Linux Server Configuration Notes

Routing Example

Linux Box:
eth0 - connected to outside world
IP = outside public
Subnet = 255.255.255.0 (class C)
Gateway = ISP provided gateway IP
eth1 - connected to internal network hub
IP = 192.168.0.1
Subnet = 255.255.255.0
(Default route and gateway disabled)

On the Linux machine edit /etc/sysconfig/network and add:
FORWARD_IPV4=true
GATEWAY= ???
GATEWAYDEV=eth0

Client:
IP = 192.168.x.x
Subnet = 255.255.255.0
Gateway = 192.168.0.1 (the Linux ethernet card connected to the hub!)

ipchains must be run.
The firewall is actually configured in /etc/rc.d/rc.firewall

FTP
wu-ftpd doesn't run automatically with RedHat 7.2. Use /usr/sbin/ntsysv to flag wu-ftpd to start on next boot. (Note: ntsysv only alters the run level that it's run under, usually that's level 5. To run ntsysv for different levels use:
/usr/sbin/ntsysv - -level 35

hdparm
Setting "hdparm -c3d1 /dev/hda" seems fairly safe. And seems to result in a 30% performance increase on a medium speed (10 Gig) drive.

Webalizer
To report browser (agent) usage go into /etc/cron.d/Daily and edit "45webalizer" - change the line at the top (WWW_LOG =) from pointing to "access_log" to "combined_log". Also change /etc/webalizer.conf to use combined_log also.

JDK 1.3
chmod a+x j2sdk-1_3_0-linux-rpm.bin
./j2sdk-1_3_0-linux-rpm.bin
su
rpm -iv j2sdk-1_3_0-linux.rpm
export PATH=/usr/java/jdk1.3/bin:$PATH

If complains about glibc 2.1.2 then either update glibc or run:
rpm -iv --force j2sdk-1_3_0-linux.rpm
That still doesn't work so I did "rpm -Fhv –nodeps –force j2sdk-1_3_0-linux.rpm"

For server operation run programs via "java -server blahblah" to optimize Hotspot for "server" applications.

For Red Hat 7.2 it seems easy enough to let the package manager do the install then just add:
export PATH=/usr/java/j2re1.4.0_01/bin:$PATH
to each users hidden .bashrc file.

For more info see: http://developer.java.sun.com/developer/technicalArticles/Programming/linux/

Tomcat
Download Tomcat and expand in my directory /home/wrightjf then change permissions!
edit .bashrc to contain
TOMCAT_HOME=/home/wrightjf/jakarta-tomcat-3.2.1
export TOMCAT_HOME
JAVA_HOME=/usr/java/jdk1.3
export JAVA_HOME

Apache Security
This worked:
.htaccess
- - - - - - - - -
AuthType Basic
AuthName "Safe Stuff"
AuthUserFile /home/httpd/html/secure/users.web <- this location seems KEY

require valid-user
- - - - - - -

Also works with:
AuthUserFile /home/httpd/secure/users.web <- this location seems KEY
as long as the /secure directory is made readable (show entries & Change into) by others.

Process:
Create .htaccess as per above^ and put in directory you want secure
create directory /home/httpd/secure/
create user database with:
htpasswd -c /home/httpd/secure/users.web username
Add more users with:
htpasswd /home/httpd/secure/users.web username

Modify /etc/httpd/conf/httpd.conf with:
<Directory /home/httpd/html/oursecuredirectory>
AllowOverride All
</Directory>

Knetdump
To be able to monitor the network install Knetdump. To install do:
./configure
make
make install

SendMail
To create a mail account just make a user account! It's that simple! To allow multiple alias for someone edit the /etc/aliases file (and then run "newaliases").
RedHat SendMail:
Edit /etc/mail/local-host-names to include "starfireresearch.com" this seems to trigger receiving as ok.
Note: commented lines in sendmail.mc are preceded by "dnl" not #
Edit /etc/mail/sendmail.mc and comment out the line so it only listens on 127.0.0.1, also comment out the spam line that rejects mail from unresolvable hosts.
Run m4 /etc/mail/sendmail.mc > /etc/sendmail.cf
Service Configuration needs to have "ipop3" checked to run! Or users can't retrieve their mail!

Changing IP addresses:
When changing the IP address on a network card you must run:
route add default gw 192.168.0.1 eth0
or it won't be able to route anything! This appears to be no longer necessary as of Caldera 2.4.

To play DirectX games through a network firewall or proxy server, the following requirements must be met (MS Article Q240429):

DirectX 6.0 or later must be installed on all computers that participate in the game.

The following TCP and UDP ports must be open on the firewall or proxy server:

Connection Ports for Client Configuration Ports for Host Configuration
Initial TCP Connection 47624 Outbound 47624 Inbound
Subsequent TCP Inbound 2300-2400 2300-2400
Subsequent TCP Outbound 2300-2400 2300-2400
Subsequent UDP Inbound 2300-2400 2300-2400
Subsequent UDP Outbound 2300-2400 2300-2400


For additional information about how to configure firewall or proxy server support for DirectPlay games, please see the "Firewall Support in DirectPlay 6.0" topic in the DirectX 6.0 or later SDK Help file.