NaQ's Complete Setup Guide for Linux Seedboxes (Fedora Core/CentOS/Debian/Ubuntu)
(Click here to view the original thread with full colors/images)Posted by: naq
Complete Setup Guide for Linux Seedboxes
This guide will help you setup your newly purchased server with uTorrent, FTP server, Firefox, and more. Instructions for rtorrent and Torrentflux are also available, but we recommend uTorrent as it is the most user-friendly, and reported to work well even with only 256MB of RAM. The general principal of this guide will be to setup your server in a secure manner, and perhaps will get you to learn a bit about the Linux system along the way.
Questions, comments, corrections, and suggestions are welcomed.
When asking for help, please post as much details as possible about your problem, such as the OS, error messages, and a log file if available.
Updates:11/03 - More tweaks and corrections. Updated the wine setup. Added to the FAQ about wine with instructions to compile wine for Debian. Removed webui.zip instructions as it's not needed with the latest uTorrent.
10/28 - Some more updates to wine installation in Section 2. Added a troubleshoot for openssl in Section 7.
10/22 - Updated to an easier way to install WebUI.
10/18 - Updated Section 2 about install wine for Debian/Ubuntu.
10/16 - Updated uTorrent to 1.8.1. Added write_enable=yes to vsftpd setup. Fixed the error about sshd restart for Debian/Ubuntu. And some minor tweaks. Added a FAQ about uTorrent dropping peer connections (wine issue: http://bugs.winehq.org/show_bug.cgi?id=14188)
9/12 - Updated the guide to install uTorrent 1.8 & latest WebUI. Added a FAQ about "Too many open files"
3/25 - Added a hosts file troubleshoot for Section 5.
3/11 - Updated the firewall section with the proper way to start Firestarter in Debian/Ubuntu
3/10 - Added a vnstat guide to Section 9. Working on FreeNX setup, though it seems to not work as well as I remembered. Removed the need for Debian/Ubuntu servers to use vnc4server. Added some more install/setup procedures for Debian/Ubuntu in section 2 & 3 (for wine and vncserver to work properly). Added optional config for Debian in Section 2 (need it to install flash).
3/09 - Added Secure SSH to Section 8.
Thanks to the following people:roiko
balbaid
predateur
fatcat69
wormtail
Kflint
goodkat
dieudesorcs
Thanks to the following websites:Gentoo (http://www.gentoo.org)
OSResources (http://osresources.com/)
The Unofficial Fedora FAQ (http://www.fedorafaq.org)
Google (http://www.google.com)
and of course, FST (http://www.filesharingtalk.com)
Programs needed:Putty (http://www.chiark.greenend.org.uk/%7Esgtatham/putty/download.html)
WinSCP (http://winscp.net/eng/download.php)
VNC Viewer (http://www.tightvnc.com/download.html)
FTP Client (Recommended: CuteFTP)
Index:
1. Initial Login
2. Initial Setup
3. Install Softwares
4. Create User
5. Setup VNC Desktop
6. Setup uTorrent & WebUI
7. Setup VSFTPD
8. Security: - Change FTP & SSH Ports
- Secure VNC through a SSH Tunnel
- Configure Firewall with Firestarter
- Encrypt the Hard Drive with Truecrypt - TBA
- Secure SSH
9. Miscellaneous:- Firefox & Flash
- Install rtorrent
- Install Torrentflux - TBA
- Configure the Fluxbox Menu
- Configure Multiple IP Addresses
- Using vnstat to monitor bandwidth usage
10. FAQ
11. History
1. Initial loginSo you've finally received the email after waiting so impatiently for your server. Now what to do? Run Putty, of course.
http://img150.imageshack.us/img150/715/puttylogin1qt0.jpg
Enter the IP Address of your server like shown, click Open.
http://img135.imageshack.us/img135/8840/puttylogin2ag7.jpg
Enter the root login information as provided in the email, and you should be able to login to your server. You are now in a Putty terminal, connected to your server through a secure protocol called SSH.
http://img166.imageshack.us/img166/871/puttylogin3cw6.jpg
Tips for Putty:
- Highlight text to copy from Putty
- Right-click to paste to Putty
2. Initial Setup
The CLI The Command Line Interface (what you see in front of you as you successfully login through Putty) is what we'll use throughout this guide to setup your server. Some simple commands you can type to get familiar:
- Shows the present working directory.
# pwd- Lists the files and folders in the present directory.
# ls- Like "ls", but also lists all hidden files and folders. You'll see that files and folders starting with "." (like .ssh/) are hidden.
# ls -a- Change directory to the root directory. NOTE: /root is the home folder of the root user.
# cd /- Change directory to the home folder. Since you are login as root, you are now back in /root/.
# cd ~/ Go HERE (http://www.ss64.com/bash/) for a comprehensive list of basic commands you can do.
Change root password We want to change the most important password of the server, so your provider doesn't know it. A strong password is highly recommended.
# passwd
New password:
Verify:
Delete SSH key authentication Certain providers create SSH authentication keys that will allow them to login to your server as root without actually knowing the password. We want to delete the authorized_keys2 file if it's there:
# ls .ssh
authorized_keys2
# rm .ssh/authorized_keys2 Note: Try the auto-complete feature by just typing "rm .ssh/au", then press Tab, and the rest of the filename will fill automatically.
Note: Key authentication can be a secure method of login, since you'd need an actual key file on your computer to authenticate against the server. See Section 8 for instructions.
Nano - The text editor In Linux, you'll find yourself editing a lot of text files. Nano is a simple CLI text editor that you'll be using throughout this guide.
# nano You are now in nano. The text you see on the bottom of the terminal is the various commands. For our purpose, all you need to know is "WriteOut" and "Exit", which is save and quit. The "^" character denotes the Ctrl key. So to save a file, press Ctrl+O, and to quit is Ctrl+X. Just exit nano for now.
Disable SELinux
(Not applicable to Debian/Ubuntu systems, AFAIK) Some servers come with SELinux (http://en.wikipedia.org/wiki/SELinux) enabled which will cause some problems later on, specifically with FTP setup (user login & SSH/TLS setup). Please comment if you have a workaround without turning SELinux off. But for now, we'll just disable it if it's enabled.
Check SELinux status:
# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
If you see the line SELINUX=disabled or you don't have this file, move on to the next section.
If your output says SELINUX=enforcing or SELINUX=permissive, we'll disable it:
# nano /etc/sysconfig/selinux change "SELINUX=..." to "SELINUX=disabled". Save & exit.
You'll need to restart the server for this change to take effect. This should be the one and only time you will have to restart your server.
# reboot Wait a few minutes (and maybe cross your fingers :)) as your server restarts. Now login again through Putty.
System Updates Linux distributions use package management systems to easily install and maintain softwares. Fedora Core and CentOS use "yum", Debian and Ubuntu use "apt". Now, we'll add a few extra repositories (servers with additional softwares for your system) to yum and apt, and then do a system-wide update before continuing on with installing softwares. Each system has its own procedure, so follow the one you have accordingly.
Fedora Core 4:
# cd /etc
# mv yum.conf yum.conf.bak
# wget http://www.fedorafaq.org/fc4/samples/yum.conf
# rpm -Uvh http://www.fedorafaq.org/fc4/yum
# yum update Say yes when asked to update all softwares.
Fedora Core 5:
# cd /etc
# mv yum.conf yum.conf.bak
# wget http://www.fedorafaq.org/fc5/samples/yum.conf
# rpm -Uvh http://www.fedorafaq.org/fc5/yum http://rpm.livna.org/livna-release-5.rpm
# yum update Say yes when asked to update all softwares.
Fedora Core 6:
# rpm -Uvh http://www.fedorafaq.org/fc6/yum http://rpm.livna.org/livna-release-6.rpm
# yum updateSay yes when asked to update all softwares.
NOTE: Thanks to The Unofficial Fedora FAQ (http://www.fedorafaq.org) for the instructions above.
CentOS 4/5:
# nano /etc/yum.repos.d/Extra.repoCopy & paste the following into the Extra.repo file:
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
enabled=1
[kbs-CentOS-Extras]
name=CentOS.Karan.Org-EL$releasever - Stable
gpgcheck=1
gpgkey=http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
enabled=1
baseurl=http://centos.karan.org/el$releasever/extras/stable/$basearch/RPMS/
[kbs-CentOS-Misc]
name=CentOS.Karan.Org-EL$releasever - Stable
gpgkey=http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
gpgcheck=1
enabled=1
baseurl=http://centos.karan.org/el$releasever/misc/stable/$basearch/RPMS/ Save & exit.
# rpm --import http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
# rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
# yum update Say yes when asked to update all softwares.
Debian & Ubuntu:
Install the wine repository:
Update: Debian users should NOT follow this step at the moment due to a bug in wine that drops peer connections in uTorrent. The older version in Debian (0.9.25) works fine enough. See the FAQ for more details.
Ubuntu Hardy Heron (8.04):
# wget http://wine.budgetdedicated.com/apt/387EE263.gpg
# apt-key add 387EE263.gpg
# wget http://wine.budgetdedicated.com/apt/sources.list.d/hardy.list -O /etc/apt/sources.list.d/winehq.listUbuntu Intrepid Ibex (8.10):
# wget http://wine.budgetdedicated.com/apt/387EE263.gpg
# apt-key add 387EE263.gpg
# wget http://wine.budgetdedicated.com/apt/sources.list.d/intrepid.list -O /etc/apt/sources.list.d/winehq.listNext, run a system update:# apt-get update
# apt-get upgrade Say yes when asked to update all softwares.
Optional configuration for Debian (will need it if you want Flash):
We are gonna assume you are running Debian 4.0 (Etch), we can install the "backports" repository which will have more updated softwares than the stable tree.
Edit the sources.list file:
# nano /etc/apt/sources.listInsert the following line to the end:
deb http://www.backports.org/debian etch-backports main contrib non-freeSave and exit.
Get the verification key:
# wget http://backports.org/debian/archive.key
# apt-key add archive.keyRun update:
# apt-get updateYou can also run "apt-get -t etch-backports upgrade", but it's not necessary.
3. Install SoftwaresThe following softwares will be installed in one easy command:
vncserver - Provides a GUI interface with a VNC Desktop (Virtual Network Computing)
wine - Windows emulation software for uTorrent
xterm - a GUI terminal
fluxbox - a light-weight Windows Manager for your VNC Desktop
vsftpd - a FTP server (File Transfer Protocol)
firefox - a web browser
vnstat - a bandwidth monitoring tool
Fedora Core & CentOS:
# yum install vnc-server wine xterm fluxbox vsftpd firefox vnstatSay yes when asked. You'll see many dependencies packages being installed as well.
Debian & Ubuntu:
# apt-get install vncserver wine xterm fluxbox vsftpd firefox vnstat
# update-menusSay yes when asked. You'll see many dependencies packages being installed as well.
Debian & Ubuntu systems don't download all the needed dependencies for vncserver, so we'll have to install them manually.
# apt-get install xfonts-base xfonts-75dpi xfonts-100dpiOptional for Debian:
Install a newer version of fluxbox:
# apt-get -t etch-backports install fluxbox4. Create UserWe do not want to use root as a user, since root is an administrative account with full control over your server, it is not meant to be used due to possible screwups and security purposes. Therefore, we'll create a new user to use.
Note: Repeat Section 4 - 6 to create additional users. All users will be able to run their own instances of VNC desktop & uTorrent, as well as login with FTP. See Section 9 for instructions on how setup separated IP Addresses for multiple users.
# useradd -m pirateNote: Replace pirate with any username you like.
Create a password for this new account:
# passwd pirate
New password:
Verify:Now we can login to Putty again with this new user account. Right-click on Putty's title bar, select "Duplicate Session", and login with pirate. You can close the old Putty window that is logged in under root.
5. Setup VNC DesktopNow that we are logged in as a new user. Notice first, where your home folder is located
$ pwd
/home/pirateNote: Notice the "$" sign used above. From now on, this means the command is executed under the user account. And "#" is for commands executed under the root account.
We need to configure fluxbox to run when starting the VNC Desktop:
$ mkdir .vnc
$ nano .vnc/xstartupInsert the following into the xstartup file:
fluxboxSave and exit.
