分类目录归档:linux

设置colinux Debian Lenny

发表于
回复

1.下载
colinux develop:http://www.colinux.org/snapshots/devel-coLinux-20091115.exe
debian lenny image:http://jaist.dl.sourceforge.net/project/colinux/Images%202.6.x%20Debian/Debian%205.0%20Lenny/Debian-5.0r2-lenny.7z
2.安装colinux,解压image到colinux安装目录

ps:root 的密码是colinux,另外有个普通用户colinux,密码也是colinux

可以使用deluser,adduser删除添加用户。
3.设置
1)设置镜像为网易开源镜像站

wget http://mirrors.163.com/.help/sources.list.lenny

mv /etc/apt/sources.list ~/

mv sources.list.lenny /etc/apt/sources.list

apt-get update

注意:会出现如下错误:

W: Failed to fetch http://non-us.debian.org/debian-non-US/dists/lenny/non-US/Release.gpg  Could not resolve ‘non-us.debian.org’

W: Failed to fetch http://non-us.debian.org/debian-non-US/dists/lenny/non-US/main/i18n/Translation-en_US.gz  Could not resolve ‘non-us.debian.org’

据说,non-us已经好久不用了,所以,把包含non-us的一行注释掉就行了。

继续阅读

colinux 新版(0.7.3以后)无法启动网络的问题

发表于
11

今天更新了CoLinux 为最新的稳定版0.7.5,在启动原先0.7.3建立的debian镜像文件时,出现

colinux:~# /etc/init.d/networking restart
>> Reconfiguring network interfaces…SIOCSIFADDR: No such device
>> eth0: ERROR while getting interface flags: No such device
>> SIOCSIFNETMASK: No such device
>> eth0: ERROR while getting interface flags: No such device
>> Failed to bring up eth0.

启动时也有相应的信息。

不管eth0是设置了什么网络,Slirp,tap,pcap或者ndis,都是一样的。

原因:

The problem is: Debian is *trying* to be smart.
Every time CoLinux starts up, it automatically generates a new MAC address
for each adapter, seen here in your log:
configured TAP at ” device as eth0
MAC address: auto generated
configured PCAP bridge at ” device as eth1
MAC address: auto generated
configured Slirp as eth2
MAC address: auto generated
Every time a new MAC address is generated, debian will rename your ethX
device.
Set a MAC address for each adapter in your CoLinux config file and clear
out debian’s previous failed network connections.

 

就是说,debian的智能化处理,每次启动时,为每个网卡自动生成一个新的mac地址,而debian就重新生成一个ethx的设备。

而udev系统有个规则,保存在"/etc/udev/rules.d/z25_persistent-net.rules",只允许里面记录的mac地址的网卡生成。所以导致了失败。

继续阅读

Cooperative Linux 0.7.5 released

发表于
回复 
colinux 发布0.7.5新版,更新如下:
  Version 0.7.5
  * Bug #1959846, #2760666: Don't crash the host, if an other virtualization
    runs in VMX mode.

  Network:
  * Bug #2849262: SLiRP: Active FTP failed with "500 Illegal PORT command".
    Environment COLINUX_HOST_IPADDR overwrites auto detected host ip address.

  Console and daemons:
  * Insert keys from fltk console without keyboard mapping. (Paolo Minazzi)
  * New: NT console WinKey+V paste keys from clipboard. (Vladislav Grishenko)
  * Linux as host: Handle extended keys, for example ALT+CurRight.
  * Automatically add network dependency to coLinux as service.
  * Version informations about binutils and SVN revision added to daemon file.

  Kernel:
  * Remove floating point handling from passage page code. FPU save/restore
    only on demand and only inside Linux guest kernel, if Linux kernel or Linux
    userland needs the FPU. In cases where FPU was not used on Linux guest side,
    the registers of FPU are not touched. That saves some time between operating
    system switches. It's 1 percent (or less) faster now.
  * Increase CO_LINUX_API_VERSION to 13, avoids crashes with older builds.
  * cloop updated to version 2.625
  * Forward plain text panic message instead "terminated with code 3".

  Buildsystem:
  * Bug #2847393: Configure detected wrong program versions. (Steven Chen)

  Updated libraries and tools:
  * w32api 3.13
Download CoLinux 0.7.5

修改iptable设置

发表于
回复

查看table name

cat /proc/net/ip_tables_names
filter
nat

然后 iptables -L -t [table name]   table Name就是上面得到的。

iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination        
REDIRECT   tcp  —  192.168.1.0/24       anywhere            tcp dpt:http redir ports 8080
REDIRECT   tcp  —  192.168.1.0/24       anywhere            tcp dpt:http redir ports 3128

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination   

删除PREROUTING 的规则

iptables -t nat -D PREROUTING 1

 

参考:http://www.example.org.cn/2006/12/iptables.html

squid+havp+clamav搭建防毒代理墙

发表于
回复

系统:CentOS5.2

步骤:

