[prev in list] [next in list] [prev in thread] [next in thread]
List: leaf-cvs-commits
Subject: [Leaf-cvs-commits] devel/jnilo/documentation/packages daemontl.xml,1.2,1.3 djbutil.xml,1.2,1.3 dnsca
From: Mike Noyes <mhnoyes () users ! sourceforge ! net>
Date: 2004-01-19 21:27:37
Message-ID: E1Aigvp-0000FI-00 () sc8-pr-cvs1 ! sourceforge ! net
[Download RAW message or body]
Update of /cvsroot/leaf/devel/jnilo/documentation/packages
In directory sc8-pr-cvs1:/tmp/cvs-serv31360
Modified Files:
daemontl.xml djbutil.xml dnscache.xml ez-ipupd.xml keybd.xml
leaf_uml.xml menu.xml openssh.xml packall.xml qmail.xml
tinydns.xml vmailmgr.xml
Log Message:
fixed validation errors and beautified source with xxe
Index: daemontl.xml
===================================================================
RCS file: /cvsroot/leaf/devel/jnilo/documentation/packages/daemontl.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** daemontl.xml 28 May 2003 13:30:30 -0000 1.2
--- daemontl.xml 19 Jan 2004 21:26:46 -0000 1.3
***************
*** 1,46 ****
! <?xml version="1.0" encoding='ISO-8859-1'?>
! <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" [
! ]>
! <book>
! <article id="daemon"><title>Daemontools LEAF/LRP user's guide</title>
! <sect1 id="daemon1"><title>About daemontools</title>
! <sect2><title>What is daemontools ?</title>
! <para>Daemontools is a collection of tools for managing UNIX services which has \
been developped by <ulink url="http://cr.yp.to/djb.html">D.J. \
Bernstein</ulink>.</para>
! <itemizedlist>
! <listitem><para><emphasis>supervise</emphasis> monitors a service. It starts the \
service and restarts the service if it dies. Setting up a new service is easy: all \
supervise needs is a directory with a run script that runs the \
service.</para></listitem>
! <listitem><para><emphasis>multilog</emphasis> saves error messages to one or more \
logs. It optionally timestamps each line and, for each log, includes or excludes \
lines matching specified patterns. It automatically rotates logs to limit the amount \
of disk space used. If the disk fills up, it pauses and tries again, without losing \
any data.</para></listitem>
! <listitem><para><emphasis>svscan</emphasis> starts and monitors a collection of \
services.</para></listitem>
! </itemizedlist>
! </sect2>
! <sect2><title>Feedback</title>
! <para>Comment on this package can be sent to the author \
<email>jnilo@users.sourceforge.net</email>.</para>
! </sect2>
! <sect2><title>Acknowledgments and Thanks</title>
! <para>Thanks to everyone who help me on this work and especially the members of the \
<ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-devel">leaf-devel</ulink> \
and <ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-user">leaf-user</ulink> \
mailing list.</para>
! </sect2>
! <sect2><title>Changelog</title>
! <para>Initial LEAF/LRP release: 0.70a - July 2001</para>
! </sect2>
! </sect1>
! <sect1 id="daemon2"><title>Installing the daemontl.lrp package</title>
! <para>Download the <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/packages/daemontl.lrp">daemontl.lrp</ulink> \
package an copy it to your LRP diskette. Edit your <filename>syslinux.cfg</filename> \
file to add daemontl to the list of your packages. Save \
<filename>syslinux.cfg</filename>.</para>
! <para>Reboot. The svscan daemon will be automatically launched and will be waiting \
for new services.</para>
! </sect1>
! <sect1 id="daemon3"><title>Setting the daemontl.lrp parameters</title>
! <para>The daemontl package LRP configuration menu allow you to edit the svscan \
daemon script file. There should be no reason to modify it.</para>
! </sect1>
! <sect1 id="daemon4"><title>Tools available in the daemontl.lrp package</title>
! <para>The daemontl.lrp package only includes a subset of daemontools programs \
provided in D.J. Bernstein original collection.</para>
! <para>The <ulink url="http://cr.yp.to/daemontools/supervise.html">supervise</ulink> \
program starts and monitors a service.</para>
! <para>The <ulink url="http://cr.yp.to/daemontools/svc.html">svc</ulink> program \
controls services monitored by supervise.</para>
! <para>The <ulink url="http://cr.yp.to/daemontools/svok.html">svok</ulink> program \
checks whether supervise is running.</para>
! <para>The <ulink url="http://cr.yp.to/daemontools/svscan.html">svscan</ulink> \
program starts and monitors a collection of services.</para>
! <para>The <ulink url="http://cr.yp.to/daemontools/multilog.html">multilog</ulink> \
program reads a sequence of lines from stdin and appends selected lines to any number \
of logs.</para>
! <para>The <ulink url="http://cr.yp.to/daemontools/tai64nlocal.html">tai64nlocal</ulink> \
converts precise TAI64N timestamps to a human-readable format.</para>
! <para>The <ulink url="http://cr.yp.to/daemontools/setuidgid.html">setuidgid</ulink> \
program runs another program under a specified account's uid and \
gid.</para>
! <para>The <ulink url="http://cr.yp.to/daemontools/envuidgid.html">envuidgid</ulink> \
program runs another program with environment variables indicating a specified \
account's uid and gid.</para>
! <para>The <ulink url="http://cr.yp.to/daemontools/envdir.html">envdir</ulink> \
program runs another program with environment modified according to files in a \
specified directory.</para>
! <para>The <ulink url="http://cr.yp.to/daemontools/softlimit.html">softlimit</ulink> \
program runs another program with new resource limits.</para>
! </sect1>
! </article>
! </book>
--- 1,123 ----
! <?xml version="1.0" encoding="UTF-8"?>
! <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
! "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
! <article id="daemon">
! <title>Daemontools LEAF/LRP user's guide</title>
!
! <section id="daemon1">
! <title>About daemontools</title>
!
! <section>
! <title>What is daemontools ?</title>
!
! <para>Daemontools is a collection of tools for managing UNIX services
! which has been developped by <ulink url="http://cr.yp.to/djb.html">D.J.
! Bernstein</ulink>.</para>
!
! <itemizedlist>
! <listitem>
! <para><emphasis>supervise</emphasis> monitors a service. It starts
! the service and restarts the service if it dies. Setting up a new
! service is easy: all supervise needs is a directory with a run
! script that runs the service.</para>
! </listitem>
!
! <listitem>
! <para><emphasis>multilog</emphasis> saves error messages to one or
! more logs. It optionally timestamps each line and, for each log,
! includes or excludes lines matching specified patterns. It
! automatically rotates logs to limit the amount of disk space used.
! If the disk fills up, it pauses and tries again, without losing any
! data.</para>
! </listitem>
!
! <listitem>
! <para><emphasis>svscan</emphasis> starts and monitors a collection
! of services. </para>
! </listitem>
! </itemizedlist>
! </section>
!
! <section>
! <title>Feedback</title>
!
! <para>Comment on this package can be sent to the author \
<email>jnilo@users.sourceforge.net</email>.</para>
! </section>
!
! <section>
! <title>Acknowledgments and Thanks</title>
!
! <para>Thanks to everyone who help me on this work and especially the
! members of the <ulink
! url="http://lists.sourceforge.net/lists/listinfo/leaf-devel">leaf-devel</ulink>
! and <ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-user">leaf-user</ulink>
! mailing list.</para>
! </section>
!
! <section>
! <title>Changelog</title>
!
! <para>Initial LEAF/LRP release: 0.70a - July 2001</para>
! </section>
! </section>
!
! <section id="daemon2">
! <title>Installing the daemontl.lrp package</title>
!
! <para>Download the <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/daemontl.lrp">daemontl.lrp</ulink>
! package an copy it to your LRP diskette. Edit your \
<filename>syslinux.cfg</filename>
! file to add daemontl to the list of your packages. Save
! <filename>syslinux.cfg</filename>.</para>
!
! <para>Reboot. The svscan daemon will be automatically launched and will be
! waiting for new services.</para>
! </section>
!
! <section id="daemon3">
! <title>Setting the daemontl.lrp parameters</title>
!
! <para>The daemontl package LRP configuration menu allow you to edit the
! svscan daemon script file. There should be no reason to modify it.</para>
! </section>
!
! <section id="daemon4">
! <title>Tools available in the daemontl.lrp package</title>
!
! <para>The daemontl.lrp package only includes a subset of daemontools
! programs provided in D.J. Bernstein original collection.</para>
!
! <para>The <ulink \
url="http://cr.yp.to/daemontools/supervise.html">supervise</ulink>
! program starts and monitors a service.</para>
!
! <para>The <ulink url="http://cr.yp.to/daemontools/svc.html">svc</ulink>
! program controls services monitored by supervise.</para>
!
! <para>The <ulink url="http://cr.yp.to/daemontools/svok.html">svok</ulink>
! program checks whether supervise is running.</para>
!
! <para>The <ulink url="http://cr.yp.to/daemontools/svscan.html">svscan</ulink>
! program starts and monitors a collection of services.</para>
!
! <para>The <ulink \
url="http://cr.yp.to/daemontools/multilog.html">multilog</ulink>
! program reads a sequence of lines from stdin and appends selected lines to
! any number of logs.</para>
!
! <para>The <ulink \
url="http://cr.yp.to/daemontools/tai64nlocal.html">tai64nlocal</ulink>
! converts precise TAI64N timestamps to a human-readable format.</para>
!
! <para>The <ulink \
url="http://cr.yp.to/daemontools/setuidgid.html">setuidgid</ulink>
! program runs another program under a specified account's uid and \
gid.</para>
!
! <para>The <ulink \
url="http://cr.yp.to/daemontools/envuidgid.html">envuidgid</ulink>
! program runs another program with environment variables indicating a
! specified account's uid and gid.</para>
!
! <para>The <ulink url="http://cr.yp.to/daemontools/envdir.html">envdir</ulink>
! program runs another program with environment modified according to files
! in a specified directory.</para>
!
! <para>The <ulink \
url="http://cr.yp.to/daemontools/softlimit.html">softlimit</ulink>
! program runs another program with new resource limits.</para>
! </section>
! </article>
\ No newline at end of file
Index: djbutil.xml
===================================================================
RCS file: /cvsroot/leaf/devel/jnilo/documentation/packages/djbutil.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** djbutil.xml 28 May 2003 13:30:30 -0000 1.2
--- djbutil.xml 19 Jan 2004 21:26:47 -0000 1.3
***************
*** 1,49 ****
! <?xml version="1.0" encoding='ISO-8859-1'?>
! <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" [
! ]>
! <book>
! <article id="djbutil"><title>Djbutils LEAF/LRP user's guide</title>
! <sect1 id="djbutil1"><title>About djbutils</title>
! <sect2><title>What is djbutils ?</title>
! <para>Djbutils is a collection of programs from the djbdns package created by \
<ulink url="http://cr.yp.to/djb.html">D.J. Bernstein</ulink>.</para>
! <para>They have been put in a separate LEAF/LRP package to save space, since they \
are only required for information/debugging purposes.</para>
! </sect2>
! <sect2><title>Feedback</title>
! <para>Comment on this package can be sent to the author \
<email>jnilo@users.sourceforge.net</email>.</para>
! </sect2>
! <sect2><title>Acknowledgments and Thanks</title>
! <para>Thanks to everyone who help me on this work and especially the members of the \
<ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-devel">leaf-devel</ulink> \
and <ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-user">leaf-user</ulink> \
mailing list.</para>
! </sect2>
! <sect2><title>Changelog</title>
! <para>Current version: 1.05a - July 2001</para>
! <itemizedlist>
! <listitem><para><emphasis>tai64n</emphasis> and <emphasis>tai64nlocal</emphasis> \
removed from djbutils.lrp and moved to \
daemontl.lrp.</para></listitem>
! <listitem><para>Documentation completely rewritten in Docbook XML format for better \
compatibility.</para></listitem>
! </itemizedlist>
! <para>Initial LEAF/LRP release: 1.05 - March 2001</para>
! </sect2>
! </sect1>
! <sect1 id="djbutil2"><title>Installing the djbutils.lrp package</title>
! <para>Download the <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/packages/djbutils.lrp">djbutils.lrp</ulink> \
package an copy it to your LRP diskette. Edit your <filename>syslinux.cfg</filename> \
file to add daemontl to the list of your packages. Save \
<filename>syslinux.cfg</filename>.</para>
! </sect1>
! <sect1 id="djbutil3"><title>Setting the djbutils.lrp parameters</title>
! <para>They are no parameters to be set in the djbutils.lrp package. This package \
only provides programs (see below).</para>
! </sect1>
! <sect1 id="djbutil4"><title>Tools available in the djbutils.lrp package</title>
! <para>The djbutils.lrp package includes the following programs from D.J. Bernstein \
<ulink url="http://cr.yp.to/djbdns.html">djbdns</ulink> \
package.</para>
! <itemizedlist>
! <listitem><para><userinput>dnsfilter</userinput> <emphasis>opts</emphasis> reads a \
series of lines from stdin, converts an IP address to a host name at the beginning of \
each line, and prints the results to stdout.</para></listitem>
! <listitem><para><userinput>dnsip</userinput> <emphasis>fqdn</emphasis> prints the \
IP addresses of <emphasis>fqdn</emphasis> on a single \
line.</para></listitem>
! <listitem><para><userinput>dnsipq</userinput> <emphasis>udn</emphasis> feeds the \
name <emphasis>udn</emphasis> through \
qualification.</para></listitem>
! <listitem><para><userinput>dnsname</userinput> <emphasis>a.b.c.d</emphasis> does a \
reverse lookup for the IP address \
<emphasis>a.b.c.d</emphasis>.</para></listitem>
! <listitem><para><userinput>dnsmx</userinput> <emphasis>fqdn</emphasis> prints the \
MX records of <emphasis>fqdn</emphasis>.</para></listitem>
! <listitem><para><userinput>dnstxt</userinput> <emphasis>fqdn</emphasis> prints the \
TXT record of a <emphasis>fqdn</emphasis>.</para></listitem>
! <listitem><para><userinput>dnsqr</userinput> <emphasis>t fqdn</emphasis> asks for \
records of type <emphasis>t</emphasis> under the domain name \
<emphasis>fqdn</emphasis>.</para></listitem>
! <listitem><para><userinput>dnsq</userinput> <emphasis>t fqdn s</emphasis> sends a \
non-recursive DNS query to DNS server <emphasis>s</emphasis> for records of type \
<emphasis>t</emphasis> under the domain name \
<emphasis>fqdn</emphasis>.</para></listitem>
! <listitem><para><userinput>dnstrace</userinput> <emphasis>t fqdn r</emphasis> \
searches for all DNS servers that can affect the resolution of records of type \
<emphasis>t</emphasis> under the domain name <emphasis>fqdn</emphasis>, starting from \
the root server <emphasis>r</emphasis>.</para></listitem>
! <listitem><para><userinput>dnstracesort</userinput> is used to pipe the results of \
<userinput>dnstrace</userinput> for human-friendly \
output.</para></listitem>
! </itemizedlist>
! <para>D.J. Bernstein documentation for dnsfilter can be found <ulink \
url="http://cr.yp.to/djbdns/dnsfilter.html">here</ulink>. For all the other programs \
see <ulink \
url="http://cr.yp.to/djbdns/tools.html">here.</ulink></para>
! </sect1>
! </article>
! </book>
--- 1,143 ----
! <?xml version="1.0" encoding="UTF-8"?>
! <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
! "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
! <article id="djbutil">
! <title>Djbutils LEAF/LRP user's guide</title>
!
! <section id="djbutil1">
! <title>About djbutils</title>
!
! <section>
! <title>What is djbutils ?</title>
!
! <para>Djbutils is a collection of programs from the djbdns package
! created by <ulink url="http://cr.yp.to/djb.html">D.J. \
Bernstein</ulink>.</para>
!
! <para>They have been put in a separate LEAF/LRP package to save space,
! since they are only required for information/debugging purposes.</para>
! </section>
!
! <section>
! <title>Feedback</title>
!
! <para>Comment on this package can be sent to the author \
<email>jnilo@users.sourceforge.net</email>.</para>
! </section>
!
! <section>
! <title>Acknowledgments and Thanks</title>
!
! <para>Thanks to everyone who help me on this work and especially the
! members of the <ulink
! url="http://lists.sourceforge.net/lists/listinfo/leaf-devel">leaf-devel</ulink>
! and <ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-user">leaf-user</ulink>
! mailing list.</para>
! </section>
!
! <section>
! <title>Changelog</title>
!
! <para>Current version: 1.05a - July 2001</para>
!
! <itemizedlist>
! <listitem>
! <para><emphasis>tai64n</emphasis> and <emphasis>tai64nlocal</emphasis>
! removed from djbutils.lrp and moved to daemontl.lrp.</para>
! </listitem>
!
! <listitem>
! <para>Documentation completely rewritten in Docbook XML format for
! better compatibility.</para>
! </listitem>
! </itemizedlist>
!
! <para>Initial LEAF/LRP release: 1.05 - March 2001</para>
! </section>
! </section>
!
! <section id="djbutil2">
! <title>Installing the djbutils.lrp package</title>
!
! <para>Download the <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/djbutils.lrp">djbutils.lrp</ulink>
! package an copy it to your LRP diskette. Edit your \
<filename>syslinux.cfg</filename>
! file to add daemontl to the list of your packages. Save
! <filename>syslinux.cfg</filename>.</para>
! </section>
!
! <section id="djbutil3">
! <title>Setting the djbutils.lrp parameters</title>
!
! <para>They are no parameters to be set in the djbutils.lrp package. This
! package only provides programs (see below).</para>
! </section>
!
! <section id="djbutil4">
! <title>Tools available in the djbutils.lrp package</title>
!
! <para>The djbutils.lrp package includes the following programs from D.J.
! Bernstein <ulink url="http://cr.yp.to/djbdns.html">djbdns</ulink> \
package.</para>
!
! <itemizedlist>
! <listitem>
! <para><userinput>dnsfilter</userinput> <emphasis>opts</emphasis> reads
! a series of lines from stdin, converts an IP address to a host name at
! the beginning of each line, and prints the results to stdout.</para>
! </listitem>
!
! <listitem>
! <para><userinput>dnsip</userinput> <emphasis>fqdn</emphasis> prints
! the IP addresses of <emphasis>fqdn</emphasis> on a single line.</para>
! </listitem>
!
! <listitem>
! <para><userinput>dnsipq</userinput> <emphasis>udn</emphasis> feeds the
! name <emphasis>udn</emphasis> through qualification.</para>
! </listitem>
!
! <listitem>
! <para><userinput>dnsname</userinput> <emphasis>a.b.c.d</emphasis> does
! a reverse lookup for the IP address <emphasis>a.b.c.d</emphasis>.</para>
! </listitem>
!
! <listitem>
! <para><userinput>dnsmx</userinput> <emphasis>fqdn</emphasis> prints
! the MX records of <emphasis>fqdn</emphasis>.</para>
! </listitem>
!
! <listitem>
! <para><userinput>dnstxt</userinput> <emphasis>fqdn</emphasis> prints
! the TXT record of a <emphasis>fqdn</emphasis>.</para>
! </listitem>
!
! <listitem>
! <para><userinput>dnsqr</userinput> <emphasis>t fqdn</emphasis> asks
! for records of type <emphasis>t</emphasis> under the domain name
! <emphasis>fqdn</emphasis>.</para>
! </listitem>
!
! <listitem>
! <para><userinput>dnsq</userinput> <emphasis>t fqdn s</emphasis> sends
! a non-recursive DNS query to DNS server <emphasis>s</emphasis> for
! records of type <emphasis>t</emphasis> under the domain name
! <emphasis>fqdn</emphasis>.</para>
! </listitem>
!
! <listitem>
! <para><userinput>dnstrace</userinput> <emphasis>t fqdn r</emphasis>
! searches for all DNS servers that can affect the resolution of records
! of type <emphasis>t</emphasis> under the domain name
! <emphasis>fqdn</emphasis>, starting from the root server
! <emphasis>r</emphasis>.</para>
! </listitem>
!
! <listitem>
! <para><userinput>dnstracesort</userinput> is used to pipe the results
! of <userinput>dnstrace</userinput> for human-friendly output.</para>
! </listitem>
! </itemizedlist>
!
! <para>D.J. Bernstein documentation for dnsfilter can be found <ulink
! url="http://cr.yp.to/djbdns/dnsfilter.html">here</ulink>. For all the
! other programs see <ulink \
url="http://cr.yp.to/djbdns/tools.html">here.</ulink></para>
! </section>
! </article>
\ No newline at end of file
Index: dnscache.xml
===================================================================
RCS file: /cvsroot/leaf/devel/jnilo/documentation/packages/dnscache.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** dnscache.xml 28 May 2003 13:30:30 -0000 1.3
--- dnscache.xml 19 Jan 2004 21:26:47 -0000 1.4
***************
*** 1,229 ****
! <?xml version="1.0" encoding='ISO-8859-1'?>
! <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" [
! ]>
! <book>
! <article id="dnscache"><title>Dnscache LEAF/LRP user's guide</title>
! <sect1 id="dnscache1"><title>About dnscache</title>
! <sect2><title>What is dnscache?</title>
! <para>The <application>dnscache</application> program is a component of the djbdns \
package which was designed by <ulink url="http://cr.yp.to/djb.html">D.J. \
Bernstein</ulink> as a fast, <ulink \
url="http://cr.yp.to/djbdns/ad/security.html">secure</ulink> and reliable replacement \
to BIND (together with it's companion program <ulink \
url="tinydns.html">tinydns</ulink>). The key point is to understand the specific \
functionalities of the two programs:</para>
! <itemizedlist>
! <listitem><para>dnscache is a recursive resolver. It never serves authoritative \
data.</para></listitem>
! <listitem><para>tinydns is a content server which only serves authoritative \
data.</para></listitem>
! </itemizedlist>
! <para>On his <ulink url="http://www.djbdns.org">web site</ulink>, Russell Nelson \
states:</para>
! <para><quote>Dnscache is a recursive resolver, intended to be listed in \
/etc/resolv.conf's "nameserver" entry. It makes DNS queries via UDP and TCP as \
needed. It imposes restrictions on what it will return; that's why it was written. It \
will only provide data obtained from authoritative servers. These servers are found \
via a chain of delegations from authoritative servers starting from the configured-in \
roots. That's part of its security model. If it were to do anything less, it would be \
subject to the same cache-poisoning style attacks that work on the current insecure \
DNS servers.</quote></para>
! <para>For more reasons to prefer djbdns package to BIND read <ulink \
url="http://cr.yp.to/djbdns/ad/cache.html">here</ulink> and for a more precise \
description of dnscache program read <ulink \
url="http://cr.yp.to/djbdns/dnscache.html">here</ulink>.</para>
! <para>See the dnscache reference section for useful links and references on these \
issues.</para>
! </sect2>
! <sect2><title>Feedback</title>
! <para>Comment on this package can be sent to the author \
<email>jnilo@users.sourceforge.net</email>.</para>
! </sect2>
! <sect2><title>Acknowledgments and Thanks</title>
! <para>Thanks to everyone who help me on this work and especially the members of the \
<ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-devel">leaf-devel</ulink> \
and <ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-user">leaf-user</ulink> \
mailing list.</para>
! </sect2>
! <sect2><title>Changelog</title>
! <para>Current LEAF/LRP version: 1.05a - July 2001</para>
! <itemizedlist>
! <listitem><para><filename>/etc/init.d/dnscache</filename> script completely \
rewritten. Dependance on <filename>/etc/network.conf</filename> removed for better \
compatibility. Also takes care of a bug in LRP 2.9.8. in which directory attributes \
are not saved by backup</para></listitem>
! <listitem><para>Daemontools programs removed from the \
<application>dnscache.lrp</application> package and now provided by \
<application>daemontl.lrp</application>.</para></listitem>
! <listitem><para>Startup script detects automatically if svscan is running. If yes \
dnscache is started under daemontools supervision which will provide dnscache log \
facilities. If not dnscache is started through a System V standard script and no log \
file is available.</para></listitem>
! <listitem><para>The FORWARDONLY parameter can now be defined - together with your \
ISP DNS adresses - through the dnscache configuration menu if you have a slow \
connection to your ISP and wand to avoid DNS resolution from root \
servers.</para></listitem>
! <listitem><para>Log file now optional under daemontools supervision and moved to \
<filename>/var/log/dnscache</filename>.</para></listitem>
! <listitem><para>Programs moved from <filename \
class='directory'>/usr/local/bin</filename> and <filename \
class='directory'>/usr/local/sbin</filename> to <filename \
class='directory'>/usr/bin</filename> and <filename \
class='directory'>/usr/sbin</filename></para></listitem>
! <listitem><para>Documentation completely rewritten in Docbook XML format for better \
compatibility.</para></listitem>
! </itemizedlist>
! <para>Original LEAF/LRP version: 1.05 - March 2001</para>
! </sect2>
! </sect1>
! <sect1 id="dnscache2"><title>Installing the dnscache.lrp package</title>
! <para>Download the <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/packages/dnscache.lrp">dnscache.lrp</ulink> \
package an copy it to your LRP diskette. Optionnaly (if you want daemontools \
supervision and control over dnscache log files) download the <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/packages/daemontl.lrp">daemontl.lrp</ulink> \
package. Edit your <filename>syslinux.cfg</filename> file to add \
<application>daemontl</application> (if downloaded) and \
<application>dnscache</application> to the list of your \
packages.</para>
! <para>If <application>daemontl.lrp</application> is not loaded you are done. Reboot \
and the dnscache program should be up and running ! (check with <userinput>ps \
aux</userinput> command from the LRP console).</para>
! <para>If <application>daemontl.lrp</application> is loaded you will have to create \
dnslog and dnscache users if they are not yet created (which generally will be the \
case the first time you load the package). Create them by editing \
<filename>/etc/passwd</filename> and <filename>/etc/shadow</filename> \
files.</para>
! <para>In <filename>/etc/passwd</filename>:</para>
! <screen>
! dnslog:x:1000:100:::
! dnscache:x:1001:100:::
! </screen>
! <para>In <filename>/etc/shadow</filename>:</para>
! <screen>
! dnslog:*:10091:0:99999:7:::
! dnscache:*:10091:0:99999:7:::
! </screen>
! <para>Backup <application>etc.lrp</application> trough the \
<userinput>lrcfg</userinput> backup command (to save the two users you have just \
created)!!; </para>
! <para>Reboot. <application>dnscache</application> program should be up and running \
!</para>
! </sect1>
! <sect1 id="dnscache3"><title>Setting the dnscache parameters</title>
! <para>The dnscache package LRP configuration menu allow you to define the following \
parameters:</para>
! <screen>
! dnscache configuration files
!
! 1) LRP box internal IP (default: 192.168.1.254)
! 2) Querying hosts IP's (default: 192.168)
! 3) Set to YES to set dnscache log on (default: NO)
! 4) Set to YES to set FORWARDONLY on (default: NO)
! 5) ISP DNS adresses (used when FORWARDONLY is on)
! 6) Cache size (default: 1000000)
! 7) DATALIMIT (default: 3000000)
! 8) Multilog dnscache parameters
!
! q) quit
! ----------------------------------------------------------------------------
! Selection:
!
! </screen>
! <important>
! <para>If dnscache is already running, restart it with the dnscache script \
(<userinput>/etc/init.d/dnscache restart</userinput>) for any change in the following \
dnscache parameters to take effect.</para>
! </important>
! <sect2><title>LRP box internal IP</title>
! <para>Define here the internal adress of your LRP box. Default is 192.168.1.254. \
Used to be initialized from $INTERN_IP in <filename>/etc/network.conf</filename>. \
This initialization was removed with version 1.05a to insure compatibility with LRP \
2.9.8.</para>
! </sect2>
! <sect2><title>Querying hosts IP's</title>
! <para>Define here the adress(es) of host(s) that will be allowed to access \
dnscache. This file can contains any list of IP adresses. For \
example:</para>
! <para>Every hosts starting with a 192.168 adress (default):</para>
! <programlisting>
! 192.168
! </programlisting>
! <para>Only 192.168.1.2 and 192.168.1.3 hosts:</para>
! <programlisting>
! 192.168.1.2
! 192.168.1.3
! </programlisting>
! </sect2>
! <sect2><title>dnscache log parameter</title>
! <para>If you set this parameter to <userinput>YES</userinput>, dnscache log files \
will be generated in <filename class="directory">/var/log/dnscache</filename> \
directory according to multilog parameters (see below). Default is \
<userinput>YES</userinput> (if daemontl.lrp is not loaded, this parameter has no \
effect).</para>
! </sect2>
! <sect2><title>FORWARDONLY parameter</title>
! <para>I you set this parameter to <userinput>YES</userinput> dnscache will send DNS \
queries to your ISP DNS and will not resolve your requests from root directories. \
This will speed up DNS resolving if you are connected with a slow connection (i.e. \
modem) to your ISP. Dnscache will still keep in its cache the DNS adresses you are \
using most. Default is <userinput>NO</userinput>.</para>
! </sect2>
! <sect2><title>ISP DNS adresses</title>
! <para>If FORWARDONLY is set to <userinput>YES</userinput>, define here your ISP DNS \
adresses (one adress per line).</para>
! </sect2>
! <sect2><title>Cache size</title>
! <para>Dnscache uses a fixed-size cache controlled by this variable. Cache default \
size is <userinput>1000000</userinput> (1M). But you can adjust it \
here.</para>
! </sect2>
! <sect2><title>DATALIMIT</title>
! <para>Dnscache will allocate space for its cache at startup. If DATALIMIT is too \
small, the allocation will fail. After the inital allocation, you don't want dnscache \
to grow any further; DATALIMIT prevents it from doing so. Such growth would happen \
only as the result of a bug, so it's unlikely; DATALIMIT is an extra, just-in-case \
protective measure. You could leave it unset if you like, in which case you should \
edit your run script so as not to use it.</para>
! <para>By default this variable is set up to <userinput>3000000</userinput> \
(3M).</para>
! </sect2>
! <sect2><title>Multilog dnscache parameters</title>
! <para>You can control the size and the content of the output generated by dnscache \
very easily through the options of the multilog program. If dnscache log parameter is \
set to <userinput>YES</userinput>, output will be generated in <filename \
class="directory">/var/log/dnscache</filename> in files with a max size of 100K. The \
log files are created by multilog, which is executed by the \
<filename>/etc/dnscache/log/run</filename> script. By default, it keeps 10 logs of \
about 100 KB each. If you want to make them smaller go to the dnscache configuration \
menu (will edit <filename>/etc/dnscache/log/run</filename>) trough the LRP package \
configuration menu and change this line:</para>
! <programlisting>
! exec setuidgid dnslog multilog t /var/log/dnscache
! </programlisting>
! <para>to this (for example):</para>
! <programlisting>
! exec setuidgid dnslog multilog t s50000 n5 /var/log/dnscache
! </programlisting>
! <para>That would keep 5 (n5) logs of size 50KB (s50000) each.</para>
! <para>If you just want to turn off the logging set the dnscache log parameter to \
<userinput>NO</userinput>.</para>
! <para>Multilog is a very powerful log monitoring tools and can allow you to output \
only those fields you are interested in (for example stats record output). Check the \
documentation <ulink \
url="http://cr.yp.to/daemontools/multilog.html">here</ulink>.</para>
! <important>
! <para>Daemontl.lrp <emphasis>must</emphasis> be loaded for any change in multilog \
dnscache parameters to take effect.</para>
! </important>
! </sect2>
! </sect1>
! <sect1 id="dnscache4"><title>Checking everything is working</title>
! <para>The output of <userinput>ps aux</userinput> command should give something \
like:</para>
! <programlisting>
! firewall: -root-
! # ps aux
! USER PID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND
! dnscache 4444 0.0 8.8 2032 1300 ? S 13:36 0:00 /usr/bin/dnscache
! dnslog 1096 0.0 1.6 740 248 ? S 23:04 0:00 multilog t /var/log/dnscache
! ...
