Build your own server

Just forward port 21 on your router to your server...

I just wanted you to remove "SocketBindTight on" from the config file

ok, so in my router setting i have single port forwarding layout like this;

Application, External Port, Internal Port, Protocol, IP Address
FTP, 21, 21, TCP, 192.168.1.{}

if i put the server's local ip address 192.168.1.68 in the address field and enable it. will that make it work over the net?

Bulb66

*edit*

I tried removing that but it didn't work.

Yeah, that should work.

Hmm, weird that removing that from the config didn't work... I'll look into it later on, but now I have to study :(

ok, thanks all.

;)
bulb66

Originally Posted by Glider
Just forward port 21 on your router to your server...

I just wanted you to remove "SocketBindTight on" from the config file

I used the same .conf that you uploaded. Using the unchanged config, this is what the FTP client outputted:

Connecting to 192.168.1.103 , 13 Jun 2007 16:02:40
Connection closed

However, after removing SocketBindTight it, it now says:

Connecting to 192.168.1.103 , 13 Jun 2007 16:11:03
< 500 Sorry, no server available to handle request on ::ffff:192.168.1.103
Connection closed

I'm busily collecting components to have a crack at this, although I'm extending and modifying the ideas a little bit;

- I'm binning FTP for a start because its horrendously insecure and with SSH alreading in place can use SFTP or SCP instead.

- I'll be setting up the various web services to run through an https:// connection rather that http:// and set up some form of .htaccess to the front page

- I'm installing Ninan as well as Torrentflux (Ninan is a newsgroups equivalent to Torrentflux)

- I'm adding a DVB-T tuner and IR Remote and installing MythTV and assorted related services too.

All in all its going to be quite a challenge - I'll see if I can document the process as I go along - Wish me luck!

Originally Posted by chimaera
I'll be setting up the various web services to run through an https:// connection rather that http:// and set up some form of .htaccess to the front page

I went with http access from the local network, and https for external - saves me having to click away the certificate warning all the time.

Originally Posted by TheEclypse
I went with http access from the local network, and https for external - saves me having to click away the certificate warning all the time.

That is also a reasonably likely outcome - will have a play and see what works :)

When Setting up Samba i get this error.

root@blackbox:/etc/samba# smbpasswd -a ashley
New SMB password:
Retype new SMB password:
Failed to modify password entry for user ashley
root@blackbox:/etc/samba# smbpasswd ashley
New SMB password:
Retype new SMB password:
Failed to find entry for user ashley.
Failed to modify password entry for user ashley

Any help would be great

You need to run it with sudo....

sudo smbpasswd -a ashley

lol, I totally forgot to create the user in xubuntu first. that solved my problem

Yeah, that's your problem... :D

Great article! I've gotten the system running successfully on a PII 450 with 192MB RAM. (My goal was lowest power consumption using found parts. Rough calculations are about 84w at peak, assuming 25w for Mobo, 27w for CPU, 21w for three sticks of RAM, 4w for the NIC, and 7w for the fans.)

The only problem I've run into concerns the VNC connection. I followed the guide to the letter, set up the port, and created the script, and the first connection worked like a charm!

But after restarting the machine, I can no longer get in. The error message reads:

---------------------------
Ultr@VNC Info
---------------------------
Connection failed - Error reading Protocol Version

Possible causes:
- You've forgotten to select a DSMPlugin and the Server uses a DSMPlugin
- Viewer and Server are not compatible (they use different RFB protocoles)
- Bad connection
---------------------------
OK
---------------------------

I've got the connection to the CLI running through SSH just fine though... does anyone have any ideas on what might be causing this?

Or, is there an easy way to start the VNC service manually from the terminal?

Thanks!

To start the VNC server from CLI, issue

sh /usr/local/bin/sharex11vnc

But check if it's running allready before you do that by issuning a

sudo netstat -taunp | grep vnc

If it is, stop it first

killall x11vnc

Did you try tunneling through instead of connecting straight to it? I too had some problems with direct connections from Windows, but never had them when tunneling through an SSH connection (it's because windows has an other way of handeling VNC).

