Answers 77

From LXF Wiki

Answers 77

<title>Best port forward</title>

<question>I have four computers at home and one of them is acting as a router. This computer has Mandriva Linux 2005 and two network cards installed. It connects to the ISP with eth0 using a static IP address, while eth1 is sharing internet with the other three computers through the internet connection sharing utility in the Mandriva Control Center. I would like to enable some services on the client computers that require port forwarding from the router ­ for example, forward port 22 access to the public address to port 22 on a particular local address. How is this done? Are there any easy step-by-step instructions on how to do this, and continue using Mandriva's easy internet connection sharing utility? </question>

<answer>Mandriva's internet connection sharing setting in the Control Center only allows for basic connection sharing, not for running a full router. here are alternatives that will do what you want, though: Firestarter is probably best for your needs. This handles connection sharing, port forwarding and a firewall, all from a simple GUI. Firestarter is in the Mandriva contrib repository. If you have not already added this to your sources in Mandriva Control Center, go to http://easyurpmi.zarb.org and follow the instructions to add a contrib repository (add a PLF repository while you are there). Now install Firestarter from the Control Center and fire it up (sorry). If there is not a menu entry for it, run it from a terminal as root. The Firestarter wizard will offer to set up internet connection sharing for you, which you should accept, so disable the Mandriva connection sharing first. Now click on the Policy tab, click in the bottom section of the window and select Add Rule. For standard services, like SSH, simply select it from the drop-down at the side of the Name box and give the IP address you wish to forward to. Click Apply Policy and it's done. Finally, go into Mandriva Control Center > System > Services and make sure Firestarter is set to run on boot-up ­ this should have been done when you installed ­ and your port forwarding will always be available. Check the Firestarter documentation for other options. As you have it installed, you can use it for your firewall too, it provides more control than the Control Center firewall. </answer>

<title>Red Hat double</title>

<question>I (a newbie) want to dual boot with XP and Red Hat 9.0 but have encountered a problem: RH9 cannot detect my SATA hard disk. Where can I find a device driver to load it, and how do I do that if the Red Hat disc is in the CD drive and I have no floppy drive? My system is an MSI Neo2 Platinum motherboard with s939/AMD6 3000+ chip, Nvidia 6800GT-AGP graphics card and 2GB of RAM. On another IDE [Integrated Drive Electronics] system, I can load Quake 3 on to RH9, but when installing (running the sh file) on Fedora Core 4, it gave me some kind of `trap error' statement. A friend told me it's got something to do with the Glibc-something ­ can you help? </question>

<answer>Red Hat 9.0 is several years old, older than your motherboard. This is why it fails to recognise your SATA controller. Are you sure this is the right distro for you? You are clearly not running a server, not with that graphics card, and there are much better and more modern alternatives for desktop use. I would suggest you try a more modern distro, one with support for your hardware and one that comes in a 64-bit version to make the most of your processor. Something like SUSE 10.0, Mandriva Linux 2006 or Ubuntu 5.10 would be far more suitable. You can find a comprehensive listing of distros at www.distrowatch.com. It is impossible to answer your second question without knowing the details of the error given by the `trap' message. If you send us the exact error message, we should be able to help. This applies to all help requests ­ the more information you give us, the better the chance of our being able to help you. </answer>

<title>Driving blind</title>

<question>I've just upgraded my graphics card to an Nvidia MX440 (128MB). It works great in Windows after I installed the Nvidia drivers, but now I need to install the Linux drivers for SUSE 9.3, which I downloaded into my home partition. The problem is that I have to install them on the command line without the X Server running. How do I navigate to my home directory and run the driver setup routine? </question>

<answer>Press Ctrl+Alt+F1 to switch to a virtual console and log in as root. Then type the following:

init 3
cd ~carl #or whatever your username is
sh NVIDIA-Linux<tab>

The Tab key will complete the name of the Nvidia installer file for you. Answer the questions it asks (the defaults are usually fine) and it will install the drivers for you. Once the drivers are installed, you need to edit /etc/xorg.conf (as root) to tell X to use the new drivers. Full details are in the Readme file you should have downloaded from the same place as the installer. Before you edit the file, save a copy of it so you can reinstate it in case the Nvidia drivers do not work for any reason. If you are not comfortable with using a console-based text editor to edit files (although this is a good thing to learn if you want to go further with Linux), type init 5 to restart the desktop, select System > File Manager > File Manager ­ Super User Mode from the SUSE menu, navigate to /etc/X11, right-click on xorg.conf and select Kedit from the menu. After you have edited and saved the file, type init 3 to quit the desktop. Whichever method you used to edit xorg.conf, now type init 5 to start the desktop with the new drivers. You should see the Nvidia logo before the desktop loads, confirming that you used the correct drivers. Alternatively, you can install the Nvidia drivers from Yast by following the instructions at (deep breath) www.suse.de/~sndirsch/nvidia-installer-HOWTO.html#5, although you may not get the latest version. </answer>

<title> Time for a BIOScopy</title>

<question>This my third attempt at installing Linux and I am at my wits' end with this system. I bought the DVD/CD edition [of SUSE] because of the advertised back-up from Novell. The installation went according to a couple of reports I have read until the first boot from the hard disk. I have tried every suggested way to install this system and always end up with the same results, namely

Grub loading stage 1.5
Grub loading please wait
Error 18 with a flashing cursor

That is as far as it goes. What this has effectively done is rendered my computer unusable as I cannot now get into Windows and have had to bring an old computer back into use for this email. </question>

<answer> Because Grub has to fit in a small space on the disk, there is no room for helpful error messages, but `Error 18' translates as `Selected cylinder exceeds maximum supported by BIOS'. In other words, your BIOS ­ which initialises hardware ­ is unable to handle a hard drive this large. Windows is able to boot because the Windows partition is at the start of the distro's disk, within the area handled by the BIOS. This is not a limitation of Linux, which hasn't even started to load, but your hardware. You would see the same problem if you tried to install two versions of Windows, say 98 and XP. There are a few ways to deal with this. You could work around the problem by making your Windows partition smaller (it is impossible to say how small without knowing details of your BIOS and hard disk) and telling the SUSE partitioner to create a separate /boot partition. This ensures that the files Grub needs are at the start of the Linux partitions, hopefully within the area handled by the BIOS. Once the bootloader has started, the BIOS limitations are irrelevant. A better option is to check your motherboard manufacturer's website for an update to the BIOS, which could make this problem disappear. A third solution, which isn't ideal but would give instant access to your operating systems, is to boot from the installation CD. The first option on the initial menu is to boot from hard disk, which will take you to the Grub bootloader screen, bypassing the need for the BIOS to boot the disk. To restore the Windows bootloader, booting from the Windows CD in rescue mode and run

fdisk /mbr

for Windows 9x, or

fixmbr

for Windows XP. </answer>

<title>Defragging disks</title>

<question>I have just tried installing SUSE Linux 10.0 from the Linux Format coverdisc [LXF74]. It stopped at the partitioning table stage with error 3027, `storage modification failed', while shrinking partition /dev/hda1 to 12.6GB. I am using an old Intel Celeron-based PC running Windows XP Home SP2 on a 20GB hard drive with no partitions at present ­ and I'm completely new to all this. </question>

<answer>By "no partitions at present" I take it you mean no Linux partitions there must be a Windows partition or the installer would not be trying to shrink it. The usual cause of a failure when resizing is that the partition has not been sufficiently defragmented. While in Windows, go to My Computer, right-click on Drive C and select Properties. Now run Error-Checking in the Tools tab, followed by Defragmentation. Then put the SUSE disc in the drive and reboot. The Windows XP defragmenter is not particularly effective, so you may need to run it more than once before the disk is in a suitable state for resizing. While you are in the Properties windows, check whether the disk has been given a volume name in the box at the top of the General tab. This has been known to cause problems for the resizer, so delete it. </answer>

<title>Powerless modem</title>

<question>My setup uses hard drive caddies that enable me to swap to and from Windows XP and Mandriva Linux. I am using Tiscali broadband successfully on Windows XP. My problem is that I cannot set up this connection on Linux and Tiscali doesn't appear to have the answers, though I have asked. Do you know how I set up a Linux connection using the Sagem Fast 800 modem? I have the Power On light lit and sometimes the Signal light, but the error message tells me that a modem is not connected. Sagem's website suggests that I plug in a USB hub that has its own power supply, but since the power supply light is on I do not believe that this is the problem. What I really want is an idiot's step-by-step guide to solve this problem. Can you help? </question>

<answer>The best solution is to replace the USB modem with an Ethernet-based ADSL modem/router, which can be bought for around £25. The USB modems supplied by ISPs are minimal devices, leaving much of the work to the host computer and only barely working on Windows. A hardware modem/router will give better performance on Windows and Linux, as well as being easier to set up. It also allows you to connect more than one computer to your ADSL connection, should you wish to do so. Sagem's point about using a powered hub is valid. The USB spec only requires the port to deliver 500mA (milliamps), and most USB ADSL modems are borderline in this respect. It might light the LEDs but not be enough to run the modem properly. Even if the modem connects, insufficient power may cause it to hang or drop the connection later. I don't have one of these modems, but I borrowed one to try to solve this on my Mandriva-powered laptop. It worked, but I was shocked at how much slower than my normal Ethernet connection it was to connect and access web pages. Plug the modem in and wait a few seconds for the LEDs to steady. Start the Mandriva Control Center, go into Network & Internet > Set Up A New Network Interface and select ADSL Connection. There should be an entry for the Sagem USB modem in the list; select this. The drivers for the modem will be installed here, so have your installation discs handy. Choose your ISP from the list. For UK users there are only two choices, but the BT option will work with everything except AOL, since the ISPs all use BT lines. Go with the default on the next page then give your login and password (these are case-sensitive). Choose whether you want the connection started when you boot ­ you use startadsl otherwise ­ and allow it to test the connection. Check your login details if it doesn't connect. </answer>

<title>Email backup</title>

<question>I've got a dedicated server running Red Hat Enterprise Linux 4, which is used to host my company's website and email. When I first got the server I decided to use Sendmail as I only host a single domain, and the Sendmail configuration worked straight out of the box. All I had to do was add my domain to /etc/mail/local-host-names and restart Sendmail. My business is growing quickly and I am becoming more and more reliant on the mail that gets sent through the server ­ so if my server ever dropped offline unnoticed I would lose significant business. I have a DSL line at home and a PC running Fedora Core 4 ­ can you outline how I can use that machine as a backup mail server in the event that my dedicated server cannot accept mail? </question>

<answer>Let's say your domain is example.com. In DNS, add the following two MX lists which hosts will accept mail for a given domain):

example.com. MX             10
primary.example.com.
example.com. MX              20
secondary.example.com.

As primary.example.com has a lower priority (10), it will take precedence over secondary. example.com. However, if primary.example.com becomes unavailable, mail servers will attempt to contact secondary.example.com. Once the DNS record has been saved and the name service reloaded, try to dig the domain to see if both MX records are visible. As you are already receiving mail for example.com on the dedicated server, there is no need to adjust the Sendmail configuration there. On your Fedora PC, all you need to do is create /etc/mail/relay-domains containing your domain example.com. Once you save the file, restart Sendmail. Ensure the domain is not added to /etc/local-host-names on secondary.example.com, as this will cause mail to get delivered locally. Now, I suggest testing your configuration by stopping Sendmail on the dedicated server and sending records (Mail Exchanger: yourself a message from a third-party mail server. If DNS is set up correctly, you should see the message hitting the Fedora box by running tail on /var/log/maillog. Don't be alarmed by the deferred message ­ that's actually Sendmail trying to get the message back out to primary.example.com. The Sendmail instance on your Fedora PC should try to resend the mail every hour, so it might take a while after primary.example.com comes back online before it receives the mail queued by secondary.example.com. </answer>

<title>Wireless lost</title>

<question>I am having problems with my wireless connection using Mandriva Linux 2006. I am using a D-Link Airplus G+ laptop card (with NdisWrapper) to connect to my D-Link G604T wireless router on bootup. Everything starts OK and if I check /etc/resolv.conf the name server is set to 212.30.8.150. All is well for about 20 to 30 minutes and then I find I am unable to connect to any web pages. The network is still shown as up but when I check /etc/resolv.conf again it now reads nameserver 192.168.1.1' and I have to set up my wireless connection using Mandriva Control Center all over again. This happens regardless of whether I have WEP encryption set. I had a similar problem using Mandriva Linux 2005 and overcame this by setting the permissions to resolv.conf as read-only, but this doesn't seem to work with 2006. </question>

<answer>Mandriva is using DHCP to get web address and routing information from the router. It would appear that your router is running as a DHCP server but not a DNS server/cache. This router, like most, provides both services, so it is likely that DNS is either disabled or misconfigured. In fact, the router is telling your computer to use it as the DNS server, which should work. Your router's manual covers this in detail, but the most common solution is to go into the DNS section of the router's web configuration and set it to Auto Discovery. If this fails, you can set the servers manually on the same page. Alternatively, you can prevent Mandriva from updating the DNS servers via DHCP. Go into Mandriva Control Center > Network & Internet > Reconfigure A Network Interface, select your interface, go to the DHCP tab and turn off the option to Get DNS Servers From DHCP. Setting /etc/resolv.conf to read-only will not help if the DHCP client is running as root, since root is still able to modify write-protected files. </answer>

<title>Groupware for all</title>

<question>I have a client who needs me to get him a collaborative mail server such as Microsoft Exchange. I can easily do the project 100% in Windows (ie Windows 200x and Exchange 200x). However, I know that I can configure Linux as a domain controller. I am sure I can handle that but I need to know, is there a mail server in Linux that can work like Exchange still using Microsoft Outlook as the client? It would be great if there is a total Linux solution. </question>

<answer> There are a number of options, depending on how much your client is prepared to pay or how much work you are prepared to do. OpenGoupware.org (www.opengroupware.org) is an open source groupware server that works with clients on all major platforms. It isn't a mail server itself, but it provides the groupware functions and works with standard mail servers, with which you are probably already familiar. OpenGoupware.org can be used under the GPL or LGPL licence, so there is no licensing cost, but there would probably be a fair bit of work in setting up and supporting the system. If the server is running on a separate machine, the SUSE Linux Openexchange server provides a Linux equivalent to MS Exchange, working with Microsoft clients like Outlook. This is a complete OS install, so it cannot be run alongside other software on an existing system. You can find more information and an online demo at www.novell.com/products/openexchange note that this solution has a price tag. A third alternative is the similarly named, but unconnected, Open-Xchange from www.openexchange.com. This is another commercial offering, available for Red Hat and SUSE. As with the SUSE product, it is intended for use as a direct replacement for MS Exchange. Which of these is most suitable depends on your client's circumstances and budget, but one of these three should provide what you and they need. </answer>

<title>Network bandwidth</title>

<question>I have recently rented an entry-level Linux server with a single SCSI disk and 1GB of RAM to host one of my websites. The server has crashed twice over the past two weeks and the hosting provider let me know that the server had to be rebooted because it had completely run out of memory. We were also told that we can investigate the contents of our sar log files for a history of memory use. We have since revised our scripts and hopefully the code has been made more memory-efficient. We've also created a 1GB swap file in addition to the existing 1GB swap partition as a precaution. Now we are thinking of writing some PHP scripts to process the sar logs to help us visually track memory usage over time and help us with capacity and upgrade planning. Is there a tool that does just that? </question>

<answer> MRTG (the Multi Router Traffic Grapher, http://people.ee.ethz. ch/~oetiker/webtools/mrtg) is typically used to graph network bandwidth use but can be easily extended to plot other metrics Graphs are generated for the past day, week, month and year, making MRTG an excellent lightweight tool for visualising trends. To monitor memory and swap utilisation I use the following target in the MRTG configuration file:

Target[srvmem]: `/usr/local/sbin/
memstat.sh`
Title[srvmem]: Mem and Swap
Usage
PageTop[srvmem]:

Mem and Swap Usage

MaxBytes[srvmem]:
100000000000
ShortLegend[srvmem]: B
YLegend[srvmem]: Memory
LegendI[srvmem]: Swap
LegendO[srvmem]: Mem
Legend1[srvmem]: Swap
Legend2[srvmem]: Mem
Options[srvmem]: gauge,growright,
nopercent
kMG[srvmem]: k,M,G,T,P,X
Colours[srvmem]: RED#bb0000,B
LUE#1000ff,GREEN#006600,VIO
LET#ff00ff

This calls the following script (/usr/local/sbin/memstat.sh) to get the amount of RAM and swap used:

#!/bin/bash
/usr/bin/free -b | /bin/awk ` \
NR==2 { ramUsed = $3 } \
NR==4 { swapUsed = $3 } \
END { print swapUsed "\n"
ramUsed "\n0\n0" } `

Memory utilisation will be shown as a nice blue line and swap utilisation as a red line. There are many resources on the internet to help you set up MRTG, including www.linuxhomenetworking.com/linux-hn/mrtg.htm. It's easy to get carried away with MRTG, turning any possible aspect of a network into a graph. In such cases MRTG performance can be improved by using RRDtool as a logger and a third-party script as documented in the RRDtool Integration section of the MRTG documentation. </answer>

<title>Save our servers</title>

<question>One of our Linux servers was hacked recently and a backdoor shell installed. This resulted in considerable downtime as our co-location provider, with whom we host a rack of eight servers, unplugged the compromised server until it was repaired by our engineers over a remote console. The compromise had gone undetected for over a week until a third party filed a complaint, which prompted the hosting provider to pull our server offline. We adopted ideas from a recent question in this magazine section on looking for signs of a compromise and since the incident we have scripted various checks to run daily on each server. Could you please recommend an easy way of monitoring which ports are open on each of our servers to help alert us of any unwanted listening processes on any of our servers? </question>

<answer> A hardware firewall or an Iptables configuration on each host should be your first line of defence, configured to block traffic to all ports on a server except for the services a particular host is configured to listen on. Instead of having each server portscan itself, it may be a good idea to designate one of the servers on the network switch to do all the scanning, thus giving a true third party perspective. Nmap (www.insecure.org/nmap), would be my tool of choice for, among other things, scanning an IP for listening ports. For example, a basic scan to 192.168.100.100 for all listening TCP ports in the range 1-8,000 could be:

$ nmap -p 1-8000 192.168.100.100

To simplify handling the results, you could use a script such as

nmap-audit', http://heavyk.org/nmap-audit/

In conjunction with Cron, nmap-audit can be used to email the administrator details of just those ports that have been newly opened. </answer>

<title>Squirrelled away</title>

<question>I am running a mail server at home (SUSE 9.3) with Cyrus as an IMAP server. It's the best thing there is. It fetches my emails, runs them through two virus scanners and sends them to my Cyrus server. I can read my mails on my desktop and my notebook, and using SquirrelMail I can read my emails from all over the world. But... I accidentally deleted a full mailbox and I didn't have a backup. How do I back up my email and configuration, and how do I restore them? I could back up the /var/spool/imap directory, but that would only back up my emails. To restore them, I have to make a new subdirectory using my IMAP client, copy the emails in there and reconstruct the mailbox. But that doesn't backup the configuration. So how do I do this? </question>

<answer>Backing up the emails and backing up the configuration are two separate tasks. The configuration is the easy part, as it is all stored in /etc/imapd.conf and /etc/cyrus.conf. As long as you keep a backup of these files you can copy them back at any time. Backing up the mail should be as simple as creating a copy of /var/spool/imap ­ this contains the emails and their status information. I use rdiff-backup for this sort of task. It will back up a directory to another location, either locally or over the network. It also allows you to roll back to a previous version, although this is more appropriate for configuration files than mailboxes. You could also use rdiff-backup to maintain backups of your configuration. Put these lines in a script and call it from Cron:

$BACKUP_DIR="/backup"
rdiff-backup --terminal-verbosity 2 /
etc $BACKUP_DIR/etc
rdiff-backup --terminal-verbosity 2 /
var/spool/imap $BACKUP_DIR/imap

Set $BACKUP_DIR to wherever you keep your backups. If you want to keep archived copies of your emails, you could use a procmail recipe to copy a duplicate of the mail to another mailbox, providing you are already using procmail of course. Something like

:0c:
$MAILDIR/${LOGNAME}-bak/

will create a backup directory for each user and place a copy of each mail in there. </answer>