Linux:Synchronet: Difference between revisions
| (10 intermediate revisions by the same user not shown) | |||
| Line 22: | Line 22: | ||
| It seems Ubuntu doesn't come with a default locale. Since we're working with software written in English and most likely you can read English, we're go with US English for now by using en_US.UTF-8. If you know your own locale setting then feel free to choose that. | It seems Ubuntu doesn't come with a default locale. Since we're working with software written in English and most likely you can read English, we're go with US English for now by using en_US.UTF-8. If you know your own locale setting then feel free to choose that. | ||
|    dpkg-reconfigure locales | |||
| Select the locale for your area and choose OK to generate the proper locale. You may need to logout and back in again. en_US.UTF-8 is what we'll use for US systems. | |||
| Line 63: | Line 63: | ||
| * Now we need to install a bunch of packages that we'll need to build the SBBS package, plus some other useful tools. Some may be pre-installed by your provider depending on how they build their image. You will be told about additional packages that will be installed if they are needed. Some may not be needed if you're not going to use zoo or arc compression, for example, but at least they will be there if you need them.   | * Now we need to install a bunch of packages that we'll need to build the SBBS package, plus some other useful tools. Some may be pre-installed by your provider depending on how they build their image. You will be told about additional packages that will be installed if they are needed. Some may not be needed if you're not going to use zoo or arc compression, for example, but at least they will be there if you need them.   | ||
|    apt-get install gcc g++ cpp dos2unix socat zoo arj arc  libperl-dev zlibc zlib1g-dev libbz2-dev zip mawk autotools-dev automake autoconf xutils-dev cvs netcat netcat-traditional iptables-persistent libnspr4-dev libnspr4 libncurses5-dev libtinfo-dev  bzip2-doc cpp-5 g++-5 gcc-5 gcc-5-base libasan2 libatomic1 libc-dev-bin libc6 libc6-dev libcc1-0 libcilkrts5 libgcc-5-dev libgomp1 libtool flex bison libbison-dev libfl-dev libisl15 libitm1 liblsan0 libltdl-dev libmpc3 libmpx0 libquadmath0 libstdc++-5-dev libstdc++6 libtsan0 libubsan0 linux-libc-dev manpages-dev netfilter-persistent zlib1g dpkg-dev fakeroot libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libdpkg-perl libfakeroot pkg-config autoconf2.13 libfile-fcntllock-perl libopts25 ntp bind9-host dnsutils libbind9-140 libdns162 libisc160 libisccfg140 liblwres141 binkd |    apt-get install gcc g++ cpp dos2unix socat zoo arj arc  libperl-dev zlibc zlib1g-dev libbz2-dev zip mawk autotools-dev automake autoconf xutils-dev cvs netcat netcat-traditional iptables-persistent libnspr4-dev libnspr4 libncurses5-dev libtinfo-dev  bzip2-doc cpp-5 g++-5 gcc-5 gcc-5-base libasan2 libatomic1 libc-dev-bin libc6 libc6-dev libcc1-0 libcilkrts5 libgcc-5-dev libgomp1 libtool flex bison libbison-dev libfl-dev libisl15 libitm1 liblsan0 libltdl-dev libmpc3 libmpx0 libquadmath0 libstdc++-5-dev libstdc++6 libtsan0 libubsan0 linux-libc-dev manpages-dev netfilter-persistent zlib1g dpkg-dev fakeroot libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libdpkg-perl libfakeroot pkg-config autoconf2.13 libfile-fcntllock-perl libopts25 ntp bind9-host dnsutils libbind9-140 libdns162 libisc160 libisccfg140 liblwres141 dosemu binkd gkermit exuberant-ctags | ||
| Line 86: | Line 86: | ||
| * Add a user for your BBS to run under. Run the addsuer command and fill in any of the details you wish to and create a password. | * Add a user for your BBS to run under. Run the addsuer command and fill in any of the details you wish to and create a password. | ||
|    adduser bbs | |||
| Line 131: | Line 131: | ||
| * Verify that sshd is now listening on port 24 | * Verify that sshd is now listening on port 24 | ||
|    netstat -anp|grep  |    netstat -anp|grep sshd | ||
| You should see a LISTEN line with 0.0.0.0:24   | You should see a LISTEN line with 0.0.0.0:24   | ||
| Line 137: | Line 137: | ||
| * You'll need to enter a number of iptables commands. I'll explain each one. | * You'll need to enter a number of iptables commands. I'll explain each one. | ||
|   iptables -F INPUT | |||
|    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
|    iptables -A INPUT -s yy.yy.yy.yy/32 -p tcp -m state --state NEW -m tcp --dport 24 -j ACCEPT |    iptables -A INPUT -s yy.yy.yy.yy/32 -p tcp -m state --state NEW -m tcp --dport 24 -j ACCEPT | ||
|    iptables -A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports 6667,10088,11100,1700,1800,2000,2100,2200,2300,2500,7000 -j ACCEPT |    iptables -A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports 6667,10088,11100,1700,1800,2000,2100,2200,2300,2500,7000 -j ACCEPT | ||
|    iptables -A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports 7900,8000,11000,11900,44300,11100,24554 -j ACCEPT |    iptables -A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports 7900,8000,11000,11900,44300,11100,24554,58700, 51300 -j ACCEPT | ||
|    iptables -A INPUT -p udp -m state --state NEW -m udp -m multiport --dports 1700,1800,7900 -j ACCEPT |    iptables -A INPUT -p udp -m state --state NEW -m udp -m multiport --dports 1700,1800,7900 -j ACCEPT | ||
|    iptables -A INPUT -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 62000:64000 -j ACCEPT |    iptables -A INPUT -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 62000:64000 -j ACCEPT | ||
| Line 148: | Line 148: | ||
|    iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited |    iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited | ||
| Line 1 allows established connections to continue without having to try and match the rule again. This is here for speed. |   Line 1 flushes the table so there's nothing to interfere<br> | ||
| Line  |   Line 2 allows established connections to continue without having to try and match the rule again. This is here for speed.<br> | ||
| line  |   Line 3 Replace yy.yy.yy.yy with your IP address. This is your way into your box. You can add multiple lines if you have multiple places you may wish to login from. If your IP address is rather dynamic then you'll want to probably leave out the -s yy.yy.yy.yy otherwise you'll be locked out of your box.<br> | ||
| Line  |   line 4-5 these are the TCP ports we're going to accept. They're the base port with 00 added on for those under 1024 except for 11100. For example port 2300 will be used for telnet access and will be redirected there from port 23. Not all these ports may be used so if you don't plan on using the ircd you can leave off 6667. You can specify upto 15 ips per line.<br> | ||
| Line  |   Line 6 same as above but for UDP services.<br> | ||
| Line  |   Line 7 are TCP ports used for passive ftp. If you're not going to use ftp then you can leave out ports 2000, 2100, and line 6.<br> | ||
| Line  |   Line 8 allows you to accept ping requests from your local ip. If you don't want people to ping your box then include this line.<br> | ||
| Line  |   Line 9 Always accept connections on localhost.<br> | ||
|   Line 10 Reject everything else.<br> | |||
| * Now you need to create NAT rules to redirect from the lower ports | * Now you need to create NAT rules to redirect from the lower ports | ||
| Line 174: | Line 175: | ||
|    iptables -t nat -A PREROUTING -p tcp -m tcp --dport 119 -j DNAT --to-destination xx.xx.xx.xx:11900 |    iptables -t nat -A PREROUTING -p tcp -m tcp --dport 119 -j DNAT --to-destination xx.xx.xx.xx:11900 | ||
|    iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j DNAT --to-destination xx.xx.xx.xx:44300 |    iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j DNAT --to-destination xx.xx.xx.xx:44300 | ||
|   iptables -t nat -A PREROUTING -p tcp -m tcp --dport 513 -j DNAT --to-destination xx.xx.xx.xx:51300 | |||
|   iptables -t nat -A PREROUTING -p tcp -m tcp --dport 587 -j DNAT --to-destination xx.xx.xx.xx:58700 | |||
|    iptables -t nat -A PREROUTING -p udp -m udp --dport 11 -j DNAT --to-destination xx.xx.xx.xx:11100 |    iptables -t nat -A PREROUTING -p udp -m udp --dport 11 -j DNAT --to-destination xx.xx.xx.xx:11100 | ||
|    iptables -t nat -A PREROUTING -p udp -m udp --dport 17 -j DNAT --to-destination xx.xx.xx.xx:1700 |    iptables -t nat -A PREROUTING -p udp -m udp --dport 17 -j DNAT --to-destination xx.xx.xx.xx:1700 | ||
Latest revision as of 00:26, 31 October 2017
Introduction
Synchronet (known as SBBS) is an all encompassing bulletin board software written by Rob Swindell that includes many integrated features such as servers for smtp, ftp, nntp (news), www, gopher plus more, along with QWK and Fidonet compatibility.
It compiles cleanly on Ubuntu 16.04 LTS Linux release which is available to any home user and many VPS providers.
In this wiki, I will walk you through setting up SBBS from start to finish including everything you need to get going on the Linux side.
Since you have chosen to use Linux, I'll assume that you know the basics such as how to edit files using vim or other editor of your choice, how to change directories, list, copy, and find files and other basic tasks. At the very least if you're unable to login as root then maybe you should try the Windows version.
Setting up the Linux environment
Since the only thing I will be running on my server is SBBS, I want to remove all the other packages that may interfere with it. If your host is also a mail server, you may have problems having SBBS also be a mail server until you have two ip addresses. This will be covered later. Since you can get a VPS for around $20 a year, I recommend getting a dedicated box for your BBS.
- Login to your system as root. In most Ubuntu examples they have you use a regular user with sudo and you're free to do that. I find it time consuming and this will speed you through quicker. Most VPS providers enable ssh as root by default.
- generate a locale for your box.
It seems Ubuntu doesn't come with a default locale. Since we're working with software written in English and most likely you can read English, we're go with US English for now by using en_US.UTF-8. If you know your own locale setting then feel free to choose that.
dpkg-reconfigure locales
Select the locale for your area and choose OK to generate the proper locale. You may need to logout and back in again. en_US.UTF-8 is what we'll use for US systems.
- Set the correct timezone. Use the timezone selection utility
dpkg-reconfigure tzdata
Select your geographic area then the city or region. The result will be the new current default timezone, the time and the UTC time.
- Remove the packages that we don't need. Since I am not going to be running a separate web server, mail server or using samba, I'm going to remove those pages. It saves disk space, processor usage and makes updates quicker.
apt-get remove apache2 apache2-bin apache2-data apache2-doc apache2-mpm-prefork apache2-utils bind9utils ldap-utils libldap-2.4-2 python-samba samba samba-common samba-common-bin samba-libs bsd-mailx postfix
- Once those packages are removed then it's time to make sure your system is updated to the latest and greatest.
vi /etc/apt/sources.list
add the following source to the top of the list
deb http://mirrors.kernel.org/ubuntu xenial main multiverse
- Update the sources
apt-get update
- Finally upgrade your packages to the latest
apt-get upgrade
At this stage you may wish to reboot to ensure that everything comes up clean. If you're happy then we can proceed.
- Now we need to install a bunch of packages that we'll need to build the SBBS package, plus some other useful tools. Some may be pre-installed by your provider depending on how they build their image. You will be told about additional packages that will be installed if they are needed. Some may not be needed if you're not going to use zoo or arc compression, for example, but at least they will be there if you need them.
apt-get install gcc g++ cpp dos2unix socat zoo arj arc libperl-dev zlibc zlib1g-dev libbz2-dev zip mawk autotools-dev automake autoconf xutils-dev cvs netcat netcat-traditional iptables-persistent libnspr4-dev libnspr4 libncurses5-dev libtinfo-dev bzip2-doc cpp-5 g++-5 gcc-5 gcc-5-base libasan2 libatomic1 libc-dev-bin libc6 libc6-dev libcc1-0 libcilkrts5 libgcc-5-dev libgomp1 libtool flex bison libbison-dev libfl-dev libisl15 libitm1 liblsan0 libltdl-dev libmpc3 libmpx0 libquadmath0 libstdc++-5-dev libstdc++6 libtsan0 libubsan0 linux-libc-dev manpages-dev netfilter-persistent zlib1g dpkg-dev fakeroot libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libdpkg-perl libfakeroot pkg-config autoconf2.13 libfile-fcntllock-perl libopts25 ntp bind9-host dnsutils libbind9-140 libdns162 libisc160 libisccfg140 liblwres141 dosemu binkd gkermit exuberant-ctags
Answer Yes to save ipv4 and ipv6 rules and OK the warning about the kernel.
- As soon as the packages are installed you need to stop binkd since we'll be making a change to the startup parameters.
systemctl stop binkd
- edit the binkd startup script and change ftn to bbs for both User and Group.
vi /lib/systemd/system/binkd.service
- reload in the systemd config
systemctl daemon-reload
- Add a user for your BBS to run under. Run the addsuer command and fill in any of the details you wish to and create a password.
adduser bbs
- Edit the bashrc to add in some environment variables that'll be needed
vi /home/bbs/.bashrc
Add the following 3 lines to the bottom
export PATH=$PATH:/sbbs/exec export SBBSCTRL=/sbbs/ctrl export SBBSNODE=/sbbs/node1
- For ease of use and make it easy to follow the SBBS documentation create a directory, symbolic link and change some ownerships to make it all work together
mkdir /home/bbs/sbbs
ln -s /home/bbs/sbbs /sbbs
chown -R bbs. /var/log/binkd /etc/binkd/binkd.* /var/run/ftn /home/bbs/sbbs
- Install the ansi-bb file for proper compatibility.
wget http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/install/terminfo
tic terminfo
At this stage your system is in a state where you can install sbbs however due to security I don't run on any ports under 1024 natively. I use iptables NAT redirection to accomplish that. If you don't want run on the lower ports then you're welcome to skip this section but you should be familiar with securing your system.
iptables
- Since I am going to have my BBS listen on port 22 for ssh connections, I will need to move sshd out of the way.
vi /etc/ssh/sshd_config
change Change Port 22 to port 24 in the sshd_config file then restart sshd
systemctl restart sshd
- Verify that sshd is now listening on port 24
netstat -anp|grep sshd
You should see a LISTEN line with 0.0.0.0:24
- You'll need to enter a number of iptables commands. I'll explain each one.
iptables -F INPUT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -s yy.yy.yy.yy/32 -p tcp -m state --state NEW -m tcp --dport 24 -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports 6667,10088,11100,1700,1800,2000,2100,2200,2300,2500,7000 -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports 7900,8000,11000,11900,44300,11100,24554,58700, 51300 -j ACCEPT iptables -A INPUT -p udp -m state --state NEW -m udp -m multiport --dports 1700,1800,7900 -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 62000:64000 -j ACCEPT iptables -A INPUT -s yy.yy.yy.yy/32 -p icmp -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
Line 1 flushes the table so there's nothing to interfere
Line 2 allows established connections to continue without having to try and match the rule again. This is here for speed.
Line 3 Replace yy.yy.yy.yy with your IP address. This is your way into your box. You can add multiple lines if you have multiple places you may wish to login from. If your IP address is rather dynamic then you'll want to probably leave out the -s yy.yy.yy.yy otherwise you'll be locked out of your box.
line 4-5 these are the TCP ports we're going to accept. They're the base port with 00 added on for those under 1024 except for 11100. For example port 2300 will be used for telnet access and will be redirected there from port 23. Not all these ports may be used so if you don't plan on using the ircd you can leave off 6667. You can specify upto 15 ips per line.
Line 6 same as above but for UDP services.
Line 7 are TCP ports used for passive ftp. If you're not going to use ftp then you can leave out ports 2000, 2100, and line 6.
Line 8 allows you to accept ping requests from your local ip. If you don't want people to ping your box then include this line.
Line 9 Always accept connections on localhost.
Line 10 Reject everything else.
- Now you need to create NAT rules to redirect from the lower ports
iptables -t nat -F PREROUTING iptables -t nat -A PREROUTING -p tcp -m tcp --dport 11 -j DNAT --to-destination xx.xx.xx.xx:11100 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 17 -j DNAT --to-destination xx.xx.xx.xx:1700 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 18 -j DNAT --to-destination xx.xx.xx.xx:1800 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 20 -j DNAT --to-destination xx.xx.xx.xx:2000 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 21 -j DNAT --to-destination xx.xx.xx.xx:2100 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 22 -j DNAT --to-destination xx.xx.xx.xx:2200 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 23 -j DNAT --to-destination xx.xx.xx.xx:2300 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 25 -j DNAT --to-destination xx.xx.xx.xx:2500 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 70 -j DNAT --to-destination xx.xx.xx.xx:7000 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 79 -j DNAT --to-destination xx.xx.xx.xx:7900 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination xx.xx.xx.xx:8000 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 110 -j DNAT --to-destination xx.xx.xx.xx:11000 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 119 -j DNAT --to-destination xx.xx.xx.xx:11900 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j DNAT --to-destination xx.xx.xx.xx:44300 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 513 -j DNAT --to-destination xx.xx.xx.xx:51300 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 587 -j DNAT --to-destination xx.xx.xx.xx:58700 iptables -t nat -A PREROUTING -p udp -m udp --dport 11 -j DNAT --to-destination xx.xx.xx.xx:11100 iptables -t nat -A PREROUTING -p udp -m udp --dport 17 -j DNAT --to-destination xx.xx.xx.xx:1700 iptables -t nat -A PREROUTING -p udp -m udp --dport 18 -j DNAT --to-destination xx.xx.xx.xx:1800 iptables -t nat -A PREROUTING -p udp -m udp --dport 79 -j DNAT --to-destination xx.xx.xx.xx:7900
Replace xx.xx.xx.xx with your server's ip address. These lines will redirect the incoming connections to the higher ports. Any connections you don't wish to accept you can leave out. For example, if you're not going to accept ftp traffic you can leave out the redirection from port 20 and 21.
- save the rules and reload iptables
iptables-save > /etc/iptables/rules.v4
systemctl reload netfilter-persistent
- verify your iptables rules are in place
iptables -nL INPUT
iptables -t nat -nL PREROUTING
If you wish to use ipv6 that is a separate conversation that will be addressed later.
sbbs installation
If you are in a rush you can refer to http://wiki.synchro.net/install:nix