A dual wan pfSense firewall allows you to increase your internet bandwidth. You can load balance traffic as per your needs. You can get internet connection redundancy and failover. If one connection goes down, your traffic will be routed automatically to a backup link. One can configure SMTP e-mail notifications with pfSense. This page shows how to configure SMTP settings to send notification e-mails.

How to send SMTP email notification

To send e-mails from pfSense firewall one need access to an SMTP server. Most SMTP servers are password protected for security reasons and to avoid spam issues. The easiest way is to use your personal Gmail account. Another option is to use any cloud-based SMTP server that allows you to send the email. Configuring SMTP e-mail notifications is easy provided that you have SMTP server information.

How to configure SMTP e-mail notifications

The steps are as follows for pfSense email notification:

  1. Login to pfSense web admin panel such as https://192.168.2.254/
  2. Click on the System > Advanced.
  3. Choose the Notifications tab.
  4. Set the E-Mail server settings such as an IP address or FQDN, SMTP port, Enable SMTP over SSL/TLS, SMTP username and password
  5. Configure Notification E-Mail auth mechanism as per your serivce provider
  6. Save the changes.

Example: Configure pfSense email notification with Google Gmail SMTP

Gmail (SMTP) Server settings are as follows:

  • Server name: smtp.gmail.com
  • Requires SSL: Yes
  • Requires TLS: Yes (if available)
  • Requires Authentication: Yes
  • Port for TLS/STARTTLS: 465
  • Username: Your gmail address (such as ActualEmailID@gmail.com)
  • Password: Your gmail password (Use an App Password: If you use 2-Step Verification for gmail, you must signing in with an app password. Normal password won’t work as 2FA will block access to it.)

Configuring pfSense email notification with Amazon Simple Email Service (SES)

In a corporate environment, you might be using something like a cloud-based email service or your SMPT service. In this example, I am going to show how to use AWS SESto send corporate emails to network or sysadmins who are responsible for managing your pfsense based firewall:

  • E-Mail server: email-smtp.us-west-2.amazonaws.com
  • SMTP Port of E-Mail server: 465
  • Secure SMTP Connection: Enable SMTP over SSL/TLS
  • From e-mail address: email-id-as-per-ses@nixcraft.com
  • Notification E-Mail address: somewhere@nixcraft.com
  • Notification E-Mail auth username: Your SES user name
  • Notification E-Mail auth password: Your SES password for SMTP authentication
  • Notification E-Mail auth mechanism: PLAIN
  • Test and save the settings

Conclusion

You just learned pfSense email notification configuration to send notification e-mails when WAN connection goes down. It will also send you other notification when an alert happen. Sending e-mails from pfSense needs access to an SMTP server such as Gmail smtp or cloud based SMTP service.

Introduction: Nginx is a free and open source web server. Nginx has a service for sending web pages over the Internet. You can send static or dynamic web pages generated by PHP. Nginx is well known for high-performance HTTP, HTTPS and reverse proxy server. It provides a simple configuration and uses low resources on the server. It is an excellent alternative to Apache server.

Install and Configure Nginx on Ubuntu Linux 18.04

The procedure to install Nginx on Ubuntu 18.04 LTS is as follows:

  1. Update the system using apt command
  2. Install Nginx on Ubuntu using apt install nginx
  3. Configure Nginx server
  4. Enable and restart Nginx server

Step 1. Login to your server using the ssh command

$ ssh user@server
$ ssh vivek@server1.cyberciti.biz

Step 2. Find out your Ubuntu Linux server IP address

Type the following ip command:
$ ip show
$ ip addr show

Step 3. Install Nginx on Ubuntu Linux 18.04 LTS

$ sudo apt update
$ sudo apt upgrade
$ sudo apt install nginx

Step 4. commands to start/stop/restart Nginx server on Ubuntu

Enable Nginx server at boot time using the systemctl command:
$ sudo systemctl enable nginx
Start Nginx server using the systemctl command:
$ sudo systemctl start nginx
Restart Nginx server using the systemctl command:
$ sudo systemctl restart nginx
Stop Nginx server using the systemctl command:
$ sudo systemctl stop nginx
Reload Nginx server using the systemctl command:
$ sudo systemctl reload nginx
Get status of Nginx server using the systemctl command:
$ sudo systemctl status nginx

Step 5. Open port 80 and 443 using UFW on Ubuntu Linux (firewall config)

UFW is an acronym for uncomplicated firewall. It is used for managing a Linux firewall and aims to provide an easy to use interface for the user. To open port 80 (HTTP) and HTTPS (443), run:
$ sudo ufw allow https comment 'Open all to access Nginx port 443'
$ sudo ufw allow http comment 'Open access Nginx port 80'
$ sudo ufw allow ssh comment 'Open access OpenSSH port 22'
$ sudo ufw enable

Verify it:
$ sudo ufw status

Introduction: It is pretty standard to update a large number of cloud servers or bare metal server using Ansible IT automation or DevOps tool. When new kernel installed, you must reboot the Debian or Ubuntu Linux server. This page shows how to reboot the machine using shell or command module and wait for it to come back.

Ansible modules you need to use

  1. apt – Manages apt packages for Debian/Ubuntu Linux such as install a new package or update package.
  2. command or shell – Execute commands in nodes using shell module. Executes a command on a remote node using command module. Use any one of the module to reboot the box when kernel updated.
  3. wait_for_connection – Waits until remote system is reachable/usable.

Ansible reboot a Debian/Ubuntu Linux for kernel update and wait for it

Let us see how to use these tree Ansible modules to reboot a Debian/Ubuntu Linux kernel update and wait for it to come back online again.

Update your Debian or Ubuntu box in Ansible

The playbook should be as follows:

      - name: Update all packages
        apt:
            update_cache: yes
            upgrade: dist

Conclusion

You just learned how to reboot a Debian or Ubuntu Linux server remotely using an Ansible playbook and wait for it to continue operation. 

How to send SMTP email notification

To send e-mails from pfSense firewall one need access to an SMTP server. Most SMTP servers are password protected for security reasons and to avoid spam issues. The easiest way is to use your personal Gmail account. Another option is to use any cloud-based SMTP server that allows you to send the email. Configuring SMTP e-mail notifications is easy provided that you have SMTP server information.

How to configure SMTP e-mail notifications

The steps are as follows for pfSense email notification:

  1. Login to pfSense web admin panel such as https://192.168.2.254/
  2. Click on the System > Advanced.
  3. Choose the Notifications tab.
  4. Set the E-Mail server settings such as an IP address or FQDN, SMTP port, Enable SMTP over SSL/TLS, SMTP username and password
  5. Configure Notification E-Mail auth mechanism as per your serivce provider
  6. Save the changes.

Example: Configure pfSense email notification with Google Gmail SMTP

Gmail (SMTP) Server settings are as follows:

  • Server name: smtp.gmail.com
  • Requires SSL: Yes
  • Requires TLS: Yes (if available)
  • Requires Authentication: Yes
  • Port for TLS/STARTTLS: 465
  • Username: Your gmail address (such as ActualEmailID@gmail.com)
  • Password: Your gmail password (Use an App Password: If you use 2-Step Verification for gmail, you must signing in with an app password. Normal password won’t work as 2FA will block access to it.)

Configuring pfSense email notification with Amazon Simple Email Service (SES)

In a corporate environment, you might be using something like a cloud-based email service or your SMPT service. In this example, I am going to show how to use AWS SESto send corporate emails to network or sysadmins who are responsible for managing your pfsense based firewall:

  • E-Mail server: email-smtp.us-west-2.amazonaws.com
  • SMTP Port of E-Mail server: 465
  • Secure SMTP Connection: Enable SMTP over SSL/TLS
  • From e-mail address: email-id-as-per-ses@nixcraft.com
  • Notification E-Mail address: somewhere@nixcraft.com
  • Notification E-Mail auth username: Your SES user name
  • Notification E-Mail auth password: Your SES password for SMTP authentication
  • Notification E-Mail auth mechanism: PLAIN
  • Test and save the settings

Conclusion

You just learned pfSense email notification configuration to send notification e-mails when WAN connection goes down. It will also send you other notification when an alert happen. Sending e-mails from pfSense needs access to an SMTP server such as Gmail smtp or cloud based SMTP service.

