Cisco IOS Port Range Forwarding

January 5, 2009 – 9:12 pm

Do you find yourself annoyed, as I do, with having to enter a NAT statement for each port forward?  Want to fix that?  Here’s how I do it:

Assumption is that we’re using a device like an 871 Router, where FastEthernet4 is our Outside Interface, and we’re using an internal IP scheme of 192.168.1.0/24, and the internal IP address that we’re port forwarding to is 192.168.1.10, and we want to port forward the ports 6800-7000 TCP and 5100-5105 UDP:

ip nat inside source route-map NAT_MAP interface FastEthernet4 overload
ip nat pool POOL_NAME 192.168.1.10 192.168.1.10 netmask 255.255.255.0 type rotary
ip nat destination list DEST_LIST pool POOL_NAME
!
ip access-list extended DEST_LIST
 permit tcp any any range 6800 7000
 permit udp any any range 5100 5105

This will forward the ports 6800-7000 TCP and 5100-5105 UDP to 192.168.1.10 using the IP address that is on the outside interface FastEthernet4.

Posted in Cisco | No Comments »

suPHP on Plesk with CentOS 5.1

June 17, 2008 – 3:31 pm

Since SuSE Enterprise does cost money, I’ve decided to also write this for a CentOS 5.1 install of Plesk.

Prerequisites:

  • PHP/LAMP Server installed by Plesk/Apache
  • PHP FastCGI Component
  • apr-1-util Component
  • httpd-devel Component
  • Development Tools (gcc/flex/bison)
  • suPHP 0.63
  • Plesk8.4

Procedure:

  1. After all prerequisites are installed, download the suPHP 0.6.3 source to the directory of your choosing. For the purposes of this document, we’re using /usr/local/src
  2. Untar the suPHP application, it should install into a directory named suphp-0.6.3
  3. Run configure with the following options (or, change for your preferred environment:)

    4. ./configure –with-apxs=/usr/sbin/apxs –with-php=/usr/bin/php-cgi –with-logfile=/var/log/suphp.log –with-min-uid=30 –with-min-gid=30 –with-apache-user=apache –with-apr=/usr/bin/apr-1-config –with-setid-mode=owner –prefix=/usr –sysconfdir=/etc

  4. After configure succeeds, run the usual make:

    5. make

  5. All should go well with your make. If so, then run make install:

    6. make install

  6. We’re not done yet. We’ve created mod_suphp.so, which is now located in /usr/lib/httpd/modules, but need to create a new file in /etc/httpd/conf.d/ called “suphp.conf”.  It should look like this:

    7. LoadModule suphp_module modules/mod_suphp.so

    <Directory /var/www/vhosts>
    php_admin_value engine off
    suPHP_Engine On
    AddHandler x-httpd-php .php .php3 .php4 .php5
    suPHP_AddHandler x-httpd-php
    </Directory>

  7. Now that we’ve added this file, we need to restart apache:

    8. service httpd restart

  8. We’re nearly finished. Now we need to create our configuration for suPHP. Create a file in /etc named “suphp.conf”. Add in the following lines to configure it:

    9. [global]
    logfile=/var/log/suphp.log
    loglevel=info
    webserver_user=apache
    docroot=/var/www/vhosts
    allow_file_group_writeable=false
    allow_file_others_writeable=false
    allow_directory_group_writeable=false
    allow_directory_others_writeable=false
    check_vhost_docroot=false
    errors_to_browser=false
    env_path=/bin:/usr/bin
    umask=0022
    min_uid=30
    min_gid=30

    [handlers]
    x-httpd-php=php:/usr/bin/php-cgi
    x-suphp-cgi=execute:!self

  9. You need to edit /etc/httpd/conf/httpd.conf and either remove the following two lines, or comment them out:
    AddType application/x-httpd-php .php
    AddType application/x-httpd-php-source .phps
  10. Restart apache one more time.

