PDA

View Full Version : BitTorrent NaQ's Complete Setup Guide for Linux Seedboxes (Fedora Core/CentOS/Debian/Ubuntu)



Pages : [1] 2

naq
02-28-2008, 06:33 PM
Complete Setup Guide for Linux Seedboxes
This guide will help you setup your newly purchased server with uTorrent, FTP server, Firefox, and more. Instructions for rtorrent and Torrentflux are also available, but we recommend uTorrent as it is the most user-friendly, and reported to work well even with only 256MB of RAM. The general principal of this guide will be to setup your server in a secure manner, and perhaps will get you to learn a bit about the Linux system along the way.

Questions, comments, corrections, and suggestions are welcomed.

When asking for help, please post as much details as possible about your problem, such as the OS, error messages, and a log file if available.


Updates:
11/03 - More tweaks and corrections. Updated the wine setup. Added to the FAQ about wine with instructions to compile wine for Debian. Removed webui.zip instructions as it's not needed with the latest uTorrent.

10/28 - Some more updates to wine installation in Section 2. Added a troubleshoot for openssl in Section 7.


10/22 - Updated to an easier way to install WebUI.

10/18 - Updated Section 2 about install wine for Debian/Ubuntu.

10/16 - Updated uTorrent to 1.8.1. Added write_enable=yes to vsftpd setup. Fixed the error about sshd restart for Debian/Ubuntu. And some minor tweaks. Added a FAQ about uTorrent dropping peer connections (wine issue: http://bugs.winehq.org/show_bug.cgi?id=14188)

9/12 - Updated the guide to install uTorrent 1.8 & latest WebUI. Added a FAQ about "Too many open files"

3/25 - Added a hosts file troubleshoot for Section 5.

3/11 - Updated the firewall section with the proper way to start Firestarter in Debian/Ubuntu

3/10 - Added a vnstat guide to Section 9. Working on FreeNX setup, though it seems to not work as well as I remembered. Removed the need for Debian/Ubuntu servers to use vnc4server. Added some more install/setup procedures for Debian/Ubuntu in section 2 & 3 (for wine and vncserver to work properly). Added optional config for Debian in Section 2 (need it to install flash).

3/09 - Added Secure SSH to Section 8.
Thanks to the following people:
roiko
balbaid
predateur
fatcat69
wormtail
Kflint
goodkat
dieudesorcs
Thanks to the following websites:
Gentoo (http://www.gentoo.org)
OSResources (http://osresources.com/)
The Unofficial Fedora FAQ (http://www.fedorafaq.org)
Google (http://www.google.com)
and of course, FST (http://www.filesharingtalk.com)

Programs needed:
Putty (http://www.chiark.greenend.org.uk/%7Esgtatham/putty/download.html)
WinSCP (http://winscp.net/eng/download.php)
VNC Viewer (http://www.tightvnc.com/download.html)
FTP Client (Recommended: CuteFTP)

Index:

1. Initial Login
2. Initial Setup
3. Install Softwares
4. Create User
5. Setup VNC Desktop
6. Setup uTorrent & WebUI
7. Setup VSFTPD
8. Security:
- Change FTP & SSH Ports
- Secure VNC through a SSH Tunnel
- Configure Firewall with Firestarter
- Encrypt the Hard Drive with Truecrypt - TBA
- Secure SSH
9. Miscellaneous:
- Firefox & Flash
- Install rtorrent
- Install Torrentflux - TBA
- Configure the Fluxbox Menu
- Configure Multiple IP Addresses
- Using vnstat to monitor bandwidth usage
10. FAQ
11. History


1. Initial login
So you've finally received the email after waiting so impatiently for your server. Now what to do? Run Putty, of course.

http://img150.imageshack.us/img150/715/puttylogin1qt0.jpg

Enter the IP Address of your server like shown, click Open.

http://img135.imageshack.us/img135/8840/puttylogin2ag7.jpg

Enter the root login information as provided in the email, and you should be able to login to your server. You are now in a Putty terminal, connected to your server through a secure protocol called SSH.

http://img166.imageshack.us/img166/871/puttylogin3cw6.jpg

Tips for Putty:
- Highlight text to copy from Putty
- Right-click to paste to Putty


2. Initial Setup

The CLI
The Command Line Interface (what you see in front of you as you successfully login through Putty) is what we'll use throughout this guide to setup your server. Some simple commands you can type to get familiar:

- Shows the present working directory.

# pwd
- Lists the files and folders in the present directory.

# ls
- Like "ls", but also lists all hidden files and folders. You'll see that files and folders starting with "." (like .ssh/) are hidden.

# ls -a
- Change directory to the root directory. NOTE: /root is the home folder of the root user.

# cd /
- Change directory to the home folder. Since you are login as root, you are now back in /root/.

# cd ~/
Go HERE (http://www.ss64.com/bash/) for a comprehensive list of basic commands you can do.

Change root password
We want to change the most important password of the server, so your provider doesn't know it. A strong password is highly recommended.

# passwd
New password:
Verify:
Delete SSH key authentication
Certain providers create SSH authentication keys that will allow them to login to your server as root without actually knowing the password. We want to delete the authorized_keys2 file if it's there:

# ls .ssh
authorized_keys2
# rm .ssh/authorized_keys2
Note: Try the auto-complete feature by just typing "rm .ssh/au", then press Tab, and the rest of the filename will fill automatically.

Note: Key authentication can be a secure method of login, since you'd need an actual key file on your computer to authenticate against the server. See Section 8 for instructions.

Nano - The text editor
In Linux, you'll find yourself editing a lot of text files. Nano is a simple CLI text editor that you'll be using throughout this guide.

# nano
You are now in nano. The text you see on the bottom of the terminal is the various commands. For our purpose, all you need to know is "WriteOut" and "Exit", which is save and quit. The "^" character denotes the Ctrl key. So to save a file, press Ctrl+O, and to quit is Ctrl+X. Just exit nano for now.

Disable SELinux
(Not applicable to Debian/Ubuntu systems, AFAIK)
Some servers come with SELinux (http://en.wikipedia.org/wiki/SELinux) enabled which will cause some problems later on, specifically with FTP setup (user login & SSH/TLS setup). Please comment if you have a workaround without turning SELinux off. But for now, we'll just disable it if it's enabled.

Check SELinux status:

# cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

If you see the line SELINUX=disabled or you don't have this file, move on to the next section.

If your output says SELINUX=enforcing or SELINUX=permissive, we'll disable it:

# nano /etc/sysconfig/selinux
change "SELINUX=..." to "SELINUX=disabled". Save & exit.

You'll need to restart the server for this change to take effect. This should be the one and only time you will have to restart your server.

# reboot
Wait a few minutes (and maybe cross your fingers :)) as your server restarts. Now login again through Putty.

System Updates
Linux distributions use package management systems to easily install and maintain softwares. Fedora Core and CentOS use "yum", Debian and Ubuntu use "apt". Now, we'll add a few extra repositories (servers with additional softwares for your system) to yum and apt, and then do a system-wide update before continuing on with installing softwares. Each system has its own procedure, so follow the one you have accordingly.

Fedora Core 4:

# cd /etc
# mv yum.conf yum.conf.bak
# wget http://www.fedorafaq.org/fc4/samples/yum.conf
# rpm -Uvh http://www.fedorafaq.org/fc4/yum
# yum update
Say yes when asked to update all softwares.

Fedora Core 5:

# cd /etc
# mv yum.conf yum.conf.bak
# wget http://www.fedorafaq.org/fc5/samples/yum.conf
# rpm -Uvh http://www.fedorafaq.org/fc5/yum http://rpm.livna.org/livna-release-5.rpm
# yum update
Say yes when asked to update all softwares.

Fedora Core 6:

# rpm -Uvh http://www.fedorafaq.org/fc6/yum http://rpm.livna.org/livna-release-6.rpm
# yum update
Say yes when asked to update all softwares.

NOTE: Thanks to The Unofficial Fedora FAQ (http://www.fedorafaq.org) for the instructions above.

CentOS 4/5:

# nano /etc/yum.repos.d/Extra.repo
Copy & paste the following into the Extra.repo file:

[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
enabled=1

[kbs-CentOS-Extras]
name=CentOS.Karan.Org-EL$releasever - Stable
gpgcheck=1
gpgkey=http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
enabled=1
baseurl=http://centos.karan.org/el$releasever/extras/stable/$basearch/RPMS/

[kbs-CentOS-Misc]
name=CentOS.Karan.Org-EL$releasever - Stable
gpgkey=http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
gpgcheck=1
enabled=1
baseurl=http://centos.karan.org/el$releasever/misc/stable/$basearch/RPMS/
Save & exit.

# rpm --import http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
# rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
# yum update
Say yes when asked to update all softwares.

Debian & Ubuntu:

Install the wine repository:

Update: Debian users should NOT follow this step at the moment due to a bug in wine that drops peer connections in uTorrent. The older version in Debian (0.9.25) works fine enough. See the FAQ for more details.

Ubuntu Hardy Heron (8.04):

# wget http://wine.budgetdedicated.com/apt/387EE263.gpg
# apt-key add 387EE263.gpg
# wget http://wine.budgetdedicated.com/apt/sources.list.d/hardy.list -O /etc/apt/sources.list.d/winehq.list
Ubuntu Intrepid Ibex (8.10):

# wget http://wine.budgetdedicated.com/apt/387EE263.gpg
# apt-key add 387EE263.gpg
# wget http://wine.budgetdedicated.com/apt/sources.list.d/intrepid.list -O /etc/apt/sources.list.d/winehq.list
Next, run a system update:
# apt-get update
# apt-get upgrade
Say yes when asked to update all softwares.

Optional configuration for Debian (will need it if you want Flash):

We are gonna assume you are running Debian 4.0 (Etch), we can install the "backports" repository which will have more updated softwares than the stable tree.

Edit the sources.list file:

# nano /etc/apt/sources.list
Insert the following line to the end:

deb http://www.backports.org/debian etch-backports main contrib non-free
Save and exit.

Get the verification key:

# wget http://backports.org/debian/archive.key
# apt-key add archive.key
Run update:

# apt-get update
You can also run "apt-get -t etch-backports upgrade", but it's not necessary.
3. Install Softwares
The following softwares will be installed in one easy command:

vncserver - Provides a GUI interface with a VNC Desktop (Virtual Network Computing)
wine - Windows emulation software for uTorrent
xterm - a GUI terminal
fluxbox - a light-weight Windows Manager for your VNC Desktop
vsftpd - a FTP server (File Transfer Protocol)
firefox - a web browser
vnstat - a bandwidth monitoring tool

Fedora Core & CentOS:

# yum install vnc-server wine xterm fluxbox vsftpd firefox vnstat
Say yes when asked. You'll see many dependencies packages being installed as well.

Debian & Ubuntu:

# apt-get install vncserver wine xterm fluxbox vsftpd firefox vnstat
# update-menus
Say yes when asked. You'll see many dependencies packages being installed as well.

Debian & Ubuntu systems don't download all the needed dependencies for vncserver, so we'll have to install them manually.

# apt-get install xfonts-base xfonts-75dpi xfonts-100dpi
Optional for Debian:

Install a newer version of fluxbox:

# apt-get -t etch-backports install fluxbox4. Create User
We do not want to use root as a user, since root is an administrative account with full control over your server, it is not meant to be used due to possible screwups and security purposes. Therefore, we'll create a new user to use.

Note: Repeat Section 4 - 6 to create additional users. All users will be able to run their own instances of VNC desktop & uTorrent, as well as login with FTP. See Section 9 for instructions on how setup separated IP Addresses for multiple users.

# useradd -m pirate
Note: Replace pirate with any username you like.

Create a password for this new account:

# passwd pirate
New password:
Verify:
Now we can login to Putty again with this new user account. Right-click on Putty's title bar, select "Duplicate Session", and login with pirate. You can close the old Putty window that is logged in under root.


5. Setup VNC Desktop
Now that we are logged in as a new user. Notice first, where your home folder is located

$ pwd
/home/pirate
Note: Notice the "$" sign used above. From now on, this means the command is executed under the user account. And "#" is for commands executed under the root account.

We need to configure fluxbox to run when starting the VNC Desktop:

$ mkdir .vnc
$ nano .vnc/xstartup
Insert the following into the xstartup file:

fluxbox
Save and exit.

Make the xstartup file executable:
$ chmod +x .vnc/xstartup
That's all we needed in order to start up our VNC Desktop. Since this is the first time you start vncserver, you'll be asked to enter a new password for access to the VNC Desktop. For simplicity, you can just use the same password for your user account here.
$ vncserver :1
New 'your.hostname:1 (pirate)' desktop is your.hostname:1

Starting applications specified in /home/pirate/.vnc/xstartup
Log file is /home/pirate/.vnc/your.hostname:1.log
The above command will be used whenever you want to start a new VNC Desktop, for instance if when your server crash and you need to start things up again.

The command to stop the VNC Desktop is:

WARNING: This command is here just so you know it, DON'T enter it next.

$ vncserver -kill :1
Killing Xvnc process ID 3489
Launch VNC Viewer. Enter the address of your server in VNC Viewer as shown below. And remember, the address is "your.ip:1".

RealVNC Viewer:

http://img405.imageshack.us/img405/6271/vnc1qs9.jpg

TightVNC Viewer:

http://img86.imageshack.us/img86/984/vncviewergt3.jpg

http://img211.imageshack.us/img211/6025/vncviewerpasswordyv5.jpg

At this point, if you are prompted for the VNC password, you've succeeded for the most part in setting up your Linux server.

Note: To change the VNC password, type this command:

$ vncpasswd
Note: If you are setting up the 2nd VNC Desktop for another user, remember that you'll have to use a different display number. For example: "$ vncserver :2". Then connect to "your.ip:2" in VNC Viewer.

Troubleshoot: If you are unsuccessful here in connecting to your VNC Desktop, please post in this thread the VNC Viewer error and the VNC log, which can be displayed by:
$ cat .vnc/your.hostname.log
Sample VNC connection error:

http://img529.imageshack.us/img529/1181/vnc2qf2.jpg

Troubleshoot: Your server might came with a firewall installed, which would block the VNC connection attempt. We'll setup a firewall later in the guide, so for now we can disable this firewall if it exists. To find out, type the following in Putty while login as root to list the filter table of iptables:

# iptables -t filter -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
The above output means there is no firewall. If your output has entries under the 3 chains (INPUT, FORWARD, OUTPUT) and/or has more chains, then we'll need to flush the iptables:

# iptables -F
List the table again to make sure it's empty. Then try to connect with VNC Viewer again.

Troubleshoot: Your server may not have a proper hosts file setup which will result in this error (you can see it in the log):

_X11TransSocketINETConnect() can't get address for your.hostname: Name or service not known
If you get this error, open the hosts file:

$ su
# nano /etc/hosts
Make sure the file has the following two lines:

127.0.0.1 localhost
your.ip your.hostname
Replace "your.ip" & "your.hostname" with the ones for your server. If you don't know your hostname, type:

# hostname
Then restart the vncserver using the commands above.


6. Setup uTorrent & WebUI
From now on, you can close the Putty program as we'll use the xterm terminal in the VNC Desktop.

As you successfully login to your remote desktop, you'll see a blank screen with a taskbar on the bottom. Right-click anywhere on the desktop for the fluxbox menu, and find xterm (usually under Terminals).

http://img84.imageshack.us/img84/6092/vnc3yi0.th.jpg (http://img84.imageshack.us/my.php?image=vnc3yi0.jpg)

xterm is just another terminal like Putty.

It's time to install uTorrent, in the new xterm window, type:

$ wget http://download.utorrent.com/1.8.1/utorrent.exe
The latest uTorrent (version 1.8.1) is now downloaded to your home folder.

Start uTorrent:

WARNING:At the setup screen, click CANCEL as we don't want to install uTorrent like in Windows. It runs fine as a stand-alone application.


$ wine utorrent.exe
Suggested tips to configure uTorrent:

- Use Speed Guide and set your connection to "xx/100Mbps" or "xx/10Mbps" depending on what you have
- Choose any port above 45,000
- Enable Encryption
- Disable DHT, Local Peer Discovery, Peer Exchange
- No randomize ports, disable UPnP port mapping & NAT-PMP port mapping
- Enable WebUI Interface, insert WebUI's un & pw
- In Advanced Options, set gui.delete_to_trash to FALSE
- Un-check Minimize to tray & Close to tray

Note: See the FAQ about Disk Overloaded Errors and how to work around it.

All set.

WebUI should also work if you configure it. The address will be http://your.ip:xxxxx/gui (http://your.ip:PORT/gui) , where xxxxx is the uTorrent's port number you setup previously. If successfully connected, the browser will prompt for your WebUI's un & pw that you set in uTorrent. We recommend that you set the WebUI's un & pw to be different from your user account. So if WebUI is compromised, your server is still safe.

That's it. Now it's time to put your server to the test :). We are gonna assume you know how to use uTorrent and/or WebUI. Read on if you want to setup a FTP server, Firefox & Flash, configure multiple IPs, configure firewall, and more. See the FAQ for some useful info as well.


7. Setup the FTP Server (VSFTPD)

You can setup a FTP Server on your seedbox to transfer files to and from your home PC. This is quite advantageous since you most likely will be able to download files from your server to your PC at the maximum speed provided by your ISP, as well as reducing the need to use Bittorrent at home.

We had already installed VSFTPD from Section 3. Configuring VSFTPD is simple, however we also want to configure VSFTPD to use TLS/SSH authentication.

Note: Enabling TLS/SSH authentication will NOT work if SELinux is enabled. See Section 2 to check if SELinux is enabled. And if so, to disable it.

Note: Users will NOT be able to login if SELinux is enabled. See Section 2 to check if SELinux is enabled, and if so, to disable it.

Note: The root user is not allowed to login with FTP by default.

In VNC Desktop:

We need root privileges to configure VSFTPD. The command "su" will let us switch user. Type in xterm (remember not to use the one that's running uTorrent):

$ su
Password:
#
Here, we need to enter the root password to switch to the root user.

Create a new SSH certificate for VSFTPD:

# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /root/vsftpd.pem -out /root/vsftpd.pem
The command above will ask you a bunch of information. Insert whatever you like.

Troubleshoot: If you encountered the error: "openssl command not found", then openssl isn't installed on your server. To install it:

Fedora Core/CentOS:
# yum install openssl
Debian/Ubuntu:
# apt-get install openssl
Now it's time to configure VSFTPD through editing the vsftpd.conf file:

Fedora Core & CentOS:

# nano /etc/vsftpd/vsftpd.conf
Debian & Ubuntu:

# nano /etc/vsftpd.conf
Relevant changes:

anonymous_enable=NO
local_enable=YES
write_enable=YES

Note: make sure to remove the comment sign from the settings you want (#)

Relevant additions to the end of the file:

ssl_enable=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/root/vsftpd.pem

Save & exit.

Start VSFTPD:

# /etc/init.d/vsftpd start
Starting vsftpd for vsftpd: [ OK ]
When making changes to vsftpd.conf, you'll need to restart VSFTPD, to do so:

# /etc/init.d/vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
To have VSFTPD autostart on boot:

Fedora Core & CentOS:

# chkconfig vsftpd on
Debian & Ubuntu:

# update-rc.d vsftpd defaults
Now, you can try to login to your server using the FTP Client of your choice with your pirate account. Make sure to select the connection type as "FTP with TLS/SSH".

Exit out of the root user in xterm:

# exit
$
Note: See Section 8 to change the default ports for the FTP & SSH services.

If you need help with your Windows FTP Client, see fatcat69's FTP guide HERE (http://filesharingtalk.com/vb3/f-guides-and-tutorials-65/t-setting-up-ftp-server-ssl-276623).

Note: CuteFTP is recommended for its ability to download 1 large file with multiple connections to maximize speed. Please post if you know of other clients that have this feature.


8. Security
This section will deal with setting up various security features on your server.

Change FTP & SSH Ports
FTP & SSH use ports 21 & 22 respectively. These two ports are under constant brute force login attempts by bots trying to compromise systems. Therefore, we want to change them.

Change FTP Port:

$ su

Fedora Core & CentOS:

# nano /etc/vsftpd/vsftpd.conf

Debian & Ubuntu:

# nano /etc/vsftpd.conf

Add the following line to the end:

listen_port=54321

Save and exit. Choose any port number you want. Remember, you'll have to specify this same number in your FTP Client.

After this change, we'll need to restart VSFTPD:

# /etc/init.d/vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
# exit
$
Change SSH Port:

$ su
# nano /etc/ssh/sshd_config
Change the following line:


# Port 22
to
Port 54322

Save and exit. Choose any port number you want. Remember, you'll have to specify this same number in Putty and WinSCP.



Fedora Core & CentOS:
# /etc/init.d/sshd restart

Debian & Ubuntu:
# /etc/init.d/ssh restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
# exit
$
Secure VNC through a SSH Tunnel
Notice so far, we are using 4 network services/programs. They are SSH, FTP, VNC, and Bittorrent. SSH is a secure protocol. We've setup FTP to use a secure authentication method, although the transferring of data isn't so (Note: you can use SFTP for secure FTP transfers, but at the cost of speed). VNC isn't a secure service, so we'll use a SSH's feature called tunnel to encrypt the traffic.

Your VNC Desktop is currently running on display :1 with the network port being 5901. With setting up a tunnel, this port isn't needed to be accessible from outside, since we are using the SSH protocol & port. So, let's restart vncserver with the "localhost" option. First, exit uTorrent in your existing VNC Desktop to ensure no issue with your active torrents. Then, in Putty:

$ vncserver -kill :1
Killing Xvnc process ID 3489
This command will start a VNC Desktop that will only allow connection from the same machine:

$ vncserver -localhost :1
Tip: For a bigger resolution VNC Desktop, you can add the "-geometry" syntax, like so:

$ vncserver -localhost -geometry 1920x1080 :1
Note: If you already start vncserver without setting the geometry, then you'll need to kill it first. Replace 1920x1080 with any resolution you prefer.

Close Putty and open a new Putty window on your PC, enter the IP & Port information for SSH. On the left window, go to Connections - SSH - Tunnels. Under "Add new forwarded port:", insert the following:

Source port: 5900
Destination: localhost:5901

Click Add

http://img141.imageshack.us/img141/8775/putty5aw6.jpg

Go back to Session on the left window, we'll save the Putty settings for convenience. Under "Saved Sessions", insert any name you like, and click Save. From now on, to connect to your server with Putty, just double click on the Saved Session. The tunnel for VNC will also be loaded automatically as well.

http://img235.imageshack.us/img235/5893/putty4sz3.jpg

That's it, we've created a tunnel for VNC. The source port 5900 (which is conveniently the default port in VNC Viewer) is the port on your home PC, and the destination port is 5901 on your server, which is the port for your running VNC Desktop. Let's login. Open VNC Viewer, the address is simply "localhost"

http://img239.imageshack.us/img239/9868/vnc6kx8.jpg

http://img99.imageshack.us/img99/5689/vnc7ob7.jpg

Troubleshoot: If VNC Viewer reports connection refused, try checking for a proper hosts file on your server. The instruction is in Section 5 (Setup VNC Desktop).

Note: Now that we've secured VNC, the next section will deal with securing the rest of your server. Notice that we currently have 3 active ports: 54321 for FTP, 54322 for SSH, and the uTorrent port, which we'll just use 54320 for convenience. Thus, when setting up the firewall next, we'll just have to add one entry, which is to allow ports 54320 - 54322.

Configure Firewall with Firestarter
Linux comes with a powerful tool called iptables (http://www.netfilter.org/) to intercept and manipulate network packets. We'll setup iptables in this section to be the firewall for the server. Since manually configuring iptables is beyond the scope of this guide, we'll use a GUI frontend to iptables called Firestarter (http://www.fs-security.com/). Let's install Firestarter.

Fedora Core & CentOS 4:

$ su
# yum install firestarter
# exit
$
CentOS 5:

$ wget http://centos.karan.org/el4/extras/stable/i386/RPMS/firestarter-1.0.3-1.i386.rpm
$ su
# yum install firestarter-1.0.3-1.i386.rpm
# exit
$
Debian & Ubuntu:

$ su
# apt-get install firestarter
# exit
$
In your VNC Desktop, open a new xterm, start Firestarter:

Fedora Core & CentOS:

$ firestarter
http://img99.imageshack.us/img99/6633/firestarter5qz1.th.jpg (http://img99.imageshack.us/my.php?image=firestarter5qz1.jpg)

You need to provide the root password here, as Firestarter requires administrator privileges.

Debian & Ubuntu:

Firestarter requires the user to have sudo permission, which is a quicker way for users to execute root commands with out "su". So we'll have to give it:

$ su
# visudo
You are now looking at the sudoers file using "vi" which is another text editor. Press "i" for Insert Mode to edit text, insert the following to the end, after the same line for "root":

pirate ALL=(ALL) ALL
http://img213.imageshack.us/img213/2438/firestarter8no2.jpg

Press "ESC" to quit Insert Mode. Type ":wq" to save and exit.

Launch Firestarter:

# exit
$ sudo firestarter
[sudo] password for pirate:
Type your pirate's password here.

The first time Firestarter runs, it'll run a short Setup Wizard, click through it following these settings:

- Makes sure the network device is eth0
- No Internet Connection Sharing
- Don't check "Start Firewall Now"

We don't want to start the firewall yet because we haven't open the proper ports. Go to the "Policy" Tab, right-click under "Allow Service", select "Add Rule". In the Port field, insert the port range you need. So according to this guide, the range we'll need is 54320-54322.

http://img132.imageshack.us/img132/387/firestarter6lb3.jpg

Note: If you don't want to use VNC through the SSH Tunnel, you'll need to add another rule for port 5901.

Click Apply Policy. Then Start Firewall.

http://img134.imageshack.us/img134/9735/firestarter7to7.jpg

Note: Remember that Firestarter is just a frontend to iptables, you don't have to leave it running. We recommend you close it to save resources. Also, the firewall will autostart on reboot.

That's it for setting up the basic firewall. However, you'll notice that we can't login to the FTP server anymore. The reason is the FTP server uses random ports above 1024 for data connections. So we'll need to specify a port range for FTP connections, which we'll use port 54323 - 54340 for convenience.

Edit the VSFTPD config file:

$ su
# nano /etc/vsftpd/vsftpd.conf
Note: for Debian & Ubuntu users, the config file is in a different location, type:
# nano /etc/vsftpd.conf
Insert the following lines to the end:

pasv_min_port=54323
pasv_max_port=54340
Save and exit.

Then, in Firestarter, edit the rule from 54320-54322 to 54320-54340. Click Apply Policy.

Tip: To see all the entries Firestarter added to iptables, type the following in Putty when login as root:

# iptables -t filter -L
Tip: To monitor the firewall without running Firestarter, open a new xterm, type:

$ su
# tail -f /var/log/messages
The above command actively updates the terminal when new entries are added to the system log. To exit from "tail", press Ctrl+C. The file "/var/log/messages" contains all events log for your server. It is wise to keep an eye on it from time to time to find out if anything is wrong.

Tip: When you see constant attempts to connect to your server under one port like the screenshot below, you may not want iptables to log all the drop connections (the log file will grow too big). To do so, right-click on an entry under "Events" and select "Disable Events on Port". You can remove/add logged ports in Firestarter's Settings.

http://img220.imageshack.us/img220/844/firestarter1dt1.jpg

Encrypt the Hard Drive with Truecrypt
TBA

Secure SSH
Thanks to The Fedora Unity Project (http://fedorasolved.org/post-install-solutions/securing-ssh) for portions of this section.

This section will guide you to secure the SSH server. The instructions here are border-lining on paranoia (perhaps completely). However, there is one advantage as you won't need to enter your password when login with Putty, which is very convenient when you are using SSH to tunnel your VNC Desktop. What we'll do is setup the Key Authentication feature for all users before disabling Password Authentication, so that only people possessing the key file will be able to login to your server.

First, login to your server from Putty as root. Following are the needed configuration options in sshd_config:

# nano /etc/ssh/sshd_config
We had setup an alternate port previously:

Port 54322
Make sure SSH only uses Protocol 2:

Protocol 2
Allow root login only through key authentication. We don't want to disable root login altogether, since if you haven't notice, certain things can only be done under root login.

PermitRootLogin without-password
Limit the maximum number of simultaneous unauthenticated connections:

MaxStartups 3:50:10
Reduce the amount of time allowed to successfully login to 30 seconds:

LoginGraceTime 30
Allow only known users:

AllowUsers root pirate
Enable key authentication:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
Save and exit.

Now, we'll create a pair of keys for the root user, a private and a public key.

Note: Repeat the steps from here on for additional users you want to have Key Authentication. Make sure you login as that user first.

# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
e8:41:87:32:13:25:93:b5:ae:3a:76:ce:14:fe:9a:b5 root@hostname

We don't need to use a passphrase for convenience. Enter a passphrase if you think your private key file may be compromised.

Two files were created in the folder /root/.ssh/. The id_rsa file is your private key that we'll need to transfer to your PC. The id_rsa.pub file will be store in the authorized_keys file on your server. The matching of these two keys is how the SSH server will authenticate the root user.

Since this is the first time you create a key pair, there is no authorized_keys file. Therefore, we can simply do this:

# mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
Note: if you are creating a 2nd pair of keys for the same user, we'll have to add the public key to the existing authorized_keys file instead:

# cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Open WinSCP to use sFTP to transfer the private key id_rsa to your own PC. Remember, the file is in the .ssh/ folder.

Now, we'll need to convert the private key into a format that Putty will recognized. Download Putty Key Generator (http://the.earth.li/%7Esgtatham/putty/latest/x86/puttygen.exe).

In Putty Key Generator, click Load and select the id_rsa file. You probably will have to change the filter to "All Files" in Browse to see it. Click Save Private Key to save the key in .ppk format.

http://img221.imageshack.us/img221/3884/keyauth1gu6.jpg

Once successfully done, you can delete the id_rsa file on both your PC and the server.

In Putty, we'll restart the SSH server to enable all our previous settings.


Fedora Core & CentOS:
# /etc/init.d/sshd restart

Debian & Ubuntu:
# /etc/init.d/ssh restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
# exit
$
Close the existing Putty session and open a new one. Hopefully, you already have a Saved Session by now. Select it and click Load. If not, enter your IP & Port information. On the left window, go to Connection - SSH - Auth. Under "Private key file for authentication", browse to your private_key.ppk file.

http://img81.imageshack.us/img81/9601/keyauth2cq2.jpg

Save the session, and click Open.

Enter root as the username, and you will be login automatically. If you entered a passphrase, then you'll have to type it in at this point.

http://img81.imageshack.us/img81/1002/keyauth3kn5.jpg

If you've come this far, you can choose to disable the normal Password Authentication login method after setting up Key Authentication for all users. To do so, set this line in sshd_config:

WARNING: By doing so, only Key Authentication is allowed. If you lose your private key, you won't be able to access your server.

PasswordAuthentication no
Restart the SSH server for the change to take effect.


9. Miscellaneous
This section contains additional and optional configurations for your server.

Firefox & Flash
You probably noticed we've already installed Firefox from Section 3. To launch it, just right-click on the VNC Desktop for the fluxbox menu, locate Firefox and click. If you need the Flash plugin for Speed Tests, follow these instructions:

Fedora Core 4:

$ su
# yum --enablerepo=flash install flash-plugin
# exit
Fedora Core 5/6 & CentOS:

$ su
# yum install flash-plugin
# exit
Ubuntu:

$ su
# apt-get install flashplugin-nonfree
# exit
$
Debian: (Assuming you installed Backports in Section 2)

$ su
# apt-get -t etch-backports install flashplugin-nonfree
# exit
$
Start or restart Firefox.

Install rtorrent
If you don't like uTorrent for whatever reasons, rtorrent is a good alternative. rtorrent runs in a terminal and isn't as easy to use, but I hope by now, you are more familiar and not affraid of the Linux ways.

To install rtorrent:

Fedora Core & CentOS:

$ su
# yum install rtorrent
# exit
$
Debian & Ubuntu:

TBA

Note: If rtorrent cannot be installed with the instructions above, you'll need to manually compile and install it. For that, as well as instructions for rtorrent, please see fstokebanget's "How to install and use rtorrent properly in CentOS (http://filesharingtalk.com/vb3/f-guides-and-tutorials-65/t-how-install-and-use-rtorrent-properly-centos-265027)" guide.

Install Torrentflux
TBA

Configure the Fluxbox Menu
You can configure the fluxbox menu to your liking. Here is an example:

http://img86.imageshack.us/img86/5808/addutorrenttomenukh7.jpg

http://img246.imageshack.us/img246/2374/vnc5ju6.th.jpg (http://img246.imageshack.us/my.php?image=vnc5ju6.jpg)

To get the menu above, we need to edit the following file:

Note: Use Putty instead of xterm to copy & paste text.
Tip: Ctrl+K in nano will delete the line the cursor is on.

$ nano ~/.fluxbox/menu
Edit it to look like this:

(Fluxbox-1.0.0)
[encoding] {UTF-8}
[exec] (firefox) {firefox}
[exec] (xterm) {xterm}
[exec] (uTorrent) {wine ~/utorrent.exe}
[submenu] (fluxbox menu)
[config] (Configure)
[submenu] (System Styles) {Choose a style...}
[stylesdir] (/usr/share/fluxbox/styles)
[end]
[submenu] (User Styles) {Choose a style...}
[stylesdir] (~/.fluxbox/styles)
[end]
[workspaces] (Workspace List)
[submenu] (Tools)
[exec] (Screenshot - JPG) {import screenshot.jpg && display -resize 50% screenshot.jpg}
[exec] (Screenshot - PNG) {import screenshot.png && display -resize 50% screenshot.png}
[exec] (Run) {fbrun }
[exec] (Regen Menu) {../util/fluxbox-generate_menu }
[end]
[submenu] (Window Managers)
[restart] (mwm) {mwm}
[restart] (kde) {startkde}
[end]
[commanddialog] (Fluxbox Command)
[reconfig] (Reload config)
[restart] (Restart)
[exec] (About) {(fluxbox -v; fluxbox -info | sed 1d) 2> /dev/null | xmessage -file - -center}
[separator]
[exit] (Exit)
[end]
[endencoding]
[end]
Save and exit.

For information on how to manually edit the menu file, go HERE (http://fluxbox.sourceforge.net/docs/en/newdoc.menuedit.php).

[B]Configure Multiple IP Addresses
(Only for Fedora Core/CentOS right now)

If your server comes with more than one IP Address, we can add the extra IPs to your system. The purpose is for each user to have his/her own IP, which will avoid sharing one address when two or more users are downloading from the same tracker. This is only needed if your tracker specifies that two users cannot share one IP. You will need to contact your tracker's staff to find out this information. You also need to setup each user with his/her own VNC Desktop to run separate instances of uTorrent. Follow Section 4 - 6 to create additional users.

Note: In our experience, two users can share a server with only 512MB of RAM. Not recommended for servers with less memory. Of course, you can have more users with more memory and good hardware.

The instructions here are a little more advanced than what we've done so far. First, we need to login to Putty as the root user, since "su" to root cannot modify network settings.

For this tutorial, we'll use the following information:

IPs: 192.168.1.5, 192.168.1.6
Netmask: 255.255.255.0
Gateway: 192.168.1.1

Note: You may need to request the extra IP from your provider.

Of course, you'll need to use the IP Addresses provided by your host. If you don't know them, issue this command, and write down the IP, Netmask, and Gateway.

# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:0b:6a:34:2a:9b
ONBOOT=yes
NETMASK=255.255.255.0
IPADDR=192.168.1.5
GATEWAY=192.168.1.1
TYPE=Ethernet
Create another network interface for your 2nd IP:

# cp /etc/sysconfig/network-scripts/ifcfg-eth0/ etc/sysconfig/network-scripts/ifcfg-eth0:0
# nano /etc/sysconfig/network-scripts/ifcfg-eth0:0
Modify DEVICE and IPADDR in this file to reflect your 2nd IP:

DEVICE=eth0:0
HWADDR=00:0b:6a:34:2a:9b
ONBOOT=yes
NETMASK=255.255.255.0
IPADDR=192.168.1.6
GATEWAY=192.168.1.1
TYPE=Ethernet
Save & exit.

Bring eth0:0 up:

# ifup eth0:0
To see all the network interfaces:

# ifconfig
You should see the details for eth0, eth0:0, and lo

Note: To add more IPs, just repeat the process for eth0:1, eth0:2, etc.

Now, to test if your 2nd IP works, you can try to ping it from your own PC. Start the Command Prompt, type:

C:\>ping 192.168.1.6

Pinging 192.168.1.6 with 32 bytes of data:

Reply from 192.168.1.6: bytes=32 time=1ms TTL=127
Reply from 192.168.1.6: bytes=32 time=1ms TTL=127
Reply from 192.168.1.6: bytes=32 time=1ms TTL=127
Reply from 192.168.1.6: bytes=32 time=1ms TTL=127

Ping statistics for 192.168.1.6:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
Troubleshoot: If you cannot ping your 2nd IP, please make sure you follow the steps above exactly. Make sure your ifcfg-eth0:0 file is correctly setup. Make sure you see eth0:0 when issuing "ifconfig". And finally, you can confirm with your provider that the information is properly given and setup.

After successfully setting up the extra IP, there are two ways to make each user uses a different address. You only need to do one way, but both is OK too.

1. Specify IPs in each user's uTorrent

Go to uTorrent Preferences - Advanced
Insert your IP into these two fields: net.bind_ip & net.outgoing_ip. For example


user1's uTorrent:
net.bind_ip: 192.168.1.5
net.outgoing_ip: 192.168.1.5

user2's uTorrent:
net.bind_ip: 192.168.1.6
net.outgoing_ip: 192.168.1.6
2. Using iptables

The second method requires adding an entry to iptables.

Note: Thanks to Kflint for the instructions here.

In the 1st method, we only specify uTorrent to use a specific IP. With iptables, the user will use a specific IP for all traffic, which means all Internet softwares including uTorrent, Firefox, and FTP will use the specified IP.

First we need to find out the user's ID number:

# cat /etc/passwd
Your account is listed at the end, like so:

pirate:x:500:500::/home/pirate:/bin/bash

We need the number that comes after your account name, which is 500 in this case. Now we can add an entry to iptables:

# iptables -t nat -A POSTROUTING -m owner --uid-owner 500 -j SNAT --to 192.168.1.6
See if the above commands works:

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- anywhere anywhere OWNER UID match pirate to:192.168.1.6

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Save the iptables:

# iptables-save > /etc/sysconfig/iptables
Have iptables start on boot and load the saved config:

Fedora Core & CentOS:

# chkconfig iptables on
Debian & Ubuntu:

# update-rc.d iptables defaults
You only need to add an entry to iptables for the 2nd user and any additional users. It's also fine to add an entry for the 1st user if you want.

Note: Don't forget to open the necessary ports for additional users in your firewall if you had set it up previously.

Using vnstat to monitor bandwidth usage
Depending on your provider, your server may not come with bandwidth monitoring. If so, you will have to monitor the bandwidth to prevent paying overage fee due to using more than the allowed limit yourself. From section 3, we already installed vnstat, which is a simple tool for bandwidth monitoring.

Vnstat by default monitors traffic on eth0, which should be your network interface. The program uses hardly any resources as it's not a traffic sniffer, it only polls your network statistics from /proc every 5 minutes.

Type the help command for a list of available options:

http://img89.imageshack.us/img89/5204/vnstat1vs1.jpg

Type "vnstat" for the default display which includes yesterday, today, and total bandwidth usages:

http://img89.imageshack.us/img89/3516/vnstat2re8.jpg

Type "vnstat -m" for monthly statistics:

http://img132.imageshack.us/img132/1043/vnstat3hj9.jpg


10. FAQ

What is a seedbox? Where can I buy one? Which server should I buy?
For all these questions, see fatcat69's Seedbox FAQ (http://filesharingtalk.com/vb3/f-guides-and-tutorials-65/t-seedbox-non-owner-and-owner-faq-280125) and 007's BT Dedicated Server/Seedbox (http://filesharingtalk.com/vb3/f-guides-and-tutorials-65/t-bt-dedicated-serverseedbox-152272).
Which Linux distribution should I choose?
The 4 main distributions available when renting a server are CentOS, Debian, Fedora Core, and Ubuntu. Any of them will be fine, since this guide has instructions for all of them. If you can't choose one, just flip a coin.
Why a Linux server instead of a Windows server?
The main reason is price. On average, renting a server with Windows cost between $15 - $20 more. If you don't know Linux at all, and think following this guide is too hard, then Windows might be a better option.Is Linux better than Windows for a seedbox or vice versa?
This is a user's preference and experience question as both can work equally well.
I got Disk Overloaded Errors and my speed dropped, how do I prevent this?
Disk overloaded errors appear when the download speed is too fast for the hard drive to physically keep up. uTorrent uses your RAM as cache to store downloaded data that is waiting to be written to the HD. The screenshot below shows the cache getting filled up, which leads to the performance drop:

http://img216.imageshack.us/img216/4125/diskoverloadedon9.jpg

To alleviate this problem, we can increase the cache size in uTorrent (default is 32MB). We suggest you change it to 96MB first, and keep watch of the Disk Statistics screen to see the progress of the cache being used. Increase the cache higher if you need to, but always keep it about 128MB less than your total RAM.

http://img112.imageshack.us/img112/2342/diskoverloaded1nr8.jpg

Note: The more active torrents you have, the more the cache will be used. For a server with a 100Mbps network connection, don't have more than 2-3 active torrents downloading at high speed together. You'll have to find out the appropriate number of active torrents that will give the best performance for your server, since each seedbox differs from one another.

Note: If you have set your cache to the maximum, and you still receive disk overloaded errors, then you'll have to limit the download speed in uTorrent. Most servers can handle speed between 5-8 MB/s fine with the default cache settings.

Note: If you have a server with OVH, specifically the Kimsufi product with only 256MB or RAM, you can get a USB Flash Drive to use as additional cache if needed. See dieudesorcs' instructions HERE (http://filesharingtalk.com/vb3/p-naqs-complete-setup-guide-linux-seedboxes-fedora-corecentosdebianubuntu-post2716090/postcount27). UPDATE: Another user tested a 2GB flash disk as swap on a Kimsufi server with bad results. The server crashed after a short period of time when running uTorrent. We are not sure why, but after some thinking, I think using an USB flash drive as cache for uTorrent might not be a good idea, due to the intensive read/write nature of Bittorrent, which is too fast for a Flash Memory device.

I received the error "Too many open files" in uTorrent?
You may receive this error when you download a very large torrent and/or running many torrents. The problem has to do with the default Linux limit of allowed open files per user (1024). Go HERE (http://forum.utorrent.com/viewtopic.php?pid=225440) for the solution (edit the file /etc/security/limits.conf)

uTorrent keeps dropping peer connections ("Peer error: error 10022")
This problem is due to a bug in wine from version 0.9.40 up to 1.1.5. The latest version is 1.1.6, which fixed this issue. As of 10/16, if you follow this guide, the version of wine you should have is (after updating to the latest):
Debian: 0.9.25 or 1.1.1
Ubuntu: 1.1.7
FC/CentOS: 0.9.x

Check the version you have:

$ wine --versionIf it's lower than 0.9.40 or greater than 1.1.5, you are fine. If it's between 0.9.40 - 1.1.5, and you have this issue:

Fedora Core/CentOS: Unfortunately, the wine package for these systems isn't as well supported as Debian/Ubuntu. You can either compile wine from source or down-grade wine to a lower version. Both of these methods are complicated and different based on your wine and OS versions. If you need help, post a request in this thread. If available from your provider, a re-install of your server to Debian/Ubuntu might be the best way to go.

Debian: You should keep an eye on this site http://wine.budgetdedicated.com/ to see when version 1.1.6 will be available. A temporary fix is to downgrade to version 0.9.25, the current version in Debian Etch. Basically you can skip the Wine repository setup in Section 2.

Alternatively, you can compile wine from the latest source. Here are the instructions to compile wine-1.1.7:

- Shut down the currently running uTorrent
- Login as root in Putty
- Remove the current version of wine from your server:

# apt-get remove wine

- Install the necessary tools to compile wine:

# apt-get build-dep wine

Debian 64-bit users will need some extra packages:
# apt-get install libc6-dev-i386 lib32z1-dev

- Download and extract the latest source:

# wget http://internap.dl.sourceforge.net/sourceforge/wine/wine-1.1.7.tar.bz2
# tar xvjpf wine-1.1.7.tar.bz2
- Enter the folder containing the soure files you just extracted:

# cd wine-1.1.7/

- Compile and install wine:

# ./configure && make && make install
Note: this process will take at least half an hour on most servers.

If everything went successfully, type this to check the version of wine you now have installed:

# wine --version
wine-1.1.7

11. History
3/08 - Added a firewall troubleshoot for Section 5. Added the FAQ, not much there now, just some general answers and info about disk overloaded. Still to come: SSH Configs, Setup FreeNX, and how to use vnstat. Truecrypt isn't performing well under testing, so the guide for that might take a while. And if the performance doesn't improve, I won't write it. Went through the whole guide carefully to correct grammar and spelling mistakes as best as I can. Made a few adjustments and additions along the way.

3/07 - Added commands to autostart vsftpd & iptables.

3/06 - Separated Miscellaneous into Security and Misc. Wrote the firewall section. More adjustments.

3/04 - Fixed errors: "restart now" to "reboot" in Section 2, and "nano /etc/sshd/sshd_config" to "nano /etc/ssh/sshd_config" in section 8. Added a few lines about SELinux & FTP in section 7. And a few other minor adjustments. Thanks to goodkat & dieudesorcs for their contributions to this guide.
3/02 - Well, I didn't get anything done this weekend. Real life got in the way...I'll definitely try to complete the missing parts by next weekend. Did a few minor adjustments. Will also plan to add "FreeNX, an alternative to VNC" and "Monitoring bandwidth with vnstat". Will probably separate Miscellaneous into Security and Miscellaneous. Will add more stuff into Security about prevention and detection.

2/29 - Minor corrections and adjustments. Wrote "Secure VNC through a SSH tunnel". To come in the next few days: firewall setup with Firestarter, some FAQs including disk overloaded, SSH tips, and autostart FTP server. Maybe also Truecrypt setup too. All depends on how much free time I'll have.

Actatoi
02-29-2008, 12:54 AM
Awesome job so far, nice work :)

mr.Dman
02-29-2008, 01:44 AM
Thanks for this great guide!
You did all the home work on this one!
I'm' going to set my seedbox this weekend and you have made it look easy
Again great job.

fatcat69
02-29-2008, 02:14 AM
Came out great! =D

markupmaster
02-29-2008, 02:21 AM
Holy Crap!

:O


:P

:D


Nice Guide Bud!

:)

dieudesorcs
02-29-2008, 07:31 AM
Nice work and i'm glad i didn't make any mistake while i was testing mine ^^. I just have some really small new actions :
- Some protection for ssh
http://fedorasolved.org/post-install-solutions/securing-ssh

Disable insecure Protocol 1; allowing only Protocol 2
Disable root login
Reduce MaxStartups
Reduce LoginGraceTime- For the flash plugin i had to go on the adobe page and follow the setps to install it
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash

I'm on fedora 6 and yum install flash-plugin didn't find anything

I'm now looking forwad to the truecrypt configuration (or any configuration for any way to encrypt my disk such as cryptsetup for some linux release^^) because that's where i spent some time without managing to encrypt them ^^

Thanks a lot for that tuto and nice job

renwickftw
02-29-2008, 07:34 AM
So are you saying a linux seedbox can run utorrent with much less ram than a windows seedbox?

naq
02-29-2008, 11:54 AM
Nice work and i'm glad i didn't make any mistake while i was testing mine ^^. I just have some really small new actions :
- Some protection for ssh
http://fedorasolved.org/post-install-solutions/securing-ssh
Disable insecure Protocol 1; allowing only Protocol 2
Disable root login
Reduce MaxStartups
Reduce LoginGraceTime- For the flash plugin i had to go on the adobe page and follow the setps to install it
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash

I'm on fedora 6 and yum install flash-plugin didn't find anything

I'm now looking forwad to the truecrypt configuration (or any configuration for any way to encrypt my disk such as cryptsetup for some linux release^^) because that's where i spent some time without managing to encrypt them ^^

Thanks a lot for that tuto and nice job

Thanks for the comments.

I will add some SSH configs in the FAQ.

Have you tried adding the extra repos for the flash-plugin? I only know for sure what I wrote would work for CentOS. IIRC, the flash repo installed in Section 2 might not be enabled by default in Fedora. I'd have to get on a FC6 machine to test...

About firewall & truecrypt, I'm planning to write those sections, but actually, I've never set them up before :).


So are you saying a linux seedbox can run utorrent with much less ram than a windows seedbox?


I'm not saying that. I've also never used a Windows server.

EDIT: Ok, about flash-plugin for Fedora, I haven't test it yet, but according to fedorafaq.org, "yum install flash-plugin" should work. It's only FC4 that has the flash repo disabled, so you'd need this command instead:
# yum --enablerepo=flash install flash-plugin
I'll update the guide with this info

dieudesorcs
02-29-2008, 01:23 PM
Have you tried adding the extra repos for the flash-plugin? I only know for sure what I wrote would work for CentOS. IIRC, the flash repo installed in Section 2 might not be enabled by default in Fedora. I'd have to get on a FC6 machine to test...


EDIT: Ok, about flash-plugin for Fedora, I haven't test it yet, but according to fedorafaq.org, "yum install flash-plugin" should work. It's only FC4 that has the flash repo disabled, so you'd need this command instead:
# yum --enablerepo=flash install flash-plugin
I'll update the guide with this info

That might be it ^^, I'm going to try it this week end (afterall, OVH reinstall is so easy, it would be a shame not to use it a 8th time ^^)


About fedora 6, i search about ways to encrypt my disk and i find two of them :
- cryptsetup-LUKS: so far i haven't be able to use it and it might be because the fedora release of OVH isn't modular.
- truecrypt: so far, i only some simple thing (like using the bin inside the rpm,...) but nothing worked. And everybody seems to say that in order to run truecrypt with fedora, i have to rebuild the kernel with it. If i have some time this week end, i'm going to try it and i will post the result. In the mean times, if you have anything about that do not hesitate (i'm kind of a newbe with linux (with some basic ^^))

naq
02-29-2008, 01:45 PM
EDIT: Ok, about flash-plugin for Fedora, I haven't test it yet, but according to fedorafaq.org, "yum install flash-plugin" should work. It's only FC4 that has the flash repo disabled, so you'd need this command instead:
# yum --enablerepo=flash install flash-plugin
I'll update the guide with this infoThat might be it ^^, I'm going to try it this week end (afterall, OVH reinstall is so easy, it would be a shame not to use it a 8th time ^^)


About fedora 6, i search about ways to encrypt my disk and i find two of them :
- cryptsetup-LUKS: so far i haven't be able to use it and it might be because the fedora release of OVH isn't modular.
- truecrypt: so far, i only some simple thing (like using the bin inside the rpm,...) but nothing worked. And everybody seems to say that in order to run truecrypt with fedora, i have to rebuild the kernel with it. If i have some time this week end, i'm going to try it and i will post the result. In the mean times, if you have anything about that do not hesitate (i'm kind of a newbe with linux (with some basic ^^))

Yeah, it appears we would need to mess with the kernel to get encryption setup. I'll look into it when I have some free time, probably this weekend too. Quick search for truecrypt guide finds this:
http://gentoo-wiki.com/HOWTO_Truecrypt

I also have the firewall up and running fine with firestarter, I'll write that guide tomorrow.

goodkat
03-01-2008, 12:53 PM
getting truecrypt to work on ubuntu should not be a problem! The new version 5 worked flawless on my ubuntu 7.10 desktop!
Truecrypt v5.0 Gui Released! (http://www.ubuntu-unleashed.com/2008/02/truecrypt-v50-gui-released.html)
Truecrypt problem to install on Ubuntu Server 7.10 (http://ubuntuforums.org/showthread.php?t=623093)

Truecrypt under linux doesn't support all the features that are available under windows! OS disk encryption (http://www.truecrypt.org/docs/?s=sys-encryption-supported-os) under linux! But that is just a nice to have!

Nice tutorial anyway!

naq
03-01-2008, 01:30 PM
Thanks for the info. If you actually read through the whole thing (quite long :)), you'll notice that instructions for Debian/Ubuntu are missing in several places. I don't have access to Debian/Ubuntu right now to find out, so if you know them, please post what you can.

solaris
03-01-2008, 03:05 PM
wow superb :)

goodkat
03-02-2008, 11:06 AM
Thanks for the info. If you actually read through the whole thing (quite long :)), you'll notice that instructions for Debian/Ubuntu are missing in several places. I don't have access to Debian/Ubuntu right now to find out, so if you know them, please post what you can.

euh, I've a box with ubuntu in my network! Will try your guide on it and fill in the gaps! If I have any spare time this week!:shutup:

ThreeLies
03-02-2008, 10:35 PM
Nice guide I must say...Helped me out a lot with configuring my server. Although, I was wondering on a VPS system can't they monitor all your processes that are running from the main root login to the system?

goodkat
03-03-2008, 05:27 PM
Some additional remark to the guide! I tested it on my ubuntu server running in my own network! Most works but sudo command should be added!

System Updates

# sudo apt-get update
# sudo apt-get upgrade

3. Install Softwares

# sudo apt-get install vnc4server wine xterm fluxbox vsftpd firefox vnstat
# update-menus


5. Setup VNC Desktop

Start the ubuntu part with an additional

sudo update-menus

http://ubuntuforums.org/showthread.php?t=371144


Flash & Firefox


sudo apt-get install flashplugin-nonfreeStart firefox through xterm ‘firefox’


Truecrypt

Tested on ubuntu server:


wget http://www.truecrypt.org/downloads/truecrypt-5.0a-ubuntu-x86.tar.gz

tar xfs truecrypt-5.0a-ubuntu-x86.tar.gz

sudo dpkg -i truecrypt-5.0a/truecrypt_5.0a-0_i386.debThen you should be able to run ‘truecrypt’ on your xterm during a vnc session and make an encrypted volume through the graphical interface (Create Volume)!

http://image.bayimg.com/majojaabb.jpg

If you’ve trouble mounting the file because your user isn’t in the sudoers file do the following!

su
nano /etc/sudoers
add pirate (the user) here!

# User privilege specification
root ALL=(ALL) ALL
pirate ALL=(ALL) ALL Save and exit file!

exit

Now you should be able to mount the volume you just created through the gui!

Configure utorrent in such a way that it will use the path where the truecrypt volume is mounted!
In this case it will be /media/truecrypt1 (not tested!)

Note: if you close the xterm window of truecrypt only the GUI closes not the volume!

naq
03-04-2008, 02:23 AM
Thanks a lot goodkat for the info. You won't mind if I add it to the 1st post, right? If so, I'll add it near the end of the week when I have some time. Also, I'm not sure if I want to use sudo in the guide, I think su is enough.. Maybe I'll add it as an additional section, but not a requirement for following any other sections.

dieudesorcs
03-04-2008, 10:20 AM
Good news ^^ : i've manage to use truecrypt with Fedora 6 without any complex methods ^^

Only some package to download, install, update or replace. Extraction of the bin of truecrypt 5 and it's ready to use ^^

As i tried a lot of things and install different package, i'm going to do a clean install tonight to see what is really necessary and i will give the tuto ^^ (and at the same time, i will test you whole guide for fedora (on the ovh box) to see if everything is ok ^^

goodkat
03-04-2008, 04:42 PM
Firestarter on ubuntu!


apt-get install firestarterthan run 'firestarter' through xterm and configure it through the wizard! Just plain and simple! Make sure to add the ports mentioned in this tutorial (ports 54320 - 54322)!


update-menus if you want a nice menu item in fluxbox!

Never ever click on 'lock firewall' :shutup:

http://image.bayimg.com/pajpkaabb.jpg
(http://image.bayimg.com/pajpkaabb.jpg)

Coltarado
03-04-2008, 08:13 PM
great guide naq and everyone who worked on it !!

dieudesorcs
03-04-2008, 09:46 PM
Well i've done some test and a complete reinstall of my server with fedora 6 and here are my results ^^

- Disable SELinux
"restart" doesn't work with fedora, it's the command "reboot"

- yum install flash-plugin
As you said, with the repository, it works ^^

- Change FTP & SSH Ports
the directory is "/etc/ssh/sshd_config" and not "/etc/sshd/sshd_config"

- Setup the FTP Server (VSFTPD)
"local_enable=YES" is already with a value
You should split the changes and the additions so that we don't have to search for the existence of each line


And the best for the end :
- truecrypt with fedora 6 without modifying the kernel ^^

All these steps required to be logged as root :

First install the dependencies

yum install fuse-libs
wget download.fedora.redhat.com/pub/fedora/linux/development/i386/os/Packages/libstdc++-4.3.0-0.13.i386.rpm
rpm -ivh libstdc++-4.3.0-0.13.i386.rpm --replacefilesThen, get the bin of truecrypt 5

wget http://www.truecrypt.org/downloads/truecrypt-5.0a-opensuse-x86.tar.gz
tar xfs truecrypt-5.0a-opensuse-x86.tar.gz
rpm2cpio truecrypt-5.0a/truecrypt-5.0a-0.i586.rpm | cpio -idmvThen copy the bin in the bin directory

cp usr/bin/truecrypt /bin/And at the end, clean up a little

rm -rf truecrypt*
rm -rf libstdc*
rm -rf usrYou can execute truecrypt as any user just by typping "truecrypt" ^^

Next step : testing the firewall and create some very simple script to launch the main program wwhen the server reboot (vncserver for the user that needs it, utorrent, truecrypt...)

Of course you can add these info into your guide and i think when it will be done, i will make a pdf of it to keep it ^^

naq
03-05-2008, 02:38 AM
Thanks a lot goodkat & dieudesorcs! I've updated the mistakes (reboot & /etc/ssh/sshd_config).

dieudesorcs
03-05-2008, 10:57 AM
Some news :

Use of truecrypt with Fedora 6
(the following required the installation previously describe)

1) Connect to the server using vnc
2) Login as root (su or by login to a vncserver lauched by root)
3) launch truecrypt

# truecryptThe truecrypt window opens

4) Click on create a volume
5) Follow the wizard and fill the form
5.a) The volume must standard (hidden isn't supported by the os)
5.b) Volume location : we are going to use a file. So select a path and chose a name for the file (the truecrypt extension is ".tc", but you can chose whatever you want)
5.c) Size : chose the size of the file (the file will be created with this size and so you encrypted directory will have this size)
5.d) Chose the encryption and hash algo (i'm still testing them to find out which have good speed)
5.e) fill the password of your encrypted volume
5.f) filesystem : chose none : we will create it later
5.g) move your mouse to create random data and click on format.

6) When your volume is created, mount it
6.a) Click on "select file..." and select your volume
6.b) click on mount
6.c) fill the volume's password
6.d) click on "Option >"
6.e) under file system, check "do not mount"

7) the volume should appear mounted on a slot. Select it and look at the volume properties : "virtual device" show where the volume is mounted (for me it's "/dev/loop0")

8) we are now going to create the file system:

# mkfs.ext3 /dev/loop09) on the truecrypt window, unmount the volume

10) create the directory where you want the volume mounted

# mkdir /home/mounted_volume11) Mount the volume using the truecrypt window (and putting the directory's path into the option) or by command line:

# truecrypt /dev/loop0 /home/mounted_volume

I'm testing this because i've some problems when i dowload a torrent into the encrypted volume, i get a disk overloaded when i'm at 3-3.5MB/s and then the speed is capped at 2.5MB/s and when i download into a standard directory, i get the disk overloaded at 8.5MB/s without any cap

So i'm still investingating this and if there is any consequences on the upload speed

naq
03-07-2008, 03:30 AM
I've started messing with Truecrypt on CentOS 5. Your instructions helped a lot. It's good that we don't have to mess with the kernel with Truecrypt 5 :). I'm experiencing the same speed issue you have. It appears bittorrent disk writes to a truecrypt volume is terribly slow, you can view this under the speed tab/disk statistics. When your cache is full is when everything slows down (disk overloaded). I don't think changing the encryption/hash will improve the situation, since the CPU usage I see for truecrypt stays under 10% at all time during downloads.

If there's no solution for this issue, truecrypt isn't worth using. Or maybe, we can save to the normal HD first, then move the finished downloads to the truecrypt volume automatically using the feature in utorrent. I've tested normal disk reads and writes to a truecrypt volume, and the speed is fine. I also haven't test the upload speed...

goodkat
03-07-2008, 07:26 AM
I've started messing with Truecrypt on CentOS 5. Your instructions helped a lot. It's good that we don't have to mess with the kernel with Truecrypt 5 :). I'm experiencing the same speed issue you have. It appears bittorrent disk writes to a truecrypt volume is terribly slow, you can view this under the speed tab/disk statistics. When your cache is full is when everything slows down (disk overloaded). I don't think changing the encryption/hash will improve the situation, since the CPU usage I see for truecrypt stays under 10% at all time during downloads.

If there's no solution for this issue, truecrypt isn't worth using. Or maybe, we can save to the normal HD first, then move the finished downloads to the truecrypt volume automatically using the feature in utorrent. I've tested normal disk reads and writes to a truecrypt volume, and the speed is fine. I also haven't test the upload speed...

It is quite logical it's slower since it has to be encrypted! Just checked under windows if you make a new volume in truecrypt you can benchmark all encryption options! Under encryption options! Don't know if it is available under linux! One single encryption technique is faster as 2 or 3 simultaneously...
Since you're reading and writing constantly using a bittorrent client this will pretty much kill harddisk performance!
I don't have time to test it on my linux testbox...:frusty:

naq
03-07-2008, 06:34 PM
I don't see the benchmark option anywhere in the Linux version. From what I read, it's the encryption algorithms (AES, Serpent, Twofish) that affect the disk's speed, not the hash algorithms (that's for the password). I've tried AES and Twofish, as well as the ext2 and ext3 formats, all with the same bad result. It's just the way the bittorrent protocol works... the writing to disk performance is terrible. The only way this is acceptable is if you have at least 2GB of RAM for cache, and the fastest HD available.

Edit: ok, I didn't test normal copy/move files properly, this is also slow too. Speed is only fast in the beginning, which I suspect due to files being moved to memory until it's full, then the writing to truecrypt is slow... I don't think this is right. So I will test first what the speed is under Windows, and will try creating a truecrypt partition instead.

dieudesorcs
03-08-2008, 02:09 PM
well... i have the exact same conclusions ^^

I tried twofish and AES with the three hash algo and compared them to an non encrypted volume.
For these tests, i used utorrent with a torrent that can max my bandwith and monitor the disk and the cache using the disk

tab of the torrent in utorrent (disk statistics) that allows to see the use of the disk and of the cache)
- With are encrypted volume, the speeds are great until the cache is full (the download speeds are slightly inferior to the

dowload speed with a non encrypted volume (1 or 2 MB/s less)). But when the cache is full, the download speeds drop and stay

between 1MB/s and 2.5MB/s.
- With a non encrypted volume, it's the same, but when the cache is full, the download speed doesn't drop so much and stay

above 5MB/s (in the worst case ^^)

So in this configuration, truecrypt is not worth it. There are 2 solutions:
- Cap the download speed and increase the cache. With a download speed capped at 3-4MB/s and a cache of at least 500MB, i can

download a 4GB file without having "disk overloaded". But i'm not interested in that solution because i need the best

download speed in order to be able to upload as soon as possible.
- download the torrent into a non encrypted volume and then automaticly move it to the encrypted volume. Only the torrents

currently being downloaded are non encrypted and the rest of them are. I tested this solution with 10 torrents and it doesn't

change the speed.

I need to test two more things:
- test upload speed with an encryted volume
- test with encrypted partitions and not with a volume


Now, some other news ^^
I add a usb flashdrive to my server. and i'm using it as swap.
First find where the usb drive is:

# ls -l /dev/disk/by-id
# ....
# lrwxrwxrwx 1 root root 10 Mar 8 13:45 scsi-SATA_Hitachi_HDS7216_PVF904Z23YBN5N-part3 -> ../../sda3
# lrwxrwxrwx 1 root root 9 Mar 8 13:45 usb-Kingston_DataTraveler_2.0_89900000000000006CB02A9C -> ../../sdb
# lrwxrwxrwx 1 root root 10 Mar 8 13:45 usb-Kingston_DataTraveler_2.0_89900000000000006CB02A9C-part1 -> ../../sdb1

So mine is under /dev/sdb1
- sdb is the physical drive, and sdb1 is the partition, so i need to use this one.
- my command is /dev/disk/by-id and the answer is ../../sdb1. That means two back and one forward to sdb1. So /dev/sdb1

Then we have to make it a swap disk:

# mkswap /dev/sdb1

And then said to the system to use as a swap :

# swapon /dev/sdb1
This last command adds the usb drive to the swap. But at the next boot, you will need to retype this command. Moreover, the

previous swap partition is still used and i don't want that (it's a partition of my main disk).

you need to edit /etc/fstab which contains all the file system, how they are used and mounted.

# nano /etc/fstab

In my case, i don't like the linux text editor (vi, nano...) so i connect with winscp (ftp client) and i edit the file with

it ^^


# <sys.fichiers><pt de montage><type> <options> <dump> <pass>
/dev/sda1 / ext3 errors=remount-ro 0 1
/dev/sda2 /home ext3 defaults 1 2
/dev/sda3 swap swap defaults 0 0
/dev/devpts /dev/pts devpts gid=5,mode=620 0 0
/dev/shm /dev/shm tmpfs defaults 0 0
/dev/proc /proc proc defaults 0 0
/dev/sys /sys sysfs defaults 0 0

If you want to delete the previous swap partition, delete the line

/dev/sda3 swap swap defaults 0 0

And add

/dev/sdb1 swap swap defaults 0 0
to automaticly use the usb drive as swap.

naq
03-08-2008, 02:48 PM
I tested the upload from within truecrypt, and it appeared to be fine. Note that truecrypt will use lots of CPU while uTorrent reads data. You used the "move finished downloads" in utorrent? how long does the move process takes? Because normal move/copy to truecrypt for me is slow too, but it most likely is because that my current server is too weak. On my laptop running Vista, with a truecrypt FAT volume, I get sustained 12MB/s writing a movie in RAR format to it.

I tried creating a truecrypt partition (used the partition for /home). I noticed that the format speed during the Create Wizard is significantly faster than the speed when creating a truecrypt file. But that's as far as I got, since my server froze during the mkfs process. Make sure you unmount the partition before doing this, and comment the partition out in fstab too. If the partition can't be unmount due to being busy, you'll have to restart first. I won't be able to test a truecrypt partition until next weekend though when I get a new server. In the mean time, I'll try creating a truecrypt file with FAT to see how it'll perform on this server.

Let us know if the flash drive will help with cache in utorrent, seems like a good idea. OVH offers this, right?

dieudesorcs
03-08-2008, 04:13 PM
For the speed during moving file, i don't know the exact speed, i will test it.
Yes, I'm using the functionality of utorrent to move the files.

OVH offer a 1GB flash drive when you take a server for 6 month and 2 gb for a 1 year...

more info :
http://www.ovh.co.uk/products/flash_disks.xml

you can use it for swap, for backup....

SgtMajor
03-09-2008, 12:52 AM
I love this tutorial, I keep coming back and just re-reading it so that what I am actually doing sinks in.

Thanks for sharing.


For the speed during moving file, i don't know the exact speed, i will test it.
Yes, I'm using the functionality of utorrent to move the files.

OVH offer a 1GB flash drive when you take a server for 6 month and 2 gb for a 1 year...

more info :
http://www.ovh.co.uk/products/flash_disks.xml

you can use it for swap, for backup....

2GB freebie ordered :) thanks

naq
03-09-2008, 04:36 AM
It's robbery if they are gonna give you the 2GB freebie too. :)

Little update:
- Spent some time going over the guide. Lots of grammar, spelling, and sentence adjustments were done.

- Tested the truecrypt FAT volume, no difference really... My current server's hardware is horrible though, might be the main problem:

Pentium4 1.5Ghz
512 MB RAM
40 GB IDE HD.

Looks like I'll write the truecrypt guide, since the performance reported by dieudesorcs seems OK, as well as from how it works great on my laptop. Much appreciated for your efforts in this.

I'm getting this server next week, will test Truecrypt on it:

- AMD Athlon 64 X2
- 4 GB DDR 2 RAM
- 2 x 400 GB SATA II HDD
- 1gb uplink
- traffic limit 5TB
- 5 IPs

Quite a beast.

h3artbeat
03-09-2008, 05:26 AM
Thanks for the guide. it'll come in helpful

SgtMajor
03-09-2008, 06:52 AM
On the options when ordering it said free 1gb or 2gb, I choose 2 of course :)

1 min later, the email:

"We confirm the receipt of your payment
corresponding to order no. 3745352

Your order no. 3745352 is processed."

Which was nice of them :lol:

And you have been PMd over the server, if happy, amend your message to prevent more PMs arriving.

Actatoi
03-09-2008, 12:28 PM
Hey

I downloaded 1 gig big file from the ftp yesterday without any problem, then put on a 11gb big pack for download, everything were going fine. Then I went to bed and woke up to a error,

] Syntax error: command unrecognized. Failed to establish data socket.

This happened when 98% of the pack were done, and windows firewall also had popped up with that it had blocked "ftp engine" or similiar, I clicked unblock but it won't work. Also tried changing some pasv, port options but it won't work.

Anyone know what I can do to fix this?

naq
03-09-2008, 03:08 PM
Not sure what went wrong. FTP supports resume, so just restart the failed transfers?
"failed to establish data socket" most likely meant something went wrong with the ftp server. Can you login to your server with FTP? Maybe you need to restart it?

TCU
03-13-2008, 10:30 PM
Hi.

First of all, great topic, kudos to you, naq!

Second of all, I had some trouble with VNC viewer. Get this error message: failed to connect: Connection refused (10061). This is my errorlog:

[yomo@xx-xxx-xx-xxx ~]$ cat .vnc/xx-xxx-xx-xxx:1.log
_XSERVTransmkdir: ERROR: euid != 0,directory /tmp/.X11-unix will not be created.
_XSERVTransSocketUNIXCreateListener: mkdir(/tmp/.X11-unix) failed, errno = 2
_XSERVTransMakeAllCOTSServerListeners: failed to create listener for local

Xvnc version 4.0 - built Jan 17 2007 14:52:53
Underlying X server release 60801000, The X.Org Foundation


Thu Mar 13 23:04:44 2008
vncext: VNC extension running!
vncext: Listening for VNC connections on port 5901
vncext: Listening for HTTP connections on port 5801
vncext: created VNC server for screen 0
error opening security policy file /usr/X11R6/lib/X11/xserver/SecurityPolicy
Could not init font path element /usr/X11R6/lib/X11/fonts/TTF/, removing from li st!
Could not init font path element /usr/X11R6/lib/X11/fonts/CID/, removing from li st!
Could not init font path element /usr/X11R6/lib/X11/fonts/75dpi/, removing from list!
Could not init font path element /usr/X11R6/lib/X11/fonts/100dpi/, removing from list!
_X11TransSocketINETConnect() can't get address for xx-xxx-xx-xxx: Name or s ervice not known
Error: Couldn't connect to XServer

-Thanks

naq
03-13-2008, 11:40 PM
Hey TCU,

I think the problem has to do with _X11TransSocketINETConnect(), you edited the hostname/ip from that line to "xx" right? I'm assuming "xx-xxx...." is your hostname, and _X11TransSocketINETConnect() can't connect is because your hostname isn't listed in /etc/hosts. So make sure the hosts file has it, type in Putty as root:
# nano /etc/hosts

Make sure the file has:
127.0.0.1 localhost
your.ip your.hostname

Edit: Then kill the vncserver, and start it again.

kloot
03-19-2008, 04:46 PM
excellent tutorial naq!! I have my server already set up for months, but toing around with it now....going to install fluxbox/vnc :D

kraudlem
03-20-2008, 11:51 AM
Thank you very much naq. I've been following the tutorial word for word till now, but I'm stuck at number 7. The server always tells me(when I try to put in the openssl command): -bash: openssl: command not found
I have a kimsufi with debian. Can someone tell me what I do wrong?

Edit: Just instelled openssl and it worked-_- Sometimes I am really stupendemous

naq
03-20-2008, 03:03 PM
Good that you figured it out. I'll add a note to the guide. You can't anticipate all the little details like no openssl and incorrect hosts file.

kraudlem
03-20-2008, 03:39 PM
Yep, your tutorial is really great. These are my first steps with linux and it's not as bad as I thought it would be. I think it's thanks to your tut, that my experience was rather gentle. Just one thing I'm stuck at: I tried running firestarter for the first time with sudo firestarter and I got(and still get) a lot of windows with errors and this error in xterm: Please file an enhacement request (quoting the above) at:
http://bugs.freedesktop.org/enter_bug.cgi?product=cairo
gnome_segv: /home/dajobe/dev/debian/cairo/cairo-1.2.4/src/cairo-image-surface.c:155: _cairo_format_from_pixman_format: Assertion `NOT_REACHED' failed.
Error: Cairo does not yet support the requested image format:
Depth: 8
Alpha mask: 0x00000000
Red mask: 0x00000007
Green mask: 0x00000038
Blue mask: 0x000000c0
Please file an enhacement request (quoting the above) at:
http://bugs.freedesktop.org/enter_bug.cgi?product=cairo
gnome_segv: /home/dajobe/dev/debian/cairo/cairo-1.2.4/src/cairo-image-surface.c:155: _cairo_format_from_pixman_format: Assertion `NOT_REACHED' failed.
Xlib: connection to ":1.0" refused by server
Xlib: Maximum number of clients reached

Can you(or any other linux-pro) help me? I'm sure it's just some minor detail I'm missing-_-

nbl666
03-20-2008, 05:47 PM
top marks for this
i have hit a bit of a problem in section 8 trying to change the ssh port
ichanged the port number from 22 to the one that i wanted to use restarted got the two oks but i cant connect from the port i selected it is still port 22
but when i go back to file it still says the port i selected any ideas guys

naq
03-21-2008, 12:01 AM
top marks for this
i have hit a bit of a problem in section 8 trying to change the ssh port
ichanged the port number from 22 to the one that i wanted to use restarted got the two oks but i cant connect from the port i selected it is still port 22
but when i go back to file it still says the port i selected any ideas guys

You didn't mention that you restarted vsftpd, make sure you do that and it should work.

About the cairo error, I'll look into it later.

kraudlem
03-21-2008, 11:07 AM
Additionally: Firefox doesn't seem to work, too. That's the error:
sh-3.1$ firefox
Error: Cairo does not yet support the requested image format:
Depth: 8
Alpha mask: 0x00000000
Red mask: 0x00000007
Green mask: 0x00000038
Blue mask: 0x000000c0
Please file an enhacement request (quoting the above) at:
http://bugs.freedesktop.org/enter_bug.cgi?product=cairo
firefox-bin: /home/dajobe/dev/debian/cairo/cairo-1.2.4/src/cairo-image-surface.c:155: _cairo_format_from_pixman_format: Assertion `NOT_REACHED' failed.
Aborted
sh-3.1$

But I used Lynx, and it was pretty cool^_^

Thank you for even thinking about me:-)

nbl666
03-21-2008, 10:21 PM
sorted going like a dream cheers mate:)

deKoy
03-22-2008, 04:05 AM
Great tutorial! I have only one problem though.

How do I connect via FTP after setting the FTP port range in step 8, what port should I use to connect?

dythim
03-22-2008, 07:16 AM
Great tutorial, naq!

Some applications I use are blockhosts, ncftp, and torrentflux b4rt (instead of using vnc/utorrent).

Hrvoje
03-22-2008, 10:13 AM
this guide is great! did this on my second seedbox.
but i have a question.... i also have kimsufi server with win2003.i would like it to be set up like this... but i have alot of rss feeds from different trackers in kimsufi... is there a way that rss will work in wine (linux) as i heard it doesn't work :S
i would need to backup rss.dat file, right? and then upload via ftp?

naq
03-22-2008, 11:11 AM
Great tutorial! I have only one problem though.

How do I connect via FTP after setting the FTP port range in step 8, what port should I use to connect?

You connect to the "listen_port=#" set in vsftpd.conf with your client.

Or port 21 if you haven't set that up. Remember to have whichever port that is forwarded in the firewall.

-----------

If blockhosts or any other programs are worth using in your opinions, I'll look into adding them into the guide. But I'm real busy atm to work much with the guide. And sorry, I haven't had time to look into the cairo problem.

-----------

A person I know got RSS to work with uTorrent/wine in bitmetv. But I personally haven't ever used this feature.

Hrvoje
03-22-2008, 11:19 AM
hm, can you ask that person to elaborate how did he made rss to work :D

deKoy
03-22-2008, 01:39 PM
Great tutorial! I have only one problem though.

How do I connect via FTP after setting the FTP port range in step 8, what port should I use to connect?

You connect to the "listen_port=#" set in vsftpd.conf with your client.

Or port 21 if you haven't set that up. Remember to have whichever port that is forwarded in the firewall.

For some reason, that doesn't seem to work for me. Filezilla can't connect and CuteFTP prompts me for my password but my password still doesn't let me connect.

I get: "Non-Anonymous sessions must use encryption."

naq
03-23-2008, 12:29 PM
You connect to the "listen_port=#" set in vsftpd.conf with your client.

Or port 21 if you haven't set that up. Remember to have whichever port that is forwarded in the firewall.

For some reason, that doesn't seem to work for me. Filezilla can't connect and CuteFTP prompts me for my password but my password still doesn't let me connect.

I get: "Non-Anonymous sessions must use encryption."

That error means you haven't select the "explict TLS/SSH" type of connection.

RedHot
03-24-2008, 12:28 PM
10x =]

ThreeLies
03-25-2008, 06:33 AM
Just to let you know about the command "ssh-keygen". Sometimes you need to specify a certain param on some distro's. Command works every time "ssh-keygen -t rsa" which is outlined here. http://rcsg-gsir.imsb-dsgi.nrc-cnrc.gc.ca/documents/internet/node31.html

balbaid
03-25-2008, 10:13 AM
hm, can you ask that person to elaborate how did he made rss to work :D
It's not that hard. I followed the tutorial over at BitMETV and for some reason the utorrent/wine messed up the rss feed link.
Just make sure it's like this form ( BitMeTV|http://www.bitmetv.org/rss.php?feed=dl&uid=xxxxx&passkey=xxxxxxxxxxxxxxxxxxxxxx&:COOKIE:uid=xxxxx;pass=xxxxxxxxxxxxxxxxxxxxxx; ). I know it sounds stupid but when I looked back to the rss link I didn't write it correctly. :D

chip19
03-28-2008, 08:25 PM
I have a VPS and it is running CentOS 4. It didn't come with yum, which threw me off. However, I found the following guide: http://wiki.centos.org/TipsAndTricks/BrokenVserver This helps you restore yum in VPS systems where the reseller removed it for whatever reason. From there, I was able to follow your excellent guide.

You may want to link to that in your guide for others that may have my problem.

ehsanotaku
03-30-2008, 08:15 PM
needed for my new server thanks

LorD.MeXiCaN
04-01-2008, 06:03 PM
cant start sesion on VNC

Starting applications specified in /etc/X11/Xsession <----why here¿¿¿
Log file is /root/.vnc/********.log

themagicke
04-04-2008, 12:30 PM
THANK YOU!


I really don't have a clue about any flavour of linux... but upon finding (via Google) and reading this tutorial a few times, I decided to give it a go because it's easy to read to follow.

Trying to keep up ratio on 5 trackers with a residential pipe has taken it's toll for far too long.

I ordered a Kimsufi server from OVH, and followed your guide, never having used linux before...

EVERYTHING IS WORKING BEAUTIFULLY!

It's like a dream come true.



God bless you NaQ.

solaris
04-06-2008, 10:34 AM
how do u setup ftp on fedora so i can use download manager from home

YoYoY
04-08-2008, 05:44 PM
Huge guide
I'm going to sped hours reading it
thanks for this great effort

KiNdZiUs
04-08-2008, 08:36 PM
Thanks, AWESOME manual !!! Respect to naq ! :D

I used it on seedbox with CentOS. I don't understand linux at all but this manual ROCKED, I did a Torrent Station per 30 minutes! :D

donvito
04-08-2008, 10:13 PM
... aaaaand bookmarked :D

awesome guide guys !

upGrayde
04-16-2008, 06:39 PM
cant start sesion on VNC

Starting applications specified in /etc/X11/Xsession <----why here¿¿¿
Log file is /root/.vnc/********.log

i get the same thing

i'm using ubuntu

i can't connect to the vncserver

someone help please

edit: nm, i found that vncserver doesn't work with ubuntu 6.0.6.1 so i used vnc4server

also, how do you get flash to work in ubuntu 6.0.6.1

it said it installed and everything but when i run firefox, speedtest.net won't load the flash, says i should install flash

edit: nm, just used firefox in wine to browse to a site that used flash, used the firefox popup bar to install it

naq
04-18-2008, 06:51 AM
Sorry if you're running into problems with ubuntu, since that's the distro I didn't have much access to while writing the guide.

handytxg
04-18-2008, 11:15 AM
Thanks for the guide....very useful for me.

LorD.MeXiCaN
04-19-2008, 04:36 AM
need help, with fedora 8, vncserver doesn't work, i cant conect to vnc

upGrayde
04-19-2008, 05:18 AM
what's the problem?

when you do the "vncserver :1" part

where does it place the new server file?

Dr_Maof
04-21-2008, 06:47 PM
nice guide thanx

escuoop
04-21-2008, 09:16 PM
That's a great job, Thanks is not enough for this huge effort.

n0_NaMe
04-22-2008, 12:23 PM
Thanks for the awesome guide, but does anyone know if this will work on a leaseweb express server? I plan on purchasing one this week.

andra
04-22-2008, 04:54 PM
Thanks for the awesome guide, but does anyone know if this will work on a leaseweb express server? I plan on purchasing one this week.

yes it works perfect

lolapa
04-22-2008, 09:02 PM
i salute you

Aether
04-24-2008, 11:30 PM
Im thinking about getting a server, 2.0Ghz + 512mb and I have never used linux before. Which would be best for use: Fedora 2, Fedora 4, Debain 3.1, or CentOS. Thanks in advance :)

The_Duke
04-25-2008, 12:58 AM
What a great tutorial is this one ,i am one step away from buying a seed box and i was lacking a lot of necessary info and thanks to you i am now able buy it .thx

minua182
04-25-2008, 06:29 AM
Hey, bought a server off Layered Tech.
Tried following the guide.
Think I set it up right but can't seem to be able to save my torrents.
i.e: downloads the file halfway and gives me an Error, file not found or can't save to disk.

how do i solve this problem?

KiNdZiUs
04-26-2008, 10:52 PM
Im thinking about getting a server, 2.0Ghz + 512mb and I have never used linux before. Which would be best for use: Fedora 2, Fedora 4, Debain 3.1, or CentOS. Thanks in advance :)

In fact, when I was in the situation like you now I have chosen CentOS and without any problems I configurated it using this manual.
Good luck.

Aether
04-27-2008, 02:58 PM
Im thinking about getting a server, 2.0Ghz + 512mb and I have never used linux before. Which would be best for use: Fedora 2, Fedora 4, Debain 3.1, or CentOS. Thanks in advance :)

In fact, when I was in the situation like you now I have chosen CentOS and without any problems I configurated it using this manual.
Good luck.

Thanks KiNdZiUs, I think ill go with CentOS then :)

n0_NaMe
04-28-2008, 12:04 AM
In fact, when I was in the situation like you now I have chosen CentOS and without any problems I configurated it using this manual.
Good luck.

Thanks KiNdZiUs, I think ill go with CentOS then :)

Ive got utorrent gui running on centos, it runs really well and I haven't had any problems.

SolarisWind
04-29-2008, 08:45 PM
Hi, I have been using the guide on this topic and I'm facing a problem on step 6. steup utorrent & webui. When I use VNCviewer, I can log in my server successfully, but all I can see is a black screen and there is no desktop.

I have been following the guide exactly like it's stated and have not encountered any errors until the 6th step. Well, I did encounter an error but I fixed it (said "cannot Find A Valid Baseurl For Repo: Livna" but I deleted the repository and the "yum update" command started working.)
I would post a log but I can't have access to it, it says the file doesn't exist. And when I try the command the server gives me to check the log, it says "access denied".

I don't know if this is an error, but I get this line when I type "vncserver :1":
xauth: (stdin):1: bad display name "server.ip.here" in "add" command
New 'server.ip.here (user.name.here)' desktop is server.ip.here

And then there's the normal 2 lines:

Starting applications specified in /home/user.here/.vnc/xstartup
Log file is /home/user.here/.vnc/server.ip.here.log


So if anyone can help me get rid of this black screen when viewing the desktop of my server by VNCviewer, I would be very very VERY grateful.:D
Oh yeah, I'm using a vectoral VF$bandwidth sever with fedora core 4.
Edit: Ohh I use windows vista x64.

addict_uk
05-01-2008, 05:11 PM
Does anybody know if ya can FXP between servers using vsftpd??? im really struggling to sort it out all im geting is "521 Data connections must be encrypted" any ideas ppl?

Thanks
Addict

barakokula
05-06-2008, 11:02 AM
I'll try my luck here....after 30+ days of uptime with no problems,wine crashed for me. Now,every time I try to start it,wine gives me some 'stack overflow' error and wont start,it goes in some kind of loop ,retrying every 60 seconds. I've tried to reinstall wine,upgrade to a newer version,tried rebooting the server,same thing. Stack overflow. Messages log and syslog don't show why this is happening,at least i can't see anything in them. :)
I've installed tf b4rt,but it's just not the same,i miss the 'live' view of things i get in utorrent through vnc,and utorrent is so much natural to work around in.

Is there anything that can be done to fix it,or is reinstall my only option?
Thx

RoBz
05-18-2008, 06:41 PM
I had the firewall running fine, I then rebooted my server today and now uTorrent is telling me that the port is closed. Has this happened to anyone else?

Fantastic guide by the way.

EDIT: Nevermind, turns out it had nothing to do with the reboot. I changed loads of the settings in uTorrent to max to see if I could get better speeds. ;) Changing them back fixes it.

Cornucopia
05-19-2008, 12:10 AM
naq! What could I say? Dude, this is what I call ULTIMATE! Two thumbs up! I am cannot connect with CuteFTP Pro; getting the following error (SELinux=disabled & using explicit SSL & TLS on CuteFTP):

[..2008 10:34:10 AM] 220 ProFTPD 1.3.0 Server(ProFTPD) [xx.xx.xx.x]
STATUS:> [20/05/2008 10:34:10 AM] Connected. Authenticating...
COMMAND:> [20/05/2008 10:34:10 AM] AUTH TLS
[20/05/2008 10:34:10 AM] 500 AUTH not understood
ERROR:> [20/05/2008 10:34:10 AM] Syntax error:command unrecognized. Thanks a million for your time & efforts. Not to forget all the other mates who had contributed to this guide. You guys kick (__(__)! Wish ya the best!

antd
05-21-2008, 11:59 PM
Hey this is important!

I've exited fluxbox. Right click -> fluxbox -> exit

and now i cannot move windows or get any fluxbox menu.

How can I get it back please??

ablaze
05-22-2008, 04:43 PM
swap partition

I'm new to linux and wondered why I haven't seen a swap partition mentioned anywhere in your tutorial, NaQ. Do you think it's not needed?

ablaze
05-24-2008, 01:46 PM
I have a problem. I went over it again and again for hours, but couldn't fix it.

I can't connect to my VNC Server after tunneling through SSH, i.e. forwarding the ports in Putty. I tried localhost:0, localhost:1, localhost:2, etc, localhost:00, localhost:01, localhost:02, localhost::5900, localhost::5901 etc and many other variations. localhost:1 should work, because I start vncserver with the ":1" and the -localhost option. I tried both the Ultra VNC and TightVNC clients. To no avail. I checked the sshd_config file, /etc/hosts file, to no avail.

If I don't forward the ports and run vncserver in normal mode (not -localhost), EVERYTHING WORKS FINE. But I would like to limit vncserver to localhost only, because everyone says it's much more secure.

Does anyone know anything that could help me?

Jordi
05-26-2008, 12:11 PM
I'm using now a nice seedbox for a low price. Very nice for users who cannot wait for the long OVH setup-time or when your country is not listed on their webpage; http://mybox.pfcorner.eu/

n0_NaMe
05-28-2008, 01:48 PM
Thanks for the great guide, it took me 15 minutes to setup my new leaseweb box. Everything is running fine except two things. When I launch tightvnc the screen is very small so I cant see the full desktop. Also, I installed iceweasel instead of firefox but it launches it automatically closes. I think it may be because of the small screen size. Any suggestions

slayer2005
05-29-2008, 11:50 PM
Having a little problem.

In the tutorial it says...As you successfully login to your remote desktop, you'll see a blank screen with a taskbar on the bottom. Right-click anywhere on the desktop for the fluxbox menu, and find xterm (usually under Terminals).

Now i dont see the task bar nor can i right click left click or clickity click.

Now i swear when i 1st logged on ysterday i seen the task bar at the bottom,but now everytime i log in its not there and i cant do shit.

Any help would be appreciated.:)

Slayer

seeding123
06-03-2008, 02:32 AM
hey thanx for the great guide :-D really appreciate it

forthat
06-06-2008, 10:56 AM
that was very helpful .........

Dawe24
06-06-2008, 01:24 PM
thx m8

kross
06-11-2008, 07:37 PM
Just a few things about your tutorial:
- (debian) When you're upgrading your system:
apt-get update
apt-get upgrade
is not sufficient, to upgrade kernel and other system programs, you need to do:
apt-get dist-upgrade
Adding "-y" to the command will indicate that the system does not have to ask you questions and the defaut answer is "Yes".
- changing ports for FTP and SSH is not the best solution to counter cracking attempts.
There are so many programs which can tell you how to find opened ports and what service is runned on each of them. A better solution would be fail2ban. "You send me garbage? Ok, I'll ban you for a specific period." I suggest to anyone interested in security to do some searches on fail2ban.
- According to your tutorial, there are things you can only do with root. Maybe I'm forgetting something, but the way you defined the user "pirate" in /etc/sudoers tells to the system "pirate" with the sudo command can do everything on the system. In fact, pirate is another administrator on the machine. Same priviledges in fact.
- What's the purpose of copying the public key of the root in his own ~/.ssh/authorized_keys? An administrator needs to do "ssh localhost" and connect without typing the password? "su -" will be more efficient and "> ~/.ssh/authorized_keys" will just create an empty "~/.ssh/authorized_keys".

Hope this will help you to make your tutorial better! :)

Lincoln
06-12-2008, 06:14 PM
Thanks for the great guide, it took me 15 minutes to setup my new leaseweb box. Everything is running fine except two things. When I launch tightvnc the screen is very small so I cant see the full desktop.Kill your vnc
killall XvncThen launch vncserver with the -geometry tag
vncserver -geometry 1860x1050and connect.

h1pp0
06-16-2008, 10:24 PM
in the CentOS section of updating the Extra.repo you need to add this in the [dag] section, dunno why OP omitted it


gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt

Some people might get a no public key found for "blah blah" package without it

premanna
06-17-2008, 05:32 AM
just got a server with centos 5.1 need help setting it up guys. i get this error on putty - connection refused - :cry: (nooB):P


pm me for more info

Jargs
06-17-2008, 03:04 PM
wow thanks dude

h1pp0
06-18-2008, 10:11 PM
just got a server with centos 5.1 need help setting it up guys. i get this error on putty - connection refused - :cry: (nooB):P


pm me for more info

Make sure your connecting to the right port and that your iptables (if you set it up) is allowing incoming connections to your sshd port

Lincoln
06-21-2008, 08:19 PM
# yum install wine
Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Nothing to do


# wine utorrent.exe
bash: wine: command not found

So...wtf?

0riGiNaLBoX
06-21-2008, 08:26 PM
Great work but i need one year to did it by my self because i never setup this system yet

Lincoln
06-23-2008, 03:42 PM
FYI: Wine (both 0.9.* and 1.0) does not play well with CentOS 5.1 64bit.

KaySterling
06-25-2008, 06:34 PM
Much appreciated guide!
This will come in handy soon i think.

asdf
06-26-2008, 04:53 PM
Thanks for the guide, very helpful. I'm having quite a big problem though, I can't see anything in the VNC screen. Fluxbox is installed, and I can connect to the server, but all I can see is this:

http://www.frauded.info/dump/32a5317f8166520420ed5839d91ed330/1123.PNG

Without the VNC I can't properly control the server..

I tried reinstalling fluxbox and even the x server, but I still can't get this to work. I'd really appreciate any help here.

Edit: I somehow installed gnome. And gnome requires you to run the server using the -depth information. Soooooo, problem solved. I'd like to know how to go back to Fluxbox though..

sniz
06-27-2008, 12:01 PM
im doing the Vncserver step i did everything is said it came up with this when i type vncserver :1

[itronic@MY SERVER IP WAS HERE~]$ vncserver :1
xauth: (argv):1: bad display name "MY SERVER IP WAS HERE:1" in "add" command




here the log because when i trying to connecting useing my computer useing VNCviewer it said failed to connect


Fri Jun 27 11:44:47 2008
vncext: VNC extension running!
vncext: Listening for VNC connections on port 5901
vncext: Listening for HTTP connections on port 5801
vncext: created VNC server for screen 0
error opening security policy file /usr/X11R6/lib/X11/xserver/SecurityPolicy
Could not init font path element /usr/X11R6/lib/X11/fonts/misc/, removing from l ist!
Could not init font path element /usr/X11R6/lib/X11/fonts/TTF/, removing from li st!
Could not init font path element /usr/X11R6/lib/X11/fonts/Type1/, removing from list!
Could not init font path element /usr/X11R6/lib/X11/fonts/CID/, removing from li st!
Could not init font path element /usr/X11R6/lib/X11/fonts/75dpi/, removing from list!
Could not init font path element /usr/X11R6/lib/X11/fonts/100dpi/, removing from list!
Fatal server error:
could not open default font 'fixed'
/home/itronic/.vnc/xstartup: line 1: fluxbox: command not found
[itronic@MY SERVER IP~]$

necromantic
06-28-2008, 10:11 PM
Edit: Error 10065 in VNC means Firewall Is The Devil

wevotedno
07-01-2008, 01:08 PM
Great work but i need one year to did it by my self because i never setup this system yet

Also version 1.0.0 has issues wtih peer conncectivity on utorrent.


Amazing guide you guys. Thanx

predateur
07-01-2008, 02:19 PM
thank you very much naq (http://filesharingtalk.com/vb3/../../members/naq-165862) , you are the best and very helpfull :)

eMoneyBags
07-09-2008, 11:38 AM
thanks for the guide naq. but i am stuck at the last part, setting up the ftp server. when i try to save to "vsftpd.conf" it says i don't have permission. also when i tried the step before that one..

# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /root/vsftpd.pem -out /root/vsftpd.pem
i get "sh: openssl: command not found".

kross
07-09-2008, 03:06 PM
Are you doing these two things as root?

eMoneyBags
07-09-2008, 04:28 PM
no. i was using the other username i made..

kross
07-09-2008, 05:53 PM
And why are you doing that? ;)
The guide is saying the opposite, you need to log in as root.

eMoneyBags
07-09-2008, 07:40 PM
after doing step 8. i can't login with vnc anymore. i get this error. "The server does not have a valid password enabled. Until a password is set, incomming connections cannot be accepted.. how do i fix this?

reeve
07-10-2008, 04:45 PM
Excellent tutorial.
I only had one problem. On my leaseweb express server 1, vncserver would not work. Switching to vnc4server worked fine as did the rest of the tutorial.

kid16k
07-14-2008, 07:39 PM
I just have to say this:

This is one of the best tutorials in the world wide web! 10/10

Perhaps i will translate it to *german* if its okay for you?!

However i don't have much time atm (study^^)

Zer0c0oL
07-16-2008, 04:05 PM
I've followed all the steps. I'm using debian in my server. The only problem is that i can't find firefox or open any web browser through vnc viewer.

anyway to solve this ?

eMoneyBags
07-17-2008, 05:19 PM
I've followed all the steps. I'm using debian in my server. The only problem is that i can't find firefox or open any web browser through vnc viewer.

anyway to solve this ?

same here

lifehackr
07-18-2008, 03:05 AM
Thanks NaQ and all who posted updates. I want to try this on a test server (seedbox) in my home before I try applying to a purchased seedbox. Any guides on how to install the server os so its like what you would get from a purchased seedbox?

salasana
07-18-2008, 09:02 PM
Nice guide! Thanks.

puckface
07-19-2008, 05:37 PM
Using Debian:

In the section to change ports for ssh, there is the code:

# /etc/init.d/sshd restart

when using a Debian install this "file or directory does not exist"

maybe an update on that or Im missing something.

Also, when starting firestarter, I te the error "Gtk-WARNING **: cannot open display: ", I thought it had something to do with -depth when opening vncserver, but not so.

That being said: great guide, thanks.

kross
07-19-2008, 06:12 PM
It's /etc/init.d/ssh, no d at the end.

puckface
07-19-2008, 06:23 PM
It's /etc/init.d/ssh, no d at the end.


cool, maybe a fix for that in the guide then for debian.

youre the helpful one arent you? Any ideas on the firestarter error?

Gtk-WARNING **: cannot open display:

kross
07-19-2008, 06:53 PM
Did you proceed as described into this guide?
(Did you add your normal account into sudo config file with sudo?
Did you try to run firestarter with sudo (sudo firestarter) in terminal you launched in VNC?)

Puck, if you did that, then try to change the value for Defaults via visudo:
Defaults env_reset
becomes
Defaults env_keep=DISPLAY

Another thing: open a terminal into the remote desktop and type echo $DISPLAY.
Then, in the same terminal, log in as root and type:
DISPLAY=XYZ firestarter
XYZ is what "echo $DISPLAY" prompted to you.
(root can write on any X window screen)

Edit: You can also try that:
Defaults:user !env_reset
However, it's my solution, so I won't guarrantee it will work. :D

riparide
07-21-2008, 04:50 PM
I juet get a problem starting firefox.
Here is the error message:

Error: Cairo does not yet support the requested image format:
Depth: 8
Alpha mask: 0x00000000
Red mask: 0x00000007
Green mask: 0x00000038
Blue mask: 0x000000c0
Please file an enhacement request (quoting the above) at:
http://bugs.freedesktop.org/enter_bug.cgi?product=cairo
firefox-bin: /build/buildd/libcairo-1.2.4/src/cairo-image-surface.c:155: _cairo_format_from_pixman_format: Assertion `NOT_REACHED' failed.
Aborted


any ideas?

riparide
07-22-2008, 04:34 PM
Just and update.
I did reinstall the OS with CentOS 5 and now everything works ok, including firefox.
Thanks NAQ and all supporters.

Im now just trying to install ProFTPd instead of VSftpd... will keep update.

colin12345
07-25-2008, 05:23 PM
Hi. I wonder if anyone can help me. I'm pretty new to Linux. I've just got an OVH dedicated server with Debian Etch. I've followed NaQ's very useful tutorial and have managed to install Utorrent and it's working fine (GUI too).
However, I'm having no luck opening Firefox from Fluxbox. I've got Firefox on the menu but when I click to open it, the window flashes for a second and then disappears (almost as if it's opening in the background). I've tried a reboot but it doesn't change anything.
I'd be really grateful if anyone can give me a hand.
Thanks :-)

dance4
07-25-2008, 06:02 PM
vncserver (vnc4server,tightvnc) -depth 24 :D

colin12345
07-25-2008, 06:08 PM
dance4 - thanks sooooo much! Does that make it open permanently at that resolution?
Also, is it possible to open Firefox rather than Iceweasel?
Again, thanks a bunch! :-)

dance4
07-25-2008, 06:11 PM
Does that make it open permanently at that resolution?

yes

Also, is it possible to open Firefox rather than Iceweasel?

yes

colin12345
07-25-2008, 06:14 PM
Cheers. Thanks for the swift replies :-) I was really getting desperate over the Firefox prob.

Sorry to trouble you again. I followed some advice about making Firefox the default instead of Iceweasel by entering the following command:

ln -sf /opt/firefox/firefox /usr/bin/firefox

Now when I select Firefox from the menu, nothing happens :-(
Is there a way to undo the command?

dance4
07-25-2008, 08:54 PM
ff isn't installed, if you want use ff3 isn't easy run it on Debian etch i can help you but write to me on skype or MSN

turin
07-26-2008, 03:20 PM
cool, great job

marraqy
07-30-2008, 07:40 AM
thx

tokyosushi
08-02-2008, 07:13 AM
Thanks Naq! Followed your guide and all worked well! Linux Seedbox Hooray!


However, I have a question regarding How-To upgrading or downgrading utorrent version.

I accidentally downloaded and used Utorrent 1.8Beta on the seedbox, vnc, fluxbox and utorrent works perfectly following your guide. But some torrent sites ban beta version of utorrent. Hence I would like to downgrade to version 1.7.7. How do I do that safely and retain all torrent settings, seeded torrents etc?

Is it like:
1. Shutdown currently running utorrent.
2. Goto Xterm or putty to command line and type:
$ wget http://download.utorrent.com/1.7.7/utorrent.exe
Replace/Overwrite previous utorrent.exe.
3. Log back into vnc session, and just restart utorrent (as I have already set the flux box menu with "[exec] (uTorrent) {wine ~/utorrent.exe}"

Is this correct? Or do I need to kill the VNC server as well?

Cheers.

P.W.E.I.
08-02-2008, 07:14 PM
sorted :)

andra
08-03-2008, 05:23 PM
everything works nice only one problem i have.

When i connect to the server with vnc my server desktop is very small.
Is there any way to mak it bigger ?

c0njur
08-05-2008, 09:50 PM
Great guide, thanks!

davidav
08-11-2008, 04:32 PM
Great tutorial, Thank you.

Oh, since the utorrent 1.8 is out, to install 1.8, do I just need to
wget utorrent 1.8 and install webui in same way?

tokyosushi
08-12-2008, 08:42 AM
Great tutorial, Thank you.

Oh, since the utorrent 1.8 is out, to install 1.8, do I just need to
wget utorrent 1.8 and install webui in same way?



However, I have a question regarding How-To upgrading or downgrading utorrent version.

I accidentally downloaded and used Utorrent 1.8Beta on the seedbox, vnc, fluxbox and utorrent works perfectly following your guide. But some torrent sites ban beta version of utorrent. Hence I would like to downgrade to version 1.7.7. How do I do that safely and retain all torrent settings, seeded torrents etc?

Is it like:
1. Shutdown currently running utorrent.
2. Goto Xterm or putty to command line and type:
$ wget http://download.utorrent.com/1.7.7/utorrent.exe
Replace/Overwrite previous utorrent.exe.
3. Log back into vnc session, and just restart utorrent (as I have already set the flux box menu with "[exec] (uTorrent) {wine ~/utorrent.exe}"

Is this correct? Or do I need to kill the VNC server as well?

Cheers.

I didn't get an answer so i tested it out. Yup, to upgrade or downgrade your utorrent version, just follow the steps i mentioned in post#134.

Just shutdown utorrent, no need to kill the vncserver.
Then wget the utorrent version you want overwriting the previous utorrent.exe. Alternatively, you can rename the previous version first, and then wget the newer/older version you want.

Then just start-up utorrent again in your vnc session.

All your loaded torrents and previous utorrent settings will be retained and loaded in the newer utorrent you downloaded. As long as you don't touch anything in the application data/utorrent folder under your profile in the .wine folder.

Just simple as that.

Alternatively you can also download the utorrent you want to your pc, then upload it to the seedbox via ftp.

Hope this helps :)

RedRansom
08-15-2008, 08:42 PM
so we can connect a linux server with vnc like windows remote connection right?

iamKy666
08-19-2008, 11:02 AM
Great guide!!!
Was about time to kick the fuckin win out of our boxes.
I purchased an ubuntu server,i am following step by step your guide and when it comes to connect with VNC im gettin an error message.
Lets say my ip is this:xx.xxx.xxx.xxx
In VNC im using this to connect:

xx.xxx.xxx.xxx:1


unfortunately i get an error like this:

unable to connect to host,connection refused(10061)


Can anybody guess what im doing wrong?
I am kindly asking for an answer from someone who is more experienced(it is my first time doing this).

Thanks for reading.

a.microsoft
08-22-2008, 02:04 AM
obviously vnc isnt running...

if you're using debian/ubuntu, you should've typed

apt-get install tightvncserver

then type

vncserver
(set the pw)
then you're off :)

Jordi
08-22-2008, 11:15 AM
When I start utorrent the log notify me of an error: Error opening Windows Firewall: 0x800700005 Errror -2xxxxxx Can I fix this by disabling in Utorrent menu: Add windows firewall exception?



Thanks for the great guide, it took me 15 minutes to setup my new leaseweb box. Everything is running fine except two things. When I launch tightvnc the screen is very small so I cant see the full desktop.Kill your vnc
killall XvncThen launch vncserver with the -geometry tag
vncserver -geometry 1860x1050and connect.

My TightVNC viewer window is also pretty small, when I maximise i get black bars on each side.

This -geometry 1860x1050 resolution does that work on a 1280x1024 screen resulotion?

ClodiuS
08-25-2008, 09:16 AM
Thnx,awesome guide!Bookmarked!

naq
08-27-2008, 07:13 PM
Just a few things about your tutorial:
- (debian) When you're upgrading your system:
apt-get update
apt-get upgrade
is not sufficient, to upgrade kernel and other system programs, you need to do:
apt-get dist-upgrade
Adding "-y" to the command will indicate that the system does not have to ask you questions and the defaut answer is "Yes".
- changing ports for FTP and SSH is not the best solution to counter cracking attempts.
There are so many programs which can tell you how to find opened ports and what service is runned on each of them. A better solution would be fail2ban. "You send me garbage? Ok, I'll ban you for a specific period." I suggest to anyone interested in security to do some searches on fail2ban.
- According to your tutorial, there are things you can only do with root. Maybe I'm forgetting something, but the way you defined the user "pirate" in /etc/sudoers tells to the system "pirate" with the sudo command can do everything on the system. In fact, pirate is another administrator on the machine. Same priviledges in fact.
- What's the purpose of copying the public key of the root in his own ~/.ssh/authorized_keys? An administrator needs to do "ssh localhost" and connect without typing the password? "su -" will be more efficient and "> ~/.ssh/authorized_keys" will just create an empty "~/.ssh/authorized_keys".

Hope this will help you to make your tutorial better! :)

I haven't visited FST for a while... very surprised this is moved to a new section. I apologized to those who ran into troubles following the guide, especially those who sent PMs and didn't receive replies. I tried to make it as foolproof as possible, but with the different OSes (and versions), it's kinda impossible. I'll stick around to see what needs to be fix and improve.

reply to kross:

dist-upgrade: I thought upgrade was enough, there's no need to mess around with the system.

ports: from my own experience, I thought changing ports was enough, but if fail2ban or similar programs are easy enough to install, I'll add them some day.

sudo: yeah, the whole guide is about operating under a user, until the firewall section where the user needs sudo to run the firewall software, which I don't want but didn't see a way around. I know that "su" to root can't configure iptables, but not sure if "sudo" can.

authorized_keys: not sure what you're saying here, I thought the delete authorized_keys section was quite clear.

Thanks for all the replies.

Xapsa
09-02-2008, 12:18 AM
Having trouble accessing the webgui. I put in the correct login name and password but it just keeps loading and that is it.
In my xterm window I see this message everytime I try to access my webgui:

WARNING: Trying to create a socket of type SOCK_RAW, this will fail unless you have special permissions.

Anybody have any clue as to what is causing this?

Xapsa
09-05-2008, 05:08 AM
BTW I am using Debian and also for some reason Firefox is not showing up on my menu in Fluxbox.

naq
09-05-2008, 11:38 PM
I'll update the guide to use uTorrent 1.8 along with the newer version of WebUI this weekend.

mmikz0
09-07-2008, 01:25 AM
This helped me so much i can't even say how much i appreciate it.

THANK YOU!

Xapsa
09-17-2008, 03:23 PM
I bypassed all the problems I posted by just switching my OS from Debian to Fedora 8, and the things that I chose to use worked. Thanks for the guide.

civeta
09-17-2008, 08:19 PM
OS: Fedora 8

I'm having a problem connecting to my VNC server...




_XSERVTransSocketOpenCOTSServer: Unable to open socket for inet6
_XSERVTransOpen: transport open failed for inet6/CXXXX:X
_XSERVTransMakeAllCOTSServerListeners: failed to open listener for inet6


Not sure what's wrong...

naq
09-17-2008, 09:54 PM
I don't think those errors prevent vncserver from running. Can you post the text after them in the log? It will tell more...

civeta
09-18-2008, 01:23 AM
Okay, I got more errors now... These might be the ones stopping it from working..

I cut some short because it was huge. Didn't even fit on the whole screen.


Failed to read: session.screen0.window.unfocus.alpha
Setting default value
Failed to read: session.screen0.menu.alpha
Setting default value
Failed to read: session.screen0.menuDelay
Setting default value
Failed to read: session.screen0.menuDelayClose
Setting default value
Failed to read: session.screen0.menuMode
Setting default value
Failed to read: session.screen0.overlay.lineWidth
Setting default value
Failed to read: session.screen0.overlay.lineStyle
Setting default value
Failed to read: session.screen0.overlay.joinStyle
Setting default value
Failed to read: session.screen0.overlay.capStyle
Setting default value
Failed to read: session.screen0.windowScrollAction
Setting default value
Failed to read: session.screen0.windowScrollReverse
Setting default value
Failed to read: session.screen0.allowRemoteActions
Setting default value
Failed to read: session.screen0.tabs.maxOver
Setting default value
Failed to read: session.screen0.tabs.intitlebar
Setting default value
Failed to read: session.screen0.tabFocusModel
Setting default value
BScreen::BScreen: managing screen 0 using visual 0x22, depth 16
Failed to read: session.ignoreBorder
Setting default value
Failed to read: session.forcePseudoTransparency
Setting default value
Failed to read: session.tabPadding
Setting default value
Failed to read: session.styleOverlay
Setting default value
Failed to read: session.slitlistFile
Setting default value
Failed to read: session.groupFile
Setting default value
Failed to read: session.appsFile
Setting default value
Failed to read: session.tabsAttachArea
Setting default value
Failed to read: session.modKey
Setting default value
Failed to read: session.screen0.imageDither
Setting default value
Failed to read: session.screen0.opaqueMove
Setting default value
Failed to read: session.screen0.workspacewarping
Setting default value
Failed to read: session.screen0.desktopwheeling
Setting default value
Failed to read: session.screen0.reversewheeling
Setting default value
Failed to read: session.screen0.autoRaise
Setting default value
Failed to read: session.screen0.clickRaises
Setting default value
Failed to read: session.screen0.decorateTransient
Setting default value
Failed to read: session.screen0.defaultDeco
Setting default value
Failed to read: session.screen0.rootCommand
Setting default value
Failed to read: session.screen0.resizeMode
Setting default value
Failed to read: session.screen0.windowMenu
Setting default value
Failed to read: session.screen0.followModel
Setting default value
Failed to read: session.screen0.userFollowModel
Setting default value
Failed to read: session.screen0.window.focus.alpha
Setting default value
Failed to read: session.screen0.window.unfocus.alpha
Setting default value
Failed to read: session.screen0.menu.alpha
Setting default value
Failed to read: session.screen0.menuDelay
Setting default value
Failed to read: session.screen0.menuDelayClose
Setting default value
Failed to read: session.screen0.menuMode
Setting default value
Failed to read: session.screen0.overlay.lineWidth
Setting default value
Failed to read: session.screen0.overlay.lineStyle
Setting default value
Failed to read: session.screen0.overlay.joinStyle
Setting default value
Failed to read: session.screen0.overlay.capStyle
Setting default value
Failed to read: session.screen0.windowScrollAction
Setting default value
Failed to read: session.screen0.windowScrollReverse
Setting default value
Failed to read: session.screen0.allowRemoteActions
Setting default value
Failed to read: session.screen0.tabs.maxOver
Setting default value
Failed to read: session.screen0.tabs.intitlebar
Setting default value
Failed to read: session.screen0.tabFocusModel
Setting default value
Failed to read: session.ignoreBorder
Setting default value
Failed to read: session.forcePseudoTransparency
Setting default value
Failed to read: session.tabPadding
Setting default value
Failed to read: session.styleOverlay
Setting default value
Failed to read: session.slitlistFile
Setting default value
Failed to read: session.groupFile
Setting default value
Failed to read: session.appsFile
Setting default value
Failed to read: session.tabsAttachArea
Setting default value
Failed to read: session.modKey
Setting default value
Failed to read: session.screen0.imageDither
Setting default value
Failed to read: session.screen0.opaqueMove
Setting default value
Failed to read: session.screen0.workspacewarping
Setting default value
Failed to read: session.screen0.desktopwheeling
Setting default value
Failed to read: session.screen0.reversewheeling
Setting default value
Failed to read: session.screen0.autoRaise
Setting default value
Failed to read: session.screen0.clickRaises
Setting default value
Failed to read: session.screen0.decorateTransient
Setting default value
Failed to read: session.screen0.defaultDeco
Setting default value
Failed to read: session.screen0.rootCommand
Setting default value
Failed to read: session.screen0.resizeMode
Setting default value
Failed to read: session.screen0.windowMenu
Setting default value
Failed to read: session.screen0.followModel
Setting default value
Failed to read: session.screen0.userFollowModel
Setting default value
Failed to read: session.screen0.window.focus.alpha
Setting default value
Failed to read: session.screen0.window.unfocus.alpha
Setting default value
Failed to read: session.screen0.menu.alpha
Setting default value
Failed to read: session.screen0.menuDelay
Setting default value
Failed to read: session.screen0.menuDelayClose
Setting default value
Failed to read: session.screen0.menuMode
Setting default value
Failed to read: session.screen0.overlay.lineWidth
Setting default value
Failed to read: session.screen0.overlay.lineStyle
Setting default value
Failed to read: session.screen0.overlay.joinStyle
Setting default value
Failed to read: session.screen0.overlay.capStyle
Setting default value
Failed to read: session.screen0.windowScrollAction
Setting default value
Failed to read: session.screen0.windowScrollReverse
Setting default value
Failed to read: session.screen0.allowRemoteActions
Setting default value
Failed to read: session.screen0.tabs.maxOver
Setting default value
Failed to read: session.screen0.tabs.intitlebar
Setting default value
Failed to read: session.screen0.tabFocusModel
Setting default value
Failed to read: session.screen0.slit.maxOver
Setting default value
Failed to read: session.screen0.slit.alpha
Setting default value
Failed to read: session.screen0.slit.onhead
Setting default value
Failed to read: session.screen0.slit.layer
Setting default value
apps file failure
Xlib: extension "RANDR" missing on display ":3.0".


