Thursday, September 16, 2010

ufw - Uncomplicated Firewall

The default firewall configuration tool for Ubuntu is ufw. Developed to ease iptables firewall configuration, ufw provides a user friendly way to create an IPv4 or IPv6 host-based firewall.

ufw by default is initially disabled. From the ufw man page:

ufw is not intended to provide complete firewall functionality via its command interface, but instead provides an easy way to add or remove simple rules. It is currently mainly used for host-based firewalls.

The following are some examples of how to use ufw:

  • First, ufw needs to be enabled. From a terminal prompt enter:

    sudo ufw enable     
  • To open a port (ssh in this example):

    sudo ufw allow 22     
  • Rules can also be added using a numbered format:

    sudo ufw insert 1 allow 80     
  • Similarly, to close an opened port:

    sudo ufw deny 22     
  • To remove a rule, use delete followed by the rule:

    sudo ufw delete deny 22     
  • It is also possible to allow access from specific hosts or networks to a port. The following example allows ssh access from host to any ip address on this host:

    sudo ufw allow proto tcp from to any port 22     

    Replace with to allow ssh access from the entire subnet.

  • Adding the --dry-run option to a ufw command will output the resulting rules, but not apply them. For example, the following is what would be applied if opening the HTTP port:

     sudo ufw --dry-run allow http     
    *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ###  ### tuple ### allow tcp 80 any -A ufw-user-input -p tcp --dport 80 -j ACCEPT  ### END RULES ### -A ufw-user-input -j RETURN -A ufw-user-output -j RETURN -A ufw-user-forward -j RETURN -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT]: " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT Rules updated     
  • ufw can be disabled by:

    sudo ufw disable     
  • To see the firewall status, enter:

    sudo ufw status     
  • And for more verbose status information use:

    sudo ufw status verbose     
  • To view the numbered format:

    sudo ufw status numbered     

If the port you want to open or close is defined in /etc/services, you can use the port name instead of the number. In the above examples, replace 22 with ssh.

This is a quick introduction to using ufw. Please refer to the ufw man page for more information.

ufw Application Integration

Applications that open ports can include an ufw profile, which details the ports needed for the application to function properly. The profiles are kept in /etc/ufw/applications.d, and can be edited if the default ports have been changed.

  • To view which applications have installed a profile, enter the following in a terminal:

    sudo ufw app list     
  • Similar to allowing traffic to a port, using an application profile is accomplished by entering:

    sudo ufw allow Samba     
  • An extended syntax is available as well:

    ufw allow from to any app Samba     

    Replace Samba and with the application profile you are using and the IP range for your network.


    There is no need to specify the protocol for the application, because that information is detailed in the profile. Also, note that the app name replaces the port number.

  • To view details about which ports, protocols, etc are defined for an application, enter:

    sudo ufw app info Samba     

Not all applications that require opening a network port come with ufw profiles, but if you have profiled an application and want the file to be included with the package, please file a bug against the package in Launchpad.

Wednesday, August 18, 2010

Make Linux faster

With just a few tweaks, your Linux box can be lighter, sprightlier and quicker than ever before. Read on for the best ways to speed up your boot sequence, optimise KDE and Gnome, and get better performance from your favourite apps. We've also got some top tips from our favourite free software gurus...

Gone are the days when you could make a cup of tea and drink it in the time it takes your computer's operating system to boot (with one notable exception). On that basis, you might think that your Linux machines are already performing at the fastest possible speed, right?

Sadly, this is not always the case. Communities developing mainstream Linux distributions have to appeal to the widest possible audience and ensure compatibility with the widest range of hardware. This means that someone running a mainstream distro on a netbook or a low-end PC may well be using many of the same settings as someone with a high-end gaming machine. But it doesn't have to be this way!

With just a few tweaks and some experimentation, your Linux system can realise your machine's untapped potential. Do you have a dual-core processor? Take advantage of this by running boot processes in parallel. Do you have more memory than you know what to do with? You could try caching data in memory rather than swapping space for faster access.

The great strength of everyone's favourite free OS is that it can be customised from the ground up, so Linux is the ideal tool to tailor to your needs. But once you have an ultrafast system, how can you become more productive? We've consulted prominent members of the free software community for their favourite tips that make their systems more productive - and they could do the same for you.

Make Linux boot faster

Any productive machine needs to be up and running as soon as possible, and a sluggish boot can hinder your efforts – which is why boot times were the first thing we thought about improving. One word of warning before you begin: we recommend that you make a backup before you make these alterations, as a bug in your bootloader can render your Linux box unbootable!

Remove the timeout

You may notice that each time you boot there's a small count-down from three to zero, which is great if you regularly select a different OS or Linux kernel at boot time, but useless if you always boot into the same distro. Fortunately, it's easy to remove by opening /boot/grub/menu.lst in a text editor with root permissions and finding the line showing:


Once you've found it, change the value to zero. Save and exit then reboot and you should notice you have just knocked three seconds off your boot time.

Improve disk performance

If you have a DMA-compatible (Direct Memory Access) hard drive, you can increase data throughput threefold with a simple tweak. This will improve boot times because read times will be reduced, and overall performance will increase whenever the hard disk is accessed.

Start by installing hdparm through your package manager, then fire up a root terminal and type: hdparm -d1 /dev/hda1replacing /dev/hda1 with the location of your boot partition to increase startup times or the root partition to increase general performance. Gnome users can have this run automatically each startup by heading to System > Administration > Services. You can then add this line as an entry with gksudo at the start to ensure it runs with root permissions without requiring additional authentication.

