User Tools

Site Tools



Replace an HD using LVM (CentOS)

Let's suppose you want to replace the disk in a system that uses LVM and has a separate /boot partition. In this case we also presume that /boot is identified in fstab via a label.

  • Insert the new disk (sdb) and replicate the partition layout
  • Replicate the content of the /boot partition to the new disk
  • Label the new boot:
  e2label /dev/sdb1 /boot
  • Extend the volume group (VolGroup00, in this example) with the new partition:
  pvcreate /dev/sdb2
  vgextend VolGroup00 /dev/sdb2
  • Move data from the old partition and remove it:
  pvmove /dev/sda2
  vgreduce VolGroup00 /dev/sda2
  • Fix grub:
  root (hd1,0)
  setup (hd1)
  • Remove the old disk and reboot

Rescan SCSI bus

for bus in /sys/class/scsi_host/host*/scan ; do
  echo "- - -" > $bus

Red Hat/Centos 5/6

Install an init script

chkconfig --add scriptname
chkconfig scriptname on
service scriptname start

Delete an init script

chkconfig --del scriptname

Package management with RPM

rpm -ivh mypkg.rpm   # install
rpm -Uvh mypkg.rpm   # update
rpm -e mypkg         # uninstall
rpm -qa              # list installed packages
rpm -qi mypkg        # package info
rpm -ql mypkg        # package contents
rpm -qlp ./mypkg.rpm # contents of an uninstalled rpm
rpm -q --whatprovides filename # Which package contains filename?

Register to RHN

Older versions


Newer versions

subscription-manager register --proxy="" --auto-attach

Additional package repositories


Enable EPEL on CentOS with:

yum install epel-release

YUM package management

Disable yum autoupdate daemon

service yum-updatesd stop
chkconfig yum-updatesd off

Using yum with proxy

  • Put in /etc/yum.conf a line like:
  • If using RHEL, put in /etc/rhsm/rhsm.conf:
proxy_port =8080

IPtables cheatsheet

A nice explanation picture borrowed from

Enabling forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

.. or net.ipv4.ip_forward = 1 in sysctl

Masquerade / SNAT

With masquerade you don't need to know the address of the external interface (good for dynamic IP). Furthermore, when the connection goes down the connection/translation table gets cleared

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

With Source NAT you have to specify the IP of the outgoing interface, and the slate table are retained:

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to

Don't forget to ensure that the FORWARD rule allow NAT traffic, in and out:

iptables -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT

Securing connection

When using – for example – NAT and wanting to allow only outgoing connections:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
iptables -P INPUT DROP
iptables -A FORWARD -i eth1 -o eth1 -j REJECT

Show NAT tables

iptables -L -n -v --line-numbers
iptables -L -n -v -t nat --line-numbers

Block outgoing connections to an host

iptables -A OUTPUT -d -p tcp --dport 8080 -j DROP

Delete all the rules

 iptables --flush


  • Is it active?
  firewall-cmd --state
  • What's the active zone?
  firewall-cmd --get-active-zones
  • Which services / ports are on?
  firewall-cmd --zone=work --list-services
  firewall-cmd --zone=work --list-ports
  firewall-cmd --list-all

Open temporarily a port (example)

  firewall-cmd --get-active-zones # get the active zone
  firewall-cmd --zone=work --add-port=3000/tcp

To make the change permanent add the permanent flag:

  firewall-cmd --zone=public --add-service=http --permanent

Create and enable a new custom service


firewall-cmd --permanent --new-service=ap-gre-pptp
firewall-cmd --permanent --service=ap-gre-pptp --set-description='GRE for PPTP'
firewall-cmd --permanent --service=ap-gre-pptp --set-short='AP HACK - GRE for PPTP'
firewall-cmd --permanent --service=ap-gre-pptp --add-protocol=gre
firewall-cmd --permanent --zone=work --add-service=ap-gre-pptp

New Linux networking commands

Deprecated   Replacement command(s)
----------   -----------------------
arp	     ip n (ip neighbor)
ifconfig     ip a (ip addr)
iptunnel     ip tunnel
iwconfig     iw
nameif       ip link, ifrename
netstat	     ss, ip route (for netstat -r), ip -s link (for netstat -i), ip maddr (for netstat-g)
route	     ip r (ip route)


  • Add default: ip route add default via
  • Add route: ip route add via


See the Systemd cheatsheet.


See the SELinux cheatsheet.

unix/linux.txt · Last modified: 2018/01/03 12:29 by ap

Informativa sui cookie