Firewalls are very important for servers with internet facing interfaces, and configuring the firewall properly is even more important. This is a guide on how to configure a strong iptables firewall on a CentOS server. With some small changes to the configuration below it could be used for web servers, database servers and really any other server.
The first step is to install iptables if it is not already. Then start the iptables service so we can make live changes to the config.
yum install iptables /sbin/service iptables start
Once installed and started flush out the default configuration with the following command.
iptables -F
Now save the blank configuration.
/sbin/service iptables save
Here is where we make the firewall secure from the outside world. Below is a list of commands to run which will make realtime changes to the firewall to lock it down. After that I will explain the line items and how to change them for you.
iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -s 10.22.5.0/24 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -s 8.8.8.8/32 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p udp --dport 5060 -j ACCEPT iptables -A INPUT -p udp --dport 10000:20000 -j ACCEPT iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT /sbin/service iptables save
-A INPUT -s 10.22.5.0/24 -p tcp –dport 22 -j ACCEPT – This line is opening up ssh to the source ip range of 10.22.5.1-.255 so any computer with a public ip address that matches will be able to use ssh. Using an ip address filter on ssh is a great way to prevent unauthorized access. This can be repeated for each range or single ip address needed as the line below it opens ssh to the ip address 8.8.8.8.
iptables -A INPUT -p udp –dport 5060 -j ACCEPT – Here is where SIP port 5060 opens up to internet without any source ip address filter. An ip address filter can also be put on this and I would recommend for stronger security but sometimes that is just not possible.
iptables -A INPUT -p udp –dport 10000:20000 -j ACCEPT – Opening up the media ports for the rtp stream.
iptables -P INPUT DROP – Using this command is very important because it changes the iptables mode to drop all packets unless they match the predetermined rules we have just entered. Without using this command all the work above goes to waste and the firewall is wide open.
Since Asterisk version 1.4.x is scheduled for end of life on 4/21/2012, I decided to start testing Asterisk version 1.8. I choose to start working with Asterisk 1.8 because it is a long-term support release which extends its life to 10/21/2015. I modified my install script to work with dahdi and version 1.8 so that it is a simple one step install for Asterisk. There are a few changes with version 1.8, such as the mysql cdr add-on no longer exists. Instead the use of odbc libraries connect to a MySQL server or other database server. I made the changes to my script to adjust for Asterisk 1.8 and tested it on a Rackspace cloud server.
If you are not using a Rackspace cloud server and are running the script on a standard CentOS install be sure to comment out the following line from the script:
export KSRC=/usr/src/kernels/2.6.18-274.12.1.el5xen-x86_64
Install the following packages before running the script.
yum -y install bind-utils curl-devel doxygen gcc gcc-c++ gtk+ gtk+-devel gnutls-devel httpd kernel-xen kernel-xen-devel kernel kernel-devel kernel-smp-devel kernel-smp libxml2-devel libtermcap-devel libtool-ltdl libtool-ltdl-devel make mysql mysql-server mysql-devel mysql-server-devel mysql-connector-odbc net-snmp-devel neon-devel newt-devel ncurses-devel ntp openssl-devel openssl perl-suidperl php-mysql system-config-securitylevel screen texinfo unixODBC unixODBC-devel wget
Now just download and run the script which will do all the heavy lifting of compiling Asterisk.
wget http://www.jonathanmanning.com/wp-content/uploads/2012/01/install_asterisk18.txt chmod +x install_asterisk18.txt ./install_asterisk18.txt
Headway Theme 3.0 for WordPress Released
Headway Theme 3.0 was released last month and comes with a host of new features for the WordPress theme. The developers of Headway built version 3 from the ground up by writing all new code. The interface is familiar to existing users of Headway but include a lot of new design differences. For example there is now the option to use a grid layout to design the GUI of the website. The new version also includes the ability to use child themes giving more flexibility to the framework.
All of the features from pervious releases of Headway are still included and allow for more flexibility. So far I am very impressed with the new version of Headway but I will have a full review of the new version in the coming weeks once I have had time to design a site with it.