Make the xstartup file executable:$ chmod +x .vnc/xstartupThat's all we needed in order to start up our VNC Desktop. Since this is the first time you start vncserver, you'll be asked to enter a new password for access to the VNC Desktop. For simplicity, you can just use the same password for your user account here.$ vncserver :1
New 'your.hostname:1 (pirate)' desktop is your.hostname:1
Starting applications specified in /home/pirate/.vnc/xstartup
Log file is /home/pirate/.vnc/your.hostname:1.logThe above command will be used whenever you want to start a new VNC Desktop, for instance if when your server crash and you need to start things up again.
The command to stop the VNC Desktop is:
WARNING: This command is here just so you know it, DON'T enter it next.
$ vncserver -kill :1
Killing Xvnc process ID 3489Launch VNC Viewer. Enter the address of your server in VNC Viewer as shown below. And remember, the address is "your.ip:1".
RealVNC Viewer:
http://img405.imageshack.us/img405/6271/vnc1qs9.jpg
TightVNC Viewer:
http://img86.imageshack.us/img86/984/vncviewergt3.jpg
http://img211.imageshack.us/img211/6025/vncviewerpasswordyv5.jpg
At this point, if you are prompted for the VNC password, you've succeeded for the most part in setting up your Linux server.
Note: To change the VNC password, type this command:
$ vncpasswd Note: If you are setting up the 2nd VNC Desktop for another user, remember that you'll have to use a different display number. For example: "$ vncserver :2". Then connect to "your.ip:2" in VNC Viewer.
Troubleshoot: If you are unsuccessful here in connecting to your VNC Desktop, please post in this thread the VNC Viewer error and the VNC log, which can be displayed by:$ cat .vnc/your.hostname.logSample VNC connection error:
http://img529.imageshack.us/img529/1181/vnc2qf2.jpg
Troubleshoot: Your server might came with a firewall installed, which would block the VNC connection attempt. We'll setup a firewall later in the guide, so for now we can disable this firewall if it exists. To find out, type the following in Putty while login as root to list the filter table of iptables:
# iptables -t filter -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destinationThe above output means there is no firewall. If your output has entries under the 3 chains (INPUT, FORWARD, OUTPUT) and/or has more chains, then we'll need to flush the iptables:
# iptables -F List the table again to make sure it's empty. Then try to connect with VNC Viewer again.
Troubleshoot: Your server may not have a proper hosts file setup which will result in this error (you can see it in the log):
_X11TransSocketINETConnect() can't get address for your.hostname: Name or service not known If you get this error, open the hosts file:
$ su
# nano /etc/hostsMake sure the file has the following two lines:
127.0.0.1 localhost
your.ip your.hostnameReplace "your.ip" & "your.hostname" with the ones for your server. If you don't know your hostname, type:
# hostnameThen restart the vncserver using the commands above.
6. Setup uTorrent & WebUIFrom now on, you can close the Putty program as we'll use the xterm terminal in the VNC Desktop.
As you successfully login to your remote desktop, you'll see a blank screen with a taskbar on the bottom. Right-click anywhere on the desktop for the fluxbox menu, and find xterm (usually under Terminals).
http://img84.imageshack.us/img84/6092/vnc3yi0.th.jpg (http://img84.imageshack.us/my.php?image=vnc3yi0.jpg)
xterm is just another terminal like Putty.
It's time to install uTorrent, in the new xterm window, type:
$ wget http://download.utorrent.com/1.8.1/utorrent.exe The latest uTorrent (version 1.8.1) is now downloaded to your home folder.
Start uTorrent:
WARNING:At the setup screen, click CANCEL as we don't want to install uTorrent like in Windows. It runs fine as a stand-alone application.
$ wine utorrent.exeSuggested tips to configure uTorrent:
- Use Speed Guide and set your connection to "xx/100Mbps" or "xx/10Mbps" depending on what you have
- Choose any port above 45,000
- Enable Encryption
- Disable DHT, Local Peer Discovery, Peer Exchange
- No randomize ports, disable UPnP port mapping & NAT-PMP port mapping
- Enable WebUI Interface, insert WebUI's un & pw
- In Advanced Options, set gui.delete_to_trash to FALSE
- Un-check Minimize to tray & Close to tray
Note: See the FAQ about Disk Overloaded Errors and how to work around it.
All set.
WebUI should also work if you configure it. The address will be http://your.ip:xxxxx/gui (http://your.ip:PORT/gui) , where xxxxx is the uTorrent's port number you setup previously. If successfully connected, the browser will prompt for your WebUI's un & pw that you set in uTorrent. We recommend that you set the WebUI's un & pw to be different from your user account. So if WebUI is compromised, your server is still safe.
That's it. Now it's time to put your server to the test :). We are gonna assume you know how to use uTorrent and/or WebUI. Read on if you want to setup a FTP server, Firefox & Flash, configure multiple IPs, configure firewall, and more. See the FAQ for some useful info as well.
7. Setup the FTP Server (VSFTPD)
You can setup a FTP Server on your seedbox to transfer files to and from your home PC. This is quite advantageous since you most likely will be able to download files from your server to your PC at the maximum speed provided by your ISP, as well as reducing the need to use Bittorrent at home.
We had already installed VSFTPD from Section 3. Configuring VSFTPD is simple, however we also want to configure VSFTPD to use TLS/SSH authentication.
Note: Enabling TLS/SSH authentication will NOT work if SELinux is enabled. See Section 2 to check if SELinux is enabled. And if so, to disable it.
Note: Users will NOT be able to login if SELinux is enabled. See Section 2 to check if SELinux is enabled, and if so, to disable it.
Note: The root user is not allowed to login with FTP by default.
In VNC Desktop:
We need root privileges to configure VSFTPD. The command "su" will let us switch user. Type in xterm (remember not to use the one that's running uTorrent):
$ su
Password:
#Here, we need to enter the root password to switch to the root user.
Create a new SSH certificate for VSFTPD:
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /root/vsftpd.pem -out /root/vsftpd.pemThe command above will ask you a bunch of information. Insert whatever you like.
Troubleshoot: If you encountered the error: "openssl command not found", then openssl isn't installed on your server. To install it:
Fedora Core/CentOS:
# yum install openssl
Debian/Ubuntu:
# apt-get install opensslNow it's time to configure VSFTPD through editing the vsftpd.conf file:
Fedora Core & CentOS:
# nano /etc/vsftpd/vsftpd.confDebian & Ubuntu:
# nano /etc/vsftpd.confRelevant changes:
anonymous_enable=NO
local_enable=YES
write_enable=YES
Note: make sure to remove the comment sign from the settings you want (#)
Relevant additions to the end of the file:
ssl_enable=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/root/vsftpd.pem
Save & exit.
Start VSFTPD:
# /etc/init.d/vsftpd start
Starting vsftpd for vsftpd: [ OK ]When making changes to vsftpd.conf, you'll need to restart VSFTPD, to do so:
# /etc/init.d/vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]To have VSFTPD autostart on boot:
Fedora Core & CentOS:
# chkconfig vsftpd onDebian & Ubuntu:
# update-rc.d vsftpd defaults Now, you can try to login to your server using the FTP Client of your choice with your pirate account. Make sure to select the connection type as "FTP with TLS/SSH".
Exit out of the root user in xterm:
# exit
$Note: See Section 8 to change the default ports for the FTP & SSH services.
If you need help with your Windows FTP Client, see fatcat69's FTP guide HERE (http://filesharingtalk.com/vb3/f-guides-and-tutorials-65/t-setting-up-ftp-server-ssl-276623).
Note: CuteFTP is recommended for its ability to download 1 large file with multiple connections to maximize speed. Please post if you know of other clients that have this feature.
8. Security This section will deal with setting up various security features on your server.
Change FTP & SSH Ports FTP & SSH use ports 21 & 22 respectively. These two ports are under constant brute force login attempts by bots trying to compromise systems. Therefore, we want to change them.
Change FTP Port:
$ su
Fedora Core & CentOS:
# nano /etc/vsftpd/vsftpd.conf
Debian & Ubuntu:
# nano /etc/vsftpd.conf
Add the following line to the end:
listen_port=54321
Save and exit. Choose any port number you want. Remember, you'll have to specify this same number in your FTP Client.
After this change, we'll need to restart VSFTPD:
# /etc/init.d/vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
# exit
$Change SSH Port:
$ su
# nano /etc/ssh/sshd_configChange the following line:
# Port 22
to
Port 54322
Save and exit. Choose any port number you want. Remember, you'll have to specify this same number in Putty and WinSCP.
Fedora Core & CentOS:
# /etc/init.d/sshd restart
Debian & Ubuntu:
# /etc/init.d/ssh restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
# exit
$
Secure VNC through a SSH TunnelNotice so far, we are using 4 network services/programs. They are SSH, FTP, VNC, and Bittorrent. SSH is a secure protocol. We've setup FTP to use a secure authentication method, although the transferring of data isn't so (Note: you can use SFTP for secure FTP transfers, but at the cost of speed). VNC isn't a secure service, so we'll use a SSH's feature called tunnel to encrypt the traffic.
Your VNC Desktop is currently running on display :1 with the network port being 5901. With setting up a tunnel, this port isn't needed to be accessible from outside, since we are using the SSH protocol & port. So, let's restart vncserver with the "localhost" option. First, exit uTorrent in your existing VNC Desktop to ensure no issue with your active torrents. Then, in Putty:
$ vncserver -kill :1
Killing Xvnc process ID 3489This command will start a VNC Desktop that will only allow connection from the same machine:
$ vncserver -localhost :1Tip: For a bigger resolution VNC Desktop, you can add the "-geometry" syntax, like so:
$ vncserver -localhost -geometry 1920x1080 :1Note: If you already start vncserver without setting the geometry, then you'll need to kill it first. Replace 1920x1080 with any resolution you prefer.
Close Putty and open a new Putty window on your PC, enter the IP & Port information for SSH. On the left window, go to Connections - SSH - Tunnels. Under "Add new forwarded port:", insert the following:
Source port: 5900
Destination: localhost:5901
Click Add
http://img141.imageshack.us/img141/8775/putty5aw6.jpg
Go back to Session on the left window, we'll save the Putty settings for convenience. Under "Saved Sessions", insert any name you like, and click Save. From now on, to connect to your server with Putty, just double click on the Saved Session. The tunnel for VNC will also be loaded automatically as well.
http://img235.imageshack.us/img235/5893/putty4sz3.jpg
That's it, we've created a tunnel for VNC. The source port 5900 (which is conveniently the default port in VNC Viewer) is the port on your home PC, and the destination port is 5901 on your server, which is the port for your running VNC Desktop. Let's login. Open VNC Viewer, the address is simply "localhost"
http://img239.imageshack.us/img239/9868/vnc6kx8.jpg
http://img99.imageshack.us/img99/5689/vnc7ob7.jpg
Troubleshoot: If VNC Viewer reports connection refused, try checking for a proper hosts file on your server. The instruction is in Section 5 (Setup VNC Desktop).
Note: Now that we've secured VNC, the next section will deal with securing the rest of your server. Notice that we currently have 3 active ports: 54321 for FTP, 54322 for SSH, and the uTorrent port, which we'll just use 54320 for convenience. Thus, when setting up the firewall next, we'll just have to add one entry, which is to allow ports 54320 - 54322.
Configure Firewall with FirestarterLinux comes with a powerful tool called iptables (http://www.netfilter.org/) to intercept and manipulate network packets. We'll setup iptables in this section to be the firewall for the server. Since manually configuring iptables is beyond the scope of this guide, we'll use a GUI frontend to iptables called Firestarter (http://www.fs-security.com/). Let's install Firestarter.
Fedora Core & CentOS 4:
$ su
# yum install firestarter
# exit
$CentOS 5:
$ wget http://centos.karan.org/el4/extras/stable/i386/RPMS/firestarter-1.0.3-1.i386.rpm
$ su
# yum install firestarter-1.0.3-1.i386.rpm
# exit
$Debian & Ubuntu:
$ su
# apt-get install firestarter
# exit
$In your VNC Desktop, open a new xterm, start Firestarter:
Fedora Core & CentOS:
$ firestarterhttp://img99.imageshack.us/img99/6633/firestarter5qz1.th.jpg (http://img99.imageshack.us/my.php?image=firestarter5qz1.jpg)
You need to provide the root password here, as Firestarter requires administrator privileges.
Debian & Ubuntu:
Firestarter requires the user to have sudo permission, which is a quicker way for users to execute root commands with out "su". So we'll have to give it:
$ su
# visudoYou are now looking at the sudoers file using "vi" which is another text editor. Press "i" for Insert Mode to edit text, insert the following to the end, after the same line for "root":
pirate ALL=(ALL) ALLhttp://img213.imageshack.us/img213/2438/firestarter8no2.jpg
Press "ESC" to quit Insert Mode. Type ":wq" to save and exit.
Launch Firestarter:
# exit
$ sudo firestarter
[sudo] password for pirate:Type your pirate's password here.
The first time Firestarter runs, it'll run a short Setup Wizard, click through it following these settings:
- Makes sure the network device is eth0
- No Internet Connection Sharing
- Don't check "Start Firewall Now"
We don't want to start the firewall yet because we haven't open the proper ports. Go to the "Policy" Tab, right-click under "Allow Service", select "Add Rule". In the Port field, insert the port range you need. So according to this guide, the range we'll need is 54320-54322.
http://img132.imageshack.us/img132/387/firestarter6lb3.jpg
Note: If you don't want to use VNC through the SSH Tunnel, you'll need to add another rule for port 5901.
Click Apply Policy. Then Start Firewall.
http://img134.imageshack.us/img134/9735/firestarter7to7.jpg
Note: Remember that Firestarter is just a frontend to iptables, you don't have to leave it running. We recommend you close it to save resources. Also, the firewall will autostart on reboot.
That's it for setting up the basic firewall. However, you'll notice that we can't login to the FTP server anymore. The reason is the FTP server uses random ports above 1024 for data connections. So we'll need to specify a port range for FTP connections, which we'll use port 54323 - 54340 for convenience.
Edit the VSFTPD config file:
$ su
# nano /etc/vsftpd/vsftpd.conf
Note: for Debian & Ubuntu users, the config file is in a different location, type:
# nano /etc/vsftpd.confInsert the following lines to the end:
pasv_min_port=54323
pasv_max_port=54340Save and exit.
Then, in Firestarter, edit the rule from 54320-54322 to 54320-54340. Click Apply Policy.
Tip: To see all the entries Firestarter added to iptables, type the following in Putty when login as root:
# iptables -t filter -LTip: To monitor the firewall without running Firestarter, open a new xterm, type:
$ su
# tail -f /var/log/messagesThe above command actively updates the terminal when new entries are added to the system log. To exit from "tail", press Ctrl+C. The file "/var/log/messages" contains all events log for your server. It is wise to keep an eye on it from time to time to find out if anything is wrong.
Tip: When you see constant attempts to connect to your server under one port like the screenshot below, you may not want iptables to log all the drop connections (the log file will grow too big). To do so, right-click on an entry under "Events" and select "Disable Events on Port". You can remove/add logged ports in Firestarter's Settings.
http://img220.imageshack.us/img220/844/firestarter1dt1.jpg
Encrypt the Hard Drive with Truecrypt TBA
Secure SSHThanks to The Fedora Unity Project (http://fedorasolved.org/post-install-solutions/securing-ssh) for portions of this section.
This section will guide you to secure the SSH server. The instructions here are border-lining on paranoia (perhaps completely). However, there is one advantage as you won't need to enter your password when login with Putty, which is very convenient when you are using SSH to tunnel your VNC Desktop. What we'll do is setup the Key Authentication feature for all users before disabling Password Authentication, so that only people possessing the key file will be able to login to your server.
First, login to your server from Putty as root. Following are the needed configuration options in sshd_config:
# nano /etc/ssh/sshd_configWe had setup an alternate port previously:
Port 54322Make sure SSH only uses Protocol 2:
Protocol 2Allow root login only through key authentication. We don't want to disable root login altogether, since if you haven't notice, certain things can only be done under root login.
PermitRootLogin without-passwordLimit the maximum number of simultaneous unauthenticated connections:
MaxStartups 3:50:10Reduce the amount of time allowed to successfully login to 30 seconds:
LoginGraceTime 30Allow only known users:
AllowUsers root pirateEnable key authentication:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keysSave and exit.
Now, we'll create a pair of keys for the root user, a private and a public key.
Note: Repeat the steps from here on for additional users you want to have Key Authentication. Make sure you login as that user first.
# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
e8:41:87:32:13:25:93:b5:ae:3a:76:ce:14:fe:9a:b5 root@hostname
We don't need to use a passphrase for convenience. Enter a passphrase if you think your private key file may be compromised.
Two files were created in the folder /root/.ssh/. The id_rsa file is your private key that we'll need to transfer to your PC. The id_rsa.pub file will be store in the authorized_keys file on your server. The matching of these two keys is how the SSH server will authenticate the root user.
Since this is the first time you create a key pair, there is no authorized_keys file. Therefore, we can simply do this:
# mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keysNote: if you are creating a 2nd pair of keys for the same user, we'll have to add the public key to the existing authorized_keys file instead:
# cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Open WinSCP to use sFTP to transfer the private key id_rsa to your own PC. Remember, the file is in the .ssh/ folder.
Now, we'll need to convert the private key into a format that Putty will recognized. Download Putty Key Generator (http://the.earth.li/%7Esgtatham/putty/latest/x86/puttygen.exe).
In Putty Key Generator, click Load and select the id_rsa file. You probably will have to change the filter to "All Files" in Browse to see it. Click Save Private Key to save the key in .ppk format.
http://img221.imageshack.us/img221/3884/keyauth1gu6.jpg
Once successfully done, you can delete the id_rsa file on both your PC and the server.
In Putty, we'll restart the SSH server to enable all our previous settings.
Fedora Core & CentOS:
# /etc/init.d/sshd restart
Debian & Ubuntu:
# /etc/init.d/ssh restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
# exit
$Close the existing Putty session and open a new one. Hopefully, you already have a Saved Session by now. Select it and click Load. If not, enter your IP & Port information. On the left window, go to Connection - SSH - Auth. Under "Private key file for authentication", browse to your private_key.ppk file.
http://img81.imageshack.us/img81/9601/keyauth2cq2.jpg
Save the session, and click Open.
Enter root as the username, and you will be login automatically. If you entered a passphrase, then you'll have to type it in at this point.
http://img81.imageshack.us/img81/1002/keyauth3kn5.jpg
If you've come this far, you can choose to disable the normal Password Authentication login method after setting up Key Authentication for all users. To do so, set this line in sshd_config:
WARNING: By doing so, only Key Authentication is allowed. If you lose your private key, you won't be able to access your server.
PasswordAuthentication noRestart the SSH server for the change to take effect.
9. MiscellaneousThis section contains additional and optional configurations for your server.
Firefox & FlashYou probably noticed we've already installed Firefox from Section 3. To launch it, just right-click on the VNC Desktop for the fluxbox menu, locate Firefox and click. If you need the Flash plugin for Speed Tests, follow these instructions:
Fedora Core 4:
$ su
# yum --enablerepo=flash install flash-plugin
# exit Fedora Core 5/6 & CentOS:
$ su
# yum install flash-plugin
# exitUbuntu:
$ su
# apt-get install flashplugin-nonfree
# exit
$ Debian: (Assuming you installed Backports in Section 2)
$ su
# apt-get -t etch-backports install flashplugin-nonfree
# exit
$Start or restart Firefox.
Install rtorrent If you don't like uTorrent for whatever reasons, rtorrent is a good alternative. rtorrent runs in a terminal and isn't as easy to use, but I hope by now, you are more familiar and not affraid of the Linux ways.
To install rtorrent:
Fedora Core & CentOS:
$ su
# yum install rtorrent
# exit
$Debian & Ubuntu:
TBA
Note: If rtorrent cannot be installed with the instructions above, you'll need to manually compile and install it. For that, as well as instructions for rtorrent, please see fstokebanget's "How to install and use rtorrent properly in CentOS (http://filesharingtalk.com/vb3/f-guides-and-tutorials-65/t-how-install-and-use-rtorrent-properly-centos-265027)" guide.
Install Torrentflux TBA
Configure the Fluxbox Menu You can configure the fluxbox menu to your liking. Here is an example:
http://img86.imageshack.us/img86/5808/addutorrenttomenukh7.jpg
http://img246.imageshack.us/img246/2374/vnc5ju6.th.jpg (http://img246.imageshack.us/my.php?image=vnc5ju6.jpg)
To get the menu above, we need to edit the following file:
Note: Use Putty instead of xterm to copy & paste text.
Tip: Ctrl+K in nano will delete the line the cursor is on.
$ nano ~/.fluxbox/menuEdit it to look like this:
(Fluxbox-1.0.0)
[encoding] {UTF-8}
[exec] (firefox) {firefox}
[exec] (xterm) {xterm}
[exec] (uTorrent) {wine ~/utorrent.exe}
[submenu] (fluxbox menu)
[config] (Configure)
[submenu] (System Styles) {Choose a style...}
[stylesdir] (/usr/share/fluxbox/styles)
[end]
[submenu] (User Styles) {Choose a style...}
[stylesdir] (~/.fluxbox/styles)
[end]
[workspaces] (Workspace List)
[submenu] (Tools)
[exec] (Screenshot - JPG) {import screenshot.jpg && display -resize 50% screenshot.jpg}
[exec] (Screenshot - PNG) {import screenshot.png && display -resize 50% screenshot.png}
[exec] (Run) {fbrun }
[exec] (Regen Menu) {../util/fluxbox-generate_menu }
[end]
[submenu] (Window Managers)
[restart] (mwm) {mwm}
[restart] (kde) {startkde}
[end]
[commanddialog] (Fluxbox Command)
[reconfig] (Reload config)
[restart] (Restart)
[exec] (About) {(fluxbox -v; fluxbox -info | sed 1d) 2> /dev/null | xmessage -file - -center}
[separator]
[exit] (Exit)
[end]
[endencoding]
[end]Save and exit.
For information on how to manually edit the menu file, go HERE (http://fluxbox.sourceforge.net/docs/en/newdoc.menuedit.php).
[B]Configure Multiple IP Addresses (Only for Fedora Core/CentOS right now)
If your server comes with more than one IP Address, we can add the extra IPs to your system. The purpose is for each user to have his/her own IP, which will avoid sharing one address when two or more users are downloading from the same tracker. This is only needed if your tracker specifies that two users cannot share one IP. You will need to contact your tracker's staff to find out this information. You also need to setup each user with his/her own VNC Desktop to run separate instances of uTorrent. Follow Section 4 - 6 to create additional users.
Note: In our experience, two users can share a server with only 512MB of RAM. Not recommended for servers with less memory. Of course, you can have more users with more memory and good hardware.
The instructions here are a little more advanced than what we've done so far. First, we need to login to Putty as the root user, since "su" to root cannot modify network settings.
For this tutorial, we'll use the following information:
IPs: 192.168.1.5, 192.168.1.6
Netmask: 255.255.255.0
Gateway: 192.168.1.1
Note: You may need to request the extra IP from your provider.
Of course, you'll need to use the IP Addresses provided by your host. If you don't know them, issue this command, and write down the IP, Netmask, and Gateway.
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:0b:6a:34:2a:9b
ONBOOT=yes
NETMASK=255.255.255.0
IPADDR=192.168.1.5
GATEWAY=192.168.1.1
TYPE=EthernetCreate another network interface for your 2nd IP:
# cp /etc/sysconfig/network-scripts/ifcfg-eth0/ etc/sysconfig/network-scripts/ifcfg-eth0:0
# nano /etc/sysconfig/network-scripts/ifcfg-eth0:0Modify DEVICE and IPADDR in this file to reflect your 2nd IP:
DEVICE=eth0:0
HWADDR=00:0b:6a:34:2a:9b
ONBOOT=yes
NETMASK=255.255.255.0
IPADDR=192.168.1.6
GATEWAY=192.168.1.1
TYPE=EthernetSave & exit.
Bring eth0:0 up:
# ifup eth0:0To see all the network interfaces:
# ifconfigYou should see the details for eth0, eth0:0, and lo
Note: To add more IPs, just repeat the process for eth0:1, eth0:2, etc.
Now, to test if your 2nd IP works, you can try to ping it from your own PC. Start the Command Prompt, type:
C:\>ping 192.168.1.6
Pinging 192.168.1.6 with 32 bytes of data:
Reply from 192.168.1.6: bytes=32 time=1ms TTL=127
Reply from 192.168.1.6: bytes=32 time=1ms TTL=127
Reply from 192.168.1.6: bytes=32 time=1ms TTL=127
Reply from 192.168.1.6: bytes=32 time=1ms TTL=127
Ping statistics for 192.168.1.6:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1msTroubleshoot: If you cannot ping your 2nd IP, please make sure you follow the steps above exactly. Make sure your ifcfg-eth0:0 file is correctly setup. Make sure you see eth0:0 when issuing "ifconfig". And finally, you can confirm with your provider that the information is properly given and setup.
After successfully setting up the extra IP, there are two ways to make each user uses a different address. You only need to do one way, but both is OK too.
1. Specify IPs in each user's uTorrent
Go to uTorrent Preferences - Advanced
Insert your IP into these two fields: net.bind_ip & net.outgoing_ip. For example
user1's uTorrent:
net.bind_ip: 192.168.1.5
net.outgoing_ip: 192.168.1.5
user2's uTorrent:
net.bind_ip: 192.168.1.6
net.outgoing_ip: 192.168.1.62. Using iptables
The second method requires adding an entry to iptables.
Note: Thanks to Kflint for the instructions here.
In the 1st method, we only specify uTorrent to use a specific IP. With iptables, the user will use a specific IP for all traffic, which means all Internet softwares including uTorrent, Firefox, and FTP will use the specified IP.
First we need to find out the user's ID number:
# cat /etc/passwdYour account is listed at the end, like so:
pirate:x:500:500::/home/pirate:/bin/bash
We need the number that comes after your account name, which is 500 in this case. Now we can add an entry to iptables:
# iptables -t nat -A POSTROUTING -m owner --uid-owner 500 -j SNAT --to 192.168.1.6See if the above commands works:
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- anywhere anywhere OWNER UID match pirate to:192.168.1.6
Chain OUTPUT (policy ACCEPT)
target prot opt source destinationSave the iptables:
# iptables-save > /etc/sysconfig/iptablesHave iptables start on boot and load the saved config:
Fedora Core & CentOS:
# chkconfig iptables onDebian & Ubuntu:
# update-rc.d iptables defaults You only need to add an entry to iptables for the 2nd user and any additional users. It's also fine to add an entry for the 1st user if you want.
Note: Don't forget to open the necessary ports for additional users in your firewall if you had set it up previously.
Using vnstat to monitor bandwidth usageDepending on your provider, your server may not come with bandwidth monitoring. If so, you will have to monitor the bandwidth to prevent paying overage fee due to using more than the allowed limit yourself. From section 3, we already installed vnstat, which is a simple tool for bandwidth monitoring.
Vnstat by default monitors traffic on eth0, which should be your network interface. The program uses hardly any resources as it's not a traffic sniffer, it only polls your network statistics from /proc every 5 minutes.
Type the help command for a list of available options:
http://img89.imageshack.us/img89/5204/vnstat1vs1.jpg
Type "vnstat" for the default display which includes yesterday, today, and total bandwidth usages:
http://img89.imageshack.us/img89/3516/vnstat2re8.jpg
Type "vnstat -m" for monthly statistics:
http://img132.imageshack.us/img132/1043/vnstat3hj9.jpg
10. FAQ
What is a seedbox? Where can I buy one? Which server should I buy?For all these questions, see fatcat69's Seedbox FAQ (http://filesharingtalk.com/vb3/f-guides-and-tutorials-65/t-seedbox-non-owner-and-owner-faq-280125) and 007's BT Dedicated Server/Seedbox (http://filesharingtalk.com/vb3/f-guides-and-tutorials-65/t-bt-dedicated-serverseedbox-152272).
Which Linux distribution should I choose?The 4 main distributions available when renting a server are CentOS, Debian, Fedora Core, and Ubuntu. Any of them will be fine, since this guide has instructions for all of them. If you can't choose one, just flip a coin.
Why a Linux server instead of a Windows server?The main reason is price. On average, renting a server with Windows cost between $15 - $20 more. If you don't know Linux at all, and think following this guide is too hard, then Windows might be a better option.Is Linux better than Windows for a seedbox or vice versa?This is a user's preference and experience question as both can work equally well.
I got Disk Overloaded Errors and my speed dropped, how do I prevent this?Disk overloaded errors appear when the download speed is too fast for the hard drive to physically keep up. uTorrent uses your RAM as cache to store downloaded data that is waiting to be written to the HD. The screenshot below shows the cache getting filled up, which leads to the performance drop:
http://img216.imageshack.us/img216/4125/diskoverloadedon9.jpg
To alleviate this problem, we can increase the cache size in uTorrent (default is 32MB). We suggest you change it to 96MB first, and keep watch of the Disk Statistics screen to see the progress of the cache being used. Increase the cache higher if you need to, but always keep it about 128MB less than your total RAM.
http://img112.imageshack.us/img112/2342/diskoverloaded1nr8.jpg
Note: The more active torrents you have, the more the cache will be used. For a server with a 100Mbps network connection, don't have more than 2-3 active torrents downloading at high speed together. You'll have to find out the appropriate number of active torrents that will give the best performance for your server, since each seedbox differs from one another.
Note: If you have set your cache to the maximum, and you still receive disk overloaded errors, then you'll have to limit the download speed in uTorrent. Most servers can handle speed between 5-8 MB/s fine with the default cache settings.
Note: If you have a server with OVH, specifically the Kimsufi product with only 256MB or RAM, you can get a USB Flash Drive to use as additional cache if needed. See dieudesorcs' instructions HERE (http://filesharingtalk.com/vb3/p-naqs-complete-setup-guide-linux-seedboxes-fedora-corecentosdebianubuntu-post2716090/postcount27). UPDATE: Another user tested a 2GB flash disk as swap on a Kimsufi server with bad results. The server crashed after a short period of time when running uTorrent. We are not sure why, but after some thinking, I think using an USB flash drive as cache for uTorrent might not be a good idea, due to the intensive read/write nature of Bittorrent, which is too fast for a Flash Memory device.
I received the error "Too many open files" in uTorrent?You may receive this error when you download a very large torrent and/or running many torrents. The problem has to do with the default Linux limit of allowed open files per user (1024). Go HERE (http://forum.utorrent.com/viewtopic.php?pid=225440) for the solution (edit the file /etc/security/limits.conf)
uTorrent keeps dropping peer connections ("Peer error: error 10022")This problem is due to a bug in wine from version 0.9.40 up to 1.1.5. The latest version is 1.1.6, which fixed this issue. As of 10/16, if you follow this guide, the version of wine you should have is (after updating to the latest):
Debian: 0.9.25 or 1.1.1
Ubuntu: 1.1.7
FC/CentOS: 0.9.x
Check the version you have:
$ wine --versionIf it's lower than 0.9.40 or greater than 1.1.5, you are fine. If it's between 0.9.40 - 1.1.5, and you have this issue:
Fedora Core/CentOS: Unfortunately, the wine package for these systems isn't as well supported as Debian/Ubuntu. You can either compile wine from source or down-grade wine to a lower version. Both of these methods are complicated and different based on your wine and OS versions. If you need help, post a request in this thread. If available from your provider, a re-install of your server to Debian/Ubuntu might be the best way to go.
Debian: You should keep an eye on this site http://wine.budgetdedicated.com/ to see when version 1.1.6 will be available. A temporary fix is to downgrade to version 0.9.25, the current version in Debian Etch. Basically you can skip the Wine repository setup in Section 2.
Alternatively, you can compile wine from the latest source. Here are the instructions to compile wine-1.1.7:
- Shut down the currently running uTorrent
- Login as root in Putty
- Remove the current version of wine from your server:
# apt-get remove wine
- Install the necessary tools to compile wine:
# apt-get build-dep wine
Debian 64-bit users will need some extra packages:
# apt-get install libc6-dev-i386 lib32z1-dev
- Download and extract the latest source:
# wget http://internap.dl.sourceforge.net/sourceforge/wine/wine-1.1.7.tar.bz2
# tar xvjpf wine-1.1.7.tar.bz2 - Enter the folder containing the soure files you just extracted:
# cd wine-1.1.7/
- Compile and install wine:
# ./configure && make && make install Note: this process will take at least half an hour on most servers.
If everything went successfully, type this to check the version of wine you now have installed:
# wine --version
wine-1.1.7
11. History3/08 - Added a firewall troubleshoot for Section 5. Added the FAQ, not much there now, just some general answers and info about disk overloaded. Still to come: SSH Configs, Setup FreeNX, and how to use vnstat. Truecrypt isn't performing well under testing, so the guide for that might take a while. And if the performance doesn't improve, I won't write it. Went through the whole guide carefully to correct grammar and spelling mistakes as best as I can. Made a few adjustments and additions along the way.
3/07 - Added commands to autostart vsftpd & iptables.
3/06 - Separated Miscellaneous into Security and Misc. Wrote the firewall section. More adjustments.
3/04 - Fixed errors: "restart now" to "reboot" in Section 2, and "nano /etc/sshd/sshd_config" to "nano /etc/ssh/sshd_config" in section 8. Added a few lines about SELinux & FTP in section 7. And a few other minor adjustments. Thanks to goodkat & dieudesorcs for their contributions to this guide.3/02 - Well, I didn't get anything done this weekend. Real life got in the way...I'll definitely try to complete the missing parts by next weekend. Did a few minor adjustments. Will also plan to add "FreeNX, an alternative to VNC" and "Monitoring bandwidth with vnstat". Will probably separate Miscellaneous into Security and Miscellaneous. Will add more stuff into Security about prevention and detection.
2/29 - Minor corrections and adjustments. Wrote "Secure VNC through a SSH tunnel". To come in the next few days: firewall setup with Firestarter, some FAQs including disk overloaded, SSH tips, and autostart FTP server. Maybe also Truecrypt setup too. All depends on how much free time I'll have.
Posted by: Actatoi
Awesome job so far, nice work :)
Posted by: mr.Dman
Thanks for this great guide!
You did all the home work on this one!
I'm' going to set my seedbox this weekend and you have made it look easy
Again great job.
Posted by: fatcat69
Came out great! =D
Posted by: markupmaster
Holy Crap!
:O
:P
:D
Nice Guide Bud!
:)
Posted by: dieudesorcs
Nice work and i'm glad i didn't make any mistake while i was testing mine ^^. I just have some really small new actions :
- Some protection for ssh
http://fedorasolved.org/post-install-solutions/securing-ssh
Disable insecure Protocol 1; allowing only Protocol 2
Disable root login
Reduce MaxStartups
Reduce LoginGraceTime- For the flash plugin i had to go on the adobe page and follow the setps to install it
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash
I'm on fedora 6 and yum install flash-plugin didn't find anything
I'm now looking forwad to the truecrypt configuration (or any configuration for any way to encrypt my disk such as cryptsetup for some linux release^^) because that's where i spent some time without managing to encrypt them ^^
Thanks a lot for that tuto and nice job
Posted by: renwickftw
So are you saying a linux seedbox can run utorrent with much less ram than a windows seedbox?
Posted by: naq
Nice work and i'm glad i didn't make any mistake while i was testing mine ^^. I just have some really small new actions :
- Some protection for ssh
http://fedorasolved.org/post-install-solutions/securing-ssh
Disable insecure Protocol 1; allowing only Protocol 2
Disable root login
Reduce MaxStartups
Reduce LoginGraceTime- For the flash plugin i had to go on the adobe page and follow the setps to install it
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash
I'm on fedora 6 and yum install flash-plugin didn't find anything
I'm now looking forwad to the truecrypt configuration (or any configuration for any way to encrypt my disk such as cryptsetup for some linux release^^) because that's where i spent some time without managing to encrypt them ^^
Thanks a lot for that tuto and nice job
Thanks for the comments.
I will add some SSH configs in the FAQ.
Have you tried adding the extra repos for the flash-plugin? I only know for sure what I wrote would work for CentOS. IIRC, the flash repo installed in Section 2 might not be enabled by default in Fedora. I'd have to get on a FC6 machine to test...
About firewall & truecrypt, I'm planning to write those sections, but actually, I've never set them up before :).
So are you saying a linux seedbox can run utorrent with much less ram than a windows seedbox?
I'm not saying that. I've also never used a Windows server.
EDIT: Ok, about flash-plugin for Fedora, I haven't test it yet, but according to fedorafaq.org, "yum install flash-plugin" should work. It's only FC4 that has the flash repo disabled, so you'd need this command instead:
# yum --enablerepo=flash install flash-plugin
I'll update the guide with this info
Posted by: dieudesorcs
Have you tried adding the extra repos for the flash-plugin? I only know for sure what I wrote would work for CentOS. IIRC, the flash repo installed in Section 2 might not be enabled by default in Fedora. I'd have to get on a FC6 machine to test...
EDIT: Ok, about flash-plugin for Fedora, I haven't test it yet, but according to fedorafaq.org, "yum install flash-plugin" should work. It's only FC4 that has the flash repo disabled, so you'd need this command instead:
# yum --enablerepo=flash install flash-plugin
I'll update the guide with this info
That might be it ^^, I'm going to try it this week end (afterall, OVH reinstall is so easy, it would be a shame not to use it a 8th time ^^)
About fedora 6, i search about ways to encrypt my disk and i find two of them :
- cryptsetup-LUKS: so far i haven't be able to use it and it might be because the fedora release of OVH isn't modular.
- truecrypt: so far, i only some simple thing (like using the bin inside the rpm,...) but nothing worked. And everybody seems to say that in order to run truecrypt with fedora, i have to rebuild the kernel with it. If i have some time this week end, i'm going to try it and i will post the result. In the mean times, if you have anything about that do not hesitate (i'm kind of a newbe with linux (with some basic ^^))
Posted by: naq
EDIT: Ok, about flash-plugin for Fedora, I haven't test it yet, but according to fedorafaq.org, "yum install flash-plugin" should work. It's only FC4 that has the flash repo disabled, so you'd need this command instead:
# yum --enablerepo=flash install flash-plugin
I'll update the guide with this infoThat might be it ^^, I'm going to try it this week end (afterall, OVH reinstall is so easy, it would be a shame not to use it a 8th time ^^)
About fedora 6, i search about ways to encrypt my disk and i find two of them :
- cryptsetup-LUKS: so far i haven't be able to use it and it might be because the fedora release of OVH isn't modular.
- truecrypt: so far, i only some simple thing (like using the bin inside the rpm,...) but nothing worked. And everybody seems to say that in order to run truecrypt with fedora, i have to rebuild the kernel with it. If i have some time this week end, i'm going to try it and i will post the result. In the mean times, if you have anything about that do not hesitate (i'm kind of a newbe with linux (with some basic ^^))
Yeah, it appears we would need to mess with the kernel to get encryption setup. I'll look into it when I have some free time, probably this weekend too. Quick search for truecrypt guide finds this:
http://gentoo-wiki.com/HOWTO_Truecrypt
I also have the firewall up and running fine with firestarter, I'll write that guide tomorrow.
Posted by: goodkat
getting truecrypt to work on ubuntu should not be a problem! The new version 5 worked flawless on my ubuntu 7.10 desktop!
Truecrypt v5.0 Gui Released! (http://www.ubuntu-unleashed.com/2008/02/truecrypt-v50-gui-released.html)
Truecrypt problem to install on Ubuntu Server 7.10 (http://ubuntuforums.org/showthread.php?t=623093)
Truecrypt under linux doesn't support all the features that are available under windows! OS disk encryption (http://www.truecrypt.org/docs/?s=sys-encryption-supported-os) under linux! But that is just a nice to have!
Nice tutorial anyway!
Posted by: naq
Thanks for the info. If you actually read through the whole thing (quite long :)), you'll notice that instructions for Debian/Ubuntu are missing in several places. I don't have access to Debian/Ubuntu right now to find out, so if you know them, please post what you can.
Posted by: solaris
wow superb :)
Posted by: goodkat
Thanks for the info. If you actually read through the whole thing (quite long :)), you'll notice that instructions for Debian/Ubuntu are missing in several places. I don't have access to Debian/Ubuntu right now to find out, so if you know them, please post what you can.
euh, I've a box with ubuntu in my network! Will try your guide on it and fill in the gaps! If I have any spare time this week!:shutup:
Posted by: ThreeLies
Nice guide I must say...Helped me out a lot with configuring my server. Although, I was wondering on a VPS system can't they monitor all your processes that are running from the main root login to the system?
Posted by: goodkat
Some additional remark to the guide! I tested it on my ubuntu server running in my own network! Most works but sudo command should be added!
System Updates
# sudo apt-get update
# sudo apt-get upgrade
3. Install Softwares
# sudo apt-get install vnc4server wine xterm fluxbox vsftpd firefox vnstat
# update-menus
5. Setup VNC Desktop
Start the ubuntu part with an additional
sudo update-menus
http://ubuntuforums.org/showthread.php?t=371144
Flash & Firefox
sudo apt-get install flashplugin-nonfreeStart firefox through xterm ‘firefox’
Truecrypt
Tested on ubuntu server:
wget http://www.truecrypt.org/downloads/truecrypt-5.0a-ubuntu-x86.tar.gz
tar xfs truecrypt-5.0a-ubuntu-x86.tar.gz
sudo dpkg -i truecrypt-5.0a/truecrypt_5.0a-0_i386.debThen you should be able to run ‘truecrypt’ on your xterm during a vnc session and make an encrypted volume through the graphical interface (Create Volume)!
http://image.bayimg.com/majojaabb.jpg
If you’ve trouble mounting the file because your user isn’t in the sudoers file do the following!
su
nano /etc/sudoers
add pirate (the user) here!
# User privilege specification
root ALL=(ALL) ALL
pirate ALL=(ALL) ALL Save and exit file!
exit
Now you should be able to mount the volume you just created through the gui!
Configure utorrent in such a way that it will use the path where the truecrypt volume is mounted!
In this case it will be /media/truecrypt1 (not tested!)
Note: if you close the xterm window of truecrypt only the GUI closes not the volume!
Posted by: naq
Thanks a lot goodkat for the info. You won't mind if I add it to the 1st post, right? If so, I'll add it near the end of the week when I have some time. Also, I'm not sure if I want to use sudo in the guide, I think su is enough.. Maybe I'll add it as an additional section, but not a requirement for following any other sections.
Posted by: dieudesorcs
Good news ^^ : i've manage to use truecrypt with Fedora 6 without any complex methods ^^
Only some package to download, install, update or replace. Extraction of the bin of truecrypt 5 and it's ready to use ^^
As i tried a lot of things and install different package, i'm going to do a clean install tonight to see what is really necessary and i will give the tuto ^^ (and at the same time, i will test you whole guide for fedora (on the ovh box) to see if everything is ok ^^
Posted by: goodkat
Firestarter on ubuntu!
apt-get install firestarterthan run 'firestarter' through xterm and configure it through the wizard! Just plain and simple! Make sure to add the ports mentioned in this tutorial (ports 54320 - 54322)!
update-menus if you want a nice menu item in fluxbox!
Never ever click on 'lock firewall' :shutup:
http://image.bayimg.com/pajpkaabb.jpg
(http://image.bayimg.com/pajpkaabb.jpg)
Posted by: Coltarado
great guide naq and everyone who worked on it !!
Posted by: dieudesorcs
Well i've done some test and a complete reinstall of my server with fedora 6 and here are my results ^^
- Disable SELinux
"restart" doesn't work with fedora, it's the command "reboot"
- yum install flash-plugin
As you said, with the repository, it works ^^
- Change FTP & SSH Ports
the directory is "/etc/ssh/sshd_config" and not "/etc/sshd/sshd_config"
- Setup the FTP Server (VSFTPD)
"local_enable=YES" is already with a value
You should split the changes and the additions so that we don't have to search for the existence of each line
And the best for the end :
- truecrypt with fedora 6 without modifying the kernel ^^
All these steps required to be logged as root :
First install the dependencies
yum install fuse-libs
wget download.fedora.redhat.com/pub/fedora/linux/development/i386/os/Packages/libstdc++-4.3.0-0.13.i386.rpm
rpm -ivh libstdc++-4.3.0-0.13.i386.rpm --replacefilesThen, get the bin of truecrypt 5
wget http://www.truecrypt.org/downloads/truecrypt-5.0a-opensuse-x86.tar.gz
tar xfs truecrypt-5.0a-opensuse-x86.tar.gz
rpm2cpio truecrypt-5.0a/truecrypt-5.0a-0.i586.rpm | cpio -idmvThen copy the bin in the bin directory
cp usr/bin/truecrypt /bin/And at the end, clean up a little
rm -rf truecrypt*
rm -rf libstdc*
rm -rf usrYou can execute truecrypt as any user just by typping "truecrypt" ^^
Next step : testing the firewall and create some very simple script to launch the main program wwhen the server reboot (vncserver for the user that needs it, utorrent, truecrypt...)
Of course you can add these info into your guide and i think when it will be done, i will make a pdf of it to keep it ^^
Posted by: naq
Thanks a lot goodkat & dieudesorcs! I've updated the mistakes (reboot & /etc/ssh/sshd_config).
Posted by: dieudesorcs
Some news :
Use of truecrypt with Fedora 6
(the following required the installation previously describe)
1) Connect to the server using vnc
2) Login as root (su or by login to a vncserver lauched by root)
3) launch truecrypt
# truecryptThe truecrypt window opens
4) Click on create a volume
5) Follow the wizard and fill the form
5.a) The volume must standard (hidden isn't supported by the os)
5.b) Volume location : we are going to use a file. So select a path and chose a name for the file (the truecrypt extension is ".tc", but you can chose whatever you want)
5.c) Size : chose the size of the file (the file will be created with this size and so you encrypted directory will have this size)
5.d) Chose the encryption and hash algo (i'm still testing them to find out which have good speed)
5.e) fill the password of your encrypted volume
5.f) filesystem : chose none : we will create it later
5.g) move your mouse to create random data and click on format.
6) When your volume is created, mount it
6.a) Click on "select file..." and select your volume
6.b) click on mount
6.c) fill the volume's password
6.d) click on "Option >"
6.e) under file system, check "do not mount"
7) the volume should appear mounted on a slot. Select it and look at the volume properties : "virtual device" show where the volume is mounted (for me it's "/dev/loop0")
8) we are now going to create the file system:
# mkfs.ext3 /dev/loop09) on the truecrypt window, unmount the volume
10) create the directory where you want the volume mounted
# mkdir /home/mounted_volume11) Mount the volume using the truecrypt window (and putting the directory's path into the option) or by command line:
# truecrypt /dev/loop0 /home/mounted_volume
I'm testing this because i've some problems when i dowload a torrent into the encrypted volume, i get a disk overloaded when i'm at 3-3.5MB/s and then the speed is capped at 2.5MB/s and when i download into a standard directory, i get the disk overloaded at 8.5MB/s without any cap
So i'm still investingating this and if there is any consequences on the upload speed
Posted by: naq
I've started messing with Truecrypt on CentOS 5. Your instructions helped a lot. It's good that we don't have to mess with the kernel with Truecrypt 5 :). I'm experiencing the same speed issue you have. It appears bittorrent disk writes to a truecrypt volume is terribly slow, you can view this under the speed tab/disk statistics. When your cache is full is when everything slows down (disk overloaded). I don't think changing the encryption/hash will improve the situation, since the CPU usage I see for truecrypt stays under 10% at all time during downloads.
If there's no solution for this issue, truecrypt isn't worth using. Or maybe, we can save to the normal HD first, then move the finished downloads to the truecrypt volume automatically using the feature in utorrent. I've tested normal disk reads and writes to a truecrypt volume, and the speed is fine. I also haven't test the upload speed...
Posted by: goodkat
I've started messing with Truecrypt on CentOS 5. Your instructions helped a lot. It's good that we don't have to mess with the kernel with Truecrypt 5 :). I'm experiencing the same speed issue you have. It appears bittorrent disk writes to a truecrypt volume is terribly slow, you can view this under the speed tab/disk statistics. When your cache is full is when everything slows down (disk overloaded). I don't think changing the encryption/hash will improve the situation, since the CPU usage I see for truecrypt stays under 10% at all time during downloads.
If there's no solution for this issue, truecrypt isn't worth using. Or maybe, we can save to the normal HD first, then move the finished downloads to the truecrypt volume automatically using the feature in utorrent. I've tested normal disk reads and writes to a truecrypt volume, and the speed is fine. I also haven't test the upload speed...
It is quite logical it's slower since it has to be encrypted! Just checked under windows if you make a new volume in truecrypt you can benchmark all encryption options! Under encryption options! Don't know if it is available under linux! One single encryption technique is faster as 2 or 3 simultaneously...
Since you're reading and writing constantly using a bittorrent client this will pretty much kill harddisk performance!
I don't have time to test it on my linux testbox...:frusty:
Posted by: naq
I don't see the benchmark option anywhere in the Linux version. From what I read, it's the encryption algorithms (AES, Serpent, Twofish) that affect the disk's speed, not the hash algorithms (that's for the password). I've tried AES and Twofish, as well as the ext2 and ext3 formats, all with the same bad result. It's just the way the bittorrent protocol works... the writing to disk performance is terrible. The only way this is acceptable is if you have at least 2GB of RAM for cache, and the fastest HD available.
Edit: ok, I didn't test normal copy/move files properly, this is also slow too. Speed is only fast in the beginning, which I suspect due to files being moved to memory until it's full, then the writing to truecrypt is slow... I don't think this is right. So I will test first what the speed is under Windows, and will try creating a truecrypt partition instead.
Posted by: dieudesorcs
well... i have the exact same conclusions ^^
I tried twofish and AES with the three hash algo and compared them to an non encrypted volume.
For these tests, i used utorrent with a torrent that can max my bandwith and monitor the disk and the cache using the disk
tab of the torrent in utorrent (disk statistics) that allows to see the use of the disk and of the cache)
- With are encrypted volume, the speeds are great until the cache is full (the download speeds are slightly inferior to the
dowload speed with a non encrypted volume (1 or 2 MB/s less)). But when the cache is full, the download speeds drop and stay
between 1MB/s and 2.5MB/s.
- With a non encrypted volume, it's the same, but when the cache is full, the download speed doesn't drop so much and stay
above 5MB/s (in the worst case ^^)
So in this configuration, truecrypt is not worth it. There are 2 solutions:
- Cap the download speed and increase the cache. With a download speed capped at 3-4MB/s and a cache of at least 500MB, i can
download a 4GB file without having "disk overloaded". But i'm not interested in that solution because i need the best
download speed in order to be able to upload as soon as possible.
- download the torrent into a non encrypted volume and then automaticly move it to the encrypted volume. Only the torrents
currently being downloaded are non encrypted and the rest of them are. I tested this solution with 10 torrents and it doesn't
change the speed.
I need to test two more things:
- test upload speed with an encryted volume
- test with encrypted partitions and not with a volume
Now, some other news ^^
I add a usb flashdrive to my server. and i'm using it as swap.
First find where the usb drive is:
# ls -l /dev/disk/by-id
# ....
# lrwxrwxrwx 1 root root 10 Mar 8 13:45 scsi-SATA_Hitachi_HDS7216_PVF904Z23YBN5N-part3 -> ../../sda3
# lrwxrwxrwx 1 root root 9 Mar 8 13:45 usb-Kingston_DataTraveler_2.0_89900000000000006CB02A9C -> ../../sdb
# lrwxrwxrwx 1 root root 10 Mar 8 13:45 usb-Kingston_DataTraveler_2.0_89900000000000006CB02A9C-part1 -> ../../sdb1
So mine is under /dev/sdb1
- sdb is the physical drive, and sdb1 is the partition, so i need to use this one.
- my command is /dev/disk/by-id and the answer is ../../sdb1. That means two back and one forward to sdb1. So /dev/sdb1
Then we have to make it a swap disk:
# mkswap /dev/sdb1
And then said to the system to use as a swap :
# swapon /dev/sdb1
This last command adds the usb drive to the swap. But at the next boot, you will need to retype this command. Moreover, the
previous swap partition is still used and i don't want that (it's a partition of my main disk).
you need to edit /etc/fstab which contains all the file system, how they are used and mounted.
# nano /etc/fstab
In my case, i don't like the linux text editor (vi, nano...) so i connect with winscp (ftp client) and i edit the file with
it ^^
# <sys.fichiers><pt de montage><type> <options> <dump> <pass>
/dev/sda1 / ext3 errors=remount-ro 0 1
/dev/sda2 /home ext3 defaults 1 2
/dev/sda3 swap swap defaults 0 0
/dev/devpts /dev/pts devpts gid=5,mode=620 0 0
/dev/shm /dev/shm tmpfs defaults 0 0
/dev/proc /proc proc defaults 0 0
/dev/sys /sys sysfs defaults 0 0
If you want to delete the previous swap partition, delete the line
/dev/sda3 swap swap defaults 0 0
And add
/dev/sdb1 swap swap defaults 0 0
to automaticly use the usb drive as swap.
Posted by: naq
I tested the upload from within truecrypt, and it appeared to be fine. Note that truecrypt will use lots of CPU while uTorrent reads data. You used the "move finished downloads" in utorrent? how long does the move process takes? Because normal move/copy to truecrypt for me is slow too, but it most likely is because that my current server is too weak. On my laptop running Vista, with a truecrypt FAT volume, I get sustained 12MB/s writing a movie in RAR format to it.
I tried creating a truecrypt partition (used the partition for /home). I noticed that the format speed during the Create Wizard is significantly faster than the speed when creating a truecrypt file. But that's as far as I got, since my server froze during the mkfs process. Make sure you unmount the partition before doing this, and comment the partition out in fstab too. If the partition can't be unmount due to being busy, you'll have to restart first. I won't be able to test a truecrypt partition until next weekend though when I get a new server. In the mean time, I'll try creating a truecrypt file with FAT to see how it'll perform on this server.
Let us know if the flash drive will help with cache in utorrent, seems like a good idea. OVH offers this, right?
Posted by: dieudesorcs
For the speed during moving file, i don't know the exact speed, i will test it.
Yes, I'm using the functionality of utorrent to move the files.
OVH offer a 1GB flash drive when you take a server for 6 month and 2 gb for a 1 year...
more info :
http://www.ovh.co.uk/products/flash_disks.xml
you can use it for swap, for backup....
Posted by: SgtMajor
I love this tutorial, I keep coming back and just re-reading it so that what I am actually doing sinks in.
Thanks for sharing.
For the speed during moving file, i don't know the exact speed, i will test it.
Yes, I'm using the functionality of utorrent to move the files.
OVH offer a 1GB flash drive when you take a server for 6 month and 2 gb for a 1 year...
more info :
http://www.ovh.co.uk/products/flash_disks.xml
you can use it for swap, for backup....
2GB freebie ordered :) thanks
Posted by: naq
It's robbery if they are gonna give you the 2GB freebie too. :)
Little update:
- Spent some time going over the guide. Lots of grammar, spelling, and sentence adjustments were done.
- Tested the truecrypt FAT volume, no difference really... My current server's hardware is horrible though, might be the main problem:
Pentium4 1.5Ghz
512 MB RAM
40 GB IDE HD.
Looks like I'll write the truecrypt guide, since the performance reported by dieudesorcs seems OK, as well as from how it works great on my laptop. Much appreciated for your efforts in this.
I'm getting this server next week, will test Truecrypt on it:
- AMD Athlon 64 X2
- 4 GB DDR 2 RAM
- 2 x 400 GB SATA II HDD
- 1gb uplink
- traffic limit 5TB
- 5 IPs
Quite a beast.
Posted by: h3artbeat
Thanks for the guide. it'll come in helpful
Posted by: SgtMajor
On the options when ordering it said free 1gb or 2gb, I choose 2 of course :)
1 min later, the email:
"We confirm the receipt of your payment
corresponding to order no. 3745352
Your order no. 3745352 is processed."
Which was nice of them :lol:
And you have been PMd over the server, if happy, amend your message to prevent more PMs arriving.
Posted by: Actatoi
Hey
I downloaded 1 gig big file from the ftp yesterday without any problem, then put on a 11gb big pack for download, everything were going fine. Then I went to bed and woke up to a error,
] Syntax error: command unrecognized. Failed to establish data socket.
This happened when 98% of the pack were done, and windows firewall also had popped up with that it had blocked "ftp engine" or similiar, I clicked unblock but it won't work. Also tried changing some pasv, port options but it won't work.
Anyone know what I can do to fix this?
Posted by: naq
Not sure what went wrong. FTP supports resume, so just restart the failed transfers?
"failed to establish data socket" most likely meant something went wrong with the ftp server. Can you login to your server with FTP? Maybe you need to restart it?
Posted by: TCU
Hi.
First of all, great topic, kudos to you, naq!
Second of all, I had some trouble with VNC viewer. Get this error message: failed to connect: Connection refused (10061). This is my errorlog:
[yomo@xx-xxx-xx-xxx ~]$ cat .vnc/xx-xxx-xx-xxx:1.log
_XSERVTransmkdir: ERROR: euid != 0,directory /tmp/.X11-unix will not be created.
_XSERVTransSocketUNIXCreateListener: mkdir(/tmp/.X11-unix) failed, errno = 2
_XSERVTransMakeAllCOTSServerListeners: failed to create listener for local
Xvnc version 4.0 - built Jan 17 2007 14:52:53
Underlying X server release 60801000, The X.Org Foundation
Thu Mar 13 23:04:44 2008
vncext: VNC extension running!
vncext: Listening for VNC connections on port 5901
vncext: Listening for HTTP connections on port 5801
vncext: created VNC server for screen 0
error opening security policy file /usr/X11R6/lib/X11/xserver/SecurityPolicy
Could not init font path element /usr/X11R6/lib/X11/fonts/TTF/, removing from li st!
Could not init font path element /usr/X11R6/lib/X11/fonts/CID/, removing from li st!
Could not init font path element /usr/X11R6/lib/X11/fonts/75dpi/, removing from list!
Could not init font path element /usr/X11R6/lib/X11/fonts/100dpi/, removing from list!
_X11TransSocketINETConnect() can't get address for xx-xxx-xx-xxx: Name or s ervice not known
Error: Couldn't connect to XServer
-Thanks
Posted by: naq
Hey TCU,
I think the problem has to do with _X11TransSocketINETConnect(), you edited the hostname/ip from that line to "xx" right? I'm assuming "xx-xxx...." is your hostname, and _X11TransSocketINETConnect() can't connect is because your hostname isn't listed in /etc/hosts. So make sure the hosts file has it, type in Putty as root:
# nano /etc/hosts
Make sure the file has:
127.0.0.1 localhost
your.ip your.hostname
Edit: Then kill the vncserver, and start it again.
Posted by: kloot
excellent tutorial naq!! I have my server already set up for months, but toing around with it now....going to install fluxbox/vnc :D
Posted by: kraudlem
Thank you very much naq. I've been following the tutorial word for word till now, but I'm stuck at number 7. The server always tells me(when I try to put in the openssl command): -bash: openssl: command not found
I have a kimsufi with debian. Can someone tell me what I do wrong?
Edit: Just instelled openssl and it worked-_- Sometimes I am really stupendemous
Posted by: naq
Good that you figured it out. I'll add a note to the guide. You can't anticipate all the little details like no openssl and incorrect hosts file.
Posted by: kraudlem
Yep, your tutorial is really great. These are my first steps with linux and it's not as bad as I thought it would be. I think it's thanks to your tut, that my experience was rather gentle. Just one thing I'm stuck at: I tried running firestarter for the first time with sudo firestarter and I got(and still get) a lot of windows with errors and this error in xterm: Please file an enhacement request (quoting the above) at:
http://bugs.freedesktop.org/enter_bug.cgi?product=cairo
gnome_segv: /home/dajobe/dev/debian/cairo/cairo-1.2.4/src/cairo-image-surface.c:155: _cairo_format_from_pixman_format: Assertion `NOT_REACHED' failed.
Error: Cairo does not yet support the requested image format:
Depth: 8
Alpha mask: 0x00000000
Red mask: 0x00000007
Green mask: 0x00000038
Blue mask: 0x000000c0
Please file an enhacement request (quoting the above) at:
http://bugs.freedesktop.org/enter_bug.cgi?product=cairo
gnome_segv: /home/dajobe/dev/debian/cairo/cairo-1.2.4/src/cairo-image-surface.c:155: _cairo_format_from_pixman_format: Assertion `NOT_REACHED' failed.
Xlib: connection to ":1.0" refused by server
Xlib: Maximum number of clients reached
Can you(or any other linux-pro) help me? I'm sure it's just some minor detail I'm missing-_-
Posted by: nbl666
top marks for this
i have hit a bit of a problem in section 8 trying to change the ssh port
ichanged the port number from 22 to the one that i wanted to use restarted got the two oks but i cant connect from the port i selected it is still port 22
but when i go back to file it still says the port i selected any ideas guys
Posted by: naq
top marks for this
i have hit a bit of a problem in section 8 trying to change the ssh port
ichanged the port number from 22 to the one that i wanted to use restarted got the two oks but i cant connect from the port i selected it is still port 22
but when i go back to file it still says the port i selected any ideas guys
You didn't mention that you restarted vsftpd, make sure you do that and it should work.
About the cairo error, I'll look into it later.
Posted by: kraudlem
Additionally: Firefox doesn't seem to work, too. That's the error:
sh-3.1$ firefox
Error: Cairo does not yet support the requested image format:
Depth: 8
Alpha mask: 0x00000000
Red mask: 0x00000007
Green mask: 0x00000038
Blue mask: 0x000000c0
Please file an enhacement request (quoting the above) at:
http://bugs.freedesktop.org/enter_bug.cgi?product=cairo
firefox-bin: /home/dajobe/dev/debian/cairo/cairo-1.2.4/src/cairo-image-surface.c:155: _cairo_format_from_pixman_format: Assertion `NOT_REACHED' failed.
Aborted
sh-3.1$
But I used Lynx, and it was pretty cool^_^
Thank you for even thinking about me:-)
Posted by: nbl666
sorted going like a dream cheers mate:)
Posted by: deKoy
Great tutorial! I have only one problem though.
How do I connect via FTP after setting the FTP port range in step 8, what port should I use to connect?
Posted by: dythim
Great tutorial, naq!
Some applications I use are blockhosts, ncftp, and torrentflux b4rt (instead of using vnc/utorrent).
Posted by: Hrvoje
this guide is great! did this on my second seedbox.
but i have a question.... i also have kimsufi server with win2003.i would like it to be set up like this... but i have alot of rss feeds from different trackers in kimsufi... is there a way that rss will work in wine (linux) as i heard it doesn't work :S
i would need to backup rss.dat file, right? and then upload via ftp?
Posted by: naq
Great tutorial! I have only one problem though.
How do I connect via FTP after setting the FTP port range in step 8, what port should I use to connect?
You connect to the "listen_port=#" set in vsftpd.conf with your client.
Or port 21 if you haven't set that up. Remember to have whichever port that is forwarded in the firewall.
-----------
If blockhosts or any other programs are worth using in your opinions, I'll look into adding them into the guide. But I'm real busy atm to work much with the guide. And sorry, I haven't had time to look into the cairo problem.
-----------
A person I know got RSS to work with uTorrent/wine in bitmetv. But I personally haven't ever used this feature.
Posted by: Hrvoje
hm, can you ask that person to elaborate how did he made rss to work :D
Posted by: deKoy
Great tutorial! I have only one problem though.
How do I connect via FTP after setting the FTP port range in step 8, what port should I use to connect?
You connect to the "listen_port=#" set in vsftpd.conf with your client.
Or port 21 if you haven't set that up. Remember to have whichever port that is forwarded in the firewall.
For some reason, that doesn't seem to work for me. Filezilla can't connect and CuteFTP prompts me for my password but my password still doesn't let me connect.
I get: "Non-Anonymous sessions must use encryption."
Posted by: naq
You connect to the "listen_port=#" set in vsftpd.conf with your client.
Or port 21 if you haven't set that up. Remember to have whichever port that is forwarded in the firewall.
For some reason, that doesn't seem to work for me. Filezilla can't connect and CuteFTP prompts me for my password but my password still doesn't let me connect.
I get: "Non-Anonymous sessions must use encryption."
That error means you haven't select the "explict TLS/SSH" type of connection.
Posted by: RedHot
10x =]
Posted by: ThreeLies
Just to let you know about the command "ssh-keygen". Sometimes you need to specify a certain param on some distro's. Command works every time "ssh-keygen -t rsa" which is outlined here. http://rcsg-gsir.imsb-dsgi.nrc-cnrc.gc.ca/documents/internet/node31.html
Posted by: balbaid
hm, can you ask that person to elaborate how did he made rss to work :D
It's not that hard. I followed the tutorial over at BitMETV and for some reason the utorrent/wine messed up the rss feed link.
Just make sure it's like this form ( BitMeTV|http://www.bitmetv.org/rss.php?feed=dl&uid=xxxxx&passkey=xxxxxxxxxxxxxxxxxxxxxx&:COOKIE:uid=xxxxx;pass=xxxxxxxxxxxxxxxxxxxxxx; ). I know it sounds stupid but when I looked back to the rss link I didn't write it correctly. :D
Posted by: chip19
I have a VPS and it is running CentOS 4. It didn't come with yum, which threw me off. However, I found the following guide: http://wiki.centos.org/TipsAndTricks/BrokenVserver This helps you restore yum in VPS systems where the reseller removed it for whatever reason. From there, I was able to follow your excellent guide.
You may want to link to that in your guide for others that may have my problem.
Posted by: ehsanotaku
needed for my new server thanks
Posted by: LorD.MeXiCaN
cant start sesion on VNC
Starting applications specified in /etc/X11/Xsession <----why here¿¿¿
Log file is /root/.vnc/********.log
Posted by: themagicke
THANK YOU!
I really don't have a clue about any flavour of linux... but upon finding (via Google) and reading this tutorial a few times, I decided to give it a go because it's easy to read to follow.
Trying to keep up ratio on 5 trackers with a residential pipe has taken it's toll for far too long.
I ordered a Kimsufi server from OVH, and followed your guide, never having used linux before...
EVERYTHING IS WORKING BEAUTIFULLY!
It's like a dream come true.
God bless you NaQ.
Posted by: solaris
how do u setup ftp on fedora so i can use download manager from home
Posted by: YoYoY
Huge guide
I'm going to sped hours reading it
thanks for this great effort
Posted by: KiNdZiUs
Thanks, AWESOME manual !!! Respect to naq ! :D
I used it on seedbox with CentOS. I don't understand linux at all but this manual ROCKED, I did a Torrent Station per 30 minutes! :D
Posted by: donvito
... aaaaand bookmarked :D
awesome guide guys !
Posted by: upGrayde
cant start sesion on VNC
Starting applications specified in /etc/X11/Xsession <----why here¿¿¿
Log file is /root/.vnc/********.log
i get the same thing
i'm using ubuntu
i can't connect to the vncserver
someone help please
edit: nm, i found that vncserver doesn't work with ubuntu 6.0.6.1 so i used vnc4server
also, how do you get flash to work in ubuntu 6.0.6.1
it said it installed and everything but when i run firefox, speedtest.net won't load the flash, says i should install flash
edit: nm, just used firefox in wine to browse to a site that used flash, used the firefox popup bar to install it
Posted by: naq
Sorry if you're running into problems with ubuntu, since that's the distro I didn't have much access to while writing the guide.
Posted by: handytxg
Thanks for the guide....very useful for me.
Posted by: LorD.MeXiCaN
need help, with fedora 8, vncserver doesn't work, i cant conect to vnc
Posted by: upGrayde
what's the problem?
when you do the "vncserver :1" part
where does it place the new server file?
Posted by: Dr_Maof
nice guide thanx
Posted by: escuoop
That's a great job, Thanks is not enough for this huge effort.
Posted by: n0_NaMe
Thanks for the awesome guide, but does anyone know if this will work on a leaseweb express server? I plan on purchasing one this week.
Posted by: andra
Thanks for the awesome guide, but does anyone know if this will work on a leaseweb express server? I plan on purchasing one this week.
yes it works perfect
Posted by: lolapa
i salute you
Posted by: Aether
Im thinking about getting a server, 2.0Ghz + 512mb and I have never used linux before. Which would be best for use: Fedora 2, Fedora 4, Debain 3.1, or CentOS. Thanks in advance :)
Posted by: The_Duke
What a great tutorial is this one ,i am one step away from buying a seed box and i was lacking a lot of necessary info and thanks to you i am now able buy it .thx
Posted by: minua182
Hey, bought a server off Layered Tech.
Tried following the guide.
Think I set it up right but can't seem to be able to save my torrents.
i.e: downloads the file halfway and gives me an Error, file not found or can't save to disk.
how do i solve this problem?
Posted by: KiNdZiUs
Im thinking about getting a server, 2.0Ghz + 512mb and I have never used linux before. Which would be best for use: Fedora 2, Fedora 4, Debain 3.1, or CentOS. Thanks in advance :)
In fact, when I was in the situation like you now I have chosen CentOS and without any problems I configurated it using this manual.
Good luck.
Posted by: Aether
Im thinking about getting a server, 2.0Ghz + 512mb and I have never used linux before. Which would be best for use: Fedora 2, Fedora 4, Debain 3.1, or CentOS. Thanks in advance :)
In fact, when I was in the situation like you now I have chosen CentOS and without any problems I configurated it using this manual.
Good luck.
Thanks KiNdZiUs, I think ill go with CentOS then :)
Posted by: n0_NaMe
In fact, when I was in the situation like you now I have chosen CentOS and without any problems I configurated it using this manual.
Good luck.
Thanks KiNdZiUs, I think ill go with CentOS then :)
Ive got utorrent gui running on centos, it runs really well and I haven't had any problems.
Posted by: SolarisWind
Hi, I have been using the guide on this topic and I'm facing a problem on step 6. steup utorrent & webui. When I use VNCviewer, I can log in my server successfully, but all I can see is a black screen and there is no desktop.
I have been following the guide exactly like it's stated and have not encountered any errors until the 6th step. Well, I did encounter an error but I fixed it (said "cannot Find A Valid Baseurl For Repo: Livna" but I deleted the repository and the "yum update" command started working.)
I would post a log but I can't have access to it, it says the file doesn't exist. And when I try the command the server gives me to check the log, it says "access denied".
I don't know if this is an error, but I get this line when I type "vncserver :1":
xauth: (stdin):1: bad display name "server.ip.here" in "add" command
New 'server.ip.here (user.name.here)' desktop is server.ip.here
And then there's the normal 2 lines:
Starting applications specified in /home/user.here/.vnc/xstartup
Log file is /home/user.here/.vnc/server.ip.here.log
So if anyone can help me get rid of this black screen when viewing the desktop of my server by VNCviewer, I would be very very VERY grateful.:D
Oh yeah, I'm using a vectoral VF$bandwidth sever with fedora core 4.
Edit: Ohh I use windows vista x64.
Posted by: addict_uk
Does anybody know if ya can FXP between servers using vsftpd??? im really struggling to sort it out all im geting is "521 Data connections must be encrypted" any ideas ppl?
Thanks
Addict
Posted by: barakokula
I'll try my luck here....after 30+ days of uptime with no problems,wine crashed for me. Now,every time I try to start it,wine gives me some 'stack overflow' error and wont start,it goes in some kind of loop ,retrying every 60 seconds. I've tried to reinstall wine,upgrade to a newer version,tried rebooting the server,same thing. Stack overflow. Messages log and syslog don't show why this is happening,at least i can't see anything in them. :)
I've installed tf b4rt,but it's just not the same,i miss the 'live' view of things i get in utorrent through vnc,and utorrent is so much natural to work around in.
Is there anything that can be done to fix it,or is reinstall my only option?
Thx
Posted by: RoBz
I had the firewall running fine, I then rebooted my server today and now uTorrent is telling me that the port is closed. Has this happened to anyone else?
Fantastic guide by the way.
EDIT: Nevermind, turns out it had nothing to do with the reboot. I changed loads of the settings in uTorrent to max to see if I could get better speeds. ;) Changing them back fixes it.
Posted by: Cornucopia
naq! What could I say? Dude, this is what I call ULTIMATE! Two thumbs up! I am cannot connect with CuteFTP Pro; getting the following error (SELinux=disabled & using explicit SSL & TLS on CuteFTP):
[..2008 10:34:10 AM] 220 ProFTPD 1.3.0 Server(ProFTPD) [xx.xx.xx.x]
STATUS:> [20/05/2008 10:34:10 AM] Connected. Authenticating...
COMMAND:> [20/05/2008 10:34:10 AM] AUTH TLS
[20/05/2008 10:34:10 AM] 500 AUTH not understood
ERROR:> [20/05/2008 10:34:10 AM] Syntax error:command unrecognized. Thanks a million for your time & efforts. Not to forget all the other mates who had contributed to this guide. You guys kick (__(__)! Wish ya the best!
Posted by: antd
Hey this is important!
I've exited fluxbox. Right click -> fluxbox -> exit
and now i cannot move windows or get any fluxbox menu.
How can I get it back please??
Posted by: ablaze
swap partition
I'm new to linux and wondered why I haven't seen a swap partition mentioned anywhere in your tutorial, NaQ. Do you think it's not needed?
Posted by: ablaze
I have a problem. I went over it again and again for hours, but couldn't fix it.
I can't connect to my VNC Server after tunneling through SSH, i.e. forwarding the ports in Putty. I tried localhost:0, localhost:1, localhost:2, etc, localhost:00, localhost:01, localhost:02, localhost::5900, localhost::5901 etc and many other variations. localhost:1 should work, because I start vncserver with the ":1" and the -localhost option. I tried both the Ultra VNC and TightVNC clients. To no avail. I checked the sshd_config file, /etc/hosts file, to no avail.
If I don't forward the ports and run vncserver in normal mode (not -localhost), EVERYTHING WORKS FINE. But I would like to limit vncserver to localhost only, because everyone says it's much more secure.
Does anyone know anything that could help me?
Posted by: Jordi
I'm using now a nice seedbox for a low price. Very nice for users who cannot wait for the long OVH setup-time or when your country is not listed on their webpage; http://mybox.pfcorner.eu/
Posted by: n0_NaMe
Thanks for the great guide, it took me 15 minutes to setup my new leaseweb box. Everything is running fine except two things. When I launch tightvnc the screen is very small so I cant see the full desktop. Also, I installed iceweasel instead of firefox but it launches it automatically closes. I think it may be because of the small screen size. Any suggestions
Posted by: slayer2005
Having a little problem.
In the tutorial it says...As you successfully login to your remote desktop, you'll see a blank screen with a taskbar on the bottom. Right-click anywhere on the desktop for the fluxbox menu, and find xterm (usually under Terminals).
Now i dont see the task bar nor can i right click left click or clickity click.
Now i swear when i 1st logged on ysterday i seen the task bar at the bottom,but now everytime i log in its not there and i cant do shit.
Any help would be appreciated.:)
Slayer
Posted by: seeding123
hey thanx for the great guide :-D really appreciate it
Posted by: forthat
that was very helpful .........
Posted by: Dawe24
thx m8
Posted by: kross
Just a few things about your tutorial:
- (debian) When you're upgrading your system:
apt-get update
apt-get upgrade
is not sufficient, to upgrade kernel and other system programs, you need to do:
apt-get dist-upgrade
Adding "-y" to the command will indicate that the system does not have to ask you questions and the defaut answer is "Yes".
- changing ports for FTP and SSH is not the best solution to counter cracking attempts.
There are so many programs which can tell you how to find opened ports and what service is runned on each of them. A better solution would be fail2ban. "You send me garbage? Ok, I'll ban you for a specific period." I suggest to anyone interested in security to do some searches on fail2ban.
- According to your tutorial, there are things you can only do with root. Maybe I'm forgetting something, but the way you defined the user "pirate" in /etc/sudoers tells to the system "pirate" with the sudo command can do everything on the system. In fact, pirate is another administrator on the machine. Same priviledges in fact.
- What's the purpose of copying the public key of the root in his own ~/.ssh/authorized_keys? An administrator needs to do "ssh localhost" and connect without typing the password? "su -" will be more efficient and "> ~/.ssh/authorized_keys" will just create an empty "~/.ssh/authorized_keys".
Hope this will help you to make your tutorial better! :)
Posted by: Lincoln
Thanks for the great guide, it took me 15 minutes to setup my new leaseweb box. Everything is running fine except two things. When I launch tightvnc the screen is very small so I cant see the full desktop.Kill your vnckillall XvncThen launch vncserver with the -geometry tagvncserver -geometry 1860x1050and connect.
Posted by: h1pp0
in the CentOS section of updating the Extra.repo you need to add this in the [dag] section, dunno why OP omitted it
gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
Some people might get a no public key found for "blah blah" package without it
Posted by: premanna
just got a server with centos 5.1 need help setting it up guys. i get this error on putty - connection refused - :cry: (nooB):P
pm me for more info
Posted by: Jargs
wow thanks dude
Posted by: h1pp0
just got a server with centos 5.1 need help setting it up guys. i get this error on putty - connection refused - :cry: (nooB):P
pm me for more info
Make sure your connecting to the right port and that your iptables (if you set it up) is allowing incoming connections to your sshd port
Posted by: Lincoln
# yum install wine
Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Nothing to do
# wine utorrent.exe
bash: wine: command not found
So...wtf?
Posted by: 0riGiNaLBoX
Great work but i need one year to did it by my self because i never setup this system yet
Posted by: Lincoln
FYI: Wine (both 0.9.* and 1.0) does not play well with CentOS 5.1 64bit.
Posted by: KaySterling
Much appreciated guide!
This will come in handy soon i think.
Posted by: asdf
Thanks for the guide, very helpful. I'm having quite a big problem though, I can't see anything in the VNC screen. Fluxbox is installed, and I can connect to the server, but all I can see is this:
http://www.frauded.info/dump/32a5317f8166520420ed5839d91ed330/1123.PNG
Without the VNC I can't properly control the server..
I tried reinstalling fluxbox and even the x server, but I still can't get this to work. I'd really appreciate any help here.
Edit: I somehow installed gnome. And gnome requires you to run the server using the -depth information. Soooooo, problem solved. I'd like to know how to go back to Fluxbox though..
Posted by: sniz
im doing the Vncserver step i did everything is said it came up with this when i type vncserver :1
[itronic@MY SERVER IP WAS HERE~]$ vncserver :1
xauth: (argv):1: bad display name "MY SERVER IP WAS HERE:1" in "add" command
here the log because when i trying to connecting useing my computer useing VNCviewer it said failed to connect
Fri Jun 27 11:44:47 2008
vncext: VNC extension running!
vncext: Listening for VNC connections on port 5901
vncext: Listening for HTTP connections on port 5801
vncext: created VNC server for screen 0
error opening security policy file /usr/X11R6/lib/X11/xserver/SecurityPolicy
Could not init font path element /usr/X11R6/lib/X11/fonts/misc/, removing from l ist!
Could not init font path element /usr/X11R6/lib/X11/fonts/TTF/, removing from li st!
Could not init font path element /usr/X11R6/lib/X11/fonts/Type1/, removing from list!
Could not init font path element /usr/X11R6/lib/X11/fonts/CID/, removing from li st!
Could not init font path element /usr/X11R6/lib/X11/fonts/75dpi/, removing from list!
Could not init font path element /usr/X11R6/lib/X11/fonts/100dpi/, removing from list!
Fatal server error:
could not open default font 'fixed'
/home/itronic/.vnc/xstartup: line 1: fluxbox: command not found
[itronic@MY SERVER IP~]$
Posted by: necromantic
Edit: Error 10065 in VNC means Firewall Is The Devil
Posted by: wevotedno
Great work but i need one year to did it by my self because i never setup this system yet
Also version 1.0.0 has issues wtih peer conncectivity on utorrent.
Amazing guide you guys. Thanx
Posted by: predateur
thank you very much naq (http://filesharingtalk.com/vb3/../../members/naq-165862) , you are the best and very helpfull :)
Posted by: eMoneyBags
thanks for the guide naq. but i am stuck at the last part, setting up the ftp server. when i try to save to "vsftpd.conf" it says i don't have permission. also when i tried the step before that one..
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /root/vsftpd.pem -out /root/vsftpd.pem
i get "sh: openssl: command not found".
Posted by: kross
Are you doing these two things as root?
Posted by: eMoneyBags
no. i was using the other username i made..
Posted by: kross
And why are you doing that? ;)
The guide is saying the opposite, you need to log in as root.
Posted by: eMoneyBags
after doing step 8. i can't login with vnc anymore. i get this error. "The server does not have a valid password enabled. Until a password is set, incomming connections cannot be accepted.. how do i fix this?
Posted by: reeve
Excellent tutorial.
I only had one problem. On my leaseweb express server 1, vncserver would not work. Switching to vnc4server worked fine as did the rest of the tutorial.
Posted by: kid16k
I just have to say this:
This is one of the best tutorials in the world wide web! 10/10
Perhaps i will translate it to *german* if its okay for you?!
However i don't have much time atm (study^^)
Posted by: Zer0c0oL
I've followed all the steps. I'm using debian in my server. The only problem is that i can't find firefox or open any web browser through vnc viewer.
anyway to solve this ?
Posted by: eMoneyBags
I've followed all the steps. I'm using debian in my server. The only problem is that i can't find firefox or open any web browser through vnc viewer.
anyway to solve this ?
same here
Posted by: lifehackr
Thanks NaQ and all who posted updates. I want to try this on a test server (seedbox) in my home before I try applying to a purchased seedbox. Any guides on how to install the server os so its like what you would get from a purchased seedbox?
Posted by: salasana
Nice guide! Thanks.
Posted by: puckface
Using Debian:
In the section to change ports for ssh, there is the code:
# /etc/init.d/sshd restart
when using a Debian install this "file or directory does not exist"
maybe an update on that or Im missing something.
Also, when starting firestarter, I te the error "Gtk-WARNING **: cannot open display: ", I thought it had something to do with -depth when opening vncserver, but not so.
That being said: great guide, thanks.
Posted by: kross
It's /etc/init.d/ssh, no d at the end.
Posted by: puckface
It's /etc/init.d/ssh, no d at the end.
cool, maybe a fix for that in the guide then for debian.
youre the helpful one arent you? Any ideas on the firestarter error?
Gtk-WARNING **: cannot open display:
Posted by: kross
Did you proceed as described into this guide?
(Did you add your normal account into sudo config file with sudo?
Did you try to run firestarter with sudo (sudo firestarter) in terminal you launched in VNC?)
Puck, if you did that, then try to change the value for Defaults via visudo:
Defaults env_reset
becomes
Defaults env_keep=DISPLAY
Another thing: open a terminal into the remote desktop and type echo $DISPLAY.
Then, in the same terminal, log in as root and type:
DISPLAY=XYZ firestarter
XYZ is what "echo $DISPLAY" prompted to you.
(root can write on any X window screen)
Edit: You can also try that:
Defaults:user !env_reset
However, it's my solution, so I won't guarrantee it will work. :D
Posted by: riparide
I juet get a problem starting firefox.
Here is the error message:
Error: Cairo does not yet support the requested image format:
Depth: 8
Alpha mask: 0x00000000
Red mask: 0x00000007
Green mask: 0x00000038
Blue mask: 0x000000c0
Please file an enhacement request (quoting the above) at:
http://bugs.freedesktop.org/enter_bug.cgi?product=cairo
firefox-bin: /build/buildd/libcairo-1.2.4/src/cairo-image-surface.c:155: _cairo_format_from_pixman_format: Assertion `NOT_REACHED' failed.
Aborted
any ideas?
Posted by: riparide
Just and update.
I did reinstall the OS with CentOS 5 and now everything works ok, including firefox.
Thanks NAQ and all supporters.
Im now just trying to install ProFTPd instead of VSftpd... will keep update.
Posted by: colin12345
Hi. I wonder if anyone can help me. I'm pretty new to Linux. I've just got an OVH dedicated server with Debian Etch. I've followed NaQ's very useful tutorial and have managed to install Utorrent and it's working fine (GUI too).
However, I'm having no luck opening Firefox from Fluxbox. I've got Firefox on the menu but when I click to open it, the window flashes for a second and then disappears (almost as if it's opening in the background). I've tried a reboot but it doesn't change anything.
I'd be really grateful if anyone can give me a hand.
Thanks :-)
Posted by: dance4
vncserver (vnc4server,tightvnc) -depth 24 :D
Posted by: colin12345
dance4 - thanks sooooo much! Does that make it open permanently at that resolution?
Also, is it possible to open Firefox rather than Iceweasel?
Again, thanks a bunch! :-)
Posted by: dance4
Does that make it open permanently at that resolution?
yes
Also, is it possible to open Firefox rather than Iceweasel?
yes
Posted by: colin12345
Cheers. Thanks for the swift replies :-) I was really getting desperate over the Firefox prob.
Sorry to trouble you again. I followed some advice about making Firefox the default instead of Iceweasel by entering the following command:
ln -sf /opt/firefox/firefox /usr/bin/firefox
Now when I select Firefox from the menu, nothing happens :-(
Is there a way to undo the command?
Posted by: dance4
ff isn't installed, if you want use ff3 isn't easy run it on Debian etch i can help you but write to me on skype or MSN
Posted by: turin
cool, great job
Posted by: marraqy
thx
Posted by: tokyosushi
Thanks Naq! Followed your guide and all worked well! Linux Seedbox Hooray!
However, I have a question regarding How-To upgrading or downgrading utorrent version.
I accidentally downloaded and used Utorrent 1.8Beta on the seedbox, vnc, fl