Enabling Iptables Modules
Nov 2, 2009This wiki page has discussed how to enable iptables modules in a VPS.
View 6 RepliesThis wiki page has discussed how to enable iptables modules in a VPS.
View 6 RepliesI want to know about install IPTables modules -> modules name is 'Quota'
It's have way to install pure this modules directly to IPTables by not Build/ReBuild Kernel from Source
OS : CentOS 5.0
I must Mod Quota to IPTables for use Traffic Limit per VPS Node on OpenVZ Kernel
And everyone can tell me to simple to Traffic Control for VPS Node on OpenVZ
I am currently trying to limit incoming UDP length 20 packets on a per IP basis to 5 a second using IPTables on a Linux machine (CentOS 5.2).
Basically, if an IP is sending more than 5 length 20 UDP packet a second to the local machine, I would like the machine to drop the excess length 20 packets coming from that IP.
The modules that should work perfectly for this type of "rule set" are;
- Limiting module
- Length module
Both of which are installed / compiled with the kernel/IPTables correctly and functioning.
I have tried several rule sets, and they all seem to not fully work. Either they drop all UDP length 20 packets going to the local machine or allow all them through.
Below is one of the rule sets I use, and it is not working. Any ideas what the issue could be?
iptables -N UDPC1
iptables -A INPUT -p udp -m length --length 20 -j UDPC1
iptables -A UDPC1 -p udp -m length --length 20 -m limit --limit 5/second -j ACCEPT
iptables -A UDPC1 -j DROP
I execute the following commands, in the following order:
iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP
will that last command successfully ban that IP until reboot?
If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.
I got a problem with CSF on my VPS. ipt_state and ipt_REDIRECT are not enabled on the node and I can't(and everyone else on the node) be using any ipt based firewall.
I asked a hosting company to enable those modules and I provided a simple guide(Edit /etc/sysconfig/iptables-config and /etc/sysconfig/vz on the hardware node. Add ipt_state and ipt_REDIRECT into IPTABLES_MODULES= and IPTABLES= lines correspondingly.)
I had the same problem on my old VPS provider and I provided the same guide and after it they restarted iptables and vz and it worked fine.
Tech in my current hosting company is saying they need to re-compile the kernel with those modules 1st in order to enabled those modules. They tried 2 times and the server didn't boot into a new kernel.
So, is there any other way to enable those modules without kernel re-compile.
I even think "modprobe" shout do the trick. modprobe ipt_state and modprobe ipt_REDITECT and then add those modules into 2 files as I said above and it whould be working fine?
CentOS 5. I can't run iptables.
/lib/modules is empty.
In /var/log/messages, this line is repeated many times:
modprobe: FATAL: Could not load /lib/modules/2.6.18-5-xen-686/modules.dep: No such file or directory
iptables -L gives this:
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Is this something I can fix via yum install xxx or some other way, or is it something my provider has to do?
I tried yum install kernel-xen, but that installed 2.6.18-53 and modprobe is looking for 2.6.18-5
On a Linux box, is there a way to list all of the modules that are running in Apache but NOT compiled into Apache?
I now that "httpd -l" = lists all of the Apache compiled modules.
Trying to install Cerberus Help Desk and it gives this message during requirement check:
The following problems prevent you from running Cerberus Helpdesk 4.0:
upload_tmp_dir is empty in your php.ini file. Please set it.
The 'MailParse' PHP extension is required. Please enable it.
The 'Mail' PEAR package is required. Please install it.
The 'Mail_Mime' PEAR package is required. Please install it.
The 'Mail_mimeDecode' PEAR package is required. Please install it.
The 'Mail_RFC822' PEAR package is required. Please install it.
The 'Text_Password' PEAR package is required. Please install it.
how to apply this (on a vps) safely? Using Centos 4.5. I'm using Interworx control panel.
I have a RHEL 5 server, that host one site with a common PHP 5.x -MySQL 5.x app, it also uses .htaccess to rewrite rules. I'm trying to optimize apache to the max, and though about removing some unneccesary modules. The actual modules loaded are:
Code:
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule version_module modules/mod_version.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule evasive20_module /usr/lib/httpd/modules/mod_evasive20.so
LoadModule security_module /usr/lib/httpd/modules/mod_security.so
Besides of mod_evasive, mod_security that are security modules, what modules can I disable without causing any problems to a common PHP-MySQL website?
This is a plain RH box, virtual host is configured at httpd.conf in this way:
Code:
<VirtualHost SERVERIP>
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /var/www/sites/mysite.com
<Directory "/var/www/sites/mysite.com">
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</VirtualHost>
to install these two but whm did not find them
html2ps
ps2pdf
Only found this,
Meta::Tool:s2Pdf
not sure if that is the proper one anyway.
Using perl 5.8.8 / centos 4.5
I'm trying to install the Win32 dist from apachelounge 2.4.9 and I'm having difficulties getting the modules loaded. Several modules have different names or aren't there at all. mod_imap.so
View 1 Replies View RelatedI have complied Apache from the source with so enabled and compiled PHP with Apache apxs. What if I do, if I want to add/Load another modules as a dynamic modules without recompiling apache. Suppose if I want to enable rewrite or any other module.I am pasting the command which I used to compile apahce.
Apache
==
./configure --prefix=/usr/local/apache --enable-module=so
make
make install
PHP
==
./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs
make
make install
Both are running fine on my server,how to enable mod rewrite module as shared module fro example ??Â
If you know where to buy those modules, please let me know.
View 3 Replies View Relatedwhat modules I should use in my httpd.conf file. Here's the modules that I currently have enabled / disabled. The site is running specifically off PHP. There is no need for CGI, ASP, or any other languages (to my knowledge). The negotiation module is enabled,. It does not need to be to my knowledge.
However, when I disabled it Apache would not restart. Could someone give some details as to which directives need to be disabled for negotiation to be disabled. Also, does anyone know if negotiation is essential. It is not to my knowledge. Suggestions and comments are much appreciated. Thank you in advance for your hard work and experience being as it's not costing me anything. I will do my best to return the favor.
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so
LoadModule auth_dbm_module modules/mod_auth_dbm.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_ldap_module modules/mod_auth_ldap.so
# LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imap_module modules/mod_imap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
# LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
# LoadModule cgi_module modules/mod_cgi.so
LoadModule logio_module /usr/lib/httpd/modules/mod_logio.so
I can't get SELinux to let httpd load the IonCube module for PHP. I've given the CentOS 5 forum a try (here: http://www.centos.org/modules/newbb/...15403&forum=42), talked with WHMCS's support (the app I'm using that needs it), and even opened a ticket with IonCube. Unfortunately nobody seems to know how to tell SELinux to let httpd "exec" modules.
I'm running CentOS 5, and the error I'm getting in /var/log/messages is:
Jul 23 10:15:30 host kernel: audit(1216833330.905:1249): avc: denied { execheap } for pid=22055 comm="httpd" scontext=root:system_r:httpd_t:s0 tcontext=root:system_r:httpd_t:s0 tclass=process
I can disable SELinux and it works fine (setenforce 0), but that's not the solution I'm looking for. Can someone please tell me how to do this the *right* way?
what are the standard modules which you normally need to get installed in your server or which you install ? from which you sell hosting to your customer or Which standard modules Is Most Important To Be Installed In Your Dedicated server ?
View 3 Replies View RelatedThis is a random question and I wasn't sure exactly where to start. But, I have developed some invoice software that use a few PHP modules. My host has these enabled by default, but I wanted to see if most hosts have these enabled or not. Heck, they might even by standard php configuration, I'm just not sure. Here they are:
PHP 5 with the following modules:
- dom
- dom-xslt
- gd
- mysql
- mbstring
- bcmath
I have 2.4.x version installed on RHEL and I need to install same version on Solaris 10. How can I find out what packages/modules were compiled for RHEL so that I can download same for Solaris and compile them.
View 2 Replies View RelatedWe have been using Apache 2.2.x with reverse proxy modules for our clients to access their OWA servers for over a year. I want to get us to Apache 2.4.x so I setup a test box with latest 2.4 on it. I fixed the config file issues since 2.4 has changes in it. OWA proxy is working on my test server with Apache 2.4. But with 2.4 I do have an issue I cannot figure out. Note that this does NOT occur with Apache 2.2. I get the following errors when using ActiveSync through reverse proxy:
[Thu Oct 17 12:19:11.670665 2013] [proxy_http:error] [pid 748:tid 8440] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : [client x.x.x.x:20311] AH01102: error reading status line from remote server mail.nameredacted.net:443
[Thu Oct 17 12:19:11.670665 2013] [proxy:error] [pid 748:tid 8440] [client x.x.x.x:20311] AH00898: Error reading from remote server returned by /Microsoft-Server-ActiveSync
So somehow with Apache 2.4 there is some sort of timeout that was not there with 2.2.
My client wants to send SMS from his new website that we are making. How can I enable this feature ...? What's the easiest way?
(The reason I'm posting this question in this forum is that I'm just guessing that this has something to do with web hosting. But, admin, if I'm wrong about this, please move this to a different forum.)
I read that Clickatell is a good service to use to provide this service on our website. Did anyone here use this service before? If so, what did you think about it? Is it easy to set up?
I am running a Fedora Core 4 VPS with Apache 2.0.53 I think.
I would really like to install/enable WebDAV so that I can mount some of the server storage as a drive on my computer for easy file manipulation from desktop, laptop, gf's house, etc. without having to carry the files around with me all the time.
How would I go about configuring WebDAV?
dears how can i enable jsp for a specify domain?
i tried this @ putty:
/scripts/installservlet <domain.com>
but it doesnt work for me
im using cpanel 11.x
Is there any way to run SSI with html instead of shtm or shtml in Windows 2003 IIS 6 server?
View 0 Replies View RelatedI cannot enable DMA mode on /dev/hda when attemping to enable it via ssh
Code:
hdparm -d1 /dev/hda
/dev/hda:
setting using_dma to 1 (on)
HDIO_SET_DMA failed: Operation not permitted
using_dma = 0 (off)
Code:
hdparm -tT /dev/hda
/dev/hda:
Timing cached reads: 1632 MB in 2.00 seconds = 814.90 MB/sec
Timing buffered disk reads: 8 MB in 3.42 seconds = 2.34 MB/sec
I am running CentOS 4.7 and cPanel 11. cPanel also shows DMA is not enable on this drive. Kernel: 2.6.9-78.0.13.ELsmp
Code:
cat /boot/config-2.6.9-78.0.13.ELsmp |grep DMA
CONFIG_GENERIC_ISA_DMA=y
CONFIG_BLK_DEV_IDEDMA_PCI=y
# CONFIG_BLK_DEV_IDEDMA_FORCED is not set
CONFIG_IDEDMA_PCI_AUTO=y
# CONFIG_IDEDMA_ONLYDISK is not set
# CONFIG_HPT34X_AUTODMA is not set
CONFIG_BLK_DEV_IDEDMA=y
# CONFIG_IDEDMA_IVB is not set
CONFIG_IDEDMA_AUTO=y
CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=1
CONFIG_PDC_ADMA=m
Code:
hdparm -i /dev/hda
/dev/hda:
Model=WDC WD2500JB-00REA0, FwRev=20.00K20, SerialNo=WD-WMAN542173
Config={ HardSect NotMFM HdSw>15uSec SpinMotCtl Fixed DTR>5Mbs FmtGapReq }
RawCHS=16383/16/63, TrkSize=0, SectSize=0, ECCbytes=50
BuffType=unknown, BuffSize=8192kB, MaxMultSect=16, MultSect=16
CurCHS=16383/16/63, CurSects=16514064, LBA=yes, LBAsects=268435455
IORDY=on/off, tPIO={min:120,w/IORDY:120}, tDMA={min:120,rec:120}
PIO modes: pio0 pio3 pio4
DMA modes: mdma0 mdma1 mdma2
UDMA modes: udma0 udma1 udma2 udma3 udma4 *udma5
AdvancedPM=no WriteCache=enabled
Drive conforms to: device does not report version:
* signifies the current active mode
Both IE7 and FF are configured to use javascript, but no sites seem to recognize the fact and report that it's been blocked or off. How do I enabled this?
