Comments [0] -
Saturday, January 10, 2009
Simply add these configuration settings to the rc.conf file in /etc
rc_configured=YES
ifconfig_fxp0=192.168.0.10/24
ifconfig_fxp1=10.1.10.100/24
sshd=YES
hostname=mail.nvita.org
sendmail_enable=yes
defaultroute=10.1.10.1
samba=YES
smbd=YES
nmbd=YES
As you can you see here, ifconfig_fxp1 incorporates the input "inet" and "netmask" but in IP notation, where the subnet mask is abriviated. These provisions are an example of how NetBSD is a viable network operating system. For example, make sure the correct default route is listed correctly. To list the correct default route, make sure the entry coresponds to the interface that will answer internet data.
If your internet service provider includes equipment which assigns a dynamic ipaddress, update the address:pkg_add ftp://ftp.netbsd.org/pub/NetBSD/packages/current-packages/NetBSD-4.0/i386/All/postfix-2.6.20080903.tgz
Find the correct postfix configuration file with the find command:
find / -name "master.cf"
/usr/share/examples/postfix/master.cf
/usr/pkg/share/examples/postfix/master.cf
/usr/pkg/etc/postfix/master.cf
/usr/local/sbin/master.cf
/var/db/pkg.refcount/files/usr/pkg/etc/postfix/master.cf
/etc/postfix/master.cf
The default configuration file that postfix will use is located in the /etc directory. The master.cf configuration file determines what network interfaces to use. Here, we would like to use all the available interfaces such that users are able to send mail on the internal network as well as the external network:
vi /etc/postfix/master.cf
Press the ESC key
Type :ins
Type: smtp inet n - n - - smtpd
Strike CTRL - CPress the ESC key
Type: wq!
Next modify the main.cf file in the /etc directory:
Type vi /etc/postfix/main.cf
Press the ESC key
Type :ins
Type:
myhostname = mail.nvita.org
inet_interfaces = mail.nvita.org
mydomain = nvita.org
myorigin = mail.nvita.org
virtual_alias_maps= hash:/etc/postfix/virtual
virtual_alias_domains = nvita.org, inverselog.com, giantfood.nl
mynetworks = 192.168.0.0/24, 127.0.0.0/8, 10.1.10.0/24
Strike the ENTER key
Strike CTRL - C
Press the ESC key
Type :wq!
Next, create the file /etc/postfix/virtual:
Type vi /etc/postfix/virtual
Press the ESC key
Type :ins
@nvita.org squirrel
mkearney@nvita.org squirrel
Strike the ENTER key
Strike CTRL - C
Press the ESC key
Type :wq!
Now create the virtual user database used by the postfix deamon:
postmap virtual
Next, add new users to the system, since you don't want to use the root account for your daily work (yes, we're serious about that!). NetBSD offers the useradd(8) utility to create user accounts. Accounts that can su(1) to root are required to be in the "wheel" group. This can be done when the account is created by specifying a secondary group:
useradd -m -G wheel squirrel
passwd squirrel
Start the postfix server:
/etc/rc.d/postfix start
Now the SMTP server should respond to quires. You can check the status of the process by using the netstat command:
netstat -a
tcp 0 0 mail.smtp *.* LISTEN
tcp 0 0 mail.smtp *.* LISTEN
tcp 0 0 localhost.smtp *.* LISTEN
If the server does not respond to your configuration, most likely you have added addtional perameters to the configuration file. If this configuration is modified for any reason, postfix will fail.
Next install a POP deamon to check the virtual mailboxes:
pkg_add -R ftp://ftp.netbsd.org/pub/NetBSD/packages/current-packages/NetBSD-4.0/i386/All/dovecot-1.1.6.tgz
Find the correct dovecot configuration with the find command:
find / -name "dovecot.conf"
/usr/pkg/etc/dovecot.conf
/var/db/pkg.refcount/files/usr/pkg/etc/dovecot.conf
The default configuration file that postfix will use is located in the /usr/pkg/etc/ directory. The dovecot.conf configuration file determines what network interfaces to use. Here, we would like to use all the available interfaces such that users are able to retrive mail on the internal network as well as the external network:
vi /usr/pkg/etc/dovecot.conf
Press the ESC key
Type :ins
protocol pop3 {
listen = *:110
}
Strike the ENTER key
Strike CTRL - C
Press the ESC key
Type :wq!
Start the POP deamon:
dovecot start
If you would like to add additional users, use the useradd utility:
useradd -m -G wheel mkearney
passwd mkearney
Then modify the /etc/postfix/virtual file and create the database once more:
postmap virtual
Make sure your DNS server is setup correctly to direct mail to your new server. Zoneedit.com makes this easy:
Now you can configure a client e-mail program to use the new mail server. Microsoft Outlook is a fairly good client and is easy to setup.
Click Tools, Options:
Click Mail Setup, Email Accounts
Click New
Click Next and enter the account information:
Click Next
Click Next
Click Finish, Close, OK
The NetBSD mail server is now ready to send and recive mail either from the local system or Workstation clients. NetBSD is a reliable cost effective alternative operating system that can handle thousands of users. Sometimes it is more adventageous to use the Microsoft Exchange Server and use the NetBSD server as a relay host.
Exchange server is a convient mail server to use with the Microsoft Office system. It has a number of features unavailable to other mail clients and is easy to manage. For instance with Exchange server, you can backup and retrieve individual email messages from the server. However this convienince does not go without a price. Exchange server is a volitle liability that has many security flaws and is unstable within the scope of the public. It can be rendered useless in a matter of minutes and the responsiblity for an entire organization could fall on the administrator. With NetBSD and Postfix, it is possible to use Exchange server as a viable mail server.
To configure postfix to use exchange server,
Type vi /etc/postfix/main.cf
Press the ESC key
Type :ins
Type:
myhostname = mail.nvita.org
inet_interfaces = 192.168.0.10, 10.1.10.100
mydomain = nvita.org
myorigin = mail.nvita.org
relay_recipient_maps = hash:/etc/postfix/exchange
transport_maps = hash:/etc/postfix/transport
relay_domains = nvita.org, inverselog.com, giantfood.nl
mynetworks = 192.168.0.0/24, 127.0.0.0/8, 10.1.10.0/24
Strike the ENTER key
Strike CTRL - C
Press the ESC key
Type :wq!
virtual_alias_maps and virtual_alias_domains are removed. Comment them out with the pound sign:
#virtual_alias_maps= hash:/etc/postfix/virtual
#virtual_alias_domains = nvita.org, inverselog.com, giantfood.nl
inet_interfaces lists numeric ip addresses. To effect, the Postfix deamon cannot communicate across multiple interfaces if they are not specified.
Next, create the file /etc/postfix/exchange:
Type vi /etc/postfix/exchange
Press the ESC key
Type :ins
mkearney@nvita.org OK
Strike the ENTER key
Strike CTRL - C
Press the ESC key
Type :wq!
Now create the exchange user database used by the postfix deamon:
postmap /etc/postfix/exchange
Next, create the file /etc/postfix/transport:
Type vi /etc/postfix/transport
Press the ESC key
Type :ins
* smtp:squirrelserver.nvita.org
Strike the ENTER key
Strike CTRL - C
Press the ESC key
Type :wq!
Now create the transport relay database used by the postfix deamon:
postmap /etc/postfix/transport
Install Exchange Server. These settings set the Receive Connector to relay mail from the NetBSD server:
Set-ReceiveConnector -Identity "Default squirrelserver" -PermissionGroups "AnonymousUsers"
Get-ReceiveConnector "Default SQUIRRELSERVER" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON " -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"
Start the server. The postfix server also includes a simple mail que, which can store mail messages in the event that the Exchange server should fail. Exchange server fails and does not keep mail messages when there is not enough disk space. For example, the latest version of Exchange Server keeps 8 gigabytes of log files over a very short period of time. Acting as a backup and a go between; the postfix mail que will be delivered to the exchange server and to all Microsoft Office clients connected to the server immediately with the command:
/etc/rc.d/postfix start
Note that postfix will deny connections to the mail server if the ip address listening on the connection is not listed in "mynetworks" For example your external ip address!
More notes: Using software programs like DSPAM and Spamassasin, the NetBSD server can catch some spam emails but not all of them:
[Postfix] (LMTP) -> [DSPAM] [Postfix] -> [Microsoft Exchange] { Delivery }
|___ (SMTP Reinjection) ____|
NetBSD is a reliable operating system that is particularly useful for mail servers and other internetwork software programs, with these precise configuration settings you can implement internet and intranet mail in a few hours.
Monday, September 15, 2008
 | FreeBSD® is an advanced operating system for x86 compatible (including Pentium® and Athlon™), amd64 compatible (including Opteron™, Athlon™64, and EM64T), UltraSPARC®, IA-64, PC-98 and ARM architectures. It is derived from BSD, the version of UNIX® developed at the University of California, Berkeley. First, burn a copy of FreeBSD on a CD-ROM. The FreeBSD CD-ROM is bootable. |
http://www.freebsd.org/where.html
In computer networking, Network Address Translation (NAT, also known as Network Masquerading, Native Address Translation or IP Masquerading) is a technique of transceiving network traffic through a router that involves re-writing the source and/or destination IP addresses and usually also the TCP/UDP port numbers of IP packets as they pass through. Checksums (both IP and TCP/UDP) must also be rewritten to take account of the changes. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address.
A NATD DMZ Firewall is noteworthy because it filters all the dangerous traffic from the internet into something a private network can understand. A DMZ also acts as a gateway to the internet for all machines on a private network.
To get started, install two RJ-45
network cards. Then connect a CAT-5 cable from the RJ-45 port on the
first Ethernet device to a HUB. Then connect a CAT-5 cable to the
second Ethernet device and connect the other end of the cable to a
ethernet cable modem or a DSL modem. This device is thereby isolated
from the HUB. Then connect any workstations or additional servers to
the hub.
First using the installation CD, follow all the
instructions. Don't give yourself a headache worrying about how to
partition the hard drives. Simply delete all the slices by selecting
them with arrow keys and deleting them with the "D" key. Press the "A"
key to auto select the correct partition information and then press the
"Q" key. The same goes for the disk structure. Press the "A" key to
autoselect the correct information then press the "Q" key to save the
information. The install program will then write to the partiton and
copy all the data from CD-ROM to the hard disk.
Next, the installation program will ask you a few questions. Do not enable the first ethernet device or configure it to use DHCP. Select yes to enable the second ethernet device.
ENTER 192.168.0.1
would you like to configure this machine as a network gateway?>
YES
would you like to enable SSH login?
YES
do you want to have anonymous FTP access to this machine?
YES
Create a welcome message file for anoymous FTP users?
NO
Would you like to add linux binary compatablity?
YES
Like
the address on your house, painted on your curb or on your mailbox; the
standard protocol called TCP/IP uses a simple sequence of instructions
that are simply on or off to identify a subset of secondary
instructions. This matrices of 1's and 0's as a whole or in part is
indicative of it's self. The mailman delivers the mail; the fire
department can see your address clearly on the curb.
The
"binary" (1's and 0's on or off) bits are broken into a matrices of
four octets (1 octet = 8 bits). An IP address is interpreted by
computers in dotted decimal format (like, 192.168.0.1). Each octet is
delimited by a period (dot). The decimal value of each octet ranges
from 0 to 255 or 00000000 - 11111111 in binary numbers that altogether
has a value of 8 bits.
Let's say the first bit of an octet holds a value of 1 (on). The next bit in the octet matrices holds a value of 0 (off). The next holds a value of 0 (on). The next holds a value of 1(off). The next holds a value of 0(on). The next holds a value of 1(on). The next holds a value of 0(off). The last bit holds a value of 1 (on).
If all the binary bits of an octet matrices were a 1 (on), the decimal equivalent would be 255 as shown here:
1 1 1 1 1 1 1 1
128 64 32 16 8 4 2 1 (128+64+32+16+8+4+2+1=255)
More simply, the 8 bits of the binary number 10101010 (on|off|on|off|on|off|on|off) converts to the decimal number 170.
1 1 1 1 1 1 1 1 (on|on|on|on|on|on|on|on) converts to the decimal number 255
There are 8 bits in any given octet matrices.
This is an IP address in binary and that same IP address in decimal
170. 255. 255. 255 (decimal)
10101010.11111111.11111111.11111111 (binary)
For example, 10.1.23.19 is cited by Cisco Systems.
In 1996; TCP/IP oddly RESERVED a subset of binary numbers for a internal network. How or why?
"The Internet Engineering Taskforce" Contractors Request for Comments (RFC)
#1918
"With
the proliferation of TCP/IP technology worldwide, including outside the
internet itself, an increasing number of non-connected enterprises use
this technology and its addressing capabilities for a sole
intra-enterprise communications, without any intention to ever directly
connect to other enterprises or the internet itself"
Operating a
network is in fact indicative of it's self and the use of your own
equipment communicating with TCP/IP subsequently will not acknowlege as
a part or in whole the subset of equipment in places around the world.
Here is an input vector:
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
I
like 192.168.0.0 because it looks classy. The 0 means all 255
addresses. We used one of them, 192.168.0.1; Although you can also use:
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
A "/16"
means it has more addresses to use than "/8" or "/12"; Yes I would like
1 bushel of crabs for my party. What!? they're not in season? Your
catch didn't have enough regulation coke can sized keepers? You can
find out the hard way that BLUE CRABS can be bought by the Chesapeake
Bay, Maryland and Virginia; dungenous crabs can be bought in Seattle
and are shipped worldwide; Alaskan king crabs can be bought in Alaska
by the boat load and are also shipped world wide.
After entering the IP address of the second ethernet device, Select yes to use the server as a router/gateway, Select yes to enable SSH logins, and select yes to add a user. Add a user but DO NOT assign this user to any groups. Use all the default information.
Reboot.
Next, this is the most important step. If this step is not completed, older system hardware and some new hardware cannot parse data to the console correctly, especially under heavy loads and will fail. Configure the system from the console to allow you to log in as root so you can cut-and-paste with SSH.
Login as root and change to the /etc directory. Using your favorite editor, edit the group file.
Login: root
Password: *******
You should see "#"; a pound sign. The pound sign means you are logged in as root.
cd /etc
vi group
The Vi editor is easiest to use despite what you may have heard about UNIX text editors; everything is contingent upon a command line that is similar to the Shell you may be using.
Strike the ESC key:
then press the colon ":" key. This will give a command line.
Type $ ENTER
This will take you to the end of the file.
Strike the ESC key:
Then press the colon ":" key again.
Type /wheel ENTER
This will find the nearest instance of "wheel" relative to the blinking cursor position.
Strike the ESC key:
Now position the blinking cursor with the arrow keys just below the word "wheel".
Type :ins ENTER
Keep your eyes on "wheel:*:0:root" and type the same thing but add ,someuser such that you will now see:
:ins
Entering ex input mode.
wheel:*:0:root,someuser
Now strike CTRL-C
Observe what happened to the text with the Vi editor. If you make a mistake, position the blinking cursor at the beginning of the line and Strike the ESC key again.
Strike the ENTER key
Type :del
Try Again.
If a program tells you that there is an error in it, it will also tell you the line number. To go to a line:
Strike the ESC key
Type :123
This will take you to line 123
Now Save the file and exit.
Strike the ESC key.
Type :wq!
Take note that the file already has a name. And altogether you would have typed the sequence:
vi group ESC : /wheel ENTER ESC :ins ENTER wheel:*:0:root,someuser CTRL-C ESC :wq!
Your
server is a delicate computational matrices that accepts input in a
variety of ways. The most advantageous way to ensure the integrity of
ALL of that data is to manually type and input every command and or
command structure.
For example; when saving a Microsoft file by
the integrated samba program, every return carriage is marked with a ^M
when the ACII standard text file is viewed by your UNIX system.
Although it is possible to use the CRTL-INS SHIFT-INS convention along
with sub sequential standardized programming conventions; windows
libraries bottlenecks and avoiding ^M's in Microsoft files altogether;
the data that makes up that simple convenience is incorporated into the
running system.
Taking a step further reveals striking results.
You may see: "The connection was refused when attempting to contact 0"
It all depends on where zero is. No closer to solving why there is a ^M; taking a closer look at this algebraic equation might give a little better understanding of what is happening:
|
|
http://search.netscape.com/search/search?&fromPage=NS8BrowserRoll&query=1%3B21479003
http://search.netscape.com/search/search?&fromPage=NS8BrowserRoll&query=16660284
I like the picture on the cup to the right:
http://www.pbase.com/hreinnp/image/16660284
To
be fairly certain data is not garbage; like that, cut and paste data into a
terminal emulator with the vi editor using the keys, CTRL-INS
highlighting the text such that it is blue ... or black ... and
pressing the SHIFT-INS keys. Save the file and use the "cat" command to
view the data again. Now cut and paste this data into your application.
Next,
after the group file has been edited to include the new user, remotely
login with SSH using the new user you created with the installation
program.
You can now connect to the FreeBSD server from your windows workstation by using a SSH2 program like Secure CRT.
To Pre-configure a windows workstation to use a NATD FIREWALL, follow these instructions:
Left click "My Network Places" on the Windows workstation "desktop" such that it appears to turn BLUE in color. Next, right click the highlighted area. A "drop down menu" will appear.
Left click "Properties"
Next, Left click "Local Area Connection" such that it appears to turn BLUE in color. Next, right click the highlighted area. A "drop down menu" will appear.
Left click "Properties"
A "Dialogue" Box will appear:
Left click "Internet Protocol TCP/IP" such that it appears to turn BLUE in color. Next, right click the properties box. A "Dialogue box" will appear.
Next, the following decimal notated "fields" are variable elements within the subset of a function where ƒ(x) = the subsequent matrices of 1's and 0's that make up communication elements between a Windows Workstation and the FreeBSD DMZ are determined.
Next; make up an "IP Address"; It could be any address... really; but I like 192.168.0.0 because it looks classy. Addresses other than:
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)are said to be "non-routable"; the internet service provider is obviously not going to GIVE you an IP address that is whole or in part the internet; ideally we must get to the internet.
Enter 192.168.0.2
Next; enter a "Subnet Mask" A subnet mask divides the matrices into sections. LOL The Subnet Mask 255.255.255.0 includes the available addresses to immediate affect.
Enter 255.255.255.0
Why is there a Default Gateway Entry? A default gateway will tell you precisely how to get to the next hop. In this case the FreeBSD DMZ is the default gateway. The only difference is the FreeBSD DMZ stays put.
In the FreeBSD console type:
ifconfig fxp1
fxp1: flags=8843 mtu 1500
options=8
inet6 fe80::290:27ff:feac:9085%fxp1 prefixlen 64 scopeid 0x2
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:90:27:ac:90:85
media: Ethernet autoselect (100baseTX)
status: activeThe section "inet" is the default gateway.
Enter 192.168.0.1
The next "field" is "Preferred DNS Server" now this is very dangerous.
Given that when information is contrived, it is again whole or in part, indigent; indicative of self loathing. What information do we have about DNS servers?
Do you remember the Internet Service Provider's Instructions? What were they? What will they be?
Enter 68.87.73.242
Click the OK button
Click the Close Button
Now use a windows program like Secure CRT to access the SU program to login to the root account which will enable you to parse all data correctly.
su -l root
You should see "#"; a pound sign. The pound sign means you are logged in as root.
There are several ways to make a working NATD firewall but so far I have only been able to do it one way:
Make a copy of the GENERIC kernel and add these lines
to the GENERIC file in /usr/src/sys/i386/conf/cp /usr/src/sys/i386/conf/GENERIC /usr/src/sys/i386/conf/SQUIRREL
vi /usr/src/sys/i386/conf/SQUIRREL
options IPFIREWALL
options IPDIVERT
options IPFIREWALL_DEFAULT_TO_ACCEPToptions IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD
2. Change to the /usr/src directory:
cd /usr/src
3. Compile the kernel:
make buildkernel KERNCONF=SQUIRRELWhile the kernel is compiling, do not interrupt the terminal
You can stop this process at anytime by pressing CTRL-C
Building a new kernel takes about two hours to complete with a quad 533mhz pentium III Xeon server. Don't give up even though the terminal may look like it has stopped.
4. Install the new kernel:
make installkernel KERNCONF=SQUIRRELThe new kernel should auto recognize ALL of the hardware
devices on the working system, including multiple network
cards. Connect to the internet however you connect to it
through the first Ethernet device.
If you run into problems, remember ISP's use DHCP to assign
new network addresses to customers unless you request a
static IP.
1. first set up the DNS servers:
edit or create the file /etc/resolv.conf :vi /etc/resolv.conf
search hsd1.va.comcast.net.
nameserver 68.87.73.242
nameserver 68.87.71.226
2. Use the ISP's windows software to register a new account like Comcast; this step is IMPERATIVE. For instance the Comcast cable modem switched network is FULL of windows computers and will not understand what you are doing at all; including but not limited to the help-desk technicians. If you are unsure about anything!; ask the representative to GUIDE you through the WINDOWS installation regardless. Make sure you follow ALL of their instructions to the LETTER.
Then disconnect and change your network cards physical address to your windows machine:
START->RUN->"CMD"
C:\ipconfig /all
Physical Address. . . . . . . . . : 00-08-74-15-61-07
Write this address, 00-08-74-15-61-07 down somewhere
Now edit the file /etc/rc.confvi /etc/rc.conf
ADD ALL THESE LINES AND REMOVE DUPLICATE ENTRIES IN THIS EXACT ORDER:
ifconfig_fxp0="DHCP"
gateway_enable="YES"
firewall_enable="YES"
firewall_type="SIMPLE"
natd_enable="YES"
alias_address="76.111.89.19"
natd_interface="fxp0"
hostname="freebsd.nvita.org"
ifconfig_fxp1="inet 192.168.0.1 netmask 255.255.255.0"
inetd_enable="YES"
linux_enable="YES"
sshd_enable="YES"
tcp_extensions="YES"
lpd_enable="YES"
natd_flags="-f /etc/natd.conf"
usbd_enable="YES"Now that these services are registered to start at boot up
reboot the FreeBSD computer; It won't know what vectors to use until it is rebooted:Press CTRL-ALT-DELETE if you're still a windows person
OR
If I have thoroughly persuaded you type:
shutdown now
Press the ENTER key
#
Press the off button on the console
3. When the computer is rebooted log in as root and manually request a DHCP lease from the ISP and check connectivity using lynx
Whooo @@!...
Physical Address. . . . . . . . . : 00-08-74-15-61-07
Did you get that from the ISP??Now type:
ipfw -f flushifconfig fxp0 ether 00:08:74:15:61:07
dhclient fxp0
DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 4
DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 8
DHCPOFFER from 10.240.217.1
DHCPREQUEST on fxp0 to 255.255.255.255 port 67
DHCPACK from 10.240.217.1
bound to 76.111.89.19 -- renewal in 102668 seconds.Now edit the file /etc/rc.firewall and input the new data into the integrated firewall sub-script. Find and replace the following lines under the SIMPLE section defined in rc.conf with the new data:
# set these to your outside interface network and netmask and ip
oif="fxp0"
onet="76.111.89.0"
omask="255.255.255.0"
oip="76.111.89.19"# set these to your inside interface network and netmask and ip
iif="fxp1"
inet="192.168.0.0"
imask="255.255.255.0"
iip="192.168.0.1"setup_loopback
This file is somewhat complex and difficult to read. rc.firewall is the built-in configurable firewall script included with the FreeBSD distribution. According to the entries made in order in rc.conf; rc.firewall will load entries into a program called ipfw. ipfw is the FreeBSD firewall control program. The previous modifications listed are the only necessary modifications to be made to the file so long as rc.conf is edited with the changes listed in order above. This is fairly exclusive, not many operating systems can do this straight away. The following example makes a working packet stateful firewall that forwards requests on the external interface to several machines on a internal interface. Enter the following in the SIMPLE section of /etc/rc.firewall:
# Allow access to our WWW
${fwcmd} add pass tcp from any to ${oip} 21 setup
${fwcmd} add pass tcp from any to ${oip} 22 setup
${fwcmd} add pass tcp from any to ${oip} 80 setup
${fwcmd} add pass tcp from any to ${oip} 87 setup
${fwcmd} add pass tcp from any to ${oip} 88 setup
${fwcmd} add pass tcp from any to ${oip} 8080 setup
${fwcmd} add pass tcp from any to ${oip} 31337 setup
${fwcmd} add fwd 192.168.0.3,87 tcp from ${oip} to any 87
${fwcmd} add fwd 192.168.0.6,80 tcp from ${oip} to any 88
${fwcmd} add fwd 192.168.0.3,80 tcp from ${oip} to any 31337#Deny SMB shares and printer on external interface
${fwcmd} add deny tcp from any to ${oip} 139 in
${fwcmd} add deny tcp from any to ${oip} 445 in
${fwcmd} add deny tcp from any to ${oip} 515 inNext it is very likely that once you have requested the DHCP lease address from the internet service provider's DHCP pool, that you will receive the same address issued to your MAC address:
00:08:74:15:61:07
Again please do not bother the internet service provider with extraneous information they do not understand; and their computers do not understand. Complete the windows installation FIRST; and every time you have a problem connecting.
Next test connectivity with the lynx web-browser. The lynx web-browser is not included by default. Use the pkg_add utility to install it from a remote source now that internet service is running via fxp0:
Type pkg_add -r lynx
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/lynx.tbz... Done.
Type lynx http://www.google.com
You should see a webpage:
Web Images Maps News Shopping Gmail more v Video Groups Books Scholar Finance Blogs
YouTube Calendar Photos Documents Reader
even more »iGoogle | Sign in
_______________________________________________________
Google Search I'm Feeling Lucky Advanced Search
Preferences
Language ToolsAdvertising Programs - Business Solutions - About Google
©2008 Google
Now, the next step is tricky. We have to get natd to initialize on the interface by doing a DHCP request before it does anything else. The request will fail at boot time but the setup will not.
edit /etc/rc.conf one more time but add the following entry at the very top:
ifconfig_fxp0="ether 00:08:74:15:61:07"
If natd fails for ANY reason it will not re-intialize. Add to but do not take away from it. Write an empty file
vi /etc/natd.conf ESC wq!
There are no logs.Next issue the shutdown command from the SSH terminal but this time add the -r or reboot flag.
shutdown -r now
When the server reboots issue the following commands one more time:
ifconfig fxp0 ether 00:08:74:15:61:07
dhclient fxp0Check connectivity using the lynx browser. You should now see a webpage without using the ipfw -f flush command. This means natd has been parsed correctly.
The Client Server Model is simple. Don't make things hard on yourself.
There
is a Client; and a Server ... I am talking to you; you are talking to
me; now you are talking to me and I am listening. Talking at the same
time is not productive at all. LOL
Each Server PROGRAM uses a
"kernel" or matrices of data that in turn uses a language to
communicate to the Client PROGRAM. That's it.. nothing special; CTRL-C
The
most common language is TCP/IP; TCP/IP protocol uses what are called
PORTS to accommodate 44529 Server PROGRAMS on any given KERNEL.
Each server program that has a running corresponding TCP/IP port can be viewed with the command:
netstat -a
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 squirrel.squirre.8649 192.168.0.6.4505 TIME_WAIT
tcp4 0 0 squirrel.squirre.8649 192.168.0.6.4501 TIME_WAIT
tcp4 0 0 squirrel.squirre.8649 192.168.0.6.4497 TIME_WAIT
tcp4 0 0 squirrel.squirre.8649 192.168.0.6.4493 TIME_WAIT
tcp4 0 0 squirrel.squirre.8649 192.168.0.6.4489 TIME_WAIT
tcp4 0 0 squirrel.squirre.ssh 192.168.0.2.1261 ESTABLISHED
tcp4 0 0 squirrel.squirre.netbi 192.168.0.2.1030 ESTABLISHED
tcp4 0 0 *.ftp *.* LISTEN
tcp4 0 0 *.* *.* CLOSED
tcp46 0 0 *.http *.* LISTEN
This output details the gmond client on port 8649; the ssh server, the netbios SMB server (samba), the FTP server, and the Apache http server. Port nothing is closed. Standardized ports list their names instead of the port number. For example, ssh is port 22, netbios is port 139, ftp is port 21, and http is port 80
Each server program is also assigned a process ID. This process ID makes it easy for the Administrator to stop and start server and client programs. You can view all the processes running on the FreeBSD server by using the top program.top
PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND
64397 mysql 4 20 0 42548K 20396K kserel 42:36 0.00% mysqld
282 root 1 96 0 2488K 1972K select 36:40 0.00% natd
In this example, 64397 is the "mysql" PID and 282 is the "natd" PID
Press CTRL-C to exit the TOP program.
Server programs usually include startup and stop scripts. Each startup and stop script not incorporated by the FreeBSD server can be started at boot time by using astart.sh.
find / -name "astart.sh"
vi /usr/local/etc/rc.d/astart.sh
kldload accf_http
mount -t linprocfs linprocfs /compat/linux/proc
/usr/local/share/mysql/mysql.server
/usr/local/apache2/bin/apachectl start
/usr/local/sbin/apache-tomcat-6.0.18/bin/startup.sh
/usr/local/samba/sbin/smbd
/usr/local/samba/sbin/nmbd
/usr/local/bin/tor --runasdaemon 1
/usr/local/sbin/ganglia_gmond/ganglia-3.1.0/gmond/gmond --conf /usr/local/sbin/ganglia_gmond/ganglia-3.1.0/gmond/gmond.conf
To start a server process, use it's control script. To stop a server process, use that very same control script.
For example to start a samba server:
/usr/local/etc/rc.d/samba.sh.sample start
To stop the samba server:
/usr/local/etc/rc.d/samba.sh.sample stop
To stop an internal process that does not incorporate a control script, view the output of the top program and issue the command:
kill -TERM processid
For example:
kill -TERM 64397
Some programs neither have a control script nor a PID that is listed by the top program. In this case, find the standardized .pid file created by the program that you want to stop. The .pid file only contains a PID number.
find / -name "*.pid"
/usr/local/sbin/ezbounce/ezbounce-1.04c/ezbounce.pid
/usr/local/sbin/mysql-5.0.51a-freebsd6.0-i386/data/c-98-204-175-23.hsd1.va.comcast.net.pid
/usr/local/apache2/logs/httpd.pid
/var/run/natd.pid
/var/run/devd.pid
/var/run/syslog.pid
/var/run/sshd.pid
/var/run/tor/tor.pid
/var/run/cron.pid
/var/run/smbd.pid
/var/run/nmbd.pid
/var/run/rinetd.pidcat /usr/local/sbin/ezbounce/ezbounce-1.04c/ezbounce.pid
33047
kill -TERM 33047
rm -rf /usr/local/sbin/ezbounce/ezbounce-1.04c/ezbounce.pid
The process is started by it's execution and is terminated by the kernel level command "kill"
While you are logged on as the root, you can create additional users. Create a user name "squirrel". Optionally, this username can be the source directory for server programs like the samba SMB server.
Type in a console:
adduser
Username: squirrel
After each entry is complete press the ENTER key. The default entry is the ENTER key.
Full name: squirrel
Uid (Leave empty for default):
Login group [squirrel]:
Login group is squirrel. Invite squirrel into other groups? []:
Login class [default]:
Shell (sh csh tcsh nologin) [sh]:
Home directory [/home/squirrel]:
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password: password
Enter password again: password
Lock out the account after creation? [no]:
Username : squirrelPassword : *****
Full Name : squirrel
Uid : 1005
Class :
Groups : squirrel
Home : /home/squirrelShell : /bin/sh
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (squirrel) to the user database.
Add another user? (yes/no): no
Goodbye!to login as "squirrel" Type:
su -l squirrel
Login as root again:
su -l root
FreeBSD incorporates a "SMB" server that like windows; takes hours of deduction to make it work efficiently as an "Active Directory". Input vectors and other factors contribute to a working Active Directory matrices. Ideally, eliminating SMB netbios broadcasts with a WINS server will drastically improve the efficiency of a small or very large network because every Windows user believe it or not; makes a netbios broadcast at polled intervals adding each new vector to the local or switched traffic.
To install the latest version of samba:
Type cd /usr/local/sbin/
Type lynx http://us3.samba.org/samba/ftp/stable/
Scroll down to the latest version. They are not listed in order by the latest version but by the version number from greatest, latest; least, older.
Select the latest version number in .tar.gz format
Press the enter button
Press the D key
Press the down arrow key to "Save to disk"
Press the enter key
Press the enter key
Press CTRL-C to exit the lynx program
Exiting via interrupt: 2 ...
gunzip samba-NN.tar.gz
Where NN equals the version number of the file name
tar -xvf samba-NN.tar
Go to the newly created directory
cd samba-NN
Go to the source directory
cd source
Compile samba:
./configure
make
make install
The newer version of samba does not include a default configuration file. The server(s) will look for the configuration file in:
/usr/local/samba/lib/smb.conf
Add all these lines to create a simple share level file server:
vi /usr/local/samba/lib/smb.conf
[global]
interfaces = fxp1, 192.168.0.1/255.255.255.0
workgroup = WSQUIRRELSERVER
load printers = yes
log file = /var/log/log.%m
max log size = 50
security = share
SO_RCVBUF=8192SO_SNDBUF=8192
socket options = TCP_NODELAY[homes]
comment = Home Directories
browseable = yes
writeable = yes[printers]
comment = All Printers
path = /var/spool/samba
browseable = yes
guest ok = no
writeable = no
printable = yes[squirrel]
comment = Webserver
public = yes
browseable = yes
writeable = yes
printable = no
path = /usr/home/squirrelThe /usr/home/squirrel directory is the home directory of the user squirrel on the FreeBSD server.
Next make sure you are logged in as root and assign the top level directory specified in the path directive of smb.conf to the nobody group
the "." means the top level directory
cd /usr/home/squirrel
chown nobody .
dr-xr-xr-x 5 nobody operator 512 Mar 14 2007 .
drwxr-xr-x 4 root wheel 512 Mar 1 2007 ..
assign the secondary dir ".." to root.wheel
chown root ..
chgrp wheel ..
Now the user squirrel has access to his or her files via the Samba SMB share level server.
Next create the "pub" directory
mkdir /usr/home/squirrel/pub
chown nobody /usr/home/squirrel/pub
The pub directory will store all of the user ~squirrel 's web server documents.
The nobody group does not exist so no one has rights to write to it but the samba server.
Start the samba server:
/usr/local/samba/sbin/smbd
/usr/local/samba/sbin/nmbd
Now that the samba server is complete; you can configure the client workstations:
Left click "My Computer" on the Windows workstation "desktop" such that it appears to turn BLUE in color. Next, right click the highlighted area. A "drop down menu" will appear.
Left click "Map Network Drive"
A "Dialogue" Box will appear:
Left click the check box "Reconnect at logon"
A check mark will appear.
Next, click the "Browse.." button
A dialogue box will appear:
Double click "Microsoft Windows Network" such that it appears to turn BLUE in color and expands into directory tree.
Netbios broadcasts are turned on by default and the "Microsoft Windows Network" will expand into a directory tree that includes the SMB broadcast messages made by the samba server. The first 14 characters of the name specified in /etc/rc.conf will determine the name the samba includes in SMB broadcast messages.
/usr/local/etc/smb.conf specifies the name of the share windows computers will read. The name of the share we would like to access is "pub" a subfolder of the "squirrel" share specified in "/usr/local/etc/smb.conf"
Left click "pub" such that it appears to turn BLUE in color.
Click the "OK" button.
Click "Finish"
Windows will now display the contents of the samba share as a network drive.
Double left click "My Computer" on the windows desktop. You should see:
Now you have successfully configured your windows workstation!
You can now connect to the FreeBSD server from your windows workstation by using a SSH2 program like Secure CRT and access network data from a windows worksation easily.
What about a .com or a domain?
Visit:
http://www.e3internet.com/
There you can buy a domain name that is updated by the .root DNS servers
http://www.godady.com
Specializes in inexpensive domain names.
http://www.zoneedit.com/signup.html?
Sign up for free to use their DNS servers to direct a domain like giantfood.nl to a cable modem
ROOT SERVERS NET
IP ADDRESS <--->DNS SERVER<----> IP ADDRESS
Since
it's impractical and not conical to use numbers to remember your
favorite internet computer; domain names are names; furthermore
remembering numbers and numerology is drastically different than
phonetics. Microsoft.com is a domain. The difference is that there is a
UNIVERSAL _root_servers RECORD which must be maintained and that is
where the fee is involved; fees are different depending upon their
schedule of services. This initial fee; for instance; the figure $5.95
/yr makes up any number of centralized services by the domain name
solicitor to sell the computer name to you and successfully stay in
contact with the universal world wide ROOT SERVERS NET. Obviously they
are redundant; but having run a DNS server myself; it begins to cache
the records it does have until it is restarted; then they are erased.
How do you prove this? Run the command:
tcpdump -i fxp0 -nN -vvv -xX -s 1500 port 53 > dns_server
Very
strange... If the output is compared and contrasted over several days
you can conclude the "bind" DNS server while staying in contact with
other DNS servers is DRASTICALLY more efficient.
It is therefore
more advantageous to use a DNS server that has been sitting somewhere
for years making billions of queries. However; recently, Network
Solutions has made it nearly impossible to register your own DNS
server. It used to be listed there in the automated forms; but is no
longer there:
For instance: inverselog.com would be registered
initially with the ROOT servers net by internic; then subsequent
records held by network solutions would forward requests to your DNS
server ns1.inverselog.com. The ns1.inverselog.com record would cache
requests between you and network solutions and network solutions would
cache requests with ROOT servers net and you could use
ns1.inverselog.com and ns2.inverselog.com to register as many domain
names as you want. So who runs ROOT servers net?
Aberdeen man!
Anyway, with a cable modem you still don't get a REVERSE delegation unless you need one; that's where it gets military; I guess it's ok with the TV. Oddly, if you have a dialup modem you can get a reverse DNS delegation. For instance all the requests sent to any other server on the internet will know that you ARE
giantfood.nl;
in this case with the cable modem YOU ARE
Type ifconfig fxp0
fxp0: flags=8843 mtu 1500
options=8
inet6 fe80::290:27ff:feac:85d4%fxp0 prefixlen 64 scopeid 0x1
inet 98.218.14.92 netmask 0xffffff00 broadcast 255.255.255.255
ether 00:08:74:15:61:07
media: Ethernet autoselect (100baseTX )
status: active
"98.218.14.92"
I
told E3 internet who keeps up with incendiary .nl and .de domain name
servers that my primary and secondary DNS servers are with free
service, zoneedit.com
Next an exclusive UNIX program called
Apache can serve as a "web server" The Apache webserver is exclusive
because it can host what are called "Virtual Hosts" and "Proxy URL's"
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
Next, it is also advantageous to take
advantage of Personal home Page, and HTML-embedded scripting language.
(PHP) Along with the Apache project, it was originally designed for
simple home page development. PHP has evolved to become and extended
scripting language more capable than CGI (Common Gateway Interface) and
SSI (Server Side Includes).
Thousands of Scripts can be downloaded from around the entire world which includes any number of complex program structures.
Collectively, you can design a PHP "script" which will leave you awestruck.
"Hot Scripts" is an excellent resource for many different kinds of PHP scripts.
http://www.hotscripts.com/PHP/Scripts_and_Programs/index.html
The
Apache web server project has a contingency to become not only a server
program that replies favorably to countless client software programs
called web-browsers; but a project that delivers enhanced features. One
of those features is the ability to use a secondary computer program to
generate additional content. PHP uses the "DSO" "module" a module is a
flexible internal function of the Apache web server. CGI (Common
Gateway Interface) uses the PERL program (Practical Extraction and
Reporting Language). Both CGI and PHP can be used concurrently on a
Apache web server.
In 1989, Tim Berners-Lee proposed to his employer CERN (European Organization for Nuclear Research) a new project, which had the goal of easing the exchange of information between scientists by using a hypertext system.
A Web-Server or "hypertext system", although inherently indicative of it's self; allows scientists to draw their own conclusions more decisively. Wiki-pedia is an excellent example collection of current encylopedia aritcles that are published on the world wide web from thousands of contirbutors.
Copyrights by Wiki-pedia and Cisco Systems and this Web-server are all a subset of nvita.org. Tim Berners-Lee and CERN; are a subset of Wiki-pedia.
In grade school, it is generally known that copyrighted material from a
text book or any other source whether it's copyrighted or not is to be
summarized and or paraphrased to demonstrate a degree of comprehension.
In this case however, things can become somatic and it is important to
be decisive and move forward quickly. For example, in many movies
people are thrown through glass windows. That's not real glass, it's
glass made of sugar that can be easily broken right? Analysis and deduction IS complicated and in some cases carries with it serious consquences and sacrifices. If you have dedicated yourself to staring
in an action film where you have been thrown through glass made of
sugar, chances are you would remember it. Can you avoid being thrown
through a real glass window by being thrown through a window made of
sugar? You and I know; not she and he ... LOL
First download and unzip the latest version of Apache:
Type in a console:
cd /usr/local/sbin/
lynx http://httpd.apache.org/download.cgi
or lynx (press the G key) http://httpd.apache.org/download.cgiPress the down arrow key to "httpd-2.2.8.tar.gz"
Press the enter button
Press the D key
Press the down arrow key to "Save to disk"
Press the enter key
Press the enter key
Press CTRL-C to exit the lynx program
Exiting via interrupt: 2 ...
gunzip httpd-2_0_NN.tar.gz
Where NN equals the version number of the file name
tar -xvf httpd-2_0_NN.tar
Type in a console:
lynx http://www.php.net/downloads.php
Press the "Y" key to allow all cookies
Press the down arrow key to select the latest version in tar.gz format:
Complete Source Code
PHP 5.2.5 (tar.gz)
Press the enter key
Press the down arrow key to select a download mirror:
us.php.net
Press the enter key
Press the down arrow key to "Save to disk"
Press the enter key
Press the enter key
Press CTRL-C to exit the lynx program
Exiting via interrupt: 2 ...
Type where NN equals the version number of the file name
gunzip php-NN.tar.gz
tar -xvf php-NN.tar
The Apache web server can load secure socket layer encryption as part of the 2.0 release, independent of what are called loadable modules. In order to use SSL, the --enable-ssl flag must be specified at the FreeBSD configure command line. This will comple apache webserver with SSL. Loading the kernel with special arguments separate in features to the arrangement or order of reference specified by Apache in relation to the system kernel are null.
Type in a console where NN equals the version of the file:
cd httpd-2_0_NN
./configure --enable-so --enable-ssl
make all
make install
Next start the apache webserver:
/usr/local/apache2/bin/apachectl start
Next test the new server with the lynx browser:
lynx http://127.0.0.1
You should see "it worked" if it worked.
Press CRTL-C
Next stop the apache webserver:
/usr/local/apache2/bin/apachectl stop
Next it also advantageous to take advantage of the MySQL server. The SQL server project is related to the PHP project in so much they work closely together in many different ways. Primarily, MySQL is offered under license with no cost. Like any project, improvements are always made and are released accordingly. However, it's development can be linked all the way back to IBM in 1975. Using MySQL is frustrating and tedious, therefore it is tailored by many different operating system kernels as part of a new release.
Now, if you want to buy a pair of pants with a straight leg and no cuffs; buy a pair of DOCKERS . For example, it would be difficult to explain to the salesman that you want to buy pants with no alterations.
A 30-day evaluation version of MySQL server is free to download from the official MySQL website.
To install MySQL on FreeBSD; use the FreeBSD pgk_add command. pkg_delete deletes a package. pkg_add is also somewhat frustrating to use because if the kernel were updated, the correct repository is used automatically. However, if the FreeBSD kernel is outdated it will use an outdated source.
In a terminal .. type pkg_add -r mysql
Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.1-release/Latest/mysql.tbz: File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.1-release/Latest/mysql.tbz' by URL
Where's that mysql server?
Try:
ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/All/mysql-server-4.0.27.tbz
First you must determine how many I nodes are free. I-nodes create directory entries on a disk partition; just like it is necessary to make sure a network cable is seated securely; a power cord is plugged into the power source firmly; (unplugging a power cord and plugging it back into THE power grid) or the RJ-45 wall plate has a connection to the local hub.
Type: df -hi
Filesystem iused ifree %iused Mounted on
/dev/aacd0s1a 4483 61307 7% /
devfs 0 0 100% /dev
/dev/aacd0s1e 3848 61942 6% /tmp
/dev/aacd0s1f 306459 2378467 11% /usr
/dev/aacd0s1d 282621 1 100% /var
The
default is to create an inode for every (4 * frag-size) bytes of data
space. If fewer inodes are desired, a larger number should be used; to
create more inodes a smaller number should be given. One inode is
required for each distinct file, so this value effectively specifies
the average file size on the file system.
You can see by the output of df
we have only 1 I-node free on the /var file system. It is easy to say
that we can agree and never change; but it far better to know that we
have lived than never loved.
The matrices reads; /var has only one inode free.
Type cd /var
mkdir shoes
/var: create/symlink failed, no inodes free
You can use google to find out what that means:
http://www.google.com/search?hl=en&q=%2Fvar%3A+create%2Fsymlink+failed%2C+no+inodes+free&btnG=Google+Search
The FIRST listing tells us more information about i-nodes:
http://lists.freebsd.org/pipermail/freebsd-questions/2004-May/045547.html
"Short-term, the solution is to delete some files off your /var partition."
Type ls -la /var/spool/clientmqueue
drwxrwx--- 2 smmsp smmsp 264 May 22 20:56 /var/spool/clientmqueue
How do you reproduce that entry if you delete it?
Try google:
http://www.google.com/search?hl=en&q=chmod+drwxrwx---&btnG=Google+Search
http://forums.macosxhints.com/archive/index.php/t-3359.html
"Whoops, sheer laziness and cut and paste got the best of me. Yes, my perms are thus:
drwxrwx--- 2 smmsp smmsp 264 May 22 20:56 /var/spool/clientmqueue
I figured that this:
"sendmail must be a set-group-ID (default group: smmsp, recommended
gid: 25) program to allow for queueing mail in a group-writable
directory"
meant that the perms on sendmail should be:
-r-xr-sr-x
not
-r-sr-xr-x
in
order to be able to write to a group writable dir. Of course, I've done
'sudo chmod g-w /' anyway. Ow this unix 'ease of configuring' is making
my head hurt. Ok, I ain't touchin nuthin, (until I do some post
graduate studies in computer science and am able to understand the
sendmail.org page) since sendmail is working. Thanks for the warning"
Now that we have a better idea of what to do about it:
Type rm -rf /var/spool/clientmqueue
Type vi /var/spool/clientmqueue
Press the ESC key
Type :wq!
Type chmod -r-xr-sr-x /var/spool/clientmqueue
Type chown smmsp /var/spool/clientmqueue
Type chgrp smmsp /var/spool/clientmqueue
df -hi
Filesystem iused ifree %iused Mounted on
/dev/aacd0s1a 4483 61307 7% /
devfs 0 0 100% /dev
/dev/aacd0s1e 3848 61942 6% /tmp
/dev/aacd0s1f 306459 2378467 11% /usr
/dev/aacd0s1d 217794 64828 77% /var64,827 i-nodes were used for the data file clientmqueue; clientmqueue is a data file ....
Now that they are free type:
pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/All/mysql-server-4.0.27.tbz
Mysql is now installed correctly.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/All/mysql-server-4.0.27.tbz... Done.
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/All/mysql-client-4.0.27.tbz... Done.
mysql:*:1004:
You already have a group "mysql", so I will use it.
mysql:*:1004:1004::0:0:MySQL Server:/home/mysql:/bin/sh
You already have a user "mysql", so I will use it.
Now we can complete the PHP portion of the installation. PHP has a secondary libarary that can draw pictures in gif, jpeg, png and xpm formats dynamically. This project called "GD" is important to a large majority of different PHP scripts. GD can create dynamic images; images that do not need to be created by a secondary graphical interface program, but a few instructions to the FreeBSD kernel using the PHP language. PHP is not a standard access nomenclature like dynamic link libraries are to windows (.DLL) and many times will fail for one reason or another. Not very much attention is given to it's limits. Like any library; GD is difficult to install and anything more than installing GD as far as PHP goes is extremely difficult. To get a head start by installing the GD library, there are pre-requisites:
