Manage CentOS firewalld with an ncurses tool (GUI Firewall)

Jack Wallen shows you how to make working with CentOS 7 iptables much easier with the help of an ncurses-based GUI.

If you manage a CentOS 7 GUI-less server, you probably know that managing the firewall can be a bit of a hassle. Wouldn't it be nice if there was a handy, ncurses-based tool to make this process a bit easier? Oh wait, there is. That tool is system-config-firewall-tui. With this tool, you can easily set a service/interface/port as trusted, to allow incoming traffic to that port. Only those trusted elements will be allowed in.

Out of the box, system-config-firewall-tui isn't installed. I'm going to walk you through the process of installing the tool, enabling it to run, and then using it to open a port or two. I'll be demonstrating on CentOS7, but this tool is also available for Fedora as well. This tool directly manages iptables rules, so having a simple to use frontend for that is pretty important for some users. Don't get me wrong, system-config-firewall-tui doesn't give you the massive power of iptables (for that you really need to dive into the deep waters of iptables), but it does make the basic task of opening ports (via iptables) quick and easy.
Let's install and use system-config-firewall-tui.

Installation

The installation of the tool is pretty straightforward. Open up a terminal window and issue the command:

sudo yum install system-config-firewall-tui

 That will install the tool. However, when you go to run the command sudo system-config-firewall-tui, you'll be warned that firewalld is running, thus preventing the tool from opening. To get around this, issue the commands:

sudo systemctl stop firewalld.service
sudo systemctl disable firewalld.service

Usage

At this point you can issue the command:

sudo system-config-firewall-tui

The ncurses interface will open (Figure A). You should immediately notice that the firewall isn't enabled. Tab to the [ ] Enabled section and tap the keyboard spacebar to enable the firewall.
Figure A

You must enable the firewall to continue.

With the firewall enabled, you can now tab down to Customize. In the new window (Figure B), you can scroll through the list of services to allow through the firewall.
Figure B

Our list of available services.

After you've enabled your services, tab down to Forward. This is not port forwarding, rather the "Next" button. In the next screen (Figure C), you can add, edit, or remove additional ports.
Figure C

Adding additional ports to be considered trusted.

If you tab to Add and hit Enter on your keyboard, you can then add a single port or port range, as well as a protocol. Do note, the protocol (tcp/udp) is required. Once you've taken care of that, tab to OK.
After you've added a custom port/protocol, tab down to Forward. In the resulting window (Figure D), you can list an interface as trusted.
Figure D

Setting a trusted interface.

Enable as many interfaces as you need to be trusted and tab down to Forward. In the next screen, you can enable ports for port forwarding. Tab to Add and hit Enter on your keyboard. In the resulting screen (Figure E), enter the necessary source and destination information.
Figure E

Setting up port forwarding.

In the next screen, you can mark ICMP types that should be rejected (Figure F). Enable each, from the list, and then tab to Forward, and tap your keyboard Enter key.
Figure F

Rejecting ICMP types.

In the next window (Figure H), you can add custom rules if necessary.
Figure H

Adding custom rules.

Tab to Forward and hit Enter. Once you've finished with the custom rules, tab to OK and hit Enter. In the resulting screen, tab to Close and hit Enter. You will find yourself on the first screen where you can enable the firewall. Tab to OK and you will be warned that the new rules will override the current set. Tab to Yes and tap Enter on your keyboard. You've just created a new rule to the iptable chain, all with the help of a user-friendly ncurses GUI. If you issue the command sudo iptables -L you should see your new rules listed.

An easier route

Although system-config-firewall-tui isn't quite as flexible as working directly with iptables, if you're not ready to take the plunge into those deeper waters, this GUI is a much easier route to working with the firewall system on CentOS 7. Give system-config-firewall-tui a go and see if it doesn't turn into your go-to for the platform.

Source : https://www.techrepublic.com/article/how-to-easily-manage-centos-firewalld-with-an-ncurses-tool/

Tips Memindahkan MySQL dari Server Fisik ke Server Virtual

Pagi ini saya selesai memindahkan sistem dan database MySQL Server dari sistem lama berupa server fisik IBM X Series 3400 ke Server (sementara) HP Proliant ML. Server lama menggunakan sistem operasi openSUSE 11.0 sedangkan server baru menggunakan SUSE Linux Enterprise Server (SLES) 11 JeOS yang menjadi Xen Hypervisor Guest. Sistem fisik dari HP Proliant ML ini menggunakan SLES 11 yang dioptimasi untuk menjadi Xen Hypervisor host.
Mengingat database MySQL Server ini merupakan data yang paling urgent dan digunakan oleh semua department, saya agak paranoid memindahkannya. Proses ujicoba dilakukan selama 2 minggu dengan berbagai metode antara lain :

1. Proses Dump SQL. Cara ini gagal karena salah satu program aplikasi yaitu program aplikasi penggajian menggunakan data yang dienkripsi. Data yang dienkripsi ini menggunakan karakter dan simbol khusus yang membuat proses dumping menjadi kacau. Daripada satu group perusahaan nggak gajian lebih baik saya batalkan opsi ini 🙂
2. Proses Sinkronisasi Database. Proses ini pernah saya lakukan sewaktu memindahkan data SQL Server ke MySQL namun cara ini juga tidak saya ambil karena prosesnya lama dan sinkronisasi hanya berjalan pada tabel, sementara view, stored procedure dan trigger tidak ikut serta.
3. Replikasi Database. Metodenya adalah menggunakan model master & slave. Setiap perubahan data pada database master akan langsung direplikasi ke database slave. Opsi ini tidak saya ambil karena saya harus mengubah konfigurasi sistem. Opsi ini tetap menjadi pilihan jika cara lain mengalami kegagalan
4. Manual Copy. Cara ini saya ambil karena salah satu staff IT pernah berhasil melakukannya pada salah satu group perusahaan. Metodenya menggunakan perintah rsync.

Berikut adalah detail proses pemindahan menggunakan sistem manual copy yang saya lakukan :

1. Siapkan server baru. Install sistem operasi dalam modus seminimal mungkin, itu sebabnya saya menggunakan SLES dengan basis JeOS (Just Enough Operating System), yang bahkan lebih minimalis daripada sekedar install Text Mode
2. Install package MySQL Database Server di server baru. Saya melakukan instalasi dari DVD SLES 11 menggunakan perintah : zypper in mysql. Instalasi dapat juga dilakukan menggunakan yast
3. Jalankan Service MySQL Database Server di server baru. Jalankan dengan perintah : service mysql start. Pada saat pertama kali dijalankan, MySQL akan membuat struktur data untuk pertama kali. Setelah selesai, matikan kembali service MySQL tersebut dengan perintah : service mysql stop
4. Shut down Service MySQL Induk. Kebetulan pada hari Minggu malam tidak ada jadwal kegiatan yang menggunakan database, jadi saya bisa ssh ke kantor untuk melakukan perintah service mysql stop dan kemudian melakukan rsync data ke server baru.
5. Salin Data. Saya menggunakan perintah rsync untuk menyalin seluruh isi folder /var/lib/mysql dan kemudian memindahkannya ke server baru. Sebagai tindakan berjaga-jaga, saya menempatkan data ini tidak langsung ke /var/lib/mysql di server baru melainkan di salah satu sub folder  /srv. Sebagai catatan, saya juga menyalin file konfigurasi MySQL server lama yang ada di /etc/my.cnf.

Saat pertama kali mencoba, saya menyalin keseluruhan isi folder namun ternyata service MySQL tidak dapat dijalankan. Saya mengulang proses pemindahan namun membiarkan sub folder mysql (yang berisi tabel mysql, user, hak akses dll) tidak tersentuh. Ternyata cara ini berhasil. Service MySQL bisa dijalankan dan program aplikasi bisa mengaksesnya, hanya saja saya perlu melakukan sinkronisasi data user dan hak akses karena saya tidak menimpa folder data MySQL.
Setelah service MySQL Server berjalan dengan baik, ternyata masih ada 1 masalah tersisa, yaitu user tidak bisa menghapus atau membuat view dengan pesan : Error code 13. Googling beberapa workaround tanpa hasil, saya melakukan investigasi permission folder masing-masing database dan ternyata ada database yang hak akses Read/Writenya dipegang oleh root. Saya mengubah permission aksesnya dan masalahnya dapat terselesaikan.
Saat ini MySQL database server sudah dipergunakan sebagaimana biasanya.

Source : https://www.vavai.com/tips-memindahkan-mysql-dari-server-fisik-ke-server-virtual/

Asterisk on Mikrotik

I wondered about the idea to raise a voip on mikrotik. Who remembers, in older versions of the routeros there was a module for voip, then it was cut out, which is a pity. It is no longer possible to raise an asterisk on the routeros, however there is an opportunity to raise a virtual router with openwrt in the metarouter mode, from here we will proceed.

Long searches led me to the openwrt.wk.cz website (available only via ipv6), from where the openwrt image for mt-mips was downloaded. All experiments conducted on the 2011UAS-2HnD. Since not everyone has ipv6, I made a mirror for installing packages from it ( ms1.nserver.us/openwrt.wk.cz .), Where the necessary packages lie. By the way, during the search, it was not possible to find a full-fledged article on this topic, not only in Russian, but also in any other.

So, download the image for mips ( openwrt-mr-mips-rootfs.tar.gz ) or for ppc ( openwrt-mr-ppc-rootfs.tar.gz ). Fill the image in our mikrotik, in Files, go to MetaROUTER and do the import of the image. I allocated 48 meters of memory and 24 meters of hdd, yes ... yes ... do not be surprised ... an asterisk will work on such hardware, tested, created trunks and made calls without problems.



 We add the interface to the virtual router, the easiest way is to create a dynamic one and add it to your local bridge. It looks like this to me:



 in the preinstalled image, the network interface is configured to receive network settings via dhcp, and if you have everything in order with the localhost, the virtual router will get the network address, if not, edit the / etc / config / network file and restart the network. Next, go to the console:

 

 change the password to root, and see what address is received. All subsequent actions are best done by connecting via ssh.

Having connected via ssh, first edit /etc/opkg.conf, bringing it to the following form for mips:

 

 Further:

opkg update
opkg install asterisk18 asterisk18-codec-alaw asterisk18-chan-iax2 asterisk-gui
/etc/init.d/asterisk enable

edit /etc/asterisk/manager.conf, change the admin password to the panel and start the asterisk

/etc/init.d/asterisk start

that's all, now you can go to metarouter_address : 8088 / and set up an asterisk through the GUI. Present codecs alaw, ulaw, gsm. If you need to add codecs, look at the list of existing packages and install the necessary one via opkg. Ready packages under 1.8 asterisk a decent amount, up to chan_dahdi. For home use quite tolerably can work.



 Everything was done as an experiment, although in principle, it could work for the house, and you can not install the GUI for an asterisk.

PS: I understand perfectly well that this is a perversion, but I wanted to share such an experiment.

Source : https://weekly-geekly.github.io/articles/180889/index.html

AC Power and UPS

Why is it needed?
Any high end and most advanced infrastructure equipment have to work on electricity basically so no matter how niche the equipment it, proper power management system is very important for the equipment to function well and as expected. If the power solution is not designed properly there might be outages in the network due to power fluctuation. Generally the power that comes in from the Grid comes as AC. For that to be suitable to the IT equipment in our data centers, we need DC power. We also need backup power generation mechanism in case the grid fails. For all this we need a very good UPS and it should be able to take over instantly.

Our power management system is so advanced that it manages and monitors the UPS installed and we have also got systems that manage power rack wise separately. These solutions are so resilient that you will not feel a pinch even if the entire grid goes down for over 24 hours. So you can relax and sit back once you have installed and setup our solution.

We are partnered with product manufacturers like Emerson (Liebert), APC (Schneider) and CyberPower for the power management equipment like UPS, generators and other supporting equipment.

The Components
Desktop and Workstation UPS

The need for a UPS is very high and critical for desktops as compared to a laptop as the desktop don’t have inbuilt power management system for a backup if in case the main power supply switches off due to some unexpected reason. So if the power goes off and there is no backup power, the data that is not saved while an associate is working would be lost and it might also cause a big monetary loss to the business based on the kind of data being processed. Hence Desktop UPS helps protecting data at a workstation level and we can use this solution either if we want some machines to have an extra backup in a huge infrastructure or we have small business and we don’t need a network level UPS.

Rack Mount UPS

Rack Mount UPS are majorly used in Datacenters where certain racks need special attention as they might be hosting the most critical business data and the uptime expected for such server is comparatively higher than the other servers. The key features of a Rack Mount UPS are :

    Line Interactive technology
    Higher AC input range
    Protects the rack from voltage fluctuations, short circuit and overcharging of batteries.
    These UPS are also compatible with generators mostly.

So all these features and the requirement of the business calls for a rack mount UPS at the correct places just to be sure that there is a backup mechanism when the main UPS fails.

Network UPS

Network UPS is generally used in a Non rack environment and the best solution when you have a lot of scattered equipment and have to supply backup power to all the equipment from a single point. It provides power to all the equipment ranging from desktops, servers, routers, firewalls and other IT equipment. APC Smart UPS, Liebert GXT series and there are few more excellent network UPS.

The key features of Network UPS are:

    Single or multiple phase online UPS
    Easy installation
    Centralized management of power to the entire system
    Provides generator’s capability
    Wider range of input voltage

All these rich features make the Network UPS a perfect option where we don’t have the rack environment and still looking to provide backup power as well as DC power to the equipment.

Battery Monitoring System (BMS)

Battery Monitoring System monitors the voltage, temperature, charge status, health status, coolant flow and current in the battery. So a good battery monitoring system means better management. Our solution integrates a battery monitoring system in the power management so that the engineers are aware when a battery is about to fail or malfunctions. This also helps them take proactive measures and in timely maintenance as we know the status of the batteries any time and we can act accordingly if required.

UPS Monitoring System

A UPS monitoring system collects the data from UPS and also generates alarms whenever the UPS starts to malfunction. The systems can also connect over TCP/ IP remotely now so it can be a remote monitoring system too hence one system can monitor multiple UPS. Our solution also provides UPS monitoring system as a part of power management solution.

Large Facility UPS

A large Facility UPS is nothing but mother of all UPS to put it in simplest termsJ. Now to get to the technical part of it, it has capacity to manage the whole datacenter from a single set of equipment. However for resilience dual UPS solution is recommended so that if one fails another can takeover. These UPS provide power up to the range of Mega Watt and generally directly connected to the Grid and based on the requirement and the budget we can connect them to the main power line coming into the Data Center.

These are usually deployed in Huge Data Centers or big corporate offices where the users work on hundreds of machines simultaneously and to provide backup to them we need larger devices.

So as we saw the power management systems are the same old systems anymore. These are highly advanced, reliable and improved power management systems that also provide proactive monitoring and diagnosis of the power equipment we use in the environment.

Source : http://aboveinfranet.com/solutions/it-infrastructure-company/power-management-ac-power-ups/

Load Balance metode NTH

Seiring dengan perkembangan teknologi khususnya dalam bidang internet, banyak sekali bermunculan Internet Provider (ISP). Dan tidak bisa dipungkiri untuk saat ini kebutuhan akan internet merupakan sebuah kebutuhan yang pokok. Mulai dari akses informasi sampai jual-beli online sudah menjadi hal biasa.

Karena didorong oleh banyaknya permintaan dari masyarakat akan koneksi internet, maka banyak perusahaan internet provider berlomba-lomba memberikan layanan dan juga produk yang terbaik. Dan tak khayal saat ini banyak tawaran untuk koneksi internet dengan harga yang semakin terjangkau.

Dan bahkan mungkin diantara kita juga ada yang berlangganan service internet lebih dari satu provider. Nah, dengan multiple gateway ini cukup penting dalam sisi management sehingga koneksi internet yang kita miliki bisa berjalan secara optimal untuk masing-masing link. Salah satu metode yang paling banyak digunakan adalah dengan cara load balace. Dari load balance sendiri ada beberpa mekanisme yang bisa digunakan antara lain ECMP (Equal-Cost Multiple Path), NTH, PCC (Per-Connection Classifier).

Pada artikel sebelumnya telah kita bahas metode ECMP & PCC, dan supaya lebih lengkap kali ini kita akan membahas mengenai load balance dengan NTH.

Apa itu NTH?

NTH sendiri adalah sebuah fitur pada firewall yang digunakan sebagai penghitung (counter) dari paket data atau koneksi (packet new). Ada dua parameter utama dari NTH ini, yaitu "Every" dan "Packet".

"Every" merupakan parameter penghitung (counter) sedangkan "Packet" adalah penunjuk paket keberapa rule dari NTH ini akan dijalankan. Dengan demikian penggunaan NTH ini dilakukan denganmengaktifkan counter pada mangle, kemudian ditandai dengan 'Route-Mark'. Sehingga dengan route mark ini digunakan sebagai dasar untuk membuat policy route.

Konfigurasi NTH

Kita akan mencoba melakukan konfigurasi load balance menggunakan metode NTH. Seperti pada topologi dibawah ini, kita memiliki dua gateway untuk koneksi ke internet.



Berdasarkan mekanisme NTH, untuk topologi diatas setiap trafik/paket data yang lewat akan dibagi menjadi 1 dan 2. Kemudian untuk link ISP-A akan digunakan untuk jalur paket 1 dan link ISP-B akan digunakan untuk jalur paket 2.

Langkah, pertama kita akan buat rule mangle terlebih dahulu untuk membuat routing-mark berdasarkan parameter NTH. Masuk ke menu IP --> Firewall --> Mangle. Tambahkan rule seperti berikut.

/ip firewall mangle
add action=mark-connection chain=prerouting in-interface=ether5 new-connection-mark=conn-1 nth=2,1
add action=mark-connection chain=prerouting in-interface=ether5 new-connection-mark=conn-2 nth=2,2
add action=mark-routing chain=prerouting connection-mark=conn-1 new-routing-mark=jalur-1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=conn-2 new-routing-mark=jalur-2 passthrough=no

Setelah membuat mangle, kita akan mengatur policy routing untuk menentukan jalur trafik ke masing-masing gateway.

/ip route
add distance=1 gateway=172.16.1.1 routing-mark=jalur-1
add distance=1 gateway=192.168.1.1 routing-mark=jalur-2
add distance=1 gateway=172.16.1.1,192.168.1.1

Pada routing diatas terdapat 3 default gateway. Untuk gateway baris 1 dan 2 merupakan gateway untuk trafik dari LAN di ether5, sedangkan baris ke 3 merupakan gateway untuk trafik selain dari LAN (misal, trafik local process).

Source : http://mikrotik.co.id/artikel_lihat.php?id=195

api-ms-win-core-localization-l1-2-0.dll is missing

If you are having an Error saying "the program can't start because api-ms-win-core-localization-l1-2-0.dll is missing", then you can easily fix it by downloading the file api-ms-win-core-localization-l1-2-0.dll and placing it into the folders mentioned in the Installation instructions

Installation instructions

Download the file according to your system:
        - 32-Bit -> 32-Bit File
        - 64-Bit -> 32 + 64 Bit File

    Extract the .dll File from the downloaded Zip-File/s.

    Copy/Paste the file/s into the designated folder:

    32-Bit Windows:

    - 32-Bit Version -> C:\Windows\System32

    64-Bit Windows:

    - 32-Bit Version -> C:\Windows\SysWOW64
    - 64-Bit Version -> C:\Windows\System32

link download

system 32bit 

https://www.sts-tutorial.com/sites/content/files/dll/api-ms-win-core-localization-l1-2-0.dll%20(32-Bit).zip 

system 64bit

https://www.sts-tutorial.com/sites/content/files/dll/api-ms-win-core-localization-l1-2-0.dll%20(64-Bit).zip

source : https://www.sts-tutorial.com/sites/downloadCenter.php?api-ms-win-core-localization-l1-2-0

Diagram sistem pengapian dan penerangan Supra 100 series

By Nasrul Umam July 19, 2018 25 Shares
    Sebenarnya sudah banyak yang membahas tentang kelistrikan di motor supra series ini, berhubung ada salah satu pengunjung yang menginginkan pembahasan jalur pengapian supra lama maka di sini akan saya tunjukkan diagram jalur kelistrikan nya.
    Lho kenapa saya sebut supra series,? karena sistem kelistrikan nya sama dengan supra, supra x, supra fit. Supra fit new.
    Perlu anda ketahui dulu bahwa di motor tersebut menggunakan sistem pengapian AC, yaitu di sistem pengapian nya langsung mengandalkan arus dari spul.

Langsung saja saya tunjukkan diagram kelistrikan Supra series.

Diagram kelistrikan supra lama

Penjelasan gambar: 
W = putih.
Y = kuning.
Bl/R = hitam/merah.
Bu/Y = biru/kuning.
R = arus 12v aki.
G = hijau.
Bl/W = hitam/putih.
O = orange.

Penjelasan jalur dari warna kabel di atas.
W "putih" kabel dari spul yang berfungsi sebagai pengisian yang akan menuju ke kiprok.
Y "Kuning" kabel ini akan menuju ke kiprok juga yang berfungsi sebagai kabel penerangan.
Bl/R "hitam/merah" adalah kabel pengapian yang mejadi input CDi.
Bu/Y "biru/kuning" kabel ini terdapat pada pulser yang terhubung ke CDI. Berfungsi memberi sinyal waktu pengapian.
R "merah" kabel arus aki 12 v.
G "hijau" kabel massa berlaku untuk semua arus.
Bl/W "hitam/putih" adalah kabel yang akan menuju kontak.
O "orange" kabel output CDI yang menuju ke Coil.

Seharusnya dari penjelasan fungsi warna kabel di atas anda bisa memahami jalur nya.
Nah sekarang bagaimana jika di sistem pengapian ini tidak menggunakan Kontak dan juga Aki? Mudah saja

Penjelasan rangkaian pengapian Supra series tanpa kontak dan Aki.
Pertama jika tanpa kontak tinggal anda potong saja kabel hitam/putih dari CDI maka motor sudah bisa hidup, karena sistem kontak ini hanya mengonsletkan kabel Bl/W dengan massa. Jika kabel nya di putus lalu di amankan dengan solasi maka sistem pengapian akan tetap berfungsi normal.
Kedua jika tanpa aki maka putus saja kabel merah yang dari kiprok/aki lalu aman kan dengan pemberian solasi.
Oya, di motor supra ini walaupun tanpa kiprok pun akan berjalan dengan normal, tinggal anda lepas saja kiprok nya, tetapi jangan lupa amankan kabel kuning dari spul agar tidak konslet. Tetapi jika ada penggunaa lampu maka harus tetap pasang kiprok nya agar arus tidak melebihi batas yang menyebabkan lampu-lampu putus.
Saya rasa cukup sampai di sini,
Terimakasih.

Source : https://www.kum3n.com/2018/07/pengapian-dan-penerangan-supra.html