! root 1085 0.0 1.8 764 276 ? S 23:04 0:00 svscan /service
! root 1087 0.0 1.6 728 248 ? S 23:04 0:00 supervise dnscache
! root 1088 0.0 1.6 728 248 ? S 23:04 0:00 supervise log
! ...
!
! firewall: -root-
! </programlisting>
! <para>If dnscache log parameter is set to <userinput>NO</userinput>, the multilog t \
/var/log/dnscache and the supervise log entries won't appear.</para>
! <para>If daemontl.lrp is not loaded, the output will look like:</para>
! <programlisting>
! # ps aux
! USER PID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND
! *1001* 7306 0.0 4.2 2032 1316 p0 S 19:41 0:00 /usr/bin/dnscache
! ...
! </programlisting>
! </sect1>
! <sect1 id="dnscache5"><title>FAQs</title>
! <sect2><title>I use dhclient.lrp package and my /etc/resolv.conf is overriden \
regularly by my ISP dhcpd</title>
! <para>First of all make sure you are using the latest <ulink \
url="http://leaf.sourceforge.net/devel/cstein/files/packages/dhclient.lrp">dhclient.lrp</ulink> \
package (2.0pl5) from Charle's site.</para>
! <warning>
! <para>Eigerstein Beta 2 is provided with dhclient 2.0pl4, so you need to update to \
2.0pl5.</para>
! </warning>
! <para>Remove the IF statement which relaunches dnscache in the \
<filename>/etc/dhclient-exit-hooks</filename> script (In Charles's dnscache.lrp \
package the $IPSEND variable is set to IP_EXTERN but should be set to 0.0.0.0; then \
you do not need to relaunch dnscache when your EXTERN IP has \
changed).</para>
! <para>Charle's original <filename>/etc/dhclient-exit-hooks</filename> script begins \
with:</para>
! <screen>
! reload_all() {
! svi network ipfilter reload
! if start-stop-daemon -K -x /usr/sbin/dnscache -t -q ; then
! [ -x /etc/init.d/dnscache ] && /etc/init.d/dnscache restart
fi
! }
! </screen>
! <para>Modify the script so it becomes:</para>
! <screen>
! reload_all() {
! svi network ipfilter reload
! }
! </screen>
! <para>Edit <filename>/etc/dhclient.conf</filename> (dhclient daemon configuration \
file) through the dhclient package configuration menu. Enter the following statements \
in order to avoid that your <filename>resolv.conf</filename> file is overriden by \
your ISP dhcpd :</para>
! <screen>
! supersede domain-name-servers 192.168.1.254;
! supersede domain-name "mydomain.com";
! </screen>
! <important>
! <para>Replace 192.168.1.254 with your LRP box internal IP if different !</para>
! </important>
! <para>This will override information from your ISP and will generate an \
<filename>/etc/resolv.conf</filename> file with the following \
content:</para>
! <programlisting>
! search mydomain.com
! nameserver 192.168.1.254
! </programlisting>
! <important>
! <para>Do not forget to backup the dhclient package ! </para>
! </important>
! </sect2>
! <sect2><title>I have done changes to my dnscache parameters and that has no effect. \
What did I miss ?</title>
! <para>If you rebooted, be sure your changes were saved through the backup \
<userinput>lrcfg</userinput> menu.</para>
! <para>If you did not reboot, be sure you restarted dnscache with the following \
command:</para>
! <screen>
! /etc/init.d/dnscache restart
! </screen>
! </sect2>
! <sect2><title>I do not care about dnscache output. It's chewing up to much precious \
RAM disk space.</title>
! <para>Get rid of daemontl.lrp and no output will be generated or - if you need \
daemontl.lrp - set the dnscache log parameter to <userinput>NO</userinput> through \
the <userinput>lrcfg</userinput> configuration menu and restart dnscache with \
<userinput>/etc/init.d/dnscache restart</userinput>.</para>
! </sect2>
! <sect2><title>I do care about dnscache log files. Where can I find them ?</title>
! <para>In <filename class='directory'>/var/log/dnscache</filename> directory. The \
last output file is called <filename>current</filename>. By default log rotation \
keeps 10 files of about 100K size each;</para>
! </sect2>
! <sect2><title>OK but it's chinese. How can I make that log output more readable \
?</title>
! <para>Use <application>tai64nlocal</application> program in daemontl.lrp package to \
make output timestamps human readable.</para>
! </sect2>
! <sect2><title>I cannot access certain sites</title>
! <para>What follow is shamelessly stolen from a contribution by Ray Olszewski to the \
leaf users mailing list (April, 11, 2003)</para>
! <para>Many LEAF systems use the DJB dnscache daemon as their stock, on-router,
! resolving DNS server. The dnscache daemon is unable to complete DNS queries
! to some authoritative DNS servers that employ practices that violate the
! relevant RFCs; an example is weather.com (for example you won't be able to ping \
image.weather.com; you will get a ";; connection timed out; no servers could be \
reached" error message). Other DNS software (for example,
! BIND) is more tolerant of these departures from the standards and can successfully \
complete queries to these sites. If accessing these sites is important, the fix is to \
use some other DNS
! package with LEAF. One option is to run <ulink \
url="http://www.maradns.org/">maradns</ulink> which available as a LEAF package \
<ulink url="http://leaf.sourceforge.net/devel/jnilo/packages/maradns.lrp">here</ulink>. \
Another is to run a different DNS
! server, such as BIND, on a system either on your LAN or on a DMZ. Yet another is to \
use your ISP's DNS servers, either directly or as forwarders.
! Adopting any of these solutions will require that you modify your ipchains
! (Dachstein) or iptables (Bering) rulesets appropriately.
! </para>
! </sect2>
! </sect1>
! <sect1 id="dnscache6"><title>References</title>
! <para>Some useful informations can be found at the following adresses:</para>
! <para>D.J. Bernstein original <ulink url="http://cr.yp.to/djbdns.html">djbdns \
page</ulink> is obviously the first reference to consider. He also has a <ulink \
url="http://cr.yp.to/djbdns/faq.html">FAQ</ulink>.</para>
! <para>If you are planning to migrate from BIND, look at <ulink \
url="http://cr.yp.to/djbdns/frombind.html">DJB page</ulink> on the \
subject.</para>
! <para>Russell Nelson has an unofficial <ulink url="http://www.djbdns.org">djbdns \
web site</ulink> which contains a lot of interesting links.</para>
! <para>Henning Brauer maintains a <ulink url="http://www.lifewithdjbdns.org">"Life \
with djbdns"</ulink> Web page.</para>
! <para>Felix von Leitner has a <ulink url="http://www.fefe.de/djbdns/">FAQ</ulink> \
which explains the "split horizon" DNS setup.</para>
! <para>All you want to know about the differences between a proxy DNS server (i.e. \
dnscache) and a content DNS server (i.e. tinydns) can be found <ulink \
url="http://homepages.tesco.net/~J.deBoynePollard/FGA/dns-server-roles.html">here.</ulink></para>
! </sect1>
! </article>
! </book>
--- 1,524 ----
! <?xml version="1.0" encoding="UTF-8"?>
! <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
! "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
! <article id="dnscache">
! <title>Dnscache LEAF/LRP user's guide</title>
!
! <section id="dnscache1">
! <title>About dnscache</title>
!
! <section>
! <title>What is dnscache?</title>
!
! <para>The <application>dnscache</application> program is a component of
! the djbdns package which was designed by <ulink
! url="http://cr.yp.to/djb.html">D.J. Bernstein</ulink> as a fast, <ulink
! url="http://cr.yp.to/djbdns/ad/security.html">secure</ulink> and
! reliable replacement to BIND (together with it's companion program
! <ulink url="tinydns.html">tinydns</ulink>). The key point is to
! understand the specific functionalities of the two programs:</para>
!
! <itemizedlist>
! <listitem>
! <para>dnscache is a recursive resolver. It never serves
! authoritative data.</para>
! </listitem>
!
! <listitem>
! <para>tinydns is a content server which only serves authoritative
! data.</para>
! </listitem>
! </itemizedlist>
!
! <para>On his <ulink url="http://www.djbdns.org">web site</ulink>,
! Russell Nelson states:</para>
!
! <para><quote>Dnscache is a recursive resolver, intended to be listed in
! /etc/resolv.conf's "nameserver" entry. It makes DNS queries
! via UDP and TCP as needed. It imposes restrictions on what it will
! return; that's why it was written. It will only provide data
! obtained from authoritative servers. These servers are found via a chain
! of delegations from authoritative servers starting from the
! configured-in roots. That's part of its security model. If it were
! to do anything less, it would be subject to the same cache-poisoning
! style attacks that work on the current insecure DNS servers.</quote></para>
!
! <para>For more reasons to prefer djbdns package to BIND read <ulink
! url="http://cr.yp.to/djbdns/ad/cache.html">here</ulink> and for a more
! precise description of dnscache program read <ulink
! url="http://cr.yp.to/djbdns/dnscache.html">here</ulink>.</para>
!
! <para>See the dnscache reference section for useful links and references
! on these issues.</para>
! </section>
!
! <section>
! <title>Feedback</title>
!
! <para>Comment on this package can be sent to the author \
<email>jnilo@users.sourceforge.net</email>.</para>
! </section>
!
! <section>
! <title>Acknowledgments and Thanks</title>
!
! <para>Thanks to everyone who help me on this work and especially the
! members of the <ulink
! url="http://lists.sourceforge.net/lists/listinfo/leaf-devel">leaf-devel</ulink>
! and <ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-user">leaf-user</ulink>
! mailing list.</para>
! </section>
!
! <section>
! <title>Changelog</title>
!
! <para>Current LEAF/LRP version: 1.05a - July 2001</para>
!
! <itemizedlist>
! <listitem>
! <para><filename>/etc/init.d/dnscache</filename> script completely
! rewritten. Dependance on <filename>/etc/network.conf</filename>
! removed for better compatibility. Also takes care of a bug in LRP
! 2.9.8. in which directory attributes are not saved by backup</para>
! </listitem>
!
! <listitem>
! <para>Daemontools programs removed from the
! <application>dnscache.lrp</application> package and now provided by
! <application>daemontl.lrp</application>.</para>
! </listitem>
!
! <listitem>
! <para>Startup script detects automatically if svscan is running. If
! yes dnscache is started under daemontools supervision which will
! provide dnscache log facilities. If not dnscache is started through
! a System V standard script and no log file is available.</para>
! </listitem>
!
! <listitem>
! <para>The FORWARDONLY parameter can now be defined - together with
! your ISP DNS adresses - through the dnscache configuration menu if
! you have a slow connection to your ISP and wand to avoid DNS
! resolution from root servers.</para>
! </listitem>
!
! <listitem>
! <para>Log file now optional under daemontools supervision and moved
! to <filename>/var/log/dnscache</filename>.</para>
! </listitem>
!
! <listitem>
! <para>Programs moved from <filename \
class="directory">/usr/local/bin</filename>
! and <filename class="directory">/usr/local/sbin</filename> to
! <filename class="directory">/usr/bin</filename> and <filename
! class="directory">/usr/sbin</filename></para>
! </listitem>
!
! <listitem>
! <para>Documentation completely rewritten in Docbook XML format for
! better compatibility.</para>
! </listitem>
! </itemizedlist>
!
! <para>Original LEAF/LRP version: 1.05 - March 2001</para>
! </section>
! </section>
!
! <section id="dnscache2">
! <title>Installing the dnscache.lrp package</title>
!
! <para>Download the <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/dnscache.lrp">dnscache.lrp</ulink>
! package an copy it to your LRP diskette. Optionnaly (if you want
! daemontools supervision and control over dnscache log files) download the
! <ulink url="http://leaf.sourceforge.net/devel/jnilo/packages/daemontl.lrp">daemontl.lrp</ulink>
! package. Edit your <filename>syslinux.cfg</filename> file to add
! <application>daemontl</application> (if downloaded) and
! <application>dnscache</application> to the list of your packages.</para>
!
! <para>If <application>daemontl.lrp</application> is not loaded you are
! done. Reboot and the dnscache program should be up and running ! (check
! with <userinput>ps aux</userinput> command from the LRP console).</para>
!
! <para>If <application>daemontl.lrp</application> is loaded you will have
! to create dnslog and dnscache users if they are not yet created (which
! generally will be the case the first time you load the package). Create
! them by editing <filename>/etc/passwd</filename> and \
<filename>/etc/shadow</filename>
! files.</para>
!
! <para>In <filename>/etc/passwd</filename>:</para>
!
! <screen>
! dnslog:x:1000:100:::
! dnscache:x:1001:100:::
! </screen>
!
! <para>In <filename>/etc/shadow</filename>:</para>
!
! <screen>
! dnslog:*:10091:0:99999:7:::
! dnscache:*:10091:0:99999:7:::
! </screen>
!
! <para>Backup <application>etc.lrp</application> trough the
! <userinput>lrcfg</userinput> backup command (to save the two users you
! have just created)!!;</para>
!
! <para>Reboot. <application>dnscache</application> program should be up and
! running !</para>
! </section>
!
! <section id="dnscache3">
! <title>Setting the dnscache parameters</title>
!
! <para>The dnscache package LRP configuration menu allow you to define the
! following parameters:</para>
!
! <screen>
! dnscache configuration files
!
! 1) LRP box internal IP (default: 192.168.1.254)
! 2) Querying hosts IP's (default: 192.168)
! 3) Set to YES to set dnscache log on (default: NO)
! 4) Set to YES to set FORWARDONLY on (default: NO)
! 5) ISP DNS adresses (used when FORWARDONLY is on)
! 6) Cache size (default: 1000000)
! 7) DATALIMIT (default: 3000000)
! 8) Multilog dnscache parameters
!
! q) quit
! ----------------------------------------------------------------------------
! Selection:
!
! </screen>
!
! <important>
! <para>If dnscache is already running, restart it with the dnscache
! script (<userinput>/etc/init.d/dnscache restart</userinput>) for any
! change in the following dnscache parameters to take effect.</para>
! </important>
!
! <section>
! <title>LRP box internal IP</title>
!
! <para>Define here the internal adress of your LRP box. Default is
! 192.168.1.254. Used to be initialized from $INTERN_IP in
! <filename>/etc/network.conf</filename>. This initialization was removed
! with version 1.05a to insure compatibility with LRP 2.9.8.</para>
! </section>
!
! <section>
! <title>Querying hosts IP's</title>
!
! <para>Define here the adress(es) of host(s) that will be allowed to
! access dnscache. This file can contains any list of IP adresses. For
! example:</para>
!
! <para>Every hosts starting with a 192.168 adress (default):</para>
!
! <programlisting>
! 192.168
! </programlisting>
!
! <para>Only 192.168.1.2 and 192.168.1.3 hosts:</para>
!
! <programlisting>
! 192.168.1.2
! 192.168.1.3
! </programlisting>
! </section>
!
! <section>
! <title>dnscache log parameter</title>
!
! <para>If you set this parameter to <userinput>YES</userinput>, dnscache
! log files will be generated in <filename \
class="directory">/var/log/dnscache</filename>
! directory according to multilog parameters (see below). Default is
! <userinput>YES</userinput> (if daemontl.lrp is not loaded, this
! parameter has no effect).</para>
! </section>
!
! <section>
! <title>FORWARDONLY parameter</title>
!
! <para>I you set this parameter to <userinput>YES</userinput> dnscache
! will send DNS queries to your ISP DNS and will not resolve your requests
! from root directories. This will speed up DNS resolving if you are
! connected with a slow connection (i.e. modem) to your ISP. Dnscache will
! still keep in its cache the DNS adresses you are using most. Default is
! <userinput>NO</userinput>.</para>
! </section>
!
! <section>
! <title>ISP DNS adresses</title>
!
! <para>If FORWARDONLY is set to <userinput>YES</userinput>, define here
! your ISP DNS adresses (one adress per line).</para>
! </section>
!
! <section>
! <title>Cache size</title>
!
! <para>Dnscache uses a fixed-size cache controlled by this variable.
! Cache default size is <userinput>1000000</userinput> (1M). But you can
! adjust it here.</para>
! </section>
!
! <section>
! <title>DATALIMIT</title>
!
! <para>Dnscache will allocate space for its cache at startup. If
! DATALIMIT is too small, the allocation will fail. After the inital
! allocation, you don't want dnscache to grow any further; DATALIMIT
! prevents it from doing so. Such growth would happen only as the result
! of a bug, so it's unlikely; DATALIMIT is an extra, just-in-case
! protective measure. You could leave it unset if you like, in which case
! you should edit your run script so as not to use it.</para>
!
! <para>By default this variable is set up to <userinput>3000000</userinput>
! (3M).</para>
! </section>
!
! <section>
! <title>Multilog dnscache parameters</title>
!
! <para>You can control the size and the content of the output generated
! by dnscache very easily through the options of the multilog program. If
! dnscache log parameter is set to <userinput>YES</userinput>, output will
! be generated in <filename class="directory">/var/log/dnscache</filename>
! in files with a max size of 100K. The log files are created by multilog,
! which is executed by the <filename>/etc/dnscache/log/run</filename>
! script. By default, it keeps 10 logs of about 100 KB each. If you want
! to make them smaller go to the dnscache configuration menu (will edit
! <filename>/etc/dnscache/log/run</filename>) trough the LRP package
! configuration menu and change this line:</para>
!
! <programlisting>
! exec setuidgid dnslog multilog t /var/log/dnscache
! </programlisting>
!
! <para>to this (for example):</para>
!
! <programlisting>
! exec setuidgid dnslog multilog t s50000 n5 /var/log/dnscache
! </programlisting>
!
! <para>That would keep 5 (n5) logs of size 50KB (s50000) each.</para>
!
! <para>If you just want to turn off the logging set the dnscache log
! parameter to <userinput>NO</userinput>.</para>
!
! <para>Multilog is a very powerful log monitoring tools and can allow you
! to output only those fields you are interested in (for example stats
! record output). Check the documentation <ulink
! url="http://cr.yp.to/daemontools/multilog.html">here</ulink>.</para>
!
! <important>
! <para>Daemontl.lrp <emphasis>must</emphasis> be loaded for any change
! in multilog dnscache parameters to take effect.</para>
! </important>
! </section>
! </section>
!
! <section id="dnscache4">
! <title>Checking everything is working</title>
!
! <para>The output of <userinput>ps aux</userinput> command should give
! something like:</para>
!
! <programlisting>
! firewall: -root-
! # ps aux
! USER PID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND
! dnscache 4444 0.0 8.8 2032 1300 ? S 13:36 0:00 /usr/bin/dnscache
! dnslog 1096 0.0 1.6 740 248 ? S 23:04 0:00 multilog t /var/log/dnscache
! ...
! root 1085 0.0 1.8 764 276 ? S 23:04 0:00 svscan /service
! root 1087 0.0 1.6 728 248 ? S 23:04 0:00 supervise dnscache
! root 1088 0.0 1.6 728 248 ? S 23:04 0:00 supervise log
! ...
!
! firewall: -root-
! </programlisting>
!
! <para>If dnscache log parameter is set to <userinput>NO</userinput>, the
! multilog t /var/log/dnscache and the supervise log entries won't
! appear.</para>
!
! <para>If daemontl.lrp is not loaded, the output will look like:</para>
!
! <programlisting>
! # ps aux
! USER PID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND
! *1001* 7306 0.0 4.2 2032 1316 p0 S 19:41 0:00 /usr/bin/dnscache
! ...
! </programlisting>
! </section>
!
! <section id="dnscache5">
! <title>FAQs</title>
!
! <section>
! <title>I use dhclient.lrp package and my /etc/resolv.conf is overriden
! regularly by my ISP dhcpd</title>
!
! <para>First of all make sure you are using the latest <ulink
! url="http://leaf.sourceforge.net/devel/cstein/files/packages/dhclient.lrp">dhclient.lrp</ulink>
! package (2.0pl5) from Charle's site.</para>
!
! <warning>
! <para>Eigerstein Beta 2 is provided with dhclient 2.0pl4, so you need
! to update to 2.0pl5.</para>
! </warning>
!
! <para>Remove the IF statement which relaunches dnscache in the
! <filename>/etc/dhclient-exit-hooks</filename> script (In Charles's
! dnscache.lrp package the $IPSEND variable is set to IP_EXTERN but should
! be set to 0.0.0.0; then you do not need to relaunch dnscache when your
! EXTERN IP has changed).</para>
!
! <para>Charle's original <filename>/etc/dhclient-exit-hooks</filename>
! script begins with:</para>
!
! <screen>
! reload_all() {
! svi network ipfilter reload
! if start-stop-daemon -K -x /usr/sbin/dnscache -t -q ; then
! [ -x /etc/init.d/dnscache ] && /etc/init.d/dnscache restart
fi
! }
! </screen>
!
! <para>Modify the script so it becomes:</para>
!
! <screen>
! reload_all() {
! svi network ipfilter reload
! }
! </screen>
!
! <para>Edit <filename>/etc/dhclient.conf</filename> (dhclient daemon
! configuration file) through the dhclient package configuration menu.
! Enter the following statements in order to avoid that your
! <filename>resolv.conf</filename> file is overriden by your ISP dhcpd :</para>
!
! <screen>
! supersede domain-name-servers 192.168.1.254;
! supersede domain-name "mydomain.com";
! </screen>
!
! <important>
! <para>Replace 192.168.1.254 with your LRP box internal IP if different
! !</para>
! </important>
!
! <para>This will override information from your ISP and will generate an
! <filename>/etc/resolv.conf</filename> file with the following content:</para>
!
! <programlisting>
! search mydomain.com
! nameserver 192.168.1.254
! </programlisting>
!
! <important>
! <para>Do not forget to backup the dhclient package !</para>
! </important>
! </section>
!
! <section>
! <title>I have done changes to my dnscache parameters and that has no
! effect. What did I miss ?</title>
!
! <para>If you rebooted, be sure your changes were saved through the
! backup <userinput>lrcfg</userinput> menu.</para>
!
! <para>If you did not reboot, be sure you restarted dnscache with the
! following command:</para>
!
! <screen>
! /etc/init.d/dnscache restart
! </screen>
! </section>
!
! <section>
! <title>I do not care about dnscache output. It's chewing up to much
! precious RAM disk space.</title>
!
! <para>Get rid of daemontl.lrp and no output will be generated or - if
! you need daemontl.lrp - set the dnscache log parameter to
! <userinput>NO</userinput> through the <userinput>lrcfg</userinput>
! configuration menu and restart dnscache with <userinput>/etc/init.d/dnscache
! restart</userinput>.</para>
! </section>
!
! <section>
! <title>I do care about dnscache log files. Where can I find them ?</title>
!
! <para>In <filename class="directory">/var/log/dnscache</filename>
! directory. The last output file is called <filename>current</filename>.
! By default log rotation keeps 10 files of about 100K size each;</para>
! </section>
!
! <section>
! <title>OK but it's chinese. How can I make that log output more
! readable ?</title>
!
! <para>Use <application>tai64nlocal</application> program in daemontl.lrp
! package to make output timestamps human readable.</para>
! </section>
!
! <section>
! <title>I cannot access certain sites</title>
!
! <para>What follow is shamelessly stolen from a contribution by Ray
! Olszewski to the leaf users mailing list (April, 11, 2003)</para>
!
! <para>Many LEAF systems use the DJB dnscache daemon as their stock,
! on-router, resolving DNS server. The dnscache daemon is unable to
! complete DNS queries to some authoritative DNS servers that employ
! practices that violate the relevant RFCs; an example is weather.com (for
! example you won't be able to ping image.weather.com; you will get a
! ";; connection timed out; no servers could be reached" error
! message). Other DNS software (for example, BIND) is more tolerant of
! these departures from the standards and can successfully complete
! queries to these sites. If accessing these sites is important, the fix
! is to use some other DNS package with LEAF. One option is to run <ulink
! url="http://www.maradns.org/">maradns</ulink> which available as a LEAF
! package <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/maradns.lrp">here</ulink>.
! Another is to run a different DNS server, such as BIND, on a system
! either on your LAN or on a DMZ. Yet another is to use your ISP's DNS
! servers, either directly or as forwarders. Adopting any of these
! solutions will require that you modify your ipchains (Dachstein) or
! iptables (Bering) rulesets appropriately.</para>
! </section>
! </section>
!
! <section id="dnscache6">
! <title>References</title>
!
! <para>Some useful informations can be found at the following adresses:</para>
!
! <para>D.J. Bernstein original <ulink url="http://cr.yp.to/djbdns.html">djbdns
! page</ulink> is obviously the first reference to consider. He also has a
! <ulink url="http://cr.yp.to/djbdns/faq.html">FAQ</ulink>.</para>
!
! <para>If you are planning to migrate from BIND, look at <ulink
! url="http://cr.yp.to/djbdns/frombind.html">DJB page</ulink> on the
! subject.</para>
!
! <para>Russell Nelson has an unofficial <ulink \
url="http://www.djbdns.org">djbdns
! web site</ulink> which contains a lot of interesting links.</para>
!
! <para>Henning Brauer maintains a <ulink
! url="http://www.lifewithdjbdns.org">"Life with djbdns"</ulink> Web
! page.</para>
!
! <para>Felix von Leitner has a <ulink \
url="http://www.fefe.de/djbdns/">FAQ</ulink>
! which explains the "split horizon" DNS setup.</para>
!
! <para>All you want to know about the differences between a proxy DNS
! server (i.e. dnscache) and a content DNS server (i.e. tinydns) can be
! found <ulink
! url="http://homepages.tesco.net/~J.deBoynePollard/FGA/dns-server-roles.html">here.</ulink></para>
! </section>
! </article>
\ No newline at end of file
Index: ez-ipupd.xml
===================================================================
RCS file: /cvsroot/leaf/devel/jnilo/documentation/packages/ez-ipupd.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** ez-ipupd.xml 18 Jan 2004 18:12:28 -0000 1.3
--- ez-ipupd.xml 19 Jan 2004 21:26:47 -0000 1.4
***************
*** 1,59 ****
! <?xml version="1.0" encoding='ISO-8859-1'?>
! <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" [
! ]>
! <book>
! <article id="ezipupd"><title>ez-ipupdate LEAF/LRP user's guide</title>
! <sect1 id="ezipupd1"><title>About ez-ipupdate</title>
! <sect2><title>What is ez-ipupdate?</title>
! <para>Ez-ipupdate is a small utility for updating your host name IP for any of the \
dynamic DNS service offered at:</para>
! <itemizedlist>
! <listitem><para><ulink \
url="http://www.ez-ip.net">http://www.ez-ip.net</ulink></para></listitem>
! <listitem><para><ulink \
url="http://www.justlinux.com">http://www.justlinux.com</ulink></para></listitem>
! <listitem><para><ulink \
url="http://www.dhs.org">http://www.dhs.org</ulink></para></listitem>
! <listitem><para><ulink \
url="http://www.dyndns.org">http://www.dyndns.org</ulink></para></listitem>
! <listitem><para><ulink url="http://www.ods.org"> \
http://www.ods.org</ulink></para></listitem>
! <listitem><para><ulink url="http://gnudip.cheapnet.net"> \
http://gnudip.cheapnet.net</ulink> (GNUDip)</para></listitem>
! <listitem><para><ulink url="http://www.dyn.ca">http://www.dyn.ca</ulink> \
(GNUDip)</para></listitem>
! <listitem><para><ulink \
url="http://www.tzo.com">http://www.tzo.com</ulink></para></listitem>
! <listitem><para><ulink \
url="http://www.easydns.com">http://www.easydns.com</ulink></para></listitem>
! <listitem><para><ulink \
url="http://www.dyns.cx">http://www.dyns.cx</ulink></para></listitem>
! <listitem><para><ulink \
url="http://www.hn.org">http://www.hn.org</ulink></para></listitem>
! <listitem><para><ulink \
url="http://www.zoneedit.com">http://www.zoneedit.com</ulink></para></listitem>
! </itemizedlist>
! <para>This package has been developed & is supported by <ulink \
url="http://gusnet.cx/proj/ez-ipupdate">Angus Mackay</ulink>.</para>
! <para>The key features are: support for multiple service types, daemon mode that \
monitors your IP address and only sends updates when your IP address \
changes.</para>
! </sect2>
! <sect2><title>Feedback</title>
! <para>Comment on the LEAF package can be sent to the author \
<email>jnilo@users.sourceforge.net</email>.</para>
! </sect2>
! <sect2><title>Changelog</title>
! <para>Current version: 3.0.11b8 - 06 December 2003</para>
! <itemizedlist>
! <listitem><para>Package updated with version 3.0.11b8</para></listitem>
! </itemizedlist>
! <para>version: 3.0.11b7 - 7 April 2002</para>
! <itemizedlist>
! <listitem><para>Package updated with version 3.0.11b7</para></listitem>
! </itemizedlist>
! <para>version: 3.0.11b5 - 24 July 2001</para>
! <itemizedlist>
! <listitem><para>Documentation written in Docbook XML format for better \
compatibility.</para></listitem>
! </itemizedlist>
! <para>Original version: 0.96.9 - 20 May 2001</para>
! </sect2>
! </sect1>
! <sect1 id="ezipupd2"><title>Installing the ezipupd.lrp package</title>
! <para>Download the <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/packages/ezipupd.lrp">ezipupd.lrp</ulink> \
package. Copy the package to your LRP diskette. Edit your \
<filename>syslinux.cfg</filename> file to add <application>ezipupd</application> to \
the list of your packages.</para>
! <para>Your <filename>syslinux.cfg</filename> file could look like (adjust to your \
tastes):</para>
! <screen>display syslinux.dpy
timeout 0
default linux initrd=initrd.lrp init=/linuxrc root=/dev/ram0 \
boot=/dev/fd0u1680,msdos PKGPATH=/dev/fd0u1680 \
LRP=root,etc,local,modules,pump,ezipupd,keyboard,shorwall,dnscache,weblet </screen>
! <para>Reboot.</para>
! </sect1>
! <sect1 id="ezipupd3"><title>Configuring ez-ipupdate</title>
! <para>You can edit the ez-ipupdate configuration file through the package \
configuration menu:</para>
! <screen>
ez-ipupd configuration files
--- 1,144 ----
! <?xml version="1.0" encoding="UTF-8"?>
! <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
! "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
! <article id="ezipupd">
! <title>ez-ipupdate LEAF/LRP user's guide</title>
!
! <section id="ezipupd1">
! <title>About ez-ipupdate</title>
!
! <section>
! <title>What is ez-ipupdate?</title>
!
! <para>Ez-ipupdate is a small utility for updating your host name IP for
! any of the dynamic DNS service offered at:</para>
!
! <itemizedlist>
! <listitem>
! <para><ulink \
url="http://www.ez-ip.net">http://www.ez-ip.net</ulink></para>
! </listitem>
!
! <listitem>
! <para><ulink \
url="http://www.justlinux.com">http://www.justlinux.com</ulink></para>
! </listitem>
!
! <listitem>
! <para><ulink url="http://www.dhs.org">http://www.dhs.org</ulink></para>
! </listitem>
!
! <listitem>
! <para><ulink \
url="http://www.dyndns.org">http://www.dyndns.org</ulink></para>
! </listitem>
!
! <listitem>
! <para><ulink url="http://www.ods.org"> http://www.ods.org</ulink></para>
! </listitem>
!
! <listitem>
! <para><ulink url="http://gnudip.cheapnet.net">
! http://gnudip.cheapnet.net</ulink> (GNUDip)</para>
! </listitem>
!
! <listitem>
! <para><ulink url="http://www.dyn.ca">http://www.dyn.ca</ulink>
! (GNUDip)</para>
! </listitem>
!
! <listitem>
! <para><ulink url="http://www.tzo.com">http://www.tzo.com</ulink></para>
! </listitem>
!
! <listitem>
! <para><ulink \
url="http://www.easydns.com">http://www.easydns.com</ulink></para>
! </listitem>
!
! <listitem>
! <para><ulink url="http://www.dyns.cx">http://www.dyns.cx</ulink></para>
! </listitem>
!
! <listitem>
! <para><ulink url="http://www.hn.org">http://www.hn.org</ulink></para>
! </listitem>
!
! <listitem>
! <para><ulink \
url="http://www.zoneedit.com">http://www.zoneedit.com</ulink></para>
! </listitem>
! </itemizedlist>
!
! <para>This package has been developed & is supported by <ulink
! url="http://gusnet.cx/proj/ez-ipupdate">Angus Mackay</ulink>.</para>
!
! <para>The key features are: support for multiple service types, daemon
! mode that monitors your IP address and only sends updates when your IP
! address changes.</para>
! </section>
!
! <section>
! <title>Feedback</title>
!
! <para>Comment on the LEAF package can be sent to the author
! <email>jnilo@users.sourceforge.net</email>.</para>
! </section>
!
! <section>
! <title>Changelog</title>
!
! <para>Current version: 3.0.11b8 - 06 December 2003</para>
!
! <itemizedlist>
! <listitem>
! <para>Package updated with version 3.0.11b8</para>
! </listitem>
! </itemizedlist>
!
! <para>version: 3.0.11b7 - 7 April 2002</para>
!
! <itemizedlist>
! <listitem>
! <para>Package updated with version 3.0.11b7</para>
! </listitem>
! </itemizedlist>
!
! <para>version: 3.0.11b5 - 24 July 2001</para>
!
! <itemizedlist>
! <listitem>
! <para>Documentation written in Docbook XML format for better
! compatibility.</para>
! </listitem>
! </itemizedlist>
!
! <para>Original version: 0.96.9 - 20 May 2001</para>
! </section>
! </section>
!
! <section id="ezipupd2">
! <title>Installing the ezipupd.lrp package</title>
!
! <para>Download the <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/ezipupd.lrp">ezipupd.lrp</ulink>
! package. Copy the package to your LRP diskette. Edit your
! <filename>syslinux.cfg</filename> file to add \
<application>ezipupd</application>
! to the list of your packages.</para>
!
! <para>Your <filename>syslinux.cfg</filename> file could look like (adjust
! to your tastes):</para>
!
! <screen>display syslinux.dpy
timeout 0
default linux initrd=initrd.lrp init=/linuxrc root=/dev/ram0 \
boot=/dev/fd0u1680,msdos PKGPATH=/dev/fd0u1680 \
LRP=root,etc,local,modules,pump,ezipupd,keyboard,shorwall,dnscache,weblet </screen>
!
! <para>Reboot.</para>
! </section>
!
! <section id="ezipupd3">
! <title>Configuring ez-ipupdate</title>
!
! <para>You can edit the ez-ipupdate configuration file through the package
! configuration menu:</para>
!
! <screen>
ez-ipupd configuration files
***************
*** 66,71 ****
Selection:
</screen>
! <para>The parameters allowes in the configuration file are the followings:</para>
! <screen>
address usage: address=[ip address]
cache-file usage: cache-file=[cache file]
--- 151,158 ----
Selection:
</screen>
!
! <para>The parameters allowes in the configuration file are the \
followings:</para>
!
! <screen>
address usage: address=[ip address]
cache-file usage: cache-file=[cache file]
***************
*** 98,103 ****
partner usage: partner=[easydns partner]
</screen>
! <para>Here is how it could look like:</para>
! <screen>
service-type=zoneedit
user=myname:mypassword
--- 185,192 ----
partner usage: partner=[easydns partner]
</screen>
!
! <para>Here is how it could look like:</para>
!
! <screen>
service-type=zoneedit
user=myname:mypassword
***************
*** 106,129 ****
notify-email=john.doe@mydomain.com
# other options:
! #address=<ip address>
cache-file=/tmp/ez-ipup
#daemon
#debug
#foreground
! #host=<host>
! #interface=<interface>
! #mx=<mail exchanger>
! #retrys=<number of trys>
! #run-as-user=<user>
! #run-as-euser=<user>
! #server=<server name>
! #timeout=<sec.millisec>
! #max-interval=<time in seconds>
! #notify-email=<email address>
! #period=<time between update attempts>
! #url=<url>
</screen>
! <para>You can also run ez-ipupdate in interractive mode. The commands are:</para>
! <screen>
null ezip pgpow dhs dyndns dyndns-static dyndns-custom ods
--- 195,220 ----
notify-email=john.doe@mydomain.com
# other options:
! #address=<ip address>
cache-file=/tmp/ez-ipup
#daemon
#debug
#foreground
! #host=<host>
! #interface=<interface>
! #mx=<mail exchanger>
! #retrys=<number of trys>
! #run-as-user=<user>
! #run-as-euser=<user>
! #server=<server name>
! #timeout=<sec.millisec>
! #max-interval=<time in seconds>
! #notify-email=<email address>
! #period=<time between update attempts>
! #url=<url>
</screen>
!
! <para>You can also run ez-ipupdate in interractive mode. The commands \
are:</para>
!
! <screen>
null ezip pgpow dhs dyndns dyndns-static dyndns-custom ods
***************
*** 133,172 ****
Options are:
! -a, --address <ip address> string to send as your ip address
! -b, --cache-file <file> file to use for caching the ipaddress
! -c, --config-file <file> configuration file, almost all arguments can be
! given with: <name>[=<value>]
to see a list of possible config commands
! try "echo help | ez-ipupdate -c -"
-d, --daemon run as a daemon periodicly updating if
necessary
! -e, --execute <command> shell command to execute after a successful
update
-f, --foreground when running as a daemon run in the foreground
! -F, --pidfile <file> use <file> as a pid file
! -g, --request-uri <uri> URI to send updates to
! -h, --host <host> string to send as host parameter
! -i, --interface <iface> which interface to use
! -L, --cloak_title <host> some stupid thing for DHS only
! -m, --mx <mail exchange> string to send as your mail exchange
! -M, --max-interval <# of sec> max time in between updates
! -N, --notify-email <email> address to send mail to if bad things happen
-o, --offline set to off line mode
! -p, --resolv-period <sec> period to check IP if it can't be resolved
! -P, --period <# of sec> period to check IP in daemon
mode (default: 1800 seconds)
-q, --quiet be quiet
! -r, --retrys <num> number of trys (default: 1)
! -R, --run-as-user <user> change to <user> for running, be ware
that this can cause problems with handeling
! SIGHUP properly if that user can't read the
! config file. also it can't write it's pid file
to a root directory
! -Q, --run-as-euser <user> change to effective <user> for running,
this is NOT secure but it does solve the
problems with run-as-user and config files and
pid files.
! -s, --server <server[:port]> the server to connect to
! -S, --service-type <server> the type of service that you are using
try one of: null ezip pgpow dhs
dyndns dyndns-static dyndns-custom
--- 224,263 ----
Options are:
! -a, --address <ip address> string to send as your ip address
! -b, --cache-file <file> file to use for caching the ipaddress
! -c, --config-file <file> configuration file, almost all arguments \
can be
! given with: <name>[=<value>]
to see a list of possible config commands
! try "echo help | ez-ipupdate -c -"
-d, --daemon run as a daemon periodicly updating if
necessary
! -e, --execute <command> shell command to execute after a successful
update
-f, --foreground when running as a daemon run in the foreground
! -F, --pidfile <file> use <file> as a pid file
! -g, --request-uri <uri> URI to send updates to
! -h, --host <host> string to send as host parameter
! -i, --interface <iface> which interface to use
! -L, --cloak_title <host> some stupid thing for DHS only
! -m, --mx <mail exchange> string to send as your mail exchange
! -M, --max-interval <# of sec> max time in between updates
! -N, --notify-email <email> address to send mail to if bad things \
happen
-o, --offline set to off line mode
! -p, --resolv-period <sec> period to check IP if it can't be \
resolved
! -P, --period <# of sec> period to check IP in daemon
mode (default: 1800 seconds)
-q, --quiet be quiet
! -r, --retrys <num> number of trys (default: 1)
! -R, --run-as-user <user> change to <user> for running, be \
ware
that this can cause problems with handeling
! SIGHUP properly if that user can't read the
! config file. also it can't write it's pid \
file to a root directory
! -Q, --run-as-euser <user> change to effective <user> for \
running, this is NOT secure but it does solve the
problems with run-as-user and config files and
pid files.
! -s, --server <server[:port]> the server to connect to
! -S, --service-type <server> the type of service that you are using
try one of: null ezip pgpow dhs
dyndns dyndns-static dyndns-custom
***************
*** 174,185 ****
gnudip justlinux dyns hn zoneedit
heipv6tb
! -t, --timeout <sec.millisec> the amount of time to wait on I/O
! -T, --connection-type <num> number sent to TZO as your connection
type (default: 1)
! -U, --url <url> string to send as the url parameter
! -u, --user <user[:passwd]> user ID and password, if either is left blank
they will be prompted for
-w, --wildcard set your domain to have a wildcard alias
! -z, --partner <partner> specify easyDNS partner (for easydns-partner
services)
--help display this help and exit
--- 265,276 ----
gnudip justlinux dyns hn zoneedit
heipv6tb
! -t, --timeout <sec.millisec> the amount of time to wait on I/O
! -T, --connection-type <num> number sent to TZO as your connection
type (default: 1)
! -U, --url <url> string to send as the url parameter
! -u, --user <user[:passwd]> user ID and password, if either is left \
blank they will be prompted for
-w, --wildcard set your domain to have a wildcard alias
! -z, --partner <partner> specify easyDNS partner (for \
easydns-partner services)
--help display this help and exit
***************
*** 189,213 ****
</screen>
! </sect1>
! <sect1 id="ezipupd4"><title>Using ez-ipupdate</title>
! <sect2><title>Daemon mode</title>
! <para>To be completed</para>
! </sect2>
! <sect2><title>Trough dhclient exit-hook script</title>
! <screen>
reload_all() {
# svi network ipfilter reload
/sbin/seawall restart
! echo "Starting ez-ipupd from dhclient ..."
/etc/init.d/ez-ipupd start
# if start-stop-daemon -K -x /usr/sbin/dnscache -t -q ; then
! # [ -x /etc/init.d/dnscache ] && /etc/init.d/dnscache restart
# fi
}
</screen>
! <para></para>
! </sect2>
! </sect1>
! </article>
! </book>
--- 280,312 ----
</screen>
! </section>
!
! <section id="ezipupd4">
! <title>Using ez-ipupdate</title>
!
! <section>
! <title>Daemon mode</title>
!
! <para>To be completed</para>
! </section>
!
! <section>
! <title>Trough dhclient exit-hook script</title>
!
! <screen>
reload_all() {
# svi network ipfilter reload
/sbin/seawall restart
! echo "Starting ez-ipupd from dhclient ..."
/etc/init.d/ez-ipupd start
# if start-stop-daemon -K -x /usr/sbin/dnscache -t -q ; then
! # [ -x /etc/init.d/dnscache ] && /etc/init.d/dnscache restart
# fi
}
</screen>
!
! <para></para>
! </section>
! </section>
! </article>
\ No newline at end of file
Index: keybd.xml
===================================================================
RCS file: /cvsroot/leaf/devel/jnilo/documentation/packages/keybd.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** keybd.xml 28 May 2003 13:30:30 -0000 1.2
--- keybd.xml 19 Jan 2004 21:26:47 -0000 1.3
***************
*** 1,13 ****
! <?xml version="1.0" encoding='ISO-8859-1'?>
! <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" [
! ]>
! <book>
! <article id="keybd"><title>Keyboard LEAF/LRP user's guide</title>
! <sect1 id="keybd1"><title>About keyboard.lrp</title>
! <sect2><title>What is keyboard.lrp ?</title>
! <para>keyboard.lrp provides a set of 45 keyboard maps to choose from.</para>
! <para>Once your keyboard has been selected you can remove the 44 remaining in \
<filename>/usr/share/keymaps</filename> to shrink your LEAF/LRP package to a mere \
1k.</para>
! <para>The following keyboards are available:</para>
! <screen>
# azerty.map cz.map fi.map jp.map ro.map trq.map
# be.map de-latin1.map fr-latin1.map la.map ru.map ua.map
--- 1,23 ----
! <?xml version="1.0" encoding="UTF-8"?>
! <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
! "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
! <article id="keybd">
! <title>Keyboard LEAF/LRP user's guide</title>
!
! <section id="keybd1">
! <title>About keyboard.lrp</title>
!
! <section>
! <title>What is keyboard.lrp ?</title>
!
! <para>keyboard.lrp provides a set of 45 keyboard maps to choose from.</para>
!
! <para>Once your keyboard has been selected you can remove the 44
! remaining in <filename>/usr/share/keymaps</filename> to shrink your
! LEAF/LRP package to a mere 1k.</para>
!
! <para>The following keyboards are available:</para>
!
! <screen>
# azerty.map cz.map fi.map jp.map ro.map trq.map
# be.map de-latin1.map fr-latin1.map la.map ru.map ua.map
***************
*** 19,63 ****
# croat.map fi-latin1.map it.map pt.map trf.map
</screen>
! </sect2>
! <sect2><title>Feedback</title>
! <para>Comment on this package can be sent to the authors: \
<email>kapeka@epost.de</email> or \
<email>jnilo@users.sourceforge.net</email>.</para>
! </sect2>
! <sect2><title>Acknowledgments and Thanks</title>
! <para>This package was originally designed KP Kirchdörfer and extended by J. Nilo. \
Thanks to everyone who helped us on this work and especially the members of the \
<ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-devel">leaf-devel</ulink> \
and <ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-user">leaf-user</ulink> \
mailing list.</para>
! </sect2>
! <sect2><title>Changelog</title>
! <para>Current version: 0.3 - November 2001</para>
! </sect2>
! </sect1>
! <sect1 id="keybd2"><title>Installing the keyboard.lrp package</title>
! <para>Download the <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/packages/keyboard.lrp">keyboard.lrp</ulink> \
package an copy it to your LRP diskette.</para>
! <para>Edit your <filename>syslinux.cfg</filename> file to add keyboard to the list \
of your packages.</para>
! <para>Save <filename>syslinux.cfg</filename>.</para>
! </sect1>
! <sect1 id="keybd3"><title>Setting the keyboard</title>
! <para>Either start <userinput>lrcfg</userinput> then choose <emphasis>Package \
settings / Keyboard / 1) /etc/init.d/keyboard</emphasis> or edit \
<filename>/etc/init.d/keyboard</filename> directly.</para>
! <para>In both cases replace <filename>us.map</filename> in the line:</para>
! <screen>
! KEYMAP="us.map"
</screen>
! <para>with you prefered keyboard map.To activate the new keyboard map call:</para>
! <screen>
/etc/init.d/keyboard start
</screen>
! <para>You can easily remove the keymaps you do not need once you are happy with \
your choice. It will strip the lrp package to 1k. From the LEAF console simply \
run:</para>
! <screen>
/etc/init.d/keyboard remove
</screen>
! <para>To make the changes permanently backup <filename>keyboard.lrp</filename> with \
<userinput>lrcfg</userinput>.</para>
! </sect1>
! <sect1 id="keybd4"><title>How to add another keyboard map</title>
! <para>If you are happy with a linux keyboard on a given LINUX box, you can dump \
this keyboard with the <filename>dumpkmap</filename> program.</para>
! <para>If you don't have <filename>dumpkmap</filename> at hand, you can download it \
from the <ulink url="http://busybox.lineo.com">busybox</ulink> web site. Then build a \
version of busybox with dumpkmap enabled.</para>
! <para>Alternatively you can download this statically linked version of \
<filename>dumpkmap</filename> from <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/packages/dumpkmap">here</ulink>. You \
then have just to run the command:</para>
! <screen>
! ./dumpkmap > your.map
</screen>
! <para>Add <filename>your.map</filename> on the LEAF router in the \
<filename>/usr/share/keymaps</filename> directory and backup \
<filename>keyboard.lrp</filename>.</para>
! </sect1>
! </article>
! </book>
--- 29,126 ----
# croat.map fi-latin1.map it.map pt.map trf.map
</screen>
! </section>
!
! <section>
! <title>Feedback</title>
!
! <para>Comment on this package can be sent to the authors:
! <email>kapeka@epost.de</email> or \
<email>jnilo@users.sourceforge.net</email>.</para>
! </section>
!
! <section>
! <title>Acknowledgments and Thanks</title>
!
! <para>This package was originally designed KP Kirchdörfer and extended
! by J. Nilo. Thanks to everyone who helped us on this work and especially
! the members of the <ulink
! url="http://lists.sourceforge.net/lists/listinfo/leaf-devel">leaf-devel</ulink>
! and <ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-user">leaf-user</ulink>
! mailing list.</para>
! </section>
!
! <section>
! <title>Changelog</title>
!
! <para>Current version: 0.3 - November 2001</para>
! </section>
! </section>
!
! <section id="keybd2">
! <title>Installing the keyboard.lrp package</title>
!
! <para>Download the <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/keyboard.lrp">keyboard.lrp</ulink>
! package an copy it to your LRP diskette.</para>
!
! <para>Edit your <filename>syslinux.cfg</filename> file to add keyboard to
! the list of your packages.</para>
!
! <para>Save <filename>syslinux.cfg</filename>.</para>
! </section>
!
! <section id="keybd3">
! <title>Setting the keyboard</title>
!
! <para>Either start <userinput>lrcfg</userinput> then choose
! <emphasis>Package settings / Keyboard / 1) /etc/init.d/keyboard</emphasis>
! or edit <filename>/etc/init.d/keyboard</filename> directly.</para>
!
! <para>In both cases replace <filename>us.map</filename> in the line:</para>
!
! <screen>
! KEYMAP="us.map"
</screen>
!
! <para>with you prefered keyboard map.To activate the new keyboard map
! call:</para>
!
! <screen>
/etc/init.d/keyboard start
</screen>
!
! <para>You can easily remove the keymaps you do not need once you are happy
! with your choice. It will strip the lrp package to 1k. From the LEAF
! console simply run:</para>
!
! <screen>
/etc/init.d/keyboard remove
</screen>
!
! <para>To make the changes permanently backup <filename>keyboard.lrp</filename>
! with <userinput>lrcfg</userinput>.</para>
! </section>
!
! <section id="keybd4">
! <title>How to add another keyboard map</title>
!
! <para>If you are happy with a linux keyboard on a given LINUX box, you can
! dump this keyboard with the <filename>dumpkmap</filename> program.</para>
!
! <para>If you don't have <filename>dumpkmap</filename> at hand, you can
! download it from the <ulink url="http://busybox.lineo.com">busybox</ulink>
! web site. Then build a version of busybox with dumpkmap enabled.</para>
!
! <para>Alternatively you can download this statically linked version of
! <filename>dumpkmap</filename> from <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/dumpkmap">here</ulink>.
! You then have just to run the command:</para>
!
! <screen>
! ./dumpkmap > your.map
</screen>
!
! <para>Add <filename>your.map</filename> on the LEAF router in the
! <filename>/usr/share/keymaps</filename> directory and backup
! <filename>keyboard.lrp</filename>.</para>
! </section>
! </article>
\ No newline at end of file
Index: leaf_uml.xml
===================================================================
RCS file: /cvsroot/leaf/devel/jnilo/documentation/packages/leaf_uml.xml,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** leaf_uml.xml 18 Dec 2002 22:37:14 -0000 1.6
--- leaf_uml.xml 19 Jan 2004 21:26:47 -0000 1.7
***************
*** 1,242 ****
! <?xml version="1.0" encoding='ISO-8859-1'?>
! <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
! "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
! ]>
! <book>
! <article id="uml"><title>Developing and using LEAF in a virtual environment</title>
! <sect1 id="uml01"><title>Introduction</title>
! <sect2><title>Why using a virtual environment ?</title>
! <para>I see two main reasons for using a virtual environment while working on \
LEAF:</para>
! <para>First, we still need a specific development environment - namely Debian/slink \
- built around glibc 2.0 to build userland programs. Kernel development does not need \
glibc but needs sometime a specific GCC compiler. The main reason is that the \
footprint of programs compiled in this environment is much smaller than the one we \
get with more recent versions of glibc. The drawback is that this version of Debian \
is now outdated and it becomes more and more difficult to find it.</para> [...1328 \
lines suppressed...] </screen>
!
! <para>The linux log should show up in a console, and a couple of xterm
! should pop-up at the end. Login as root. You will then be directed to the
! last part of the Debian/slink installation process. Just send carriage
! returns to answer the questions until you are asked to define a password
! for root. Do so. Then define a new user if you wish and answer yes to
! setup the Shadow password facility. The system will then reboot. Make sure
! you can login and halt.</para>
!
! <tip>
! <para>As Jeff Dike mentioned it to me, you do not need to be root to
! build the initial filesystem. You can create the root_fs file on your
! non-root hosts account, boot UML with that file as ubd1, the source data
! (<filename>base2_1.tgz</filename>) as ubd2, and, inside UML, mkfs it,
! mount it and populate it.</para>
! </tip>
! </section>
! </article>
\ No newline at end of file
Index: menu.xml
===================================================================
RCS file: /cvsroot/leaf/devel/jnilo/documentation/packages/menu.xml,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -d -r1.9 -r1.10
*** menu.xml 18 Jan 2004 18:12:28 -0000 1.9
--- menu.xml 19 Jan 2004 21:26:47 -0000 1.10
***************
*** 1,318 ****
! <?xml version="1.0" encoding='ISO-8859-1'?>
! <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" [
! ]>
<article>
! <sect1><title>Jacques Nilo's LEAF Website</title>
! <copyright><year>2001</year><holder>Jacques Nilo</holder></copyright>
! <para>Permission is granted to copy, distribute and/or modify this document under \
the terms of the GNU Free Documentation Licence, Version 1.1 or any later version \
published by the Free Software Foundation.</para>
! <para>Comments are welcomed and can be E-mailed to the author at \
<email>jnilo@users.sourceforge.net</email>.</para>
! <sect2><title>1. The LEAF "Bering" distribution</title>
! <para>Bering is a single floppy based distribution derived from <ulink \
url="http://leaf.sourceforge.net/devel/cstein/">Charles Steinkuehler's</ulink> \
Dachstein (rc2). It differs from Dachstein on two main points:</para>
! <itemizedlist>
! <listitem><para>It is based on a 2.4.x kernel</para></listitem>
! <listitem><para>It relies on <ulink \
url="http://www.shorewall.net">Shorewall</ulink>, an iptable based firewall which \
provides many <ulink \
url="http://www.shorewall.net/shorewall_features.htm">features</ulink>, developed and \
maintained by Tom Eastep.l</para></listitem>
! </itemizedlist>
! <para>The 1680K floppy is ready to use for Cable modem, ADSL PPPOE and even serial \
modem users.</para>
! <para>Bering now supports IPSEC (Super-Freeswan 1.99.6.2) and PPTP tunnels.</para>
! <itemizedlist>
! <listitem><para>A detailed documentation is available: an <ulink \
url="http://leaf.sf.net/doc/guide/binstall.html">installation guide</ulink> and a \
<ulink url="http://leaf.sf.net/doc/guide/busers.html">user's guide</ulink> with \
practical examples. The first chapter of the Bering <ulink \
url="http://leaf.sf.net/doc/guide/bdev.html">developer's guide</ulink> is also \
available.</para></listitem>
! <listitem><para>A pdf version of this documentation is available in the Bering \
<ulink url="http://sourceforge.net/project/showfiles.php?group_id=13751">download \
area</ulink>.</para></listitem>
! <listitem><para>The disk images (linux and windows version) and the modules file \
are available in the Bering <ulink \
url="http://sourceforge.net/project/showfiles.php?group_id=13751">download \
area</ulink>.</para></listitem>
! <listitem><para>Some Bering specific packages are available <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/">here</ulink>. \
But most LEAF/LRP packages can be used including those provided \
below.</para></listitem>
! <listitem><para>Current version: v1.2 (May 2003)</para></listitem>
! <listitem><para>Changelog is available <ulink \
url="http://leaf.sf.net/doc/guide/bichlog.html">here</ulink></para></listitem>
! <listitem><para>Kernel version: 2.4.20</para></listitem>
! <listitem><para>Shorewall version: 1.4.2</para></listitem>
! </itemizedlist>
! <important><para>Do not forget to check the <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/bering/latest/errata/">errata \
section</ulink> for the most recent updates made available before official \
releases.</para></important>
! </sect2>
! <sect2>
! <title>2. Running and developing LEAF on a virtual machine</title>
! <para>If you are interested in learning how to run a "virtual" router or to use a \
virtual Debian/slink development machine in your current (say Mandrake or Redhat) \
Linux Box, check the following piece: <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/uml.html">Developing and using LEAF in a \
virtual environment</ulink>.</para>
! <para>This project has been developed with <ulink \
url="http://user-mode-linux.sourceforge.net/index.html">user-mode-linux</ulink>.</para>
! </sect2>
! <sect2>
! <title>3. Available LEAF/LRP packages</title>
! <para>The following table gives the list of LEAF packages available for download. \
Those packages should generally work for Bering, Dachstein and Oxygen LEAF \
distributions.</para>
! <table frame='all'><title>Available packages</title>
! <tgroup cols='6' align='center'>
! <thead>
! <row>
! <entry>Package name</entry>
! <entry>Purpose</entry>
! <entry>Version</entry>
! <entry>Size</entry>
! <entry>Last update</entry>
! <entry>Download</entry>
! <entry>User's guide</entry>
! </row>
! </thead>
! <tbody>
! <row>
! <entry>axfrdns.lrp</entry>
! <entry>a DNS zone-transfer server from D.J. Bernstein</entry>
! <entry>1.05a</entry>
! <entry>45K</entry>
! <entry>31-jul-2001</entry>
! <entry><ulink url="./packages/axfrdns.lrp">here</ulink></entry>
! <entry><ulink url="http://cr.yp.to/djbdns/axfrdns.html">here</ulink></entry>
! </row>
! <row>
! <entry>daemontl.lrp</entry>
! <entry>Daemontools from D.J. Bernstein</entry>
! <entry>0.70</entry>
! <entry>30K</entry>
! <entry>08-jun-2002</entry>
! <entry><ulink url="./packages/daemontl.lrp">here</ulink></entry>
! <entry><ulink url="daemon.html">here</ulink></entry>
! </row>
! <row>
! <entry>djbutils.lrp</entry>
! <entry>D.J. Bernstein DNS tools</entry>
! <entry>1.05a</entry>
! <entry>56K</entry>
! <entry>14-jul-2001</entry>
! <entry><ulink url="./packages/djbutils.lrp">here</ulink></entry>
! <entry><ulink url="djbutil.html">here</ulink></entry>
! </row>
! <row>
! <entry>dnscache.lrp</entry>
! <entry>A fast and secure "proxy" DNS server from D.J. Bernstein</entry>
! <entry>1.05a</entry>
! <entry>23K</entry>
! <entry>14-jul-2001</entry>
! <entry><ulink url="./packages/dnscache.lrp">here</ulink></entry>
! <entry><ulink url="dnscache.html">here</ulink></entry>
! </row>
! <row>
! <entry>ezipupd.lrp</entry>
! <entry>ez-ipudate program from Angus Mackay</entry>
! <entry>3.0.11b8</entry>
! <entry>24K</entry>
! <entry>06-dec-2003</entry>
! <entry><ulink url="./packages/ezipupd.lrp">here</ulink></entry>
! <entry><ulink url="ezipupd.html">here</ulink></entry>
! </row>
! <row>
! <entry>fetchml.lrp</entry>
! <entry>Fetchmail program</entry>
! <entry>5.8.15</entry>
! <entry>71K</entry>
! <entry>03-aug-2001</entry>
! <entry><ulink url="./packages/fetchml.lrp">here</ulink></entry>
! <entry>None</entry>
! </row>
! <row>
! <entry>keyboard.lrp</entry>
! <entry>International keyboards package</entry>
! <entry>0.3</entry>
! <entry>11K</entry>
! <entry>28-nov-2001</entry>
! <entry><ulink url="./packages/keyboard.lrp">here</ulink></entry>
! <entry><ulink url="keybd.html">here</ulink></entry>
! </row>
! <row>
! <entry>libm.lrp</entry>
! <entry>The libm library</entry>
! <entry>2.0.7</entry>
! <entry>39K</entry>
! <entry>04-aug-2002</entry>
! <entry><ulink url="./packages/libm.lrp">here</ulink></entry>
! <entry>None</entry>
! </row>
! <row>
! <entry>libz.lrp</entry>
! <entry>The libz library (needed to run sshd, sshkey and ssh.lrp )</entry>
! <entry>1.1.4</entry>
! <entry>26K</entry>
! <entry>17-mar-2002</entry>
! <entry><ulink url="./packages/libz.lrp">here</ulink></entry>
! <entry>None</entry>
! </row>
! <row>
! <entry>maradns.lrp</entry>
! <entry>A simple DNS server, aimed to be secure</entry>
! <entry>1.0.16</entry>
! <entry>135K</entry>
! <entry>13-apr-2003</entry>
! <entry><ulink url="./packages/maradns.lrp">here</ulink></entry>
! <entry><ulink url="http://www.maradns.org/tutorial/tutorial.html">here</ulink></entry>
! </row>
! <row>
! <entry>netutils.lrp</entry>
! <entry>ifconfig/route/netstat from net-tools</entry>
! <entry>1.45</entry>
! <entry>37K</entry>
! <entry>22-mar-2003</entry>
! <entry><ulink url="./packages/netutils.lrp">here</ulink></entry>
! <entry>None</entry>
! </row>
! <row>
! <entry>nsupdate.lrp</entry>
! <entry>nsupdate from the Bind package</entry>
! <entry>9.2.2-rc1</entry>
! <entry>329K</entry>
! <entry>28-aug-2002</entry>
! <entry><ulink url="./packages/nsupdate.lrp">here</ulink></entry>
! <entry>None</entry>
! </row>
! <row>
! <entry>openvpn.lrp</entry>
! <entry>Virtual Private Network daemon</entry>
! <entry>1.3.5</entry>
! <entry>358K</entry>
! <entry>23-nov-2003</entry>
! <entry><ulink url="./packages/openvpn.lrp">here</ulink></entry>
! <entry><ulink url="http://openvpn.sourceforge.net/">here</ulink></entry>
! </row>
! <row>
! <entry>pptp.lrp</entry>
! <entry>Point-to-Point Tunneling Protocol (PPTP) Client</entry>
! <entry>1.1.0</entry>
! <entry>17K</entry>
! <entry>17-apr-2002</entry>
! <entry><ulink url="./packages/pptp.lrp">here</ulink></entry>
! <entry><ulink url="http://pptpclient.sourceforge.net/">here</ulink></entry>
! </row>
! <row>
! <entry>qudproxy.lrp</entry>
! <entry>Quake UDP server proxy</entry>
! <entry>1.0</entry>
! <entry>4K</entry>
! <entry>22-jun-2002</entry>
! <entry><ulink url="./packages/qudproxy.lrp">here</ulink></entry>
! <entry><ulink url="http://wuarchive.wustl.edu/systems/amiga/aminet/comm/tcp/qudproxy.readme">here</ulink></entry>
! </row>
! <row>
! <entry>qmail.lrp</entry>
! <entry>A fast and secure UNIX Mail Transport Agent from D.J. Bernstein</entry>
! <entry>1.03a</entry>
! <entry>184K</entry>
! <entry>21-jul-2001</entry>
! <entry><ulink url="./packages/qmail.lrp">here</ulink></entry>
! <entry><ulink url="qmail.html">here</ulink></entry>
! </row>
! <row>
! <entry>sftp.lrp</entry>
! <entry>The free sftp client and sftp-server from Openssh</entry>
! <entry>3.7.1p2</entry>
! <entry>74K</entry>
! <entry>27-sept-2003</entry>
! <entry><ulink url="./packages/sftp.lrp">here</ulink></entry>
! <entry><ulink url="openssh.html">here</ulink></entry>
! </row>
! <row>
! <entry>ssh.lrp</entry>
! <entry>The free ssh client from Openssh</entry>
! <entry>3.7.1p2</entry>
! <entry>318K</entry>
! <entry>27-sept-2003</entry>
! <entry><ulink url="./packages/ssh.lrp">here</ulink></entry>
! <entry><ulink url="openssh.html">here</ulink></entry>
! </row>
! <row>
! <entry>sshd.lrp</entry>
! <entry>The free sshd daemon from Openssh</entry>
! <entry>3.7.1p2</entry>
! <entry>348K</entry>
! <entry>27-sept-2003</entry>
! <entry><ulink url="./packages/sshd.lrp">here</ulink></entry>
! <entry><ulink url="openssh.html">here</ulink></entry>
! </row>
! <row>
! <entry>sshkey.lrp</entry>
! <entry>The free ssh/sshd key generator from Openssh</entry>
! <entry>3.7.1p2</entry>
! <entry>236K</entry>
! <entry>27-sept-2003</entry>
! <entry><ulink url="./packages/sshkey.lrp">here</ulink></entry>
! <entry><ulink url="openssh.html">here</ulink></entry>
! </row>
! <row>
! <entry>tcpdump.lrp</entry>
! <entry>A powerful tool for network monitoring and data acquisition</entry>
! <entry>3.7.2</entry>
! <entry>173K</entry>
! <entry>23-mar-2003</entry>
! <entry><ulink url="./packages/tcpdump.lrp">here</ulink></entry>
! <entry><ulink url="http://www.tcpdump.org/">here</ulink></entry>
! </row>
! <row>
! <entry>tinydns.lrp</entry>
! <entry>A fast and secure "content" DNS server from D.J. Bernstein</entry>
! <entry>1.05a</entry>
! <entry>19K</entry>
! <entry>14-jul-2001</entry>
! <entry><ulink url="./packages/tinydns.lrp">here</ulink></entry>
! <entry><ulink url="tinydns.html">here</ulink></entry>
! </row>
! <row>
! <entry>tftpdhpa.lrp</entry>
! <entry>HPA's tftp server</entry>
! <entry>0.33</entry>
! <entry>9K</entry>
! <entry>17-mar-2003</entry>
! <entry><ulink url="./packages/tftpdhpa.lrp">here</ulink></entry>
! <entry>None</entry>
! </row>
! <row>
! <entry>tftphpa.lrp</entry>
! <entry>HPA's tftp client</entry>
! <entry>0.33</entry>
! <entry>9K</entry>
! <entry>18-mar-2003</entry>
! <entry><ulink url="./packages/tftphpa.lrp">here</ulink></entry>
! <entry>None</entry>
! </row>
! <row>
! <entry>tinyprox.lrp</entry>
! <entry>A GPLed, lightweight HTTP/SSL proxy</entry>
! <entry>1.5.1</entry>
! <entry>24K</entry>
! <entry>27-aug-2002</entry>
! <entry><ulink url="./packages/tinyprox.lrp">here</ulink></entry>
! <entry><ulink url="http://tinyproxy.sf.net/">here</ulink></entry>
! </row>
! <row>
! <entry>vmailmgr.lrp</entry>
! <entry>Manage multiple qmail E-mail addresses under a unique LRP account</entry>
! <entry>0.96.9a</entry>
! <entry>270K</entry>
! <entry>21-jul-2001</entry>
! <entry><ulink url="./packages/vmailmgr.lrp">here</ulink></entry>
! <entry><ulink url="vmailmgr.html">here</ulink></entry>
! </row>
! <row>
! <entry>vtund.lrp</entry>
! <entry>Create Virtual Tunnels over TCP/IP networks</entry>
! <entry>2.5</entry>
! <entry>56K</entry>
! <entry>07-dec-2002</entry>
! <entry><ulink url="./packages/vtund.lrp">here</ulink></entry>
! <entry><ulink url="http://vtun.sf.net/">here</ulink></entry>
! </row>
! <row>
! <entry>zebedee.lrp</entry>
! <entry>Establish encrypted/compressed tunnel for TCP/IP or UDP traffic</entry>
! <entry>2.2.2</entry>
! <entry>61K</entry>
! <entry>30-nov-2002</entry>
! <entry><ulink url="./packages/zebedee.lrp">here</ulink></entry>
! <entry><ulink url="http://www.winton.org.uk/zebedee/manual.html">here</ulink></entry>
! </row>
! <row>
! <entry>zebedee2.lrp</entry>
! <entry>Establish encrypted/compressed tunnel for TCP/IP or UDP traffic with bzip2 \
support.</entry>
! <entry>2.2.2</entry>
! <entry>81K</entry>
! <entry>30-nov-2002</entry>
! <entry><ulink url="./packages/zebedee2.lrp">here</ulink></entry>
! <entry><ulink url="http://www.winton.org.uk/zebedee/manual.html">here</ulink></entry>
! </row>
! </tbody>
! </tgroup>
! </table>
! </sect2>
! </sect1>
! </article>
--- 1,620 ----
! <?xml version="1.0" encoding="UTF-8"?>
! <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
! "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<article>
! <section>
! <title>Jacques Nilo's LEAF Website</title>
! <para>Permission is granted to copy, distribute and/or modify this
! document under the terms of the GNU Free Documentation Licence, Version
! 1.1 or any later version published by the Free Software Foundation.</para>
!
! <para>Comments are welcomed and can be E-mailed to the author at
! <email>jnilo@users.sourceforge.net</email>.</para>
!
! <section>
! <title>1. The LEAF "Bering" distribution</title>
!
! <para>Bering is a single floppy based distribution derived from <ulink
! url="http://leaf.sourceforge.net/devel/cstein/">Charles
! Steinkuehler's</ulink> Dachstein (rc2). It differs from Dachstein on
! two main points:</para>
!
! <itemizedlist>
! <listitem>
! <para>It is based on a 2.4.x kernel</para>
! </listitem>
!
! <listitem>
! <para>It relies on <ulink \
url="http://www.shorewall.net">Shorewall</ulink>,
! an iptable based firewall which provides many <ulink
! url="http://www.shorewall.net/shorewall_features.htm">features</ulink>,
! developed and maintained by Tom Eastep.l</para>
! </listitem>
! </itemizedlist>
!
! <para>The 1680K floppy is ready to use for Cable modem, ADSL PPPOE and
! even serial modem users.</para>
!
! <para>Bering now supports IPSEC (Super-Freeswan 1.99.6.2) and PPTP
! tunnels.</para>
!
! <itemizedlist>
! <listitem>
! <para>A detailed documentation is available: an <ulink
! url="http://leaf.sf.net/doc/guide/binstall.html">installation \
guide</ulink>
! and a <ulink url="http://leaf.sf.net/doc/guide/busers.html">user's
! guide</ulink> with practical examples. The first chapter of the
! Bering <ulink \
url="http://leaf.sf.net/doc/guide/bdev.html">developer's
! guide</ulink> is also available.</para>
! </listitem>
!
! <listitem>
! <para>A pdf version of this documentation is available in the Bering
! <ulink
! url="http://sourceforge.net/project/showfiles.php?group_id=13751">download
! area</ulink>.</para>
! </listitem>
!
! <listitem>
! <para>The disk images (linux and windows version) and the modules
! file are available in the Bering <ulink
! url="http://sourceforge.net/project/showfiles.php?group_id=13751">download
! area</ulink>.</para>
! </listitem>
!
! <listitem>
! <para>Some Bering specific packages are available <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/">here</ulink>.
!  But most LEAF/LRP packages can be used including those
! provided below.</para>
! </listitem>
!
! <listitem>
! <para>Current version: v1.2 (May 2003)</para>
! </listitem>
!
! <listitem>
! <para>Changelog is available <ulink
! url="http://leaf.sf.net/doc/guide/bichlog.html">here</ulink></para>
! </listitem>
!
! <listitem>
! <para>Kernel version: 2.4.20</para>
! </listitem>
!
! <listitem>
! <para>Shorewall version: 1.4.2</para>
! </listitem>
! </itemizedlist>
!
! <important>
! <para>Do not forget to check the <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/bering/latest/errata/">errata
! section</ulink> for the most recent updates made available before
! official releases.</para>
! </important>
! </section>
!
! <section>
! <title>2. Running and developing LEAF on a virtual machine</title>
!
! <para>If you are interested in learning how to run a "virtual"
! router or to use a virtual Debian/slink development machine in your
! current (say Mandrake or Redhat) Linux Box, check the following piece:
! <ulink url="http://leaf.sourceforge.net/devel/jnilo/uml.html">Developing
! and using LEAF in a virtual environment</ulink>.</para>
!
! <para>This project has been developed with <ulink
! url="http://user-mode-linux.sourceforge.net/index.html">user-mode-linux</ulink>.</para>
! </section>
!
! <section>
! <title>3. Available LEAF/LRP packages</title>
!
! <para>The following table gives the list of LEAF packages available for
! download. Those packages should generally work for Bering, Dachstein and
! Oxygen LEAF distributions.</para>
!
! <table frame="all">
! <title>Available packages</title>
!
! <tgroup align="center" cols="7">
! <thead>
! <row>
! <entry>Package name</entry>
!
! <entry>Purpose</entry>
!
! <entry>Version</entry>
!
! <entry>Size</entry>
!
! <entry>Last update</entry>
!
! <entry>Download</entry>
!
! <entry>User's guide</entry>
! </row>
! </thead>
!
! <tbody>
! <row>
! <entry>axfrdns.lrp</entry>
!
! <entry>a DNS zone-transfer server from D.J. Bernstein</entry>
!
! <entry>1.05a</entry>
!
! <entry>45K</entry>
!
! <entry>31-jul-2001</entry>
!
! <entry><ulink url="./packages/axfrdns.lrp">here</ulink></entry>
!
! <entry><ulink \
url="http://cr.yp.to/djbdns/axfrdns.html">here</ulink></entry>
! </row>
!
! <row>
! <entry>daemontl.lrp</entry>
!
! <entry>Daemontools from D.J. Bernstein</entry>
!
! <entry>0.70</entry>
!
! <entry>30K</entry>
!
! <entry>08-jun-2002</entry>
!
! <entry><ulink url="./packages/daemontl.lrp">here</ulink></entry>
!
! <entry><ulink url="daemon.html">here</ulink></entry>
! </row>
!
! <row>
! <entry>djbutils.lrp</entry>
!
! <entry>D.J. Bernstein DNS tools</entry>
!
! <entry>1.05a</entry>
!
! <entry>56K</entry>
!
! <entry>14-jul-2001</entry>
!
! <entry><ulink url="./packages/djbutils.lrp">here</ulink></entry>
!
! <entry><ulink url="djbutil.html">here</ulink></entry>
! </row>
!
! <row>
! <entry>dnscache.lrp</entry>
!
! <entry>A fast and secure "proxy" DNS server from D.J.
! Bernstein</entry>
!
! <entry>1.05a</entry>
!
! <entry>23K</entry>
!
! <entry>14-jul-2001</entry>
!
! <entry><ulink url="./packages/dnscache.lrp">here</ulink></entry>
!
! <entry><ulink url="dnscache.html">here</ulink></entry>
! </row>
!
! <row>
! <entry>ezipupd.lrp</entry>
!
! <entry>ez-ipudate program from Angus Mackay</entry>
!
! <entry>3.0.11b8</entry>
!
! <entry>24K</entry>
!
! <entry>06-dec-2003</entry>
!
! <entry><ulink url="./packages/ezipupd.lrp">here</ulink></entry>
!
! <entry><ulink url="ezipupd.html">here</ulink></entry>
! </row>
!
! <row>
! <entry>fetchml.lrp</entry>
!
! <entry>Fetchmail program</entry>
!
! <entry>5.8.15</entry>
!
! <entry>71K</entry>
!
! <entry>03-aug-2001</entry>
!
! <entry><ulink url="./packages/fetchml.lrp">here</ulink></entry>
!
! <entry>None</entry>
! </row>
!
! <row>
! <entry>keyboard.lrp</entry>
!
! <entry>International keyboards package</entry>
!
! <entry>0.3</entry>
!
! <entry>11K</entry>
!
! <entry>28-nov-2001</entry>
!
! <entry><ulink url="./packages/keyboard.lrp">here</ulink></entry>
!
! <entry><ulink url="keybd.html">here</ulink></entry>
! </row>
!
! <row>
! <entry>libm.lrp</entry>
!
! <entry>The libm library</entry>
!
! <entry>2.0.7</entry>
!
! <entry>39K</entry>
!
! <entry>04-aug-2002</entry>
!
! <entry><ulink url="./packages/libm.lrp">here</ulink></entry>
!
! <entry>None</entry>
! </row>
!
! <row>
! <entry>libz.lrp</entry>
!
! <entry>The libz library (needed to run sshd, sshkey and ssh.lrp
! )</entry>
!
! <entry>1.1.4</entry>
!
! <entry>26K</entry>
!
! <entry>17-mar-2002</entry>
!
! <entry><ulink url="./packages/libz.lrp">here</ulink></entry>
!
! <entry>None</entry>
! </row>
!
! <row>
! <entry>maradns.lrp</entry>
!
! <entry>A simple DNS server, aimed to be secure</entry>
!
! <entry>1.0.16</entry>
!
! <entry>135K</entry>
!
! <entry>13-apr-2003</entry>
!
! <entry><ulink url="./packages/maradns.lrp">here</ulink></entry>
!
! <entry><ulink
! url="http://www.maradns.org/tutorial/tutorial.html">here</ulink></entry>
! </row>
!
! <row>
! <entry>netutils.lrp</entry>
!
! <entry>ifconfig/route/netstat from net-tools</entry>
!
! <entry>1.45</entry>
!
! <entry>37K</entry>
!
! <entry>22-mar-2003</entry>
!
! <entry><ulink url="./packages/netutils.lrp">here</ulink></entry>
!
! <entry>None</entry>
! </row>
!
! <row>
! <entry>nsupdate.lrp</entry>
!
! <entry>nsupdate from the Bind package</entry>
!
! <entry>9.2.2-rc1</entry>
!
! <entry>329K</entry>
!
! <entry>28-aug-2002</entry>
!
! <entry><ulink url="./packages/nsupdate.lrp">here</ulink></entry>
!
! <entry>None</entry>
! </row>
!
! <row>
! <entry>openvpn.lrp</entry>
!
! <entry>Virtual Private Network daemon</entry>
!
! <entry>1.3.5</entry>
!
! <entry>358K</entry>
!
! <entry>23-nov-2003</entry>
!
! <entry><ulink url="./packages/openvpn.lrp">here</ulink></entry>
!
! <entry><ulink \
url="http://openvpn.sourceforge.net/">here</ulink></entry>
! </row>
!
! <row>
! <entry>pptp.lrp</entry>
!
! <entry>Point-to-Point Tunneling Protocol (PPTP) Client</entry>
!
! <entry>1.1.0</entry>
!
! <entry>17K</entry>
!
! <entry>17-apr-2002</entry>
!
! <entry><ulink url="./packages/pptp.lrp">here</ulink></entry>
!
! <entry><ulink \
url="http://pptpclient.sourceforge.net/">here</ulink></entry>
! </row>
!
! <row>
! <entry>qudproxy.lrp</entry>
!
! <entry>Quake UDP server proxy</entry>
!
! <entry>1.0</entry>
!
! <entry>4K</entry>
!
! <entry>22-jun-2002</entry>
!
! <entry><ulink url="./packages/qudproxy.lrp">here</ulink></entry>
!
! <entry><ulink
! url="http://wuarchive.wustl.edu/systems/amiga/aminet/comm/tcp/qudproxy.readme">here</ulink></entry>
! </row>
!
! <row>
! <entry>qmail.lrp</entry>
!
! <entry>A fast and secure UNIX Mail Transport Agent from D.J.
! Bernstein</entry>
!
! <entry>1.03a</entry>
!
! <entry>184K</entry>
!
! <entry>21-jul-2001</entry>
!
! <entry><ulink url="./packages/qmail.lrp">here</ulink></entry>
!
! <entry><ulink url="qmail.html">here</ulink></entry>
! </row>
!
! <row>
! <entry>sftp.lrp</entry>
!
! <entry>The free sftp client and sftp-server from Openssh</entry>
!
! <entry>3.7.1p2</entry>
!
! <entry>74K</entry>
!
! <entry>27-sept-2003</entry>
!
! <entry><ulink url="./packages/sftp.lrp">here</ulink></entry>
!
! <entry><ulink url="openssh.html">here</ulink></entry>
! </row>
!
! <row>
! <entry>ssh.lrp</entry>
!
! <entry>The free ssh client from Openssh</entry>
!
! <entry>3.7.1p2</entry>
!
! <entry>318K</entry>
!
! <entry>27-sept-2003</entry>
!
! <entry><ulink url="./packages/ssh.lrp">here</ulink></entry>
!
! <entry><ulink url="openssh.html">here</ulink></entry>
! </row>
!
! <row>
! <entry>sshd.lrp</entry>
!
! <entry>The free sshd daemon from Openssh</entry>
!
! <entry>3.7.1p2</entry>
!
! <entry>348K</entry>
!
! <entry>27-sept-2003</entry>
!
! <entry><ulink url="./packages/sshd.lrp">here</ulink></entry>
!
! <entry><ulink url="openssh.html">here</ulink></entry>
! </row>
!
! <row>
! <entry>sshkey.lrp</entry>
!
! <entry>The free ssh/sshd key generator from Openssh</entry>
!
! <entry>3.7.1p2</entry>
!
! <entry>236K</entry>
!
! <entry>27-sept-2003</entry>
!
! <entry><ulink url="./packages/sshkey.lrp">here</ulink></entry>
!
! <entry><ulink url="openssh.html">here</ulink></entry>
! </row>
!
! <row>
! <entry>tcpdump.lrp</entry>
!
! <entry>A powerful tool for network monitoring and data
! acquisition</entry>
!
! <entry>3.7.2</entry>
!
! <entry>173K</entry>
!
! <entry>23-mar-2003</entry>
!
! <entry><ulink url="./packages/tcpdump.lrp">here</ulink></entry>
!
! <entry><ulink url="http://www.tcpdump.org/">here</ulink></entry>
! </row>
!
! <row>
! <entry>tinydns.lrp</entry>
!
! <entry>A fast and secure "content" DNS server from D.J.
! Bernstein</entry>
!
! <entry>1.05a</entry>
!
! <entry>19K</entry>
!
! <entry>14-jul-2001</entry>
!
! <entry><ulink url="./packages/tinydns.lrp">here</ulink></entry>
!
! <entry><ulink url="tinydns.html">here</ulink></entry>
! </row>
!
! <row>
! <entry>tftpdhpa.lrp</entry>
!
! <entry>HPA's tftp server</entry>
!
! <entry>0.33</entry>
!
! <entry>9K</entry>
!
! <entry>17-mar-2003</entry>
!
! <entry><ulink url="./packages/tftpdhpa.lrp">here</ulink></entry>
!
! <entry>None</entry>
! </row>
!
! <row>
! <entry>tftphpa.lrp</entry>
!
! <entry>HPA's tftp client</entry>
!
! <entry>0.33</entry>
!
! <entry>9K</entry>
!
! <entry>18-mar-2003</entry>
!
! <entry><ulink url="./packages/tftphpa.lrp">here</ulink></entry>
!
! <entry>None</entry>
! </row>
!
! <row>
! <entry>tinyprox.lrp</entry>
!
! <entry>A GPLed, lightweight HTTP/SSL proxy</entry>
!
! <entry>1.5.1</entry>
!
! <entry>24K</entry>
!
! <entry>27-aug-2002</entry>
!
! <entry><ulink url="./packages/tinyprox.lrp">here</ulink></entry>
!
! <entry><ulink url="http://tinyproxy.sf.net/">here</ulink></entry>
! </row>
!
! <row>
! <entry>vmailmgr.lrp</entry>
!
! <entry>Manage multiple qmail E-mail addresses under a unique LRP
! account</entry>
!
! <entry>0.96.9a</entry>
!
! <entry>270K</entry>
!
! <entry>21-jul-2001</entry>
!
! <entry><ulink url="./packages/vmailmgr.lrp">here</ulink></entry>
!
! <entry><ulink url="vmailmgr.html">here</ulink></entry>
! </row>
!
! <row>
! <entry>vtund.lrp</entry>
!
! <entry>Create Virtual Tunnels over TCP/IP networks</entry>
!
! <entry>2.5</entry>
!
! <entry>56K</entry>
!
! <entry>07-dec-2002</entry>
!
! <entry><ulink url="./packages/vtund.lrp">here</ulink></entry>
!
! <entry><ulink url="http://vtun.sf.net/">here</ulink></entry>
! </row>
!
! <row>
! <entry>zebedee.lrp</entry>
!
! <entry>Establish encrypted/compressed tunnel for TCP/IP or UDP
! traffic</entry>
!
! <entry>2.2.2</entry>
!
! <entry>61K</entry>
!
! <entry>30-nov-2002</entry>
!
! <entry><ulink url="./packages/zebedee.lrp">here</ulink></entry>
!
! <entry><ulink \
url="http://www.winton.org.uk/zebedee/manual.html">here</ulink></entry>
! </row>
!
! <row>
! <entry>zebedee2.lrp</entry>
!
! <entry>Establish encrypted/compressed tunnel for TCP/IP or UDP
! traffic with bzip2 support.</entry>
!
! <entry>2.2.2</entry>
!
! <entry>81K</entry>
!
! <entry>30-nov-2002</entry>
!
! <entry><ulink url="./packages/zebedee2.lrp">here</ulink></entry>
!
! <entry><ulink \
url="http://www.winton.org.uk/zebedee/manual.html">here</ulink></entry>
! </row>
! </tbody>
! </tgroup>
! </table>
! </section>
! </section>
! </article>
\ No newline at end of file
Index: openssh.xml
===================================================================
RCS file: /cvsroot/leaf/devel/jnilo/documentation/packages/openssh.xml,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** openssh.xml 18 Jan 2004 18:12:28 -0000 1.6
--- openssh.xml 19 Jan 2004 21:26:47 -0000 1.7
***************
*** 1,135 ****
! <?xml version="1.0" encoding='ISO-8859-1'?>
! <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" [
! ]>
! <book>
! <article id="openssh"><title>openssh LEAF/LRP user's guide</title>
! <sect1 id="openssh1"><title>About openssh</title>
! <sect2><title>What is openssh?</title>
! <para>OpenSSH is a FREE version of the SSH protocol suite of network connectivity \
tool.</para>
! <para>Four LRP packages are available:</para>
! <table frame="all"><title>LEAF/LRP openssh packages</title>
! <tgroup cols='3' align='left' >
! <thead>
! <row>
! <entry>Name</entry>
! <entry>Size</entry>
! <entry>Provides</entry>
! </row>
! </thead>
! <tbody>
! <row>
! <entry><ulink url="http://leaf.sourceforge.net/devel/jnilo/packages/libz.lrp">libz.lrp</ulink></entry>
! <entry>(24K)</entry>
! <entry>libz library (compulsary for versions up to 3.5p1)</entry>
! </row>
! <row>
! <entry><ulink url="http://leaf.sourceforge.net/devel/jnilo/packages/sshd.lrp">sshd.lrp</ulink></entry>
! <entry>(348K)</entry>
! <entry>sshd daemon, scp program, sshd & ssh config files</entry>
! </row>
! <row>
! <entry><ulink url="http://leaf.sourceforge.net/devel/jnilo/packages/sshkey.lrp">sshkey.lrp</ulink></entry>
! <entry>(236K)</entry>
! <entry>ssh-keygen program and a short script to generates rsa, rsa1 and dsa \
keys</entry>
! </row>
! <row>
! <entry><ulink url="http://leaf.sourceforge.net/devel/jnilo/packages/ssh.lrp">ssh.lrp</ulink></entry>
! <entry>(318K)</entry>
! <entry>ssh client (only necessary if you want to ssh from your LRP box)</entry>
! </row>
! <row>
! <entry><ulink url="http://leaf.sourceforge.net/devel/jnilo/packages/sftp.lrp">sftp.lrp</ulink></entry>
! <entry>(74K)</entry>
! <entry>sftp client & sftp-server</entry>
! </row>
! </tbody>
! </tgroup>
! </table>
! <para>sshkey.lrp is needed once to generate ssh/sshd keys. Then - in most cases - \
you can live with libz.lrp and sshd.lrp</para>
! <para>See the openssh reference section for useful links and references on this \
program.</para>
! </sect2>
! <sect2><title>Feedback</title>
! <para>Comment on this package can be sent to the author \
<email>jnilo@users.sourceforge.net</email>.</para>
! </sect2>
! <sect2><title>Acknowledgments and Thanks</title>
! <para>Thanks to everyone who help me on this work and especially the members of the \
<ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-devel">leaf-devel</ulink> \
and <ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-user">leaf-user</ulink> \
mailing list.</para>
! </sect2>
! <sect2><title>Changelog</title>
! <para>Current version: 3.7.1p2 - 27 September 2003</para>
! <itemizedlist>
! <listitem><para>Updated to 3.7.1p2 version which fixes some serious security \
flaws.</para></listitem>
! <listitem><para>Statically compiled against libnsl and openssl-0.9.7b. Does not \
require libz anymore.</para></listitem>
! <listitem><para>Compilation parameters:</para><para>./configure --prefix=/usr \
--sysconfdir=/etc/ssh --without-lastlog \
--with-privsep-path=/var/run/sshd</para></listitem>
! <listitem><para>#define SSHD_ACQUIRES_CTTY = 1 added to config.h to fix the stty \
bug when compiled against libc5</para></listitem>
! </itemizedlist>
! <para>version: 3.5p1 - 23 May 2003</para>
! <itemizedlist>
! <listitem><para>Reverted to 3.5p1 version. 3.6.1p1 appears really \
buggy.</para></listitem>
! <listitem><para>Statically compiled against libnsl and openssl-0.9.7b and \
dynamically against zlib 1.1.4</para></listitem>
! </itemizedlist>
! <para>Version: 3.6.1p1 - 21 April 2003</para>
! <itemizedlist>
! <listitem><para>Updated to 3.6.1p1 version</para></listitem>
! <listitem><para>Statically compiled against libnsl and openssl-0.9.7b and \
dynamically against zlib 1.1.4</para></listitem>
! </itemizedlist>
! <para>version: 3.5p1 - 10 November 2002</para>
! <itemizedlist>
! <listitem><para>Updated to 3.5p1 version</para></listitem>
! <listitem><para>Statically compiled against libnsl and openssl-0.9.6g and \
dynamically against zlib 1.1.4</para></listitem>
! </itemizedlist>
! <para>version: 3.4p1 - 3 August 2002</para>
! <itemizedlist>
! <listitem><para>Updated to 3.4p1 version</para></listitem>
! <listitem><para>/etc/init.d/sshd updated: sshd does not run through inetd by \
default any more</para></listitem>
! <listitem><para>Runs under privilege separation. You must create a sshd user if you \
are not running Bering rc4 or greater. The instructions are <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/packages/openssh-3.4p1/README.txt">here</ulink>.</para></listitem>
! <listitem><para>Statically compiled against libnsl and openssl-0.9.6e and \
dynamically against zlib 1.1.4</para></listitem>
! <listitem><para>Openssh source used unaffected by the <ulink \
url="http://www.openssh.org/txt/trojan.adv">trojan</ulink> found on some \
server.</para></listitem>
! </itemizedlist>
! <para>version: 3.2.3p1 - 26 May 2002</para>
! <itemizedlist>
! <listitem><para>Updated to 3.2.3p1 version</para></listitem>
! <listitem><para>Fixes the bug that was affecting sshd in 3.2.2p1.</para></listitem>
! </itemizedlist>
! <para>version: 3.2.2p1 - 19 May 2002</para>
! <itemizedlist>
! <listitem><para>Updated to 3.2.2p1 version</para></listitem>
! <listitem><para>Now statically compiled against libnsl and openssl-0.9.6d and \
dynamically against zlib 1.1.4</para></listitem>
! </itemizedlist>
! <para>version: 3.1p1 - 8 March 2002</para>
! <itemizedlist>
! <listitem><para>Updated to 3.1p1 version which fixes a <ulink \
url="http://www.openbsd.org/advisories/ssh_channelalloc.txt">security \
bug</ulink></para></listitem>
! <listitem><para>Documentation updated to include suggestions from Matt Schalit \
(Thanks Matt!)</para></listitem>
! </itemizedlist>
! <para>version: 3.0.2p1 - 25 January 2002</para>
! <itemizedlist>
! <listitem><para>Updated to 3.0.2p1 version</para></listitem>
! <listitem><para>Now statically compiled against libnsl and openssl-0.9.6c and \
dynamically against zlib 1.1.3</para></listitem>
! </itemizedlist>
! <para>version: 3.0p1 - 9 November 2001</para>
! <itemizedlist>
! <listitem><para>Updated to 3.0p1 version</para></listitem>
! </itemizedlist>
! <para>version: 2.9.9p2 - 7 November 2001</para>
! <itemizedlist>
! <listitem><para>Updated to 2.9.9p2 version</para></listitem>
! <listitem><para>Compiled statically against openssl-0.9.6b and dynamically against \
zlib 1.1.3</para></listitem>
! <listitem><para>New package sftp.lrp which provides sftp and \
sftp-server.</para></listitem>
! </itemizedlist>
! <para>version: 2.9p2 - 14 July 2001</para>
! <itemizedlist>
! <listitem><para>Updated to 2.9p2 version</para></listitem>
! <listitem><para><ulink url="http://www.gzip.org/zlib/">libz.so.1 library</ulink> \
now installed through the libz.lrp package</para></listitem>
! <listitem><para>Documentation completely rewritten in Docbook XML format for better \
compatibility.</para></listitem>
! </itemizedlist>
! <para>Original LEAF/LRP version: 2.9p1 - 28 May 2001</para>
! </sect2>
! </sect1>
! <sect1 id="openssh2"><title>Installing the openssh.lrp package</title>
! <sect2><title>Single floppy installation</title>
! <para>Let's start with the most complicate case: you only have one floppy disk \
drive on your LEAF box.</para>
! <para>Create a new disquette of the <emphasis>same</emphasis> format as your LEAF \
main disquette (1440K, 1680K or 1743K for example).</para>
! <para>On this disquette download the following packages <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/packages/libz.lrp">libz.lrp</ulink>, \
<ulink url="http://leaf.sourceforge.net/devel/jnilo/packages/sshkey.lrp">sshkey.lrp</ulink> \
and <ulink url="http://leaf.sourceforge.net/devel/jnilo/packages/sshd.lrp">sshd.lrp</ulink>.</para>
! <para>If you re using Oxygen, substitute <emphasis>apkg</emphasis> where you see \
<emphasis>lrpkg</emphasis> below. Insert the new disquette on your LRP box disk drive \
and type the following commands (assuming here a 1680K formatted \
disquette):</para>
! <screen>
mount -t msdos /dev/fd0u1680 /mnt
cd /mnt
--- 1,330 ----
! <?xml version="1.0" encoding="UTF-8"?>
! <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
! "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
! <article id="openssh">
! <title>openssh LEAF/LRP user's guide</title>
!
! <section id="openssh1">
! <title>About openssh</title>
!
! <section>
! <title>What is openssh?</title>
!
! <para>OpenSSH is a FREE version of the SSH protocol suite of network
! connectivity tool.</para>
!
! <para>Four LRP packages are available:</para>
!
! <table frame="all">
! <title>LEAF/LRP openssh packages</title>
!
! <tgroup align="left" cols="3">
! <thead>
! <row>
! <entry>Name</entry>
!
! <entry>Size</entry>
!
! <entry>Provides</entry>
! </row>
! </thead>
!
! <tbody>
! <row>
! <entry><ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/libz.lrp">libz.lrp</ulink></entry>
!
! <entry>(24K)</entry>
!
! <entry>libz library (compulsary for versions up to 3.5p1)</entry>
! </row>
!
! <row>
! <entry><ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/sshd.lrp">sshd.lrp</ulink></entry>
!
! <entry>(348K)</entry>
!
! <entry>sshd daemon, scp program, sshd & ssh config files</entry>
! </row>
!
! <row>
! <entry><ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/sshkey.lrp">sshkey.lrp</ulink></entry>
!
! <entry>(236K)</entry>
!
! <entry>ssh-keygen program and a short script to generates rsa,
! rsa1 and dsa keys</entry>
! </row>
!
! <row>
! <entry><ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/ssh.lrp">ssh.lrp</ulink></entry>
!
! <entry>(318K)</entry>
!
! <entry>ssh client (only necessary if you want to ssh from your
! LRP box)</entry>
! </row>
!
! <row>
! <entry><ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/sftp.lrp">sftp.lrp</ulink></entry>
!
! <entry>(74K)</entry>
!
! <entry>sftp client & sftp-server</entry>
! </row>
! </tbody>
! </tgroup>
! </table>
!
! <para>sshkey.lrp is needed once to generate ssh/sshd keys. Then - in
! most cases - you can live with libz.lrp and sshd.lrp</para>
!
! <para>See the openssh reference section for useful links and references
! on this program.</para>
! </section>
!
! <section>
! <title>Feedback</title>
!
! <para>Comment on this package can be sent to the author \
<email>jnilo@users.sourceforge.net</email>.</para>
! </section>
!
! <section>
! <title>Acknowledgments and Thanks</title>
!
! <para>Thanks to everyone who help me on this work and especially the
! members of the <ulink
! url="http://lists.sourceforge.net/lists/listinfo/leaf-devel">leaf-devel</ulink>
! and <ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-user">leaf-user</ulink>
! mailing list.</para>
! </section>
!
! <section>
! <title>Changelog</title>
!
! <para>Current version: 3.7.1p2 - 27 September 2003</para>
!
! <itemizedlist>
! <listitem>
! <para>Updated to 3.7.1p2 version which fixes some serious security
! flaws.</para>
! </listitem>
!
! <listitem>
! <para>Statically compiled against libnsl and openssl-0.9.7b. Does
! not require libz anymore.</para>
! </listitem>
!
! <listitem>
! <para>Compilation parameters:</para>
!
! <para>./configure --prefix=/usr --sysconfdir=/etc/ssh
! --without-lastlog --with-privsep-path=/var/run/sshd</para>
! </listitem>
!
! <listitem>
! <para>#define SSHD_ACQUIRES_CTTY = 1 added to config.h to fix the
! stty bug when compiled against libc5</para>
! </listitem>
! </itemizedlist>
!
! <para>version: 3.5p1 - 23 May 2003</para>
!
! <itemizedlist>
! <listitem>
! <para>Reverted to 3.5p1 version. 3.6.1p1 appears really buggy.</para>
! </listitem>
!
! <listitem>
! <para>Statically compiled against libnsl and openssl-0.9.7b and
! dynamically against zlib 1.1.4</para>
! </listitem>
! </itemizedlist>
!
! <para>Version: 3.6.1p1 - 21 April 2003</para>
!
! <itemizedlist>
! <listitem>
! <para>Updated to 3.6.1p1 version</para>
! </listitem>
!
! <listitem>
! <para>Statically compiled against libnsl and openssl-0.9.7b and
! dynamically against zlib 1.1.4</para>
! </listitem>
! </itemizedlist>
!
! <para>version: 3.5p1 - 10 November 2002</para>
!
! <itemizedlist>
! <listitem>
! <para>Updated to 3.5p1 version</para>
! </listitem>
!
! <listitem>
! <para>Statically compiled against libnsl and openssl-0.9.6g and
! dynamically against zlib 1.1.4</para>
! </listitem>
! </itemizedlist>
!
! <para>version: 3.4p1 - 3 August 2002</para>
!
! <itemizedlist>
! <listitem>
! <para>Updated to 3.4p1 version</para>
! </listitem>
!
! <listitem>
! <para>/etc/init.d/sshd updated: sshd does not run through inetd by
! default any more</para>
! </listitem>
!
! <listitem>
! <para>Runs under privilege separation. You must create a sshd user
! if you are not running Bering rc4 or greater. The instructions are
! <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/openssh-3.4p1/README.txt">here</ulink>.</para>
! </listitem>
!
! <listitem>
! <para>Statically compiled against libnsl and openssl-0.9.6e and
! dynamically against zlib 1.1.4</para>
! </listitem>
!
! <listitem>
! <para>Openssh source used unaffected by the <ulink
! url="http://www.openssh.org/txt/trojan.adv">trojan</ulink> found on
! some server.</para>
! </listitem>
! </itemizedlist>
!
! <para>version: 3.2.3p1 - 26 May 2002</para>
!
! <itemizedlist>
! <listitem>
! <para>Updated to 3.2.3p1 version</para>
! </listitem>
!
! <listitem>
! <para>Fixes the bug that was affecting sshd in 3.2.2p1.</para>
! </listitem>
! </itemizedlist>
!
! <para>version: 3.2.2p1 - 19 May 2002</para>
!
! <itemizedlist>
! <listitem>
! <para>Updated to 3.2.2p1 version</para>
! </listitem>
!
! <listitem>
! <para>Now statically compiled against libnsl and openssl-0.9.6d and
! dynamically against zlib 1.1.4</para>
! </listitem>
! </itemizedlist>
!
! <para>version: 3.1p1 - 8 March 2002</para>
!
! <itemizedlist>
! <listitem>
! <para>Updated to 3.1p1 version which fixes a <ulink
! url="http://www.openbsd.org/advisories/ssh_channelalloc.txt">security
! bug</ulink></para>
! </listitem>
!
! <listitem>
! <para>Documentation updated to include suggestions from Matt Schalit
! (Thanks Matt!)</para>
! </listitem>
! </itemizedlist>
!
! <para>version: 3.0.2p1 - 25 January 2002</para>
!
! <itemizedlist>
! <listitem>
! <para>Updated to 3.0.2p1 version</para>
! </listitem>
!
! <listitem>
! <para>Now statically compiled against libnsl and openssl-0.9.6c and
! dynamically against zlib 1.1.3</para>
! </listitem>
! </itemizedlist>
!
! <para>version: 3.0p1 - 9 November 2001</para>
!
! <itemizedlist>
! <listitem>
! <para>Updated to 3.0p1 version</para>
! </listitem>
! </itemizedlist>
!
! <para>version: 2.9.9p2 - 7 November 2001</para>
!
! <itemizedlist>
! <listitem>
! <para>Updated to 2.9.9p2 version</para>
! </listitem>
!
! <listitem>
! <para>Compiled statically against openssl-0.9.6b and dynamically
! against zlib 1.1.3</para>
! </listitem>
!
! <listitem>
! <para>New package sftp.lrp which provides sftp and sftp-server.</para>
! </listitem>
! </itemizedlist>
!
! <para>version: 2.9p2 - 14 July 2001</para>
!
! <itemizedlist>
! <listitem>
! <para>Updated to 2.9p2 version</para>
! </listitem>
!
! <listitem>
! <para><ulink url="http://www.gzip.org/zlib/">libz.so.1 library</ulink>
! now installed through the libz.lrp package</para>
! </listitem>
!
! <listitem>
! <para>Documentation completely rewritten in Docbook XML format for
! better compatibility.</para>
! </listitem>
! </itemizedlist>
!
! <para>Original LEAF/LRP version: 2.9p1 - 28 May 2001</para>
! </section>
! </section>
!
! <section id="openssh2">
! <title>Installing the openssh.lrp package</title>
!
! <section>
! <title>Single floppy installation</title>
!
! <para>Let's start with the most complicate case: you only have one
! floppy disk drive on your LEAF box.</para>
!
! <para>Create a new disquette of the <emphasis>same</emphasis> format as
! your LEAF main disquette (1440K, 1680K or 1743K for example).</para>
!
! <para>On this disquette download the following packages <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/libz.lrp">libz.lrp</ulink>,
! <ulink url="http://leaf.sourceforge.net/devel/jnilo/packages/sshkey.lrp">sshkey.lrp</ulink>
! and <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/sshd.lrp">sshd.lrp</ulink>.</para>
!
! <para>If you re using Oxygen, substitute <emphasis>apkg</emphasis> where
! you see <emphasis>lrpkg</emphasis> below. Insert the new disquette on
! your LRP box disk drive and type the following commands (assuming here a
! 1680K formatted disquette):</para>
!
! <screen>
mount -t msdos /dev/fd0u1680 /mnt
cd /mnt
***************
*** 141,146 ****
makekey
</screen>
! <para>Your keys are now generated. Use the <userinput>lrcfg</userinput> menu to \
backup sshd. Next time you will want to load the sshd program, you will only have to \
issue the following commands:</para>
! <screen>
mount -t msdos /dev/fd0u1680 /mnt
cd /mnt
--- 336,345 ----
makekey
</screen>
!
! <para>Your keys are now generated. Use the <userinput>lrcfg</userinput>
! menu to backup sshd. Next time you will want to load the sshd program,
! you will only have to issue the following commands:</para>
!
! <screen>
mount -t msdos /dev/fd0u1680 /mnt
cd /mnt
***************
*** 150,208 ****
umount /mnt
</screen>
! <para>Your sshd.lrp is now ready. You do not need sshkey.lrp anymore.</para>
! <warning>
! <para>Starting with version 3.4p1, the default setup of sshd startup script \
(<filename>/etc/init.d/sshd</filename>) assumes that sshd does not run through inetd \
(See FAQ below). Check that ssh is commented out in your \
<filename>inetd.conf</filename> file.</para></warning>
! </sect2>
! <sect2><title>Dual floppy drive or Hard drive installation</title>
! <para>If you have a second floppy drive or - even better a hard drive - the \
installation is straightforward. Just copy the following packages: <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/packages/libz.lrp">libz.lrp</ulink>, \
<ulink url="http://leaf.sourceforge.net/devel/jnilo/packages/sshkey.lrp">sshkey.lrp</ulink> \
and <ulink url="http://leaf.sourceforge.net/devel/jnilo/packages/sshd.lrp">sshd.lrp</ulink> \
on your disquettes (wherever you can find space available :-)) or on your hard \
drive.</para>
! <para>On Dachstein, Bering or their derivatives edit your \
<filename>syslinux.cfg</filename> file to declare the three new packages. Save and \
reboot. On Oxygen, you don't need to edit your syslinux.cfg because all .lrp packages \
on the disquette are automatically loaded.</para>
! <para>From your LEAF console type <userinput>makekey</userinput> to generate the \
openssh keys. Save sshd trough the <userinput>lrcfg</userinput> backup menu on \
Dachstein, Bering or their derivatives or apkg on Oxygen and you are all set. You can \
now remove the sshkey.lrp package from your disquette/hard drive and the \
corresponding declaration in <filename>syslinux.cfg</filename>, if \
any.</para>
! </sect2>
! </sect1>
! <sect1 id="openssh3"><title>Packages configuration</title>
! <para>Ssh and sshd configuration files are stored in \
<filename>/etc/ssh/ssh_config</filename> and \
<filename>/etc/ssh/sshd_config</filename> files . You can edit them through the \
package configuration menu.</para>
! <para>Documentation for sshd and sshd_config file can be found <ulink \
url="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd">here</ulink>.</para>
! <para>Documentation for ssh and ssh_config file can be found <ulink \
url="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh">here</ulink>.</para>
! <para>Documentation for scp can be found <ulink \
url="http://www.openbsd.org/cgi-bin/man.cgi?query=scp">here</ulink>.</para>
! <para>Documentation for ssh-keygen can be found <ulink \
url="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen">here</ulink>.</para>
! <para>Documentation for sftp can be found <ulink \
url="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp">here</ulink>.</para>
! <para>Documentation for sftp-server can be found <ulink \
url="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server">here</ulink>.</para>
! <para>You should be able to use the sshd_config file "as is" without any \
modification. Then adjust to your own taste.</para>
! </sect1>
! <sect1 id="openssh4"><title>FAQ</title>
! <sect2><title>Should I run sshd through inetd or not ?</title>
! <para>Yes, you can run sshd through inetd. sshd is normally not run from inetd \
because it needs to generate the server key before it can respond to the client, and \
this may take tens of seconds. Clients would have to wait too long if the key was \
re-generated every time. However, with small key sizes (e.g., 512) and few \
connections (clients) using sshd from inetd is feasible. To do that go in the \
<filename>/etc/ssh</filename> directory and create a file \
"<filename>sshd_not_to_be_run</filename>":</para>
! <screen>
cd /etc/ssh
touch sshd_not_to_be_run
</screen>
! <para>The sshd daemon won't be started by start-stop-daemon. Then edit \
<filename>/etc/inetd.conf</filename> and UNcomment the following line which will then \
become:</para>
! <programlisting>
#:OTHER: Other services
! ssh stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sshd -i
! </programlisting>
! <para>Restart inetd for the change to take effect (<filename>/etc/init.d/inetd \
restart</filename>).</para>
! </sect2>
! <sect2><title>It takes a very long time (1 or 2') to get the ssh connection to the \
router. Why ?</title>
! <para>Check your router <filename>/var/log/auth.log</filename> file. You will \
probably see a message like:</para>
! <screen>
Jan 26 19:52:43 firewall sshd[9209]: Could not reverse map address 192.168.1.10.
</screen>
! <para>192.168.1.10 is the adress from which you have been trying to access the \
router.</para>
! <para>If you don't run dnscache and tinydns, you can fix this problem by adding a \
name address pair for that ip address to your <filename>/etc/hosts</filename> file, \
backup etc.lrp and your next ssh connection will only take a few seconds ! If it \
still takes a long time, then check your <filename>/etc/nsswitch.conf</filename> to \
see that your system is looking to <filename>/etc/hosts</filename> first before \
trying your nameserver listed in \
<filename>/etc/resolv.conf</filename></para>
! <para>If you run dnscache/tinydns, then check your \
<filename>/etc/resolv.conf</filename> file to see if you configured it correctly to \
query dnscache for name lookups. See the dnscache documentation for more info on how \
to configure <filename>/etc/resolv.conf</filename>. Don't modify your \
<filename>/etc/hosts</filename> if you run dnscache/tinydns because that's not \
needed.</para>
! </sect2>
! <sect2><title>What is privilege separation ? How to install it ?</title>
! <para>Privilege separation, or privsep, is method in OpenSSH by which operations \
that require root privilege are performed by a separate privileged monitor process. \
Its purpose is to prevent privilege escalation by containing corruption to an \
unprivileged process. More information is available at: <ulink \
url="http://www.citi.umich.edu/u/provos/ssh/privsep.html">http://www.citi.umich.edu/u/provos/ssh/privsep.html</ulink>.</para>
! <para>Privilege separation is now enabled by default; see the \
UsePrivilegeSeparation option in the <filename>sshd_config</filename> \
file.</para>
! <para>You need to create an sshd user in your LEAF distro to have privilege \
separation working. The instructions are <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/packages/openssh-3.4p1/README.txt">here</ulink>. \
Starting with version 1.0-rc4, LEAF "Bering" has a <emphasis>sshd</emphasis> user \
readily available.</para>
! </sect2>
! </sect1>
! <sect1 id="openssh5"><title>References</title>
! <para>Some useful informations/programs can be found at the following \
adresses:</para>
! <para>The <ulink url=" http://www.openssh.org">Openssh website</ulink> contains a \
<ulink url="http://www.openssh.org/faq.html">FAQ</ulink> and <ulink \
url="http://www.openssh.org/manual.html">man pages</ulink>.</para>
! <para><ulink url="http://www.chiark.greenend.org.uk/~sgtatham/putty">PuTTY</ulink> \
is a free implementation of Telnet and SSH for Win32 \
platforms.</para>
! <para><ulink url="http://www.i-tree.org/secixpro/index.htm">iXplorer</ulink>: a \
Windows front end for the secure shell copy PSCP.</para>
! </sect1>
! </article>
! </book>
--- 349,518 ----
umount /mnt
</screen>
!
! <para>Your sshd.lrp is now ready. You do not need sshkey.lrp anymore.</para>
!
! <warning>
! <para>Starting with version 3.4p1, the default setup of sshd startup
! script (<filename>/etc/init.d/sshd</filename>) assumes that sshd does
! not run through inetd (See FAQ below). Check that ssh is commented out
! in your <filename>inetd.conf</filename> file.</para>
! </warning>
! </section>
!
! <section>
! <title>Dual floppy drive or Hard drive installation</title>
!
! <para>If you have a second floppy drive or - even better a hard drive -
! the installation is straightforward. Just copy the following packages:
! <ulink url="http://leaf.sourceforge.net/devel/jnilo/packages/libz.lrp">libz.lrp</ulink>,
! <ulink url="http://leaf.sourceforge.net/devel/jnilo/packages/sshkey.lrp">sshkey.lrp</ulink>
! and <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/sshd.lrp">sshd.lrp</ulink>
! on your disquettes (wherever you can find space available :-)) or on
! your hard drive.</para>
!
! <para>On Dachstein, Bering or their derivatives edit your
! <filename>syslinux.cfg</filename> file to declare the three new
! packages. Save and reboot. On Oxygen, you don't need to edit your
! syslinux.cfg because all .lrp packages on the disquette are
! automatically loaded.</para>
!
! <para>From your LEAF console type <userinput>makekey</userinput> to
! generate the openssh keys. Save sshd trough the <userinput>lrcfg</userinput>
! backup menu on Dachstein, Bering or their derivatives or apkg on Oxygen
! and you are all set. You can now remove the sshkey.lrp package from your
! disquette/hard drive and the corresponding declaration in
! <filename>syslinux.cfg</filename>, if any.</para>
! </section>
! </section>
!
! <section id="openssh3">
! <title>Packages configuration</title>
!
! <para>Ssh and sshd configuration files are stored in \
<filename>/etc/ssh/ssh_config</filename>
! and <filename>/etc/ssh/sshd_config</filename> files . You can edit them
! through the package configuration menu.</para>
!
! <para>Documentation for sshd and sshd_config file can be found <ulink
! url="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd">here</ulink>.</para>
!
! <para>Documentation for ssh and ssh_config file can be found <ulink
! url="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh">here</ulink>.</para>
!
! <para>Documentation for scp can be found <ulink
! url="http://www.openbsd.org/cgi-bin/man.cgi?query=scp">here</ulink>.</para>
!
! <para>Documentation for ssh-keygen can be found <ulink
! url="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen">here</ulink>.</para>
!
! <para>Documentation for sftp can be found <ulink
! url="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp">here</ulink>.</para>
!
! <para>Documentation for sftp-server can be found <ulink
! url="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server">here</ulink>.</para>
!
! <para>You should be able to use the sshd_config file "as is"
! without any modification. Then adjust to your own taste.</para>
! </section>
!
! <section id="openssh4">
! <title>FAQ</title>
!
! <section>
! <title>Should I run sshd through inetd or not ?</title>
!
! <para>Yes, you can run sshd through inetd. sshd is normally not run from
! inetd because it needs to generate the server key before it can respond
! to the client, and this may take tens of seconds. Clients would have to
! wait too long if the key was re-generated every time. However, with
! small key sizes (e.g., 512) and few connections (clients) using sshd
! from inetd is feasible. To do that go in the <filename>/etc/ssh</filename>
! directory and create a file \
"<filename>sshd_not_to_be_run</filename>":</para>
!
! <screen>
cd /etc/ssh
touch sshd_not_to_be_run
</screen>
!
! <para>The sshd daemon won't be started by start-stop-daemon. Then
! edit <filename>/etc/inetd.conf</filename> and UNcomment the following
! line which will then become:</para>
!
! <programlisting>
#:OTHER: Other services
! ssh stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sshd -i
! </programlisting>
!
! <para>Restart inetd for the change to take effect \
(<filename>/etc/init.d/inetd
! restart</filename>).</para>
! </section>
!
! <section>
! <title>It takes a very long time (1 or 2') to get the ssh connection
! to the router. Why ?</title>
!
! <para>Check your router <filename>/var/log/auth.log</filename> file. You
! will probably see a message like:</para>
!
! <screen>
Jan 26 19:52:43 firewall sshd[9209]: Could not reverse map address 192.168.1.10.
</screen>
!
! <para>192.168.1.10 is the adress from which you have been trying to
! access the router.</para>
!
! <para>If you don't run dnscache and tinydns, you can fix this
! problem by adding a name address pair for that ip address to your
! <filename>/etc/hosts</filename> file, backup etc.lrp and your next ssh
! connection will only take a few seconds ! If it still takes a long time,
! then check your <filename>/etc/nsswitch.conf</filename> to see that your
! system is looking to <filename>/etc/hosts</filename> first before trying
! your nameserver listed in <filename>/etc/resolv.conf</filename></para>
!
! <para>If you run dnscache/tinydns, then check your \
<filename>/etc/resolv.conf</filename>
! file to see if you configured it correctly to query dnscache for name
! lookups. See the dnscache documentation for more info on how to
! configure <filename>/etc/resolv.conf</filename>. Don't modify your
! <filename>/etc/hosts</filename> if you run dnscache/tinydns because
! that's not needed.</para>
! </section>
!
! <section>
! <title>What is privilege separation ? How to install it ?</title>
!
! <para>Privilege separation, or privsep, is method in OpenSSH by which
! operations that require root privilege are performed by a separate
! privileged monitor process. Its purpose is to prevent privilege
! escalation by containing corruption to an unprivileged process. More
! information is available at: <ulink
! url="http://www.citi.umich.edu/u/provos/ssh/privsep.html">http://www.citi.umich.edu/u/provos/ssh/privsep.html</ulink>.</para>
!
! <para>Privilege separation is now enabled by default; see the
! UsePrivilegeSeparation option in the <filename>sshd_config</filename>
! file.</para>
!
! <para>You need to create an sshd user in your LEAF distro to have
! privilege separation working. The instructions are <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/openssh-3.4p1/README.txt">here</ulink>.
! Starting with version 1.0-rc4, LEAF "Bering" has a
! <emphasis>sshd</emphasis> user readily available.</para>
! </section>
! </section>
!
! <section id="openssh5">
! <title>References</title>
!
! <para>Some useful informations/programs can be found at the following
! adresses:</para>
!
! <para>The <ulink url=" http://www.openssh.org">Openssh website</ulink>
! contains a <ulink url="http://www.openssh.org/faq.html">FAQ</ulink> and
! <ulink url="http://www.openssh.org/manual.html">man pages</ulink>.</para>
!
! <para><ulink url="http://www.chiark.greenend.org.uk/~sgtatham/putty">PuTTY</ulink>
! is a free implementation of Telnet and SSH for Win32 platforms.</para>
!
! <para><ulink url="http://www.i-tree.org/secixpro/index.htm">iXplorer</ulink>:
! a Windows front end for the secure shell copy PSCP.</para>
! </section>
! </article>
\ No newline at end of file
Index: packall.xml
===================================================================
RCS file: /cvsroot/leaf/devel/jnilo/documentation/packages/packall.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** packall.xml 28 May 2003 13:30:30 -0000 1.2
--- packall.xml 19 Jan 2004 21:26:47 -0000 1.3
***************
*** 1,133 ****
! <?xml version="1.0" encoding='ISO-8859-1'?>
! <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" [
! <!ENTITY bicontent SYSTEM "bicontent.xml">
! <!ENTITY bidowndistro SYSTEM "bidowndistro.xml">
! <!ENTITY bidownmod SYSTEM "bidownmod.xml">
! <!ENTITY biaddrm SYSTEM "biaddrm.xml">
! <!ENTITY bikeybd SYSTEM "bikeybd.xml">
! <!ENTITY binetwork SYSTEM "binetwork.xml">
! <!ENTITY bishorwall SYSTEM "bishorwall.xml">
! <!ENTITY bipackages SYSTEM "bipackages.xml">
! ]>
! <book>
! <article id="binstall"><title>LEAF "Bering" installation guide</title>
! <articleinfo>
! <author><firstname>Jacques</firstname> <surname>Nilo</surname></author>
! <author><firstname>Eric</firstname> <surname>Wolzack</surname></author>
! <revhistory>
! <revision>
<revnumber>0.1</revnumber>
<date>18 January 2002</date>
<revremark>First draft for review</revremark>
! </revision>
! <revision>
<revnumber>0.2</revnumber>
<date>2 February 2002</date>
<revremark>Second draft for review</revremark>
! </revision>
! <revision>
<revnumber>0.3</revnumber>
<date>21 February 2002</date>
<revremark>Third draft for review</revremark>
! </revision>
! <revision>
<revnumber>0.4</revnumber>
<date>19 March 2002</date>
<revremark>Fourth draft for review</revremark>
! </revision>
! </revhistory>
! </articleinfo>
! <sect1 id="biabout"><title>About LEAF "Bering"</title>
! <sect2><title>What is the LEAF "Bering" distribution ?</title>
! <para>The LEAF "Bering" distribution is derived from <ulink \
url="http://lrp.steinkuehler.net">Charles Steinkuehler's</ulink> Dachstein (rc2). It \
differs from it on two key elements:</para>
! <itemizedlist>
! <listitem><para>It is based on a 2.4.x linux kernel</para></listitem>
! <listitem><para>It relies on <ulink \
url="http://www.shorewall.net">Shorewall</ulink> for extended firewalling facilities. \
Check all the Shorewall features <ulink \
url="http://www.shorewall.net/shorewall_features.htm">here</ulink>.</para></listitem>
! </itemizedlist>
! <para>The main objectives are:</para>
! <itemizedlist>
! <listitem><para>To benefit from the <ulink \
url="http://www.netfilter.org">netfilter/iptables</ulink> \
facilities</para></listitem>
! <listitem><para>To have access to the latest kernel device drivers & \
filesystems</para></listitem>
! <listitem><para>To keep everything available on a single floppy for the largest \
possible user's base (including serial modem, cable modem or ADSL PPP/PPPOE \
users)</para></listitem>
! <listitem><para>To keep the simplicity provided by Dachstein</para></listitem>
! <listitem><para>To stick to a standard linux kernel as much as possible. This \
allows LEAF "Bering" usage and developement in a <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/uml.html">virtual \
environment</ulink></para></listitem>
! <listitem><para>To stick as much as possible to the Debian distribution \
structure</para></listitem>
! </itemizedlist>
! <para>This work was made possible after having proposed a solution to get rid of \
the original kernel LRP patches which do not pass the change introduced in \
<filename>initrd</filename> in the 2.4.10 kernel. The interested reader can refer to \
the leaf-devel mailing list archives.</para>
! </sect2>
! <sect2><title>Why Bering ?</title>
! <para>The name "Bering" was chosen from the Strait of the same name. A strait is a \
nice symbol for a firewall: a lot of traffic and strict navigation rules. Bering was \
chosen because it represents the shortest distance between Europe and America where \
most of the LEAF community is living. Those interested by the story of the Bering \
Island can check <ulink \
url="http://www.pbs.org/edens/kamchatka/bering.html">here</ulink> (Thanks to Matt \
Schalit for the reference).</para>
! </sect2>
! <sect2><title>Feedback</title>
! <para>Comment on this package can be sent to the authors:</para>
! <para>Jacques Nilo <email>jnilo@users.sourceforge.net</email> or Eric Wolzak \
<email>leaf@wolzak.de</email>.</para>
! </sect2>
! <sect2><title>Acknowledgments and thanks</title>
! <para>Thanks to everyone who help us on this work and especially the members of the \
<ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-devel">leaf-devel</ulink> \
and <ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-user">leaf-user</ulink> \
mailing list. Many thanks also to Tom Eastep <email>teastep@shorewall.net</email> for \
his great shorewall package and his dedicated support.</para>
! <para>The "Bering" distribution has benefited from many comments, help and \
suggestions from Lynn Avants, Tom Eastep, Jeff Newmiller, Thor Nylander and Larry \
Platzek.</para>
! </sect2>
! <sect2><title>Changelog</title>
! <para>Current version: 1.0-rc1 - March,16 2002</para>
! <itemizedlist>
! <listitem><para>Updated with the 2.4.18 linux kernel which fixes the Netfilter/IRC \
bug. Support is now provided for Appletalk and IPX through appropriate \
modules</para></listitem>
! <listitem><para>Shorewall updated version 1.2.9. Allows now MAC addresses \
filtering</para></listitem>
! <listitem><para>iptables updated with the last 1.2.5 version</para></listitem>
! <listitem><para><filename>lrcfg.back.script</filename> updated with the most recent \
version from Dachstein which allows partial backup and adatped to work without ctar. \
Backup problems experienced in beta-4 should be gone. Eric spent quite some time on \
this one :-).</para></listitem>
! <listitem><para>New pcmcia.lrp packages (tested and more compact and with a more \
detailed documentation).</para></listitem>
! <listitem><para>Documentation updated to revision 0.4.</para></listitem>
! </itemizedlist>
! <para>Version: beta4 - February 2002</para>
! <itemizedlist>
! <listitem><para>ifupdown program adapted to only use ip addr and ip route commands. \
ifconfig removed</para></listitem>
! <listitem><para>Shorewall updated to latest 1.2.6 version</para></listitem>
! <listitem><para>arp program added to /sbin to have proxy-arp working with Shorewall \
(thanks to Yvo Nelemans for noticing this)</para></listitem>
! <listitem><para>Beta2 <filename>/usr/sbin/lrcfg.back.initrd</filename> script \
restored. Automatic computation of INITRD_SIZE in beta3 was \
buggy</para></listitem>
! <listitem><para>Loading of modules stored in <filename>/boot/lib/modules</filename> \
right after initrd is mounted is now working \
properly</para></listitem>
! <listitem><para>ctar removed following a suggestion by S. Caron</para></listitem>
! <listitem><para>The pcmcia.lrp configuration list is no more \
broken</para></listitem>
! <listitem><para>Some clean-up in weblet.lrp</para></listitem>
! <listitem><para>Documentation updated to revision 0.3.</para></listitem>
! </itemizedlist>
! <para>Version: beta3 - February 2002</para>
! <itemizedlist>
! <listitem><para>The distribution has now a name: Bering !</para></listitem>
! <listitem><para>Kernel 2.4.16 updated. Check the new <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/bering/beta3/bering-b3.config">config \
file</ulink>. Includes now support for Hard disks, DOC, ext2/ext3/reiserfs \
filesystems, PPPOA, IPV6</para></listitem>
! <listitem><para>Shorewall updated to latest 1.2.5 version</para></listitem>
! <listitem><para>Winimage floppy image now available for Windows \
users</para></listitem>
! <listitem><para>INITRD_SIZE parameter removed: \
<filename>/usr/sbin/lrcfg.back.initrd</filename> now computes optimal size of INITRD \
filesystem</para></listitem>
! <listitem><para><filename>/etc/init.d/netbase</filename> removed and replaced by \
<filename>/etc/init.d/inetd</filename>. Portmap will be provided as a separate \
package.</para></listitem>
! <listitem><para>Some clean-up in the <filename>/etc/init.d</filename> RCDLINKS= \
parameters to comply with Debian/Woody</para></listitem>
! <listitem><para>Supplemental packages available providing openssh, pcmcia, ppp \
(with active-filter enabled) and wireless support. Check the Bering packages <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/bering/packages/">directory</ulink>.</para></listitem>
! <listitem><para>Pump.lrp recompiled with proper options and \
<filename>/etc/shorewall.pump</filename> script corrected. Also \
<filename>/etc/init.d/pump</filename> script removed: Pump fully controlled by \
ifup/down</para></listitem>
! <listitem><para><filename>libnsl.so</filename> removed (and \
<filename>tcpd</filename> and <filename>sshd</filename> recompiled accordingly). Save \
about 10K (compressed).</para></listitem>
! <listitem><para><filename>/usr/sbin/ticker</filename> replaced by a shell script \
(Thanks Ray !). Save 1,3K (compressed)</para></listitem>
! <listitem><para>Documentation updated to revision 0.2. Thanks to L. Avants, T. \
Eastep & L. Platzek for their suggestions !</para></listitem>
! </itemizedlist>
! <para>Version: beta2 - January 2002</para>
! <itemizedlist>
! <listitem><para>Kernel 2.4.16 now used. New kernel <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/kernel-2.4.16/leaf-mini-2416-b2.config">config \
file</ulink>. Includes in particular support for PCMCIA, PPP, PPP/PPPOE, ISDN, USB \
and bridging</para></listitem>
! <listitem><para>Use <ulink url="http://www.shorewall.net">shorewall 1.2.2</ulink> \
allowing among <ulink url="http://www.shorewall.net/shorewall_features.htm">many \
other things</ulink> traffic shapping & \
blacklisting</para></listitem>
! <listitem><para>Pump (0.8.11-3) being used as default DHCP/BOOTP client to save \
disk space (dhclient.lrp still OK)</para></listitem>
! <listitem><para>networking script now fully debian/sid compatible. Dachstein's \
<filename>/etc/network.conf</filename>, <filename>/etc/ipchains.conf</filename> and \
<filename>/etc/init.d/network</filename> files/scripts completely \
removed</para></listitem>
! <listitem><para>ifconfig (1.4.2) and ifupdown (0.6.4) available</para></listitem>
! <listitem><para>new applets in bbox library (0.60.2)</para></listitem>
! <listitem><para>new version of iproute2 (010824). tc <ulink \
url="http://luxik.cdi.cz/~devik/qos/htb/v2/htb2_tc.diff">patched</ulink> to allow for \
<ulink url="http://luxik.cdi.cz/~devik/qos/htb/">HTB queuing \
discipline</ulink></para></listitem>
! <listitem><para>bridge now available as a separate package. Provides brctl from \
<ulink url="http://bridge.sourceforge.net/">bridge-utils</ulink> (0.9.4) \
</para></listitem>
! <listitem><para>ppp.lrp and pppoe.lrp provided in the standard distro for \
serial/modem and adsl/pppoe connections. pppoe.lrp provides the PPPoE 2.4.16 kernel \
plugin. The ppp daemon is the 2.4.1 version patched for kernel mode PPPoE available \
<ulink url="http://www.shoshin.uwaterloo.ca/~mostrows/">here</ulink>.</para></listitem>
! <listitem><para>pon, poff and plog scripts provided in ppp.lrp for ppp on \
demand.</para></listitem>
! <listitem><para>weblet.lrp modified to handle <filename>iptable</filename> output. \
Do not need <filename>netstat</filename> anymore</para></listitem>
! <listitem><para>first draft of installation guide available (what your are reading \
now)</para></listitem>
! </itemizedlist>
! <para>version: <ulink \
url="http://www.geocrawler.com/archives/3/7232/2001/12/150/7221394/">2.4.14-b1</ulink> \
- 12 December 2001</para>
! <para>version: <ulink \
url="http://www.geocrawler.com/archives/3/7232/2001/11/50/7219319/">2.4.14-alpha</ulink> \
- 20 November 2001</para>
! </sect2>
! </sect1>
! &bicontent;
! &bidowndistro;
! &bidownmod;
! &biaddrm;
! &binetwork;
! &bishorwall;
! &bipackages;
! </article>
! </book>
--- 1,390 ----
! <?xml version="1.0" encoding="UTF-8"?>
! <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
! "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
! <article id="binstall">
! <title>LEAF "Bering" installation guide</title>
!
! <articleinfo>
! <author>
! <firstname>Jacques</firstname>
!
! <surname>Nilo</surname>
! </author>
!
! <author>
! <firstname>Eric</firstname>
!
! <surname>Wolzack</surname>
! </author>
!
! <revhistory>
! <revision>
<revnumber>0.1</revnumber>
+
<date>18 January 2002</date>
+
<revremark>First draft for review</revremark>
! </revision>
!
! <revision>
<revnumber>0.2</revnumber>
+
<date>2 February 2002</date>
+
<revremark>Second draft for review</revremark>
! </revision>
!
! <revision>
<revnumber>0.3</revnumber>
+
<date>21 February 2002</date>
+
<revremark>Third draft for review</revremark>
! </revision>
!
! <revision>
<revnumber>0.4</revnumber>
+
<date>19 March 2002</date>
+
<revremark>Fourth draft for review</revremark>
! </revision>
! </revhistory>
! </articleinfo>
!
! <section id="biabout">
! <title>About LEAF "Bering"</title>
!
! <section>
! <title>What is the LEAF "Bering" distribution ?</title>
!
! <para>The LEAF "Bering" distribution is derived from <ulink
! url="http://lrp.steinkuehler.net">Charles Steinkuehler's</ulink>
! Dachstein (rc2). It differs from it on two key elements:</para>
!
! <itemizedlist>
! <listitem>
! <para>It is based on a 2.4.x linux kernel</para>
! </listitem>
!
! <listitem>
! <para>It relies on <ulink \
url="http://www.shorewall.net">Shorewall</ulink>
! for extended firewalling facilities. Check all the Shorewall
! features <ulink
! url="http://www.shorewall.net/shorewall_features.htm">here</ulink>.</para>
! </listitem>
! </itemizedlist>
!
! <para>The main objectives are:</para>
!
! <itemizedlist>
! <listitem>
! <para>To benefit from the <ulink \
url="http://www.netfilter.org">netfilter/iptables</ulink>
! facilities</para>
! </listitem>
!
! <listitem>
! <para>To have access to the latest kernel device drivers &
! filesystems</para>
! </listitem>
!
! <listitem>
! <para>To keep everything available on a single floppy for the
! largest possible user's base (including serial modem, cable
! modem or ADSL PPP/PPPOE users)</para>
! </listitem>
!
! <listitem>
! <para>To keep the simplicity provided by Dachstein</para>
! </listitem>
!
! <listitem>
! <para>To stick to a standard linux kernel as much as possible. This
! allows LEAF "Bering" usage and developement in a <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/uml.html">virtual
! environment</ulink></para>
! </listitem>
!
! <listitem>
! <para>To stick as much as possible to the Debian distribution
! structure</para>
! </listitem>
! </itemizedlist>
!
! <para>This work was made possible after having proposed a solution to
! get rid of the original kernel LRP patches which do not pass the change
! introduced in <filename>initrd</filename> in the 2.4.10 kernel. The
! interested reader can refer to the leaf-devel mailing list archives.</para>
! </section>
!
! <section>
! <title>Why Bering ?</title>
!
! <para>The name "Bering" was chosen from the Strait of the same
! name. A strait is a nice symbol for a firewall: a lot of traffic and
! strict navigation rules. Bering was chosen because it represents the
! shortest distance between Europe and America where most of the LEAF
! community is living. Those interested by the story of the Bering Island
! can check <ulink \
url="http://www.pbs.org/edens/kamchatka/bering.html">here</ulink>
! (Thanks to Matt Schalit for the reference).</para>
! </section>
!
! <section>
! <title>Feedback</title>
!
! <para>Comment on this package can be sent to the authors:</para>
!
! <para>Jacques Nilo <email>jnilo@users.sourceforge.net</email> or Eric
! Wolzak <email>leaf@wolzak.de</email>.</para>
! </section>
!
! <section>
! <title>Acknowledgments and thanks</title>
!
! <para>Thanks to everyone who help us on this work and especially the
! members of the <ulink
! url="http://lists.sourceforge.net/lists/listinfo/leaf-devel">leaf-devel</ulink>
! and <ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-user">leaf-user</ulink>
! mailing list. Many thanks also to Tom Eastep \
<email>teastep@shorewall.net</email>
! for his great shorewall package and his dedicated support.</para>
!
! <para>The "Bering" distribution has benefited from many
! comments, help and suggestions from Lynn Avants, Tom Eastep, Jeff
! Newmiller, Thor Nylander and Larry Platzek.</para>
! </section>
!
! <section>
! <title>Changelog</title>
!
! <para>Current version: 1.0-rc1 - March,16 2002</para>
!
! <itemizedlist>
! <listitem>
! <para>Updated with the 2.4.18 linux kernel which fixes the
! Netfilter/IRC bug. Support is now provided for Appletalk and IPX
! through appropriate modules</para>
! </listitem>
!
! <listitem>
! <para>Shorewall updated version 1.2.9. Allows now MAC addresses
! filtering</para>
! </listitem>
!
! <listitem>
! <para>iptables updated with the last 1.2.5 version</para>
! </listitem>
!
! <listitem>
! <para><filename>lrcfg.back.script</filename> updated with the most
! recent version from Dachstein which allows partial backup and
! adatped to work without ctar. Backup problems experienced in beta-4
! should be gone. Eric spent quite some time on this one :-).</para>
! </listitem>
!
! <listitem>
! <para>New pcmcia.lrp packages (tested and more compact and with a
! more detailed documentation).</para>
! </listitem>
!
! <listitem>
! <para>Documentation updated to revision 0.4.</para>
! </listitem>
! </itemizedlist>
!
! <para>Version: beta4 - February 2002</para>
!
! <itemizedlist>
! <listitem>
! <para>ifupdown program adapted to only use ip addr and ip route
! commands. ifconfig removed</para>
! </listitem>
!
! <listitem>
! <para>Shorewall updated to latest 1.2.6 version</para>
! </listitem>
!
! <listitem>
! <para>arp program added to /sbin to have proxy-arp working with
! Shorewall (thanks to Yvo Nelemans for noticing this)</para>
! </listitem>
!
! <listitem>
! <para>Beta2 <filename>/usr/sbin/lrcfg.back.initrd</filename> script
! restored. Automatic computation of INITRD_SIZE in beta3 was buggy</para>
! </listitem>
!
! <listitem>
! <para>Loading of modules stored in <filename>/boot/lib/modules</filename>
! right after initrd is mounted is now working properly</para>
! </listitem>
!
! <listitem>
! <para>ctar removed following a suggestion by S. Caron</para>
! </listitem>
!
! <listitem>
! <para>The pcmcia.lrp configuration list is no more broken</para>
! </listitem>
!
! <listitem>
! <para>Some clean-up in weblet.lrp</para>
! </listitem>
!
! <listitem>
! <para>Documentation updated to revision 0.3.</para>
! </listitem>
! </itemizedlist>
!
! <para>Version: beta3 - February 2002</para>
!
! <itemizedlist>
! <listitem>
! <para>The distribution has now a name: Bering !</para>
! </listitem>
!
! <listitem>
! <para>Kernel 2.4.16 updated. Check the new <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/bering/beta3/bering-b3.config">config
! file</ulink>. Includes now support for Hard disks, DOC,
! ext2/ext3/reiserfs filesystems, PPPOA, IPV6</para>
! </listitem>
!
! <listitem>
! <para>Shorewall updated to latest 1.2.5 version</para>
! </listitem>
!
! <listitem>
! <para>Winimage floppy image now available for Windows users</para>
! </listitem>
!
! <listitem>
! <para>INITRD_SIZE parameter removed: \
<filename>/usr/sbin/lrcfg.back.initrd</filename>
! now computes optimal size of INITRD filesystem</para>
! </listitem>
!
! <listitem>
! <para><filename>/etc/init.d/netbase</filename> removed and replaced
! by <filename>/etc/init.d/inetd</filename>. Portmap will be provided
! as a separate package.</para>
! </listitem>
!
! <listitem>
! <para>Some clean-up in the <filename>/etc/init.d</filename>
! RCDLINKS= parameters to comply with Debian/Woody</para>
! </listitem>
!
! <listitem>
! <para>Supplemental packages available providing openssh, pcmcia, ppp
! (with active-filter enabled) and wireless support. Check the Bering
! packages <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/bering/packages/">directory</ulink>.</para>
! </listitem>
!
! <listitem>
! <para>Pump.lrp recompiled with proper options and
! <filename>/etc/shorewall.pump</filename> script corrected. Also
! <filename>/etc/init.d/pump</filename> script removed: Pump fully
! controlled by ifup/down</para>
! </listitem>
!
! <listitem>
! <para><filename>libnsl.so</filename> removed (and
! <filename>tcpd</filename> and <filename>sshd</filename> recompiled
! accordingly). Save about 10K (compressed).</para>
! </listitem>
!
! <listitem>
! <para><filename>/usr/sbin/ticker</filename> replaced by a shell
! script (Thanks Ray !). Save 1,3K (compressed)</para>
! </listitem>
!
! <listitem>
! <para>Documentation updated to revision 0.2. Thanks to L. Avants, T.
! Eastep & L. Platzek for their suggestions !</para>
! </listitem>
! </itemizedlist>
!
! <para>Version: beta2 - January 2002</para>
!
! <itemizedlist>
! <listitem>
! <para>Kernel 2.4.16 now used. New kernel <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/kernel-2.4.16/leaf-mini-2416-b2.config">config
! file</ulink>. Includes in particular support for PCMCIA, PPP,
! PPP/PPPOE, ISDN, USB and bridging</para>
! </listitem>
!
! <listitem>
! <para>Use <ulink url="http://www.shorewall.net">shorewall 1.2.2</ulink>
! allowing among <ulink
! url="http://www.shorewall.net/shorewall_features.htm">many other
! things</ulink> traffic shapping & blacklisting</para>
! </listitem>
!
! <listitem>
! <para>Pump (0.8.11-3) being used as default DHCP/BOOTP client to
! save disk space (dhclient.lrp still OK)</para>
! </listitem>
!
! <listitem>
! <para>networking script now fully debian/sid compatible.
! Dachstein's <filename>/etc/network.conf</filename>,
! <filename>/etc/ipchains.conf</filename> and \
<filename>/etc/init.d/network</filename>
! files/scripts completely removed</para>
! </listitem>
!
! <listitem>
! <para>ifconfig (1.4.2) and ifupdown (0.6.4) available</para>
! </listitem>
!
! <listitem>
! <para>new applets in bbox library (0.60.2)</para>
! </listitem>
!
! <listitem>
! <para>new version of iproute2 (010824). tc <ulink
! url="http://luxik.cdi.cz/~devik/qos/htb/v2/htb2_tc.diff">patched</ulink>
! to allow for <ulink url="http://luxik.cdi.cz/~devik/qos/htb/">HTB
! queuing discipline</ulink></para>
! </listitem>
!
! <listitem>
! <para>bridge now available as a separate package. Provides brctl
! from <ulink url="http://bridge.sourceforge.net/">bridge-utils</ulink>
! (0.9.4)</para>
! </listitem>
!
! <listitem>
! <para>ppp.lrp and pppoe.lrp provided in the standard distro for
! serial/modem and adsl/pppoe connections. pppoe.lrp provides the
! PPPoE 2.4.16 kernel plugin. The ppp daemon is the 2.4.1 version
! patched for kernel mode PPPoE available <ulink
! url="http://www.shoshin.uwaterloo.ca/~mostrows/">here</ulink>.</para>
! </listitem>
!
! <listitem>
! <para>pon, poff and plog scripts provided in ppp.lrp for ppp on
! demand.</para>
! </listitem>
!
! <listitem>
! <para>weblet.lrp modified to handle <filename>iptable</filename>
! output. Do not need <filename>netstat</filename> anymore</para>
! </listitem>
!
! <listitem>
! <para>first draft of installation guide available (what your are
! reading now)</para>
! </listitem>
! </itemizedlist>
!
! <para>version: <ulink
! url="http://www.geocrawler.com/archives/3/7232/2001/12/150/7221394/">2.4.14-b1</ulink>
! - 12 December 2001</para>
!
! <para>version: <ulink
! url="http://www.geocrawler.com/archives/3/7232/2001/11/50/7219319/">2.4.14-alpha</ulink>
! - 20 November 2001</para>
! </section>
! </section>
! </article>
\ No newline at end of file
Index: qmail.xml
===================================================================
RCS file: /cvsroot/leaf/devel/jnilo/documentation/packages/qmail.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** qmail.xml 28 May 2003 13:30:30 -0000 1.3
--- qmail.xml 19 Jan 2004 21:26:47 -0000 1.4
***************
*** 1,184 ****
! <?xml version="1.0" encoding='ISO-8859-1'?>
! <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" [
! ]>
! <book>
! <article id="qmail"><title>qmail LEAF/LRP user's guide</title>
! <sect1 id="qmail1"><title>About qmail</title>
! <sect2><title>What is qmail?</title>
! <para>qmail is an Internet Mail Transfer Agent (MTA) for UNIX-like operating \
systems. It's a drop-in replacement for the Sendmail system provided with UNIX \
operating systems. qmail uses the Simple Mail Transfer Protocol (SMTP) to exchange \
messages with MTA's on other systems. You will find <ulink \
url="http://www.lifewithqmail.org/lwq.html#whyuseit">here</ulink> a list of reasons \
explaining why you should consider qmail.</para>
! <para>Current version is 1.03. In this LEAF/LRP package no patch has been applied \
to D.J. Bernstein <ulink url="http://cr.yp.to/qmail.html">original \
version</ulink>.</para>
! <para>See the reference section for useful links and references.</para>
! </sect2>
! <sect2><title>Feedback</title>
! <para>Comment on this package can be sent to the author \
<email>jnilo@users.sourceforge.net</email>.</para>
! </sect2>
! <sect2><title>Acknowledgments and Thanks</title>
! <para>Thanks to everyone who help me on this work and especially the members of the \
<ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-devel">leaf-devel</ulink> \
and <ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-user">leaf-user</ulink> \
mailing list.</para>
! </sect2>
! <sect2><title>Changelog</title>
! <para>Current version: 1.03a - 14 July 2001</para>
! <itemizedlist>
! <listitem><para>Now takes care of a bug in LRP 2.9.8. in which directory attributes \
are not saved by backup</para></listitem>
! <listitem><para>One does not need to change <userinput>pop-3</userinput> in \
<filename>/etc/service</filename> into <userinput>pop3</userinput> \
anymore.</para></listitem>
! <listitem><para>tcpserver and tcprules programs moved to \
<filename>/usr/bin</filename>.</para></listitem>
! <listitem><para>qmail.lrp now needs daemontl.lrp. It won't start if svscan is not \
running.</para></listitem>
! <listitem><para>Documentation completely rewritten in Docbook XML format for better \
compatibility.</para></listitem>
! </itemizedlist>
! <para>Original version: 1.03 - 20 May 2001</para>
! </sect2>
! </sect1>
! <sect1 id="qmail2"><title>Installing the qmail.lrp package</title>
! <sect2><title>Step 1: create groups and users account</title>
! <para>If you use Eigerstein you can go directly to step 2. If not or are unsure you \
have to edit the following three files:</para>
! <para>In the <filename>/etc/passwd</filename> file insert the following lines so \
that the users UID (1st number) numerical order is preserved:</para>
! <programlisting>
! alias:x:70:65534:qmail alias:/var/qmail/alias:/bin/sh
! qmaild:x:71:65534:qmail daemon:/var/qmail:/bin/sh
! qmails:x:72:70:qmail send:/var/qmail:/bin/sh
! qmailr:x:73:70:qmail remote:/var/qmail:/bin/sh
! qmailq:x:74:70:qmail queue:/var/qmail:/bin/sh
! qmaill:x:75:65534:qmail log:/var/qmail:/bin/sh
! qmailp:x:76:65534:qmail pw:/var/qmail:/bin/sh
! </programlisting>
! <para>In the <filename>/etc/shadow</filename> file insert the following lines at \
the end:</para>
! <programlisting>
! alias:*:11096:0:99999:7:::
! qmaild:*:11096:0:99999:7:::
! qmails:*:11096:0:99999:7:::
! qmailr:*:11096:0:99999:7:::
! qmailq:*:11096:0:99999:7:::
! qmaill:*:11096:0:99999:7:::
! qmailp:*:11096:0:99999:7:::
! </programlisting>
! <para>In the <filename>/etc/group</filename> insert the following lines near the \
end so that the GID numerical order is preserved:</para>
! <programlisting>
! qmail:x:70:
! </programlisting>
! <para>Do not change qmails UID or GID: they are compiled in the program!</para>
! </sect2>
! <sect2><title>Step 2: check the services</title>
! <para>Check <filename>/etc/inetd.conf</filename> and make sure that services smtp \
and pop3 are *** not *** available (since we are going to use \
tcpserver).</para>
! </sect2>
! <sect2><title>Step 3: create the qmail sysadmin account</title>
! <para>Qmail does not allow mails to be sent to root. Therefore you have to create a \
user account & group for that purpose. I suggest lrpqmail. Here you are free to \
choose your (non conflicting) UID and GIDs (500 in the following \
example).</para>
! <para>In the <filename>/etc/passwd</filename> file insert the following lines at \
the end:</para>
! <programlisting>
! lrpqmail:x:500:500:LRP-Qmail:/home/lrpqmail:/bin/sh
! </programlisting>
! <para>Do not create the <filename>/home/lrpqmail</filename> directory: qmail \
startup script will take care of it ! If <filename>/home</filename> directory is not \
created it will also be created automatically.</para>
! <para>In the <filename>/etc/shadow</filename> file insert the following lines at \
the end:</para>
! <programlisting>
! lrpqmail:*:10091:0:99999:7:::
! </programlisting>
! <para>In the <filename>/etc/group</filename> file insert the following lines at the \
end:</para>
! <programlisting>
! lrpqmail:x:500:
! </programlisting>
! <para>Define a password for the qmail sysadmin account by issuing the \
<userinput>passwd lrpqmail</userinput> command.</para>
! <para>Make sure that you can login with the lrpqmail account you just created. You \
can try that from your LRP console. If you do not succeed you have to fix the problem \
before proceeding !</para>
! <important>
! <para>Save etc.lrp now !!!</para>
! </important>
! <para>The most difficult part of the installation is over !</para>
! <para>Download the <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/packages/qmail.lrp">qmail.lrp</ulink> \
and - if not already installed - the <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/packages/daemontl.lrp"> \
daemontl.lrp</ulink> package. Copy the package(s) to your LRP diskette. Edit your \
<filename>syslinux.cfg</filename> file to add <application>daemontl</application> \
(optional) and <application>qmail</application> to the list of your \
packages.</para>
! <para>Reboot. the qmail program should be up and running ! (check with ps aux \
command from the LRP console).</para>
! </sect2>
! </sect1>
! <sect1 id="qmail3"><title>Configuring qmail</title>
! <sect2><title>Setting the qmail parameters</title>
! <para>You can do that through the following qmail configuration menu.</para>
! <screen>
! qmail configuration files
!
! 1) me
! 2) rcpthosts
! 3) locals
! 4) virtualdomains
! 5) defaultdomain
! 6) plusdomain
! 7) smptd run file
! 8) smptd log run file
! 9) qmail run file
! 10) qmail log run file
! 11) pop3d run file
! 12) pop3d log run file
! 13) tcp.smtp file
!
! q) quit
! ----------------------------------------------------------------------------
! Selection:
</screen>
! <para></para>
! <important>
! <para>You will need to restart qmail whenever one the following parameters will be \
changed. You can do that by issuing the <userinput>/etc/init.d/qmail \
restart</userinput> command.</para>
! </important>
! <para>The first six parameters are qmail parameters. See the reference section for \
a detailed explanation. In short:</para>
! <para><emphasis>me</emphasis>: FQDN (i.e. mail.mydomain.com). Make sure you have \
defined a MX record for mail.mydomain.com !</para>
! <para><emphasis>rcpthosts</emphasis>: all the hosts that qmail receive mail for. \
All your local domains must be in this file.</para>
! <para><emphasis>locals</emphasis>: all of the hosts that are locals. i.e. mail sent \
to these hosts will be delivered to users in \
<filename>/etc/passwd</filename>.</para>
! <para><emphasis>virtualdomains</emphasis>:</para>
! <para><emphasis>defauldomain</emphasis>:</para>
! <para><emphasis>plusdomain</emphasis>:</para>
! <para>smtpd run file: there should be no reason to edit this file.</para>
! <para>smtpd log run file: edit this file to change the multilog parameters.</para>
! <para>qmail run file: qmail startup script. There should be no reaon to modify this \
file.</para>
! <para>pop3d run file: <emphasis>YOU MUST EDIT THIS FILE</emphasis> and replace \
mail.mydomain.com by the FQDN of your mail server.</para>
! <para>pop3d log run file: edit this file to change the multilog parameters.</para>
! <para>tcp.smtp file: edit this file to define IP addresses that will be allowed to \
use the STMP server.</para>
! </sect2>
! <sect2><title>Setup you mail client</title>
! <para>At this stage only the sysadmin account (by default lrpqmail) can get mail. \
Make sure you can send mail to <email>lrpqmail@mydomain.com</email> or to any other \
valid E-Mail address (from within the firewall) and that you can get access to \
lrpqmail POP3 box.</para>
! <important>
! <para>Relaying: by default in this package the smtp server can be used by localhost \
(the LRP box) and addresses starting by 192.168. (that is internal users in a typical \
LRP setup). To change that setup edit the /etc/tcp.smtp file through the package \
configuration menu. If you make change to that file do not forget to backup qmail.lrp \
& to restart qmail (<userinput>/etc/init.q/qmail restart</userinput>) so that the \
change are taken into account.</para>
! </important>
! <para>In your mail client (Outlook, Netscape Messenger, Pine ) define your SMTP \
server and your POP3 server as mail.mydomain.com</para>
! <para>User name: lrpqmail</para>
! <para>Password: the one you gave when you created the lrpqmail account on the LRP \
box</para>
! <para>Now you should be able to send & received mails with/through your mail \
client.</para>
! </sect2>
! <sect2><title>Creation of new qmail users</title>
! <para>In the traditional qmail setup you will have to create a (UNIX/Linux) account \
for each new user who wants a Mailbox.</para>
! <para>Let's assume I want to create a Mail account for \
<email>jdoe@mydomain.com</email>. First create a <userinput>jdoe</userinput> account \
& password by editing the <filename>/etc/passwd</filename> and \
<filename>/etc/shadow</filename> files as shown:</para>
! <programlisting>
! cd /home
! mkdir jdoe
! chown jdoe jdoe
! chgrp jdoe jdoe
! </programlisting>
! <para>Login under the jdoe account and create its Maildir: </para>
! <programlisting>
! /var/qmail/bin/maildirmake Maildir
! </programlisting>
! </sect2>
! </sect1>
! <sect1 id="qmail4"><title>Checking everything is working</title>
! <para>The <userinput>ps aux | grep qmail</userinput> command output should give \
something like:</para>
! <programlisting>
! myrouter: -root-
! # ps aux|grep qmail
! qmaild 16439 0.0 1.1 792 368 ? S 15:57 0:00 /usr/bin/tcpserver -v
! qmaill 16438 0.0 0.8 740 248 ? S 15:57 0:00 multilog t /var/log/q
! qmaill 16440 0.0 0.8 740 248 ? S 15:57 0:00 multilog t s2500000 /
! qmaill 16442 0.0 0.8 740 248 ? S 15:57 0:00 multilog t /var/log/q
qmailq 16437 0.0 0.8 732 268 ? S 15:57 0:00 qmail-clean
! qmailr 16436 0.0 0.8 740 264 ? S 15:57 0:00 qmail-rspawn
! qmails 16434 0.0 0.9 772 300 ? S 15:57 0:00 qmail-send
! root 16428 0.0 0.8 728 248 ? S 15:57 0:00 supervise qmail
! root 16435 0.0 0.8 740 264 ? S 15:57 0:00 qmail-lspawn ./Maildi
!
! myrouter: -root-
! #
! </programlisting>
! </sect1>
! <sect1 id="qmail5"><title>FAQ</title>
! <para></para>
! </sect1>
! <sect1 id="qmail6"><title>References</title>
! <para>Some useful informations can be found at the following addresses:</para>
! <para>D.J. Bernstein's <ulink url="http://cr.yp.to/qmail.html">original qmail web \
site</ulink> is the first place to go.</para>
! <para>Russell Nelson maintains one of the best site around dedicated to <ulink \
url="http://www.qmail.org">qmail</ulink> and qmail related \
resources.</para>
! <para>Dave Sill famous <ulink url="http://www.lifewithqmail.org/lwq.html">"Life \
with qmail"</ulink> is also invaluable.</para>
! <para>Dave Mc Kenna maintains a <ulink \
url="http://www.flounder.net/qmail/qmail-howto.html">Qmail \
HOWTO</ulink>.</para>
! </sect1>
! </article>
! </book>
--- 1,372 ----
! <?xml version="1.0" encoding="UTF-8"?>
! <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
! "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
! <article id="qmail">
! <title>qmail LEAF/LRP user's guide</title>
!
! <section id="qmail1">
! <title>About qmail</title>
!
! <section>
! <title>What is qmail?</title>
!
! <para>qmail is an Internet Mail Transfer Agent (MTA) for UNIX-like
! operating systems. It's a drop-in replacement for the Sendmail
! system provided with UNIX operating systems. qmail uses the Simple Mail
! Transfer Protocol (SMTP) to exchange messages with MTA's on other
! systems. You will find <ulink
! url="http://www.lifewithqmail.org/lwq.html#whyuseit">here</ulink> a list
! of reasons explaining why you should consider qmail.</para>
!
! <para>Current version is 1.03. In this LEAF/LRP package no patch has
! been applied to D.J. Bernstein <ulink \
url="http://cr.yp.to/qmail.html">original
! version</ulink>.</para>
!
! <para>See the reference section for useful links and references.</para>
! </section>
!
! <section>
! <title>Feedback</title>
!
! <para>Comment on this package can be sent to the author \
<email>jnilo@users.sourceforge.net</email>.</para>
! </section>
!
! <section>
! <title>Acknowledgments and Thanks</title>
!
! <para>Thanks to everyone who help me on this work and especially the
! members of the <ulink
! url="http://lists.sourceforge.net/lists/listinfo/leaf-devel">leaf-devel</ulink>
! and <ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-user">leaf-user</ulink>
! mailing list.</para>
! </section>
!
! <section>
! <title>Changelog</title>
!
! <para>Current version: 1.03a - 14 July 2001</para>
!
! <itemizedlist>
! <listitem>
! <para>Now takes care of a bug in LRP 2.9.8. in which directory
! attributes are not saved by backup</para>
! </listitem>
!
! <listitem>
! <para>One does not need to change <userinput>pop-3</userinput> in
! <filename>/etc/service</filename> into <userinput>pop3</userinput>
! anymore.</para>
! </listitem>
!
! <listitem>
! <para>tcpserver and tcprules programs moved to \
<filename>/usr/bin</filename>.</para>
! </listitem>
!
! <listitem>
! <para>qmail.lrp now needs daemontl.lrp. It won't start if svscan
! is not running.</para>
! </listitem>
!
! <listitem>
! <para>Documentation completely rewritten in Docbook XML format for
! better compatibility.</para>
! </listitem>
! </itemizedlist>
!
! <para>Original version: 1.03 - 20 May 2001</para>
! </section>
! </section>
!
! <section id="qmail2">
! <title>Installing the qmail.lrp package</title>
!
! <section>
! <title>Step 1: create groups and users account</title>
!
! <para>If you use Eigerstein you can go directly to step 2. If not or are
! unsure you have to edit the following three files:</para>
!
! <para>In the <filename>/etc/passwd</filename> file insert the following
! lines so that the users UID (1st number) numerical order is preserved:</para>
!
! <programlisting>
! alias:x:70:65534:qmail alias:/var/qmail/alias:/bin/sh
! qmaild:x:71:65534:qmail daemon:/var/qmail:/bin/sh
! qmails:x:72:70:qmail send:/var/qmail:/bin/sh
! qmailr:x:73:70:qmail remote:/var/qmail:/bin/sh
! qmailq:x:74:70:qmail queue:/var/qmail:/bin/sh
! qmaill:x:75:65534:qmail log:/var/qmail:/bin/sh
! qmailp:x:76:65534:qmail pw:/var/qmail:/bin/sh
! </programlisting>
!
! <para>In the <filename>/etc/shadow</filename> file insert the following
! lines at the end:</para>
!
! <programlisting>
! alias:*:11096:0:99999:7:::
! qmaild:*:11096:0:99999:7:::
! qmails:*:11096:0:99999:7:::
! qmailr:*:11096:0:99999:7:::
! qmailq:*:11096:0:99999:7:::
! qmaill:*:11096:0:99999:7:::
! qmailp:*:11096:0:99999:7:::
! </programlisting>
!
! <para>In the <filename>/etc/group</filename> insert the following lines
! near the end so that the GID numerical order is preserved:</para>
!
! <programlisting>
! qmail:x:70:
! </programlisting>
!
! <para>Do not change qmails UID or GID: they are compiled in the \
program!</para>
! </section>
!
! <section>
! <title>Step 2: check the services</title>
!
! <para>Check <filename>/etc/inetd.conf</filename> and make sure that
! services smtp and pop3 are *** not *** available (since we are going to
! use tcpserver).</para>
! </section>
!
! <section>
! <title>Step 3: create the qmail sysadmin account</title>
!
! <para>Qmail does not allow mails to be sent to root. Therefore you have
! to create a user account & group for that purpose. I suggest
! lrpqmail. Here you are free to choose your (non conflicting) UID and
! GIDs (500 in the following example).</para>
!
! <para>In the <filename>/etc/passwd</filename> file insert the following
! lines at the end:</para>
!
! <programlisting>
! lrpqmail:x:500:500:LRP-Qmail:/home/lrpqmail:/bin/sh
! </programlisting>
!
! <para>Do not create the <filename>/home/lrpqmail</filename> directory:
! qmail startup script will take care of it ! If <filename>/home</filename>
! directory is not created it will also be created automatically.</para>
!
! <para>In the <filename>/etc/shadow</filename> file insert the following
! lines at the end:</para>
!
! <programlisting>
! lrpqmail:*:10091:0:99999:7:::
! </programlisting>
!
! <para>In the <filename>/etc/group</filename> file insert the following
! lines at the end:</para>
!
! <programlisting>
! lrpqmail:x:500:
! </programlisting>
!
! <para>Define a password for the qmail sysadmin account by issuing the
! <userinput>passwd lrpqmail</userinput> command.</para>
!
! <para>Make sure that you can login with the lrpqmail account you just
! created. You can try that from your LRP console. If you do not succeed
! you have to fix the problem before proceeding !</para>
!
! <important>
! <para>Save etc.lrp now !!!</para>
! </important>
!
! <para>The most difficult part of the installation is over !</para>
!
! <para>Download the <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/qmail.lrp">qmail.lrp</ulink>
! and - if not already installed - the <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/daemontl.lrp">
! daemontl.lrp</ulink> package. Copy the package(s) to your LRP diskette.
! Edit your <filename>syslinux.cfg</filename> file to add
! <application>daemontl</application> (optional) and
! <application>qmail</application> to the list of your packages.</para>
!
! <para>Reboot. the qmail program should be up and running ! (check with
! ps aux command from the LRP console).</para>
! </section>
! </section>
!
! <section id="qmail3">
! <title>Configuring qmail</title>
!
! <section>
! <title>Setting the qmail parameters</title>
!
! <para>You can do that through the following qmail configuration menu.</para>
!
! <screen>
! qmail configuration files
!
! 1) me
! 2) rcpthosts
! 3) locals
! 4) virtualdomains
! 5) defaultdomain
! 6) plusdomain
! 7) smptd run file
! 8) smptd log run file
! 9) qmail run file
! 10) qmail log run file
! 11) pop3d run file
! 12) pop3d log run file
! 13) tcp.smtp file
!
! q) quit
! ----------------------------------------------------------------------------
! Selection:
</screen>
!
! <para></para>
!
! <important>
! <para>You will need to restart qmail whenever one the following
! parameters will be changed. You can do that by issuing the
! <userinput>/etc/init.d/qmail restart</userinput> command.</para>
! </important>
!
! <para>The first six parameters are qmail parameters. See the reference
! section for a detailed explanation. In short:</para>
!
! <para><emphasis>me</emphasis>: FQDN (i.e. mail.mydomain.com). Make sure
! you have defined a MX record for mail.mydomain.com !</para>
!
! <para><emphasis>rcpthosts</emphasis>: all the hosts that qmail receive
! mail for. All your local domains must be in this file.</para>
!
! <para><emphasis>locals</emphasis>: all of the hosts that are locals.
! i.e. mail sent to these hosts will be delivered to users in
! <filename>/etc/passwd</filename>.</para>
!
! <para><emphasis>virtualdomains</emphasis>:</para>
!
! <para><emphasis>defauldomain</emphasis>:</para>
!
! <para><emphasis>plusdomain</emphasis>:</para>
!
! <para>smtpd run file: there should be no reason to edit this file.</para>
!
! <para>smtpd log run file: edit this file to change the multilog
! parameters.</para>
!
! <para>qmail run file: qmail startup script. There should be no reaon to
! modify this file.</para>
!
! <para>pop3d run file: <emphasis>YOU MUST EDIT THIS FILE</emphasis> and
! replace mail.mydomain.com by the FQDN of your mail server.</para>
!
! <para>pop3d log run file: edit this file to change the multilog
! parameters.</para>
!
! <para>tcp.smtp file: edit this file to define IP addresses that will be
! allowed to use the STMP server.</para>
! </section>
!
! <section>
! <title>Setup you mail client</title>
!
! <para>At this stage only the sysadmin account (by default lrpqmail) can
! get mail. Make sure you can send mail to <email>lrpqmail@mydomain.com</email>
! or to any other valid E-Mail address (from within the firewall) and that
! you can get access to lrpqmail POP3 box.</para>
!
! <important>
! <para>Relaying: by default in this package the smtp server can be used
! by localhost (the LRP box) and addresses starting by 192.168. (that is
! internal users in a typical LRP setup). To change that setup edit the
! /etc/tcp.smtp file through the package configuration menu. If you make
! change to that file do not forget to backup qmail.lrp & to restart
! qmail (<userinput>/etc/init.q/qmail restart</userinput>) so that the
! change are taken into account.</para>
! </important>
!
! <para>In your mail client (Outlook, Netscape Messenger, Pine ) define
! your SMTP server and your POP3 server as mail.mydomain.com</para>
!
! <para>User name: lrpqmail</para>
!
! <para>Password: the one you gave when you created the lrpqmail account
! on the LRP box</para>
!
! <para>Now you should be able to send & received mails with/through
! your mail client.</para>
! </section>
!
! <section>
! <title>Creation of new qmail users</title>
!
! <para>In the traditional qmail setup you will have to create a
! (UNIX/Linux) account for each new user who wants a Mailbox.</para>
!
! <para>Let's assume I want to create a Mail account for
! <email>jdoe@mydomain.com</email>. First create a <userinput>jdoe</userinput>
! account & password by editing the <filename>/etc/passwd</filename>
! and <filename>/etc/shadow</filename> files as shown:</para>
!
! <programlisting>
! cd /home
! mkdir jdoe
! chown jdoe jdoe
! chgrp jdoe jdoe
! </programlisting>
!
! <para>Login under the jdoe account and create its Maildir:</para>
!
! <programlisting>
! /var/qmail/bin/maildirmake Maildir
! </programlisting>
! </section>
! </section>
!
! <section id="qmail4">
! <title>Checking everything is working</title>
!
! <para>The <userinput>ps aux | grep qmail</userinput> command output should
! give something like:</para>
!
! <programlisting>
! myrouter: -root-
! # ps aux|grep qmail
! qmaild 16439 0.0 1.1 792 368 ? S 15:57 0:00 /usr/bin/tcpserver -v
! qmaill 16438 0.0 0.8 740 248 ? S 15:57 0:00 multilog t /var/log/q
! qmaill 16440 0.0 0.8 740 248 ? S 15:57 0:00 multilog t s2500000 /
! qmaill 16442 0.0 0.8 740 248 ? S 15:57 0:00 multilog t /var/log/q
qmailq 16437 0.0 0.8 732 268 ? S 15:57 0:00 qmail-clean
! qmailr 16436 0.0 0.8 740 264 ? S 15:57 0:00 qmail-rspawn
! qmails 16434 0.0 0.9 772 300 ? S 15:57 0:00 qmail-send
! root 16428 0.0 0.8 728 248 ? S 15:57 0:00 supervise qmail
! root 16435 0.0 0.8 740 264 ? S 15:57 0:00 qmail-lspawn ./Maildi
!
! myrouter: -root-
! #
! </programlisting>
! </section>
!
! <section id="qmail5">
! <title>FAQ</title>
!
! <para></para>
! </section>
!
! <section id="qmail6">
! <title>References</title>
!
! <para>Some useful informations can be found at the following addresses:</para>
!
! <para>D.J. Bernstein's <ulink url="http://cr.yp.to/qmail.html">original
! qmail web site</ulink> is the first place to go.</para>
!
! <para>Russell Nelson maintains one of the best site around dedicated to
! <ulink url="http://www.qmail.org">qmail</ulink> and qmail related
! resources.</para>
!
! <para>Dave Sill famous <ulink \
url="http://www.lifewithqmail.org/lwq.html">"Life
! with qmail"</ulink> is also invaluable.</para>
!
! <para>Dave Mc Kenna maintains a <ulink
! url="http://www.flounder.net/qmail/qmail-howto.html">Qmail \
HOWTO</ulink>.</para>
! </section>
! </article>
\ No newline at end of file
Index: tinydns.xml
===================================================================
RCS file: /cvsroot/leaf/devel/jnilo/documentation/packages/tinydns.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** tinydns.xml 28 May 2003 13:30:30 -0000 1.2
--- tinydns.xml 19 Jan 2004 21:26:47 -0000 1.3
***************
*** 1,75 ****
! <?xml version="1.0" encoding='ISO-8859-1'?>
! <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" [
! ]>
! <book>
! <article id="tinydns"><title>Tinydns LEAF/LRP user's guide</title>
! <sect1 id="tinydns1"><title>What is tinydns ?</title>
! <sect2><title>About tinydns</title>
! <para>The <application>tinydns</application> program is a component of the djbdns \
package which was designed by <ulink url="http://cr.yp.to/djb.html">D.J. \
Bernstein</ulink> as a fast, <ulink \
url="http://cr.yp.to/djbdns/ad/security.html">secure</ulink> and reliable replacement \
to BIND (together with it's companion program dnscache). The key point is to \
understand the specific functionalities of the two programs:</para>
! <itemizedlist>
! <listitem><para>dnscache is a recursive resolver. It never serves authoritative \
data.</para></listitem>
! <listitem><para>tinydns is a content server which only serves authoritative \
data.</para></listitem>
! </itemizedlist>
! <para>On his <ulink url="http://www.djbdns.org">web site</ulink>, Russell Nelson \
states:</para>
! <para><quote>Tinydns does authoritative nameserving via UDP only; it does not do \
recursive nameserving, nor does it answer TCP queries (axfrdns does that). The only \
hosts that should ask tinydns for a host are recursive nameservers, such as those \
found in /etc/resolv.conf, like djbdns or bind. Tinydns should never be listed in \
/etc/resolv.conf. Tinydns interoperates properly with every authoritative and \
recursive nameserver I know of, and supporting all the standards needed to do \
so.</quote></para>
! <para>For more reasons to prefer djbdns package to BIND read <ulink \
url="http://cr.yp.to/djbdns/ad/cache.html">here</ulink> and for a more precise \
description of tinydns program read <ulink \
url="http://cr.yp.to/djbdns/tinydns.html">here</ulink>.</para>
! <para>I have tried to make the tinydns.lrp setup as simple as possible. You will be \
able to setup easily on your LEAF box an internal DNS (serving your private network), \
an external DNS (serving the Web) of both (the so-called "split-horizon" \
setup).</para>
! <para>When run with <ulink url="daemon.html">daemontl.lrp package</ulink>, this \
version of the tinydns.lrp package will automatically be run under svscan \
supervision. You will be allowed to generate a log file under multilog supervision \
which allows efficient output, automatic log rotation etc.</para>
! <para>When run without <ulink url="daemon.html">daemontl.lrp package</ulink>, this \
version of the tinydns.lrp will automatically be run under a standard System V \
script, but you won't be able to generate log files.</para>
! <tip>
! <para>Use the daemontl.lrp package when you first setup a DNS with tinydns. It will \
be useful for debugging. Once everything will be running, you can safely remove \
it.</para>
! </tip>
! </sect2>
! <sect2><title>Feedback</title>
! <para>Comment on this package can be sent to the author \
<email>jnilo@users.sourceforge.net</email>.</para>
! </sect2>
! <sect2><title>Acknowledgments and Thanks</title>
! <para>Thanks to everyone who help me on this work and especially the members of the \
<ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-devel">leaf-devel</ulink> \
and <ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-user">leaf-user</ulink> \
mailing list.</para>
! </sect2>
! <sect2><title>Changelog</title>
! <para>Current version: 1.05a - March 2002</para>
! <itemizedlist>
! <listitem><para>Documentation updated to include useful clarifications suggested by \
Matt Schalit</para></listitem>
! </itemizedlist>
! <para>Version: 1.05a - July 2001</para>
! <itemizedlist>
! <listitem><para><filename>/etc/init.d/tinydns</filename> script completely \
rewritten. Dependance on <filename>/etc/network.conf</filename> removed for better \
compatibility. Also takes care of a bug in LRP 2.9.8. in which directory attributes \
are not saved by backup.</para></listitem>
! <listitem><para>Tinydns can now be run as a "standalone" content server to the WEB. \
Won't even need daemontl.lrp nor dnscache.lrp.</para></listitem>
! <listitem><para>Startup script detects automatically if svscan is running. If yes \
tinydns is started under daemontools supervision which will provide tinydns log \
facilities. If not tinydns is started through a System V standard script and no log \
file is available.</para></listitem>
! <listitem><para>Log file now optional under daemontools supervision and moved to \
<filename class='directory'>/var/log/tinydns-private</filename> and <filename \
class='directory'>/var/log/tinydns-public</filename> \
directories.</para></listitem>
! <listitem><para>EXTERN and INTERN DNS types now replaced by PUBLIC and PRIVATE \
(more explicit and coherent with file names).</para></listitem>
! <listitem><para>The format of the \
<filename>/etc/tinydns-private/env/DOMAINS</filename> input file used to declare \
private domain names to dnscache has changed. Now only one entry per \
line.</para></listitem>
! <listitem><para>Programs moved from <filename \
class='directory'>/usr/local/bin</filename> to <filename \
class='directory'>/usr/bin.</filename></para></listitem>
! <listitem><para>Documentation completely rewritten in Docbook XML format for better \
compatibility.</para></listitem>
! </itemizedlist>
! <para>Original LEAF/LRP version: 1.05 - March 2001</para>
! </sect2>
! </sect1>
! <sect1 id="tinydns2"><title>Installing the tinydns.lrp package</title>
! <important>
! <para>Unless you just want to set-up a PUBLIC DNS serving the Web, you will need \
<ulink url="dnscache.html">dnscache</ulink> installed first ! Be sure to configure \
your <filename>/etc/resolv.conf</filename> to point to dnscache, not tinydns. See the \
<ulink url="dnscache.html">dnscache documentation</ulink> for how to setup that \
file.</para>
! </important>
! <para>Download the <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/packages/tinydns.lrp">tinydns.lrp</ulink> \
package an copy it to your LRP diskette. Optionnaly (if you want daemontools \
supervision and control over tinydns log files) download the <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/packages/daemontl.lrp">daemontl.lrp</ulink> \
package. Edit your <filename>syslinux.cfg</filename> file to add \
<application>daemontl</application> (if downloaded) and \
<application>tinydns</application> to the list of your \
packages.</para>
! <para>If <application>daemontl.lrp</application> is not loaded you are done. Reboot \
and the tinydns program should be up and running ! (check with <userinput>ps \
aux</userinput> command from the LRP console).</para>
! <para>If <application>daemontl.lrp</application> is loaded you will have to create \
tinydns and dnslog users if they are not yet created (which generally will be the \
case the first time you load the package, unless dnscache.lrp is already running \
under daemontl.lrp in which case dnslog user would have been already created). Create \
them by editing <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename> \
files.</para>
! <important>
! <para>Dachstein and Bering users don't need to create those users. They are \
provided in the standard <filename>/etc/passwd</filename> and \
<filename>/etc/shadow</filename> distribution files.</para>
! </important>
! <para>In <filename>/etc/passwd</filename>:</para>
! <screen>
dnslog:x:1000:100:::
tinydns:x:1002:100:::
</screen>
! <para>In <filename>/etc/shadow</filename>:</para>
! <screen>
dnslog:*:10091:0:99999:7:::
tinydns:*:10091:0:99999:7:::
</screen>
! <para>Backup <application>etc.lrp</application> trough the \
<userinput>lrcfg</userinput> backup command (to save the two users you have just \
created)!!; </para>
! <para>Reboot. Your <application>tinydns.lrp</application> package should be up and \
running !</para>
! </sect1>
! <sect1 id="tinydns3"><title>Setting the tinydns parameters</title>
! <para>The tinydns package LEAF configuration menu allow you to define the following \
parameters:</para>
! <screen>
tinydns configuration files
--- 1,224 ----
! <?xml version="1.0" encoding="UTF-8"?>
! <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
! "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
! <article id="tinydns">
! <title>Tinydns LEAF/LRP user's guide</title>
!
! <section id="tinydns1">
! <title>What is tinydns ?</title>
!
! <section>
! <title>About tinydns</title>
!
! <para>The <application>tinydns</application> program is a component of
! the djbdns package which was designed by <ulink
! url="http://cr.yp.to/djb.html">D.J. Bernstein</ulink> as a fast, <ulink
! url="http://cr.yp.to/djbdns/ad/security.html">secure</ulink> and
! reliable replacement to BIND (together with it's companion program
! dnscache). The key point is to understand the specific functionalities
! of the two programs:</para>
!
! <itemizedlist>
! <listitem>
! <para>dnscache is a recursive resolver. It never serves
! authoritative data.</para>
! </listitem>
!
! <listitem>
! <para>tinydns is a content server which only serves authoritative
! data.</para>
! </listitem>
! </itemizedlist>
!
! <para>On his <ulink url="http://www.djbdns.org">web site</ulink>,
! Russell Nelson states:</para>
!
! <para><quote>Tinydns does authoritative nameserving via UDP only; it
! does not do recursive nameserving, nor does it answer TCP queries
! (axfrdns does that). The only hosts that should ask tinydns for a host
! are recursive nameservers, such as those found in /etc/resolv.conf, like
! djbdns or bind. Tinydns should never be listed in /etc/resolv.conf.
! Tinydns interoperates properly with every authoritative and recursive
! nameserver I know of, and supporting all the standards needed to do \
so.</quote></para>
!
! <para>For more reasons to prefer djbdns package to BIND read <ulink
! url="http://cr.yp.to/djbdns/ad/cache.html">here</ulink> and for a more
! precise description of tinydns program read <ulink
! url="http://cr.yp.to/djbdns/tinydns.html">here</ulink>.</para>
!
! <para>I have tried to make the tinydns.lrp setup as simple as possible.
! You will be able to setup easily on your LEAF box an internal DNS
! (serving your private network), an external DNS (serving the Web) of
! both (the so-called "split-horizon" setup).</para>
!
! <para>When run with <ulink url="daemon.html">daemontl.lrp package</ulink>,
! this version of the tinydns.lrp package will automatically be run under
! svscan supervision. You will be allowed to generate a log file under
! multilog supervision which allows efficient output, automatic log
! rotation etc.</para>
!
! <para>When run without <ulink url="daemon.html">daemontl.lrp package</ulink>,
! this version of the tinydns.lrp will automatically be run under a
! standard System V script, but you won't be able to generate log
! files.</para>
!
! <tip>
! <para>Use the daemontl.lrp package when you first setup a DNS with
! tinydns. It will be useful for debugging. Once everything will be
! running, you can safely remove it.</para>
! </tip>
! </section>
!
! <section>
! <title>Feedback</title>
!
! <para>Comment on this package can be sent to the author \
<email>jnilo@users.sourceforge.net</email>.</para>
! </section>
!
! <section>
! <title>Acknowledgments and Thanks</title>
!
! <para>Thanks to everyone who help me on this work and especially the
! members of the <ulink
! url="http://lists.sourceforge.net/lists/listinfo/leaf-devel">leaf-devel</ulink>
! and <ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-user">leaf-user</ulink>
! mailing list.</para>
! </section>
!
! <section>
! <title>Changelog</title>
!
! <para>Current version: 1.05a - March 2002</para>
!
! <itemizedlist>
! <listitem>
! <para>Documentation updated to include useful clarifications
! suggested by Matt Schalit</para>
! </listitem>
! </itemizedlist>
!
! <para>Version: 1.05a - July 2001</para>
!
! <itemizedlist>
! <listitem>
! <para><filename>/etc/init.d/tinydns</filename> script completely
! rewritten. Dependance on <filename>/etc/network.conf</filename>
! removed for better compatibility. Also takes care of a bug in LRP
! 2.9.8. in which directory attributes are not saved by backup.</para>
! </listitem>
!
! <listitem>
! <para>Tinydns can now be run as a "standalone" content
! server to the WEB. Won't even need daemontl.lrp nor
! dnscache.lrp.</para>
! </listitem>
!
! <listitem>
! <para>Startup script detects automatically if svscan is running. If
! yes tinydns is started under daemontools supervision which will
! provide tinydns log facilities. If not tinydns is started through a
! System V standard script and no log file is available.</para>
! </listitem>
!
! <listitem>
! <para>Log file now optional under daemontools supervision and moved
! to <filename class="directory">/var/log/tinydns-private</filename>
! and <filename class="directory">/var/log/tinydns-public</filename>
! directories.</para>
! </listitem>
!
! <listitem>
! <para>EXTERN and INTERN DNS types now replaced by PUBLIC and PRIVATE
! (more explicit and coherent with file names).</para>
! </listitem>
!
! <listitem>
! <para>The format of the \
<filename>/etc/tinydns-private/env/DOMAINS</filename>
! input file used to declare private domain names to dnscache has
! changed. Now only one entry per line.</para>
! </listitem>
!
! <listitem>
! <para>Programs moved from <filename \
class="directory">/usr/local/bin</filename>
! to <filename class="directory">/usr/bin.</filename></para>
! </listitem>
!
! <listitem>
! <para>Documentation completely rewritten in Docbook XML format for
! better compatibility.</para>
! </listitem>
! </itemizedlist>
!
! <para>Original LEAF/LRP version: 1.05 - March 2001</para>
! </section>
! </section>
!
! <section id="tinydns2">
! <title>Installing the tinydns.lrp package</title>
!
! <important>
! <para>Unless you just want to set-up a PUBLIC DNS serving the Web, you
! will need <ulink url="dnscache.html">dnscache</ulink> installed first !
! Be sure to configure your <filename>/etc/resolv.conf</filename> to point
! to dnscache, not tinydns. See the <ulink url="dnscache.html">dnscache
! documentation</ulink> for how to setup that file.</para>
! </important>
!
! <para>Download the <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/tinydns.lrp">tinydns.lrp</ulink>
! package an copy it to your LRP diskette. Optionnaly (if you want
! daemontools supervision and control over tinydns log files) download the
! <ulink url="http://leaf.sourceforge.net/devel/jnilo/packages/daemontl.lrp">daemontl.lrp</ulink>
! package. Edit your <filename>syslinux.cfg</filename> file to add
! <application>daemontl</application> (if downloaded) and
! <application>tinydns</application> to the list of your packages.</para>
!
! <para>If <application>daemontl.lrp</application> is not loaded you are
! done. Reboot and the tinydns program should be up and running ! (check
! with <userinput>ps aux</userinput> command from the LRP console).</para>
!
! <para>If <application>daemontl.lrp</application> is loaded you will have
! to create tinydns and dnslog users if they are not yet created (which
! generally will be the case the first time you load the package, unless
! dnscache.lrp is already running under daemontl.lrp in which case dnslog
! user would have been already created). Create them by editing
! <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename>
! files.</para>
!
! <important>
! <para>Dachstein and Bering users don't need to create those users.
! They are provided in the standard <filename>/etc/passwd</filename> and
! <filename>/etc/shadow</filename> distribution files.</para>
! </important>
!
! <para>In <filename>/etc/passwd</filename>:</para>
!
! <screen>
dnslog:x:1000:100:::
tinydns:x:1002:100:::
</screen>
!
! <para>In <filename>/etc/shadow</filename>:</para>
!
! <screen>
dnslog:*:10091:0:99999:7:::
tinydns:*:10091:0:99999:7:::
</screen>
!
! <para>Backup <application>etc.lrp</application> trough the
! <userinput>lrcfg</userinput> backup command (to save the two users you
! have just created)!!;</para>
!
! <para>Reboot. Your <application>tinydns.lrp</application> package should
! be up and running !</para>
! </section>
!
! <section id="tinydns3">
! <title>Setting the tinydns parameters</title>
!
! <para>The tinydns package LEAF configuration menu allow you to define the
! following parameters:</para>
!
! <screen>
tinydns configuration files
***************
*** 90,112 ****
Selection:
</screen>
! <important>
! <para>If tinydns is already running, restart it with the tinydns script \
(<userinput>/etc/init.d/tinydns restart</userinput>) for any change in the following \
tinydns parameters to take effect.</para>
! </important>
! <sect2><title>Set DNS type (PRIVATE, PUBLIC or BOTH)</title>
! <para>You just have to type in one of the following parameters:</para>
! <itemizedlist>
! <listitem><para>PRIVATE : a tinydns program will be launched to serve a private dns \
server (for internal network only) </para></listitem>
! <listitem><para>PUBLIC : a tinydns program will be launched to serve a public dns \
server (accessible from the web) </para></listitem>
! <listitem><para>BOTH :two tinydns programs will be launched to serve both a private \
& public dns servers</para></listitem>
! </itemizedlist>
! </sect2>
! <sect2><title>Internal DNS IP address</title>
! <para>Enter here the address of your internal DNS. Default (127.0.0.1) should be OK \
in most cases. Even though some of the djbdns docs describe this as 192.168.1.254, \
they are refering to running tinydns without dnscache. In the case where you use both \
you must then setup tinydns to listen on 127.0.0.1.</para>
! </sect2>
! <sect2><title>Edit private DNS server data file</title>
! <para>(to be done if DNSTYPE = PRIVATE or BOTH)</para>
! <para>Let's assume the following example: the internal address of the LEAF box is \
supposed to be 192.168.1.254, for the 192.168.1.0/24 network used on the inside of \
the firewall. The internal DNS will serve private names including \
example1.private.network and example2.private.network to the inside network only, as \
well as myrouter.private.network for its own internal \
interface.</para>
! <para>Edit the private DNS server data file ( \
<filename>/etc/tinydns-private/root/data</filename> ) and type \
:</para>
! <programlisting>
.private.network::ns1.private.network
.1.168.192.in-addr.arpa::ns1.private.network
--- 239,298 ----
Selection:
</screen>
!
! <important>
! <para>If tinydns is already running, restart it with the tinydns script
! (<userinput>/etc/init.d/tinydns restart</userinput>) for any change in
! the following tinydns parameters to take effect.</para>
! </important>
!
! <section>
! <title>Set DNS type (PRIVATE, PUBLIC or BOTH)</title>
!
! <para>You just have to type in one of the following parameters:</para>
!
! <itemizedlist>
! <listitem>
! <para>PRIVATE : a tinydns program will be launched to serve a
! private dns server (for internal network only)</para>
! </listitem>
!
! <listitem>
! <para>PUBLIC : a tinydns program will be launched to serve a public
! dns server (accessible from the web)</para>
! </listitem>
!
! <listitem>
! <para>BOTH :two tinydns programs will be launched to serve both a
! private & public dns servers</para>
! </listitem>
! </itemizedlist>
! </section>
!
! <section>
! <title>Internal DNS IP address</title>
!
! <para>Enter here the address of your internal DNS. Default (127.0.0.1)
! should be OK in most cases. Even though some of the djbdns docs describe
! this as 192.168.1.254, they are refering to running tinydns without
! dnscache. In the case where you use both you must then setup tinydns to
! listen on 127.0.0.1.</para>
! </section>
!
! <section>
! <title>Edit private DNS server data file</title>
!
! <para>(to be done if DNSTYPE = PRIVATE or BOTH)</para>
!
! <para>Let's assume the following example: the internal address of
! the LEAF box is supposed to be 192.168.1.254, for the 192.168.1.0/24
! network used on the inside of the firewall. The internal DNS will serve
! private names including example1.private.network and
! example2.private.network to the inside network only, as well as
! myrouter.private.network for its own internal interface.</para>
!
! <para>Edit the private DNS server data file ( \
<filename>/etc/tinydns-private/root/data</filename>
! ) and type :</para>
!
! <programlisting>
.private.network::ns1.private.network
.1.168.192.in-addr.arpa::ns1.private.network
***************
*** 116,130 ****
=example2.private.network:192.168.1.2
</programlisting>
! <para>An entry that starts with an = sign creates both A and PTR records that allow \
a name to be translated to an address and that same address to "reverse-resolve" back \
to the same name. A entry with a + only creates an A record. Those + entries are used \
to add another name to an address that's already assigned a name. The ns1 entry above \
is an alias because 127.0.0.1 always refers to the name "localhost" to start \
with.</para>
! </sect2>
! <sect2><title>External DNS IP address</title>
! <para>Enter here the address of your external DNS. In most cases it will the the \
external address of your LEAF box.</para>
! </sect2>
! <sect2><title>Edit public DNS server data file</title>
! <para>(to be done if DNS type = PUBLIC or BOTH)</para>
! <para>First make sure you have a fixed IP on your external LEAF interface !</para>
! <para>Then let's assume the following example: the external IP address of your LEAF \
box is supposed to be 1.2.3.4. That's the publicly-visible IP address that will be \
used for the public nameserver (ns1.external.com). The inside address of the LEAF box \
is supposed to be 192.168.1.254 for the 192.168.1.0/24 network used on the inside of \
the firewall. The firewall will be known publicly as LEAF.external.com , and will \
have alternate names ns1.external.com and smtp.external.com. You also want \
smtp.external.com to be declared as a mail server.</para>
! <para>Edit the public DNS server data file (/etc/tinydns-public/root/data) and type \
:</para>
! <programlisting>
.external.com::ns1.external.com
.3.2.1.in-addr.arpa::ns1.external.com
--- 302,343 ----
=example2.private.network:192.168.1.2
</programlisting>
!
! <para>An entry that starts with an = sign creates both A and PTR records
! that allow a name to be translated to an address and that same address
! to "reverse-resolve" back to the same name. A entry with a +
! only creates an A record. Those + entries are used to add another name
! to an address that's already assigned a name. The ns1 entry above is
! an alias because 127.0.0.1 always refers to the name "localhost"
! to start with.</para>
! </section>
!
! <section>
! <title>External DNS IP address</title>
!
! <para>Enter here the address of your external DNS. In most cases it will
! the the external address of your LEAF box.</para>
! </section>
!
! <section>
! <title>Edit public DNS server data file</title>
!
! <para>(to be done if DNS type = PUBLIC or BOTH)</para>
!
! <para>First make sure you have a fixed IP on your external LEAF
! interface !</para>
!
! <para>Then let's assume the following example: the external IP
! address of your LEAF box is supposed to be 1.2.3.4. That's the
! publicly-visible IP address that will be used for the public nameserver
! (ns1.external.com). The inside address of the LEAF box is supposed to be
! 192.168.1.254 for the 192.168.1.0/24 network used on the inside of the
! firewall. The firewall will be known publicly as LEAF.external.com , and
! will have alternate names ns1.external.com and smtp.external.com. You
! also want smtp.external.com to be declared as a mail server.</para>
!
! <para>Edit the public DNS server data file
! (/etc/tinydns-public/root/data) and type :</para>
!
