Archive for March, 2009
This is my rant. I’ve dealt with enough hosts in my day. Some were great (Hostgator.com) some are pretty good (Godaddy.com). Some are just plain mind numbingly terrible…Hostway. Apart from spending long amounts of time on hold just to get confusing answers from customer service people who have no idea what they are doing. I’ve repeatedly been told that my customer is unable to do a variety of things on his account because “it’s too old”. They’ve literally told me on the phone that the loyalty of my customer was the reason why he was unable to perform certain account functions. When I asked if I could upgrade the account in anyway to perform these functions, I was blunty told no. I’m used to deprecated systems and confusing answers from customer service, it wasn’t until I realised that I was unable to set DNS records on my customer’s domains without buying a hosting account for the domain. I realised it was time to move on. Here are the reasons why you should avoid Hostway like the plague.
1. Terrible Customer Support.
2. They’ll nickle and dime you for things that should be free
3. The account panel belongs in 1997 (takes around 200 clicks to transfer five domains)
4. FTP is Painfully slow
5. Terrible Customer Support.
Now the domain I’m transfering’s whois record has mysteriously disappeared without the transfer beginning correctly. Let’s see how many days it takes hostway to get back to my support email.
It’s a long slow road to migrate these accounts off of here, I just hope I can spare some else this frustration.
I’ve put a lot of time into this guy! And I’m proud to share it with you. This script and configuration files, when configured correctly for your network will turn your CentOS 5.2 installation into a network router with dhcp, dns, squid, samba, iptables and webmin. I’ve also provided all of these files tarballed together so that you can just untar them and use my configuration. Make sure you change the admin password in the first section of install.sh
NOTE: This script is missing one function. You must change net.ipv4.ip_forward = 0 to 1 inside of/etc/sysctl.conf
To run my script automatically just login as root and run the following commands:
wget http://www.greenwireit.com/blog/wp-content/uploads/2009/03/install.tar
tar xf install.tar
./install.sh
Notes: For this configuration eth0 is your WAN interface and eth1 is LAN. I actually have no method of testing this configuration because I had to sanitise it to get rid of my own network variables. If you have any problems PLEASE post them in the comments and I will adjust them.
install.sh
echo Setting Root Password
echo yourpasswordhere > /tmp/tmppass
passwd --stdin root < /tmp/tmppass
rm /tmp/tmppass
echo Password Changed
#
echo Setting up Repositories
rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
echo Installing Dependencies
yum -y install perl-Net-SSLeay
echo Installing Webmin
rpm -Uhv http://internap.dl.sourceforge.net/sourceforge/webadmin/webmin-1.450-1.noarch.rpm
echo Installing Squid
yum -y install squid
echo Installing Samba
yum -y install samba
echo Installing dhcpd
yum -y install dhcp
echo Installing named
yum -y install bind
#
echo Copying Config Files
cp named.conf /var/named/chroot/etc/named.conf
cp dhcpd.conf /etc/dhcpd.conf
cp smb.conf /etc/samba/smb.conf
cp squid.conf /etc/squid/squid.conf
cp iptables /etc/sysconfig/iptables
echo Config Files Copied
#
echo Finishing Up
echo Starting Services
/etc/init.d/webmin start
/etc/init.d/squid start
/etc/init.d/smb start
/etc/init.d/dhcpd start
/etc/init.d/named start
/etc/init.d/iptables restart
iptables
*mangle
REROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
OSTROUTING ACCEPT [0:0]
COMMIT
*nat
REROUTING ACCEPT [0:0]
OSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 111 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 135:139 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 445 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 9022 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 4445 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 1720 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 5038 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 23 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 25 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 79 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 110 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 143 -j REJECT --reject-with tcp-reset
-A OUTPUT -o lo -j ACCEPT
COMMIT
squid.conf, configured for transparent NAT. Which means as long as iptables is pointed to it, it will automatically cache and accelerate your internet connection.
acl all src 0.0.0.0/0.0.0.0
acl lan src 192.168.1.0/24
acl localhost src 127.0.0.1/255.255.255.255
http_access allow localhost
http_access allow lan
cache_mem 64 MB
cache_store_log none
http_access allow lan
http_access deny all
icp_access allow all
miss_access allow all
cache_mgr youremail@yourserver.com
http_port 3128 transparent
dhcpd.conf
ddns-update-style interim;
ignore client-updates;
DHCPARGS=eth1;
subnet 192.168.1.0 netmask 255.255.255.0
{
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.1.1, 4.2.2.1;
range 192.168.1.10 192.168.1.150;
}
smb.conf
[global]
workgroup = workgroup
server string = Router
local master = no
domain master = no
preferred master = no
password server = None
guest ok = yes
guest account = root
security = SHARE
dns proxy = no
bind interfaces only = true
interfaces = eth1 192.168.1.1
[share]
path = /share
guest ok = yes
writeable = yes
create mask = 0777
[backup]
path = /backup
guest ok = yes
writeable = yes
create mask = 0777
named.conf
options {
forwarders {4.2.2.1; 4.2.2.2;};
forward only;
listen-on {192.168.1.1;};
};
