Setting up VPN with Synology 2411+ DSM 4.0

Introduction

This is by far the easiest vpn setup I've ever done. The interface for DSM4.0 is quite user friendly I would say. In this guide I will show you the setting up of a vpn PPTP service, however openvpn is supported as well. A vpn is widely used for remote connection for the access to some of  the servers which is on the internal LAN and not on the DMZ or a public accessible network. It is also used to connect 2 sites or more known  as a site to site vpn using the Internet which greatly reduce the cost comparing with a direct leased line.

Guide

Click on PackageCenter

Select Available tab

Click Install VPN Server

Answer Yes

Goto Connection settings then select your external interface then apply.  If you have existing user account, just click on  priviledges to enable which user account can access to the vpn service. 

Select PPTP, check Enable PPTP VPN server. 

Check Enable auto block and enable block expiration. When this is done, just forward vpn traffic from your router / firewall the Synology.

Setting up  a CVS server with Linux 

Introduction

A Concurrent Versioning System  is widely used for software development as a version control system or data archiving solutions. CVS is to keep track of all the changes in a set of files and to allow several software developers to collaborate.

Steps

1. At prompt  type yum -y nstall cvs

2. Then create a cvs user and group by issuing useradd cvs at command prompt.

3. When cvs user and group has already been created, you will need to  configure CVS. Goto /etc and edit the file profile by entering the command vi profile  and append the following line

export CVSROOT=/home/cvs

4. The directory /home/cvs is actually been created during the creation of the cvs user account. Save and exit the profile file and edit the /etc/xinetd.d/cvs and change the ip address to your actual ip address.

5. Run service xinetd restart to restart the xinetd service.

6. Then you can start adding user account to the cvs group

#  adduser username -g cvs

7. Change the password for the user account

# passwd username

8. Try to login via a Wincvs gui or linux and test.

Enable ip forwarding in Linux / setup Linux as a router


1. If you are running a recent 2.6 Linux Kernel this four step process should work for you. You must be root to enter this set of commands. First you need to tell your kernel that you want to allow IP forwarding.

echo 1 > /proc/sys/net/ipv4/ip_forward

2. Then you'll need to configure iptables to forward the packets from your internal network to your external network, this actually depends which interface cards you configure for your internal subnet and your external network. In this example we will base on eth0 as external and eth1 as internal.. Enter the following commands:

# /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state 
   --state RELATED,ESTABLISHED -j ACCEPT
# /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

3. When this is done. You can test this by pinging an external address from one of your internal machine or do a nslookup to a external domainname. If everything is working fine then we would like to save the configurations for it to automatically load up the configurations when there is a system reboot.

Edit /etc/sysctl.conf and change the line that says net.ipv4.ip_forward = 0 to net.ipv4.ip_forward = 1.

4. And the last step is to issue a command to save the iptables rules that we have entered earlier to the firewall script and usually in a fedora system, it is located in /etc/syconfig and the file iptables. To do this , enter iptables-save > /etc/sysconfig/iptables . When this is done, edit /etc/sysconfig/iptables-config and make sure IPTABLES_MODULES_UNLOAD, IPTABLES_SAVE_ON_STOP, and IPTABLES_SAVE_ON_RESTART are all set to 'yes'.

Setting up wordpress with Synology 2411+

Synology has already got a wordpress package ready for their DSM. The installation is pretty much easy as well, and yes you can actually host a blog if you want it to. Now the Internet is all about socialising, getting informations  on the fly and making money out of the Internet as well. Well this is a reality I would say, talking about making money out of the Internet...there are actually many ways and no easy way out. The key is 1. traffic 2. traffic 3. traffic, not just this, it's about the quality of the trafffic. Now.. you  will need some efforts to generate this traffic and some tools involved as well, like SEO tools for example. You need to  promote yourself to the world what you are doing and socialising network like facebook, twitter do help in that sense. Now in what way you are able to make money out of the Internet....well here goes...

1. Selling your products, maybe on ebay or those free Internet advertisement company.

2. Work from home- For eg. like online survey, online data entry.

3. Blogging, and you will actually need to put up some advertisement to your blog. If you have a blog, implement google adsense or adbrite straight away and this will make you some extra money. Beside adsense or adbrite, there are alot of other alternatives, as adsense is a bit difficult to implement as Google has got a lot of policies in place for their adsense program, and here goes the list


Primarily CPM Based Ad Networks
121Media
24/7 RealMedia
Accelerator-Media
Ad Solutions Network
Ad World Network
AdAgency1
AdBonus
AdDynamix / Pennyweb Networks
AdOrigin
AdPepper
AdSmart
Adtegrity
AdZuba
Ampira Media
Bannerconnect
BannerSpace
BlueLithium
BURST! Media
Casale Media
Claxon Media
Click Agents
CPX Interactive (Formerly Buds Media)
EuroClick
Experclick
FastClick/ValueClick
Federated Media
Gold Group
Gorilla Nation Media
Hurricane Digital Media
Impression|Up
InterClick
Interevco (Interactive Revenue Company Ltd.)
Joetec
Mamma Media / FocusIn
MaxOnline
Oridian
Premium Network
Quake Marketing
Quin Street
RealCastMedia
RealTechNetwork
Revenue.net
Right Media
Rydium
The Robert Sherman Company
TMP
Tribal Fusion
Valuead.com
Yes Advertising
HyperBidder

Primarily CPA/CPL Ad Networks
Advertising.com
Amazon.com
Axill
Azoogle Ads
ClickBank
ClickBooth
ClickXChange
Commission Junction / BeFree
CoverClicks
DarkBlue
DrivePM
emarketmakers
Linkshare
Maxbounty
Meta Reward
ProfitCenter
Revenue.Net
ShareASale
Strategic Affiliates
WebSponsors

Primarily CPC AND/OR Text Based/Contextual Ad Networks
Google AdSense
Yahoo! Publisher Network
AdForce
AdHearUs
AdKnowledge
AdSonar
Affiliate Sensor
All Clicks
AllFeeds
BannerBoxes
BClick
BidClix
Bidvertiser
CBprosense
Clicksor
ExpoActive
IndustryBrains
Mirago
Miva
Nixxie
One Monkey
Oxado
TargetPoint
Textads Dot Biz
TextWise
Text Link Ads
Vibrant Media
WebAdvertising.ca
AdBright

Shopping/Comparison Networks
TTZ Media
PriceGrabber
Chitika
Shopping.com
CNet Shopper

“Non-Standard” Ad Networks (PopUps, Expandables, Pay Per Post, etc.)
7AdPower
Opt-Media
PayPopUp
PointRoll
PopUpTraffic
Tremor Network
WhenU
PayPerPost
ReviewMe
CreamAid

Specific Demographic Ad Networks
Absolute Agency
AVN Ads (*****WARNING: ADULT NETWORK*****)
BlogAds
CrispAds Blog Advertising Network
HerAgency
HispanoClick
Pheedo RSS & Weblog Marketing Solutions
Qumana Adgenta Blog Ads
WayPointCash (*****WARNING: ADULT NETWORK*****)

NON-US Primarily CPM Based Ad Networks
ClickHype
DMO Global

NON-US Primarily CPC AND/OR Text Based/Contextual Ad Networks
Response Republic
PeakClick

NON-US Primarily CPA/CPL Ad Networks
TradeDoubler
Commission Monster
Affiliate Future
AdLink


Now, what is the quality of the traffic that I mentioned earlier is how you are going to promote and maintain your readers. As to promote, maybe you can register yourself to some other forums, or leaving some feedback to other blogs and provide a link back to your blog, other than that consider social media  and think of a good keyword to start off with. Beside that, the quality of our blog takes into account as well, as there are a lot of audience out there, your blog must be user friendly, the usefulness of your blog contents for your readers and everybody loves pictures. Put up some pictures to your blog or maybe add some joke elements would help.

