Archive for January, 2010

How to Install PPTP Client on Linux


Hi again

when you use the debian server probably you need to connect a vpn server and somehow route your packets through them. therefore i decided to let you know how you can connect to a vpn server in command line interface.

first you should install the pptp-linux package in your Debian.

aptitude install pptp-linux

then you can add your user account in the file /etc/ppp/chap-secret in the following style.

$Domain\\$yourusername PPTP $Yourpassword

(if you havent any domain. dont worry just write your username.)

now you configured you username nad password for your connection. but which connection ?!  you should now add or create a new vpn client connection for your server.

Therefore go to the /etc/ppp/peers/ and create a new file with name of your connection. for instance :

vim /etc/ppp/peers/myfirstvpnconnection

ok now in the editor environment try to add the following parameters which i will tell you why we use each one.

pty “pptp $YouIPAddressOfServer –nolaunchpppd”
name $YourUSername
remotename PPTP
file /etc/ppp/options.pptp
ipparam vpn

now you should go to the /etc/ppp/options.pptp and then comment and uncomment some parameters

the following parameters should be comment are :


then you should add the following parameter in the file.


thats  it. simply you create new vpn connection in your debian. but the main thing is about  starting  the connection.

First check you connection by the following command which enables you to see what exactly happen and ensure you the connection will be established or not.

pon $connectionname debug dump logfd 2 nodetach

ok if the connection is done and you give the IP from the server,just press ctrl+c to disconnecting the connection (poff $ConnectionName is also used) and add it this connection into you interface file in order to make it available whenever the Debian boot.

go into the /etc/network/interfaces and then add these following commands.

auto tunnel

iface tunnel inet ppp

provider $YouVPNCOnnectionNAme (Which your created in /etc/ppp/peers)

thats it. your connection will be start whenever your debian starts :)

Note: if you decided to ensure whenever your connection disconnected, your connection try to reconnect just you should add the persist in your connection file.

so just type

echo “persist” >> /etc/ppp/peers/$YourVPNfile

if you have any further question dont hesitate to contact me:)


How to install the Squid on windows as a service



The first thing you should do about installing the squid proxy service on windows, is downloading the compiled version of the service from the following site:

then you easily extract the whole file in directory with name “c:\squid” and change your directory into c:\squid\etc

Then in etc subdirectory try to configure your squid.conf

next step is  typing squid -z to create all the subdirectory for your caching. inorder to run the following command change your directory into c:\squid\bin

after creating the cache directory, just type squid -i to install the service in the windows.

then you can start your service in the windows services console. (in run menu type services.msc)


Invalid command ‘RewriteEngine’, perhaps misspelled or defined by a module not included in the server configuration

Hi again …

“Invalid command ‘RewriteEngine’, perhaps misspelled or defined by a module not included in the server configuration”

in the apache if you face with this errror in you errors log. you should enable the apache module rewrite.

just login as root user and then type the following command and then restart your apache service :)

sudo a2enmod rewrite


How to make EtherChannel on Cisco Switches

Hi again
To involve two NIC in switch trunking  just need a simple configuration on both switches.

in configuration mode just select each interface and apply the same channel mode to them.

therefore we should run the following commands :

FirstSwitch#conf t

Enter configuration commands, one per line. End with CNTL/Z.
FirstSwitch(config)#interface fast 0/23

FirstSwitch(config-if)#channel-group 1 mode on

Creating a port-channel interface Port-channel 1

FirstSwitch(config-if)#interface fast 0/24

FirstSwitch(config-if)#channel-group 1 mode on

there is still problem. if one interfaces will down the hole trunking system has been stop. is there any idea to have multiple trunk interface with redundancy ?!

thats it

How to use two bandwidth simultaneously

Hi ….

if you have two bandwidth with two gateway you can use it simultaneously. its so easy just you should delete your default route from your server and put the following command :)

ip route replace default equalize  scope global nexthop via $router1 dev $dev1 weight 1 nexthop via $router2 dev $dev2 weight 1

its start to send the packet in round robin approach.  the weight option helps you to identify how many packet sent to the first bandwidth comparing the second one.

if you have two connection a and b with 1mbps and 2mpbs  bandwidth. just simply change the second weight from 1 to 2 :)

the router send two packet to connection b , and one packet to a.

so simple

is any idea about same action in cisco router ?!


How to Filter the HTTP url with iptables

Hi Again
by typing just following command you will filter what ever you want in your http url ..

iptables -I FORWARD  -p tcp –dport 80 -s -m string –string “facebook” –algo kmp -j DROP

for Instance the above command will DROP all packet going to the :)

Regards ;)

How to compile the debian kernel with iptables Layer 7 Support

Hi …

First you should download some package in order to compile your new kernel.

so in command line just type

aptitude update

aptitude install build-essential  kernel-package libncurses5-dev

then you should install the kernel source package by just typing …

cd /usr/src
apt-get install linux-source-2.6.24

then try to extract the source files in a you current directory

tar xvzf l7-protocols-2008-04-23.tar.gz
tar xvzf netfilter-layer7-v2.18.tar.gz
tar xvjf patch-o-matic-ng-20080517.tar.bz2
tar xvjf linux-source-2.6.24.tar.bz2
tar xvjf iptables-1.4.0.tar.bz2

create the following link in order to simplify the operation

ln -s linux-source-2.6.24 linux
ln -s iptables-1.4.0 iptables

Now at this time patching the kernel is started

cd /usr/src/linux

patch -p1 < ../netfilter-layer7-v2.18/for_older_kernels/kernel-2.6.22-2.6.24-layer7-2.18.patch

cd ../iptables
patch -p1 < ../netfilter-layer7-v2.18/iptables-1.4-for-kernel-2.6.20forward-layer7-2.18.patch
chmod +x extensions/.layer7-test

cd ../patch-o-matic-ng-20080517

./runme –download
./runme ipp2p

cd /usr/src/linux
cp /boot/config-2.6.24-1-686 ./.config
make menuconfig

make-kpkg clean
make-kpkg –initrd –append-to-version=-siamvision kernel_image kernel_headers

dpkg -i linux-image+tab
dpkg -i linux-headers+tab

mv /usr/src/l7-protocols-2008-04-23 /etc/l7-protocols

and finally installing iptables

cd /usr/src/iptables
make KERNEL_DIR=/usr/src/linux
make install

thats it. now you can use layer 7 firewalling with your iptables.


     Copyrighted Mehdi Behamin , All Rights Reserved
Blog has been visited 207133 times