Articles for Linux

How to update Centos 5 .X and cannot find a valid baseurl for repo

How to update Centos 5 .X and cannot find a valid baseurl for repo

If you are using CentOS 5.x and want to install any software and update CentOS 5.x  . you are getting following error .

root@server1 [~]# yum update -y
Loaded plugins: fastestmirror
Determining fastest mirrors
YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
 Eg. Invalid release/
removing mirrorlist with no valid mirrors: /var/cache/yum/base/mirrorlist.txt
Error: Cannot find a valid baseurl for repo: base

This is because update repositories were moved to the CentOS vault when the operating reached it's end-of-life.

Edit the following file

Continue reading How to update Centos 5 .X and cannot find a valid baseurl for repo

OpenVPN CRL has expired

OpenVPN CRL has expired

VERIFY ERROR: depth=0, error=CRL has expired: CN=servername

In order to fix the issue, we just need to recreate the crl.pem file.

we need  to backup the current crl.pem file before creating a new one.

The location of the  crl.pem file  at /etc/openvpn/

#mv  crl.pem  crl.pem.back

Now go to  easy-rsa  folder

# cd  easy-rsa

now generate crl.pem

./easyrsa gencrl

Now copy the new crl.pem to openvpn folder

# cp pr /etc/openvpn/easyrsa/pki/crl.pem

Now restart openvpn service

 

source link :- https://www.jobishmathew.me/openvpn-crl-has-expired/

OPENVPN Logs

OPENVPN Logs
To troubleshoot connection issues check below logs

grep the client name  in /var/log/messages
# grep VPN    /var/log/messages

Check the connection time

#cat /etc/openvpn/openvpn-status.log

Check the connection negotiation activity

# tail -f /var/log/messages

 

iptables port forwarding

iptables port forwarding

I am port forwarding  public ip x.x.x.x  to private ip 192.168.200.200  .

iptables -A INPUT -i eth0 -p tcp –dport 5001 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp –sport 5001 -m state –state ESTABLISHED -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp –dport 5001 -j DNAT –to-destination 192.168.200.200:5001

Continue reading iptables port forwarding

How to Show All NAT Tables Rules IPTABLES

How to Show All NAT Tables Rules IPTABLES

iptables -t nat -L
iptables -t nat -L -n -v | grep 'something'
iptables -t nat -L -n -v

The netstat-nat command display the natted connections on a Linux iptable firewall

yum install netstat-nat

# netstat-nat -n
To display SNAT connections, run:
# netstat-nat -S
To display DNAT connections, type:
# netstat-nat -D

List NAT 

iptables -t nat –line-numbers -L

Delete rule no 6 

iptables -t nat -D PREROUTING 6

 

no “setup” command found in CentOS minimal install

no “setup” command found in CentOS minimal install

In Minimum Install this will not get install

If we got below Error, we need to install some packages to get work with setup command

[root@gkhan.in ~] setup
-bash: setup: command not found

Here we can see how to install in minimal install

yum install setuptool -y
yum install system-config-network* -y
yum install system-config-firewall* -y
yum install system-config-securitylevel-tui -y
yum install system-config-keyboard -y
yum install ntsysv -y

Now we can use the setup utility, That’s it.

fail2ban missing whois program

fail2ban missing whois program

missing whois program in fail2ban email alerts . you are not able to receive IP information .

#yum search whois

gnome-nettool.x86_64 : A GNOME interface for various networking tools
jwhois.x86_64 : Internet whois/nicname client.
perl-Net-Whois.noarch : Get and parse “whois” domain data from InterNIC
perl-Net-Whois-IP.noarch : Perl extension for looking up the whois information
: for ip addresses

# yum install jwhois.x86_64

now test whois command

Continue reading fail2ban missing whois program