Scenario:
Imagine you have a Linux machine at home called CLIENT and another Linux machine called SERVER at remote location such as your office. From CLIENT, you want to simple run a command ssh username@server that will log you in to SERVER without asking for a password.
CLIENT machine setup Use the following simple steps to create empty pass phrase public/private key pair.

• In home directory, login as the user you want to automatically login to remote SERVER.
• Run this command: “ssh-keygen -t dsa”. When asked for pass phrase and some other information, make sure you just hit ENTER key to accept default value. Default value is empty.
• When process finish, two files will be created in ~.ssh/ directory. Usually, they are called id_dsa and id_dsa.pub.
• Now, you may need to move these two files out from ~.ssh directory because they may prevent you to ssh or scp file to remote SERVER machine.
• Next, scp id_dsa.pub file to remote SERVER machine. Then move id_dsa and id_dsa.pub files back to ~.ssh directory.
• That is all you need to do on CLIENT machine.

SERVER Setup

• Login as the user to SERVER machine. You should have a file you scp from CLIENT machine call “id_dsa.pub”.
• Go to ~.ssh directory. Look for a file called “authorized_keys”. If it is not there, you can create one using touch command: touch authorized_keys. Some documentations I read mention create the file of authorized_keys2 will also work.
• Now, copy the content of id_dsa.pub into authorized_keys and save authorized_keys file.
• Now you can test to ssh from CLIENT machine to SERVER. You should be able to login to SERVER without typing a password.

Some notes

If it does not work for some reasons, do the following.

• Check the file owner of id_dsa.pub. It must be created by the owner of the account, not root. This is true on both CLIENT and SERVER machines.
• Make sure content in authorized_keys file does not have empty lines at the beginning or the end of the file.
• Sometimes, copy by highlighting in shell does not work properly. You may use read command to read id_dsa.pub file into authorized_keys from vi.
• You can choose dsa or rsa encryption algorithm for public/private key pair.

in this mode first edit your squid.conf file

by typing in terminal

vim /etc/squid/squid.conf

edit line may be 89 in 2.6 version

http_port 192.168.0.1:3128 transparent

( where 192.168.0.1 is your local interface address )

and set visible_hostname to localhost

and insert below lines under tag
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

acl our_networks src 192.168.0.0/24 192.168.2.0/24
http_access allow our_networks

(use gedit if not familier with vim )

now start squid by typing

/usr/sbin/squid -z

now flush all rules of iptabes for transparent mode

iptables -F

iptables -t nat -F

iptables -t mangle -F

now delete this chanis bye

iptables -X

iptables -t nat -X

iptables -t mangle -X

now time to save iptables so type

service iptables save

service iptables restart

now all rules and chains will clear !

check it by /etc/sysconfig/iptables which has all defaults rules set to accept.

now /etc/rc.d/rc.local

and insert line

echo ” 1 “> /proc/sys/net/ipv4/ip_forward

and then save and close.

now asuming that your internet interface is eth0 then type :

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

service iptables save

service iptables restart

note:- check your service of iptables is set to start during boot up .

or check status of your iptables service

chkconfig –list iptables

if level 5 is on then its ok othewise start service at level 5 or level 2345.

first of all you have to flush and delete existing firewall rules which are be default bye linux .

so flush rules bye typing in terminal

iptables -F

iptables -t nat -F

iptables -t mangle -F

now delete this chanis bye

iptables -X

iptables -t nat -X

iptables -t mangle -X

now time to save iptables so type

service iptables save

service iptables restart

now all rules and chains will clear !

check it by /etc/sysconfig/iptables which has all defaults rules set to accept.

now /etc/rc.d/rc.local

and insert line

echo ” 1 “> /proc/sys/net/ipv4/ip_forward

and then save and close.

now asuming that your internet interface is eth0 then type :

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

service iptables save

service iptables restart

note:- check your service of iptables is set to start during boot up .

or check status of your iptables service

chkconfig –list iptables

if level 5 is on then its ok othewise start service at level 5 or level 2345.

Probably the most common other type of package you will see are tar files. These come in a few different flavors. You can identify them by their file extensions, which will be “.tar”, “.tar.gz”, “.tgz”, and “.tar.bz2

package extension opening and extraction command

.tar tar –xvf file.tar

.tar.gz tar -zxvf file.tar.gz

.tgz tar -zxf file.tar.gz

.tar.bz2 (UNIX, FreeBSD ) tar xjf file.tar.gz

simply type in telnet /ssh terminal or shell terminal

configuring ip address :-

ifconfig eth0 xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx

or

ifconfig eth0 xxx.xxx.xxx.xxx/xx (/xx is network bit)

configure gateway :-

route add default gateway xxx.xxx.xxx.xxx

then final if you want to cinfigure DNS address:-

vi /etc/resolv.conf

then add your name server ip

example

ifconfig eth1 172.16.144.3 netmask 255.255.248.0

or

ifconfig eth1 172.16.144.3/21

route add default gateway 172.16.144.1

vi /etc/resolv.conf ( required knowledge of vi editor)

nameserver=172.16.144.1

most e-books’s format are .chm (windows help file ) so how to read it in linux because .chm (windows help file) is microsoft proprietary.

just type in terminal ( contains internet connection )

for fedora 5 or 6
type yum -y install xchm

then check menu application –> accessories –> xchm ( in fedora)

( may not visible in all linux systems )

then check

or run directly in terminal -
xchm

and pragam will run .

in windows we have to use many players like real player for -.rm .ram files, quicktime for .mov .3gpp files , divx player for divx files and mediaplayer for .wmv ,avi and flvplayer for .flv files,,, linux has simple solutions for play all files in single player called mplayer thats award winning software of unix and now also launch for windows.

how to use this beautiful software ;-
method is somehow complicated but gone through proper method it will work without crash.
but small problem there u have to install latest libcgg , libgcc-common platform if you are using fedora distribution then no prob.

download

http://www.mplayerhq.hu/design7/dload.html

binary package and use websites documentation for install generally after tar ./configure –> make –> make install method.

then download binary codecs from same websites in download section for linux x86 platform and create one directory named codecs
in /usr/local/lib/ and copy all codecs in /usr/local/lib/codecs.
so your codes platform will be create .

now type in terminal

/usr/local/bin/mplayer -vo x11 file.wmv (or any file path )

all file will be run superb .

remember codecs’s placement is most important conform that codecs path is /usr/local/lib/codecs directory .

if you configure some frontend tool for mplayer for controling( seek drag etc) mediaplayer menu then use xmms (linux media player ).

if not already installed then

type

yum -t install xmms

after installing download XMMS MPlayer Input Plugin from http://xmmsmplayer.sourceforge.net.

then install xmmsmplayer’s rpm package.

now start xmms by type xmms in terminal

then rightclick any where on player and go to–> option and –> preference .
and from i/o plugins select mplayer plugins from xmms.
and click on configure tab and then extra then type -vo x11

now select any file from xmms ( look like winamp ) and play file .

note; try to play without configure pluggins of xmms if not work then use -vo x11 option .and you have to go through axact method described above.

First you need to know how the firewall treats packets leaving, entering, or passing through your computer. Basically there is a chain for each of these. Any packet entering your computer goes through the INPUT chain. Any packet that your computer sends out to the network goes through the OUTPUT chain. Any packet that your computer picks up on one network and sends to another goes through the FORWARD chain. The chains are half of the logic behind iptables themselves.

Now the way that iptables works is that you set up certain rules in each of these chains that decide what happens to packets of data that pass through them. For instance, if your computer was to send out a packet to www.yahoo.com to request an HTML page, it would first pass through the OUTPUT chain. The kernel would look through the rules in the chain and see if any of them match. The first one that matches will decide the outcome of that packet. If none of the rules match, then the policy of the whole chain will be the final decision maker. Then whatever reply Yahoo! sent back would pass through the INPUT chain. It’s no more complicated than that.

Now that we have the basics out of the way, we can start working on putting all this to practical use. There are a lot of different letters to memorize when using iptables and you’ll probably have to peek at the man page often to remind yourself of a certain one. Now let’s start with manipulation of certain IP addresses. Suppose you wanted to block all packets coming from 200.200.200.1. First of all, -s is used to specify a source IP or DNS name. So from that, to refer to traffic coming from this address, we’d use this:

iptables -s 200.200.200.1

But that doesn’t tell what to do with the packets. The -j option is used to specify what happens to the packet. The most common three are ACCEPT, DENY, and DROP. Now you can probably figure out what ACCEPT does and it’s not what we want. DENY sends a message back that this computer isn’t accepting connections. DROP just totally ignores the packet. If we’re really suspicious about this certain IP address, we’d probably prefer DROP over DENY. So here is the command with the result:

iptables -s 200.200.200.1 -j DROP

But the computer still won’t understand this. There’s one more thing we need to add and that’s which chain it goes on. You use -A for this. It just appends the rule to the end of whichever chain you specify. Since we want to keep the computer from talking to us, we’d put it on INPUT. So here’s the entire command:

iptables -A INPUT -s 200.200.200.1 -j DROP

This single command would ignore everything coming from 200.200.200.1 (with exceptions, but we’ll get into that later). The order of the options doesn’t matter; the -j DROP could go before -s 200.200.200.1. I just like to put the outcome part at the end of the command. Ok, we’re now capable of ignoring a certain computer on a network. If you wanted to keep your computer from talking to it, you’d simply change INPUT to OUTPUT and change the -s to -d for destination. Now that’s not too hard, is it?

So what if we only wanted to ignore telnet requests from this computer? Well that’s not very hard either. You might know that port 23 is for telnet, but you can just use the word telnet if you like. There are at least 3 protocols that can be specified: TCP, UDP, and ICMP. Telnet, like most services, runs on TCP so we’re going with it. The -p option specifies the protocol. But TCP doesn’t tell it everything; telnet is only a specific protocol used on the larger protocol of TCP. After we specify that the protocol is TCP, we can use –destination-port to denote the port that they’re trying to contact us on. Make sure you don’t get source and destination ports mixed up. Remember, the client can run on any port, it’s the server that will be running the service on port 23. Any time you want to block out a certain service, you’ll use –destination-port. The opposite is –source-port in case you need it. So let’s put this all together. This should be the command that accomplishes what we want:

iptables -A INPUT -s 200.200.200.1 -p tcp –destination-port telnet -j DROP

And there you go. If you wanted to specify a range of IP’s, you could use 200.200.200.0/24. This would specify any IP that matched 200.200.200.*. Now it’s time to fry some bigger fish. Let’s say that, like me, you have a local area network and then you have a connection to the internet. We’re going to also say that the LAN is eth0 while the internet connection is called ppp0. Now suppose we wanted to allow telnet to run as a service to computers on the LAN but not on the insecure internet. Well there is an easy way to do this. We can use -i for the input interface and -o for the output interface. You could always block it on the OUTPUT chain, but we’d rather block it on the INPUT so that the telnet daemon never even sees the request. Therefore we’ll use -i. This should set up just the rule:

iptables -A INPUT -p tcp –destination-port telnet -i ppp0 -j DROP

So this should close off the port to anyone on the internet yet kept it open to the LAN. Now before we go on to more intense stuff, I’d like to briefly explain other ways to manipulate rules. The -A option appends a rule to the end of the list, meaning any matching rule before it will have say before this one does. If we wanted to put a rule before the end of the chain, we use -I for insert. This will put the rule in a numerical location in the chain. For example, if we wanted to put it at the top of the INPUT chain, we’d use “-I INPUT 1″ along with the rest of the command. Just change the 1 to whatever place you want it to be in. Now let’s say we wanted to replace whatever rule was already in that location. Just use -R to replace a rule. It has the same syntax as -I and works the same way except that it deletes the rule at that position rather than bumping everything down. And finally, if you just want to delete a rule, use -D. This also has a similar syntax but you can either use a number for the rule or type out all the options that you would if you created the rule. The number method is usually the optimal choice. There are two more simple options to learn though. -L lists all the rules set so far. This is obviously helpful when you forget where you’re at. AND -F flushes a certain chain. (It removes all of the rules on the chain.) If you don’t specify a chain, it will basically flush everything.

