Tuesday, 19 January 2016

Understanding IP Routing

Understanding IP Routing
Home/Study Guides/CCNA Routing & Switching 200-120/Chapter 4 Introduction to IP Routing/4-1 Understanding IP Routing

In the simplest terms, IP Routing is the process of moving packets from its source to its destination across internetworks. To be able to route packets, a router must know at a minimum the following:

    Destination address
    Neighbor routers from which it can learn about remote networks
    Possible routes to all remote networks
    The best route to each remote network
    Be able to maintain and verify routing information

Unfortunately the process is not as simple as it sounds because it involves multiple protocols at multiple layers. To understand the complete process of how a packet moves from the source to the destination, consider the network shown in Figure 4-1.

 Figure 4-1 Understanding IP Routing

 understanding ip routing

In the network shown above, when Host1 sends a TCP segment to Host3, the following happens:

    The TCP segment is handed off to IP, which adds a header consisting of the source address, 192.168.1.10 and destination address 192.168.5.20 and hands off that packet to the next layer.
    Using the subnet mask of the host, it is determined that the destination address lies in a remote network and hence the packet must be sent to the default gateway, 192.168.1.1. So Host1 sends out an ARP request to find the MAC address of Router1. When a response is received, it frames the packet with the source MAC address of Host1 and destination MAC address of Router1.
    When Router1 receives the frame, it strips of the header and trailer and looks at the destination address in the IP header. Since the packet is not destined to Router1, it must be routed out.
    It tries to match the destination address to a list of known networks, called the routing table. It finds that the destination network is reachable via Router2, so it frames the packet with the source MAC address of its exit interface (interface with the IP address of 10.1.1.1) and the destination address of Router2’s interface.
    When Router2 receives the frame, it repeats the strip and lookup process and frames the packet again before sending it to Router3. This time the MAC address of Router2’s exit interface is the source address while the MAC address of Router3 is the destination address.
    Finally Router3 looks at the destination MAC address and realizes that the destination network is directly connected. It finds the MAC address of the destination host and frames the packet using its own MAC address as the source while the MAC address of Host3 as the destination address. At last the frame is sent out and reaches the destination host.
    At the destination, the frame is stripped and the destination IP address is verified. Then the IP header is stripped and the TCP segment reaches Layer 4 of the destination.
    Now when Host3 needs to reply back to Host1, TCP will hand off the reply segment to IP.
    IP will add a header consisting of a source address of 192.168.5.20 and a destination address of 192.168.1.10 and will send it to layer 2 for framing.
    By the subnet mask of Host3, it is determined that the destination lies in a remote network. Hence the frame will need the MAC address of the default gateway as destination. If Host3 does not have the MAC address of Router3, it will send an ARP query to get it. Once Host3 has the MAC address, it will frame the segment and send it out to Router3.
    Router3 strip the frame header and look at the destination IP address in the IP header. From its routing table, it will know that the packet needs to go to Router2. It will frame the packet with a source MAC address of its fa0/0 interface and the destination MAC address will be the address of Router2’s fa0/1 interface and then send it out to the wire.
    Router2 receives the frame and repeats process to send the packet to Router 1.
    Router1 receives the frame from Router2 and removes the frame. By the destination IP address it knows that the packet belongs to a directly connected interface.
    Since it received a frame from Host1 earlier, it has the MAC address of the host mapped to its IP address in the ARP table. The router uses that to create a frame with its fa0/0 interface’s MAC address as source and Host1’s MAC address as destination and sends the frame out the interface.
    When Host1 receives the frame, it verifies the destination address, strips the frame and IP header and sends the TCP segment to layer 4.

Exam Alert: Remember that the source and destination IP address do not change throughout the process while the source and destination MAC address changes at each segment. You will see multiple questions about this on the CCNA exam!  The MAC address is only locally significant and changes each hop.

The above steps show how a TCP segments moves from its source to its destination across an internetwork. The steps above assume that each router in the path knows where the destination network lies. But as you have seen in the previous chapter, a new router has no configuration and the router is not going to discover remote networks by itself. You will need to tell the router about the remote networks manually or configure it to learn the routes dynamically by talking to other routers.
Note: The network shown in Figure 4-1 will be used throughout the chapter. I strongly suggest you setup the above network and configure the basic connectivity. It will also allow you to practice everything learned in the previous chapter, once again.