Introduction: There are two methods to install Microsoft Windows 10 enterprise, pro or LTSB ( long-term servicing branch) on a USB pen drive. The first method includes installing an app called woeusbgui and writing an ISO image using that app to the USB pen drive. The second method use a bash shell script. The third method involves typing the various command at the Linux shell prompt and recommended for advanced users. Let us see how to create a bootable Windows 10 enterprise or LTSB USB in Linux with the CLI and GUI methods. You need the following:

  1. Linux distro such as Debian or Ubuntu or Linux mint
  2. Windows 10 enterprise/ltsb client ISO (download link). The following instuctions should work with Windows 7/8/10 pro or home edition too.
  3. woeusb and releated commands from source code
  4. GNU compiler collection
  5. A USB pen drive (usb hard disk or usb stick) with at 4 Gb or more free disk space

Method 1. Create a Bootable Windows 10 USB in Linux with woeusbgui GUI app

This method is recommended for all new Linux users as it requires less typing at the CLI and easy to use. WoeUSB is a simple Linux program to create a Windows 10 USB stick installer from a real Windows DVD or ISO image. From the Github page:

WoeUSB is a simple tool that enable you to create your own usb stick windows installer from an iso image or a real DVD. It is a fork of Congelli501’s WinUSB. This package contains two programs:

  1. woeusb: A command-line utility that enables you to create your own bootable Windows installation USB storage device from an existing Windows Installation disc or disk image
  2. woeusbgui: A GUI wrapper of woeusb based on WxWidgets

It supports Windows Vista, Windows 7, Window 8.x, Windows 10. All languages and any version (home, pro, ltsb, …) and Windows PE.

Method 2. Bash shell script to create a bootable Windows 10 USB device from one ISO file

Install it as follows from the Github:
sudo apt install extlinux
mkdir ~/bin/
cd ~/bin/
curl -L https://git.io/bootiso -O
chmod +x bootiso

To list your usb pen drive run:
~/bin/bootiso -l
To write create a bootable Windows 10 USB from an ISO image named ~/Downloads/win-10-ltsb.iso, run:
~/bin/bootiso -p ~/Downloads/win-10-ltsb.iso
~/bin/bootiso ~/Downloads/win-10-ltsb.iso

Method 3. Create a Bootable Windows 10 USB in Linux with CLI apps only

First you need to install a tool called ms-sys. It is a Linux cli app for writing Microsoft compatible boot records. This program does the same as Microsoft “fdisk /mbr” to a hard disk except that it does not copy any system files, only the boot record written.

Download and install ms-sys

Grab the latest version from this page. Use the wget command or curl command to grab the file:
cd /tmp/
wget https://nchc.dl.sourceforge.net/project/ms-sys/ms-sys%20development/2.5.2/ms-sys-2.5.2.tar.gz

Untar the tar ball named ms-sys-2.5.2.tar.gz using the tar command:
tar -zxvf ms-sys-2.5.2.tar.gz
If you do not have gnu gcc c/c++ compiler installed on a Debian or Ubuntu Linux, install it using the apt command or apt-get command:
sudo apt install build-essential
See the following links for more info:

  • Debian Linux Install GNU GCC Compiler and Development Environment
  • Ubuntu Linux Install GNU GCC Compiler and Development Environment

Build and install it:
cd ms-sys-2.5.2
make
sudo make install

Conclusion

And there you have it. You just created a Windows 10 bootable USB stick on Linux using two different methods. Creating a Microsoft bootable Windows 10 USB stick from Linux is very simple, and I hope it helps you manage your enterprise workload without leaving Linux desktop.

Linux copy and clone USB stick command

dd command used for copy a file, converting and formatting according to the operands. The procedure clone a USB stick including partitions is as follows on Linux:

  1. Insert USB disk/stick or pen drive
  2. Open the terminal application
  3. Find out your USB disk/stick name using the lsblk command
  4. Run dd command as: dd if=/dev/usb/disk/sdX of=/path/to/backup.img bs=4M

Let us see all commands in details.

Copy and clone a USB stick including partitions on Linux

Naturally, the first step is to find out your USB stick name on Linux. Selecting the wrong device name can result in data loss.

Find USB disk name on Linux

Simply run the dmesg command after inserting the USB stick or key:
$ dmesg
Filter out info using the grep command:
$ dmesg | grep -i usb
$ dmesg | grep -i 'attached'

Use dd command to copy and clone a usb stick on Linux

The syntax is as follows:
dd if=/dev/sdX of=/path/to/file.img bs=SIZE
To clone a usb stick named /dev/sdb to ~/usb-opensuse-current.img, run:
$ sudo dd if=/dev/sdv ~/usb-opensuse-current.img bs=4M
You can show progress copy bar with status option for the dd command:
$ sudo dd if=/dev/sdv ~/usb-opensuse-current.img bs=4M status=progress

Conclusion

You just learned how to clone a USB stick including partitions on Linux operating system using the dd command. For more info see man pages by typing the following man command:
man dd
man lsblk
man dmesg
man fdisk

Introduction: LVM is an acronym for Logical Volume Manager. LVM is a device mapper that provides logical volume management for the Linux kernel. You can access LVM partitions from an external USB hard disk or second hard disk installed in your system. This page shows how to mount an LVM partition or volume on Linux using the CLI.

Linux mount an LVM volume

If lvm2 not installed on your system, install it as per your Linux distro.

Fedora Linux install lvm

Use the dnf command:
$ sudo dnf install lvm2

CentOS/RHEL/Oracle Linux install lvm

Type the yum command:
$ sudo yum install lvm2

Debian/Ubuntu Linux install lvm

Try apt command or apt-get command:
$ sudo apt install lvm2

How to mount LVM partition in Linux

The procedure to mount LVM partition in Linux as follows:

  1. Run vgscan command scans all supported LVM block devices in the system for VGs
  2. Execute vgchange command to activate volume
  3. Type lvs command to get information about logical volumes
  4. Create a mount point using the mkdir command
  5. Mount an LVM volume using sudo mount /dev/mapper/DEVICE /path/to/mount

Let us see all steps in details to mount LVM volume on Ubuntu Linux.

How to mount an LVM volume

Type the following command to find info about LVM devices:
$ sudo vgscan
OR
$ sudo vgscan --mknodes

Above output indicates that I have “fedora_localhost-live” LVM group. To activate it run:
$ sudo vgchange -ay
OR
$ sudo vgchange -ay fedora_localhost-live

You can run the following command to list it:
$ sudo lvdisplay
OR
$ sudo lvs

Mount an LVM partition

Create a mount point using the mkdir command:
$ sudo mkdir -vp /mnt/fedora/{root,home}

Mount both home and root logical volume from LV path using the following syntax:
$ sudo mount {LV_PATH} /path/to/mount/point/
$ sudo mount /dev/fedora_localhost-live/home /mnt/fedora/home
$ sudo mount /dev/fedora_localhost-live/root /mnt/fedora/root

Update /etc/fstab

Update /etc/fstab file if you want a logical volume to be mounted automatically on boot:
/dev/mapper/fedora_localhost--live-root /mnt/fedora/root ext4 defaults 0 0
/dev/mapper/fedora_localhost--live-home /mnt/fedora/home ext4 defaults 0 0

Conclusion

You just learned various steps to access an LVM from Linux based system.

