Linux:Synchronet

From Nigel's Wiki
Jump to navigation Jump to search


Introduction

Synchronet (known as SBBS) is an all encompassing bulletin board software written by Rob Swindell that includes many integrated features such as servers for smtp, ftp, nntp (news), www, gopher plus more, along with QWK and Fidonet compatibility.

It compiles cleanly on Ubuntu 16.04 LTS Linux release which is available to any home user and many VPS providers.

In this wiki, I will walk you through setting up SBBS from start to finish including everything you need to get going on the Linux side.

Since you have chosen to use Linux, I'll assume that you know the basics such as how to edit files using vim or other editor of your choice, how to change directories, list, copy, and find files and other basic tasks. At the very least if you're unable to login as root then maybe you should try the Windows version.

Setting up the Linux environment

Since the only thing I will be running on my server is SBBS, I want to remove all the other packages that may interfere with it. If your host is also a mail server, you may have problems having SBBS also be a mail server until you have two ip addresses. This will be covered later. Since you can get a VPS for around $20 a year, I recommend getting a dedicated box for your BBS.

  • Login to your system as root. In most Ubuntu examples they have you use a regular user with sudo and you're free to do that. I find it time consuming and this will speed you through quicker. Most VPS providers enable ssh as root by default.


  • generate a locale for your box.

It seems Ubuntu doesn't come with a default locale. Since we're working with software written in English and most likely you can read English, we're go with US English for now by using en_US.UTF-8. If you know your own locale setting then feel free to choose that. 

 dpkg-reconfigure locales

Select the locale for your area and choose OK to generate the proper locale. You may need to logout and back in again. en_US.UTF-8 is what we'll use for US systems.


  • Set the correct timezone. Use the timezone selection utility
 dpkg-reconfigure tzdata

Select your geographic area then the city or region. The result will be the new current default timezone, the time and the UTC time.


  • Remove the packages that we don't need. Since I am not going to be running a separate web server, mail server or using samba, I'm going to remove those pages. It saves disk space, processor usage and makes updates quicker.
 apt-get remove apache2 apache2-bin apache2-data apache2-doc apache2-mpm-prefork apache2-utils bind9utils ldap-utils libldap-2.4-2 python-samba samba samba-common samba-common-bin samba-libs bsd-mailx postfix


  • Once those packages are removed then it's time to make sure your system is updated to the latest and greatest.
 vi /etc/apt/sources.list

add the following source to the top of the list 

 deb http://mirrors.kernel.org/ubuntu xenial main multiverse


  • Update the sources
 apt-get update


  • Finally upgrade your packages to the latest
 apt-get upgrade

At this stage you may wish to reboot to ensure that everything comes up clean. If you're happy then we can proceed.


  • Now we need to install a bunch of packages that we'll need to build the SBBS package, plus some other useful tools. Some may be pre-installed by your provider depending on how they build their image. You will be told about additional packages that will be installed if they are needed. Some may not be needed if you're not going to use zoo or arc compression, for example, but at least they will be there if you need them.
 apt-get install gcc g++ cpp dos2unix socat zoo arj arc  libperl-dev zlibc zlib1g-dev libbz2-dev zip mawk autotools-dev automake autoconf xutils-dev cvs netcat netcat-traditional iptables-persistent libnspr4-dev libnspr4 libncurses5-dev libtinfo-dev  bzip2-doc cpp-5 g++-5 gcc-5 gcc-5-base libasan2 libatomic1 libc-dev-bin libc6 libc6-dev libcc1-0 libcilkrts5 libgcc-5-dev libgomp1 libtool flex bison libbison-dev libfl-dev libisl15 libitm1 liblsan0 libltdl-dev libmpc3 libmpx0 libquadmath0 libstdc++-5-dev libstdc++6 libtsan0 libubsan0 linux-libc-dev manpages-dev netfilter-persistent zlib1g dpkg-dev fakeroot libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libdpkg-perl libfakeroot pkg-config autoconf2.13 libfile-fcntllock-perl libopts25 ntp bind9-host dnsutils libbind9-140 libdns162 libisc160 libisccfg140 liblwres141 dosemu binkd gkermit exuberant-ctags


Answer Yes to save ipv4 and ipv6 rules and OK the warning about the kernel.


  • As soon as the packages are installed you need to stop binkd since we'll be making a change to the startup parameters.
 systemctl stop binkd


  • edit the binkd startup script and change ftn to bbs for both User and Group.
 vi /lib/systemd/system/binkd.service


  • reload in the systemd config
 systemctl daemon-reload
  • Add a user for your BBS to run under. Run the addsuer command and fill in any of the details you wish to and create a password.
 adduser bbs


  • Edit the bashrc to add in some environment variables that'll be needed
 vi /home/bbs/.bashrc

Add the following 3 lines to the bottom 

 export PATH=$PATH:/sbbs/exec
 export SBBSCTRL=/sbbs/ctrl
 export SBBSNODE=/sbbs/node1


  • For ease of use and make it easy to follow the SBBS documentation create a directory, symbolic link and change some ownerships to make it all work together
 mkdir /home/bbs/sbbs

 ln -s /home/bbs/sbbs /sbbs

 chown -R bbs. /var/log/binkd  /etc/binkd/binkd.*  /var/run/ftn /home/bbs/sbbs


  • Install the ansi-bb file for proper compatibility.
 wget http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/install/terminfo

 tic terminfo


At this stage your system is in a state where you can install sbbs however due to security I don't run on any ports under 1024 natively. I use iptables NAT redirection to accomplish that. If you don't want run on the lower ports then you're welcome to skip this section but you should be familiar with securing your system.

iptables

  • Since I am going to have my BBS listen on port 22 for ssh connections, I will need to move sshd out of the way.
 vi /etc/ssh/sshd_config

change Change Port 22 to port 24 in the sshd_config file then restart sshd 

 systemctl restart sshd
  • Verify that sshd is now listening on port 24
 netstat -anp|grep sshd

You should see a LISTEN line with 0.0.0.0:24

  • You'll need to enter a number of iptables commands. I'll explain each one.
 iptables -F INPUT
 iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 iptables -A INPUT -s yy.yy.yy.yy/32 -p tcp -m state --state NEW -m tcp --dport 24 -j ACCEPT
 iptables -A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports 6667,10088,11100,1700,1800,2000,2100,2200,2300,2500,7000 -j ACCEPT
 iptables -A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports 7900,8000,11000,11900,44300,11100,24554,58700, 51300 -j ACCEPT
 iptables -A INPUT -p udp -m state --state NEW -m udp -m multiport --dports 1700,1800,7900 -j ACCEPT
 iptables -A INPUT -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 62000:64000 -j ACCEPT
 iptables -A INPUT -s yy.yy.yy.yy/32 -p icmp -j ACCEPT
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited

 Line 1 flushes the table so there's nothing to interfere

 Line 2 allows established connections to continue without having to try and match the rule again. This is here for speed.

 Line 3 Replace yy.yy.yy.yy with your IP address. This is your way into your box. You can add multiple lines if you have multiple places you may wish to login from. If your IP address is rather dynamic then you'll want to probably leave out the -s yy.yy.yy.yy otherwise you'll be locked out of your box.

 line 4-5 these are the TCP ports we're going to accept. They're the base port with 00 added on for those under 1024 except for 11100. For example port 2300 will be used for telnet access and will be redirected there from port 23. Not all these ports may be used so if you don't plan on using the ircd you can leave off 6667. You can specify upto 15 ips per line.

 Line 6 same as above but for UDP services.

 Line 7 are TCP ports used for passive ftp. If you're not going to use ftp then you can leave out ports 2000, 2100, and line 6.

 Line 8 allows you to accept ping requests from your local ip. If you don't want people to ping your box then include this line.

 Line 9 Always accept connections on localhost.

 Line 10 Reject everything else.
  • Now you need to create NAT rules to redirect from the lower ports
 iptables -t nat -F PREROUTING
 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 11 -j DNAT --to-destination xx.xx.xx.xx:11100
 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 17 -j DNAT --to-destination xx.xx.xx.xx:1700
 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 18 -j DNAT --to-destination xx.xx.xx.xx:1800
 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 20 -j DNAT --to-destination xx.xx.xx.xx:2000
 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 21 -j DNAT --to-destination xx.xx.xx.xx:2100
 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 22 -j DNAT --to-destination xx.xx.xx.xx:2200
 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 23 -j DNAT --to-destination xx.xx.xx.xx:2300
 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 25 -j DNAT --to-destination xx.xx.xx.xx:2500
 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 70 -j DNAT --to-destination xx.xx.xx.xx:7000
 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 79 -j DNAT --to-destination xx.xx.xx.xx:7900
 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination xx.xx.xx.xx:8000
 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 110 -j DNAT --to-destination xx.xx.xx.xx:11000
 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 119 -j DNAT --to-destination xx.xx.xx.xx:11900
 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j DNAT --to-destination xx.xx.xx.xx:44300
 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 513 -j DNAT --to-destination xx.xx.xx.xx:51300
 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 587 -j DNAT --to-destination xx.xx.xx.xx:58700
 iptables -t nat -A PREROUTING -p udp -m udp --dport 11 -j DNAT --to-destination xx.xx.xx.xx:11100
 iptables -t nat -A PREROUTING -p udp -m udp --dport 17 -j DNAT --to-destination xx.xx.xx.xx:1700
 iptables -t nat -A PREROUTING -p udp -m udp --dport 18 -j DNAT --to-destination xx.xx.xx.xx:1800
 iptables -t nat -A PREROUTING -p udp -m udp --dport 79 -j DNAT --to-destination xx.xx.xx.xx:7900

Replace xx.xx.xx.xx with your server's ip address. These lines will redirect the incoming connections to the higher ports. Any connections you don't wish to accept you can leave out. For example, if you're not going to accept ftp traffic you can leave out the redirection from port 20 and 21.

  • save the rules and reload iptables
 iptables-save > /etc/iptables/rules.v4

 systemctl reload netfilter-persistent
  • verify your iptables rules are in place
 iptables -nL INPUT

 iptables -t nat -nL PREROUTING

If you wish to use ipv6 that is a separate conversation that will be addressed later.

sbbs installation

If you are in a rush you can refer to http://wiki.synchro.net/install:nix

Test 3

Test 4

Retrieved from "https://wiki.nigelreed.net/index.php?title=Linux:Synchronet&oldid=46"