Tuesday, 29 September 2015

Swap memory clear

Virtual Memory is called as Swap space in Linux and  is used when the physical memory (RAM) is full. When the system needs more memory and the RAM is full, inactive pages in the memory will be moved to the swap space. Swap is not a replacement to physical memory,  it is just a small portion on hard drive; it must be created during the installation. It is better to have swap space equal to 2X RAM.

Sometimes, system will use full amount of swap memory even when the system has enough physical memory available, this happens because inactive pages that are moved to swap during the high memory usage have not gone back to the physical memory in normal condition. That time we have to manually clear (Move the inactive page to Physical RAM) by using the following command.

First issue the following command to initiate the move, this will take time depends on size of the swap memory.

PS: You must have enough physical memory available on the system before initiating the following commands, that means

Swap Memory = Free Memory of Physical RAM.

If you want to clear the 2GB of swap memory, you need to have more than 2GB free memory on the physical memory RAM.

swapoff -a

Once the above command completed successfully, issue the following command to re enable the swap.

swapon -a

Friday, 10 July 2015

Postfix Spam EMail Queue Fix

The following commands will allow you to review these queues:

1- Display the mail queues, deferred and pending



mailq
or
postqueue -p
To save the output to a text file you can run:
mailq > mailqueue.txt
or
postqueue -p > mailqueue.txt

Either of these commands will show you all queued messages.
NB: this command shows the sender and recipients and ID, not the message itself. The ID is particularly useful if you want to inspect the message itself.

2- View message (contents, header and body) in Postfix queue


To view a message with the ID XXXXXXX
(you can see the ID from the queue)
postcat -vq XXXXXXXXXX
Or to save it in a file
postcat -vq XXXXXXXXXX > emailXXXXXXXXXX.txt

A useful feature for web servers is to enable mail.add_x_header = on in the Postfix configuration. This will add a header to all outgoing email messages showing the script and user that generated each message.  Once enabled this will then add the following extra header to message:
X-PHP-Originating-Script: 1001:spamEmailer.php

In this example 1001 is the UID and the spamEmailer.php was the script sending the message. This can allow you to quickly track down the source of spam messages being sent by your server.

With these commands you should be able to review your mail queue and make sure that intended messages are being sent and have not been rejected.

How to delete queued mail from the mail queue


Now that we have learned the necessary steps to reviewing your mail queue, the final 3 tips will demonstrate how to delete queued mail.

3- Tell Postfix to process the Queue now


postqueue -f
OR
postfix flush

This will cause Postfix to immediately attempt to send all queued messages.

4- Delete queued mail


Delete all queued mail
postsuper -d ALL
Delete only the differed mail queue messages (i.e. only the ones the system intends to retry later)
postsuper -d ALL deferred

5- Delete mail from the queue selectively


This is not something that is natively included with the standard Postfix tools however can be done with a bit of Perl scripting.
NB: This perl script seems to be free, and is all over the internet however I could not find out where it originates or who wrote it but my thanks go to them!
#########################################
#!/usr/bin/perl

$REGEXP = shift || die "no email-adress given (regexp-style, e.g. bl.*\@yahoo.com)!";

@data = qx</usr/sbin/postqueue -p>;
for (@data) {
  if (/^(\w+)(\*|\!)?\s/) {
     $queue_id = $1;
  }
  if($queue_id) {
    if (/$REGEXP/i) {
      $Q{$queue_id} = 1;
      $queue_id = "";
    }
  }
}

#open(POSTSUPER,"|cat") || die "couldn't open postsuper" ;
open(POSTSUPER,"|postsuper -d -") || die "couldn't open postsuper" ;

foreach (keys %Q) {
  print POSTSUPER "$_\n";
};
close(POSTSUPER);
#########################################

Usage Examples:
Delete all queued messages to or from the domain called spamers.com, enter:
./postfix-delete.pl spamers.com
Delete all queued messages that contain the word "spam" in the e-mail address:
./postfix-delete.pl spam

Thursday, 9 July 2015

Setup a self-signed SSL site with Apache2

Login and registration pages are often among them. This guide will show you how to quickly set-up a SSL site with a self-signed certificate and automatic HTTP-to-HTTPS redirect. This is ideal for setting up staging environments.
I’ll assume you have a standard Centos system with the apache2 package installed and ready.

