Sie sind auf Seite 1von 57

ClarkConnect User Guide

Login

Info

Partners

Modules

Buy

Download

Help

Forums

User Guide

ClarkConnect Office 2.0 User Guide


Point Clark Networks
Copyright 2003 by Point Clark Networks

Table of Contents 1. Introduction Welcome Differences Between Office and Standard Versions 2. Quick Start Guide 3. System Requirements Hardware Network Cards Internet Connection Cable Modems DSL and PPPoE ISDN and Satellite 4. Installing the Software Installation Type Network Install CD-ROM - Bootable CD-ROM Creating the Installation Floppy Starting the Install Install Configuration Selecting your Server Type Selecting your Network Connection Type Selecting Your Network Card Drivers Configuring Your Network Configuring Your Network - PPPoE Configuring Your LAN IP Address Selecting Your Hostname - Password - Timezone - Hard Disk Partitioning Selecting Your Software Post Install Administration Console Wireless Card Configuration Network Card Configuration Changing the LAN IP Address 5. Setting Up Other Machines Overview Windows 95/98 Windows 2000 Windows XP 6. Core Software Overview Web-based Administration Caching Nameserver DHCP Server Network Monitor Software Updates - Web-based Administration

http://www.clarkconnect.org/docs/office-2.0/big.html (1 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Software Updates - Command Line apt-get 7. Modules Overview AppleTalk Bandwidth Limiter Banner Ad Blocker Caller ID Content Filter FTP Server Intrusion Detection Mail Server - POP and IMAP Mail Server - SMTP Network Watcher Photo Gallery Print Server RAV Antivirus Samba - Windows File Sharing VPN Server - IPsec Overview Configuring Connections with Static IPs Configuring Connections with Dynamic IPs Configuring Road Warriors Configuring Windows Network Neighborhood - WINS VPN Server - PPTP Overview Configuring the PPTP Server Configuring Windows 95/98 Configuring Windows XP Web Proxy Web Server Webmin 8. Services Dynamic DNS and Software Updates - Free 9. Firewall Overview Opening Ports Port Forwarding Firewall Blocking 10. Troubleshooting FAQ - Frequently Asked Questions Why can't I get ClarkConnect Office to detect my network card? How do I fix signal 11 errors? How do I remove the "FAILED" messages on boot? How do I edit files? I don't know vi... A. Understanding Networks B. ISA Network Cards C. License and Warranty List of Tables 2-1. Quick Start Network Settings 3-1. Hardware System Requirements 4-1. Supported Network Cards on Installation Floppy 5-1. Network Settings 6-1. Modules and Package Names 7-1. AppleTalk Information 7-2. Bandwidth Limiter 7-3. Privoxy Information 7-4. Caller ID Information 7-5. Content Filter Information 7-6. ProFTPD Information

http://www.clarkconnect.org/docs/office-2.0/big.html (2 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

7-7. Intrusion Detection Information 7-8. POP and IMAP Information 7-9. Mail Server - SMTP 7-10. Network Watcher 7-11. Photo Gallery 7-12. Print Server 7-13. RAV Antivirus 7-14. Samba 7-15. IPsec 7-16. PPTP 7-17. Web Proxy 7-18. Web Server 7-19. Webmin A-1. Netmasks and Networks

Chapter 1. Introduction Welcome


The ClarkConnect Office software transforms a standard PC into a full-featured Internet server/gateway. We have kept the required knowledge of Linux to a minimum by creating an easy-to-use web interface for configuration. Since ClarkConnect Office is based on Red Hat, you have the flexibility to install any of the thousands of software packages (RPMs) on your system. This document describes how to install and configure your ClarkConnect Office server/gateway. You should have the following background and experience:
q

working knowledge of basic network concepts beginner's knowledge of Linux a DSL or cable modem Internet connection a small network

Features Please check the website for feature list. What's New Please check the website for the release notes.

Differences Between Office and Standard Versions


Suited for the Home Office/Small Office environment, the Office version brings additional features such as:
q

30-day install support by email 30-day Antivirus and Antispam scanner trial IPsec VPN tools including support for dynamic IPs PPTP data encryption for road warrior VPN

http://www.clarkconnect.org/docs/office-2.0/big.html (3 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

PPTP passthrough Sophos Antivirus (extra charges apply) Support for dual-processor systems Optimization for Pentium and Athlon Access to Red Hat 2.0 RPMS and updates via apt

Chapter 2. Quick Start Guide


Warning The contents of all your hard disks on the target computer will be completely erased. For those folks who do not like to read manuals, here are the required steps to get your ClarkConnect Office server up and running. Step 1 - Build your home/office network Step 2 - Select computer hardware You won't need too much horsepower to run a ClarkConnect Office device. You will need at least 32MB of RAM (though 64MB is recommended if you plan on using all the bells and whistles) and a 1GB disk. Step 3 - Install two network cards into your server Linux does a good job at auto-detecting most hardware. If you plan on purchasing new network cards, make sure they are supported by Linux. See Red Hat's Hardware Compatibility List. Step 4 - Create the installation floppy disk You need to use one of the ClarkConnect Office tools to create your floppy. On the CD, you will find the mkbootfloppy script for Linux, and the ClarkConnect Office Tools for Windows. If you have a bootable CD drive, you can skip this step. Step 5 - Install the ClarkConnect Office software Network Install
q

1. Insert the installation disk 2. Turn on your target computer 3. Follow the installation wizard

CD-ROM Install - with Boot Floppy


q

1. Insert the installation disk 2. Insert the ClarkConnect Office CD 3. Turn on your target computer

http://www.clarkconnect.org/docs/office-2.0/big.html (4 of 57)5.2.2004 19:41:23

ClarkConnect User Guide


q

4. Follow the installation wizard

CD-ROM Install - with Bootable CD


q

1. If necessary, change your BIOS settings to run bootable CDs 2. Insert the ClarkConnect Office CD 3. Turn on your target computer 4. Follow the installation wizard

Step 6 - Configure other computers and devices on your network You have to make changes to your computers sitting on your network. Use the following table as a guide: Table 2-1. Quick Start Network Settings Feature Default ClarkConnect Office IP Address Available static IPs Addresses used by DHCP DNS Servers Description 192.168.1.1 192.168.1.2 - 192.168.1.99 192.168.1.100 - 192.168.1.254 192.168.1.1 and/or your ISP's DNS servers

Step 7 - Install ClarkConnect Office Monitor (Optional) If you are a Windows user, you can install the Network Monitor component from the installer on the CD or the website.

Chapter 3. System Requirements Hardware


Table 3-1. Hardware System Requirements Hardware Processor Memory Hard Drive Network Cards Monitor Video Card CD-ROM Floppy Drive Modem Minimum Requirements Pentium 32 MB for basic setup, 64 MB for all the features 1 GB You will need 2 of these Only required for the installation Any old video card will do Not required if you install over the Internet Not required if you have a bootable CD-ROM drive Only required for caller ID feature

Network Cards
Linux does a good job at auto-detecting most hardware. Most mass-market PCI network cards are supported. Take a look at the Red Hat Hardware Compatibility List website to see if your network card is compatible. If you plan on buying new network cards for ClarkConnect Office and have two spare PCI slots, then save yourself some time and

http://www.clarkconnect.org/docs/office-2.0/big.html (5 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

select the network cards that are designated 100% compatible. Do you plan on using ISA network cards? Do you only have ISA slots available or older ISA network cards around? You can still install the ClarkConnect Office software, but it will take some extra work to get the network cards working. ClarkConnect Office includes the Console Tool to help you with network card drivers, but you may have to edit the driver configuration file - see Appendix A Are you interested in a wireless network? ClarkConnect Office includes wireless support for the Orinoco Silver wireless cards. If you are purchasing these cards, please note the following:
q

The Gold cards will work fine, but Linux does not support the proprietary features that differentiate this card from the Silver version. You will require a PCI or ISA adapter. From the Orinoco site: "For PCs with an ISA slot, the ORiNOCO ISA adapter is strongly advised."

Are you building a network from scratch? You may want to look at some of the Network Starter Kits available on the market.

Internet Connection
ClarkConnect Office supports most DSL (including PPPoE) and cable modem broadband Internet connections. We do not expect to add support for ISDN or satellite types of broadband any time soon. However, if you have had success with getting Linux working on such a system, then we want to hear from you! E-mail us at beta@clarkconnect.com.

Cable Modems Most cable modem Internet service providers will include a standard Ethernet card and external modem to enable your high-speed Internet connection. Fortunately, the days of proprietary software and logins are mostly behind us, so you should be able to setup ClarkConnect Office without too much tinkering. However, some of the cable modem providers still have some quirks. Fortunately, Vladimir Vuksan has put together a great resource of Cable Modem Providers! If you are having trouble getting ClarkConnect Office to work with your cable ISP, check the following web site for some troubleshooting tips - http://www.tldp.org/HOWTO/Cable-Modem/ isps.html. ClarkConnect Office includes the software required to connect to Australia's Telstra Big Pond Service. Make sure you select the BPALogin option in the installation wizard!

DSL and PPPoE During the ClarkConnect Office install, you will be asked for which type of DSL service you use - PPPoE or "Standard". These are mutually exclusive implementations, so you will need to select the right type during installation. It is very important to know how your Internet service provider configures your network. If you are not sure, ask the ISP's tech support staff, or other users.

http://www.clarkconnect.org/docs/office-2.0/big.html (6 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

ISDN and Satellite We do not support ISDN or satellite broadband service providers.

Chapter 4. Installing the Software Installation Type


To install the ClarkConnect Office software, you require an installation floppy disk or a bootable CD drive. The rest of the software is installed from the CD-ROM or directly over your high-speed Internet connection.

Network Install For network installs, you will need to create and installation floppy disk (described in the next section). Due to space limitations on the installation floppy, only a subset of network card drivers are available (see table below). Table 4-1. Supported Network Cards on Installation Floppy Driver 3c59x 8139too de4x5 eepro eepro100 eexpress lne390 ne2k-pci ne pcnet32 smc-ultra32 smc-ultra tlan tulip via-rhine Description 3Com 3c590/3c595/3c90x/3cx98 RTL8139, SMC EZ Card Fast Ethernet DE4x5, DE434, DE450, and DE500 DEC EtherWORKS EtherExpress Pro/10 Intel EtherExpress Pro 100B EtherExpress Mylex LNE390 EISA PCI NE2000 clones NE1000, NE2000, and compatible AMD PCnet32 SMC Ultra32 EISA SMC Ultra, SMC EtherEZ ISA ThunderLAN DEC 21040, most 21*40 Ethernet VIA VT86c100A Rhine-II PCI

Compare your network card to the Red Hat Hardware Compatibility List. Keep in mind that each driver supports many types of network cards. For instance the "tulip" driver can be used for Intel, LNE100TX, Accton and other types of network cards. If your network driver is not listed in the above table, you will need to use a CD to create your ClarkConnect Office device. Warning You must install by CD-ROM if you fall into one of the following categories: You have a PPPoE type connection Your ISP uses a non-standard connection procedure (e.g. Telstra's Big Pond Service) Your network card is not supported on the installation floppy

http://www.clarkconnect.org/docs/office-2.0/big.html (7 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

CD-ROM - Bootable CD-ROM If your target computer contains a bootable CD-ROM drive, then you do not require an installation floppy disk. However, you may need to change the settings in your BIOS to start the ClarkConnect Office install.

Creating the Installation Floppy


A note to users with PPPoE connections: The ClarkConnect Office software does support PPPoE, but we do not include support on the installation floppy. You will only be able to install with a CD. To create the installation floppy disk, you need to use the ClarkConnect Office floppy creation tool. From Windows From the ClarkConnect Office CD, run the installer from the installer/windows folder. Alternatively, you can download the software from your online account. After installation, run the Floppy Disk Wizard. From Linux You can run the Floppy Disk Creator directly from the CD. The following commands may be different depending upon your setup. bash# mount /dev/cdrom /mnt/cdrom bash# /mnt/cdrom/installer/linux/mkbootfloppy

Alternatively, you can download the floppy disk images from your online account. bash# tar -xzvf cc-office-2.0.tar.gz bash# cd cc-office-2.0 bash# ./mkbootfloppy

Starting the Install


Warning The contents of all your hard disks on the target computer will be completely erased. Network Install
q

1. Insert the installation disk 2. Turn on your target computer 3. Follow the installation wizard

CD-ROM Install - with Floppy


q

1. Insert the installation disk 2. Insert the ClarkConnect Office CD 3. Turn on your target computer

http://www.clarkconnect.org/docs/office-2.0/big.html (8 of 57)5.2.2004 19:41:23

ClarkConnect User Guide


q

4. Follow the installation wizard

CD-ROM Install - with Bootable CD


q

1. If necessary, change your BIOS settings to run bootable CDs 2. Insert the ClarkConnect Office CD 3. Turn on your target computer 4. Follow the installation wizard

Install Configuration
Selecting your Server Type ClarkConnect Office now supports standalone server mode. This mode is used to create a server on a local area network (behind an existing firewall). Only one network card is required.

Selecting your Network Connection Type If you are installing with a CD-ROM, you will need to select the type of Internet connection you have (DSL, DSL/ PPPoE, Cable).

Selecting Your Network Card Drivers You will need to manually configure your network card settings if the installer does not automatically detect the driver. Most ISA-based network cards may also require the I/O and IRQ settings for the driver. See the Linux Ethernet HOWTO and Appendix A for some tips and tricks.

Configuring Your Network

http://www.clarkconnect.org/docs/office-2.0/big.html (9 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Configuring Your Network - PPPoE ClarkConnect Office supports PPPoE DSL connections. Add the username and password provided by your ISP on this screen. For brain dead ISPs, you may also need to specify DNS servers.

Configuring Your LAN IP Address If you are installing ClarkConnect Office as a gateway, you must specify the network settings for your local area network. The LAN hostname can be used instead of the IP address for many network tools. For instance, you will be able to access the web-based administration tool at https://<LAN-hostname>:81 in your web browser.

Selecting Your Hostname - Password - Timezone - Hard Disk Partitioning The next few screens will ask for your device name, system password, timezone and partition settings. If you would like to specify your own partition scheme, then you should select "yes" on the "Select Partition Type" screen. The

http://www.clarkconnect.org/docs/office-2.0/big.html (10 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

partitioning configuration will appear in the second stage of the installation process... don't panic! Warning Do not forget your system password!

Selecting Your Software Select the software components to install on your system. Not all the modules (including AppleTalk and Junkbuster) are shown here - don't panic. With the ClarkConnect Office web-based configuration, you can add other modules after installation.

Post Install
Administration Console You can access network configuration tools from the Administration Console tool. All other configuration is done remotely via a web browser -- the console is only used to change or configure your network information. The console can be accessed from a monitor/keyboard attached the server.

http://www.clarkconnect.org/docs/office-2.0/big.html (11 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Wireless Card Configuration To setup your Wireless Network, please view the additional Howto at http://www.clarkconnect.org/help/howtos/ wireless.html.

