Q:1 Why LVM is required ?

Ans: LVM stands for Logical Volume Manager , to resize

filesystem’s size online we required LVM partition in Linux. Size
of LVM partition can be extended and reduced using the lvextend
& lvreduce commands respectively.

Q:2 How To check Memory stats and CPU stats ?

Ans: Using ‘free’ & ‘vmstat’ command we can display the

physical and virtual memory statistics respectively.With the help
of ‘sar’ command we see the CPU utilization & other stats.

Q:3 What does Sar provides and at which location Sar logs are
stored ?

Ans: Sar Collect, report, or save system activity information. The

default version of the sar command (CPU utilization report) might
be one of the first facilities the user runs to begin system
activity investigation, because it monitors major system resources.
If CPU utilization is near 100 percent (user + nice + system), the
workload sampled is CPU-bound.
By default log files of Sar command is located at /var/log/sa/sadd
file, where the dd parameter indicates the current day.

Q:4 How to increase the size of LVM partition ?

Ans: Below are the Logical Steps :

– Use the lvextend command (lvextend -L +100M /dev/<Name of
the LVM Partition> , in this example we are extending the size by
100MB.
– resize2fs /dev/<Name of the LVM Partition>
– check the size of partition using ‘df -h’ command

Q:5 How to reduce or shrink the size of LVM partition ?

Ans: Below are the logical Steps to reduce size of LVM partition :
-Umount the filesystem using umount command,
-use resize2fs command , e.g resiz2fs /dev/mapper/myvg-mylv
10G
-Now use the lvreduce command , e.g lvreduce -L 10G
/dev/mapper/myvg-mylv
Above Command will shrink the size & will make the filesystem
size 10GB.

Q:6 How to create partition from the raw disk ?

Ans: Using fdisk utility we can create partitions from the raw
disk.Below are the steps to create partition from the raw dsik :
– fdisk /dev/hd* (IDE) or /dev/sd* (SCSI)
– Type n to create a new partition
– After creating partition , type w command to write the changes
to the partition table.
Q:7 Where the kernel modules are located ?
Ans: The ‘/lib/modules/kernel-version/’ directory stores all kernel
modules or compiled drivers in Linux operating system. Also with
‘lsmod’ command we can see all the installed kernel modules.
Q:8 What is umask ?
Ans: umask stands for ‘User file creation mask’, which determines
the settings of a mask that controls which file permissions are set
for files and directories when they are created.
Q:9 How to set the umask permanently for a user?
Ans: To set this value permanently for a user, it has to be put in the
appropriate profile file which depends on the default shell of the
user.
Q:10 How to change the default run level in linux ?
Ans: To change the run level we have to edit the file “/etc/inittab”
and change initdefault entry ( id:5:initdefault:). Using ‘init’
command we change the run level temporary like ‘init 3’ , this
command will move the system in runlevl 3.
Q:11 How to share a directory using nfs ?
Ans: To share a directory using nfs , first edit the configuration file
‘/etc/exportfs’ , add a entry like
‘/<directory-name> <ip or Network>(Options)’ and then restart
the nfs service.
Q:12 How to check and mount nfs share ?
Ans: Using ‘showmount’ command we can see what directories
are shared via nfs e.g ‘showmount -e <ip address of nfs
server>’.Using mount command we can mount the nfs share on
linux machine.
Q:13 What are the default ports used for
SMTP,DNS,FTP,DHCP,SSH and squid ?
Ans: Service Port
SMTP 25
DNS 53
FTP 20 (data transfer) , 21 ( Connection established)
DHCP 67/UDP(dhcp server) , 68/UDP(dhcp client)
SSH 22
Squid 3128
Q:14 What is Network Bonding ?
Ans: Network bonding is the aggregation of multiple Lan cards
into a single bonded interface to provide fault tolerance and high
performance. Network bonding is also known as NIC Teaming.
Q:15 What are the different modes of Network bonding in
Linux ?
Ans: Below are list of modes used in Network Bonding :
balance-rr or 0 – round-robin mode for fault tolerance and load
balancing.
active-backup or 1 – Sets active-backup mode for fault tolerance.
balance-xor or 2 – Sets an XOR (exclusive-or) mode for fault
tolerance and load balancing.
broadcast or 3 – Sets a broadcast mode for fault tolerance. All
transmissions are sent on all slave interfaces.
802.3ad or 4 – Sets an IEEE 802.3ad dynamic link aggregation
mode. Creates aggregation groups that share the same speed &
duplex settings.
balance-tlb or 5 – Sets a Transmit Load Balancing (TLB) mode
for fault tolerance & load balancing.
balance-alb or 6 – Sets an Active Load Balancing (ALB) mode
for fault tolerance & load balancing.
Q:16 How to check and verify the status the bond interface.
Ans: Using the command ‘cat /proc/net/bonding/bond0’ , we can
check which mode is enabled and what lan cards are used in this
bond. In this example we have one only one bond interface but we
can have multiple bond interface like bond1,bond2 and so on.
Q:17 How to check default route and routing table ?
Ans: Using the Commands ‘netstat -nr’ and ‘route -n’ we can see
the default route and routing tables.
Q:18 How to check which ports are listening in my Linux
Server ?
Ans: Use the Command ‘netstat –listen’ and ‘lsof -i’
Q:19 List the services that are enabled at a particular run level
in linux server ?
Ans: With the help of command ‘chkconfig –list | grep 5:on’ we
can list all the service that are enabled in run level5. For other run
levels just replace 5 with the respective run level.
Q:20 How to enable a service at a particular run level ?
Ans: We can enable a service using the Command ‘chkconfig
<Service-Name> on –level 3’
Q:21 How to upgrade Kernel in Linux ?
Ans: We should never upgrade Linux Kernel , always install the
new New kernel using rpm command because upgrading a kenel
can make your linux box in a unbootable state.
Q:22 How To scan newly asssigned luns on linux box without
rebooting ?
Ans: There are two ways to scan newly assigned luns :
Method:1 if sg3 rpm is installed , then run the command ‘rescan-
scsi-bus.sh’
Method:2 Run the Command , echo ” – – – ” >
/sys/class/scsi_host/hostX/scan
Q:23 How to find WWN numbers of HBA cards in Linux
Server ?
Ans: We can find the WWN numbers of HBA cards using the
command ‘systool -c fc_host -v | grep port_name’
Q:24 How to add & change the Kernel parameters ?
Ans: To Set the kernel parameters in linux , first edit the file
‘/etc/sysctl.conf’ after making the changes save the file and run the
command ‘sysctl -p’ , this command will make the changes
permanently without rebooting the machine.
Q:25 What is Puppet Server ?
Ans: Puppet is an open-source & enterprise software for
configuration management toll in UNIX like operating system.
Puppet is a IT automation software used to push configuration to
its clients (puppet agents) using code. Puppet code can do a variety
of tasks from installing new software, to check file permissions, or
updating user accounts & lots of other tasks.
Q:26 What are manifests in Puppet ?
Ans: Manifests in Puppet are the files in which the client
configuration is specified.
Q:27 Which Command is used to sign requested certificates in
Puppet Server ?
Ans: ‘puppetca –sign hostname-of-agent’ in (2.X) & ‘puppet ca
sign hostname-of-agent’ in (3.X)
Q:28 At which location Puppet Master Stores Certificates ?
Ans: /var/lib/puppet/ssl/ca/signed
Q:29 How to find all the regular files in a directory ?
Ans: using the command ‘find /<directory -type f’.
Q:30 What is load average in a linux ?
Ans: Load Average is defined as the average sum of the number
of process waiting in the run queue and number of process
currently executing over the period of 1,5 and 15 minutes. Using
the ‘top’ and ‘uptime’ command we find the load average of a
linux sever.
Q) Q) What is Linux and why is it so popular?

Answer - Linux is an operating system that uses UNIX like Operating

system.......

Q) Q) What is LILO?
Answer - LILO is Linux Loader is a boot loader for Linux. It is used to load
Linux into the memory and start the Operating system.......

Q) Q) What is the difference between home directory and working

directory?

Answer - Home directory is the default working directory when a user logs
in. On the other hand, working directory is the user’s current directory.......

Q) Q) What is the difference between internal and external commands?

Answer - Internal commands are commands that are already loaded in the
system. They can be executed any time and are independent.......

Q) Explain the difference between a static library and a dynamic library.

Answer - Static libraries are loaded when the program is compiled and
dynamically-linked libraries are loaded in while......

Q) What is LD_LIBRARY_PATH?

Answer - LD_LIBRARY_PATH is an environment variable. It is used for

debugging a new library or a non standard library.......

Q) What is the file server in Linux server?

Answer - File server is used for file sharing. It enables the processes
required fro sharing.......

Q) What is NFS? Q) What is its purpose?

Answer - NFS is Network File system. It is a file system used for sharing of
files over a network.......

How do I send email with linux?

Answer - Email can be sent in Linux using the mail command. ......
Q) Explain RPM (Red Hat Package Manager) features.

Answer - RPM is a package managing system (collection of tools to

manage software packages).......

Q) What is Kernel? Q) Explain the task it performs.

Answer - Kernel is used in UNIX like systems and is considered to be the

heart of the operating system.......

Q) What is Linux Shell? Q) What is Shell Script?

Answer - Linux shell is a user interface used for executing the commands.
Shell is a program the user......

Q) What are Pipes? Q) Explain use of pipes.

Answer - A pipe is a chain of processes so that output of one process

(stdout) is fed an input (stdin) to another.......

Q) Explain trap command; shift Command, getopts command of linux.

Answer - Trap command: controls the action to be taken by the shell when
a signal is received. ......

Q) What Stateless Linux server? Q) What feature it offers?

Answer - A stateless Linux server is a centralized server in which no state

exists on the single workstations. ......

Q) What does nslookup do? Q) Explain its two modes.

Answer - Nslookup is used to find details related to a Domain name server.

Details like IP addresses of a machine, MX records,......

Q) What is Bash Shell?

Answer - Bash is a free shell for UNIX. It is the default shell for most UNIX
systems. It has a combination of the C and Korn shell features. ......

Q) Explain some Network-Monitoring Tools in Linux: ping, traceroute,

tcpdump, ntop
Answer - Network monitoring tools are used to monitor the network,
systems present on the network, traffic etc.......

How does the linux file system work?

Answer - Linux file structure is a tree like structure. It starts from the root
directory, represented by '/', and then expands into sub-directories.......

Q) What are the process states in Linux?

Answer - Process states in Linux.......

Q) What is a zombie?

Answer - Zombie is a process state when the child dies before the parent
process. In this case the structural information of the process is still in the
process table.......

Q) Explain each system calls used for process management in linux.

Answer - System calls used for Process management......

Q) Which command is used to check the number of files and disk space
used and the each user’s defined quota?

repquota command is used to check the status of the user’s quota along
with the disk space and number of files used. This command gives a
summary of the user’s quota that how much space and files are left for the
user. Every user has a defined quota in Linux. This is done mainly for the
security, as some users have only limited access to files. This provides a
security to the files from unwanted access. The quota can be given to a
single user or to a group of users.

Q) What is the name and path of the main system log?

By default the main system log is /var/log/messages. This file contains all
the messages and the script written by the user. By default all scripts are
saved in this file. This is the standard system log file, which contains
messages from all system software, non-kernel boot issues, and
messages that go to 'dmesg'. dmesg is a system file that is written upon
system boot.

Q) How secured is Linux? Q) Explain.

Security is the most important aspect of an operating system. Due to its

unique authentication module, Linux is considered as more secured than
other operating systems. Linux consists of PAM. PAM is Pluggable
Authentication Modules. It provides a layer between applications and
actual authentication mechanism. It is a library of loadable modules which
are called by the application for authentication. It also allows the
administrator to control when a user can log in. All PAM applications are
configured in the directory "/etc/pam.d" or in a file "/etc/pam.conf". PAM is
controlled using the configuration file or the configuration directory.

Q) Can Linux computer be made a router so that several machines may

share a single Internet connection? How?

Yes a Linux machine can be made a router. This is called "IP

Masquerade." IP Masquerade is a networking function in Linux similar to
the one-to-many (1: Many) NAT (Network Address Translation) servers
found in many commercial firewalls and network routers. The IP
Masquerade feature allows other "internal" computers connected to this
Linux box (via PPP, Ethernet, etc.) to also reach the Internet as well. Linux
IP Masquerading allows this functionality even if the internal computers do
not have IP addresses.

The IP masquerading can be done by the following steps:

1. The Linux PC must have an internet connection and a connection to

LAN. Typically, the Linux PC has two network interfaces-an Ethernet card
for the LAN and a dial-up PPP connection to the Internet (through an ISP).

2. All other systems on your LAN use the Linux PC as the default gateway
for TCP/IP networking. Use the same ISP-provided DNS addresses on all
systems.

3. Enable IP forwarding in the kernel. By default the IP forwarding is not

enabled. To ensure that IP forwarding is enabled when you reboot your
system, place this command in the /etc/rc.d/rc.local file.

4. Run /sbin/iptables-the IP packet filter administration program-to set up

the rules that enable the Linux PC to masquerade for your LAN.
Q) What is the minimum number of partitions you need to install Linux?

Minimum 2 partitions are needed for installing Linux. The one is / or root
which contains all the files and the other is swap. Linux file system is
function specific which means that files and folders are organized
according to their functionality. For example, all executables are in one
folder, all devices in another, all libraries in another and so on. / or ‘root’ is
the base of this file system. All the other folders are under this one. / can
be consider as C: .Swap is a partition that will be used as virtual memory.
If there is no more available RAM a Linux computer will use an area of the
hard disk, called swap, to temporarily store data. In other words it is a way
of expanding your computers RAM.

Which command is used to review boot messages?

dmesg command is used to review boot messages. This command will

display system messages contained in the kernel ring buffer. We can use
this command immediately after booting to see boot messages. A ring
buffer is a buffer of fixed size for which any new data added to it overwrites
the oldest data in it. Its basic syntax is

dmesg [options]

Invoking dmesg without any of its options causes it to write all the kernel
messages to standard output. This usually produces far too many lines to
fit into the display screen all at once, and thus only the final messages are
visible. However, the output can be redirected to the less command
through the use of a pipe, thereby allowing the startup messages to be
viewed on one screen at a time
dmesg | less

Which utility is used to make automate rotation of a log?

logrotate command is used to make automate rotation of log.

Syntax of the command is:
logrotate [-dv] [-f|] [-s|] config_file+
It allows automatic rotation, compression, removal, and mailing of log files.
This command is mainly used for rotating and compressing log files. This
job is done every day when a log file becomes too large. This command
can also be run by giving on command line. We can done force rotation by
giving –f option with this command in command line. This command is also
used for mailing. We can give –m option for mailing with this command.
This option takes two arguments one is subject and other is recipient
name.

Q) What are the partitions created on the mail server hard drive?

The main partitions are done firstly which are root, swap and boot partition.
But for the mail server three different partitions are also done which are as
follows:
1. /var/spool- This is done so that if something goes wrong with the mail
server or spool than the output cannot overrun the file system.
2. /tmp- putting this on its own partition prevents any user item or software
from overrunning the system files.
3. /home- putting this on its own is useful for system upgrades or reinstalls.
It allow not to wipe off the /home hierarchy along with other areas.

Q) What are the fields in the/etc/passwd file?

It contains all the information of the users who log into the system. It
contains a list of the system's accounts, giving for each account some
useful information like user ID, group ID, home directory, shell, etc. It
should have general read permission as many utilities, like ls use it to map
user IDs to user names, but write access only for the superuser (root). The
main fields of /etc/passwd file are:
1. Username: It is used when user logs in. It should be between 1 and 32
characters in length.
2. Password: An x character indicates that encrypted password is stored in
/etc/shadow file.
3. User ID (UID): Each user must be assigned a user ID (UID). UID 0
(zero) is reserved for root and UIDs 1-99 are reserved for other predefined
accounts. Further UID 100-999 are reserved by system for administrative
and system accounts/groups.
4. Group ID (GID): The primary group ID (stored in /etc/group file)
5. User ID Info: The comment field. It allow you to add extra information
about the users such as user's full name, phone number etc. This field use
by finger command.
6. Home directory: The absolute path to the directory the user will be in
when they log in. If this directory does not exists then users directory
becomes /
7. Command/shell: The absolute path of a command or shell (/bin/bash).
Typically, this is a shell.

Which commands are used to set a processor-intensive job to use less

CPU time?
nice command is used for changing priority of the jobs.
Syntax: nice [OPTION] [COMMAND [ARG]...]
Range of priority goes from -20 (highest priority) to 19 (lowest).Priority is
given to a job so that the most important job is executed first by the kernel
and then the other least important jobs. This takes less CPU times as the
jobs are scheduled and are given priorities so the CPU executes fast. The
priority is given by numbers like -20 describe the highest priority and 19
describe the least priority.

How to change window manager by editing your home directory?

/.xinitrc file allows changing the window manager we want to use when
logging into X from that account. The dot in the file name shows you that
the file is a hidden file and doesn't show when you do a normal directory
listing. For setting a window manager we have to save a command in this
file. The syntax of command is: exec windowmanager.After this, save the
file. Next time when you run a startx a new window manager will open and
become default. The commands for starting some popular window
managers and desktop environments are:
-KDE = startkde
-Gnome = gnome-session
-Blackbox = blackbox
-FVWM = fvwm
-Window Maker = wmaker
-IceWM = icewm

Q) How documentation of an application is stored?

When a new application is installed its documentation is also installed. This

documentation is stored under the directory named for application. For
example if my application name is App1 then the path of the
documentation will be /user/doc/App1. It contains all the information about
the application. It contains date of creating application, name of application
and other important module of the application. We can get the basic
information of application from the documentation.

Q) How shadow passwords are given?

pwconv command is used for giving shadow passwords. Shadow

passwords are given for better system security. The pwconv command
creates the file /etc/shadow and changes all passwords to ‘x’ in the
/etc/passwd file. First, entries in the shadowed file which don't exist in the
main file are removed. Then, shadowed entries which don't have `x' as the
password in the main file are updated. Any missing shadowed entries are
added. Finally, passwords in the main file are replaced with `x'. These
programs can be used for initial conversion as well to update the
shadowed file if the main file is edited by hand.

Q) How do you create a new user account?

useradd command is used for creating a new user account. When invoked
without the
-D option, the useradd command creates a new user account using the
values specified on the command line and the default values from the
system. The new user account will be entered into the system files as
needed, and initial files copied, depending on the command line options.
This command uses the system default as home directory. If –m option is
given then the home directory is made.

Q) Which password package is installed for the security of central

password?

Shadow password packages are used for security of central passwords.

Security is the most important aspect of every operating system. When this
package is not installed the user information including passwords is stored
in the /etc/passwd file. The password is stored in an encoded format.
These encoded forms can be easily identified by the System crackers by
randomly encoding the passwords from dictionaries. The Shadow Package
solves the problem by relocating the passwords to another file (usually
/etc/shadow). The /etc/shadow file is set so that it cannot be read by just
anyone. Only root will be able to read and write to the /etc/shadow file.

Q) Which shell do you assign to a POP3 mail-only account?

POP3 mail only account is assigned to the /bin/false shell. However,

assigning bash shell to a POP3 mail only gives user login access, which is
avoided. /bin/nologin can also be used. This shell is provided to the user
when we don’t want to give shell access to the user. The user cannot
access the shell and it reject shell login on the server like on telnet. It is
mainly for the security of the shells. POP3 is basically used for
downloading mail to mail program. So for illegal downloading of emails on
the shell this account is assigned to the /bin/false shell or /bin/nologin.
These both shells are same they both do the same work of rejecting the
user login to the shell. The main difference between these two shells is
that false shell shows the incorrect code and any unusual coding when
user login with it. But the nologin shell simply tells that no such account is
available. So nologin shell is used mostly in Linux.

Q) Which daemon is responsible for tracking events on Linux system?

syslogd is responsible for tracking system information and save it to the

desired log files. It provides two system utilities which provide system
logging and kernel message trapping. Internet and UNIX domain sockets
support enable this utility package to support both local and remote
logging. Every logged message contains at least a time and a hostname
field, normally a program name field, too. So to track these information this
daemon is used. syslogd mainly reacts to the set of signals given by the
user. These are the signals given to syslogd: SIGHUP: This lets syslogd
perform a re-initialization. All open files are closed, the configuration file
(default is /etc/syslog.conf) will be reread and the syslog facility is started
again. SIGTERM: The syslogd will die. SIGINT, SIGQUIT: If debugging is
enabled these are ignored, otherwise syslogd will die. SIGUSR1: Switch
debugging on/off. This option can only be used if syslogd is started with
the - d debug option. SIGCHLD: Wait for Childs if some were born,
because of waiting messages.

Q) Which daemon is used for scheduling of the commands?

The crontab command is used for scheduling of the commands to run at a

later time. SYNTAX
crontab [ -u user ] file
crontab [ -u user ] { -l | -r | -e }

Options
-l List - display the current crontab entries.

-r Remove the current crontab.

-e Edit the current crontab using the editor specified by the VISUAL or
EDITOR environment variables.
When user exits from the editor, the modified crontab will be installed
automatically. Each user can have their own crontab, and though these are
files in /var, they are not intended to be edited directly. If the –u option is
given than the crontab gives the name of the user whose crontab is to be
tweaked. If it is given without this then it will display the crontab of the user
who is executing the command.

Q) How environment variable is set so that the file permission can be

automatically set to the newly created files?
umask command is used to set file permission on newly created files
automatically.
Syntax
umask [-p] [-S] [mode]
It is represented in octal numbers. We can simply use this command
without arguments to see the current file permissions. To change the
permissions, mode is given in the arguments. The default umask used for
normal user is 0002. The default umask for the root user is 0022. For
calculating the original values, the values shown by the umask must be
subtracted by the default values. It is mainly used for masking of the file
and directory permission. The /etc/profile script is where the umask
command is usually set for all users. The –S option can be used to see the
current default permissions displayed in the alpha symbolic format.
For example, umask 022 ensures that new files will have at most 755
permissions (777 NAND 022).
The permissions can be calculated by taking the NAND of original value
with the default values of files and directories.

Update V1.1.
1.When do you need a virtual hosting ?
The term Virtual Host refers to the practice of maintaining more than one
server on one machine, as differentiated by their apparent hostname. For
example, it is often desirable for companies sharing a web server to have
their own domains, with web servers accessible
as www.company1.com and www.company2.com, without requiring the
user to know any extra path information.
2.In which port telnet is listening?
23
3.How to get the listening ports which is greater than 6000 using
netstat ?
4.How to block and openrelay ?
Open relays are e-mail servers that are configured to accept and transfer
e-mail on behalf of any user anywhere, including unrelated third parties.
The qmail-smtpd daemon will consult the rcpthosts control file to
determine valid destination addresses, and reject anything else.
5.Q) What is sandwitch configuration in qmail ?
Qmail + Clam + Spamassassin- This is normally called Sandwitch
configuration in qmail.
6.Advantages of Qmail ?
More secure, better designed, modular, faster, more reliable, easier to
configure, don't have to upgrade it every few months or worry about being
vulnerable to something due to some obscure feature being enabled
qmail supports host and user masquerading, full host hiding, virtual
domains, null clients, list-owner rewriting, relay control, double-bounce
recording, arbitrary RFC 822 address lists, cross-host mailing list loop
detection, per-recipient checkpointing, downed host backoffs, independent
message retry schedules, etc. qmail also includes a drop-in ``sendmail''
wrapper so that it will be used transparently by your current UAs.
7.Q) What is the difference between POP3 and IMAP ?
The Difference
POP3 works by reviewing the inbox on the mail server, and downloading
the new messages to your computer. IMAP downloads the headers of the
new messages on the server, then retrieves the message you want to read
when you click on it.
When using POP3, your mail is stored on your PC. When using IMAP, the
mail is stored on the mail server. Unless you copy a message to a "Local
Folder" the messages are never copied to your PC.
Scenarios of Use
POP3
 You only check e-mail from one computer.
 You want to remove your e-mail from the mail server.
IMAP
 You check e-mail from multiple locations.
 You use Webmail.
8.How to drop packets using iptables ?
Iptables -A INPUT -s xx.xx.xx.xx -d xx.xx.xx.xx -j DROP
9.Daily routines of Linux Administrators ?
*.Check the health of servers
*.Check for updates
*.Check the Backup
*.Check with the trouble ticketing system for any unread ticket.
*.Troubleshoot if there any problem
*.Installation of new servers, if needed.
*.Report to the Boss
10.How to take the Dump of a MySQL Database ?
Mysqldump databasename > dumpname
11.How to know the CPU usage of each process ?
Top, uptime
12.How to bind another IP in a NIC ?
Copy the contents eth0 to eth1, and change the ipaddress. Restart the
network. .
13.Transparently proxy all web-surfing through Squid box
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 80 -j DNAT --to
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 80 -j DNAT --to
14.Transparently redirect web connections from outside to the
DMZ web server.
iptables -t nat -A PREROUTING -i eth0 -d 192.168.1.1 -dport 80 -j DNAT –
to
15 Howto Activate the forwarding
echo 1 >/proc/sys/net/ipv4/ip_forward
16.Kill spoofed packets
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done.
$iptables -A LDROP --proto tcp -j LOG --log-level info \ --log-prefix “TCP
Drop”
- See more at: http://www.01world.in/p/linux.html#sthash.BcaJQEcC.dpuf