WowWhy hasn’t someone done this sooner. Probably the most complete PDF I have ever downloaded, a must have, Thank you!!! This must have taken months to assemble if not years. Donate people, Donate!
Thanks for the nice words everyone. You could say it took ... awhile ... :- )
Why not use a paid product like Windows, that has real support. Or even Macintosh, which is full GUI and Linux underneath?
Hey ComputerDude, im glad you asked that. Best answer = to each his own. I am a huge Windows fan as well, im posting this answer from a Windows machine. I have done a few $100k+ setups, and you can save yourself (on a project like that) around $5,000 on licensing by going with Linux. And you can usually get away with using slightly older (less expensive) computers, virtual RAIDs, SSH Tunnels, OpenVPN, etc… This can mean getting paid a lot more for the same job.I don’t weigh in too heavily on which one is more secure. I find Linux boxes are locked down tight, and you have to open them up. And I find Windows to be wide open, and you have too lock them down. Just chose your poison, seal up all the entryways, and your good to go.Never been a Macintosh fan, but they are getting close. Now that they are Linux under-neath I like it more. But I still find myself launching a terminal window every time I am on one, so why pay the difference. I have to admit they have come a long way, but still not a fan, and still too pricey.Some of the things I love about Linux is I can backup a programs settings by copying one file, and share those settings with you by showing you the contents of that one file, and you can copy and paste those settings into your system. Whereas in Windows I have to do a bunch of print-screens and right-clicks here, and properties there, and checkboxes here, and such, to edit the settings. It’s just really hard to share that information with others. I find I have to make an entire image of the computer if I want to keep the settings. But then again Windows is getting better all the time. Choose your poison, and cross your fingers. I feel Windows gets a bad rap because people surf the internet from their Windows servers, and use their server as a desktop. You should never surf the internet from a server. Linux makes that a pain to do, so your less tempted to try.I use them all, Linux makes me more money. I have never had a Linux box fail that wasn’t a hardware problem. I’ve also built some bullet-proof \ amazing Windows boxes. An extra $10k in your pocket can buy a lot of penguin stickers :-)
There are several great products for Windows and Mac out there, but the first "disadvantage" is their price, not to mention that most of these programs are not as stable and secure as Linux. For a started or novice, a Windows/Mac solution will work ok, but when you need a serious solution, Linux is the way to go.
Well said Anonymous, i agree. Once your done playing around and ready to get serious, go visit the penguin. :- )
Hey ALL-I re-formatted the document to be more screen friendly, and did a few updates.
I like the new format, great job all the way!
I am having problems getting the website passwords to work, I get an error everytime I add the password file, any ideas? Thanks!
Hey A_Wake-Did you make the two changes that read AllowOverride AuthConfig In the apache config file (example on or around page 174) and have you rebooted and or restarted apacheIf so then its probably the path to your password file. The module won't create folders for you. (only files)So if you wanted to make a password file of /options/kevins/.webpasswordThen the folders /options/kevin/ would already have to exist before trying to create the password.Or you will get an error.It’s probably one of those two things, let me know
Thats was it! The second one. THANKS!!!
Excellent, glad it worked. Its usually one of those two things.
Kevin: Thank you so much for this guide. It has to be one of the very best server guides around. I will be donating shortly. You've done a man's job, my friend.Mark.
Thanks Mark! Thats just awesome. I uploaded a new version today (3.67) I fix some typo's and made the firewall stuff a little easier on the eyes. If its not too late, toss the old one and downlaod the new.thanks again-Kevin
Hello everyone, I had WakeOnLan working GREAT and it just stopped working??? any ideas???
A_Wake, If you have two Network cards, try the longer command on the bottom of page # 407.Make sure eth"x" is eth_safe. Thanks \ let us know
That was IT!!! Page 407. Dont know how i missed that the first time around, thanks again Kevin!!! this howto is the best around!!!
Hey guys-I posted a new version. 3.69http://woodel.com -From a connecting client view, Ubuntu's Nautilus windows has like 10 ways of connecting to SAMBA shares, all with different results, so i pasted in a few screen shots in the how-to of how you can connect to them the best. it covers Windows, Ubuntu, and MAC clients. -The routing part of the how-to forgot to mention you need a static ip for a few of the configuration steps. (fixed)-Kev
Guide 3.71, Page 238 refers to usermin download. However, I only get 404 errors. I also searched Sourceforge and came up empty.I am going through this guide page by page and installing everything. Stuck here now!Mark.
Hey MarkDid you try using the link to my server instead, page 237.let me know-Kev
Yep. That worked. Thanks. I did notice on the Webmin website that Usermin version 1.5 is available.Mark.
Hey Mark-Im glad that worked, thanks!-Kev
Kevin, it's Mark again. Hi!I have a problem with netbios browsing. I have just completed the the samba section of the tutorial; I'm at page 359. Before I started the samba section, I could browse by netbios name to the server. Now, after completing this section, i can only get to the server by IP address. This is on my linux box. On one of my Windows 7 boxes I can get to the server by netbios name. What did we do to destroy my ability on Linux to browse by netbios name?Thanks,Mark.
Hey MarkAwesome to hear from you. I have this problem all the time, and it never seems like its the same fix, so this might take some time. Back on page 9, did you choose .diy.lan ?If yes try using the full computer name of thatcomputersname.diy.lanLet me know if that works, it could also be as simple as putting all your computers in the same workgroup. (diy.lan)Seems like everytime i have this mastered, i run into it again. Later on in the how-to we setup an actual DNS server, and that fixes everything. Anyway, let me know, 20 fixes come to mind-Kev
Kev--I changed the samba module to be WORKGROUP because Windows 7 is so damn hard to change the workgroup name. Yes, adding a DNS server will fix all the browsing issues I think. I did not know that the tutorial included a DNS server! Very cool. Will continue my studies...Mark.
Hey Mark-Let me know if you choose not to complete the DNS server portion (there are a few scenerios where you wouldnt) and we can revisit this. Its fixable, I run into it all the time.thanks Mark-Kev
Kevin,Awesome How-to!! I am very new to Linux, I have just set up my second server and stumbled upon a link in Ubuntu forums to your site. This is great, I am amazed at what Ubuntu servers can do!! I have learned so much. I have just gotten to the end of the basic part, not sure yet if I will go on, we'll see. There is so much more to learn.Mark F
Hey Mark F.Thats awesome, I too am very impressed by the whole Debian \ Ubuntu Linux family. Amazing stuff!!!Thanks again, Keep up the good work.-Kev
Hi Kevin,My name is Mika, and I am having troubles installing Webmin. When running dpkg -i webmin.version.deb I keep getting this error: **dpkg: dependency problems prevent configuration of webmin: webmin depends on apt-show-versions; however: Package apt-show-versions is not installed.dpkg: error processing webmin (--install):** Any ideas? Great how-to by the way, how long did this take you? more people should take the time to do this. Thanks Kevin. -Mika
Hey Mika-It looks like the error is telling you dont have apt-show-versions installed. so do this command.apt-get install apt-show-versions. It may automatically finish the webmin install for you once u do that, or you may have to do this again. cd /optionsdpkg -i webmin_1.510-2_all.debif that still doesnt work. run this commandapt-get -f installA combination of these commands should fix all of that for you. Lets us know.PS. I can tell you why more people dont do guides like these... this one took me two years :- )Keep us updated, thanks again.-Kev
Hi Kevin,Mika here again. That worked like a charm! Thank you so much!! I never could get that to install before, thanks again for your help with all of this. Two years... that is a huge contribution to Linux, wow! Thanks!! -Mika
Kevin,I upgraded my Ubuntu server 8.04, to 10.04. I did the how-to on it first to learn, as I said I learned loads. I am at pg 92 and trying to edit the /etc/modprobe.d/ I find, I do not have the file /aliases. I will skip for now, let me know if you think.Thanks again,Mark F
Hey Mark F.Good work. This is a total guess, I am a Debian guy, but maybe Ubuntu has moved away from it. Do you still have a /etc/modprobe.d/blacklists file?That one is pretty good at blocking IPv6 as well. Let me know if you have that blacklists file, and if editing it stops IPv6, and i will look into if Ubuntu did away with the aliases file in newer versions.Keep us updated. The how-to is up to verion 3.79 if you dont already have it, its up on http://woodel.com -Kev
I just finished the advanced section. Do it people, its worth it 100 fold. Kevin i hope you get $100 million dollars in donations. I've donated $800 myself. There is nothing like this out on the web. There is not class that can teach you this, there is no book that can teach you this stuff. I hope you make MILLIONS... thank you so much!!!
Kevin,Yes there are five. Blacklist.conf, -ath_pci.conf, -firewire.conf, -framebuffer.conf, and -watchdog.conf. I looked at all five and Ipv6 is not listed in any of them.BTW it was in 8.04, this 10.04 is the newest release, I'm hoping to use this a couple years, the support was what I considered.....already need the newest release of the How-to, I have 3.77.Mark F
Hey Mark F and A_Wake -I did a little research. And Ubuntu 9.0.4 and above got rid of aliases. And added dot conf (.conf) to the end of all those files. You can add your own aliases.conf file, and it will respect it at startup. But i would say that isnt needed. In the blacklists.conf just add the line blacklist ipv6 as seen in page # 94 of my latest pdf and reboot and let me know. That should handle it. I wouldnt trouble yourself making an aliases file, seems like too much work for the results. Keep us updated.*A_Wake, thank you for the donation!!! always too generous!!! thanks again -kev
Hi KevinThis my 1st attempt at setting up a linux server and found your tutorial brilliant.However I have an error on start-up of the server.The line reads :- starting DHCP server: dhcp3check syslog for dianostics. failed! failed!How do I fix this please ?
Hey CodfatherThanks!That isn't actually an error. It installs but doesnt start until you configure it. That is covered later in the how-to, and will take that message away. It's just telling you it didnt start, all is good at this point in the guide.Keep up the good work.-Kev
Hi again.Where in the how to is the bit, or how do I make it that when I browse to my site eg.www.mysite.com i get my home page, as oppossed to typing www.mysite.com/jdoe/.in other words I want to get my home page from just :- www.mysite.com.Thanks in advance.
Hey Codfather-Never a problem.The configuring of the DHCP server is in the advanced section. Page 5 in the HTML version or page 430 in pdf version 3.81There are a few reasons why you might not do the advanced section, when you get that far, and if you decide to not do it, write me back and I will tell you how to remove the DHCP server, so you won't see that warning anymore. But feel free to ignore it for now, it isn’t an error, its just letting you know it didn’t start.To answer your website question. If you want your user jdoe to be the default webpage, go to page 219 in the pdf version 3.81. And you can fix it one of two ways. If you’re the only user on the system, change the line that says. DocumentRoot /mymounts/vraid/users/xhomesToDocumentRoot /mymounts/vraid/users/xhomes/jdoeAnd #comment out the RedirectMatch lineOr the other way to fix it, is the use the RedirectMatch line to redirect to /jdoe/ instead of /no_auth/Either way will fix it, if you’re the only user, number one will make more sense.Keep me updated-Kev
I have reached the advanced part, and have decided to stop there.Every thing is working great, I just now need to find out how to add cgi, mysql and mysqladmin.I also have to do the updates, but was leaving that until after you had replied to this post.
Codfather-Congratulations, that’s great!The command your looking for, to remove the DHCP server is apt-get remove dhcp3-serverThen reboot, and you should see that warning go away.Then you can do aapt-get updatefollowed by anapt-get upgradeAnd that will update everything except Usermin and Webmin. You can upgrade those by clicking on the Webmin and Usermin Modules while logged into Webmin, and choose Upgrade WebminAnd thenUpgrade UserminYou should then be all updated. Just remember to not do anything confidential as user jdoeHe is an example of a user who’s home directory is exposed to the internet, as webspace. Only use him for public things such as public webpages.For confidential stuff, make sure you using a user above the xhomes directory, and only logging in with that user via something encrypted, like webmin or putty. Or Samba internally, like behind your firewall. And using the Upload and Download Module and or File Manager to move those file around.Keep up the good work, keep us updated.-Kev
Kevin,U prob heard this a milion times, AWSOME WORK!Now on to my problem, I've followed your install3 times ending at basic setup. I'm very new to this. I have a domain setup example1.netI've also with the place I registered example1.net at created the nameserversns1.example1.net and ns2.example1.netOn 8 other domains I changed the name serverson them to ns1.example1.net and ns2. they do workthey have been setup for weeks now, so they have propigated.Like I said I fairly new to this, but I'm not sure hw to add the other 8 domains to webmin, in apache2 I would simply edit the config file.Did I miss understanding a step? sorry but anything U could advise me on to get these domains up and running would be greatly appricated I'v bendown for far to long, andreally do not want to go back to using ISPConfig3, its way to complicated with no doc'sThanks Kevinand again AWSOME work on that tutorial/Doc your a credit to your profession and I hope to her much more from you in the future. P.S. I eventually plan on providing hosting. And now I'm off to reinstll all over again just finished debian 3.0.4 I like graphic desktop, so I'm installing standard sys with desktop enviroment. ALSO I have 1 other system I plan to install and make ns2. I also am considering the advanced setup, but I need to upgrade the EQ. Both systems have 1.7ghz 1gb ram, and two hds one 40gb and one 80gb so space is an issue with reguards to using VMware. anyway any simple quick tutorial thatsays hey dummyre read it aginor hey dummy do thsi would be greatly appricated, and again THANK YOU for what you do!Bob
Hey Bob-Thank you for the kind words, it never gets old.I don't exactly understand your question. Your not talking about Bind9 and DNS right? because you haven't done the advanced section.So i think your question is you want to use this one server to control 8 other servers, is that your question? If so, do the other 8 have Webmin installed on them as well?Sorry for the confusion, let us know, and thanks again-Kev
I am makingmy server ns1.example1.netbut I have 7 other domainnames registered www.example2.comwww.example3.com etc... and I want to turn ns1.example1.net into a server that will host these other domains. So I registered example1.net and created A records NS1 and NS2 pointing to my IP I thin went to all the other 7 .com's and changed the nameservers to ns1.example1.net and ns2.example1.netSo I want my linux box to be a nameserver to host web donain names. Like if you were looking for a hosting company for woodel.com you could go to my site (Linux box) and I could set it up in webmin to host it, I'm not exactly sure how multi-domains is setup in Webmin can U help? thanksBob
Ok Kev - Sry I bugged U, But webin wiki was down, its finally back up, and Ifound the answer I needed, I guess I need to instll Virtulmin - I'm going to give it a shot and hoefully all the configs I did in the basic setup will work am alittle worried about the no_auth and setting up Virtualmin but here goes nuttin hehe thanks again, I'll be watching here pretty much on the hour, thanks again so much!Bob
I think Kevin's guide goes on to use dyndns.com custom DNS. I use it too. Its $35 a year. But worth it to me.-Steve
Hey Steve \ Hey BobSteveYes, i totally use dyndns.org Custom DNS. Good Stuff! thanks.BobYour never bugging me. I don't have any Virtualmin experience, but it sounds amazing, keep us updated on your experience. Everything Webmin makes is awesome, so i assume we will be hearing good things from you soon.-Kev
Kevin, thanks for this great tutorial/instructions!!!I have not gotten very far yet but ran into issue when I updated my browser on my Mac to do Webmin - it was working the night before and then after I restarted Mac in morning the update caused loss of security cert. but did not request new info so I could not use File manager even after updating the java console. After searching I found solution which might be interesting for other Mac users - clear the java cache on computer you are using for Webmin (Mac for me):/users/users/"your user name"/library/caches/java/cache (I renamed the old folder to cache_old and created new/empty cache folder on Mac computer - just in case, didn't want to delete anything in case it was needed - I am somewhat of a file hoarder :)."The mad professor"PS - love the Pinguin - I am pretty green regarding unix/linux but so far I really like it
Hey Mad Professor-Thanks for your post, thats really good info !keep up the good work!-Kevin
Oops, just realized - I put users in the path for the java cache files twice - please disregard - the path should only be/users/"your user name"/library/caches/java/cacheAnd I got to get going - this server has to be up and running by beginning of semester - wish me luck.The Mad Prof
Hey Mad Professor-Thanks again, thats some good info.I feel your pain, I work at a school too. Let me know if you get stuck.-Kevin
Hi Kevin I have been following your tutorial and so far things are going OK. Ubuntu 10.04 server as guest on VMware on XPPro host.But couple of thhins seem not to be working.This is the result of ethtool eth0> ethtool eth0Settings for eth0: Current message level: 0x00000007 (7) Link detected: yesand when looking at read user mail I get thisNone of the supported mail servers (Exim, Qmail, Postfix and Sendmail) were detected on your system. You will need to adjust the module configuration to set the mail server and possibly mail paths manually.but if I look in the modules they are there.Looking forward to your response.Rosalind
Hey Rosalind-Im glad to see your trying it out first in VMware, that’s smart.So you can ignore the speed and duplex part of the how-to.You’re using VMware, so there is no physical NIC for Linux to auto negotiate.It gets it right no matter how your setup, so for anyone using VMware, ignore the speed and duplex section. That’s a good point, I will addA blurp about that in the next version.As far as the email, the guide was built using Debian, which has Exim by default, try running this command. apt-get install eximand answer all the questions as local email. If it says it already there, try. apt-get remove eximThen after it removes it do. apt-get install exim that might fix it up I will try it later myself, from Ubuntu, just to make sure it works. There was one time I had to tweak the read user mail module, but hopefully that’s not the case, im 90% sure that install will fix you up. Keep us updated, and keep up the good work. Im a huge VMware fan myself, I used it to make the guide, makes screen shots super easy.-Kevin
Hi Kevin,Thanks for the quick response.VMware is making use of an older computer that it doesn't matter if I have to wipe everything. Other than security there is nothing else on it. Basically a test computer. I ran apt-get install exim but it said Package exim is not available, but is referred to by another package.This may mean that the package is missing, has been obsoleted, oris only available from another sourceHowever the following packages replace it: exim4-baseE: Package exim has no installation candidateI installed exim4-base but still it says not detected on the system.Rosalind
Hey Rosalind- Try this. Open Webmin, navigate to the module Servers > Read User MailClick on Module Config at the top middle of the screen.Scroll way down, under System Configuration.Change “Mail Server Installed” to either EXIM or Detect Automatically.Apply it, reboot, and let us knowThanks again-Kevin
Hi Kevin,It was set to detect automatically, so I changed it to Exim, still the same. Changed it back to auto and still the same.Rosalind
Hey Rosalind-I setup a Ubuntu box for you, and i think i have it figured out. Set the module back to auto.Then do apt-get install exim4That should fix it. When you do commands like install exim4-common and exim4-base, it only grabs those single packages, but when you do apt-get install exim4, then it goes and gets the entire thing.I tested it, and it working now.Try it and lets us know.-Kev
Hi Kevin,Thanks, that works!Hopefully I learn more by it not working straight away. Now back to the tutorial as well as trying to configure a drupal multi-site installation. Rosalind
Hey Rosalind-Awesome! glad it helped.Yes, you will run into a few issues because its Ubuntu, not Debian. But they are just speed bumps, not road blocks. Since your using VMware, you should also follow it in Debian, and master both.keep up the good work-Kevin
Kevin,You're the man...I've already learned so much just from delving into the first half of your guide. It's really quite exciting. I've followed step-by-step, and I've encountered a minor problem. Page 308 shows a screenshot of the Samba file share list. In the security column, your screenshot shows "Read/Write for all known users". Mine shows Read Only for all known users". It seems like file permissions are absolutely critical, so I want to make sure I have this part done correctly. I started again at the beginning of the Samba section, and restarted Samba, but I'm still getting the same result. Any ideas?
Jon-Thanks man!Go to http://woodel.com and download the newest pdf (ver 3.83)I think we are looking at different versions because my page numbers dont line up with your question.If i had to guess whats causing that though, i would say it one of the two places where we set the "defaults" permissions for all shares. But if we get on the same page numbers I can totally look closer.thanks again \ let me know if that was it and or the new page number where you see a difference between yours and mine.-Kevin
Hi Kevin,This time I am having problems with ftp.I have made the necessary changes to vsftpd.conf and created the new user "uploadman" but when I type in ftp://192.168.1.16 I get ftp folder error Windows cannot access this folder. Make sure you typed in the folder name correctly and that you have permission to access the folder.DetailsA connection with the server could not be established.If I http the same then I get the index which shows my drupal folder. is there a conflict?Rosalind
Hey Rosalind-I think you were the one using VMware right?If so, you have to choose “bridged networking” for the VM NIC.(that’s a VMware setting, not a Linux setting) I get the impression by that IP address that your using bridge, but I’m just double checking.Also, did you reboot yet? That error sounds like vsftp isn’t listening yet, most common reason is the service isn’t running. After you make those changes to the vsftpd.conf file you have to reboot (or restart vsftpd, but rebooting is easier for now)If you are already bridged and already restarted, let me know if you can ping the Linux vm from another computer on your network. (Using VMware you get to cheat a little bit because you can talk to it without the networking working, as that player view is local to your VMware box)Also, what client are you using? Windows Explorer? (Not to be confused with Internet Explorer) FileZilla? WSFTP? … etc…Some clients don’t handle the anonymous part correctly and want you to type ftp://firstname.lastname@example.org..... In your case ftp://email@example.com........ If all that still fails post the contents of your vsftpd.conf file (this is easy to copy and paste from the Webmin File Manager edit view)And also let me know the path to your user uploadmans home directory, this will tell me if you missed a huge step. Anyway, try all that and let me know. Keep up the good work-Kev
Hi Kevin,Yes it is a bridged network and I can ping it from the computer I am using to remote access which is a Windows7 machine and the client is Windows Explorer. I also have cuteftp but not managed to access it with that either./home/uploadman/ but wondering whether it is in the right place because http://192.168.1.16 takes me to /home/rosalind/drupal/ which is set in one of my other configuration files.Thanks for your times...RosalindHaving problems sending the file because of the size!!
# Example config file /etc/vsftpd.conf## The default compiled in settings are fairly paranoid. This sample file# loosens things up a bit, to make the ftp daemon more usable.# Please see vsftpd.conf.5 for all compiled in defaults.## READ THIS: This example file is NOT an exhaustive list of vsftpd options.# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's# capabilities.### Run standalone? vsftpd can run either from an inetd or as a standalone# daemon started from an initscript.listen=YES## Run standalone with IPv6?# Like the listen parameter, except vsftpd will listen on an IPv6 socket# instead of an IPv4 one. This parameter and the listen parameter are mutually# exclusive.#listen_ipv6=YES## Allow anonymous FTP? (Disabled by default)anonymous_enable=NO## Uncomment this to allow local users to log in.local_enable=YES## Uncomment this to enable any form of FTP write command.write_enable=YES## Default umask for local users is 077. You may wish to change this to 022,# if your users expect that (022 is used by most other ftpd's)local_umask=022#file_open_mode=0755## Uncomment this to allow the anonymous FTP user to upload files. This only# has an effect if the above global write enable is activated. Also, you will# obviously need to create a directory writable by the FTP user.#anon_upload_enable=YES## Uncomment this if you want the anonymous FTP user to be able to create# new directories.#anon_mkdir_write_enable=YES## Activate directory messages - messages given to remote users when they# go into a certain directory.dirmessage_enable=YES## If enabled, vsftpd will display directory listings with the time# in your local time zone. The default is to display GMT. The# times returned by the MDTM FTP command are also affected by this# option.use_localtime=YES#
# Activate logging of uploads/downloads.xferlog_enable=YES## Make sure PORT transfer connections originate from port 20 (ftp-data).connect_from_port_20= YES## If you want, you can arrange for uploaded anonymous files to be owned by# a different user. Note! Using "root" for uploaded files is not# recommended!#chown_uploads=YES#chown_username=whoever## You may override where the log file goes if you like. The default is shown# below.#xferlog_file=/var/log/vsftpd.log## If you want, you can have your log file in standard ftpd xferlog format.# Note that the default log file location is /var/log/xferlog in this case.#xferlog_std_format=YES## You may change the default value for timing out an idle session.#idle_session_timeout=600## You may change the default value for timing out a data connection.#data_connection_timeout=120## It is recommended that you define on your system a unique user which the# ftp server can use as a totally isolated and unprivileged user.#nopriv_user=ftpsecure## Enable this and the server will recognise asynchronous ABOR requests. Not# recommended for security (the code is non-trivial). Not enabling it,# however, may confuse older FTP clients.#async_abor_enable=YES## By default the server will pretend to allow ASCII mode but in fact ignore# the request. Turn on the below options to have the server actually do ASCII# mangling on files when in ASCII mode.# Beware that on some FTP servers, ASCII support allows a denial of service# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd# predicted this attack and has always been safe, reporting the size of the# raw file.# ASCII mangling is a horrible feature of the protocol.#ascii_upload_enable=YES#ascii_download_enable=YES## You may fully customise the login banner string:ftpd_banner=Welcome to youngros FTP service.## You may specify a file of disallowed anonymous e-mail addresses. Apparently# useful for combatting certain DoS attacks.#deny_email_enable=YES# (default follows)#banned_email_file=/etc/vsftpd.banned_emails## You may restrict local users to their home directories. See the FAQ for# the possible risks in this before using chroot_local_user or# chroot_list_enable below.chroot_local_user=YES## You may specify an explicit list of local users to chroot() to their home# directory. If chroot_local_user is YES, then this list becomes a list of# users to NOT chroot().#chroot_local_user=YES#chroot_list_enable=YES# (default follows)#chroot_list_file=/etc/vsftpd.chroot_list## You may activate the "-R" option to the builtin ls. This is disabled by# default to avoid remote users being able to cause excessive I/O on large# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume# the presence of the "-R" option, so there is a strong case for enabling it.#ls_recurse_enable=YES## Debian customization## Some of vsftpd's settings don't fit the Debian filesystem layout by# default. These settings are more Debian-friendly.## This option should be the name of a directory which is empty. Also, the# directory should not be writable by the ftp user. This directory is used# as a secure chroot() jail at times vsftpd does not require filesystem# access.secure_chroot_dir=/var/run/vsftpd/empty## This string is the name of the PAM service vsftpd will use.pam_service_name=vsftpd## This option specifies the location of the RSA certificate to use for SSL# encrypted connections.rsa_cert_file=/etc/ssl/private/vsftpd.pemssl_enable=YESallow_anon_ssl=NOforce_local_data_ssl=YESforce_local_logins_ssl=YESssl_tlsv1=YESssl_sslv2=YESssl_sslv3=YESlisten_port=21
Hey Rosalind- (Sorry, I didn’t know it would break up the posts like that)From what I could see it looks like you enabled ssl and ftps (towards the bottom). You can’t used ftps or sftp with Windows Explorer. And that is outside of my how-to, because we use Usermin for secure transfers. See if you can make your vsftpd.conf file match mine, and reboot.Otherwise you would have to search for a ftps or sftp how-to if you wanted to stick with that. I recommend Webmin and Usermin, because it’s web-based, no client configuration or certs to worry about (above and beyond exception the ssl cert, and or buying a signed one)Keep us updated, sorry again about the way it broke up your long post like that. *It also my assumption when you write me that you are following my guide exactly as its written, and have a question about it. Questions outside the guide would be better posted to a wiki or forum, like debianwiki or ubuntuforums.org-Kev
Hi Kevin,I don't know where those comments came from they were on the file when I opened it up as I hadn't manually added them...so a bit confused about that...commenting them out hasn't made any difference.Maybe back to the drawing board and download Debian and compare the two...the only part I can't follow is the section on configuring a second hard drive as I only have the one installed and don't have a spare!!Thanks Rosalind
@ Rosalind, asking Kevin that Drupal question is like taking your Ford to a Toyota dealer. He can't possibly know the billions of possible ways you have your Linux system setup. He can only answer guide related questions. What I did was follow the guide all the way through, stoping before page 5, and then I customized it. And its working out great ! I have rebuilt 5 servers using this same guide. There isnt really anything he leaves unfinished. He has a Drupal solution using Webmin and Usermin instead. Just follow it exactly before you customize it.
Hey Rosalind-I setup a new Ubuntu server box and installed VSFTPD. And it didn’t have any of that SSL stuff.A clean rebuild might be a good idea, seems you have something editing your config files without your knowledge.That’s scary and should be located or wiped out.No worries on the second hard drive, as long as you can visualize it, shouldn’t be a problem. You can even mimic the folder structure if you wanted to, even though /mymounts wont really be mounts, as long as you can visualize it.-kevHey Bob-Thanks, and even though you are completely right, all these questions make me smarter, so I do welcome them. Thanks again for your help, just FYI, im totally going to steal that Toyota \ Ford analogy :- )
Hi Kevin,I have done a new install using Debian this time and so far so good. Couple of things, although i can access Webmin using my IP address I can't by name, not a huge issue though although previously worked on the ubuntu install.I registered for a dynamic hostname and configured the router and that worked great, it was live..but this morning it is timing out on me although worked once...is this a bandwidth issue..we are on adsl and waiting for an upgrade...no fibre optic yet though.Many thanks Rosalind
Hey Rosalind-Awesome, good work!A quick fix to the name problem is add a hosts entry to your windows boxes.Edit the file c:\windows\system32\drivers\etc\hosts(it’s a hidden file, so you will have to search for hidden, and read only, so you will have to change that for the edits, then you can change it back)Add a line like this192.168.2.111 frankAnd this will force your windows computer to know the computer named frank has ip address 192.168.2.111Just use the name, leave off the diy.lan part so it knows your local to your network.An enterprise solution to this would be to setup a DNS server, but is overkill for a small network.There are also some hints on page 96, 97, 98 of the pdf guide,(make sure you have version 3.83)Those changes may help the name respond. But basically Linux and Windows name resolutions work completely different.On your dyndns name not working anymore, did you tell your router to update the IP if it changes.If your router doesn’t support that, let me know, and I will send you a link to some software you can install that will do it, but yes, its best to do it form the router, and shouldn’t be a bandwidth issue at all.Keep up the good work, let me know if that hosts file computername stuff makes sense, but try pages 96,97, and 98 if static.-Kev
hi kevinim up to the part just after logging into the server using putty for the first time, however when i paste the command and answer y to the "do you want to continue prompt" it just says "abort". any help you could provide would be very much appreciated.lenny
Hey Lenny-What command are you pasting in? Can you paste it here?Thanks-Kev
i pasted in apt-get install apache2 vsftpd quota bind9 perl libnet-ssleay-perl openssllibauthen-pam-perl libpam-runtime rssh libio-pty-perl libmd5-perletherwake ethtool ntpdate libio-socket-ssl-perli was however able to install them by installing each application individually (as serparate apt-get install commands). any ideas why the full command didn't work (for future reference)? thanks-lenny
Hey Lenny -Great job !No, I have never seen that happen. Its one of the features I like most, sorry its not working for you, I can't think of a reason why it wouldn't work.keep up the good work-Kev
I hope you make a Billion dollars! great job all the way Kev.Joe
@ lennyThe reason for this is a space missing after "libauthen-pam-perl".What I have done is to make a notepad entry of the 2 lines.I then paste the first line, add a space after it, then copy and paste the 2nd line at the space.Another thing that crops up is the second part of the webmin install won't copy and paste correctly.dpkg –i webmin_1.510-2_all.debcomes out as dpkg .i webmin_1.510-2_all.deb.I just edit it and all is fine.
Nice work Codfather, thanks again!-Kev
This is really great tutorial, I can't thank you enough for making this. I have been using Ubuntu for a couple of years now, from ubuntu 7 to 9.2 now they have released ubuntu 10.4. Problem with all previous versions are, if I update the system and reboot then I will find X gone wrong again, GTK is not loading and this and that.Being a person who is not very good in networking and have little linux exp., my only option is buy a new HardDrive, setup ubuntu there and copy the data and get the work started. Now I am fed-up with this, so looking for something stable.1. Is Debian is the way to go, which has less updates and Rock solid operating system, as Ubuntu also based on debian or ubuntu2. After reading your tutorial I don't think it's required, but Can I install server in graphical Interface, will you recommend that? I think it's easy for copy and paste data connecting and using backup hard-disk, if anything go wrong.3. Solid or Stable Linux Distro as per your suggestion?Please reply.
OnDigit-Thanks!I am a die hard Debian fan. Ubuntu is amazing, but to answer your question i usually do Debian for servers, Windows for desktops, and Ubuntu for laptops.My thoughts = never install the desktop gui on your servers, ever, that is what Webmin is for. And then eventually, months down the road, when everything is up and running smooth, learn the command-line.And if you need a desktop gui, expect problems, thats just the name of the game. You want all your data on the server, you want your server to be bullet proof, and expect to rebuild \ reformat your desktops and laptops every couple years. But once you get all your data on the server, rebuilding your desktops becomes alot less painless.Just wanted to make sure you know you dont have to buy a new hard-drive everytime you run into a problem. You can re-format the original one using the install CD (just making sure you knew that)Anyway, read through my guide all the way through, before doing it, and see if its something that will work for your needs.Another good rule of thumb is everytime you run "sudo" ask yourself... do i "really" need to do this. I can assure you less sudo equals more up time :- )Keep up the good work, your not doing anything wrong, there just isnt such a thing stable GUI with admin rights, unless you never run anything as a sudo or an admin, and that is a hard discipline to follow, but worth it.For now focus on getting your server bullet proof, and treat your desktops as if you know they are going to break someday.-Kev
Hello Kevin,Thanks for your prompt reply. I am surely working on as I have downloaded Debian ( switching to Debian now) and I am sure with your guide, I am able to setup it. Regarding reformat means, format Hard-drive to make it clean, which purge all data, right? or you are referring something else. I buy new Hard-drive because I need the data crashed harddisk have. Hope it will clear my point. I really appreciate your time taken for reply for my post, hope I will able to setup a bullet proof server. ThanksJinendra
OnDigit-I see what you were saying now. Just worried you were buying a new hard-drive everytime your upgrade(s) crashed.Keep up the good work.-Kevin
Hi Kevin,Its seems to be one of the best howto for the newbee. I am planning to setup Ubuntu server - LDAP, PDS, Samba, Squid and file server for our organisation, with help of your 'howto'.Why don't you use forum ? that would help you to respond and users to find already discussed issues... and finally create a knowledge base. that my suggestion only.Really great work for the society.Arun
Arun-Thanks!Yes i am pretty active on http://ubuntuforums.orgI swing by when i can and offer help. Their forum fills all my needs. People looking for step by step can come here, people looking for self help can go there, i do feel its the best of both worlds, and what was kinda of missing in the community.But you are right, i have just grown to like the seperation.thanks again-Kev
Dear Kevin,can you please also add the setup of openldap, as this is central point for all the applcation / servers / software to authenticate.regardsArun
Kevin,Your tutorial has been great, I am a total newbie at linux and have been having a blast setting up my server with your instructions. I just ran into the first problem that I haven't been able to resolve with the forums or your guide.When I go to "read user mail" I am getting this error:postfix: fatal: open /etc/postfix/main.cf: No such file or directoryI am assumed that I missed something on install but haven't been able to figure out what.I am also missing the "System Logs" tab. I went to try to install the module from Webmin but it is still not showing up. Any help is appreciated!Thanks,Mike
Arun-I will glady accept "request" like yours for $5,000 donations per each request.I use SMB (samba) pass thru auth for all my server to client needs, or SSH for Linux to Linux.thanks-Kevin
Seewolf-Thanks! thats awesome.Are you using the same Debian and Webmin versions from my website? thanks \ let us know, and keep up the good work.-Kev
Kev,I am using ubuntu Server (10.04) and the most recent version of Webmin.When I go through the File Manager, I don't see main.cf in the postfix file. I pasted a main.cf file in the folder that I found on one of the forums just to see what happened and I got past that error but got another that was identical but replaced main.cf with another file that seems to be missing. At that point, I figured I better just pull my new main.cf file out again and ask for help before I really screwed something up.It is worth noting here that when I got to the part of the tutorial that added packages:apt-get install apache2 vsftpd quota bind9 perl libnet-ssleay-perl openssl libauthen-pam-perllibpam-runtime rssh libio-pty-perl libmd5-perl etherwake ethtool ntpdate libio-socket-ssl-perlI had some errors. I suspect that this is the root of my problem. When I got to the section on Apache, I had to go back and install it as it was not already there. At first I was just playing around with the tutorial and didn't think much of it. Now that I have an actual working server, I wish I had been more careful at that point.Regarding the system log, I have tried to add it through Webmin but it still doesn't show up.Thanks in advance for your help!Mike
That’s all due to differences between Debian and Ubuntu. For a more step by step approach, atleast for your first time, try Debian with all my same versions.Or if you wanted to keep your current install, these will probably do the trick.For your mail problem, do this:Open Webmin, navigate to the module Servers > Read User MailClick on Module Config at the top middle of the screen.Scroll way down, under System Configuration.Change “Mail Server Installed” to either EXIM or Detect Automatically.Apply it,Then open up Putty or SSH2 and do apt-get install exim4 (there is no space in that word, exim4, all one word)Reboot your server, then try the mail.For your system logs problem, Ubuntu must have changed the default location of their log files. Webmin will probably catch up in a couple months and that problem will just go away. Keep checking for Webmi updates. In the mean time, just use the filemanager to read your log files. I do this anyway, that way I can see the entire contents of the each log file. Just use the filemanager to read the log files in /var/log. They are just text files anyway.Then eventually Webmin will catch up. Ubuntu has moved away from Webmin, so if you LOVE webmin like I do, you may want to switch your server to Debian, and use Ubuntu for your laptops and desktops.I’ve already seen people talking about Ubuntu has change the way you start and stop services, so if you run into that, like with SAMBA, just reboot your server, that will stop and start all services when needed.Anyway, try the mail fix and let us know.Also im not talking bad about Ubuntu. Just maybe go Debian on your servers until you have mastered command lines and or identified the changes in each build. Although I am a die hard Debian \ Webmin fan for servers.Keep us updated.-Kev
Kev,That did it. Thanks!I also turned Postfix off in my bootup/shutdown. There doesn't seem to be any reason for that to be running. Let me know if I need it and I will turn it back on.I will be happy to keep you updated as I proceed. I am going to try to finish with Ubuntu but have poked around a little and see why you like Debian. I may use this as a learning experience and start all over with Debian.Mike
Seewolf-Awesome!I think i would have turned it off too.Great work.-Kev
Hi...excellent tutorial. I just keep having a problem with adding a second hard drive. I keep getting a "Failed to save mount : '/dev/hdb1' is already assigned to be mounted".So should I just undo everything regarding the second hard drive and start that section over from scratch? This is a brand new hard drive.Thanks...
Anonymous-Thanks!Are you using Debian or Ubuntu?For a more step by step approach use Debian. Take a look at the "Disks and Network Filesystems module" and see if you see any other refrences to /dev/hdb1.Also post the contents of /etc/fstabAnd i will take a look.-Kev
Hi KevI am using Debian, and Webmin 1.520 on a Compaq d220 MT desktop with 1 GB ram and 2.80 Ghz speed. The server is up and running headless. The first hard drive is a 20 GB. The second hard drive is a 500 GB. The second hard drive in the Disk and Network Filesystems module is listed as /mymounts/d2p1 Linux Native Filesystem (ext3) IDE device B partition 1 (In Use?) No (Saved) Yes Under Disks and File Systems...the only things listed with a /devare a /dev , /dev/shm , /dev/pts. There is no /dev/hdb1 listed. Under Disks and File systems there is no /etc/fstab listed.I got a permission denied while under root on the ssh window and putty when I posted the commands /etc/fstab.login as: firstname.lastname@example.org's password:deb32server1:~# /dev/hdb1-bash: /dev/hdb1: Permission deniedast login: Sat Sep 18 07:30:19 2010 from 192.168.1.3deb32server1:~# /dev/hdb1-bash: /dev/hdb1: Permission deniedI am clearly missing something...Thanks
Hey Anonymous –I think I see what’s going on here. It looks like while in the Disk and Network Filesystems module, during the creation of the mount point for /mymounts/d2p1/You clicked “save”, instead of “save and mount at boot”Go back to the Disk and Network Filesystems module, click on your entry for "/mymounts/d2p1" , and uncheck the "save" and choose "mount”. Eventually you want to choose “save and mount at boot”, with save de-selected. But for now, for trouble shooting, uncheck everything that says save, and choose mount. If that works, reboot, then go back in and choose save and mount at boot. Also, just some info. You don’t ever change directory into a device “/dev/xxxx1” . The hint there is /dev/ means device. You only change directories into folders and mount points. So never type “/dev/hdb1” to get to your drive, always type “/mymounts/d2p1” when command line refrencing the second drive.Also, just some info. /etc/fstab is a file I wanted you to send me. The filename is “fstab” and its in the “/etc/” directory. Using your File Manager module, you can see the contents of the fstab file, and paste it in here for me.Although I think the stuff I recommended above will fix you up, and you probably won’t need to send me that file if it’s working.Keep up the good work.-Kev
Kevin...Your doing the whole world a favor here Bro! We thank you!!
Kev"uncheck everything that says save, and choose mount. If that works, reboot, then go back in and choose save and mount at boot."It worked! Thanks again!/mymounts/d2p1 Linux Native Filesystem (ext3) IDE device B partition 1 5% (In Use) Yes (Saved?) Yes
Dave-Thanks man !!!*BTW, that never gets old :- )thanks again-Kev
KevI am using Debian with Webmin 1.520 and the server is up and running headless. I have also set the workgroup to "workgroup".But when I try to access the samba shares from a linux machine I get the message "Unable to mount location - Failed to receive share list from server".Have I missed something ?
Anonymous-Are you using the computername, or the IP to connect. if your using the name, try the IP.If that doesn’t help, run this command, and see if it finds any errors for you.cd /etccd /sambatestparm –s(that’s the word testparm, then a space, then a dash, then the letter s)That command will find most problems in your smb.conf file.If that doesn’t find any errors, try smb browsing to the server.Open a folder, then at the top, choose “go” then choose “location” And in the address bar type smb://the-ip-address-of-your-serverSee pages 363 and 364 in my pdf, at http://woodel.com (version 3.84)If that doesn’t work, make sure there are not any firewalls running. Make sure you are on the same network. Compare your smb.conf to others you see from google searches. Using Webmin’s File Manager, You can play around with the local file \ folder permissions on the root of the shared folder. Set them to 755 for trouble-shooting. (careful you’re not exposing confidential data)And if all else fails, re-read pages 293 – 380 of my pdf, and follow it exactly and see if it works with my same configs. That way we can eliminate that from the trouble-shooting.-Kevin
Great writeup. It's been perfect to get me started.With Ubuntu 10.04 I am having problems with Samba automatically creating the directory for pub4roomies. With the individual users things went exactly as described but for some reason it will not do the same for groups. Any ideas what I may be missing?
Update,Auto create works fine with pathmymounts/d2p1/users/nshares/pub4houseand utterly fails with pathmymounts/d2p1/nshares/pub4housegroup permission conflicts perhaps?Here's a tip for Ubuntu users to stop/start Samba via Webmin. Under Samba module config, change entry for "Command to start|stop Samba servers" to 'service smbd start|stop'
Hey Lee-Thanks!These paths are differnet, is that a typo?Working one = mymounts/d2p1/users/nshares/pub4houseNon-working one =mymounts/d2p1/nshares/pub4houseFor you group problem, did you do the steps on page 368? also the group needs to be created after page 368, not before.keep up the good work, lets us know-Kev
Not a typo. The path used for the group pub4roomies on page 373 omits 'users' compared to the path for the other samba shares. Once I added 'users' to the path and it worked fine. Now what I am after is why the addition of the 'users' directory should even matter. Permissions for both 'd2p1' and 'users' are the same, 770. What is keeping samba/webmin from creating anything above 'users'?
Im not 100% understanding your question. But i have a guess. Your have to let Samba create that folder, and it sounds like that folder already exsist.Sorry if im not grasping the question, but most of the time its because that folder already exsists. Try letting Samba create it.-Kev
In each case my starting directory structure is mymounts/d2p1/users/nshares/[misc users]Samba automatically creates pub4house fine if I use: mymounts/d2p1/users/nshares/pub4houseHowever samba refuses to create pub4house if I use: mymounts/d2p1/nshares/pub4houseIt will not create a group share with the path nshares/pub4house anywhere except below 'users'. Is there an issue with using the same directory name at two different levels?
Hey Lee-I’m sorry, I’m still not 1000% sure I’m grasping the question. Let me know if we are on the same page.I can’t figure out if you’re telling me that the…1. The guide is only working for user rights, and not group rights.2. The guide works for both user and group rights, but only in the folder structure I have chosen.3. You don’t know about numbers one and two because Samba won’t even create the share if you don’t choose my same folder structure as me. So at this point you’re not concerned about user or group rights, because you can't create the share unless you follow my same folder structure.If you’re saying number 3 (which is what I think you’re asking) it won’t even create the share. Then the four most common reasons I can think of are you are not letting Samba create the folder, the folder above it isn’t 755, or you haven’t setup group synchronization yet, or you haven’t created the group yet using webmin (special things happen when you use webmin to create your users and groups, because of our synchronization setting, so make sure your doing that). So if you’re sure you setup group synchronization in samba, and your sure the group exists, and your sure you used webmin to create this group, then using the FileManager, delete the folder /mymounts/d2p1/nshares (if you can do this without losing data) then using the FileManager re-create the folder nshares, then double check it has 755 permissions (this is the default, so it should) Then using Samba, create the share “pub4house” but make sure this folder doesn’t exists yet, so that your 100% sure your letting Samba create the folder “pub4house” (and make sure the checkbox is checked to create that folder before hitting ok) again, this folder “pub4house” shouldn’t exist, let samba create it for you.If you’re saying numbers 1 or 2, you have missed something, or there is some difference in Ubuntu 10 that I’m not aware of. Which is totally possible.Let us know, and make sure your mount isn’t too deep. If your mounting d2p1 any deep than the /mymounts/d2p1/ then it will have a fit.-Kevin
KevinThanks for your prompt reply. I have carefully redone the the samba install and all is now well.I can access all shares on windows XP, but am having a problem mounting the public share using fstab. I have tried several variations but cannot get it to mount with read/write access. Do you have an fstab entry that works ?
Hey Anonymous-You could do a line like this in your fstab:#Start Samba mount code at startup\\192.168.2.241\pub4house /mnt/samba241 smbfs user=public,passwd=public 0 0#End Samba mount code at startupjust make sure the "/mnt/samba241" folder exists on the computer your doing this too.But caution, the guide doest have you do it this way for a few reasons. One- it’s not very convenient, you much better off using the gui file chooser, and saving the share as a bookmark. Examples one pages 363 and 364 (version 3.84 of the pdf). Once you have done the steps on those two pages, you can save it as a bookmark.Two- it’s not very secure. The guide would be 6,000 pages if I had to explain why it’s a bad idea to put passwords in files in plain text. There are scenarios where this is safe, especially on your home network. but just keep in mind, in the default configuration, ssh, ftp, sftp can “read” all files. So if you put an important password in there, you just shot a hole in your defense plan.Again, there are scenerios where you will need to do what you’re doing, just keep in mind without system harding, that password can be seen, and if your computer is ever stolen, or someone has access to boot it off a cd, your done, your compromised.You’re probably at home, and you have mentioned it’s your public share, so I am really wasting your time with this rant. Just want you to know we skipped 5,000 pages on not doing what you’re about to do. Now, do I do it??? You bet :- )Just be careful, the gui way with a bookmark \ password prompt is 100% safe. Fstab is not.Keep up the good work-Kev
KevinThanks. Am convinced and am now using a bookmark.Ta
Excellent !Pass through is even better, guide talks about it.Good work!-Kev
Kevin,Thanks for the help on Samba. The key thing I was missing was that Samba will only create the last directory in the given path. Once I created 'nshares' manually all worked well. Thank you!
Hey Lee-Your welcome.Thats some good info, thanks for letting us know.-Kev
Kevin,Thanks for the awesome guide, it helped me out a lot.I used your guide to set up a samba file server only. I just have a question about the personal shares. Once I log into a users share I can't log into another users share without logging off of windows and logging back in. Is this how it is supposed to work? If so, is there anyway to change that?I ask because my classroom is set up as a workgroup. There is only one user account on each computer. I have 6 classes that all come in and use the same windows user account. I would like to set up a file server where each student had a personal folder to save their work.Thanks again for your help.SRD
Hey SRD-Thanks !That is how it is suppose to work, you can’t authenticate to the same server as two different users.There are a couple work arounds. One you can drop to a command prompt and run:net use /d *This does almost the same thing as logging off, without actually logging off. But it isn’t rock solid, sometime you have to run it twice, and sometimes it just won’t let go, but will work most of the time.Another work around is windows doesn’t realize that the “ \\computername\share “ and “ \\IPaddress\share\ “ are the same computer.So you can trick it that way, auth as one user to the \\computername and auth as one user to the \\IPaddressAnother work around that fits in nicely with the net use /d * command is to map a drive letter. When mapping the drive letter, there is a checkbox to “connect using different credentials”Also make sure your students are typing the full path to their shares, to keep it from connecting to the root of the share.example: \\ipaddress\kelwoodnot just \\ipaddress\ then clicking on kelwood, because it will auth to the root of the file share first.These work arounds work, but you’re better off having your students create themselves an admin account on the school computers that matches their username and password to the share. Then log off of windows and log back in as that account they just created. Now they will pass-thru those credentials to their personal shares, and won’t be prompted, but will only see their own personal share (which is what you are after) most classrooms are setup to forget changes when the computer is rebooted. But most will let you log off and login without losing anything.That’s what I would go. To recap, example = you make student Kevin Elwood and account on your server of username : kelwood password: swordfishWhen Kevin comes into class, he makes himself a windows account of username: kelwood password : swordfish. Logs off of windows, and logs back in as username kelwood.Now he pass thru authenticates to anything kelwood has access to.-Kev
Kev,One other thing I forgot to mention. This is a nuisance more than anything else, but I am concerned it may be an indication of a bigger issue. I cannot access my server through the server name within my LAN. If I use the https://192.168.2.xxx address, it works just fine but when I try https://deb32server1, it times out.I went back through the tutorial and double checked /etc/hosts, etc/hostname and /etc/resolv.conf - all looks good here.Any ideas here are appreciated too!Thanks again!Mike
Thanks for the response kev.I was considering creating all the students a user account but I wanted to be able to easily move a student to a different computer. Sometimes I have to shuffle them around when they can't behave. I think the easiest thing would be to just have them log off of windows at the end of class. I have a couple other questions. In your guide it looks like you get a user/pass prompt as soon as you try to access the server. On mine I don't get a user/pass prompt until I try to open a users folder. Did I miss a setting? I skipped through a lot of your guide because I only set up the samba server. I read the entire guide a few times but didn't notice anything that I might have overlooked.My other question is if I want to be able to access all users folders from my account, do I have to add myself to each users group? I need to be able to access their folders to grade their work.Thanks again for your help!SRD
Oops, I think you already answered my first question in your previous post. ThanksSRD
Hey Seewolf-Glad to hear from you1: The public share uses 755 permissions, not 700. Download the latest pdf (version 3.84) and double check pages 311, 313,336, 340, 341, 342, 343. Sound like its defaults might be set to 700, not 755. Also make sure they are typing the full path to the share, as not auth to the root of the share.Do this \\ipaddress\public not \\ipaddress2: The steps are the same for port 80 and 10000. Did you do anything in the webmin config about limiting the source addresses? That’s the only thing that comes to mind. If you have ipadress:80 working, then you know what you’re doing.3: Vmware, I wouldn’t proceed with VMware on that box, you won’t be able to do much with it. If you ever need to do VMware stuff and you get a beefy computer, check ESXi from VMware. It’s a free OS, loads up linux all ready configured for you to do VM’s. But you need a 64 bit machine with a ton of ram. I would stay away from VMware until you get a beefier setup. And maybe try ESXi when you do.4: I have never heard of Gallery 2Thanks for the kind words !!5: For the name resolving problem, edit the hosts file located at c:\windows\system32\drivers\etc\hosts (file may be hidden \ read only)Add a line at the end that says:192.168.2.1 debserv32x1Reboot and now it will resolve that name locally, independent of a DNS server. Then https://debserver32x1:10000 will start working internally again.keep up the good work.-Kevin
Hey SRD-I got a little mixed up in all the anonymous replies, did your question get answered?-Kevin
Seewolf-Dont forget the ":10000" at the end, always.https://deb32server1:10000https://your-domain-name.com:10000-Kev
KevSorry for the confusion. How would I set it up to where I can access all of the students folders with my account but keep them from accessing each others folders? I would need access to each students folder to grade their work.Thanks,SRD
Hey SRD-Short answer, add yourself to their group.Long answer, make sure you setup group synchronization (see page 367 in the pdf version 3.84 http://woodel.com )Make a group called ShareAdmins, and add yourself to that group.Make sure you are using webmin to create that group.Make sure each user’s folder has 770 permissions. (3 x’s on top, 3 x’s in the middle, no x’s on bottom)Where you see the name “mygroup1” on page 378, replace that with “ShareAdmins” on every users folder.Make sure each user’s folder has the “files inherit group” check box (see page 378)That will create a folder permission of 2770 (which is the magic behind it all)*note, all this only affects newly uploaded files, so if there are existing files in those directories, you would have to use the drop down arrow when applying the 770 permissions and choose apply to this folder and all files, and all sub folder if folders exist. The drop down I’m talking about is in the filemanager module, and is visible on page 378, under “apply changes to”let me know if that all make sense :- )-Kev
KevAh ok, I understand. I can't thank you enough, Your the man!SRD
Kev,As usual, excellent advice and direction. I have now:Removed VMWare - I'm not really sure when I would have used it anywayAdded the line so I can get to my server through my windows machine using the server name instead of the IP addressGot the "public" share up and running (I went back and completely redid this one and now it works)Something also seemed to shake loose access to the other ports too. I can now access Usermin remotely.Now I have a question on an issue that is a pretty low priority, but I find curious. When I go to "http://www.mydomain.com" the address in the server bar immediately switches to "http://myi.pa.dd.ress". I don't usually see this happen on most websites. What do I need to do to keep the domain name address in the address bar of the visitors browser? Like I said, small issue but if you have a quick explanation, I would love to hear it.Keep up the great work!Mike
Seewolf-Great job! CongratzOn your web-browsing issue coming back as the ip address, I have never seen that. So this is a complete guess, I could be sending you down the wrong trouble-shooting path.But it sounds like an issue with your dns account. Whoever you bought your domain name from, login and make sure the option “wildcard” is set to not (not use), and that the option “cloak” is set to yes.If neither of those work, click on the “contact us” link in the support page of your domain registar, and send them an email telling them whats happening, and see if they made a goof on their end.Also if you did the local DNS server portion of the how-to, or the router portion, email me your website, and I will see if it happens on my side of the world to (email it)Good luck, I may be wasting your time, Ive never heard of that problem before. But my guess is DNS.If you did do the local DNS part of the how-to, send me all the related configuration files, zipped, via email.-Kev
Kev,I have figured out that it is only on computers within my LAN that change my domain to my IP. I tried it from another computer outside yesterday and my domain name remained in the address bar, so I am OK with that.I have since created a new problem for myself. When I went back to uninstall VMWare, I seem to have gotten a little aggressive and removed some other packages. The problem I am running into now is that I don't seem to have PHP support from the server.I am trying to install a photo sharing system on the server and the install is web based in a .php file. The problem I am having is that when I go there in my browser (IE or FF) it is trying to download the file as phtml instead of opening it in the browser.Do you have any suggestions on how to go back and re-install all the packages that I seem to have removed unintentionally when I removed VMWare?As always, thanks for the direction and patience!Mike
Seewolf-I probably can't be much help here, i don't deal with PHP much ever. If you removed vmware via putty or ssh then you can keep pressing the up arrow on your keyboard and it will show you past commands that your ran.Keep pressing up until you see what you did, and then maybe the answer will be doing the reverse.Also check your logs, and search for the keyword "remove" or "removing" and see if anything jumps out at you.Sorry, i just never got into PHP at all so i dont really know.good luck-Kevin
Thanks Kev,I am sure I will find it - just time and effort. The payoff is actually figuring it out!Have a great weekend!Mike
True, True.Good luck-Kev
Kevin,Nice site, very helpful! I understand your earlier reasons for not including a TOC for the document... but honestly, given the size that its grown to (600+ pages according to the PDF) it really does need one if only to make things easier to reference when a person comes back to it trying to find how to do a given task if they didn't start with your guide or if it was something they skipped on the first pass but now want to try out.Thanks for all the effort,Monte
memilanuk-Thanks !Have you tried the search feature in the pdf?-Kev
KevinThank you for the site.Webmin seems to be working except for file manager which does not populate with the tree. Only get a large black square even tho its transferring from 198.xxx.xxx.x.xxx. Have updated modules as per PDF.Your thoughts?Dan
Hey Dan-Thanks!Did you install Java into your browser?http://java.comkeep up the good work.-Kev
Yes Java is installed and up to date. It seems File Manager in Webmin is the only module not working. When the server is booted the Damon Monitor (monit) is not starting saying its not configured. Would that have any effect.Thanks againDan
Problem solved. Reinstalled JavaI should have known.Thanks Dan
Dan-Awesome! good workNo, Monit is something you configure later in the optional advanced section. Its just letting you know its not configured to start, which is correct for where your at in the guide.-Kev
Hi Kevin,I have a question related to Ubuntu that I'm hoping you or someone else would be able to answer. I’m trying to assign a static IP to eth0 on my Ubuntu Server. Its running Maverick Meercat 10.10 desktop edition, and a local DHCP server seems to be auto starting, and it assigns the eth0 a different IP even though I’ve configured it to be a static IP. If I restart the port by using ifdown eth0 it goes back to the default IP, but it autostarts after reboot with a different IP. I’ve tried disabling any of the DHCP services that autostart, but that doesn’t seem to work, and the pkill command kills that instance, but a new one replaces it instantly. I'm also using LogmeinHamachi and its set to dynamically get its own DHCP settings on its own virtual adapter ham0. Is it possible that Hamachi is starting the DHCP program when it starts at boot? Any suggestions on how to find & kill the DHCP client that’s overwriting my settings? I'm following along with the latest edition of the guide, and so far its been fantastic! I'll definitely be pointing anyone who I know is starting a server to your resources. They are phenomenal and I've really benefited from your knowledge.Thanks!Chris
Chris-Thanks !Email me your /etc/network/interfaces file and i will take a look.Ubuntu has a network manager program in it that gets in the way, and app-armor, but lets start with interfaces file.Im not talking bad about Ubuntu, i do love me some Ubuntu for sure, but they sure are making some questionable changes.I use Ubuntu everyday, but im starting to tell people to stay back a revision. If 10 is out, go 9. If 11 is out go 10. They arent afraid to make big changes thats for sure.-Kevin
Hi Kevin, I sent you a copy of my interfaces file. Thank you so much for all your help!
Kevin,Thanks for the terrific tutorial, it has renewed my interest in Linux and given me the confidence to finally set up my home media server.My Linux experience is limited to Ubuntu so far and for this project I began with server 10.10. I've come to the conclusion that I should probably use the previous version, would you agree? If so, which version do you believe to be best? Or perhaps Debian?Thanks again for the great work!
Hey Darryl-Thanks!I would use Debian for servers and Ubuntu for GUI laptops and GUI desktops.Im not talking bad about Ubuntu. What they are doing is important, and sometimes i find Ubuntu is the only one that will load on the newer hardware.-Kev
Thanks Kevin, I really appreciate the input. I guess I'll give Debian a shot. Take Care.Darryl
Very impressive tut Kev. It shines with the quality and pride you have put into this. I'm in a holding pattern on page 107 (3.84) in the .pdf until I'm sure what I'm suppose to be changing in the resolv.comf file. There was already this:domain my.isp.comsearch my.isp.comnameserver "router address"Am I to add:search diy.lannameserver "router address"under what's already there??
Hey Robert-Thanks !You would be erasing everything in that file and replacing it. You can use the file manger to make a copy of that file, (copy \ paste) name the pasted file resolv.conf.originalThen if you have problems, just delete mine and rename resolve.conf.original back to just resolv.confYou only need to do that step if you have switched your server from dhcp to static, so it knows to do dns lookups through the router instead of directly querying the internet.good luck, keep up the good work.-Kevin
Thanks Kevin. Yeah, I switched to static (1st server setup I've ever done, so staying with the tutorial exactly). I also went back and reread pg's 53 - 57 and was thinking that went along with DHCP. I'll be continuing the tut now. Thanks again Kevin.
Hi Kevin, Thanks for an excellent walk through. It's made sense of a lot I had going around in my head and I havd successfully set up my server.I am hosting my own site and those of my daughters, so at home I am king lol!Will you be finishing the pdf document any time soon?Again thanks for a great job.Tony
Thats awesome Tony! keep up the good work.I just updated the website to version 3.85, so it will take me a couple months to get the pdf ready. Im 50% done, its just i have two full times jobs, and this is one of my most busy months. If you email me, i will email you back when its ready.Thanks again-Kevin
Hi Kevin, I had a recent bout with 'cranium rectumitis'. I clicked on the 'server1' link to download what I thought would be the .pdf for the updated manual. I 'didn't' check the filesize before clicking on download and overwrote the file I had. Anyways, I had finally gotten all the way thru to pg 293 (Samba). Without going thru Samba, I figured I would go ahead and setup file access for a couple of friends of mine where we can store and download files. I haven't been able to get it where they can get thru. I've gotten the free DynDNS account and from reading their setup, I was suppose to use the 'external' IP address. I have a (Time Warner) cable modem with a D-Link DI-604 router connected from it and from there to my Windows box, and the web/file server box I'm building from your instructions here. I've researched where I'm suppose to put this external IP until my head hurts. I'm believing it's got something to do with the hosts, hostname, & interfaces files, but when I change anything, the server gets lost(?). Could you direct me down the right path? Thanks
Hey Robert-I can email you the outdated pdf if you email me, im still working on the new one. Or just use the website ( http://woodel.com ) its always the most updated.Stay away from that interaces file, and the other files you mentioned, your missing some of the key concepts here, i would re-read the top half of page 3, most importantly the part this picture is talking about. http://woodel.com/page3_files/p3_image085.jpg Your external IP is the ip address of your router, you have to then go into your routers web interfaces, and add the port forwards you need as seen in the picture above.You dont really need to enter that external ip address anywhere in your linux box config files, so if you find yourself doing that, know thats a step in the wrong direction.external IP = your routerYou then setup port forwards to send that traffice internally to your linux box ip address example = 192.168.2.1 or 192.168.2.111 depending on how far you have gotten in the guide.good luck, keep up the good work.-Kev
Thanks Kevin. I went back in and got everything set back right. I also added the nameservers (dyndns) that you referenced (pg 1 on the web) with that readme file on DynDNS.com (Internet Guide). I'll try this setup again and see if my "tester" can get thru. Port Forwarding and all that's been done on the D-Link. Time Warner says no ports are blocked on their cable modem. Thanks again.
Robert-Awesome, sounds like your almost there.If you get fed up with ftp and its quarks, here is an sftp how to, its really "ssh file transfers" behind the scenes, super secure, and works great thru firewalls (port 22)http://woodel.com/domore/Only downside is your users need a client to connect, filezilla client is a good one.http://filezilla-project.org/download.php-kev
Thanks Kevin. I'll take a look at the sftp how-to also. We've all used 'zilla and smartftp, so that won't be a problem. But we are trying to get some better upload/download speeds. The files we're loading and downloading will end up being fairly large, 500mb upwards of 2gb. Anyways, I appreciate your help. If it's the D-Link that appears to be blocking them getting to the server, then I'll try connecting the Linux box straight up to the cable modem and see what that gets me. Of course then I'll have to go in and set the new IP numbers. I've had to do the same for my windows box a couple of times. Then I put the D-Link back in and everything works. Weird stuff sometimes. Thanks again.
Hi Kev. Just want to let you know we finally have liftoff!! I had it right to begin thanks to your tutorial. Since I've got the 'digital phone' with Time Warner (along with the internet and cable tv), their cable/phone/modem has to be reset from their end due to the modem having a battery backup. Unplugging the power cord from this type of modem will NOT reset it for any reason. This is due to it having a battery backup. The reset is done because their system, when it's activated, detects the first device that's connected to it. And since at the time I had it installed (the modem) I only had the windows box hooked up. Since the reset, everything's fine and the Linux box is now online! Thank you for the tutorial and all the help you supply on here in addition. I'll finish the rest of the tut now and get this box set up a little tighter. Thanks again Kev...
Robert-Rock on! thanks for the kind words.*PS the PDF is ready, http://woodel.com-Kev
WOW this tutorial is absolutely brilliant and a am not even finished with it yet. the only thing that could be better is if there was a webmin module for bind configuration.P.S. i would donate if i had any money.
Ellisgeek-Thanks!!*note, There is a Bind9 module, its under the Servers module once you install bind9.Thanks again-Kev
Kevin, Excellent work. Have set up two Ubuntu servers and because I have learned so much from you, I have ventured into more distros, thanks. Question for you, I want to move my server to another PC, set it up exactly the same. How can I mount my d2p1 in the new box and not format it? Is it possible to mkdir "mymounts", install drive then mount with those "shortcuts" you show but do noy use in the tutorial? Thanks loads. Thanks,Mark F
Hey Mark.Thanks!Is d2p1 just a data drive? If so, yes.On the new server run thismkdir /mymounts/d2p1then navigate to Webmin disk and network file systems module, and mount it as ext3 (or 4 or 2, whatever) in the local /mymounts/d2p1 folder.No formatting is needed.-Kev
Kevin, Thanks to you too!d2p1 has user and public folders that hold the data, intend to put users on new system just as it was, same names and p/w's. BTW, I have a d3p1 that is a backup of d2p1, (can't bring myself to use raid yet!) If I have to I'll do it up from scrach seeing as I have 2 exact HD's, I have two other Ubuntu desktops I could mount 1 drive and copy the folders over.Thanks,Mark F
had an issue doing an install today, went searching for some answers and ran across this, you are simply amazing, i am trying to use your woodel guide as well, have not gone through very much of it yet. but am running across this issue, root@rd-debian-server:~# apt-get install libmd5-perl etherwake ntpdate libio-socket-ssl-perlReading package lists... DoneBuilding dependency treeReading state information... DoneE: Unable to locate package libmd5-perli am trying to learn a bit more so hanging in the debian irc room, and somene posted this to help me, RD: This package was replaced by the Digest::MD5 module (Debian bug #539019) and is not available post-Lenny. tried on a different install to get a different version of perl but still had no luck getting webmin running, any ideas? also have been told not to mess around with webmin, i guess is no longer supported? am still going to be using your tutorial, seems i will have lots to learn using it, thank you for putting it together and thanks for your helpRD
Hey RD-Thanks!Are you using debain version 5.x?Try the 5.03 link on my website, the second one, pointing to my server. You can update it when your all done with the guide.To my knowledge Debian supports webmin, Ubuntu doesnt.-Kev
wow you are quick, have been using Debian 6.0 up till today it all worked fine, have done many installs so far experimenting with a little here and there. will try to do another install tomorow without doing any upgrading till after i have webmin installed. RD
RD-Thanks again :- )Yes use the 5.03 link from my site (from my server) much better experience.-Kev
ok, will try the 5.03, does that mean i should not do the get update then in the beginning steps ?
You can do "apt-get update" but hold of until you have webmin working before you do the "apt-get upgrade"-Kev
very interesting, learned a lot!.
CMS Application-Thanks! thats awesome!!-Kevin
What a great write up. Had to run through it 3 times before I got it running as a router. Ubuntu caused problems with the nics, but using Debian solved those issues and of course your most detailed setup.Thanks for all your hard work.
