The xt_quota netfilter module reports quota values back to userspace for tools like iptables-save and rule management. A critical kernel patch changed how these values are communicated to ensure proper handling of quota rule removal and persistence. The Problem Originally, the xt_quota module copied the current quota value back to userspace after each packet match….
This document provides the essential software versions and upgrade instructions for running Linux 2.0.x kernels successfully. It covers package compatibility, known issues, and practical solutions for system administrators upgrading from earlier kernel releases. Networking Configuration The loopback route configuration in many older network scripts is incorrect and will cause kernel errors in 2.0.x. Look for…
Intercepting traffic before normal routing decisions requires understanding packet flow through iptables chains. If you need incoming packets to bypass the INPUT chain and process through FORWARD instead, you’ll use the PREROUTING chain with Destination NAT (DNAT). Packet Flow Through iptables When a packet arrives at your system, it traverses these chains in order: PREROUTING…
Zimbra’s web interface needs proper hostname and port configuration to function correctly, especially when you’re deploying behind load balancers, reverse proxies, or in clustered environments. Viewing Current Configuration Check your current Zimbra web service hostname and port settings: zmprov getServer $(zmhostname) zimbraMailPort zmprov getServer $(zmhostname) zimbraMailSSLPort zmprov getServer $(zmhostname) zimbraAdminPort You can also query the…
After a libvirt upgrade, VMs fail to start with the error: error: Failed to start domain kvm1 error: Network not found: no network with matching name ‘default’ This happens when the default NAT network (virbr0) isn’t automatically created during the upgrade. Quick fix: Restore the default network The fastest solution is to recreate the default…
When clients connect to your OpenWRT router via DHCP, they typically receive the router itself as the default gateway. Sometimes you need to advertise a different gateway — whether you’re running a proxy, load balancer, or multi-gateway setup on your network. This is done via DHCP option 3 (the router option in the DHCP specification)….
[md] By default, Fedora doesn’t enable SSH access. You’ll need to install OpenSSH server, start the service, and configure your firewall to allow connections. ## Install OpenSSH Server sudo dnf install openssh-server openssh-clients The openssh-clients package provides the ssh command for connecting to other machines, while openssh-server allows incoming connections. ## Start and Enable the…
iptables remains the standard firewall configuration tool on Linux systems, though many distributions now layer it with ufw or firewalld. Understanding the basics helps you troubleshoot, migrate, or work on systems without those abstractions. Understanding iptables Fundamentals iptables operates on three main chains: INPUT: rules for incoming traffic FORWARD: rules for traffic passing through the…
Logging connections that hit rate-limit rules helps you identify brute force attempts and troubleshoot legitimate clients that are being blocked. The standard approach is to create a dedicated chain that logs packets before dropping them. Create a logging and drop chain First, create a custom chain to handle logging and dropping: iptables -N LOGNDROP iptables…
Rate-limiting SSH brute-force attempts is essential for any server exposed to the internet. Using iptables with the recent module, you can drop connections from IPs that exceed a threshold in a given time window—for example, blocking IPs that attempt more than 6 connections in 60 seconds. Using iptables The recent module tracks connection attempts by…
Making firewall rules persistent across system reboots is essential for any production Linux system. While the original iptables-persistent approach works, modern systems typically use ufw (Uncomplicated Firewall) or firewalld, but understanding the underlying iptables mechanism is still valuable for lower-level control. Using iptables-persistent The iptables-persistent package automatically saves and restores your firewall rules during boot….
Fedora uses FirewallD as its default firewall management service. If you’re running servers in a trusted internal cluster or isolated environment where network-level filtering isn’t needed, you can disable it entirely. Stop and Disable FirewallD To completely disable the firewall: sudo systemctl stop firewalld sudo systemctl disable firewalld The stop command halts the service immediately….
When you need to rsync against hosts behind NAT gateways or port-forwarded SSH services, the standard port 22 won’t work. The solution is the -e flag, which lets you specify a custom SSH command with your desired port. Basic usage Use -e to pass custom SSH arguments: rsync -avxP –delete -e “ssh -p 13022” username@example.com:/remote/path/…
Your iPhone’s touchscreen can serve as a remote input device for your Linux desktop or laptop. Here are the most practical approaches. WiFi Mouse Method The WiFi Mouse application lets you control your Linux system’s cursor and clicks from your iPhone over a local network. Setup: Install the iPhone app: Download WiFi Mouse from the…
Blocking JavaScript per-site in Chrome lets you stop intrusive scripts, malicious content, or resource-heavy trackers without disabling JavaScript globally. This gives you surgical control—some sites work fine without JS, while others need it. Access the JavaScript exceptions page Open Chrome and navigate to this URL in the address bar: chrome://settings/contentExceptions#javascript Alternatively, go through the menu:…
git clone https://example.com/your/repo.git git clone git@github.com:user/repo.git Use HTTPS for better firewall compatibility, or SSH if you have keys configured. HTTPS requires authentication via personal access tokens or git credentials; SSH uses key-based auth. List branches # Local branches only git branch # All branches (local and remote) git branch -a # Show branch tracking information…
You often need to access a Git server that only accepts internal connections, but you have SSH access to an intermediate host that can reach it. This is common in corporate environments where the Git server sits behind a firewall. You can tunnel Git traffic through the intermediate host without manually managing tunnels for each…
NFSv3 uses multiple RPC services, each requiring its own port assignment. Without explicit configuration, rpcbind assigns random high ports to four critical services, making firewall rules unmaintainable. Modern deployments should prioritize NFSv4 with Kerberos, but legacy NFSv3 environments remain common enough to warrant proper port management. The NFS service stack includes seven RPC programs: Service…
SSH port forwarding lets you tunnel network traffic through an encrypted connection, making it essential for accessing services on restricted networks, exposing local services safely, or routing traffic through a jump host. This guide covers the three main types and production-ready practices. Local Forwarding Local forwarding listens on your local machine and relays connections through…
Running an SSH server on Windows enables remote administration, port forwarding, and integration with Unix-like workflows. Modern Windows provides native OpenSSH support that’s far superior to legacy third-party solutions. Installation Windows 10 (build 1809+), Windows 11, and Windows Server 2019+ include OpenSSH as an optional feature. Via Settings: Open Settings → System → Optional features…