Posted incentos iptables linux

CentOS 7, how to install xtables-addons

Here is how you can compile and install xtables-addons on CentOS 7.first, Install Dependencies: download xtables-addons extract, compile and install done! and now for example we want to use geoip module, first of all install geoip database for xtables-addons.still from xtables-addons-2.10 directory. if you want only allow ssh connection from…
Tags: , , , No Comments
Posted iniptables memcache nginx

Sharing PHP Session In web Clusters Using Memcache

If you have multiple load balanced webservers all serving the same site, sessions should be shared among thosememcache logo servers, and not reside on each server individually. Because we don’t know where user gets load-balanced to which backend server. A common way solving this problems are by using custom class that overrides default behavior and stores sessions in a MySQL database. All webservers in clusters connect to the same database. However, the main problem that must be taken into consideration when using a database is the bottleneck.

Example loadbalancing backend using nginx

http {
  upstream backend {
    server 192.168.1.1:8000 weight=3;
    server 192.168.1.2:8001;
    server 192.168.1.3:8002;
    server 192.168.1.4:8003;
  }

  server {
    listen 80;
    server_name www.example.com;
    location / {
      proxy_pass http://backend;
    }
  }
}
Tags: , , , No Comments
Posted incentos iptables layer7

Shaping Layer 7 Application on centos 4.7 (iptables + l7 + IMQ + tc/HTB)

Pertama download kernel source kernel 2.6.26.

# wget -t0 -c http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.26.tar.bz2

Download iptables 1.4.1 source.

# wget -t0 -c http://www.netfilter.org/projects/iptables/files/iptables-1.4.1.tar.bz2

Download patch l7 + IMQ (untuk kernel dan iptables) yg sudah saya modifikasi jadi satu bundle.
[download#3]
[download#4]

Extract, patch dan compile kernel source(to RPM)

# tar xjf linux-2.6.26.tar.bz2
# cd linux-2.6.26
# patch -p1 < ../linux-2.6.26-layer7-imq.patch
patching file drivers/net/imq.c
patching file drivers/net/Kconfig
patching file drivers/net/Makefile
patching file include/linux/imq.h
patching file include/linux/netfilter/xt_IMQ.h
patching file include/linux/netfilter/xt_layer7.h
patching file include/linux/netfilter_ipv4/ipt_IMQ.h
patching file include/linux/netfilter_ipv6/ip6t_IMQ.h
patching file include/linux/skbuff.h
patching file include/net/netfilter/nf_conntrack.h
patching file include/net/netfilter/nf_queue.h
patching file net/core/dev.c
patching file net/core/skbuff.c
patching file net/netfilter/Kconfig
patching file net/netfilter/Makefile
patching file net/netfilter/nf_conntrack_core.c
patching file net/netfilter/nf_conntrack_standalone.c
patching file net/netfilter/nf_queue.c
patching file net/netfilter/regexp/regexp.c
patching file net/netfilter/regexp/regexp.h
patching file net/netfilter/regexp/regmagic.h
patching file net/netfilter/regexp/regsub.c
patching file net/netfilter/xt_IMQ.c
patching file net/netfilter/xt_layer7.c

# cp /boot/config-`uname -r` .config
# make clean
# make menuconfig
Tags: , , , , 8
Posted incentos geoip iptables

Compiling iptables geoip module di centos 5

Di compile pada system centos 5, kernel 2.6.18 dan iptables 1.3.5

1. Persiapan

Download kernel source yg sekarang dipakai di centos 5 kita

# mkdir ~/geoip
# cd ~/geoip/
# uname -a
Linux host.domain.com 2.6.18-53.1.13.el5 #1 SMP Tue Feb 12 13:02:30 EST 2008 x86_64 x86_64 x86_64 GNU/Linux

# wget ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-53.1.13.el5.src.rpm

kita cuma mau mengambil linux-2.6.18.tar.bz2 nya saja(patch2 yg lain tidak kita perlukan).

# rpm2cpio kernel-2.6.18-53.1.13.el5.src.rpm | cpio -idv linux-2.6.18.tar.bz2
linux-2.6.18.tar.bz2
172734 blocks
# tar xjf linux-2.6.18.tar.bz2
Tags: , , 2