1.安装squid和clamav

yum install squid

yum install clamav clamav-devel

要按照clamav-devel,因为havp安装的时候,需要这个包,rpmforge有这个包

2.下载安装havp-0.88

./configure
make
make install
cp etc/init.d/havp /etc/rc.d/init.d/havp

安装时/etc/init.d/没有havp启动脚本,必须手动copy

3.配置havp

vi /usr/local/etc/havp/havp.config

### 註解以下這行
#REMOVETHISLINE deleteme

### ClamAV Library Scanner (libclamav) → 由 HAVP 直接取用 ClamAV 的病毒資料庫
ENABLECLAMLIB true

##yum安装的,注释掉
#CLAMDBDIR /usr/local/share/clamav

TRANSPARENT false

### 理論上越多的執行緒效能效能越好, 但仍需視伺服器資源而定
SERVERNUMBER 40
MAXSERVERS 200

### 只記錄 error log. 較少的 Log 記錄可減輕伺服器負擔
LOGLEVEL 0

### 使用 RAM Disk 處理暫存檔案可獲得最佳效能
TEMPDIR /var/tmp/havp

### 不對圖片檔掃毒, 可減輕 CPU 負擔
SCANIMAGES false

4.设置havp的TEMPDIR

dd if=/dev/zero of=/root/havp_tmp.img bs=128K count=1 seek=1024 (建立 128MB Virtual Disk)
mkfs.ext2 /root/havp_tmp.img
mount -o loop,mand /root/havp_tmp.img /var/tmp/havp

编辑/etc/fstab,添加

/root/havp_tmp.img      /var/tmp/havp           ext2    mand,loop       0 0

5.设置squid

# vi /etc/squid/squid.conf

acl mynet src 192.168.1.0/24 (你内网的网段)
http_access allow mynet (放在http_access deny all之上)

HAVP + Squid
HAVP is Parent Proxy
修改 squid.conf, 設定 Parent Proxy 為本機的 8080 port

#acl all src 0.0.0.0/0.0.0.0
cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
cache_peer_access 127.0.0.1 allow all
#Only http traffic can be scanned
acl Scan_HTTP proto HTTP
never_direct allow Scan_HTTP

Proxy 指向Squid:3128
修改 squid.conf, 讓 Squid 變成透明代理 (請參考 “這篇” )

iptables -t nat -A PREROUTING -p tcp -s 192.168.0.0/24 –dport 80 -j REDIRECT –to-port 3128

 

5.启动

/etc/init.d/havp start
/etc/init.d/squid start

测试eicar – Anti-Virus test file

结果:

image

参考:使用 HAVP + ClamAV 建置防毒 HTTP Proxy

havp无法写入scannerfiles错误

发表于
回复

参考:Jamyy’s Weblog: 使用 HAVP + ClamAV 建置防毒 HTTP Proxy

写得非常的详细。

当中遇到一个问题,就是设置havp的TEMPDIR的时候,我先前使用的是使用内存的方法,就是

mkfs -t ext2 /dev/ram0 8192 (建立 8MB RAM Disk)
mount -o mand /dev/ram0 /var/tmp/havp

然后设置权限,之类的,完全没有问题的

但是启动的时候,出现:

Starting HAVP …
Starting HAVP Version: 0.88
Too many tries – Exiting..

查看日志error.log

15/07/2008 16:36:38 Could not write to Scannerfile: /var/tmp/havp/havp-tdpVGs
15/07/2008 16:36:39 Could not write to Scannerfile: /var/tmp/havp/havp-GjwJ5A
15/07/2008 16:36:40 Could not write to Scannerfile: /var/tmp/havp/havp-sVVytK
15/07/2008 16:36:41 Could not write to Scannerfile: /var/tmp/havp/havp-bNRpQU

查看权限,都是没有问题的,所有者也都OK。

后,尝试使用硬盘文件,就是方法b

dd if=/dev/zero of=/root/havp_tmp.img bs=128K count=1 seek=1024 (建立 128MB Virtual Disk)
mkfs.ext2 /root/havp_tmp.img
mount -o loop,mand /root/havp_tmp.img /var/tmp/havp

在设置了权限之后,完全OK 。

终于搞定了。

CentOS5.1 痛苦安装经历

发表于
回复

花了三天时间,终于是把CentOS5.1给装上了,痛苦啊

 

1.花一个晚上下载6张的iso盘

2.刻盘,

       原来有CentOS5.0的cd-rw盘,可惜,怎么刻都是错误,nero提示无法结束区段……,期间刻录软件由ones换成nero 8 lite,两台刻录机轮着试……

      后来,才发现,上次刻录时,A、B盘已经是final刻录,怪不得。用C盘刻,OK。另外拿了三四张的cd-R盘,看得前台用很质疑的眼光看着我……还好,后来基本上一切顺利。感觉还是nero 好用。

继续阅读

andLinux – 在Windows中直接运行Linux程序

发表于
回复

 

andLinux是一个完整的Ubuntu Linux系统,它能够直接运行于Windows 2000/XP/2003和Vista的32位版本上,它由GP2X社区负责维护,而且是永久免费的.
andLinux基于CoLinux开发的技术,它提供了一个让Windows连接Linux内核的接口,虽然这技术有点像VMware和VPC,但这并不是一个简单的模拟器,看完图你就知道了.

访问:andLinux

cnBeta.COM_Linux_ andLinux – 在Windows中直接运行Linux程序