Network Card Configuration Linux will auto-detect most PCI-based network cards. Older ISA cards may require setting parameters for the IRQ and IO. You may also need to disable plug-and-play features on the card. Please check Red Hat's Hardware Compatibility Lists to see what settings may be required for your brand of network card. Warning The two network cables coming from your box may need to be swapped. If you are having a hard time connecting to the Internet, make sure you try swapping the cables. If you have old network cards, you can configure the drivers and settings (IRQs and IO). Warning Gotcha! You may only need to specify an IO or IRQ ... but not both.

Changing the LAN IP Address If you need to change the IP address of your LAN connection, please use the Administration Console. This tool not only updates the IP address, but also your firewall, DHCP server, print server, etc.

Chapter 5. Setting Up Other Machines Overview

http://www.clarkconnect.org/docs/office-2.0/big.html (12 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

All of the computers and devices on your network must have Internet addresses between 192.168.1.2 and 192.168.1.254. When you are configuring your network, you have two choices: 1. Manually set the IP address to a specific number (static IP) or 2. Allow ClarkConnect Office to automatically determine the IP address (via DHCP). Make sure you only use an address between 192.168.1.2 - 192.168.1.99 if you configure devices with static IP addresses. ClarkConnect Office includes a caching DNS server, but you can use this as your Internet Service Provider's DNS servers if you wish. Table 5-1. Network Settings Feature Default ClarkConnect Office IP Address Available static IPs Addresses used by DHCP DNS Servers Description 192.168.1.1 192.168.1.2 - 192.168.1.99 192.168.1.100 - 192.168.1.254 192.168.1.1 and/or your ISP's DNS servers

Windows 95/98
To set up networking in the Windows 95/98 environment... Step 1 - Control Panel
q

Click on the Start button, then follow the menu to Settings > Control Panel Double-click on the Network icon to bring up a window that will look similar to the screenshot Select TCP/IP and click on the Properties button.

http://www.clarkconnect.org/docs/office-2.0/big.html (13 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Step 2 - IP Address On the IP Address tab, you can select Obtain an IP address automatically and ClarkConnect Office will automatically assign an IP address for you. Alternatively, you can choose Specify an IP address (as shown in the screenshot). Make sure you pick an address between 192.168.1.2 to 192.168.1.99. The subnet mask is always 255.255.255.0.

http://www.clarkconnect.org/docs/office-2.0/big.html (14 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Step 3 - Gateway Settings Click on the Gateway tab. If you decided to let ClarkConnect Office assign your IP address automatically, then there is no need to add an Installed Gateway. Your ClarkConnect Office software will automatically handle this for you. If you decided to specify your IP address, then you will need to add 192.168.1.1 to the list of installed gateways (as shown).

http://www.clarkconnect.org/docs/office-2.0/big.html (15 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Step 4 - DNS Settings If you decided to let the ClarkConnect Office assign your IP address automatically, then you can select Disable DNS. ClarkConnect Office will automatically configure these settings. If you decided to specify your IP address, then you will need to add 192.168.1.1 to the DNS Server Search Order list (as shown). You should also add a host name and then add "lan" as the domain. If you prefer to bypass the ClarkConnect Office DNS cache, you can add the DNS servers given by your Internet service provider.

http://www.clarkconnect.org/docs/office-2.0/big.html (16 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Windows 2000
To set up networking in the Windows 2000 environment... Step 1 - Network Connections Click on the Start button, then follow the menu to Settings > Network and Dial-up Connections

Right-click on the Local Connection icon and go to properties.

http://www.clarkconnect.org/docs/office-2.0/big.html (17 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

If the Local Area Connection Properties does have Internet Protocol (TCP/IP) go to Step 2 - Configuring TCP/IP. If the Local Area Connection Properties does not have Internet Protocol (TCP/IP), you will need to install it using the Install button.

The "Select Network Component Type" dialog box will appear.

http://www.clarkconnect.org/docs/office-2.0/big.html (18 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Select "Protocol" and click on Add. The enumeration of the protocols will take a minute or so. Select "Microsoft" from the left panel and select Internet Protocol (TCP/IP) from the right panel. Click the OK button.

Step 2 - Configuring TCP/IP You can configure the TCP/IP properties by clicking on the properties button in the Local Area Connection dialog box.

Select "Obtain and IP address automatically" and ClarkConnect Office will automatically assign an IP address for

http://www.clarkconnect.org/docs/office-2.0/big.html (19 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

you.

Alternatively, you can choose "Use the following IP address:" and enter the IP address, subnet mask, default gateway and DNS server addresses. If you have more than three DNS servers, use the advanced button at the bottom of the dialog box to specify the addresses and the order in which they are used.

http://www.clarkconnect.org/docs/office-2.0/big.html (20 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Windows XP
To set up networking in the Windows XP environment... Step 1 - Control Panel
q

Click on the Start button, then follow the menu to Settings > Control Panel Double-click on the Network Connections Right click on Local Area Connection and go to Properties

http://www.clarkconnect.org/docs/office-2.0/big.html (21 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Step 2 - Select IP Properties Select TCP/IP and click on the Properties button.

http://www.clarkconnect.org/docs/office-2.0/big.html (22 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Step 3 - IP Address On the IP Address tab, you can select Obtain an IP address automatically and ClarkConnect Office will automatically assign an IP address for you. Alternatively, you can choose Specify an IP address (as shown in the screenshot). Make sure you pick an address between 192.168.1.2 to 192.168.1.99. The subnet mask is always 255.255.255.0. Step 4 - DNS Settings If you decided to let the ClarkConnect Office assign your IP address automatically, then you can select Disable DNS. ClarkConnect Office will automatically configure these settings. If you decided to specify your IP address, then you will need to add 192.168.1.1 to the DNS Server Search Order list (as shown). You should also add a host name and then add "lan" as the domain. If you prefer to bypass the ClarkConnect Office DNS cache, you can add the DNS servers given by your Internet service provider.

http://www.clarkconnect.org/docs/office-2.0/big.html (23 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Chapter 6. Core Software Overview


This chapter describes the core software installed on every ClarkConnect Office server.

Web-based Administration
ClarkConnect Office includes a web-based configuration tool. If you used the default LAN settings, then point your browser to https://192.168.1.1:81. If you are using the caching DNS server, you can type name of the server instead (e.g. clarkconnect.lan). Your browser will issue an "Invalid Certificate" message when you access the site. Your connection is still secure and encrypted, but your server certificate is not official. A valid certificate (like the one used at https://secure.pointclark. net) costs over $150 a year to maintain and not necessary for a simple server. Use the "Install Certificate" option in your web browser to bypass this warning screen the next time you access the ClarkConnect Office web-based administration. Click on the Admin Home in the navigation bar to access the advanced configuration features.

http://www.clarkconnect.org/docs/office-2.0/big.html (24 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Login as username "root" with the password you defined during the installation.

Caching Nameserver
People are not too adept at remembering numbers, so we we use hostnames instead of IP addresses (e.g. clarkconnect.lan instead of 192.168.1.1). The default hostname was specified during the installation wizard (see LAN settings). If the computers on your network use ClarkConnect Office as their nameserver (see Setting Up Other Machines), the LAN hostname will automatically appear in the caching nameserver. Tip: If you add names in the /etc/hosts file, the results will automatically be included in the caching DNS server! Special thanks to Simon Kelley for creating the dnsmasq caching nameserver

DHCP Server
The Dynamic Host Configuration Protocol (DHCP) allows hosts on a network to request and be assigned IP addresses. The default configuration for the DHCP server is given in the Network Settings table. If you changed the default LAN settings during the installation wizard, then your changes will also be reflected in the DHCP server. Some tips:
q

You should only have 1 DHCP server per network. If you already have one running, then you will cause grief. Keep a range of IP addresses available for static addresses. Some devices (printers) and incoming VPN connections may require a static IP.

http://www.clarkconnect.org/docs/office-2.0/big.html (25 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Do not use the broadcast address (e.g. 192.168.1.255) as the last IP in the range.

Network Monitor
The ClarkConnect Office Network Monitor sits in the system tray of your Windows desktop. When a network outage occurs, you will see the icon change. Double-clicking on will show a history of network uptime (see screenshot). The software is part of the Windows Tools package. You can find the installer in installer/windows on the CD, or you can download it from your online account.

Warning Do not (we really mean it... don't do it) install this software on Windows NT systems.

Software Updates - Web-based Administration


The web-based administration includes a tool to update and install software on your system. You can view and install the latest software on your system with a few clicks on a web browser. You must register your ClarkConnect Office system to access this page.

Software Updates - Command Line apt-get


The apt-get tool installs and upgrades software on your system. For those of you familiar with the underlying RPM package system, you know the frustration of resolving software dependencies. With apt-get, these dependency

http://www.clarkconnect.org/docs/office-2.0/big.html (26 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

issues are automatically resolved. To use apt-get, login to your ClarkConnect Office server as root. You can use SSH or the console. The following list of commands will get you started. Tip: Do you want to install the latest patches? Run the following two commands: i) apt-get update ii) apt-get upgrade apt-get update -- retrieves the latest list of software and updates available through apt-get. You should run this command before using other apt-get commands (you must run this at least once). apt-get upgrade -- performs an upgrade for all obsolete software on your system. apt-get install <package> -- installs software on your system. The package is the name of the RPM (see following table). apt-get -- displays other apt-get options Table 6-1. Modules and Package Names Module AppleTalk Banner Ad Blocker Caller ID Content Filter FTP Server Intrusion Detection Mail Server - SMTP Photo Gallery Print Server RAV Antivirus Samba VPN Server - IPsec VPN Server - PPTP Web Proxy Web Server Webmin Package netatalk privoxy cc-callerid cc-squid cc-proftpd cc-snort cc-postfix gallery cc-printing cc-ravpostfix cc-samba cc-ipsec cc-pptpd cc-squid cc-apache webmin

Mail Server - POP/IMAP cc-imap

Chapter 7. Modules Overview


You can install software on your system using two tools: either the web-based interface or the command-line "aptget" tool. Installing an add-on module may require several other software packages (or RPMS). Fortunately, both the web-interface and command-line tool automatically resolve these software dependencies. See apt-get and webbased administration for more information. Warning You can select some of the following packages during the installation wizard. Unfortunately, some software can only be installed after the installation (e.g. Webmin, RAV Antivirus).

AppleTalk

http://www.clarkconnect.org/docs/office-2.0/big.html (27 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Table 7-1. AppleTalk Information AppleTalk Description Information The netatalk package enables Linux to talk to Macintosh computers via the AppleTalk networking protocol. It includes a daemon to allow Linux to act as a file server over EtherTalk or IP. netatalk "apt-get install netatalk"

Package Name Command-line Install Mac Notes


q

Go to the Control Panel/AppleTalk and make sure ethernet is selected. Go to Chooser and click on AppleShare. Under file servers, the server should show up --- first victory Click ok will bring a dialog box asking for name and password, or you can choose guest. If you click guest you only see the shared directory. (The same that Windows uses). If you enter a valid username and password on the ClarkConnect Office box, you can access your home directory. You will also have access to the shared directory.

You can put checkmarks next to either share to create links on the desktop then click OK. Note: when the box mentions cleartext for the password, it means that what you send as a password in not encrypted in anyway. So any system between the Mac and ClarkConnect Office can through packetsniffing read your password. You should now have complete read/write access to the linux box.--- second victory. Troubleshooting Tips
q

Stop and start atalk (Do not restart, it needs a few second pause between the commands and restart will do it too quick) From the command line, run "top" and watch to make sure that atalkd, papd and afpd have started. Hit 'q' to exit. Check the /var/log/messages log file for errors.

Bandwidth Limiter
Table 7-2. Bandwidth Limiter Bandwidth Limiter Description Package Name Command-line Install Information Restricts download speeds for PCs on your local network. cc-bandwidth "apt-get install cc-bandwidth"

Banner Ad Blocker
Table 7-3. Privoxy Information Privoxy Description Package Name
http://www.clarkconnect.org/docs/office-2.0/big.html (28 of 57)5.2.2004 19:41:23

Information Privoxy blocks banner ads and popups when browsing the web. privoxy

ClarkConnect User Guide

Command-line Install

"apt-get install privoxy"

Configuring Privoxy - Transparent Mode If you use ClarkConnect Office as a gateway, you can now configure the Privoxy banner ad blocker in transparent mode. In other words, it is not necessary to change the settings for all the web browsers on the PCs on your network (as described in the next section).
q

Step 1 - Install the Squid Web Proxy server Step 2 - From Squid's web-based administration page, set the proxy to transparent mode. Step 3 - From Squid's web-based administration page, enable Privoxy integration Step 4 - Start Squid and Privoxy.

Configuring Privoxy - Proxy Mode


q

Step 1 - Install the Privoxy module Step 2 - Make sure Privoxy is running - check "Running Services" in the the web-based administration tool. Step 3 - You must set your browser to use ClarkConnect Office as a proxy server. In Internet Explorer, click on Tools on the menu bar, then Internet Options. Click on the Connections tab, and then the LAN Settings button.

Step 4 - Add 192.168.1.1 and port 8118 to the proxy server settings. Click on the Advanced button and go to the next step.

http://www.clarkconnect.org/docs/office-2.0/big.html (29 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Step 5 - You will not be able to access websites on your local network unless you specify the exceptions shown.

Caller ID
Table 7-4. Caller ID Information Caller ID Description Package Name Command-line Install Information Log incoming caller information cc-callerid "apt-get install cc-callerid"

Warning The install will attempt to detect a modem -- this can cause the system to hang! If you are lucky enough to have a Linux-friendly modem with caller ID capabilities, then you can install the Caller ID package from ClarkConnect Office. You will receive a pop-up message on your desktop when your phone rings. You must run the ClarkConnect Office Network Monitor to receive the pop-ups. A call log is also displayed on the webbased administration tool.

Content Filter
Table 7-5. Content Filter Information Content Filter Description Package Name Command-line Install
http://www.clarkconnect.org/docs/office-2.0/big.html (30 of 57)5.2.2004 19:41:23

Information SquidGuard is a content filter and access controller for the Squid Web Proxy. cc-squid "apt-get install cc-squid"

ClarkConnect User Guide

Warning You must be running the Squid web proxy to use this software. The SquidGuard module lets you control access to the web. Settings are available for restricting access by time of day, IP address, and block lists.

FTP Server
Table 7-6. ProFTPD Information ProFTPD Description Package Name Command-line Install Information ProFTPD is a full-featured FTP server. proftpd "apt-get install proftpd"

The default configuration for ClarkConnect Office allows read-only anonymous FTP to the /var/ftp directory and full access to valid user accounts. Advanced configuration for the FTP server is beyond the scope of the web-based
http://www.clarkconnect.org/docs/office-2.0/big.html (31 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

administration tool. You can configure the FTP server by editing the /etc/proftpd.conf configuration file. Take a look at the ProFTPD website to configure advanced settings such as bandwidth throttling.

Intrusion Detection
Table 7-7. Intrusion Detection Information Snort Description Package Name Command-line Install More Information Information The Snort software is an advanced intrusion detection system. cc-snort "apt-get install cc-snort" Snort website

The Snort intrusion detection package is included with ClarkConnect Office to make users more aware of some of the daily hostile traffic that can pass by your Internet connection. Snort is able to detect and report unusual network traffic including attempted break-ins, trojans/viruses on your network, and port scans. Installed alongside is the SnortSnarf tool; this software package creates daily reports from the snort log files. Do not panic when you see alerts in this daily report. In fact, it would be quite unusual *not* to see anything reported. Hostile traffic is a normal part of the Internet and is one of the reasons firewalls are necessary. Shameless Plug New exploits are discovered everyday. The Nimda and Code Red worms are the rule... not the exception! Snort maintains a list of over 1500 rules in their database. You can receive automatic snort updates by upgrading your account. Warning Snort does require some horsepower. A Pentium 100 with 32MB was able to keep up, but the machine was getting a good workout.

Mail Server - POP and IMAP


Table 7-8. POP and IMAP Information Mail Server - POP and IMAP Description Package Name Command-line Install Configuring POP/IMAP Information Remote mail access servers. cc-imap "apt-get install cc-imap"

http://www.clarkconnect.org/docs/office-2.0/big.html (32 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

You can use either IMAP or POP to pickup your mail from the server. The screenshot below shows the configuration for POP mail. Make sure the Xinetd server is running (this is a "super server" used by many software packages including e-mail) and that either the POP3 or IMAP service is enabled.

You can now configure your e-mail client (Outlook, Eudora, etc.) Your POP/SMTP/IMAP servers should point to your ClarkConnect Office box.

Mail Server - SMTP


Table 7-9. Mail Server - SMTP Mail Server - SMTP Description Package Name Command-line Install Information ClarkConnect uses the Postfix SMTP/MTA mail server. cc-postfix "apt-get install cc-postfix"

Warning Do not forget to open up firewall ports for e-mail. You only need to open the POP or IMAP ports if you plan on picking up your mail from outside your local network. Configuring SMTP/Postfix You can configure your mail server with the web-based administration tool. The Primary hostname does not have to be related to the e-mail domains that you host. It can be ANY valid Internet

http://www.clarkconnect.org/docs/office-2.0/big.html (33 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

name for your machine. In our example, the primary hostname is the same as one of the e-mail domains... just a coincidence. Local domains should be a list of e-mail domains that you host. It is important that you do not make an error with the Relays parameter. Without the parameter, any user on the Internet could send e-mail via your ClarkConnect Office box. Not good -- spammers would eventually find your box and abuse it. The default setting allows any user with a 192.168.x.x address send e-mail through the box. If you use a 10.x.x.x address, you should add 10.0.0.0/8 to the list of trusted networks.

Network Watcher
Table 7-10. Network Watcher Network Watcher Description Package Name Command-line Install Information Monitors the status of your Internet connection cc-netwatchd "apt-get install cc-netwatchd"

The netwatch daemon monitors the status of your broadband Internet. The software logs any downtime and attempts to reconnect to the Internet when trouble occurs. The software is also responsible for submitting a new IP address to the dynamic DNS system.

Photo Gallery
Table 7-11. Photo Gallery Photo Gallery Description Package Name Command-line Install Information A web-based photo album cc-gallery "apt-get install cc-gallery"

Gallery is a web based photo album that provides users with the ability to create and maintain their own online photo collection via an intuitive web interface. More information can be found on the Gallery page in the web-based administration tool. Resource: Gallery Web Site

Print Server
Table 7-12. Print Server Print Server Description Package Name Command-line Install Information A print server for ClarkConnect Office cc-cups "apt-get install cc-cups"

ClarkConnect Office includes the CUPS - the Common Unix Printing System - in addition to Foomatic - a database of printer drivers and descriptions. These two systems (with the help of a few other software packages) create the core of the printing system.

http://www.clarkconnect.org/docs/office-2.0/big.html (34 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Supported Printers Not all printers are compatible with Linux. The best resource is the Linux Printing Database. You can find whether or not your printer is supported. If so, then follow the link from the web-based administration tool to add your printer (or jump straight to it: http://192.168.1.1:631 on a default LAN setup). Cups and Samba When you configure a new printer with Cups, it will appear as a shared printer in Windows Network Neighborhood (if Samba is installed). However, you will need to restart the Samba service after adding a new printer - use the Running Services page from the web-based administration tool.

RAV Antivirus
Table 7-13. RAV Antivirus RAV Antivirus Description Package Name Command-line Install Information Antivirus protection with your mail server. cc-ravpostfix "apt-get install cc-ravpostfix"

Warning RAV Antivirus is not part of the installer. The package must be installed after you have setup your ClarkConnect Office server. This is an unavoidable limitation of the software. If you are interested in the Antivirus software, install the package using the web-based administration tool (or type "apt-get install cc-ravpostfix" from the command line). You must have the Antivirus software running when your mail server is running! Make sure you configure the "Primary Domain" to match your mail domain. Links to the RAV documentation are included on the web-based administration.

Samba - Windows File Sharing


Table 7-14. Samba Samba
http://www.clarkconnect.org/docs/office-2.0/big.html (35 of 57)5.2.2004 19:41:23

Information

ClarkConnect User Guide

Description Package Name Command-line Install

Samba file sharing system. cc-samba "apt-get install cc-samba"

If you are using Windows PCs, you will be able to see your ClarkConnect Office box through your Network Neighborhood icon. There are a few default folders on your device:
q

the website folder contains the files for your web site the shared folder is for general file sharing the cdrom folder will appear if you have one installed. the printer icon will appear if you configure a printer.

Use the Samba/File Sharing page in the web-based administration to add or change the name, workgroup or comment shown in Network Neighborhood. Gotchas Warning Due to a "feature" in Microsoft networking, you may not see ClarkConnect Office right away; sometimes it takes several minutes to appear. A quick way around this "feature" is to use the Find Computer tool.

Type in "clarkconnect", then hit the Find Now button.

http://www.clarkconnect.org/docs/office-2.0/big.html (36 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

VPN Server - IPsec


Overview Table 7-15. IPsec IPsec Description Package Name Command-line Install More Information Information Virtual Private Network tools. cc-ipsec "apt-get install cc-ipsec" FreeSWAN IPsec Interoperability

You can use the web-based administration tool to create a connection with other ClarkConnect Office servers (including servers with dynamic IP addreses). The web-based administration tool does not support Road Warrior connections or interoperability with other IPsec servers. The software is capable of these configurations (including X.509 solutions), however, you must manually configure these connection types. Configuration can be a non-trivial task, so please read the IPsec Interoperability document for more information. For road warriors/telecommuters, we strongly suggest using the 128-bit encrypted PPTP server. This option is not only more cost effective, but also easy to configure. See PPTP Server for installation and configuration instructions.

Configuring Connections with Static IPs Select Headquarters and Satellite Pick one server to be the "Headquarters" and the other to be the "Satellite". This is just a naming convention -- pick a convention and stick with it! The IPsec/FreeSWAN documentation uses "left" and "right" in their documentation. This can be confusing at times, so we also use an alternate set of names: "headquarters" and "satellite". Gather Network Information You must gather some network information for the IPsec server configuration, namely: the IP address, next hop, and network for both sides of the network. Make sure these settings are correct -- you will save many hours of pain and

http://www.clarkconnect.org/docs/office-2.0/big.html (37 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

frustration. To find your "next hop" information, type route -n on the command line: [root@woburn]# route -n Kernel IP routing table Destination Gateway 192.168.4.0 0.0.0.0 24.112.164.0 0.0.0.0 127.0.0.0 0.0.0.0 0.0.0.0 24.112.164.1

Genmask 255.255.255.0 255.255.252.0 255.0.0.0 0.0.0.0

Flags U U U UG

Metric 0 0 0 0

Ref 0 0 0 0

Use 0 0 0 0

Iface eth1 eth0 lo eth0

The gateway specified in the last line is your "next hop" to the Internet. In our example, the next hop is 24.112.164.1. The local network (which is running on eth1) is 192.168.4.0/255.255.255.0 (or 192.168.4.0/24) - see Appendix for more information on specifying a network setting. Warning The two LAN networks at either end of the VPN connection must not overlap! If you need to change the LAN IP address/network on your ClarkConnect Office server, please use the Administration Console. Select a Connection Name and Pre-Shared Secret Once you have your network settings in hand, enter the information on both ends of the VPN connection. Enter a simple nickname for the connection along with a strong pre-shared secret. When configuring the other end of the VPN connection, do not be tempted to swap the Headquarters and Satellite information! The configuration screens on both ends of the connection will look exactly the same.

Sanity Checking Start the IPsec server on both ends of the connection. Do not use Windows Network Neighborhood to verify the VPN (there is a Howto on getting your Windows Network up and running). Instead, make sure you can ping from:
q

gateway to gateway

http://www.clarkconnect.org/docs/office-2.0/big.html (38 of 57)5.2.2004 19:41:23

ClarkConnect User Guide


q

gateway to remote PC remote PC to gateway remote PC to remote PC

If the connection fails, double check your network settings and restart your firewall. Look in the log files -- /var/log/ messages and /var/log/secure -- for error messages.

Configuring Connections with Dynamic IPs The dynamic IP support for IPsec makes configuration straightforward. From the web-based administration tool, click on create in the Dynamic VPN Connections box. You need to specify:
q

Your ClarkConnect Office server domain name The remote ClarkConnect Office server's domain name A pre-shared secret

On the first connection or when an IP address changes, it may take a few minutes for the connection to synchronize. Warning The domain names specified in the IPsec settings must be the domain associated with your device in the ClarkConnect system. It cannot be any other name. You will see a warning message (screenshot below) if the domain is not valid.

Warning The two LAN networks at either end of the VPN connection must not overlap! If you need to change the LAN IP address/network on your ClarkConnect Office server, please use the Administration Console.

Configuring Road Warriors If you prefer deploying an IPsec solution for road warriors, please read the IPsec Interoperability document for more information. We have had success implementing the SSH Sentinel (See the FreeS/WAN IPSec Interoperability Guide), but there are several other IPsec Windows Software vendors to choose from.

http://www.clarkconnect.org/docs/office-2.0/big.html (39 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Configuring Windows Network Neighborhood - WINS Do you want to be able to browse Windows Network Neighborhood across your VPN connection? You must configure and use a WINS server. Fortunately, ClarkConnect Office has all the pieces of the puzzle in place. Please view the additional documentation at http://www.clarkconnect.org/help/howtos/samba.html.

VPN Server - PPTP


Overview Table 7-16. PPTP PPTP Description Package Name Command-line Install More Information Information Virtual Private Network PPTP server cc-pptpd "apt-get install cc-pptpd" 128-bit Encryption for Windows 95/98 Linux PPTP Server

The PPTP server is a secure and cost effective way to provide road warrior VPN connectivity. The PPTP VPN client is built-in to Windows 98, ME, 2000, and XP. No extra software is required. ClarkConnect Office provides full password and data encryption.

Configuring the PPTP Server Warning Gotcha! You must set the PPTP server to start at boot time and then stop/start the server. Why? The firewall will detect that the PPTP server is set to run at boot time and perform the appropriate actions. When the PPTP server is not in use, the firewall will use a different mode (PPTP-passthrough mode). Configuring the PPTP server on the ClarkConnect Office system is the easiest step in the process. You can access the PPTP server settings through the web-based administration tool. Configuring the server requires four steps: configuring the IP range, adding usernames and passwords, changing Samba settings (optional), and enabling the server.
q

Step 1 - You must select a range of LAN IP addresses for the PPTP VPN connections. This range should be on the same network as your local area network. By default, the DHCP Server on ClarkConnect Office only uses IP addresses above x.x.x.100. All addresses below this number are reserved for static use. We strongly suggest you use this sub-100 range for PPTP. Step 2 - You must add users to the /etc/ppp/chap-secrets file. Fortunately, the web-based administration tool gives you a simple interface to accomplish this task. It is important to use good passwords here! Note: the PPTP database of usernames and passwords is not related to the system's username and password database.

http://www.clarkconnect.org/docs/office-2.0/big.html (40 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Step 3 - (Optional) If you have the Samba/Windows File Sharing server running on your ClarkConnect Office PPTP server and you wish to access the file server, then you must make a small change in your Samba configuration. For security reasons, the Samba/File Sharing software only responds to requests on the LAN network. Since PPTP traffic is coming from the Internet, we have to make some adjustments. In /etc/samba/ smb.conf, make sure the interfaces parameter also includes your local network, e.g. interfaces = eth1 192.168.1.0/24. (See Appendix for information on network notation). Step 4 - Start the PPTP server.

Configuring Windows 95/98 Warning The ClarkConnect Office PPTP server only accepts 128-bit encryption connections, so you need to have the latest version of Dial-Up Networking installed. See 128-bit Encryption for Windows 95/98 Step 1 - Install the Virtual Private Networking client from the Windows 98 CD. Use the Add/Remove Programs tool in the Control Panel. Click on the Windows Setup tab, and select Communications from the list. Click on the Details button and make sure Virtual Private Networking is selected (see screenshot). You may need to reboot your system after changing this setting.

Step 2 - The PPTP Client in Windows 98 is part of the Dial-up networking tools. It may seem strange using dial-up networking over another dial-up connection (or in some cases over broadband)... but that is the way it is.
q

Go to dial-up networking by clicking on My Computer on your desktop. Click on Make New Connection. Name the connection and select the Microsoft VPN Adapter.

http://www.clarkconnect.org/docs/office-2.0/big.html (41 of 57)5.2.2004 19:41:23

ClarkConnect User Guide


q

Continue with the wizard and enter the IP or Hostname of the PPTP server. You are not quite done yet. Right-click on the VPN connection you just created. Select the Server Types tab. Make sure Require encrypted password, Require data encryption are selected (see screenshot).

Disable the NetBEUI and IPX/SPX protocols (unless you really need them). Click on the TCP/IP Settings button. Use the default gateway on the remote network (see screenshot). This may not be necessary in some situations.

http://www.clarkconnect.org/docs/office-2.0/big.html (42 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Configuring Windows XP The PPTP client is built-in to Windows XP.


q

Go to the Control Panel. Click on Network Internet Connections (this step may not be necessary. Click on Network Connections. Click on Create a New Connection to start the configuration wizard.

Select connect to the network at my workplace Select Virtual Private Network connection Add a connection name, and dial settings, and hostname. Click on the Properties button (or right-click on the new connection, and select Properties from the menu.

http://www.clarkconnect.org/docs/office-2.0/big.html (43 of 57)5.2.2004 19:41:23

ClarkConnect User Guide


q

Select the Security Make sure Require data encryption is selected.

