add:
ipmasqadm portfw -f ipmasqadm portfw -a -P tcp -L EXTERNAL_FIREWALL_IP 80 -R 10.100.100.20 80
to your startup script. —Mario de Mello Bittencourt Neto, firstname.lastname@example.org
More information on port forwarding under kernel versions 2.2 and higher, including examples, can be found at www.monmouth.demon.co.uk/ipsubs/portfw-2.2.html. —Chad Robinson, Chad.Robinson@brt.com
If you don't have ipmasqadm on your system, you can find it here: http://juanjox.kernelnotes.org/. You need at least kernel 2.2.x for this to work (although there are patches for 2.0.x), and your kernel must have IP: ipportfw masq support (EXPERIMENTAL), which is an option you can select only if you checked “Prompt for development and/or incomplete code/drivers” during configuration. —Marc Merlin, email@example.com
Can I have a PPP connection that supports TCP/IP using a null modem between Win98 and Linux boxes? Any one of the machines needs to dial up to the other. I am using Red Hat 5.2. —Kiran, firstname.lastname@example.org
Yes, you can. I would set up the Win98 machine to “call” the Linux system by double-clicking on a dial-up connection. I prefer this way, since the Windows machine expects to “log in” to the remote system and the Linux box can provide that “login”. For this to work, you have to take care of the proper setup (pin out) of the serial cable that connects the machines together. Also, depending on the cable setup, it would be a good idea to tell the Windows machine, at the dialup port configuration setup, not to wait for the dial tone before dialing. The Linux box will not provide a dial tone. On the Linux side, you can create a new login ID with a password and configure it to have the PPP daemon as the login shell, instead of the usual bash. Also, you have to set up the serial port on the Linux box to provide the login automatically all the time. A good page that explains this in great detail is www.linuxgazette.com/issue41/smyth.html. —Felipe E. Barousse, email@example.com
A friend who uses Debian 2.1 tried to install Red Hat 6.0 into another partition of his hard disk. The installation process of Red Hat has deleted the partition table of his hard drive. We need a way to recover some important files which are in the Debian partition. We can't access the partition. Can you explain some way to do it? —Alexis Serafin, firstname.lastname@example.org
If you know exactly what the partition table looked like before the crash, you can simply write a new partition table that looks exactly like the old one, mount the old partitions and back up the data. If the install process was aborted immediately after the new partition table was written, this alone may solve the problem. If all else fails, try this: make a partition that includes the whole disk (say, /dev/hdb1), mount that and raw-copy the entire disk to a big file (on another disk) with something like:
dd if=/dev/hdb1 of=/bigdisk/recovered.data bs=512
Then, try to piece the files together using /bigdisk/recovered.data. Personally, I've tried only the dd step, so there may be problems with this approach beyond the fact that stitching up the files manually is awfully difficult. Consider it a desperation strategy. I know it's never helpful to hear this after the disaster occurs, and please don't think I'm not sympathetic, but the best way to deal with problems like these is always prevention: keep backups, and print out critical information such as partition tables before you need it. This is the voice of bitter experience speaking. —Scott Maxwell, maxwell@ScottMaxwell.org
While it is hard, you can look for the boot partition signature (55 AA at the end of the block, I believe) and locate the partitions on your disk. The above requires a disk editor, such as diskedit from Norton, and once you have the partition offsets, you can go to the partition table (first block of your disk, apply the partition table view and key in the numbers). Note that it's not trivial, and having another computer as a model to look at and copy from helps quite a bit. You can also try fixdisktable which automates this (only for primary partitions, though); it can be found at bmrc.berkeley.edu/people/chaffee/fat32.html. —Marc Merlin, email@example.com
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- May 2016 Issue of Linux Journal
- The US Government and Open-Source Software
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- Open-Source Project Secretly Funded by CIA
- The Death of RoboVM
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide