Setting Up FTP Server with Linux

SETTING LAYANAN FTP SERVER
1. Pada linux terdapat banyak sekali aplikasi FTP Server (vsftpd, wu-ftpd, wzdftpd, pureftpd, tftpd). Namun disini yang digunakan vsftpd.
2. Install paket vsftpd.
# apt-get install vsftpd
3. Setelah semua instalasi selesai dilakukan. Edit file vsftpd.conf, namun terlebih dahulu anda bisa back-up file tersebut terlebih dahulu.
4. Kemudian ubah beberapa opsi file /etc/vsftpd.conf berikut,
# Allow anonymous FTP?

anonymous_enable=NO

# Uncomment this to allow local users to log in.

local_enable=YES

# Uncomment this to enable any form of FTP write
command.

write_enable=YES

# You may fully customise the login banner string:

ftpd_banner=Welcome to my FTP.

# chroot_list_enable below.

chroot_local_user=YES

5. Simpan file diatas, kemudian restart FTP server.
# /etc/init.d/vsftpd restart
6. FTP Server anda siap digunakan. Untuk tes lakukan ftp ke localhost.
# ftp localhost

Setting Up DHCP Server with Linux

SETTING DHCP SERVER
1. Install paket dhcp3-server.
# apt-get install dhcp3-server
2. Setelah semua instalasi selesai dilakukan. Edit file dhcpd.conf, namun terlebih dahulu anda bisa back-up file tersebut terlebih dahulu.
3. Buat file /etc/dhcp3/dhcp.conf berikut,
# /etc/dhcp3/dhcpd.conf

default-lease-time 600;

max-lease-time 7200;

option subnet-mask 255.255.255.0;

option broadcast-address ;

option routers ;

option domain-name-servers 204.159.3.8>;

option domain-name ;

subnet 192.168.2.0 netmask 255.255.255.0 {

range 192.168.2.10 192.168.2.100;
# Range IP yang disediakan
range 192.168.2.150 192.168.2.200;

}

4. Simpan file diatas, kemudian restart DHCP server.
# /etc/init.d/dhcp3-server restart
5. Setting pada Client untuk menggunakan setting DHCP.
6. Coba koneksikan Client-Server, kemudian lakukan ping untuk tes koneksi. Apabila terdapat reply, berarti koneksi berhasil.

Remote Microsoft Windows desktop using Linux

First Step
Setting your windows to allow remote access in your network.
1. Open Start Menu | Control Panel.
2. In Control Panel windows, choose double click System icon.
3. When System Properties opened, choose Remote tab.
4. Mark ‘V’ in ”Allow users to connect remotely to this computer”. If you have a lot of users in your computer, select button “Select Remote Users…”.
5. In “Remote Desktop User” you can add user that can be accessed in remote desktop.
6. And then Apply your setting.

Second Step
Setting your firewall to open your computer port for remote desktop.
7. Open Start Menu | Control Panel.
8. Click Windows Firewall icon to open windows firewall setting.
9. Choose Exceptions tab, and give mark for Remote Desktop in Program and Services.
10. Click OK to apply your setting.

Third Step
Last step, we use rdesktop package in Linux distribution for remote desktop tools.
11. To check that rdesktop already installed in your system, use this command in console.

# rpm –qa | grep rdesktop
rdesktop-1.5.0-20

If your console displayed your rdesktop version. So rdesktop is already installed in your linux system. But if your system not already installed rdesktop you can follow next step to install rdesktop.
12. Still use your console, type this command,

# rpm –ivh rdesktop-1.5.0-20

13. After your installation complete, then you can run your rdesktop to remote windows desktop.

# rdekstop 10.252.1.32

If you want to remote more computers, you can type command :

# rdekstop

You can allow remoted computer sound in your linux system, and you can hear it.

# rdekstop –r sound:local

Setting 3D effect in your Linux Desktop

INSTALASI BERYL
1. Untuk dapat menggunakan aplikasi Beryl 3D Desktop, anda bisa download paketnya di http://www.beryl-project.org. Berikut paket-paketnya.
1. Beryl Core
2. Beryl Manager
3. Beryl Setting
4. Beryl Plugins
5. Beryl Dbus
6. Beryl Mesa
7. Aquamarine
8. Heliodor
9. Emerald
10. Emerald Themes

2. Setelah didapat semua paket yang diperlukan, kemudian lakukan langkah berikut.
1. Ekstrak paket Beryl Core.
# tar xvfj beryl-core-0.1.5.tar.bz2
2. Masuk ke direktori hasil ekstraksi tersebut.
# cd beryl-core
3. Kemudian jalankan script configurasi berikut,
# ./configure –prefix=/usr
4. Setelah itu lakukan kompilasi berikut.
# make
5. Lakukan instalasi paket beryl-core.
# make install
6. Lakukan proses instalasi seperti diatas pada semua paket Beryl.
3. Setelah semua proses instalasi berhasil, langkah selanjutnya yang perlu anda lakukan adalah mengedit xorg.conf yang terdapat pada direktori /etc/X11/xorg.conf seperti berikut.
Section “device”
…
Option “RenderAccel” “True”
Option “DisableGLXRootClipping” “True”
Option “BackStoring” “True”
EndSection

Section “screen”
…
Option “AddARGBGLXVisuals” “True”
…
EndSection

Section “Extensions”
Option “Composite” “Enable”
Option “RENDER” “Enable”
EndSection

4. Setelah itu RESTART system anda.
5. Kemudian jalankan perintah pada console.
# beryl-manager
Tidak akan ada yang percaya anda menggunakan Opensource yg menakjubkan.

Setting-Up WebCam in Linux

SOFTWARE & HARDWARE.
Sebelum memulai, siapkanlah hardware dan software berikut ini:
1. Sebuah Logitech Quickcam Express yang menggunakan
2. interface USB.
3.
4. Linux OS yang pake’ Kernel 2.6.
5. Driver spca5xx. ( http://mxhaard.free.fr/download.html).
6. GCC untuk kompilasi.
7.

CARA MEMASAK.
1. Buka Console (Terminal).
2. Ketik : # lsusb.
Perhatikan pada list webcam anda yang terdeteksi. Catat ID ( xxxx:xxxx ), dimana 4 digit pertama adalah Vendor ID dan 4 digit berikutnya Product ID yg terpisah oleh ‘:’.
3. Buka http://mxhaard.free.fr/spcaxx.html, cari ID webcam anda di database web tsb. Setelah ketemu, download driver tsb.

Kemudian lakukan langkah berikut untuk configurasinya.
1. Melalui Console.
2. Extract file spca5xx-20060502.tar.gz.
# tar xvzf spca5xx-20060502.tar.gz
# cd spca5xx-20060502
3. Sekarang anda berada di direktori spca5xx-20060502. Kemudian ketikkan perintah,
# make
….
….

4. Pastikan tidak ada pesan error yang muncul setelah perintah #3.
5. Setelah proses kompilasi selesai, terdapat modul kernel spca5xx.ko di direktori aktif.
6. Kemudian ketikkan perintah barikut.
# make install
7. Untuk menjalankan webcam kita, terlebih dahulu load usbcore dan videodev.
#modprobe usbcore
#modprobe videodev
8. Setelah itu load driver webcam kita.
# modprobe spca5xx
atau
# insmod spca5xx.ko
9. Untuk memastikan driver udah berjalan lancar ato belom, jalankan perintah berikut.
# lsmod | grep -i spca

UJICOBA
1. Anda bisa pake gqcam dapat di download di (http://cse.unl.edu/~cluening/gqcam/).
2. Setelah instalasi, jalankan perinta berikut .
# gqcam
atau klo gqcam g bisa menemukan device, jalankan perintah berikut.
# gqcam -v /dev/video1 (device berada pada /dev/video1)

Bandwidth Limiting (Part 3)

OK, when we have configured everything, we must make sure everything under /opt/squid and /cache directories belongs to user ’squid’.

# mkdir /var/log/squid/

# chown squid:squid /var/log/squid/

# chmod 770 /var/log/squid/

# chown −R squid:squid /opt/squid/

# chown −R squid:squid /cache/

Now everything is ready to run Squid. When we do it for the first time, we have to create its cache directories:

# /opt/squid/bin/squid −z

We run Squid and check if everything is working with IPTraf, make sure you have set the appropriate proxy in your web browsers (192.168.1.1, port 8080 in our example):

# /opt/squid/bin/squid

If everything is working, we add /opt/squid/bin/squid line to the end of our initializing scripts. Usually, it can be /etc/rc.d/rc.local.

You can also copy cachemgr.cgi to the cgi−bin directory of your WWW server, to make use of a useful Cache Manager.

OK, we have installed Squid and configured it to use delay pools. I bet nobody wants to be restricted, especially our clever LAN users. They will likely try to avoid our limitations, just to download their favorite mp3s a little faster (and thus causing your headache).

I assume that you use IP−masquerade on your LAN so that your users could use IRC, ICQ, email, etc. That’s OK, but we must make sure that our LAN users will use our delay pooled Squid to access web pages and use ftp. We can solve most of these problems by using ipchains or iptables.

Linux 2.2.x kernels (ipchains)

We must make sure that nobody will try to cheat and use a proxy server other than ours. Public proxies usually run on 3128 and 8080 ports:

/sbin/ipchains −A input −s 192.168.1.1/24 −d ! 192.168.1.1 3128 −p TCP −j REJECT

/sbin/ipchains −A input −s 192.168.1.1/24 −d ! 192.168.1.1 8080 −p TCP −j REJECT

We must also make sure that nobody will try to cheat and connect to the internet directly (IP−masquerade) to download web pages:

/sbin/ipchains −A input −s 192.168.1.1/24 −d ! 192.168.1.1 80 −p TCP −j REDIRECT 8080

If everything is working, we add these lines to the end of our initializing scripts. Usually, it can be /etc/rc.d/rc.local.

Linux 2.4.x kernels (iptables)

We must make sure that nobody will try to cheat and use a proxy server other than ours. Public proxies usually run on 3128 and 8080 ports:

/sbin/iptables −A FORWARD −s 192.168.1.1/24 −d ! 192.168.1.1 −−dport 3128 −p TCP −j DROP

/sbin/iptables −A FORWARD −s 192.168.1.1/24 −d ! 192.168.1.1 −−dport 8080 −p TCP −j DROP

We must also make sure that nobody will try to cheat and connect to the internet directly (IP−masquerade) to download web pages:

/sbin/iptables −t nat −A PREROUTING −i eth0 −p tcp −−dport 80 −j REDIRECT −−to−port 8080

If everything is working, we add these lines to the end of our initializing scripts. Usually, it can be /etc/rc.d/rc.local.

Dealing with Other Bandwidth consuming Protocols Using CBQ

We must remember that our LAN users can spoil our efforts if they use Napster, Kazaa or RealAudio. We must also remember that we didn’t block ftp traffic. We will achieve it in a different way −− not by limiting downloading directly, but rather, indirectly. If our internet device is ppp0 and LAN device is eth0, we will limit outgoing traffic on interface eth0, and thus, limit incoming traffic to ppp0.

To do it, we will get familiar with CBQ and cbq.init script. Download cbq.init−v0.6.2 and put it in /etc/rc.d/. You will also need iproute2 installed. Now look in your /etc/sysconfig/cbq/ directory. There, you should have an example file, which should work with cbq.init. If it isn’t there, you probably don’t have it compiled in your kernel or it isn’t present as modules. Well, in any case, just make that directory, put example files provided below, and see if it’d work for you.

Bandwidth Limiting (Part 2) — source code

Configure our squid.conf file (located under /opt/squid/etc/squid.conf):

#squid.conf

…

#The ports our Squid will listen on.

http_port 8080

icp_port 3130

…

acl QUERY urlpath_regex cgi−bin \?

no_cache deny QUERY

#Memory the Squid will use. Well, Squid will use far more than that.

cache_mem 16 MB

#250 means that Squid will use 250 megabytes of disk space.

cache_dir ufs /cache 250 16 256

#Places where Squid’s logs will go to.

cache_log /var/log/squid/cache.log

cache_access_log /var/log/squid/access.log

cache_store_log /var/log/squid/store.log

cache_swap_log /var/log/squid/swap.log

#How many times to rotate the logs before deleting them.

#See the FAQ for more info.

logfile_rotate 10

redirect_rewrites_host_header off

cache_replacement_policy GDSF

acl localnet src 192.168.1.0/255.255.255.0

acl localhost src 127.0.0.1/255.255.255.255

acl Safe_ports port 80 443 210 119 70 20 21 1025−65535

acl CONNECT method CONNECT

acl all src 0.0.0.0/0.0.0.0

http_access allow localnet

http_access allow localhost

http_access deny !Safe_ports

http_access deny CONNECT

http_access deny all

maximum_object_size 3000 KB

store_avg_object_size 50 KB

httpd_accel_host virtual

httpd_accel_port 80

httpd_accel_with_proxy on

httpd_accel_uses_host_header on

#all our LAN users will be seen by external web servers

#as if they all used Mozilla on Linux.

anonymize_headers deny User−Agent

fake_user_agent Mozilla/5.0 (X11; U; Linux i686; en−US; rv:0.9.6+) Gecko/20011122

…

cache_mgr your@email

cachemgr_passwd secret_password all

#This is a name of a user our Squid will work as.

cache_effective_user squid

cache_effective_group squid

log_icp_queries off

buffered_logs on

#####DELAY POOLS

#This is the most important part for shaping incoming traffic with Squid

#For detailed description see squid.conf file or docs at http://www.squid−cache.org

#We don’t want to limit downloads on our local network.

acl magic_words1 url_regex −i 192.168

#We want to limit downloads of these type of files

#Put this all in one line

acl magic_words2 url_regex −i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .ram .rm .iso .raw .wav .mov

#We don’t block .html, .gif, .jpg and similar files, because they

#generally don’t consume much bandwidth

#We want to limit bandwidth during the day, and allow

#full bandwidth during the night

#Caution! with the acl below your downloads are likely to break

#at 23:59. Read the FAQ in this bandwidth if you want to avoid it.

acl day time 09:00−23:59

#We have two different delay_pools

#View Squid documentation to get familiar

#with delay_pools and delay_class.

delay_pools 2

#First delay pool

#We don’t want to delay our local traffic.

#There are three pool classes; here we will deal only with the second.

#First delay class (1) of second type (2).

delay_class 1 2

#−1/−1 mean that there are no limits.

delay_parameters 1 −1/−1 −1/−1

#magic_words1: 192.168 we have set before

delay_access 1 allow magic_words1

#Second delay pool.

#we want to delay downloading files mentioned in magic_words2.

#Second delay class (2) of second type (2).

delay_class 2 2

#The numbers here are values in bytes;

#we must remember that Squid doesn’t consider start/stop bits

#5000/150000 are values for the whole network

#5000/120000 are values for the single IP

#after downloaded files exceed about 150000 bytes,

#(or even twice or three times as much)

#they will continue to download at about 5000 bytes/s

delay_parameters 2 5000/150000 5000/120000

#We have set day to 09:00−23:59 before.

delay_access 2 allow day

delay_access 2 deny !day

delay_access 2 allow magic_words2

#EOF

Bandwidth Limiting (Part 1)

Introduction

The purpose of this guide is to provide an easy solution for limiting incoming traffic, thus preventing our LAN users from consuming all the bandwidth of our internet link. This is useful when our internet link is slow or our LAN users download tons of mp3s and the newest Linux distro’s *.iso files.

Before We Start

Let’s imagine the following situation:

We have 115,2 kbits/s ppp (modem) internet link (115,2/10 = 11,5 Kbytes/s). Note: with eth connections (network card) we would divide 115,2 by 8; with ppp we divide by 10, because of start/stop bits (8 + 1 + 1 = 10).

· We have some LAN stations and their users are doing bulk downloads all the time.

· We want web pages to open fast, no matter how many downloads are happening.

· Our internet interface is ppp0.

· Our LAN interface is eth0.

· Our network is 192.168.1.0/24

Believe it or not, shaping the incoming traffic is an easy task and you don’t have to read tons of books about routing or queuing algorithms. To make it work, we need at least Squid proxy; if we want to fine tune it, we will have to get familiar with ipchains or iptables and CBQ. To test our efforts, we can install IPTraf.

Squid is probably the most advanced HTTP proxy server available for Linux. It can help us save bandwidth in two ways:

The first is a main characteristic of proxy servers −− they keep downloaded web pages, pictures, and other objects in memory or on a disk. So, if two people are requesting the same web page, it isn’t downloaded from the internet, but from the local proxy.

The second apart from normal caching, Squid has a special feature called delay pools. It is possible to limit internet traffic in a reasonable way, depending on so-called ‘magic words’, existing in any given URL. For example, a magic word could be *.mp3, *.exe or *.avi*, etc. Any distinct part of a URL (such as *.avi) can be defined as a magic word.

We can tell the Squid to download these kinds of files at a specified speed (in our example, it will be about 5 Kbytes/s). If our LAN users download files at the same time, they will be downloaded at about 5 Kbytes/s altogether, leaving remaining bandwidth for web pages, email, news, IRC, etc. Of course, the Internet is not only used for downloading files via web pages (http or ftp). Later on, we will deal with limiting bandwidth for Napster, RealAudio, and other possibilities.

Here, I will explain how to install the necessary software so that we can limit and test the bandwidth usage.

Installing Squid with the delay pools feature

Squid has a feature called delay pools, which allows us to control download bandwidth. Unfortunately, in most distributions, Squid is shipped without that feature.

So if you have Squid already installed, I must disappoint you −− you need to uninstall it and do it once again with delay pools enabled in the way I explain below.

· To get maximum performance from our Squid proxy, it’s best to create a separate partition for its cache, called /cache/. Its size should be about 300 megabytes, depending on our needs.

If you don’t know how to make a separate partition, you can create the /cache/ directory on a main partition, but Squid performance can suffer a bit.

· We add a safe ’squid’ user:

# useradd −d /cache/ −r −s /dev/null squid >/dev/null 2>&1

No one can log in as squid, including root.

· We download Squid sources from http://www.squid−cache.org.

· We unpack everything to /var/tmp

# tar xzpf squid−2.4.STABLE1−src.tar.gz

· We compile and install Squid (everthing is in one line):

# ./configure −−prefix=/opt/squid −−exec−prefix=/opt/squid −−enable−delay−pools −−enable−cache−digests −−enable−poll

−−disable−ident−lookups −−enable−truncate −−enable−removal−policies

# make all

# make install

Building (Complete) Server with Fedora Core 6 (Article 3)

FTP Server service.

After all configuration and installation. Now, lets setting FTP Server. We use vsftpd for FTP server. You can find another setting for FTP server in another article in this blog.

1. Install FTP server service.

# yum install vsftpd

2. Start FTP server service.

# /etc/init.d/vsftpd start

Time server configuration.

Now, lets configure time synchronization in server side.

1. Install time synchronization service.

# yum install ntp system-config-date firstboot

2. (Optional) Set your server time.

# ntpdate 0.pool.ntp.org

3. Start service

# /etc/init.d/ntpd start

DHSP Server service.

Setting our DHCP server. You can find another setting for DHCP server in another article in this blog.

1. Install DHCP Package.

# yum install dhcp

2. Configure /etc/dhcpd.conf file. Fill some configuration such as IP for DNS, NTP and Router. (You can find complete article for DHCP Server in another article in this blog.)

3. Start DHCP service.

# /etc/init.d/dhcpd start

Configuring all service.

Last configuration for building server is configure all service to automatically start after system booting.

1. Open System | Administration | Server Settings | Services.

2. Choose Background Services tab, and mark all services (such as dhcpd, httpd, mysqld, named and ftp service) that need to start when system running. Then save this configuration.

3. Open System | Administration | Security Level and Firewall.

4. Choose Firewall Options tab, mark WWW (HTTP), Secure WWW (HTTPS) and FTP.

5. Choose SELinux tab. Change SELinux Setting option (ex : Permissive).

6. Click OK and Yes.

Wow, it’s a long time to build server. Now, I need bread and coffee to take a rest. Your server security levels depend on your configuration.

Building (Complete) Server with Fedora Core 6 (Article 2)

DNS Service installation.

Now, lest install DNS Server.

1. Install some package that containing DNS configuration.

# yum install bind bind-chroot bind-devel bind-utils system-config-bind

Now change some directory permission,

# chmod 755 /var/named/

# chmod 775 /var/named/chroot/

# chmod 775 /var/named/chroot/var/

# chmod 775 /var/named/chroot/var/named/

# chmod 775 /var/named/chroot/var/run/

# chmod 777 /var/named/chroot/var/run/named/

# cd /var/named/chroot/var/named/

# ln –s ../../ chroot

# chkconfig –levels 235 named on

2. Now activate your DNS Server,

# /etc/init.d/named start

Database Server Installation.

I need a cup of coffee in my table. Lets install Database server, in here we use MySQL.

1. Install MySQL package.

# yum install mysql mysql-devel mysql-server mod_auth_mysql

2. Now activate MySQL service,

# /etc/init.d/mysqld start

3. Check MySQL service that already run in your system.

# netstat –tap

4. If you didn’t find output after type that command, you can edit file /etc/my.cnf. Add # to skip-networking line.

#skip-networking

5. Restart MySQL Service.

Web server installation and configuration.

We use Apache and PHP packages for web server.

1. Install Apache and PHP packages.

# yum install httpd httpd-devel php php-devel php-mysql mod_auth_mysql mod_perl mod_ssl system-config-httpd

2. Restart your apache service.

# /etc/init.d/httpd start

Now your web server already running.