My Tips Scratch Pad

R

rndinit0

Verified User
Joined
Jan 15, 2005
Messages
98
PHP: 
Disclaimer: This is a scratch pad, use AT YOUR OWN RISK.
Im just adding info here that I want to cover on the
 wiki (comming soon).
 
This is a work in progress, and some steps might prove
to be problematic in the future. AGAIN USE AT YOUR OWN
RISK. (Example of problem: DA worked fine for me on
FreeBSD 5.4 Release, but not with 5.4 p6). You have
been warned... =P

Since Im a bit rusty on BSD I thought for now it would be a good idea to share my tips scratch pad, untill i set that wiki up.

If you want to ensure that you dont build packages with X libs etc...

WITHOUT_X11=1 to /etc/make.conf

Also you might want to install

/usr/ports/net/cvsup-without-gui

Instead of cvsup

----------------------------------

Something worth lookin into: though I havent tried it yet

https://bsdupdates.com/index.php

Ill test this on a local machine and comment on it

------------------------------------

You might want to install spinner, it keeps your session from timing out. Very annoying if you compile somethin and disconnect fogetting to screen the process

Oh yeah dont forget to install screen as well *grins*

----------------------------------------------

Once your all setup if your confused bout how to set you your primary domain and your nameservers check out:
http://www.directadmin.com/newinstall.html

It explains it step by step.

------------------------------------------------

Oh ... never trust a host to set up your server... either dictate the setup in detail, or do it yourself if you can.
(kvm over IP works wonders). Heed my warning.. else you just might end up with 250mb of /var (which is where D.A. keeps your users emails... Not a good idea

------------------------------------------------
PF Firewall (Its been recommended to run this instead of ipfw)

Great guide to PF firewall.

Setting up a Firewall NAT using PF

A list of all branches

Update: FTP is a retarded protocol. Im switching to SFTP. EOF

My clients can download Filezilla. Its free, amazing, and it supports SFTP.

--------------------------------------------------------

You might as well use FreeBSD Security Branch ( RELENG_5_4 ) (Warning: Not a good choice atm, as I have encountered problems. Look for my other posts for more info.)

Dont forget to install portaudit!

it provides a system to check if installed ports are listed in a database of published security vulnerabilities.

-------------------------------------------------------
 
Last edited:
Here is an example pf.conf file.

While your testing your firewall rules, you might first want to put this in your crontab.

*/10 * * * * /usr/local/bin/sudo /sbin/pfctl -d

that way if you mess up you wont lock yourself out.
 

Attachments

  • pf.txt
    476 bytes · Views: 393
If you need to take a look at an example rc.conf file that corresponds to my setup above.

PHP: 
defaultrouter="xxx.xxx.xxx.xxx"  
hostname="host.domain.net"  
ifconfig_vr0="inet xxx.xxx.xxx.xxx  netmask xxx.xxx.xxx.xxx"  
ifconfig_vr0_alias0="xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx"  
ifconfig_vr0_alias1="xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx"  
sshd_enable="YES"  
usbd_enable="YES"  
pf_enable="YES"  
pf_rules="/etc/pf.conf" 
pflog_enable="YES"  
pflog_logfile="/var/log/pflog"
inetd_enable="YES"


You might wanna take a look at the FreeBSD Diary for more info.
 
Last edited:
If your using Secure CRT 5.x to log into your SSH2 (openssh) servers, you might have had some trouble setting up your private/public keys.

Secure CRT 5.x

Well its simple. Just generate your key pair using SecureCRT then upload the public key to your server.

Then you gotta do:

PHP: 
% ssh-keygen -i -f your_identity.pub >> /homedir/.ssh/authorized_keys

I also found a VERY GOOD ssh & ssh2 guide . Ive uploaded a compressed pdf version, incase the url goes poof.
 

Attachments

  • how_to_use_ssh.zip
    11.5 KB · Views: 364
PHP: 
Warning: fsockopen(): unable to connect to localhost:110 in
/var/www/html/webmail/inc/class.uebimiau_mail.php 
on line 66

Seen this error? Well its cause your firewall is blocking localhost -> locahost port 110.

Squirell Mail wont work either. You can see the attached image.

Anyways the fix is to allow localhost most likely interface lo0 -> lo0 port 110

Here is an example of PF firewall rule set.

PHP: 
block all
#Macro
tcp_pass = "{ 80 21 22 143 25 110 123 443 2222 }"
udp_pass = "{ 110 53 }"

###Rules

# Out
pass out on vr0 proto tcp to any port $tcp_pass keep state
pass out on vr0 proto udp to any port $udp_pass keep state
pass out on lo0 proto tcp to any port $tcp_pass keep state
pass out on lo0 proto udp to any port $tcp_pass keep state

# In
pass in on vr0 proto udp to any port $udp_pass keep state
pass in on vr0 proto tcp to any port $tcp_pass keep state
pass in on lo0 proto tcp to any port $tcp_pass keep state
pass in on lo0 proto udp to any port $tcp_pass keep state

# Incomming Rules

#SSH

pass in proto tcp to port 22 keep state

Further tips:

Turn on the firewall with config file: pfctl -ef /etc/urpf_rules.conf

Turn off PF: pfctl -d

Load new PF rules: pfctl -Rf /etc/urpf_rules.conf

WARNING: make sure you add a cron job: */10 * * * * /usr/local/bin/sudo /sbin/pfctl -d

That way you dont lock yourself out.

Also note that last matched rule wins. In this case the rule block all is matched last. Think about this when you create your rules.
 

Attachments

  • squirrelmail_imap_error.jpg
    squirrelmail_imap_error.jpg
    25.2 KB · Views: 314
You must log in or register to reply here.
Back
Top