This site is now 100% read-only, and retired.

XML Logo

Posted by pedxing on Fri 3 Feb 2006 at 14:36
Tags: none.
Being a lazy sort of person, I wanted a pre-built firewall solution for my home system. I have Debian unstable running on my main PC, which has two nics, one to my Bell Sympatico DSL modem, and one to my internal network.

I downloaded ipkungfu, which allowed me to NAT to my network by changing "GATEWAY" from 0 to 1. I restarted, everything worked. From my days with ipfw and ipchains, I was very impressed with how quickly it went. I didn't have to tell it anything.

Problems arose when I tried to punch through 22 to my box, so I could ssh in. I added 22 to the allowed ports, but nothing happened.

After trying `ipkungfu -t`, I realized (eventually) that it was using eth1 as my external interface, rather than ppp0. "How is that possible" you say? It turns out that (at least in Toronto), Bell supplies modems which also act as silly little pseudo-routers. Debian was searching for a DHCP server on eth1 by default. When the modem saw a DHCP request, it slipped into "Gateway" mode, and made a connection, giving eth1 a private IP, and forwarding no ports back inside.

I set eth1 to manual in /etc/network/interfaces, brought it down-then-up to clear the ip and route information, then `pon dsl-provider` brought me back online, with the ports forwarded properly.

Now that I've got everything running smoothly, I can't sing the praises of ipkungfu highly enough. I am very impressed with it's smarts, as far as automagically configuring itself to fit the network, and making things work, even when they really aughtn't.

 

Posted by pedxing on Mon 1 Aug 2005 at 02:56
Tags: none.
Happy 200th DA!

 

Posted by pedxing on Fri 29 Jul 2005 at 02:23
Tags: none.
I want to back up mysql and a few small files to my gmail account every night.

First, I have a crontab entry run a script to dump the mysql database.
0 0 * * * /root/bin/dumpmysql
the dumpmysql script is one line:
/usr/bin/mysqldump --user=root --password=mysqlpassword --all-databases > /home/jay/backup/`date +%F`-backup.sql

The reason I have crontab call this script is that if I put that line in my crontab, my mysql password will be in my logs, as well as the process list while it's running.

I also create symlinks in /home/jay/backup to any files or folders I want to copy offsite.

I then have another entry in my crontab to use mpack to create a MIME message and send it to my gmail account.
The subject of the message (-s switch) is the date. The body of the message is the output from tar, temporarily held in /tmp/dumpmsg.txt. The contents of the folder are tar/gzipped and attatched.

0 1 * * * tar zvvcf /tmp/dump.tgz /home/jay/backup > /tmp/dumpmsg.txt ; mpack -s `date +%F` -d /tmp/dumpmsg.txt /tmp/dump.tgz jaywstapleton@gmail.com; rm /tmp/dumpmsg.txt; rm /tmp/dump.tgz

The message is formatted like this:

-----
2005-07-28

jay (jay@pedxing.org) to me 8:36 pm (1 hour ago)
drwxr-xr-x jay/jay 0 2005-07-28 20:32:06 /home/jay/backup/
-rw-r--r-- root/root 10524 2005-06-25 09:49:19 /home/jay/backup/testfile
-rw-r--r-- root/root 27910 2005-06-25 21:03:32 /home/jay/backup/2005-06-25-backup.sql
lrwxrwxrwx jay/jay 0 2005-07-28 20:32:06 /home/jay/backup/link.to.a.file -> /home/jay/files/a.file.to.link.to/

dump.tgz
8K Download
-----

Comments

 

Posted by pedxing on Wed 29 Jun 2005 at 19:39
Tags: none.
As a response to simonw's question.

First step is to create the folder that you want to restrict access to. In our example it will be /usr/downloads
`mkdir /usr/downloads`

Next, we will create a group to grant permissions to the folder. I will call the group lusers (for local users, of course)
`addgroup lusers`

We set the ownership of the folder to root user and lusers group.
`chown root:lusers /usr/downloads`

And set the permissions so that no non-lusers have access, and lusers have full access.
`chmod 770 /usr/downloads`

Next we add access for the people who are authorized. This is best done by editing the file /etc/group file using the `vigr` command. Locate the line that looks like:
"lusers:x:1019:"
The number will be different according to your system setup. To add the users "jay" and "pedxing" to the group, change the line to:
"lusers:x:1019:jay,pedxing"
Save and quit (vigr uses vi commands).

The users will have access to /usr/downloads next time they log in. They will have to log out/in if they are already in while the changes are made.

Comments

 

Posted by pedxing on Sun 26 Jun 2005 at 15:19
Tags: none.
That didn't last long. I suppose that's what I get for relying on 3rd party apt-sources.

Here is the "proper" way to install the Java plugin on a debian system:

First, make sure you have gcc
`apt-get install gcc`

Download the j2re package from Sun

Grab the tools for building a Java .deb:
`apt-get install fakeroot java-package`

Then, as a non-root user, run:
`fakeroot make-jpkg j2re-1_4_2_08-linux-i586.bin`
substituting your version of the .bin file as required.
You will be asked a few straighforward questions, and required to accept the Sun license agreement.

Now, switch back to root, and install the newly created .deb file:
`dpkg -i sun-j2re1.4_1.4.2+08_i386.deb`
Comments

 

Posted by pedxing on Sat 25 Jun 2005 at 21:13
Tags: none.
The instructions for installing Serendipity make it seem quite straightforward.

Unfortunately, it's not quite that simple.
Before installing, you need to make a mysql database and user for serendipity to use. This can be done via the command-line mysql tool. Anything you type will be surrounded by ` marks.

First, log into your database and run the tool:
`mysql --user=root --password=mypassword`
You will be greated with a "mysql>" prompt.

First we create the database:
`create database serendipity;`

Then we create a user and give it access:
`grant all privileges on serendipity.* to 'seren@localhost'`
`identified by 'myserendipitypassword' with grant option;`
`quit;`

Note this user and password, Serendipity will be asking you for it upon startup.

Now, you can `tar -zxvf serendipity-0.8.1.tar.gz` within your webserver's document root (mine is /var/www), and
Point your browser at http://yourdomain/serendipity.

You will be greeted with a list of requirements and recommendations, along with your status on each of them. I was missing "database extensions" so I opened up my shell, and did an `apt-get install php4-mysql`. Edited the lines in my /etc/php4/apache2/php.ini as suggested, and rechecked. Now it was happy, and I went ahead with the "Simple Installation"

Here, you will need to enter the username and password you created in mysql, as well as the name of the database. Change the general settings to suit yourself, and "Complete Installation"

From here on in, it's smooth sailing.

Comments

 

Posted by pedxing on Mon 13 Jun 2005 at 06:06
Tags: none.
I have recently moved, and am no longer in the same building as my mail server. Changing SMTP servers for each ISP, or using webmail/ssh+mutt is tedious, so I decided to set up authenticated SMTP.

First, `apt-get install sasl2-bin`
sasl is a generic authentication program, with many options.

I decided to use a seperate password database for SMTP. Postfix is working in a chroot jail, and copying my passwd and shadow files into the jail kind of defeats the purpose. So I use a different password for SMTP.
To do this, we use saslauthd, so make sure this is starting up at boot, then create a file called "smtp.conf" under /etc/postfix/sasl with the line "pwcheck_method: saslauthd"

/etc/postfix/main.cf will need this section added:
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = domain.com
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes

Next, you'll need to add a user to the saslauthd database
This is done using saslpasswd2. Example:
`saslpasswd2 -c -f /var/spool/postfix/etc/sasldb2 -u domain.com username`
note you're pointing it into the postfix jail filesystem.

restart postfix to read in the changes, and set up your mail client to use the service.
All should be good.
Comments

 

Posted by pedxing on Mon 13 Jun 2005 at 05:42
Tags: none.
This no longer works: See updated instructions here

add "deb ftp://ftp.tux.org/java/debian/ unstable non-free" to /etc/apt/sources.list

`apt-get update`
`apt-get install j2re1.4`

Send Comment

 

Posted by pedxing on Mon 13 Jun 2005 at 05:41
Tags: none.
mozilla-firefox 1.0.1 was crashing when multiple tabs are open under knoppix 3.8.

I deleted /usr/lib/mozilla-firefox/plugins/libflash-mozplugin.so
This fixed it.

Send Comment

 

Posted by pedxing on Mon 13 Jun 2005 at 05:40
Tags: none.
There wasn't much in the way of available documentation, so I need to record this for next time I do it.

Step by step on how I got it working:

`apt-get install gmailfs`
`apt-get install fuse-source`
`cd /usr/src`
`tar -jxvf fuse.tar.bz2`
`cd modules/fuse/kernel`
`./configure`
`make`
`make install`
`modprobe fuse`
`mkdir /mnt/gmail`
`vi /etc/gmailfs/gmailfs.conf` - add username and password
`mount -t gmailfs /etc/gmailfs/gmailfs.conf /mnt/gmail`

Send Comment