Select the Networking tab. From the Type of VPN drop box, select PPTP VPN.

http://www.clarkconnect.org/docs/office-2.0/big.html (44 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Web Proxy
Table 7-17. Web Proxy Web Proxy Description Package Name Command-line Install More Information Information Web proxy cache server cc-squid "apt-get install cc-squid" Squid website

Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP. The software not only saves bandwidth and speeds up access time, but also gives administrators the ability to track web usage in the daily Squid Report. You can operate Squid in two different modes. If your ClarkConnect Office system is operating as a gateway, you can configure your proxy server in transparent mode. In this mode, all requests from the local network automatically pass through the Squid proxy cache. In standard mode, the proxy operates on port 3128. Accordingly, you must change the settings of all the web browsers running on your local network. The Squid Report includes statistics on top sites, number of hits, usage by LAN IP address, daily traffic size, and more. You can view the report from the web-based administration tool. You can find it off of the home page under the Reports menu. Configuring Squid - Transparent Mode Configuring transparent mode is quick and easy. Through the web-based administration tool, start the Squid Proxy Server and make sure transparent mode is enabled (see screenshot). That is all there is to it.

http://www.clarkconnect.org/docs/office-2.0/big.html (45 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Warning If you have transparent mode switched on without the Squid Proxy Server running, then you will be unable to access websites. Configuring Squid - Proxy Mode
q

Step 1 - Through the web-based administration tool, start the Squid Proxy Server and make sure transparent mode is disabled. Step 2 - For all the computers on your local area network, you must set all web browsers to use the ClarkConnect Office gateway as a proxy server. The following describes the steps for Internet Explorer, but other browsers will have similar configuration screens. In Internet Explorer, click on Tools in the menu bar, then select Internet Options. Click on the Connections tab, and then the LAN Settings button.

Step 3 - In the Proxy Server settings box, specify your gateway's IP address (default: 192.168.1.1) and the Squid proxy port 3128. You may not be able to access websites on your Squid machine or on your local network unless you select "Bypass proxy server for local addresses". You may also want to review the advanced settings.

http://www.clarkconnect.org/docs/office-2.0/big.html (46 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Web Server
Table 7-18. Web Server Web Server Description Package Name Command-line Install Information Web server for ClarkConnect Office. cc-apache "apt-get install cc-apache"

You will have a permanent website where you can publish your resume, show photos of your pets, or build a website about your small business! The files for your website can be found in the website/html shared folder on ClarkConnect Office. You can use Network Neighborhood to access the files directly (as shown below). Warning Gotcha! You must enable the webserver through the ClarkConnect Office web-based administration tool. You must also open the firewall port to allow web connections.

Webmin
Table 7-19. Webmin Webmin Description Package Name Command-line Install Information A web-based administration tool. webmin "apt-get install webmin"

Webmin is a web-based administration tool. You can access advanced configuration including:
q

Adding virtual hosts to the Apache web server Configuring advanced options in Samba Changing the DHCP server settings Tuning the Squid web proxy

Once you have installed Webmin, you can access it from your web browser -- https://192.168.1.1:1000 on a default installation (make sure you use https when you type the address). Use the "root" username and password to login.

Chapter 8. Services Dynamic DNS and Software Updates - Free


http://www.clarkconnect.org/docs/office-2.0/big.html (47 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Warning If you have re-installed your software, you must re-submit your registration information. Why is this necessary? The dynamic DNS system must associate your device with your account (and IP address). ClarkConnect Office comes with free dynamic DNS and a software update tool. Dynamic DNS lets you find your server/gateway from anywhere on the Internet - even with a dynamic IP address. The web-based software update tool (see screenshot) makes it easy to install the latest bug and security fixes.

In order to use these services, you must register your device.


q

First, you must create an account on Point Clark Networks' ClarkConnect site -- https://secure.pointclark.net/ cc/new_account.jsp Second, you must submit the information from the web-based administration tool on your ClarkConnect Office server. Click on the Admin Home in the navigation bar to access the advanced configuration features. Login as username "root" with the password you defined during the installation. Submit the username and password used to create your online account.

Chapter 9. Firewall Overview


A firewall is installed on all gateway-mode ClarkConnect Office systems. The web-based administration has three tools to help you configure your firewall.
q

The Firewall Incoming tool opens up ports to allow services (e.g. web server) on your server. The Port Forwarding tool allows you to forward ports to computers behind your firewall. The Firewall Blocking tool helps you block unwanted traffic from leaving your network - this is useful for blocking instant messaging, peer-to-peer music downloads, and more.

Take a look at the Test My Shields and Probe My Ports scanning tools from Gibson's Research. These tools will test your ClarkConnect Office system for common security problems. Of course, ClarkConnect Office has been configured to be secure, so you should be happy with the results. In fact, your system considers this type of network

http://www.clarkconnect.org/docs/office-2.0/big.html (48 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

scanning mischievous behavior and logs the information in the Intrusion Detection log (if you have the Snort Intrusion Detection software installed).

Opening Ports
If you want to run a server on your ClarkConnect Office system, you must open the appropriate port on the firewall. For instance, make sure port 80 and 443 are open for the web server and secure web server. Select Firewall Incoming in the web-based administration tool. There are two ways to add an incoming firewall rule: i) select a standard service in the Add by Service drop down, or ii) input the port number in the Add by Port Number box.

Port Forwarding
If you run servers behind your ClarkConnect Office gateway, you can use the Port Forwarding page to forward ports to a system on your local area network. In the example below, two port forwarding rules are configured:
q

A web server (port 80) is running on the LAN at 192.168.4.10 SSH (port 22) is also running on 192.168.4.10. Since port 22 is already used on the gateway, we specify an alternate port (2222). We then configure our SSH client to use port 2222 to connect directly to 192.168.4.10 from the Internet.

http://www.clarkconnect.org/docs/office-2.0/big.html (49 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Firewall Blocking
From the Firewall Blocking page, you can block certain kinds of traffic from leaving your network. This can be useful for blocking instant messenging, chat, peer-to-peer music dowloads, and more. You have two ways to block traffic i) by port or ii) by IP address/domain. Blocking ports disallows a connection on a particular port. For instance, adding port 80 (web) disables websurfing for your entire local network. Blocking destinations allows you to block certain networks and sites. For instance, blocking login.icq.com blocks ICQ from connecting to the Internet. Keep in mind, some sites use multiple servers to handle network traffic and are not easily blocked.

Chapter 10. Troubleshooting FAQ - Frequently Asked Questions


Warning This FAQ only covers installation questions. Please check the website for more FAQs - http://www.clarkconnect.org/ help

Why can't I get ClarkConnect Office to detect my network card? Please read ISA Network Card page (even if you are using PCI cards!).

How do I fix signal 11 errors? Old hardware can sometimes cause grief for the Linux installer. These error messages can be caused by memory

http://www.clarkconnect.org/docs/office-2.0/big.html (50 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

problems, hard disk detection and configuration errors, and many other types of errors. Take a look at the extra log screens after the error occurs - type Alt-F1 through F5 to see all the screens. Check this website for tips and tricks: http://www.bitwizard.nl/sig11/

How do I remove the "FAILED" messages on boot? This error will occur if your second network card cannot be auto-detected. When certain services start up, they cannot find a network interface and spit out an error. Once you have configured your network cards, the error messages should disappear.

How do I edit files? I don't know vi... Use the much less cryptic nano text editor.

Appendix A. Understanding Networks


On several ClarkConnect Office configuration screens, you will see places to configure network settings. What does this mean? Using special notation, you can specify a whole range of IP addresses (i.e. a network). There are two parts to "network notation": the first part contains the first IP address in the network range; the second part contains the subnet mask (i.e. the size of the network). There are two common ways to write the subnet mask. Unfortunately, both ways are something that only computer engineers enjoy. Let's go through an example. The ClarkConnect Office mail server will only send out mail coming from a trusted network -- you don't want anyone on the Internet using your mail server and all your bandwidth! In our example, all of the machines on our LAN use IP addresses with 192.168.1.x IP addresses. The subnet mask for these 256 IP addresses can be specified with either /24 or 255.255.255.0. The full network notation ends up looking like:
q

192.168.1.0/24, or 192.168.1.0/255.255.255.0

By the way, the first and last addresses (192.168.1.0 and 192.168.1.255 in our example) are reserved and cannot be used. We really only have 254 usable IP addresses in our case. The table below is a list of common netmasks. Table A-1. Netmasks and Networks Netmask /8 -- 255.0.0.0 /16 -- 255.255.0.0 /24 -- 255.255.255.0 /25 -- 255.255.255.128 /26 -- 255.255.255.192 /27 -- 255.255.255.224 /28 -- 255.255.255.240 /29 -- 255.255.255.248 /30 -- 255.255.255.252 IPs 16777214 65534 254 126 62 30 14 6 2 Sample Usable Range 192.168.1.1 - 192.255.255.254 192.168.1.1 - 192.168.255.254 192.168.1.1 - 192.168.1.254 192.168.1.1 - 192.168.1.126 192.168.1.1 - 192.168.1.62 192.168.1.1 - 192.168.1.30 192.168.1.1 - 192.168.1.14 192.168.1.1 - 192.168.1.6 192.168.1.1 - 192.168.1.2

http://www.clarkconnect.org/docs/office-2.0/big.html (51 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

Appendix B. ISA Network Cards


ISA Network Cards If you decide to use ISA network cards, you may be in for a world of hurting. You may end up setting jumpers, disabling plug-n-play, setting IRQs, or downloading DOS configuration tools from a vendor's website. These cards may take more effort to configure, but many are just as capable of doing the job! The following is courtesy of Paul Ramsey's Red Hat Linux 6.X as an Internet Gateway for a Home Network. - http:// www.tldp.org/HOWTO/mini/Home-Network-mini-HOWTO.html Configuring a Network Driver OK, so one or both of your cards are not recognized by the kernel. This is not a problem, really. What we're going to have to do is tell the kernel more explicitly how to find your cards. There are lots of twists and turns here, and I'm not going to cover all of them. Remember, when the going gets tough, the tough turn to the Ethernet HOWTO. Here's some summary advice:
q

You have a PCI network card. You are probably sitting pretty, assuming it is not so new and cutting edge that no drivers exist. You can often find out a great deal about your network cards (and other things) by reading through /proc/pci and noting down makes and models. You have an ISA network card. It is possible you will have to know the IO base address and the IRQ the card is operating on. You have manuals, right? Right? If not, this would be a good time to surf to the manufacturer's web site and see if they have any online references. Or if you have an old DOS configuration diskette, boot to DOS and see if there is a setup program which will read and set the address and IRQ. You have an ISA Plug'n'Play card. You'll have to learn how to configure it first -- read the Plug'n'Play HOWTO. Fortunately, once you've configured your card you will know exactly what the IO base and IRQ are.

Now, since you know what the make and model of eth0 and eth1 are you can go to the compatibility page of the Ethernet HOWTO and look up your card. Take note of the recommended driver, and any information about special options your card may require. Write it down. It's time to edit a configuration file! The file we will be editing is /etc/conf.modules (or modules.conf). Open this file up in the text editor of your choice. Because there are so many possibilities and combinations of things which can go in this file, I'm going to give my own gateway as an example. I have a PCI 10/100Mb card based on the VIA Rhine chip, and a plain-jane 10Mb NE2000 ISA clone. I use the 100Mb card for the internal network and the 10Mb card for the external connection. My /etc/conf.modules (modules.conf) file looks like this: alias parport_lowlevel parport_pc alias eth0 ne options ne io=0x300 irq=10 alias eth1 via-rhine

My conf.modules (modules.conf) file is laid out as follows:


q

The first line is there to configure my parallel port for printing. You probably have a similar line. Leave it alone. The second line (alias eth0 ne) tells the kernel to use the ne driver for the eth0 device. The third line (options ne io=0x300 irq=10) tells the ne driver at which io address and irq interrupt it will find the ISA card at. If you have ISA cards you will probably have to use this kind of directive, just replace the driver, io and irq directives with the correct information for your card. The fourth line (alias eth1 via-rhine) tells the kernel to use the via-rhine driver for eth1. Because my eth1 card is a PCI card, I do not need to provide io or irq information: the PCI subsystem configures the device automatically.

You will want to ensure that you have alias entries in conf.modules (modules.conf) for both your cards, and correct
http://www.clarkconnect.org/docs/office-2.0/big.html (52 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

options lines for all your ISA cards. You may already have lines in conf.modules (modules.conf) for any ethernet cards you configured during installation. When you have finished editing conf.modules (modules.conf), try ifconfig eth0 and ifconfig eth1 again. You may have to apply some trial and error if you are messing with IO addresses and IRQs without a manufacturers manual. Two Identical Network Cards So, you were really really smart, bought two identical network cards for your Linux gateway, and now you cannot get them to work together? Do not worry, getting them to coexist is just a matter of using the correct syntax in /etc/conf. modules (modules.conf). For this example, the addresses and IRQ numbers are made up, and I will assume that you have bought a matched pair of NE2000 clones (a common choice). Your /etc/conf.modules (modules.conf) file should look like this: alias eth0 ne alias eth1 ne options ne io=0x330,0x360 irq=7,9

The addressing options are all given on the same line, and the first number for each addressing type is for eth0, the second number for eth1. Copyright 2000, Paul Ramsey. This manual may be reproduced in whole or in part, without fee, subject to the following restrictions: The copyright notice above and this permission notice must be preserved complete on all complete or partial copies. Any translation or derived work must be approved by the author in writing before distribution. If you distribute this work in part, instructions for obtaining the complete version of this manual must be included, and a means for obtaining a complete version provided. Small portions may be reproduced as illustrations for reviews or quotes in other works without this permission notice if proper citation is given. Exceptions to these rules may be granted for academic purposes: Write to the author and ask. These restrictions are here to protect us as authors, not to restrict you as learners and educators.

Appendix C. License and Warranty


Warning The following only applies to software developed by Point Clark Networks with the exception of Suva, Core Webconfig Components, and the Windows software. GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (c) 1989, 1991 Free Software Foundation, Inc. - Suite 330, Boston, MA 02111-1307, USA 59 Temple Place

Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too.

http://www.clarkconnect.org/docs/office-2.0/big.html (53 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. Terms And Conditions For Copying, Distribution And Modification 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.

You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of

http://www.clarkconnect.org/docs/office-2.0/big.html (54 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major

http://www.clarkconnect.org/docs/office-2.0/big.html (55 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries

http://www.clarkconnect.org/docs/office-2.0/big.html (56 of 57)5.2.2004 19:41:23

ClarkConnect User Guide

not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. Warranty 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

About Us | Site Map | Terms of Service | Privacy Policy


Copyright 2000-2003, Point Clark Networks

http://www.clarkconnect.org/docs/office-2.0/big.html (57 of 57)5.2.2004 19:41:23

Das könnte Ihnen auch gefallen