Anonymous-Thanks! thats awesome to hear. Making it thru page 5 is something to be very proud of, great work.-Kev
Hi Kev,Thanks for the comment, me Anonymous, actually me Karl.I found this link I don't know if you have seen it at all.http://versia.com/2009/11/19/nas-debian-lenny-raid1-encrypted/#grubI know it's not the quite the same thing but you might find something useful in it.
Well my joy of getting my server running was short lived. It was running fine with my laptop being able to access msn and getting excellent video with my wife. This lasted about an hour and then I had to go out and shut down my laptop. My server was left untouched.Upon my return after firing up my laptop I had NO internet connection, but was able to connect to my server. My server had been running while out and it is powered through a UPS. It had not been rebooted or touched since initial setup and the great link I had.I have checked and rechecked all the files and directories and they all seem to be as I left them. I re-read your document and followed it to the letter but to no avail. It seems that no matter what I do I just cannot access the internet through my laptop. I connected another PC to the network and the same there, no Internet.The server can access the internet with no problem.I wonder if you have any ideas as to what the problem might be as I am at my wits end here.Karl
Hey Karl-Check and make sure /etc/resolv.conf isnt getting overwritten \ changed on the server. This will interfere with the dhcp server.You can also try giving your laptop a static ip and static dns, to trouble-shoot if the dhcp server isnt handing out the right info.also if ipv4 packet forwarding isnt enabled in /etc/sysctl.conf, you will see this problem.Best of luck-Kev
Hi Kev.Well you hit the nail on the head with your first thought, the /etc/resolv.conf nameserver is being changed to 127.0.0.1. when I reboot. Presumably when I disconnected my laptop that happened to.
Karl-Thats why they call me "the hammer"j\k :- )127.0.0.1 is right if its on the server, thats not right if its on the laptop.Check pages 597 and 598 on my pdf to see if you have dns stuff right.*also try a static ip and static dns on your laptop to see if we are on the right path.-Kev
Karl-Your last message didnt show up, maybe it was too long. Sorry, i cant think of anything because it was working at one point.You could try starting over, and using Debian 5.03 from my server, ubuntu us pretty quick to make changes and may have changed something.best of luck-Kev
Thanks Kev I will do that. This will take a few days as I am fairly busy right now. I will let you know how things progress.What I would ideally like is to just install the necessary scripts first, that would enable the routing part to work. Once that is done then I can do the rest of the server.Both eth0 and eth1 do work and I can go in on either port with no problems. It's just passing the information between the ports is the problem.I can use putty and nano to do the configuration of the files. Or just use nano on the server itself, either way I am okay.
Karl-Sounds alot like ipv4 packet forwarding isnt enabled in /etc/sysctl.conf, or maybe you missed the part where bind9 is installed. (apt-get install bind9)Best of luck on your rebuild, please note my guide assumes you follow it step-by-step, starting at page 1, if you jump around in the document its likely you will miss something needed later.keep up the good work-Kev
Hi Kev,I downloaded Debian 5.03 from your server and installed it as your first pages, no problem. I then did the following;-----on server-----------aptitude install dhcp3-server sshnano /etc/dhcp3/dhcpd.conf/etc/init.d/dhcp3-server startnano /etc/sysctl.confnano /etc/network/interfaces/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADEthen;------on workstation------ping 18.104.22.168ping www.google.comAll worked according to plan. Next I issued the command;shutdown -r nowOn reboot it would not route, just as before. What I did next was to;/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADEThis made everything all good again. So now what I need to figure out is how to make that permanent and then I can get back to your instructions and finish this project. It sure has been a STEEP learning curve for me so far.
Karl-You not following the guide step by step.I never mention nano, aptitude, or iptables scripts. Please follow all 600 pages line by line if your going to ask me for help.Those scipts your running are temporary.follow each and every page \ sentence \ word
Kev,You are right, I have not followed your guide as per your instructions. The reason is I was not sure why I could not make the server route after following your instructions at least twice. Obviously I have made mistakes somewhere along the line, after all it is heavy reading. Also there are some parts in there that I do not want, like adding additional drives.So to cut a long story short, I have now proved to myself that my hardware is okay, as it is new. I now intend to go back through the guide page for page and install all that I need.I just informed you of what I was doing and why.Now I can start at the beginning with a better understanding of what I am doing.
Kev,Great How-To. Wish I found it sooner. I already had a Squid server running on my Ubuntu 10.04 box when I was looking for some help on setting up Samba.FYI, I was unable to Webmin into the box with Internet Explorer while using the proxy. Once I turned it off, all was good.
Jeffer-Thanks! Glad you like you it.-Kev
Hi Kevin,Firstly, as a namesake, gotta say you are awesome.Secondly, I have used your guide to great success on linux servers I have setup previously.Thirdly, I now have a problem with setting up a debian router as a guest on VMware. The problem is this, I can't seem to be able to connect to either NIC properly. When I use the bridge option, it cannot connect, while custom virtual bridge does connect but does not allow for packets to be forwarded. The DHCP is working for the eth_safe but no internet connection to eth_bad, gives me a connection time out, under custom virtual bridge. Also, while in this state, it does not allow for browsing on the host, win 7.What is going wrong, as I followed your guide to the letter?
Thanks Kevin, that’s awesome.To my knowledge you can’t do that part in a VM.It “may” be possible to put multiple physical NICs in your host, and hardlink them to the VM somehow, but all of this is a guess and still probably wouldn’t work. And even if you got it to work, it wouldn’t be very portable.You would be best off using on old spare PC, with two NICs. It doesn’t have to be powerful, I setup a few 700Mhz ones that can handle everything you throw at it, as a router.Good luck, thanks again, keep up the good work-Kevin
Hi, I will dual boot for the time being. I spent the day tinkering and no dice, cant seem to get it to work. If I do, will give a shout. Thanks for guide again, and if possible, think you could add a small section on Radius configuration. Would help with authentication for sharing a connection.Still awesome work.
Hey Kevin-Thanks again, and good luck.Not sure what you mean by Radius, in this setup you’re acting as an actual router, not ICS or DUN. But if you still have a need for something like that, ubuntuforums.org would probably be a good start.Thanks again-Kevin
Hi Kevin,Nice Work! verynice.I'm having a problem. My two nic are not forwarding. Can help me?I have eth0 is working fine, computers are getting IP from the DHCP Server, eth4 is getting it IP from the ISP. MTU 1500 for both, Full-Duplex, I can ping google from LinuxBox, I've uncomment net.ipv4.ip_forward=1. I've set the FireWall as you said and nothing.but there is one part that i didn't understand. I was using eth1 for the sec nic and it was not working. the i ran ifconfig -a there it was as eth4. Is it normal that Linux use another name for you nic? or dosen't matter?Whe i try to navigate to Google.com nothing. I only have internatl network. Please help :(
Hey Anonymous, thanks!!!!Also, I can tell from your wording you read the guide carefully.You have covered most of my questions already, If I had to guess I would say it’s either a DNS issue or a firewall issue.To test and see if it’s a DNS issue, from a internal computer that isn’t working, see if you can ping Googles ip address (22.214.171.124) instead of its name. If you can ping its IP and not its name, then we know it’s a DNS issue.The firewall can also cause what you are experiencing. Look over your firewall rules, and make sure you have (at least 3 at the top most)unlimited access for LO (loopback) and Eth_Safe, And the one entry for eth_bad. Also make sure you have the 2 forwarding rules below it. And make sure they all say “Accept” in green letters to the left of the rule (via webmin) And make sure you told it to perform NAT on the right interface number.The eth4 isn’t a problem you “have to” fix, as long as mentaly your treating them as eth_bad and eth_safe, but it does mean there was some problem during setup, or the nic was moved around after setup.If it’s always coming up as eth4, and you can see it from ifconfig "without" the –a, then you don’t have a problem worth fixing. If you can’t see it without the –a, then there is either a big problem, or your file /etc/network/interface needs adjusting for the number 4 (eth4)Good luck, thanks for reading it so thoroughly, it’s easy to see you have an understanding of it.-Kev
Hi Kevin,I did all the steps mentioned in your documentation. However, ran into a problem.When I try to connect from my office to "ssh2 login" i get the following dialog message:MindTerm - AlertError connecting to xxx.xxx.xxx.xxx, reason:-> Connection refused: connectWhat could be the problem?I just want a shell to work with on so the next thing i tried with setting up "shell in a box". I got that installed and running successfully but then it said "cannot open connection" and in the java console logs i get the following message:"Thank you for using MindTerm...Netscape security model is no longer supported.Please migrate to the Java 2 security model instead."
I would like to add a note that ssh2 login works fine from local machine. This problem arises only from office.
Hey Anonymous-Does Putty work from your office? This is a good way to trouble-shoot if its a router\firewall issue, and if port forwarding isnt setup right.If Putty doesnt work, then your probably jumping ahead of yourself, later in the guide you will learn about port forwarding from WAN to LAN.If Putty does work, then try a newer browser, like Chrome.Also, make sure your computer at the office has the newest java installed (http://java.com)good luck-Kev
PuTTY also does not work and gives the same error message.
BTW just like to give additional information:1. Router has a static external IP2. 3 machines on LAN (1 Win7 & 2 CentOS)3. Webmin works for both Linux machines(from office). I dont need the Win7 for anything.4. Everything works inside LAN just fine.
If Webmin works, that means you understand port forwarding. Did you maybe change the default port for ssh? If so, then you need to edit the ssh2 module config with the new port numberIn your trouble-shooting, get Putty working first, then move on to the ssh2 module once putty is working.Keep up the good work.-Kev
What I have done is redirected traffic from my public static IP to my CentOS machine for port 443. My office network wont allow traffic on https://:10000Does the ssh port continue to run on 22 while telling my router to redirect requests on its public static IP to my ?
Post a Comment