Here's what we're going to do, in order:
  1. Make sure Apache has SSL enabled.
  2. Generate a certificate signing request (CSR).
  3. Generate a self-signed certificate.
  4. Copy the certificate and keys we've generated.
  5. Tell Apache about the certificate.
  6. Modify the VirtualHosts to use the certificate.
  7. Restart Apache and test.
Let's start with making sure that SSL is enabled by using the a2enmod utility to enable the SSL module:
sudo a2enmod ssl

Generate the CSR

Now it's time to generate the CSR, and fill out the questions you'd normally have verified by a Certificate Signing Authority:
sudo openssl req -new > new.ssl.csr
Once you do this, you'll be prompted for a passphrase — you're going to want to remember the passphrase.
Now, you're going to walk through a set of questions:


Generating a 1024 bit RSA private key
................++++++
........................++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:Enter Code Here
State or Province Name (full name) [Some-State]:Enter State Here
Locality Name (eg, city) []:Enter City Here
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Enter Company Name
Organizational Unit Name (eg, section) []:Org Unit (if you have one)
Common Name (eg, YOUR name) []:First and Last Name
Email Address []:Work Email

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Leave Blank
An optional company name []:Optional

Parts in bold emphasis require input. You want to leave the challenge password blank, otherwise you'll need to enter this every time you restart Apache.

Generate the Certificate

Now it's time to create the certificate. You're going to use OpenSSL again to create the certificate and then copy the certificate to /etc/ssl where Apache can find them.


sudo openssl rsa -in privkey.pem -out new.cert.key
sudo openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days NNN
sudo cp new.cert.cert /etc/ssl/certs/server.crt
sudo cp new.cert.key /etc/ssl/private/server.key

The -days option sets the length of time before the certificate expires. I went ahead and (roughly) calculated the time until the release of Ubuntu I'm using will be out of support. You can revoke a certificate or replace one before the cert expires, of course.
Now, you have the key (server.key) and PEM certificate (server.crt is a PEM certificate). You need to make sure that the key is not world-readable, but that the certificate is.

Configure Apache

Now that we've got the certificate in place, you need to edit the Apache configuration to add SSL to your site. Your configuration may differ, depending on how you have your sites set up and whether you're only serving one site or whether you're serving several domains from your server.
Here's how I edited my configuration, which was located in /etc/apache2/sites-available/mydomain.net:

NameVirtualHost *:443
NameVirtualHost *:80

<VirtualHost *:80>
    ServerAdmin email address here
    ServerName mydomain.net
    ServerAlias www.mydomain.net
    DocumentRoot /srv/www/mydomain.net/public_html/
    ErrorLog /srv/www/mydomain.net/logs/error.log
    CustomLog /srv/www/mydomain.net/logs/access.log combined
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin 
 jzb@zonker.net
    ServerName mydomain.net
    ServerAlias www.mydomain.net
    DocumentRoot /srv/www/mydomain.net/public_html/

    ErrorLog /srv/www/mydomain.net/logs/error.log
    CustomLog /srv/www/mydomain.net/logs/access.log combined

    SSLEngine on
    SSLOptions +StrictRequire
    SSLCertificateFile /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key
</VirtualHost>
If you're already using the domain, you don't need to do anything but restart Apache. If you're setting Apache up for the first time, or this is a new domain, then you want to run this:

Saturday, 27 June 2015

How to speed up the site

Use the URL : http://gtmetrix.com/why-is-my-page-slow.html
If the issue was due to Leverage browser caching, enable browser caching, add the below code at the top of the .htaccess
=========================================================
## EXPIRES CACHING ##

ExpiresActive On
ExpiresByType image/jpg “access 1 year”
ExpiresByType image/jpeg “access 1 year”
ExpiresByType image/gif “access 1 year”
ExpiresByType image/png “access 1 year”
ExpiresByType text/css “access 1 month”
ExpiresByType text/html “access 1 month”
ExpiresByType application/pdf “access 1 month”
ExpiresByType text/x-javascript “access 1 month”
ExpiresByType application/x-shockwave-flash “access 1 month”
ExpiresByType image/x-icon “access 1 year”
ExpiresDefault “access 1 month”

## EXPIRES CACHING ##
=========================================================
As like that to enable Gzip compression, the code below should be added to your .htaccess file
=========================================================

mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*

=========================================================
If the above code not works, remove it and use the below code.
=========================================================
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
=========================================================
Note :- This is only for apache web servers

Tuesday, 26 May 2015

Cpanel Exim How To Clear The Mail Queue

 To  clear the exim mail queue on a cpanel server.

