VPN Server

Server

1. apt-get   install   ppp
2. apt-get   install   pptpd
   
3. vi   /etc/pptpd.conf

option /etc/ppp/pptpd-options –> (default). Location of the PPP Options file.

speed 115200 –> (default)

debug –> (default)

logwtmp –> (default). Use wtmp(5) to record client connections and disconnections

localip 7.7.7.10 à If chap Secrete IP is set dynamically then pool IP from this range

remoteip 7.7.7.10-100

#or

#localip 192.168.0.1

#remoteip 192.168.0.234-238,192.168.0.245

#or

#localip 192.168.0.234-238,192.168.0.245

#remoteip 192.168.1.234-238,192.168.1.245

4.  vi   /etc/ppp/pptpd-options

name PPTP –> Name of the local system for authentication purposes (must match

The second field in /etc/ppp/chap-secrets entries)

ms-dns 221.120.96.2

ms-dns 221.120.96.3

netmask 255.255.255.0

proxyarp  –> (default)

nodefaultroute  –> (default)

lock  –> (default)

nobsdcomp  –> (default)

5.  vi   /etc/ppp/chap-secrets

# Secrets for authentication using CHAP

# client            server  secret                      IP addresses

########        #####   ######                  #############

pavel               PPTP    pavel321              192.168.104.6

eximit              PPTP   exim321               221.120.97.28 àGive static IP to client

sum                 PPTP   sum321 * à pull an IP from remote IP range of
/etc/pptd.cong file of VPN server.

6.  /etc/init.d/pptpd   restart

Client
Linux

1. apt-get install ppp
2. apt-get install pptp-linux
3. vi   /etc/ppp/peers/provider –> Delete all line and just write the following lines. pty “pptp 10.0.38.130 –nolaunchpppd” à IP of VPN server.

name eximit à Client name as same of VPN server chap-secrete.

remotename PPTP à As same of  /etc/ppp/pptpd-options of VPN server

file /etc/ppp/options.pptp

ipparam provider

noauth

persist

115200

defaultroute

proxyarp

!

1. vi   /etc/ppp/chap-secrets

# Secrets for authentication using CHAP

# client            server        secret                     IP addresses

eximit          PPTP       exim321                 * à Get IP from remote IP range of

pptpd.conf file or get a static IP from chap-secrete of VPN server.

1. vi   /etc/ppp/options.pptp  –> Delete all line and just write the following line.
   lock noauth nobsdcomp nodeflate
   !
2. /etc/init.d/ppp restart

Windows

Network Connection –> Create a New connection –> Connect to the network at my workspace –> Virtual Private Network Connection –> Company name (sum) –> Do net dial the initial connection –> Host name/IP (221.120.96.236)

Debian

Debian 5.0 CD/DVD download

http://cdimage.debian.org/debian-cd/5.0.0/i386/iso-dvd/ >>>For Debian 5 DVD ISO

http://cdimage.debian.org/debian-cd/5.0.0/i386/iso-cd/ >>>>>For Debian 5 CD ISO

[#]   vi   /etc/apt/sources.list

Debian 4
deb http://ftp2.de.debian.org/debian/ etch main

deb-src http://ftp2.de.debian.org/debian/ etch main

Debian 5

Source 1:

            deb     http://ftp.debian.org/debian/  stable main contrib non-free
            deb-src http://ftp.debian.org/debian/  stable main contrib non-free
            deb     http://security.debian.org/    stable/updates main contrib non-free
            deb-src http://security.debian.org/    stable/updates main contrib non-free

Source 2:

deb http://ftp.nl.debian.org/debian/ lenny main contrib non-free
deb http://security.debian.org/ lenny/updates main contrib non-free

            Source 3:

            deb http://http.us.debian.org/debian stable main contrib non-free
            deb http://non-us.debian.org/debian-non-US stable/non-US main contrib non-free
            deb http://security.debian.org stable/updates main contrib non-free

      Source 4:
      Latest debian apt source list

deb http://ftp.fr.debian.org/debian/ lenny main
deb-src http://ftp.fr.debian.org/debian/ lenny main

deb http://security.debian.org/ lenny/updates main
deb-src http://security.debian.org/ lenny/updates main

deb http://volatile.debian.org/debian-volatile lenny/volatile main
deb-src http://volatile.debian.org/debian-volatile lenny/volatile main

!

[#]   apt-get update àupdate the package lists

[#] apt-get upgrade àupgrade all installed packages

[#]   apt-get   install   package name

[#]   apt-get   remove package name à Remove package

[#]   dpkg –purge package name à Remove package

[#]   dpkg –l à show all installed and removed packages

[#]   dpkg –l   package name à Show the package is installed or not.