Run boot processes in parallel

Parallelism can lead to big performance boosts, because running two processes at once will take half the time of running them sequentially (at least in theory). You can take advantage of this technique in Grub by firing up /etc/init.d/rc in a text editor with root permissions and finding the following line:


You would then replace none with shell before saving and closing your text editor. When you reboot you should see a noticeable decrease in your boot times (around one or two seconds in most cases). If you don't see an increase, this is because this tweak is aimed primarily at systems with multi-core processors. If you have a solo-core processor you could actually increase your boot time if you use this tweak, which was the case with our test system where we saw a 2.4-second increase.

You could edit a text file and restart your machine to profile your system, or just click a few buttons in Grub.

Optimise memory

One great way to improve performance is to define how swap space is used. A swap partition is where the Linux kernel caches data in virtual memory to quickly swap into RAM as and when it's needed. A dedicated partition isn't compulsory, but the space is also used to store your machine state if you choose to hibernate. The effects of this tip depend on your system and whether you have a swap partition, but if you have plenty of RAM you'll find that reducing swappiness will give you a noticeable performance boost.

This will allow the kernel to cache data in memory for faster access and reduces the amount of data being swapped in and out of swap space at any given time. Simply open /etc/sysctl.conf in a text editor with root permissions, then append the following line to the bottom of the file:


(You will need to restart the session in order for your changes to take effect.) You can tweak this value to see how performance improves. The lower the value, the less you use swap space and the more data is cached to memory. This was the value that seemed to work best with our test system using 512MB RAM. However, this tip isn't just restricted to systems with large amounts of memory - systems with 256MB of RAM or less may see a performance boost if swappiness is increased, as this will cache more data to swap space and free up more memory for day-to-day applications.

The precise values vary from system to system so this will require some trial and error, especially as reading data from swap space still takes longer than reading it from memory, but the end results are usually worth the effort.

Speed up ext3

You can gain some significant performance benefits by enabling write-back operation in ext3. This tweak isn't restricted to systems running KDE, but it is disabled by default in almost every distro. This is primarily because older hard drives don't support this feature, though newer hard drives can achieve a minor speed boost. This won't affect your day-to-day disk operations, so it is not recommended you try this tweak on a typical home system, but you will see an improvement for the high intensity disk operations that are typically the preserve of servers.

After making a back up of the file, open /etc/fstab in a text editor with root permissions and look for a line with the following section of text:


and replace it with this:


If there is no text either side of this snippet, you have done it wrong! Save and exit this file then open /boot/grub/menu.lstand find the following two lines:

# defoptions quiet splash #altoptions=(recoverymode) single

They won't be next to each other, but once you find them append the following at the end of both those lines:


then save and exit. Open up a root terminal and run update grub. You then have the option of simply restarting to apply these changes to your file system, or you can apply them on the fly by installing tune2fs from your package manager. If you choose the latter option you would then type the following into a root terminal:

tune2fs -o journal_data_writeback /dev/hda1

substituting /dev/hda1 with your root partition. Be warned: write-back mode puts you at a little risk of losing data if you machine suddenly powers off, ie if you kick the power cord out, if there's a major system crash or if you get a general power outage

Optimise Gnome

Along with KDE, Gnome is one of the two most widely used desktop environments in the Linux ecosystem, but it's quickly being overtaken by Xfce and other more lightweight alternatives when it comes to performance and speed. However, with just a few of our tweaks, Gnome can keep up with the rest of the pack...

Install preload

Preload is a daemon that analyses what you do on a day-to-day basis and fetches the binaries and files you're most likely to need to boost startup times and general performance. In Ubuntu you just need to search for 'preload' in the package manager, but on other distros it's worth checking that the service is running. To activate the service, type:

service preload on

After enabling automatic login and installing preload we initiated two restarts on our test machine to give the daemon a chance to monitor the startups. After comparing the two times, we found that preload had trimmed a second off the time it took to get a usable desktop. This doesn't sound a lot, but if it's used in conjunction with your new fast boot time then it's well worth the effort.

Enable automatic login

Yes, we know we're always telling you how important security is, but if you live on your own in a castle that doesn't have internet access then you're probably safe to enable automatic logins. The time saved is the time it would otherwise take you to type your password.

The GUI method is by far the easiest. Simply head to System > Administration > Login Window. After authenticating yourself, head to the Security tab and check the box next to Automatic Login. You can then choose from the list of users in the drop-down menu who gets logged in automatically.

Unfortunately for users of Fedora, this option isn't available, so you need to make the necessary changes manually. To enable automatic login you need to open /etc/gdm/custom.conf in a text editor with root permissions and then append the following to the bottom of the file:

[daemon] TimedLoginEnable=True TimedLogin=UserName TimedLoginDelay=0

replacing UserName with the user you would like to log in.

Use wire frames

A common problem with low-powered systems is the lag generated when you click and drag a window. Gnome renders the window as it moves, which can slow performance down, but it has a built-in method to reduce the demand on system resources this causes, which you can activate by typing the following into a terminal:

gconftool-2 --type bool --set /apps/metacity/general/ reduced_resources true

Now when you click and drag windows you will see wire frames instead of the window contents, which drastically improves performance on under-powered systems (but has little or no effect on others). Note that this trick won't work if you are using Compiz or an alternative window decorator.

Gnome's wireframe mode eliminates the overhead of showing window contents whilst resizing or moving them.

Make menus faster

If your menus are starting to feel sluggish, the most likely cause is the icon delay. Every time you open the Gnome menu for the first time the icons have to be loaded from their source files. On slower systems this can look a little messy, so there is a timeout deliberately set to ensure the icons are loaded in time for you to see them. However, with modern hardware this is not generally necessary, so the option can safely be adjusted. Create a new file in your home directory named .gtkrc-2.0then open this file in your favourite text editor to type:


After saving the file, press Ctrl+Alt+Backspace to reinitialise xserver and your menus should open considerably faster.

Optimise KDE

KDE has received a mixed press lately. Though there's no doubting that its good looks and the new plasmoids set it apart from the competition, KDE 4 still can't match KDE 3 (or even Gnome) for speed and performance. Though this area is in heavy development, a few tweaks can trim valuable seconds off your startup time and make the desktop as a whole much more responsive.

Disable IPv6

Until IPv6 is more implemented, Konqueror has to translate between IPv4 and IPv6 - so if you can get a speed boost by turning off IPv6. The methods are slightly different between distros. For instance, in Kubuntu you need to edit/etc/environment as root and add the following line to the file:


In openSUSE, edit /etc/sysconfig/windowmanager with root permissions and find this line:


then change the answer to no. In both cases you will need to save the file and exit before restarting the session for the changes to take effect.

Enable automatic login

Gnome isn't the only desktop that can benefit from you setting up an automatic login: KDE 4 users can do much the same thing by heading to System Settings and clicking on the Advanced tab. Here you can run the login manager and enable automatic login from the Convenience tab. You'll also need to choose the user you want to log in automatically from the drop-down menu below the checkbox. When you reboot you should miss the login screen altogether and launch straight into the KDE 4 splash screen.

Start with an empty session

By default KDE 4 saves volumes of data about your current session, such as which windows are open and which processes were running so that next time you log in your session is exactly as you left it. This is very convenient, but it also slows your boot time down as this data has to be reloaded on each boot. We can avoid this problem by ensuring that we start with a fresh session. Select System Settings (or Configure Desktop in OpenSUSE) from the KDE menu and in the Advanced tab start the session manager. Towards the bottom of the form select the radio button next to Start With An Empty Session then click Apply.

Start Konqueror faster

We can make Konqueror run much faster by enabling preloading. This uses some memory, but means that the next time you fire up Konqueror it will open in around half the time and in the same place you left it. If you used the previous tweak to start KDE with an empty session then there's no need to panic, as we will configure preloading to run automatically when KDE starts.

To enable Konqueror preloading, open up the browser and head to Settings > Configure Konqueror. In the Performance section check the box next to Preload An Instance After KDE Startup. You can also set how many instances of Konqueror are preloaded at startup depending on how many Konqueror windows you tend to run at any one given time.

Boost your network

You've tweaked your router, optimised your server and replaced all your broadband filters in your house - and you still have a slow connection. Before you make an angry phone call to your ISP, there's a possibility that the client machine may be the bottleneck. With just a few of these tweaks you can improve your connections, or at the very least eliminate your client machine as the single point of failure.

Use hostname 'localhost'

This doesn't cause a drastic improvement on its own, but in conjunction with the other network tricks here can improve your local machine's network performance. Simply open /etc/hosts in a text editor with root permissions and change the top two lines to: localhost yourhost yourhost

where yourhost is the name of the machine (ie bobdesktop). Ensure you keep a backup of your /etc/hosts file, as not all distros are compatible with this!

Optimise TCP settings

Distros come preconfigured for "average" internet users, but in a world of 3G, dial-up and ADSL there is no such thing as an average user. Now edit /etc/sysctl.conf as root and append the following:

net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_sack = 1

(This may take some trial and error, so keep a backup of the files you edit.) The top line removes timestamps and so relieves all incoming and outgoing packets of a 12k overhead. The bottom line enables selective acknowledgements, which means fewer checks are initiated on each packet so they are delivered quicker. We don't recommend the latter tweak for dial-up connections as this increases the number of packets which need to be resent.

Metrics and backlogs

You can further optimise your TCP settings by appending the following lines to the same text file:

net.ipv4.tcp_no_metrics_save = 1 net.core.netdev_max_backlog = 2500

The top line speeds up connections by ensuring that TCP metrics are not saved for each individual packet. The second line dictates the backlog of packets allowed. To give an idea of the scale of the figure you should use for your backlog, around 2,000 is recommended for wireless or older Ethernet connections, and around 5,000 for a 1GB Ethernet cable to broadband connection. On the other hand, this figure can rise up to 30,000 for an expensive 10GB Ethernet cable. The slower the connection, the lower your backlog should be, as the aim of this tweak is to clear outstanding packets as soon as possible in order to boost connection speeds.

TCP window scaling

The TCP window settings define the minimum and maximum size of packets we can send and recieve. Dial-up users will see a speed boost with smaller packet sizes while broadband users will see a speed boost with larger packet sizes. Edit/etc/sysctl.conf as root, and append this:

net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_wmem = 10240 87380 16777216 net.ipv4.tcp_rmem = 10240 87380 16777216 net.ipv4.tcp_mem = 16777216 16777216 16777216 net.core.rmem_max = 16777216 net.core wmem_max = 16777216

Those figures are optimised for a 2Mbps connection on Sky broadband over a wireless connection, but the packet size recommendation for any given connection is usually maximum bandwidth divided by latency. You can find these figures by heading to, and you can also analyse how your changes are affecting your connection can give you an indication of which values and tweaks will improve your network connection. can give you an indication of which values and tweaks will improve your network connection.

Faster Firefox

Continuing with the networking theme, you can optimise much more than just your TCP settings. Mozilla Firefox has a raft of options cunningly hidden from users that can untap the browser's potential...

Disable IPv6 (again!)

With this tweak we will simply amend an existing value. Type the following into the search bar: network.dns.disableIPv6

You shouldn't have to type out the whole thing, as the listings change dynamically as you're typing. Simply double-click on the entry to change the default value of "False" to "True".

Render pages faster

Create a new integer value in about:config named content.notify.backoffcount and set the value to 5 so that Firefox won't wait for the entire page to download before rendering. You can also create a value with the namenglayout.initialpaint.delay and set the value to zero. This ensures that Firefox doesn't wait for the page layout information to be fully downloaded before rendering.

Optimise your history

If you reduce the amount of web history that Firefox stores, it will load faster and also save you some disk space. Type the following in the search bar: browser.history and change browser.history_expires_days andbrowser.history_expires_min to zero. You can also use low numbers if you want to keep some browser history.

More TCP tweaks

Change the network.http.pipelining and network.http.proxy.pipelining values to "True" and then setnetwork.http.pipelining.maxrequests to 8 instead of 4. These tweaks boost performance for broadband users as we use a TCP technique known as pipelining, which allows Firefox to make multiple requests on a single connection.

Any mistakes here could break Firefox, so once you've made a backup and a vow of honour you can unleash the power hidden in your browser.

Speed up menus

Start by typing about:config and accepting the warning that comes up (you will need to do this for all these Firefox tips). The listing you see is much like the Firefox equivalent of the Windows registry, which means that though this is a very powerful way to tweak your browser you can cause serious stability problems if you get it wrong.

We can make our Firefox menus load faster by adding our own value to the listing. Right-click anywhere in the listing and then click New > Integer. Use ui.submenuDelay as the name and then set the value to zero. When you restart Firefox you should notice that your menus load noticeably faster, as you have removed the delay for the menu popups.

Speed up your software

Almost all mature applications have options hidden away in the GUI that can boost their performance on your system, so if we've given you the tweaking bug there's plenty of scope for further experimentation. Whether you're shaving a few seconds of boot time off or improving the backbone of your system, the applications that make up your Linux system are what it's all about.

The fastest mirror

Open a root terminal and type: yum install yum-fastestmirror. This well-known Yum plugin ensures that you always download packages from the fastest mirror, which could save minutes on large distro downloads.

Avoid rechecking

Every time you update or install a package Yum has a tendancy to re-download all the metadata packages from each server, which isn't ideal for users with slow connections. You can resolve this by downloading the entire cache in one go and allowing Yum to then refer to this rather than the online sources. Fire up a root terminal and type:

yum checkcache

We recommend you run this command at least once a week to keep the list up to date.


We often harp on about how slow is, but it doesn't have to be like that. With just one tweak you can remedy the problem, and with further alterations the latest can run on much older hardware. So, before you ditch this office suite forever and use AbiWord and Gnumeric instead, try monkeying with the settings under Tools > Options > Memory to reduce the amount of RAM that OOo chews up.

One easy tweak here that we recommend is to reduce the number of undo steps from the default value of 100 to somewhere between 20 and 30. That way you use less memory than before but still gain the benefits of having an undo function. Another thing you can do is to enable the Systray quick starter (in the bottom of the window). This enables you to keep an instance of OOo in the cache, so you can restart more quickly.

Make OOo more efficient in Tools > Options > Memory.

Increase graphics cache

On systems with under 512MB RAM, use a graphics cache of between 32MB and 64MB, but for systems with 512MB or over we recommend a cache size of at least 128MB, as the additional memory will help large apps such as OOo run that little bit faster.

Remove items from memory

Also in the Memory dialog we can define how long OOo leaves things before refreshing its cache. On a system with 256MB RAM or less we recommend setting the refresh to 0:30 (every 30 minutes) as more frequent reloads will cause OOo to lock up or become sluggish. For users of higher-end systems, the 10-minute default is usually fine.

Clean out Yum

For peace of mind and more disk space it makes sense to ensure that Yum's cache doesn't contain any redundant packages. To do so, open a root terminal and type: yum clean all. Ensure you run this before you do any other optimisations for Yum, as this operation will reset them.

Try Opera

It may only be free as in beer and not as in speech, but Opera is a lightweight and very capable alternative to Firefox that's fast enough already even without any optimisation tweaks. It integrates additional tools to handle mail, file sharing and even IRC chats. The Opera community has developed thousands of skins and plugins, and with recent releases personal web space and even a personal web server have been included free of charge.

Opera - not free as in freedom, but still a great, memory-friendly web browser.