Nevermind! Used your iptables trick... Didn't know it applied to that. Thanks naq!!! Great tutorial

t0mmy
09-18-2008, 02:00 AM
vncserver isnt working for anymore, im pretty sure the command was "vncserver" and now my vncviewer doesnt work, im sure the box is still online as i can connect through putty/ftp

t0mmy
09-18-2008, 02:00 AM
vncserver isnt working for anymore, im pretty sure the command was "vncserver" and now my vncviewer doesnt work, im sure the box is still online as i can connect through putty/ftp

hopes
09-18-2008, 07:53 AM
anyone running Ubuntu 8.04 with vsftpd 2.06 and using TLS /SSL auth has this problem?
http://img258.imageshack.us/img258/1808/ubuntu1wx3.th.jpg (http://img258.imageshack.us/my.php?image=ubuntu1wx3.jpg)
The italian sentence is: server has not properly closed TLS connection
It seems a well known bug, using latest Filezilla and vsftpd 2.06
Update to vsftpd 2.07 seems to solve the issue...but I can't find the package. Do I have to build from sources?
Is there any other nice and secure ftp server to try?
btw excellent guide!

naq
09-19-2008, 12:06 AM
vncserver isnt working for anymore, im pretty sure the command was "vncserver" and now my vncviewer doesnt work, im sure the box is still online as i can connect through putty/ftp

You can't start a new vncserver? Any error messages? check the log?


anyone running Ubuntu 8.04 with vsftpd 2.06 and using TLS /SSL auth has this problem?
http://img258.imageshack.us/img258/1808/ubuntu1wx3.th.jpg (http://img258.imageshack.us/my.php?image=ubuntu1wx3.jpg)
The italian sentence is: server has not properly closed TLS connection
It seems a well known bug, using latest Filezilla and vsftpd 2.06
Update to vsftpd 2.07 seems to solve the issue...but I can't find the package. Do I have to build from sources?
Is there any other nice and secure ftp server to try?
btw excellent guide!

Until Ubuntu repository updates to vsftpd 2.07, the easiest way is to use an older version of Filezilla. Another ftp server is proftpd, but you'll run into the same error I think.

hopes
09-19-2008, 02:52 PM
Thanks, I solved compiling from source vsftpd 2.07.
It now works fine with Filezilla
Cheers





anyone running Ubuntu 8.04 with vsftpd 2.06 and using TLS /SSL auth has this problem?
http://img258.imageshack.us/img258/1808/ubuntu1wx3.th.jpg (http://img258.imageshack.us/my.php?image=ubuntu1wx3.jpg)
The italian sentence is: server has not properly closed TLS connection
It seems a well known bug, using latest Filezilla and vsftpd 2.06
Update to vsftpd 2.07 seems to solve the issue...but I can't find the package. Do I have to build from sources?
Is there any other nice and secure ftp server to try?
btw excellent guide!

Until Ubuntu repository updates to vsftpd 2.07, the easiest way is to use an older version of Filezilla. Another ftp server is proftpd, but you'll run into the same error I think.

fluxd
09-19-2008, 09:28 PM
Any idea why I get this error while FXPing.
[2] STOR d-653o01.zip
[2] 521 Data connections must be encrypted.
[i] Transfer Failed: d-653o01.zip

naq
09-19-2008, 11:57 PM
I never looked into fxp with ssl. Have you configured these 4 options in the ftp servers?
pasv_promiscuous
port_promiscuous
pasv_max_port
pasv_min_port

And make sure the max and min ports are properly forwarded in the firewall.

Maybe you can just have the data connections be encrypted optional with this:
force_local_data_ssl=NO

or don't use fxp with ssl with this:
force_local_logins_ssl=NO

reeve
09-20-2008, 05:34 PM
Followed this guide a second time for another leaseweb express server. Things went pretty well. I chose tightvncserver, last time vncsever wouldn't work and I went with vnc4server which works fine.
Installing Flash support didn't work. Goggle quickly gave me a method which was fine.

zeb7s
09-22-2008, 11:21 PM
Yea, like the above user I have a leaseweb box and the VNC server in the tutorial wont work so I'm just wondering how I can set up a different one (this is my first time to do this)

hopes
09-23-2008, 07:37 AM
Anyone experiencing connections problems with other OVH local peers when seeding from an OVH server?
Using latest wine + utorrent 1.8, it seems to drop connections from other ovh boxes...

reeve
09-23-2008, 12:37 PM
Yea, like the above user I have a leaseweb box and the VNC server in the tutorial wont work so I'm just wondering how I can set up a different one (this is my first time to do this)

Replacing vncserver with tightvncserver is real easy. Wherever you see "vncserver" in the guide, replace it with "tightvncserver".

So you will need to
apt-get install tightvncserver

set up the desktop the same as in the guide.

And to start it
tightvncserver: 1

One your desktop it doesn't matter whether you use realvncviewer or tightvncviewer.

internazionale 1908
09-24-2008, 04:30 PM
if someone could edit the tutorial would be better.

cheers

silent2k8
09-24-2008, 06:52 PM
Naq amazing job man, god bless you :)
I didnt have any trouble cause i am familiar with networking and linux.


For all those who complains not seeing firefox in the menu, me too. Just type firefox in an xterm window and it will run.

thanks again

eMoneyBags
09-26-2008, 09:39 PM
thanks again for this guide. after following it, everything works perfect. but i've used 28% of my 250GB HD. is this normal?

Ion
09-29-2008, 06:29 AM
Thank you very much naq. I've been following the tutorial word for word till now, but I'm stuck at number 7. The server always tells me(when I try to put in the openssl command): -bash: openssl: command not found
I have a kimsufi with debian. Can someone tell me what I do wrong?



I'm having this same exact issue. Google hasn't provided any good instructions on how to install openssl.. Can anyone help?

I'm using puTTy and logged in as root.

naq
09-29-2008, 11:48 AM
try: apt-get install openssl

shadowking
09-29-2008, 11:49 AM
Hey naq, can I use this tutorial for my leaseweb debian box?

naq
09-29-2008, 11:56 AM
Yes.

shadowking
09-29-2008, 02:20 PM
thanks for the guide. i managed to set up my box.

Ion
09-29-2008, 03:37 PM
try: apt-get install openssl

That was it naq!

Thanks for your help and thanks for this excellent guide.

aname??
09-29-2008, 06:40 PM
AWESOME tutorial, but

Im getting some errors here.

Firefox is not in the menu and when I write firefox in xterm I get this error
Error: Cairo does not yet support the requested image format.

When I try to start firestarter I get like 1000 error popups and this error in xterm:
Gtk-WARNING **: cannot open display:


Edit: I solved it by adding -depth 24 in vnc

Ion
09-30-2008, 04:25 AM
Great guide naq.
Quik question though. After following the guide i can't seem to use FTP to upload anything. Is there a way to change permissions or something so that I can create folders and upload data via ftp?

I'm using Debian 4.0 (etch) and FlashFXP.

redMonster
09-30-2008, 09:23 AM
All right, I managed to connect via FTP, but where is the Downloads folder. It takes me to a folder which has .vnc, .wine, .fluxbox, etc. folders.

Vanquiz
10-04-2008, 03:57 AM
# yum install wine
Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Nothing to do
# wine utorrent.exe
bash: wine: command not found

First, I would like to say thanks for the great tutorial.

This is my first time trying to set this up, I got the same error, and Lincoln did mention that Wine doesnt run well in Centos 5 64bit, so Im stuck now at the step to install utorrent.

Any help? Thanks in advance.

EDIT : Got it

I found this page http://www.centos.org/modules/newbb/viewtopic.php?topic_id=14987

Apparently I just need to add #rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm and install wine after that.

Xapsa
10-05-2008, 08:41 PM
Hiya
How come I keep getting all this whenever I type in the iptables -t filter -L


Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- localhost.localdomain anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- localhost.localdomain anywhere
ACCEPT tcp -- ks#####.kimsufi.com anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- ks#####.kimsufi.com anywhere
ACCEPT tcp -- cdns.ovh.net anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- cdns.ovh.net anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere ##.###.#.###
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere default
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- ks#####.kimsufi.com localhost.localdomain tcp dpt:domain
ACCEPT udp -- ks#####.kimsufi.com localhost.localdomain udp dpt:domain
ACCEPT tcp -- ks#####.kimsufi.com ks#####.kimsufi.com tcp dpt:domain
ACCEPT udp -- ks#####.kimsufi.com ks#####.kimsufi.com udp dpt:domain
ACCEPT tcp -- ks#####.kimsufi.com cdns.ovh.net tcp dpt:domain
ACCEPT udp -- ks#####.kimsufi.com cdns.ovh.net udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere default
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Output'
Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpts:54320:54322
ACCEPT udp -- anywhere anywhere udp dpts:54320:54322
ACCEPT tcp -- anywhere anywhere tcp dpt:5901
ACCEPT udp -- anywhere anywhere udp dpt:5901
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
LSI all -- anywhere anywhere
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere


When I type in
iptables -F

The server gets stuck and I can't do anything?
BTW I stuck those #'s in there

RoBz
10-07-2008, 11:26 PM
Everything has been working fine for me for months now...

I just reinstalled my (local) machine and now I can't seem to connect with VNC. SSH works fine, I have the tunnel setting correct in PuTTY, vncserver is active, but when I run VNC Viewer I get the error:
unable to connect to host: Connection refused (10061)

Any ideas?

Any help is greatly appreciated.

EDIT: Solved, I had "5901:localhost" in the PuTTY SSH tunnel settings instead of "localhost:5901"
<---Idiot

>_<

Vanadium
10-08-2008, 03:43 PM
Great guide naq.
Quik question though. After following the guide i can't seem to use FTP to upload anything. Is there a way to change permissions or something so that I can create folders and upload data via ftp?

I'm using Debian 4.0 (etch) and FlashFXP.

You need to uncomment the following in /etc/vsftpd.conf:


# Uncomment this to enable any form of FTP write command.
write_enable=YES

--

An unrelated tip that might help someone, you don't have to log in to have everything start up after reboot / crash. Simply add:


wine ~/utorrent.exe &

to ~/.fluxbox/startup just before the line:


# And last but not least we start fluxbox.

which will automatically startup utorrent when fluxbox starts (which is when vnc server starts).

To start VNC server automatically, add:

su - username1 -c "vncserver -geometry 1024x768 -depth 24 :1"
su - username2 -c "vncserver -geometry 1024x768 -depth 24 :2"

and so forth to /etc/rc.local

This way, when the server boots, after everything is loaded the vnc servers start (and if you followed the guide you'll already have "startfluxbox" in ~/.vnc/xstartup) which causes fluxbox to start, which causes wine / utorrent to start. :)

Cleaner
10-11-2008, 11:32 AM
Hi

in the guide u say to post here if I can't connect via VNC
well it gives me an error when trying to connect and I checked and there is no firewall
and editing the hosts file didn't do the job as well

what more can I do??

plz help

Tripledrop
10-11-2008, 06:29 PM
I am having the same problem as a couple of other users here. All seems ok up to step 6, but when I enter my password in and vnc viewer, the resulting desktop is BLANK!!

Any ideas? I have been searching the internet for hours now! I have tried logging in on both XP and Visat, same thing happens!

Vanadium
10-12-2008, 03:04 AM
You have to make sure startfluxbox is in ~/.vnc/xstartup
also make sure -depth is between 8 and 24

Tripledrop
10-12-2008, 09:37 AM
Thanks for the help, but managed to sort it out... Turns out the install line from the guide didn't work, so had to install fluxbox, works fine now :)

Cleaner
10-13-2008, 12:12 PM
well the web ui is loading up real slow I ean when I try to enter the http://yourip:xxxx/gui it takes like 20 min just to ask me for my user:pass
and it spends more time loading after that in fact it's been 45 min now and I still haven't be able to get in
anyone know why??

andra
10-13-2008, 07:07 PM
well the web ui is loading up real slow I ean when I try to enter the http://yourip:xxxx/gui it takes like 20 min just to ask me for my user:pass
and it spends more time loading after that in fact it's been 45 min now and I still haven't be able to get in
anyone know why??

Try remove webui.zip and replace it and restart utorrent. I did have tha same problem after a reinstall.

mrnobody
10-16-2008, 01:58 AM
thnx a zillion and one.

Romeo6
10-16-2008, 06:37 PM
Hi, Could someone help me with this?

What would be the best way to set up multiple utorrent web ui's on one server and limit there hard drive space and active torrents?

Would it be as easy as making a new user on the server and putting a disk quota limit on the account then opening up vnc and just running utorrent on another port? how would i limit there torrents without them being able to change them?

naq
10-16-2008, 07:52 PM
Here is a link to how to setup disk quota for debian:

http://www.debian-administration.org/articles/47

If you limit an user to only the WebUI interface, you can remove the Preferences button, but the user can still change settings. See here:

http://forum.utorrent.com/viewtopic.php?pid=364122#p364122

Look into TorrentFlux if you want a real multi-user interface.

Romeo6
10-16-2008, 08:08 PM
Here is a link to how to setup disk quota for debian:

http://www.debian-administration.org/articles/47

If you limit an user to only the WebUI interface, you can remove the Preferences button, but the user can still change settings. See here:

http://forum.utorrent.com/viewtopic.php?pid=364122#p364122

Look into TorrentFlux if you want a real multi-user interface.

Thank you very much, but for giving say four people there own utorrent web ui's would it be as easy as just giving them each a different port?

naq
10-16-2008, 09:24 PM
Yes. A separate port for each uTorrent.

twoscoops
10-17-2008, 08:52 PM
Great guide NAQ, it's very straightforward. However, I've run into a problem. At Step 7, when I try to set up the FTP portion of the server, things dont seem to be working. I am using Debian on a Leaseweb box btw. This is the step I'm stuck at:

Here, we need to enter the root password to switch to the root user.

Create a new SSH certificate for VSFTPD:
Code:
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /root/vsftpd.pem -out /root/vsftpd.pem

When I type this in, i get the error "bash: openssl: command not found

EDIT: I've also made another mistake; I mistakedly right clicked in the main gui and clicked exit. Now all it says is "ressFamily not implemented!" every time i connect with tightvnc viewer. To be more specific, I can connect, but I can't do anything any more.

naq
10-17-2008, 09:21 PM
Your server needs openssl:

# apt-get install openssl

You'll have to restart the vncserver for your second issue.

$ vncserver -kill :1
$ vncserver :1

c00L
10-18-2008, 04:07 PM
How can i exactly downgrande from 1.1.1 to 0.9.25 version of wine ?

I keep getting low peer connections.

OS: Debian 4.0 (Etch)

Thanks in advance.

naq
10-18-2008, 04:23 PM
You can try the following:

- Stop the running uTorrent
- Uninstall wine:
# apt-get --purge remove wine
- remove the budgetdedicated.com repo:
# rm /etc/apt/sources.list.d/winehq.list
- Install the older wine:
# apt-get update
# apt-get install wine

c00L
10-18-2008, 05:27 PM
It worked.

My server is now running again at full speed - 10 or 11 MB/s up and down.

Big thanks. :cool:

twoscoops
10-20-2008, 12:36 AM
Thanks naq, it worked for me. However, I have a new problem now. I've installed both firefox and vlc but when i try to launch them i get this error:


sh-3.1$ firefox
Error: Cairo does not yet support the requested image format:
Depth: 8
Alpha mask: 0x00000000
Red mask: 0x00000007
Green mask: 0x00000038
Blue mask: 0x000000c0
Please file an enhacement request (quoting the above) at:
http://bugs.freedesktop.org/enter_bug.cgi?product=cairo
firefox-bin: /build/buildd/libcairo-1.2.4/src/cairo-image-surface.c:155: _cairo_format_from_pixman_format: Assertion `NOT_REACHED' failed.
Aborted

naq
10-20-2008, 11:49 AM
That's a known bug: https://bugs.freedesktop.org/show_bug.cgi?id=4945

I think the simple fix is to restart vncserver with the -depth syntax, try:

$vncserver -kill :1
$vncserver -depth 16 :1

ShadowScout379
10-20-2008, 06:52 PM
Thanks naq !!!
I have problems with settung up the VNC Desktop.
When I type in "vncserver :1" it says:
"-bash: vncserver: command not found"

What should I do?

dance4
10-20-2008, 06:54 PM
install it :D

ShadowScout379
10-20-2008, 07:04 PM
Thanks naq !!!
I have problems with settung up the VNC Desktop.
When I type in "vncserver :1" it says:
"-bash: vncserver: command not found"

What should I do?

help anyone...

naq
10-20-2008, 10:35 PM
What OS do you have?
What's the output when you enter the command to install vncserver?

# apt-get install vncserver
or
# yum install vncserver

twoscoops
10-20-2008, 11:30 PM
Again Naq, you seem to have the answer to my problems. Now with these new abilities comes more questions :D. I've managed to stream a .avi file using this guide (http://ashishware.com/Video.shtml). However, I notice that the video is not 100% smooth (is this to be expected when my home connection is 7Mbps/512Kbps?). Is there a more efficient way to do so or is this something I have to live with? Also, I've managed to unrar a file using winrar using the command unrar e file.r00, but it saves it to my /home/username folder. Is there a way to save it somewhere else or am I SOL?

naq
10-21-2008, 12:24 AM
Not sure what you mean about the streaming videos. Are you trying to stream a video directly from the server to your computer?

To unrar into a specified directory:
$ unrar e file.rar /home/username/folder

The destination follows the source.

