Category Archives: network

How to configure an IP Tunnel

An IP tunnel is an Internet Protocol (IP) network communications channel between two networks. It is used to transport another network protocol by encapsulation of its packets.

IP tunnels are often used for connecting two disjoint IP networks that don’t have a native routing path to each other, via an underlying routable protocol across an intermediate transport network. In conjunction with the IPsec protocol they may be used to create a virtual private network between two or more private networks across a public network such as the Internet. Another prominent use is to connect islands of IPv6 installations across the IPv4 Internet.

You could try by two ways.
On-the-fly way
In the first (192.168.0.18) endpoint:
ip tunnel add mytun mode ipip local 192.168.0.18 remote 192.168.0.118
ip addr add 10.168.0.18/24 dev mytun
ip link mytun up

In the second (192.168.0.118) endpoint:
ip tunnel add mytun mode ipip local 192.168.0.118 remote 192.168.0.18
ip addr add 10.168.0.118/24 dev mytun
ip link mytun up

Permanent way
Host 192.168.0.18:
DEVICE=mytun
TYPE=IPIP
MY_OUTER_IPADDR=192.168.0.18
PEER_OUTER_IPADDR=192.168.0.118
MY_INNER_IPADDR=10.168.0.18/24
PEER_INNER_IPADDR=10.168.0.118/24
ONBOOT=yes

Host 192.168.0.118:
DEVICE=mytun
TYPE=IPIP
MY_OUTER_IPADDR=192.168.0.118
PEER_OUTER_IPADDR=192.168.0.18
MY_INNER_IPADDR=10.168.0.118/24
PEER_INNER_IPADDR=10.168.0.18/24
ONBOOT=yes

To starting tunnel is simple. On host 192.168.0.18 and on host 192.168.0.118:
ifup mytun

If you want check up tunnel:
ip addr ls

Reference: wikipedia.org, daverdave.com

How to testing your website before switching DNS servers on domain record

You can test everything by editing the hosts file on your PC. In Unix system there is /etc/hosts.
The hosts file contains lines of text consisting of an IP address in the first text field followed by one or more hostnames, each field separated by white space (blanks or tabulation characters). Comment lines may be included; they are indicated by a hash character (#) in the first position of such lines. Entirely blank lines in the file are ignored.

If you want testing your website on server, add line on /etc/hosts with server IP (IP.SE.RV.ER) and domain name about your website. Open /etc/hosts file:
nano /etc/hosts
add this line:
IP.SE.RV.ER www.mywebsite.net
and save file. Now if you ping hostname about your website:
ping www.mywebsite.net
It pings on IP.SE.RV.ER!

Reference: wikipedia.org

How to disable root access via SSH

One of the biggest security holes you could open on your server is to allow directly logging in as root through ssh, because any cracker can attempt to brute force your root password and potentially get access to your system if they can figure out your password.

It’s much better to have a separate account that you regularly use and simply sudo to root when necessary. Before we begin, you should make sure that you have a regular user account and that you can su or sudo to root from it.

To fix this problem, we’ll need to edit the sshd_config file, which is the main configuration file for the sshd service. The location will sometimes be different, but it’s usually in /etc/ssh/. Open the file up while logged on as root.
vi /etc/ssh/sshd_config
Find this section in the file, containing the line with “PermitRootLogin” in it.
Make the line look like this to disable logging in through ssh as root.
PermitRootLogin no
Now you’ll need to restart the sshd service:
/etc/init.d/sshd restart
Now nobody can brute force your root login, at least.

IP Failover configuration

Guide to configure IP Failover on CentOS server in ovh farm.
nano /etc/sysconfig/network-scripts/ifcfg-eth0:0
Copy and paste this code:
DEVICE="eth0:0"
BOOTPROTO=static
IPADDR="IP.FAIL.OVER"
NETMASK="255.255.255.255"
BROADCAST="IP.FAIL.OVER"
ONBOOT=yes

IP.FAIL.OVER is ip number of your IP Failover. Now set new interface and reboot server:
ifup eth0:0
/sbin/reboot

When server restarted ping IP.FAIL.OVER:
ping IP.FAIL.OVER
If you have more IP Failover, set eth0:1, eth0:2, ..

Reference: ovh.it