First, the preface I combined with online information and personal practice, using an afternoon time to write this typical configuration for the resource download site. This configuration of the web site initially implements the management of IP threads and thread traffic, and PROFTPD is used for uploading resources, and SSH is used for host management. There is no doubt that you can dominate the valuable network bandwidth. There is a simple firewall configuration behind the article for reference. The Linux version I use is Redhat AS 3.0.
I hope that everyone will communicate with me after reading this article, mail: llzq @163.com II, software version apache-1.3.29 mysql-4.0.16 php-4.3.4 proftpd-1.2.9 mod_limitipConn-0.04 mod_bandwidth- 2.0.4 Third, Installation MYSQL # cd mysql-4.0.16 # ./configure --prefix = / usr / local / mysql --localStatedir = / usr / local / mysql / data --disable-maintainer-mode -with -mySQLD-user = mysql --enable-large-files-welh-debug # make # make install Add mysql user # / usr / sbin / groupadd mysqlthen we create a user called mysql which belongs to the mysql group; # / usr / SBIN / UserAdd -g mysql mysql installation database file: #. / scripts / mysql_install_db set file permissions: # chown -r root: mysql / usr / local / mysql # chown -r mysql: mysql / usr / local / mysql / data configuration LD.SO.CONF # vi /etc/ld.so.conf Add below: / usr / local / mysql / lib / mysql creation Mysql startup file: # cp support-files / mysql.server /etc/init.d / mysql # cp support-files / my-medium.cnf /etc/my.cnf starts mysql: # / usr / local / mysql / bin / mysqld_safe -user = mysql & settings mysql root password: # / usr / local / mysql: # / usr / local / mysql / bin / mysqladmin -u root password new_password Set the mysql service to boot: # chmod 755 /etc/init.d/mysql # chKC Onfig --Add MySQL # chkconfig mysql on four, installation configuration php #CD PHP-4.3.4 #. / configure --prefix = / usr / local / php --with-apxs = / usr / local / apache / bin / APXS --with-mysql = / usr / local / mysql #make #Make Install Create a PHP configuration file: # cp php.ini-dist /usr/local/php/lib/php.ini Modify PHP configuration file: # vi /usr/local/php/lib/php.ini doc_root = "/ home / www /" file_uploads = off register-golbals = ON to establish test PHP page # vi /home/www/test.php
# chomd 755 /Home/www/test.php 5. Install apache-1.3.29 # tar zvxf apache_1.3.29.29 # cd apache_1.3.29 # cp ../mod_bandwidth.c mod_bandwidth.c Modify SRC / Include / Httpd.h increases the maximum number of threads # vi src / include / httpd.h modified #define hard_server_limit 256 for #define hard_server_limit 2560 # ./configure --prefix = / usr / local / apache --enable-module = so --enable-module = REWRITE --ENABLE-Shared = max --htdocsdir = / home / www --add-module = mod_bandwidth.c --Permute-module = begin: Bandwidth # make # make install created startup file: # CP apachectl /etc/init.d/httpd Modify Apache profile: #vi /usr/local/apache/conf/httpd.conf modification, add and confirm the following configuration items: adddefaultcharset GB2312 Note "AddDefaultCharset ISO8859 *" ExtendedStatus On LoadModule php4_module modules / libphp4.so DirectoryIndex index.html index.html.var index.php AddType application / x-httpd-php .php AddType application / x-httpd-php-source .phps LoadModule limitipconn_module libexec / mod_limitipconn.so AddModule MOD_LIMITIPCONN.C Install MOD_LIMITIPCONN-0.04 # tar xzf mod_limitipconn-0.04.tar.gz # cd mod_limitipConn-0.04 # vi makefile apxs = / usr / local / apache / bin / apxs # make # make install Use the Mod_Limitip module to add this setting in httpd.conf
