Linux

1. Networking with a Virtual IP

You can add extra IPs to your network card using ifconfig.

e.g. I have an existing IP 10.0.0.20


# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:18:F3:5F:7A:AC
          inet addr:10.0.0.20  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2548750 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2458043 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1568857563 (1496.1 Mb)  TX bytes:951347326 (907.2 Mb)
          Interrupt:220
    

To add a new IP


# ifconfig eth0:0 10.0.0.21 netmask 255.255.255.0 up
    

Now there is another interface:


# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:18:F3:5F:7A:AC
          inet addr:10.0.0.20  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2548810 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2458070 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1568863792 (1496.1 Mb)  TX bytes:951350040 (907.2 Mb)
          Interrupt:220

eth0:0    Link encap:Ethernet  HWaddr 00:18:F3:5F:7A:AC
          inet addr:10.0.0.21  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:220

          ..
          

This has been used in a MySQL setup, where there is 1 server and multiple slaves. The server owns the Virtual IP (VIP). If the master fails, then the VIP should be removed from the master server (ifconfig down), and added to an alternative slave server instead.

Clients should be configured to point to the VIP instead of directly to a server.

2. Redirecting ports

In one example we have tomcat running port 8080 and would like it to also appear on port 80.


iptables -t nat -A OUTPUT -d localhost -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -d 10.0.0.20 -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -d 10.0.0.20 -p tcp --dport 80 -j REDIRECT --to-ports 8080

iptables -t nat -A OUTPUT -d localhost -p tcp --dport 443 -j REDIRECT --to-ports 8443
iptables -t nat -A OUTPUT -d 10.0.0.20 -p tcp --dport 443 -j REDIRECT --to-ports 8443
iptables -t nat -A PREROUTING -d 10.0.0.20 -p tcp --dport 443 -j REDIRECT --to-ports 8443 
    

3. Adding a new user account

To add a new user, use the 'useradd' command.

run "useradd --help" for help. This would need to be run as root.

e.g. to add the user "backup", I have run the following:

useradd -d /home/backup -m backup

The user cannot login without a password, so you can run "passwd backup" to allow the user "backup" to login.

You can also change the default shell using the 'chsh' command.

chsh --shell /bin/bash backup

or have it specified while creating the user. e.g.:

useradd -d /home/backup -m backup -s /bin/bash

4. script

The 'script' command can be used to log stdin/stdout to disk. By default it creates a file called 'typescript' where both stdin and stdout will be logged. I've found this useful when installing or configuring programs and need to review or keep a history of the settings chosen. I also keep a backup of this log in case there were any missed warnings or errors.