This post summarizes Linux Kernel new features, bugfixes and changes in Linux 4.19.178 Release. Linux 4.19.178 Release contains 248 changes, patches or new features. In total, there are 239,909 lines of Linux source code changed/added in Linux 4.19.178 release compared to Linux 4.19 release. To view the source code of Linux 4.19.178 kernel release online,…
This post summarizes Linux Kernel new features, bugfixes and changes in Linux 5.4.102 Release. Linux 5.4.102 Release contains 338 changes, patches or new features. In total, there are 160,715 lines of Linux source code changed/added in Linux 5.4.102 release compared to Linux 5.4 release. To view the source code of Linux 5.4.102 kernel release online,…
This post summarizes new features, bugfixes and changes in Linux kernel release 4.19.70. Linux 4.19.70 Release contains 95 changes, patches or new features. In total, there are 101,521 lines of Linux source code changed/added in Linux 4.19.70 release compared to Linux 4.19 release. To view the source code of Linux 4.19.70 kernel release online, please…
Hyperledger Fabric is a consortium blockchain system. It’s performance is relatively good and its modular architecture enables it to be usable in many scenarios. Hyperledger Fabric itself has rich documents and samples of test networks. For beginners, deploying a new network for trying and testing still consumes quite some time. In this post, we will…
How to open a port, say 3389, in iptables to allow incoming traffics to it? There are several cases for this question: ipv4 or ipv6 or both, TCP or UDP or both and which interface? For simplicity, I give commands to allow all (ipv4 and ipv6, TCP and UDP from all interfaces) using port 3389…
before the packets ports (443) entering the firewall i would like to divert incoming packet of server (443) to input chain goes to FORWARD chain<br> so thats the incoming packets 100.43.xx.xx –sport 443 are send it to FORWARD instead of input chain<br> how to configure this in OUTPUT,FORWARD,POST AND PREROUTING CHAIN and this is my…
When I tried to apply new configuration in /etc/sysctl.conf, I got following message. warning: /etc/sysctl.conf(44): invalid syntax, continuing… Sounds like your changed /etc/sysctl.conf has problem. You may post the content of your /etc/sysctl.conf here to let other have a check. net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1…
How to enable SSH service on Fedora Linux? By default, it seems ssh is not enabled. Fedora may not have sshd service installed/enabled by default. You will need to install and configure it by yourself. The following instructions is for Fedora 22 as an example. First, install the sshd server by # dnf install openssh-server…
My program reports that the port is already used. How to find which program or process is listening on a certain port in Linux? You can use netstat to do this. netstat can print network connections. For example, to find which program is listing on port 9999 netstat -pln | grep 9999 You will need…
What is a good basic iptables config? Basic rules needed: Allow incoming TCP to 22 for SSH but blocks all others. Allow outgoing TCP/UDP connections. You may consider using the following rules as a start: for tables in iptables ip6tables ; do # Flush existing rules $tables -F # Default policy $tables -P INPUT DROP…
How to log connections hitting certain rules in iptables on Linux? Like the one that are dropped because of too frequently creating SSH connections. You can create a new chain named LOGNDROP that log the connections and drop them, then pass the connection to be redirected to the LOGNDROP chain. $tables -N LOGNDROP # Connections…
How to use iptables to limit rates new SSH incoming connections from each IP on Linux? For example, at most 6 SSH connection attempts every 60 seconds. You may use these rules (skip the first one, if you have set the basic rules): for tables in iptables ip6tables ; do # Allow established inbound connections…
I find there are too many TCP segments retransmited in a Xen virtual machine. sudo netstat -s | grep segments 537559 segments received 558908 segments send out 3533 segments retransmited 2677 bad segments received. There are 4 VMs on a host which has 4 cores. The segment retransmision rate is too high. It finally turns…
How to easily and quickly test the connection between two nodes on Linux? This should be specific to protocol and port. We can use nc (netcat) to test the connection between two servers. For example, to test whether TCP port 1048 can be used on the server (IP 10.0.3.48 as an example) side: On the server: $…
We ever discussed fixing ports used by NFSv3 so that it can be easily exported to external networks. For NFSv4.1 or higher, things are much easier. The ports for mountd, statd, and lockd are not required in a pure NFSv4 environment. We have less ports to control or allow for connections. Only port 111 and…
Controlling the mounting of filesystems is a useful technique for managing Linux systems. The mounting configurations are mostly in the /etc/fstab file. In this post, we will discuss 2 common and useful techniques for controlling the filesystem mounting by playing with the /etc/fstab file: allowing non-root users to mount/unmount filesystems and avoiding mounting failures blocking…
The ports used by NFS server can be dynamically assigned by rpbind to any higher number. We need to fix the ports used by NFS server to configure firewall or port forwarding mechanism. The ports used by NFS server and how to fix these ports will be introduced in this post. There are seven ports…
UDP has its advantages over TCP, such as being relatively lightweight and receiving one packet per read call (recvmsg), although the programmers need to handle related issues, such as packet lost and out-of-order packets delivery. This post gives information and references on how to write UDP programs in a C/Linux environment. What is UDP Check…
Linux port forwarding is simple to do with iptables which may probably already being used as the firewall or part of the setting up a Linux gateway. In the Linux kernel, port forwarding is achieved by packet filter rules in iptables. Port forwarding Port forwarding also called “port mapping” commonly refers to the network address…
Hadoop’s namenode and datanodes expose a bunch of TCP ports used by Hadoop’s daemons to communicate to each other or listen directly to users’ requests. These ports information are needed by both the Hadoop users and cluster administrators to write programs or configure firewalls/gateways accordingly. A post written by Philip Zeyliger from Cloudera’s blog summarizes the…