Also, are you sure you set autologin and the x11share script to be run at login?

alright got another problem with proftpd.
when restarting after saving changes to the .conf file i get this error

root@blackbox:/etc# mousepad /etc/proftpd/proftpd.conf
root@blackbox:/etc# /etc/init.d/proftpd restart
* Stopping ftp server proftpd [ OK ]
* Starting ftp server proftpd - Fatal: <Directory>: missing arguments on line 98 of '/etc/proftpd/proftpd.conf'
[fail]

Man, that config is really annoying me... I have no problems with it at all...

You could try the one TheEclypse provided...

Originally Posted by TheEclypse

Code:

ServerName			"Deep Thought"
ServerType			standalone
ServerIdent			on		"DeepThought"
DeferWelcome			on
DefaultServer			on

DisplayLogin			.welcome	# Textfile to display on login
DisplayConnect			.connect	# Textfile to display on connection
DisplayFirstChdir               .firstchdir	# Textfile to display on first changedir

UseReverseDNS       		off
IdentLookups        		off

Port				21
Umask				022
MaxInstances                    15
MaxClientsPerHost               3 		"Only %m connections per host allowed"
MaxClients                      10 		"Only %m total simultanious logins allowed"
MaxHostsPerUser                 1

User				nobody
Group				nogroup

ScoreboardFile 			/var/log/scoreboard

# Some logging formats
LogFormat            		default 	"%h %l %u %t \"%r\" %s %b"
LogFormat            		auth    	"%v [%P] %h %t \"%r\" %s"
LogFormat            		write   	"%h %l %u %t \"%r\" %s %b"

# Define log-files to use
TransferLog          		/var/log/proftpd.xferlog
ExtendedLog         		/var/log/proftpd.access_log    WRITE,READ write
ExtendedLog          		/var/log/proftpd.auth_log      AUTH auth
ExtendedLog          		/var/log/proftpd.paranoid_log  ALL default


AllowStoreRestart 		on
AllowRetrieveRestart		on
RequireValidShell               off
PathDenyFilter                  "\\.ftp)|\\.ht)[a-z]+$"
DefaultRoot 			/
DenyFilter 			\*.*/

ListOptions			"" strict

Originally Posted by Glider
Did you try tunneling through instead of connecting straight to it? I too had some problems with direct connections from Windows, but never had them when tunneling through an SSH connection (it's because windows has an other way of handeling VNC).

Also, are you sure you set autologin and the x11share script to be run at login?

Thanks for the reply, Glider! To make sure I understand, "tunneling through" simply means to open the SSH connection via PuTTY first, right?

I tried running the script manually, and here's what I see:

aaron@server:~$ sudo netstat -taunp | grep vnc
Password:

Since nothing returns, I assume that it's not running. But just to make sure:

aaron@server:~$ killall x11vnc
x11vnc: no process killed

Got it, I'm definitely sure that it's not running. So I restart it:

aaron@server:~$ sh /usr/local/bin/sharex11vnc
17/06/2007 08:01:06 passing arg to libvncserver: -rfbauth
17/06/2007 08:01:06 passing arg to libvncserver: /home/aaron/.vnc/passwd
17/06/2007 08:01:06 passing arg to libvncserver: -desktop
17/06/2007 08:01:06 passing arg to libvncserver: VNC aaron@

Settings:
 display:    null
 authfile:   null
 subwin:     0x0
 -sid mode:  0
 clip:       null
 flashcmap:  0
 shiftcmap:  0
 force_idx:  0
 cmap8to24:  0
 8to24_opts: null
 24to32:     0
 visual:     null
 overlay:    0
 ovl_cursor: 1
 scaling:    0 1.0000
 viewonly:   0
 shared:     0
 conn_once:  0
 timeout:    0
 inetd:      0
 filexfer:   1
 http:       0
 connect:    null
 connectfile null
 vnc_conn:   1
 allow:      null
 input:      null
 passfile:   null
 unixpw:     0
 unixpw_lst: null
 stunnel:    0
 accept:     null
 accept:     null
 gone:       null
 users:      null
 using_shm:  1
 flipbytes:  0
 onetile:    0
 solid:      null
 blackout:   null
 xinerama:   1
 xtrap:      0
 xrandr:     0
 xrandrmode: null
 padgeom:    null
 logfile:    null
 logappend:  0
 flag:       null
 rc_file:    ""
 norc:       0
 dbg:        0
 bg:         1
 mod_tweak:  1
 isolevel3:  0
 xkb:        0
 skipkeys:   null
 sloppykeys: 0
 skip_dups:  0
 addkeysyms: 1
 xkbcompat:  0
 clearmods:  0
 remap:      null
 norepeat:   1
 norepeatcnt:2
 nofb:       0
 watchbell:  1
 watchsel:   1
 watchprim:  1
 seldir:     null
 cursor:     1
 multicurs:  0
 curs_mode:  null
 arrow:      1
 xfixes:     1
 alphacut:   240
 alphafrac:  0.33
 alpharemove:0
 alphablend: 1
 cursorshape:1
 cursorpos:  1
 xwarpptr:   0
 buttonmap:  null
 dragging:   1
 wireframe:  0xff,3,0,32+8+8+8,all,0.15+0.30+5.0+0.125
 wirecopy:   always
 scrollcopy: always
  scr_area:  60000
  scr_skip:  ##Soffice.bin,##StarOffice
  scr_inc:   ##Nomatch
  scr_keys:  null
  scr_term:  null
  scr_keyrep: null
  scr_parms: 0+64+32+32,0.02+0.10+0.9,0.03+0.06+0.5+0.1+5.0
 fixscreen:  null
 noxrecord:  0
 grabbuster: 0
 ptr_mode:   2
 inputskip:  10
 speeds:     null
 wmdt:       null
 debug_ptr:  0
 debug_key:  0
 defer:      30
 waitms:     30
 wait_ui:    2.00
 nowait_bog: 0
 slow_fb:    0.00
 readtimeout: 20
 take_naps:  1
 sb:         60
 fbpm:       1
 xdamage:    1
  xd_area:   20000
  xd_mem:    1.000
 sigpipe:    null
 threads:    0
 fs_frac:    0.75
 gaps_fill:  4
 grow_fill:  3
 tile_fuzz:  2
 snapfb:     0
 rawfb:      null
 pipeinput:  null
 gui:        0
 gui_mode:   null
 noremote:   0
 unsafe:     0
 privremote: 0
 safer:      0
 nocmds:     0
 deny_all:   0
 pid:        27037

17/06/2007 08:01:06 x11vnc version: 0.8.2 lastmod: 2006-07-12
17/06/2007 08:01:06
17/06/2007 08:01:06 *** XOpenDisplay failed. No -display or DISPLAY.
17/06/2007 08:01:06 *** Trying ":0" in 4 seconds.  Press Ctrl-C to abort.
17/06/2007 08:01:06 *** 1 2 3 4
17/06/2007 08:01:22

17/06/2007 08:01:22 ***************************************
17/06/2007 08:01:22 *** XOpenDisplay failed (:0)

*** x11vnc was unable to open the X DISPLAY: ":0", it cannot continue.
*** There may be "Xlib:" error messages above with details about the failure.

Some tips and guidelines:

 * An X server (the one you wish to view) must be running before x11vnc is
   started: x11vnc does not start the X server.

 * You must use -display <disp>, -OR- set and export your DISPLAY
   environment variable to refer to the display of the desired X server.
 - Usually the display is simply ":0" (in fact x11vnc uses this if you forget
   to specify it), but in some multi-user situations it could be ":1", ":2",
   or even ":137".  Ask your administrator or a guru if you are having
   difficulty determining what your X DISPLAY is.

 * Next, you need to have sufficient permissions (Xauthority)
   to connect to the X DISPLAY.   Here are some Tips:

 - Often, you just need to run x11vnc as the user logged into the X session.
   So make sure to be that user when you type x11vnc.
 - Being root is usually not enough because the incorrect MIT-MAGIC-COOKIE
   file will be accessed.  The cookie file contains the secret key that
   allows x11vnc to connect to the desired X DISPLAY.
 - You can explicity indicate which MIT-MAGIC-COOKIE file should be used
   by the -auth option, e.g.:
       x11vnc -auth /home/someuser/.Xauthority -display :0
       x11vnc -auth /tmp/.gdmzndVlR -display :0
   you must have read permission for the auth file.

 - If NO ONE is logged into an X session yet, but there is a greeter login
   program like "gdm", "kdm", "xdm", or "dtlogin" running, you will need
   to find and use the raw display manager MIT-MAGIC-COOKIE file.
   Some examples for various display managers:

     gdm:     -auth /var/gdm/:0.Xauth
     kdm:     -auth /var/lib/kdm/A:0-crWk72
     xdm:     -auth /var/lib/xdm/authdir/authfiles/A:0-XQvaJk
     dtlogin: -auth /var/dt/A:0-UgaaXa

   Only root will have read permission for the file, and so x11vnc must be run
   as root.  The random characters in the filenames will of course change,
   and the directory the cookie file resides in may also be system dependent.
   Sometimes the command "ps wwaux | grep auth" can reveal the file location.

See also: http://www.karlrunge.com/x11vnc/#faq

And I'm stuck there. Any ideas? This is the one issue that Google hasn't been able to fix. I appreciate the help!

Have you logged into an X session? Because x11vnc connects to an existing session.

If just from cli, then try (not sure if it will work tough)

startx &
sh /usr/local/bin/sharex11vnc

Hey everyone. Long time reader, first time poster I guess. Anyways, I do have a question since I'm sort of ignorant on the subject.

I followed the article nearly exactly and have everything working fine on the file server. I can access it by typing the LAN IP of it into my browser, control TorrentFlux, etc. What I was wondering is how could I access it from outside my house? Say I'm at a friends and I want to start downloading a torrent onto the computer, would I just have to forward port 80 to the server and type in my WAN IP? Any help would be greatly appreciated.

P.S. Great article Glider.

Originally Posted by exanimas
Hey everyone. Long time reader, first time poster I guess. Anyways, I do have a question since I'm sort of ignorant on the subject.

I followed the article nearly exactly and have everything working fine on the file server. I can access it by typing the LAN IP of it into my browser, control TorrentFlux, etc. What I was wondering is how could I access it from outside my house? Say I'm at a friends and I want to start downloading a torrent onto the computer, would I just have to forward port 80 to the server and type in my WAN IP? Any help would be greatly appreciated.

P.S. Great article Glider.

Thats right ;)

Alright, now for sub-questions. Is it possible my ISP has blocked port 80 to stop people from hosting websites? Is it possible to change that port if I wanted to? and finally, if I set it up like mentioned above and typed my WAN IP in, how would it know which computer to go to since there's multiple PCs on my network? Thanks for the response Eclypse.

Originally Posted by exanimas
Is it possible to change that port if I wanted to?

I wouldnt have thought the ISP would block it, but you can change the port by doing in the following.

sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/mysite

This creates a new virtual host - now you need to set the port it is running on. Open mysite using any way you feel comfortable with (I use sudo nano), and change the following:

NameVirtualHost *
<VirtualHost *>

becomes

NameVirtualHost *:1111
<VirtualHost *:1111>

Now open /etc/apache2/ports.conf, and add the line:

Listen 1111

Finally, restart apache:

sudo invoke-rc.d apache2 restart

That will have th site running on port 1111.

Originally Posted by exanimas
how would it know which computer to go to since there's multiple PCs on my network?

In your router settings, there should be something called "Virtual Server". It should allow you to enter the IP address to route information to when its recieved on certain ports. Set it to forward traffic on your web server port to the computer running the webserver, and it will be accessible externally.

so i have forwarded the ports for the ftp and ssh and i am unable to access the server from out side my network. any ideas how to fix this.


EDIT: i forwarded ports 21 and 22

Wow, great answers. I'll have to give that a go tomorrow when I have some time. Thanks for helping this Linux (and for the most part networking) newbie out TheElcypse.

Oh, and the port blocking thing is just something I heard from a co-worker who uses the same ISP as me, so it isn't a definite thing.

It is possible tough that your ISP blocks port 80 (lots of them do). Same faith goes for port 21 (FTP). The only fix is to use a port that your ISP doesn't block, mostly the unpriviledged ones (>1024)

And, restarting services is done in Debian through

/etc/init.d/apache2 restart

,altough in this case a reload of apache is probably enough

/etc/init.d/apache2 reload