May 202014
 

Article based on the original work of  Travis Zajkowski first posted on his blog

As first thing, this is a good definition of subner, from wikipedia:

subnetwork, or subnet, is a logically visible subdivision of an IP network. The practice of dividing a network into two or more networks is called subnetting.

All computers that belong to a subnet are addressed with a common, identical, most-significant bit-group in their IP address. This results in the logical division of an IP address into two fields, a network or routing prefix and the rest field or host identifier. The rest field is an identifier for a specific host or network interface.

The routing prefix is expressed in CIDR notation. It is written as the first address of a network, followed by a slash character (/), and ending with the bit-length of the prefix. For example, 192.168.1.0/24 is the prefix of the Internet Protocol Version 4 network starting at the given address, having 24 bits allocated for the network prefix, and the remaining 8 bits reserved for host addressing. The IPv6 address specification 2001:db8::/32 is a large address block with 296 addresses, having a 32-bit routing prefix. In IPv4 the routing prefix is also specified in the form of the subnet mask, which is expressed in quad-dotted decimal representation like an address. For example, 255.255.255.0 is the network mask for the 192.168.1.0/24 prefix. Traffic between subnetworks is exchanged or routed with special gateways called routers which constitute the logical or physical boundaries between the subnets.

The benefits of subnetting vary with each deployment scenario. In the address allocation architecture of the Internet using Classless Inter-Domain Routing (CIDR) and in large organizations, it is necessary to allocate address space efficiently. It may also enhance routing efficiency, or have advantages in network management when subnetworks are administratively controlled by different entities in a larger organization. Subnets may be arranged logically in a hierarchical architecture, partitioning an organization’s network address space into a tree-like routing structure.

When you configure a server or a service it’s useful to know what’s the complete IP Address, so there are several different Subnet Calculators available for command line use on Linux. Two popular ones are:

ipcalc
sipcalc

Continue reading »

flattr this!

May 102014
 

terminal1.jpg
Your server appearing pretty slow could be many things from wrong configs, scripts and dodgy hardware – but sometimes it could be because someone is flooding your server with traffic known as DoS ( Denial of Service ) or DDoS ( Distributed Denial of Service ).

Denial-of-service attack (DoS attack) or Distributed Denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. This attack generally target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. DoS attacks are implemented by either forcing the targeted computer to reset, or consuming its resources so that it can no longer provide its services or obstructs the communication media between the users and the victim so that they can no longer communicate adequately.

In this small article you’ll see how to check if your server is under attack from the Linux Terminal with the netstat command

Continue reading »

flattr this!

Jan 192014
 

Article by Rahul Panwar first posted on http://linuxexplore.com/

A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normally not access) files outside the designated directory tree. The term “chroot” may refer to the chroot(2) system call or the chroot(8) wrapper program. The modified environment is called a “chroot jail”. From Wikipedia.

Why it is required? If you want to set up your Linux box as a web hosting server for its users, you may need to give SFTP access. But they can get access to whole system Linux tree, just for reading but still very unsecure. So it is mandatory to lock them in their home directory.

There are many other applications, it’s just a common example, so lets start its configuration.

Continue reading »

flattr this!

Setup squid to use multiple outgoing IP addresses

Today I want to just give you a pill, but I’m sure that even if is short this article will save a lot of time to someone who, like me, has this requirement. Having a machine with Linux and various IP (which can be IPv4 and / or ipv6) and a Squid Proxy Server configure [...]

opensource Asset Management software : Uranos

In the 3 former articles of this series we have saw OCSInventory, Fusion Inventory and GLPI 3 software that can create an asset inventory with your computers hardware and software. Today we’ll take a look at another software: Uranos (Unattended Resolution in A Nutshell – OS). Unattended Resolution in A Nutshell – OS is an [...]