Category Archives: Linux/Unix

CentOS Clojure / Leiningen / Luminus / http-kit Installation and sample tutorial

CentOS Clojure

CentOS Clojure installation and sample tutorial.
In the following post I’ll show how to install and configure Clojure on you CentOS box with sample web server example.

Also,, weI’ll use leiningen for manage the Clojure app and http-kit for deployment.


CentOS Clojure Installation

First, Clojure requires only Java 1.5 or greater, if you don’t have the JDK installed yet on your CentOS box please follow this instructions by ItekBlog writer – Adam to install Oracle Java on your CentOS box.

Download Clojure

Before you continue, check the Downloads page to install the latest version.

To download Clojure use:

# if you don't have wget installed - use: yum install wget
# if you don't have unzip installed - use: yum install unzip
cd /opt

to bring up a simple read-eval-print loop (REPL) use:

cd clojure-1.5.1
java -cp clojure-1.5.1.jar clojure.main


user=> (+ 1 2 3)
user=> (javax.swing.JOptionPane/showMessageDialog nil "Hello World")

Try Clojure Online

  • TryClojure provides a brower-based Clojure REPL
  • Himera provides a browser-baed ClojureScript REPL

Community Resources

Community volunteers maintain Getting Started documentation for a number of different tools and approaches.



Leiningen is the easiest way to use Clojure. With a focus on project automation and declarative configuration, it gets out of your way and lets you focus on your code.

Installing Lieningen

to install Lieningen you need to download the lein script place it on your $PATH (eg. ~/bin) and set it to be executable:

cd ~/bin
chmod a+x ~/bin/lein

you can read the tutorial by running lein help tutorial.

The tutorial is the best place to start. It does not cover learning the language itself; good Clojure documentation can be found.

Running lein help faq will get you the FAQ. Documentation for each individual task is available via lein help $TASK. You can also see the sample project.clj file containing a reference of most project settings by running lein help sample.


Creating a Project

Creating a new project is easy:

cd ~/
lein new app my_first_app
cd my_first_app
find .

In this example we’re using the 


 template, which is intended for an application project rather than a library. Omitting the app argument will use the default template, which is suitable for libraries.

Directory Layout

The output of the find command is:


Here you’ve got your project’s file, .gitignore file for you all GIT users, a src/ directory containing the code, a test/ directory, and a project.clj file which describes your project to Leiningen. The src/my_stuff/core.clj file corresponds to the my-stuff.core namespace.

Running Code

let’s start our code running:

lein run


centos clojure

centos clojure


For extended information and documentation about Leiningen and the REPL Read here.


FAQ: Set LEIN_ROOT to disable this warning.



If you want to run LEIN using root, you should add to your ~/.bash_profile :

export LEIN_ROOT="Something"


ember to touch the file:

. ~/.bash_profile




Luminus is a micro-framework based on a set of lightweight libraries. It aims to provide a robust, scalable, and easy to use platform. With Luminus you can focus on developing your app the way you want without any distractions.

create a new project:

    lein new luminus myapp
    cd myapp
    lein ring server

the app is now available at 




Clojure Deployment

When you’re ready to deploy your app, you have many web servers such as: nginx, http-kitimmutant, tomcat, JBossPallet, GlassFish, Jetty, Netty, Grizzly, etc.


using nginx

You can use nginx-clojure to run your clojure project inside of nginx server.

In Clojure web server benchmarks, this server achieved the highest performance.


read this tutorial for more information about nginx/clojure implementation.


using Tomcat

To install Tomcat server follow those steps.

You need to package the application as a WAR archive, to do that run:

lein ring uberwar

then simply copy the resulting myapp-0.1.0-SNAPSHOT-standalone.war to the webapps folder on Tomcat, eg:

cp target/myapp-0.1.0-SNAPSHOT-standalone.war ~/tomcat/webapps/myapp.war

Your app will now be avaliable at the context /myapp when Tomcat starts. To deploy the app at root context, simply copy it to webapp as ROOT.war.


HTTP Kit – HTTP client/server for Clojure

HTTP Kit is a minimalistefficientRing-compatible HTTP client/server for Clojure. It uses a event-driven architecture to support highly concurrent a/synchronous web applications. Feature a unified API for WebSocket and HTTP long polling/streaming

<div class="codecolorer-container text railscasts" style="overflow:auto;white-space:nowrap;width:555px;"><table cellspacing="0" cellpadding="0"><tbody><tr><td class="line-numbers"><div>1<br /></div></td><td><div class="text codecolorer">          [http-kit "2.1.16"] ; Add to your project.clj.</div></td></tr></tbody></table></div>

Check this great example of a websockets app with Clojure and http-kit.


That’s It!



CentOS PostgreSQL Installation Tutorial – (Centos 6.x)

CentOS PostgreSQL Installation tutorial

CentOS PostgreSQL

centos postgresql :

PostgreSQL is a powerful, open source object-relational database system.
In the following tutorial I’ll show how to install PostgreSQL on your CentOS box


CentOS PostgreSQL Installation

We can install PostgreSQL in (at-least) two ways:

  • Using YUM
  • Compile from source


Install from repository

yum install postgresql-server
this will install the package postgresql-server, also: postgresql and postgresql-libs.
centos postgresql

centos postgresql

Install from source

If you want to install the latest version of PostgreSQL you should compile from source. it’s recommended for advanced users and one may argue it’s recommended too for production.

Anyway, this article from DigitalOcean covers this area well (and more). If you want to compile using source you better move to that article. If you prefer or installed using repository (yum), continue…


PostgreSQL Service

if you’ll try to start PostgreSQL using the service command, you will see an error tells you must init the db first and create the db files in: /var/lib//pgsql/data



to init on centos postgresql service use:

service postgresql initdb


This created a data folder in /var/lib/pgsql. You can’t run this command again without deleting first this folder (and all your data).

Also, when you called the initdb command above from RedHat’s init script configured permissions on the database. These configuration settings are in the pg_hba.conf file inside the data folder.

By default all permissions are ‘Ident’,


means the only user that can get in initially is user “postgres”, so if you’ll try ‘psql’ from root you’ll get error:

psql: FATAL: Ident authentication failed for user “root”

If you want to login and use postgres with other users than `postgres` you can change the permissions method in pg_hba.conf. change from ‘ident’ to ‘md5’ is recommended.

If you want to use phpPgAdmin (described later) you should change from ‘Ident’ to ‘md5’ or else it won’t login to your system.


Set port and Listen Addresses

If you need to change the default port (5432 by default) and Listen Addresses (localhost by default), you can set those vars inside the postgresql.conf inside /var/lib/pgsql/data folder.

#listen_addresses = 'localhost'
#port = 5432


Start service

and then, to start on centos postgresql service use:

service postgresql start


to make centos postgresql load on boot use the chkconfig command as follows:

chkconfig postgresql on


and That’s it!


What next?


Managing from Command line

login to postgres

As I mentioned, default setup has ident authentication means the only user that can get in initially is user “postgres”, so if you haven’t changed permissions scheme you should su to postgres before.

to start ‘psql’ as postgres:

# change user to postgres
su - postgres
# start psql manager
# CTRL + D twice to exit both psql and su.

# You can also short the two commands into:
# su postgres -c psql

Add (or create) a user with permission to specific database?

Read this great tutorial.



PostgreSQL visual interface similar to phpMyAdmin? – in short, if you know phpMyAdmin and want phpPgAdmin, you need to add the EPEL repositories, Apache (yum install httpd) and then install using:

If your permissions scheme is currently ‘Ident’ you might need to change that to ‘md5’ as PhpPgAdmin requires it.

yum install phpPgAdmin

Then visit in your browser: http://localhost/phpPgAdmin

centos phppgadmin
centos phppgadmin

Remote connection

Edit /etc/httpd/conf.d/phpPgAdmin.conf if you want to allow access remotly and restart httpd (service httpd restart).

do you use pgsql, postgres, root, administrator as login or even user without password?
if you do, set the $conf[‘extra_login_security’] entry to false in your et/phpPgAdmin/


Change default Postgres user password

If you really want to use the “postgres” role, make sure you set it up a password and $conf[‘extra_login_security’] is false.

use the command:

passwd postgres

to change the system user password and

ALTER USER Postgres WITH PASSWORD 'password';

That alters the password for within the database. To change the password inside Postgresql. there is also short code (inside psql):


Which will ask from you a new password to set.




Linux ACL Permissions


“Access Control List (ACL) provides an additional, more flexible permission mechanism for file systems.
It is designed to assist with UNIX file permissions.
ACL allows you to give permissions for any user or group to any disc resource.” (Wikipedia)

Enable ACL on file system

Most likely is that the ACL option is already enabled on your file system but to be sure you can verify using the next command:

#make sure to replace sda2 with the name of your device
tune2fs -l /dev/sda2 | grep options

The output should be:

Default mount options:    user_xattr acl

In order to enable ACL on a file system use tune2fs command:

#make sure to replace sda2 with the name of your device
tune2fs -o acl /dev/sda2

View Linux ACL Permissions

ls command

With ls command you can see if there are any ACL permissions on a file, you will see a ‘+’ sign:

ls -l /folder-file

-rw-rwxr--+ 1 root root 0 Mar 15 05:27 folder-file

Now we use getfacl command to see the ACL permissions.

getfacl command

You can use getfacl to view the current ACL permissions of a file or folder.

getfacl /folder-file

# file: folder-file
# owner: root
# group: root

setfacl command

#setfacl -m u:username:permissions /folder-file
setfacl -m u:bob:rwx /folder-file

#setfacl -m u:uid:permissions /folder-file
setfacl -m u:12345:rwx /folder-file

#setfacl -m g:groupname:permissions /folder-file
setfacl -m g:company:rx /folder-file

#setfacl -m g:gid:permissions /folder-file
setfacl -m g:12345:rx /folder-file

Remove all ACL permissions:

setfacl -b

Remove a specific ACL entry by username, uid, group or gid:

setfacl -x "bob"


Test firewall with netcat


“The nc (or netcat) utility is used for just about anything under the sun involving TCP, UDP, or UNIX-domain sockets.
It can open TCP connections, send UDP packets, listen on arbitrary TCP and UDP ports, do port scanning, and deal with both IPv4 and IPv6. Unlike telnet nc scripts nicely, and separates error messages onto standard error instead of sending them to standard output, as telnet does with some.” (NetCat Manual)

Continue reading

chmod suid sgid sticky bit


Linux chmod has a few options that can make your life a lot easier when managing a shared storage.
The most needed are chmod suid sgid sticky bit.
Also the impact of each one is different between files and folders.

chmod suid sgid sticky bit

SetUID and SetGID

SUID (SetUID) and SGID (SetGID) has different affects when used on files or on folders.

suid and sgid on files

When suid is set on an executable that means the file will run with the owner user permissions when run by a different user.
When used you will have the letter ‘S’ specified in the files permissions.
When you will have a lower-case ‘s’ that means it hides the permission ‘x’ of user so it means ‘t+x”

Apply SUID on ‘’:

chmod u+s

Apply SUID with 777:

chmod 4777

Output SUID with 777:


Output SUID with 677:


When sgid is set on an executable that means the file will run with the owner groups permissions when run by a different user.
When used you will have the letter ‘S’ specified in the files permissions.
When you will have a lower-case ‘s’ that means it hides the permission ‘x’ of group so it means ‘t+x”

Apply SGID on ‘’:

chmod g+s

Apply SGID with 777:

chmod 2777

Output SGID with 777:


Output SGID with 767:


suid and sgid on folders

suid and sgid on folders means inherit permissions for newly created files.
sgid will set the owner group permission of all new files the same as folders owner group.

Linux ignores the suid permission on folders.


“When the sticky bit is set, only the item’s owner, the directory’s owner, or the superuser can rename or delete files.” (Wikipedia)

Sticky_bit is mostly applied to folders, it has a few uses on files but that not in the scope of this tutorial.

When used you will have the letter ‘T’ specified in the folders permissions.
When you will have a lower-case ‘t’ that means it hides the permission ‘x’ of others so it means ‘t+x”

Output sticky bit with 777:


Output sticky bit with 776:


Apply sticky bit to ‘/folder’:

chmod +t /folder

Apply sticky bit with 777:

chmod 1777 /folder


CentOS xrdp HowTo


xrdp is a free open-source remote desktop server for Linux.
Installing xrdp on CentOS might be a little tricky since CentOS repositories does not contain the xrdp package.
Even the EPEL repository (Extra Packages Enterprise Linux) only contains an old version of xrdp.

CentOS xrdp HowTo

Add EPEL repo

First you need to add the EPEL repository that has an older version of xrdp.

rpm -Uvh

Install xrdp from EPEL repo

yum install xrdp -y

Install dependencies

yum install tiger-vncserver autoconf automake libtool openssl-devel pam-devel libX11-devel libXfixes-devel -y

Download and install xrdp from source

Now that you have the older version of xrdp installed you can easily compile the latest version on top of the old one.

Download xrdp from sourceforge to /opt folder.

extract the content of the file

tar -xvzf xrdp-v0.6.1.tar.gz

compile and install xrdp:

cd xrdp-v0.6.1
make install

start xrdp and make sure it is set to run at startup:

service xrdp start
chkconfig xrdp on

Customize xrdp settings

The xrdp service config files are located at ‘/etc/xrdp/’:
We will edit these three:


Remove login options

Edit ‘/etc/xrdp/xrdp/ini’ and delete from xrdp2 block to the end of the file leaving only the xrdp1 option.

Limit access to certain group

Edit ‘/etc/xrdp/sesman.ini’ and change ‘TerminalServerUsers=tsusers’ to the group name you wan to allow access.
If unset or set to an invalid or non-existent group, login for all users is enabled.

Add environment variables

xrdp has a different set of environment variables than regular bash session.
Edit ‘/etc/xrdp/’ and add at the beginning of the file the environment variables you want.
for example add ‘/bin’ and ‘/sbin’ to the PATH variable:

export PATH=$PATH:/bin:/sbin

Set session limits to avoid login failed error

Edit ‘/etc/xrdp/sesman.ini’ and change ‘MaxSessions=10’ to ‘MaxSessions=100’
xCentOS xrdp HowTo


cento tomcat

CentOS Tomcat server installation is easy!

CentOS Tomcat installation

CentOS Tomcat

centos tomcat

“Apache Tomcat is an open source software implementation of the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed under the Java Community Process.” from Tomcat homepage.



  • CentOS 6.x (I haven’t tested this on older versions but it should probably work as well) 

Check your Java installation

before we’ll continue the installation of Tomcat, the JDK (Java Development Kit) should be installed on your CentOS machine. to check for Java support use the command:

java -version


if bash returns ‘command not found‘ then continue to the next step and install the JDK, else skip the step and continue to Tomcat server installation.


Install Java Development Kit (JDK)

To install the jdk we have 2 options:

  1. Install OpenJDK – Using YUM.
  2. Install Oracle JDK – Install manually.

I’ll explore both:

Option 1: Install Open-JDK using YUM

For beginners and testing purposes you should go with this option.

Why should I use the Oracle JDK over the OpenJDK, or vice-versa? [closed]

The command to install JDK using YUM is very simple:

yum install java

yuminstall java

  • Note: use sudo if you are not logged-in with root.
  • the command will install the latest jdk (1.7 as for this date). If you want to install older version use the full name (search using: $ yum search jdk)yum-search-jdk
    You can see you can install the 1.6 version by typing: yum install java-1.6.0

Check you have installed it right:



Option 2: Install JDK manually

Download your required JDK here.

Note: I can’t give you an WGET command to download, because you need to Accept License Agreement before downloading any file.

You can download and install using the RPM or the tar.gz (both with x86 or x64) on your CentOS machine:




In case of our CentOS we can download and install the .rpm file or the .tar.gz file.

RPM can be installed ONLY by the root.
TAR.GZ can be installed be any user on the computer.


Option A: Install using .rpm

make sure to uninstall older installations (if any):

rpm –e <package name>

To install the jdk using the downloaded rpm use the rpm command:

rpm –ivh jdk-7u45-linux-x64.rpm

If you just want to upgrade a package you’ve already installed use the -Uvh parameter.

rpm –Uvh jdk-7u45-linux-x64.rpm

Delete the .rpm file if you want to save disk space.

Read more about installation of Oracle Java on Centos here on ItekBlog


Use alternatives :

alternatives –install /usr/bin/java java /usr/java/latest/jre/bin/java 20000
alternatives –install /usr/bin/javaws javaws /usr/java/latest/jre/bin/javaws 20000


and config your default jdk (if you have more then one) using:


alternatives –config java



Test your environment

Just as in the first step: type java -version to see if your have jdk installed.



Option B: Install using tar.gz

The advantage of tar.gz installation of the JDK is that we can able to install multiple version of java if required.

The archive can be installed by anyone (not only root users), in any location that you can write to. However, only the root user can install the JDK into the system location.

You need to unpack the .tar.gz file (using tar -xzf) into the  the location where you would like the JDK to be installed.

Unpack the tarball and install the jdk:

tar zxvf jdk-7u<version>-linux-i586.tar.gz

Delete the .tar.gz file if you want to save disk space.


Use alternatives :

alternatives –install /usr/bin/java java /path/to/jdk1.7.0_45/bin/java 2
alternatives –config java

read more about installation of jdk in the oracle documentation.

for extended installation tutorial read this post by adam in this blog.


JDK 1.6 vs JDK 1.7

read more on What is the difference between jdk 1.6 and 1.7 ?


Environment Variables


 is a 


 variable (in Unix terminologies), or a PATH variable (in Windows terminology) you need to create to point to where Java is installed. ($JAVA_HOME/bin/java should execute the Java runtime).

Why doesn’t the Java SDK installer set JAVA_HOME?

To set it for your current session type at bash:

export JAVA_HOME=/usr/java/jdk1.7.0_05
export PATH=$PATH:$JAVA_HOME/bin

To set the JAVA_HOME permanently we need to add the commands to the ~/.bash_profile file of the user.
We can also add it /etc/profile and then source it to give to all users.


Test Environment Variables

use the echo command to check you’ve configured the variables:

echo $PATH



Installing Tomcat

After we have java installed and tested we can continue to the installation of the Tomcat server.

Download Tomcat

Since Apache Tomcat is distributed as binaries, all you have to do is to download it and start it.

Download apache-tomcat-x.x.xx.tar.gz (latest version or any) from Apache Tomcat Homepage

I’ll go with the tomcat 8 – tar.gz package.

centos tomcat

centos tomcat

and using command:

cd /usr/share


verify and extract the download using::

md5sum apache-tomcat-8.0.0-RC10.tar.gz
tar xvzf apache-tomcat-8.0.0-RC10.tar.gz

and I have a /usr/share/apache-tomcat-8.0.0-RC10 folder now.


Test Tomcat server

Tomcat by default start on port 8080 you can start the server now by typing at bash:

cd apache-tomcat-8.0.0-RC10



Now Access the tomcat by connecting your server with a web browser on port 8080.



If you cannot access the above Tomcat page, make sure to stop iptables (since CentOS has iptables on by default set to block the Tomcat’s default listening port 8080).

service iptables stop

to permanently disable iptables (NOT RECOMMENDED AT ALL) use:

chkconfig iptables off

Change the Tomcat server port

Locate server.xml in {Tomcat installation folder}/conf/ which is at /usr/share/apache-tomcat-8.0.0-RC10/conf in our case

Find the following:

 <!-- Define a non-SSL HTTP/1.1 Connector on port 8180 -->
    <Connector port="8080" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true" />

and change the 8080 port to your required port.


Start on boot

To start the tomcat service on system boot create the file /etc/init.d/tomcat8 (I am using vi /etc/init.d/tomcat8) and fill it with:

# description: Tomcat Start Stop Restart 
# processname: tomcat 
# chkconfig: 234 20 80 
export JAVA_HOME 
export PATH 
case $1 in 
exit 0

Now set the permissions on the file and the file:

chmod a+x /etc/init.d/tomcat8
chmod a+x /usr/share/apache-tomcat-8.0.0-RC10/bin/

to start/stop/restart the service use:

service tomcat8 start
service tomcat8 restart
service tomcat8 stop

to start the service on boot use:

chkconfig --add tomcat8
chkconfig tomcat8 on

to disable it later you can use off instead of on:

chkconfig tomcat8 off



That’s it! you have your CentOS Tomcat server working and runing… 

DD-WRT set date manually

dd-wrt set date manually

dd-wrt set date manually – In this tutorial I’ll explain how to set the date and time in dd-wrt based routers.


dd-wrt set date manually

My dd-wrt system is dd-wrt v24-sp2 (11/02/09) std
(SVN revision 13064M VINT Eko).

It may not work on your system but I’ll explain the basics so you should be able to find your own way.


dd-wrt set date manually

in dd-wrt set date manually using command-line. you can do this by:

  • SSH to your dd-wrt machine, or
  • use the web interface to run command line

Becuase ssh is not opened by default on all dd-wrt machines I’ll explain how to set the date and time using the second method – using the web interface. but the same command and rules apply also to SSH connection.


Admin Panel

go to your dd-wrt admin managment panel on your browser and view the Administration / Commands page. it may be different in your system version but you should able to find quickly where the Commands page is.

dd-wrt set date

dd-wrt set date


You can use the Date command inside your dd-wrt box to read and set your system time and date.

View current date (NOW)

to view your current date as configured in your dd-wrt machine use the ‘date‘ command.
Just fill the commands input box with ‘date’ and click on the ‘Run Commands‘ button.




dd-wrt set date manually

Here it may be tricky. I’ve found several online blogs and manuals but nothing worked. to set the dd-wrt date manually I’ve succeded with the following command:

date 022720012014

Month Day Hours Minutes Year
02 27 20 01 2014





that’s it. I hope It helped you to configure your dd-wrt set date manually.


CentOS G-WAN server installation instructions

CentOS G-WAN Server

CentOS G-WAN server

G-WAN is a web server with scripts in Asm, C, C++, C#, D, Go, Java, Javascript, Lua, Objective-C, Perl, PHP, Python, Ruby and Scala.

G-WAN better uses CPU Cores
to make the Internet of Things
fly thousand times higher !

Leverage legacy servers and
low-consumption CPUs to
do more with less!

G-WAN works best on Linux distributions like Debian or CentOS, both of which offer ‘Desktop’ and ‘Server’ flavors.


CentOS G-WAN server installation instructions

CentOS G-WAN installation instructions



choose a location for your installation. for demonstration purposes we’ll install G-WAN to /opt

cd /opt
tar -xjf gwan_linux64-bit.tar.bz2; cd gwan_linux64-bit
sudo ./gwan
centos g-wan

centos g-wan

use the 32bit version instead ( if you need.


Then, type http://localhost:8080/ in your browser

centos g-wan

centos g-wan server default homepage

and play with the/gwan/.../csp samples.


Programming Languages

If you want to install more Programming Languages read the FAQ – Setup of Programming Languages

To install all 15 languages using the bash script donated by generous user on many Linux distributions (Debian, LinuxMint, CentOS, Fedora, RedHat, Manjaro, Arch Linux and Bridge) use:

cd /opt
tar -xjf G-WAN_full-install.tar.bz2

The installation menu is available in English, German, French and Spanish!


Service mode

To start G-WAN as a service (make it start automatically at boot time) use this instructions

with one exception for CentOS in the manual:

instead of:

sudo update-rc.d gwan defaults 95 5


sudo chkconfig gwan on

and you don’t need to restart.


What’s next?

check the API and Frequently Asked Questions.

Stackoverflow lists many more examples and will let you search for replies to common questions.


And that’s it. you have G-WAN server.

iptables examples on CentOS


“iptables is a user space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores.
Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames.”

In this tutorial I will give a few essential examples of how to use iptables on CentOS


There are several ways to configure iptables on CentOS.
The simplest way is to use the command system-config-firewall/system-config-firewall-tui, it will help you set up standard rules like Web Server, FTP Server and a few more.
The second way is to use iptables command to edit the configuration – this method is best for testing since it will NOT save the settings until you run the command:

/etc/init.d/iptables save

The third way is to edit the file /etc/sysconfig/iptables and that is what I will show you today.

iptables chains

First we clear the content of /etc/sysconfig/iptables using:

echo > /etc/sysconfig/iptables

Set all the default chains to DROP and save the file:


Now we are ready to insert the necessary rules to our chains.

Stateful configuration

Using a stateful rule to allow all established connections:

#Allow all Established connections
-A INPUT -p all -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p all -m state --state ESTABLISHED -j ACCEPT

Some services requires you to allow related connections (ftp,tftp…):

#Allow all Related connections
-A INPUT -p all -m state --state RELATED -j ACCEPT
-A OUTPUT -p all -m state --state RELATED -j ACCEPT

iptables examples

Allow LocalHost

First we need to insert a rule to allow localhost to communicate:

#All localhost
-A INPUT -i lo -j ACCEPT

Allow Web Browsing

#Out Internet Access
-A OUTPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT

#Out Internet Access SSL
-A OUTPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT

Allow Outgoing SSH

#Out SSH
-A OUTPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT

Allow Incoming SSH

Allow Incoming SSH from a specified subnet/ip address

-A INPUT -p tcp -s --dport 22 -m state --state NEW -j ACCEPT

Allow Incoming SSH from all

-A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT

Allow Incoming Web Server

#In Internet Access Port 80
-A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT

#In Internet Access SSL Port 443
-A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT

Allow DHCP Client

#In/Out DHCP Client
-A INPUT -p udp --sport 67 --dport 68 -j ACCEPT
-A OUTPUT -p udp --sport 68 --dport 67 -j ACCEPT

Allow DHCP Server

#In/Out DHCP Server
-A INPUT -p udp --sport 68 --dport 67 -j ACCEPT
-A OUTPUT -p udp --sport 67 --dport 68 -j ACCEPT

Allow DNS requests

#Out DNS
-A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT

Allow Incoming ping

#In ping
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
-A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

Allow Outgoing ping

#Out ping
-A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT

Allow Zabbix Agent

#In Zabbix Agent
-A INPUT -p tcp --dport 10050 -m state --state NEW -j ACCEPT

Allow Outgoing RDP

#Out RDP
-A OUTPUT -p tcp --dport 3389 -m state --state NEW -j ACCEPT

Allow Incoming RDP Server

-A INPUT -p tcp --dport 3389 -m state --state NEW -j ACCEPT

Allow SMTP Server

-A INPUT -p tcp --dport 25 -m state --state NEW -j ACCEPT

Allow SMTP Client

-A OUTPUT -p tcp --dport 25 -m state --state NEW -j ACCEPT

Allow SMTPs Server

-A INPUT -p tcp --dport 465 -m state --state NEW -j ACCEPT

Allow SMTPs Client

#Out SMTPs
-A OUTPUT -p tcp --dport 465 -m state --state NEW -j ACCEPT

Allow SMTP TLS Server

-A INPUT -p tcp --dport 587 -m state --state NEW -j ACCEPT

Allow SMTP TLS Client

-A OUTPUT -p tcp --dport 587 -m state --state NEW -j ACCEPT

Allow POP Server

-A INPUT -p tcp --dport 110 -m state --state NEW -j ACCEPT

Allow POP Client

#Out POP
-A OUTPUT -p tcp --dport 110 -m state --state NEW -j ACCEPT

Allow POPs Server

#In POPs
-A INPUT -p tcp --dport 995 -m state --state NEW -j ACCEPT

Allow POPs Client

#Out POPs
-A OUTPUT -p tcp --dport 995 -m state --state NEW -j ACCEPT

Allow IMAP Server

-A INPUT -p tcp --dport 143 -m state --state NEW -j ACCEPT

Allow IMAP Client

-A OUTPUT -p tcp --dport 143 -m state --state NEW -j ACCEPT

Allow IMAPs Server

-A INPUT -p tcp --dport 993 -m state --state NEW -j ACCEPT

Allow IMAPs Client

#Out IMAPs
-A OUTPUT -p tcp --dport 993 -m state --state NEW -j ACCEPT

Allow mySQL Server

#In mySQL
-A INPUT -p tcp --dport 3306 -m state --state NEW -j ACCEPT

Allow mySQL Client

#Out mySQL
-A OUTPUT -p tcp --dport 3306 -m state --state NEW -j ACCEPT

Allow NTP Server

-A INPUT -p udp --dport 123 -m state --state NEW -j ACCEPT

Allow NTP Client

#Out NTP
-A OUTPUT -p udp --dport 123 -m state --state NEW -j ACCEPT

Allow rsync

#In rsync
-A INPUT -p tcp --dport 873 -m state --state NEW -j ACCEPT

#Out rsync
-A OUTPUT -p tcp --dport 873 -m state --state NEW -j ACCEPT

Allow rsyslogd

#In rsyslogd
-A INPUT -p tcp --dport 514 -m state --state NEW -j ACCEPT
-A INPUT -p udp --dport 514 -m state --state NEW -j ACCEPT

#Out rsyslogd
-A OUTPUT -p tcp --dport 514 -m state --state NEW -j ACCEPT
-A OUTPUT -p udp --dport 514 -m state --state NEW -j ACCEPT

Allow SAMBA Server

#In Samba
-A INPUT -p udp --dport 137:139 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m multiport --dport 139,445 -m state --state NEW -j ACCEPT

Allow NFS Server

NFS uses random ports on startup so we need to fix the port numbers, add the following lines to ‘/etc/sysconfig/nfs’:


-A INPUT -p tcp -m multiport --dport 111,662,875,892,2020,2049,20049,32803 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m multiport --dport 111,662,875,892,2020,2049,20049,32769 -m state --state NEW -j ACCEPT

Allow TFTP Server

TFTP needs an iptables module called “nf_conntrack_tftp”, edit ‘/etc/sysconfig/iptables-config’ and make sure you have:


-A INPUT -p tcp --dport 69 -m state --state NEW -j ACCEPT
-A INPUT -p udp --dport 69 -m state --state NEW -j ACCEPT

#You also need to allow related OUTPUT
-A OUTPUT -p all -m state --state RELATED -j ACCEPT

Allow Routing

Allow routing between Network-1 to Network-2 using 2 different NICs:

#Allow routing from eth0 to eth1
-A FORWARD -i eth0 -o eth1 -j ACCEPT

Specify port range

For example allow all communication from ports 100-200 to ports 200-300:

-A OUTPUT --sport 100:200 --dport 200:300 -j ACCEPT

Speciy IP Address range

IP Address range requires the ‘iprange’ module,
For example allow all communication to and from

-A OUTPUT -m iprange --dst-range -j ACCEPT
-A INPUT -m iprange --src-range -j ACCEPT


VMWare Workstation start on boot CentOS

SSL handshake failed: SSL error: Key usage violation in certificate has been detected CentOS

SSL handshake failed: SSL error: Key usage violation in certificate has been detected CentOS


SSL handshake failed: SSL error: Key usage violation in certificate has been detected.

SSL handshake failed: SSL error: Key usage violation in certificate has been detected CentOS.

SSL handshake failed: SSL error: Key usage violation in certificate has been detected CentOS.



You may experience the issue if both of the following conditions are met:

  • VisualSVN Server has a self-signed certificate applied and
  • Subversion client is built against the GnuTLS library.

GnuTLS library is an open-source alternative to OpenSSL. Most Subversion clients for Windows are built against OpenSSL and are not affected by this issue. While some Subversion packages (available mostly on Linux-based operating systems – The subversion that comes with EL 6 is linked against GnuTLS which is a change from older releases which linked against OpenSSL) are built against GnuTLS and are affected.

The server is using an SSL cert was created with the ‘key usage’ extension, and the client is using the gnutls SSL library which doesn’t understand the extension. The solution is either to have the client use the openssl library or to have the server use a cert that doesn’t use the ‘key usage’ extension.

It’s recommended to fix the issue on your server side, but you can workaround it from the client side too.


Fix (Server side)

Here is what say:

It’s not recommended to use a self-signed certificate in a production environment. We advise to use a certificate issued by your domain or a third-party certificate authority instead of a self-signed one.

If you have to use a self-signed certificate please follow the instruction to generate a cerificate without specifying ‘Key Usage’ extension:

Add the following registry value to the Windows registry:

for 32-bit system:


for 64-bit system:


Start VisualSVN Server Manager.
Go to Action | Properties | Certificate.
Click Change certificate… and follow the wizard instructions to generate a new self-signed certificate.

The certificate will be generated without the ‘Key Usage’ extension and will be compatible both with GnuTLS and OpenSSL.


Fix (Client side)

The options for client side fix are:


That’s it.

VMWare Workstation start on boot CentOS

VMWare Workstation start on boot CentOS

vmware workstation start on boot centos

If you are like me, using VMWare workstation on Linux (CentOS 6.4), and you want to start your virtual machines on boot, I have the answer.


  • CentOS 6.x. – although the vmrun command may be working in other distributions too.
  • VMWare Workstation 4.0+


 VMWare Workstation start on boot CentOS

VMWare Workstation start on boot CentOS


The Solution

Edit rc.local

add to the end of the following file:


the following:

vmrun -T ws start /path/to/machine.vmx nogui

create new line for each machine you want to start on boot.


that’s it! that how you run vmware workstation start on boot centos


That’s it.