Troubleshooting iptables on Rackspace Cloud Servers

A common issue when setting up iptables on a new cloud server is that users may append the record to the existing chain, without looking at the ruleset first.

Iptables is read top to bottom, with a default installation of CentOS 5.5, the command iptables-L –line-number yields the following:

Looking at this, you can see that the INPUT chain has a single rule: to go read the  RH-Firewall-1-INPUT chain. That chain then has 10 rules, with the last one being to reject all traffic. This means that if it isn’t explicitly allowed in rules 1-9, it ain’t gonna happen.

The problem comes in when you try to add a new rule using the -A flag which appends the rule, meaning that the new rule goes to the bottom. Here is an example of that, and is what you do NOT want to do:

Let’s assume that we did run this command. The new output of iptables -L –line-number would be:

See anything wrong here? Let’s look at the INPUT chain. The first rule is to read the RH-Firewall-1-INPUT chain, which has 10 rules. After it reads through that chain, the next rule from the INPUT chain would be read, the rule that we just added for opening port 80.

Problem is, RH-Firewall-1-INPUT said in line 10 to reject anything that didn’t match. That means that your rule for opening port 80 will never even be looked at, requests will just be rejected.

Ok, so we need to remove the bad rule and do it right. First, let’s get rid of the bad rule by removing it based off of the line number

To break this command down for you:
iptables: should be pretty obvious…
-D: This option is for DELETE
INPUT: Specify the chain we want to delete from
2: Specify the line number of the rule to remove.

After running that, my bad rule from above will be gone. Now I need to do it the RIGHT way:

This rule looks an awful lot like the one above that I told you not to use, but look closely and you will see that instead of -A for append, this rule uses -I for insert, which will put the rule at the TOP of the list. Running iptables -L –line-number now yields the following:

Nice – Now the rule about allowing port 80 will be read FIRST, and then it will read the RH-Firewall-1-INPUT chain.

Always remember to save! If you do not save your ruleset, when the box reboots all of your rules will be lost!

For Redhat, CentOS, and Fedora:

For Ubuntu:

For all other distros:

Linux Permissions

Ok, this is not nearly as difficult as people make it out to be. First, you have three entities that permissions apply to: Owner, Group, and Other (or World). Next, you have 3 available permissions: Read, write, and execute.

When you do ls -al you will see something like: drwxrwxr-x

First digit is a “d” meaning it is a directory. If it were a normal file it would be “-” instead of “d”.

Next, there are 9 positions where you see either a letter or a hyphen (-). The first 3 positions apply to the “Owner” of the file (whoever created it). The next 3 characters apply to the “Group” that the file belongs to (The Primary Group of whoever created it), and the last 3 apply to the World (anyone else).

r = read
w = write
x = execute

Now, let’s break this down into octal because it is much easier to read quickly than a jumble of letters. All you need to know for octal is:

Read = 4
Write = 2
Execute = 1

Add up the value of the 3 digits from the owner and you get a number, in the above case: 7

In octal format a single digit represents the 3 letters from before. For example: 775 represent rwx|rwx|r-x

Get it? So…

755 = rwxr-xr-x
644 = rw-r–r–
775 = rwxrwxr-x
777 = rwxrwxrwx (very bad to give the world full control over your files)
700 = rwx——

Figured out how to get rid of the (!) Exclamation point in iTunes

I finally sat down and installed iTunes on the new computer and was pleased to find that it found my library from my dead computer. The only problem was that all my music on my old computer was in E:/users/Josh/Music/whateverFolder and on my new computer I just have the 1 partition (because let’s face it – Windows is so jacked up that multiple partitions to conserve data in a catastrophe is a joke) so the files are in C:/users/Josh/Music/SameDirectoryStructure.

Surely this wouldn’t be too difficult, I mean, obviously Apple saw this coming and would give me some super easy way to fix it like a search button. Nope. Ok, maybe if I change one song it will be smart enough to look in the same directory structure for any other song that it can’t locate. Nope again.

I found a few freeware and shareware programs that said they could do the job, no dice there either so I decided to take things into my own hands.

In your iTunes directory you should have a iTunes Music Library.xml file. Make a copy (Always a good idea) and work with the live one. A page wide find and replace from E:/users/ to C:/users did the trick for me. Save it, open up iTunes, and…. It failed miserably.

Turns out that iTunes first looks in the iTunes Library.itl file and if it finds something in there it just overwrites the xml file and never even reads it. To fix that little feature, move iTunes Library.itl to a bak directory, make the changes to the xml file, and then kick up iTunes. This will confuse the hell out of iTunes because now it can’t find anything. Go to File>Library>Import a playlist, navigate to the xml file, load it up and everything will work.

Hello world – and we’re live…

This blog is mostly for notes to self and to mess around with WordPress, but who knows, maybe I’ll post something cool and become internet famous.