Type "man unrar" for the unrar manual. Or go to http://www.edenwaith.com/support/guitar/help/man/unrar.html

twoscoops
10-21-2008, 12:34 AM
Yeah, I'm trying to stream from my server to my computer. Thanks for the rar tip, it worked for me.

naq
10-21-2008, 01:22 AM
Your home connection is fast enough, but I suspect the speed of ONE stream connection between your server and PC isn't fast enough. I'm assuming the distance between them is the Atlantic Ocean(?). Hence, for ftp transfers, we can use multiple connections. However, I don't know of a way to stream videos using multiple connections.

twoscoops
10-21-2008, 01:27 AM
Thanks anyways naq, it seems to have fixed itself; it's now playing silky smooth. Now i can watch shows a few minutes after pre :D. Once again , thank you, i really appreciate your help.

ShadowScout379
10-21-2008, 05:56 AM
Thanks naq !!!
I have problems with settung up the VNC Desktop.
When I type in "vncserver :1" it says:
"-bash: vncserver: command not found"

What should I do?

help anyone...


What OS do you have?
What's the output when you enter the command to install vncserver?

# apt-get install vncserver
or
# yum install vncserver

I am using CentOS, so my command to sintall was
# yum install vncserver. Some how it doesn't work though.

When I enter "#yum install vncserver" I get:

# yum install vncserver
Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
dag 100% |=========================| 1.1 kB 00:00
kbs-CentOS-Extras 100% |=========================| 951 B 00:00
kbs-CentOS-Misc 100% |=========================| 951 B 00:00
base 100% |=========================| 1.1 kB 00:00
updates 100% |=========================| 951 B 00:00
addons 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
Excluding Packages in global exclude list
Finished
Parsing package install arguments
Nothing to do

naq
10-21-2008, 11:30 AM
Can you try: yum install vnc-server ? I forgot the dash.

Edit: Hopefully, that will either install it or show that you already have it installed. Then, try typing "vnc" and press Tab twice to see if the command is there, and whether it's "vncserver" or "vnc-server".

ShadowScout379
10-21-2008, 11:51 AM
Can you try: yum install vnc-server ? I forgot the dash.

Edit: Hopefully, that will either install it or show that you already have it installed. Then, try typing "vnc" and press Tab twice to see if the command is there, and whether it's "vncserver" or "vnc-server".

Thanks a lot naq,
I installed debian on my server and started over and everything worked fine :)

walkman79
10-22-2008, 07:39 PM
Wow, this is by far the best guide to set up a seedbox, this guide contains all the knowledge about seedboxes which I have gained through experience in installing seedboxes for about 6 months and even more. If I had read this guide before it would have saved me a lot of time lol. This is superb and brilliant and I've noticed this is also a compilation made by the original poster. Well, I want to thank you and want to give some humble suggestions:

In the part where you install webui, wouldn't it better if you download the file to the server directly instead of using Open WinSCP:


wget http://www.utorrent.com/webui/webui.1220503364.zip

mv webui.1220503364.zip .wine/drive_c/windows/profiles/pirate/Application\ Data/uTorrent/



For people who prefer a full desktop with a menu and shortcuts instead of fluxbox I would suggest xfce, this is a light desktop:

aptitude install xfce-desktop
aptitude install xfonts-base

then edit this file:

nano /home/username/.vnc/xstartup

by adding this line:

startxfce4 &

Btw, I'm using wine-1.1.1 on Debian Etch with utorrent 1.8.1 and I haven't gotten any error yet. I think the combination works pretty fine.

NX is an alternative to VNC, it looks nicer and it even responds faster to the mouse movements and clicks, VNC loads faster and consume less resources though.

Well, I have to insist your guide is tremendous and it is actually great as it is but I hope you put my suggestions :)

cheers

naq
10-22-2008, 09:39 PM
Thanks for the comments. You're right about the webui part. It was that way because originally, you'd have to extract the webui.zip out from a rar file. I'll update it to your suggestion.

kareemamir
10-23-2008, 10:12 PM
Grrrrrr.......I fought this would be semi-easy. Not so. Im following this guide to the word, yet it still says locked then asks me am I root? Im guessing so, im logged in as the root!

Going to with Fedora know. My 9th reinstall today!

walkman79
10-26-2008, 03:36 AM
If you don't know anything about Linux it will be difficult to set up a seedbox, this guide has been thoroughly written though.

Well, some updates:
I've tried CentOS today and I have found something, I followed the guide step by step and when I tried to install wine it gave me an error:

No package wine available

Solution: You have to enable EPEL (Extra Packages for Enterprise Linux) repo and install the packages:


# rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm

If you list the new repo you must see epel listed:

# yum repolist

Then:

# yum install wine

and everything works fine now :)

Btw, I've tried fluxbox and I insist XFCE looks nicer IMO. Besides, after I minimize utorrent on fluxbox it doesn't come up again, that is, maximizing and minimizing is not working with fluxbox. Is there any solution for this ? I've just unchecked minimize to tray.

Thanks in advance.

clouseau66
10-26-2008, 12:55 PM
uTorrent keeps dropping peer connections ("Peer error: error 10022")This problem is due to a bug in wine from version 0.9.40 up to 1.1.15. The latest version is 1.1.16, which fixed this issue. As of 10/16, if you follow this guide, the version of wine you should have is (after updating to the latest):
Debian: 1.1.1
Ubuntu: 1.1.16
FC/CentOS: 0.9.x

Yes I'm running CentOS and my wine version is 1.0 and utorrent is dropping connections. You mentioned if anyone needed help resolving this issue to drop a reply and I need your help! Thanks in advance! regards clouseau66

LRm
10-27-2008, 07:53 AM
so...is wine working with centos, or no>?


# yum install wine
Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Excluding Packages in global exclude list
Finished
Parsing package install arguments
Nothing to do


wine utorrent.exe
-bash: wine: command not found



yes is working


@ putty

yum groupinstall "X Window System"

At any prompts, just answer yes by typing "y" and pressing enter.


WINE needs X to run, so now that you have X up and running you're free to install WINE.
By default, CentOS 5.2 doesn't have the proper repositories to download WINE. To fix this, simply issue the following command:
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm This will download and setup your yum to use the EPEL repository, which WINE is on.

Now you can install WINE:
yum install wine At any prompts, just answer yes by typing "y" and pressing enter.

DJDaveX
10-27-2008, 06:07 PM
I've got a few questions:

1) I just finished installing uTorrent and I've got my WebUI working - however, now I'm trying to setup the FTP, but the line


# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /root/vsftpd.pem -out /root/vsftpd.pemGives me this error:


bash: openssl: command not found
2) Is it possible to create new torrents using uTorrent WebUI (not uTorrent over VNC)

3) Is there any way of deleting the files downloaded through a web interface, or is FTP/VNC my only option?

4) Is it possible to run both Torrentflux-b4rt and WebUI on the same server? The reason for getting a seedbox is that my university blocks bittorrent traffic, and it also blocks ports - so I can't access things that are like domain.com:port#. I'd like to use WebUI while at home because it's a great interface, but I'm guessing TFlux is my only option at school.

Oh, and finally, I ran a couple test torrents which I'd like to delete now - I've deleted the torrents off uTorrent but I have no idea where to find the files - any idea? I didn't have a set save directory configured at that point and now I'm baffled >.>

Hopefully it's not too much hassle to answer these questions.

Thanks,

Dave

naq
10-28-2008, 02:11 PM
AFAIK, The dag repo I had setup for CentOS should still be working. I won't change it to EPEL until I know for sure dag isn't working anymore.

It's quite annoying to maintain this guide for CentOS/Fedora atm due to the wine bug, since these OS don't update wine very fast.

@clouseau66:
I tried looking for an older wine rpm package, but couldn't. The best way I think is to change your OS to Debian/Ubuntu if you can. If not, you'll have to compile wine from the latest source, which is not easily done. You'll have to remove wine, install git and the development packages, then compile it. PM me if you want help with this.

@DJDaveX:
1. openssl isn't installed. Type this to install:
# apt-get install openssl
or
# yum install openssl

(I'll add this to the guide later, since this happens too often)

2. No

3. Right click on a torrent, Remove Torrent + Data

4. Yes, just need to configure separate ports for them.

5. Check uTorrent Preferences for the default download folder. If you don't know how to delete from the command line, you can use FTP

clouseau66
10-28-2008, 07:29 PM
Thanks naq for the reply, I think I'll reinstall CentOS and start over with your suggestion on compiling wine or use the EPEL to do it. I have been screwing around for a couple of days now trying to get wine working, might as well start fresh (no biggie!), but if I do decide to compile it I may be PM'ing you for some advice. Thanks and for the other folks for thier posts as well. Much appreciated.....

regards

clouseau66

walkman79
10-28-2008, 09:38 PM
AFAIK, The dag repo I had setup for CentOS should still be working. I won't change it to EPEL until I know for sure dag isn't working anymore.

It seems that dag repo is not working anymore, but it's good to see you check the info before making any changes. You are doing a great job, take your time :)

Cheers

kareemamir
10-29-2008, 08:01 PM
Anyone want to set this up for me :P

Vanadium
10-30-2008, 04:53 AM
^^
done btw :)
(built wine 1.1.7 & utorrent 1.8.1, flies along)

atwitsend
10-30-2008, 05:26 AM
Ill be getting my server this weekend and have read over the guide a few times. Which is great and kindly appreciated. I do have a question. I seen where you could set up different user accounts on the server but I didn't see anything on 1) How to set how many torrents user could up/download at same time along with their folder path for their selected downloads. 2) Bandwidth allowed. 3) HDD space allotted for user. 4) Settings so that said user cant change or have access to privileged information or be able to change the settings I set for them on uT. If any of these things were covered I apologize but I didn't see them. Can anyone tell me how to go about doing this. I have a couple friends who want to use the server and help me with cost but I do want to limit what they can and cannot do. Thanks in advance.

Vanadium
10-30-2008, 05:47 AM
This guide doesn't cover quota's, etc. User account quota's aren't too hard to put on, but bandwitdh quota's are a bit harder to do (especially without virtualization etc, I don't think)
If you wanted to remove Preferences from webui, I think you'd have to edit it manually.

akb1973
11-02-2008, 09:27 AM
Yes could someone please tell me what I have done wrong. Or what I need to do now. I can sign into VNC and start uT but I get this screen in xterm. Any ideas? I also get invalid request when I try to webGui in my browser.

http://img113.imageshack.us/my.php?image=screenshot2ic5.jpg
(http://img152.imageshack.us/my.php?image=screenshotwb0.jpg)

c00L
11-03-2008, 08:28 PM
Yes could someone please tell me what I have done wrong. Or what I need to do now. I can sign into VNC and start uT but I get this screen in xterm. Any ideas? I also get invalid request when I try to webGui in my browser.

http://img113.imageshack.us/my.php?image=screenshot2ic5.jpg
(http://img152.imageshack.us/my.php?image=screenshotwb0.jpg)

What distro are you running ?

Vanadium
11-04-2008, 12:30 AM
What exactly is the problem? Click "Yes" or "No", bring uTorrent into the foreground and use it...

aleg
11-04-2008, 02:54 PM
I have tried to look for a solution but have not been able to find a definitive answer.

I setup, as a trial first in my home network, a seedbox using Ubuntu Server 8.10 with vsftpd 2.07, xfce4, wine 1.1.7.
I managed to setup the SSH tunneling, changed, the ftp and ssh ports. All is working but then for the Firewall.

When using any FTP Client for FTP explicit SSL/TSL the ports chosen for the data transfer are always outside the pasv_min_port and pasv_max_port range and are subsequently blocked by the firewall.

How can I make vsftpd to give out only port-no's inside its allowed range?

aleg

-----------------------------
Resolved:
I just thought to try another port-range. First I used 63320-63340.
Apparently this is not suitable, maybe to high, though I don't know the exact upper limits of suitable port-ranges.

But I changed it to something like 44320 - 44340, and it worked like a charm.
So for anybody with the some problems, try a lower range of port-no's.

naq
11-04-2008, 03:26 PM
Maybe you have to force it to use pasv instead of port in vsftpd.conf? Look here for all the options: http://vsftpd.beasts.org/vsftpd_conf.html

Also check your client, make sure it uses the pasv method...

aleg
11-04-2008, 04:02 PM
Hi NaQ

Thank you for your fast response.
But I already solved it (even faster :whistling, so maybe I wasn't so very clever in the first place).

Look at my previous post which I edited with my solution

Thanks again

aleg

GroggyP
11-05-2008, 12:36 AM
Hey
Planning on getting a server sometime soon, just got a few questions (probably easily answered by someone who knows anything about linux.. ive never used it before so im completely clueless).
Figured I would go with ubuntu for the sake of avoiding the wine problem, but in the steup of the server it lists both ubuntu desktop and ubuntu server as OS options.. which would should I go for?
Secondly, I've heard that files with non-unicode/special characters will not work with a linux/wine setup.. is there any way around this?

walkman79
11-05-2008, 02:09 AM
Hey
Planning on getting a server sometime soon, just got a few questions (probably easily answered by someone who knows anything about linux.. ive never used it before so im completely clueless).
Figured I would go with ubuntu for the sake of avoiding the wine problem, but in the steup of the server it lists both ubuntu desktop and ubuntu server as OS options.. which would should I go for?
Secondly, I've heard that files with non-unicode/special characters will not work with a linux/wine setup.. is there any way around this?

If you are not going to share the server with someone else, I recommend you the Ubuntu Desktop since it's easier to configure and it's very stable and definitely looks nicer.

c00L
11-13-2008, 07:24 PM
"configure: error: X development files not found. Wine will be built
without X support, which probably isn't what you want. You will need to install development packages of Xlib/Xfree86 at the very least."

I got that error trying to compile wine 1.1.7. How to solve it ?

Thanks in advance.

herra
11-14-2008, 08:43 PM
OK.. first attempt.. not going very well..
Server ready with ubuntu 8.04 Desktop (Hardy Heron)

...
edit
....

Resolved after many many hours..

WHY did you decide not to tell people to type "sudo" before these commands?

I'm just interested why did you decide that they didn't need this information?

Did you think that a noob to Linux would just "know" this?

herra
11-14-2008, 08:51 PM
Ubuntu 8.04 Desktop (Hardy Heron)

In the guide you say:
---------------------
Debian & Ubuntu:
Code:
# apt-get install vncserver wine xterm fluxbox vsftpd firefox vnstat
# update-menus
----------------------
First part worked fine. But update-menus returns "command not found"


Help!!!!

---
Edit:

I've given up!!

There are just too many inaccuaracies in the guide. Too many things just don't work or return errors. I've installed Windows Server for the two free months. Dunno what I'll do then.

naq
11-15-2008, 02:14 PM
@cOOL:

hmm, I think the line "apt-get build-dep wine" should have taken care of that. Did that command work? Many packages should have been installed that should include the ones wine was asking for

@herra

Sorry you had so much trouble. I'm not sure what issues you have, but "sudo" is definitely NOT needed before the commands in this guide. I suspect the problem might be you are not logged in as root, given you are using Ubuntu Desktop. The guide is meant for an installation from Putty with root login details.

ClayDay
11-17-2008, 03:00 AM
GREAT guide, so much information. You must have spent days writing all of this. Your work is greatly appreciated.

Borat
11-18-2008, 09:35 AM
sorry

azza2102
11-23-2008, 10:26 AM
hey mate, is it cool if i use your post on another site?

thanks

naq
11-23-2008, 02:54 PM
I don't mind.

azza2102
11-23-2008, 10:48 PM
would you be able to copy the source into a text file and send it to me? :D:D

makwi
11-25-2008, 12:34 PM
NAQ, 10x for guide! It works quite well(with a little google help) on my home test server(Ubuntu 8.04), till "SSH Secure" If I tried to load "Key" into puttygen, I couldn`t find it at /root for "root" and at /home/user-name/.. there aren`t /.ssh/ directories, at least visible.. what did I do wrong? And is this step SO important?(I mean If I have a good, strong password; its not the problem for me to type it every log in:))
And what means TBA in "Ecrypt the HD"?

GroggyP
11-27-2008, 12:21 PM
For the SELinux and .ssh parts of the initial setup, what directory should I be looking in?

for the selinux part at least, I went cd .. and found there were directories etc & sysconfig & selinux

This is in Debian, so I guess I'm really only asking about the .ssh part

Also, when installing the dependencies for vncserver I get the following 'error' messages

Setting up xfonts-encodings (1.0.0-6) ...
Setting up xfonts-utils (1.0.1-1) ...
Setting up xfonts-100dpi (1.0.0-3) ...
warning: /usr/lib/X11/fonts/100dpi does not exist or is not a directory
warning: /usr/lib/X11/fonts/100dpi does not exist or is not a directory

Setting up xfonts-75dpi (1.0.0-3) ...
warning: /usr/lib/X11/fonts/75dpi does not exist or is not a directory
warning: /usr/lib/X11/fonts/75dpi does not exist or is not a directory

Setting up xfonts-base (1.0.0-4) ...
warning: /usr/lib/X11/fonts/misc does not exist or is not a directory
warning: /usr/lib/X11/fonts/misc does not exist or is not a directory

GroggyP
11-28-2008, 08:50 AM
Trying to compile wine, get the following error message trying to extract the .tar files



localhost:~# ls
archive.key files wine-1.1.7.tar.bz2
localhost:~# tar -xvjpf wine-1.1.7.tar.bz2
tar: bzip2: Cannot exec: No such file or directory
tar: Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error exit delayed from previous errors

naq
11-28-2008, 02:49 PM
.ssh is in /root/

About the tar error, it seems you don't have bzip2 installed, type this to install it:

# apt-get install bzip2

I'm not sure about the fonts warnings. If they are just warnings, and the installation went through, you are probably fine.

GroggyP
11-29-2008, 04:15 AM
Thanks man, got it working now.
I get some weird cairo error when I try to open firestarter or firefox, but I don't think I need them atm.

I am having a problem with HTTPS connections in utorrent, I researched the error and it seems I don't have the required 'libs' to run https? I'm new to debian, but do you happen to know how to go about installing this?

ProUnbeatable
12-02-2008, 08:54 PM
@naq
do you have any messanger? like msn, gtalk, aim... I really need help setting up the vnc it doesn't work for some reason. It kept showing "Failed to connect to server (my.ip)" I followed your guide too... errr can someone help?

GroggyP
12-04-2008, 08:45 AM
I killed all the existing vncservers
started a new one using

vncserver -localhost -geometry 1024x768 -depth 24 :1

but when I try to log on using TightVNC Viewer a dialogue box saying "Connection closed." pops up (doesn't ask for password, I enter "localhost" for server).

So I killed that one, started a new one using

vncserver -geometry 1024x768 -depth 24 :1
And it let me log on using "localhost" as the server in TightVNC Viewer. Is this still connecting securely through the tunnel putty creates?

Karel
12-05-2008, 01:22 AM
nvm. sorted it.

andrew16
12-06-2008, 08:22 AM
I'm having trouble with VNC Viewer. I get the connection refused error.

http://img529.imageshack.us/img529/1181/vnc2qf2.jpg

I flushed the iptables but still unable to connect. I've checked the hosts file and all seems fine. Any idea where I'm going wrong?

The O.S is Debian 4.0.

Thanks, Andrew.

P.S - It's an OVH server so a reinstall is easy to do if required!