Jun 082016
 

Here is how you can compile and install xtables-addons on CentOS 7.
first, Install Dependencies:

# yum install gcc gcc-c++ make automake unzip zip xz kernel-devel-`uname -r` wget unzip iptables-devel perl-Text-CSV_XS

download xtables-addons

# wget http://ufpr.dl.sourceforge.net/project/xtables-addons/Xtables-addons/xtables-addons-2.10.tar.xz

extract, compile and install

# tar -xJf xtables-addons-2.10.tar.xz
# cd xtables-addons-2.10
# configure
# make && make install

done!

and now for example we want to use geoip module, first of all install geoip database for xtables-addons.
still from xtables-addons-2.10 directory.

# cd geoip
# ./xt_geoip_dl
# ./xt_geoip_build GeoIPCountryWhois.csv
# mkdir -p /usr/share/xt_geoip
# cp -r {BE,LE} /usr/share/xt_geoip
# modprobe xt_geoip

if you want only allow ssh connection from certain country(ie. ID) and drop the rest here’s how to do it.

# iptables -I INPUT -p tcp --dport 22 -m geoip ! --src-cc ID -j DROP
Jun 112011
 

If you have multiple load balanced webservers all serving the same site, sessions should be shared among thosememcache logo servers, and not reside on each server individually. Because we don’t know where user gets load-balanced to which backend server. A common way solving this problems are by using custom class that overrides default behavior and stores sessions in a MySQL database. All webservers in clusters connect to the same database. However, the main problem that must be taken into consideration when using a database is the bottleneck.

Example loadbalancing backend using nginx

http {
  upstream backend {
    server 192.168.1.1:8000 weight=3;
    server 192.168.1.2:8001;
    server 192.168.1.3:8002;
    server 192.168.1.4:8003;
  }

  server {
    listen 80;
    server_name www.example.com;
    location / {
      proxy_pass http://backend;
    }
  }
}

Continue reading »