[#]   dpkg -L pkg à List of files in package

[#]   dpkg -s pkg à Show status of package

[#]   dpkg -p pkg à Show details of package

[#]   apt-cache search dhcp à Search for package

[#]   apt-get source pkg à get the source of package

Package name List

1. portmap
2. sysv-rc-conf  à Show the port status.
3. traceroute
4. openssl
5. libssl-dev
6. iproute
7. iptraf
8. tcpdump
9. zip
10. unzip
11. php4-apc
12. libpng
13. libjpeg
14. minicom
15. mgetty
16. dhcp3-server
17. libnet-ssleay-perl
18. rdate
19. perl-suid
20. ncurses
21. mrtg
22. snmpd
23. zlib1g-dev
24. pptp-linux
25. namp
26. squid
27. wget
28. vim
29. psmisc
30. sysv-rc-conf
31. gcc
32. tcptrack
33. iftop
34. mtr

PGF server

NAT, Firewall, Proxy

1^st Step: Setup IP in Interface

auto lo

iface lo inet loopback

auto eth0

iface eth0 inet static

address 221.120.99.72

netmask 255.255.255.224

network 221.120.99.64

gateway 221.120.99.65

auto eth1

iface eth1 inet static

address 192.168.100.1

netmask 255.255.255.0

auto eth1:0

iface eth1:0 inet static

address 192.168.0.1

netmask 255.255.255.0

auto eth1:1

iface eth1:1 inet static

OR
auto eth1:aknet
iface eth1:aknet

address 192.168.110.1

netmask 255.255.255.0

2^nd Step: Squid Configuration

1. apt-get   install squid
2. vi   /etc/squid/squid.conf

3^rd Step: Rules.sh Configuration

1. 1. vi   /etc/init.d/rules.sh OR any name of the file

#!/bin/sh

any=0.0.0.0/0.0.0.0

local_net=192.168.0.0/24

echo 1 > /proc/sys/net/ipv4/ip_forward

#echo 163760 > /proc/sys/net/ipv4/ip_conntrack_max

#echo 3072 > /proc/sys/net/ipv4/neigh/default/gc_thresh1

#echo 4608 > /proc/sys/net/ipv4/neigh/default/gc_thresh2

#echo 6144 > /proc/sys/net/ipv4/neigh/default/gc_thresh3

########################### Flush all rules ###############################

/sbin/iptables   -F à Flash all firewall (INPUT, OUTPUT, FORWARD)

/sbin/iptables -F INPUT

/sbin/iptables -F OUTPUT

/sbin/iptables -F FORWARD

/sbin/iptables -F -t nat

########################## Set default policy ############################

iptables   -P   INPUT   ACCEPT or  iptables – -policy INPUT ACCEPT Accept

All incoming packet from internet inside gateway server.
iptables   -P   OUTPUT   ACCEPT – Accept all output from gateway server to internet
iptables   -P   FORWARD   DROP – Drop all forward packet.

################# Accept all internal communications with loop back ############

/sbin/iptables -A INPUT -j ACCEPT -i lo

/sbin/iptables -A OUTPUT -o lo -p all -j ACCEPT

######################## Rules for external interface ########################

/sbin/iptables -A INPUT -p ip -i eth0 -j ACCEPT

/sbin/iptables -A INPUT -p ip -i eth1 -j ACCEPT

/sbin/iptables -A INPUT -p ip -i ppp+ -j ACCEPT

##################### Accept Forwarding WAN interface ####################

iptables   -A   FORWARD   -i   eth0 –  Allow all packet from Local  PC to internet

Connected by Gateway server.

iptables   -A   FORWARD   -i   eth0   -j   ACCEPT – Allow all packet from local pc to Internet connected by Gateway server.

iptables   -A   FORWAD   -s   0/0   -d   0/0   -j   ACCEPT – Allow all packet from
Local PC to internet connected by Gateway server.

iptables   -A   FORWAD   -s   192.168.100.0/24   -d   0/0   -j   ACCEPT à Allow  all

Packets from 192.168.100.0/24 block Local PC to all destinations (internet).

iptables   -A   FORWAD   -s   192.168.100.2/32   -d   4.2.2.2   -j   ACCEPT à Allow all Packet from 192.168.100.2 local pc to only 4.2.2.2 (destination)

########################   MAC base firewall   ############################

iptables   -A   FORWAD   -s   192.168.100.2  -d 0/0   -m  mac  – -mac-source
00:02:21:D4:C2:11  -j ACCEPT – Allow the packet from a single local  PC whose

(IP- 192.168.100.2 and MAC – 00:02:21:D4:C2:11) to all destination (internet)

##########################   Rules for PPP interface   ######################

/sbin/iptables -A INPUT -p ip -i ppp+ -j ACCEPT

/sbin/iptables -A OUTPUT -p ip -o ppp+ -j ACCEPT

/sbin/iptables -A FORWARD -p ip -i ppp+ -j ACCEPT

####################### Rules for unnecessary ports ######################

NETBIOS_TCP=”135,136,137,138,139,445,3127,3198,5100,5001″

NETBIOS_UDP=”60,66,72,78,100,135,136,137,138,139,5100,5001″

/sbin/iptables -A INPUT -s 0/0 -p tcp -m multiport –dport $NETBIOS_TCP -j DROP

/sbin/iptables -A INPUT -s 0/0 -p udp -m multiport –dport $NETBIOS_UDP -j DROP

/sbin/iptables -A FORWARD -s 0/0 -p tcp -m multiport –dport $NETBIOS_TCP -j DROP

/sbin/iptables -A FORWARD -s 0/0 -p udp -m multiport –dport $NETBIOS_UDP -j DROP

########################### Trojan Block ###################

TROJAN_PORTS_TCP=”12345,12346,1524,27665,31337,19006,3969,9996,5554″

TROJAN_PORTS_UDP=”12345,12346,27444,31337,19006,3969,9996,5554″

/sbin/iptables -A INPUT -p tcp -s 0/0 -m multiport –dport $TROJAN_PORTS_TCP -j DROP

/sbin/iptables -A INPUT -p udp -s 0/0 -m multiport –dport $TROJAN_PORTS_UDP -j DROP

/sbin/iptables -A FORWARD -p tcp -s 0/0 -m multiport –dport $TROJAN_PORTS_TCP -j DROP

/sbin/iptables -A FORWARD -p udp -s 0/0 -m multiport –dport $TROJAN_PORTS_UDP -j DROP

######################## Block Susser worm  ################

#/sbin/iptables -A INPUT -p tcp –dport 9996 -s 0/0 -d 0/0 -j DROP

#/sbin/iptables -A INPUT -p tcp –dport 5554 -s 0/0 -d 0/0 -j DROP

####################### Allow ping replies on BOTH interface ################

iptables -A INPUT -p ICMP -i eth0 -j ACCEPT

iptables -A INPUT -p ICMP -i eth1 -j ACCEPT

#################### Open ftp port OUTSIDE interface ######################

iptables -A INPUT -p tcp -i eth0 –dport 21 -j ACCEPT
iptables -A INPUT -p udp -i eth0 –dport 21 -j ACCEPT
iptables -A INPUT -p tcp -i eth1 –dport 21 -j ACCEPT
iptables -A INPUT -p udp -i eth1 –dport 21 -j ACCEPT

################## Open secure shell port BOTH Interfaces ##################

iptables -A INPUT -p tcp -i eth0 –dport 22 -j ACCEPT
iptables -A INPUT -p udp -i eth0 –dport 22 -j ACCEPT
iptables -A INPUT -p tcp -i eth1 –dport 22 -j ACCEPT
iptables -A INPUT -p udp -i eth1 –dport 22 -j ACCEPT

######################### IP/ URL block ###############

iptables -A INPUT -s 192.168.0.5/32 -d 0/0 -j DROP

iptables -A FORWARD -s 192.168.0.5/32 -d 0/0 -j DROP

iptables -A INPUT -s 0/0  -d 192.168.2.11/32 -j DROP

iptables -A FORWARD -s 0/0 -d 192.168.2.11/32  -j DROP

iptables -A INPUT -s 192.168.0.0/24 -d facebook.com  -p tcp –dport 443 -j DROP

iptables -A FORWARD -s 192.168.0.0/24 -d facebook.com  -p tcp –dport 443 -j DROP

########################## Proxy rules #################

/sbin/iptables -t nat -A PREROUTING -p tcp -i eth1 -s 192.168.0.0/24   –dport 80 -j REDIRECT –to-port 8080

######################## Rules for Nating / Maquerading ####

#iptables -t   nat   -A   POSTROUTING   -s   192.168.100.0/24 -o eth0 -j   MASQUERADE

#/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -s ${any} -d ${any}

#/sbin/iptables -t nat -A POSTROUTING -o ppp+ -j MASQUERADE -s ${local_net} -d ${any}

/sbin/iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 0/0 -j SNAT –to-source 221.120.99.72 – without proxy

/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0/0 -j SNAT –to-source 221.120.99.72 – using proxy server

# iptables -t nat –A PREROUTING –i eth1 –p tcp –d 0/0 – -dport 80 –j DNAT – -to
192.168.0.3:3128 – 192.168.0.1 is Gateway and 192.168.0.3 is Proxy server

1. 2. chmod 744 rules.sh OR chmode   +x   rules.sh – Give executable permission to the file rules.sh.
2. 3. /etc/init.d/rules.sh
   

1. 4. Execute the sonic file during startup the machine

Debian

ln -s   /etc/init.d/rules.sh   /etc/rc2.d/S98rules.sh –Run this file during startup.

Red Hat

[#]   cp   rules.sh   /usr/bin/rules.sh– for give command by file name Ex – sonic.

[#]   vi   /etc/rc.local
rules.sh
!

etc directory

Ø System configuration files, user information are store in etc directory.

Ø /etc/password  – User’s information in plaintext.

Ø /etc/shadow – User’s information + password in Encrypted format.

Run level

I. init 0 – Shutdown

II. init 1 – Single user mode (close all consol except current working consol.
We can enter single user mode without root using password.)

III. init 2 – Multi user mode without NFS (Network file system)

IV. init 3 – Full Multi user mode (text mode).

V. init 4 – Unused.

VI. init 5 – X window (Graphical mode)

VII. init 6 – Reboot

1. [#] runlevel – Display init level. It will display
N 3 à N = none, 3 = current init level.
1 S à 1 = Current init level, S = single user mode.

2. [#] vi /etc/inittab – Change run (init) level
id: 3: initdefault – i – change 3 (full multi user mode) to 1 (single user mode)
– Esc – : x!

3. Create virtual terminal (consol)

[#] vi /etc/inittab – go to 50 number line (by 50 gg)

1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
…………………………………………
6:2345:respawn:/sbin/mingetty tty3
8:2345:respawn:/sbin/mingetty tty8
!
[#] reboot – Reboot the machine to work added F8 console
[#] init q – Reload the inittab file. (It is better than reboot the machine)

4. Datives the Alt+Ctrl+Del command to reboot a machine and display a message.

[#] vi test
#!/bin/bash
echo “This feature is disable by the system admin”
!
[#] chmod +x test
[#] cp test /usr/bin/test
[#] vi /etc/inittab

#Trap CTRL-ALT-DELETE
#Ca: : ctrlaltdel:/sbin/shoutdown -t3 -r now – comment out the line.
Ca: : ctrlaltdel:usr/bin/test – add the line
!
[#] init q – Reload the inittab file.