Well let’s get a bit more advanced. We know that these packets use a certain protocol, and if that protocol is TCP, then it also uses a certain port. Now you might be compelled to just close all ports to incoming traffic, but remember, after your computer talks to another computer, that computer must talk back. If you close all of your incoming ports, you’ll essentially render your connection useless. And for most non-service programs, you can’t predict which port they’re going to be communicating on. But there’s still a way. Whenever two computers are talking over a TCP connection, that connection must first be initialized. This is the job of a SYN packet. A SYN packet simply tells the other computer that it’s ready to talk. Now only the computer requesting the service sends a SYN packet. So if you only block incoming SYN packets, it stops other computers from opening services on your computer but doesn’t stop you from communicating with them. It roughly makes your computer ignore anything that it didn’t speak to first. It’s mean but it gets the job done. Well the option for this is –syn after you’ve specified the TCP protocol. So to make a rule that would block all incoming connections on only the internet:

iptables -A INPUT -i ppp0 -p tcp –syn -j DROP

That’s a likely rule that you’ll be using unless you have a web service running. If you want to leave one port open, for example 80 (HTTP), there’s a simple way to do this too. As with many programming languages, an exclamation mark means not. For instance, if you wanted to block all SYN packets on all ports except 80, I believe it would look something like this:

iptables -A INPUT -i ppp0 -p tcp –syn –destination-port ! 80 -j DROP

It’s somewhat complicated but it’s not so hard to comprehend. There’s one last thing I’d like to cover and that’s changing the policy for a chain. The chains INPUT and OUTPUT are usually set to ACCEPT by default and FORWARD is set to DENY. Well if you want to use this computer as a router, you would probably want to set the FORWARD policy to ACCEPT. How do we do this you ask? Well it’s really very simple. All you have to do is use the -P option. Just follow it by the chain name and the new policy and you have it made. To change the FORWARD chain to an ACCEPT policy, we’d do this:

iptables -P FORWARD ACCEPT

Nothing to it, huh? This is really just the basics of iptables. It should help you set up a limited firewall but there’s still a lot more that I couldn’t talk about. You can look at the man page “man iptables” to learn more of the options (or refresh your memory when you forget). You can find more advanced documents if you want to learn some of the more advanced features of iptables. At the time of this writing, iptables documents are somewhat rare because the technology is new but they should be springing up soon. Good luck.

Helpful Links:
Introducing Netfilter (iptables)
http://www.linuxsecurity.com/docs/colsfaq.html

simply type

yum -y -t –enable=development update firefox

if any conflict occur, generally with mozilla-1.7.12

then type ( only if error occurred )

yum remove /usr/lib/mozilla-1.7.12

and then type

yum -y -t –enable=development update firefox

If we can’t use the XmlHttpRequest object, we must find some other way
to include content from another page, without having to resort to other objects
or non-standard things. A great candidate for this would be the tag, which is
used to include external JavaScript files. What if, instead of using a regular
JS file, we point that tag to a PHP file, which outputs JavaScript. A PHP file
which looks something like this:

<?php

	$html = '<b>This content came from our Ajax Engine</b>';

?>

div = document.getElementById('contentdiv');
div.innerHTML = '<?php echo $html; ?>';

When this file is used referenced in a script tag, it will try to set the innerHTML of a div with ID ‘contentdiv’. But there’s one problem; this file shouldn’t be included when the page loads, but only when a button is clicked or some other action. To do this, we must somehow dynamically add a new script tag, which is possible using JavaScript. Something like the following would do the trick:

// Get base url
     url = document.location.href;
     xend = url.lastIndexOf("/") + 1;
     var base_url = url.substring(0, xend);

function ajax_do (url) {
     // Does URL begin with http?
     if (url.substring(0, 4) != 'http') {
     url = base_url + url;
     }

 // Create new JS element
     var jsel = document.createElement('SCRIPT');
     jsel.type = 'text/javascript';
     jsel.src = url;

 // Append JS element (therefore executing the 'AJAX' call)
     document.body.appendChild (jsel);
 }

This code first gets the current directory of the url, so we have a base url.
The ‘ajax_do’ function is the thing that does all the work. It first
checks whether the url passed to the function points to another domain, or is
a relative file.

It then creates a new script element, using the createElement() function. After that it sets the src attribute of the script element, and adds the script element to the body, effectively ‘loading’ the file that is referenced by the script element.

All we need now is a simple page that triggers the Ajax call, i.e.

     <html>
     <head>
     <title> Demo 1 - The Basic's </title>

 <script type = 'text/javascript' src = 'engine.js' > </script>
 </head>

 <body>
   <div id = 'contentdiv' ></div>

<input type = 'button' onclick = "ajax_do ('page1.php');" value = "Get content" / >
     </body>
     </html>