how to manage iptables in linux

IPTABLES (Packet Filter) :-

Firewall is used to prevent and monitor unauthorized access of a computer network. In simple terms we can call firewall is a network security. Iptables is a rule based firewall this controls the incoming and outgoing network traffic.

[Note:-  iptables applies to IPv4 only, ipt6tables applies to IPV6 ]

3 predefined chains

•  INPUT - All packets destined for the host computer.
•  OUTPUT - All packets originating from the host computer.
•  FORWARD - All packets neither destined nor originating from the host computer, but passing through (routed by) the host computer. This chain is used if you are using your computer as a router.

How to start, stop & restart iptables:-

# /etc/init.d/iptables start

# /etc/init.d/iptables stop
# /etc/init.d/iptables restart
 (OR)
# service iptables start
# service iptables stop
# service iptables restart
  

To start iptables automatically during the system startup use this command:-

#chkconfig iptables on 

To list the iptables rules:-

#iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

To list the iptables rules with line numbers:-

#iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination        
1    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
2    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
3    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:telnet

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination        
1    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
2    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh

Flush or Delete all the rules :-

# iptables -F
# service iptables save
[Note:- Be careful! while running this command this will delete all the rules]

To view NAT Rules:-

# iptables -t nat -L -n -v 

 Iptables Port Forwarding :-

# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
[all incoming traffic on port 80 redirect to port 8080]

To Block a specific ip-address 

#iptables -A INPUT -s 192.168.0.254 -j DROP

How to change MAC address in linux

To change the mac address in RHEL,Centos or any linux based operating system please follow these steps:-

 Steps for changing MAC address temporarily

 step1:- First turn off the network interface 

 step2:- Change the desired MAC address but which should be hexadecimal format XX:XX:XX:XX:XX:XX

 step3:- Turn on the network interface

 step4:- Check the status of the MAC address

 # ifconfig eth0 down

 # ifconfig eth0 hw ether 00:11:09:9B:83:C8

 # ifconfig eth0 up

 # ifconfig eth0 |grep HWaddr

how to configure passwordless ssh in linux

SSH PASSWORDLESS LOGIN 

SSH (Secure Shell) is a network protocol, It also allows a user to establish a secure channel over an insecure network.
The Main difference between SSH, TELNET, RSH is security, for Telnet, rsh and rexec protocols send information, notably passwords, in plaintext.

{Note:-  ~/.ssh  is a main directory for ssh which should be present under all users home directory [~ represents the home directory of a user]. Permission for this ssh directory should be 700.}

sshd

This is the daemon service that implements the ssh server. By default it must be listening on port 22 TCP/IP [Note:- Daemon is nothing but the process that is running on the background]

Step1:- log in  as any user  on machine1 (server) and generate a pair of authentication keys. Please do not enter a passphrase

[root@server ~]# ssh-keygen

Step1:- copy the generated key from machine1(server) to machine2(client) by using this command

[root@server ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.58.129

{Note:- 192.168.58.129 is machine 2(client) IP}
Now public key file is successfully copied to machine B so you can able to login machine 2 without entering the password.

[root@server ~]# ssh 192.168.58.129
Last login: Thu Mar 19 19:20:39 2015 from 192.168.58.128
[root@client ~]#

Remote Systems Management Using Inbuild Firmware

System Admin professionals should manage both local and remote servers from their desktop. Nowadays all the server's comes with Remote management console facility, By using this application administrators can be able to deploy, update, monitor, and maintain servers with no need for any additional software to be installed.

Manage Your iDRAC(Integrated Dell™ Remote Access Controller):-

Default iDRAC configuration is:-
Username = root
Password = calvin
IP Address = 192.168.0.120
if you want to access remote server using iDRAC
https://<iDRAC-IP-address>:<port-number>

Manage Your IMM(Integrated Management Module):-

Default IMM configuration is:-

Username = USERID

Password = PASSW0RD

IP Address =192.168.70.125

if you want to access remote server using IMM Console
https://<IMM-IP-address>:<port-number>

How to configure nfs over rdma

Network File System [NFS], is a server-client protocol for sharing files between computers on a common network

RDMA [Remote Direct Memory Access] is a communication technology that allows computers in a network to exchange data in main memory without involving the processor, cache, or operating system of either system, use of RDMA makes higher throughput and lower latency. 
[Note:-RDMA is only possible with network adapters that support RDMA in hardware. Examples of such network adapters are InfiniBand HCAs and 10 GbE network adapters with iWARP support]

First set up the NFS export filesystem on nfs server:-

 # yum install nfs-utils 
#echo "/nfsdir 193.168.0.0/255.255.255.0(fsid=0,rw,async,insecure,no_root_squash)" >> /etc/exports
#exportfs -r
#exportfs -v
#service rpcbind start
#service nfs start
On the NFS server, load the  svcrdma kernel module and start the NFS service.
# modprobe svcrdma
# service nfs restart
verify with showmount command that you have successfully shared /nfsdir folder
#showmount -e
[ Important Note:- configuration file for rdma is /etc/rdma/rdma.conf, Services need to be enable
is rdma & nfs-rdma & Default port for rdma is 2050 ]

Enable RDMA from NFS server:-
First make sure we have installed necessary rdma packages & enable services
# yum install rdma
# chkconfig rdma on
# yum install rdma
#chkconfig nfs-rdma on
If you want to change the default port 2050, open /etc/rdma/rdma.conf file & edit
NFSoRDMA_PORT to the desired port.

Enable RDMA from NFS client:-
# yum install nfs-utils
On the NFS client, load the xprtrdma kernel module and start the NFS service.
# modprobe xprtrdma
# service nfs start
First check rdma rpm is installed or not by using this command:-
# yum install rdma
Make sure rdma service is enabled:-
# chkconfig rdma on
NFS over RDMA

Mount NFS exported directory using rdma:
# mount -o proto=rdma,port=2050 host:/nfsdir /mnt