There are two type Boot Loader

Ø Grub – grand Unified Boot Loader.

Ø LiLo – Linux Loader (old version)

5. Set password to enter kernel boot loader.

[#] vi /etc/grub.conf

title fedora core 0
title others 1
default =1 – default booting OS
timeout = 5 ­– 5 second wait for choosing booting OS
passwd=123
hidemenue – give password of editing kernel by e during booting session
passwd=123

6. [#] vi /etc/passwd
root: x: 0:0: root: /root/bin/bash
mahmud: x: 500:500: Mahmudul Hasan/home/bin/bash

Here ……
root – User name.
x – User password in shadow file.
0 – User id (always root user id and password is 0:0, system created user id is
form 0 to 499 and Normal created user id is start form 500.
0 – Group id
root – User’s full name and other information (address, phone number etc.)
/root – Home directory of root.
/bin/bash – Shell. If here /bin/no login or /bin/false display then the user can
not login

7. [#] vi /etc/shadow à information are shown in encrypted format
root: lkdfhalkfj94u8392kldfna: 0:0: root: /root/bin/bash

8. [#] vi /etc/passwd
root:! x: 0:0: root: /root/bin/bash à The user is locked.
root: x: 0:0: root: /root/bin/bash à The user is unlocked.

We can also lock the user by command: –
[#] passwd –l mahmud à Lock the user named mahmud.
[#] passwd –u mahmud à Unlock the user named mahmud.

9. [#] vi/etc/motd à [motd – message of the day]. When login the message is
displayed in the screen.
Welcome to linux pathshala
!

10. [#] vi /etc/issue à Give message before login.

hello this is me
!

11. [#] vi /etc/rc.local à Run the file during start the machine.
reboot à Reboot the server when start the machine every time.
!

12. Deny services to the hosts

[#] vi /etc/hosts.deny

ALL:ALL or all:all – Deny all service to all hosts [1^st ALL is service name &
2^nd ALL is host name].
sshd:ALL or sshd : ALL – Deny sshd service to all hosts.
sshd,telnet:ALL – Deny sshd and telnet service to all hosts.
sshd:sum,mum – Deny sshd service to host sum and mum
sshd:192.168.1.1 192.168.1.2 – Deny sshd service to the IP
sshd:192.168.1.1,192.168.1.2 – Deny sshd service to the IP
sshd:ALL EXCEPT 192.168.1.1 – Deny sshd service to all host except the IP.
!

13. Allow services to the hosts

[#] vi /etc/hosts.allow
ALL:ALL or all:all – Allow all service to all hosts [1^st ALL is service name &
2^nd ALL is host name].
sshd:192.168.1.2 – Allow sshd service to IP 192.168.1.2
sshd:linux2 – Allow sshd service to host linux2
sshd:192.168.1. – Allow sshd service to IP 192.168.1. all networks.
sshd:192.168.1.0/24 – Allow sshd service to IP 192.168.1.2/24 all networks.
snmpd: 221.120.96. – Allow snmpd to this block.
!

[#] cat /etc/service – Display the port number of different protocol.

Interface Setup

LAN – Local Area Network

NIC – Network Interface Card

MAC – Media Access Control [00:21:03:A1:15:C6]
[00:21:03 – vendor ID, A1:15:C6 – Serial Number]

Ethernet Adapter – eth0 (LAN 1), eth1 (LAN 2)

ARP – Address Resolution Protocol. [IP to MAC]

Ping – Packet Internet Gopher.
init.d – d – Demon (service)

1. [#$] dmesg – Display Kernel Log message.

2. [#$] dmesg | grep eth0 – Search eth0 is connected or not.

3. [#$] dmesg | grep * – Display all Ethernet interface.

4. [#$] ifconfig – Display the interface properties.

5. [#$] ifconfig eth0 – Display the interface properties of eth0 (1^st LAN).

6. [#$] ifconfig –a – [a-all]. Display the interface properties.

7. [#$] system-config-network-cmd – Display LAN information.

8. [#$] mii-tool – Check cable of all interface is connected or not. It has some output:

– Link OK

– Auto negation failed, Link Ok

– No MII Transceiver present

– No link.

9. [#$] mii-tool eth0 – Display the cable is connected or not in eth0 interface.

10. [#$] mii-tool -r – Reset all interface (disable then enable).

11. [#$] mii-tool -r eth0 – Reset eth0 interface (disable then enable).

12. [#$] route –n – Display the Gateway.

Change host Name

13. [#] hostname sum – Change hostname to sum temporary. After restart the
machine the hostname (sum) will not exists.

14. Permanently set host name (this will effect after restart the server)
[#] vi /etc/sysconfig/network
Networking = yes
Hostname = sum
!

15. Input IP and host name in host file. Host file is working locally and it work before DNS. We can ping a machine by host in replace of IP. In that case the host name should be written against IP address in host file.

