Tuesday, October 25, 2011

Modules needed for iptables nat and csf


These are the modules needed for the iptables nat to work on openvz vps :


ipt_MASQUERADE
ipt_helper
ipt_SAME
ipt_REDIRECT
ipt_state
ipt_TCPMSS
ipt_LOG
ipt_TOS
tun
iptable_nat
ipt_length
ipt_tcpmss
iptable_mangle
ipt_limit
ipt_tos
iptable_filter
ipt_helper
ipt_tos
ipt_ttl
ipt_REJECT


They can be enabled on the node server using the following commands :

modprobe ipt_MASQUERADE
modprobe ipt_helper
modprobe ipt_SAME
modprobe ipt_REDIRECT
modprobe ipt_state
modprobe ipt_TCPMSS
modprobe ipt_LOG
modprobe ipt_TOS
modprobe tun
modprobe iptable_nat
modprobe ipt_length
modprobe ipt_tcpmss
modprobe iptable_mangle
modprobe ipt_limit
modprobe ipt_tos
modprobe iptable_filter
modprobe ipt_helper
modprobe ipt_tos
modprobe ipt_ttl
modprobe ipt_REJECT

Installing pptpd vpn on Ubuntu

This post explains how to install pptpd vpn server on ubuntu. It is tested on Ubuntu 11.04 and will work with other Ubuntu and Debian vps.

This is implement on a openvz vps. So there are two parts. Part one needs to be done on Node server and part two is need to be done on the vps. In case if you are working in a dedicated server you have to do both on the dedicated server.

Part one:
on the node:

Find the VEID of your vps. If you dont have access ask your vps provider to enable ppp and nat
[root@Node ~]# vzlist -a | grep 184.x.x.x
       [VEID]         20 running   184.x.x.x vps

Loading modules needed for ppp
[root@Node ~]# modprobe ppp_mppe
[root@Node ~]# modprobe ppp_deflate
[root@Node ~]# modprobe zlib_deflate
[root@Node ~]# modprobe ppp_async
[root@Node ~]# modprobe ppp_generic
[root@Node ~]# modprobe slhc
[root@Node ~]# modprobe crc_ccitt

Checking the modules
[root@Node ~]#  lsmod | grep ppp
ppp_async              45056  0
crc_ccitt              35200  1 ppp_async
ppp_deflate            39168  0
zlib_deflate           52760  1 ppp_deflate
ppp_mppe               39816  0
ppp_generic            63632  3 ppp_async,ppp_deflate,ppp_mppe
slhc                   39680  1 ppp_generic

Enabling ppp for the vps with VEID [VEID]:
You have to stop the vps first:
[root@Node ~]# vzctl stop [VEID]
Stopping container ...
Container was stopped
Container is unmounted

Now setting the parameters:
[root@Node ~]# vzctl set [VEID] --features ppp:on --save
Saved parameters for CT [VEID]
[root@Node ~]# vzctl set [VEID] --devices c:108:0:rw --save
Saved parameters for CT [VEID]
[root@Node ~]# vzctl start [VEID]
Starting container ...
Container is mounted
Adding IP address(es): 184.154.103.231
Setting CPU limit: 100
Setting CPU units: 1000
Setting CPUs: 1
Setting devices
Set hostname: vps
File resolv.conf was modified
Setting quota ugidlimit: 10000
Container start in progress...
[root@Node ~]# vzctl exec [VEID] mknod /dev/ppp c 108 0
[root@Node ~]# vzctl exec [VEID] chmod 600 /dev/ppp

Enabling NAT on openvz vps:
[root@Node ~]# vzctl stop [VEID]
[root@Node ~]# vzctl set [VEID]  --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save
[root@Node ~]# vzctl start [VEID]

Part two:
Inside vps:
Searching the package pptpd on Ubuntu vps:
root@vps:~# apt-cache search pptp
pptpd - PoPToP Point to Point Tunneling Server

Installing the pptpd package:
root@vps:~# apt-get install pptpd

Testing the ppp module:
root@vps:/# /usr/sbin/pppd
~ÿ}#À!}!}!} }4}"}&} } } } }%}&} 3ä}'}"}(}"P};~~ÿ

Configuring the local ip and remote ip range for the vpn connections:
root@vps:/# vi /etc/pptpd.conf
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245

Setting the DNS ip address for the vpn clients
root@vps:/# vi /etc/ppp/pptpd-options
ms-dns 8.8.8.8
ms-dns 8.8.4.4

masquerading the vpn client ips to the vps ip address
root@vps:/# iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o venet0 -j MASQUERADE

Saving the iptables rules:
root@vps:/# iptables-save > /etc/iptables.conf

Writing iptables restore script:
root@vps:/# cat /etc/network/if-up.d/iptables
#!/bin/sh
iptables-restore < /etc/iptables.conf
root@vps:/#

Giving the execute permission for the restore script:
root@vps:/# chmod +x /etc/network/if-up.d/iptables

Enable packet forwarding:
root@vps:/# vi /etc/sysctl.conf
net.ipv4.ip_forward=1
root@vps:/# sysctl  -p
net.ipv4.ip_forward = 1

Creating vpn users for pptpd
root@vps:/# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
vpn     pptpd   abc123$ *
root@vps:/#

Restarting the service.
root@vps:/# /etc/init.d/pptpd restart
Restarting PPTP:
Stopping PPTP: pptpd.
Starting PPTP Daemon: pptpd.
root@vps:/#

Thats it. Enjoy. Leave comments.

Enabling and testing mod_wsgi with EasyApache for WHM/cPanel

This post explains how to enable mod_wsgi using easyapache script.

Step 1:
You have to download and extract custom_opt_mod-mod_wsgi.tar.gz. From the link given below.
http://code.google.com/p/modwsgi/issues/detail?id=214

Step 2:
After downloading it extract it to location identifiable by easyapache
tar -C /var/cpanel/easy/apache/custom_opt_mods -xzf custom_opt_mod-mod_wsgi.tar.gz

Step 3:
Now run /scripts/easyapache
select mod_wsgi option while configuring profile.

Thats it.

Testing mod_wsgi with apache on cpanel server. :

Step 1:
First you have to create a test file as follows
root@server [/usr/local/apache/htdocs/test]# cat index.wsgi
def application(environ, start_response):
    """Simplest possible application object"""
    output = "Hello World"
    status = '200 OK'
    response_headers = [('Content-type', 'text/plain'),
                        ('Content-Length', str(len(output)))]
    start_response(status, response_headers)
    return [output]
root@server [/usr/local/apache/htdocs/test]#

Step 2:
And create one .htaccess file as follows.
root@server [/usr/local/apache/htdocs/test]# cat .htaccess
Options +ExecCGI
#DirectoryIndex DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm index.wsgi
AddHandler cgi-script .cgi
AddHandler wsgi-script .wsgi
<IfModule mod_wsgi.c>
WSGIScriptAlias /test /usr/local/apache/htdocs/test/index.wsgi
WSGIDaemonProcess root processes=5 threads=1 display-name=%{GROUP}
WSGIProcessGroup root
WSGIApplicationGroup %{GLOBAL}
</IfModule>
root@server [/usr/local/apache/htdocs/test]#

And add following lines in httpd.conf and restart apache
root@server1 [/usr/local/apache/htdocs/test]# vi /usr/local/apache/conf/httpd.conf
<Directory "/usr/local/apache/htdocs/test">
Options +ExecCGI
AddHandler cgi-script .cgi
</Directory>

You can check the script using the following url
http://YOUR_IP_ADDRESS/test/index.wsgi

Sunday, October 23, 2011

cpanel webmail login failed and asks login details twice

Sometimes you have to login twice if you are using webmail with cpanel. And still the login fails with error
login failed because your username or password was entered incorrectly (horde, roundcube, squirrelmail).

Here is the solution:
Check the hostname using the fowllowing command
#hostname
Server needs a FQDN hostname configured and also need to be resolvable in DNS
For example if your domain name is linuxhelp.in then hostname can be server.linuxhelp.in
And you should add an entry for server.linuxhelp.in in the DNS.

You can do that in cpanel as follows
Main >> Networking Setup >> Change Hostname
It will aslo ask you add an A record entry for it. Give your vps/server ip.

Now run the following commands.

rm -f /etc/userdomains
/usr/local/cpanel/scripts/updateuserdomains --force

Now restart the cpanel if needed.
/etc/init.d/cpaenl restart.
Thats it. The webmail  login error with cpanel should be fixed now. And you wont have to give login details twice.