Now back to the setting up a wordpress on a synology 2411+. All you have to do to achieve this is just log into your synology2411+ and click on Control Panel > Web services and enable the mysql if you haven't install one. Then click on the start bar then package center. Click on the available tab and you will see a phpmyadmin icon and wordpress icon there, just click on install phpmyadmin then follow by wordpress.

Installing Synology 2411+ web service and virtual web

Installation is quite straight forward for a synology nas appliance. It is running a Linux kernel 2.6, you will find all the packages that comes with the latest DSM which is ver 4.0 quite familiar like mysql, phpmyadmin, samba, openvpn and many more. Well it is a linux platform, you can ssh to the unit and configure via a console anytime and anywhere. The processor for the 2411+ now is a 1.8Ghz dual core processors and 1GB DDR2 ram. It also support link aggregation and a hot swap backplane.

The unit actually comes bare without any DSM. Before powering up the machine. Install all the harddisk to the bay and llink it up the network, while doing that you may want to download the latest DSM available from Synology website as the version that comes with the unit might not be the latest version. Once done, Powe it up and install the synology assistant from the media that comes with it and install it to your laptop/deskop. Run the program and Synology assistant will automatically detect the unit and you  can start configuring the unit like the RAID configuration and loading in the DSM. I'am using RAID6 on one of this unit and I must say that the performance is not bad at all. Once finished, login and you will see the following Desktop. To enable ssh login via putty, click on the control panel and under terminal check the ssh checkbox.

To enable web services on the synology is extremely easy, just click on control panel again, select web services and check enable web station. 

Once apply, it will create a folder call web and you can start transferring your php or html files to that directory either using the file station or ftp. You will need to enable the ftp service first of course. Click on the virtual host option to enable virtual host. A windows will pops up and

just key in the subfolder name where the folder name that you are going to create in the web directory just now, that domain for the virtual web, fo eg. www.somedomain.com, protocol as HTTP and port as 80 and that's it. we are done.

Setting up webalizer to track squid access

Introduction

Instead of browsing through the log file in /var/log/squid/access.log, a more convenient way is to configure webalizer. As I find it quite tedious and time consuming going through the log files as there are hundred or thousand of entries in there. Webalizer is a more user friendly and convenient way as it is accessible via a web browser and also there are graphs and charts that can display in a more presentable way and also, this can also be configured in a cron job for it to update the informations hourly.


Setup

1. Edit the file /etc/webalizer.conf

2. Locate "LogFile" in webalizer.conf and change it to LogFile /var/log/squid/access.log

3. Locate "DailyGraph" and change the graph settings based on your requirements.

4. Locate "TopSites" and change the settings based on your requirements. Just remove the # in front for the option that you need to log

5. Locate "AllSites" and change the settings.

6. Save and exit webalizer.conf file.

7. Now is to configure a cron file to automatically update the data on a hourly basis. cd to directory  /etc/cron.hourly  and create a file call squid.cron and enter the following to the file

#!/bin/bash
cd /var/log/squid
cat access* | /usr/bin/webalizer -F squid -o /var/www/usage/ -A 100 -C 100 -R 100 -S 100 -U 100 -e 100 -E 100 -Q

8. chmod 755 the squid.cron file

9. Do some browsing on the Internet using the squid proxy.

10. Manual execute the squid.cron file with a ./ in front and there should be some html files created by webalizer in /var/www/usage

11. Open up a browser and point the browser to the squid box with /usage to see the data.

As for me, since the box is a dedicated linux box just for serving proxy client, I configured apache web directory to /var/www/usage instead of /var/www/html
 with a password access. Below are the steps.

