Best of Technical Support
I've been trying to configure iptables to work properly with
incoming SSH and FTP. For some reason, every time I want to FTP from a
remote site, I have to disable the POLICY for the INPUT chain. Can you
explain how to deal with this issue—configuring FTP and
iptables together without having to disable the policy? I'm running
Red Hat 8.0.
Without having your list of rules it is difficult to find the problem, but clearly some of the rules (in the INPUT chain) are preventing the traffic. Try adding LOG rules before each actual rule (in /var/log/messages) to see which one is causing the packets to stop. For example:
iptables -A INPUT -p TCP -s 0/0 -d 0/0 \ --dport ftp -j LOG --log-prefix "FTP :" iptables -A INPUT -p TCP -s 0/0 -d 0/0 \ --dport ftp -j ACCEPT
You should read up on firewalling and FTP. Basically, FTP is a hard protocol to filter, and actually it's two protocols in one, depending on the client. Active FTP is not too hard to filter on the server side; you simply need to allow incoming connections on port 21 (the control connection). For passive FTP, however, the server doesn't open the data connection to the client; the client opens the data connection to you on some high TCP port (>1024). With iptables, you can make use of connection tracking, which opens only the one port used for that FTP connection:
iptables -A $IF -p tcp --dport ftp -j ACCEPT iptables -A $IF -p tcp --dport 1024:65535 \ -m state --state RELATED -j ACCEPT
You also have to load the ip_conntrack_ftp module for the above
to work (modprobe ip_conntrack_ftp).
How can I manually time synchronize my computer? When I
install my distribution, Mandrake 9.0, it lets me choose an
NTP source, but I don't leave my machine powered on all the time.
How can I manually sync to be sure its happening?
Simply run ntpdate timeserver.
This command synchronizes your time to the
time server and also reports how far off
your clock was. You probably should follow this by
saving the time to your hardware clock to preserve
it if you reboot: hwclock --systohc.
I had Red Hat 7.1 installed on my PC, with another
partition used for Microsoft Windows. I recently
re-installed Windows using mssetup.
When the system reboots I am not being asked whether
to switch to Windows or Linux. Now
the system starts up directly in Windows. Is there
some way to restore Linux?
Kunal S Doddanavar
Windows removed or disabled the Linux bootloader,
which is LILO on Red Hat 7.1. Boot with your
rescue floppy, mount your Linux root partition
with, for example, mount /dev/hda1 /mnt
and run lilo -R /mnt before rebooting. If you were
running GRUB, grub-install should do the trick.
On newer Red Hat distributions that use the
GRUB bootloader, boot from the rescue floppy and
re-install GRUB with grub-install.
If you didn't make a boot disk, boot with the
first install CD in rescue mode.
I am using Red Hat Network to upgrade my software
and keep it current. I have allowed the up2date
program to include my kernel. Now my /boot
partition is getting too full. How do I remove
some of the old kernels? I really don't think I
need five different kernels in /boot.
Simply remove the undesired boot images. You could
run rpm -qa | grep kernel to find which kernel
packages you have installed, and use rpm -e to
remove the older ones. As a suggestion, keep at least two options, so that if
something goes wrong with the current one you have
This is not only okay, it is a good administration habit. You should
keep only useful kernels around, and generally only two are required: the
primary kernel file and a backup in case something happens to the primary.
Saving as many versions as you have is rarely necessary
unless you have special requirements, such as if you are developing and
testing kernel drivers.
How do I mount a USB flash drive? I can see my flash drive when
I check /proc/bus/usb/devices/. When I run the hardware browser, it shows up
as hda4 (fat32), but I can't mount it or access the files.
It looks like you do not have the usb-storage driver loaded, which is
needed for this device. Take a look at the Linux USB Guide at
www.linux-usb.org for more information on how to
load the proper drivers and mount the device.
My video card is a built-in Intel 82845G/GL that
fails with Linux (Red Hat 8.0). Linux probes it during
installation but fails to start up in graphic mode; startx shows a fatal
Searching on Google, I found a page on
how to configure a system with this video card,
Upgrade the listed packages, then run
Telnet and SSH connections seem to time out and and I get
disconnected. I use tcsh for my shell, and the pty device I am logged
in on is listed in /etc/securetty. This is not an issue with autologout.
Even if I disable autologout, the connection still is dropped after about
an hour. When this happens, the user still is listed as being logged in
and the shell still is active. It has to be terminated by killing its process
This smells of a firewall-level issue. In common NAT and masquerading
setups, if there is no traffic on a link for some time the router
will forget about the connection, assuming it was closed improperly.
This is because some clients do not issue closure requests correctly,
and it would be unwise to allow these stale connections to continue to
tie up kernel resources.
You may be going through a NAT gateway that expires idle TCP connections after one hour of inactivity. Try (as root):
echo 600 > /proc/sys/net/ipv4/tcp_keepalive_time
Then, when you use SSH, you should ask for keepalive TCP packets to keep the connection up:
ssh -o 'KeepAlive=yes' targethost
You can save typing and put:
ProtocolKeepAlives 300in ~/.ssh/config to make SSH send keepalive packets for all connections every five minutes.
Practical Task Scheduling Deployment
July 20, 2016 12:00 pm CDT
One of the best things about the UNIX environment (aside from being stable and efficient) is the vast array of software tools available to help you do your job. Traditionally, a UNIX tool does only one thing, but does that one thing very well. For example, grep is very easy to use and can search vast amounts of data quickly. The find tool can find a particular file or files based on all kinds of criteria. It's pretty easy to string these tools together to build even more powerful tools, such as a tool that finds all of the .log files in the /home directory and searches each one for a particular entry. This erector-set mentality allows UNIX system administrators to seem to always have the right tool for the job.
Cron traditionally has been considered another such a tool for job scheduling, but is it enough? This webinar considers that very question. The first part builds on a previous Geek Guide, Beyond Cron, and briefly describes how to know when it might be time to consider upgrading your job scheduling infrastructure. The second part presents an actual planning and implementation framework.
Join Linux Journal's Mike Diehl and Pat Cameron of Help Systems.
Free to Linux Journal readers.Register Now!
- SourceClear Open
- SUSE LLC's SUSE Manager
- Tech Tip: Really Simple HTTP Server with Python
- My +1 Sword of Productivity
- Managing Linux Using Puppet
- Murat Yener and Onur Dundar's Expert Android Studio (Wrox)
- Non-Linux FOSS: Caffeine!
- Google's SwiftShader Released
- Doing for User Space What We Did for Kernel Space
- SuperTuxKart 0.9.2 Released
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide