Running Apache and DHCP in Solaris 8

Quick Install

If you want to just get started and do not care about the details of what I did to create the Apache with mod_ssl package, you can do the following to install Apache:
Download (I will illustrate for Solaris 8 on SPARC):

apache-1.3.27-sol8-sparc-local.gzopenssl-0.9.6i-sol8-sparc-local.gz

Run
gunzip apache-1.3.27-sol8-sparc-local.gzgunzip openssl-0.9.6i-sol8-sparc-local.gz

and then, as root, run
pkgadd -d apache-1.3.27-sol8-sparc-localpkgadd -d openssl-0.9.6i-sol8-sparc-local

Put the directories, /usr/local/apache/bin and /usr/local/ssl/bin in your PATH. Put /usr/local/ssl/lib in your LD_LIBRARY_PATH:

vi /etc/profile
PATH=$PATH:/usr/local/bin:/usr/local/sbin:/usr/local/ssl/bin:/usr/ccs/bin
LD_LIBRARY_PATH=/usr/lib:/usr/openwin/lib:/usr/dt/lib:/usr/ucblib:/usr/local/lib:/usr/local/ssl/lib
export PATH LD_LIBRARY_PATH


Set "Port 80, ServerAdmin admin@localhost" and "ServerName 127.0.0.1" in httpd.conf. Once you have the configuration the way you want it, you can run
/usr/local/apache/bin/apachectl start

tail /usr/local/apache/logs/error_log
[Sun Nov 18 00:26:35 2007] [error] mod_ssl: Init: Failed to generate temporary 512 bit RSA private key (OpenSSL library error follows)
[Sun Nov 18 00:26:35 2007] [error] OpenSSL: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
[Sun Nov 18 00:26:35 2007] [error] OpenSSL: error:04069003:rsa routines:RSA_generate_key:BN lib

Using "truss -d /usr/local/pache/bin/httpd" show that there is missing /dev/urandom. To rectify this problem you need to enable it by running:

ln -s /dev/random /dev/urandom

After that rerun /usr/local/apache/bin/apachectl start
telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.



Solaris DHCP Client
To set a Solaris box as a dhcp client (assuming the ethernet device ishme0), there are two ways:
1) Create an empty /etc/hostname.hme0 and /etc/dhcp.hme0
2) # ifconfig hme0 plumb # ifconfig hme0 dhcp start

However, this sets the hostname to unknown unless you specify somethinglike the following in the dhcp server config.

host netra {
hardware ethernet 08:00:20:da:63:96;
option host-name "netra";
}

Alternately, according to http://www.rite-group.com/rich/solaris_dhcp.html, you can download http://www.rite-group.com/rich/set_hostname to /etc/init.d, with a symbolic link to it from /etc/rc2.d/S70set_hostname. Put the hostname in /etc/nodename.


To disable dhcp in Solaris simply remove the two files mentioned above.

PPTP Passthrough via Linux Kernel

As I was upgrading the linux kernel from Redhat 6.2 to kernel 2.4, I realized the firewall policy did not work for PPTP on GRE and 1732 although the policies were loaded correctly. I "grep -r pptp /lib/modules/2.4.35.1" but return NO result. It simply means kernel would not nat PPTP traffic.

After much research, I learned a new thing called "patch-o-matic" from PPTPConnection Tracking Wiki and Netfilter Extensions HOWTO, then came the SmoothWall article at section 3c explain in detail what it is and how to apply this netfilter patch to the kernel.

Section 3c: Patch netfilter/iptables and the kernel source
This patch is actually the most important of all of them, and has the actual pptp_conntrack, and gre_conntrack, modules in it. The netfilter team provides a very handy and easy to use scriptlet to automate this process to a very large degree. The patch-o-matic script will walk you through a series of dialogs informing you which patch is in the queue, what it does, and sometimes other bits of important info. You are then prompted to apply the patch, or skip it and move on to the next in the queue. The patch-o-matic-ng-20040621 set is rather large, with many, many patches in it, and this process may take about 20-30 mins to run through the first time. (After you have done it a million times, it doesn’t take but about 5 mins, lol.) Be aware that not all of the patches can be applied at the same time, some are buggy, some simply don’t work, and some are incompatible with each other.

Two Versions: patch-o-matic vs patch-o-matic-ng
The netfilter team switched from the patch-o-matic format to the patch-o-matic-ng format after iptables 1.2.9 was released in Dec. 2003.

• patch-o-matic - work with iptables 1.2.9 and below. According to my own test it only supports up to linux-2.4.27 using the last snapshot patch-o-matic-20041009.tar.bz2.
• patch-o-matic-ng - work with iptables newer than 1.2.9 The runme script requires perl.

What confused me was there are so many versions and snapshots under both patch groups, which one to use? Since I don't prefer to use perl so I have to go for patch-o-matic. But I failed to patch from linux-2.4.30 downward untill only at linux-2.4.28 I encounter a success. Even then while compiling linux-2.4.28 the error occurs:
gcc -D__KERNEL__ -I/usr/src/linux-2.4.28/include -Wall -Wstrict-prototypes -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-pointer -pipe -mpreferred-stack-boundary=2 -march=i586 -DMODULE -DMODVERSIONS -include /usr/src/linux-2.4.27/include/linux/modversions.h -nostdinc -iwithprefix include -DKBUILD_BASENAME=ipt_connlimit -c -o ipt_connlimit.o ipt_connlimit.c
ipt_connlimit.c: In function `init':
ipt_connlimit.c:219: `ip_conntrack_module' undeclared (first use in this function)
ipt_connlimit.c:219: (Each undeclared identifier is reported only once
ipt_connlimit.c:219: for each function it appears in.)
ipt_connlimit.c:220: warning: value computed is not used
ipt_connlimit.c: In function `fini':
ipt_connlimit.c:227: `ip_conntrack_module' undeclared (first use in this function)
ipt_connlimit.c:228: warning: value computed is not usedmake[2]: *** [ipt_connlimit.o] Error 1

I need to disable "Connections/IP limit match support" option using "make menuconfig" to eliminate the error. I continue my journey and get the error below:
gcc -D__KERNEL__ -I/usr/src/linux-2.4.28/include -Wall -Wstrict-prototypes -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-pointer -pipe -mpreferred-stack-boundary=2 -march=i586 -DMODULE -DMODVERSIONS -include /usr/src/linux-2.4.27/include/linux/modversions.h -nostdinc -iwithprefix include -DKBUILD_BASENAME=ipt_ULOG -c -o ipt_ULOG.o ipt_ULOG.c
ipt_ULOG.c: In function `ip_ulog_fn':
ipt_ULOG.c:379: `qlen' undeclared (first use in this function)
ipt_ULOG.c:379: (Each undeclared identifier is reported only once
ipt_ULOG.c:379: for each function it appears in.)make[2]: *** [ipt_ULOG.o] Error 1

There are two possible workarounds:
1. Before applying the netfilter path
vi patch-o-matic-20041009/pending/40_nf-log.patch
if (qlen >= loginfo.qthreshold) {
at line 466 change "qlen" to "ub->qlen"

OR

2. After applying the netfilter patch
vi /usr/src/linux-2.4.28/net/ipv4/netfilter/ipt_ULOG.cgo to 379 change "qlen" to "ub->qlen"

Try again and it was managed to compile. I came across a link about using PPTP over linux-2.4.28 with success.

Well, looking at the complexity, I have no choice but to go for patch-o-matic-ng now. Humm, I am thinking since I have the latest linux-2.4.35.1 (latest 15 Aug 2007) I need the latest snapshot of the time i.e. patch-o-matic-ng-20070909.tar.bz2. The steps below:

1. cd /usr/src
2. ln -s linux-2.4.35.1 linux
3. cd /usr/local/src
4. wget http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/patch-o-matic-ng-20070909.tar.bz2
5. tar xIf patch-o-matic-ng-20070909.tar.bz2
6. cd patch-o-matic-ng-20070909
7. ./runme extra
   Can't locate Pod/Usage.pm in @INC (@INC contains: /usr/lib/perl5/5.00503/i386-linux
   /usr/lib/perl5/5.00503 .) at ./runme line 14.BEGIN failed--compilation aborted at ./runme line 14.
8. In Asus machine C:\Documents and Settings\Administrator\Desktop\Source\DF\Redhat 6.2 updates
   rpm -Uvh perl-5.6.1-36.1.72.i386.rpm perl-CPAN-1.59_54-36.1.72.i386.rpm
9. ./runme extra
   Press 'y' if any patch failed then press 'n' to skip that patch
10. Go to the linux source directory make menuconfig to enable all the netfilter features.

With all the hessles, to my disappointment it did not have PPTP NAT built in. It was confirmed by PPTPConnection Tracking Wiki under the section: With an older kernel - "I Didn't Listen". About patch-o-matic-ng, it said "They no longer support this [pptp] patch".

I suppose it is because the netfilter folks are focusing on kernel 2.6 which has the pptp patch rolled in official source tree. I set a side my frustration and said to myself let's forget about kernel 2.4 entirely and concerntrate only on kernel 2.6, anyway this is the direction of the furture.

I loaded in linux-2.6.22.5 and start the moduels nf_nat_pptp, nf_conntrack_pptp, nf_nat_proto_gre, nf_conntrack_proto_gre, nf_nat_ftp, and nf_conntrack_ftp in /etc/rc.d/rc.local. However the firewall policy still not working for PPTP NAT. From the information I gathered, I need to upgarde the iptables from iptables-1.2.7a (currently running). The steps below:

1. cd /usr/src
2. wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.22.5.tar.bz2
3. tar xIf linux-2.6.22.6.tar.bz2
4. ln -s linux-2.6.22.6 linux
5. cd linux/include
6. ln -s asm-i386 asm
7. cat > linux/version.h # no need if it was compiled before
   #define LINUX_VERSION_CODE 132626
   #define KERNEL_VERSION(a,b,c) (((a) <<>
8. cd /usr/inclue; ln -s /usr/src/linux/include/asm-generic
9. cd /usr/src
10. wget ftp://194.199.20.114/linux/fedora/core/development/source/SRPMS/iptables-1.3.7-2.src.rpm
11. rpm -i iptables-1.3.7-2.src.rpm
12. wget http://ftp.netfilter.org/pub/iptables/iptables-1.3.8.tar.bz2
13. tar xIf iptables-1.3.8.tar.bz2
14. ln -s iptables-1.3.8.tar.bz2 iptables
15. cp /usr/src/redhat/SPECS/iptables.spec iptables-1.3.8
16. cp /usr/src/redhat/SOURCES/iptables.init .
17. cp /usr/src/redhat/SOURCES/iptables-config .
18. tar cIf iptables-1.3.8.tar.bz2 iptables-1.3.8
19. rpmbuild -ta iptables-1.3.8.tar.bz2
    ...
    Wrote: /usr/src/redhat/SRPMS/iptables-1.3.8-2.src.rpm
    Wrote: /usr/src/redhat/RPMS/i386/iptables-1.3.8-2.i386.rpm
    Wrote: /usr/src/redhat/RPMS/i386/iptables-ipv6-1.3.8-2.i386.rpm
    Wrote: /usr/src/redhat/RPMS/i386/iptables-devel-1.3.8-2.i386.rpm
20. I have copied iptables-1.3.8.spec to development/source/patch/kernel folder.

Finally it works!

Setup Netgear MA111 Wireless USB for Linux

Background
Someone happened to pass me an USB WIFI adapter sometime ago. The item was left idle on my desk for a while until recently I give a try on my new 2.4.33 kernel. Inside Netgear MA111 is a Prism chipset. There is an open source driver for this chipset from www.linux-wlan.com.


Getting Started
I took the following steps to complete the installation:

1. Download the source linux-wlan-ng-0.2.5.tar.gz to /usr/local/src
2. cd /usr/local/src; tar xvzf linux-wlan-ng-0.2.5.tar.gz
3. To make the module run "make config"
This will ask you one by one which module to compile:
-------------- Linux WLAN Configuration Script -------------

The default responses are correct for most users.

Build Prism2.x PCMCIA Card Services (_cs) driver? (y/n) [n]:
Build Prism2 PLX9052 based PCI (_plx) adapter driver? (y/n) [n]:
Build Prism2.5 native PCI (_pci) driver? (y/n) [y]:
Build Prism2.5 USB (_usb) driver? (y/n) [y]:
...

4. make all; make install - The driver and configuration programs are copied to the rightful place in your OS directory.


Create the Installer
1. Below is a shell script I create to make the installer to distribute to other system:
tar cvzf linux-wlan-ng-0.2.5.i386.tgz \
/etc/wlan \
/sbin/wlanctl-ng \
/sbin/nwepgen \
/sbin/wlancfg \
/sbin/prism2dl \
/lib/modules/2.4.33.4/linux-wlan-ng

2. If you want to create a kernel with WLAN installer, here the script:
tar czf kernel24-wlan-ng-i386.tgz \
/lib/modules/2.4.33.4 /boot/System.map-2.4.33.4 /boot/vmlinuz-2.4.33.4 \
/usr/src/redhat/RPMS/i386/modutils-* \
/etc/wlan \
/sbin/wlanctl-ng \
/sbin/nwepgen \
/sbin/wlancfg \
/sbin/prism2dl \
/lib/modules/2.4.33.4/linux-wlan-ng


Configuration
After you have install the new driver, you need to load it. According to the README found in linux-wlan-ng-0.2.5.tar.gz, the simplest way to do this is to add the following commands to your rc.local file:

modprobe prism2_pci [or prism2_usb/prism2_plx]
wlanctl-ng wlan0 lnxreq_ifstate ifstate=enable
wlanctl-ng wlan0 lnxreq_autojoin ssid=linksys authtype=opensystem
ifconfig wlan0 netmask broadcast
route add default wlan0

The ssid can be empty if you do not have any, e.g.
wlanctl-ng wlan0 lnxreq_autojoin ssid= authtype=opensystem

Also add "alias wlan0 prism2_usb" for wlan0 to /etc/modules.conf.


Start up Automatically
I have tried this method and it works fine. But a better method is to load the driver using rc script. linux-wlan-ng-0.2.5.tar.gz comes with a rc script (linux-wlan-ng-0.2.5/etc/rc.wlan). You can copy and rename this file to /etc/rc.d/init.d/wlan. A minor modification to the content of the file is needed; edit /etc/rc.d/init.d/wlan on a) line 3 - change rc.wlan to wlan, b) line 5 - remove a hidden space at the end of chkconfig line. Save the file then run "chkconfig --add wlan; chkconfig wlan on" to enable it.

To test it run "service wlan start". However I realized that running it on the command line is OK, but when I restart the machine, the driver wasn't loaded automatically, after some debugging, I noted the problem was due to the standard USB core need more time to start up before loading prism driver. The workaround is insert "sleep 5" into /etc/rc.d/init.d/wlan at line 40.


Join a Wireless Network
When the drive is loading, it will attempt to associate with any access point within range. However, it is highly recommended to set up a configuration specifically for your network, using the following method:

This example assumes your network name/SSID is "linksys"
1. cp /etc/wlan/wlancfg-DEFAULT /etc/wlan/wlancfg-linksys
2. edit /etc/wlan/wlan.conf and change the SSID_wlan0 line to SSID_wlan0="linksys"
3. edit /etc/wlan/wlancfg-linksys, and make any necessary changes necessary to support your network, such as WEP and whatnot.

Again, if you do not use SSID just leave SSID_wlan0 blank.


Unresolved Problem
There is a problem I encounter which I have yet to find an answer, I hope you (reader of the article) can help me to get a solution. When I reboot the machine somehow the rc script is not executed by OS during unloading process; because of that the machine will hang on BIOS state. I believe it is caused by the USB adapter not properly shutdown (the LED light is still on).


References
1. linux-wlan-ng-0.2.5/REAME
2. Netgear MA111 USB Wireless Howto
3. Jacek Pliszka's wireless hints: 802.11b / Wi-Fi Linux USB
4. Wireless LAN resources for Linux
5. HOWTO Prism2 USB on Gentoo
6. Linux and Wireless LANs
7. Linux and WireLess Mobile AdHoc Networks - MANETs
8. Linux and Wireless LAN Access Points (Routers) - WLAN APs
9. Wireless LAN Sniffer Applications for Linux
10. Adding an External WireLess Antenna to a Laptop or Notebook
11. Adding a WireLess miniPCI Card to a Laptop or NoteBook
12. Prism II Access Point Mini-Howto
13. A Linux Wireless Access Point HOWTO
14. Installing and Configuring HostAP
15. Inside a Linksys Wap11
16. Atmel Wireless LAN Driver for Linux
17. The Linux ORiNOCO Driver
18. Prism2 USB 802.11b devices under Linux
19. Getwifi
20. Wireless Networking in the Developing World



This article is copyrighted by Victor Wu