mobile and gis dev notes

Just a quick note to myself… A co-worker just notified me that they cannot send email using the web interface–squirrelmail.

squirrelmail Server replied: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser)

This qmailrocks forum thread gives a quick workaround. Just set “SMTP AUTHENTICATION” to login as noted below.


/usr/share/squirrelmail/config/config.php
$no_list_for_subscribe = false;
$smtp_auth_mech = 'login';
$imap_auth_mech = 'login';
$use_imap_tls = false;


I never intended to do such a thing as what the title describes. However, since we need it at work temporarily, I have to crack up my linux skills to set this up. Principal reference is http://www.apache-asp.org/config.html.

In Debian,

1. install libapache2-mod-perl2 + libapache-asp-perl


sudo apt-get install libapache2-mod-perl2
sudo apt-get install libapache-asp-perl


2. configuration includes:
sudo vi /etc/apache2/sites-available/default

 76     PerlModule  Apache::ASP
 77      <files>
 78        SetHandler  perl-script
 79        PerlHandler Apache::ASP
 80        PerlSetVar  Global .
 81        PerlSetVar  StateDir /data/asp
 82      </files>

3. Restart apache.

4. Make sure you have the correct permissions to: /data/asp

drwxrwxr-x 4 www-data www-data 4096 2007-11-13 15:33 asp


5. If you encounter the problems:

[Tue Nov 13 15:12:36 2007] [error] [client 127.0.0.1] Can't locate object method "get" via package "APR::Table" at /usr/share/perl5/Apache/ASP.pm line       2016.\n at /usr/share/perl5/Apache/ASP.pm line 2016\n\tApache::ASP::get_dir_config('APR::Table=HASH(0x81d96f8)', 'Global') called at /usr/share/perl5/A      pache/ASP.pm line 275\n\tApache::ASP::new('Apache::ASP', 'Apache2::RequestRec=SCALAR(0x81d9764)', '/data/wwwroot/asp/test.asp') called at /usr/share/pe      rl5/Apache/ASP.pm line 183\n\tApache::ASP::handler('Apache2::RequestRec=SCALAR(0x81d9764)') called at -e line 0\n\teval {...} called at -e line 0\n, re      ferer: http://127.0.0.1/asp/

Read nable-post. which patches /usr/share/perl5/Apache/ASP.pm as follows:

The lines 65-71:
   if($ENV{MOD_PERL}) {
   $ModPerl2 = ($mod_perl::VERSION >= 1.99);
   if($ModPerl2) {
       eval "use Apache::ASP::ApacheCommon ();";
       die($@) if $@;
   }
   }
 
become
   if($ENV{MOD_PERL}) {
   $ModPerl2 = ($mod_perl::VERSION >= 1.99);
   my $ver = $mod_perl::VERSION;
   if ($ver eq "") { $ver = $ENV{MOD_PERL_API_VERSION}; }
   $ModPerl2 = ($ver >= 1.99);
   if($ModPerl2) {
       eval "use Apache::ASP::ApacheCommon ();";
       die($@) if $@;
   }
   }

6. If Step 5 still doesn’t work.

a. And this to /etc/apache2/conf.d/perl.conf:

PerlRequire /etc/apache2/startup.pl

b. startup.pl

#!/usr/bin/perl
use Apache2::compat;
1;


7. To test. Paste the ff in test.asp under your webroot.

  <!-- sample here -->
 
  For loop incrementing font size:
 
  &lt;% for(1..5) { %&gt;
	<!-- iterated html text -->
	<font size="&lt;%=$_%&gt;"> Size = &lt;%=$_%&gt; </font> 
  &lt;% } %&gt;
 
  <!-- end sample here -->

Found this finally.. http://netthink.com/archives/191. On a quick note, edit ssh_config not sshd_config.

You could also try debugging ssh while connecting, through “-v” switch. For example:


ssh -v rupert@192.168.1.12


For desktops, I do have ntpd installed to sync the time…

1. apt-get install ntpdate

2. /etc/init.d/ntpd stop

3. ntpdate clock.fmt.he.net

Note: You need to stop ntpd before doing an ntpdate..

My first hack with debian was smooth except for the firewall issues. RHEL/Fedora/CentOS stores its firewall policies in /etc/sysconfig/iptables, in Debian, you have to write down the chains and run it. Writing the chain rules is basically the same for both distros since it is iptables, however it is not pretty obvious for a newbie. So my problem was, I cannot ping a domainname but can ping an IP address instantly. I misinterpreted the root cause of the problem as a dns problem, so I disabled ipv6.. still a no go. Later I found out it was one of the rules in my iptables policies.

So here is the iptables firewall shell script that resolved the issue…

1. vi firewall.sh

iptables -F
iptables -N FIREWALL
iptables -F FIREWALL
iptables -A INPUT -j FIREWALL
iptables -A FORWARD -j FIREWALL
iptables -A FIREWALL -i lo -j ACCEPT
 
iptables -A FIREWALL -p icmp --icmp-type any -j ACCEPT
 
#iptables -A FIREWALL -p 50 -j ACCEPT
#iptables -A FIREWALL -p 51 -j ACCEPT
 
#iptables -A FIREWALL -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
#iptables -A FIREWALL -p udp -m udp --dport 631 -j ACCEPT
 
iptables -A FIREWALL -m state --state ESTABLISHED,RELATED -j ACCEPT
 
iptables -A FIREWALL -p tcp -m tcp --dport 22 --syn -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --sport 80 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --sport 3306 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --sport 5432 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --syn -j REJECT
iptables -A FIREWALL -p udp -m udp -j REJECT
iptables-save > /etc/firewall-rules
iptables-restore < /etc/firewall-rules

2. Run sh -v firewall_setup.sh

Here’s a brief explanation of the iptables flag taken from man.

-F, –flush [chain]
Flush the selected chain (all the chains in the table if none is given). This is equivalent to deleting all the rules one by one.

-N, –new-chain chain
Create a new user-defined chain by the given name. There must be no target of that name already.

-A, –append chain rule-specification
Append one or more rules to the end of the selected chain. When the source and/or destination names resolve to more than one address, a rule will be added for each possible address combination.

-j, –jump target
This specifies the target of the rule; i.e., what to do if the packet matches it. The target can be a user-defined chain (other than the one this rule is in), one of the special builtin targets which decide the fate of the packet immediately, or an extension (see EXTENSIONS below).

So I checked out my CentOS4 box and found out that I four (4) lines which I don’t understand. See commented lines above. Here’s an explanation of them..

Port 50 is Remote Mail Checking Protocol
Killing this may stop you checking if you have new mail on your provider’s POP server. Haven’t confirmed this…

Port 51 is IMP Logical Address Maintenance. Dunno what this is for..

Port 5353
This port is used for the Apple Bonjour network discovery protocol, as you can read here: http://www.apple.com/support/downloads/bonjourforwindows_readme.html

Port 631 IPP (Internet Printing Protocol). Enable this if you want to print from Linux.