CentOS install and configure NTP to synchronize the system clock

Type the following command to install ntp:

[[email protected] ~] # yum install ntp

Turn on the service

[[email protected] ~] # chkconfig ntpd on

Synchronize the system clock with pool.ntp.org server:

[[email protected] ~] # ntpdate pool.ntp.org

Start the ntp:

[[email protected] ~] # /etc/init.d/ntpd start

Check the time:

[[email protected] ~] # date

Check if the bios clock matches the system clock:

[[email protected] ~] # hwclock

Set the bios clock to match the system clock

[[email protected] ~] #hwclock --systohc

Set the ntp time servers in the file /etc/ntp.conf (the ntp servers will begin with: server)

CentOS Firewall

Activating the IPTables Service

The firewall rules are only active if the iptables service is running. To manually start the service, use the following command:

[[email protected] ~] # service iptables restart

To ensure that iptables starts when the system is booted, use the following command:

[[email protected] ~] # chkconfig --level 345 iptables on

The ipchains service is not included in Red Hat Enterprise Linux. However, if ipchains is installed (for example, an upgrade was performed and the system had ipchains previously installed), the ipchains and iptables services should not be activated simultaneously. To make sure the ipchains service is disabled and configured not to start at boot time, use the following two commands:

[[email protected] ~] # service ipchains stop
[[email protected] ~] # chkconfig --level 345 ipchains off

 

Using IPTables

The first step in using iptables is to start the iptables service. Use the following command to start the iptables service:

[[email protected] ~] # service iptables start

 

Show current IPTables config

To show all current settings in the IPTables program, execute the following command:

[[email protected] ~] # iptables –L

 

IPTables Command Syntax

The following sample iptables command illustrates the basic command syntax:

[[email protected]r ~ ] # iptables -A <chain> -j <target>

The -A option specifies that the rule be appended to <chain>. Each chain is comprised of one or more rules, and is therefore also known as a ruleset.

The three built-in chains are INPUT, OUTPUT, and FORWARD. These chains are permanent and cannot be deleted. The chain specifies the point at which a packet is manipulated.

The -j <target> option specifies the target of the rule; i.e., what to do if the packet matches the rule. Examples of built-in targets are ACCEPT, DROP, and REJECT.

Important

When creating an iptables ruleset, order is important.

If a rule specifies that any packets from the 192.168.100.0/24 subnet be dropped, and this is followed by a rule that allows packets from 192.168.100.13 (which is within the dropped subnet), then the second rule is ignored.

The rule to allow packets from 192.168.100.13 must precede the rule that drops the remainder of the subnet.

To insert a rule in a specific location in an existing chain, use the -I option. For example:

[[email protected] ~ ] # iptables -I INPUT 1 -i lo -p all -j ACCEPT

This rule is inserted as the first rule in the INPUT chain to allow local loopback device traffic.

 

Saving and Restoring IPTables Rules

Changes to iptables are transitory; if the system is rebooted or if the iptables service is restarted, the rules are automatically flushed and reset. To save the rules so that they are loaded when the iptables service is started, use the following command:

[[email protected] ~ ] # service iptables save

The rules are stored in the file /etc/sysconfig/iptables and are applied whenever the service is started or the machine is rebooted.

Documentation

IPTables: http://wiki.centos.org/HowTos/Network/IPTables

Firewalls: http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-fw.html

Linux: Setup as DNS Client / Name Server IP Address

Many new Linux user finds it difficult to setup / modify new name server address (NS1 / NS2).

Local name resolution is done via /etc/hosts file. If you have small network, use /etc/hosts file. DNS (domain name service is accountable for associating domain names with ip address, for example domain yahoo.com is easy to remember than IP address 202.66.66.12) provides better name resolution. To configure Linux as DNS client you need to edit or modify /etc/resolv.conf file. This file defines which name servers to use. You want to setup Linux to browse net or run network services like www or smtp; then you need to point out to correct ISP DNS servers:

/etc/resolv.conf file

In Linux and Unix like computer operating systems, the /etc/resolv.conf configuration file contains information that allows a computer connected to the Internet to convert alpha-numeric names into the numeric IP addresses that are required for access to external network resources on the Internet. The process of converting domain names to IP addresses is called “resolving.”

The resolv.conf file typically contains the IP addresses of nameservers (DNS name resolvers) that attempt to translate names into addresses for any node available on the network.

Setup DNS Name resolution

Steps to configure Linux as DNS client, first login as a root user (use su command):

Step # 1: Open /etc/resolv.conf file:

# vi /etc/resolv.conf

Step #2: Add your ISP nameserver as follows:

search isp.com
nameserver 202.54.1.110
nameserver 202.54.1.112
nameserver 202.54.1.115

Note Max. three nameserver can be used/defined at a time.

Step # 3:Test setup nslookup, dig or host command:

# dig www.google.com
# nslookup www.google.com
# host www.google.com

CentOS Configuring Proxy Server Access for Yum

To enable all yum operations to use a proxy server, specify the proxy server details in /etc/yum.conf. The proxy setting must specify the proxy server as a complete URL, including the TCP port number. If your proxy server requires a username and password, specify these by adding proxy_username and proxy_password settings.

The settings below enable yum to use the proxy server mycache.mydomain.com, connecting to port 3128, with the username yum-user and the password qwerty.

# The proxy server - proxy server:port number
proxy=http://mycache.mydomain.com:3128
# The account details for yum connections
proxy_username=yum-user
proxy_password=qwerty

Adding a physical disk to LVM in Redhat/CentOS

Source

Problem:

My computer only has 20GB of disk space. I just have 1 partition. I want to add another disk (40GB). I don’t want to add another partition (and I really don’t want to reinstall the whole system), I want to increase the size of the root partition to 60GB. i.e. I want the root partition to span across two physical disks.

Solution:

  1. Add new physical disk. Boot.
  2. # pvscan 

    This will show you the current physical volumes.

  3. # fdisk /dev/sdb 

    Add the disk to your machine as a primary partition. Partition type: “8e (LVM)”. Obviously /dev/sdb may be different on your system.

  4. # pvcreate /dev/sdb1 

    This creates a new physical LVM volume on our new disk.

  5. # vgextend VolGroup00 /dev/sdb1 

    Add our new physical volume to the volume group: VolGroup00. Again, this group name may by different for you, but this is what Redhat & CentOS assigns by default when you install your system.

  6. # pvscan 

    You should see the new physical volume assigned to VolGroup00.

  7. # lvextend -L+40G /dev/VolGroup00/LogVol00 

    This increases the size of the logical volume our root partition resides in. Change the -L flag as appropriate.

We’ve just added 40GB to the logical volume used by the root partition. Sweet as. Now we need to resize the file system to utilize the additional space.

  1. Reboot into rescue mode using your CentOS CDROM. 

    From memory this involves typing linux rescue as your boot option.

  2. When prompted, skip the mounting of system partitions.
  3. # lvm vgchange -a y 

    This command makes your LVM volumes accessible.

  4. # e2fsck -f /dev/VolGroup00/LogVol00 

    Run a file system check, the -f flag seems necessary. No idea what we do if the returns an error?

  5. # resize2fs /dev/VolGroup00/LogVol00 

    Without any parameters resize2fs will just increase the file system to the max space available.

Reboot and your root partition is now 40GB lager, spanning multiple disks.