paulmellors dot net

I’ve had rather a large amount of connections to my FTP server lately trying to login with the username of administrator, it turns out that they are all ip’s from china. I’ve known about iptables for awhile, but never really learned about them. My first instinct was to just drop the IP with the command

sudo iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP

This worked a treat and is all well and good but i didn’t fancy typing in that line for every IP that tried to bugger my connections so here’s what i did

1, sudo touch /etc/iptables.sav
2, sudo chmod 777 /etc/iptables.sav
3, sudo iptables-save > /etc/iptables.sav
4, vim /etc/iptables.sav and add these lines into it. The lines with DROP at the end are IP ranges from china and surrounding areas. The last 4 lines tell the system to drop the ip after 3 failed connections for 120 seconds.

-A INPUT -s 222.0.0.0/255.0.0.0 -j DROP
-A INPUT -s 220.0.0.0/254.0.0.0 -j DROP
-A INPUT -s 218.0.0.0/254.0.0.0 -j DROP
-A INPUT -s 210.0.0.0/254.0.0.0 -j DROP
-A INPUT -s 202.0.0.0/254.0.0.0 -j DROP
-A INPUT -s 124.0.0.0/254.0.0.0 -j DROP
-A INPUT -s 120.0.0.0/252.0.0.0 -j DROP
-A INPUT -s 116.0.0.0/252.0.0.0 -j DROP
-A INPUT -s 114.0.0.0/254.0.0.0 -j DROP
-A INPUT -s 60.0.0.0/254.0.0.0 -j DROP
-A INPUT -s 58.0.0.0/254.0.0.0 -j DROP
-A INPUT -s 200.0.0.0/254.0.0.0 -j DROP
-A INPUT -s 188.0.0.0/254.0.0.0 -j DROP
-A INPUT -s 186.0.0.0/254.0.0.0 -j DROP
-A INPUT -i eth1 -p tcp -m tcp –dport 22 -m state –state NEW -m recent –set –name DEFAULT –rsource
-A INPUT -i eth1 -p tcp -m tcp –dport 22 -m state –state NEW -m recent –update –seconds 120 –hitcount 3 –name DEFAULT –rsource -j DROP
-A INPUT -i eth1 -p tcp -m tcp –dport 21 -m state –state NEW -m recent –set –name DEFAULT –rsource
-A INPUT -i eth1 -p tcp -m tcp –dport 21 -m state –state NEW -m recent –update –seconds 120 –hitcount 3 –name DEFAULT –rsource -j DROP

5, save the file and run sudo iptables-restore < /etc/iptables.sav
6, run sudo iptables -L and make sure all your rules are added [please note if you’ve a big list this can take awhile as it does do DNS lookups.

I’ve moved my Ubuntu webserver to a VMWARE platform, as i’ve done this i now have a spare machine, with 3 hdd’s in it.  So i figured i’d use this as a backup server.  now what’s the best way to do this?  samba? rsync over ssh?  Nah i’m going to use NFS.  Here’s how i did it.  Thanks to Ubuntu Geek

On the Server

1. sudo apt-get install nfs-kernel-server nfs-common portmap
2. make a folder where you want to mount, mine was /backup_nfs
3. sudo vi /etc/exports
4. add the line – /backup_nfs 192.168.1.1/24(rw,no_root_squash,async)   obviously change your IP range and backup folder location
5. sudo /etc/init.d/nfs-kernel-server restart
6. sudo exportfs -a  [ you need to run this every time you add something to /etc/export

On the Desktop/Other Server

1. sudo apt-get install portmap nfs-common
2. sudo mount <ipaddress>:/backup_nfs /backup_nfs
3. Alternatively you can add the following to the /etc/fstab and then reboot – <ipaddress>:/backup_nfs /backup_nfs nfs rw 0 0

I’m playing with mail servers at the moment, so if you know me and would like a mailbox that’s pop/imap/smtp and webmail and you don’t mind that it’s only 10 meg storage, and @fabmail.org then can you email me at paul.mellors@fabmail.org with the username the bit before @ and i’ll set you one up.

Please note if you do use a mailbox on my server, it’s not quick, it’s not a commercial server and it can go down at any time for any length of time my own email is on there so i do like to keep the server up

I’m only doing this for 100 users at the moment.  First come first served.

I took the time out this afternoon and last night, to move my webserver to Heron. It was running CentOS which is a damn good OS and close to what we use at work RHEL, but i wanted to be a Ubuntu house….and apart from my Windows mail server, i am

It pretty much went

1, install ubuntu

2, install apache, mysql and php

3, restore my mysql db’s, the apache confs, etc

4, ENJOY

Creating a webserver is rather easy, and i’m hearing of a little project that might make things even easier, check it out here – rapache

Just got my hands on a creative labs webcam, model PD1130 which looking at my mug in cheese, works out of the box

1, tail -f /var/log/messages

2, plug in the mouse look for this

Jun 13 14:29:06 desktop kernel: 20558.848138 usb 4-1: new full speed USB device using uhci_hcd and address 3

Jun 13 14:29:06 desktop kernel: 20559.021990 usb 4-1: configuration #1 chosen from 1 choice

Jun 13 14:29:06 desktop kernel: 20559.028415 /build/buildd/linux-ubuntu-modules-2.6.24-2.6.24/debian/build/build-generic/media/gspcav1/gspca_core.c: USB GSPCA camera found.(ZC3XX)

3, start up cheese and produce something like this If you have a cheese pic no not the food as some of my friends have sent me then send them to paul at paulmellors dot net

Now that the Ubuntu Membership has been split into regional boards, I’ve noticed the amount of new people on Planet Ubuntu is increasing on a daily basis, i really need to start thinking about membership, but that’s where the problem lies. What can i do? I’m not a developer, designer, i can’t write docs very well, i don’t speak any other languages to help with translations and with a baby due in September i don’t have the time to promote Ubuntu to the people in the street….help!!!!

I suspect this is a problem with a lot of Ubuntu users who want membership….am i wrong?

One of the great things about ubuntu is the Wubi, you can install Ubuntu without partitioning your machine, people say it’s not as fast as actually installing it, but to tell you what. I’ve not really noticed a difference. OK so it’s a little slower on boot, but once it’s in it seems great.

I’m wondering when the other distros will have something like this. How many people want to try Linux without having the hassle of partitioning or destroying their windows partition?