Click here to get more information on Headway… Headway Theme 3.0
If you are looking to install Ruby 1.9.3+ on a Linux system this will guide you through compiling the software. There is always the option to use yum to install ruby packages but the versions in repositories will be older, not the latest stable. This guide is using a Centos 5.x base system without any packages installed and all commands run as root.
1. First the system will need the appropriate packages to compile and install the source code for ruby. To do this run the following command.
yum -y install make gcc openssl-devel zlib-devel gcc gcc-c++ make autoconf readline-devel curl-devel expat-devel gettext-devel ncurses-devel sqlite3-devel mysql-devel httpd-devel wget which
2. Now that a compiler package is installed move on to download, compile and install the libyaml library.
cd /usr/src wget http://pyyaml.org/download/libyaml/yaml-0.1.4.tar.gz tar zxf yaml-0.1.4.tar.gz cd yaml-0.1.4 ./configure --prefix=/usr/local make && make install
3. The next step is to download, compile and install Ruby 1.9.3.
cd /usr/src wget http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p0.tar.gz tar zxf ruby-1.9.3-p0.tar.gz cd ruby-1.9.3-p0 ./configure --prefix=/usr/local --disable-install-doc --with-opt-dir=/usr/local/lib make && make install
4. Upon completion of steps 1 through 3 ruby is accessible via command line. Test ruby by running the following command.
[root@new-host-2 ~]# ruby -v ruby 1.9.3p0 (2011-10-30 revision 33570)
The guide will help get Ruby working on a CentOS system, later I will cover what you can do with Ruby.
The use of cloud based servers is on the rise in businesses and for good reason. Cloud servers offer many advantages which include removal of physical hardware from data centers, cost savings and scalability, just to name a few. One such service provider, Rackspace Cloud, has changed the landscape of how dedicated servers are offered for businesses in need of a dedicated server or data center environment. Rackspace has long been a provider of collocation, hosted physical servers and many other services but recently started a cloud offering. Their new cloud server product has picked up traction with businesses looking for a flexible infrastructure.
A cloud server is a virtual machine or guest, running on top of multiple physical servers or hosts, which are linked to each other to host countless virtual servers. The advantage is the virtual machines are sharing the resources of the physical hosts. This allows for better reliability by less reliance on a single physical host. The virtual machine can float from one physical host to another if a host in the cluster failed. Having this redundancy can be very helpful when working with high availability applications.
Rackspace offers a variety of cloud services, all from the Rackspace Cloud control panel. The cloud server is truly the flagship product offering. There are such options to choose from as 19 different operating system images and 7 memory options ranging from 256 MB to 15872 MB. These options allow for a variety of customization to make sure the environment will meet the requirements of the customer’s application, thus appealing to a larger audience and increasing implementation in the business world.
Creating SSH tunnels using a Windows PC with Putty SSH client is easy but what happens if you are using an Apple computer with Mac OS X. Well that is also just as easy, I documented step by step instructions for Mac users to establish a SSH tunnel between Mac OS X and a remote Linux server.
1. Before we do anything let’s get a baseline and see what our public ip address is. Start by opening up a web browser, I chose to use Opera for this test. Go to http://whatismyip.org which will display the public ip address your computer is broadcasting on the internet.
Next how to get an SSH tunnel setup using the built-in Mac terminal CLI.
2. Now that we have a baseline it is time to establish the SSH tunnel with your server. You will need the hostname or ip address, username and password for your remote Linux server. Once you have that use the following command from the terminal, ssh -N – D “username”@”ip-address or hostname”. This example is using port 22 to SSH into the server but you could use the “-p” option to specify any port for SSH.
ssh -N -D 8080 root@ip-address
After you enter in your password the prompt will just sit there and not do anything, don’t worry that is what its supposed to do. Also this “open failed: connect failed: Connection timed out” error may show up which is normal and expected, just continue to the next step.
3. The next step is to configure a web browser to use the remote Linux server as a SOCKS proxy so to do this open your web browser and enter the preferences menu. Again I am using Opera for this example but you could use any browser, Chrome, Firefox, etc.
4. In the preferences menu go to the network options, then look for a “Proxy Servers” setting button.
5. In the proxy servers menu you will need to configure the SOCKS server using ip address 127.0.0.1 and the port you used above in step 2, so in my case it is 8080. Click OK to save the settings change and close out of the preferences menu.
6. Now back in the browser go to http://whatismyip.org again and this time it will display the broadcast public ip address of the remote network where the Linux server is and this confirms the tunnel is working.
Now the tunnel is up the remote network web interfaces are available to your browser by their private ip addresses. So for example you could log into your remote firewall’s web interface from its private interface, such as 192.168.1.1. If you want to disconnect the tunnel just go to the terminal window with the ssh -N -D command running and use “control + C” to stop the command which will terminate the tunnel.
I recently got my hands on a Logitech Revue which uses the GoogleTV platform. I got Revue to test the video conferencing in a corporate environment. Much to my surprise Logitech did an outstanding job with this product and the video conferencing quality was prefect. I wouldn’t recommend it for very large conference rooms but a room with an 8 to 10 foot table it will work great.
The microphone might not work for that size room but in that case just setup a phone bridge with a free conference call provider and put the TV on mute. If you are doing a one on one then the microphone will be able to handle it no problem.
The video quality will go up to 720p since that is what the camera is capable of, which displays very clear on a HDTV. It even seems to get a wide enough picture to fit in the width of most rooms. Of course the video can be a little choppy depending on the internet connection, for best quality it is recommended to have at least a 1 Mbps upload speed on your connection to the outside world. From my tests I found that a 768k upload speed worked to give good enough quality for seeing each side of the cameras.
I think this product could really be device that can deliver video conferencing to the masses at home, considering Cisco recently released a home conferencing unit that costs over $500 and requires a yearly service fee of $99. With Logitech there are no subscription fees, all calls are completely free and can talk to Mac and PC clients.
I think Logitech did a great job with this product and after the recent price slash I can only see this getting more and more popular. So get over to BestBuy soon before these are all sold out.
Logitech Revue $99
Logitech Camera 720p $149
I have used Headway Theme Framework for over a month and I am very impressed with it. I would highly recommend using it if you are looking for an easy way to build a professional looking website using only GUI based tools. The Headway visual editor makes it very easy to create a great looking website with drop down menu’s and widgets that will do anything you need.
When I was trying to buy Headway I looked through site after site for a coupon code that worked but they were all just webpages tricking visitors to click their link. I was able to find a coupon code that worked and it gave me 25% off both the personal and developer versions. I went ahead and got the developer version since I help other people with their websites and using Headway it makes it so much easier.
Click the banner below to buy Headway Theme Framework, make sure to copy or write down the coupon code first.
COUPONWP25
Copy or write down the code so you can enter it at checkout. Make sure to click the link for “Have a discount code?” as seen below in the screenshot.
If you are looking to improve performance on your apache web server there is a PHP module that is from the PHP extension community library named Alternative PHP Cache. This APC module will cache and optimize your PHP webpages speeding up content delivery. Here are directions how to install this package.
Follow the steps below to install php and the apc module:
yum install php53 php53-devel php-pear pcre pcre-devel gcc cpp make autoconf
Next to install apc use the pecl command line installer
pecl install apc 54 source files, building running: phpize Configuring for: PHP Api Version: 20090626 Zend Module Api No: 20090626 Zend Extension Api No: 220090626 Enable internal debugging in APC [no] : Enable per request file info about files used from the APC cache [no] : Enable spin locks (EXPERIMENTAL) [no] : Enable memory protection (EXPERIMENTAL) [no] : Enable pthread mutexes (default) [yes] : Enable pthread read/write locks (EXPERIMENTAL) [no] :
This pecl installer will configure your apache installation automatically if you installed apache. Some problems can arise when installing usually due to missing packages, see an example of a missing package below.
/usr/include/php/ext/pcre/php_pcre.h:29:18: error: pcre.h: No such file or directory In file included from /tmp/tmpia0OKv/APC-3.1.9/apc.c:44: /usr/include/php/ext/pcre/php_pcre.h:37: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token /usr/include/php/ext/pcre/php_pcre.h:38: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token /usr/include/php/ext/pcre/php_pcre.h:44: error: expected specifier-qualifier-list before 'pcre' /tmp/tmpia0OKv/APC-3.1.9/apc.c:393: error: expected specifier-qualifier-list before 'pcre' /tmp/tmpia0OKv/APC-3.1.9/apc.c: In function 'apc_regex_compile_array': /tmp/tmpia0OKv/APC-3.1.9/apc.c:454: error: 'apc_regex' has no member named 'preg' /tmp/tmpia0OKv/APC-3.1.9/apc.c:454: error: 'apc_regex' has no member named 'preg' /tmp/tmpia0OKv/APC-3.1.9/apc.c:455: error: 'apc_regex' has no member named 'nreg' /tmp/tmpia0OKv/APC-3.1.9/apc.c:455: error: 'apc_regex' has no member named 'nreg' /tmp/tmpia0OKv/APC-3.1.9/apc.c: In function 'apc_regex_match_array': /tmp/tmpia0OKv/APC-3.1.9/apc.c:487: error: 'apc_regex' has no member named 'preg' /tmp/tmpia0OKv/APC-3.1.9/apc.c:487: error: 'apc_regex' has no member named 'preg' /tmp/tmpia0OKv/APC-3.1.9/apc.c:488: error: 'apc_regex' has no member named 'nreg' /tmp/tmpia0OKv/APC-3.1.9/apc.c:488: error: 'apc_regex' has no member named 'nreg' make: *** [apc.lo] Error 1 ERROR: `make' failed
If you come across this error then the make sure to install pcre and pcre-devel with yum.
I couple of weeks ago I decided to start a new website and this time I didn’t want to pay a website designer hundreds of dollars to come up with a simple website that took no longer than 8 hours of work. So I started looking around for an easy to use framework for a cms, content management system. In my research I found that WordPress is a highly regarded cms for blogs, websites, and pretty much anything that is website related. Since WordPress was so highly recommended and I am already very familiar with it I started looking for a WordPress theme framework.
It didn’t take long to find some good options for a WordPress theme framework, there are literally hundreds of theme frameworks some of which are open source, others with a one time charge, and some that are a monthly service. I looked at a few of the free offerings and decided that they were not what I needed when it comes to ease of use. I wanted to find a framework that was highly customizable so my website didn’t look like every other WordPress site out there, but was easy enough to not need a manual when making simple changes and included support for advanced features if I needed help.
I read review after review and I decided that Headway drag and drop Theme Framework was a good place to start, and since it had a money back guarantee it was worth a try. Headway has 2 pricing options one for personal use $87 and the other for developers $164. The personal licence is always upgradeable to a developer licence for only $77. Both of these licences options are for lifetime support and updates.
1. Headway’s visual editor is such a great tool that very few other theme’s offer, it did take some getting used to but after the learning phase it made making small changes so easy. After being able to use a visual editor I don’t think I could go back to a framework without one, everything is drag and drop right where you want it.
2. Headway easy hooks make adding custom code anywhere on the page as easy as copy and paste. Just go to the easy hooks menu, select where you want to add your javascript, php or html and paste, save and refresh your page. This is a fantastic feature and it saves so much time so you don’t have to go into the backend code and read line by line trying to figure out where you need to place your code.
3. Doing custom CSS is easy with the Headway documentation, they have all the code on the website to help make any custom CSS changes really easy. If you have any problems a forum post usually gets a response in a few hours and will help you solve your problem.
4. Creating a navigation bar is so simple it even uses the built-in menu editor for WordPress making it simple to create sub menus. This was my first time creating a menu in WordPress and I had to ask in the forum but once I got a few pointers I was making menus like a pro.
5. Built in SEO settings to help get your site to the top of google searches. This is good for anyone since it does not need changes from the user, the default configuration is good enough to get the site in google’s radar. If you know what you are doing then you can tweak settings just the way you like them or if you want to read up on SEO Headway provides a whole section dedicated to it in the documentation.