Install apt-fast

The apt-fast script can provide a huge speed boost to package management, as we use Axel as a drop-in replacement download manager for Aptitude rather than the traditional wget. You will need to install Axel through Aptitude and then open a text-editor with root permissions and paste the shell code from here directly into the file. Then we recommend you save it as /usr/local/bin/apt-fast (no extension) and close the text editor before opening a root terminal and typing:

chmod +x /usr/local/bin/apt-fast

To use the script, try this as root: apt-fast install packagename or simply use apt-fast update and apt-fast upgrade to update all your packages. The script may be slow in some cases, as the tweaks you made to Aptitude will not apply to the script, and Axel does not use Aptitude's cache.

Get a better download mirror

Head to System > Administration > Software Sources in Gnome and select Other from the drop-down menu next to Server Location. Then click Select Best Server and wait for the checks to finish. When this is finished, close the window and let your distro update its sources.

A common problem with this method is that the update window can freeze and go grey. (This is a known issue with older versions of Ubuntu.) This can be resolved by closing the window (using the Force Quit Gnome applet if necessary by right-clicking the panel and selecting Add to Panel) and then running Add/Remove Software to update the sources.

Halt Java

The JRE in is the main culprit for the slow startups. You don't need the JRE to run in a day to day environment, so you can safely disable it, and in the event you do need the JRE you can quickly re-enable it. Simply head to Tools > Options and select Java in the left-hand box. To disable the JRE simply uncheck the box next to Use A Java Runtime Environment.

Remove old packages

Run this to remove orphaned dependancies with APT:

apt-get autoremove

and to remove all package files from the cache:

apt-get clean

Use autoclean rather than clean to remove old versions of packages. Make sure you're root!

Reduce history

By reducing the amount of history that Opera keeps we can reduce the time it takes to initialise it and also curtail Opera reloading its history every five hours. This is achieved by heading to Tools > Preferences and clicking on the Advancedtab. Select History from the left-hand side and then click Clear in the Addresses section. Then set the value as anything from 0 to 1,000, which will be considerably less than the default. You can also uncheck Remember Content On Visited Pages to save further disk space.

Hey Presto

Sometimes updates vary very little from their previous download, especially if it's just a bug fix. If you want to download only the changes, run this as root to install the Presto plugin for Yum:

yum install yum-presto

Disable name completion

Users with low-end systems may find that pictures and the auto-completing navigation bar in Opera can be a little sluggish at times. We can remedy the first issue by disabling Turbo, which pre-draws images before they are loaded. Look inabout:config for the Turbo Mode option in User Prefs, then uncheck it. To disable name completion, choose Tools > Preferences > Advanced > Network > Server name completion, then uncheck Look For Local Network Machine


increase internet speed in ubuntu

Internet speeds in Ubuntu can be increased. Simply follow the steps.

  • Open a Terminal via Applications->Accessories->Terminal  and type the following

                          sudo vim  /etc/sysctl.conf         (press i for edit mode)

  • Then Paste the Following at the end of the file:
         ## increase TCP max buffer size setable using setsockopt()          net.core.rmem_max = 16777216          net.core.wmem_max = 16777216          ## increase Linux autotuning TCP buffer limits          ## min, default, and max number of bytes to use          ## set max to at least 4MB, or higher if you use very high BDP paths          net.ipv4.tcp_rmem = 4096 87380 16777216          net.ipv4.tcp_wmem = 4096 65536 16777216          ## don't cache ssthresh from previous connection          net.ipv4.tcp_no_metrics_save = 1          net.ipv4.tcp_moderate_rcvbuf = 1          ## recommended to increase this for 1000 BT or higher          net.core.netdev_max_backlog = 2500          ## for 10 GigE, use this, uncomment below          ## net.core.netdev_max_backlog = 30000          ## Turn off timestamps if you're on a gigabit or very busy network          ## Having it off is one less thing the IP stack needs to work on          ## net.ipv4.tcp_timestamps = 0          ## disable tcp selective acknowledgements.          net.ipv4.tcp_sack = 0          ##enable window scaling          net.ipv4.tcp_window_scaling = 1 


  • Then  type the follwing to exit and save what you have just done. Press ESC to quit the edit mode and type the following.


  • Then type the following to to apply the settings.
             sudo sysctl -p          
  • You can disable all these settings by removing these lines you added via:
             sudo gedit /etc/sysctl.conf  Courtesy:

Local DNS Cache for Faster Browsing

A DNS server resolves domain names into IP addresses. So when you request “” for example, the DNS server finds out the address for the domain, and sends your request the right way.

You can run a DNS cache on your computer. This will speed up the process of looking up domain names when browsing. The difference is about 30-60 ms for me. Multiply that difference by the number of websites you visit a day for an approximate estimate of the speed improvement. Of course, all this would be worth it if it weren’t for the fact that setting this up is way too easy.

The following instructions are for someone with a cable (broadband) internet connection, where the computer gets it’s local IP address using DHCP from the router in your house/office:

The package we will be using for caching nameserver lookups is called dnsmasq. So first, install it using:
$sudo apt-get install dnsmasq
(If you can’t find then, then you probably haven’t added the Universe repository to your list of repositories.)

No uncomment the following line (that is edit the line to NOT have a “#” in the beginning) in the file /etc/dnsmasq.conf:

Now edit /etc/dhcp3/dhclient.conf and make sure the section below exactly like this, especially the line that says “prepend domain-name-servers;”

#supersede domain-name "";
prepend domain-name-servers;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, host-name,
netbios-name-servers, netbios-scope;

Explanation for the above change: In the normal case, when you get a new dhcp lease, the dhcp3 client (tool) on your computer gets a new lease, and updates the /etc/resolv.conf file on your computer with the right values for the DNS servers to use (usually some machine in the network of your hosting provider). Adding the “prepend” option as we did above ensures that “″ will appear on the top of the list of DNS servers. That magic number refers to your own computer. So in the future, whenever your computer needs to resolve a domain name, it will forward that request to dnsmasq (which is running at – your computer). If the details for the domain name are already in you cache, well and good, dnsmasq will serve it up and make the process real fast. If it is not in the cache, then dnsmasq will look at the /etc/resolv.conf file and use the nameservers listed below the “″. I hope that explains things.

Now open the file /etc/resolv.conf in your text editor. It probably looks like:


The is missing right now since you haven’t renewed your lease after you edited the /etc/dhcp3/dhclient.conf file. So, let us add that in manually this one time. After you do, your /etc/resolv.conf file will look like the following:


Don’t worry if the numbers are different – if they are not, then hey – we must be neighbours ;)

Okay. We are almost done here. All we have to do now is to restart dnsmasq so that the changes we made to the configuration file take effect. You can do that using the command:
$sudo /etc/init.d/dnsmasq restart.

Now you are running a local DNS cache. If you want to measure your speed improvement, type the command:
You will see something like “;; Query time: 38 msec” there.
Now type the command again, and you should see something like:”;; Query time: 2 msec”

See, the first time, since’s details were not in your cache (you are using it for the first time), the query took 38 ms. The second time, the cache speeds up the lookup. I have been using this for over a month now, and haven’t had a problem.
source :

Sunday, August 15, 2010


How to fix broken packages
 'Broken packages' are packages that have unsatisfied dependencies. If broken packages are detected, Synaptic will not allow any further changes to the system until all broken packages have been fixed.

To fix broken packages
Choose Edit > Fix Broken Packages from the menu.
Choose Apply Marked Changes from the Edit menu or press Ctrl + P.
Confirm the summary of changes and click Apply.
If that does not help, then please follow this procedure:

How to free disk space
Settings -> Preferences -> Files -> Delete downloaded packages after installation then click Delete Cached Package Files.

Broken Upgrade or Installation
What to do if an installation process fails and you find it is no longer possible to install or remove packages:
Open a Terminal and type the following commands, pressing the Return or Enter key after each (you may have to type in your password):
sudo dpkg --configure -a
sudo apt-get install -f
Browser works, Synaptic will not
(note: probably inaccurate or outdated)

If the router is set to auto discover DNS then Synaptic will fail. Resolve this by setting up a static ip address and manually set DNS ip in router. Now Ubuntu (system-administration-networking) config static ip and enter your ISP dns ip and delete router DNS ip which will look something like

Saturday, July 31, 2010

Remove Docky icon from docky

  • Press ALT + F2
  • Type command “gconf-editor" and hit enter/return
  • Navigate to "apps/docky-2/docky/items/DockyItem" in the gconf-editor
  • Uncheck "ShowDockyItem"
  • Restart Docky

Terminal way
If you're lazy and want to do this via the terminal you can do so using the following commands.
this command will turn the icon off:
  • gconftool-2 --type Boolean --set /apps/docky-2/Docky/Items/DockyItem/ShowDockyItem False
this will turn it back on:
  • gconftool-2 --type Boolean --set /apps/docky-2/Docky/Items/DockyItem/ShowDockyItem True
Remember that you will need to restart Docky to see the changes.

Tuesday, July 27, 2010

Remove "Mounted Disks" from your Linux (ubuntu) desktop.

Just type in gconf-editor into the Alt+F2 run dialog to open the app.
Now browse down to the following key:

apps \ nautilus \ desktop

You should see a key in the right-hand pane called volumes_visible. Remove the checkbox from it, and the icons will instantly disappear from the desktop.
I prefer a clean desktop with no icons cluttering it up, but by default Ubuntu adds icons to the desktop for every single removable drive that you attach to your system.

Having recently transitioned to using Ubuntu full-time at home (instead of just part-time), this was one of the first things I wanted to disable. Sadly there’s no option in the default configuration screens, so we’ll have to use the “registry editor” for Ubuntu, called gconf-editor.

Just type in gconf-editor into the Alt+F2 run dialog to open the app. 


Now browse down to the following key:

apps \ nautilus \ desktop

You should see a key in the right-hand pane called volumes_visible. Remove the checkbox from it, and the icons will instantly disappear from the desktop.

Set up Internet Connection Sharing(using LAN ) in Linux (Ubuntu) between any computers

Internet Connection Sharing (ICS) provides the ability for one computer to share its Internet connection with another computer. To do this, a computer with an Internet connection must be configured to function as an Internet gateway. A second computer (or network of computers) connects to the Internet indirectly via the gateway computer.

Situations in which ICS may be necessary include:

  • dial up connection
  • authenticated (PPPoA/E) connection
  • wireless connection
  • When it is impractical (such as with distance) to run multiple network cables to each computer.

GUI Method via Network Manager (Ubuntu 9.10 and up)

In order to share an Internet connection, the computer that will do the sharing must have two network cards or ports. This assumes that you are using at least one Ethernet port and that it is identified as "eth0".

When you are logged in:

  • Go to "System" on your top bar
  • Navigate to "Preferences" and select "Network Connections"
  • When that window opens, select "Auto eth0" and press "Edit"

A new window will open. Navigate to the tab titled "IPv4 Settings" and change the Method to "Shared to other computers". After restarting the computer you should now be able to plug in any computer into your other Ethernet port or share through your wireless card.

Ubuntu Internet Gateway Method (iptables)

You will need two network cards in the gateway computer, or a PPP interface and a network card. One network card (or PPP interface) connects to the internet, we will call this card eth0. The other card connects to your internal network, we will call thiseth1. It is also possible to do ICS with a single network card. In this case, use eth0 for the internet and eth0:0 for the internal network.

  1. Internet <<==>> eth0 <> Ubuntu gateway <> eth1 <<==>> Client PC

  2. Internet <<==>> ppp0 <> Ubuntu gateway <> eth1 <<==>> Client PC

  3. Internet <<==>> eth0 <> Ubuntu gateway <> eth0:0 <<==>> Client PC

Gateway set up

The following example will focus on the most common gateway setup; an Ubuntu computer with two wired network adapters (eth0 and eth1) hosting ICS to a static internal network configured for the 192.168.0.x subnet.

For this example, eth0 is used to represent the network card connected to the internet and eth1 represents the network card connected to a client PC. You can replace eth0 and eth1 as needed for your situation. Also, any private IP subnet can be used for the internal network IP addresses.

In summary:

  • eth0 = the network adapter with internet (external or WAN).
    eth1 = the network adapter to which a second computer is attached (internal or LAN).
    192.168.0.x = IP subnet for eth1

Your setup may be different. If so, make sure to change them accordingly in the following commands.

Configure internal network card

Configure your internal network card (eth1) for static IP like so:

sudo ifconfig eth1

(The external and internal network cards cannot be on the same subnet)

Configure NAT

Configure iptables for NAT translation so packets can be correctly routed through the Ubuntu gateway.

sudo iptables -A FORWARD -i eth0 -o eth1 -s -m conntrack --ctstate NEW -j ACCEPT sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -A POSTROUTING -t nat -j MASQUERADE 

(rule1 allows forwarded packets (initial ones), rule2 allows forwarding of established connection packets (and those related to ones that started), rule3 does the NAT.)

IPtables settings need to be set-up at each boot (they are not saved automatically), with the following commands:

  • Save the iptables:

sudo iptables-save | sudo tee /etc/iptables.sav
  • Edit /etc/rc.local and add the following lines before the "exit 0" line:

iptables-restore < /etc/iptables.sav

Enable routing

  • Configure the gateway for routing between two interfaces by enabling IP forwarding:

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

  • Edit /etc/sysctl.conf and add these lines:

net.ipv4.conf.default.forwarding=1 net.ipv4.conf.all.forwarding=1

The /etc/sysctl.conf edit is required because of following Bug (Hardy and later releases) Launchpad Bug Report

Client set up

Any OS can connect to the internet as an ICS client as long as networking has been configured correctly. The following example will focus on how to set up an Ubuntu ICS client. For this example, it is assumed that the client is connected to an Ubuntu gateway which has been configured to share ICS on the 192.168.0.x subnet according to the gateway set up outlined above.

For this example, eth0 is the network card on the client which is connected (by crossover cable) to eth1 on the Ubuntu gateway. You can replace eth0 as needed for your situation. Also, any private IP subnet can be used for the internal network IP address, as long as it matches the subnet on the gateway.

Disable networking

sudo /etc/init.d/networking stop

Give the client a static IP address

sudo ifconfig eth0

This IP address can be anything within the gateway's private IP range.

Configure routing

sudo route add default gw

This address should match the IP address on the gateway's internal network card (eth1 in the above example).

Configure DNS servers

Unless your ICS gateway can also perform DNS, you must manually configure the client with your ISP DNS servers. If you do not know your ISP's DNS servers, you can use OpenDNS servers instead.

  • Backup your current /etc/resolve.conf file:

sudo cp /etc/resolv.conf /etc/resolv.conf.backup
  • Open /etc/dhcp3/dhclient.conf with your favorite text editor:

sudo nano /etc/dhcp3/dhclient.conf
  • Search for the line that starts "prepend domain-name-servers", and change it to look like this:

prepend domain-name-servers,; and are OpenDNS DNS servers. If you wish to use your ISP's DNS servers, use them here instead of the OpenDNS servers.

Restart networking

sudo /etc/init.d/networking restart

Once this is finished, your client will now have access to the internet via ICS. Please direct any questions/comments to theInternet Connection Sharing Documentation thread.

A beginner's working example of a Ubuntu Desktop with 2 nic cards, sharing internet connection

Advanced Gateway Configuration

The above example outlines how to do basic ICS on a static IP network. Once you have configured your Ubuntu computers for ICS and confirmed that everything works across your static network, there are a few advanced routing configurations which can make it much easier to set up the ICS client.

Advanced configurations include DHCP server, and DNS server. A DHCP server allows the client to get an ip address automatically without having to manually configure a static IP. A DNS server allows the client to resolve internet host names without manually configuring DNS addresses.

DHCP/DNS server

This is deceptively easy, and will be acceptable for most situations. However, it will not allow the ICS client to see computers on different subnets.

  • Install software

sudo aptitude install dnsmasq
  • Stop the server

After dnsmasq has been installed, it is automatically started, so it will need to be stopped before changes can be made.

sudo /etc/init.d/dnsmasq stop
  • Make a backup of the well commented configuration file (we won't use any of this, but it's handy to have a copy of for reference later)

sudo cp /etc/dnsmasq.conf /etc/dnsmasq.conf-backup
  • Edit /etc/dnsmasq.conf with your favorite text editor and add the following two lines:

interface=eth1 dhcp-range=,,72h

Note: The "interface" should match the interface that your clients are connected to, and the "dhcp-range" should be within the gateway's private IP subnet you configured according to the "Gateway set up" directions above.

  • Start the DHCP/DNS server

sudo /etc/init.d/dnsmasq start

Now your clients should be able to pull an automatic ip address and resolve host names.

Other approaches

The following section includes a rough outline of some alternative methods for configuring an ICS gateway. They are incomplete and untested. They are included simply for the sake of information.

Alternate server software (CLI)

There are other ways to host ICS, but they are outside the scope of this article.

Alternate NAT

The ipmasq daemon does NAT routing so you don't have to configure iptables. The following directions are incomplete and should not be considered a full description of what needs to be done to configure ipmasq.

sudo aptitude install ipmasq

Configure ipmasq to allow dhcp requests, otherwise you need to stop ipmasq to make a connection. You need to copy a .rul from the documentation directory into the /etc config and edit the interface name. Then reconfigure ipmasq to start after networking has been started

sudo dpkg-reconfigure ipmasq.

Dedicated DHCP server

dhcp3 is an easy to configure and scalable true DHCP server that can be configured for many different aplications. dhcp3 configuration is more complex, but it can be useful in many situations:

Dedicated DNS server

BIND9 is a popular and well supported local DNS server. It is very versatile, and very powerful, but difficult to configure correctly:

Alternate gateway software (GUI)

Another approach --- set up Firestarter, to run connection sharing, set up dhcp3-server, and set its configuration to listen to the correct eth*. To change this later, run sudo dpkg-reconfigure dhcp3-server.

Basically, you need to have Firestarter active/turned on/protecting, to have the connection shared.

When you install dhcp3-server, it will place a sample config file in your /etc/dhcp3 folder, called dhcpd.conf. I suggest you install dhcp3-server first, and then firestarter, cause if you are lucky, firestarter will set up a new config file for dhcp3 for you.

At any time that changes are made to your dhcpd.conf file, restart the server - sudo /etc/init.d/dhcp3-server restart will do it.Alternatively, every time you run the sudo dpkg-reconfigure dhcp3-server, at the end, your server will restart.

There are several issues that I had...first of all, the Firestarter firewall won't even start if you don't have it configured to listen to the right interface...You can change which one it listens to in Preferences --> Network Settings. The Local network connected device must be the same as you have dhcp3-server listening to, of course, both checkboxes under that need to be checked. The Internet connected network device will be the one that is configured for Internet. Now, I have two NICs, but I have pppoe configured on eth0, and I have Internet connection sharing configured on the same one, cause eth0 is also configured for a static 192.168 internal IP for my internal network.

simple iptables example

simple example wlan0 has the internet connection eth0 is being used to share the connection it could be directly with a single pc via a crossover cable or switch or you could have a router with a cable from eth0 to the wan port and a whole lan setup behind this. Interestingly the internet connection could be ppp0 a 3g or mobile Internet modem.

  • #!/bin/sh 
    # internet connection sharing wlan0 is the gate way 
    # eth0 is the lan port this might use a straight ethernet cable to a router wan port or a switch or a single PC
    # is the port that is being used by the lan for access I changed it to and set fixed addresses for the wan and router
    # change wlan0 to ppp0 and you can use this for mobile broadband connection sharing
    ifconfig eth0 up"
    ifconfig eth0
    echo “1” > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A POSTROUTING -o wlan0 -s -j MASQUERADE
    iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 3074 -j DNAT --to-destination
    iptables -t nat -A PREROUTING -i wlan0 -p udp -m multiport --dports 88,3074 -j DNAT --to-destination
    iptables -A FORWARD -i wlan0 -d -p tcp --dport 3074 -j ACCEPT
    iptables -A FORWARD -i wlan0 -d -p udp -m multiport --dports 88,3074 -j ACCEPT

You could use the above as a bash script changing things to suit 

  • If things go wrong The Following script should save you if things get badly messed up.

  • #!/bin/sh
    # rc.flush-iptables - Resets iptables to default values. 
    # Copyright (C) 2001 Oskar Andreasson <bluefluxATkoffeinDOTnet>
    # This program is free software; you can redistribute it and/or modify
    # it under the terms of the GNU General Public License as published by
    # the Free Software Foundation; version 2 of the License.
    # This program is distributed in the hope that it will be useful,
    # but WITHOUT ANY WARRANTY; without even the implied warranty of
    # GNU General Public License for more details.
    # You should have received a copy of the GNU General Public License
    # along with this program or from the site that you downloaded it
    # from; if not, write to the Free Software Foundation, Inc., 59 Temple
    # Place, Suite 330, Boston, MA 02111-1307 USA
    # Configurations
    # reset the default policies in the filter table.
    # reset the default policies in the nat table.
    # reset the default policies in the mangle table.
    # flush all the rules in the filter and nat tables.
    $IPTABLES -t nat -F
    $IPTABLES -t mangle -F
    # erase all chains that's not default in filter and nat table.
    $IPTABLES -t nat -X
    $IPTABLES -t mangle -X

Further reading

Internet Connection Sharing Documentation thread

See also