HTTP/1.1 New session failed

Got the above error message on the mail server this afternoon which was a new one on me. Apparently it is caused by the lack of available memory on the server. We have 1.5GB of physical memory, the STORE.exe process was taking 900MB of that and there was a console message (not much use when I’m sitting at my desk!) mentioning that it had increased the virtual memory used. The eventlog had various error messages such as the one in the extended entry which explained the above. I had scheduled a reboot for 10pm tonight but then customers started ringing to say they couldn’t get into our web front end so I had to reboot. This is the first time I’ve had this so I hope it doesn’t start to become a regular problem.

COM+ has determined that your machine is running very low on available memory. In order to ensure proper system behavior, the activation of the component has been refused. If this problem continues, either install more memory or increase the size of your paging file. Memory statistics are:
dwMemoryLoad = 83
dwTotalPhys = 1599635456
dwAvailPhys = 258523136
dwTotalPageFile = -1241755648
dwAvailPageFile = 143310848
dwTotalVirtual = 2147352576
dwAvailVirtual = 2044035072
Server Application ID: {3D14228D-FBE1-11D0-995D-00C04FD919C1}
Server Application Name: IIS Out-Of-Process Pooled Applications

Posted on July 30, 2010 at 11:13 am by admin · Permalink · Leave a comment
In: IIS

linux查看系统版本和系统位数

1. uname -a

you will view  kernel name、network node hostname、kernel release、kernel version、machine hardware name、processor type 、hardware platform、operating system

2. cat /proc/version

his file will not show you the name of the actual OS release, but will instead give you specifics about the version of Linux kernel used in your distribution, and confirm the version of a GCC compiler used to build it.

If you cat the /proc/version file, this is what you’re going to see (I’m using a CentOS 5.4 system for this):

cat /proc/version

Linux version 2.6.18-164.11.1.el5 (mockbuild@builder16.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)) #1 SMP Wed Jan 20 07:39:04 EST 2010

In this output, you get to see the following information:

Exact version of the Linux kernel used in your OS: Linux version 2.6.18-164.11.1.el5

Name of the user who compiled your kernel, and also a host name where it happened: mockbuild@builder16.centos.org

Version of the GCC compiler used for building the kernel: gcc version 4.1.2 20080704

Type of the kernel – SMP here means Symmetric MultiProcessing kernel, the one that supports systems with multiple CPUs or multiple cpu cores

Date and time when the kernel was built: Wed Jan 20 07:39:04 EST 2010

3. cat /etc/issue

Catting /proc/version or uname will only show you information that has been set for compile into the kernel. Only the major distributions will put some special marks for identification, in the form such as custom kernel version tag or gcc version string. But this is not necessarily true especially if the kernel is a self compiled kernel.

For example, here is the /proc/version from my Slackware server:

4. lsb_release -a

这个命令适用于所有的linux,包括Redhat、SuSE、Debian等发行版,但不能查看系统位数。

5.如果你知道你的操作系统是什么,但不确定具体版本,下面有几种方法你可以使用

不同的 UNIX-like 操作系统根据他们的发行版本不同而存储信息不同

RedHat Linux

bash-3.1$ cat /etc/redhat-release
Red Hat Enterprise Linux Client release 5 (Tikanga)

Ubuntu Linux

bash-3.1$ cat /etc/issue
Ubuntu 6.10 n l

SUSE Linux

~> cat /etc/SuSE-release
SUSE Linux Enterprise Desktop 10 (x86_64)
VERSION = 10

Sun Solaris

bash-2.03$ cat /etc/release
Solaris 8 2/04 s28s_hw4wos_05a SPARC
Copyright 2004 Sun Microsystems, Inc.  All Rights Reserved.
Assembled 08 January 2004
Posted on July 8, 2010 at 4:15 pm by admin · Permalink · Leave a comment
In: Linux管理维护

[转]SQUID FOR WIN + DNSPOD 搭建CDN服务器手记

呵呵,今天没事做,学了下搭建CDN,先用公司的一个域名试了一下,成功.www.uduu.sh.cn
说名一下,www.uduu.sh.cn主服务器IP为61.129.33.42为上海电信
因为中国网络问题,一些网通用户访问速度较慢,
所以,我选择了用大连网通服务器做CDN,服务器IP为218.61.10.172
也就是
主服务器:61.129.33.42
CDN服务器:218.61.10.172

首先下载squid for windows安装包 squid-2.7.STABLE5-bin.zip
然后解压缩,放到C盘squid目录内.
进入目录C:\squid\etc内,将所有文件的.default全部删掉
编辑下squid.conf,将所有内容删掉,替换以下内容,并保存

http_port 80 vhost vport=80
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 1024 MB
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 256 KB
cache_dir ufs c:/squid/var/cache 40960 16 256
cache_swap_low 80
cache_swap_high 97
strip_query_terms off
request_body_max_size 5 MB
memory_pools on
memory_pools_limit 50 MB
access_log none
cache_log none c:/squid/var/logs/cache.log
cache_store_log none
pid_filename c:/squid/var/logs/squid.pid
hosts_file C:\WINDOWS\system32\drivers\etc\hosts
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i .gif 180 20% 10080 override-expire ignore-reload reload-into-ims
refresh_pattern -i .jpg 180 20% 10080 override-expire ignore-reload reload-into-ims
refresh_pattern .                           120  50%    1440
acl all src 0.0.0.0/0.0.0.0
acl p-manager proto cache_object
acl s-localhost src 127.0.0.1/255.255.255.255
acl d-localhost dst 127.0.0.0/8
acl d-domains dstdomain .uduu.com
acl d-domains dstdomain www.uduu.sh.cn
acl p-ssl  port 443 563
acl p-safe port 80 443 563
acl m-conn method CONNECT
acl m-purge method PURGE
acl n-maxconn maxconn 15
http_access allow p-manager s-localhost
http_access allow m-purge
http_access allow  !p-safe
http_access deny  m-conn !p-ssl
http_access deny  n-maxconn
http_access allow p-manager
http_access allow d-domains
http_access allow all
http_reply_access allow all
acl r-url urlpath_regex realtime
cache deny r-url
icp_access allow all
follow_x_forwarded_for allow all
acl_uses_indirect_client offrange_offset_limit -1
dns_timeout 2 seconds
forward_timeout 10 seconds
connect_timeout 10 seconds
peer_connect_timeout 6 seconds
read_timeout 10 seconds
request_timeout 6 seconds
persistent_request_timeout 16 seconds
cache_mgr webmaster@uduu.net
cache_effective_user nobody
cache_effective_group nobody
visible_hostname www.uduu.sh.cn
logfile_rotate 0
always_direct allow all
#error_directory /usr/local/squid/share/errors/Simplify_Chinese
coredump_dir c:/squid/var/cache
access_log c:/squid/var/logs/access.log squid
cache_log  c:/squid/var/logs/cache.log
cache_store_log  c:/squid/var/logs/store.log

打开目录c:\squid\var
新建两个目录,分别为cache和logs

打开CMD,进入c:\squid\sbin目录,执行squid -i 将SQLUID写入服务项
初始化cache目录squid -z 如果配置文件出错的话,初始化cache目录将会出错。
关闭或禁用IIS
在服务里面运行squid
———–到这里,squid部分就搭建成功了

下面开始做域名解析.
打开目录C:\WINDOWS\system32\drivers\etc
用记事本打开hosts编辑并保存
61.129.33.42 www.uduu.sh.cn uduu.sh.cn

DNSpod大家都会用啦,
把域名NS服务器换到DNSpod上来
然后将电信IP指向61.129.33.42
将网通IP指向218.61.10.172
等A记录生效……..

生效后,首次打开网站速度可能会慢,或者出错吧,二次访问后速度就会飞快啦,呼呼~~~

Posted on July 8, 2010 at 2:00 pm by admin · Permalink · Leave a comment
In: 杂七杂八

Smarty 配置文件中的相对路径

<?php
//include_once(“Smarty/libs/Smarty.class.php”);
require_once $_SERVER['DOCUMENT_ROOT'].”/Smarty/libs/Smarty.class.php”;
$smarty=new smarty();
$smarty->compile_check=true;
$smarty->config_dir=$_SERVER['DOCUMENT_ROOT'].”Smarty/libs/Config_File.class.php”;
$smarty->caching=false;
$smarty->template_dir=$_SERVER['DOCUMENT_ROOT'].”/Smarty/templates”;
$smarty->compile_dir=$_SERVER['DOCUMENT_ROOT'].”/Smarty/templates_c”;
$smarty->cache_dir=$_SERVER['DOCUMENT_ROOT'].”/Smarty/cache”;
//  ————————————–
$smarty->left_delimiter=”<{“;
$smarty->right_delimiter=”}>”;
?>
Posted on July 7, 2010 at 5:29 pm by admin · Permalink · Leave a comment
In: Smarty