/etc/init.d/exim stop;
sleep 10;
killall -9 exim eximd
sleep 5;
#clean out the mail queue
find /var/spool/exim -mindepth 2 -type f -exec rm -rf {} \;
#clean out the mail db files
find /var/spool/exim/db -type f -exec rm -rf {} \;
#reset the eximstats database tables
echo “truncate table sends;” | mysql eximstats
echo “truncate table defers;” | mysql eximstats
echo “truncate table failures;” | mysql eximstats
echo “truncate table smtp;” | mysql eximstats
/etc/init.d/exim restart

Friday, 15 May 2015

Linux Basic Commands

To Print Working Directory
Print the name of the current working directory

[root@sanlinux~]# pwd

List of Files and Directories
To see the list of files and directories

[root@sanlinux~]# ls <options> <arguments>

Options

-l – Long list including attributes
-a – All files and directories including hidden
-d – For a particular file or directory
-R – Recursive to see the tree structure
Creation of files

Files can be created by using any of the three methods given below:

    Cat command
    Touch command
    Vi editor

Cat (Concatenation) Command
Creating and displayed text files

[root@sanlinux~]# cat <option> <arguments><filesname>

To create a file

[root@sanlinux~]# cat > <filename>

To view the contents of a file

[root@sanlinux~]# cat <files=name>

To append or add to an existing file

[root@sanlinux~]# cat >> <filename>

To combines the data of two or more files into a third file

[root@sanlinux~]# cat <first file> <second file> >> <third file>

Touch Command
To create a zero byte file

[root@sanlinux~]# touch <filename>

To create multiple zero byte files

[root@sanlinux~]# touch <first file> <second file> <third file>

To change the time stamp of a file or directory

[root@sanlinux~]# touch <directory or filename>

Vi Editor
To create file

[root@sanlinux~]# vi <filename>

Creating Directories
To create a directory

[root@sanlinux~]# mkdir <directory name>

To create multiple directories

[root@sanlinux~]# mkdir <first dir> <second dir> <third dir>

To create nested directories

[root@sanlinux~]# mkdir –p <first dir>/<second dir>/<third dir>

Navigation of Directories
To change the directory

[root@sanlinux~]# cd <path of the directory>

To change directory one level back

[root@sanlinux~]# cd ..

To change directory two levels back

[root@sanlinux~]# cd ../..

To change to the last working directory

[root@sanlinux~]# cd –

To change to the users home directory

[root@sanlinux~]# cd

Help or Manual Page
To view the manual page of a command

[root@sanlinux~]# man <command>

Copying
To copy a file or directory

[root@sanlinux~]# cp <options> <source file> <destination>

Options

-r – Recursive (to copy the directory along with its contents)
-v – Verbose
-p – Copy with permissions
Moving and Renaming
To move a file or directory to a different location

[root@sanlinux~]# mv <source file or directory> <destination>

Rename a file or directory

[root@sanlinux~]# mv <old name> <new name>

Deleting
To remove or delete an empty directory

[root@sanlinux~]# rmdir <directory name>

To remove or delete a file or directory

[root@sanlinux~]# rm <option> <file or directory name>

Options

-r – Recursive (directory along with contents)
-f – forcefully
Some other commands
To see the date

[root@sanlinux~]# date

To see the calendar

[root@sanlinux~]# cal

File Viewing Commands
To view the contents o f a file screen-wise

[root@sanlinux~]# less <file name>

To view the top lines of a file

[root@sanlinux~]# head <filename>

[root@sanlinux~]# head -5 <filename>

To view the bottom line of a file

[root@sanlinux~]# tail <filename>

[root@sanlinux~]# tail -3 <filename>

VI editor modes

VI editor has three modes of operations

    Command Mode
    Insert mode
    Ex Mode (Extended Command Mode)

Insert Mode

I – Insert the text at the current cursor position.
l – Insert the text in beginning of a line
a – Adds the text after the current cursor position
A – Adds the text at the end of a line
o – Insert the text one line below current cursor position
O – Insert the text one line above current cursor position
Ex mode

:q – Quit without saving
:q! – Quit forcefully without saving
:w – Write (save)
:wq – Save and quit
:wq! – Save and quit forcefully
:se nu – sets line numbers
:se nonu– Remove line numbers
:84 – The cursor goes to line 84
Command Mode

dd – Deletes a line
ndd – Deletes ‘n’ lines
yy – Copies a line
nyy – Copies ‘n’ lines
p – Put (pastes the deleted or copied text)
u – Undo(you can undo 1000 times)
G – Moves the cursor to the last line of the file