View 1 Replies View RelatedWhen I create a website in apache I have to enable php on it manually, Is there a way that I enable php by default on root of apache?
View 3 Replies View RelatedI have a dedicated server. It is a Fedora Core 6. It came with "Plesk 30 domain license". However, this license of Plesk doesn't have SpamAssassin enabled. In order to get the license with SpamAssassin, it costs an extra $30 a month.
I believe SpamAssassin by default is in fact installed on the sever, but some of my users are reporting that they are getting Spam. How can I check is SpamAssassin is running? How do I configure SpamAssassin to filter spam on all the e-mail addresses that are created in Plesk?
I have SSH access to the server.
root@contact [~]# hdparm -d 1 /dev/hdd
/dev/hdd:
setting using_dma to 1 (on)
HDIO_SET_DMA failed: Operation not permitted
using_dma = 0 (off)
root@contact [~]#
root@contact [~]# hdparm -X66 -d1 /dev/hdd
/dev/hdd:
setting using_dma to 1 (on)
HDIO_SET_DMA failed: Operation not permitted
setting xfermode to 66 (UltraDMA mode2)
using_dma = 0 (off)
root@contact [~]#
drive
root@contact [~]# hdparm -I /dev/hdd
/dev/hdd:
ATA device, with non-removable media
Model Number: Hitachi HDP725050GLA360
Serial Number: GEA550RF04Z90G
Firmware Revision: GM4OA52A
Transport: Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, SATA Rev 2.5; Revision: ATA8-AST T13 Project D1697 Revision 0b
Standards:
Supported: 8 7 6 5
Likely used: 8
Configuration:
Logical max current
cylinders 16383 65535
heads 16 1
sectors/track 63 63
--
CHS current addressable sectors: 4128705
LBA user addressable sectors: 268435455
LBA48 user addressable sectors: 976773168
device size with M = 1024*1024: 476940 MBytes
device size with M = 1000*1000: 500107 MBytes (500 GB)
Capabilities:
LBA, IORDY(can be disabled)
Queue depth: 32
Standby timer values: spec'd by Standard, no device specific minimum
R/W multiple sector transfer: Max = 16 Current = 16
Advanced power management level: unknown setting (0x0000)
Recommended acoustic management value: 128, current value: 254
DMA: mdma0 mdma1 mdma2 udma0 udma1 *udma2 udma3 udma4 udma5 udma6
Cycle time: min=120ns recommended=120ns
PIO: pio0 pio1 pio2 pio3 pio4
Cycle time: no flow control=120ns IORDY flow control=120ns
Commands/features:
Enabled Supported:
* SMART feature set
Security Mode feature set
* Power Management feature set
* Write cache
* Look-ahead
* Host Protected Area feature set
* WRITE_BUFFER command
* READ_BUFFER command
* DOWNLOAD_MICROCODE
Advanced Power Management feature set
Power-Up In Standby feature set
SET_FEATURES required to spinup after power up
Address Offset Reserved Area Boot
* SET_MAX security extension
Automatic Acoustic Management feature set
* 48-bit Address feature set
* Device Configuration Overlay feature set
* Mandatory FLUSH_CACHE
* FLUSH_CACHE_EXT
* SMART error logging
* SMART self-test
Media Card Pass-Through
* General Purpose Logging feature set
* WRITE_{DMA|MULTIPLE}_FUA_EXT
* 64-bit World wide name
* URG for READ_STREAM[_DMA]_EXT
* URG for WRITE_STREAM[_DMA]_EXT
* WRITE_UNCORRECTABLE command
* Segmented DOWNLOAD_MICROCODE
* SATA-I signaling speed (1.5Gb/s)
* SATA-II signaling speed (3.0Gb/s)
* Native Command Queueing (NCQ)
* Host-initiated interface power management
* Phy event counters
* unknown 76[12]
Non-Zero buffer offsets in DMA Setup FIS
DMA Setup Auto-Activate optimization
Device-initiated interface power management
In-order data delivery
* Software settings preservation
Security:
Master password revision code = 65534
supported
not enabled
not locked
frozen
not expired: security count
not supported: enhanced erase
184min for SECURITY ERASE UNIT.
Checksum: correct ....