Windows 2003下配置IIS+PHP4+Mysql4+zend

一、下载PHP 4.4.9 zip package http://mirrors.sohu.com/php/php-4.4.9-Win32.zip(注意如果下载的是installer版,就只要直接双击安装了,这里记录的是手动安装的方法。)
二、解压缩到你要安装的目录,例如c:\php
三、将c:\php\sapi\phpisapi.dll与c:\php\phpts.dll拷贝到系统盘windows\system32目录下面
四、将c:\php\php.ini-dist拷贝到系统盘windows目录下面,改名为php.ini
五、打开控制面板-管理工具-Internet 信息服务, 右键点击“默认网站”-属性,点击“ISAPI筛选器”选项卡,点击添加,筛选器名称填php,可执行文件选择c:\php\sapi\phpisapi.dll,点击确定。(Internet信息服务需要安装IIS,插入xp pro的安装光盘选择安装组件,勾选IIS,即可安装。)
六、点击“主目录”选项卡,点击右下角的“配置”,在“映射”选项卡里面点击添加,可执行文件同样选择c:\php\sapi\phpisapi.dll,扩展名填写.php(注意别少了点),点击确定。
七、编辑刚才的php.ini文件,找到extension_dir,改为php安装目录,例如c:\php\extensions, 然后如果需要打开一些库,只要将相应的语句前面分号去除即可,例如;extension=php_gd2.dll去掉前面分号之后就支持gd库了。
八、添加Web服务扩展,右击添加一个新的Web服务扩展。扩展名选择php,另外再选择要求的文件时,选择c:\php\sapi\phpisapi.dll
九、重启IIS,最傻瓜的方法当然是重启电脑了。
十、编写测试程序,查看phpinfo,例如:建立phpinfo.php,放置到IIS虚拟目录下,其中撰写代码如下:
<?php
phpinfo();
?>
然后就可以通过http://localhost/phpinfo.php 查看了, 如果看到了php信息说明安装成功了。如果不行,检查上面操作是否正确。

这是php已经安装在IIS上了,默认是支持mysql的,不用像php5那样,得加载DLL文件。

我们只需单独下载MYSQL4和Zend即可。Zend会自动匹配php.ini并做相应的修改。

done

Posted on July 2, 2010 at 4:50 pm by admin · Permalink · Leave a comment
In: Mysql基础

Centos下vpn(pptpd)的部署

一、安装
在centos 5下面安装pptpd最省事的安装就是下载rpm包pptpd-1.3.4-1.rhel5.1.i386.rpm,然后直接执行 rpm –ivh pptpd-1.3.4-1.rhel5.1.i386.rpm 。幸运的是这个包没有其他依赖,因此安装应该是异常的顺利。如果使用源码安装,会出现ppp版本高的情况,需删除pppd2.3.4 再安装pppp2.4.3,反而麻烦了。

安装完rpm包后,自动生成几个配置文件,主配置文件/etc/pptpd.conf,选项文件/etc/ppp/options.pptpd, 帐号文件/etc/ppp/chap-secrets.后面配置pptpd主要就是对这几个文件进行修改。

二、vpn拓扑结构
vpn的访问逻辑上存在3个网络:
1、  欲访问的目标网络。通常在vpn服务器所在的内部网络(vpn服务器有2个网卡,一个是公网的,一个是私有网络的)
2、  Vpn的公网网络。
3、  Vpn连接后与客户端形成的虚拟网络。建议单独设置一个网络,这样就不会占用vpn后面的私有网络(目标网络)的ip资源/地址。

当然vpn隧道网络可以跟目标网络是同一个网段,不过不推荐这样。

三、vpn服务器端的配置

(一)修改主配置文件/etc/pptpd.conf.只需要加入下面两行:

localip  172.16.195.1

remoteip 172.16.195.101-200

Localip这行是给vpn服务器设置一个隧道ip
Remoteip是自动分配给客户端的ip地址范围。

(二)修改选项文件/etc/ppp/options.pptpd.需要设定分配给客户端的dns,因此仅需把ms-dns前的注释去掉,改成可用的dns如下:

ms-dns 61.135.154.5

ms-dns 159.226.240.66

为了方便查看调试信息,把debug行前面的注释取消即可。Dump前的注释也取消。

(三)添加帐号。通过编辑文件/etc/ppp/chap-secrets逐行加入;一个账号占一行。一行分4列,其表示如下:

用户名         没有字符数限制

服务器名            Pptpd—都用这个,如果用其它的名称,需要修改options.pptpd文件的name行的内容

密码                 用双引号的话,密码就不能包含双引号了

ip                   * 表示有pptpd随机分配ip

账号和密码是明文的,所以需要妥善设置访问权限。一个设置好的账号文件与下列项目类似:
“sery”    pptpd   “&hds)$+”   *

四、运行pptpd.执行命令service pptpd start或者执行/etc/init.d/pptpd 即可启动它。通过检查进程、查看系统日志来确定pptpd是否正常。

五、客户端配置(windows)。这个应该很容易了,就不再多费口舌。

六、拨号登录。

拨号过程中,登录到vpn服务器查看日志,会看到用户的连接情况,下面是截取的一个片断,供参考:

Dec 19 17:16:01 max-vpn pppd[9833]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Dec 19 17:16:01 max-vpn pppd[9833]: pptpd-logwtmp: $Version$
Dec 19 17:16:01 max-vpn pppd[9833]: pppd options in effect:
Dec 19 17:16:01 max-vpn pppd[9833]: debug               # (from /etc/ppp/options.pptpd)
Dec 19 17:16:01 max-vpn pppd[9833]: logfile /etc/ppp/vpn.log            # (from /etc/ppp/options.pptpd)
Dec 19 17:16:01 max-vpn pppd[9833]: dump                # (from /etc/ppp/options.pptpd)
Dec 19 17:16:01 max-vpn pppd[9833]: plugin /usr/lib/pptpd/pptpd-logwtmp.so              # (from command line)
Dec 19 17:16:01 max-vpn pppd[9833]: require-mschap-v2           # (from /etc/ppp/options.pptpd)
Dec 19 17:16:01 max-vpn pppd[9833]: refuse-pap          # (from /etc/ppp/options.pptpd)
Dec 19 17:16:01 max-vpn pppd[9833]: refuse-chap         # (from /etc/ppp/options.pptpd)
Dec 19 17:16:01 max-vpn pppd[9833]: refuse-mschap               # (from /etc/ppp/options.pptpd)
Dec 19 17:16:01 max-vpn pppd[9833]: name pptpd          # (from /etc/ppp/options.pptpd)
Dec 19 17:16:01 max-vpn pppd[9833]: pptpd-original-ip 200.199.118.72           # (from command line)
Dec 19 17:16:01 max-vpn pppd[9833]: 115200              # (from command line)
Dec 19 17:16:01 max-vpn pppd[9833]: lock                # (from /etc/ppp/options.pptpd)
Dec 19 17:16:01 max-vpn pppd[9833]: local               # (from command line)
Dec 19 17:16:01 max-vpn pppd[9833]: novj                # (from /etc/ppp/options.pptpd)
Dec 19 17:16:01 max-vpn pppd[9833]: novjccomp           # (from /etc/ppp/options.pptpd)
Dec 19 17:16:01 max-vpn pppd[9833]: ipparam 200.199.118.72             # (from command line)
Dec 19 17:16:01 max-vpn pppd[9833]: ms-dns xxx # [don't know how to print value]                # (from /etc/ppp/options.pptpd)
Dec 19 17:16:01 max-vpn pppd[9833]: proxyarp            # (from /etc/ppp/options.pptpd)
Dec 19 17:16:01 max-vpn pppd[9833]: 172.16.195.1:172.16.195.101-200               # (from command line)
Dec 19 17:16:02 max-vpn pppd[9833]: nobsdcomp           # (from /etc/ppp/options.pptpd)
Dec 19 17:16:02 max-vpn pppd[9833]: require-mppe-128            # (from /etc/ppp/options.pptpd)
Dec 19 17:16:02 max-vpn pppd[9833]: pppd 2.4.4 started by root, uid 0
Dec 19 17:16:02 max-vpn pppd[9833]: Using interface ppp0
Dec 19 17:16:02 max-vpn pppd[9833]: Connect: ppp0 <–> /dev/pts/1
Dec 19 17:16:02 max-vpn pptpd[9832]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Dec 19 17:16:02 max-vpn pppd[9833]: Unsupported protocol ‘IPv6 Control Protovol’ (0×8057) received
Dec 19 17:16:02 max-vpn pppd[9833]: MPPE 128-bit stateless compression enabled
Dec 19 17:16:04 max-vpn pppd[9833]: Cannot determine ethernet address for proxy ARP
Dec 19 17:16:04 max-vpn pppd[9833]: local  IP address 172.16.195.1
Dec 19 17:16:04 max-vpn pppd[9833]: remote IP address 172.16.195.101
Dec 19 17:16:04 max-vpn pppd[9833]: pptpd-logwtmp.so ip-up ppp0 sery 200.199.118.72
[root@max-vpn ~]#