1.  cd to /etc/httpd/conf nad edit the file httpd.conf

2. Locate "DocumentRoot" and change the entry to DocumentRoot "/var/www/usage"

3. Locate <Directory "/var/www/html"> and change it to <Directory "/var/www/usage">

4. Change the AllowOverride None to AllowOverride Authconfig and also the following:

    AuthType Basic
    AuthName "Proxy Statistics"
    AuthUserFile "/var/www/usage/secure/.htpasswd"
    Require valid-user
    Order allow,deny
    Allow from all

</Directory>

5. Save then quit httpd.conf file and cd to /var/www/usage

6. Create a folder call secure

7. cd to secure folder and key in htpasswd -c .htpasswd (username) then it will prompt you to enter the password. Once you have enter the password, it will create a hidden .htpasswd file for in the secure folder and whenever you want to add another user to access the usage page, key in htpasswd .htpasswd (username) without -c.

8. Lastly restart the httpd service by issuing the command service httpd restart

9. Open up an internet browser and point to your server ip address and it should now prompt you for username and password, once you have entered a valid user account then it will directly show you the index file reside in /var/www/usage.

Setting up Sendmail with Fedora

1. cd to /etc/mail directory

2. Firstly make sure that sendmail is not enable to localhost only.

3. Edit sendmail.mc file and locate DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

4. If the line is as stated above, remove the Addr=127.0.0.1 then save and exit sendmail.mc file.

5. Recompile sendmail.cf by issuing the command m4 sendmail.mc > /etc/mail/sendmail.cf

6. After recompiling sendmail, edit the file local-host-name found in /etc/mail directory and add in the domain name that you want to receive email.

7.  Once all the steps from the above is done, edit the access file to enable relay to only local LAN subnet only. For eg, if your LAN is running 192.168.1.0/24 ip subnet, your access file should look like as below:

# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# If you want to use AuthInfo with "M:PLAIN LOGIN", make sure to have the
# cyrus-sasl-plain package installed.
#
# By default we allow relaying from localhost...
Connect:localhost.localdomain           RELAY
Connect:localhost                       RELAY
Connect:127.0.0.1                       RELAY
192.168.0                                    RELAY

8. Start creating user accounts. 

9. Restart sendmail by issuing the command service sendmail restart

Configuring virtual web with xampp

Introduction

Virtual Web comes in handy when you have multiple websites that you need to host and especially when you do not want to invest into hardware since your current hardware is good enough to host more than just one websites, and so why invest? Also, you will just need one public external ip address to do the job.

Setup steps

1. cd to /opt/lampp/etc and edit the file httpd.conf

2. Locate the word #Virtual host

3. Remove the # sign in front of  Include etc/extra/httpd-vhosts.conf

4. cd to directory /opt/lampp/etc/extra and edit the file httpd-vhosts.conf

5. Start adding the virtual site that you want to host by adding the following line after the NameVirtualHost *.80 line

<VirtualHost *:80>
    ServerAdmin webmaster@somedomain.com
    DocumentRoot /opt/lampp/htdocs/somedomain
    ServerName www.somedomain.com
    ErrorLog logs/somedomain.com-error_log
    CustomLog logs/somedomain.com-access_log common
</VirtualHost>



6. When this is done, goto /opt/lampp/htdocs and create a directory called somedomain this folder must match the name that you have entered earlier in the virtualhost file.

7. Copy a test html file to that directory or you can just copy and paste the following html code and save it as index.html

<html>
<head>
<title>       </title>
<style type="text/css">
<!--
h1 {text-align:center;
font-family:Arial, Helvetica, Sans-Serif;
}

p {text-indent:20px;
}
-->
</style>
</head>
<body bgcolor = "#ffffcc" text = "#000000">
<h1>Hello, World!</h1>
</body>
</html>

8. Restart lampp service by issuing the command /opt/lampp/lampp restart

9. Start testing by open up an internet browser and point it to the domain. For eg. http://www.somedomain.com

Guide to setup a proxy server with squid on fedora 13

Introduction

Well this is very much depends of what you actually want to achieve with a proxy server. An open proxy server or a restricted proxy server. An open proxy is just to cache all the data and information to the local hard disk of the proxy server without any restrictions applied, meaning that, user can go to whatever website they want and whatever service they like. For eg. ftp service. One good thing is that, you will save a lot of bandwidth when using a proxy server. While a restricted proxy means that there are some restriction applied to the proxy and it can be some rules applied that certain website or ip address, certain ports or even the downloading of certain file extension can be blocked by using a squid proxy.

Requirement

Well you will need at least a PC to do this and it depends on the no. of clients who is going to connect to this machine.
2 network interface cards, one is for connecting to the Internet and another for your LAN and last but not least a Fedora Installer of course.

Steps

1. Boot up system using the Fedora 13 live media.

2. The system will boot up until a login screen. Select login temporary and click login.

3. Double click on the Install to hard drive option found on the desktop icon.

4. Select the preferred language then click on next.

5. Select Basic Storage if you are on sata or ide drive.

6. Enter a hostname for your computer. eg proxyserver

7.  Select your timezone.

8. Key in the root password 

9. Select Replace Existing Linux System, this is most common option if you are using a new harddisk and do not want to create customized a partition on your own. Basically the system will auto partition for you.

10. The system will start to install and you will see this screen when it is done.

11. Once it is all setup, reboot once to make sure everything is running fine.

12. Log in Fedora, click Applications then system tools and select terminal.

13. When at terminal, you will need to install squid using yum, but first you must be root to do this. Key in su at # prompt and key in the root password that you have created during the installation of Fedora.

14. Type yum -y install squid. Note that you must connect to the internet to do this.

15. After yum has finished installing squid, goto squid config directory by keying in cd /etc/squid

16. Edit squid config file by keying in vi squid.conf

17. You need to at least tell squid what is your local LAN ip address to allow your LAN client to connect to squid. Locate the line acl localnet and key in acl localnet src 192.168.1.0/24 - (change this to your ip subnet) then press the Esc key and followed by a : then wq to save the file and exit.

18. You will need to restart squid to reload the config file by issuing the command service squid restart. For open proxy without restriction, the above is good enough.

19. As for applying restrictions, edit squid.conf again and locate the acl Safe_ports line and you can start adding policies after the acl Safe_ports port 777, below are a lists of restriction that may apply to your environment:

acl BAD_IP dst "/etc/squid/bad_ip"

acl msnmime req_mime_type ^application/x-msn-messenger
acl msngw url_regex -i gateway.dll
acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
acl skype url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
acl BAD_DOMAINS dstdom_regex -i "/etc/squid/bad_domains"
acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl"

Explanation

Line 1 is for you to key in all the ip addresses that you may want to block.

Line 2 & 3 line is for you to restrict user from logging in to MSN chat

Line 4 & 5  line is for you to restrict user from logging in to skype

Line 6 is for you to block domain names or any keyword that appear in the search engine. 

Line 7 is for you to block the downloading of certain file ext. For eg. .mp3

20. Once you have key in the acl then locate the line http_access deny manager and start adding the http_access deny for the above to apply for the restrictions.

For eg.

http_access deny BAD_IP

http_access deny msnmime

http_access deny msngw

http_access deny connect numeric_IPs all

http_access deny connect skype all

http_access deny BAD_DOMAINS

http_access deny blockfiles

21. Save and quit squid.conf file and create the file bad_ip, bad_domains and blocks.files.acl in /etc/squid/ directory.

The content of the file blocks.files.acl should be something shown below:

\. [Mm] [Pp] 3$

The content of the file bad_domains should be something shown below:

skype.com

msn

The content of the file bad_ip should be something shown below:

64.4.13.0/24 #MSN

207.46.104.0/24 #MSN
216.239.37.125 #gtalk
72.14.253.125 #gtalk
72.14.217.189 #gtalk
209.85.137.125 #gtalk
98.136.48.227 #yahoo chat
98.136.48.236 #yahoo chat
98.136.48.244 #yahoo chat
98.136.48.171 #yahoo chat
98.136.48.216 #yahoo chat
98.136.48.218 #yahoo chat
98.136.48.219 #yahoo chat
98.136.48.223 #yahoo chat
98.136.48.229 #yahoo chat
216.155.194.30 #yahoo chat

22. Once this is done just reload squid using the command service squid reload and you can start testing out your squid proxy server.