! <programlisting>
.external.com::ns1.external.com
.3.2.1.in-addr.arpa::ns1.external.com
***************
*** 134,228 ****
+smtp.external.com:1.2.3.4
</programlisting>
! <para>You just have learned the basics of DNS records definition !</para>
! <table frame="all" tocentry='0'>
! <title>DNS record type</title>
! <tgroup cols='2' align='center'>
! <thead>
! <row>
! <entry>This</entry>
! <entry>creates this</entry>
! </row>
! </thead>
! <tbody>
! <row>
! <entry>.</entry>
! <entry>SOA,NS,A</entry>
! </row>
! <row>
! <entry>&</entry>
! <entry>NS,A</entry>
! </row>
! <row>
! <entry>@</entry>
! <entry>MX,A</entry>
! </row>
! <row>
! <entry>=</entry>
! <entry>PTR,A</entry>
! </row>
! <row>
! <entry>+</entry>
! <entry>A</entry>
! </row>
! </tbody>
! </tgroup>
! </table>
! <para>For more you will have to read the doc. See the reference section \
below</para>
! <important>
! <para>To create a PUBLIC DNS you will have to tell your registrar to delegate \
external.com to the server ns1.external.com running on IP address \
1.2.3.4.</para>
! <para>You also have to tell the administrator of 2.1.in-addr.arpa to delegate \
3.2.1.in-addr.arpa to the server a.ns.3.2.1.in-addr.arpa running on IP address \
1.2.3.4.</para>
! </important>
! </sect2>
! <sect2><title>Declare private domain(s)</title>
! <para>(to be done if DNSTYPE = PRIVATE or BOTH)</para>
! <para>This file contains the list of internal domain names and the corresponding \
in-addr.arpa address. For each domain declared internally, you type in the domain \
name and the in-addr.arpa address. For the example given in 3.3. above you will type \
in (one declaration per line):</para>
! <programlisting>
internal.net
1.168.192.in-addr.arpa
</programlisting>
! <para>This information, stored in \
<filename>/etc/tinydns-private/env/DOMAINS</filename>, will be used to declare the \
internal domains to dnscache so that they are queried directly from the internal dns \
server.</para>
! </sect2>
! <sect2><title>Y to generate private tinydns log</title>
! <para>If you set this parameter to <userinput>YES</userinput>, private tinydns log \
file will be generated (if daemontl.lrp is not loaded, this parameter has no \
effect).</para>
! </sect2>
! <sect2><title>Multilog private tinydns parameters</title>
! <para>You can control the size and the content of the output generated by tinydns \
very easily through the options of the multilog program. If private tinydns log \
parameter is set to <userinput>YES</userinput>, output will be generated in <filename \
class="directory">/var/log/tinydns-private</filename> in files with a max size of \
100K. The log files are created by multilog, which is executed by the \
<filename>/etc/tinydns-private/log/run</filename> script. By default, it keeps 10 \
logs of about 100 KB each. If you want to make them smaller use this option to edit \
the <filename>/etc/tinydns-private/log/run</filename> and change \
this line:</para>
! <programlisting>
exec setuidgid dnslog multilog t /var/log/tinydns-private
</programlisting>
! <para>to this (for example):</para>
! <programlisting>
exec setuidgid dnslog multilog t s50000 n5 /var/log/tinydns-private
</programlisting>
! <para>That would keep 5 (n5) logs of size 50KB (s50000) each.</para>
! <para>If you just want to turn off the logging set the private tinydns log \
parameter to <userinput>NO</userinput>.</para>
! <para>Multilog is a very powerful log monitoring tools and can allow you to output \
only those fields you are interested in. Check the documentation <ulink \
url="http://cr.yp.to/daemontools/multilog.html">here</ulink>.</para>
! <important>
! <para>Daemontl.lrp <emphasis>must</emphasis> be loaded for any change in multilog \
private tinydns parameters to take effect.</para>
! </important>
! </sect2>
! <sect2><title>Y to generate public tinydns log</title>
! <para>If you set this parameter to <userinput>YES</userinput>, public tinydns log \
file will be generated (if daemontl.lrp is not loaded, this parameter has no \
effect).</para>
! </sect2>
! <sect2><title>Multilog public tinydns parameters</title>
! <para>You can control the size and the content of the output generated by tinydns \
very easily through the options of the multilog program. If public tinydns log \
parameter is set to <userinput>YES</userinput>, output will be generated in <filename \
class="directory">/var/log/tinydns-pulic</filename> in files with a max size of 100K. \
The log files are created by multilog, which is executed by the \
<filename>/etc/tinydns-public/log/run</filename> script. By default, it keeps 10 logs \
of about 100 KB each. If you want to make them smaller use this option to edit the \
<filename>/etc/tinydns-public/log/run</filename> and change this \
line:</para>
! <programlisting>
exec setuidgid dnslog multilog t /var/log/tinydns-public
</programlisting>
! <para>to this (for example):</para>
! <programlisting>
exec setuidgid dnslog multilog t s50000 n5 /var/log/tinydns-public
</programlisting>
! <para>That would keep 5 (n5) logs of size 50KB (s50000) each.</para>
! <para>If you just want to turn off the logging set the public tinydns log parameter \
to <userinput>NO</userinput>.</para>
! <para>Multilog is a very powerful log monitoring tools and can allow you to output \
only those fields you are interested in. Check the documentation <ulink \
url="http://cr.yp.to/daemontools/multilog.html">here</ulink>.</para>
! <important>
! <para>Daemontl.lrp <emphasis>must</emphasis> be loaded for any change in multilog \
public tinydns parameters to take effect.</para>
! </important>
! </sect2>
! </sect1>
! <sect1 id="tinydns4"><title>Checking everything is working</title>
! <para>The output of <userinput>ps aux</userinput> command should give something \
like:</para>
! <programlisting>
firewall: -root-
# ps aux
--- 347,533 ----
+smtp.external.com:1.2.3.4
</programlisting>
!
! <para>You just have learned the basics of DNS records definition !</para>
!
! <table frame="all" tocentry="0">
! <title>DNS record type</title>
!
! <tgroup align="center" cols="2">
! <thead>
! <row>
! <entry>This</entry>
!
! <entry>creates this</entry>
! </row>
! </thead>
!
! <tbody>
! <row>
! <entry>.</entry>
!
! <entry>SOA,NS,A</entry>
! </row>
!
! <row>
! <entry>&</entry>
!
! <entry>NS,A</entry>
! </row>
!
! <row>
! <entry>@</entry>
!
! <entry>MX,A</entry>
! </row>
!
! <row>
! <entry>=</entry>
!
! <entry>PTR,A</entry>
! </row>
!
! <row>
! <entry>+</entry>
!
! <entry>A</entry>
! </row>
! </tbody>
! </tgroup>
! </table>
!
! <para>For more you will have to read the doc. See the reference section
! below</para>
!
! <important>
! <para>To create a PUBLIC DNS you will have to tell your registrar to
! delegate external.com to the server ns1.external.com running on IP
! address 1.2.3.4.</para>
!
! <para>You also have to tell the administrator of 2.1.in-addr.arpa to
! delegate 3.2.1.in-addr.arpa to the server a.ns.3.2.1.in-addr.arpa
! running on IP address 1.2.3.4.</para>
! </important>
! </section>
!
! <section>
! <title>Declare private domain(s)</title>
!
! <para>(to be done if DNSTYPE = PRIVATE or BOTH)</para>
!
! <para>This file contains the list of internal domain names and the
! corresponding in-addr.arpa address. For each domain declared internally,
! you type in the domain name and the in-addr.arpa address. For the
! example given in 3.3. above you will type in (one declaration per \
line):</para>
!
! <programlisting>
internal.net
1.168.192.in-addr.arpa
</programlisting>
!
! <para>This information, stored in \
<filename>/etc/tinydns-private/env/DOMAINS</filename>,
! will be used to declare the internal domains to dnscache so that they
! are queried directly from the internal dns server.</para>
! </section>
!
! <section>
! <title>Y to generate private tinydns log</title>
!
! <para>If you set this parameter to <userinput>YES</userinput>, private
! tinydns log file will be generated (if daemontl.lrp is not loaded, this
! parameter has no effect).</para>
! </section>
!
! <section>
! <title>Multilog private tinydns parameters</title>
!
! <para>You can control the size and the content of the output generated
! by tinydns very easily through the options of the multilog program. If
! private tinydns log parameter is set to <userinput>YES</userinput>,
! output will be generated in <filename \
class="directory">/var/log/tinydns-private</filename>
! in files with a max size of 100K. The log files are created by multilog,
! which is executed by the <filename>/etc/tinydns-private/log/run</filename>
! script. By default, it keeps 10 logs of about 100 KB each. If you want
! to make them smaller use this option to edit the \
<filename>/etc/tinydns-private/log/run</filename>
! and change this line:</para>
!
! <programlisting>
exec setuidgid dnslog multilog t /var/log/tinydns-private
</programlisting>
!
! <para>to this (for example):</para>
!
! <programlisting>
exec setuidgid dnslog multilog t s50000 n5 /var/log/tinydns-private
</programlisting>
!
! <para>That would keep 5 (n5) logs of size 50KB (s50000) each.</para>
!
! <para>If you just want to turn off the logging set the private tinydns
! log parameter to <userinput>NO</userinput>.</para>
!
! <para>Multilog is a very powerful log monitoring tools and can allow you
! to output only those fields you are interested in. Check the
! documentation <ulink \
url="http://cr.yp.to/daemontools/multilog.html">here</ulink>.</para>
!
! <important>
! <para>Daemontl.lrp <emphasis>must</emphasis> be loaded for any change
! in multilog private tinydns parameters to take effect.</para>
! </important>
! </section>
!
! <section>
! <title>Y to generate public tinydns log</title>
!
! <para>If you set this parameter to <userinput>YES</userinput>, public
! tinydns log file will be generated (if daemontl.lrp is not loaded, this
! parameter has no effect).</para>
! </section>
!
! <section>
! <title>Multilog public tinydns parameters</title>
!
! <para>You can control the size and the content of the output generated
! by tinydns very easily through the options of the multilog program. If
! public tinydns log parameter is set to <userinput>YES</userinput>,
! output will be generated in <filename \
class="directory">/var/log/tinydns-pulic</filename>
! in files with a max size of 100K. The log files are created by multilog,
! which is executed by the <filename>/etc/tinydns-public/log/run</filename>
! script. By default, it keeps 10 logs of about 100 KB each. If you want
! to make them smaller use this option to edit the \
<filename>/etc/tinydns-public/log/run</filename>
! and change this line:</para>
!
! <programlisting>
exec setuidgid dnslog multilog t /var/log/tinydns-public
</programlisting>
!
! <para>to this (for example):</para>
!
! <programlisting>
exec setuidgid dnslog multilog t s50000 n5 /var/log/tinydns-public
</programlisting>
!
! <para>That would keep 5 (n5) logs of size 50KB (s50000) each.</para>
!
! <para>If you just want to turn off the logging set the public tinydns
! log parameter to <userinput>NO</userinput>.</para>
!
! <para>Multilog is a very powerful log monitoring tools and can allow you
! to output only those fields you are interested in. Check the
! documentation <ulink \
url="http://cr.yp.to/daemontools/multilog.html">here</ulink>.</para>
!
! <important>
! <para>Daemontl.lrp <emphasis>must</emphasis> be loaded for any change
! in multilog public tinydns parameters to take effect.</para>
! </important>
! </section>
! </section>
!
! <section id="tinydns4">
! <title>Checking everything is working</title>
!
! <para>The output of <userinput>ps aux</userinput> command should give
! something like:</para>
!
! <programlisting>
firewall: -root-
# ps aux
***************
*** 238,260 ****
firewall: -root-
</programlisting>
! <para>If dnscache log parameter is set to NO, the multilog t /var/log/dnscache and \
the supervise log entries won't appear.</para>
! </sect1>
! <sect1 id="tinydns5"><title>FAQs</title>
! <sect2><title>How and where are saved my dns data files ?</title>
! <para>DNS data files are saved in /etc/tinydns-public/root/ and \
/etc/tinydns-private/root/ directories. The tinydns program uses as an input a \
data.cdb files which will be automatically created if it does not exists or if data \
file is more recent than data.cdb. When you backup your tinydns.lrp package, only the \
data files are backuped in order to save space.</para>
! </sect2>
! <sect2><title>I have made modification in my DNS data file. When will they be taken \
into account ?</title>
! <para>Just type: <userinput>/etc/init.d/tinydns restart</userinput>. The DNS \
server(s) will be restarted.</para>
! </sect2>
! </sect1>
! <sect1 id="tinydns6"><title>References</title>
! <para>Some useful informations can be found at the following addresses:</para>
! <para>D.J. Bernstein original <ulink url="http://cr.yp.to/djbdns.html">djbdns \
page</ulink> is obviously the first reference to consider. He also has a <ulink \
url="http://cr.yp.to/djbdns/faq.html">FAQ</ulink>.</para>
! <para>If you are planning to migrate from BIND, look at <ulink \
url="http://cr.yp.to/djbdns/frombind.html">DJB page</ulink> on the \
subject.</para>
! <para>Russell Nelson has an unofficial <ulink url="http://www.djbdns.org">djbdns \
web site</ulink> which contains a lot of interesting links.</para>
! <para>Henning Brauer maintains a <ulink url="http://www.lifewithdjbdns.org">"Life \
with djbdns"</ulink> Web page.</para>
! <para>Felix von Leitner has a <ulink url="http://www.fefe.de/djbdns/">FAQ</ulink> \
which explains the "split horizon" DNS setup.</para>
! <para>All you want to know about the differences between a proxy DNS server (i.e. \
dnscache) and a content DNS server (i.e. tinydns) can be found <ulink \
url="http://homepages.tesco.net/~J.deBoynePollard/FGA/dns-server-roles.html">here.</ulink></para>
! </sect1>
! </article>
! </book>
--- 543,601 ----
firewall: -root-
</programlisting>
!
! <para>If dnscache log parameter is set to NO, the multilog t
! /var/log/dnscache and the supervise log entries won't appear.</para>
! </section>
!
! <section id="tinydns5">
! <title>FAQs</title>
!
! <section>
! <title>How and where are saved my dns data files ?</title>
!
! <para>DNS data files are saved in /etc/tinydns-public/root/ and
! /etc/tinydns-private/root/ directories. The tinydns program uses as an
! input a data.cdb files which will be automatically created if it does
! not exists or if data file is more recent than data.cdb. When you backup
! your tinydns.lrp package, only the data files are backuped in order to
! save space.</para>
! </section>
!
! <section>
! <title>I have made modification in my DNS data file. When will they be
! taken into account ?</title>
!
! <para>Just type: <userinput>/etc/init.d/tinydns restart</userinput>. The
! DNS server(s) will be restarted.</para>
! </section>
! </section>
!
! <section id="tinydns6">
! <title>References</title>
!
! <para>Some useful informations can be found at the following addresses:</para>
!
! <para>D.J. Bernstein original <ulink url="http://cr.yp.to/djbdns.html">djbdns
! page</ulink> is obviously the first reference to consider. He also has a
! <ulink url="http://cr.yp.to/djbdns/faq.html">FAQ</ulink>.</para>
!
! <para>If you are planning to migrate from BIND, look at <ulink
! url="http://cr.yp.to/djbdns/frombind.html">DJB page</ulink> on the
! subject.</para>
!
! <para>Russell Nelson has an unofficial <ulink \
url="http://www.djbdns.org">djbdns
! web site</ulink> which contains a lot of interesting links.</para>
!
! <para>Henning Brauer maintains a <ulink
! url="http://www.lifewithdjbdns.org">"Life with djbdns"</ulink> Web
! page.</para>
!
! <para>Felix von Leitner has a <ulink \
url="http://www.fefe.de/djbdns/">FAQ</ulink>
! which explains the "split horizon" DNS setup.</para>
!
! <para>All you want to know about the differences between a proxy DNS
! server (i.e. dnscache) and a content DNS server (i.e. tinydns) can be
! found <ulink
! url="http://homepages.tesco.net/~J.deBoynePollard/FGA/dns-server-roles.html">here.</ulink></para>
! </section>
! </article>
\ No newline at end of file
Index: vmailmgr.xml
===================================================================
RCS file: /cvsroot/leaf/devel/jnilo/documentation/packages/vmailmgr.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** vmailmgr.xml 28 May 2003 13:30:30 -0000 1.2
--- vmailmgr.xml 19 Jan 2004 21:26:47 -0000 1.3
***************
*** 1,147 ****
! <?xml version="1.0" encoding='ISO-8859-1'?>
! <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" [
! ]>
! <book>
! <article id="vmailmgr"><title>vmailmgr LEAF/LRP user's guide</title>
! <sect1 id="vmailmgr1"><title>About vmailmgr</title>
! <sect2><title>What is vmailmgr?</title>
! <para>Vmailmgr is a package designed to manage multiple domains of E-mail addresses \
& mailboxes on a single box working with qmail.</para>
! <para> This package has been developed & is supported by B. Guenter & D. \
Kuykendall. Auto-responder, a qmail auto-responder program written by B. Guenter, \
has been added to the package.</para>
! <para>Current version is 1.03. </para>
! <para>See the reference section for useful links and references.</para>
! </sect2>
! <sect2><title>Feedback</title>
! <para>Comment on this package can be sent to the author \
<email>jnilo@users.sourceforge.net</email>.</para>
! </sect2>
! <sect2><title>Acknowledgments and Thanks</title>
! <para>Thanks to everyone who help me on this work and especially the members of the \
<ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-devel">leaf-devel</ulink> \
and <ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-user">leaf-user</ulink> \
mailing list.</para>
! </sect2>
! <sect2><title>Changelog</title>
! <para>Current version: 0.96.9a - 14 July 2001</para>
! <itemizedlist>
! <listitem><para>Documentation completely rewritten in Docbook XML format for better \
compatibility.</para></listitem>
! </itemizedlist>
! <para>Original version: 0.96.9 - 20 May 2001</para>
! </sect2>
! </sect1>
! <sect1 id="vmailmgr2"><title>Installing the vmailmgr.lrp package</title>
! <para>Download the <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/packages/vmailmgr.lrp">vmailmgr.lrp</ulink> \
package. Copy the package to your LRP diskette. Edit your \
<filename>syslinux.cfg</filename> file to add <application>vmailmgr</application> to \
the list of your packages.</para>
! <para>Reboot.</para>
! <important>
! <para>Be sure that qmail is up and running before playing around with vmailmgr \
:-)</para>
! </important>
! </sect1>
! <sect1 id="vmailmgr3"><title>Configuring vmailmgr</title>
! <para></para>
! </sect1>
! <sect1 id="vmailmgr4"><title>Using vmailmgr</title>
! <sect2><title>Multiple domain setup</title>
! <para>I assume that qmail sysadmin account is lrpqmail. Once the vmailmgr package \
is loaded, log on your LRP console under lrpqmail. Then type:</para>
! <programlisting>
! vsetup
! vadduser john.doe
! </programlisting>
! <para>The first command will initialize the vmailmgr environment. It will create \
<filename>/lrpqmail/users</filename> directory & passwd \
database.</para>
! <para>The second command will add user <userinput>john.doe</userinput>.</para>
! <para>You can add as many users as you want. You can define quotas and many other \
parameters. See the parameters <ulink \
url="http://www.vmailmgr.org/docs/configuration.html">documentation</ulink> for \
details.</para>
! <para>All the control parameters are in <filename>/etc/vmailmgr</filename>. Other \
available commands (type commandname -h for help) are:</para>
! <table frame="all">
! <title>vmailmgr extra commands</title>
! <tgroup cols='2' align='left'>
! <thead>
! <row>
! <entry>Program</entry>
! <entry>purpose</entry>
! </row>
! </thead>
! <tbody>
! <row>
! <entry><emphasis>vaddalias</emphasis></entry>
! <entry>add an alias</entry>
! </row>
! <row>
! <entry><emphasis>vdeluser</emphasis></entry>
! <entry>delete a user from a virtual domain</entry>
! </row>
! <row>
! <entry><emphasis>vchattr</emphasis></entry>
! <entry>change a virtual user attribute</entry>
! </row>
! <row>
! <entry><emphasis>vchforwards</emphasis></entry>
! <entry>change a virtual user forwarding adress</entry>
! </row>
! <row>
! <entry><emphasis>listvdomain</emphasis></entry>
! <entry>list the members of a virtual domain</entry>
! </row>
! <row>
! <entry><emphasis>vpasswd</emphasis></entry>
! <entry>change a user password</entry>
! </row>
! </tbody>
! </tgroup>
! </table>
! <para>If you want to add new domains you have to create a new LRP account for each \
domain and repeat the previous commands.</para>
! <para>Now in <filename>/var/qmail/control/virtualdomains</filename> file \
add:</para>
! <programlisting>
! mydomain.com:lrpqmail
! </programlisting>
! <para>For mail directed to other domains add:</para>
! <programlisting>
! anotherdomain.com:another_lrp_account
! </programlisting>
! <para>Make sure mydomain.com and anotherdomain.com are not in \
<filename>/var/qmail/control/locals</filename>.</para>
! <para>Finally modify the <filename>/var/qmail/service/pop3d/run</filename> file \
through qmail package configuration menu and replace checkpassword by \
checkvpw.</para>
! <para>Your file should look like:</para>
! <programlisting>
! # cat run
! #!/bin/sh
! exec /usr/bin/softlimit -m 2000000 \
! /usr/bin/tcpserver -v -R 0 pop-3 /var/qmail/bin/qmail-popup \
! mail.mydomain.com /usr/bin/checkvpw /var/qmail/bin/qmail-pop3d \
! Maildir 2>&1
! </programlisting>
! <para>Save qmail.lrp and restart qmail by issuing <userinput>/etc/init.d/qmail \
restart</userinput>.</para>
! <para>The mail for <email>john.doe@mydomain.com</email> will be redirected in \
john.doe mailbox created under the lrpqmail account.</para>
! <para>To get access to your mail through the POP3 server, the user will be declared \
as<email>john.doe@mydomain.com</email> and you will give the password given when the \
user was created with the vadduser command.</para>
! <warning>
! <para>Netscape user's, be careful: the text after @ will be ignored. Replace it \
with : (i.e. john.doe:mydomain.com ).</para>
! </warning>
! </sect2>
! <sect2><title>Single domain setup</title>
! <para>If you serve mail for a unique domain (mydomain.com), you can configure your \
package so that you do not have to fill <email>@mydomain.com</email> after the user's \
name (i.e. john.doe) in your mail client POP3 server \
configuration.</para>
! <para>Through the qmail package configuration menu, add:</para>
! <para>In the <filename>me</filename> file:</para>
! <programlisting>
! mail.mydomain.com
! </programlisting>
! <important>
! <para>a MX record must be declared for mail.mydomain.com</para>
! </important>
! <para>In the <filename>virtualdomains</filename> file:</para>
! <programlisting>
! mydomain.com:lrpqmail
! mail.mydomain.com:lrpqmail
! </programlisting>
! <para>Finally modify the <filename>/var/qmail/service/pop3d/run</filename> script \
and add <userinput>mail.mydomain.com</userinput> in the tcpserver \
parameters:</para>
! <programlisting>
! # cat run
! #!/bin/sh
! exec /usr/bin/softlimit -m 2000000 \
! /usr/bin/tcpserver -v -R -l mail.mydomain.com 0 pop-3 /var/qmail/bin/qmail-popup \
! mail.mydomain.com /usr/bin/checkvpw /var/qmail/bin/qmail-pop3d \
! Maildir 2>&1
! </programlisting>
! </sect2>
! </sect1>
! <sect1 id="vmailmgr5"><title>The vmailmgrd daemon</title>
! <para>This daemon is provided in the <ulink \
url="http://leaf.sourceforge.net/devel/jnilo/packages/vmailmgrd.lrp">vmailmgrd.lrp</ulink> \
package. You will only need it if you plan to administer your mail account through \
the Web.</para>
! </sect1>
! <sect1 id="vmailmgr6"><title>References</title>
! <para>Some useful informations can be found at the following adresses:</para>
! <para>The official site is <ulink \
url="http://www.vmailmgr.org">http://www.vmailmgr.org</ulink>. There is an <ulink \
url="http://www.vmailmgr.org/docs/HOWTO.html">How-To</ulink> and a <ulink \
url="http://www.vmailmgr.org/docs/FAQ.html">FAQ</ulink>.</para>
! <para>The autoresponder site is <ulink \
url="http://untroubled.org/qmail-autoresponder">here</ulink>.</para>
! </sect1>
! </article>
! </book>
--- 1,274 ----
! <?xml version="1.0" encoding="UTF-8"?>
! <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
! "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
! <article id="vmailmgr">
! <title>vmailmgr LEAF/LRP user's guide</title>
!
! <section id="vmailmgr1">
! <title>About vmailmgr</title>
!
! <section>
! <title>What is vmailmgr?</title>
!
! <para>Vmailmgr is a package designed to manage multiple domains of
! E-mail addresses & mailboxes on a single box working with qmail.</para>
!
! <para>This package has been developed & is supported by B. Guenter
! & D. Kuykendall. Auto-responder, a qmail auto-responder program
! written by B. Guenter, has been added to the package.</para>
!
! <para>Current version is 1.03.</para>
!
! <para>See the reference section for useful links and references.</para>
! </section>
!
! <section>
! <title>Feedback</title>
!
! <para>Comment on this package can be sent to the author \
<email>jnilo@users.sourceforge.net</email>.</para>
! </section>
!
! <section>
! <title>Acknowledgments and Thanks</title>
!
! <para>Thanks to everyone who help me on this work and especially the
! members of the <ulink
! url="http://lists.sourceforge.net/lists/listinfo/leaf-devel">leaf-devel</ulink>
! and <ulink url="http://lists.sourceforge.net/lists/listinfo/leaf-user">leaf-user</ulink>
! mailing list.</para>
! </section>
!
! <section>
! <title>Changelog</title>
!
! <para>Current version: 0.96.9a - 14 July 2001</para>
!
! <itemizedlist>
! <listitem>
! <para>Documentation completely rewritten in Docbook XML format for
! better compatibility.</para>
! </listitem>
! </itemizedlist>
!
! <para>Original version: 0.96.9 - 20 May 2001</para>
! </section>
! </section>
!
! <section id="vmailmgr2">
! <title>Installing the vmailmgr.lrp package</title>
!
! <para>Download the <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/vmailmgr.lrp">vmailmgr.lrp</ulink>
! package. Copy the package to your LRP diskette. Edit your
! <filename>syslinux.cfg</filename> file to add \
<application>vmailmgr</application>
! to the list of your packages.</para>
!
! <para>Reboot.</para>
!
! <important>
! <para>Be sure that qmail is up and running before playing around with
! vmailmgr :-)</para>
! </important>
! </section>
!
! <section id="vmailmgr3">
! <title>Configuring vmailmgr</title>
!
! <para></para>
! </section>
!
! <section id="vmailmgr4">
! <title>Using vmailmgr</title>
!
! <section>
! <title>Multiple domain setup</title>
!
! <para>I assume that qmail sysadmin account is lrpqmail. Once the
! vmailmgr package is loaded, log on your LRP console under lrpqmail. Then
! type:</para>
!
! <programlisting>
! vsetup
! vadduser john.doe
! </programlisting>
!
! <para>The first command will initialize the vmailmgr environment. It
! will create <filename>/lrpqmail/users</filename> directory & passwd
! database.</para>
!
! <para>The second command will add user \
<userinput>john.doe</userinput>.</para>
!
! <para>You can add as many users as you want. You can define quotas and
! many other parameters. See the parameters <ulink
! url="http://www.vmailmgr.org/docs/configuration.html">documentation</ulink>
! for details.</para>
!
! <para>All the control parameters are in <filename>/etc/vmailmgr</filename>.
! Other available commands (type commandname -h for help) are:</para>
!
! <table frame="all">
! <title>vmailmgr extra commands</title>
!
! <tgroup align="left" cols="2">
! <thead>
! <row>
! <entry>Program</entry>
!
! <entry>purpose</entry>
! </row>
! </thead>
!
! <tbody>
! <row>
! <entry><emphasis>vaddalias</emphasis></entry>
!
! <entry>add an alias</entry>
! </row>
!
! <row>
! <entry><emphasis>vdeluser</emphasis></entry>
!
! <entry>delete a user from a virtual domain</entry>
! </row>
!
! <row>
! <entry><emphasis>vchattr</emphasis></entry>
!
! <entry>change a virtual user attribute</entry>
! </row>
!
! <row>
! <entry><emphasis>vchforwards</emphasis></entry>
!
! <entry>change a virtual user forwarding adress</entry>
! </row>
!
! <row>
! <entry><emphasis>listvdomain</emphasis></entry>
!
! <entry>list the members of a virtual domain</entry>
! </row>
!
! <row>
! <entry><emphasis>vpasswd</emphasis></entry>
!
! <entry>change a user password</entry>
! </row>
! </tbody>
! </tgroup>
! </table>
!
! <para>If you want to add new domains you have to create a new LRP
! account for each domain and repeat the previous commands.</para>
!
! <para>Now in <filename>/var/qmail/control/virtualdomains</filename> file
! add:</para>
!
! <programlisting>
! mydomain.com:lrpqmail
! </programlisting>
!
! <para>For mail directed to other domains add:</para>
!
! <programlisting>
! anotherdomain.com:another_lrp_account
! </programlisting>
!
! <para>Make sure mydomain.com and anotherdomain.com are not in
! <filename>/var/qmail/control/locals</filename>.</para>
!
! <para>Finally modify the <filename>/var/qmail/service/pop3d/run</filename>
! file through qmail package configuration menu and replace checkpassword
! by checkvpw.</para>
!
! <para>Your file should look like:</para>
!
! <programlisting>
! # cat run
! #!/bin/sh
! exec /usr/bin/softlimit -m 2000000 \
! /usr/bin/tcpserver -v -R 0 pop-3 /var/qmail/bin/qmail-popup \
! mail.mydomain.com /usr/bin/checkvpw /var/qmail/bin/qmail-pop3d \
! Maildir 2>&1
! </programlisting>
!
! <para>Save qmail.lrp and restart qmail by issuing
! <userinput>/etc/init.d/qmail restart</userinput>.</para>
!
! <para>The mail for <email>john.doe@mydomain.com</email> will be
! redirected in john.doe mailbox created under the lrpqmail account.</para>
!
! <para>To get access to your mail through the POP3 server, the user will
! be declared as<email>john.doe@mydomain.com</email> and you will give the
! password given when the user was created with the vadduser command.</para>
!
! <warning>
! <para>Netscape user's, be careful: the text after @ will be
! ignored. Replace it with : (i.e. john.doe:mydomain.com ).</para>
! </warning>
! </section>
!
! <section>
! <title>Single domain setup</title>
!
! <para>If you serve mail for a unique domain (mydomain.com), you can
! configure your package so that you do not have to fill \
<email>@mydomain.com</email>
! after the user's name (i.e. john.doe) in your mail client POP3
! server configuration.</para>
!
! <para>Through the qmail package configuration menu, add:</para>
!
! <para>In the <filename>me</filename> file:</para>
!
! <programlisting>
! mail.mydomain.com
! </programlisting>
!
! <important>
! <para>a MX record must be declared for mail.mydomain.com</para>
! </important>
!
! <para>In the <filename>virtualdomains</filename> file:</para>
!
! <programlisting>
! mydomain.com:lrpqmail
! mail.mydomain.com:lrpqmail
! </programlisting>
!
! <para>Finally modify the <filename>/var/qmail/service/pop3d/run</filename>
! script and add <userinput>mail.mydomain.com</userinput> in the tcpserver
! parameters:</para>
!
! <programlisting>
! # cat run
! #!/bin/sh
! exec /usr/bin/softlimit -m 2000000 \
! /usr/bin/tcpserver -v -R -l mail.mydomain.com 0 pop-3 /var/qmail/bin/qmail-popup \
! mail.mydomain.com /usr/bin/checkvpw /var/qmail/bin/qmail-pop3d \
! Maildir 2>&1
! </programlisting>
! </section>
! </section>
!
! <section id="vmailmgr5">
! <title>The vmailmgrd daemon</title>
!
! <para>This daemon is provided in the <ulink
! url="http://leaf.sourceforge.net/devel/jnilo/packages/vmailmgrd.lrp">vmailmgrd.lrp</ulink>
! package. You will only need it if you plan to administer your mail account
! through the Web.</para>
! </section>
!
! <section id="vmailmgr6">
! <title>References</title>
!
! <para>Some useful informations can be found at the following adresses:</para>
!
! <para>The official site is <ulink \
url="http://www.vmailmgr.org">http://www.vmailmgr.org</ulink>.
! There is an <ulink url="http://www.vmailmgr.org/docs/HOWTO.html">How-To</ulink>
! and a <ulink url="http://www.vmailmgr.org/docs/FAQ.html">FAQ</ulink>.</para>
!
! <para>The autoresponder site is <ulink
! url="http://untroubled.org/qmail-autoresponder">here</ulink>.</para>
! </section>
! </article>
\ No newline at end of file
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Leaf-cvs-commits mailing list
Leaf-cvs-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-cvs-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic