Access Control List (ACL) provides an additional, more flexible permission mechanism for file systems. ACLs allow you to provide different levels of access to files and folders for different users. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource.
Full article here:
An Introduction To Access Control Lists (ACL) (Unixmen)
One problem that some VoIP users are experiencing these days is that they have trouble connecting to their home Asterisk, FreeSWITCH, YATE, or other software PBX server, but only when using certain ISP’s. One suspicion is that certain ISP’s that offer their own VoIP or traditional landline service attempt to mess with packets using the common SIP port 5060, hoping customers will think that VoIP is unreliable and will subscribe to the company’s overpriced offering instead (see this thread at BroadbandReports.com).
There are various ways to enable an alternate SIP port on the server (in addition to the usual port 5060) but if you are using Webmin to manage your firewall, here’s an easy way, in just three steps:
Step 1:
If you use Webmin to manage your firewall, then you already know how to get to the Linux Firewall page. So go there and select the Network Address Translation (nat) table in the dropdown at the top of the page. Then when the page changes, click the topmost Add Rule button (in the Packets before routing (PREROUTING) section):
Step 2:
Now you should see this page. The items you need to change are indicated by the red ovals. The Destination TCP or UDP port is set to 7654 in this example, but don’t use that. Pick your own unique port; just make sure that it’s not used by anything else on the server already. And yes, you really do put the alternate SIP port you want to use in the Destination setting; it may not make intuitive sense but that’s just how it is. Avoid using ports in the range 10000 through 20000 because those are used for RTP traffic, and avoid ports below 1024 because those are protected ports that are reserved by the system. There are also other ports you should avoid (those used by other software on your system) but if you don’t know how to find ports in use on your system, a bit of time with a search engine will lead you to several pages that show you how to detect already active ports. It can vary a bit depending on your operating system, and it’s beyond the scope of this article.
SIP traffic is UDP only, not TCP (there may be rare exceptions but most software PBX’s use UDP by default). If by some very odd chance you are using TCP for SIP traffic (why?!?) then you will need to specify that under the Network Protocol item. Also, note that the incoming interface is set to eth0 in this example – Webmin will usually show the correct one by default, but you want to select the interface used by incoming SIP traffic if you happen to have more than one. Don’t forget to click Save when you’re finished.
Step 3:
After you have saved the page you should be back at the page you came from, and it should now show your new forwarding rule. If it does, just click Apply Configuration at the bottom of the page to make it active:
One other thing you might need to to is add a rule on the main Linux Firewall page allowing incoming traffic on your selected alternate port, if you have a restrictive firewall that blocks most traffic by default. Try it first without doing that, but if your clients can’t connect on the alternate port, just be aware that you may need to do that before they will be able to connect. For more security, you can enable access to your SIP ports only from specific IP addresses, if your remote clients are at fixed IP addresses.
Now you should be able to change the port number on your SIP endpoints from the default 5060 to your alternate port. Of course I can’t guarantee it will always work, but if you try it and suddenly find that your SIP connections become far more reliable, you might want to leave a comment, and mention the ISP that you suspect might be messing with SIP traffic.
By the way, if you are NOT using Webmin to manage your firewall, and have iptables installed, then all you should need to do is enter these two lines from a command prompt (replace 7654 with your chosen alternate port). But I strongly caution you NOT to do this if you are using Webmin to manage your firewall:
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 7654 -j REDIRECT --to-ports 5060
/etc/init.d/iptables save
Now that you have set up your personal Asterisk® server (see Tutorial), it’s time to secure it. I can’t overstate the importance of this step. Without it, you could be leaving your server’s VoIP ports open for anyone on the Internet, which may cost you a lot of money.
Full article here:
Securing Your Asterisk VoIP Server with IPTables (Lin’s Tech Blog)
You may want to block IP addresses on your Linux box under various circumstances. For example, as an end user you may want to protect yourself from known spyware or tracker IP addresses. Or when you are running P2P software, you may want to filter out connections from networks associated with anti-P2P activity. If you are a sysadmin, you may want to ban access from spam IP addresses to your production mail server. Or you may wish to block web server access from certain countries for some reason. In many cases, however, your IP address block list can grow quickly to tens of thousands of IP addresses or IP address blocks. How can you deal with it?
Full article here:
How to block unwanted IP addresses on Linux efficiently (Xmodulo)
I’m a new Linux / Unix system user. How can I set encrypted tunnel between my desktop/laptop computer and server in a remote data center to bypass the limits in a network? How do I create a reverse SSH tunnel on Unix-like systems?
SSH tunnelling can be thought as a poor-man’s-VPN. It is handy in situations where you would like to hide your traffic from any body who might be listening on the wire or eavesdropping. You can use such tunnel between your computer and your Unix/BSD/Linux server to bypass limits placed by a network or to bypass NAT, and more.
Full article here:
Set Up SSH Tunneling on a Linux / Unix / BSD Server To Bypass NAT (nixCraft)
Linux administrator should be familiar with CLI environment. Since GUI mode in Linux servers is not a common to be installed. SSH may the most popular protocol to enable Linux administrator to manage the servers via remote in secure way. Built-in with SSH command there is SCP command. SCP is used to copy file(s) between servers in secure way.
Full article here:
10 SCP Commands to Transfer Files/Folders in Linux (Tecmint)
chattr (Change Attribute) is a command line Linux utility that is used to set/unset certain attributes to a file in Linux system to secure accidental deletion or modification of important files and folders, even though you are logged in as a root user.
In Linux native filesystems i.e. ext2, ext3, ext4, btrfs, etc. supports all the flags, though all the flags won’t support to all non-native FS. One cannot delete or modify file/folder once attributes are sets with chattr command, even though one have full permissions on it.
Full article here:
5 ‘chattr’ Commands to Make Important Files IMMUTABLE (Unchangeable) in Linux (Tecmint)
It’s an annoying fact that some Windows freeware is bundled with terrible toolbars and sneaky software that does nothing but harm your system or your personal data. The worst thing is that getting rid of this junkware or crapware is a pain in the neck. If you are always facing this junkware problem, Unchecky is a useful freeware that can help you avoid unwanted junkware installations.
Full article here:
Unchecky – A Freeware to Avoid Installing Junkware in Windows (Make Tech Easier)
What Is Unity Online Search Feature?
The Unity search function in Ubuntu operating system is provided by Canonical Ltd. When you enter a search term into the dash, Ubuntu will search your computer and will record the search terms locally. Unless you have opted out, the search terms will be sent to productsearch.ubuntu.com link and selected third parties including Facebook, Twitter, BBC, and Amazon. Canonical and these selected third parties will collect your search terms and use them to provide you with search results while using Ubuntu.
Full article here:
How To Disable Unity Online Search Feature On Ubuntu 14.10 (Unixmen)
Duplicati is an open source free backup program that creates backups with the ability to store them securely encrypted, incremental and compressed on cloud storage services and remote file servers. At the moment it has the ability to work with Amazon S3, Windows SkyDrive, Google Drive, Tahoe LAFS, Rackspace Cloud or it can use your own SSH, WebDAV, SFTP or FTP file server.
Full article here:
Duplicati – An Open Source Powerful Free Backup Tool (LinOxide)
Recent Comments