Category Archives: Cheat Sheets

chkconfig Cheat Sheet

Tags :

Category : Cheat Sheets

Get Social!

Linux penguinControlling startup services in Linux distributions such as Red Hat Enterprise Linux (RHEL), CentOS and Oracle Enterprise Linux (OEL) can be done using a Gnome GUI or a command line utility. The command line utility is called chkconfig and can list existing, add new or remove services from the operating systems startup list.

As Linux operating systems have multiple states, or runlevels, you need to make sure you add any new services to the correct runlevels. For example, you would not want to start a web service application before starting networking. See my post on runlevels.

What services are available for startup?

Use the –list switch to see your existing services and when they should be running.

chkconfig --list

An example output is below. This shows all of the machine runlevels and what the state of the service will be.

chkconfig --list

Note: This output shows SysV services only and does not include native systemd services. SysV configuration data might be overridden by native systemd configuration.

modules_dep 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:off 3:on 4:off 5:off 6:off

In this example, there are three services available. netconsole is not available at any runlevels and is therefore never started automatically, network is available only in runlevel 3 and modules_dep is available in runlevel 2 and runlevel 3.

You could also use the example below to detail the runlevels of a single service only.

chkconfig network --list

Add a new service with chkconfig

Adding a new service is  easily done with the below command. The below example shows the service network being enabled to start at the next machine boot.

chkconfig network on

Use the –level switch to enable the service at specific runlevels. Use the below example to enable the service at runlevel 3.

chkconfig network on --level 3

Remove a service with chkconfig

Removing an existing service is done with the below command. The below example shows the service network being disabled from automatic start.

chkconfig network off

Use the –level switch to remove the service from specific runlevels. Use the below example to disable the service at runlevel 3.

chkconfig network off --level 3

Start a service

Starting a service is done using the command service followed by the service name and the command to start the service.

service network start

Stop a service

Use the stop keyword with service to stop a service.

service network stop

Check the status of a service

Each service has a status, usually running or not running. Some services, such as network, may have a different output and output more information on the service.

service network status

 

Let me know in the comments if you think anything is missing.

Iperf cheat sheet

Tags :

Category : Cheat Sheets

Get Social!

iperfIperf is an Open source network bandwidth testing application, available on Linux, Windows and Unix. Iperf can be used in two modes, client and server. The server runs on the remote host and listens for connections from the client. The client is where you issue the bandwidth test parameters, and connect to a remote server.

Install Iperf on Ubuntu

You can use apt-get install to install Iperf in Ubuntu.

apt-get install iperf

Start server

To start Iperf in server mode, use the below command.

iperf -s

Start server in daemon mode

Running the server without daemon mode keeps the process running in the terminal. Use the -D switch to run it as a daemon in the background.

iperf -s -D

Connecting to server from client

Iperf needs to run on the local host in client mode, as well as in server mode on the remote host. To connect to the remote host, add it’s IP address after the -c switch.

iperf -c 10.1.1.50

Bi-directional simultaneous (test the speed both ways at the same time)

Use the -d switch to test in the network bandwidth in both directions. This will perform two tests; one from local host to remote host, and another from the remote host to the local host.

iperf -c 10.1.1.50 -d

 

Bi-directional  (test the speed both one after another)

Use the -r switch to test in the network bandwidth in both directions. This is similar to -d except the tests will be performed in sequence; first from local host to remote host, and another from the remote host to the local host.

iperf -c 10.1.1.50 -r

Change the window size

The TCP window size can be changed using the -w switch followed by the number of bytes to use. the below example shows a window size of 2KB. This can be used on either the server or the client.

iperf -c 10.1.1.50 -w 2048
 iperf -s -w 2048

Change the port

You must use the same port on both the client and the server for the two processes to communicate with each other. Use the -p switch followed by the port number to use on both the local and remote host.

iperf -c 10.1.1.50 -p 9000
iperf -s -p 9000

Change the test duration

The default test duration of Iperf is 10 seconds. You can override the default with the -t switch followed by the time in seconds the test should last.

iperf -s -t 60

UDP instead of TCP

The default protocol for Iperf to use is TCP. You can change this to UDP with the -u switch. You will need to run both the client and server in UDP mode to perform the tests.

iperf -s -u
iperf -c -u

The result will have an extra metric for the packet loss which should be as low as possible, otherwise the packets will have to be re-transmitted using more bandwidth.

Run multiple threads

Iperf can spawn multiple threads to simultaneously send and receive data. Use the -P switch followed by the number of threads to use.

iperf -c -P 4

Check the version of Iperf

Use the -v switch to see the version of Iperf you have installed.

iperf -v

See the full list of arguments

Use the -h switch to see the full list of arguments supported by Iperf.

iperf -h

 

Let me know in the comments if you think anything is missing.

iptables cheat sheet

Tags :

Category : Cheat Sheets

Get Social!

Here are a few handy commands for using iptables. They are tailored for an OpenVZ container with a venet network interface but can easily be adapted to use your interface by replacing venet0 with your network interface.

For setting up iptables in an openVZ this blog post.

iptables console

Remove existing rules

You can easily delete all existing rules in iptables. Be careful using this command, there is no going back unless you have backed up your rules.

iptables -F

Backup and restore

Backup to file

Rules can easily be saved to an external file for backups or outputting for version control. This will save the rules to /etc/iptables.rules.

iptables-save -c > /etc/iptables.rules

Restore from file

Saved settings can be restored with the following command:

iptables-restore > /etc/iptables.rules

Change the default policy

The default policy can be changed to specify what should happen to traffic which doesn’t have a rule to explicitly define what to do. You can specify to ACCEPT, REJECT or DROP for INPUT, FORWARD and OUTPUT.

Change OUTPUT to ACCEPT

iptables -P OUTPUT ACCEPT

Change INPUT to DROP

iptables -P INPUT DROP

Apply the catchall rule

You can add a rule to the bottom of the rule book to choose what to do with traffic which doesn’t match any other rule. A common use would be to add a DROP as the last rule to drop any traffic which isn’t explicitly allowed by an earlier rule. You can specify to ACCEPT, REJECT or DROP for INPUT, FORWARD and OUTPUT as well as an interface.

ACCEPT INPUT on interface lo

iptables -A INPUT -i lo -j ACCEPT

BLOCK INPUT on interface venet0

iptables -A INPUT -i venet0 -j DROP

List active rules

You can list the active rules with -L, and -v for information on packets affected.

iptables -L -v

Enable established connections rule

Already established connections will not be affected by adding this inbound rule. Traffic affected by other outbound rules will also be honoured. If you add this rule, you won’t likely need to specify inbound rules for many outbound rules.

iptables -A INPUT -i venet0 -m state --state RELATED,ESTABLISHED -j ACCEPT

Adding new rules

New rules can be added to control how traffic passes through an interface. If you have not used the Established connections rule then you will also need to add an outgoing rule. If you do use the Established connections rule then you will only need the top command in each of the below headings.

Add rule for port 80 – such as Apache

iptables -A INPUT -i venet0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o venet0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

Add rule for port 22 – SSH outbound connections

iptables -A OUTPUT -o venet0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i venet0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

Add rule for 53 – DNS outbound

iptables -A OUTPUT -o venet0 -p udp -o eth0 --dport 53 -j ACCEPT
iptables -A INPUT -i venet0-p udp -i eth0 --sport 53 -j ACCEPT

Add rule for port 22 – SSH inbound connections

iptables -A INPUT -i venet0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o venet0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

Add rule for outgoing http/ https

iptables -A OUTPUT -o venet0 -p tcp -m multiport --dport 80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i venet0 -p tcp -m multiport --sports 80,443 -m state --state ESTABLISHED -j ACCEPT

Add rule for ping from remote to local

iptables -A INPUT -i venet0 -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -o ventet -p icmp --icmp-type echo-reply -j ACCEPT

 Add rule for ping from local to remote

iptables -A OUTPUT -o venet0 -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -i venet0 -p icmp --icmp-type echo-reply -j ACCEPT

Delete rule

The easiest way to remove a rule is to delete it by it’s rule position in the list. To find out the rules position run iptables -L with the line-number argument. The below command is to delete an INPUT command however you can easily change INPUT to OUTPUT as required.

iptables -L INPUT --line-numbers

Then run the delete command for the relevent direction. This will delete the 7th inbound rule.

iptables -D INPUT 7

Example deleting rule 1 for INPUT:

# iptables -L INPUT --line-numbers
Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW,ESTABLISHED
2    ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
3    ACCEPT     icmp --  anywhere             anywhere             icmp echo-reply
4    ACCEPT     icmp --  anywhere             anywhere             icmp echo-request

# iptables -D INPUT 1

# iptables -L INPUT --line-numbers
Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
2    ACCEPT     icmp --  anywhere             anywhere             icmp echo-reply
3    ACCEPT     icmp --  anywhere             anywhere             icmp echo-request

 

Let me know in the comments if you think anything is missing.

« Previous Page

Visit our advertisers

Search

Quick Poll

How many Proxmox servers do you work with?
Results

Recent Posts

Visit our advertisers

Site Links
Blog
Rated Sites

JamesCoyle.net Limited