Introduction: sshd (OpenSSH Daemon or server) is the daemon program for ssh client. It is a free and open source ssh server. ssh replaces insecure rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network such as the Internet. Ubuntu Desktop and minimal Ubuntu server do not come with sshd installed. However, you can easily install SSH server in Ubuntu using the following steps.

How to install SSH server in Ubuntu

The procedure to install a ssh server in Ubuntu Linux is as follows:

  1. Open the terminal application for Ubuntu desktop.
  2. For remote Ubuntu server you must use BMC or KVM or IPMI tool to get console access
  3. Type sudo apt-get install openssh-server
  4. Enable the ssh service by typing sudo systemctl enable ssh
  5. Start the ssh service by typing sudo systemctl start ssh
  6. Test it by login into the system using ssh user@server-name

Let us see all Ubuntu OpenSSH server installation steps in details.

1. Login to remote server using bmc/ipmi/kvm over IP (optional)

I am using OpenPOWER based system called Talos II from Raptor Computing Systems. It is a PowerPC (ppc/ppc64le) based architecture. After a fresh installation of Ubuntu Linux (ppc64le), I found does not come with SSH server installed by default. So here is how to login to bmc server to gain access to the serial console:
$ ssh root@power9-bmc
Run obmc-console-client to get console access to the Ubuntu server console:
# obmc-console-client

2. Ubuntu Linux install OpenSSH server

First update the system using the apt command or apt-get command:
$ sudo apt update
$ sudo apt upgrade

To install openssh-server package, run:
$ sudo apt install openssh-server

3. Verify that ssh service running

Type the following systemctl command:
$ sudo systemctl status ssh

If not running enable the ssh server and start it as follows:
$ sudo systemctl enable ssh
$ sudo systemctl start ssh

4. Configure firewall and open port 22

You must configure the Ubuntu Linux firewall called ufw. Here is how open or allow port 22 when using ufw on Ubuntu:
$ sudo ufw allow ssh
$ sudo ufw enable
$ sudo ufw status

5. Test it

Now you can login from your desktop computer powered by Linux, *BSD, macOS, MS-Windows (putty client) or Unix-like system using the ssh command:
$ ssh vivek@server-ip
$ ssh vivek@power9

Conclusion

In this tutorial, you learn how to install the OpenSSH server application at a terminal prompt. Although instructions tested for Power9 (ppc64le) architecture, they should work on Intel AMD64 or ARAM64 server as well.

Introduction: VNC is an acronym for Virtual Network Computing. It is nothing but a Linux desktop sharing system or set of protocols for sharing desktop. One can use VNC to control or access Linux based desktop remotely. VNC works on client-server principal. There are many implementations of the VNC protocol for Linux or Unix like systems. Some typical examples are TigerVNC, TightVNC, Vino (default for Gnome desktop), x11vnc, krfb (default for KDE desktop), vnc4server and more. This page shows how to install and configure TigerVNC on Ubuntu 18.04 LTS Linux based system to get access to full Gnome 3 desktop.

Most common VNC application

  • Remote technical support
  • Access files from home computer or work computer stored on a remote server
  • Access remote Linux desktop stored in the cloud-based system
  • Troubleshooting server issues. One can control Linux server or desktop when networking service is down. All you need is out of band management with an embedded VNC server in BMC.

How to install and configure TigerVNC server on Ubuntu 18.04 LTS

The procedure to install and configure VNC server on Ubuntu Linux is as follows:

  1. Login to remote Ubuntu server using ssh command
  2. Install the desktop environment such as Gnome or XFCE4 using apt command
  3. Install and configure the TigerVNC server
  4. Connect to VNC server from your desktop using SSH and vnc client

Install Gnome 3 desktop

Type the following command to install Ubuntu Linux desktop:
$ sudo apt install ubuntu-gnome-desktop
$ sudo systemctl enable gdm
$ sudo systemctl start gdm

How to configuring Gnome 3 Desktop environment to use with VNC

You need to create a file name ~/.vnc/xstartup using a text editor such as vim command or nano command:
$ vi ~/.vnc/xstartup

How to start TigerVNC server

$ vncserver
One can setup desktop bit depth such as 8, 16, 24, 32 and Desktop geometry in {width}x{height} as follows:
$ vncserver -depth {8|16|24|32} -geometry {width}x{height}
$ vncserver -depth 32 -geometry 1680x1050

Verify it with the ss command and pgrep command/egrep command:
$ pgrep Xtigervnc
$ ss -tulpn | egrep -i 'vnc|590'

Conclusion

You just learned how to install and configure TigerVNC server on Ubuntu 18.04 LTS or 18.10. You need to make the communication secure using ssh. Finally, you connected to VNC server using SSH tunnel.

Introduction: Nginx is a free and open source web server. Nginx has a service for sending web pages over the Internet. You can send static or dynamic web pages generated by PHP. Nginx is well known for high-performance HTTP, HTTPS and reverse proxy server. It provides a simple configuration and uses low resources on the server. It is an excellent alternative to Apache server.

Install and Configure Nginx on Ubuntu Linux 18.04

The procedure to install Nginx on Ubuntu 18.04 LTS is as follows:

  1. Update the system using apt command
  2. Install Nginx on Ubuntu using apt install nginx
  3. Configure Nginx server
  4. Enable and restart Nginx server

Step 1. Login to your server using the ssh command

$ ssh user@server
$ ssh vivek@server1.cyberciti.biz

Step 2. Find out your Ubuntu Linux server IP address

Type the following ip command:
$ ip show
$ ip addr show

Step 3. Install Nginx on Ubuntu Linux 18.04 LTS

$ sudo apt update
$ sudo apt upgrade
$ sudo apt install nginx

Step 4. commands to start/stop/restart Nginx server on Ubuntu

Enable Nginx server at boot time using the systemctl command:
$ sudo systemctl enable nginx
Start Nginx server using the systemctl command:
$ sudo systemctl start nginx
Restart Nginx server using the systemctl command:
$ sudo systemctl restart nginx
Stop Nginx server using the systemctl command:
$ sudo systemctl stop nginx
Reload Nginx server using the systemctl command:
$ sudo systemctl reload nginx
Get status of Nginx server using the systemctl command:
$ sudo systemctl status nginx

Step 5. Open port 80 and 443 using UFW on Ubuntu Linux (firewall config)

UFW is an acronym for uncomplicated firewall. It is used for managing a Linux firewall and aims to provide an easy to use interface for the user. To open port 80 (HTTP) and HTTPS (443), run:
$ sudo ufw allow https comment 'Open all to access Nginx port 443'
$ sudo ufw allow http comment 'Open access Nginx port 80'
$ sudo ufw allow ssh comment 'Open access OpenSSH port 22'
$ sudo ufw enable

Verify it:
$ sudo ufw status

Step 6. Verify Nginx is working on Ubuntu 18.04 LTS

Your web server is up and running. It is time to test it. Use the IP address gathered in step # 2. Fire a web browser and type the URL:
http://10.105.28.46/
OR use public IP address:
http://104.200.23.232/

Step 7. Configure Nginx server

Create a user to store web pages

Lock down the Linux user account using the passwd command:
$ sudo passwd -l www-pubcms
passwd: password expiry information changed.

Make a directory to store web pages using the mkdir command

$ sudo mkdir -v /home/lighttpd/http/

Conclusion

And there you have it, Nginx server installed and configured on an Ubuntu Linux 18.04 LTS server. In the second part of the series, you would learn about configuring HTTPS (SSL/TLS certificates) server for security reasons. 

This entry is 1 of 2 in the Linux, Nginx, MySQL, PHP (LEMP stack) in Ubuntu 18.04 LTS Tutorial series. Keep reading the rest of the series:

  1. Install and Configure Nginx on Ubuntu Linux 18.04 LTS
  2. Secure Nginx with Let’s Encrypt on Ubuntu 18.04 with DNS Validation