这段日志表明已经有一个来自200.199.118.72连接到vpn服务器,其账号为sery,分配给这个客户端机器的vpn地址是172.16.195.101.在拨号的机器(windows)上查看其现在的网络参数

C:\Users\sery>ipconfig/all
Windows IP 配置
主机名  . . . . . . . . . . . . . : sery-sony
主 DNS 后缀 . . . . . . . . . . . :
节点类型  . . . . . . . . . . . . : 混合
IP 路由已启用 . . . . . . . . . . : 否
WINS 代理已启用 . . . . . . . . . : 否
DNS 后缀搜索列表  . . . . . . . . : ratepk.com
PPP 适配器 VPN 连接:
连接特定的 DNS 后缀 . . . . . . . :
描述. . . . . . . . . . . . . . . : VPN 连接
物理地址. . . . . . . . . . . . . :
DHCP 已启用 . . . . . . . . . . . : 否
自动配置已启用. . . . . . . . . . : 是
IPv4 地址 . . . . . . . . . . . . : 172.16.195.101(首选)
子网掩码  . . . . . . . . . . . . : 255.255.255.255
默认网关. . . . . . . . . . . . . : 0.0.0.0
DNS 服务器  . . . . . . . . . . . : 61.135.154.5
159.226.240.66
TCPIP 上的 NetBIOS  . . . . . . . : 已启用
七、设置路由及ip伪装。虽然在这里可以登录vpn服务器,但由于没有设置相关的转发规则,因此还是没办法访问vpn后面的私有网络或者通过vpn访问互联网(windows机器会在状态栏的网络连接图标显示一个黄色的感叹号)。所以还需要完成下面几步才算真正结束了—看了一些网上的文章,通常就是在这里结束了,看来作者只是登录了一下虚拟环境。
(一)   开启ip转发功能:修改配置文件/etc/sysctl.conf,使net.ipv4.ip_forward = 1
(二)   写个脚本文件,实现路由,其内容大致如下:
[root@max-vpn ~]# more /usr/local/bin/vpn_route.sh
#!/bin/bash
/sbin/iptables -t nat -A POSTROUTING -s 192.168.195.0/24 -o eth0 -j SNAT –to-source 61.135.251.50
/sbin/iptables -t nat -A POSTROUTING -s 172.16.195.0/24 -o eth1 -j SNAT –to-source 192.168.195.166
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

目标网络/vpn的内部网络为192.168.195.0/24,vpn服务器有2个网卡,其中一个连接公网(eth0),ip地址是61.135.251.51,另外一个网卡连私有网络,ip是192.168.195.166。这样就能正常地路由所涉及的网络了。手动执行一下这个脚本,看客户端(windows)是否能访问目标网络里的机器:最简单的方法就是ping,假定目标网络里有一个192.168.195.100的机器,并请允许icmp通过,ping 192.168.195.100 ,正常的话,再进一步访问这个服务器(如远程登录)。没有问题的话,把它加在开机自启里面。为安全起见,你可以在这个脚本里加更多的iptables规则。

Posted on June 28, 2010 at 10:22 am by admin · Permalink · Leave a comment
In: Linux管理维护

