Difference between revisions of "EBox on FreeLink-Debian"

From NAS-Central Buffalo - The Linkstation Wiki
Jump to: navigation, search
(Package configuration)
(General Installation Steps for all LS's)
Line 64: Line 64:
  
  
#! /bin/bash
+
#! /bin/bash
# READ READ READ READ READ READ READ
+
  # Before running, make sure that you  
+
cd /
  #    check for a 2.6 kernel and matching modules *****
+
clear
  #    2.6 kernel modules need to be there for the firewall to function *****
+
echo "* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *"
  #    This script is a work in progress. Please give feedback at "eBox on PPC" thread at the linkstationwiki.net forums
+
echo "* Before going further, make sure you are aware of what your ip        *"
  # Read it through before using... adjust to your settings and network
+
echo "* address, netmask, gateway, broadcast, domain and nameserver are.     *"
   
+
echo "*  This installation script will grep what they appear to be, and       *"
# IP and HOSTNAME info
+
echo "* give you an opportunity to check them, but if they are incorrect    *"
# hostname will be set to eBoxLinkStation
+
echo "* then your installation of eBox will fail.                            *"
# fixed ip will be initially set to 10.0.1.6   eBoxLinkStation.dnmwireless.com    eBoxLinkStation
+
echo "* Also, it is essential that you have your partitions set up so        *"
# If your Linkstation currently has a dynamic IP, take note of it and set the static IP below identically
+
echo "*  that you have enough of space on /hda1. Also, probably need to     *"
  #
+
echo "*  move /home to /hda3 & symlink it, since eBox builds all of its      *"
  #
+
echo "* Samba shares in /home.                                              *"
# DOMAIN and NAMESERVER must be set to your own situation
+
echo "*                                                                       *"
  #
+
echo "* So, do you have :                                                    *"
   
+
echo "* 1) Your network information ready,                                  *"
  #     needs libreadonly-xs-perl_1.04-1_powerpc.deb  libnet-arp-perl_0.8-1_powerpc.deb  libnet-cups-perl_0.37-1_powerpc.deb
+
echo "*  2)  enough space on /hda1, and /home moved & symlinked and          *"
#     already sitting at  /
+
echo "*  3)  the article "EBox on FreeLink/Debian" open in a browser? (Y/n)    *"
   
+
echo "*                                                                      *"
   
+
echo "*            n for no, any other letter to continue                    *"
cd /
+
echo "* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *"
+
sleep 3
+
read -e ANSWER
######### set hostname #####
+
  hostname "eBoxLinkStation"
+
if [ "$ANSWER" == "n" ] ; then
  export hosts
+
echo " Stopping installation.  
echo "eBoxLinkStation" > /etc/hostname
+
exit 1
+
fi
+
+
#########  EBOX REQUIRES A STATIC IP DURING INSTALLATION #####
+
######### save original interfaces and make a static ip #####
+
######### adjust to your needs and your network        #####
+
###############################################################################
+
# Gather some information about your LS's processor and the kernel that your #
mv /etc/network/interfaces /etc/network/pre-ebox-interfaces-backup
+
# LS is booted into                                                          #
  echo "# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)" > /etc/network/interfaces
+
###############################################################################
echo "# The loopback interface" >> /etc/network/interfaces
+
echo auto lo   >> /etc/network/interfaces
+
# Recognize and set processor variable
echo iface lo inet loopback >> /etc/network/interfaces
+
uname -m | grep -q ppc && PROCESSOR="ppc"
echo "# The first network card - eth0 - this entry was created during the Debian installation" >> /etc/network/interfaces
+
uname -m | grep -q mips && PROCESSOR="mips"
echo "# (network, broadcast and gateway are optional)" >> /etc/network/interfaces
+
uname -m | grep -q arm && PROCESSOR="arm"
echo auto eth0   >> /etc/network/interfaces
+
echo iface eth0 inet static   >> /etc/network/interfaces
+
# Recognize the Kernel as 2.4 or 2.6
echo         address 10.0.1.6    >> /etc/network/interfaces
+
uname -r | grep -q "2.4" && KERNEL="2.4"
echo         netmask 255.255.255.0   >> /etc/network/interfaces
+
uname -r | grep -q "2.6" && KERNEL="2.6"
echo         network 10.0.1.0  >> /etc/network/interfaces
+
echo         broadcast 10.0.1.255  >> /etc/network/interfaces
+
echo         gateway 10.0.1.1  >> /etc/network/interfaces
+
+
  echo  "* * * * * restarting networking * * * * *"
+
sleep 3
+
+
###############################################################################
/etc/init.d/networking restart
+
# Do a quick check to make sure you have a ppc processor.  eBox is not yet  #
sleep 3  
+
# compiled or working for the mipsel or arm.                                #
+
#                                                                            #
echo  "* * * * restarted networking  * * * *"
+
# Support for the arm LS-Pro boxes should come soon.                        #
+
# Support for the mipsel LS2 will not happen until after it gets 2.4 kernel #
+
###############################################################################
+
   
+
if [ "$PROCESSOR" == "mips" ] ; then
   
+
echo ""
  ######         set up /etc/hosts   ######
+
echo "Sorry: Currently, only PPC-based Linkstations are supported."
######   customize for your own network ######
+
echo "--> Cannot continue with installation on a mipsel-based LS2."
######   make a note of your domain name              ######
+
echo ""
######   SQUID IS VERY PICKY ABOUT THIS ######
+
exit 1
######   don't change the 127.0.0.1 line ######
+
fi
######   only change "dnmwireless.com"  ######
+
######   to your choice or a dummy      ######
+
if [ "$PROCESSOR" == "arm" ] ; then
cp  /etc/hosts  /etc/pre-ebox-hosts-backup
+
echo ""
+
echo "Sorry: Currently, only PPC-based Linkstations are supported."
echo "127.0.0.1     localhost.localdomain  localhost"    >  /etc/hosts
+
echo "--> Cannot continue with installation on an arm-based LS-Pro.""
echo "10.0.1.6    eBoxLinkStation.dnmwireless.com     eBoxLinkStation"  >>  /etc/hosts
+
echo ""
   
+
exit 1
   
+
fi
+
+
if [ "$KERNEL" == "2.4" ] ; then
+
echo ""
+
echo "Sorry: eBox needs a 2.4 kernel in order to install or run."
+
echo "Try upgrading to a newer 2.6 kernel first."
+
echo "--> Cannot continue with installation under a 2.4 kernel."
+
echo ""
+
exit 1
+
fi
####### set up /etc/resolv.conf            #####
+
  ####### edit the addresses to your needs            #####
+
####### change your nameservers and domain #####
+
+
####### keep a copy of your old pre-ebox resolv.conf #####
+
+
mv /etc/resolv.conf /etc/pre-ebox-resolv.conf-backup
+
###############################################################################
+
# Do a quick check to make sure you have apt-get. This should weed out the  #
echo nameserver 216.165.129.157 > /etc/resolv.conf
+
# Openlink, GenLink or OpenEmbedded users.                                  #
  echo nameserver 10.0.1.1 >> /etc/resolv.conf
+
###############################################################################
echo domain tds.net >> /etc/resolv.conf
+
+
apt-get -v | grep -q dpkg || ERROR="1"
+
if [ "$ERROR" == "1" ] ; then
+
echo ""
####### check to see if you are connected to the internet ####
+
echo "Sorry: Do you have apt-get installed, is this Debian(FreeLink)?"
####### and that DNS works for you   ####
+
echo "--> Cannot continue."
ping -q -c 10 yahoo.com
+
echo ""
+
exit 1
+
fi
+
#######  remove old dhcpd and put in newer one ########################
+
#dpkg --purge dhcpcd  
+
#apt-get -y  install dhcp3-client
+
+
###############################################################################
+
# Ask the user what they want as the hostname and set it                    #
+
###############################################################################
+
######## set up an eBox-platform compatible apt source.list     #####
+
echo " "
####### but keep a copy of your old list #####
+
echo -n "What do you want the name of your linkstation to be on the network?"
mv /etc/apt/sources.list  /etc/apt/pre-ebox-sources.backup-list
+
echo -n "(Default will be eBoxLinkStation)"  
+
read -e LINKSTATION
+
if [ "$LINKSTATION" == "" ] ; then
+
LINKSTATION="eBoxLinkStation"
####### make the new sources.list, with testing branch optional #####
+
fi
echo deb http://mirrors.kernel.org/debian/ stable main >> /etc/apt/sources.list
+
hostname $LINKSTATION
echo deb-src http://mirrors.kernel.org/debian/ stable main >> /etc/apt/sources.list
+
rm /tmp/file
echo "####################################################" >> /etc/apt/sources.list
+
echo "127.0.0.1 $LINKSTATION" >> /tmp/file
echo "##deb http://security.debian.org/ stable/updates main" >> /etc/apt/sources.list
+
grep -v 127.0.0.1 /etc/hosts >> /tmp/file
echo "#######################################################" >> /etc/apt/sources.list
+
cat /tmp/file > /etc/hosts
echo deb http://ebox-platform.com/debian/stable/ ebox/ >> /etc/apt/sources.list
+
export hosts
echo deb http://ebox-platform.com/debian/stable/ extra/ >> /etc/apt/sources.list
+
echo "$LINKSTATION" > /etc/hostname
echo deb http://ebox-platform.com/debian/sarge/stable/ security/ >> /etc/apt/sources.list
+
echo "########################################################" >> /etc/apt/sources.list
+
echo "##  testing branch  ####" >> /etc/apt/sources.list
+
echo "##  de-comment these lines to --temporarily enable the testing branch" >> /etc/apt/sources.list
+
echo "#deb http://http.us.debian.org/debian testing main contrib non-free" >> /etc/apt/sources.list
+
##############################################################################
echo "#deb-src http://http.us.debian.org/debian testing main contrib non-free" >> /etc/apt/sources.list
+
# Check to see if you are connected to the internet and that DNS works for  #
+
# you.                                                                      #
+
##############################################################################   
+
+
if ping -q -c 3 www.yahoo.com ; then
######  update your Debian installation & install necessary packages #####
+
  echo 'Looks good - you can at least connect to www.yahoo.com.'
apt-get update
+
  echo ' '
apt-get upgrade
+
  echo ' '
apt-get install module-init-tools libperl5.8 perl perl-base perl-modules libterm-readline-gnu-perl libterm-readline-perl-perl libcupsys2-gnutls10  perl-doc ssh xfsprogs
+
else
+
  echo 'Are you connected to the internet?'
+
  echo 'Check to see that you are connected,'
+
  echo 'and then try again...'
### change your unix password to ebox or something easy to remember ####
+
  exit 1
passwd
+
fi
+
+
+
######  update your timezone configuration #####
+
##################################################################################
tzconfig
+
# EBOX REQUIRES A STATIC IP DURING INSTALLATION - GREP CURRENT IP INFORMATION #
+
# AND REFORMAT IT, AND CHANGE IT TO STATIC                                      #
+
# NOTE THAT YOUR IP, GATEWAY, SUBNET AND BROADCAST WILL NOT BE CHANGED AT ALL    #
+
##################################################################################
+
+
#mv /etc/network/interfaces /etc/network/interfaces.bak
###### remove exim4 as it is not compatible with eBox #####
+
#mv /etc/network/interfaces  /etc/network/pre-ebox-interfaces.backup
apt-get remove exim4
+
apt-get update
+
STATICIP=` ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'`
+
STATICNETWORK=` route | grep eth0 | grep -v default | cut -d: -f1 | awk '{ print $1}'`
+
STATICNETMASK=` ifconfig  | grep 'Mask:'| grep -v '127.0.0.1' | cut -d: -f4 | awk '{ print $1}'`
+
STATICBROAD=` ifconfig  | grep 'Bcast:'| grep -v '127.0.0.1' | cut -d: -f3 | awk '{ print $1}'`
+
STATICGATE=` route -n | awk '/^0.0.0.0/ {print $2}'`
+
NAMESERV=` grep nameserver /etc/resolv.conf |head -1|awk '{print $2}'`
+
DOMAIN=`grep domain /etc/resolv.conf |head -1|awk '{print $2}'`
######  install essential libs for eBox, built for PPC  ######
+
   
+
  dpkg -i libreadonly-xs-perl_1.04-1_powerpc.deb
+
echo "From the looks of it, your current networks settings show the following:"
dpkg -i libnet-arp-perl_1.0-1_powerpc.deb
+
echo "IP address      = " $STATICIP
dpkg -i libnet-cups-perl_0.37-1_powerpc.deb
+
echo "Network address = " $STATICNETWORK
echo "* * * * * * * libs for ebox installed * * * * * * * "
+
echo "Netmask        = " $STATICNETMASK
sleep 3
+
echo "Broadcast      = " $STATICBROAD
+
echo "Gateway        = " $STATICGATE
+
echo "DNS Nameserver  = " $NAMESERV
+
echo "Search Domain  = " $DOMAIN
+
echo " "
+
echo "Carefully check these against what you expect them to be."
+
echo "If any one of them is incorrect, your connection and installation will fail."
######  install ebox and modules ######
+
echo "Are they correct?(y/n)"
+
read -e ANSWER
echo "* * * * * ** getting ebox & modules * * * * * * * * *"
+
if [ $"ANSWER" == "n" ] ; then
  sleep 3
+
echo " Stopping installation script.  Double-check & fix your network"
  apt-get install ebox libebox ebox-network ebox-objects ebox-firewall ebox-samba ebox-squid ebox-usersandgroups ebox-ntp ebox-printers ebox-dhcp
+
echo " settings and try again."
+
exit 1
+
fi
+
+
### apt-get install missing software packages  
+
mv  /etc/network/interfaces /etc/network/pre-ebox-interfaces-backup
+
+
echo "# we always want the loopback interface" > /etc/network/interfaces
####  make a sym link from /home/samba  to  /mnt###
+
echo "#" >> /etc/network/interfaces
#### optional  #####
+
echo "auto lo" >> /etc/network/interfaces
+
echo "iface lo inet loopback" >> /etc/network/interfaces
echo "* * * * * * * * * * All done installing eBox * * * * * * * * * * * * * "  
+
echo "" >> /etc/network/interfaces
echo "Point your browser to        https://<eBoxLinkStation's IP>        * "
+
echo "# default dynamic setup (no adjustment necessary)" >> /etc/network/interfaces
echo "and configure your eBoxLinkStation to your liking...                * "
+
echo "#" >> /etc/network/interfaces
echo "Remember to open up SSH access so that you can connect to do any     * "
+
echo "#auto eth0" >> /etc/network/interfaces
echo "changes or installation that can't be handled through the web       * "
+
echo "#iface eth0 inet dhcp" >> /etc/network/interfaces
  echo "interface.     * "
+
echo "#      hostname `hostname`" >> /etc/network/interfaces
echo "Please leave feedback and/or report any bugs or problems on the      * "
+
echo "" >> /etc/network/interfaces
echo "eBox on PPC forum thread at...             * "
+
echo "# frontalot's static setup (adjust to your network settings)" >> /etc/network/interfaces
echo "http://forum.linkstationwiki.net/index.php?action=vthread&topic=2397 * "
+
echo "#" >> /etc/network/interfaces
sleep 3
+
echo "auto eth0" >> /etc/network/interfaces
+
echo "iface eth0 inet static" >> /etc/network/interfaces
+
echo "    address $STATICIP" >> /etc/network/interfaces
###### end of script ########
+
echo "   network $STATICNETWORK" >> /etc/network/interfaces
 +
echo "    netmask $STATICNETMASK" >> /etc/network/interfaces
 +
echo "    broadcast $STATICBROAD" >> /etc/network/interfaces
 +
echo "    gateway $STATICGATE" >> /etc/network/interfaces
 +
 +
mv /etc/resolv.conf /etc/pre-ebox-resolv.conf-backup
 +
 +
# echo "    search $SSID" >> /etc/resolv.conf
 +
echo "nameserver $NAMESERV" >> /etc/resolv.conf
 +
echo "domain $DOMAIN" >> /etc/resolv.conf
 +
 +
echo  "* * * * * restarting networking * * * * *"
 +
sleep 3
 +
 +
/etc/init.d/networking restart
 +
sleep 3  
 +
 +
echo  "* * * * * restarted networking  * * * * *"
 +
 +
##############################################################################
 +
# Double-check to see if you can connect to three crucial servers            #
 +
# mirrors.kernel.org -  for most of the Debian packages                    #
 +
# downloads.linkstationwiki.net -  for two specially built libs            #
 +
# ebox-platform.com  -  for most of the eBox packages                      #
 +
# In case something goes sourly after network settings are adjusted &        #
 +
# restarted, it will be caught here.                                        #
 +
#############################################################################
 +
clear
 +
echo 'Checking to see if you can connect to mirrors.kernel.org'
 +
if ping -q -c 3 mirrors.kernel.org ; then
 +
  echo 'Looks good - you can connect to get Debian packages.'
 +
  echo ' '
 +
  echo ' '
 +
else
 +
  echo 'Are you connected to the internet?'
 +
  echo 'Check to see that you are connected,'
 +
  echo 'and then try again...'
 +
  exit 1
 +
fi
 +
 +
echo ' '
 +
echo 'Checking to see if you can connect to downloads.linkstationwiki.net'
 +
if ping -q -c 3 downloads.linkstationwiki.net ; then
 +
  echo ' Looks good - you can connect to get the special PPC lib packages for eBox.'
 +
  echo ' '
 +
  echo ' '
 +
else
 +
  echo 'Are you connected to the internet, or is downloads.linkstationwiki.net down?'
 +
  echo 'Check to see that you are connected,'
 +
  echo 'and then try again...'
 +
  exit 1
 +
fi
 +
 +
echo ' '
 +
echo 'Checking to see if you can connect to ebox-platform.com'
 +
if ping -q -c 3 ebox-platform.com ; then
 +
  echo ' Looks good - you can connect to get the eBox-Platform packages.'  
 +
  echo ' '
 +
  echo ' '
 +
else
 +
  echo 'Are you connected to the internet, or is eBox-Platform.com down?'
 +
  echo 'Check to see that you are connected,'
 +
  echo 'and then try again...'
 +
  exit 1
 +
fi
 +
 +
 +
 +
##############################################################################
 +
# Set up /etc/hosts in a way consistent with what eBox, slapd and Samba      #
 +
# expect.  The 3rd line contains the FQDN for your eBox.  As things are    #
 +
# specified here the absolute minumum will have to be entered during        #
 +
# post-intall Debian configuration. For most folks, you can leave it as is. #
 +
############################################################################## 
 +
mv /etc/hosts /etc/pre-ebox-hosts-backup
 +
 +
echo  "127.0.0.1     localhost.localdomain  localhost"    > /etc/hosts
 +
echo "$STATICIP    $LINKSTATION.example.net     $LINKSTATION"  >> /etc/hosts
 +
 +
 +
 +
##############################################################
 +
#######  remove old dhcpd and put in newer one ###############
 +
##############################################################
 +
 +
#dpkg --purge dhcpcd  
 +
#apt-get -y  install dhcp3-client
 +
 +
##############################################################
 +
######## set up an eBox-platform compatible apt source.list ##
 +
####### but keep a copy of your old list           #####
 +
##############################################################
 +
 +
mv /etc/apt/sources.list  /etc/apt/pre-ebox-sources.backup-list
 +
 +
 +
echo deb http://mirrors.kernel.org/debian/ stable main >> /etc/apt/sources.list
 +
echo deb-src http://mirrors.kernel.org/debian/ stable main >> /etc/apt/sources.list
 +
echo "#######################################################" >> /etc/apt/sources.list
 +
echo "##deb http://security.debian.org/ stable/updates main" >> /etc/apt/sources.list
 +
echo "#######################################################" >> /etc/apt/sources.list
 +
echo deb http://ebox-platform.com/debian/stable/ ebox/ >> /etc/apt/sources.list
 +
echo deb http://ebox-platform.com/debian/stable/ extra/ >> /etc/apt/sources.list
 +
echo deb http://ebox-platform.com/debian/sarge/stable/ security/ >> /etc/apt/sources.list
 +
echo deb http://ebox-platform.com/dinstall/ stable/ >> /etc/apt/sources.list
 +
echo "#######################################################" >> /etc/apt/sources.list
 +
echo "##  testing branch  ####" >> /etc/apt/sources.list
 +
echo "##  de-comment these lines to --temporarily enable the testing branch" >> /etc/apt/sources.list
 +
echo "#deb http://http.us.debian.org/debian testing main contrib non-free" >> /etc/apt/sources.list
 +
echo "#deb-src http://http.us.debian.org/debian testing main contrib non-free" >> /etc/apt/sources.list
 +
 +
##############################################################################
 +
######  update your Debian installation & install necessary packages     #####
 +
##############################################################################
 +
 +
apt-get update
 +
apt-get install module-init-tools libperl5.8 perl perl-base perl-modules libterm-readline-gnu-perl libterm-readline-perl-perl libcupsys2-gnutls10  perl-doc ssh  
 +
 +
###############################################################
 +
######  update your password and timezone configuration   #####
 +
###############################################################
 +
 +
 +
tzconfig
 +
passwd
 +
 +
 +
#############################################################
 +
###### remove exim4 as it is not compatible with eBox #####
 +
#############################################################
 +
 +
#apt-get remove exim4
 +
 +
 +
##############################################################
 +
######  install essential libs for eBox, built for PPC  ######
 +
##############################################################
 +
 +
echo "* * * * * * * Installing libs for ebox * * * * * * *"
 +
sleep 3
 +
cd /
 +
wget --tries=3 --dns-cache=off --dns-timeout=8 --connect-timeout=8 --random-wait -c http://ebox-platform.com/dinstall/stable/libnet-arp-perl_1.0-1_powerpc.deb
 +
wget --tries=3 --dns-cache=off --dns-timeout=8 --connect-timeout=8 --random-wait -c http://downloads.linkstationwiki.net/uploads/ebox/libnet-cups-perl_0.37-1_powerpc.deb
 +
wget --tries=3 --dns-cache=off --dns-timeout=8 --connect-timeout=8 --random-wait -c  http://downloads.linkstationwiki.net/uploads/ebox/libreadonly-xs-perl_1.04-1_powerpc.deb
 +
dpkg -i libreadonly-xs-perl_1.04-1_powerpc.deb
 +
dpkg -i libnet-arp-perl_1.0-1_powerpc.deb
 +
dpkg -i libnet-cups-perl_0.37-1_powerpc.deb
 +
echo "* * * * * * * libs for ebox installed * * * * * * * "
 +
sleep 3
 +
 +
########################################
 +
######  install ebox and modules ######
 +
########################################
 +
 +
echo "* * * * * * getting ebox & modules * * * * * * * * *"
 +
echo " installation and configuration may take about 30  *"
 +
echo " minutes... go have a beer... but you need to      *"
 +
echo "  answer the configuration questions carefully as  *"
 +
echo "  shown in the eBox on FreeLink/Debian article ...  *"
 +
echo "* * * * * * * * * * * * * * * * * * * * * * * * * * *"             
 +
sleep 5
 +
apt-get install ebox libebox ebox-network ebox-objects ebox-firewall ebox-samba ebox-squid ebox-usersandgroups ebox-ntp ebox-printers ebox-dhcp
 +
 +
### apt-get install missing software packages  
 +
 +
 +
####  make a sym link from /home/samba  to  /mnt###
 +
#### optional  #####
 +
 +
echo "* * * * * * * * * * All done installing eBox * * * * * * * * * * * * * * "
 +
echo "*                                                                      *"
 +
echo "* Point your browser to        https://<eBoxLinkStation's IP>        * "
 +
echo "* Do these things now:                                                * "
 +
echo "* 1. Through the browser interface, enable SSH connections in the      *"
 +
echo "*    Firewall menu,  so that you can connect to do any changes that    *"
 +
echo "*    can't be done through the web interface                          *"
 +
echo "* 2. Do a reboot of the machine. It may take 2 or 3 minutes to reboot *"
 +
echo "* 3. After rebooting, adjust settings to your liking.                  * "
 +
echo "*                                                                      *"
 +
echo "*                                                                      *"
 +
echo "* Please leave feedback and/or report any bugs or problems on the      * "
 +
echo "* eBox on PPC forum thread at...                                       * "
 +
echo "* http://forum.linkstationwiki.net/index.php?action=vthread&topic=2397 * "
 +
echo "*                                                                      *"
 +
echo "* * * * * * * * * * All done installing eBox * * * * * * * * * * * * * * "
 +
sleep 3
 +
 +
 +
###### end of script ########
  
 
== Configuring and Customizing ==
 
== Configuring and Customizing ==

Revision as of 03:16, 10 March 2007

Eboxstatus4.jpg

Contents

What is eBox?

Developed as a flexible server/NAS solution for small business and small offices, eBox Platform is a management tool that supplies the following services:

  • NAS
  • Samba Filesharing and Printer Sharing
  • Firewall
  • Transparent proxy via Squid
  • Content filter
  • NTP Server
  • Users and groups administration
  • Mail server
  • Backup of data and/or system

How does it compare to Webmin (on Debian/FreeLink) and the stock Buffalo Web Interface (on the stock firmware) ?

eBox is not a full-fledged replacement for Webmin, but it does handle some things very well. It may be a better alternative for Debian/FreeLink users who found Webmin either too slow or too complex for their liking. In short, it can do nearly everything the stock Buffalo webinterface can do, and as more modules are written by developers and contributors, it may broaden its scope and capability. In particular it:

  • has enough features to make it work well as a Network Attached Storage (NAS) device
  • has a lot of features that make it a good choice as a gateway
  • has better printer support (greater variety of printers supported) than the stockware
  • has less options than Webmin
  • seems like it can be locked down tighter/more securely than the stockware
  • is faster than Webmin (provided that you don't install to much on top of it)
  • is nearly as fast as the stock web interface

Installation

Prerequisites

  • 2.6 kernel and modules available here
  • A fresh FreeLink/Debian installation available here - note that any previously existing configuration files in /home, /root, /var, /etc, and other locations may cause problems with an installation. Squid, in particular, is very picky about these things. It is recommended that you first install eBox, and then add other servers after you have it installed and customized for your network.
  • Hard drive space on hda1 - eBox needs
    • lots of space for the software and packages, so
    • either use a custom partition with all the space you need, or create symlinks as shown here - Freeing Up Space On hda1
    • in particular, eBox will build its Samba shares in /home, so do something like this:
       mv /home /mnt/
       cd /
       ln -s /mnt/home  home
  • A realization that eBox may move your box towards being a bit of a "dedicated box" with a strong firewall
  • Read over this excellent (yet slightly outdated - version 0.7.1) installation guide for eBox - it shows many of the key points - a few of the configuration options mentioned have changed
  • Read over the installation guide for desktop computers - see the Debian Packages section
  • Time = 40 minutes to an hour or more, depending on your internet connection (about 100MB has to be downloaded)
  • Decide whether you want your eBox to be more like a NAS with full access to Debian (install ebox, libebox, ebox-network, ebox-objects, ebox-firewall, ebox-logs, ebox-samba, ebox-dhcp, ebox-squid, ebox-usersandgroups, ebox-ntp, ebox-printers) or more like a dedicated, secured, enhanced gateway (the previous packages + ebox-mail, ebox-jabber, ebox-software).

Debian packages/libs for PPC FreeLink

Download these three required Debian packages. The first two were built on an LS-HG. The last one as been supplied by Isaac and Javi at eBox-Platform (thanks, guys!):

cd /  
wget http://downloads.linkstationwiki.net/uploads/ebox/libnet-cups-perl_0.37-1_powerpc.deb
wget http://downloads.linkstationwiki.net/uploads/ebox/libreadonly-xs-perl_1.04-1_powerpc.deb
wget http://ebox-platform.com/dinstall/stable/libnet-arp-perl_1.0-1_powerpc.deb

Debian packages/libs ARM9/LS-Pro FreeLink

not yet available


General Installation Steps for all LS's

Below is a very basic script for PPC LS's (LS1 and HG, Kuros). The script works and has been tested several times on an HG running UBoot, but is alpha or pre-alpha in nature. To use it, adjust IP addresses, namerservers, search domain, and whatever else you want. Run it either as a script, or cut and paste commands as you like. Use at your own risk: You can now wget/download the latest version - if you do, please post feedback at the thread listed bottom-of-page. Good luck.

ARM ProLS users will have to build their own packages, and alter the script only slightly - but this script has not been tested on the Pro.

wget http://downloads.linkstationwiki.net/uploads/ebox/openeboxscript.sh
chmod a+x openeboxscript.sh
./openeboxscript.sh


	#! /bin/bash

cd / clear echo "* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *" echo "* Before going further, make sure you are aware of what your ip *" echo "* address, netmask, gateway, broadcast, domain and nameserver are. *" echo "* This installation script will grep what they appear to be, and *" echo "* give you an opportunity to check them, but if they are incorrect *" echo "* then your installation of eBox will fail. *" echo "* Also, it is essential that you have your partitions set up so *" echo "* that you have enough of space on /hda1. Also, probably need to *" echo "* move /home to /hda3 & symlink it, since eBox builds all of its *" echo "* Samba shares in /home. *" echo "* *" echo "* So, do you have : *" echo "* 1) Your network information ready, *" echo "* 2) enough space on /hda1, and /home moved & symlinked and *" echo "* 3) the article "EBox on FreeLink/Debian" open in a browser? (Y/n) *" echo "* *" echo "* n for no, any other letter to continue *" echo "* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *" sleep 3 read -e ANSWER

if [ "$ANSWER" == "n" ] ; then echo " Stopping installation. exit 1 fi



############################################################################### # Gather some information about your LS's processor and the kernel that your # # LS is booted into # ###############################################################################

# Recognize and set processor variable uname -m | grep -q ppc && PROCESSOR="ppc" uname -m | grep -q mips && PROCESSOR="mips" uname -m | grep -q arm && PROCESSOR="arm"

# Recognize the Kernel as 2.4 or 2.6 uname -r | grep -q "2.4" && KERNEL="2.4" uname -r | grep -q "2.6" && KERNEL="2.6"




############################################################################### # Do a quick check to make sure you have a ppc processor. eBox is not yet # # compiled or working for the mipsel or arm. # # # # Support for the arm LS-Pro boxes should come soon. # # Support for the mipsel LS2 will not happen until after it gets 2.4 kernel # ###############################################################################

if [ "$PROCESSOR" == "mips" ] ; then echo "" echo "Sorry: Currently, only PPC-based Linkstations are supported." echo "--> Cannot continue with installation on a mipsel-based LS2." echo "" exit 1 fi

if [ "$PROCESSOR" == "arm" ] ; then echo "" echo "Sorry: Currently, only PPC-based Linkstations are supported." echo "--> Cannot continue with installation on an arm-based LS-Pro."" echo "" exit 1 fi

if [ "$KERNEL" == "2.4" ] ; then echo "" echo "Sorry: eBox needs a 2.4 kernel in order to install or run." echo "Try upgrading to a newer 2.6 kernel first." echo "--> Cannot continue with installation under a 2.4 kernel." echo "" exit 1 fi




############################################################################### # Do a quick check to make sure you have apt-get. This should weed out the # # Openlink, GenLink or OpenEmbedded users. # ###############################################################################

apt-get -v | grep -q dpkg || ERROR="1" if [ "$ERROR" == "1" ] ; then echo "" echo "Sorry: Do you have apt-get installed, is this Debian(FreeLink)?" echo "--> Cannot continue." echo "" exit 1 fi



############################################################################### # Ask the user what they want as the hostname and set it # ###############################################################################

echo " " echo -n "What do you want the name of your linkstation to be on the network?" echo -n "(Default will be eBoxLinkStation)" read -e LINKSTATION if [ "$LINKSTATION" == "" ] ; then LINKSTATION="eBoxLinkStation" fi hostname $LINKSTATION rm /tmp/file echo "127.0.0.1 $LINKSTATION" >> /tmp/file grep -v 127.0.0.1 /etc/hosts >> /tmp/file cat /tmp/file > /etc/hosts export hosts echo "$LINKSTATION" > /etc/hostname



############################################################################## # Check to see if you are connected to the internet and that DNS works for # # you. # ##############################################################################

if ping -q -c 3 www.yahoo.com ; then echo 'Looks good - you can at least connect to www.yahoo.com.' echo ' ' echo ' ' else echo 'Are you connected to the internet?' echo 'Check to see that you are connected,' echo 'and then try again...' exit 1 fi


################################################################################## # EBOX REQUIRES A STATIC IP DURING INSTALLATION - GREP CURRENT IP INFORMATION # # AND REFORMAT IT, AND CHANGE IT TO STATIC # # NOTE THAT YOUR IP, GATEWAY, SUBNET AND BROADCAST WILL NOT BE CHANGED AT ALL # ##################################################################################

#mv /etc/network/interfaces /etc/network/interfaces.bak #mv /etc/network/interfaces /etc/network/pre-ebox-interfaces.backup

STATICIP=` ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'` STATICNETWORK=` route | grep eth0 | grep -v default | cut -d: -f1 | awk '{ print $1}'` STATICNETMASK=` ifconfig | grep 'Mask:'| grep -v '127.0.0.1' | cut -d: -f4 | awk '{ print $1}'` STATICBROAD=` ifconfig | grep 'Bcast:'| grep -v '127.0.0.1' | cut -d: -f3 | awk '{ print $1}'` STATICGATE=` route -n | awk '/^0.0.0.0/ {print $2}'` NAMESERV=` grep nameserver /etc/resolv.conf |head -1|awk '{print $2}'` DOMAIN=`grep domain /etc/resolv.conf |head -1|awk '{print $2}'`


echo "From the looks of it, your current networks settings show the following:" echo "IP address = " $STATICIP echo "Network address = " $STATICNETWORK echo "Netmask = " $STATICNETMASK echo "Broadcast = " $STATICBROAD echo "Gateway = " $STATICGATE echo "DNS Nameserver = " $NAMESERV echo "Search Domain = " $DOMAIN echo " " echo "Carefully check these against what you expect them to be." echo "If any one of them is incorrect, your connection and installation will fail." echo "Are they correct?(y/n)" read -e ANSWER if [ $"ANSWER" == "n" ] ; then echo " Stopping installation script. Double-check & fix your network" echo " settings and try again." exit 1 fi


mv /etc/network/interfaces /etc/network/pre-ebox-interfaces-backup

echo "# we always want the loopback interface" > /etc/network/interfaces echo "#" >> /etc/network/interfaces echo "auto lo" >> /etc/network/interfaces echo "iface lo inet loopback" >> /etc/network/interfaces echo "" >> /etc/network/interfaces echo "# default dynamic setup (no adjustment necessary)" >> /etc/network/interfaces echo "#" >> /etc/network/interfaces echo "#auto eth0" >> /etc/network/interfaces echo "#iface eth0 inet dhcp" >> /etc/network/interfaces echo "# hostname `hostname`" >> /etc/network/interfaces echo "" >> /etc/network/interfaces echo "# frontalot's static setup (adjust to your network settings)" >> /etc/network/interfaces echo "#" >> /etc/network/interfaces echo "auto eth0" >> /etc/network/interfaces echo "iface eth0 inet static" >> /etc/network/interfaces echo " address $STATICIP" >> /etc/network/interfaces echo " network $STATICNETWORK" >> /etc/network/interfaces echo " netmask $STATICNETMASK" >> /etc/network/interfaces echo " broadcast $STATICBROAD" >> /etc/network/interfaces echo " gateway $STATICGATE" >> /etc/network/interfaces

mv /etc/resolv.conf /etc/pre-ebox-resolv.conf-backup

# echo " search $SSID" >> /etc/resolv.conf echo "nameserver $NAMESERV" >> /etc/resolv.conf echo "domain $DOMAIN" >> /etc/resolv.conf

echo "* * * * * restarting networking * * * * *" sleep 3

/etc/init.d/networking restart sleep 3

echo "* * * * * restarted networking * * * * *"

############################################################################## # Double-check to see if you can connect to three crucial servers # # mirrors.kernel.org - for most of the Debian packages # # downloads.linkstationwiki.net - for two specially built libs # # ebox-platform.com - for most of the eBox packages # # In case something goes sourly after network settings are adjusted & # # restarted, it will be caught here. # ############################################################################## clear echo 'Checking to see if you can connect to mirrors.kernel.org' if ping -q -c 3 mirrors.kernel.org ; then echo 'Looks good - you can connect to get Debian packages.' echo ' ' echo ' ' else echo 'Are you connected to the internet?' echo 'Check to see that you are connected,' echo 'and then try again...' exit 1 fi

echo ' ' echo 'Checking to see if you can connect to downloads.linkstationwiki.net' if ping -q -c 3 downloads.linkstationwiki.net ; then echo ' Looks good - you can connect to get the special PPC lib packages for eBox.' echo ' ' echo ' ' else echo 'Are you connected to the internet, or is downloads.linkstationwiki.net down?' echo 'Check to see that you are connected,' echo 'and then try again...' exit 1 fi

echo ' ' echo 'Checking to see if you can connect to ebox-platform.com' if ping -q -c 3 ebox-platform.com ; then echo ' Looks good - you can connect to get the eBox-Platform packages.' echo ' ' echo ' ' else echo 'Are you connected to the internet, or is eBox-Platform.com down?' echo 'Check to see that you are connected,' echo 'and then try again...' exit 1 fi


############################################################################## # Set up /etc/hosts in a way consistent with what eBox, slapd and Samba # # expect. The 3rd line contains the FQDN for your eBox. As things are # # specified here the absolute minumum will have to be entered during # # post-intall Debian configuration. For most folks, you can leave it as is. # ############################################################################## mv /etc/hosts /etc/pre-ebox-hosts-backup

echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts echo "$STATICIP $LINKSTATION.example.net $LINKSTATION" >> /etc/hosts


############################################################## ####### remove old dhcpd and put in newer one ############### ##############################################################

#dpkg --purge dhcpcd #apt-get -y install dhcp3-client

############################################################## ######## set up an eBox-platform compatible apt source.list ## ####### but keep a copy of your old list ##### ##############################################################

mv /etc/apt/sources.list /etc/apt/pre-ebox-sources.backup-list


echo deb http://mirrors.kernel.org/debian/ stable main >> /etc/apt/sources.list echo deb-src http://mirrors.kernel.org/debian/ stable main >> /etc/apt/sources.list echo "#######################################################" >> /etc/apt/sources.list echo "##deb http://security.debian.org/ stable/updates main" >> /etc/apt/sources.list echo "#######################################################" >> /etc/apt/sources.list echo deb http://ebox-platform.com/debian/stable/ ebox/ >> /etc/apt/sources.list echo deb http://ebox-platform.com/debian/stable/ extra/ >> /etc/apt/sources.list echo deb http://ebox-platform.com/debian/sarge/stable/ security/ >> /etc/apt/sources.list echo deb http://ebox-platform.com/dinstall/ stable/ >> /etc/apt/sources.list echo "#######################################################" >> /etc/apt/sources.list echo "## testing branch ####" >> /etc/apt/sources.list echo "## de-comment these lines to --temporarily enable the testing branch" >> /etc/apt/sources.list echo "#deb http://http.us.debian.org/debian testing main contrib non-free" >> /etc/apt/sources.list echo "#deb-src http://http.us.debian.org/debian testing main contrib non-free" >> /etc/apt/sources.list

############################################################################## ###### update your Debian installation & install necessary packages ##### ##############################################################################

apt-get update apt-get install module-init-tools libperl5.8 perl perl-base perl-modules libterm-readline-gnu-perl libterm-readline-perl-perl libcupsys2-gnutls10 perl-doc ssh

############################################################### ###### update your password and timezone configuration ##### ###############################################################


tzconfig passwd


############################################################# ###### remove exim4 as it is not compatible with eBox ##### #############################################################

#apt-get remove exim4


############################################################## ###### install essential libs for eBox, built for PPC ###### ##############################################################

echo "* * * * * * * Installing libs for ebox * * * * * * *" sleep 3 cd / wget --tries=3 --dns-cache=off --dns-timeout=8 --connect-timeout=8 --random-wait -c http://ebox-platform.com/dinstall/stable/libnet-arp-perl_1.0-1_powerpc.deb wget --tries=3 --dns-cache=off --dns-timeout=8 --connect-timeout=8 --random-wait -c http://downloads.linkstationwiki.net/uploads/ebox/libnet-cups-perl_0.37-1_powerpc.deb wget --tries=3 --dns-cache=off --dns-timeout=8 --connect-timeout=8 --random-wait -c http://downloads.linkstationwiki.net/uploads/ebox/libreadonly-xs-perl_1.04-1_powerpc.deb dpkg -i libreadonly-xs-perl_1.04-1_powerpc.deb dpkg -i libnet-arp-perl_1.0-1_powerpc.deb dpkg -i libnet-cups-perl_0.37-1_powerpc.deb echo "* * * * * * * libs for ebox installed * * * * * * * " sleep 3

######################################## ###### install ebox and modules ###### ########################################

echo "* * * * * * getting ebox & modules * * * * * * * * *" echo " installation and configuration may take about 30 *" echo " minutes... go have a beer... but you need to *" echo " answer the configuration questions carefully as *" echo " shown in the eBox on FreeLink/Debian article ... *" echo "* * * * * * * * * * * * * * * * * * * * * * * * * * *" sleep 5 apt-get install ebox libebox ebox-network ebox-objects ebox-firewall ebox-samba ebox-squid ebox-usersandgroups ebox-ntp ebox-printers ebox-dhcp

### apt-get install missing software packages


#### make a sym link from /home/samba to /mnt### #### optional #####

echo "* * * * * * * * * * All done installing eBox * * * * * * * * * * * * * * " echo "* *" echo "* Point your browser to https://<eBoxLinkStation's IP> * " echo "* Do these things now: * " echo "* 1. Through the browser interface, enable SSH connections in the *" echo "* Firewall menu, so that you can connect to do any changes that *" echo "* can't be done through the web interface *" echo "* 2. Do a reboot of the machine. It may take 2 or 3 minutes to reboot *" echo "* 3. After rebooting, adjust settings to your liking. * " echo "* *" echo "* *" echo "* Please leave feedback and/or report any bugs or problems on the * " echo "* eBox on PPC forum thread at... * " echo "* http://forum.linkstationwiki.net/index.php?action=vthread&topic=2397 * " echo "* *" echo "* * * * * * * * * * All done installing eBox * * * * * * * * * * * * * * " sleep 3


###### end of script ########

Configuring and Customizing

Package configuration

As the install script runs, or as you go through the steps manually, provide the natural answers. For some of the configuration, you will want to make specific choices:

For all of the questions of the form "After unpacking 299kB of additional disk space will be used.
Do you want to continue? [Y/n]" , answer y.
Allow SSH protocol 2 only?   <-------------------- Yes
Do you want /usr/lib/ssh-keysign to be installed SUID root?  <--------------------  Yes
Do you want to run the sshd server?  <--------------------  Yes
Enter new UNIX password:    <--------------------  (your choice)
Your current time zone is set to US/Eastern
Do you want to change that? [n]: <-------------------- (your choice)
The following packages will be REMOVED:
  exim4
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
Need to get 0B of archives.
After unpacking 32.8kB disk space will be freed.
Do you want to continue? [Y/n]  <-------------------- Y     Yes, since exim4 is not compatible w/ eBox's email client
Where should the PostgreSQL database be created?                          
 /var/lib/postgres/data_______________________________ 
                                                        <Ok>  <--------------------   <Ok> 
Should the data be purged as well as the package files?  <-------------------- No
Choose European or US day/month order in dates.            (your choice)    and       <Ok>
DNS domain name:     example.com  (or whatever you set it to in the scripted commands) and <Ok>
Name of your organization:   example.com  (or whatever you set it to in the previous line above) and <Ok>
LDAP Admin password:    (your choice)

Allow LDAPv2 protocol?          <No> 
Apache-Perl needs to be reconfigured.    <Ok>
Enable suExec?      <No>
Do you want the cdrecord binaries to be installed SUID root?         
                                                         <Yes, if you want users to be able to backup your data w/ a CD/DVD burner>
                                                         <No, otherwise>
Which paper size should be the system default?  (your choice: US uses letter, Europe, others use A4)
On what network interfaces should the DHCP server listen?       eth0       (Linkstations have only one ethernet port)
Please configure the DHCP server as soon as the installation finishes.       <Ok>
The version 3 DHCP server is now non-authoritative by default.                 <Ok>
You can run dpkg-reconfigure later,...           <Ok>
Do you want to entrust font management to defoma?   Yes
 Workgroup/Domain Name?            (your choice, or WORKGROUP)
 Use password encryption?            yes
Modify smb.conf to use WINS settings from DHCP?   No
How do you want to run Samba?   daemons
Create samba password database, /var/lib/samba/passdb.tdb?   No
LDAP server host address     127.0.0.1  
distinguished name of the search base             dc=example,dc=com   (or a choice that agrees with your chosen domain name)
LDAP version to use        3
database requires login          no
make configuration readable/writeable by owner only    no
nsswitch.conf is not managed automatically...          <Ok>
Send daily reminders to users over quota   No
Configuration file `/etc/dhcp3/dhclient.conf'
 ==> File on system created by you or by a script.
 ==> File also in package provided by package maintainer.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : background this process to examine the situation
 The default action is to keep your current version.
 *** dhclient.conf (Y/I/N/O/D/Z) [default=N] ?               N

Post-install Options

Installing more packages for email, eBox software management and Jabber

If you want to, now is a good point to install packages that weren't installed by the script - pick and choose - but remember that the ebox-software tool will overwrite your general APT source.list with a restrictive eBox-only source.list, and some services may be restricted or interfered with (like media servers).

apt-get install ebox-mail ebox-software ebox-jabber

SSH access after installation

During installation you may find that you lose your ssh connection toward the very end. This can be fixed by following these directions How to Enable SSH access. Once you have done this and saved changes, test it by opening a new terminal window and attempt to connect with SSH. Make sure you have connectivity before you reboot in the next step.


Initial Reboot

Before any changes are made to network or further settings, it seems to help to halt and cold boot again. Do this through the web interface. It may take some time (1-2 minutes) for everything to terminate, and another 2-3 minutes for it to boot.

HTTP Proxy settings

If you want to add software via apt-get or wget, your eBox will need http access. To do this, you may have to enable the Transparent Proxy.

  • Click on HTTP proxy -> General ;
  • choose
    • Service Configuration Enabled (Change) ,
    • Transparent Proxy - Enabled ,
    • Content threshold - Very Permissive,
    • Global policy - Allow (Change) and then
  • Save Changes (upper right hand corner).


Network Settings, DHCP and DNS Problems

In Network, fill in your settings for DNS and Gateways, and Apply & Save Changes on each.

You can check your connection through the Diagnosis page. If you can't ping yahoo.com for instance, go back and check your settings for the previous two pages.

If you are having trouble reaching sites like mirrors.kernel.org or your favorite CPAN mirror, you may want to go to Network->Interfaces and set eth0 to DHCP, change and Save Changes. Do not set eth0 to External. This will kill your connection. If this change doesn't remedy it, check to see that you have enabled the Transparent Proxy.

Firewall

eBox's firewall is very strong and integrated. It uses iptables and can be controlled to a great degree from the web interface. Security comes at a cost, so here is how to get around it to some extent.


How to add an Allowed Service to your eBox's Firewall

Do you want to add an FTP or HTTP server to your eBox? Do it the normal apt-get way, but you will have to make eBox aware of it so that traffic can get through the firewall. See this HOW-TO How to make your eBox aware of Additional Services


Opening up ports for Firefly/mt-daapd

This can be very tricky to do. Firefly requires access to ports 3689 (tcp) and 5353 (udp). Port 5353 is used by mDNS and handles multicasting traffic. First, check to see that you have Firefly installed properly. If you do, you should be able to do both of these:

  • open a browser to http://<ebox IP>:3689 and see the standard web page for Firefly
  • see port 3689 open using a port scanner pointed at your eBox.

You may have use the perl add-service-to-firewall script and then add a Service Allow via the eBox Firewall page.

In addition to that, you can allow multicasting and mDNS services with these commands:

iptables -A INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT 
iptables -A OUTPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT

Check your iptables now by issuing

iptables -L --line-numbers

and look for the lines marked with @@@@@@@@@ below

Chain INPUT (policy DROP)
num  target     prot opt source               destination         
1    ACCEPT     all  --  anywhere             anywhere            
2    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
3    ACCEPT     icmp !f  anywhere             anywhere            
4    inospoof   all  --  anywhere             anywhere            
5    iexternalmodules  all  --  anywhere             anywhere            
6    inoexternal  all  --  anywhere             anywhere            
7    imodules   all  --  anywhere             anywhere            
8    iintservs  all  --  anywhere             anywhere            
9    iobjects   all  --  anywhere             anywhere            
10   iglobal    all  --  anywhere             anywhere            
11   idrop      all  --  anywhere             anywhere            
12   ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:5353<---------@@@@@@@@@
Chain FORWARD (policy DROP)
num  target     prot opt source               destination         
1    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
2    ACCEPT     icmp !f  anywhere             anywhere            
3    fnospoof   all  --  anywhere             anywhere            
4    fredirects  all  --  anywhere             anywhere            
5    fmodules   all  --  anywhere             anywhere            
6    ffwdrules  all  --  anywhere             anywhere            
7    fnoexternal  all  --  anywhere             anywhere            
8    fdns       all  --  anywhere             anywhere            
9    fobjects   all  --  anywhere             anywhere            
10   fglobal    all  --  anywhere             anywhere            
11   fdrop      all  --  anywhere             anywhere            
Chain OUTPUT (policy DROP)
num  target     prot opt source               destination         
1    ACCEPT     all  --  anywhere             anywhere            
2    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
3    ACCEPT     icmp !f  anywhere             anywhere            
4    omodules   all  --  anywhere             anywhere            
5    ACCEPT     udp  --  anywhere             10.0.1.1            state NEW udp dpt:domain 
6    ACCEPT     udp  --  anywhere             216.165.129.157     state NEW udp dpt:domain 
7    ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:ntp 
8    ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:5353 <---------@@@@@@@@

Restart iTunes or check your Roku again and you should have streaming audio now. If it works, you can save it by issuing the command

iptables-save

This change may not show up in the web interface of eBox.

Dropping the Firewall completely

This should only be done only if you have some other protection between you and the internet, or only for a very brief time. To do this you will need to alter (ahem...dirty hack) some code:

nano -c /usr/share/perl5/EBox/Iptables.pm

Scan down to around line 550, until you find this:

# Method: start
#
#       Start firewall service
#
sub start
{
        my $self = shift;
 
        $self->setStructure();

        my @dns = @{$self->{net}->nameservers()};
        foreach (@dns) {
                $self->setDNS($_);
        }

and add this line of code (marked <-------------- here ##):

# Method: start
#
#       Start firewall service
#
sub start
{

        return; ## New code added  <-------------- here ##
        my $self = shift;
 
        $self->setStructure();

        my @dns = @{$self->{net}->nameservers()};
        foreach (@dns) {
                $self->setDNS($_);
        }

Save it and restart with

 /etc/init.d/ebox restart

Your Firewall should be completely disabled now. You may also have change the rules related to general policies with the following commands to free all firewall stuff from eBox:

iptables -I INPUT -j ACCEPT
iptables -I OUTPUT -j ACCEPT

Remember to reenable it when you are done with whatever you need to do. It can be reenabled by commenting out the line you just added in, and then restarting with /etc/init.d/ebox restart again.

Speed and Performance Tweaks

  • Add the IP address of any computer that you connect to your eBox with to /etc/hosts on the eBox, eg.
10.0.1.12 blueandwhiteG3
10.0.1.20 bobspowerbookG4

Add these lines (or lines like them with your hosts ip and name) by editting /etc/hosts w/ nano or your favorite editor, or simple issue a command like this:

echo "10.0.1.12 blueandwhiteG3" >> /etc/hosts
  • Drop the firewall completely. (see above)
  • Turn off any services that you don't use or need. (use web interface)

Links and References

eBox-Platform site pages

Linkstationwiki.net forum thread - eBox on PPC Linkstations


Acknowledgements and Thanks

...a Team eBox-Platform : Javi, Isaac, Quique y todos... ...to Bauldrick for asking the right questions and help on the script... ...to mindbender, andre, ramuk & kuroguy for helping me get UBoot, telnet/ftp-enabled EM mode on my KuroHG so that putting on a fresh installation of Debian/FreeLink w/ kernel 2.6 & latest modules takes only 5 minutes...