These two days have been studying AS3, initial use, spanning from RH73 to AS3, does have a lot of things uncomfortable, the configuration method is not the same, the following is some of the problems I appear when installing configuration, explain here
My system hangs Mysql, PHP, Apache2, made Squid and Nat, Samba, DHCP, Sendmail SMTP authentication, Proftpd
1, install mysql4.0.18
After mysql, decompression
[quote: 6f57b6b1f4]
./configure --prefix = / usr / local / mysql
Make
Make Install
UserAdd MySQL
chown -r mysql / usr / local / mysql / var
[/ quote: 6F57B6B1F4]
Start mysql, / usr / local / mysql / bin / mysqld_safe --user = mysql
2, install Apache 2.0.48
unzip
[quote: 6f57b6b1f4]
./configure
Make
Make Install
[/ quote: 6F57B6B1F4]
3, install PHP 4.3.4
unzip
[quote: 6f57b6b1f4]
./configure --with-mysql --with-apxs2 = / usr / local / apache2 / bin / apxs --enable-versioning --disable-debug --enable-track-vars
Make
Make Install
[/ quote: 6F57B6B1F4]
Modify /usr/local/apache2/conf/httpd.conf
See if there is two lines?
[quote: 6f57b6b1f4]
LoadModule PHP4_Module Modules / Libphp4.so
AddType Application / X-httpd-php .php
[/ quote: 6F57B6B1F4]
There should be the first line by default, the second line will add yourself
Add default page index.php
[quote: 6f57b6b1f4]
DirectoryIndex index.html index.php index.htm index.html.var
[/ quote: 6F57B6B1F4]
4, configure sendmail
vi /etc/mail/sendmail.mc
will
[quote: 6f57b6b1f4]
DNL # trust_auth_mech (`External Digest-MD5 CRAM-MD5 Login Plain ') DNL
DNL # define (`confauth_mechanism", `external gssapi digest-md5 cram-md5 login plain ') DNL
[/ quote: 6F57B6B1F4]
Modify to support SMTP letter authentication
[quote: 6f57b6b1f4]
Trust_auth_mech (`External Digest-MD5 CRAM-MD5 Login Plain ') DNL
Define (`confauth_mechanism", `External Gssapi Digest-MD5 CRAM-MD5 Login Plain ') DNL
[/ quote: 6F57B6B1F4]
will
[quote: 6f57b6b1f4]
Daemon_Options (`port = SMTP, 127.0.0.1, Name = MTA ') DNL
[/ quote: 6F57B6B1F4]
Modify to support remote access
[quote: 6f57b6b1f4]
Daemon_Options (`port = SMTP, Name = MTA ') DNL
[/ quote: 6F57B6B1F4]
will
[quote: 6f57b6b1f4]
DNL # masquerade_as (`Platinum.3322.org ') DNL
[/ quote: 6F57B6B1F4]
Change to
[quote: 6f57b6b1f4]
Masquerade_as (`Platinum.3322.org ') DNL
[/ quote: 6F57B6B1F4]
M4 /etc/mail/sendmail.mc> /etc/mail/sendmail.cf
vi /etc/mail/sendmail.cf
modify
[quote: 6f57b6b1f4]
Cwlocalhost
[/ quote: 6F57B6B1F4]
for
[quote: 6f57b6b1f4]
CWLocalHost Platinum.3322.org
[/ quote: 6F57B6B1F4]
Vi / etc / mail / access add 0.0.0.0 relay
VI / ETC / MAIL / LOCAL-Host-Names
Add to
[quote: 6f57b6b1f4]
Localhost
Platinum.3322.org
[/ quote: 6F57B6B1F4]
Start service:
/etc/rc.d/init.d/sendmail start
/etc/rc.d/init.d/saslauthd start
Setup, enable IPOP3 service
/etc/rc.d/init.d/xinetd Restart
test:
AddUser Test
Passwd test
Outlook test
5, do ADSL dial-up
ADSL-SETUP
Step by step, next step
Then modify the generated configuration file / etc / sysconfig / network-scripts / ifcfg-ppp0
Inside
[quote: 6f57b6b1f4]
PPPOE_TIMEOUT = 60
[/ quote: 6F57B6B1F4]
Change to
[quote: 6f57b6b1f4]
PPPOE_TIMEOUT = 0
[/ quote: 6F57B6B1F4]
This will not automatically disconnect because there is no data transmission.
6, do NAT
vi /etc/sysctl.conf
modify
[quote: 6f57b6b1f4]
Net.IPv4.ip_forward = 0
[/ quote: 6F57B6B1F4]
for
[quote: 6f57b6b1f4]
Net.IPv4.ip_forward = 1
[/ quote: 6F57B6B1F4]
This allows the default to allow forwarding, no need to modify / proc / net / ipv4 / ip_forward each time
Add control in the firewall, allowing NAT to go out
[quote: 6f57b6b1f4]
/ sbin / iptables -t nat -a postrouting -s 192.168.0.0/24 -j masquerade
[/ quote: 6F57B6B1F4]
7, do Squid
I follow the RH73 Squid configuration, but I encountered problems in AS3.