[#] vi /etc/hosts

127.0.0.1 Localhost.localdomain Localhost à This create during installation
192.168.100.1 sum.com ns1 – Domain – sum.com Host name – ns1
192.168.100.1 ns1.sum.com.bd ns1 – FQDN -Full Qualified Domain Name
(host name. Domain name)
192.168.1.1 Linux1 Mahmud – 2 host name and not case sensitive.
!

[#] ping 192.168.1.2
or
[#] ping Linux1
or
[#] ping Mahmud

Set IP address

Static IP – Put IP manually
Dynamic IP – Pull an IP from DHCP server.
[*] Use Dynamic IP configuration (BOOTP/DHCP) – [* - space bar]

IP Address: 192.168.1.2
Net Mask: 255.255.255.0
Default Gateway (IP): 192.168.1.254
Primary Name Server (DNS): 192.168.1.1

Set IP in LAN card

16. Debina [ vi /etc/network/interface ]

auto eth0

iface eth0 inet static

address 221.120.96.254

netmask 255.255.255.224

network 221.120.96.224

broadcast 221.120.96.255

gateway 221.120.96.225

# For Office AP

auto eth0:0

iface eth0:0inet static

address 172.16.119.1

netmask 255.255.255.224

RedHat

[#$] netconfig – By default set IP in eth0.

[#$] netconfig –d eth1 – Set IP in eth1.

[#$] netconfig - -device eth1 – Set IP in eth1.

[#$] system-config-network – Set IP in eth0 or eth1.

[#$] setup – Network Configuration, Set IP address in eth0 or eth1

[#$] vi /etc/sysconfig/network-scripts/ifcfg-eth0

Device = eth0
ONBoot = yes
BOOT PROTO = static
IPADDRESS = 192.168.1.2
NETMASK = 255.255.255.0
GATEWAY = 192.168.1.254
DNS = 192.168.1.1
If ifcfg-eth0 file is not in network-scripts directory then-

[#] cd /etc/sysconfig/network-scripts
[#] ls – see the file under network-scripts directory.
[#] cp ifcfg-lo ifcfg-eth0 – Create a file named ifcfg-eth0 from lo (loop back)
[#] vi /eht0

17. After set the IP should be restart the service network

[#$] service network restart
[#$] /etc/init.d/network restart

18. IP Aliasing (set more than one IP in a single LAN card)

Temporary (After rebooting the machine the IP will release)

ifconfig eth1 192.168.10.1
ifconfig eth1:0 192.168.10.1 – By default get subnet mask of that IP (2^nd IP in a NIC)
ifconfig eth1:1 192.168.10.2 netmask 255.255.255.0 – Give the subnet mask. (3^rd IP)

Permanent

[#] vi /etc/rc.local

ifconfig eth1:0 192.168.10.1 netmask 255.255.255.0 – 2^nd IP
ifconfig eth1:1 192.168.20.2 netmask 255.255.255.0 – 3^rd IP
!

[#] service network restart – After restart the Network service the extra IP will release.
[#] /etc/rc.local – After this command the IP will add in LAN card.

ICMP REQUEST

19. Temporary block replay of ping request (this will deactivate after reboot machine)
[#] cat /proc/sys/net/ipv4/icmp_echo_ignore_all – Display ICMP request is
Blocked or not [0-not block replay of ping request, 1or other is value – block]

[#] echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all – Write 1 to the file for
block the replay of ping request.

20. Permanently block replay of ping request
[#] vi /etc/re.local – this file will execute when PC getting start)
touch à after the touch write the line.
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
!
[#] /etc/rc.local – Run the rc.local file without reboot the machine.

21. Linux and Windows Ping properties
[#$] ping 192.168.1.1 – [Linux] Continuous Ping request
[#$] ping 192.168.1.1 – [Windows] 4 ping request.
[#$] ping 192.168.1.1 –t or /t – [Windows] Continuous Ping request.
[#$] Ctrl + C – [Linux, Windows] Quit form ping request.
[#$] ping 192.168.1.1 –c 10 – [Linux] 10 packet send

[#$] ping 192.168.1.1 –n 10 – [Windows] 10 packet send

[#$] ping 192.168.1.1 –i 5 – [Linux] Send packet after each 5 second.
[#$] ping 192.168.1.1 –s 128 – [Linux] Packet Size change to 128 byte (default 64)
[#$] ping 192.168.1.1 –l 128 – [Win] Packet Size change to 128 byte (default 32)
[Linux by default TTL - 64] [Windows by default TTL - 128]

23. Display the hop to reach the destination and packet loss of each hop.
[#$] traceroute 4.2.2.2 (linux)
mtr 4.2.2.2 (linux)
tracert 4.2.2.2 (win)

pathping 4.2.2.2 (win)

ARP – Address Resolution Protocol. [IP to MAC]

22. [#] arp – a – [a-all]. If the machine has IP 192.168.1.2 then it takes MAC of all IP
holder machine of 192.168.3.0 block.

23. [#] arp 122.247.47.11 – Get the MAC of the IP and check the physical link.

24. [#] arp –i eth1 – [i-interface]. Take MAC of pc’s that are connected by eth1.

25. [#] arp –i eth1 -nv – [i-interface, n- number, v- verbose]. Take MAC of pc’s that
are connected by eth1 and show the number of pc connected by eth1.

MAC Clone

26. Temporary (after reboot the machine the new cloned MAC flashed)

[#] ifconfig eth0 down – Down the eth0 interface
or
[#] ifdown eht0

[#] ifconfig eth0 hw ether 00:21:03:A1:15:C6 – Old MAC

[#] ifconfig eth0 up – Up the eth0 interface
or
[#] ifup eht0

27. Permanently Change the MAC

[#] vi /etc/rc.local

ifdown eht0
ifconfig eth0 hw ether 00:21:03:A1:15:C6 à Old MAC

ifconfig eth0 up – Up the eth0 interface

: x!

Remote Login

1. Telnet – port 23. (Can’t change the port number). Data transfer in Plaintext.

2. SSH – port 2. (Can change the port number). Data transfer in Encrypted mode.

· Select which service run during startup a machine

1. [#] nmap 192.168.1.1 – Display which port (service) is open in 192.168.1.1 PC

2. [#] ntsysv – Select a service by pressing space bar. Work for the console by
which the command given.

3. [#] setup then go to system services – Select a service by pressing space bar.
Work for the console by which the command given.

4. [#] chkconfig sshd on – ON the SSH service. Work for current run level.

5. [#] chkconfig –level 5 sshd off – Off the SSH service for run level 5.

6. [#] chkconfig –level 2345 sendmail off – off the sendmail service for run
level 2345.

7. [#] chkconfig –list sshd – Display SSH service is running in which run level.

8. [#] cd /etc – ls – There are 6 directory of each run level named

run level 0 – init 0 – rc0.d
run level 1 – init 1 – rc1.d
run level 2 – init 2 – rc2.d
run level 3 – init 3 – rc3.d
run level 4 – init 4 – rc4.d
run level 5 – init 5 – rc5.d
run level 6 – init 6 – rc6.d

Under each directory there are many file of different service. There is K or S before each service name [K- kill, do not run the service during startup the machine] [S – start, run the service during startup the machine] if we rename the file K25sshd to S25sshd [25 is the process id] the SSH process will start at run level.

[#] mv K25sshd S25sshd – Rename the file to S25sshd

[#] ls –l – Show the file included link file. /etc/rc0.d/S25sshd is link file. The
original file of /etc/rc0.d/S25sshd is in /etc/init.d/sshd location.

9. Manually script run at run level

[#] vi /etc/init.d/test – create a file
[#] chmod +x /etc/init.d/test – Give it executive permission
[#] ln –s /etc/init.d/test /etc/rc3.d/S30test – make link to /etc/rc3.d file

Telnet server configuration

Server end

1. [#] vi /etc/xinetd.d/krb5-telnet

disable = no – “no” is not case sensitive
!

2. [#] service xinetd restart

3. [#] service xinetd status – See the server is running or not.

Client end

In Telnet the data are transfer in plaintext (not encrypted) and it is not secure. For this reason we have to login telnet server by normal user [$] 1^st then switch to root user [#]. Telnet do not support root user to login.

4. [$] telnet 192.168.1.2 – by IP
or
[$] telnet Linux1 – By Host name of server.

Login: mahmud – user mahmud should be exist in server PC.
Password: ****

5. [$] su - – Switch to root user.
Password: *** – Give password of root user.

6. For windows – cmd – telnet 192.168.1.2

7. [#] logout – Exit from telnet root user.
[$] logout – Exit from telnet normal user.

SSH (Secured Shell) server configuration

Server end

1. [#] rpm –qa | grep openssh-server – See the ssh package is installed or not

2. [#] rpm –ivh openssh-server* – Install all ssh package from 2^nd CD.

3. [#] service sshd restart – Restart the demon service of ssh.
OR

4. [#] /etc/init.d/sshd restart – Restart the demon service of ssh.

5. [#] service sshd status – See the sshd service is running or not.

Client End

In SSH the data are transfer in encrypted mode and it is secure. For this reason we can login telnet server by both root user [#] and normal user [$].

6. [#$] ssh root@192.168.1.2 or ssh –l root 192.168.1.2 – Remotely login by root user
Password: **** – Give password of root.

7. [#$] ssh Alvi@192.168.1.2 or ssh –l root 192.168.1.2 – Remotely login by user Alvi.
Password: **** – Give password of user Alvi (server pc user).

8. [root@ns~]# ssh 192.168.1.2 – Try to remotely login as root user because currently client machine login user is root.
Password: **** – Give password of root

9. [Alvi@ns]$ ssh 192.168.1.2 – Try to remotely login as normal user Alvi because currently client machine login user is normal user. User Alvi must be existing in both server pc and client pc
Password: **** – Give password of user Alvi (server pc user).

10. Deny root user login by SSH

[#] vi /etc/ssh/sshd_config
#PermitRootLogin yes – erase the # and set no
:wq
[#] service sshd restart

11. Give SSH login permission to specific user

[#] vi /etc/ssh/sshd_config – Go to the last line by G and write-

AllowUsers mahmud suvo – Give SSH logging permission to only 2 users
(mahmud and suvo) can allow more user. AllowUsers are key sensitive
:wq
[#] service sshd restart

12. Deny SSH login permission to specific user

[#] vi /etc/ssh/sshd_config – Go to the last line by G and write-

DenyUsers mahmud suvo – Deny SSH logging permission to only 2 users
(mahmud and suvo) can deny more user. DenyUsers are key sensitive
:wq

[#] service sshd restart

13. Change SSH port number

[#] vi /etc/ssh/sshd_config – Search port by /port

port 27 – Erase # before the port and change the port from 22 to 27
!
[#] service sshd restart
[#] ssh root@192.168.1.1 – This command doesn’t work now because the default port of
SSH (22) is changed to 27
[#] ssh -p27 root@192.168.1.1 – [p-port, -p 27 also work]. This command is work.

14. SCP (secure copy) over SSH

[#] command sourcefile destination user@IP:directory

[#] scp /etc/passwd [client] root@192.168.1.1:home/Alex [server] – When I am in
client machine Give passwd file from etc/passwd [client] to /home/Alex directory of
192.168.1.1 [server]. Server machine must have to running the SSH service.

[#] scp -r /temp root@192.168.1.1:home/Alex – Directory transfer.

[#] scp root@192.168.1.1:/etc/passwd [server] /home/Alex [client] – When I am
in client machine Take passwd file from etc/passwd [server] to /home/Alex [client]
directory of 192.168.1.1 [server]. Server machine must have to running the SSH
service.

Eudora Outlook Configuaration

MS Outlook

Configuration

1.

· Open MS Outlook Express then go to Tools à Account à Mail (tab) à Add (button). OR Tools à Email Accountà View or change existing e-mail accounts (Radio) àAdd (button)

. Display Name à Mahmud

E-mail address à sum@smile.com.bd (Provide by ISP)

Incoming Mail server (POP3) à mail.smile.com.bd (Provide by ISP)

Outgoing Mail server (POP3) à mail.smile.com.bd (Provide by ISP)

User Name à sum@smile.com.bd (Provide by ISP)

Password à sumon03041382 (Provide by ISP) OR uncheck Remember my

Password and do not give any password in that text field.

Next à Finish

OR

Go to Control Panel à Mail à Show Profile (button) à Add (button) à Give a profile name [Mahmud] à OK à Add a new email account (radio) and Next à POP3 (radio) and Next à Give the information à More Settings (button) à Advance (tab) à Check “Leave a copy of message on the server” à OK à Next à Finish à Ok.

· LOGIN: Send/Receive (button) à Give User Name and Password (to access mail account)

2. Know the Location of .pst file

Control Panel à Mail (D.C) à Show Profiles (button) à select the Profile Name (Mahmud) à Properties à Data files à select the “Personal Folders” and Open Folder (button)

3. Move the PST to a new location with its all mail

Control Panel à Mail (D.C) à Show Profiles (button) à select the Profile Name (Mahmud) à Properties à Data files à select the “Personal Folders” and Open Folder (button) –> cut the PST file to another location –> D.C on “Personal folder” and browse the new location of PST folder –> Ok –> Close –> Close –> Ok

4. Create a new PST file to another location

Open the MS Outlook Express à Tools à Email Accounts à View accounts (button) and Next à New Outlook Data File (button) à Select Office Outlook Personal Folders file (.pst) à Ok à A browser will come and give the path of new location à Ok à Give the Name of Personal Folder [Personal Folder 1] à Ok à Select the New Personal Folder [Personal Folder 1] from the dropdown list à Finish à Ok à Close and Open the MS Outlook Express.

5. Add another PST in an account

Open the MS Outlook Express à Tools à Email Accounts à View accounts (button) and Next à New Outlook Data File (button) à Select Office Outlook Personal Folders file (.pst) à Ok à A browser will come and browse another PST file à Ok –> Apply à Ok –> Finish à Close and Open the MS Outlook Express.

6. Scan & Recover PST file

Go to the location C:\Program Files\Common Files\System\MSMAPI\1033 –> D.C

On SCANPST –> Browse the PST file –> Start (button) –> Restore

7. Folder Create

File à Folder à New Folder à Select the folder under which you want to create a new folder (such as Inbox) à Give the Name of New folder à Ok.

8. Move the Mail of a specific people (email account) to a specific folder

Tools à Rules and Alerts à New Rule à Start from a blank Rule (radio) & next à Check “from people or distribution list” and click people or distribution list from the bottom text field à Write the email id in “From” text field (we can give more then one email id in the field separated by semicolon à Ok à Next à Check “move it to the specific folder” and give the path of the folder from bottom text field à Ok à Next à Next à Check “Run this rule now on message already in Inbox à Finish. à Apply à Ok.

9. Set Remainder

Go –> Tasks –> Double Click under the task schedule and give the remainder –> Save and close the task window.

Outlook Express

1.¨ File à Switch Identity à Manage Identities (button) à New (button)

Type Your Name: Mahmud (Identity name) à OK.

Do you want to switch Mahmud now? à Yes

Connect to internet à Yes

Create a new Internet mail account (radio) à Next

. Display Name à Mahmud

E-mail address à sum@smile.com.bd (Provide by ISP)

Incoming Mail server (POP3) à mail.smile.com.bd (Provide by ISP)

Outgoing Mail server (POP3) à mail.smile.com.bd (Provide by ISP)

User Name à sum@smile.com.bd (Provide by ISP)

Password à sumon03041382 (Provide by ISP) OR uncheck Remember my

Password and do not give any password in that text field.

Next à Finish

Do not import at this time (radio) à Next à Finish

¨ LOGIN: File à Switch Identity à Mahmud (D.C) à Give the password of sum@smile.com.bd and login to that account.

¨ LOGOUT: File à Switch Identity à Select Mahmud à Log Off Identity.

¨ Give Password to access Identity: File à Switch Identity à Select the Identity (Mahmud) à Properties (button) à Check Require password à give the password à OK.

2. Send Mail: Create (button) à Give the Address and subject à Sent (button)

3. Leave a copy of message on Server while download the mail in HD space: ToolsàAccount à Mail (tab) à Select mail.smile.com.bd mail (default) à Properties à Advance (tab) à Check Leave a copy of message on Server à Apply

4. Outlook express save the mail in C:\Program Files\Outlook Express location of the Hard Disc.

5. Change the Directory location of store mail in Outlook Express è Tool à Options à Maintenance (tab) à Store folder (button) à Change (button) à Give the new path such as E:\mahmud test à OK à Logoff and Login to the Outlook Express. [The file (mail) of C:\Program Files\Outlook Express location will moved to new location E:\mahmud test]

6. Add Group (If we write group name on To then the message will send all members of the group): Address (button) à File à New Group à Give Group Name (NOC), Name (Mahmud), E-mail (Mahmud@smile.com.bd ) à Add (button) à In this way add many more E-mail address in a group.

Gmail

To enable POP in your Gmail account:

1. Log in to your Gmail account.
2. Click Settings at the top of any Gmail page.
3. Click Forwarding and POP/IMAP.
4. Check Enable POP (Radio)

Set POP (incoming) – pop.gmail.com (give port number 465)

Set SMTP (outgoing) – smtp.gmail.com (give port number 995)

Eudora

Installation

1. Double click on setup.exe file à Next (welcome page) à Yes (license agreements) à Check all items & Next à Give destination Program folder (default) & Next à Select Custom Data Folder (radio) and Browse the location of a folder to download mail in that folder & Next à Next à Yes (create desktop shortcut icon)à Give the shortcut icon name & Next à Uncheck the check box & Finish.

Configuration

1. Next à Create and brand new e-mail account à Next à

You’re Name: Mahmud & Next

Return address or e-mail address: sum@smile.com.bd & Next

Login Name: sum or sum@smile.com.bd & Next

Incoming Server (POP): mail.smile.com.bd & select POP (radio) & Next

Outgoing Server (SMTP): mail.smile.com.bd & allow authentication (default check)

& Next

Next à Finish à OK.

2. See the configuration and edit configuration è Tools à Option à Getting started.

General Information

1. If someone use smile mail server (Incomming) and use Agni internet connection and mail server (Outgoing) then -

Incoming server (POP) àmail.smile.com.bd

Outgoing server (SMTP) àsmpt.ogni.com

Create Dialer

Vista Operating system

The Connect to the Internet wizard will guide you through the steps of setting up a Point-to-Point Protocol over Ethernet (PPPoE) Internet connection.

1. Open the Connect to the Internet wizard by clicking the Start button, clicking Control Panel, clicking Network and Internet, clicking Network and Sharing Center, clicking Set up a connection or network, and then clicking Connect to the Internet.

2. On the How do you want to connect? Page, select Broadband (PPPoE).

3. Continue to follow the steps in the wizard.

Windows XP

My Network Places –> Create a new connection –>  Next –> Connect to the internet (default) & Next  –> Setup my connection manually & Next Create using a broadband connection that requires user name and password & Next –> Give the dialer name & Next –> Give username and password for the dialer to connect to the DHCP server & Next –> Check Add shortcut of dialer to desktop & Finish.

Windows 98/2000

In XP Operating System PPPoE package is automatically installed during XP installation but in Win 98/2000 we have to install it manually.

1. Local Area Connection (R.C) –> Properties –> Select nothing (default selection) –> Install (button) –> Protocol –> Add  –> Have Disk –> Browse –> Give the path of *.inf file of RasPPPoE folder –> Select winpppoe.ing –> OK –> Give windows drive location where it installed (C Drive)
   
   
2. Start –> Run à raspppoe à Create dialer within username and password by press a button.

PPPD Dialer (for VPN)

Windows XP

My Network Places à Create a new connection à Next à Connect to the network at my workplace & Next à Virtual Private Network Connection (VPN) à Give the name of dialer & Next à Give the IP address of PPPD (VPN) server à Check Add Shortcut to Desktop à Finish

Configuration

In this link you will find all configuration manual

Hard Drive

1. Type of Hard drive
   
   
   1. IDE – Integrated Device Electronics.
   2. SATA – Serial Advance Technology Attachment.
   3. SCSI – Small computer system interface.

3. Cable Selection	IDE device	SATA / SCSI
   Primary Master [P.M]	hda	sda
   Primary Slave [P.S]	hdb	sdb
   Secondary Master [S.M]	hdc	sdc
   Secondary Slave	hdd	sdd

3. Parts of Hard drive

1. 1. Zero Sector àIt has two part
      

(a) MBR (Master Boot Recorder) – Have boot information of OS.
(b) Partition information – Have information of different partitions

1. 1. Other space of a Hard Dri

      Partitions of Hard Drive
      
      

a. Primary  – windows have 1 primary & Linux have4 primary partition

Primary partition 1 – hda 1

Primary partition 2 – hda 2

Primary partition 3 – hda 3
Primary partition 4 – hda 4

Extended – we can create logical partition in extended partition.

Logical partition 5 – hda 5 (drive D)
Logical partition 6 – hda 6 (drive E)
Logical partition 7 – hda 7 (drive F)