Tuesday, June 17, 2014

how to reassemble existing raid array with mdadm

# mdadm --assemble /dev/md5 /dev/sdc1 /dev/sde1

Thursday, June 12, 2014

using memcache for php session

สรุป พอคนเข้าเว็บเยอะ php บน debian หรือ ubuntu ไปเรียกใช้ "fuser" ในการจัดการไฟล์ session ที่หมดอายุ ซึ่งมีประสิทธิภาพต่ำมาก ต้องเปลี่ยนไปใช้ memcache แทน ฉะนั้น ปัญหาจึงหาย และ จำไว้เป็นบทเรียน


Thursday, June 5, 2014

a working iptables firewall rules

#!/bin/bash

# eth0 is connected to the Internet
# eth3 is network B

# flush all chains
iptables -F
# flush all chaines in nat table
iptables --table nat -F

# default policies
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -P INPUT DROP

# allow unlimited traffic on loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# {{{ packet forwarding
# allow packet forwarding for the entire LAN
iptables -A FORWARD -i eth3 -o eth3 -j ACCEPT # network B

# masquerade
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

# allow packet forwarding from internal network to the internet
# and allow packet forwarding from the internet to internal network
# if the packet is established or related from the internal network
iptables -A FORWARD -i eth3 -j ACCEPT # network B
iptables -A FORWARD -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# }}} packet forwarding

# ssh
iptables -A INPUT -i eth0 -p tcp -s external_ip_0,external_ip_1 --dport 22 \
  -j ACCEPT

# mosh
iptables -A INPUT -i eth0 -p udp -s external_ip_0,external_ip_2 \
  --dport 60000:61000 -j ACCEPT
# }}}

# allow incoming packets from related or established existing trusted
# connections so that we can connect to the Internet from this gateway
iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

Wednesday, June 4, 2014

apt-offline how to

update and upgrade

apt-offline set apt-offline.sig
apt-offline get apt-offline.sig -d [directory] --threads 5

apt-offline install [directory]
apt-get upgrade

install package

apt-offline set debian-install.sig --install-packages mc hdparm
apt-offline get debian-install.sig -d [directory] --threads 5

apt-offline install [directory]
apt-get install mc hdparm

misc

apt-key exportall | gpg --no-default-keyring --import --keyring /etc/apt/trusted.gpg

http://www.debian-administration.org/article/648/Offline_Package_Management_for_APT

http://blog.sleeplessbeastie.eu/2014/01/30/how-to-manage-packages-on-an-off-line-debian-system/

Tuesday, June 3, 2014

What are dvd1, dvd2, ... and update 1, update 2 in debian iso file list?