Bandwidth 192.168.0 0 200000 Network users download speed 200K bandwidth all 51200 Limit other users download speed of 51200 bytes per second Modify /etc/init.d/httpd# vi / ETC / INIT.D / httpd Add the following: #! / bin / sh # # Startup Script for the apache Web Server # chkconfig: - 85 # Description: Apache is a world wide web server. it is used To serve / # html files and cgi. # ProcessName: httpd # pidfile: /usr/local/apache/log/httpd.pid # config: /usr/local/apache/conf/httpd.conf Set the Apache service to boot : # Chkconfig --Add httpd # chmod 755 /etc/init.d/httpd # chkconfig httpd on six, install PORFTPD-1.2.9 # tar -zxvf proFTPD-1.2.9.tar.gz # cd proFTPD-1.2.9 # ./configure --prefix = / usr / local / proFTPD # make # make install establishes the boot file, set the proFTPD to boot # cp ./contrib/dist/rpm/proftpd.init.d /etc/rc.d /init.d/proftpd# chkconfig --Add proFTPD # chmod 755 /etc/rc.d/init.d/proftpd # vi /etc/rc.d/init.d/functions export path = "/ sbin: / usr / sbin: / bin: / usr / bin: / usr / x11r6 / bin: / usr / local / proFTPD / SBIN "# VI / ETC / RC .d / init.d / proFTPD config: /usr/local/proftpd/etc/proftpd.conf path = "$ path: / usr / local / proFTPD / sbin" # chkconfig proFTPD ON Create account number and directory: # mkdir / home / TEST # chmod 755 / home / test # adduser -d / home / test -g ftp -s / sbin / nologin test # passwd test # adduser -d / home / upload -g ftp -s / sbin / nologin upload # passwd Upload configuration /usr/local/proftpd/etc/proftpd.conf, disabled anonymous login ServerName "Llzqq's FTP Service"
ServerType standalone DefaultServer on # Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022MaxInstances 10 # Set the user and group under which the server will run. User nobody Group ftp # to cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. DefaultRoot ~ # Normally, we want files to be overwriteable.
Eight, to establish a simple and effective firewall export PATH = / sbin: / usr / sbin: / bin: / usr / binmodprobe iptable_nat modprobe ip_nat_ftp modprobe ip_nat_irc modprobe ip_conntrack modprobe ip_conntrack_ftp modprobe ip_conntrack_ircecho 1> / proc / sys / net / ipv4 / icmp_echo_ignore_broadcasts echo 0> / proc / sys / net / ipv4 / conf / all / accept_source_route echo 0> / proc / sys / net / ipv4 / conf / all / accept_redirects echo 1> / proc / sys / net / ipv4 / icmp_ignore_bogus_error_responses echo 1> / Proc / Sys / Net / IPv4 / Conf / ALL / LOG_MARTIANSIPTABLES -F iptables -x iptables -z iptables -a input -i eth0 -s 10.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0-s 192.168.0.0 / 16 -J Drop ## iptables -a input -m state --state established, Related -j accept ## loopback iptables -a input -i lo -j accept iptables -a output -o lo -j accept ## SYN- FLOODING iptables -n syn-flood iptables -a input -i eth0 -p tcp --Syn -j syn-flood iptables -a syn-flood -m limit --LIMIT 1 / S --LIMIT-BURST 4 -J RETURN IPTABLES -A syn-flood -j drop ## make Sure That New TCP Connections Are Syn Packe TS iptables -a input -i eth0 -p tcp! --syn -m state --state new -j drop ## http iptables -a input -i eth0 -p TCP -D 0/0 - Dport 80 -j Accept ## i p p - f l l l i i m m m i i i i i i 3 -J Accept ## ftp service iptables -a input -i eth0 -p tcp --dport 21 -j accept iptables -a input -i eth0 -p tcp --dport 20 -j accept ## ssh login iptables -a input -i eth0 -m mac --Mac-Source 00: 00: 00: 00: 00: 00 -p TCP --DPORT 22 -J Accept iptables -a input -i eth0 -p TCP - Dport 22 -J Drop # # Anything else not allowed iptables -a input -i eth0 -j drop nine, appendix: mod_bandwidth option brief description: BANDWIDTHPULSE format: Bandwidthpulse <
