LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 12-22-2006, 05:24 AM   #61
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,428

Original Poster
Rep: Reputation: 53

Hi gani,

Thanks for your URL

Quote:
It should be in 'new'.
Before I checked Maildir/new and can't find the email sent on Yahoo website there. I want to make another test. Any suggestion? Tks.

Quote:
We'll, smtp won't definitely affect http. It might just be coincidental when things went wrong with your http service. BTW, what's that particular config?
I haven't touched anything on Apache. I made use of proxydom.com to check the test homepage of the server. It worked seamlessly with "satimis.homelinux.com:8080" in the past. Now I tested it again. It failed with following warning;
Code:
Error: 111: Connection refused (URL: satimis.homelinux.com)
I doubt whether the problem coming from proxydom website or my server.

Quote:
BTW, what's that particular config?
Sorry, I don't follow.

B.R.
satimis
 
Old 12-22-2006, 07:16 AM   #62
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Rep: Reputation: 31
Quote:
Error: 111: Connection refused (URL: satimis.homelinux.com)I doubt whether the problem coming from proxydom website or my server.
I checked your open ports, it is only port 80 I saw and no 8080 that relates to http.

Quote:
BTW, what's that particular config?

Sorry, I don't follow.
Never mind, its okay.

Do a tail -f /var/log/mail.log while testing incoming mails and watch for .. relay=local ... delivered to Maildir... . Something like these. If they doesn't show, you need to configure your local delivery agent (but this is the default) when no virtual accounts or accounts other than Unix /etc/passwd used. Or, labor to follow the URL I gave you and everything, from SASL, TLS, Maildrop, Courier-Authlib, Courier-IMAP, MySQL, Amavisd-new, SpamAssassin & ClamAV shall be installed in your system.

FYI: We're now on a long holiday here and offices shall resume on the 27th and return to a holiday again on the 30th 'til the 1st of January.

----------
GANI
 
Old 12-23-2006, 10:23 AM   #63
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,428

Original Poster
Rep: Reputation: 53
Hi gani,

This time "satimis.homelinux.com:8080" works on "proxydom.com" browsing the test homepage. I thinks the problem was on its website.

I'm on way to sign another plan with ISP for static IP and I'm prepared to register my own domain with 'goddady';
https://www.godaddy.com/gdshop/regis...?se=%2B&ci=414

Any comment on "with 'goddady'?

Quote:
Do a tail -f /var/log/mail.log while testing incoming mails and watch for .. relay=local ... delivered to Maildir... . Something like these. If they doesn't show, you need to configure your local delivery agent (but this is the default) when no virtual accounts or accounts other than Unix /etc/passwd used. Or, labor to follow the URL I gave you and everything, from SASL, TLS, Maildrop, Courier-Authlib, Courier-IMAP, MySQL, Amavisd-new, SpamAssassin & ClamAV shall be installed in your system.
I'll check it after holiday.

Quote:
FYI: We're now on a long holiday here and offices shall resume on the 27th and return to a holiday again on the 30th 'til the 1st of January.
Wishing you Merry X'mas and Happy New Year.


B.R.
satimis
 
Old 12-27-2006, 06:55 AM   #64
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Rep: Reputation: 31
Quote:
Any comment on "with 'goddady'?
What I can only say that godaddy is hosting several domains. Our company's domain is locally registered with a 'dotPH' and thus no idea about godaddy.
 
Old 01-05-2007, 07:37 AM   #65
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,428

Original Poster
Rep: Reputation: 53
Hi gani,

Your advice noted with tks.

I'm now running static IP. I got the server reconfig without problem by running GUI;
System --> Networking

Connection: server --> router --> ADSL modem --> ISP via telephone line.
Virtual IP: 192.168.0.10 to 192.168.0.60 preset on router by ISP.
Router, Linksys Etherfast Cable/DSL Router, is suppled by ISP

I'm interested to know which file/files I have to edit manually instead of using GUI.

Can I connect the server direct to the ADSL modem without router? If YES what will be the config, using the static IP instead of Virtual IP.

TIA

B.R.
satimis
 
Old 01-06-2007, 02:02 AM   #66
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Rep: Reputation: 31
No idea on Ubuntu about the whereabouts of network configuration scripts. But I'm sure, they are just waiting for you in /etc.

When I tried for just a while a debian-based Adamantix, I've noticed something like /etc/network directory that might be the one you are looking for.

In Slack it's in /etc/rc.d/rc.inet1.conf and If I'm remembering it right still, in Red Hat and its other derivatives it is somewhere in /etc/sysconfig and a 'network-scripts' named directory.

You do the hunting....

---------
GANI
 
Old 01-08-2007, 10:28 PM   #67
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,428

Original Poster
Rep: Reputation: 53
Hi gani,

Quote:
No idea on Ubuntu about the whereabouts of network configuration scripts. But I'm sure, they are just waiting for you in /etc.
I found it.

$ cat /etc/network/interfaces
Code:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.168.0.10
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.1
"192.168.0.10" is the virtual IP on router. Tks.


Now I have "satimis.com" registered with "godaddy.com". I used other networks to test it without result. Performed following tests;

1)
on www.proxydom.com site

evoked;
http://www.satimis.com
Code:
www.satimis.com:80
This page is parked free, courtesy of GoDaddy.com
Go to the GoDaddy.com home page!

Not what you're looking for?1)

2)
on www.network-tools.com site

ping www.satimis.com
Code:
Ping 68.178.232.100

[satimis.com]

Round trip time to 68.178.232.100: 744 ms
Round trip time to 68.178.232.100: 46 ms
Round trip time to 68.178.232.100: 31 ms
Round trip time to 68.178.232.100: 31 ms
Round trip time to 68.178.232.100: 30 ms
Round trip time to 68.178.232.100: 30 ms
Round trip time to 68.178.232.100: 30 ms
Round trip time to 68.178.232.100: 30 ms
Round trip time to 68.178.232.100: 30 ms
Round trip time to 68.178.232.100: 30 ms

$ sudo whois 68.178.232.100
Code:
OrgName:    Go Daddy Software
OrgID:      GDS-31
Address:    14455 N Hayden Road
Address:    Suite 226
City:       Scottsdale
StateProv:  AZ
PostalCode: 85260
Country:    US

NetRange:   68.178.128.0 - 68.178.255.255
CIDR:       68.178.128.0/17
NetName:    GO-DADDY-SOFTWARE-INC
NetHandle:  NET-68-178-128-0-1
Parent:     NET-68-0-0-0-0
NetType:    Direct Allocation
NameServer: CNS1.SECURESERVER.NET
NameServer: CNS2.SECURESERVER.NET
Comment:
RegDate:    2005-04-12
Updated:    2005-11-11

RAbuseHandle: ABUSE51-ARIN
RAbuseName:   Abuse Department
RAbusePhone:  +1-480-624-2505
RAbuseEmail:  abuse@godaddy.com

RNOCHandle: NOC124-ARIN
RNOCName:   Network Operations Center
RNOCPhone:  +1-480-505-8809
RNOCEmail:  noc@godaddy.com

OrgAbuseHandle: ABUSE51-ARIN
OrgAbuseName:   Abuse Department
OrgAbusePhone:  +1-480-624-2505
OrgAbuseEmail:  abuse@godaddy.com

OrgNOCHandle: NOC124-ARIN
OrgNOCName:   Network Operations Center
OrgNOCPhone:  +1-480-505-8809
OrgNOCEmail:  noc@godaddy.com

OrgTechHandle: NOC124-ARIN
OrgTechName:   Network Operations Center
OrgTechPhone:  +1-480-505-8809
OrgTechEmail:  noc@godaddy.com

# ARIN WHOIS database, last updated 2007-01-08 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Please advise which file/files I have to edit making the test homepage to be visited from outside. TIA


B.R.
satimis
 
Old 01-09-2007, 12:27 AM   #68
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Rep: Reputation: 31
$ ping satimis.com

Code:
64 bytes from parkwebwin-v01.prod.mesa1.secureserver.net (68.178.232.100): icmp_seq=16 ttl=113 time=213 ms
64 bytes from parkwebwin-v01.prod.mesa1.secureserver.net (68.178.232.100): icmp_seq=17 ttl=113 time=237 ms
$ dig satimis.com

Code:
;; ANSWER SECTION:
satimis.com.            3301    IN      A       68.178.232.100

;; AUTHORITY SECTION:
satimis.com.            3301    IN      NS      PARK12.SECURESERVER.NET.
satimis.com.            3301    IN      NS      PARK11.SECURESERVER.NET.

;; ADDITIONAL SECTION:
PARK11.SECURESERVER.NET. 172503 IN      A       64.202.165.115
PARK12.SECURESERVER.NET. 172501 IN      A       68.178.211.110
$ dig www.satimis.com

Code:
;; ANSWER SECTION:
www.satimis.com.        3262    IN      CNAME   satimis.com.
satimis.com.            3248    IN      A       68.178.232.100
NMAP results:

Code:
(The 1666 ports scanned but not shown below are in state: filtered)
PORT   STATE SERVICE
21/tcp open  ftp
80/tcp open  http
Device type: general purpose
Running: OpenBSD 3.X
OS details: OpenBSD 3.6

Nmap finished: 1 IP address (1 host up) scanned in 167.631 seconds
Are you behind a router/gateway/firewall?

It looks that everything is set-up properly now but might be still needing port forwarding of your required services ports through a router/firewall (if there is one placed ahead) to your server's internal address.

----------
GANI
 
Old 01-09-2007, 05:50 AM   #69
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,428

Original Poster
Rep: Reputation: 53
Hi gani,

Quote:
Are you behind a router/gateway/firewall?
Yes.

Connection:
Server --> Router --> Modem --> ISP

The Router and Modem are supplied by ISP. The former has been pre-setup by ISP. I tried asking ISP about the Router and received a reply that "don't touch it".

Follows are info supplied by ISP
Code:
Suggested Virtual IP: 	192.168.0.10 to 192.168.0.60
Default Gateway: 	192.168.0.1
NetMask: 	255.255.255.192
	
DNS Server: 	202.14.67.4/14
WAN IP: 	xxx.xxx.xxx.xxx
NetMask: 	255.255.255.255
Tks

Remark:
At this stage the server is not turned on round the clock, only active when I'm working on it. I'm planning building a working server with CentOS as OS. Ubuntu makes lot of trouble. Firefox crashes all the time on clicking Yahoo webmail. Other folks on Ubuntuforum also suffer this problem without a solution.


B.R.
satimis
 
Old 01-09-2007, 06:32 AM   #70
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Rep: Reputation: 31
Quote:
Code:
Suggested Virtual IP: 	192.168.0.10 to 192.168.0.60
Default Gateway: 	192.168.0.1
NetMask:         	255.255.255.192
	
DNS Server: 	202.14.67.4/14
WAN IP: 	xxx.xxx.xxx.xxx
NetMask: 	255.255.255.255
So you are just simply behind the NAT their router. This is probably why NMAP saw a different OS.

Quote:
I'm planning building a working server with CentOS as OS. Ubuntu makes lot of trouble. Firefox crashes all the time on clicking Yahoo webmail. Other folks on Ubuntuforum also suffer this problem without a solution.
I just used Ubuntu in a day. A friend of mine as well reported uncontrolled numbers of processes and freezing with Kubuntu. Likewise, I don't even felt using CentOS and just tried it shortly after having problems compiling from source. Also that the same friend of mine, who is currently working in a large ISP, has reported to me that their client with a co-located CentOS server frequently calls them for hard reboot. These are the primary reasons that both of us are sticking with Slackware and OpenBSD. Our company's email and web is built-on Slackware 10.2 and OpenBSD as its firewall. I patched Slack with grsecruty+pax but without RBAC. I'm as well interested on tyring a port of AppArmor for Slack 10.2.

You will experience a great Unixy experience with Slackware and It's proven that it is really rock-solidly stable and has an even longer update support. Upgrading in Slack is now as easy like with the most of the distros by using debian-like slapt-get.

Or you may as well try the easy BSD-like approach of CRUX.

---------
GANI
 
Old 01-09-2007, 09:38 AM   #71
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,428

Original Poster
Rep: Reputation: 53
Hi gani,

Quote:
I just used Ubuntu in a day. A friend of mine as well reported uncontrolled numbers of processes and freezing with Kubuntu. Likewise, I don't even felt using CentOS and just tried it shortly after having problems compiling from source. Also that the same friend of mine, who is currently working in a large ISP, has reported to me that their client with a co-located CentOS server frequently calls them for hard reboot. These are the primary reasons that both of us are sticking with Slackware and OpenBSD. Our company's email and web is built-on Slackware 10.2 and OpenBSD as its firewall. I patched Slack with grsecruty+pax but without RBAC. I'm as well interested on tyring a port of AppArmor for Slack 10.2.

You will experience a great Unixy experience with Slackware and It's proven that it is really rock-solidly stable and has an even longer update support. Upgrading in Slack is now as easy like with the most of the distros by using debian-like slapt-get.

Or you may as well try the easy BSD-like approach of CRUX.
Tks for your advice.

I ran FreeBSD as workstation several years ago but never tried Slackware before. I heard Slackware being a stable and rigid OS. I would like to try it. Are tutorials re building servers, such as web, mysql, email, etc. on Slackware available?

I believe the best Linux OS will be LinuxFromScratch. I built it before but time consuming. Therefore I prefer to have ready-built Linux OS.

Others noted with tks.


B.R.
satimis
 
Old 01-09-2007, 11:03 PM   #72
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Rep: Reputation: 31
Quote:
I ran FreeBSD as workstation several years ago but never tried Slackware before. I heard Slackware being a stable and rigid OS. I would like to try it. Are tutorials re building servers, such as web, mysql, email, etc. on Slackware available
You may start with Slack Book. http://www.slackbook.org/

Go learn fdisk partitioning and it would greatly help. Just google for a howto since I've learned through a Red Hat specific book that I don't have now the copy. Though you can use the menu driven cfdisk. But I'm still comfortable with fdisk and it is not trivial using it - straight forward. Even the partitioning style in OpenBSD is quick and simply straight forward.

You will have no issue compiling any program with Slack because it has all the required librararies stored in the Unix way. Libraries are usually found in /usr/lib; /usr/local/lib and depending on how you compiled a program and that by default it will placed in /usr/local/appname/lib. Everytime you compiled a program, don't forget to add its shared library to the cache using ldconfig:

1. If the libraries are installed in /usr/lib or /usr/local/lib, simply run as root "ldconfig".
2. If it was installed using the default --prefix=/usr/local that would append after the appname's directory, do it this way:

# echo /usr/local/appname/lib >> /etc/ld.so.conf
# ldconfig

To check:

# ldconfig -p |grep libname.so

The URL that I gave will work on Slackware with no show stopper, except maybe with the Postfix mysql queries on *.cf files that failed delevering the mails to respcetive mailboxes. The author modified the *.cf files and the previous one is the one that works. I have still that copy here in my server and in case you would need that, CONTACT ME. This the reason why I'm presently reading on about this topic since I don't yet fully understand everything.

Here my apache build options.

Code:
./configure \
        --sysconfdir=/etc/apache \
        --localstatedir=/var/www \
        --bindir=/usr/local/bin \
        --sbindir=/usr/local/sbin \
        --libexecdir=/usr/local/libexec \
        --libdir=/usr/local/lib \
        --includedir=/usr/local/include \
        --datadir=/var/www \
        --mandir=/usr/local/man \
        --infodir=/usr/local/info \
        --sharedstatedir=/var/www \
        --enable-example \
        --enable-ssl=shared \
        --enable-spelling \
        --enable-rewrite=shared \
        --enable-so \
        --with-ssl=/usr/local/ssl
The document root is as the usual /var/www/htdocs. You will need to first compile OpenSSL or just used the included package. But if you to stay fresh always, this how to to it after unpacking the source.

Code:
$ cd openssl-0.9.xa
$ ./config shared --prefix=/usr/local --openssldir=/usr/local/ssl
$ make
$ make test
$ su
# make install
# echo /usr/local/ssl/lib >> /etc/ld.so.conf
# ldconfig
# mv /usr/bin/openssl /usr/bin/openssl.old
# ln -s /usr/local/bin/openssl /usr/bin
Try it now.

# openssl

Then after the prompt just quit.

Note: Even using the feshest version of OpenSSL, you will still need to install the included package because that will prevent OpenSSH to work.

MySQL build options that were just adpapted and don't me about this since like you I'm still that expert.

Code:
CFLAGS="-O3 -mcpu=pentium4" CXX=gcc CXXFLAGS="-O3 -mcpu=pentium4 \
          -felide-constructors -fno-exceptions -fno-rtti" \
./configure \
        --with-big-tables \
        --with-extra-charsets=all \
        --enable-thread-safe-client \
        --enable-assembler \
        --sbindir=/usr/local/mysql/sbin \
        --libexecdir=/usr/libexec/mysql \
        --datadir=/usr/local/share \
        --sharedstatedir=/var/lib \
        --localstatedir=/var/lib/mysql \
        --sysconfdir=/etc/mysql \
        --libdir=/usr/local/lib \
        --includedir=/usr/local/include \
        --with-mysqld-user=_mysql \
        --infodir=/usr/local/info/mysql \
        --with-libwrap \
        --with-openssl=/usr/local/ssl \
        --with-mysqld-ldflags=-lsupc++ \
        --with-client-ldflags=-lsupc++ \
        --with-extra-charsets=all \
        --with-vio \
        --without-bench \
        --with-debug \
        --without-readline \
        --mandir=/usr/local/man
But before compiling the above, create first your mysql user and here I'm following the OpenBSD pattern when it comes to daemon users names - that is with "_" characted at the start so I can easily tell that user as a daemon.

Code:
# groupadd _mysql
# useradd -c "MySQL Database Server" -d /var/lib/mysql -s /bin/bash -g _mysql _mysql
Then all the rest are on the HOWTO. Also upon completing everything, I'm replacing the login shell with /bin/false to disable it for security. I'm not seeing any related operational issue.

My ClamAV build options:

Code:
./configure --sysconfdir=/etc \
        --disable-clamuko \
        --disable-clamav \
        --with-user=use-amavisd-user-daemon-name \
        --with-group=use-amavisd-user-daemon-group \
        --enable-bigstack \
        --with-libcurl \
        --with-dbdir=/var/lib/clamav
Then follow the howto how to configure ClamAV.

All the above is to help you start quickly as possible.

Slack rc configs and scripts are in /etc/rc.d/ and it has rc.modules to load hardware modules, rc.M to start apps in multi-user mode, rc.6 to shutdown processes on run level 6. These are just shell scripts and we you will not be lost. To enable a program to run on boot-up, simply add an execute bit like "chmod +x /etc/rc.d/rc.httpd". All network config file is in /etc/rc.d/rc.inet1.conf.

Then if you want a simple and highly secure gateway, just use OpenBSD for number of reasons that among others are:

1. easy and english-like syntax
2. stateful inspection
3. Protecting OS clients that poorly choses Initial Sequence Number (ISN) during intial TCP handshakes to prevent session hijacking.
4. anti-spoofing
5. spoofed TCP Syn flooding proxying to protect an internal internet server
6. packet normalization to protect internal intrusion detection devices against attacks
7. sessions & connections states tracking to prevent DoS and ssh dictionary attacks. No need for external programs or scripts to tho this.
8. internet load balancing and link redundancy or firewall clustering
7. Path-MTU discovery and windows traceroute facilitation by simply specifying unreach and echoreq as the only ICMP options and you won't be afraid to have ICMP in your box.
9. easy to configure IPSec site-to-site or for road warriors

-----------
GANI
 
Old 01-16-2007, 11:26 PM   #73
satimis
Senior Member
 
Registered: Apr 2003
Posts: 3,428

Original Poster
Rep: Reputation: 53
Hi gani,

Tks for your detail advice.

I'll start another topic on your advice if needed. Otherwise it will be completely off topic.


B.R.
satimis
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange Ping Issue - Can't ping localhost but can ping others on LAN code_slinger Linux - Networking 13 03-17-2011 03:47 AM
"ping xxx.abc.local" ok but "ping xxx" fail powah Linux - Networking 2 10-13-2006 09:16 PM
ping fail from local lan to IPCop mrpc_cambodia Linux - General 3 04-03-2006 05:32 PM
ping lab machine fail but internet ok powah Linux - Networking 1 10-11-2005 11:50 AM
Ping continues to fail after remote host recovers cahenesy Linux - Networking 7 04-19-2004 04:16 PM


All times are GMT -5. The time now is 07:20 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration