শুক্রবার, ১২ অক্টোবর, ২০১২
মঙ্গলবার, ৩ জুলাই, ২০১২
BGP Attributes
BGP Attributes
BGP
attribute is a metric used to describe the
Characteristics
of a BGP path. Attributes are contained in update messages passed between BGP
peers for advertise routers.
BGP attributes are
divided into two types -
a)
Well Known
b)
Optional
Well Known attributes are divided into two types -
a)
Mandatory
b)
Discretionary
**
Mandatory attributes are -
a)
AS Path
b)
Next Hop
c)
Origin
**
Origin attributes divided into three types -
a)
Internal(i)
b)
External(e)
c)
Incomplete(?)
**
Discretionary attributes are -
a)
Local Preference
b)
Atomic Aggregate
Optional attributes
are divided into two types -
a)
Transitive
b)
Non Transitive
**
Transitive attributes are divided into two types -
a)
Aggregator
b)
Community
**
Community attributes are -
a)
No-export
b)
No advertise
c)
Internet
d)
Local AS.
**
Non transitive attributes are -
a)
MED (Multi Exit Discriminator).
b)
Originator
d)
Cluster ID.
রবিবার, ১ জুলাই, ২০১২
বুধবার, ২৫ জানুয়ারী, ২০১২
Proxy Server
Short Description about Proxy Server:
Then edit the /etc/squid/squid.conf file:
******ACL Configuration portion******
A Proxy Server acts as an intermediary between the computers of a LAN and Internet.
Maximum time proxy server is used for web when it’s an http proxy. There can be proxy servers for every application protocol (such as FTP.).
Squid proxy:
Squid proxy aggregates the requests of many web surfers that use it into a single stream of requests. When the Squid server aggregates multiple outbound connections, it is called a proxy. When it aggregates multiple inbound connections it is called a reverse proxy. This is also called “accelerator mode”.
There are many reasons to create squid proxy. Two important goals are:
- Reduce Internet bandwidth charges
- Limit access to the Web to only authorized users.
The operating principle of a proxy server:
When a user connects to the internet using a client application configured to use a proxy server, the application will first connect to the proxy server and give it its request. The proxy server then connects to the server which the client application wants to connect to and sends that server the request. Then the server gives its reply to the proxy, which then sends it to the application client.
Important Features of Proxy Server:
1. Caching
2. Filtering
3. Authentication
Transparent proxy:
It is possible to limit HTTP Internet access to only the Squid server without having to modify the browser settings on your client PCs. This called a transparent proxy configuration. It is usually achieved by configuring a firewall between the client PCs and the Internet to redirect all HTTP (TCP port 80) traffic to the Squid server on TCP port 3128 (Default port).
Quick Simple Proxy Server Configuration on Debian Squeeze:
#apt-get install squid [2.7.stable9]
Then edit the /etc/squid/squid.conf file:
******ACL Configuration portion******
acl src c.c.c.c/24 [c.c.c.c /24 is the local network]
http_access allow
[Access can be controlled by various way. Such as , specific website, port, content, time based etc. It depends on requirement]
To restrict specific site:
Create a file with any name in any location with restricted site name. here I create:
/etc/squid/restricted-sites.squid
Then in squid.conf file
acl Badsites dstdomain "/etc/squid/restricted-sites.squid"
http_access deny Badsites
[acl will write in acl section and http_access will write in http_access section before all deny]
Then
Cache_mem MB [Not more than RAM/4]
cache_dir aufs /var/spool/squid 100 16 256
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log on
logformat squid %tl %6tr %>a %Ss/%03Hs %
visible_hostname
http_port :3128 transparent [Here I have used default port. Transparent is used for using transparently by without configuring proxy in browser].
Then add the service in startup by
#chkconfig - -level 2345 squid on
In console and restart the service by
#/etc/init.d/squid/restart
IPTABLES Configuration :
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE [for nat]
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -A INPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -i eth0 -p tcp --dport 3128
iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth1 -p tcp --dport 80
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i eth1 -p tcp --sport 80
iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -o eth0 -p tcp --sport 80
Now Its ok.
[Don’t follow this for you because this is quick reference for me. You can read some book or websites for your better understanding].
[Reverse proxy, FTP through proxy will submit next time].
মঙ্গলবার, ১৭ জানুয়ারী, ২০১২
Crontab Quick Reference
Setting up cron jobs in Unix and Solaris
cron is a unix, solaris utility that allows tasks to be automatically run in the background at regular intervals by the cron daemon. These tasks are often termed as cron jobs in unix , solaris. Crontab (CRON TABle) is a file which contains the schedule of cron entries to be run and at specified times.This document covers following aspects of Unix cron jobs
1. Crontab Restrictions
2. Crontab Commands
3. Crontab file – syntax
4. Crontab Example
5. Crontab Environment
6. Disable Email
7. Generate log file for crontab activity
1. Crontab Restrictions
You can execute crontab if your name appears in the file /usr/lib/cron/cron.allow. If that file does not exist, you can use crontab if your name does not appear in the file /usr/lib/cron/cron.deny.
If only cron.deny exists and is empty, all users can use crontab. If neither file exists, only the root user can use crontab. The allow/deny files consist of one user name per line.
2. Crontab Commands
export EDITOR=vi ;to specify a editor to open crontab file.
crontab -e Edit your crontab file, or create one if it doesn’t already exist.
crontab -l Display your crontab file.
crontab -r Remove your crontab file.
crontab -v Display the last time you edited your crontab file. (This option is only available on a few systems.)
3. Crontab file
Crontab syntax :
A crontab file has five fields for specifying day , date and time followed by the command to be run at that interval.
* * * * * command to be executed
- - - - -
| | | | |
| | | | +----- day of week (0 - 6) (Sunday=0)
| | | +------- month (1 - 12)
| | +--------- day of month (1 - 31)
| +----------- hour (0 - 23)
+------------- min (0 - 59)
|
The value column can have a * or a list of elements separated by commas. An element is either a number in the ranges shown above or two numbers in the range separated by a hyphen (meaning an inclusive range).
Notes
A. ) Repeat pattern like /2 for every 2 minutes or /10 for every 10 minutes is not supported by all operating systems. If you try to use it and crontab complains it is probably not supported.
B.) The specification of days can be made in two fields: month day and weekday. If both are specified in an entry, they are cumulative meaning both of the entries will get executed .
4. Crontab Example
A line in crontab file like below removes the tmp files from /home/someuser/tmp each day at 6:30 PM.
30 18 * * * rm /home/someuser/tmp/*
Changing the parameter values as below will cause this command to run at different time schedule below :
| min | hour | day/month | month | day/week | Execution time |
| 30 | 0 | 1 | 1,6,12 | * | – 00:30 Hrs on 1st of Jan, June & Dec. |
| 0 | 20 | * | 10 | 1-5 | –8.00 PM every weekday (Mon-Fri) only in Oct. |
| 0 | 0 | 1,10,15 | * | * | – midnight on 1st ,10th & 15th of month |
| 5,10 | 0 | 10 | * | 1 | – At 12.05,12.10 every Monday & on 10th of every month |
| : | |||||
5. Crontab Environment
cron invokes the command from the user’s HOME directory with the shell, (/usr/bin/sh).
cron supplies a default environment for every shell, defining:
HOME=user’s-home-directory
LOGNAME=user’s-login-id
PATH=/usr/bin:/usr/sbin:.
SHELL=/usr/bin/sh
Users who desire to have their .profile executed must explicitly do so in the crontab entry or in a script called by the entry.
6. Disable Email
By default cron jobs sends a email to the user account executing the cronjob. If this is not needed put the following command At the end of the cron job line .
>/dev/null 2>&1
7. Generate log file
To collect the cron execution execution log in a file :
30 18 * * * rm /home/someuser/tmp/* > /home/someuser/cronlogs/clean_tmp_dir.log
এতে সদস্যতা:
পোস্টগুলি (Atom)