Iptables 命令使用举例

Iptables 命令使用举例

1、链的基本操作

(1) 清除所有规则

1) 清除预设表filter中所有规则链中的规则

# iptables –F

2) 清除预设表filter中使用者自定链中的规则

# iptables –X

3)将指定链中所有规则的包字节计数器清零

# iptables –Z

(2)设置链的默认策略

1)先允许,再禁止

用下面的命令初始化

# iptables –P INPUT  ACCEPT

# iptables –P OUTPUT  ACCEPT

# iptables –P FORWARD ACCEPT

2) 先禁止,再允许

用下面的命令初始化

# iptables –P INPUT  DROP

# iptables –P OUTPUT  DROP

# iptables –P FORWARD DROP

3)列出表/链中的所有规则

# iptables –L –n

4)向链中添加规则。下面的语句用于开放网络接口

# iptables –A INPUT –i lo –j ACCEPT

# iptables –A OUTPUT –o lo –j ACCEPT

# iptables –A INPUT –i eth0 –j ACCEPT

# iptables –A OUTPUT –o eth0 –j ACCEPT

# iptables –A FORWARD –i eth0 –j ACCEPT

# iptables –A FORWARD –o eth0 –j ACCEPT

5)使用用户自定义链

# iptables –N custom

# iptables –A custom –s 0/0 –d 0/0 –p icmp –j DROP

# iptables –A INPUT –s 0/0 –d 0/0 –j custom 

2、设置基本的规则匹配(忽略目标动作)

(1) 指定协议匹配

1) 匹配指定的协议

# iptables –A INPUT –p tcp

2) 匹配指定协议之外的所有协议

# iptables –A INPUT –p ! tcp

(2) 指定地址匹配

1) 指定匹配的主机

# iptables –A INPUT –s 192.168.0.1

2) 指定匹配的网络

# iptables –A INPUT –s 192.168.0.0/24

3) 匹配指定主机之外的地址

# iptables –A INPUT –s ! 192.168.0.1

4) 匹配指定网络之外的网络

# iptables –A INPUT –s ! 192.168.0.1/24

(3) 指定网络接口匹配

1) 指定单一的网络接口匹配

# iptables –A INPUT –i eth0

iptables –A FORWARD –o eth0

2) 指定同类型的网络接口匹配

# iptables –A FORWARD –o ppp+

(4) 指定端口匹配

1) 指定单一的端口匹配

# iptables –A INPUT –p tcp –sport wwww

# iptables –A INPUT –p tcp –sport 80

# iptables –A INPUT –p udp –sport 53

iptables –A INPUT –p udp –dport 53

2) 匹配指定端口之外的端口

# iptables –A INPUT –p tcp –dport !22

3) 匹配指定的端口范围

# ipbables –A INPUT –p tcp –sport 22:80

4) 匹配ICMP端口和ICMP 类型

# iptables –A INPUT –p icmp-type 8

(5) 指定IP碎片

# iptables –A FORWARD –p tcp –s 192.168.0.0/24 –d 192.168.2.100 –dport 80 –f ACCEPT

# iptables –A FORWARD –f –s 192.168.0.0/24 –d 192.168.2.100 –j ACCEPT

3、设置扩展的规则匹配(忽略目标动作)

1)多端口匹配扩展

1)匹配多个源端口

# iptables –A INPUT –p tcp –m multiport –source-port 22,53,80,110

2)匹配多个目的端口

# iptables –A INPUT –p tcp –m multiport –destination-port 22,53,80,110

3)匹配多个端口

# iptables –A INPUT –p tcp –m multiport –prot 22,53,80,110

2)指定TCP匹配扩展

通过使用–tcp-flags 选项可以根据TCP包的标志位进行过滤,第一个参数为要检查的标志位;第二个参数是标志位为1的标志

# iptables –A INPUT –p tcp –tcp-flags SYN,FIN,ACK SYN

# iptables –p tcp –syn

表示SYNACKFIN的标志都要检查,但是只有设置了SYN的才匹配

# iptables –A INPUT –p tcp –tcp-flags ALL SYN,ACK

表示ALLSYNACKFINRSTUSGPSH)的标志都要检查,但是只有设置了SYNACK的才匹配

3limit速率匹配扩展

1)指定单位时间内允许通过的数据包个数

# iptables –A INPUT –m limit –limit 300/hour

表示限制每小时允许通过300个数据包

2)指定触发事件的阀值(默认值是5

# iptables –A INPUT –m limit –limit-burst 10

表示一次涌入的封包超过10个将被直接丢弃

3)同时指定速率限制和触发阀值

# iptables –A INPUT –p icmp –m limit –limit 3/m –limit-burst 3

Posted on June 24, 2010 at 5:40 pm by admin · Permalink · Leave a comment
In: Linux管理维护

Bind Multiple IP Addresses to a Single Network Interface Card IN the Centos

Changing/Setting main ip

Edit the file /etc/sysconfig/network-scripts/ifcfg-eth0 and change the value of IPADDR, NETMASK , NETWORK and BROADCAST
Example ifcfg-eth0 file:
DEVICE=eth0
BOOTPROTO=none
BROADCAST=192.168.1.255
IPADDR=192.168.1.50
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
USERCTL=no
PEERDNS=no
TYPE=Ethernet
Description: Dont forget to restart network after the change with below command
service network restart
Connect again using new ip if all is well.

Adding more IPs

# Copy the config file to create an alias ip
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:1
#Now edit the new file /etc/sysconfig/network-scripts/ifcfg-eth0:1 and change “DEVICE=eth0″ to “DEVICE=eth0:1″ and change ip to the new ip you want to assign. Save and exit. Then use tbe below command to bring it live.
ifup eth0:1

Adding a range of IPs

# Remove ifcfg-eth files from /etc/sysconfig/network-scripts/
#Create a file /etc/sysconfig/network-scripts/ifcfg-eth0-range0 if this doesn’t exist, or just add to it if you already have it, the following lines:

IPADDR_START=192.168.0.100
IPADDR_END=192.168.0.200
CLONENUM_START=0

where: IPADDR_START is the first IP and IPADDR_END is the last IP in the range. CLONENUM_START is the number that will be assigned to the first IP alias interface (eth0:0 in this example).

If you need to add more ranges of IPs then just use a different file for ex. ifcfg-eth0-range1, for each one of the ranges. You need to be careful and use the proper CLONENUM_START to not overwrite other aliases. Once you have configured the range/s of IPs you just need to restart the network service in order to activate it:

service network restart
Posted on June 24, 2010 at 4:28 pm by admin · Permalink · Leave a comment
In: Linux管理维护

Centos下 pptpd vpn 分别使用不同出口IP

前期准备:使用一键安装PPTPD VPN
安装完成后,即可进相关配置,实现不用的用户名登录,使用不同的出口IP
修改/etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client        server        secret                  IP addresses
test                  pptpd      123                         192.168.0.98
保存
在chap-secrets中,我们设定用户test使用内网ip是192.168.0.98,在下一步中,我们将设定iptables 防火墙,使192.168.0.98使用转由222.222.222.98出去
iptables -t nat -A POSTROUTING -s 192.168.0.98 -j SNAT –to 222.222.222.98
重启pptpd服务
service pptpd restart
Posted on June 24, 2010 at 3:52 pm by admin · Permalink · Leave a comment
In: Linux管理维护 · Tagged with: 

可用IP查询,ip段/27/29/30网关,子网掩码,广播地址查询

我们买美国服务器/美国vps的时候,买多个IP地址,美国机房总是发一个类似204.45.116.184/29 的地址给我们,对于不熟悉网络的人来说,真的莫名其妙。到底有哪些可用的IP? 网关,子网掩码,广播地址是什么?

可用IP查询,IP段对应表

IP总数 子网掩码 Amount of a Class C
/30 4 255.255.255.252 1/64
/29 8 255.255.255.248 1/32
/28 16 255.255.255.240 1/16
/27 32 255.255.255.224 1/8
/26 64 255.255.255.192 1/4
/24 256 255.255.255.0 1
/23 512 255.255.254.0 2
/22 1024 255.255.252.0 4
/21 2048 255.255.248.0 8
/20 4096 255.255.240.0 16
/19 8192 255.255.224.0 32
/18 16384 255.255.192.0 64
/17 32768 255.255.128.0 128
/16 65536 255.255.0.0 256



ip段/27 /29 /30 网关,子网掩码,广播地址查询

范例: 要查询204.45.116.184/29,先找到下表的 /29 表格,网关 这一列找到要查询的IP最后一位即.184,然后就可以看到可用IP范围(注:第一个IP是Gateway网关地址)和广播地址了。然后从上面的表找到 子网掩码即可。

