Connecting to a remote linux system which does not have a Static IP

My Scenario

I have a System at home with a Linux Running on it.
I do not have a Public IP assigned by my Internet Service Provider.

The home IP is 10.10.X.X

But my Work Place has a Public IP on their Linux Systems
202.X.X.X to which I have Access.

Now I want to access my Home Linux System from Work.

This is Possible using Reverse SSH.

Step 1
I do the following at home :

#ssh -R 2048:localhost:22 202.x.x.x

It will prompt you for password of the Work System which
has a Public IP(202.x.x.x), give the password and login

Once you have looged in to Work(202.x.x.x),Follow Step 2:

Step 2
Work System (202.X.X.X) I give,

#ssh -p 2048 localhost

This will connect to my home system from work.

Now I need to give the password for my home system.

By using a reverse tunnel, I maintain all of the control on the
home system from my work place.

Linux – Tune your IDE Hard Disk

hdparm is a tool for altering various parameters associated with IDE drives. This involves things like the block prefetch, the DMA/PIO modes, and a number of other things.

hdparm –help

shows a list of all available options. To get more information about your hard disk, run

hdparm -i /dev/hda

This will look like:

/dev/hda:

Model=ST94019A, FwRev=5.11, SerialNo=3KW5V2FK
Config={ HardSect NotMFM HdSw>15uSec Fixed DTR>10Mbs RotSpdTol>.5% }
RawCHS=16383/16/63, TrkSize=0, SectSize=0, ECCbytes=4
BuffType=unknown, BuffSize=2048kB, MaxMultSect=16, MultSect=16
CurCHS=16383/16/63, CurSects=16514064, LBA=yes, LBAsects=78140160
IORDY=on/off, tPIO={min:240,w/IORDY:120}, tDMA={min:120,rec:120}
PIO modes: pio0 pio1 pio2 pio3 pio4
DMA modes: mdma0 mdma1 mdma2
UDMA modes: udma0 udma1 udma2 udma3 udma4 *udma5
AdvancedPM=yes: unknown setting WriteCache=enabled
Drive conforms to: ATA/ATAPI-6 T13 1410D revision 2:

* signifies the current active mode

To see how fast your hard disk currently is execute

hdparm -tT /dev/hda

Output:

/dev/hda:
Timing buffer-cache reads: 1496 MB in 2.00 seconds = 748.00 MB/sec
Timing buffered disk reads: 62 MB in 3.23 seconds = 19.20 MB/sec
[root@mybox jabber]#

Now you can run

hdparm -c1 -d1 -X 66 /dev/hda —- (I choose 90, instead of 60)

to tune your hard disk. The X flag stands for the transfer mode (PIO: 8; DMA: 32; U-DMA: 64) + the number of the mode (2 for udma2: 64 + 2 = 66).

Now run

hdparm -tT /dev/hda

again, and if you’re lucky, your hard disk should have become “faster”.

Now My output is :

[root@mybox jabber]# hdparm -tT /dev/hda

/dev/hda:
Timing buffer-cache reads: 1516 MB in 2.00 seconds = 758.00 MB/sec
Timing buffered disk reads: 76 MB in 3.00 seconds = 25.33 MB/sec
[root@mybox jabber]#

You can see difference in performance now.

TO verify that DMA in enabled for your Harddisk :

[root@localhost ~]# hdparm -d /dev/hda

/dev/hda:
using_dma = 1 (on)

If DMA is not enabled, enable it by issuing the following command:
hdparm –d 1 /dev/hda

To verify 32 bit Transfers are enabled :
[root@localhost ~]# hdparm -c /dev/hda

/dev/hda:
IO_support = 0 (default 16-bit)

To Enable 32 bit Transfers :

[root@localhost ~]# hdparm -c 1 /dev/hda

/dev/hda:
setting 32-bit IO_support flag to 1
IO_support = 1 (32-bit)

Disk Read Test :

[root@localhost ~]# hdparm -T -t /dev/hda

/dev/hda:
Timing cached reads: 1816 MB in 2.00 seconds = 906.78 MB/sec
Timing buffered disk reads: 42 MB in 3.14 seconds = 13.38 MB/sec
[root@localhost ~]#

Note : 1 – To Enable , 0 – To Disable

Mailman – Faq

Learn more about Mailman Features and Installation

Where can I view all the Public Mailing List
available with Mailman ?
– http://mybox.sriram.com/mailman/listinfo

How can one Subscribe, Unsubscribe or login to Subscribers list ?
– http://mybox.sriram.com/mailman/listinfo/list-name

list-name=name of the list to which you want to subscribe

Once you Subscribe you will get a mail to the mail Id you have
mentioned in the Subscription details :

You will have to click the link in mail and Subscribe.

How does a Admin Create and Manage the Mailing list

General Admin Login:
– http://mybox.sriram.com/mailman/admin

Create a new List:
Web Based – http://mybox.sriram.com/mailman/create

Console –
#cd /usr/lib/mailman/bin
[root@mybox bin]# ./newlist mailman
enter the email of the person running the list: sriram@sriram.com
Initial mailman password:
Hit enter to notify mailman owner…

Manage a Particular list with admin login :
-http://mybox.sriram.com/mailman/admin/list-name

Points to note :

Make Sure your Mail Server settings are proper
that it is able to send and receive mails to internal
users you might want to subscribe.

Configuration file for setting up mail server with Mailman
#cat /usr/lib/mailman/Mailman/mm_cfg.pySetting Up Mailman Administration Password
#cd /usr/lib/mailman/bin
[root@mybox bin]# ./mmsitepass
New site password:
Again to confirm password:
Password changed.

Installing Mailman

In the Previous Post I have explained Mailman.

Here I will go about Installing Mailman —

Installing Mailman through source is pain in the neck.

Like you need to configure group, user , setuid etc ….

If you have no other work then you try that way.

I have installed this through RPM :

The Steps I followed were :

[root@mybox mailman]# urpmi mailman
To satisfy dependencies, the following packages are going to be installed (32 MB):
libpython2.3-2.3-3.1.92mdk.i586
mailman-2.1.2-9.4.92mdk.i586
python-2.3-3.1.92mdk.i586
python-base-2.3-3.1.92mdk.i586
Is this OK? (Y/n) Y
medium “contrib” uses an invalid list file:
mirror is probably not up-to-date, trying to use alternate method

ftp://ftp.is.co.za/mirror/mandrivalinux/old/updates/9.2/RPMS/
./libpython2.3-2.3-3.1.92mdk.i586.rpm
ftp://ftp.is.co.za/mirror/mandrivalinux/old/updates/9.2/RPMS/
./python-base-2.3-3.1.92mdk.i586.rpm
ftp://ftp.is.co.za/mirror/mandrivalinux/old/updates/9.2/RPMS/
./python-2.3-3.1.92mdk.i586.rpm
ftp://ftp.is.co.za/mirror/mandrivalinux/old/updates/9.2/RPMS/
./mailman-2.1.2-9.4.92mdk.i586.rpm
installing /var/cache/urpmi/rpms/python-2.3-3.1.92mdk.i586.rpm /var/cache/urpmi/rpms/python-base-2.3-3.1.92mdk.i586.rpm /var/cache/urpmi/rpms/libpython2.3-2.3-3.1.92mdk.i586.rpm /var/cache/urpmi/rpms/mailman-2.1.2-9.4.92mdk.i586.rpm
Preparing… ##################################################
1:libpython2.3 ##################################################
2:python-base ##################################################
3:python ##################################################
4:mailman ##################################################
Post-install compilation…
Reloading httpd2: [ OK ]

*****
* You must now “cd /usr/lib/mailman/; ./bin/mmsitepass” as root to set the
* site password to be used for administrating all Mailman data as necessary.
*****

*****
* You must also “cd /usr/lib/mailman/; su -c “./bin/newlist mailman” mail” as root to
* setup the base mailman maillist – answer the questions appropriately.
*****

*****
* You should then issue the command “service mailman start” as root to start the server.
*****

Setting Up Mailman Administration Password
#cd /usr/lib/mailman/bin
[root@mybox bin]# ./mmsitepass
New site password:
Again to confirm password:
Password changed.

Creating a New List
[root@mybox bin]# ./newlist mailman
Enter the email of the person running the list: sriram@sriram.com
Initial mailman password:
Hit enter to notify mailman owner…

Since I am using Postfix I added the aliases in /etc/postfix/aliases

mailman: “|/usr/lib/mailman/mail/mailman post mailman”
mailman-admin: “|/usr/lib/mailman/mail/mailman admin mailman”
mailman-bounces: “|/usr/lib/mailman/mail/mailman bounces mailman”
mailman-confirm: “|/usr/lib/mailman/mail/mailman confirm mailman”
mailman-join: “|/usr/lib/mailman/mail/mailman join mailman”
mailman-leave: “|/usr/lib/mailman/mail/mailman leave mailman”
mailman-owner: “|/usr/lib/mailman/mail/mailman owner mailman”
mailman-request: “|/usr/lib/mailman/mail/mailman request mailman”
mailman-subscribe: “|/usr/lib/mailman/mail/mailman subscribe mailman”
mailman-unsubscribe: “|/usr/lib/mailman/mail/mailman unsubscribe mailman”

Web Configuration – Add this to your httpd.conf file

ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/

AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all

Alias /pipermail/ /usr/lib/mailman/Mailman/Archiver/

Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all

Restart Web Server

[root@mybox conf]# /etc/rc.d/init.d/httpd restart
Shutting down httpd2: [ OK ]
Starting httpd2: [ OK ]
[root@mybox conf]#

[root@mybox conf]# cd /usr/lib/mailman/cron
[root@mybox cron]# crontab -u mailman crontab.in

This Lines were already Mentioned in my file I did not
make any changes

Configuration File for Mailman

#cat /usr/lib/mailman/Mailman/mm_cfg.py

# Put YOUR site-specific settings below this line.
DEFAULT_EMAIL_HOST = ‘mybox.sriram.com’
DEFAULT_URL_HOST = ‘mybox.sriram.com’
add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)
MTA = ‘Postfix’

Now start Mailman Services
/etc/rc.d/init.d/mailman start

Uses a daemon, qrunner, which must be started: (as root)

Url For Administration
http://localhost/mailman/admin/

Url for the list that you created (eg I created mailman above)

To visit the list :

http://localhost/mailman/listinfo/
http://localhost/mailman/listinfo/mailman

I will add FAQ’s soon

Mailman – The Mailing List Manager

There are lots of mailing list available but Mailman has got
some advanced features like :

– Web based interface for management of lists.

– A customizable home page for each mailing list.

– Better membership management, including searching

– Invitations

– Users can now change some of their delivery options globally, for all lists at a site, including their password, delivery status, real name, etc.

– Mailman will also save list emails for archive and viewing via the web. A full featured email web based interface is also provided for list members and list administrators.

– It allows to control who can send/post and who can not.

– Users can Subscribe / Unsubscribe through web based Interface.

– Content Filtering

– Auto Responder

What do you need for Configuring Mailman ?

Mailman is written in the Python programming language, with a little bit of C code for security.

You will need,

Gcc Compiler
Python installed (#which python)
Webserver ——————————- Preferably Apache
MailServer(MTA)————————Sendmail/Postfix/Exim/qmail etc ….

Here I will discuss :

– Part 1 – Installation of Mailman
– Part 2 – FAQ

FreeBSD – Updating Ports

The FreeBSD ports collection offers a simple way for users and administrators to install applications. The ports made FreeBSD quite popular. Keeping ports up to date is an essential task.

(1) Install cvsup
If you never upgraded freebsd ports collection then first step is required; otherwise skip this step and goto step # 2

#pkg_add -r cvsup-without-gui
#mkdir /usr/ports

CVSup is a software package for distributing and updating collections of files (ports) across a network.

(2) Update ports collection/tree

#cvsup -L 2 -h cvsup9.FreeBSD.org /usr/share/examples/cvsup/ports-supfile

Above step will take some to fetch files and
it will update your ports collection.

Note if you got an error as follows:

“Rejected by server: Access limit exceeded; try again later
Will retry at 01:36:41″

Then replace cvsup9.FreeBSD.org with cvs8.freebsd.org, cvs7.freebsd.org etc. You are done.

Running the cvsup command later agian will download and apply all the recent changes to your Ports Collection, except actually rebuilding the ports for your own system. Next time you will see howto use the portupgrade utility to upgrade installed ports.

Update: You can use portsnap command. It is an alternative system for distributing the Ports Collection. It was first included in FreeBSD 6.0. Install portsnap as follows:

#mkdir /usr/ports
#pkg_add -r portsnap
#portsnap fetch
#portsnap extract
#portsnap update

Please Note Before Installing Ports enable Security Port Auditing to avoid any
Vulnerabilities :

A port called portaudit provides a system to check if installed ports are listed in a database of published security vulnerabilities. After installation it will update this security database automatically and include its reports in the output of the daily security run. If you get message like as follows

Vulnerability check disabled, database not found

Then you need enable this small port:

1)Install port auditing (login as root)
# cd /usr/ports/security/portaudit

2) Install portaudit:
# make install

3) Fetch the database so that port auditing get activated immediately. By default it install a shell script ‘portaudit’ in /usr/local/etc/periodic/security/:
# /usr/local/etc/periodic/security/*portaudit

4) portaudit script automatically get called via FreeBSD’s periodic (cron job) facility. So your database get updated automatically eyerday.

5) Portaudit in action. Let us assum you would like to install port called sudo. If it has known vulnerabilities it will not install sudo:
# cd /usr/ports/security/sudo
# make install

Example

===>  sudo-1.6.8.7 has known vulnerabilities:
=> sudo -- local race condition vulnerability.
Reference: &tt;http://www.FreeBSD.org/ports/portaudit/3bf157fa-
e1c6-11d9-b875-0001020eed82.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/security/sudo.

#/usr/local/sbin/portaudit -Fda

This will list if any installed packages are affected.

Loading Kernel Modules in FreeBSD

Like Linux, the FreeBSD kernel supports the loading and unloading of modules. This allows an administrator to add or remove driver support without having to recompile the kernel or reboot the system. The possible modules are the files ending with the .ko extension in /boot/kernel.

To list the currently loaded modules:

root@freebsd# kldstat
Id Refs Address Size Name
1 7 0xc0400000 63070c kernel
2 16 0xc0a31000 568dc acpi.ko
3 1 0xc14de000 15000 linux.ko
root@freebsd#

If you’re curious as to the meaning of each of the columns, see man 2 kldstat. Note that the usage and output is similar to Linux’s lsmod command.

Linux also provides the insmod and rmmod commands to load and unload modules. The FreeBSD equivalents are kldload and kldunload.

For example, to load USB scanner support:

#kldload uscanner.ko

To remove it when you are finished

#kldunload uscanner.ko

Loading something that is already statically compiled into the kernel produces this error message:

root@freebsd# kldload acpi.ko
kldload: can’t load acpi.ko: File exists

If you don’t know what a module does, ask whatis. Suppose that I’m curious about the module if_pcn.ko. I won’t include the .ko in my query. I also won’t include the if_; it categorizes the module as an interface type. (Similarly, snd_ represents the sound category.) That leaves pcn, making this command:

root@freebsd# whatis pcn
pcn(4) – AMD PCnet/PCI Fast Ethernet device driver

I think my NIC might fall into that category. man 4 pcn gives the actual NIC models covered by this particular kernel module.

Check this for more info on Freebsd Basics.

Installing Perl Modules in FreeBSD

I needed the following modules to be installed

Digest::SHA1
Digest::HMAC
Net::DNS
Time::HiRes
HTML::Tagset
HTML::Parser
Pod::Usage
Parse::Syslog
Statistics::Distributions

There are 3 main ways of doing it

1. The old fashioned way (CPAN) – Go to http://www.cpan.org, download the needed module, read the “INSTALL” file and away you go.

2. Using the pkg_add utility – This is the best method because the pkg_add utility AUTOMATICALLY installs any dependencies that may be needed for these Perl modules to be installed. This saves lots of time and hassle.

As root, run the following commands:

pkg_add -r p5-Time-HiRes
pkg_add -r p5-Net-DNS
pkg_add -r p5-Digest-SHA1
pkg_add -r p5-Digest-HMAC
pkg_add -r p5-HTML-Tagset
pkg_add -r p5-HTML-Parser
pkg_add -r p5-Parse-Syslog
pkg_add -r p5-Pod-Parser
pkg_add -r p5-Statistics-Distributions

3. The easy way (The Ports Collection) – The Freebsd ports collection has made a lazy man out of me. They make all this crap so easy.

On my server, I found the needed ports in the following locations:

Time::HiRes – /usr/ports/devel/p5-Time-HiRes
Net::DNS – /usr/ports/dns/p5-Net-DNS
Digest::SHA1 – /usr/ports/security/p5-Digest-SHA1
Digest::HMAC – /usr/ports/security/p5-Digest-HMAC
HTML-Tagset – /usr/ports/www/p5-HTML-Tagset
HTML::Parser – /usr/ports/www/p5-HTML-Parser
Pod::Usage – /usr/ports/textproc/p5-PodParser
Parse::Syslog – /usr/ports/textproc/p5-Parse-Syslog
Statistics::Distributions – /usr/ports/math/p5-Statistics-Distributions

Simply cd into each packages directory as shown above and run: make install && make clean

Note: If you find that the directory “/usr/ports” does not exist, it means you don’t have the ports collection. You can get the latest Freebsd ports tree at ftp://ftp.freebsd.org/pub/FreeBSD/ports/ports/ports.tar.gz (anonymous login)

Damn! Now wasn’t that easy?

FreeBSD FAQ

I have FreeBSD installed and with it I had couple of issues.

Problem No. 1

When I installed apache using the ports

cd /usr/ports/www/apache21/

make install clean

It had also fetched tcpwrappers which I was not aware of.

When I tried connecting to it locally it wont allow me to connect it says

Connection refused

So I had to add this entry to /etc/hosts.allow

sshd :192.168.0.10: ALLOW

192.168.0.10 is the system from where I am connecting.

Note : By default freeBSD root access through ssh is disabled.

Also make sure your nameserver entries are properly configured in your freebsd.

/etc/resolv.conf

If its able to resolve to external domains.

After adding the above entry I am able to ssh from 192.168.0.10

Problem No. 2

Now its the turn of http… when I try to do a http://192.168.0.10

It says Connection refused … this was wired since I was using http service for some time now with my freebsd and all was well with it.

The settings in

/usr/local/etc/apache2/httpd.conf

were fine this was Listenning to port 80 on FreeBSD lnc0

/usr/local/etc/rc.d/apache2.sh start

wont start either.

I could see netstat did not show http running.

I tried

/usr/local/sbin/httpd this worked but is not a proper way to start http

After searching forums and IRC, I have added

apache2_enable=”YES”

to

/etc/rc.conf

I used apache2 since in rc.d its mentioned

/usr/local/etc/rc.d/apache2.sh

freebsd# /usr/local/etc/rc.d/apache2.sh start
Starting apache2.

Now the http service is working

Linux Gateway – Connecting External FTP Servers

This is written mainly for people who want to use ftp over a Linux Gateway System.

Setting up Linux as an Internet gateway is not difficult to do. A Linux gateway allows two or more computers to use internet at the same time.

While doing so, only the gateway’s IP address will be visible on the Internet. The rest of the computers will be “hidden” behind the gateway. This is called IP masquerading.

There are certain things that may need your attention, and I will discuss them for
linux to be used as gateway.

First of all, you need a working TCP/IP network. I assume your network is up and running, and all your machines are able to “see” each other.

Let me explain my scenario :

Systems in my Network –

I have two systems linux and freebsd

Linux –

(Internet)eth0 —- 10.33.16.220 /30 —– Gw – 10.33.16.250
(Private)eth0:1 —- 192.168.0.10/255.255.255.0

FreeBSD –

lnc0 – 192.168.0.30/255.255.255.0 —GW-192.168.0.10

I Need to use the freebsd in my network to connect to Internet.

This is vey simple , what you do is add the gateway of linux to freebsd
and set the ip_forward flag to 1 in Linux and mention the DNS entries
/etc/resolv.conf in Freebsd.

In Linux (Gateway)

echo “1” > /proc/sys/net/ipv4/ip_forward

Make sure this is added to /etc/rc.local so that it is set during boot.

In Freebsd

I added the below lines in /etc/resolv.conf

nameserver 192.168.0.30
nameserver 202.x.x.x < —– Provided by your ISP

Now this will ping and should resolve domain names.

For Eg. If you ping yahoo.com in your freebsd system it will resolve to the public IP. Now the Problems you will have is with things like ftp … From freebsd system you wont be able to ftp to External IP’s We will have to load a few kernel modules using

either insmod or modprobe:

For Kernel 2.4.x which uses IPtables

I used the kernel 2.4.22-21mdk-i686-up-4GB (Mandrake – Linux Gateway)

/sbin/insmod ip_conntrack_ftp

/sbin/insmod ip_nat_ftp

Next, enable Source Network Address Translation (SNAT) so that your client machines can use the Internet transparently

I used,

#iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE

This should enable you to use external ftp server over freebsd system.

I did not have the IPtables support in kernel, so I had to recompile

Here’s what I did :

#cd /usr/src/linux-2.4.22-21mdk

#make xconfig

This Will List — Linux Kernel Configuration

– Click Network Option

Next,

– IP:Netfilter Configuration

I Selected,
y
–for –>IP tables support (required for filtering/masq/NAt)

then I ran

#make dep
#make clean

If you have enabled loadable modules support in the kernel during configuring, then you have to now execute the commands

# make modules
# make modules_install

Loadable modules are installed in the /lib/modules directory

This Worked !!!

Now I am able to connect to external FTP Servers from freebsd.