Stealth Ports
Problem:
By definition, there are three different states TCP/UDP ports can have:
- Open - access to the port is enabled
- Closed - access to the port is blocked
- Stealthed - the port appears invisible to port scanning utilities
In Ubuntu, unused TCP/UDP ports are "closed" by default.
Solution:
PF - Packet Filter
Introduction:
PF, or Packet Filter, is an integrated tool to securely manage network traffic. The /etc/pf.conf file is divided into separate sections that have to be edited in a specific order. These sections are:
- Macros
- Options
- Normalization
- NAT/Redirection
- Filter Rules
Example /etc/pf.conf files can be found in /usr/share/examples/pf/.
Macros:
Macros are user-defined variables to replace strings in the PF config file.
Console Resolution
By default, FreeBSD uses an 80x60 terminal. For people more comfortable at the command line, this makes working in a console environment difficult. To get a higher console resolution, you have to recompile your kernel.
Please note that enabling SC_PIXEL_MODE as required by this tutorial is CPU intensive, and if done on a laptop, may cause your battery life to decrease dramatically.
Add to the YOURKERNELNAME configuration file before compiling:
options VESA options SC_PIXEL_MODE
Passwordless SSH
Secure Shell (ssh) is a widely used UNIX tool to manage remote servers over a secured connection. Typically, the syntax is:
ssh username@remoteserver
However, ssh is a highly versatile tool. For example, if you ran the ssh daemon (or background process) on a port other than the default (22) -- let's say 8800 -- you would execute the following command:
ssh -p 8800 username@remoteserver
Another useful feature that ssh is capable of is "passwordless authentication." To do this, you have to:
VMWare
Problem:
You want to install VMWare server on a Ubuntu 8.04 - Hardy Heron machine.
Solution:
*Note: This fix was taken from the Ubuntu community documentation site.
First, install the headers for your kernel, as well as the build-essential meta-package:
sudo aptitude install build-essential linux-headers-`uname -r` xinetd
Apache 2.2.x + PHP5
Problem:
You want to host PHP based sites on Apache 2.2.x.
Solution:
You have to:
- Compile Apache
- Configure PHP5 to build the Apache module
- Compile PHP5
- Edit
/usr/local/etc/apache/httpd.conf
Compiling Apache:
To compile apache, use the ports tree:
cd /usr/ports/www/apache22 make install clean
However, you do not have to compile apache from ports to use PHP:
pkg_add -r apache22
Mutt: IMAP + Gmail
Please note that this page is not necessarily a "how-to", but more of an example of my configuration decisions. At the time of this writing, I am using Mutt 1.5.18 (2008-05-17), the mail/mutt-devel port in the FreeBSD ports tree.
Problem:
You want to use the mail client mutt to access your Gmail account.
Solution:
DHCP Server
Problem:
You want to configure a Dynamic Host Configuration Protocol server to assign TCP/IP addresses to local client machines.
Solution:
A DHCP server is not included in the FreeBSD base install, so install the server from ports:
cd /usr/ports/net/isc-dhcp3-server make install clean
or install a binary package:
pkg_add -r isc-dhcp3-server
Now make a copy of the sample configuration file:
cd /usr/local/etc cp dhcpd.conf.sample dhcpd.conf
DNS Server
Problem:
You want to configure a Domain Name System server which will query upstream DNS servers for local client machines.
Solution:
BIND (Berkeley Internet Name Domain) is included in the FreeBSD base installation, so we will configure it first. A simple DNS server is surprisingly simple to configure, depending on what your needs are. Edit /etc/named/named.conf to allow upstream DNS querying. Edit the forwarders section:
Window Managers
Problem:
You want to use a window manager (or a desktop environment).
Solution::
If you have installed Xorg, by default if you type:
startx
you will be presented with the default window manager, TWM.
Fluxbox:
If you want to install and use Fluxbox, you could compile from ports:
cd /usr/ports/x11-wm/fluxbox make install clean
or you could install a binary package:
pkg_add -r fluxbox