/25– 2 Subnets — 126 Hosts/Subnet

网络地址
Network #		 可用IP
范围		 广播地址
Broadcast
.0 .1-.126 .127
.128 .129-.254 .255

/30– 64 Subnets — 2 Hosts/Subnet

网络地址
Network #		 可用IP
范围		 广播地址
Broadcast
.0 .1-.2 .3
.4 .5-.6 .7
.8 .9-.10 .11
.12 .13-.14 .15
.16 .17-.18 .19
.20 .21-.22 .23
.24 .25-.26 .27
.28 .29-.30 .31
.32 .33-.34 .35
.36 .37-.38 .39
.40 .41-.42 .43
.44 .45-.46 .47
.48 .49-.50 .51
.52 .53-.54 .55
.56 .57-.58 .59
.60 .61-.62 .63
.64 .65-.66 .67
.68 .69-.70 .71
.72 .73-.74 .75
.76 .77-.78 .79
.80 .81-.82 .83
.84 .85-.86 .87
.88 .89-.90 .91
.92 .93-.94 .95
.96 .97-.98 .99
.100 .101-.102 .103
.104 .105-.106 .107
.108 .109-.110 .111
.112 .113-.114 .115
.116 .117-.118 .119
.120 .121-.122 .123
.124 .125-.126 .127
.128 .129-.130 .131
.132 .133-.134 .135
.136 .137-.138 .139
.140 .141-.142 .143
.144 .145-.146 .147
.148 .149-.150 .151
.152 .153-.154 .155
.156 .157-.158 .159
.160 .161-.162 .163
.164 .165-.166 .167
.168 .169-.170 .171
.172 .173-.174 .175
.176 .177-.178 .179
.180 .181-.182 .183
.184 .185-.186 .187
.188 .189-.190 .191
.192 .193-.194 .195
.196 .197-.198 .199
.200 .201-.202 .203
.204 .205-.206 .207
.208 .209-.210 .211
.212 .213-.214 .215
.216 .217-.218 .219
.220 .221-.222 .223
.224 .225-.226 .227
.228 .229-.230 .231
.232 .233-.234 .235
.236 .237-.238 .239
.240 .241-.242 .243
.244 .245-.246 .247
.248 .249-.250 .251
.252 .253-.254 .255

/26– 4 Subnets — 62 Hosts/Subnet

网络地址
Network #		 可用IP
范围		 广播地址
Broadcast
.0 .1-.62 .63
.64 .65-.126 .127
.128 .129-.190 .191
.192 .193-.254 .255

/27– 8 Subnets — 30 Hosts/Subnet

网络地址
Network #		 可用IP
范围		 广播地址
Broadcast
.0 .1-.30 .31
.32 .33-.62 .63
.64 .65-.94 .95
.96 .97-.126 .127
.128 .129-.158 .159
.160 .161-.190 .191
.192 .193-.222 .223
.224 .225-.254 .255

/28– 16 Subnets — 14 Hosts/Subnet

网络地址
Network #		 可用IP
范围		 广播地址
Broadcast
.0 .1-.14 .15
.16 .17-.30 .31
.32 .33-.46 .47
.48 .49-.62 .63
.64 .65-.78 .79
.80 .81-.94 .95
.96 .97-.110 .111
.112 .113-.126 .127
.128 .129-.142 .143
.144 .145-.158 .159
.160 .161-.174 .175
.176 .177-.190 .191
.192 .193-.206 .207
.208 .209-.222 .223
.224 .225-.238 .239
.240 .241-.254 .255

/29– 32 Subnets — 6 Hosts/Subnet

网络地址
Network #		 可用IP
范围		 广播地址
Broadcast
.0 .1-.6 .7
.8 .9-.14 .15
.16 .17-.22 .23
.24 .25-.30 .31
.32 .33-.38 .39
.40 .41-.46 .47
.48 .49-.54 .55
.56 .57-.62 .63
.64 .65-.70 .71
.72 .73-.78 .79
.80 .81-.86 .87
.88 .89-.94 .95
.96 .97-.102 .103
.104 .105-.110 .111
.112 .113-.118 .119
.120 .121-.126 .127
.128 .129-.134 .135
.136 .137-.142 .143
.144 .145-.150 .151
.152 .153-.158 .159
.160 .161-.166 .167
.168 .169-.174 .175
.176 .177-.182 .183
.184 .185-.190 .191
.192 .193-.198 .199
.200 .201-.206 .207
.208 .209-.214 .215
.216 .217-.222 .223
.224 .225-.230 .231
.232 .233-.238 .239
.240 .241-.246 .247
.248 .249-.254 .255



更加直观的 可用IP查询

http://www.pcwize.com/funstuff/subnetcalc.php

Posted on June 4, 2010 at 2:02 am by admin · Permalink · Leave a comment
In: 杂七杂八