    11. service httpd restart

Voila! If you add a file into a directory, say named info.php that had permissions above 0644 - the execution should fail. Directories are required to be 755, files can be no more than 644. This is especially useful for things like Joomla that have their own installers that use incorrect permissions due to PHP running as the user that runs apache. There is only one file that CentOS uses for PHP configuration, which is /etc/php.ini

A great way to test this is by trying software like Joomla - files will execute as you’d expect them to, as the user in question. There may be some issues due to things like not supporting PHP-FastCGI support, but most files won’t notice the difference. Also, make sure you rotate that suphp.log file, as it will grow in info mode, as it logs each file execution. Read the rest of this entry »

Posted in Tech | 2 Comments »

HP Pavilion dv6871us Windows XP Drivers

May 11, 2008 – 4:58 pm

Recently I purchased a new laptop, an HP Pavilion DV6871. Quite powerful, Core2Duo Processor, 3GB RAM, 320GB Hard Drive, Geforce 8400GS… not a bad machine, with one exception - it came along with Windows Vista. As I couldn’t stand Windows Vista, I eventually began searching hard for drivers for this thing, as Windows XP drivers are quite lacking on HP’s website, which was terribly disappointing. Well, I’m writing this in Windows XP with all drivers successfully installed, a mashup of HP’s official drivers, HP drivers taken from different laptop models (HP Business Laptops 6710b and 6910), and vendor specific drivers both completely supported and some not supported at all (the nVidia drivers required a special INF file to install).

The driver list to run XP on the HP Pavilion dv6871 is as follows: (you can modify this for the 683x series as well, just go get Intel’s GMA drivers from intel.com).

The only caveat I’ve discovered at this point: I have a Linksys Wireless-N router, 802.11n worked just fine in Windows Vista. This is NOT the case in XP. I had to set the router to be 802.11b/g only for the wireless card to work right. Just a heads-up.

Past that caveat - I’m noticing a lot better performance in general, XP is running great and I couldn’t be happier. Now if only HP would release these drivers to the public.

Posted in Tech | 1 Comment »

suPHP on Plesk with SuSE Linux Enterprise Server 10

February 21, 2008 – 4:03 pm

Recently, I’ve come across an issue with Plesk/PHP sites, particularly those that are running applications like Joomla, which for some reason require 777 permissions quite often. I’m not terribly thrilled by this, so I went in search of a solution to help combat this. Right now, we’ve got this in testing, but we’re using suPHP to do our dirty work. Installation wasn’t necessarily trivial, as we did have some issues during the compile phase, along with the fact that you do need the fastcgi version of PHP (installable via YaST) installed. Here’s my step-by-step installation instructions:

Prerequisites:

  • PHP/LAMP Server installed by Plesk/Apache
  • PHP FastCGI Component
  • apr-1-util Component
  • apache2-devel Component
  • Development Tools (gcc/flex/bison)
  • suPHP 0.62
  • Plesk8.3

Procedure:

  1. After all prerequisites are installed, download the suPHP 0.62 source to the directory of your choosing. For the purposes of this document, we’re using /usr/local/src
  2. Untar the suPHP application, it should install into a directory named suphp-0.6.2
  3. Copy or link all files from /usr/include/apr-1 into /usr/include/apache2
  4. Copy /srv/www/cgi-bin/php5 to /usr/bin/php5-cgi
  5. Run configure with the following options (or, change for your preferred environment:)

    6. ./configure –with-apxs=/usr/sbin –with-php=/usr/bin/php5-cgi –with-logfile=/var/log/suphp.log –with-min-uid=30 –with-min-gid=30 –with-apache-user=wwwrun –with-apr=/usr/bin/apr-1-config –with-setid-mode=owner –prefix=/usr –sysconfdir=/etc

  6. After configure succeeds, run the usual make:

    7. make

  7. All should go well with your make. If so, then run make install:

    8. make install

  8. We’re not done yet. We’ve created mos_suphp.so, which is now located in /usr/lib/apache2, but need to modify /etc/sysconfig/apache2 so that our suphp module is included. You can do so by changing the following line:

    9. APACHE_MODULES=”rewrite actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif ssl suexec userdir php5 perl”

    To:

    APACHE_MODULES=”rewrite actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif ssl suexec userdir php5 perl suphp”

    Notice, all I’ve done is added in “suphp” to the end of the string.

  9. Now that we’ve done this, we need to restart apache:

    10. rcapache2 restart

  10. Once this is done, check /etc/apache2/sysconfig.d/loadmodule.conf to make sure the following line is added:

    11. LoadModule suphp_module /usr/lib/apache2/mod_suphp.so

  11. We’re nearly finished. Now we need to create our configuration for suPHP. Create a file in /etc named “suphp.conf”. Add in the following lines to configure it:

    12. [global]
    logfile=/var/log/suphp.log
    loglevel=info
    webserver_user=wwwrun
    docroot=/srv/www/vhosts
    allow_file_group_writeable=false
    allow_file_others_writeable=false
    allow_directory_group_writeable=false
    allow_directory_others_writeable=false
    check_vhost_docroot=false
    errors_to_browser=false
    env_path=/bin:/usr/bin
    umask=0022
    min_uid=30
    min_gid=30

    [handlers]
    x-httpd-php=php:/usr/bin/php5-cgi
    x-suphp-cgi=execute:!self

  12. Save this file, our final configuration is within the /etc/apache2/httpd.conf file at the end of that file:

    13. <Directory /srv/www/vhosts>
    php_admin_value engine off
    suPHP_Engine On
    AddHandler x-httpd-php .php .php3 .php4 .php5
    suPHP_AddHandler x-httpd-php
    </Directory>

    Which will also add the following two lines, make sure to comment them out:

    #AddType application/x-httpd-php .php
    #AddType application/x-httpd-php-source .phps

  13. Restart apache one more time:

    14. rcapache2 restart

Voila! If you add a file into a directory, say named info.php that had permissions above 0644 - the execution should fail. Directories are required to be 755, files can be no more than 644. This is especially useful for things like Joomla that have their own installers that use incorrect permissions due to PHP running as the user that runs apache. Remember, there are two PHP configurations now, /etc/php5/apache2/php.ini (this is our general config for things like plesk/webmail), and /etc/php5/fastcgi/php.ini (this is our config for websites that run under suPHP).

A great way to test this is by trying software like Joomla - files will execute as you’d expect them to, as the user in question. There may be some issues due to things like not supporting PHP-FastCGI support, but most files won’t notice the difference. Also, make sure you rotate that suphp.log file, as it will grow in info mode, as it logs each file execution. Read the rest of this entry »

Posted in Tech | 1 Comment »

Halo 3 Launch

September 25, 2007 – 8:42 am

After waiting about 2-2 1/2 hours in line at Gamestop on West Mason, I happily picked up my copy of Halo 3.  Then, based on the news reports of the day, opened 4 copies of the game (I picked up the limited edition copy), and had 3 scratched game discs in a row.  Luckily, my 4th was the charm, even though the extras disc was damaged.  No matter - I got what I wanted and headed home, I could always try and get a new extras disc.  I played about an hour, and, due to somewhat better judgment than I wanted, went to bed, satisfied with my purchase.

This morning, I decided to read some of the launch coverage, with articles like this that almost seem like they *wanted* a riot to break out.  Look - gamers can be rather excited and such, but we’re not dicks.  This kind of crap where people say “But when midnight rolled around, it was unclear whether the eager, heavily sugared and caffeinated gamers or the camera-wielding press would be the ones to start some kind of riot. Luckily, no one did.”  That’s total BS.  You went there looking for a fight and didn’t get it.  Too bad.

I look forward to taking my shots in the game tonight on multiplayer as it’s our usual Tuesday multiplayer night.  Good times about to be had.  Good times indeed.

Posted in Gaming | No Comments »

“Technically” Advanced is proudly powered by WordPress Entries (RSS) and Comments (RSS). Theme by Bob