Later, I found that I could find that I couldn't find a DNS Server, strange, my ADSL dialing energy ping passenger www.163.com.
Later, it was discovered that /etc/resvol.conf was empty, I added a DNS Server.
My Squid has done a capacity of 1000m, saves the files below the 1m size of HTTP, which is not fine to say how to configure Squid.
Don't forget to point the 80-port to the port of Squid in iptables, I am the default 3128
8, DHCP
I still follow the rh73's dhcpd.conf, the results prompt the error, the service can't start, and then I find that you need to add a parameter [quote: 6f57b6b1f4]
DDNS-UPDATE-STYLE AD-HOC;
[/ quote: 6F57B6B1F4]
My profile is as follows
[Code: 1: 6f57b6b1f4]
DDNS-UPDATE-STYLE AD-HOC;
Max-Lease-Time -1;
DEFAULT-Lease-Time -1;
Option Subnet-Mask 255.255.255.0;
Option Broadcast-Address 255.255.255.255;
Option Routers 192.168.0.1;
Option Domain-Name-Servers 192.168.0.1, 202.106.196.152;
Option Domain-name "Platinum.3322.org";
Subnet 192.168.0.0 Netmask 255.255.255.0 {
Range 192.168.0.2 192.168.0.100;
Host Platinum {
Hardware Ethernet 00: 0A: E6: A9: 64: A2;
Fixed-Address 192.168.0.2;
}
Host bchyi {
Hardware Ethernet 00:80: C8: E4: C1: E4;
Fixed-Address 192.168.0.3;
Filename "/TFTPBOOT/PXELINUX.0";
}
}
[/ code: 1: 6f57b6b1f4]
9, Samba
This is the most headache, because this confused me half a day.
At the beginning, I used the RH73 configuration documentation, I found that the online neighbors can see it, but I can't access it.
My configuration document is as follows
[Code: 1: 6f57b6b1f4]
[global]
Client code Page = 936
Workgroup = home
Server string = Samba Server
Security = user
Encrypt passwords = yes
Update encrypted = yes
Obey Pam Restrictions = YES
Pam Password Change = YES
Passwd program = / usr / bin / passwd% u
Passwd chat = * new * password *% N / N * Retype * new * password *% n / n * passwd: * all * authentication * tokens * updated * successful all *
Unix Password Sync = YES
Log file = /var/log/samba/%m.log
Max log size = 0
Socket Options = TCP_NODELAY SO_RCVBUF = 8192 SO_SNDBUF = 8192
Wins proxy = yes
Wins Support = YES
Remote announce = 192.168.0.255
Remote browse sync = 192.168.0.255
Create Mask = 0777
Directory Mask = 0777
Printing = lprng
[data center]
Comment = datacenter
Path = / share / datacenter
Read only = no
[/ code: 1: 6f57b6b1f4]
So I changed security = domain into security = user
The results show that it can come out, but after entering, the English directory is not problematic, Chinese is all garbled (generic box)
In RH73 and RH9, I can't do it in AS3?
So I ssh, Into my hard drive LS directly, the result is stupid, the original RH73 is the Chinese name, now become ??? Waiting
......
After reminding you, I remember that I have a relationship with the character set, so I reite the TTFONTS-ZH_CN library. I found that there is a lot of things, there are too many things, helpless, and reload the system ...
Now, LS, discover still???, Helpless, choose the default character set to GB2312, LS, nothing!
/etc/rc.d/init.d/smb restart
Go back to the online neighbor, enter, and find that it is still garbled!
It seems that the character set does not matter, and the configuration of Samba has a relationship.
TestParm found that Client Code Page = 936 This sentence is not good in AS3, prompting this sentence error
Is there any Chinese? ? ?
I found N more information, I found the correct configuration method in an foreigner forum (showing Chinese things in the foreigner forum), replacing them in these two sentences:
[color = red: 6f57b6b1f4] dos charset = cp936
Unix charset = cp936 [/ color: 6f57b6b1f4]
Now Samba can use, the correct configuration document is as follows
[Code: 1: 6f57b6b1f4]
[global]
dos charset = cp936
UNIX Charset = CP936
Workgroup = home
Server string = Samba Server
Security = user
Encrypt passwords = yes
Update encrypted = yes
Obey Pam Restrictions = YES
Pam Password Change = YES
Passwd program = / usr / bin / passwd% u
Passwd chat = * new * password *% N / N * Retype * new * password *% n / n * passwd: * all * authentication * tokens * updated * successful all *
Unix Password Sync = YES
Log file = /var/log/samba/%m.log
Max log size = 0
Socket Options = TCP_NODELAY SO_RCVBUF = 8192 SO_SNDBUF = 8192
Wins proxy = yes
Wins Support = YES
Remote announce = 192.168.0.255
Remote browse sync = 192.168.0.255
Create Mask = 0777
Directory Mask = 0777
Printing = lprng
[data center]
Comment = datacenter
Path = / share / datacenter
Read only = no
[/ code: 1: 6f57b6b1f4]
[Color = Red: 6F57B6B1F4] Note: CP936 is Microsoft's disk system Chinese standard, and GB2312 is Chinese national Chinese standard, which is slightly different, using CP936 in Linux to better compatibility with Chinese disk format [/ color: 6F57B6B1F4]
10, Proftpd
This is a light car, it is 1.2.9 (the highest version, there is no vulnerability), compiled
Passed the configuration document directly.
[Code: 1: 6f57b6b1f4]
# This is a baric proFTPD Configuration File (Rename It To
# 'Proftpd.conf' for actual use. It Establishes a Single Server
# And a single anonymous login. It assuments That You have a user / group
# "Nobody" and "ftp" for normal operation and anon.
Servertype Standalone
DefaultServer on
ALLOWRETRIEVERESTART ON
AllowoverWrite on
ALLOWSTORERESTART ON
ServerIdent on "Welcome to Platinum's FTP!"
DEFAULTROOT ~
DisplayLogin .welcome
DisplayFirstchdir .Message
UseReverseDns off
Identlookups off
SYSTEMLOG /VAR/LOG/FTP.SYSLOG
Transferlog /var/log/ftp.transferlog
Transferrate Retr 20 Group HMOVIE
# MaxClientSperuser 10 "More than 10 guest users, please try again!"
# MaxClientSperHost 4
# Port 21 Is The Standard FTP Port.
Port 21
# Umask 022 is a good standard umask to prevent new dirsnd files
# From being group and worldwritable.
Umask 002
# To prevent dos attics, set the maximum number of child processes
# To 30. If you need to allow more Than 30 Concurrent Connections
# At ONCE, SIMPLY Increase this value. Note That excrething
# In Standalone Mode, in inetd Mode You Should Use An inetd Server # That Allows You To Limit Maximum Number of Processes Per Service
# (SUCH AS XINETD).
MaxInstances 30
# Set the user and group under which the server will run.
User Nobody
Group nobody
# NORMALLY, WE WANT FILES to Be overwriteable.
AllowoverWrite on
DenyGroup HMOVIE
User guest
Group FTP
AllowoverWrite on
ALLOWRETRIEVERESTART ON
ALLOWSTORERESTART ON
Transferrate Retr 10
# MaxClientSperuser 30 "More than 30 guest users, please try again!"
# MaxClientSperHost 4
Umask 000
Denyall
[/ code: 1: 6f57b6b1f4]
11, network security issues
The service is good, the network security can not be ignored
This is my "rebound" firewall
[Code: 1: 6f57b6b1f4]
#! / Bin / bash
/ sbin / modprobe ip_conntrack_ftp
/ SBIN / MODPROBE IP_NAT_FTP
/ sbin / iptables -f -t filter
/ sbin / iptables -f -t nat
/ sbin / iptables -p input accept
/ sbin / iptables -p output accept
/ sbin / iptables -p forward accept
/ sbin / iptables -t nat -p preloading accept
/ sbin / iptables -t Nat -P PostRouting Accept
/ sbin / iptables -t Nat -P Output ACCEPT
# Allow all in private net
/ sbin / iptables -a input -i lo -j acceptpt
/ sbin / iptables -a input -i eth1 -j acceptpt
# Ftp
/ sbin / iptables -a INPUT -M LIMIT --LIMIT 100 / S --LIMIT-BURST 100 -P TCP - DPORT 21 -J ACCEPT
# Ssh & telnet
/ sbin / iptables -a input -p tcp --dport 22 -j accept
# Mail / sbin / iptables -a input -p tcp --dport 25 -j accept
/ sbin / iptables -a input -p tcp --dport 110 -j accept
# Vpn
# / sbin / iptables -a input -p tcp --dport 1723 -j acceptpt
# / sbin / iptables -a input -p GRE -J ACCEPT
# Www
/ sbin / iptables -a INPUT -M LIMIT --LIMIT 100 / S --LIMIT-BURST 100 -P TCP - DPORT 80 -J ACCEPT
# Mysql
# / Sbin / iptables -a input -p tcp --dport 3306 -j acceptpt
# SOCKS5
# / Sbin / iptables -a input -p tcp --dport 8039 -j acceptpt
# ICMP (ping)
/ sbin / iptables -a input -p icmp - iCMP-TYPE Echo-request -j repject
/ sbin / iptables -a input -p icmp --ICMP-TYPE! Echo-Request -j Accept
# Nat
/ sbin / iptables -t nat -a postrouting -s 192.168.0.0/24 -j masquerade
# DNAT SQL-Server & Radmin to Private Net
/ sbin / iptables -a preording -t nat -p tcp -s! 192.168.0.0/24 --dport 4899 -j dnat --to 192.168.0.2:4899
/ sbin / iptables -a preording -t nat -p tcp -s! 192.168.0.0.04 --dport 5000 -J DNAT --to 192.168.0.3:4899
iptables -t nat -a preording -p tcp -m TCP -S 192.168.0.0.0.04 --dport 80 -j dnat --to 192.168.0.1:3128
# Deny others
/ sbin / iptables -ainput -m state --state established, Related -j Accept
/ sbin / iptables -a input -j mirror
[/ code: 1: 6f57b6b1f4]
I finally finished, it is not easy, this 17 hours no holiday!
