PFsense too slow NAT connection problem Fixed !

Posted on May 14, 2016May 14, 2016 by coder

Symptoms:

– Ping works with no problem, from LAN to LAN,
from WAN to WAN and any cross-subnet combination with the correct NAT/gateway rules.
– TCP connections work in one way or between specific hosts, but in one direction to WAN or from WAN they don’t work,

Slow traffic (~5.67 Kbps) !!!!
– UDP work sometimes,

First : Login Host machine, SERVER which is Main

$ sudo ethtool -K VMwareswitch17 tx off

1	$ sudo ethtool -K VMwareswitch17 tx off

Second: Open pfsense
Disable the hardware checksum offload.

References

https://doc.pfsense.org/index.php/VirtIO_Driver_Support
https://doc.pfsense.org/index.php/Limiters
https://turbofuture.com/computers/How-to-Configure-Deep-Packet-Inspection-Using-pfSense
https://www.reddit.com/r/PFSENSE/comments/45k0n5/pfsense_slow_wan_throughput/

WordPress HTTP Error UPLOAD big Files

Posted on May 9, 2016 by coder

ADD this the APACHE site configuration

FcgidMaxRequestLen 80000000

VirtualHost *:80>
 DocumentRoot /var/www/kutayzorlu.com/web
FcgidMaxRequestLen 80000000

VirtualHost *:80>

DocumentRoot /var/www/kutayzorlu.com/web

FcgidMaxRequestLen 80000000

FcgidMaxRequestLen 80000000

1	FcgidMaxRequestLen 80000000

Repository:

https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html

Raid Mdadm, send automatic email when raid fails

Posted on May 6, 2016May 6, 2016 by coder

Package names:

apt-get install msmtp msmtp-mta

1	apt-get install msmtp msmtp-mta

Controlling,, installed well

$ msmtp --version | grep "System configuration"
System configuration file name: /etc/msmtprc

1 2	$ msmtp --version \| grep "System configuration" System configuration file name: /etc/msmtprc

Set the email configuration

nano /etc/msmtprc

1	nano /etc/msmtprc

EXample configuration 
# Kutay Account
account Kutay 
host smtphm.kutayzorlu.ca
from from_home@localkutayzorlu.com.name
tls on
tls_starttls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
auth on
user me_kutay@kutayzorlu.com
password ********
syslog LOG_MAIL

EXample configuration

# Kutay Account

account Kutay

host smtphm.kutayzorlu.ca

from from_home@localkutayzorlu.com.name

tls on

tls_starttls on

tls_trust_file /etc/ssl/certs/ca-certificates.crt

auth on

user me_kutay@kutayzorlu.com

password ********

syslog LOG_MAIL

Apply settings for current user

msmtp --pretend

1	msmtp --pretend

Testing the mail :

echo "This is a test e-mail " | msmtp -d me@kutayzorlu.com

1	echo "This is a test e-mail " \| msmtp -d me@kutayzorlu.com

sudo mv /usr/sbin/sendmail /usr/sbin/sendmail.bak
sudo ln -s /usr/bin/msmtp /usr/sbin/sendmail

1 2	sudo mv /usr/sbin/sendmail /usr/sbin/sendmail.bak sudo ln -s /usr/bin/msmtp /usr/sbin/sendmail

Change mail configuration,

sudo nano /etc/mdadm/mdadm.conf

1	sudo nano /etc/mdadm/mdadm.conf

MAILADDR me@kutayzorlu.com
MAILFROM kutay_zorlu - mdadm

1 2	MAILADDR me@kutayzorlu.com MAILFROM kutay_zorlu - mdadm

Monitoring

sudo mdadm --monitor --scan --test --oneshot

1	sudo mdadm --monitor --scan --test --oneshot

Example Crontab,

crontab -e
10 10 1,6,7,10,16,21,24 * * /sbin/mdadm --monitor --scan --test --oneshot  or /dev/md12

1 2	crontab -e 10 10 1,6,7,10,16,21,24 * * /sbin/mdadm --monitor --scan --test --oneshot or /dev/md12

mdadm --monitor --scan --daemonize --test --syslog (/dev/md[[:digit:]]*)

1	mdadm --monitor --scan --daemonize --test --syslog (/dev/md[[:digit:]]*)

Autostart with mdadm

#mdadm.conf

DAEMON_OPTIONS="--syslog --test (/dev/md[[:digit:]]*)"

#mdadm.conf

DAEMON_OPTIONS="--syslog --test (/dev/md[[:digit:]]*)"

ps aux | grep mdadm

1	ps aux \| grep mdadm

nginx or apache mod security installation

Posted on May 3, 2016May 3, 2016 by coder

Pre-Packaged, Binary Installation

The easiest method of installing ModSecurity is to use your existing OS Package Manager application (Yum or Aptitude) to install it from your default OS Repository.

Installation – Ubuntu/Debian

$ sudo apt-get install libapache2-mod-security
$ sudo a2enmod mod-security
$ sudo /etc/init.d/apache2 force-reload

$ sudo apt-get install libapache2-mod-security

$ sudo a2enmod mod-security

$ sudo /etc/init.d/apache2 force-reload

Installation – Fedora/CentOS

$ sudo yum install mod_security
$ sudo /etc/init.d/httpd restart

1 2	$ sudo yum install mod_security $ sudo /etc/init.d/httpd restart

Installation – Microsoft IIS (MSI Installer)

Installation information for IIS

Source Code Downloads

ModSecurity is an open source product licensed under ASLv2. It comes with full source code and documentation. Current releases are signed by Breno Silva. These public keys are available via most PGP key server mirrors.

ModSecurity for Apache (Stable Release Quality)

Installation information for Apache

ModSecurity for Apache TAR/GZ (sha256)

ModSecurity for Nginx

NOTE: The Nginx module is contained within the Apache archive package. You must first compile ModSecurity with the –enable-standalone-moduleflag and then compile the Nginx code to use it. See the Blog post for more information.
NOTE: Some instabilities in the Nginx add-on have been reported (see the Github issues page for details). Please use the “nginx_refactoring” branch where possible for the most up to date version and stay tuned for the ModSecurity version 4.

NETBSD + NGINX + NAXSI + MYSQL + PHP

Posted on May 2, 2016 by coder

$ cd /usr
$ sudo cvs -d anoncvs@anoncvs.fr.NetBSD.org:/cvsroot co -rpkgsrc-2012Q4 pkgsrc

/usr/pkg/etc/pkgin/repositories.conf
http://packages.netbsdfr.org/latest/6.0/amd64/packages/All


# pkgin up

vi /etc/mk.conf
PKG_OPTIONS.nginx+=     naxsi realip


# pkgin in nginx

$ cd /usr/pkgsrc/www/nginx
$ sudo make install clean

# cp /usr/pkg/share/examples/rc.d/nginx /etc/rc.d/
# echo "nginx=YES" >> /etc/rc.conf

# /etc/rc.d/nginx start

# pkgin in php54-fpm
$ grep PHP /etc/mk.conf
PHP_VERSION_DEFAULT= 54

# cd /usr/pkgsrc/www/php-fpm
# make install clean

# cp /usr/pkg/share/examples/rc.d/php_fpm /etc/rc.d
# echo "php_fpm=YES" >> /etc/rc.conf


/usr/pkg/etc/php-fpm.conf
/usr/pkg/etc/php.ini

# pkgin in mysql-server-5.1
$ cd /usr/pkgsrc/databases/mysql55-server
$ sudo make install clean

$ cd /usr

$ sudo cvs -d anoncvs@anoncvs.fr.NetBSD.org:/cvsroot co -rpkgsrc-2012Q4 pkgsrc

/usr/pkg/etc/pkgin/repositories.conf

http://packages.netbsdfr.org/latest/6.0/amd64/packages/All

# pkgin up

vi /etc/mk.conf

PKG_OPTIONS.nginx+= naxsi realip

# pkgin in nginx

$ cd /usr/pkgsrc/www/nginx

$ sudo make install clean

# cp /usr/pkg/share/examples/rc.d/nginx /etc/rc.d/

# echo "nginx=YES" >> /etc/rc.conf

# /etc/rc.d/nginx start

# pkgin in php54-fpm

$ grep PHP /etc/mk.conf

PHP_VERSION_DEFAULT= 54

# cd /usr/pkgsrc/www/php-fpm

# make install clean

# cp /usr/pkg/share/examples/rc.d/php_fpm /etc/rc.d

# echo "php_fpm=YES" >> /etc/rc.conf

/usr/pkg/etc/php-fpm.conf

/usr/pkg/etc/php.ini

# pkgin in mysql-server-5.1

$ cd /usr/pkgsrc/databases/mysql55-server

$ sudo make install clean

nginx.conf

location ~ \.php$ {
  fastcgi_pass   unix:/tmp/fcgi-php.sock;
  fastcgi_index index.php;
  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  fastcgi_buffers 256 4k;
  include        /usr/pkg/etc/nginx/fastcgi_params;
}

php-fpm.conf
listen = /tmp/fcgi-php.sock
listen = 192.168.0.1:9000
listen = 127.0.0.1:9000

fastcgi_pass
fastcgi_pass 127.0.0.1:9000;

# /etc/rc.d/php-fpm start

# nginx -t
nginx: the configuration file /usr/pkg/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/pkg/etc/nginx/nginx.conf test is successful

# nginx -s reload
$ cat > test.php
<?php phpinfo(); ?>


## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## 
<?php
  $content = file($_GET['path']);
  foreach($content as $line) {
    echo $line;
  }
?>

# NAXSI - 
/usr/pkg/share/examples/nginx/conf/naxsi_core.rules
# cp /usr/pkg/share/examples/nginx/conf/naxsi_core.rules \
/usr/pkg/etc/nginx/

nginx.conf
include /usr/pkg/etc/nginx/naxsi_core.rules;

naxsi.rules
SecRulesEnabled;
DeniedUrl "/denied";
## check rules
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;

location /denied {
        rewrite ^ http://foobar.net/503.gif break;
}


naxsi.rules
include /usr/pkg/etc/nginx/naxsi.rules;


$ curl -I -o- http://coruscant/own.php?path=/etc/passwd
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.2.6
Date: Sun, 17 Feb 2013 13:43:32 GMT
Content-Type: text/html
Content-Length: 160
Connection: keep-alive
Location: http://foobar.net/503.gif?ip=192.168.0.1&server=coruscant&uri=/own.php&learning=0&total_processed=4&total_blocked=4&zone0=ARGS&id0=1202&var_name0=path

error_log /var/log/nginx/error.log;

set_real_ip_from 192.168.0.254;
real_ip_header X-Forwarded-For;

nginx.conf
include /usr/pkg/etc/nginx/sites/*;

user   www www;
worker_processes 1;
error_log /var/log/nginx/error.log;
events {
    worker_connections 1024;
}
http {
    include /usr/pkg/etc/nginx/mime.types;
    default_type text/plain;
    sendfile on;
    keepalive_timeout 65;
    set_real_ip_from 192.168.100.254;
    real_ip_header X-Forwarded-For;
    include /usr/pkg/etc/nginx/naxsi_core.rules;
    include /usr/pkg/etc/nginx/sites/*;
}

sites/
ls sites/
dynamic   static

server {
        server_name gcu.info www.gcu.info gcu-squad.org www.gcu-squad.org;
        root /chemin/vers/gcu/www;
        include /usr/pkg/etc/nginx/php.conf;
}


client_max_body_size    20M;
include /usr/pkg/etc/nginx/logs.conf;
include /usr/pkg/etc/nginx/denied;
include /usr/pkg/etc/nginx/global.conf;
location / {
        index index.php index.html;
        try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
        include /usr/pkg/etc/nginx/naxsi.rules;
        include /usr/pkg/etc/nginx/fastcgi_params;
}


Nous avons parlé de la location ~ \.php$ plus haut dans cet article, aussi voyons le contenu des 3 inclusions :

$ cat /usr/pkg/etc/nginx/logs.conf
if ($host ~ gcu) {
    set $log_fqdn $host;
}
access_log /var/log/nginx/$log_fqdn.access_log;

Le fichier global.conf regroupe des paramètres que nous souhaitons inclure dans chacun des vhosts :

listen 80;
location = /favicon.ico {
        log_not_found off;
        access_log off;
}
location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
}
location ~ /\.ht.* {
        deny all;
}

#  -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
port 80,
404 robots.txt.
htaccess / htpasswd.

#  --  --  --  --  --  --  --  --  --  ------------------------------------------
- [1] https://github.com/nbs-system/naxsi-rules 

- [2] http://php.net/manual/en/install.unix.apache2.php

- [3] http://code.google.com/p/naxsi/

- [4] http://php-fpm.org/

- [5] http://news.netcraft.com/archives/2013/02/01/february-2013-web-server-survey.html

- [6] http://www.nbs-system.com/

- [7] http://www.netbsdfr.org/

- [8] http://wiki.nginx.org/HttpRealipModule

- [9] http://fr.wikipedia.org/wiki/Proxy_inverse

- [10] http://fr.wikipedia.org/wiki/R%C3%A9entrance

- [11] http://www.gcu-squad.org/

- [12] https://www.varnish-cache.org/

- [13] http://connect.ed-diamond.com/GNU-Linux-Magazine/GLMF-138/Varnish-un-proxy-qui-vous-veut-du-bien

- [14] http://connect.ed-diamond.com/GNU-Linux-Magazine/GLMF-140/Plus-loin-avec-Varnish

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

nginx.conf

location ~ \.php$ {

fastcgi_pass unix:/tmp/fcgi-php.sock;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_buffers 256 4k;

include /usr/pkg/etc/nginx/fastcgi_params;

}

php-fpm.conf

listen = /tmp/fcgi-php.sock

listen = 192.168.0.1:9000

listen = 127.0.0.1:9000

fastcgi_pass

fastcgi_pass 127.0.0.1:9000;

# /etc/rc.d/php-fpm start

# nginx -t

nginx: the configuration file /usr/pkg/etc/nginx/nginx.conf syntax is ok

nginx: configuration file /usr/pkg/etc/nginx/nginx.conf test is successful

# nginx -s reload

$ cat > test.php

<?php phpinfo(); ?>

## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##

<?php

$content = file($_GET['path']);

foreach($content as $line) {

echo $line;

}

# NAXSI -

/usr/pkg/share/examples/nginx/conf/naxsi_core.rules

# cp /usr/pkg/share/examples/nginx/conf/naxsi_core.rules \

/usr/pkg/etc/nginx/

nginx.conf

include /usr/pkg/etc/nginx/naxsi_core.rules;

naxsi.rules

SecRulesEnabled;

DeniedUrl "/denied";

## check rules

CheckRule "$SQL >= 8" BLOCK;

CheckRule "$RFI >= 8" BLOCK;

CheckRule "$TRAVERSAL >= 4" BLOCK;

CheckRule "$EVADE >= 4" BLOCK;

CheckRule "$XSS >= 8" BLOCK;

location /denied {

rewrite ^ http://foobar.net/503.gif break;

}

naxsi.rules

include /usr/pkg/etc/nginx/naxsi.rules;

$ curl -I -o- http://coruscant/own.php?path=/etc/passwd

HTTP/1.1 302 Moved Temporarily

Server: nginx/1.2.6

Date: Sun, 17 Feb 2013 13:43:32 GMT

Content-Type: text/html

Content-Length: 160

Connection: keep-alive

Location: http://foobar.net/503.gif?ip=192.168.0.1&server=coruscant&uri=/own.php&learning=0&total_processed=4&total_blocked=4&zone0=ARGS&id0=1202&var_name0=path

error_log /var/log/nginx/error.log;

set_real_ip_from 192.168.0.254;

real_ip_header X-Forwarded-For;

nginx.conf

include /usr/pkg/etc/nginx/sites/*;

user www www;

worker_processes 1;

error_log /var/log/nginx/error.log;

events {

worker_connections 1024;

}

http {

include /usr/pkg/etc/nginx/mime.types;

default_type text/plain;

sendfile on;

keepalive_timeout 65;

set_real_ip_from 192.168.100.254;

real_ip_header X-Forwarded-For;

include /usr/pkg/etc/nginx/naxsi_core.rules;

include /usr/pkg/etc/nginx/sites/*;

}

sites/

ls sites/

dynamic static

server {

server_name gcu.info www.gcu.info gcu-squad.org www.gcu-squad.org;

root /chemin/vers/gcu/www;

include /usr/pkg/etc/nginx/php.conf;

}

client_max_body_size 20M;

include /usr/pkg/etc/nginx/logs.conf;

include /usr/pkg/etc/nginx/denied;

include /usr/pkg/etc/nginx/global.conf;

location / {

index index.php index.html;

try_files $uri $uri/ /index.php?$args;

}

location ~ \.php$ {

include /usr/pkg/etc/nginx/naxsi.rules;

include /usr/pkg/etc/nginx/fastcgi_params;

}

Nous avons parlé de la location ~ \.php$ plus haut dans cet article, aussi voyons le contenu des 3 inclusions :

$ cat /usr/pkg/etc/nginx/logs.conf

if ($host ~ gcu) {

set $log_fqdn $host;

}

access_log /var/log/nginx/$log_fqdn.access_log;

Le fichier global.conf regroupe des paramètres que nous souhaitons inclure dans chacun des vhosts :

listen 80;

location = /favicon.ico {

log_not_found off;

access_log off;

}

location = /robots.txt {

allow all;

log_not_found off;

access_log off;

}

location ~ /\.ht.* {

deny all;

}

# -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

port 80,

404 robots.txt.

htaccess / htpasswd.

# -- -- -- -- -- -- -- -- -- ------------------------------------------

- [1] https://github.com/nbs-system/naxsi-rules

- [2] http://php.net/manual/en/install.unix.apache2.php

- [3] http://code.google.com/p/naxsi/

- [4] http://php-fpm.org/

- [5] http://news.netcraft.com/archives/2013/02/01/february-2013-web-server-survey.html

- [6] http://www.nbs-system.com/

- [7] http://www.netbsdfr.org/

- [8] http://wiki.nginx.org/HttpRealipModule

- [9] http://fr.wikipedia.org/wiki/Proxy_inverse

- [10] http://fr.wikipedia.org/wiki/R%C3%A9entrance

- [11] http://www.gcu-squad.org/

- [12] https://www.varnish-cache.org/

- [13] http://connect.ed-diamond.com/GNU-Linux-Magazine/GLMF-138/Varnish-un-proxy-qui-vous-veut-du-bien

- [14] http://connect.ed-diamond.com/GNU-Linux-Magazine/GLMF-140/Plus-loin-avec-Varnish

Remount partition on mac – linux as read write

Posted on May 2, 2016 by coder

Try using mount -u -w:


sudo mount -u -w /Volumes/kutay_disc
mount -u -w /dev/disk /mnt/point

In single user mode to get a writable root:
mount -uw /

sudo mount -u -w /Volumes/kutay_disc

mount -u -w /dev/disk /mnt/point

In single user mode to get a writable root:

mount -uw /

dsdd

To remount a partition read-write on linux you would use:
mount -o remount,rw /dev/disk /mnt/point

1 2	To remount a partition read-write on linux you would use: mount -o remount,rw /dev/disk /mnt/point

IspConfig change hostname

Posted on May 2, 2016May 2, 2016 by coder

echo ispnewname.kutayzorlu.com &gt; /etc/hostname
/etc/init.d/hostname.sh start

1 2	echo ispnewname.kutayzorlu.com > /etc/hostname /etc/init.d/hostname.sh start

Pop Dovecot

Smtp Postfix

ISPconfig ” config .php” file

/etc/postfix/main.cf 
/etc/hostname
/etc/mailname
/etc/hosts

/etc/postfix/main.cf

/etc/hostname

/etc/mailname

/etc/hosts

On Administration area

<strong>ISPConfig > System > Server Config 
# Change the hostname 

</strong>

<strong>ISPConfig > System > Server Config

# Change the hostname

</strong>

Page 9 of 27

« 1 … 7 8 9 10 11 … 27 »