Quote:
|
Originally Posted by flatstan
Hi Drokmed, sorry for the delay in getting back to you. I tried your suggestion but no go. I would be grateful for the complete set of commands when you have time. Regards.
|
Heya!
I'm glad to hear you are still interested in linux! I was wondering if you had got the routing working.
I usually configure the nat/routing at the installation time, so the commands I use are useful only during a fresh install. I have been working on a how-to document that I use to build servers for clients. I have cut out an excerpt that covers what you are looking for. I hope you find it useful.
Good Luck!!!!
=======
OpenSUSE Installation Instructions:
Minimum/Recommended Hardware Requirements:
If you intend to make this a production server, don't be a cheapskate. Whip out $600 at Best Buy and buy a decent pc. I'd recommend an Athlon 64-bit (yes I have tested the suse 64-bit version), with 1 GIG RAM (minimum), a DVD burner (for backups), and a big fat hard disk.
Don't forget to buy the 2nd NIC (this server will also be the Internet router/firewall/gateway).
Note: You do not want a bleeding edge machine that has extremely new hardware, because the linux drivers for that hardware may not yet exist. Although OpenSUSE does a fantastic job of supporting more hardware than any other distribution (seriously), there's still a chance some new hardware support hasn't been included yet, at least on the install DVD. I've bought and used the mid-level E-Machines and HP pc's from Best Buy, and they work just fine. For a complete list of supported hardware, see OpenSUSE's hardware compatibility list at:
www.opensuse.org
Pre-installation Lab setup:
Your lab will need:
1 server pc (with the 2nd NIC already installed)
1 ethernet router (linksys or equivalent, has multiple LAN ports, no wireless necessary)
1 ethernet switch or 1 crossover cable
2 test pc's (at least one, with dual-boot OpenSUSE and Windows)
ethernet cables
I assume you will be building this server, like I do, connected to a production network that has internet access, either at home or the office, and will later deliver it to your customer. If the network you are connecting to uses the 192.168.1.0/24 network, then you have a problem. I have the same problem. I have a spare router (linksys) that I use to put between my production network and this server I'm building. If you do not have a spare router, pick one up at Best Buy for about ~$40. It's a good investment. Have plenty of Ethernet cables too.
Connect everything as follows:
-connect an Ethernet cable from your production network to the uplink port of the router (the linksys router, not the server)
-connect an ethernet cable from a LAN port on the router to the WAN port of the server (we'll verify this connection again later)
-connect another ethernet cable from a LAN port on the router to the Internet test pc. We will use this pc to reconfigure the linksys router (change it's default LAN addressing to 192.168.2.0/24), as well as test connectivity to the server from the Internet side, ie email access, vpn, etc.
-connect an ethernet cable from the LAN port of the SERVER to an ethernet switch
-connect an ethernet cable from the ethernet switch to the 2nd test pc (the LAN pc). The LAN pc will be used to test access to the server as a LAN workstation, verifying access, remote control, and access to all services as a standard LAN user.
Please note: if you want, you can replace the ethernet switch and two cables with just one crossover cable.
Pre-installation software downloads:
You have to download and burn two products to DVD/CD: OpenSUSE and Scalix.
Download the OpenSUSE 10.2 DVD (the DVD includes additional hardware drivers including non-GPL drivers from ATI and NVIDIA). Download the 32-bit version if using a 32-bit CPU, or the 64-bit version if using a 64-bit CPU. I've used both. They both work. I'd recommend a 64-bit CPU because it processes data at twice the throughput. True, many tasks have not yet been optimized for 64-bit, but they eventually will. You should plan for the future, not obsolescence.
Download the Scalix Email/Calendar server software from here:
www.scalix.com/community
You will notice Scalix offers a community (open source) edition, and an enterprise edition. They are both the same software! When you buy the enterprise edition, you install a license key which basically enables some advanced features. Some customers will later choose to buy the enterprise edition. However, most small businesses will be very happy with the community edition we install here.
Install OpenSUSE 10.2:
Install using the OpenSUSE 10.2 install DVD. Don't bother with the CD's. Do a normal install. If you have an existing windows partition, your call if you want to keep it. At least shrink it. You will need at least 6GB free disk space, but you will want MUCH MORE if your server will do anything useful. Most new pc's have 100+GB disks.
OK, boot the installer, and start the installation.
Timezone: set to use local time (emails will be set to this timezone)
Partitioning: Unless you have a plan for your linux partitioning, I recommend you make a swap partition (twice the size as RAM) and put the rest into the root partition. Since users will never login directly on this server, there is no reason for a separate /home partition (unless you intend to let users store files in a personal directory). For experienced people, use LVM and create a separate /var for the email server, /srv for the ftp/website, /shares for the file server, etc.
Hostname and Domain Name: make sure these names are final. WRITE THESE DOWN!!! You will not be able to change these later! Verify this with your client! If your hostname is SERVER, and they already have a host named SERVER, you are screwed. Try SERVER1, or LINUX-SRVR or SUSE-SERVER or ABAZABA-SRVR etc.
Graphical User Interface:
-select gnome
Note: for you KDE fans, I select gnome because it is easier for windows people to learn and use. True, KDE in many ways is more advanced, but not as intuitive, which is the goal here.
Network Mode: leave on Traditional (do not use the NetworkManager Applet)
Firewall: leave enabled
SSH port: change to open
Network Interfaces:
This is absolutely critical. It should recognize both NICs. The first NIC should be configured to use DHCP. Leave that NIC alone.
The second NIC is currently unconfigured. Let's configure it now:
-click on Network Interfaces
-edit the second NIC
-change to static address
-assign address: 192.168.1.1
-routing button: enable IP forwarding
NOTE: At this point, make sure you WRITE DOWN which NIC is which! For example, on my PC, the Compaq NIC is dhcp, and the Linksys NIC is static. You will need to identify them before plugging your two ethernet cables in.
Firewall: should now have message it detected an additional NIC. Click on it:
-interfaces: change the static NIC to internal zone
-allowed services on external zone: add: HTTP server, HTTPS server, IMAP server, IMAPS server, Mail server, POP3 Server, POP3S Server
-click on Masquerading: enable Masquerade Networks
-click on Accept
Note: In the firewall, we do not want to open external zone ports to allow access to things like vnc, webmin, etc. For added security, they can only be accessed through a vpn tunnel.
Remote Administration:
-enable it (we're not initially using this version, but it's enabled in case you later want it).
That's it for network configuration.
WARNING: Before clicking Next, you MUST have your Ethernet cables correctly connected. Plug them in now. The NIC with dhcp is your WAN NIC. The NIC with the static IP address is the LAN NIC. WRITE THIS STUFF DOWN!!!! I physically label the NICs on the back of the server itself, next to the ports. Tape a “WAN” label to the WAN NIC, and a “LAN” label to the LAN NIC. Trust me, you will kick yourself HARD later if you DO NOT do this!!!
OK, when you press Next, the server will activate both NICs, request the dhcp info from the WAN side, and populate the routing table. If it cannot get dhcp info, or if there is an address conflict or other problem, you must troubleshoot it before proceeding.
The next screen is the Test Status. It will attempt to download the latest release notes from the Internet. THIS MUST SUCCEED. If it fails, you have a network problem. You must troubleshoot your network, then click BACK, then Next again (to re-initialize the NICs). If you do not resolve this now, the entire install will be foiled.
Novell Customer Center Configuration: accept defaults: next
Accept all updates. Apply all patches.
Register additional Installation sources:
-check all three
-register now: yes
User Authentication method: Local. Please note: even though this server will provide LDAP services, we do not want any users logging directly in to this server. There will only be two login accounts on this server: root and administrator.
New Local User:
-User's Full Name: Administrator
-Username: administrator
-Password: makeoneupcanchangeitlater
-Confirm Password: makeoneupcanchangeitlater
-Receive System Mail: YES
-Automatic Login: NO
Hardware Configuration: tweak as you like
-Graphics: I recommend you set the graphics to 1024x768 resolution, and colors to 65536 (16-bit). Remember, we are going to remote control this server. Higher resolutions wont fit on remote machines, and too many colors just eats up memory, and drastically slows down the remote controlled connection.
-Printers: If you know what printer they have, you can install it now. I usually wait until the server is in place, and the printer connected, before I setup the printer.
That's it! Finish. System will reboot.
ABAZABA Installation Instructions:
Login as administrator
Chances are the Software Updater ICON will signal there are updates available. Go ahead and install those first. You will be prompted to Add Privileged User. Do it.
Install all updates. Some updates may require a reboot. Finish all updates.
Customize Desktop:
Let's add some launcher icons to the panel. This is purely individual preferences, however I try to help the Administrator that will manage this server. Personally, I don't like the new menu system, but I leave it on, and show the customer my laptop (classic gnome menu), then let them decide.
-Click on Computer, More Applications
-find YaST, drag it to the panel, right side
-same for: Printers, Install Software, Remove Software, Home Folder, Network Servers, Network Tools, Disk Usage Analyzer, Firefox, Gnome Terminal
Configure YaST:
First, we need to modify the installation settings in YaST.
Launch YaST. It's the green icon towards the lower right of the screen. You will become very familiar with the YaST tool. It is excellent. It is the main reason OpenSUSE is the leading linux distribution.
YaST->Software->Installation Source
These are the sources where SUSE will search when you wish to install additional software. We are going to tweak this list.
First, we want to install from Internet sources only. We do not want SUSE prompting to insert the dvd every time we try to install something.
Find the line that looks like: cd:///?devices=/dev/hdc
-click on Source Settings: disable
Find the line that has “oss” at the end (not the non-oss line)
-click on Source Settings: enable
Note: we added the non-oss and debug sources to the list, but have not yet enabled them. We want these here just in case we decide to use them in the future.
We're done. Click Finish.
YaST will now say 'Synchronizing with ZENworks'. This takes a while. The server is now reading all file information from each of the sources we just enabled. Let this finish. This takes longer than it should. Hopefully OpenSUSE will improve this in future versions.
When it's done, we are ready to start building our server.
Install DNS Server:
This server will provide DNS services for the LAN/intranet/internal zone. We want the server to automatically learn all DNS information from the dhcp client (WAN), and share it with the local network. This can be done automatically. We do not have to manually enter the DNS servers into the /etc/resolv.conf file.
YaST -> Software -> Install
-Search for: DNS
-check these packages for installation: bind, yast2-dns-server
-click Accept
-Installer will inform you three additional packages are required: bind-chrootenv, perl-Parse-RecDescent, perl-X500-DN
-click Continue
YaST will now download these from the Internet, and install them.
-will eventually ask: Install or remove more packages? click No
-close YaST
Since we just installed the yast2-dns-server module, we have to restart YaST to see it as one of the options in the menu.
Configure DNS Server:
YaST -> Network Services -> DNS Server
-select: PPP Daemon Sets Forwarders
-click Next
In the Add New Zone Name box, you MUST enter the IDENTICAL name you choose during installation. If you forget what it is:
-open a terminal (click on Gnome Terminal icon)
You will get a prompt that looks like:
administrator@server1:~>
-type: cat /etc/hosts
administrator@server1:~> cat /etc/hosts
(multiple lines not shown here)
OK, the last line will look something like:
192.168.1.1 server1.abazaba.org server1
(In this example, the domain name is abazaba.org)
-in the Name box, enter the correct domain name
(for example, in the Name box, I entered: abazaba.org)
-click Next
-change startup behavior to: On: Start Now and When Booting
-click Finish
The DNS Server is now configured and running. To verify:
-open a terminal (click on Gnome Terminal icon)
-type: ps -e | grep named
You should see a line with named in it:
administrator@server1:~> ps -e | grep named
3821 ? 00:00:00 named
administrator@server1:~>
-now try: cat /etc/resolv.conf
The last lines should have a search line of your own domain, then nameservers listed afterwards.
Install DHCP Server:
This server will provide DHCP services for the LAN/intranet/internal zone. We want the server to automatically learn all DNS information from the dhcp client (WAN), and share it with the local network, via the DHCP client requests.
YaST -> Software -> Install
-Search for: DHCP
-check these packages for installation: dhcp-server, yast2-dhcp-server
-click Accept
YaST will now download these from the Internet, and install them.
-will eventually ask: Install or remove more packages? click No
-close YaST
Since we just installed the yast2-dhcp-server module, we have to restart YaST to see it as one of the options in the menu.
Configure DHCP Server:
YaST -> Network Services -> DHCP Server
-select the NIC that is using address 192.168.1.1 and click Select
-click: Open firewall for selected interfaces
-click Next
Fill-in the fields:
-Domain Name: abazaba.org (or whatever yours is)
-Primary Name Server IP: 192.168.1.1
-Default Gateway: 192.168.1.1
-NTP Time Server: 192.168.1.1
-Print Server: 192.168.1.1
-WINS Server: 192.168.1.1
-click Next
Fill-in the dhcp address range. How many do you need? Here is an example that allocates 150 dhcp addresses. If you need more, modify as desired:
-First IP Address: 192.168.1.50
-Last IP Address: 192.168.1.200
-click Next
Change:
-Service Start to: When Booting
-click Finish
To verify it is working:
-open a terminal (click on Gnome Terminal icon)
-type: ps -e | grep dhcpd
You should a line with dhcpd in it, like so:
administrator@server1:~> ps -e | grep dhcpd
3840 ? 00:00:00 dhcpd
administrator@server1:~>
You are now ready to connect the LAN test pc to the server.
Connect to server from the local LAN test pc:
I'm assuming your remote PC is naturally running OpenSUSE 10.2. If you are running Windows, you will need to perform it's equivalent tasks. I recommend you use a dual-boot PC for a test workstation, that has both Windows and OpenSUSE. We will want to test from both platforms.
You can now connect your test PC to the LAN side of the server, and connect to the server! Make sure the PC is configured to use a dhcp client, to request it's info from the server. If it is already connected, the SUSE pc will auto-detect just by unplugging/reconnecting the ethernet cable on the SUSE pc. For Windows, you will have to tell the network connection program to disable/re-enable the interface, to force it to get a new dhcp address.
Lets try some pings to verify we have connectivity from our remote linux PC:
-open a terminal (click on Gnome Terminal icon)
-type: ping 192.168.1.1
-type: ping server1 (or whatever you named it)
-type: ping
www.yahoo.com
Note: if you can't ping everything, you need to find out why. Are you running a dhcp client on the local pc? Are the cables plugged in the right places? Is the switch on? Troubleshoot it. Check ifconfig, netstat, route, arp, etc.
If we can ping it, we can ssh to it:
-type: ssh administrator@192.168.1.1
The first time you ssh to the server from each pc, it should respond with a message like:
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
RSA key fingerprint is 77:44:4a:7b:6c:04:16:14:5b:74:22:c4:8b:78:3a:b8.
Are you sure you want to continue connecting (yes/no)?
-enter: Yes
The server will then say:
Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
Password:
-enter the administrator password
You should now be logged in, and the prompt will look something like:
administrator@server1:~>
-enter: who
administrator@server1:~> who
administrator :0 2007-02-01 16:30
administrator pts/0 2007-02-01 16:32 (:0.0)
administrator pts/1 2007-02-01 18:13 (192.168.1.134)
administrator@server1:~>
Let's try a few commands:
administrator@server1:~> df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/hda2 5692436 3112148 2291120 58% /
udev 128188 100 128088 1% /dev
administrator@server1:~>
administrator@server1:~> su -
Password:
server1:~ # ifconfig
eth0 Link encap:Ethernet HWaddr 00:14:BF:57:35:46
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::214:bfff:fe57:3546/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:552 errors:0 dropped:0 overruns:0 frame:0
TX packets:318 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:51191 (49.9 Kb) TX bytes:43873 (42.8 Kb)
Interrupt:11 Base address:0x2400
eth1 Link encap:Ethernet HWaddr 00:50:8B:74:C7:6B
inet addr:192.168.2.100 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::250:8bff:fe74:c76b/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26964 errors:0 dropped:0 overruns:0 frame:0
TX packets:16108 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:38209469 (36.4 Mb) TX bytes:1205477 (1.1 Mb)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:830 errors:0 dropped:0 overruns:0 frame:0
TX packets:830 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:59005 (57.6 Kb) TX bytes:59005 (57.6 Kb)
server1:~ #
server1:~ # netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth1
server1:~ #
server1:~ # arp -a
? (192.168.2.1) at 00:12:17:00:F4:68 [ether] on eth1
? (192.168.1.134) at 00:0D:56:7A:68:72 [ether] on eth0
server1:~ #
OK, ssh works! Time to get the VNC server working.
Configure VNC Server:
OK, we're now ready to enable the VNC remote control software, so we can perform the rest of the installation remotely, from any linux or windows machine.
There are two types of the VNC servers installed on OpenSUSE servers by default. We want the one that remote controls the current session on the server (the other one creates an independent session, which we may enable later if we wish).
To configure the VNC server:
-click Computer
-click Control Center
-in the hardware section, click Graphics Card and Monitor
-enter the administrator password if prompted
SaX2: X11 Configuration program:
-click on Remote Access
-enable: Allow access to display and keyboard/mouse of your X Server
-enable: Activate Password Protection
-enter password: (use the administrator password)
-leave multiple connections disabled
-enable: Activate HTTP access
-leave default port to 5800
You will get a message to test the server:
-click Test
You will get a message stating ports 5900 and 5800 need to be opened in the firewall. We dont need to worry about this. We will not be opening these ports to the external zone (Internet). The internal zone (LAN) is not blocking anything, so we can access this from any local pc.
-click OK
A screen will appear to adjust the screens dimensions. Leave this alone.
-click Save
A configuration saved message will tell you to restart the graphics system.
-click Yes (to exit program)
Close all Windows, and logout.
Now return to your test pc:
-open a gnome terminal
-ssh to the server
-become superuser (root), enter: su -
-restart the graphics system, enter: rcxdm restart
administrator@server1:~> su -
Password:
server1:~ #
server1:~ # rcxdm restart
Shutting down service gdm done
Starting service gdm done
server1:~ #
Watch the server. The screen should clear, then restart to the login screen.
On the server, go ahead and login as administrator.
On the test pc, lets try to remote control the server:
-from your workstation PC, open a terminal:
-enter: vncviewer 192.168.1.1
-enter the password
Viola! The remote control window should open on your screen, and you are now looking at whatever is currently displayed on the server. You have control of the servers mouse and keyboard. Try moving the mouse around on your test pc. It should also move on the server. Right-click, open a terminal, and type some commands. Pretty cool, eh? We now have remote control of the server.
I have two computers, each with HDD trays, I have Internet access through a Cable Modem, each box has a 10/100 NIC & they are connected with a crossover cable. 
